Alternative way to integrate custom logstash filters/plugins

Logstash plays an important part in the Elastic Stack environment. The built-in filters already provide a wide range of functions to manipulate events. In case you need something special you’ve a few choices. You could for example write inline ruby code or package it to a gem and make it an official plugin. Do you want to write ruby code? I for sure don’t. The approach I want to talk about is using the http filter (🖇️ 🔐) . Weiterlesen →

Trying out nginx as a load balancer in a container environment

I’m currently playing around with load balancing traffic from a proxy server to multiple worker services. Everything is done in a plain docker environment so I can only use a compose file. This was my first approach: --- version: '3.9' services: web: image: nginx deploy: replicas: 4 proxy: image: nginx ports: - 8080:80 volumes: - type: bind source: ./nginx.conf target: /etc/nginx/conf.d/default.conf read_only: true This spawns four nginx containers with nothing but the default “it works” page. Weiterlesen →

Ansible: Why you should use the assert module instead of failed_when

As an ansible user you may be familiar with the failed_when clause of a task. Its condition should resolve to a boolean value and determines if it was successful or not. In my backup playbook I’ve a task creating a tar archive by using the command module. Later on I want to check if an actual POSIX tar archive was created: - name: Check if a real tar archive was created command: "file /mnt/backups/mail. Weiterlesen →

WireGuard Site2Site VPN Guide

Setting up a Site 2 site VPN with WireGuard is pretty easy provided you have some basic WireGuard and IP routing knowlege. The scope of this guide is to provide sample configurations with additional explanations. You still have to use your brain and think what setup suits you best. This guide also only focuses on the current generation IP protocol IPv6. Legacy IPv4 addressing works exactly the same. This guide is also platform agnostic. Weiterlesen →

The one and only OPNsense port forwarding guide you ever need

So you are in the pitty situation that you need to make an IPv4 legacy system or application reachable but your port forwarding rules are not working? And watching a painfully 21 minute long YouTube video from a bearded guy did not help you in any way? Hold back your tears because you have just found the one and only port forwarding guide for OPNsense. In order for port forwarding to work you need to things: Weiterlesen →

BTRFS: Read only filesystem while mounted read write

While doing my monthly backups I got a little bit confused. I found an old backup of an LXC container which was not needed anymore. But I was not able to delete it: rm: cannot remove ‘container_backups/XXX/rootfs/var/log/private’: Read-only file system Checking with mount the backup filesystem was mounted rw and dmesg also did not indicate a btrfs problem. Missing privileges were also not an issue as I was logged in as root. Weiterlesen →

Running Tor's Snowflake Proxy in Docker

Due to Iran’s internet blocking I stumbled over Tor’s Snowflake proxy. A pluggable transport plugin based on WebRTC. They work similar to Tor’s bridge and relay system. The standalone proxy which this post is all about is written in golang. Snowflake proxies are not published making it harder to block them. User traffic towards the internet never exits the proxy. The last hop is always a Tor exit node. This makes it easy for people to help without having to deal with abuse reports or worse. Weiterlesen →

Regensburgs autonomer Bus "Emilia" ist enttäuschend

Emilia ist ein kleiner, elektrisch angetriebener Bus mit 8 Sitzplätzen, der mit maximal 20 km/h im Regensburger Gewerbepark “autonom” im Kreis fährt. Hier die Webseite dazu (🖇️ 🔐) . Autonomes Fahren interessiert mich sehr und angefixt von einem TVA Fernsehbeitrag (🖇️ 🔐) und einem Video über die verbaute Technik musste ich dieses Gefährt live erleben. Auf dem Bus ist eine GNSS Antenne, ein LiDAR Sensor und ein Mobilfunkmodem. Während dieses Testbetriebs fährt ein Begleiter mit, der mit Hilfe eines Xbox Controllers bei Bedarf eingreifen (steuern) kann. Weiterlesen →

WireGuard on OPNsese: wg0 is not a WireGuard interface

My WireGuard on OPNsense 22.1 suddenly stopped working out of nowhere and would not restart: root@firewall:~ # /usr/local/etc/rc.d/wireguard restart wg-quick: ‘wg0’ is not a WireGuard interface wg-quick: ‘wg0’ already exists Checking the wg0 interface via ifconfig told me that was a lie: root@firewall:~ # ifconfig wg0 wg0: flags=8002<BROADCAST,MULTICAST> metric 0 mtu 1420 options=80000 groups: tun wireguard nd6 options=103<PERFORMNUD,ACCEPT_RTADV,NO_DAD> A hanging interface is thankfully not new to me. I’ve dealt with many of them before when I was still OpenVPN. Weiterlesen →

Tesla Gen 3 Wallbox Monitoring mit InfluxDB

Die Gen 3 Wallbox von Tesla war KFW 440 förderfähig und muss deshalb in der Theorie vom Energieversorger gesteuert werden können. Meine Theorie ist, dass es deshalb eine nicht offiziell dokumentierte API gibt. Bis diese Steuerung spruchreif ist und die API nach “außen” hin verfügbar ist wäre es eine Schande diese nicht für eigene Zwecke zu benutzen. Die Wallbox muss dazu ins eigene WLAN eingebucht sein. API Übersicht Über die IP der Wallbox kann man die REST API abfragen. Weiterlesen →