diff --git a/content/posts/hosting_mumble_on_a_subdomain_with_nginx.md b/content/posts/hosting_mumble_on_a_subdomain_with_nginx.md new file mode 100644 index 0000000..cb575fd --- /dev/null +++ b/content/posts/hosting_mumble_on_a_subdomain_with_nginx.md @@ -0,0 +1,156 @@ +--- +title: "Hosting Mumble on a Subdomain with Nginx" +date: 2024-01-04T10:04:57-07:00 +draft: false +tags: ['nginx', 'self host', 'mumble'] +summary: 'How to host a mumble server on a subdomain behind nginx reverse proxy' +tocOpen: true +cover: + image: "/images/nginx-mumble.png" + alt: "Nginx logo and Mumble Logo" + caption: "Star-crossed lovers" + relative: false +--- + +# All I Found Was Tumble Weeds + +Well I couldn't find any actual examples of someone doing what I wanted, namely, hosting +the murmur server on a subdomain on my machine behind an nginx proxy. I only have ports 80 +and 443 opened on my router, so I chose to recieve the mumble traffic to come in on port 443. +Sounds easy enough, but the problem comes when you let nginx decrypt the packets in the process +of passing them to the murmur server, it raises a TLS/SSL Termination Error. Murmur insists on +End to End Encryption (E2EE), which is a good thing. + +To not repeat the classic Cooking Recipe website mistake and put the solution at the bottom of +an Ad riddled page, here is the nginx config that got my setup working, all of this is the default +on an Arch Linux install, minus the `stream` block. Ports need to be defined for your setup for +`INTERNAL_MUMBLE_PORT` (port that murmur is listening on) and `NEW_NGINX_SSL_PORT`. Previously, +`NEW_NGINX_SSL_PORT` was 443, but the stream block now will be using 443, and you can't bind to the same +port with seperate services. So pick a new port for the other ssl nginx services to listen on, +as well as pass traffic to, internally. + +`nginx.conf` + +```conf +worker_processes 4; + +events { + worker_connections 1024; +} + +stream { + # Define upstreams that nginx can route traffic to + upstream mumble { + server localhost:; + } + + upstream fosscat { + server localhost:; # Was 443 until I added murmur + } + + # SNI, route to murmur if the subdomain matches + map $ssl_preread_server_name $name { + # Destination Upstream (above) to Route traffic to + mumble.fosscat.com mumble; + default fosscat; + } + + server { + # TCP traffic + listen 443; + # UDP traffic + listen 443 udp; + proxy_pass $name; + # Necessary line + # Dont decrypt packets, just pass them along + ssl_preread on; + } +} + +http { + include mime.types; + include /etc/nginx/sites-enabled/*; + default_type application/octet-stream; + + sendfile on; + keepalive_timeout 65; + + server { + listen 80; + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } +} + +``` + +Then here is this blog's nginx config file in `/etc/nginx/sites-available` that is sim-linked +into `/etc/nginx/sites-enabled`. I'm using certbot for ssl certs. Note that a port needs to be +provided in the second server block that matches the one provided above. + +`fosscat.com` file: + +```conf +server { + if ($host = www.fosscat.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + if ($host = fosscat.com) { + return 301 https://$host$request_uri; + } # managed by Certbot + + + listen 80; + server_name fosscat.com www.fosscat.com; + +} + +server { + listen ssl; + server_name fosscat.com www.fosscat.com; + ssl_certificate /etc/letsencrypt/live/fosscat.com/fullchain.pem; # managed by Certbot + ssl_certificate_key /etc/letsencrypt/live/fosscat.com/privkey.pem; # managed by Certbot + + root /usr/share/nginx/html/fosscat-site/public/; #Absolute path to where your hugo site is + index index.html; # Hugo generates HTML + + location / { + root /usr/share/nginx/html/fosscat-site/public; + try_files $uri $uri/ =404; + } + + error_page 404 /404.html; + location = /404.html { + root /usr/share/nginx/html/fosscat-site/public; + internal; + } +} +``` + +## Caveats + +I figured this setup out cobbling together some sparse posts online, the nginx docs, and asking chatGPT for +explanations. + +Currently, all of my sites and services work as expected with TLS and whatnot, however the murmur server doesn't +report as being online to clients before they connect. Also, the mumble client reports that only TLS is supported +so it switches to TLS only mode automatically, i.e. increased latency. I'm not sure why either of these are the case. + +To use the `stream` block and `ssl_preread` you have to have your nginx compiled with those options. Running `nginx -V` +should tell you whether you have a compatible nginx version. + +Thought I'd share my discovery in case anyone else runs into the same problem I did. + +As always, questions or corrections, feel free to open a PR on my git instance or email me @ tom@fosscat.com + diff --git a/content/posts/in_defense_of_privacy.md b/content/posts/in_defense_of_privacy.md new file mode 100644 index 0000000..bb55f55 --- /dev/null +++ b/content/posts/in_defense_of_privacy.md @@ -0,0 +1,20 @@ +--- +title: "In_defense_of_privacy" +date: 2023-08-17T22:26:23-06:00 +draft: true +tags: +summary: +tocOpen: true +cover: + image: "/images/img.jpg" + # can also paste direct link from external site + # ex. https://i.ibb.co/K0HVPBd/paper-mod-profilemode.png + alt: "" + caption: "" + relative: false +--- + + +https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/ + + diff --git a/content/posts/tbd_name.md b/content/posts/tbd_name.md new file mode 100644 index 0000000..e5b7377 --- /dev/null +++ b/content/posts/tbd_name.md @@ -0,0 +1,38 @@ +--- +title: "Tbd_name" +date: 2023-11-07T17:34:55-07:00 +draft: true +tags: +summary: +tocOpen: true +cover: + image: "/images/img.jpg" + # can also paste direct link from external site + # ex. https://i.ibb.co/K0HVPBd/paper-mod-profilemode.png + alt: "" + caption: "" + relative: false +--- + +I fly fairly frequently from where I live now to my home town. It's a convenient trip because there +are two conveniently located mini-boss sized airports close to both places. The (un)fortunate thing +about mini-boss sized airports are that they only attract the budget airline offerings. When you +purchase flights through these low-spec'd airlines, they try and swindle you by charging you for +making choices, like do you want to bring any bags? How about choose a seat to sit in the plane? + +I take the high (cheap) road and choose nothing, which means they pick a seat for me. Which means I +sit above the turbines every flight, my window looks out at the wing. +I am lead to believe that these mid-range seats are picked +least often, so I wonder, why are these seats of no apparent distinguishing quality least often +selected by the 'selectors'? If you want seats closer to the front, but dont want to front the bill, +you're in luck! Selecting the back of the plane is more expensive than not choosing any, and your +odds have to be impossibly better you will sit closer to the front by abstaining a seat selection. + +But I'm not complaining, nor do I wish people would have different airline decision-maing habits. +I feel priviledged to sit in view of the wing. It moves a surprising amount during flights, so I +could see that be troubling to the anxious or weary traveler. But to me, I find it satisfying. I +watch the slightest shift of an aeleron send the whole plane in a calculated, soft roll. I imagine +my arm as the wing: extending out the side of the plane. It reminds me of sticking my hand out the +window while driving to feel the force of the wind against your palm, turning a once invisible +everpresent essence into a carvable, ridable rush of energy. Watching the wing wobble a bit gives +the plane a little more mortality, I feel a little more the rush and the terror of the miracle of flight. diff --git a/content/posts/when_easy_going_isnt_easy.md b/content/posts/when_easy_going_isnt_easy.md new file mode 100644 index 0000000..12a0f8e --- /dev/null +++ b/content/posts/when_easy_going_isnt_easy.md @@ -0,0 +1,57 @@ +--- +title: "When_easy_going_isnt_easy" +date: 2023-09-08T10:02:55-06:00 +draft: true +tags: ['personality', 'mental health', 'advice'] +summary: 'My people-pleasing brain demands smooth sailing waters, often at the cost of the *******' +tocOpen: true +cover: + image: "/images/img.jpg" + # can also paste direct link from external site + # ex. https://i.ibb.co/K0HVPBd/paper-mod-profilemode.png + alt: "" + caption: "" + relative: false +--- + +# Easy Doesn't Equal Right + +I was sitting in the train, +watching someone across the aisle from me struggle to wrangle their electric scooter under their +seat. This person had a stainless steel insulated mug with what appeared to be a warm muddied +liquid inside. She placed it in the walkway, but I saw immediatly that the butt of her scooter +would shortly bump into the cup with any further scooter-scuffling. So, to avoid a muddy train, +I scooped up her mug and held it dutifully until the scooter sorting finished. + +"Thank you" She said. + +Me, wanting to assure her that it was really no inconvenience at all, that she shouldn't have to +worry about returning any favors, that it was just the right thing to do, I replied "No problem" + +My brain has a strong people-pleaser mode network; its often the default way I handle social +situations. I don't think there is anything wrong with that. But, I do think that its important +to be aware of the consequences of how we tend to handle things. This became apparent during a +conversation with family members. + +## Family Dynamics + +I will try to find the right words to explain the dynamic here, but my lack of professional +psycology training may lead me use incorrect vocabulary, so allow me to start with a blank slate. +My family is comprised of mostly emotionally low personalities. By low emotion I dont mean non-feeling +I mean behaviors common to people not as empathetic, like speaking before thinking, teasing (in +good faith), avoiding confrontation, making positive assumptions of others. However, there are +a few emotionally high personalities (I married one, love you ;) ), with behaviors like deeply +feeling, not assuming the best intention, thinking before speaking. These aren't necessarily hard lines, +and no one is entirely one or the other. Also, I did not illustrate all of the differences, but +hopefully enough just to see the big picture. I mostly just want to draw the distinction when it +comes to the easy going ethic. + +## Akuna Matada Gas Lighting + +With much of the family exhibiting an air of ease and light-heartedness, it became clear to me that +saying "No Worries" can invalidate the very real feelings and reactions of the emotionally high +people in the group. For example, I could say something meant in jest, a light jab of some flaw we +all recognize. In an emotionally high personality however, this can seem like an attack. Everyone +laughs, but for the teased person, their internal defense systems are blairing to elevate to DEFCON 1 +and fire up the shield generators. + diff --git a/static/images/nginx-mumble.png b/static/images/nginx-mumble.png new file mode 100644 index 0000000..3e42e0a Binary files /dev/null and b/static/images/nginx-mumble.png differ