Since I have multiple architecture devices running Docker (including x86 servers, Raspberry Pi, Tinker Board), for each commonly used software, I need to build an image for each different architecture . Previously, my approach was to maintain a separate Dockerfile for each architecture, similar to this : You can see that each Dockerfile is almost identical except for the base image referenced in the FROM instruction. While this management method simplifies writing build scripts (travis.yml) by allowing direct docker build commands for each, the drawback is obvious: every time the software version updates or I decide to add/remove a feature, I have to modify multiple Dockerfiles. Two days ago while researching, I discovered a Docker feature: Build Args,...

Just a few days ago, HE.NET Tunnelbroker's French server experienced an outage. When I configured my Kimsufi server, I assigned the native IPv6 addresses to ESXi for exclusive use (as described in this article ), leaving pfSense with only native IPv4 and obtaining IPv6 addresses through Tunnelbroker. Consequently, all virtual machines on the server lost IPv6 connectivity. More critically, since I had set up a NAT64 service on the server following this article , and configured pfSense's DNS resolution to prioritize Google DNS's NAT64 servers (2001:4860:4860::64 and 2001:4860:4860::6464) with IPv4 as fallback, DNS resolution almost completely failed due to the IPv6 outage combined with pfSense's long DNS timeout settings. To prevent such cascading failures from recurring,...

My various servers host different services, each with its own username/password system, making unified management difficult. If my password were compromised in the future, changing them individually would be extremely tedious. Therefore, I want to use a dedicated service to manage usernames and passwords, with all other services obtaining authentication information from it. LDAP is one of the commonly used authentication protocols. Not only do many applications natively support it (including Jenkins, pfSense, etc.), but through plugins, nginx can also support it, adding unified authentication management to any web-based service. Adding the Plugin If your nginx is compiled from source, adding the LDAP plugin only requires three steps: apk add openldap-dev git clone https://github....

It has been 11 months since I last enabled TLS 1.3 for nginx. After nearly a year, many nginx-related programs and patches have undergone significant changes: OpenSSL has released beta versions of 1.1.1, with the latest being 1.1.1-pre8 (Beta 6) at the time of writing. nginx has been updated to version 1.15.1. Bugs in nginx's HPACK patch (HTTP header compression) have been fixed by subsequent patches. Using the original HPACK patch causes abnormal website access, manifesting as protocol errors when attempting to load subsequent pages after the first. A developer has released an OpenSSL patch enabling the latest OpenSSL to simultaneously support TLS 1.3 draft versions 23, 26, and 28. Lets Encrypt certificates now include Certificate Transparency information by default,...

Kimsufi is a budget brand under French company OVH, specializing in renting high-performance servers at extremely affordable prices. I personally rent the KS-4C model, featuring an i5-2400 processor, 16GB RAM, 2TB HDD, 100Mbps unmetered bandwidth, for just 13 euros/month. Its exceptional value makes it perfect for running virtual machines for experiments. VMware ESXi (now also called vSphere Hypervisor) and Proxmox VE are two popular operating systems specifically designed for virtualization, both available for free. Crucially, Kimsufi's control panel offers one-click installations for both systems. However, during my usage, I found that Proxmox VE frequently suffered from unresponsive remote VM connections (VNC black screens) or keystroke loss (especially critical during password entry)...

Many people have set up email systems on their own domain names. I also use Zoho's domain email service for my main site lantian.pub. However, a major drawback of using domain email is that it's difficult to remember server addresses for POP3, IMAP, SMTP, etc. When reinstalling systems or email clients requires reconfiguration, you have to log back into the email system to check server addresses, which is quite troublesome. If you use the Thunderbird email client, you may notice during account setup that Thunderbird has a "Retrieve settings from email provider" process. This essentially requests an XML document from the domain's web server containing email server configurations. By manually creating this configuration file and hosting it on your web server,...

DN42, short for Decentralized Network 42, is a large-scale VPN network. Unlike traditional VPNs, DN42 utilizes technologies commonly deployed on internet backbones (such as BGP), making it an excellent simulation of a real-world network environment. In a previous article , I joined the DN42 network, registered my own domain in another article , and set up my own DNS server. Later, in this article , I configured IPv4 reverse DNS. At that time, due to some outdated information on the DN42 Wiki, I mistakenly believed IPv6 reverse DNS couldn't be configured. However, I've since confirmed it's possible through experimentation. Since the setup process is largely similar, this article will share significant overlap (copy-pasted content) with the earlier IPv4 guide....

DN42, short for Decentralized Network 42, is a large-scale VPN network. Unlike traditional VPNs, DN42 utilizes technologies commonly deployed in internet backbones (such as BGP), effectively simulating a real-world network environment. In a previous article , I joined the DN42 network, and in another article , I registered my own domain and configured my DNS server. With a DNS server in place, we can now set up reverse lookup records for our IP addresses. Reverse lookup primarily aids in spam prevention and improves the appearance of outputs in network tools like ping and traceroute. Setting Up the Resolver for IP Ranges The first step is to delegate reverse resolution for your IP ranges to your DNS server. My servers are ns[1-3].lantian.dn42. While all could theoretically be specified,...

DN42, aka Decentralized Network 42, is a large VPN network. Unlike traditional VPNs, DN42 uses a lot of technology involved in Internet backbones (such as BGP) and is a great simulation of a realistic network environment. In a previous post , I joined DN42 and connected most of my VPSes to it. (The ones left are OpenVZ VPSes without Tun/Tap support.) I knew from the beginning that DN42 has its own domain name system. For example, DN42's wiki ( https://wiki.dn42.us/Home ) can be accessed as https://internal.dn42 in DN42. I didn't register a domain back then since I didn't have time, and I didn't have much knowledge of DN42. I finished the registration this month and would like to share my experience. Building Authoritative DNS An authoritative DNS is responsible for a domain's records....

The largest hosting provider on TG, 50KVM, has gone bankrupt! VPSs originally priced at over 100 or 200 yuan are now all 2 yuan! All for 2 yuan! (Not really) The Beginning On Sunday, April 1st around midnight, lying in bed watching the latest episode of "National Team" Telegram notification pops up: 50KVM released an April Fools' discount: Since I finished watching "National Team," might as well try entering these emojis First Attempt Tried inputting emojis using macOS input method – turned out impractical since I couldn't recognize what these emojis were Googled "emoji list" Found an emoji reference site Emoji List Wait, macOS emojis look completely different from those in the image Took some guesses (After 5 attempts) Still need to identify the emoji font....