Midnight Pub

LOS20 and Nextcloud

~tetris

Hi all, happy new year -- hope this one is better than the last (though I doubt it).

LineageOS 20 (LOS20)

On that cheery note, I've upgraded all of my android sets to LineageOS version 20, based on Android 13. This seems to be the first android release that is reasonably up to date with the current mainline Linux kernel (6.x.x).

I've seen a flourish of activity on the xda-developer forums from hobbyists who are releasing LOS20 builds for really old outdated handsets. I'm secretly patting myself on the back for keeping these old mobiles, and I don't know why LOS18 and LOS19 weren't so popular, but LOS20 really seems to be getting ported onto everything and anything!

Nextcloud

On another note, I've finally been able to make my home server publically reachable with a domain name. Previously I was stuck behinda DS-Lite stack, meaning that I get Ipv6 addresses and my ISP does some IP v6 → v4 conversion to let me access the internet. The Ip6 addresses I have for my devices also aren't stable, due to privacy reasons, so they change every now and then. What this meant was that if I wanted register my homeserver with Nextcloud to some domain, then I would need to get creative because domains need IPv4 addresses.

The solution came to me from the linked post below:

https://jerrington.me/posts/2019-01-29-self-hosted-ngrok.html

You find a machine with a public IP4 address that you have control over (e.g. a work machine), and then do reverse ssh to bind your private port 80 to a public port 3333, and then on this machine you have an nginx server that redirects all public 80 and 443 (https) traffic to your 3333 port, but only on the condition that requested address matches your registered domain. This has the main benefit that your work IT dept does not know you are hosting your home web server using their machines as proxy, unless they type in your exact domain name. Otherwise, they just get a disconnect.

  #!/bin/bash

  ## ssh access to work address
  PUBLIC_HOST="workuser@123.234.345.456"

  # Local homeserver ports
  ssh_local=22     ## Local ssh port
  http_local=80   ## Local http port, not https

  ## Public proxy ports
  ssh_remote=3066     ## public ssh
  http_remote=3080    ## same as the nginx port on remote, will be overwritten if $detect_nginx is set
  detect_nginx="yes"

  ## autossh monitor port
  monitor_port=$(( $http_remote + 1 ))

  while :; do
      if [ "$detect_nginx" = "yes" ]; then
          find_remote=$(ssh ${PUBLIC_HOST} 'grep -P "^\s+proxy.pass\s" /etc/nginx/nginx.conf | sed -r "s|.*localhost\:([0-9]+).*|\1|"' | xargs echo)
          if [ "$find_remote" != "" ]; then
              echo "Changing http_remote from $http_remote to $find_remote"
              http_remote=$find_remote
          fi
      fi
    
      ## Then setup a persistent remote connection
      /usr/bin/autossh \
          -M ${monitor_port} \
          -o "ServerAliveInterval 30" \
          -o "ServerAliveCountMax 3" \
          -o "GatewayPorts=true" \
          -R ${ssh_remote}:localhost:${ssh_local} \
          -R ${http_remote}:localhost:${http_local} \
          ${PUBLIC_HOST}

      sleep 60
  done

Then you can Let's Encrypt via certbot on your proxy machine, to register your domain to the proxy machine's address. If you don't want to do let'S encrypt on the proxy machine, then you can add "-R 443:localhost:443" to the above script to forward your HTTPS to your home machine where you can run certbot there.

It's been a fun few days!


johano

I'm looking forward to updating my phone to LOS 20, probably this weekend.

reply

tetris

Note that Magisk is sometimes really iffy on LOS 20, and also if your phone has low RAM, you sacrifice easily resuming apps for a snappy general interface

reply

johano

I haven't messed around with Magisk or other rooting yet, good to know though...

reply

tetris

I only really have two use cases for Magisk:

  • System-wide adblocker
  • Having sudo privileges in Termux

it's really not that useful :P

reply

johano

As far as a system-wide adblocker is concerned, I use Blokada and it works well enough for me without needing root...

reply