Month: March 2022

Posted on

Joining the Let’s Encrypt Help Forum

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am finding help towards getting an SSL certificate from Let’s Encrypt. Let’s get started!

The Time to Get Help

Manually setting up an HTTPS secured service from your home is not beginner level by any stretch of the disillusioned imagination. In many ways, it reminds me of installing Linux for the first time. The system as a whole is irreducibly complex; multiple project-sized milestones rely on each other for usefulness, so I won’t see any results basically until I’m done.

So far, ButtonMash is running Rocky Linux 8. I have NGINX installed, but it can’t be properly configured to serve HTML over HTTPS until I have an SSL certificate. SSL certificates are available for free from Let’s Encrypt, but the process for getting and renewing them is reportedly labor intensive once you do know what you’re doing. ACME clients (Automatic Certificate Management Environment) can automate this work, but the installation options alone are exhaustive.

Joining Let’s Encrypt’s Community

I have made a good faith effort to self-educate, but I’ve slowed down to the point where I feel like I’m posting the same thing week after week with dribbles of progress. The documentation has far exceeded my attention span. It’s time to look for help.

Let’s Encrypt –like many well-respected technical projects– has a designated community support forum [1]. It’s just not on Discord or some other platform I’m already on. After weeks of self-research, I made an account and started looking around.

Unsurprisingly, the people I found in such a niche community are more knowledgeable about all things related to security certificates. The more I talk about my project there, the more important concepts are brought to my attention. For example, I keep coming across terms I keep seeing, but have so far remained clueless about. When those come up in conversation I look them up and only ask if I can’t find the answer in a reasonable amount of time.

3D Printing Corner

My brim decision is really backfiring now. I might even say it’s a worse idea than using a raft at this point. For what it’s worth, I made the time to glue a couple of those calibration cubes together. One drop, then press together. My father used a pencil on Sonic during a final dry fit to help for gluing the two halves together.

Side Project

My mother’s new sewing table has a fancy elevator platform to hide away her machine. This week, she got a power cord stuck in its mechanism where a couple clips jammed against it and each other. I was quick to find a 3D printed solution to keep it from happening again once we dislodged it[2]. I settled on a design aimed at holding phone chargers, but it was about the right size when I scaled it up to 200% and told it to use solid infill on the clip. My father and I installed it under the elevator and used a couple Velcro straps to lock the cords in so they don’t fall out.

Takeaway

I have never been excited about mastering a network backbone. It’s been one of those things that always feels simple enough to reach for, but complex enough to challenge my perseverance. I’m glad I’ve found a place that seems friendly enough.

Final Question

Certbot is the preferred ACME client, but there’s a list with tens of them on it [3]. Someone name-dropped Caddy, but I’ve been studying NGINX. Have you gone through Let’s Encrypt before? If so, what ACME client do you use?

Works Cited

[1] Internet Security Research Group, community.letsencrypt.org, [Online]. Available: https://community.letsencrypt.org/ [Accessed Mar 25, 2022].

[2] TJH5, “Cable Holder,” thingiverse.com,Aug. 13, 2017. [Online]. Available: https://www.thingiverse.com/thing:2481258 [Accessed Mar 25, 2022].

[3] Internet Security Research Group, “ACME Client Implementations,” community.letsencrypt.org, Mar. 6, 2022. [Online]. Available: https://letsencrypt.org/docs/client-options/ [Accessed Mar 25, 2022].

Posted on

NGINX: Project Redirect

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am configuring NGINX on my home server, ButtonMash. Let’s get started!

NGINX Reinstall

I sat down this week to work on NGINX, and any tutorials I tried –even ones specially recommended to me– kept referencing files that didn’t exist. Staff member Pokey on the bitmerge Discord server suggested I check my version. The Rocky Linux 8 repositories are distributing version 1.14.1 whereas the latest version is 2.21.6 on their website [1]. A little further research revealed that one of those noted differences –directories for sites-available and sites-enabled– are commonly packaged with NGINX and not part of the upstream codebase.

A little research turned up a quick article on ServerDiary [2]. Turns out NGINX maintains repositories with stable and mainline releases of their software for Red Hat and CentOS – the later of which I am trusting to stay open for the time being. The instruction-by-instruction directions were clearly, but briefly described, and while I followed their instructions to enable the mainline release, I’m trying to admin ButtonMash as if it were a production environment: so I reverted to the stable version. In addition to the commands found on ServerDiary, I worked out this one for myself after trying to enable nginx-stable:

sudo yum-config-manager --disable nginx-mainline

Technology Backbone

I tried configuring NGINX to blindly pass HTTPS packets from incoming IP, but it was being more trouble than it was worth. I kept getting SSL_ERROR_RX_RECORD_TOO_LONG, which comes up when a browser expecting to make an HTTPS connection instead is offered an HTTP one – so far as I can tell.

There’s probably a way to convince it to cooperate. My productive time is probably better spent focusing directly on my technology backbone though. I expect I’ll learn the same skills at about the same time either way, but I won’t be redoing the project three or four times this way.

I registered a domain name from NameSilo. New interface on some pages aside, the process was as straightforward as the previous times I’ve done it. The real trick is when I master subdomains and I can use the same domain name for services intended for family use.

Going forward, my next immediate step is obtaining a security certificate from Let’s Encrypt with that domain name. Only then, will I have what I need to set up NGINX properly.

3D Printing Corner

Work here was slow again. For anyone not in the know: I printed a Sonic figure split front and back. I intend to glue and paint it. To practice, I made myself eight calibration cubes to glue together. I managed to locate some sandpaper and I sanded down the flat surfaces of four of the cubes.

Once I had a feel for how the PLA was reacting to being sanded, I sanded Sonic and worked on that brim I totally shouldn’t have printed. The two halves were more flush in a dry fit.

Side Projects

My father’s Debian install keeps freezing, only opening up when he sends a system request to kill everything in his session, returning him to a login screen. As this is an infrequent occurrence, I taught him a little about SSH. I had him sit down at DerpyChips, and after telling Derpy to forget about the Mint install at the same IP, I had my father log in remotely and practice using top to find a process ID (PID) and kill problematic programs with a little more finesse. While I’m not looking forward to the next crash, we have practiced for when it happens and I have a good feeling about this new procedure.

My laptop power cord has been slipping away from its 19.5 volt side, exposing the three, jacketed wires inside it. As much as I’d liked to have pushed it back up, wires don’t have good compression strength. Instead: I pinched the cord half way to the transformer and ran my fingers toward the end, stretching the outer case, encouraging my cord into a more presentable condition.

A while back, we made our own network cable to serve ButtonMash and now GoldenOakLibry. It’s been dropping connection this week. I was able to convince it to come back online for a few days, but almost as if it knew I needed to pad my post, it fizzled again, seemingly for good. I used a connectivity tester, and it failed a few connections. We found one that happened to be long enough, and I was able to reach ButtonMash. GoldenOakLibry needed to be disconnected and reconnected from the local switch before it came back online.

Final Question

I have several large tasks with no immediate payout expected. These projects will likely be research -heavy, making for less interesting reading. What kinds of side projects should I work on?

Works Cited

[1] F5 Networks, Inc. nginx.com, [Online]. Available:https://www.nginx.com/. [Accessed: Mar 21, 2022].

[2] Serverdiary, “How to install latest official Nginx on Centos 8 / RHEL 8”serverdiary.com, [Online]. Available:https://serverdiary.com/linux/how-to-install-latest-official-nginx-on-centos-8-rhel-8/. [Accessed: Mar 21, 2022].

Posted on

Misadventures in Studying NGINX

Good Morning from my Robotics Lab. This is Shadow_8472, and today I am getting lost while exploring SSL certificates… again. Let’s get started!

Installing NGINX

At last count, I had about six or seven projects I should hook into it, but most of them are on hold because I don’t want some stranger finding his way into my home network and rearranging things without permission. I set up Vaultwarden to manage its own HTTPS connections, and I learned a lot about what SSL is and how it works. But this is not a recommended configuration and I want to learn the proper, more advanced way of doing things.

I ignored plenty of guides’ advice on my path to a Vaultwarden server. They recommend some sort of ingress controller, and I’m currently exploring one called NGINX. I’ve come across quite the debate as to whether to use a container or install it native. The tutorials for the container edition all use Docker, but I’m using Podman and I’m uneasy about root permission nuances between the two projects making things needlessly more challenging, so I installed the package on ButtonMash.

sudo dnf install nginx

To confirm installation, I enabled the web server with a few systemctl commands and opened a port in ButtonMash’s firewall. NGINX now proudly displays its welcome page.

A Web of Dependencies

NGINX does not lend itself to solo study. It is a do-everything solution for networking. With so many use cases from serving HTML pages to load balancing containers, I have spent weeks pouring through tutorials without finding a keystone lesson for my use case. Some of that time was spent looking into some sort of web interface I falsely believed was included. See NGINX Proxy Manager vs. NGINX for details. I will stick with bare NGINX if for now mainly because NGINX Proxy Manager’s website ironically has an expired SSL certificate.

I got lost researching what I would need for a project this week. Proper HTTPS for Vaultwarden is a good choice of target. That will require an SSL certificate, and that means Let’sEncrypt. An SSL certificate requires either a domain name or a subdomain, so that means arranging one of those.

Somewhere along the way, I got lost and visited this blog’s host cPanel in the interest of moving its SSL to Let’sEncrypt. The experience was unexpectedly surreal, like I was paging through a book written in a language I’m trying to learn – there was a flood of jargon, but the bits I recognized made for moments of satisfaction.

3D Printing Corner

I want to glue the Sonic figure I printed, but I’d just as soon have some experience with gluing large, flat surfaces together before I go smashing a larger project together and hoping it sticks (literally). I had the idea to print up eight calibration cubes for practice. I tried some lower infill settings and got inferior, but adequate results. My biggest complaint was how many tries it took for the overall first layer. I had to settle with a couple curling corners, but a perfect print wasn’t the goal anyway. Gluing will have to wait until next week though.

Side Project

Also on the topic of 3D printing, my mother has been into quilting as of late and she commissioned some more bias tape makers like the ones I made during the early stages of the pandemic. I found what I thought was the model on Thingiverse and its description linked a revision that folds it in half again. I used a spreadsheet to scale the model to a couple different sizes.

Takeaway

I feel like I am assembling a jigsaw puzzle without the box. Each piece must be studied and understood before placing it. Half the challenge is knowing what pieces need to be in place before it’s time to begin studying others. Placing more than one at a time is very difficult, but the HTTPS piece interlocks with so many others, its ecosystem doesn’t lend itself to a project of the week format of study like what I have going on here.

Final Question

The most important lesson in tech is to know where to seek help. I had to seek out a new
Discord server familiar with NGINX this week when I should have looked them up a week ago. How long does it take before you look for specialized help?

Posted on

Exporting a Discord Server

Good Morning from my Robotics Lab! This is Shadow_8472, and today I am learning about Discord Chat Exporter so I can archive an old role play I was a part of in 2017. Let’s get started!

Vanishing Data Only Hosted Elsewhere

Discord is a communications platform built around the idea of [guild] servers, channels, and posts. Guild servers are exclusively hosted by the parent company, leaving you relying on them to maintain their physical servers. While they provide easy access to chat history going back years and years, they do not provide you with the tools to extract that history in the case you are one day unable to access the service.

In around the middle of 2017, I met a very good friend on PonyvilleSquare forums. He was advertising a My Little Pony role play I joined. We moved the game to Discord at my request. It was a good thing too, because the forums were defunct within a week or two. I lost a minor detail or two from character creation, but we went on to have one of the best games I’ve ever been a part of. I liked the story well enough to go through it again, polishing it into more of a novel format with all the original players’ blessings. It’s always bothered me though that should Discord either go out of business or deplatform me for wrongthink.

Downloading a Server

Discord is rolling out some new rules at the end of the month, and I don’t know if either everyone in my circle of friends will still be welcome when it hits. Ideally, we can transition to using a decentralized platform, like how e-mail operates, where we can be in complete control our live chat server. [Matrix] fits my criteria for this end goal.

What better way to learn about Matrix than to find some tool to migrate a server I don’t want to lose? The Discord bot API only needs to see a server’s history, and it shouldn’t be impossible to record that data into a format Matrix clients can accept. In fact, one of the key talking points of Matrix is its ability to bridge to one or more chat platforms while being as inconspicuous as reasonably possible per platform. However: of the bridges I found, the only one that mentioned history listed it as not-a-feature. If there is a tool to directly migrate from Discord to Matrix, I either didn’t find it or didn’t recognize it.

Instead, I settled with another tool to archive our MLP role play: Discord Chat Exporter[1]. Discord Chat Exporter is a bot that reads Discord channels and reproduces them in a variety of static formats including HTML, plaintext, and a couple others. I found their OCI “Docker” container worked very nicely. Their documentation is clear, though I could nitpick how it didn’t like where I put the –media flag on my first try to download embedded pictures and similar.

3D Printing Corner

I’ve been trying to print a figure of Sonic I found on Thingiverse for a few weeks now. I was having a lot of trouble with the first layer sticking in previous weeks, but I finally added a bed-leveling print to my routine. Sonic himself is split front to back and arranged so he only needs minimal supports. Along the way, I tried slowing the first layer way down and adding this ugly brim I’m having trouble removing. I’ll get it next week when I glue the halves together and sand it.

Side Project

My earliest working NFS automounts were entries in the File System TABle (fstab) for my laptop. Later, I learned to mount file shares as needed with systemd. My laptop spends time off my home network, and without a timeout in my settings, I’m left with extended boot times and programs hanging until I get home and they can finish saving. Today, I copied the relevant files over to a directory on GoldenOakLibry and on over to my laptop, adding a 5 second timeout as suggested in the awesome tutorial I originally followed by Ray Lyon on Ray Against the Machine [2].

Takeaway

Imperfect solutions that achieve most of your goals are often a reasonable compromise when a full solution is a lot harder to research or even get around to doing. I’m glad I now have my MLP game properly downloaded, but even better would be the ability to import everything from a Discord server on over to Matrix.

Final Question

Do you know of a tool or set of tools that can migrate a Discord server to Matrix?

Works Cited

[1] Tyrrrz, “DiscordChatExporter” github.com, [Online]. Available: https://github.com/Tyrrrz/DiscordChatExporter. [Accessed Mar. 7, 2022].

[2] R. Lyon, “On-Demand NFS and Samba Connections in Linux with Systemd Automount,” Ray Against the Machine, Oct. 7, 2020. (Edited Aug. 26, 2021). [Online]. Available: https://rayagainstthemachine.net/linux%20administration/systemd-automount/. [Accessed Mar. 7, 2022].

Privacy Policy