MYFANTASY

I don't want to waste my IPv6 routed prefix. Some background story first. I applied for an IPv6 tunnel broker and they assigned me a /64 routed prefix ( read the post ). How to use it? Of course, docker containers. So I grab the nginx image and run containers with IPv6 support, access with public v6 IP or a domain name. The question remains: Why do we still use IPv4??? HOW-TO In the docker documentation, it recommends creating new networks instead of using those default ones (bridge/host/none). So I follow the instruction and create a bridge network for my IPv6 routed prefix.  0. IP Forwarding Note, IP forwading is required, and you can enable it by (with root!) # echo 1 > /proc/sys/net/ipv6/conf/all/forwarding  1. Create docker network. 2001:db8:1f19:242::/64 is the routed prefix I want to use with docker and I named the network nginxipv6. $ docker network create  -d bridge --ipv6 nginxipv6 \         --subnet "2001:db8:1f19:242::/64" \   ...

IPv4 only OpenVZ VPS, how to gain access to IPv6? Short answer: Tunnel! I use  TunnelBroker . TunnelBroker generously provides 5 free tunnels. I have an VPS with only public IPv4 addresses, but I would like to access another VPS with only IPv6 address. So we need some help here, a proxy that encapsulates IPv6 data in an existing IPv4 connections and transfer it to a host which has both IPv4 and IPv6, and process the IPv6 request in that host, and return the result. PS. The client has to be able to process IPv6, e.g. set up an IPv6 address. Architect This setup requires a host with public IPv4+IPv6 and I will name the host 'tunnel server' afterwards. The client host and the tunnel server are connected via an IPv4 tunnel. All IPv6 data will be encapsulated in IPv4 packets and transferred through this tunnel. The tunnel server receives and  de-encapsulates the IPv4 packet, gets the IPv6 request, processes it and get the result, encapsulates in IPv4 and transfers the result b...

Docker Hub does NOT support IPv6!!!!! In Dec 2020, docker hub only supports IPv4, and that's sad! $ docker pull nginx Using default tag: latest Error response from daemon: Get https://registry-1.docker.io/v2/: dial tcp 52.4.20.24:443: connect: network is unreachable But I need to pull images from docker hub, what should I do? Proxy! Yes, all we need is a HTTP proxy. Basically, I setup a HTTP proxy in another DUAL stack host (a host with both IPv4&IPv6), and ask the docker to use it. HOW-TO 1. install proxy I use goproxy . Download, extract, start proxy. By default, it listens on 33080. $ ./proxy http --debug --debug is for verbose information, drop it if everything goes well. 2. tell docker to use the proxy $ sudo systemctl edit docker.service and add the following to the file.. [Service] Environment="HTTP_PROXY=http://[Dualstack_IPv6]:33080" Environment="HTTPS_PROXY=https://[Dualstack_IPv6]:33080" # reload to read the changes $ sudo systemctl daemon-reload ...

Can't rsync to DSM! $ rsync -avz mystuff admin@onehost.onedomain.org:/volume1/MyShare/ Permission denied, please try again. rsync error: rsync service is no running (code 43) at io.c(687) [sender=3.0.9] Even ssh will result an error: $ ssh admin@onehost.onedomain.org rsync Permission denied, please try again. Solution $ rsync -avz -e ssh --rsync-path=/usr/bin/rsync \        mystuff admin@onehost.onedomain.org:/volume1/MyShare/ The --rsync parameter is the key. Older versions of DSM, rsync resides in /usr/syno/bin/, so use  --rsync-path=/usr/syno/bin/rsync instead.

SSH is good, but too many KEYS! Once the number of servers you have to manage reaches 5 or more, SSH keys will become a mess. Do I need to generate a new key pair for every machine? I don't want to upload keypairs to every server, and rotating them takes ages. This also imposes security threats.  Overhaul, here are some ideas. We need a big change. Here are goals I wish to achieve. Only ONE key and that's enough!  No key pairs on each server due to security concerns. Able to ssh back and forth between servers, no password required. Able to access GitHub/GitLab repositories with the same SSH key. WinSCP can access servers without a password. I will also cover the setup for Synology DSM, OpenWRT (dropbear). What do we need? Windows Linux Key Generation ssh-keygen, puttygen ssh-keygen PPK format puttygen Agent ssh-agent, pageant ssh-agent Client Putty, WinSCP ssh, scp For Linux, these usually come with distribution. For Windows clients, please install Git for Windows and downloa...

I am not able to change hostname! Yes, you can change the name of the container, but that's it, no useful. Even the command hostname  fails. You are stuck with the initial name when you created the container. Sad.... What's required? Yes, here is the solution and it requires shell access with root privilege . You may SSH to the box with admin and sudo root. Four steps locate container ID and content directory shutdown Docker service manually change them in config files start Docker service Once again, with root! 0. Change the container name in web UI console first if necessary. 1.  # docker ps -a Find the container ID in the 1st column. # docker inspect <container_id> | grep Path You will see the file path, a very long one, like this one, the blue part is the directory.         "HostnamePath": " /volume1/@docker/containers/0fbc2a4f6caf4f9337ds82e6dc57857514490a459e28054c1f616e2a9742bb35/ hostname", cd to that directory. 2. # synpkgctl stop Docker stop...

Ctrl+P doesn't work! When you are working in a shell running in a docker, you will find your friendly Ctrl+P doesn't work as expected.

Here just talks interactive shells, not non-interactive ones. I use Bash. Design One login shell at the top, and it spawns non-login shell. Non-login shells inherits most but *not* all settings from parent shell. So we should do heavy lifting work during login shell initialization, and left easy ones for non-login shell,  e.g. run df/uptime after login. What's the difference? login shell:        when login via TTY or SSH non-login shell: when run screen or bash Startup files Files are executed in this order. Taken from my VPS ubuntu image, your system might be different. login shell  (bash -l) /etc/profile     /etc/bash.bashrc  (sourced by /etc/profile) ~/.bash_profile ~/.bash_login ~/.profile  (will NOT run if .bash_profile or .bash_login exists)     ~/.bashrc  (sourced by ~/.profile) ~/.bash_logout  (invoked when logout) non-login shell:  (bash) /etc/bash.bashrc ~/.bashrc Reference https://unix.stackexchan...

问题：全民K歌、酷狗音乐等，在国外使用会提示国外版权原因无法开启一些功能。 解决方案：把手机彻底搞回国。 原理就是VPN翻回国+GPS国内定位，缺一不可。只用VPN是不够的！ GPS定位： 我用安卓，装了个 Fake GPS Location - GPS JoyStick，由The App Ninjas开发。 启用 开发者模式 （调试模式），设置里的模拟位置信息应用 ，选择刚刚装的这个软件。 运行软件，设置好你想要的位置。 浏览器打开map.baidu.com或者打开地图软件，看看是否能定位到你想要的位置。 VPN: 装一个VPN软件，选中国服务器，最好对应城市。 测试： 打开如全民K歌，酷狗音乐等，不会再提示地区版权问题了。