Objectives:
1. To build white box for running ESXi
2. Support up to 64GB DDR4
3. Total power consumption below 30 watt on idle
4. Expandable, with PCI expansion slots and multiple SATA ports
5. Cheap as possible

Part lists (as of October 2017)
Intel – Pentium G4560 3.5GHz Dual-Core Processor RM 320.00 (Lazada)
-poor-man’s Core i7 CPU, price vs performance, when it introduced it cannibalized the i3 sales. Intel realized this and slow down the production. Low TDP.

Asus – PRIME B250M-A Micro ATX LGA1151 Motherboard RM 415.00 (Lazada)
-4 DIMM slots and support up to 64GB DDR4. Alternatively, you may consider Gigabyte GA-B250M-D3H.

Avexir Core Series DDR4/2400Mhz/16GB/LED RAM RM 569.00 (Lazada)
Avexir Core Series DDR4/2400Mhz/16GB/LED RAM RM 519.00 (Lazada)
-simply because it is the cheapest. 2x16GB is cheaper than 4X8GB RAM. Furthermore, I have 2 more free DIMMs slots with this configuration.

Corsair – VS 450W ATX Power Supply RM 148.00 (Lelong)
-better than stock PSU

Tecware Quad Mini Cube ATX Case RM 180.00 (Lazada)
-cheap and affordable, importantly it perfectly fit my IKEA rack for space-saving purpose. The size and dimension are resemble the infamous HP Microserver Gen8 (bought it for a year ago then sold it because underutilized, now feeling regretted :P)

Western Digital – Caviar Blue 1TB 3.5″ 7200RPM Internal Hard Drive (Re-Use)

I bought mostly from Lazada due to stock availability and abusing their 10% voucher (price listed above before 10% discount). Price for CPU and RAM is higher due to scarcity and exchange rate.

Power Consumption
Average on 29 watts!!

ESXi running VMs

I just noticed that my VPS just expired 3 weeks ago, and there is no way to retrieve it back. That VPS equipped with 128MB RAM, 10GB HDD space for USD4.99 per year (damn cheap).

Then I’m seeking for another poor man VPS. I do not need humongous memory and disk space, just enough for me to SSH and perform remote network troubleshooting (nmap, nslookup, dig, telnet and sometimes for R&D purpose). Ramnode was the best candidate due to their SSD or SSD-Cached disk, but I want to explore another cheap provider.

I found a good deal with HostUS, for USD12 per year they provide:
– 768MB RAM
– 768MB vSwap
– 1 vCPU Core (Fair Use)
– 20GB Disk Space
– 2TB transfer
– 1Gbps uplink
– 1x IPv4
– 4x IPv6
– OpenVZ / Breeze Panel

Breeze Panel is their modified WHCMS integrated with SolusVM (maybe).
vps1
Benchmark:
hwinfo
bench

USD12/year available from this link (affiliate). You can’t find from their main page. While stock last.

p/s: From TM Unifi, I’m getting better latency when I choose London Data Center.
pp/s: You can also use coupon code TOPPROVIDER for 20% off any unmanaged plans on their site

The purpose of the tutorial is to setup an ads blocking using Bind9 DNS Server. Tutorial is divided into 2 section: Setup Pixelserv and Setup AdBlock script for Bind9.
adblock

1. Setup Pixelserv

Pixelserv is a super minimal webserver, it’s one and only purpose is serving a 1×1 pixel transparent gif file. We will redirect web requests, for adverts, to our pixelserv (running in the same bind9 server).

Install Pixelserv

cd /usr/local/bin/
curl http://proxytunnel.sourceforge.net/files/pixelserv.pl.txt > pixelserv
chmod 755 pixelserv

We now need a simple init script for starting/stopping pixelserv, as /etc/init.d/pixelserv.

#! /bin/sh
# /etc/init.d/pixelserv
#
# Carry out specific functions when asked to by the system
case "$1" in
start)
echo "Starting pixelserv "
/usr/local/bin/pixelserv &
;;
stop)
echo "Stopping script pixelserv"
killall pixelserv
;;
*)
echo "Usage: /etc/init.d/pixelserv {start|stop}"
exit 1
;;
esac

exit 0
chmod 755 /etc/init.d/pixelserv

Add pixelserv to startup

update-rc.d pixelserv defaults

Run pixelserv

/etc/init.d/pixelserv start

bind9

2. AdBlock for Bind9

Create new file, /etc/bind/update.sh

curl "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=bindconfig&showintro=0&mimetype=plaintext" | sed 's/null.zone.file/\/etc\/bind\/nullzonefile.txt/g' > ad-blacklist

Make it executable

chmod +x update.sh

Execute update.sh to download adservers file

./update.sh

Verify file content, make sure the path is changed from:

zone "24pm-affiliation.com" { type master; notify no; file "null.zone.file"; }; to zone "24pm-affiliation.com" { type master; notify no; file "/etc/bind/nullzonefile.txt"; };

Create adblock zone file, we named it as nullzonefile.txt

$TTL    86400   ; one day  
@       IN      SOA     ads.example.com. hostmaster.example.com. (
               2014090102
                    28800
                     7200
                   864000
                    86400 )          
                NS      my.dns.server.org          
                A       $YOUR_DNS_SERVER_IP 
@       IN      A       $YOUR_DNS_SERVER_IP
*       IN      A       $YOUR_DNS_SERVER_IP

Reload bind9 configuration

rndc reload

Test your DNS Server

dig @localhost 24pm-affiliation.com

Should returned your own server ip address.

Reference:
https://charlieharvey.org.uk/page/adblocking_with_bind_apache
The Best Ad Blocking Method
http://box.matto.nl/dnsadblok.html
http://www.deer-run.com/~hal/sysadmin/dns-advert.html

Using BIND to reduce ad server content

Incoming search terms:

  • bind9 block ads
  • ad block DNS ipv6 server
  • ad blocking with your own dns
  • adblock bind hosts
  • bind adblock
  • ipv6 dns server adblock

This article will guide you step by step to get Bind DNS running.

Install Dependencies:

[email protected]:~# apt-get update
[email protected]:~# apt-get upgrade
[email protected]:~# apt-get install build-essential openssl libssl-dev libdb5.1-dev

Download Bind:

[email protected]:~# wget ftp://ftp.isc.org/isc/bind9/9.9.7/bind-9.9.7.tar.gz

Unpack Bind:

[email protected]:~# tar zxvf bind-9.9.7.tar.gz

Configure and then compile Bind9 source pre:

[email protected]:~# fakeroot ./configure --prefix=/usr --mandir=/usr/share/man --infodir=/usr/share/info --sysconfdir=/etc/bind --localstatedir=/var --enable-threads --enable-largefile --with-libtool --enable-shared --enable-static --with-openssl=/usr  --with-gnu-ld --with-dlz-postgres=no --with-dlz-mysql=no --with-dlz-bdb=yes --with-dlz-filesystem=yes  --with-dlz-stub=yes  CFLAGS=-fno-strict-aliasing --enable-rrl --enable-newstats

If compile success, you will see below screen:

========================================================================
Configuration summary:
------------------------------------------------------------------------
Optional features enabled:
Multiprocessing support (--enable-threads)
Response Rate Limiting (--enable-rrl)
New statistics (--enable-newstats)
Print backtrace on crash (--enable-backtrace)
Use symbol table for backtrace, named only (--enable-symtable)
Dynamically loadable zone (DLZ) drivers:
Berkeley DB (--with-dlz-bdb)
Filesystem (--with-dlz-filesystem)
Stub (--with-dlz-stub)

Features disabled or unavailable on this platform:
GSS-API (--with-gssapi)
PKCS#11/Cryptoki support (--with-pkcs11)
Allow 'fixed' rrset-order (--enable-fixed-rrset)
Automated Testing Framework (--with-atf)
XML statistics (--with-libxml2)
========================================================================

Compile and install bind9:

[email protected]:~# make install

Last step, we need to manually create the /var/cache/bind directory:

[email protected]:~# mkdir /var/cache/bind

Start the service:

[email protected]:~# sudo /etc/init.d bind9 start

Hopefully, bind9 will start just fine.

Explanation:

Tell Bind9 to utilize DLZ (Dynamically Loadable Zones) using BDB.

--with-dlz-postgres=no
--with-dlz-mysql=no
--with-dlz-bdb=yes
--with-dlz-filesystem=yes

Enable Response Rate Limiting, to limit DNS answer and help mitigate DNS amplification attacks

--enable-rrl

Readings:
https://kb.isc.org/article/AA-01000/0/A-Quick-Introduction-to-Response-Rate-Limiting.html
https://nlnet.nl/project/bind-dlz/200205-sane/paper.html
http://bind-dlz.sourceforge.net/

Incoming search terms:

  • Bind dlz mysql configuration
  • debian bind9
  • enable-largefile bind

Email Notification

You may set up email alerts for the following occurrences:.
– HD Status Report
– Fan errors
– Disk errors
– Backup Complete

SMTP Server
Enter the IP address and port number of your SMTP mail server. If no port number is entered, the default port 25 will be used.

POP3 Server
Many types of SMTP mail servers and authentication may be used with the LinkStation. Consult your IT department or ISP for any necessary login information to use your SMTP server.

Subject
Specify a subject line for the email notifications, such as “LinkStation Status Report”.

Recipient Mail Address
Notification emails can be sent to up to 5 email addresses.

linkstationemailsetup

linkstationemailsetupC

linkstationemailsetupD

linkstationemailsetupE

Update: 12 Nov 2015
For those having failed sending test email message, please check that you’re entering the correct password. Secondly, during my investigation I found this log in the NAS:

Nov 12 22:39:49 NAS sSMTP[9663]: Unable to set portno="465"
Nov 12 22:39:49 NAS sSMTP[9663]: Unable to set AuthType="SSL"
Nov 12 22:39:49 NAS sSMTP[9663]: Creating SSL connection to host
Nov 12 22:39:49 NAS sSMTP[9663]: SSL connection using AES128-SHA
Nov 12 22:39:50 NAS sSMTP[9663]: Authorization failed (534 5.7.14 https://support.google.com/mail/answer/78754 fp2sm15179963pbb.34 - gsmtp)

Follow this link and set “Access for less secure apps” to “Turn on”

offsecure

Incoming search terms:

  • buffalo gmail
  • buffalo nas
  • buffalo nas email settings
  • buffulo nas
  • email notification LS220D
  • setup buffalo nas
  • terrastation e-mail benachrichtigung gmail
Posted in NAS.

This is not a complete step-by-step data recovery guide. Here I just listed all software needed during my successful recovery.

1. To fix GPT record, use TestDisk.
2. To read and reconstruct RAID, use UFS Explorer Professional Recovery.

Notes:
1. Linkstation filesystem is XFS
2. Linkstation not using legacy MBR, instead it’s using GPT for partition table record

Some guide:
1. http://www.ufsexplorer.com/inf_linkstation.php
2. http://www.ufsexplorer.com/inf_terastation.php

Incoming search terms:

  • raid recovery buffalo
Posted in NAS.

The following examples use these addresses:
Munin server: 192.184.94.230 (ramnode.advanxer.com)
Munin node 1: 192.210.208.175 (bluevm.advanxer.com)
Munin node 2: 54.254.177.162 (ec2.advanxer.com)

Server side configuration
/etc/munin/munin.conf
htmldir /usr/share/nginx/www/munin
# a simple host tree
[ramnode.advanxer.com]
address 127.0.0.1
use_node_name yes

[bluevm.advanxer.com]
address 192.210.208.175
use_node_name yes

[ec2.advanxer.com]
address 54.254.177.162
use_node_name yes
# port 4950

Munin node configuration
/etc/munin/munin-node.conf
host_name vps.advanxer.com
allow ^192\.184\.94\.230$

Force node update: su - munin /usr/share/munin/munin-update
Look for update activity at /var/log/munin/munin-update.log

Reference:
http://www.mbse.eu/linux/homeserver/mgmt-maint/munin/
http://munin-monitoring.org/wiki/munin.conf
http://docs.mongodb.org/ecosystem/tools/munin/

I stumbled upon a website where the author is generous enough to program a GUI for the acp commander. I haven’t tried yet since my NAS already rooted. I, without his permission “mirror’ his page for my future reference.

Original link: http://www.gry.ch/Java/styled/

ACP Commander GUI is a Graphical User Interface using acp_commander developed by Georg from NAS-Central. ACP Commander GUI is based on the code of acp_commander with some modifications for better integration into the GUI.

Thanks to Georg for his nice work!

ACP Commander GUI can be used to remotely control your arm9-based LS Pro/LS Live/Tera Pro v2/Tera Live devices. I only tested it with an LS Live, but the others should work to.

Requirements:
This is a Java application. Please download Java for your System here.
Mac OS X Mountain Lion users: Download Java directly from Apple if not already installed.

Screenshot:
page16-acp_commander_gui
Features:

  • Automatically detects LinkStations™ available in your network, just select the desired one from the pulldown box.
  • Execute Linux commands directly on the LinkStation™ and get the output in the log window.
  • Set the door password of the LinkStation™.
  • Enable SSH (sshd). It will also add a startup entry so that SSH is also available after each reboot.
  • Tested on Firmware versions 1.560 and 1.570.

Simply enter the admin password in the “Admin password” field and you are done. That is the one you do also use to login to the Web Interface of the LinkStation™. After that, simply click on one of the buttons to execute the desired action.

For more LinkStation™ information visit Buffalo Technology.

Note: The data that can be returned from the LinkStation™ is limited by the protocol. That means if you manually execute a command (like “ls”) on the device it could be possible that you don’t get the full result back. Just keep that in mind.

Warning: This is experimental software that might damage your LinkStation™.

Version History:

  • 1.5.6 (08.04.2012)
    Initial release.

Download 1.5.6 (DMG file for Mac OS X 10.6+)
Download 1.5.6 (JAR file for all platforms)
Download 1.5.6 (ZIP for Microsoft Windows)
Download 1.5.6 (EXE for Microsoft Windows)

Incoming search terms:

  • acp commander gui
  • acp_commander
  • acp_commander_gui
Posted in NAS.

Since CloudFlare acts as a reverse proxy for websites, CloudFlare’s IPs are going to show in your server logs. This can be easily identified from awstats or webalizer.
cloudflare
There is an easy fix to restore original visitor IP for any web server.
1) Copy the source file mod_cloudflare.c to your web server.
wget https://raw.github.com/cloudflare/CloudFlare-Tools/master/mod_cloudflare.c
2) Make sure that the command apxs or apxs2 is installed somewhere.
If you are running Ubuntu or Debian, this can be installed with:

apt-get install apache2-prefork-dev

If you are running Fedora or CentOS, this can be installed with:

yum install httpd-devel

3) Execute this command as root:

apxs2 -iac mod_cloudflare.c

4) Restart apache.
5) Lastly, make sure that mod_cloudflare is working by tailing your access.log file. ou should see that the remote_ip field here is no longer that of the CloudFlare CDN IP ranges. You can execute this command to verify mod_cloudflare is loaded into Apache:

apachectl -t -D DUMP_MODULES | grep cloud

Related article

Incoming search terms:

  • apache show cloudflare source ip in log
  • cloudlare visitor ip

How Does CloudFlare’s Technology Work

CloudFlare’s technology is built like a CDN (content delivery network). It is a cloud-based, distributed network, which means it has multiple data centers spread across the web. When you add a domain to your CloudFlare account, CloudFlare acts as a proxy. This means that your visitor’s requests to your website are routed through the CloudFlare network.

To start using CloudFlare is fairly simple, go to https://www.cloudflare.com and add you site there. It takes around 1 minutes for CloudFlare to check your DNS record. Once verification finished, you must change your nameserver using CloudFlare’s predefined DNS server.