Richard Applegate

Author: Richard Applegate

  • How to get to know your Linux operating system.

    This command line can be used to look up the operating system.

    The command is here.

    hostnamectl

  • DNS over TLS with systemd-resolved on Ubuntu 22.04.4 LTS.

    I would prefer if my server utilized DNS over TLS instead of Plain 53 port. I did it, and it works really well. Furthermore, I no longer have an attack from 53 ports now.

    Use DNS Over TLS (DOT) on generic Linux systems

    So for Specific Ubuntu 22.04.4 LTS

    1. edit /etc/systemd/resolved.conf
    [Resolve]
DNS=1.1.1.1 1.0.0.1 8.8.8.8
#FallbackDNS=1.1.1.1 9.9.9.10 8.8.8.8 2606:4700:4700::1111 2620:fe::10 2001:4860:4860::8888
#Domains=
#LLMNR=yes
#MulticastDNS=yes
#DNSSEC=allow-downgrade
#DNSOverTLS=opportunistic
#DNSSEC=yes
#DNSOverTLS=yes
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes

    Ubuntu 22.04.04 LTS specific resolved.conf remove hashtag on these highlights.

    [Resolve]
DNS=1.1.1.1 1.0.0.1 8.8.8.8
FallbackDNS=1.1.1.1 8.8.8.10 8.8.8.8
#Domains=
#LLMNR=no
#MulticastDNS=no
DNSSEC=yes
DNSOverTLS=yes
#Cache=yes
#DNSStubListener=yes
#ReadEtcHosts=yes
    1. Assume systemd-resolved is enabled, restart the service
    systemctl restart systemd-resolved.service
    1. Use local stub resolver

    systemd-resolved provides a local DNS stub listener on IP address 127.0.0.53 on the local loopback interface, so to use the DNS over TLS capable stub resolver, we’ll need to somehow manage /etc/resolv.conf and make sure 127.0.0.53 is used as a nameserver.

    NOTE: systemd maintains /run/systemd/resolve/stub-resolv.conf for compatibility with traditional Linux programs. We can simply link to this file by symlinking. 

    ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf

    Done.

  • Ntfy: Watchtower, How to set it up with portainer?

    Well, it’s easy, let get this start,

    Example:

    Watchtower Docker-compose

    version: "3"
services:
  watchtower:
    image: containrrr/watchtower
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    env_file:
      - stack.env
      
    WATCHTOWER_SCHEDULE=* 22 * * *
WATCHTOWER_NOTIFICATIONS=shoutrrr
WATCHTOWER_NOTIFICATION_SKIP_TITLE=True
WATCHTOWER_NOTIFICATION_URL=ntfy://ntfy.sh/my_watchtower_topic?title=WatchtowerUpdates

    Then the second file is a stack.env, make sure it is a same path.

    WATCHTOWER_SCHDULE: cron job I choose at night, so I can work on the server without being outrage services.

    WATCHTOWER_NOTIFICATIONS: We use Shoutrrr

    WATCHTOWER_NOTIFICATION_SKIP_TITLE: True (I leave it as default)

    WATCHTOWER_NOTIFICATION_URL: ntfy://ntfy.sh/my_watchtower_topic?title=WatchtowerUpdates

    After you run, you should get a notification from your ntfy app or your ntfy browser.

  • Ntfy: push notification for services.

    I am using Ntfy for my SSH alert and watchtower update. It is pretty cool to have this feature, so I can know who is accessing my server without my authorization. And know my docker needs to be updated as well.

    SSH Alert Example

    Command this to open code, 

    nano /etc/pam.d/sshd

    Please add this code to the bottom of the page.

    session optional pam_exec.so /usr/local/bin/ntfy-ssh-login.sh

    You should create a script file called /usr/local/bin/ntfy-ssh-login.sh

    nano /usr/local/bin/ntfy-ssh-login.sh

    Here code, make sure you change the server URL and username and password for nginx auth.

    #!/bin/bash
# This is a PAM script hook that shows how to notify you when
# somebody logs into your server. Place at /usr/local/bin/ntfy-ssh-login.sh (with chmod +x!).

TOPIC_URL=yourntfydomain
NGINXUSER=yourusername
NGINXPASSWORD=yourpassword

if [ "${PAM_TYPE}" = "open_session" ]; then
  curl -u ${NGINXUSER}:${NGINXPASSWORD} -H tags:warning -H prio:high -d "SSH login to $(hostname): ${PAM_USER} from ${PAM_RHOST}" "${TOPIC_URL}"
fi

    Then Now you save Ctrl +x then yes

    Make sure you have chmod permissions. Here is the command.

    chmod +x /usr/local/bin/ntfy-ssh-login.sh

    Go try logging into another terminal and see if it notifications you, then try logging in again and see if it notifications you. 🙂

    It works well. It shows the username and IP address, so the IT team can protect the account if they don’t have permission to access our server.

  • How to use Richard’s Bitwarden Server?

    Step by step:

    1. Download the Android apps “Bitwarden Password Manager” and for apple “Bitwarden Password Manager
    2. Open Bitwarden password app
    3. Login in on → self-hosted
    4. Server URL is Https://bitwarden.richardapplegate.io
    5. Login to your account. If you don’t have one, ask Richard Applegate to open a registration. I have to close the register to be more secure and stay away from bots.

  • How to Set up Nextcloud with Richard Applegate Repo with Portainer?

    So easy, I recommend you guy to do use Repo and then enjoy the services you use.

    1. Open my git repo Nextcloud to copy all the environment variables, or you will get an error.
    2. Go to your Portainer site, then go to create stack.
    3. click git repo, and copy and paste my Nextcloud repo, https://gitlab.richardapplegate.io/docker/nextcloud.git
    4. Scroll Down until Environments variables and paste all environment variables
    5. Start the services and go check your Nextcloud http://yourIP:Port
    6. If you want proxy Services Coming soon for tutorial.

  • How to build a Dockerfile on Windows 10?

    Step-by-step Instructions:

    1. Open Visual Studio, and open the folder where your Dockerfile is. Open Visual Studio, and open the folder where your Dockerfile is.
    2. Click Settings bottom then click Extension.
    3. Please install the extension ‘Docker’.
    4. After you install, go ahead and change the Dockerfile. After you finish, save it.
    5. Go to the left side where the file manager is. Go to Dockerfile, highlight it on your mouse, right click, then click build with Docker.
    6. then open cmd.exe to docker login and docker push
    7. Please fill out your username and password for the docker login.
    8. If you then command this ‘docker push username/imagename:tag’, then your image will now be on the Docker Hub.

  • Upgrading PC for My boss

    I upgraded his PC, Graphic Card, Power Supply, RAM, WiFi6 Network Card to improve speed and stabilized his golf game.

    This is USB WiFi Speed 2.0
    Before Old power Supply
    This is WiFi6 Network Card Big change
    removing old Power Supply
    New 3080 Graphic card
    upgrade RAM Memory
    Result all done and working again.
    Boot up fast and Improving grapghic

  • It’s finally working again. The new feature rustdesk privacy mode is really cool!

    This is most important for me to work on troubleshooting with PC Sticks. So I don’t want an expose password that i type. This is great.

    I’ve also set up three more rust desk relay servers on my machine so we can connect without any issues between Washington State and Arionza.

    We commenced utilizing rustdesk in August 2023, and their updates have been impeccable. We desire the service we receive, and I am grateful for their dedication to their work. I recommend that you consider purchasing a professional license if you wish to construct your own server.

    https://rustdesk.com/pricing.html

    Check it out and good price!

  • So exciting, We’re going to garyland, WA to work on outdoor wireless bridge For internet 🙌 Breakwater

    Goal to set up

    Blue Dot: Starlink connected to ubiquiti dream station, that we want

    Green Dot: Xfinity connected to ubiquiti dream station.

    We want to get rid of Comcast’s business on Green Dot, so Blue Dot can send its internet to Green Dot.

    He is thinking about setting up this wifi bridge between those two roofs, but he needs my help to send a signal from Blue (Starlink) ubiquiti to Green ubiquiti so he can remove Xfinity plans.

    I have successfully installed a new wire, and I had to visit the attic. This was my first time experiencing such an activity, as I had to drill in order to install 2 cat6 wire for client AP and NanoBeam 5AC Gen 2 on a cottage house. As a result, I proceeded to install 10 cat6 wires altogether for both the cottage and Hotel Laundry build.

    I have finally been able to communicate with the owner, reassuring him that it is safe to cancel his Comcast business plans. This allows him to utilize Starlink with their new Advanced Protocols now.

    Laundry Hotel, i did install it there and set It up as Main Internet, then cottage i did set AP bridge, and now it is working
    Added 2 new wires for NBE-5AC-Gen2 and UAP-AC-LTE
    That is where I plan to put Mount AP on there.
    NanoBeam 5AC Gen 2
    Cottage house (client router)
    Zip tie all blue cable and power. Yellow cat 5e already removed. So it all nice and clean.

    100 download and 100 upload good speed between Hotel to cottages.
    . 2 miles away not bad
    Hotel wifi access point to cottage house