blog.masa23.jp

Creating a Lego selfdns Provider

I created a provider that makes the lego command itself a DNS server to perform DNS-01 authentication when obtaining Let’s Encrypt SSL certificates using Lego. Introduction Lego is a command-line tool written in Go that acts as an ACME client to obtain SSL certificates from Let’s Encrypt and other certificate authorities. What did I do? Lego’s DNS-01 authentication supports various DNS providers, but for times when “there’s no DNS server with an API available!
2023-02-16

Setting Up Rspamd

Here’s a note on adding Rspamd to an existing Postfix mail server. The server is running on Ubuntu 20.04. Install Redis Install via apt # apt install redis Check if it is running # systemctl status redis.service Ensure it shows active (running) Verify it is listening on port 6379 # ss -ltn | grep 6379 LISTEN 0 511 127.0.0.1:6379 0.0.0.0:* LISTEN 0 511 [::1]:6379 [::]:* If it is listening on 0.
2022-11-21

Mattermost Shows 404 Page Not Found After Restart

Before upgrading Mattermost, I restarted Mattermost and encountered a 404 Page Not Found issue. Here’s a note on the troubleshooting steps. Symptoms When accessing http://<mattermost-server>/, a 404 Page Not Found error is displayed. Cause I use nginx for caching in front of Mattermost, and I disabled gzip compression in nginx. However, I mistakenly set the WebserverMode to “disabled” instead of “uncompressed,” causing the web server to be disabled. The issue did not appear immediately after changing the setting; it only occurred after restarting Mattermost, making it difficult to identify the cause.
2022-10-09

Bulk Adding Slack Reactions (Emojis) to Mattermost

Since Slack’s log retention period has been reduced to 90 days, making it harder to view past logs, I decided to implement Mattermost. Here’s a note on how I copied custom emojis (reactions) from Slack to Mattermost. Extracting Reactions from Slack Initially, I planned to extract the reactions using Slack’s API, but using the Chrome extension Slack Custom Emoji Manager made it very easy to download them. Install the Chrome extension and access https://.
2022-09-29

Notes on Resource Limits in FreeBSD

I wasn’t very familiar with this, so I did a brief research. To use RCTL in FreeBSD, a kernel with RACCT and RCTL enabled is required. The Generic kernel of FreeBSD 13.1 seems to have this enabled, so enable it in loader.conf. root@freebsd13:~ # grep -E 'RACCT|RCTL' /usr/src/sys/amd64/conf/GENERIC options RACCT # Resource accounting framework options RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default options RCTL # Resource limits # echo "kern.racct.enable=1" >> /boot/loader.
2022-08-10

Using Bridge Networks on Sakura Cloud

Note: This is possible, but not the intended use. Enjoy it as a fun experiment. On Sakura Cloud, it is not possible to connect using a bridge. Can I assign a fixed MAC address or change it to an arbitrary one? It is presumed that packets with MAC addresses other than those of the created VM cannot leave the VM on Sakura Cloud’s switch. Creating a bridge within a VM to connect LXD containers directly to the router + switch IP address or the switch’s local IP address for communication is not possible.
2022-07-07

Notes on pfctl Commands

I always forget pfctl commands, so here are some notes. Rule Related Check current rules # pfctl -s rules Add -v to see statistics # pfctl -vs rules Table Operations List tables # pfctl -s Tables Add -vv to see statistics # pfctl -vvs Tables Display IP addresses in a table # pfctl -t <table> -T show Add an IP address to a table # pfctl -t <table> -T add <IPAddress> Remove an IP address from a table # pfctl -t <table> -T delete <IPAddress> Remove all IP addresses from a table # pfctl -t <table> -T flush
2022-07-07

Notes on Adding OpenDKIM to Postfix + DMARC

Given the strict spam filters these days, I decided to implement DKIM on my personal mail server. Here are the notes from that process. For DMARC settings, see the update in November 2023. August 2024 Update I have switched from OpenDKIM to arcmilter. Changed from OpenDKIM to arcmilter and Added Support for ARC Signatures Environment Ubuntu 20.04 OpenDKIM Installation # apt install opendkim opendkim-tools Create the directory to store keys # install -d /etc/opendkim/key # cd !
2022-05-20

Notes on Ubuntu 22.04

Upon upgrading to Ubuntu 22.04, it seems that the way to specify gateway4 and gateway6 in netplan has been deprecated. Error Messages `gateway4` has been deprecated, use default routes instead. See the 'Default routes' section of the documentation for more details. `gateway6` has been deprecated, use default routes instead. See the 'Default routes' section of the documentation for more details. Before Fix network: ethernets: ens3: addresses: - 192.168.0.2/24 gateway4: 192.168.0.1 nameservers: addresses: - 8.
2022-04-28

Configuring Wireguard with netplan

Here’s a note on setting up Wireguard using netplan. I couldn’t find many Japanese articles on this topic. Tested on Ubuntu 20.04. Server Side Generating private and public keys # umask 077 # wg genkey | tee private.key | wg pubkey > public.key netplan configuration network: tunnels: wg0: mode: wireguard key: <Generated private.key> port: 50000 # UDP port number to listen on addresses: [ 192.168.2.1/30 ] # IP address for wg0 peers: - allowed-ips: [0.
2021-04-29