6 changed files with 0 additions and 272 deletions
--- a/content/posts/hosting-mumble-on-a-subdomain-with-nginx.md
+++ b/content/posts/hosting-mumble-on-a-subdomain-with-nginx.md
@ -1,156 +0,0 @@
 ---
 title: "Hosting Mumble on a Subdomain with Nginx"
 date: 2024-01-04T10:04:57-07:00
 draft: false
 tags: ['nginx', 'self host', 'mumble']
 summary: 'How to host a mumble server on a subdomain behind nginx reverse proxy'
 tocOpen: true
 cover:
  image: "/images/nginx-mumble.png"
  alt: "Nginx logo and Mumble Logo"
  caption: "Star-crossed lovers"
  relative: false
 ---
 # All I Found Was Tumble Weeds
 Well I couldn't find any actual examples of someone doing what I wanted, namely, hosting
 the murmur server on a subdomain on my machine behind an nginx proxy. I only have ports 80
 and 443 opened on my router, so I chose to recieve the mumble traffic to come in on port 443.
 Sounds easy enough, but the problem comes when you let nginx decrypt the packets in the process
 of passing them to the murmur server, it raises a TLS/SSL Termination Error. Murmur insists on
 End to End Encryption (E2EE), which is a good thing.
 To not repeat the classic Cooking Recipe website mistake and put the solution at the bottom of
 an Ad riddled page, here is the nginx config that got my setup working, all of this is the default
 on an Arch Linux install, minus the `stream` block. Ports need to be defined for your setup for
 `INTERNAL_MUMBLE_PORT` (port that murmur is listening on) and `NEW_NGINX_SSL_PORT`. Previously,
 `NEW_NGINX_SSL_PORT` was 443, but the stream block now will be using 443, and you can't bind to the same
 port with seperate services. So pick a new port for the other ssl nginx services to listen on,
 as well as pass traffic to, internally.
 `nginx.conf`
 ```conf
 worker_processes 4;
 events {
    worker_connections 1024;
 }
 stream {
    # Define upstreams that nginx can route traffic to
    upstream mumble {
        server localhost:<INTERNAL_MUMBLE_PORT>;
    }
    upstream fosscat {
        server localhost:<NEW_NGINX_SSL_PORT>; # Was 443 until I added murmur
    }
    # SNI, route to murmur if the subdomain matches
    map $ssl_preread_server_name $name {
        # Destination         Upstream (above) to Route traffic to
        mumble.fosscat.com    mumble;
        default               fosscat;
    }
    server {
        # TCP traffic
        listen 443;
        # UDP traffic
        listen 443 udp;
        proxy_pass $name;
        # Necessary line
        # Dont decrypt packets, just pass them along
        ssl_preread on;
    }
 }
 http {
    include       mime.types;
    include       /etc/nginx/sites-enabled/*;
    default_type  application/octet-stream;
    sendfile           on;
    keepalive_timeout  65;
    server {
        listen       80;
        server_name  localhost;
        location / {
            root   /usr/share/nginx/html;
            index  index.html index.htm;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   /usr/share/nginx/html;
        }
    }
 }
 ```
 Then here is this blog's nginx config file in `/etc/nginx/sites-available` that is sim-linked
 into `/etc/nginx/sites-enabled`. I'm using certbot for ssl certs. Note that a port needs to be
 provided in the second server block that matches the one provided above.
 `fosscat.com` file:
 ```conf
 server {
    if ($host = www.fosscat.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    if ($host = fosscat.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
    listen 80;
    server_name fosscat.com www.fosscat.com;
 }
 server {
    listen <NEW_NGINX_SSL_PORT> ssl;
    server_name fosscat.com www.fosscat.com;
    ssl_certificate /etc/letsencrypt/live/fosscat.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/fosscat.com/privkey.pem; # managed by Certbot
    root /usr/share/nginx/html/fosscat-site/public/; #Absolute path to where your hugo site is
    index index.html; # Hugo generates HTML
    location / {
        root /usr/share/nginx/html/fosscat-site/public;
        try_files $uri $uri/ =404;
    }
    error_page 404 /404.html;
    location = /404.html {
        root /usr/share/nginx/html/fosscat-site/public;
        internal;
    }
 }
 ```
 ## Caveats
 I figured this setup out cobbling together some sparse posts online, the nginx docs, and asking chatGPT for
 explanations.
 Currently, all of my sites and services work as expected with TLS and whatnot, however the murmur server doesn't
 report as being online to clients before they connect. Also, the mumble client reports that only TLS is supported
 so it switches to TLS only mode automatically, i.e. increased latency. I'm not sure why either of these are the case.
 To use the `stream` block and `ssl_preread` you have to have your nginx compiled with those options. Running `nginx -V`
 should tell you whether you have a compatible nginx version.
 Thought I'd share my discovery in case anyone else runs into the same problem I did.
 As always, questions or corrections, feel free to open a PR on my git instance or email me @ tom@fosscat.com
--- a/content/posts/in_defense_of_privacy.md
+++ b/content/posts/in_defense_of_privacy.md
@ -1,20 +0,0 @@
 ---
 title: "In_defense_of_privacy"
 date: 2023-08-17T22:26:23-06:00
 draft: true
 tags:
 summary:
 tocOpen: true
 cover:
  image: "/images/img.jpg"
  # can also paste direct link from external site
  # ex. https://i.ibb.co/K0HVPBd/paper-mod-profilemode.png
  alt: ""
  caption: ""
  relative: false
 ---
 https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/
--- a/content/posts/tbd_name.md
+++ b/content/posts/tbd_name.md
@ -1,38 +0,0 @@
 ---
 title: "Tbd_name"
 date: 2023-11-07T17:34:55-07:00
 draft: true
 tags:
 summary:
 tocOpen: true
 cover:
  image: "/images/img.jpg"
  # can also paste direct link from external site
  # ex. https://i.ibb.co/K0HVPBd/paper-mod-profilemode.png
  alt: ""
  caption: ""
  relative: false
 ---
 I fly fairly frequently from where I live now to my home town. It's a convenient trip because there
 are two conveniently located mini-boss sized airports close to both places. The (un)fortunate thing
 about mini-boss sized airports are that they only attract the budget airline offerings. When you
 purchase flights through these low-spec'd airlines, they try and swindle you by charging you for
 making choices, like do you want to bring any bags? How about choose a seat to sit in the plane?
 I take the high (cheap) road and choose nothing, which means they pick a seat for me. Which means I
 sit above the turbines every flight, my window looks out at the wing.
 I am lead to believe that these mid-range seats are picked
 least often, so I wonder, why are these seats of no apparent distinguishing quality least often 
 selected by the 'selectors'? If you want seats closer to the front, but dont want to front the bill,
 you're in luck! Selecting the back of the plane is more expensive than not choosing any, and your
 odds have to be impossibly better you will sit closer to the front by abstaining a seat selection.
 But I'm not complaining, nor do I wish people would have different airline decision-maing habits.
 I feel priviledged to sit in view of the wing. It moves a surprising amount during flights, so I
 could see that be troubling to the anxious or weary traveler. But to me, I find it satisfying. I
 watch the slightest shift of an aeleron send the whole plane in a calculated, soft roll. I imagine
 my arm as the wing: extending out the side of the plane. It reminds me of sticking my hand out the
 window while driving to feel the force of the wind against your palm, turning a once invisible
 everpresent essence into a carvable, ridable rush of energy. Watching the wing wobble a bit gives
 the plane a little more mortality, I feel a little more the rush and the terror of the miracle of flight.
--- a/content/posts/when-easy-going-isnt-easy.md
+++ b/content/posts/when-easy-going-isnt-easy.md
@ -1,58 +0,0 @@
 ---
 title: "When Easy Going Isnt Easy"
 date: 2023-09-08T10:02:55-06:00
 draft: false
 tags: ['personality', 'mental health', 'advice']
 summary: 'My people-pleasing brain demands smooth sailing waters, often at the cost of the emotionally sensitive.'
 tocOpen: true
 ---
 # Easy Doesn't Equal Right
 I was sitting in the train,
 watching someone across the aisle from me struggle to wrangle their electric scooter under their
 seat. This person had a stainless steel insulated mug with what appeared to be a warm muddied
 liquid inside. She placed it in the walkway, but I saw immediatly that the butt of her scooter
 would shortly bump into the cup with any further scooter-scuffling. So, to avoid a muddy train,
 I scooped up her mug and held it dutifully until the scooter sorting finished.
 "Thank you" She said.
 Me, wanting to assure her that it was really no inconvenience at all, that she shouldn't have to
 worry about returning any favors, that it was just the right thing to do, I replied "No problem"
 My brain has a strong people-pleaser mode network; its often the default way I handle social
 situations. I don't think there is anything wrong with that. But, I do think that its important
 to be aware of the consequences of how we tend to handle things. This became apparent during a 
 conversation with family members.
 ## Family Dynamics
 I will try to find the right words to explain the dynamic here, but my lack of professional
 psycology training may lead me use incorrect vocabulary, so allow me to start with a blank slate.
 My family is comprised of mostly emotionally low personalities. By low emotion I dont mean non-feeling
 I mean behaviors common to people not as empathetic, like speaking before thinking, teasing (in
 good faith), avoiding confrontation, making positive assumptions of others. However, there are
 a few emotionally high personalities (I married one, love you ;) ), with behaviors like deeply
 feeling, not assuming the best intention, thinking before speaking. These aren't necessarily hard lines,
 and no one is entirely one or the other. Also, I did not illustrate all of the differences, but
 hopefully enough just to see the big picture. I mostly just want to draw the distinction when it
 comes to the easy going ethic.
 ## Akuna Matada Gas Lighting
 With much of the family exhibiting an air of ease and light-heartedness, it became clear to me that
 saying "No Worries" can invalidate the very real feelings and reactions of the emotionally high
 people in the group. For example, I could say something meant in jest, a light jab of some flaw we
 all recognize. In an emotionally high personality however, this can seem like an attack. Everyone
 laughs, but for the teased person, their internal defense systems are blairing to elevate to DEFCON 1
 and fire up the shield generators. On seeing that I have made a mistake, I quickly reverse gears and
 attempt to extinguish the fire. I reassure the emotionally high
 person that there isnt any problem to worry about, it was just a tease. This, can inadvertendly tell this wonderful human
 being that the feelings they are having are unecessary and wrong. I coined this
 interaction Akuna Matada Gas Lighting, it means no worries, the feelings you have aren't real (goes with the tune even).
 I intend this post mostly for myself, in self reflection and puting my thoughts to words I feel like
 the things I learn become more concrete. But, if it helps anyone like myself take a deeper introspective
 look, then thats hopefully good too!
--- a/static/images/nginx-mumble.png
+++ b/static/images/nginx-mumble.png
--- a/update-theme.sh
+++ b/update-theme.sh