Subsonic with Caddy

Ok, now that there is Let’s Encrypt, I thought that I shouldn’t have to do this certificate hackery all the time when Subsonic updates or the StartSSL certificate expires.

Caddyserver is the first Webserver/Proxy that I found that has most of the process automated and build in, so I’m using this. Getting started with this was pretty straightforward: Download, expand,  create a config file and before you start up, make sure that Caddy can run on port 80 without requiring to be root:

sudo setcap cap_net_bind_service=+ep ./caddy

My Caddyfile eventually ended up looking like this:

server.mydomain.de {
 proxy / localhost:4040 {
 proxy_header Host server.mydomain.de
 proxy_header Scheme https
 }

Well, it turned out to not be quite as easy. First I also had to make Subsonic stop hogging port 443. Those settings are found in /etc/default/subsonic. And while you’re at it, also edit out any certificates you may have added earlier in /usr/bin/subsonic. Oh, and make sure to note down which port non-https Subsonic runs, hopefully not 80, because Caddy needs that! I may have chosen 4040.

Restart Subsonic and make sure that you can reach it on the correct ports.

As stated, Caddy also needs to run on Port 80 for a brief moment. This is so it can do the certificate domain validation process. So edit your /etc/apache2/ports.conf to make sure not to block anything.

Restart apache2.

Now, to find out if everything works, start Caddy. If all is good, you’ll see a glorious all-ok message and can now access the server via https with a valid certificate.

But as you’ve undoubtedly noticed, Caddy isn’t running as a service yet. Thankfully Ubuntu has Upstart. So, add in a new file /etc/init/caddyservice.conf (thank you Mathias):

description "Caddy Server startup script"
author "Mathias Beke"
start on runlevel [2345]
stop on runlevel [016]
setuid runasme
setgid runasme
respawn
respawn limit 10 5
script
 cd /home/runasme/
 exec ./caddy

At this point I want to take a short moment to mention that whoever thinks that the Upstart Cookbook is an easy entry-level document is clearly out of their mind. Seriously, this „Cookbook“ has a whole chapter named „Critique of the System V init System“!

But I digress. If you don’t make the same mistake as me and confuse init with init.d, then you’re golden and now have a Caddy running as a service, forwarding requests to your Subsonic installation.

The only issue I haven’t been able to solve is that Subsonic has some stupid static URL linking going on so I have to open the settings in a new tab. But I can live with that.

Mehr Überwachung!

Ich wollte gerade einen längeren Text dazu schreiben in dem ich erneut darauf verweise, dass all die bestehende Überwachung wieder einmal erschreckend wenig (nämlich eigentlich gar nichts) verhindert hat, dass die Spuren, die jetzt aktuell geholfen haben aus unter anderem einem weggeworfenen Handy (unverschlüsselt) plus einem nicht gelöschtem Streckenverlauf im Navi eines Mietwagens bestanden.

Dazu könnte ich darauf verweisen, dass Terroristen immer auch einen weiteren Weg zur geheimen Kommunikation finden werden. Oder dass es denen ja eigentlich egal ist, weil sie ja eh auf eine Konfrontation aus sind.

Aber diejenigen, die das hier lesen sind eh schon überzeugt, und die anderen werde ich damit nicht überzeugen. Also lasse ich es…

Webcomic Montag: Die Apokalypse!

Lange war es still um diese Rubrik, aber ich habe ja wieder ein wenig neues Futter für Euch!

Fangen wir so richtig romantisch an. Romantically Apocalyptic um genau zu sein. Visuell ein meiner Ansicht nach herausragender Webcomic, irgendwo zwischen gezeichnet und photorealistisch. Die Story kann ich leider nicht wiedergeben, die ist zu bizarr. Generell sehen wir die Postapokalypse, wie sie der Captain, Snippy, Pilot und Engie erleben. Wenn Ihr seltsamen Humor und die Postapokalypse mögt, werdet Ihr das hier lieben.

Schwarzhumoriger und dabei aber auch zugänglicher kommt Gone with the Blastwave daher. Wieder Postapokalypse. Hier kämpfen namen- und gesichtslose Soldaten dreier nicht wirklich definierbaren Armeen gegeneinander. Warum? Daran kann sich niemand mehr so recht erinnern. Aber seit wann hält das Leute davon ab, aufeinander zu schießen, richtig?

BoingBoing, why you so bad?

I am really getting annoyed at BoingBoing by now. There is still the occasional interesting thing among the stream of articles they publish over the day, but that stream is getting worse and worse every day.

Of course, I can accept the „Cool Tools“ crossover, which is basically blatant advertising. Also, I can live the slightly more veiled advertising articles where they just grab some item, write a sentence about it and point you to an Amazon affiliate-link to buy it. I get slightly more upset about the fact that a good deal of the off-site links randomly have some ad-forwarder in between that my adblocker has to filter out for me. And then there are articles like this one: Criminal protip: don’t confess „off the record“:

Matthew D. Muller, 38, is in jail after confessing to a kidnapping, “off the record and on background” to a TV reporter.

If you follow the link under the text, or read the rest of the quote on BoingBoing, you won’t find anything about any confession, TV reporter or „off the record and on background“.  You need to follow the other link they thankfully provided later on with a stealth edit, which points you to Wired: ‘Gone Girl’ Suspect Confesses to Reporter—As FBI Listens In And in this link title alone, we learn that the confession was taped by the FBI, which immediately gives the story a whole different spin. But hey, Journalism is boring, Clickbait is much better, amirite?

Throwing BoingBoing out of my Feedreader now, thanks for the nicer times.

PS: I realize that this could be attributed to a simple human error, made in haste. But those errors get more and more frequent and the ad-article noise gets more and more annoying, so the bad by now severly outweigh the good for me. Sorry.