I'm starting to provide Chinese / English versions of some articles, switch with the Language menu above. 我开始提供部分文章的中文、英文翻译,请使用顶部语言菜单切换。
Illustration

NixOS Series 1: Why do I fall in love

Right now I'm gradually migrating my servers from Devuan Linux to NixOS. NixOS is a Linux distribution centered on a set of Nix configuration files located in /etc/nixos, which is used to install and configure the whole operating system. Because this configuration set defines ALL config files and packages on the system, as long as you use the same config files, you will absolutely get the same operating system every time you reinstall. Nix configuration language is also Turing complete, so you will be able to generate config files with Nix, no matter how complicated that software is.Another important feature of Nix package manager is reproducible builds. Every package in NixOS is defined with Nix config files, and Nix package manager can promise that,...

Replace Jenkins with Drone CI

Jenkins is a free and open source CI/CD software, widely used in all kinds of scenarios. The main advantage of Jenkins is its grand collection of plugins capable of all sorts of jobs, including deploying with SCP or Ansible, analyzing code with Cppcheck, and notifying job status with Telegram or DingTalk.Previously I also use Jenkins for automation of numerous jobs, for example rebuilding my Docker images, deploying the blog you're visiting right now, and even auto sign-in to Genshin Impact.But Jenkins is a CI with a long history, and its predecessor Hudson was released back in 2005. Therefore, Jenkins executes commands directly when it comes to running jobs, instead of using modern approaches such as containers....

Lookup Any Public WHOIS with this nginx-based Server

After I set up a DN42 WHOIS server with nginx, I configured my DN42 Looking Glass to use this service. As my Looking Glass is capable of running as a Telegram bot, fellow group members are looking up WHOIS information of IPs and domains with it.But soon we noticed a problem. A significant part of members have applied for ASN and IP ranges on the public Internet after they're familiar enough with DN42, and they're peering at Internet Exchange Points. Therefore, they often need to lookup some public Internet IPs, ASNs and domains, yet none of the Telegram bots in our group can do so. It would be quite helpful for us if there exists a WHOIS server that proxies lookups to relevant registries.Proxying is exactly what nginx is good at....

DN42 Experimental Network: Intro and Registration (Updated 2021-05-02)

DN42, aka Decentralized Network 42, is a large, decentralized VPN-based network. But unlike other traditional VPNs, DN42 itself doesn't provide any VPN exits, which means it doesn't allow you to bypass Internet censorships or unlock streaming services. On the contrary, the goal of DN42 is to simulate another Internet. It uses much of the technology running on modern Internet backbones (BGP, recursive DNS, etc), and is a great replica of a real network environment.In short, DN42 is:NOT suitable for users only seeking privacy protection or bypassing censorshipNOT suitable for users consuming large amounts of bandwidth/data, such as for unlocking streaming servicesIS suitable for users learning about networking, practicing configuration of servers and routers,...

Setting up DN42 WHOIS Server with nginx

In my previous article "Setting up Gopher Site with nginx", I mentioned that the Gopher service is a byproduct of my original plan: modifying nginx into a WHOIS server for DN42. This article will explore into details of that process.The WHOIS Protocol ¶First, we can find a WHOIS server to observe its response. Choose the WHOIS server for .pub domain for example, and run telnet whois.nic.pub 43:# Type following line and hit enterlantian.pub# WHOIS server responded with:Domain Name: lantian.pubRegistry Domain ID: c69e5ccf9d834900be26f88fddc5c9e4-DONUTSRegistrar WHOIS Server: whois.dnspod.cnRegistrar URL: https://www.dnspod.cnUpdated Date: 2021-01-07T14:09:11ZCreation Date: 2016-10-23T08:36:41ZRegistry Expiry Date: 2029-10-23T08:36:41ZRegistrar: DNSPod, Inc....
Illustration

Setting up Gopher Site with nginx

Changelog ¶2021-03-24: Improve article processing, add scripts for parsing links and images.2021-03-21: Initial version.What's Gopher ¶Gopher is a protocol born in the early ages of Internet. It was invented at University of Minnesota on 1991, with a purpose similar to HTTP today. The protocol itself is extremely simple:Client connects to TCP port 70 of server, and send one line of URL ending with CRLF, e.g. some_dir/hello.txtServer sends data of the requested file and closes connection.And we're done.The server could be returning a text file, a picture, a binary file, or a Gopher list file called Gophermap with special formatting. Each line of the file is composed of the following fields:A character representing the type of this line, may it be text (i), a link to text file (0),...

Make an Infinite Sleep Program in Only 4KB

In my network configuration, some of my Docker containers, for example DNS, need to achieve high availability with Anycast. In my previous article, I created a Busybox container and run tail -f /dev/null, in order to let it persist infinitely, but without using any CPU cycles, to maintain a network namespace used by both the server application and BIRD.In short: I invented a Pod in Kubernetes on my own.I don't use K8S, since my nodes run individually rather than in a cluster, I don't need the cluster functionality of K8S at all. In addition, K8S is difficult to set up.But on another thought, a Busybox container seems like an overkill for this purpose, and I have to set the entrypoint manually. It would be great if I have a tiny Docker image that only sleeps indefinitely.Plan A:...

Static Build Tiny Docker Images

What's stored in Docker images can be seen as numerous tiny Linux systems. Most of them are based on Debian, Ubuntu or Alpine, with extra software installed on top.Using a complete Linux distribution as the basis gives the benefit of having commonly used commands available, such as ls and cat. They are often used in the image building process. In addition, they have comprehensive libraries of software packages, allowing users to create images that "just work" with apt-get. However, as soon as the image is built, these utilities become unnecessary burdens for disk space. In addition, a full Linux contains a service managing daemon, like SystemD or OpenRC, useless for Docker containers running only one program at a time.Although Docker images are "overlaid",...
Illustration

Writing Stories in Traceroute, Elegantly

Traceroute is one of the popular tools for network inspection. It shows the IP addresses of routers on the route from your computer to a destination server, similar to:Domains are shown on the last 2 hops, which is the IP's reverse DNS record. Reverse DNS records exist as PTR records in the format of 4.3.2.1.in-addr.arpa. For more information, you may refer to Setting IP Reverse Records in DN42 (Chinese Only).Naturally, where there are characters, there will be stories shown in them. Two years ago, I set up a bunch of Docker containers, and modified and chained their routing tables, so they create the path needed for showing the essay.Using a lot of containers isn't elegant enough, and is a management burden, especially if the path is long....

Disabling TR069 on a Youhua PT926G Fiber Optic Modem

This article explains the procedure to disable TR069 on a Youhua PT926G fiber optic modem, to prevent China Telecom from pushing config/firmware updates, and void your changes of switching to bridging mode, or setting port forward rules.In the WAN settings of the management portal of this modem, the TR069 connection can neither be modified or removed. But with a simple patch on the management portal's code, you can break the limitation on the modem.First, you should follow my previous article: Hacking a Youhua PT926G Fiber Optic Modem, to obtain the Telnet Root password.Then Telnet in, run su and type in the password to get to Root Shell. When you do that correctly, the commandline will prompt #.Then follow these steps:Type cp /home/httpd/web/net_eth_links.asp /var/ and hit Enter....