Trouble setting up wireguard-ui in docker

[ Edit: fixed by adding UID, GID, and PEER env vars to the wireguard service: https://github.com/ngoduykhanh/wireguard-ui/issues/473#issuecomment-1793604986 ]

Following a guide to set-up wireguard and wireguard-ui: https://linuxiac.com/how-to-set-up-wireguard-vpn-with-docker/

Server created on DigitalOcean with IPv4 and IPv6 addresses by default.

Configured iptables as per the set-up guide (server also runs another docker based service that opens ports 80, 433, and 9993):

sysops@master-control:~/wireguard$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain FORWARD (policy DROP)
target     prot opt source               destination         
DOCKER-USER  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-1  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
DOCKER     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain DOCKER (3 references)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             172.21.0.2           udp dpt:9993
ACCEPT     tcp  --  anywhere             172.21.0.4           tcp dpt:https
ACCEPT     tcp  --  anywhere             172.21.0.4           tcp dpt:http
ACCEPT     udp  --  anywhere             172.22.0.2           udp dpt:51820
ACCEPT     tcp  --  anywhere             172.22.0.2           tcp dpt:5000

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target     prot opt source               destination         
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
DOCKER-ISOLATION-STAGE-2  all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-ISOLATION-STAGE-2 (3 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
DROP       all  --  anywhere             anywhere            
RETURN     all  --  anywhere             anywhere            

Chain DOCKER-USER (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere

Login for the Web UI works via:

  • On the host: http://127.0.0.1:5000
  • From remote servers with IPv6 connections:
    • http://[IP:v6:ad:dr:es:s]:5000/
    • http://fqdn.dns.entry:5000/

Requests to port 5000 via IPv4, from outside of the server itself, do not show the Web UI login. Instead they sit waiting forever.

I have tested that the firewall is working correctly by using php -S 5000 somefile.php. Going to the fqdn or IPv4 address successfully shows the output of somefile.php.

What I do not understand is why only IPv6 works remotely. And further, why the IPv4 localhost address works locally.

sysops@master-control:~/wireguard$ docker-compose logs wireguard-ui
wireguard-ui  | jq: error: Could not open file db/server/global_settings.json: No such file or directory
wireguard-ui  | wg-quick: `/etc/wireguard/wg0.conf' does not exist
wireguard-ui  | Wireguard UI
wireguard-ui  | App Version     : dev
wireguard-ui  | Git Commit      : b55543f
wireguard-ui  | Git Ref         : N/A
wireguard-ui  | Build Time      : 11-09-2023 14:10:48
wireguard-ui  | Git Repo        : https://github.com/ngoduykhanh/wireguard-ui
wireguard-ui  | Authentication  : true
wireguard-ui  | Bind address    : 0.0.0.0:5000
wireguard-ui  | Email from      : <some email address>
wireguard-ui  | Email from name : WireGuard
wireguard-ui  | Custom wg.conf  : 
wireguard-ui  | Base path       : /
wireguard-ui  | wg-quick: `/etc/wireguard/wg0.conf' does not exist
wireguard-ui  | wg-quick: `/etc/wireguard/wg0.conf' does not exist
wireguard-ui  | ⇨ http server started on [::]:5000

This shows that the http server is starting, but only listening to IPv6 connections?!

I’m not sure what the next steps should be in making this set-up work. Suggestions are very welcome 🙂

Use Canon EOS 90D as a webcam for Google Meet / Skype / Zoom / etc on Linux Ubuntu 22.04 with nVidia hardware acceleration

Quick and dirty post that pulls together a couple of sources. I might improve the post at some point. I might not…

Initial set-up:

Source https://www.youtube.com/watch?v=TsuY4o2zLVQ

Additional code to specify which video device to create.

sudo apt update && sudo apt install gphoto2 v4l2loopback-utils ffmpeg

echo 'dslr-webcam' | sudo tee -a /etc/modules

echo <<EOT | sudo tee -a /etc/modprobe.d/dslr-webcam.conf
alias dslr-webcam v4l2loopback 
options v4l2loopback exclusive_caps=1 max_buffers=2 video_nr=69
EOT

Hardware acceleration set-up:

Source https://www.cyberciti.biz/faq/how-to-install-ffmpeg-with-nvidia-gpu-acceleration-on-linux/

I’ll assume you have nvidia drives installed

sudo apt install nvidia-cuda-toolkit

mkdir ~/nvidia/ && cd ~/nvidia/
git clone https://git.videolan.org/git/ffmpeg/nv-codec-headers.git

cd nv-codec-headers && sudo make install

cd ~/nvidia/
git clone https://git.ffmpeg.org/ffmpeg.git ffmpeg/

sudo apt install build-essential yasm cmake libtool libc6 libc6-dev unzip wget libnuma1 libnuma-dev

cd ~/nvidia/ffmpeg/
./configure --enable-nonfree --enable-cuda-nvcc --enable-libnpp --extra-cflags=-I/usr/local/cuda/include --extra-ldflags=-L/usr/local/cuda/lib64

make -j $(nproc)

Combined to pull video from the camera to a video device:

echo 'alias start-gphoto2-webcam="gphoto2 --capture-image &&  gphoto2 --stdout --capture-movie | ~/nvidia/ffmpeg/ffmpeg -hwaccel cuda -i - -vcodec rawvideo 
-pix_fmt yuv420p -threads 0 -f v4l2 /dev/video69"' >> ~/.bashrc

Finally:

  • Logout/in
  • Plug the camera into the computer
  • Turn the camera on
  • Run: start-gphoto2-webcam
  • Use in an application that uses a webcam

SQLSTATE[HY000]: General error: 1366 Incorrect string value: ‘\xE2\x80\x8B\xE2\x80\x8B…’ for column

If you get this (or similar) when trying to insert/update in a MySQL database, you table is not able to cope with the extended version of the UTF8 character set.

You will need to convert your table to use the utf8mb4 character set, and utf8mb4_unicode_ci collation.

An example to do so:

ALTER TABLE `your_table_here` CONVERT TO
  CHARACTER SET utf8mb4
  COLLATE utf8mb4_unicode_ci;

New hardware, who dis?

New laptop provided by work. Time to install everything that makes me productive as a PHP developer.

Using Kubuntu 21.10 as my base OS.

General utilities:

sudo apt install \
    openssh-server \
    net-tools \
    htop \
    curl \
    whois \
    ack \
    mysql-client \
    httpie \
    php-cli \
    freerdp2-x11 \
    meld \
    kcachegrind \
    vokoscreen-ng \
    autokey-qt \
    parlatype \
    thunderbird-locale-en-gb \
    libreoffice-calc \
    libreoffice-writer \
    libreoffice-draw \
    cherrytree

Snaps:

sudo snap install \
    spotify \
    skype \
    postman \
    authy \
    drawio

Snaps that need to be installed in “classic” mode:

sudo snap install --classic \
    slack \
    phpstorm

Microsoft Edge:

echo 'deb [arch=amd64] https://packages.microsoft.com/repos/edge/ stable main' | sudo tee /etc/apt/sources.list.d/microsoft-edge.list

sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv EB3E94ADBE1229CF

sudo apt update && sudo apt install microsoft-edge-beta

VirtualBox: (recommend sticking with ubuntu version unless latest required)

echo "deb [arch=amd64] https://download.virtualbox.org/virtualbox/debian $(lsb_release -cs) contrib" | sudo tee /etc/apt/sources.list.d/oracle-virtualbox.list

wget -q https://www.virtualbox.org/download/oracle_vbox_2016.asc -O- | sudo apt-key add -

wget -q https://www.virtualbox.org/download/oracle_vbox.asc -O- | sudo apt-key add -

sudo apt update && sudo apt install virtualbox-6.1

Vagrant:

echo "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/vagrant.list

curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -

sudo apt-get update && sudo apt-get install vagrant

Docker:

echo "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo apt update && sudo apt-get install docker-ce docker-ce-cli containerd.io

sudo usermod -a -G docker $USER

Docker Compose (v1):

curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /tmp/docker-compose

chmod +x /tmp/docker-compose

sudo mv /tmp/docker-compose /usr/local/bin/docker-compose

Insync:

sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ACCAF35C

echo "deb http://apt.insync.io/$(lsb_release -is | tr '[:upper:]' '[:lower:]') $(lsb_release -cs) non-free contrib" | sudo tee /etc/apt/sources.list.d/insync.list

sudo apt update && sudo apt install insync

bash-git-prompt

git clone https://github.com/magicmonty/bash-git-prompt.git ~/.bash-git-prompt --depth=1

tee -a ~/.bashrc <<EOF

if [ -f "$HOME/.bash-git-prompt/gitprompt.sh" ]; then
    GIT_PROMPT_ONLY_IN_REPO=1
    GIT_PROMPT_THEME=Default_Ubuntu
    source $HOME/.bash-git-prompt/gitprompt.sh
fi
EOF

vagrant plugin “hostmanager” sudo without password

sudo tee /etc/sudoers.d/vagrant_hostmanager <<EOF
Cmnd_Alias VAGRANT_HOSTMANAGER_UPDATE = /bin/cp $HOME/.vagrant.d/tmp/hosts.local /etc/hosts
%sudo ALL=(root) NOPASSWD: VAGRANT_HOSTMANAGER_UPDATE
EOF

Ansible

sudo apt update
sudo apt install software-properties-common
sudo add-apt-repository --yes --update ppa:ansible/ansible
sudo apt install ansible

Additional monitor resolution

Help from: https://www.tecmint.com/set-display-screen-resolution-in-ubuntu/

sudo tee /etc/profile.d/aoc_monitor_2k.sh <<EOF
xrandr --newmode "2560x1440_60.00"  312.25  2560 2752 3024 3488  1440 1443 1448 1493 -hsync +vsync
xrandr --addmode DP-3-2 "2560x1440_60.00"
EOF

old and busted: mysqldump, new hotness: mydumper

I’m late to the mydumper party – https://github.com/maxbube/mydumper

Multi-threaded, lightning quick, exports to files per table structure and data.

In the Ubuntu world (and likely Debian too) it’s available as a precompiled package: sudo apt update && sudo apt install mydumper

Backup everything in a database:

mydumper \
  --triggers \
  --routines \
  --events \
  --database name_of_source_database

It’ll create a date stamped directory with two files for each table. One for the schema, the other with the data.

If you want to import everything in one go, here’s a little bit of bash to help:

# 1st - import all of the schema files to create the
#   tables, triggers, routines, and events
for i in `ls *-schema.sql`; do
    echo -e "\nImporting schema file: ${i}"
    pv ${i} | mysql name_of_target_database
done

# 2nd - import all of the table data
for i in `ls *.sql | grep -v '\-schema.sql'`; do
    echo -e "\nImporting data file: ${i}"
    pv ${i} | mysql name_of_target_database
done

The above uses pv (pipe viewer – http://ivarch.com/programs/pv.shtml) to send the content of the files into mysql. This means that we get to see the progress of importing files into MySQL.

If you haven’t got pv I suggest you get it: sudo apt update && sudo apt install pv.

How to call a static method in PHP when you have the class name in a variable

Wrap the variable (that holds the class name) in brackets:

<?php

class A
{
    public static function foo($arg)
    {
        return 'Argument was "' . $arg . '"' . PHP_EOL;
    }
}

$result = A::foo('triggered via named class');
echo $result;

$className = A::class;
$result = ($className)::foo('trigged via variable');
echo $result;

The output of the above code:

php a.php
Argument was "triggered via named class"
Argument was "trigged via variable"

I got locked out of a google compute instance due to ssh packets being dropped

Silly thing to happen really.

Some system on the instance detected too many connections in a short amount of time – likely due to some automated tasks driven by ansible.

That resulted in iptables dropping all connections to port 22 🙁

Thankfully, with google compute, one can access the serial console via the web UI.

Unfortunately, all of my users have no passwords – this is to ensure that ssh logins are via keypairs only.

The work around was eventually found on https://medium.com/google-cloud/resolving-getting-locked-out-of-a-compute-engine-85800251890b

TLDR;

  • Edit the instance
  • Tick “Enable connecting to serial ports”
  • Scroll down to “Custom metadata”
  • Add a new item with the key “startup-script”:
#!/bin/bash
useradd --groups google-sudoers tempuser
echo "tempuser:password" | chpasswd
  • Save the instance and hit “Reset”
  • When the instance is back up, connect to it via the serial console and login as the “tempuser”
  • Fix things!
  • Remove the tempuser
  • Remove the startup-script from custom metadata

Skype forgetting login details on Ubuntu

TLDR; Install gnome-keyring

If you are not using the default install of Ubuntu, you might not be using Gnome. This is the case for flavours such as: Kubuntu (KDE Plsama), Lubuntu (LXQt), Xubuntu (XFCE), and so on.

And if you have installed Skype using snap, then you will likely find that it will always ask you to login upon loading, even if you have it configured to automatically run at login.

The issue is that Skype installed via snap relies upon gnome-keyring, but fails to install it as a dependency.

Thankfully, one can install this dep. without bringing in the entirety of Gnome.

Open a terminal, and enter:

sudo apt install gnome-keyring

Restart (or start) Skype and login.

The application should communicate with the gnome-keyring service and securely store your login details.

Quit Skype and reload it. You should find that you are not asked for your login details again.

KDE Plasma likes, dislikes, and would be nice to haves

With each new release of Ubuntu, I’ve stuck with the default desktop environment. These have worked well for me over the years, but thought I should see what else there is.

The only way for me to do it justice is to run KDE Plasma as my only desktop environment for a minimum of 2 weeks. So both my work station and my personal laptop are use KDE Plasma installed alongside Gnome 3 Shell on Ubuntu 19.10.

If I’m unhappy after the 2 weeks, I can always go back to Gnome. Or maybe try something else, like lxde or xfce.

I started on Sunday evening, and it’s now Wednesday afternoon. The following are my findings.

This is likely to be updated as I find new things or ways to fix niggles.

Likes

  • When an application shows in the “Task Manager” bar, one can click it to minimise the active window.
  • All icons showing in the “Task Manager” bar (Autokey is a GTK application, but can’t show its icon in Gnome 3, but manages to in KDE Plasma?).
  • Simple music controls on lock screen.

Dislikes

  • Even at max mouse sensitivity, it feels slower than on Gnome 3 – not good for a 3 monitor set-up – this may be subjective and not be an issue in time.
  • No option to locate the mouse cursor by pressing [ctrl].
  • Some windows don’t respond to a mouse wheel scoll until the window is clicked – this may be an issue only with GTK applications running on KDE Plasma.
  • Being asked for my SSH key in the terminal for every action – is there a key manager like in Gnome that I need to enable? Manually resolved by running `ssh-add` against each key required. Gnome does handle this a lot better 😐
  • Scrolling in an application window does not respond while a OSN is displayed – example: Spotify changing tracks

Things I’d like to see ported from Gnome 3 Shell

  • The option to only switch the central monitor when changing between virtual desktops.
  • Change between virtual desktops using [ctrl]+[alt]+arrow keys.

Things I’d like to see in all desktop environments

  • Option to have the cursor colour to invert as it passes over other colours – Windows does this.
  • Automatic window scaling based upon the native resolution of the monitor in use. If a window is moved from one monitor to another, and the resolution changes, the scale should adapt to keep it readable – Windows does this.

Embiggen .desktop loaded applications on Ubuntu

I keep forgetting the steps required for this, so thought I should write them up in one easy to remember blog post for myself.

My desktop set-up consists of 2 x 1080 and 1 x 4k display. Making sure that applications are readable is a bit of a farce.

But as long as I ensure that certain applications only ever appear on the correct monitor, means that I can alter the launcher to set the correct DPI scaling.

Case in point is the “thunderbird.desktop” launcher. I only ever use it on the 4k display (central monitor), so I can alter the launcher to pre-set the scaling to two times normal. Making it readable without squinting (I’m nearly 40 you know).

Using “locate thunderbird.desktop” we find that it’s stored at “/usr/share/applications/thunderbird.desktop”. So raised privileges will be needed to edit it.

“sudo nano -w /usr/share/applications/thunderbird.desktop”

Using “ctrl+\” to replace text, search for “Exec=thunderbird” and replace it with “Exec=env GDK_SCALE=2 thunderbird”. Use “ctrl+x” to save and exit the editor.

Now when the Thunderbird launcher icon is clicked, the application will be rendered at twice the normal size. Making the working day a lot less squinty.