Add nginx post

content/posts/hosting_mumble_on_a_subdomain_with_nginx.md

@@ -0,0 +1,156 @@
+---
+title: "Hosting Mumble on a Subdomain with Nginx"
+date: 2024-01-04T10:04:57-07:00
+draft: false
+tags: ['nginx', 'self host', 'mumble']
+summary: 'How to host a mumble server on a subdomain behind nginx reverse proxy'
+tocOpen: true
+cover:
+  image: "/images/nginx-mumble.png"
+  alt: "Nginx logo and Mumble Logo"
+  caption: "Star-crossed lovers"
+  relative: false
+---
+
+# All I Found Was Tumble Weeds
+
+Well I couldn't find any actual examples of someone doing what I wanted, namely, hosting
+the murmur server on a subdomain on my machine behind an nginx proxy. I only have ports 80
+and 443 opened on my router, so I chose to recieve the mumble traffic to come in on port 443.
+Sounds easy enough, but the problem comes when you let nginx decrypt the packets in the process
+of passing them to the murmur server, it raises a TLS/SSL Termination Error. Murmur insists on
+End to End Encryption (E2EE), which is a good thing.
+
+To not repeat the classic Cooking Recipe website mistake and put the solution at the bottom of
+an Ad riddled page, here is the nginx config that got my setup working, all of this is the default
+on an Arch Linux install, minus the `stream` block. Ports need to be defined for your setup for
+`INTERNAL_MUMBLE_PORT` (port that murmur is listening on) and `NEW_NGINX_SSL_PORT`. Previously,
+`NEW_NGINX_SSL_PORT` was 443, but the stream block now will be using 443, and you can't bind to the same
+port with seperate services. So pick a new port for the other ssl nginx services to listen on,
+as well as pass traffic to, internally.
+
+`nginx.conf`
+
+```conf
+worker_processes 4;
+
+events {
+    worker_connections 1024;
+}
+
+stream {
+    # Define upstreams that nginx can route traffic to
+    upstream mumble {
+        server localhost:<INTERNAL_MUMBLE_PORT>;
+    }
+
+    upstream fosscat {
+        server localhost:<NEW_NGINX_SSL_PORT>; # Was 443 until I added murmur
+    }
+
+    # SNI, route to murmur if the subdomain matches
+    map $ssl_preread_server_name $name {
+        # Destination         Upstream (above) to Route traffic to
+        mumble.fosscat.com    mumble;
+        default               fosscat;
+    }
+
+    server {
+        # TCP traffic
+        listen 443;
+        # UDP traffic
+        listen 443 udp;
+        proxy_pass $name;
+        # Necessary line
+        # Dont decrypt packets, just pass them along
+        ssl_preread on;
+    }
+}
+
+http {
+    include       mime.types;
+    include       /etc/nginx/sites-enabled/*;
+    default_type  application/octet-stream;
+
+    sendfile           on;
+    keepalive_timeout  65;
+
+    server {
+        listen       80;
+        server_name  localhost;
+
+        location / {
+            root   /usr/share/nginx/html;
+            index  index.html index.htm;
+        }
+
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   /usr/share/nginx/html;
+        }
+    }
+}
+
+```
+
+Then here is this blog's nginx config file in `/etc/nginx/sites-available` that is sim-linked
+into `/etc/nginx/sites-enabled`. I'm using certbot for ssl certs. Note that a port needs to be
+provided in the second server block that matches the one provided above.
+
+`fosscat.com` file:
+
+```conf
+server {
+    if ($host = www.fosscat.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    if ($host = fosscat.com) {
+        return 301 https://$host$request_uri;
+    } # managed by Certbot
+
+
+    listen 80;
+    server_name fosscat.com www.fosscat.com;
+
+}
+
+server {
+    listen <NEW_NGINX_SSL_PORT> ssl;
+    server_name fosscat.com www.fosscat.com;
+    ssl_certificate /etc/letsencrypt/live/fosscat.com/fullchain.pem; # managed by Certbot
+    ssl_certificate_key /etc/letsencrypt/live/fosscat.com/privkey.pem; # managed by Certbot
+
+    root /usr/share/nginx/html/fosscat-site/public/; #Absolute path to where your hugo site is
+    index index.html; # Hugo generates HTML
+
+    location / {
+        root /usr/share/nginx/html/fosscat-site/public;
+        try_files $uri $uri/ =404;
+    }
+
+    error_page 404 /404.html;
+    location = /404.html {
+        root /usr/share/nginx/html/fosscat-site/public;
+        internal;
+    }
+}
+```
+
+## Caveats
+
+I figured this setup out cobbling together some sparse posts online, the nginx docs, and asking chatGPT for
+explanations.
+
+Currently, all of my sites and services work as expected with TLS and whatnot, however the murmur server doesn't
+report as being online to clients before they connect. Also, the mumble client reports that only TLS is supported
+so it switches to TLS only mode automatically, i.e. increased latency. I'm not sure why either of these are the case.
+
+To use the `stream` block and `ssl_preread` you have to have your nginx compiled with those options. Running `nginx -V`
+should tell you whether you have a compatible nginx version.
+
+Thought I'd share my discovery in case anyone else runs into the same problem I did.
+
+As always, questions or corrections, feel free to open a PR on my git instance or email me @ tom@fosscat.com
+

content/posts/in_defense_of_privacy.md

@@ -0,0 +1,20 @@
+---
+title: "In_defense_of_privacy"
+date: 2023-08-17T22:26:23-06:00
+draft: true
+tags:
+summary:
+tocOpen: true
+cover:
+  image: "/images/img.jpg"
+  # can also paste direct link from external site
+  # ex. https://i.ibb.co/K0HVPBd/paper-mod-profilemode.png
+  alt: ""
+  caption: ""
+  relative: false
+---
+
+
+https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/
+
+

content/posts/tbd_name.md

@@ -0,0 +1,38 @@
+---
+title: "Tbd_name"
+date: 2023-11-07T17:34:55-07:00
+draft: true
+tags:
+summary:
+tocOpen: true
+cover:
+  image: "/images/img.jpg"
+  # can also paste direct link from external site
+  # ex. https://i.ibb.co/K0HVPBd/paper-mod-profilemode.png
+  alt: ""
+  caption: ""
+  relative: false
+---
+
+I fly fairly frequently from where I live now to my home town. It's a convenient trip because there
+are two conveniently located mini-boss sized airports close to both places. The (un)fortunate thing
+about mini-boss sized airports are that they only attract the budget airline offerings. When you
+purchase flights through these low-spec'd airlines, they try and swindle you by charging you for
+making choices, like do you want to bring any bags? How about choose a seat to sit in the plane?
+
+I take the high (cheap) road and choose nothing, which means they pick a seat for me. Which means I
+sit above the turbines every flight, my window looks out at the wing.
+I am lead to believe that these mid-range seats are picked
+least often, so I wonder, why are these seats of no apparent distinguishing quality least often 
+selected by the 'selectors'? If you want seats closer to the front, but dont want to front the bill,
+you're in luck! Selecting the back of the plane is more expensive than not choosing any, and your
+odds have to be impossibly better you will sit closer to the front by abstaining a seat selection.
+
+But I'm not complaining, nor do I wish people would have different airline decision-maing habits.
+I feel priviledged to sit in view of the wing. It moves a surprising amount during flights, so I
+could see that be troubling to the anxious or weary traveler. But to me, I find it satisfying. I
+watch the slightest shift of an aeleron send the whole plane in a calculated, soft roll. I imagine
+my arm as the wing: extending out the side of the plane. It reminds me of sticking my hand out the
+window while driving to feel the force of the wind against your palm, turning a once invisible
+everpresent essence into a carvable, ridable rush of energy. Watching the wing wobble a bit gives
+the plane a little more mortality, I feel a little more the rush and the terror of the miracle of flight.

content/posts/when_easy_going_isnt_easy.md

@@ -0,0 +1,57 @@
+---
+title: "When_easy_going_isnt_easy"
+date: 2023-09-08T10:02:55-06:00
+draft: true
+tags: ['personality', 'mental health', 'advice']
+summary: 'My people-pleasing brain demands smooth sailing waters, often at the cost of the *******'
+tocOpen: true
+cover:
+  image: "/images/img.jpg"
+  # can also paste direct link from external site
+  # ex. https://i.ibb.co/K0HVPBd/paper-mod-profilemode.png
+  alt: ""
+  caption: ""
+  relative: false
+---
+
+# Easy Doesn't Equal Right
+
+I was sitting in the train,
+watching someone across the aisle from me struggle to wrangle their electric scooter under their
+seat. This person had a stainless steel insulated mug with what appeared to be a warm muddied
+liquid inside. She placed it in the walkway, but I saw immediatly that the butt of her scooter
+would shortly bump into the cup with any further scooter-scuffling. So, to avoid a muddy train,
+I scooped up her mug and held it dutifully until the scooter sorting finished.
+
+"Thank you" She said.
+
+Me, wanting to assure her that it was really no inconvenience at all, that she shouldn't have to
+worry about returning any favors, that it was just the right thing to do, I replied "No problem"
+
+My brain has a strong people-pleaser mode network; its often the default way I handle social
+situations. I don't think there is anything wrong with that. But, I do think that its important
+to be aware of the consequences of how we tend to handle things. This became apparent during a 
+conversation with family members.
+
+## Family Dynamics
+
+I will try to find the right words to explain the dynamic here, but my lack of professional
+psycology training may lead me use incorrect vocabulary, so allow me to start with a blank slate.
+My family is comprised of mostly emotionally low personalities. By low emotion I dont mean non-feeling
+I mean behaviors common to people not as empathetic, like speaking before thinking, teasing (in
+good faith), avoiding confrontation, making positive assumptions of others. However, there are
+a few emotionally high personalities (I married one, love you ;) ), with behaviors like deeply
+feeling, not assuming the best intention, thinking before speaking. These aren't necessarily hard lines,
+and no one is entirely one or the other. Also, I did not illustrate all of the differences, but
+hopefully enough just to see the big picture. I mostly just want to draw the distinction when it
+comes to the easy going ethic.
+
+## Akuna Matada Gas Lighting
+
+With much of the family exhibiting an air of ease and light-heartedness, it became clear to me that
+saying "No Worries" can invalidate the very real feelings and reactions of the emotionally high
+people in the group. For example, I could say something meant in jest, a light jab of some flaw we
+all recognize. In an emotionally high personality however, this can seem like an attack. Everyone
+laughs, but for the teased person, their internal defense systems are blairing to elevate to DEFCON 1
+and fire up the shield generators. 
+