Articles

Automatically sync Traefik records with Cloudflare DNS using Traeflare

## Introduction This article will show you how to automatically sync Traefik records with Cloudflare DNS using Traeflare. This is useful if you want to use Traefik as a reverse proxy for your services and you want to use Cloudflare as your DNS provider. It's done by using [Traeflare](https://github.com/m4tt72/traeflare), a tool that automatically syncs Traefik records with Cloudflare DNS. ## Prerequisites - [ ] A [Cloudflare](https://www.cloudflare.com/) account - [ ] A [Traefik](https://traefik.io/) instance - [ ] An ubuntu server with [Docker](https://docs.docker.com/engine/install/ubuntu/) installed - [ ] [Docker compose](https://docs.docker.com/compose/install/) installed - [ ] A domain name that is managed by Cloudflare ## Steps **Let's assume that you are working in the directory `/home/ubuntu/traefik`.** ### 1. Prepare the environment variables Create a file called `.env` and add the following environment variables: | Variable | Description | Default | | --- | --- | --- | | TRAEFIK_API_URL | Traefik API URL | http://traefik:8080 | | CF_API_URL | Cloudflare API URL | https://api.cloudflare.com/client/v4 | | CF_ZONE_ID | Cloudflare Zone ID | | | CF_API_EMAIL | Cloudflare API Email | | | CF_API_KEY | Cloudflare API Key | | | CF_DNS_API_TOKEN | Cloudflare DNS API Token | | | DOMAIN_NAME | Domain Name | | | RECORD_TYPE | Cloudflare Record Type | CNAME | | PROXIED | Cloudflare Proxied | true | | PRUNE_RECORDS | Prune Records | true | ### 2. Update your docker-compose.yml file Assuming that you already have a Traefik service running and defined like the following in your `docker-compose.yml` file: ```yaml services: traefik: image: traefik:v2.10 container_name: traefik ports: - 80:80 - 443:443 volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - /etc/localtime:/etc/localtime:ro - ./traefik.yml:/etc/traefik/traefik.yml:ro - ./config:/etc/traefik/config:ro - ./acme:/etc/traefik/acme - ./logs:/var/log env_file: .env labels: - traefik.enable=true - traefik.http.services.traefik.loadbalancer.server.port=8080 # Add Traeflare here traeflare: image: ghcr.io/m4tt72/traeflare:main container_name: traeflare env_file: .env # Reference the environment variable file here restart: unless-stopped depends_on: - traefik whoiam: image: containous/whoami container_name: whoami labels: - traefik.enable=true # Traefik will automatically pick this up, generate routes for it, certificate, and also inform Traeflare to create a DNS record for it. # Your other services ``` With a directory tree that looks like this: ```bash . ├── acme │   └── acme.json ├── config │   └── config.yml ├── logs │   ├── access.log │   └── traefik.log └── traefik.yml ``` And with the configuration files in the directory: `traefik.yml` ```yaml global: checkNewVersion: false sendAnonymousUsage: false entryPoints: http: address: :80 http: redirections: entryPoint: to: https scheme: https permanent: true https: address: :443 http: tls: options: default certResolver: cloudflare log: level: DEBUG format: common filePath: /var/log/traefik.log accessLog: format: common filePath: /var/log/access.log api: insecure: true dashboard: true providers: docker: endpoint: unix:///var/run/docker.sock exposedByDefault: false watch: true defaultRule: Host(`{{ .ContainerName }}.example.com`) file: directory: /etc/traefik/config watch: true certificatesResolvers: cloudflare: acme: email: your-email@example.com storage: /etc/traefik/acme/acme.json dnsChallenge: provider: cloudflare delayBeforeCheck: 10 ``` `config/config.yml` ```yaml tls: options: default: minVersion: VersionTLS13 sniStrict: true ``` As you can see, we have a Traefik service that is defined in our `docker-compose.yml` file and a Traeflare service that is defined in our `docker-compose.yml` file. There is also a `whoami` service that is defined in our `docker-compose.yml` file, we added `traefik.enable=true` to the labels of this service so that Traefik can automatically pick it up, generate routes for it, certificate, and also inform Traeflare to create a DNS record for it. **Note:** Make sure your container, in this example `whoami`, has a label `traefik.enable=true` AND a `container_name` defined. ### 3. Start the Traeflare service Run the following command to start the Traeflare service: ```bash docker-compose up -d ``` ### 4. Check the Traeflare logs Run the following command to check the Traeflare logs: ```bash docker-compose logs -f traeflare ``` You will see that Traeflare has created a DNS record for the `whoami` service: ### 5. Check the Cloudflare DNS records and service URL Go to your Cloudflare account and check the DNS records, you will see that Traeflare has created a DNS record for the `whoami` service. You can also go to the URL of the `whoami` service and you will see that it's working. ## Conclusion In this article, we discussed how to automatically sync Traefik records with Cloudflare DNS using Traeflare. We installed Traeflare and configured it to automatically sync Traefik records with Cloudflare DNS. ## Further reading - [Traeflare](https://github.com/m4tt72/traeflare) ## References - [Traefik](https://traefik.io/) - [Cloudflare](https://www.cloudflare.com/) - [Docker](https://www.docker.com/)

December 16, 20234 min read707 words

Monitor a website for changes

## Introduction This article will show you how to monitor a website for changes. This is useful if you want to be notified when a website changes, for example, when a new blog post is published, a black friday sale starts, or an item is back in stock. ## Prerequisites - [ ] A [Telegram](https://telegram.org/) account - [ ] An ubuntu server with [Docker](https://docs.docker.com/engine/install/ubuntu/) installed - [ ] [Docker compose](https://docs.docker.com/compose/install/) installed ## Steps ### 1. Create a Telegram bot 1. Open Telegram and search for `@BotFather` 2. Send `/newbot` to `@BotFather` 3. Enter a name for your bot 4. Enter a username for your bot 5. Copy the token that `@BotFather` gives you ### 2. Create a Telegram chat 1. Open Telegram and search for `@userinfobot` 2. Send `/start` to `@userinfobot` 3. Send `/my_id` to `@userinfobot` 4. Copy the chat id that `@userinfobot` gives you ### 3. Create a Docker compose file 1. On your ubuntu server, create a file called `docker-compose.yml` with the following content: ```yaml version: "3.9" volumes: data: services: changedetection: image: dgtlmoon/changedetection.io:dev container_name: changedetection hostname: changedetection volumes: - data:/datastore environment: - PORT=5000 - PUID=1000 - PGID=1000 - WEBDRIVER_URL=http://browser-chrome:4444/wd/hub - PLAYWRIGHT_DRIVER_URL=ws://playwright-chrome:3000/?stealth=1&--disable-web-security=true - BASE_URL=http://localhost:5000 restart: unless-stopped ports: - 5000:5000 browser-chrome: hostname: browser-chrome image: selenium/standalone-chrome-debug:3.141.59 environment: - VNC_NO_PASSWORD=1 - SCREEN_WIDTH=1920 - SCREEN_HEIGHT=1080 - SCREEN_DEPTH=24 volumes: - /dev/shm:/dev/shm restart: unless-stopped playwright-chrome: hostname: playwright-chrome image: browserless/chrome restart: unless-stopped environment: - SCREEN_WIDTH=1920 - SCREEN_HEIGHT=1024 - SCREEN_DEPTH=16 - ENABLE_DEBUGGER=false - PREBOOT_CHROME=true - CONNECTION_TIMEOUT=300000 - MAX_CONCURRENT_SESSIONS=10 - CHROME_REFRESH_TIME=600000 - DEFAULT_BLOCK_ADS=true - DEFAULT_STEALTH=true ``` ### 4. Start the Docker containers 1. On your ubuntu server, run the following command to start the Docker containers: ```bash docker-compose up -d ``` ### 5. Add a website to monitor 1. Open a web browser and navigate to `http://localhost:5000` ![changedetection.io](/images/screenshot_1.png) 2. Paste the URL of the website you want to monitor in the `URL` field ![new website](/images/screenshot_2.png) 3. Click `Edit > Watch` 4. Under time between checks, select your preferred interval ![time between checks](/images/screenshot_3.png) 5. Under the `Request` tab, set `Fetching method` to `Playwright Chromium/Javascript via 'ws://playwright-chrome:3000/?stealth=1&--disable-web-security=true'` and `Wait seconds before extracting text` to a number higher than 15 6. Under the `Notifications` tab, enter the Telegram chat id and token you copied earlier as the following format: ```text tgram://<token>:<chat-id> ``` 7. Click `Save` You should now receive a notification when the website changes. ## Conclusion In this article, you learned how to monitor a website for changes. This is useful if you want to be notified when a website changes, for example, when a new blog post is published, a black friday sale starts, or an item is back in stock. ## Resources - [ ] [changedetection.io](https://changedetection.io/)

November 28, 20223 min read438 words

Secure your home network with Pi-hole

## [Introduction](#introduction) In this article, we will discuss how to secure your home network with Pi-hole. We will cover the following topics: - [Introduction](#introduction) - [Prerequisites](#prerequisites) - [Setting up Pi-hole](#setting-up-pi-hole) - [Conclusion](#conclusion) ## [Prerequisites](#prerequisites) - A server running Ubuntu 20.04 or later - Docker installed ## [Setting up Pi-hole](#setting-up-pi-hole) ### Installation To install Pi-hole, run the following command: ```bash docker run -d \ --name=pihole \ --restart=always \ -p 53:53/tcp \ -p 53:53/udp \ -p 80:80 \ -p 443:443 \ -v /path/to/pihole:/etc/pihole \ -v /path/to/dnsmasq.d:/etc/dnsmasq.d \ -e TZ=America/New_York \ -e WEBPASSWORD=your-password \ pihole/pihole:latest ``` ### Configuration To configure Pi-hole, open your browser and go to `http://your-ip/admin`. You will be prompted to enter the password you set in the `docker run` command. Once you have entered the password, you will be able to access the Pi-hole dashboard. ### Changing DNS settings on your devices To change the DNS settings on your devices, go to your router's settings and change the DNS settings to the IP address of your Pi-hole server. #### Windows To change the DNS settings on Windows, go to `Control Panel > Network and Internet > Network and Sharing Center > Change adapter settings`. Right-click on your network adapter and select `Properties`. Select `Internet Protocol Version 4 (TCP/IPv4)` and click `Properties`. Select `Use the following DNS server addresses` and enter the IP address of your Pi-hole server in the `Preferred DNS server` and `Alternate DNS server` fields. #### macOS To change the DNS settings on macOS, go to `System Preferences > Network > Advanced > DNS`. Click the `+` button and enter the IP address of your Pi-hole server in the `Server` field. #### Linux To change the DNS settings on Linux, go to `System Settings > Network > Network Connections`. Right-click on your network adapter and select `Edit Connections`. Select `IPv4 Settings` and click `Add`. Enter the IP address of your Pi-hole server in the `DNS` field. #### Android To change the DNS settings on Android, go to `Settings > Network & Internet > Wi-Fi`. Select your Wi-Fi network and click `Modify network`. Select `Show advanced options` and enter the IP address of your Pi-hole server in the `DNS 1` and `DNS 2` fields. #### iOS To change the DNS settings on iOS, go to `Settings > Wi-Fi`. Select your Wi-Fi network and click `Configure DNS`. Select `Manual` and enter the IP address of your Pi-hole server in the `Primary DNS` and `Secondary DNS` fields. ## [Conclusion](#conclusion) In this article, we discussed how to secure your home network with Pi-hole. We installed Pi-hole and configured it to block ads and malware. We also configured Pi-hole to use Cloudflare's DNS servers. ## Further reading - [Pi-hole](https://pi-hole.net/) - [Pi-hole on Docker Hub](https://hub.docker.com/r/pihole/pihole)

November 26, 20223 min read451 words

Securing your server

## Introduction This article will guide you through the process of securing your server. It will cover the following topics: - [Automatic updates](#automatic-updates) - [SSH](#ssh) - [Fail2ban](#fail2ban) - [UFW](#ufw) ## Automatic updates Automatic updates are a great way to keep your server up to date. It will automatically install security updates and bug fixes. It will also automatically reboot your server if needed. ### Installation To install automatic updates, run the following command: ```bash sudo apt install unattended-upgrades ``` ### Configuration To configure automatic updates, run the following command: ```bash sudo dpkg-reconfigure -plow unattended-upgrades ``` You will be asked to choose the update settings. You can choose the default settings by pressing enter. #### Automatic reboots To enable automatic reboots, run the following command: ```bash sudo sed -i 's|//Unattended-Upgrade::Automatic-Reboot "false";|Unattended-Upgrade::Automatic-Reboot "true";|g' /etc/apt/apt.conf.d/50unattended-upgrades ``` #### Automatic reboots with delay To enable automatic reboots with a delay, run the following command: ```bash sudo sed -i 's|//Unattended-Upgrade::Automatic-Reboot-Time "02:00";|Unattended-Upgrade::Automatic-Reboot-Time "02:00";|g' /etc/apt/apt.conf.d/50unattended-upgrades ``` ## SSH SSH is a protocol that allows you to connect to your server remotely. It is a very powerful tool, but it can also be dangerous if not configured properly. It is recommended to disable password authentication and to use SSH keys instead. To configure SSH, run the following command: ```bash sudo nano /etc/ssh/sshd_config ``` Edit the following lines: ```bash Port 2025 #Change me PasswordAuthentication no ChallengeResponseAuthentication no PermitRootLogin no PubkeyAuthentication yes ``` Restart SSH: ```bash sudo systemctl restart ssh ``` ### Use public/private key authentication To use public/private key authentication, you will need to generate a key pair on your local machine. To do so, run the following command: ```bash ssh-keygen -t rsa -b 4096 ``` You will be asked to enter a file in which to save the key. Press enter to use the default file. You will also be asked to enter a passphrase. It is recommended to enter a passphrase. Once you have generated the key pair, you will need to copy the public key to your server. To do so, run the following command: ```bash ssh-copy-id -i ~/.ssh/id_rsa.pub [server ip] ``` You will be asked to enter the password of the user you are connecting to. Once you have entered the password, you will be able to connect to your server without entering a password. ## Fail2ban Fail2ban is a tool that will block IP addresses that try to login to your server with the wrong credentials. It will also block IP addresses that try to access your server with SSH. ### Installation To install Fail2ban, run the following command: ```bash sudo apt install fail2ban ``` ### Configuration To configure Fail2ban, run the following command: ```bash sudo nano /etc/fail2ban/jail.local ``` Add the following lines: ```bash [sshd] enabled = true port = ssh filter = sshd logpath = /var/log/auth.log maxretry = 3 bantime = 3600 ``` Restart Fail2ban: ```bash sudo systemctl restart fail2ban ``` ## UFW UFW is a firewall that will block all incoming connections by default. It will only allow connections to the ports that you specify. ### Installation To install UFW, run the following command: ```bash sudo apt install ufw ``` ### Configuration To configure UFW, run the following command: ```bash sudo ufw default deny incoming sudo ufw default allow outgoing sudo ufw allow ssh sudo ufw allow http sudo ufw allow https sudo ufw enable ``` ## Conclusion This article has covered the following topics: - Automatic updates - SSH - Fail2ban - UFW You can now secure your server. ## Next steps - [Secure your home network](/articles/secure-your-home-network-with-pihole) - [Self-host your own media streaming service](/articles/self-host-your-own-media-streaming-service)

November 25, 20223 min read592 words

Self-host your own media streaming service

## Introduction In this article, we will discuss how to self-host your own media streaming service. We will cover the following topics: - [Introduction](#introduction) - [Prerequisites](#prerequisites) - [Setting up the media streaming service](#setting-up-the-media-streaming-service) - [Conclusion](#conclusion) ## Prerequisites - A server running Ubuntu 20.04 or later - Docker installed ## Setting up the media streaming service ### Jellyfin Jellyfin is a free and open-source media server that can be used to stream your media to your devices. It is a fork of Emby and Emby Theater. Jellyfin is a self-hosted alternative to services such as Plex, Netflix, and Kodi. #### Installation To install Jellyfin, run the following command: ```bash docker run -d \ --name=jellyfin \ --restart=always \ -p 8096:8096 \ -p 8920:8920 \ -v /path/to/config:/config \ -v /path/to/media:/media \ jellyfin/jellyfin ``` #### Configuration To configure Jellyfin, open your browser and go to `http://your-ip:8096`. You will be prompted to create an account. Once you have created an account, you will be able to access the Jellyfin dashboard. ### Deluge Deluge is a lightweight, Free Software, cross-platform BitTorrent client. In this guide, we will use Deluge to download media files. #### Installation To install Deluge, run the following command: ```bash docker run -d \ --name=deluge \ --restart=always \ -p 8112:8112 \ -p 58846:58846 \ -v /path/to/config:/config \ -v /path/to/downloads:/downloads \ linuxserver/deluge ``` ### Prowlarr Prowlarr is a free and open-source indexer manager for usenet and torrent indexers. It is a self-hosted alternative to services such as Sonarr, Radarr, and Lidarr. #### Installation To install Prowlarr, run the following command: ```bash docker run -d \ --name=prowlarr \ --restart=always \ -p 9696:9696 \ -v /path/to/config:/config \ -v /path/to/downloads:/downloads \ linuxserver/prowlarr ``` #### Configuration To configure Prowlarr, open your browser and go to `http://your-ip:9696`. You will be prompted to create an account. Once you have created an account, you will be able to access the Prowlarr dashboard. ### Sonarr and Radarr Sonarr and Radarr are free and open-source media servers that can be used to automatically download and manage your media. They are self-hosted alternatives to services such as Netflix, Amazon Prime Video, and Hulu. #### Installation To install Sonarr, run the following command: ```bash docker run -d \ --name=sonarr \ --restart=always \ -p 8989:8989 \ -v /path/to/config:/config \ -v /path/to/downloads:/downloads \ -v /path/to/tv:/tv \ linuxserver/sonarr ``` To install Radarr, run the following command: ```bash docker run -d \ --name=radarr \ --restart=always \ -p 7878:7878 \ -v /path/to/config:/config \ -v /path/to/downloads:/downloads \ -v /path/to/movies:/movies \ linuxserver/radarr ``` #### Configuration To configure Sonarr, open your browser and go to `http://your-ip:8989`. You will be prompted to create an account. Once you have created an account, you will be able to access the Sonarr dashboard. To configure Radarr, open your browser and go to `http://your-ip:7878`. You will be prompted to create an account. Once you have created an account, you will be able to access the Radarr dashboard. ## Conclusion In this article, we discussed how to self-host your own media streaming service. We covered the following topics: - [Introduction](#introduction) - [Prerequisites](#prerequisites) - [Setting up the media streaming service](#setting-up-the-media-streaming-service) - [Conclusion](#conclusion) ## References - [Jellyfin](https://jellyfin.org/) - [Deluge](https://deluge-torrent.org/) - [Prowlarr](https://wiki.servarr.com/prowlarr) - [Sonarr](https://sonarr.tv/) - [Radarr](https://radarr.video/) - [Docker](https://www.docker.com/) - [Ubuntu](https://ubuntu.com/) - [Linux](https://www.linux.org/) - [LinuxServer](https://www.linuxserver.io/)

November 24, 20223 min read532 words

Website created by Yassine Fathi © 2023

Built with Next.js & Hosted in my Homelab