How do you keep your digital music files? (Read 19432 times)

Inspector

Re: How do you keep your digital music files?
« Reply #60 on: June 22, 2020, 01:21:50 AM »
You do know there only two or three of us on this thread that
understand your Jargon?
Unfortunately, I have been so intrigued I have read every word of every post.  :shake: :shake: :shake:
SCIENCE THAT CAN’T BE QUESTIONED IS PROPAGANDA!!!

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #61 on: June 22, 2020, 01:54:27 AM »
Unfortunately, I have been so intrigued I have read every word of every post.  :shake: :shake: :shake:

Well, I do have a way with words.   :shaka:
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

Inspector

Re: How do you keep your digital music files?
« Reply #62 on: June 22, 2020, 03:33:49 AM »
Well, I do have a way with words.   :shaka:
I’m retired now. I don’t want to understand this stuff any more.  :P
SCIENCE THAT CAN’T BE QUESTIONED IS PROPAGANDA!!!

groveler

Re: How do you keep your digital music files?
« Reply #63 on: June 22, 2020, 03:44:00 PM »
Well, I do have a way with words.   :shaka:
I think i read you upgraded to Ubuntu 16.04 in a past comment.
I'm getting ready to go to 20.04.
I've got Win 7, 10, Mint, Ubuntu 14.04. 16.04, and a 10.04 around somewhere.
My problem is trying to remember all the idiocrancies of each system
and each computer.
You'd hate me but I recycled a Win 3 computer today.

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #64 on: June 23, 2020, 12:38:28 AM »
One more giant leap for web-kind!   :geekdanc:

Every time I take a long break from using or installing a major application or OS like Apache Web Server or Ubuntu Linux, it becomes a learning process, time that often exceeds the time saved by all the upgrades in the new versions.

I have to say, the Apache upgrades are mind-blowingly awesome!  If you've ever had to struggle with the Apache official documentation, you might agree that it's written in a fashion meant to keep IT professionals and consultants employed!

Tonight's task was to get Apache working on my VPS (hosted on the service A2Hosting.com).  Part of that process included adding the free SSL certificate for that subdomain -- just another "A" record in DNS with the subdomain name and the fixed IP address of my VPS.

After walking though a nicely written tutorial  on the BlueOcean website, I was shocked that the non-SSL virtual host was accessible on the first try.  That never happens! 

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-16-04

The main difference from this version of Apache and the last one I configured is how compartmentalized the config files are.  I added the changes to one sites-available file, installed and ran the executable "a2ensite" to apply that to the Apache2 configuration, and POOF!  Caveman easy!

Then, I checked for an Ubuntu-compatible version of "certbot" -- the Linux client that does what "Let's Encrypt" on the unRAID docker does:  requesting, installing and renewing SSL certs.

Installed "Certbot", created a directory under root's home directory, added a cloudflare.ini file with the exact same info as the same file on unRAID at my house, and created a script to call the app with a few basic arguments.

I wound up having to run "certbot" twice.  The first time, it created the certificate for my subdomain virtual host, and the keyring for my public key.  Then I ran it with the "--apache" switch but left off the parameters telling where the files are to be stored.  That prompted me for my email address and whether I want to force all traffic coming in on HTTP to HTTPS (I chose yes).  This second run with the --apache switch configured my server for SSL automagically and restarted the server for me.

My VPS subdomain site is now protected by the CloudFlare proxy and secured by an SSL certificate that is properly signed.

These project developers are making great strides FINALLY at automating these redundant and mundane multi-step configuration tasks.  I have to say I'm impressed at how this is no longer a giant headache to figure out and get working.

I believe if I didn't already have years of experience having to do it all by hand while deciphering less-than-detailed instructions, tonight would have gone even faster!  I was waiting for the hammer to fall and require an hour of troubleshooting to make it work which never happened.

Now I have a few things to choose from to do next.  A few dockers for unRAID have my attention.  RADARR is a movie library management application -- sort of why I started down this road.  Then there's SONARR, almost the same function as RADARR, but supports fewer file formats.  There's a VPN docker to let you tunnel into your server, which mitigates the entire "PLEX can't do HTTPS" issue. 

I also want to install WordPress and Joomla! Content Management Systems (CMS) on my home-based Ubuntu server, which will be uploaded to my VPS as I get things ready for prime time.  I'm a huge fan of Joomla!, but I'd like to see if WordPress can't provide most of what I normally require on a website without all the additional plugins and components Joomla uses.

BTW, I left one of my domain names on my registrar's site yesterday, so I re-homed it onto CloudFlare's name servers today.  That makes 6 domains and a half-dozen subdomains working now.  Technically, it's 4 distinct domains.  Three domains were created with the same root name, but with .com, .net, and .org top level names.  The .org and .net domains are configured to redirect to the .com domain.  So wherever he goes, the others will follow!   :thumbsup:

I'm really liking "Let's Encrypt" and "CloudFlare" so far.  I think SSL certificates should now be included with every domain name you purchase anyway.  Unless you need support, the entire certificate process is automated.  The registrars would not need any real additional resources to issue them.  They could make their money on support services without charging everyone for a certificate that's signed and stored on a set of certificate servers.  Take the payment aspect away, and the process is even less complicated.

Charging for encryption and website verification is like paying a car dealer for seatbelts as an option.  SSL makes the entire web safer.  Why force website operators to choose if they want/need to spend for a signed certificate?  It would not surprise me if one day the InterNIC folks require an SSL certificate for all public-facing web and file servers.  At that point, free SSL certs will start to become standard issue.   :wave:
« Last Edit: June 23, 2020, 12:45:08 AM by Flapp_Jackson »
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #65 on: June 23, 2020, 01:42:40 AM »
Oh, here's something I found out Sunday.

On most web browsers, when you get a warning that the website you're visiting doesn't have a valid SSL certificate, there's usually a method of accepting the risk and going to the site anyway.

When I started using Brave, a browser born from the Chrome browser code base, I started having problems bypassing that warning half the time -- normally when the certificate was self-signed without a way to validate it.

I'm sure Chrome had the same issue, but I was using Firefox forever.  Now that I'm using Brave, I've had to open Firefox to get past this problem and visit sites that have this issue.

Well, Sunday I finally did the research and found the bypass "code".  There's no link to click, certificate to download or option to select.  All you do is click anywhere on the error page and type:

thisisunsafe

-- 3 words all run together without spacing.

Hit <enter>, and you will be forwarded to the site.   :thumbsup:

I have a few devices at home that have web GUIs for managing the devices.  A couple only allow HTTPS, and the certificate is self-signed.  This trick allows me to use my one preferred browser again for everything.     :geekdanc:

Once I access the scary page, the browser normally allows me to return either with no or minimal links to acknowledge the risks.

FWIW

The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

Inspector

Re: How do you keep your digital music files?
« Reply #66 on: June 23, 2020, 03:44:36 AM »
Oh, here's something I found out Sunday.

On most web browsers, when you get a warning that the website you're visiting doesn't have a valid SSL certificate, there's usually a method of accepting the risk and going to the site anyway.

When I started using Brave, a browser born from the Chrome browser code base, I started having problems bypassing that warning half the time -- normally when the certificate was self-signed without a way to validate it.

I'm sure Chrome had the same issue, but I was using Firefox forever.  Now that I'm using Brave, I've had to open Firefox to get past this problem and visit sites that have this issue.

Well, Sunday I finally did the research and found the bypass "code".  There's no link to click, certificate to download or option to select.  All you do is click anywhere on the error page and type:

thisisunsafe

-- 3 words all run together without spacing.

Hit <enter>, and you will be forwarded to the site.   :thumbsup:

I have a few devices at home that have web GUIs for managing the devices.  A couple only allow HTTPS, and the certificate is self-signed.  This trick allows me to use my one preferred browser again for everything.     :geekdanc:

Once I access the scary page, the browser normally allows me to return either with no or minimal links to acknowledge the risks.

FWIW
Thanks for this. I have had the exact same problem with Chrome on occasion and didn’t know how to continue. Why it happens only occasionally I have no idea?  ???
SCIENCE THAT CAN’T BE QUESTIONED IS PROPAGANDA!!!

drck1000

Re: How do you keep your digital music files?
« Reply #67 on: June 23, 2020, 06:47:36 AM »
The hard drive on my laptop crashed last week. Thankfully I had been regularly backing up music and photos on external hard drives for a while. Those are the only stuff that I really care about on my home laptop. Got the blue screen and couldn’t start/reboot after doing “checks”. Was able to get a full backup of data before it railed completely. Apparently my laptop consisted of a “spinning” drive and a small SSD. Replaced with a main SSD drive and computer is running well again.

Now I’m backing up my work laptop more regularly. So much data on that laptop that I do need. And our work IT doesn’t have enough drives to allow backup to servers or even allow individual departments to buy network drives with out own money.

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #68 on: June 23, 2020, 11:46:30 AM »
The hard drive on my laptop crashed last week. Thankfully I had been regularly backing up music and photos on external hard drives for a while. Those are the only stuff that I really care about on my home laptop. Got the blue screen and couldn’t start/reboot after doing “checks”. Was able to get a full backup of data before it railed completely. Apparently my laptop consisted of a “spinning” drive and a small SSD. Replaced with a main SSD drive and computer is running well again.

Now I’m backing up my work laptop more regularly. So much data on that laptop that I do need. And our work IT doesn’t have enough drives to allow backup to servers or even allow individual departments to buy network drives with out own money.

The NextCloud application lets you create your own file sharing "cloud" at home.  That way you can sync your files between devices and the NextCloud repository without having to trust/pay a commercial site.

I installed the nextCloud client on my Mac.  Works great!  The PC client is almost identical. 

Might be something to consider so files get automatically backed up for you.   :thumbsup:
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

drck1000

Re: How do you keep your digital music files?
« Reply #69 on: June 23, 2020, 11:48:09 AM »
The NextCloud application lets you create your own file sharing "cloud" at home.  That way you can sync your files between devices and the NextCloud repository without having to trust/pay a commercial site.

I installed the nextCloud client on my Mac.  Works great!  The PC client is almost identical. 

Might be something to consider so files get automatically backed up for you.   :thumbsup:
What?   ??? Haha 

I'll get around to reading this thread and others more.   ;D

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #70 on: June 23, 2020, 12:01:50 PM »
What?   ??? Haha 

I'll get around to reading this thread and others more.   ;D

If you've ever used iCloud from Apple, OneDrive from Microsoft, or any of the other "cloud storage" services like DropBox, NextCloud is the same.  Only thing different is you have total control over the files being stored and have to set it all up.

https://nextcloud.com/
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

drck1000

Re: How do you keep your digital music files?
« Reply #71 on: June 23, 2020, 01:14:16 PM »
If you've ever used iCloud from Apple, OneDrive from Microsoft, or any of the other "cloud storage" services like DropBox, NextCloud is the same.  Only thing different is you have total control over the files being stored and have to set it all up.

https://nextcloud.com/
I've used iCloud for some stuff, but not photos.  I'll look into NextCloud.  Thanks!  I have a bunch of external drives, but some of them are getting old and probably time to replace. 

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #72 on: July 04, 2020, 08:04:53 PM »
Well, it's been over a week since my last update.  Here's what's been happening....

My 30-day Trial License for unRaid was ready to expire this week.  Even if it expires, and you keep the unRaid array up and running, it'll be fine until the next reboot or if the array is stopped.  I figured I'm happy with it, so I paid for the 12-storage-device license.  I have 9 devices now:  2 x parity + 4 x array storage + 2 x caching SSDs + 1 x unattached SSD.  The boot flash (thumb drive) isn't counted in the device limit.

That's above the lower-priced 6 device license and below the unlimited license.  Note:  "unlimited" is what the license covers, but unRAID can't handle more than 30 storage devices.  Maybe they'll design an upgrade that increases that limit, but I thought I'd make it clear since there's going to be that one guy who buys a pallet of old disk drives from an auction and then gets bent out of shape when he can't configure 298 drives in a single unRaid server!   (That a LOT of pron -- even by AH's standards!) :rofl:

I spent most of this time messing with Nginx web server and how it might perform reverse-proxying for my home-based servers.  I was able to easily set up Let's Encrypt following video directions, but it involved forwarding web traffic to another unRaid container, and only using an additional port -- not a separate IP address from the unRaid O/S.

What I wanted was to use the same Let's Encrypt docker container and configure it for all my reverse-proxy connections, for simplicity.

Most of the video and written tutorials involve installing Nginx on your Linux VM along with the Apache web server -- totally separate from your unRaid instance.  That might be okay for my needs, but it complicates things if I leave ports 80 & 443 (http & https) mapped to the Let's Encrypt docker from my main router.  You can only target one server at a time on the same port.  The alternative is to map different ports from the Internet to your servers, but:

1.  the incoming URL would have to specify the port if other than 80 or 443 (as in http://my.dns-registered-server.net:8181), which is messy, and
2.  I think running Nginx in a docker is more secure, lighter in terms of overhead, easier to manage, and is well suited to run on unRaid for not ony reverse-proxy duty, but also for managing and renewing SSL certificates.

A new detail I learned about Let's Encrypt -- it will look at your SSL certificates and attempt to renew any that are within 30 days of expiration.  They are issued with a 90 day expiration.  That provides the administrator (you) a month to notice any renewal errors so they can be corrected prior to the expiration date.  We all know what a pain it is when a website we frequent lets their SSL certificates lapse.   :geekdanc:

One 6-month-old video I watched said that Let's Encrypt has registered more than a BILLION SSL certificates ... and all for free.   :thumbsup:  Since it's now 90% automated, and it's FREE! (open source, but whatever), there's really no excuse for not having an SSL certificate issued by a Certificate Authority that's trusted.  You can still pay $60 - $600 for a certificate if you feel you have to have one issued by VeriSign, but I see no legit reason for that now. 

What have I accomplished besides spending $89?  I now have my official domains pointing to my leased Virtual Private Server (in Michigan), and my development domains pointing to my home router where Nginx decides which IP and port location gets the requests based on the URL sent by the browser.

I've created load-balancing gateways using Linux in the past for applications like IRC Chat.  I did what companies wanted $30 to do with 2 spare 486 PCs and a few spare network cards.  Result:  The entire Pacific Fleet could chat while load-balanced across my 3-6 servers all accessed using a single IP address.  I could take a server (or more than one) offline for updates or hardware changes with zero downtime for chat users.

This reverse-proxy setup is the same function, but it sits one more level removed from the kernel and OS.  I could have saved myself a lot of work if this had been mainstreamed in the early 2000s!   

Oh, well.  Such is the nature of computers.  It never stands still.

There are a few other dockers I've been messing around with.  (No, not the kind you buy at May's!).    One is a reverse-proxy manager.  It can create and manage your server connections in a graphical interface, making the process super easy.  I just need to see if it'll work on the Let's Encrypt implementation of Nginx without too much effort.

I'm a system integrator by trade.  Lately, I've had to learn to step back and see if there are already integration paths available without creating something new.  Otherwise, I not only waste my time, but upgrades and minor changes become a bear if I have to test, change and retest my own "system hooks".

« Last Edit: July 04, 2020, 08:12:55 PM by Flapp_Jackson »
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #73 on: July 10, 2020, 02:42:05 PM »
This entry is more to document these details for my own reference if/when I need them again later, but perhaps it'll interest anyone who configures web servers.

In order to set up my unRAID docker "Let's Encrypt", which contains the installed Nginx web server for unRAID, as a reverse-proxy for Apache 2.4.x web server running on an Ubuntu VM under the same unRaid OS, I had to read a million (slight exaggeration) posts with a variety of methods to get this to work with the FastCGI, or now PHP-FPM (FastCGI Process Manager).  FPM uses a socket connection between the proxy and the Apache server for PHP script execution, which many websites are almost entirely written in.  I normally use Joomla to manage my websites, which is PHP top to bottom.  The webpages the browser sees are not html files.  They are html code generated on the fly by the PHP scripts.  It's impossible for a hacker to monkey with the website if they don't have access to the PHP web repository and/or the database where the actual content is stored.   :thumbsup: 

So, I upgraded my original PHP version from 7.0 to 7.3, and also added 7.4 for testing.  In order to select the default/active version of PHP, I wrote a script (posted at the end).  It calls an interactive Linux utility from which to select a version, and then it runs the commands to not only activate that PHP version, but it also disables the previous version's config files and enables the new version's configs.  This is helpful, since some of the configuration directives contain versions, too.

The basic steps to get FPM to work are:
On the Nginx system/docker, locate the directory where website config files are stored.  For me, it's on a cache drive under <cache dir>/appdata/letsencrypt/nginx/site-confs.

If not already there, create one or more files for each virtual website you want to host on Apache.

My config file for one domain looks like:

Code: [Select]
server {
        listen 80;
        listen [::]:80;
        server_name mydomain.com;
        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl http2;

        server_name mydomain.com;

        include /config/nginx/ssl.conf;
        include /config/nginx/proxy.conf;

        location / {
           proxy_pass "https://10.0.1.220:447";
        }
}

The name "mydomain.com" would be registered with a domain name registrar if this is for public access.  Or, for testing/in-house-access-only, you can add the name to your internal DNS or hosts files for each computer being used as a client.  As long as you have a unique name, and it can be resolved to THE PROXY'S IP ADDRESS, you should be good.

Once the proxy gets a request, if it was sent over unsecured HTTP (port 80), it does a permanent redirect (301) to the more secure HTTPS (port 443).  That allows clients to request connections to port 80 without problems, but the connection will be replaced with the better port 443.

The last directive in the 443 block says to proxy the request, sending it to the upstream Apache web server at IP address 10.0.1.220, which is obviously a private IP address.  The port, 447, is configured on the Apache server as a substitution for 443, just to avoid conflicts with other services like NextCloud which by default needs port 443.

Create one file for every virtual server you want to proxy, and just change the ServerName to match that site's domain name on 2 lines.  Super simple.   :thumbsup:

Now, for Apache.  You need to install apache2 (of course) and at a minimum the modules listed:

For FPM to work, you have to add:
Code: [Select]
libapache2-mod-php
libapache2-mod-fcgid
php
php-fpm
php-cli

Other modules will be loaded by default which are needed, but these are the ones to make sure are installed other than those.

Once installation is done, restart the Apache webserver and the PHP-FPM processes:

Code: [Select]
systemctl start apache2
systemctl start php7.2-fpm

If already running, use "restart" instead of "start".

Many examples/tutorials online say to place the code for FPM in each individual virtual host's config file, but that, to me, invites more work to maintain.  Since I intend to use PHP for most, if not all, of my virtual hosts, I want to make the change in one place that works for all sites.  The kicker to either approach is, if you ever want to change PHP versions, you'd have to remember to manually update the version for the socket being used.  Instead, I use the included functionality that lets me create separate config files per PHP version, and then issuing commands to disable the previous version's file, and enable the new one.  For example:

Code: [Select]
a2disconf php7.4-fpm
a2enconf php7.3-fpm

That requires a file of each name above to be in the confs-available directory:  /etc/apache2/confs-available/php7.3-fpm & /etc/apache2/confs-available/php7.4-fpm,

When you run the commands above, a2disconf removes the named linked file from the confs-enabled directoy, and a2enconfs creates a link to the file in confs-available.  One place to create/update the config files, and 2 commands to disable and enable the files you want active.  Now I can have sockets named for the PHP versions in each file, and only one is active at a time.

In each file listed above (php7.x-fpm), add these lines at the bottom outside of any other tags:

Code: [Select]
    <FilesMatch ".+\.ph(ar|p|tml)$">
        SetHandler "proxy:unix:/run/php/php7.3-fpm.sock|fcgi://localhost"
    </FilesMatch>

The version in the "SetHandler" line should obviously match the filename's version identifier. 

That's it!  If you are only interested in one version of PHP, then you can place these updates in one of several files and it will work.  This method adds the ability to change versions as needed without a lot of work.

And, in order to easily switch PHP versions, I created a bash script to run on ubuntu Linux: 

Filename:  php_version_select.sh

Code: [Select]
!#/bin/bash
#Get currently configured PHP default version:

currver=`php -v | grep '^PHP' | awk '{print substr($0,5,3)}'`

echo ""
echo "PHP Version Selector"
echo "--------------------"
echo "Currently selected version: $currver"
update-alternatives --config php

newver=`php -v | grep '^PHP' | awk '{print substr($0,5,3)}'`

if [[ $newver = $currver ]]
then
   echo ""
   echo "Keeping $currver"
   echo ""
else
   echo ""
   echo "Switching to $newver ..."
   echo ""
   a2dismod php$currver
   a2disconf php${currver}-fpm.conf
   a2enmod  php$newver
   a2enconf php${newver}-fpm.conf
   update-alternatives --set phar /usr/bin/phar$newver
   update-alternatives --set phar.phar /usr/bin/phar.phar$newver
   echo ""
   echo "Restarting Apache and FPM Services ..."
   systemctl restart apache2
   systemctl stop php${currver}-fpm
   systemctl start php${newver}-fpm
   echo ""
   echo "done"
fi
# Display php version output

php -v

echo ""
echo "Script complete."

If you select a different PHP version, the script sets that as well as doing all the module and configuration disable/enable requirements.  At the end, it restarts the Apache Server and FPM processes to make the changes active.

So much simpler when I see it boiled down to this list.  All the other online versions were a hodgepodge of these and many other steps, but none in enough detail to explain WHY you are following each step.

The greatest benefit of computers is there is always another way to do everything.

The greatest downside of computers is there are so many ways to do things, it's difficult to find the one that's best for your case.

 :geekdanc:
« Last Edit: July 10, 2020, 02:54:16 PM by Flapp_Jackson »
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

ren

Re: How do you keep your digital music files?
« Reply #74 on: July 10, 2020, 09:47:18 PM »
any ideas on getting an FTP server on a Linux box? I plan to have a portable SSD drive connected to it. I see that FTP software isn't free? Looking to set it up for a NVR.
Or should I use my 1 disk Synology NAS with a portable HD connected to its USB port. ??? Reason to use the portable HDD on Synology NAS as its only 1 bay and my sensitive docs are on the NAS drive - a WD Red HDD
Deeds Not Words

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #75 on: July 11, 2020, 01:46:30 AM »
any ideas on getting an FTP server on a Linux box? I plan to have a portable SSD drive connected to it. I see that FTP software isn't free? Looking to set it up for a NVR.
Or should I use my 1 disk Synology NAS with a portable HD connected to its USB port. ??? Reason to use the portable HDD on Synology NAS as its only 1 bay and my sensitive docs are on the NAS drive - a WD Red HDD

Pretty much all software is free (open source) if you run Linux.  Not sure what Ad on Google you're looking at for paid FTP SW! Just smile and wave "Good-bye".   :wave:

If you already have SSH installed, you may already have SFTP access.  I installed OpenSSH for remote connections via Secure Shell, and the package openssh-sftp-server was also installed.  If not already on your Linux machine, just use your package installer to add it.  If openssh isn't there, then of course that ought the be installed automatically by the package manager since SFTP is a dependency.

I've used ProFTPD and VSFTPD in the past, but can be complicated to configure.  Anything that's complicated usually means (1) you're not likely to need or use all the features provided, and (2) you're unlikely to take the time to properly secure the server against "misuse". 

For a one-person connection need, the SFTP server from OpenSSH works fine.  In fact, if you have SSH already working for remote shell access, try using SFTP from the same client machine to see if it's installed.  The login settings are the same for both SSH and SFTP.  Whether you use trusted keys or login/password authentication, you connect the exact same way.  Makes administration much easier.  You can run the test on that server by executing the sftp command to connect to itself:

sftp localhost
or
sftp user@localhost

If you get prompted for a password, the SFTP server connected.

Here's the info on installing SSH and SFTP on Ubuntu:

https://help.ubuntu.com/community/SSH/OpenSSH/Configuring

The answers in this article offer nice, succinct answers that help configure the OpenSSH SFTP server for added security.

https://askubuntu.com/questions/420652/how-to-setup-a-restricted-sftp-server-on-ubuntu

If you need an FTP client for windows or Mac (or any platform really), I like Filezilla.  Filezilla also offers a Windows FTP server.  BTW, all the Filezilla products are FREE!   :thumbsup:  The client is easy to use, and it can be configured to store your SSH keys and all connection information. 

An easy way to create and convert SSH keys is with the SSH client "puTTY".  It comes with a key generation utility if you install the right package.  If you are on Windows and ever use SSH, you have to have puTTY.  I think it's a law or something.  Did I mention it's free?   :geekdanc:

SSH and SFTP certificates can get confusing when copying between different OS's.  Let me know if you run into trouble.

 :shaka:
« Last Edit: July 11, 2020, 01:56:09 AM by Flapp_Jackson »
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #76 on: July 17, 2020, 01:56:00 AM »
Time for another installment of ....  :geekdanc: :geekdanc:  GEEKS IN PARADISE!!  :geekdanc:  :geekdanc:

So, if you ever want to install Ubuntu Linux v16.04 LTS (2 major versions behind the most recent, but still in broad use), and you look at the Ubuntu download page, you'll see this:



I've been in this field long enough to know that there's no real difference between Intel and AMD source code.  If you want the 32bit version (why would you?), get the "i386" version.  If you are on a less-than-5-year-old Intel or AMD CPU, you should probably be looking for the 64bit version, called "AMD64".

I think these descriptions were written long ago and never refreshed.  It's confusing and inaccurate.

Anyway, I must have been super-tired when I did the download, and picked the wrong file.  Mistakes happen.   :(

Once you have a 32 or 64 bit system, everything you download will target that architecture.  It wasn't until I was installing a Drupal CMS package that I noticed a complaint that something I was installing required a 64bit OS.   :wtf:

Luckily, it was a VM, which is super quick to reinstall another VM with the right OS, and replicate what I did on VM 1 onto VM 2 before sending VM 1 to oblivion.

Thought I'd mention that if anyone ever sees something similar.  It's easy to read the instruction and be confused.  Just pick the AMD64 version regardless of it having an AMD vs INTEL CPU. 

Plenty of utilities to report on your CPU architecture, not to mention Windows and your motherboard's BIOS.  You should be able easily to tell if it's 32 or 64 bit.

 :thumbsup: :geekdanc:
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #77 on: July 17, 2020, 02:36:59 AM »
Installment #2 for today ...

If you've ever registered for a website, I would say that, with few exceptions, you are always required to input 100% of the information associated with your new account.

In other words, there is no "master database" from which the site draws your information so they can link it to you as its owner.

Now imagine working where you need to input a bunch of information for, say, a class reunion.  You'll be getting info via email, letters, text messages, phone  calls, and not always from the person each record is about.  Once person might have the phone numbers of 4 classmates, another person has emails for 10, and so on.

As you start to capture all of that info, you realize if each classmate can just log in and update everything for you, it would be so much easier -- and accurate!  But, you can't stop the wheels turning.  Every piece of info you get needs to be added by someone other than its owner as it comes in.

The solution is a system (or systems) that allow former classmates to register, and then have their existing info linked to that account.  They now have access to edit and save their own addresses, phone numbers, emails, family member names, and whatever else you need to contact them for events.

There are some web creation/management software packages under the label "CMS" -- Content Management Systems.  It allows, among other things, for a website to be created quite quickly, and it'll have all the standard features you need without having to code them, like registering, logging in, password recovery, security features, content creation and updates edited by multiple people (not just webmasters) and many other functions.

The problem is, you don't want to store all your contact info in a CMS, primarily because not everyone in your database would have an account yet.  Also, you'd have to be a database programmer to write all the input forms, report generators and other apps you'd want to be able to use that data.  A CMS just isn't designed to do all of that out of the "box".

Then along comes civiCRM, which actually has been around for over a decade.  It's open source software that calls itself  "civi" as in "Civic" -- since most of it was designed for use by non-profits for fundraising -- and "CRM"  (Contact Relationship Manager).  As a standalone system, it was mainly used by organizations to enter, track, and manage their project's donors and their families or business contacts.  Rather than give a tutorial, suffice it to say that civiCRM allows you, as a class reunion organizer, to input every single classmate and all their info into a single system without needing the contact owners to log in and do it.

But, what if you wanted them to login and update/enter that info for you?  CiviCRM integrates into several CSMs, like  Drupal, WordPress and Joomla.  Now you can grant access to the contact records a new account might already own automatically.  The system looks over the information provided when creating an account, and matches that to civiCRM contacts.  If one is found (same lastname and email address, for instance), then the record is linked to the new login. 

With civiCRM, you can not only gather the info from contacts, but it has a bunch of apps to send out newsletters and other emails for subscribed users, it handles the opt in/out for all your correspondence to be compliant with the federal CanSPAM Act, allows you to take credit cards and banking info to register individuals for events that require payment, print labels for snail mail, and on and on. 

When I used this setup years ago, even though my high school and most alumni were in NC, I did all the organizing from HI, including taking credit card payments through PayPal for the dinner.  I paid all the bills using my PayPal Debit card that drew on those funds.  Not only was it convenient, but I had 100% accounting of what I collected and where it was spent.   :thumbsup:

Now I'm on a quest to revamp that alumni website.  I've decided to switch from Joomla to Drupla CMS, because my research says Drupal is now integrated much better with civiCRM than with Joomla.

Anyway, from a database maintenance perspective (i.e. keeping the data up to date), I was happy I could allow people to do that for me and still have a complete contact management system to do the real work.

 :thumbsup: :geekdanc: :geekdanc:

How is this related to the unRAID stuff?  Well, my development environment will be installed on the unRAID server in a VM running the Ubuntu OS and Apache web server.  It mirrors the environment I'll be using to host it on when it goes live.

It might also be a good solution to handle, I don't know, a 2A contact database that includes all the gun clubs, interested members of gov't, etc?  Lots of non-profits use this software for their massive contact lists.

« Last Edit: July 17, 2020, 02:44:10 AM by Flapp_Jackson »
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #78 on: July 25, 2020, 12:10:56 AM »
Shut your Pi Hole!

I decided to install the PiHole docker on my unRAID server tonight.  Super easy ... barely an inconvenience!

The only thing I needed prior to installing was a free (as in available / unassigned) IP address on my network so I could assign a fixed IP -- it's going to become a DNS server, so that IP needs to not change.

Once installed, I launched the web GUI interface, installed a bunch of Ad-Block lists from a list of URLs on Reddit, and now I have over 200K ad-related sites that will be "black holed".

To test it, I changed the DNS server for my laptop to the PiHole IP address.  In just over an hour, the server has seen over 2K requests from my browser, handled 846 queries, and blocked 37.5% of those queries.

I tested by going to Forbes.com, Yahoo.com and other sites.  On the old DNS IP, I saw several ads on each site.  With the PiHole DNS, I see ZERO ads.   :geekdanc: :thumbsup:

One of the advantages of this method versus just having an ad blocker browser (Brave) or extension is websites can identify those and refuse to allow access unless you disable the ad blocking.  PiHole is not "filtering" via a web browser, so the websites can't tell their ads are not being sent to my network.

To make this work on ALL DEVICES in my house (PCs, Macs, SmartPhones, Tablets, etc.), I need to change the DNS IP in my DHCP settings.  DHCP is how devices on my network get assigned an IP address along with DNS info.

Unfortunately, my router, an old Apple Airport Extreme, doesn't let me change that.  The router is assumed to be the DNS server, which in turn forwards DNS requests it gets to my ISP.  That means I need to disable DHCP on my router and enable it on my unRAID server's PiHole software.  Once completed, any DHCP client devices will get their IP from my server, not the router.  That'll include the PiHole IP as the DNS server.  It makes the setup for client devices 100% transparent.

PiHole doesn't just block ads from browsers, but also from apps.  If you have a free version of a program that drives you crazy with ads in hopes you'll pay for the "privilege" of removing the ads, PiHole will be able to stop those, too.   :geekdanc:  If the lists you have installed don't block a specific set of ads, you can always figure out where the ads are being served to your device and manually add that to the "Blacklist".

Also, if you're having "false positive" issues where things you do want to access are blocked, you can add those resources to your "Whitelist".

No need to buy and setup a Raspberry Pi.  Just install the docker.  If you don't have the docker system software installed, install that first, and then the PiHole docker itself.

Dockers are like apps, and the Docker software system is like an Android emulator.  It lets you find, install and customize apps (dockers) that other people created without having to install a whole operating system on a virtual machine.  Hopefully that makes sense.  Once you have a docker installed, it notifies you if there's an update available, or it can install updates automatically if you prefer..  Updates are super easy.....barely an inconvenience!

if you haven't experienced dockers, you should set some time aside to check it out.  It's a major time saver.  I loaded the docker system application on my Mac and my PC so I can mess around in those environments, but all the dockers I'm actually using are installed on my unRAID server.

 :shaka:
The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw

Flapp_Jackson

Re: How do you keep your digital music files?
« Reply #79 on: July 25, 2020, 12:19:55 AM »
Up to 40% of DNS requests blocked now.   :geekdanc:  :thumbsup: 

That's a lot of ads and trackers.

The reasonable man adapts himself to the world;
the unreasonable one persists in trying to adapt the world to himself.
Therefore, all progress depends on the unreasonable man.
-- George Bernard Shaw