Welcome to Richard's Blog

Category: Linux Server

  • Network Experience

    Just wrapped up a much-needed network upgrade at Anthem Coffee & Tea! We’ve moved from a basic shelf to a secure, professional cabinet. This isn’t just about looks—it’s about reliability and maintenance.

    What’s changed?

    • All Network Cables Labeled: I took the time to label every Ethernet and camera wire. No more guessing which cable goes where! Now, troubleshooting is much easier—for me, and for anyone else who needs to work on the system.
    • Avoiding Confusion: In the past, our Internet provider nearly disconnected the entire network, thinking our equipment was theirs. Now it’s clear what we own—business routers, access points, point-of-sale wires, and cameras are all identified and protected.
    • Cleaner, Safer, Future-Ready: The new cabinet keeps equipment clean, protected from dust, and organized. It’s a solid foundation for any future tech needs.

    Proud to keep things running smoothly by blending best practices from the past with smart improvements for the future.

    See the transformation and full details below:

    Anthem Coffee and Tea | Sunrise Village
    Modem Internet and Router Business TP link and Modem Phone and 4G Data Internet Backup and Access Point from another room.

    Updated sunrise Village:

    https://richardapplegate.io/i-did-upgrade-network-cabinet-at-sunrise-village/

    Anthem Coffee and Tea Point Ruston – Phone, 4G data backup, Modem, router, switch.
    Anthem Coffee and Tea – Old Town – Modem, Phone, Router, 4G, POE for camera. soon cabinet will add.

    Updated Old Town:

    https://richardapplegate.io/i-did-build-a-cabinet-network-in-old-town-and-it-worked-out-pretty-well/
    Anthem Coffee and Tea – DownTown Puyallup before
    Anthem Coffee and Tea – Downtown Puyallup This is After

    Updated Puyallup:

    https://richardapplegate.io/i-did-anthem-coffee-and-tea-upgrade-network-shelf-to-cabinet/
    Anthem Coffee and Tea – Medical Campus Network setup with backup battery
    Anthem Coffee and Tea – Downtown Tacoma – Network Setup

    Updated: UWT Cabinet

    Coming soon.

    Anthem Coffee and Tea – Arioniza Litchfield
    Anthem Coffee and Tea – Arioniza Verrado

  • My DNS, both Primary and Secondary, got into DNS amplification attacks.

    This attack trigger was found on October 16, 2023, when I received an email that my server was nearly full. This is not a typical occurrence. Therefore, I discovered that my AdGuard Home DNS Server had been compromised, and that a significant number of IP addresses exceeding 20K were targeted specifically in Brazil, Latin, two France Server, London, and more due to their focus on DNS attacks.

    I decided to conduct a thorough investigation into the individuals present on our server to obtain CIDRs for clients who have been disallowed. As a result, I was able to successfully disallow 99.9 percent of the clients. It is a better way than to block country IP. Because I don’t see myself as needing to waste my IP that is never used. So this way better to do block CIDR Range whoever owner IP they will be automatic disallow because they’re letting them attack DNS Server on us.

    Cisco.com is real, but the content is not.
    This is unusual, everything happening at once. This will cause my server to experience a slowdown.

    After I added the IP CIDRs to the client that were not allowed, I noticed that my dashboard went back to normal. Again, here is the link for IP addresses. I have been working on these for the past three days, but it appears that they have been stopped. Therefore, I want to help your times and your DNS Server and our to-do better. 🙂

    Secondary Server – Dell Server Tower mini – Portainer with AdGuard Home

    Primary Server – Dell Server Tower – Portainer with AdGuard home

  • How to build RustDesk on Portainer with Cloudflare domain (Disable proxy needed)?

    This version is not PRO. Please note that. Soon, PRO will be coming. I just set up RustDesk pro with WebGui a couple of months ago.

    Please listen carefully to the RustDesk warning again. Do not install RustDesk and connect to the phone agents (fake windows, fake apple, fake ATT, fake bank, fake IRS) server. They will trick you and take your personal information.

    This solution is significantly less costly than TeamViewer and provides the most efficient solution for my job. It is also significantly less costly than TeamViewer. It allows me to resolve any issues on my employees or family’s computers, which reduces the cost of resolving the issue. Not only that, but it is highly secured. I chose to employ enforced encryption on RustDesk because I’d prefer not to expose it to the public and exploit my RustDesk server.

    Written Instruction:

    version: '3'
services:
  rustdesk-server:
    container_name: rustdesk-server
    ports:
      - 21115:21115
      - 21116:21116
      - 21116:21116/udp
      - 21117:21117
      - 21118:21118
      - 21119:21119
    image: rustdesk/rustdesk-server-s6:latest
    environment:
      - "RELAY=rustdesk.example.com:21117"
      - "ENCRYPTED_ONLY=1"
      - "DB_URL=/db/db_v2.sqlite3"
      - "KEY_PRIV=YourPrivateKEY"
      - "KEY_PUB=YourPublicKey"
    volumes:
      - /home/applegate/docker/rustdesk/db:/db
    restart: unless-stopped

    This command line on the ssh terminal generates the key you require.

    Command: docker run –rm –entrypoint /usr/bin/rustdesk-utils rustdesk/rustdesk-server-s6:latest genkeypair

    Copy and paste the key into your docker-compose environment.

    Then, you should deploy the stack. You’ve got your RustDesk up and running, and it’s encrypted, so no one can mess with it.

    Video Instructions:

Secret Link