I recently need to update my DNS entry which is hosted in GoDaddy. GoDaddy supports API call to update DNS entries, which is amazing!!
You need to generate the API key and secret.
create the file below and cronjob it!
#!/bin/bash
domain="domain.tld"
type="A"
name="@"
ttl="3600"
port="1"
weight="1"
key="my-api-key"
secret="my-api-secret"
headers="Authorization: sso-key $key:$secret"
echo "Headers = " $headers
result=$(curl -X GET -H "$headers" "https://api.godaddy.com/v1/domains/$domain/records/$type/$name")
echo "Result = " $result
dnsIP=$(echo $result | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "DNS IP = " $dnsIP
ret=$(curl -s GET "http://ipinfo.io/json")
currentIP=$(echo $ret | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b")
echo "Current IP = " $currentIP
if [ $dnsIP != $currentIP ];
then
echo "IP's are not equal, updating record"
curl -X PUT "https://api.godaddy.com/v1/domains/$domain/records/$type/$name" \
-H "accept: application/json" \
-H "Content-Type: application/json" \
-H "$headers" \
-d "[ { \"data\": \"$currentIP\", \"port\": $port, \"priority\": 0, \"protocol\": \"string\", \"service\": \"string\", \"ttl\": $ttl, \"weight\": $weight } ]"
fi
if [ $dnsIP = $currentIP ];
then
echo "IP's are equal, no update required"
fi
Friday, May 17, 2019
Saturday, April 13, 2019
Ubuntu 18.04 + Docker Setup
I am setting up a new Docker Engine running on Ubuntu 18.04
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.
My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.
To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/
> sudo vi /etc/netplan/99-local-init.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]
ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers
To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name
Create a folder with the same name of the service name and add ".d" at the end of the folder name
> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d
Then you can create as many as .conf files in that folder
To create web proxy configuration
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"
To create DNS setting
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf
[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld
ps: ExecStart= must be defined in the first line to reset that flag
The daemon must be restarted
> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd
To build / run process within the Docker Container, pass the flags:
> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .
Have fun!
During the Ubuntu installation, I selected Docker Engine as part of the deployment setup. By default the Docker Engine Service is run by Snap.
My environment uses web proxy to hit the Internet and internal DNS servers only are allowed. Docker Daemon or Docker Containers must use web proxy and internal DNS to hit the Internet.
To setup Ubuntu with static IP, pointing to the right DNS, netplan must be created
create a YAML file in the /etc/netplan/
> sudo vi /etc/netplan/99-local-init.yaml
network:
version: 2
renderer: networkd
ethernets:
eth0:
addresses:
- 10.0.0.1/24
gateway4: 10.0.0.254
nameservers:
search: [domainlocal.tld]
addresses: [10.0.0.2, 10.0.03]
ps: addresses: [10.0.0.2, 10.0.0.3] are the local DNS servers
To get Docker Engine to use web proxy and local DNS servers, Drop-In configuration files must be created. Check the Docker Engine service name under /etc/systemd/system/ folder. My Ubuntu 18.04 installation has got snap.docker.dockerd.service name
Create a folder with the same name of the service name and add ".d" at the end of the folder name
> sudo mkdir -p /etc/systemd/system/snap.docker.dockerd.service.d
Then you can create as many as .conf files in that folder
To create web proxy configuration
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/proxy.conf
[Service]
Environment="HTTP_PROXY=http://myproxy.domainlocal.tld:8080/" "HTTPS_PROXY=http://myproxy.domainlocal.tld:8080/" "NO_PROXY=localhost,*.domainlocal.tld"
To create DNS setting
> sudo vi /etc/systemd/system/snap.docker.dockerd.service.d/dns.conf
[Service]
ExecStart=
ExecStart=/usr/bin/snap run docker.dockerd --dns 10.0.0.2 --dns 10.0.0.3 --dns-search domainlocal.tld
ps: ExecStart= must be defined in the first line to reset that flag
The daemon must be restarted
> sudo systemtcl daemon-reload
> sudo systemctl restart snap.docker.dockerd
To build / run process within the Docker Container, pass the flags:
> sudo docker build --build-arg http_proxy=http://myproxy.domainlocal.tld:8080 --build-arg https_proxy=http://myproxy.domainlocal.tld:8080 -t dockerhubname/imangename .
Have fun!
Tuesday, March 12, 2019
Docker Copy Files
When building a Docker image using the Dockerfile, if you need to copy some files from the Docker Engine machine to the Docker Image, you need to use the "correct" source path where the files are located.
Let's say you have the following files:
/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh
you can't specify the following command within your Dockerfile
COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/
instead, you need to do the following
mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources
then, in your Dockerfile, specify the following COPY command
COPY resources /etc/
Let's say you have the following files:
/mydocker/Dockerfile
/mydocker/file1.sh
/mydocker/file2.sh
you can't specify the following command within your Dockerfile
COPY /mydocker/file1.sh /etc/
COPY /mydocker/file2.sh /etc/
instead, you need to do the following
mkdir /mydocker/resources
mv /mydocker/file1.sh /mydocker/resources
mv /mydocker/file2.sh /mydocker/resources
then, in your Dockerfile, specify the following COPY command
COPY resources /etc/
Wednesday, February 13, 2019
Tuesday, January 01, 2019
Windows Server Core 2019 - Remote PowerShell
Just installed a couple of Windows Server Core 2019. To manage them through PowerShell remotely, you need to enable PowerShell Remoting
On the Windows Server 2019 Core, run the following command
> Enable-PSRemoting -Force
The remote machine from which you want to manage the server
> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld
Enjoy!
On the Windows Server 2019 Core, run the following command
> Enable-PSRemoting -Force
The remote machine from which you want to manage the server
> Enter-PSSession -Credential (Get-Credential) -ComputerName my2019server.domain.tld
Enjoy!
Friday, December 07, 2018
Westpac Super.Tech Q4 Individual Award Winner
And to close the year 2018, I have been nominated and won the Q4 Individual Award!
It has been a long and challenging year for me :)
Saturday, November 03, 2018
Thursday, October 25, 2018
Friday, September 21, 2018
Cleaning Up CSC Folders
C:\Windows\CSC folder is the offline files folder. It has special permissions. Without the correct permission, you won't be able to delete anything in it
To delete the content of C:\Windows\CSC, you need to modify its permissions
> cd c:\Windows
> takeown /f CSC /r /a /d y
> icacls CSC /grant Administrators:F
Then you can navigate to the folder and start deleting files
To delete the content of C:\Windows\CSC, you need to modify its permissions
> cd c:\Windows
> takeown /f CSC /r /a /d y
> icacls CSC /grant Administrators:F
Then you can navigate to the folder and start deleting files
Wednesday, August 01, 2018
Publish TeamCity via Sophos XG Firewall
I am running TeamCity product at home for my development work and would like to publish the site via my Sophos XG Firewall. TeamCity runs on the internal domain namespace and to publish it to the Internet, you need to configure it so that it recognises the external domain namespace.
I don't want to make any change on the TeamCity, and luckily Sophos can do it !
Create Business Application Rule on your Sophos Firewall make sure the "Rewrite HTML" is selected as shown below. That's it!
I don't want to make any change on the TeamCity, and luckily Sophos can do it !
Create Business Application Rule on your Sophos Firewall make sure the "Rewrite HTML" is selected as shown below. That's it!
Tuesday, July 31, 2018
Westpac Super.Tech Q3 Team Award Winner
My project team has been nominated and won the Q3 Team Award!
I am very proud to be part of the team that made one of the most complicated and long-running global projects completed successfully.
Thursday, June 14, 2018
OpenSSL to Retrieve Certificate
It is very easy to retrieve TLS/SSL certificate bound to a web server. You can use any Internet browser to navigate to the site and then you can view the certificate.
How do you get a certificate details from a non-HTTP endpoints? like LDAP for example.
Fortunately, you can use OpenSSL to retrieve the certificate
> openssl s_client -connect address-of-the-endpoint:636
Enjoy!
How do you get a certificate details from a non-HTTP endpoints? like LDAP for example.
Fortunately, you can use OpenSSL to retrieve the certificate
> openssl s_client -connect address-of-the-endpoint:636
Enjoy!
Thursday, May 10, 2018
SSH Login Notification with SSMTP
I have my box to send email notification for every successful SSH login in the past here.
It requires sendmail to be installed, which is too much I think just to send email out from the box.
I found a lighter way to do it, using ssmtp package:
edit/create the file:
> sudo vi /etc/ssh/sshrc
DATE=`date "+%d.%m.%Y--%Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
REVERSE=`dig -x $IP +short`
echo "To: laurence.lau@domain.tld" > /tmp/mail.content
echo "From: Beaver <beaver@domain.tld>" >> /tmp/mail.content
echo "Subject: SSH Login Succcessful" >> /tmp/mail.content
echo "" >> /tmp/mail.content
echo "$DATE, user $USER just logged in from $IP ($REVERSE)" >> /tmp/mail.content
ssmtp laurence.lau@domain.tld < /tmp/mail.content &
edit the file:
> sudo vi /etc/ssmtp/ssmtp.conf
mailhub=smtprelay.domain.tld:25
It requires sendmail to be installed, which is too much I think just to send email out from the box.
I found a lighter way to do it, using ssmtp package:
edit/create the file:
> sudo vi /etc/ssh/sshrc
DATE=`date "+%d.%m.%Y--%Hh%Mm"`
IP=`echo $SSH_CONNECTION | awk '{print $1}'`
REVERSE=`dig -x $IP +short`
echo "To: laurence.lau@domain.tld" > /tmp/mail.content
echo "From: Beaver <beaver@domain.tld>" >> /tmp/mail.content
echo "Subject: SSH Login Succcessful" >> /tmp/mail.content
echo "" >> /tmp/mail.content
echo "$DATE, user $USER just logged in from $IP ($REVERSE)" >> /tmp/mail.content
ssmtp laurence.lau@domain.tld < /tmp/mail.content &
edit the file:
> sudo vi /etc/ssmtp/ssmtp.conf
mailhub=smtprelay.domain.tld:25
Thursday, April 19, 2018
PowerShell RunAs
To execute PowerShell to Run As a different credential:
> $cred = Get-Credential
> Start-Process powershell.exe -Credential $cred -NoNewWindow -ArgumentList "-noprofile -command &{Start-Process -FilePath C:\blah\prog.exe}"
> $cred = Get-Credential
> Start-Process powershell.exe -Credential $cred -NoNewWindow -ArgumentList "-noprofile -command &{Start-Process -FilePath C:\blah\prog.exe}"
Friday, March 16, 2018
PowerShell SecureString
PowerShell is often used to access data from systems or apps that require authentication. Authentication requires username and password. you don't want to store the password in the PowerShell script itself.
The better way is to store the password as SecureString in a configuration file and use that to access the data / app.
To generate the configuration file:
> Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File C:\Securestring.txt
To consume the configuration file:
> $pass = Get-Content C:\Securestring.txt | ConvertTo-SecureString
To convert it as credential object:
> $cred= New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "username",$pass
The better way is to store the password as SecureString in a configuration file and use that to access the data / app.
To generate the configuration file:
> Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File C:\Securestring.txt
To consume the configuration file:
> $pass = Get-Content C:\Securestring.txt | ConvertTo-SecureString
To convert it as credential object:
> $cred= New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "username",$pass
Wednesday, February 14, 2018
Windows 2016 Core Domain Controllers
Upgrading my Domain Controllers from 2012 R2 to 2016. I have decided to run the servers without Desktop Experience to save resources.
Once installed, run the "sconfig" utility from the CMD to setup the server name, IP address, DNS and gateway, then reboot
To add AD Domain Services feature:
Add-WindowsFeature AD-Domain-Services
To install AD Forest::
Install-ADDSForest -CreateDnsDelegation:$false
-DatabasePath C:\Windows\NTDS
-DomainMode WinThreshold
-DomainName domain.tld
-DomainNetbiosName NETBIOSDOMAIN
-ForestMode WinThreshold
-InstallDns:$true
-LogPath C:\Windows\NTDS
-NoRebootOnCompletion:$true
-SysvolPath C:\Windows\SYSVOL
-Force:$true
ForestMode = WinThreshold = for Windows 2016
To add AD Domain Controller to the existing domain:
Install-ADDSDomainController -CreateDnsDelegation:$false
-DatabasePath C:\Windows\NTDS
-DomainName domain.tld
-InstallDns:$true
-LogPath C:\Windows\NTDS
-NoGlobalCatalog:$false
-SysvolPath C:\Windows\SYSVOL
-NoRebootOnCompletion:$true
-Force:$true
-Credential (Get-Credential)
Once installed, run the "sconfig" utility from the CMD to setup the server name, IP address, DNS and gateway, then reboot
To add AD Domain Services feature:
Add-WindowsFeature AD-Domain-Services
To install AD Forest::
Install-ADDSForest -CreateDnsDelegation:$false
-DatabasePath C:\Windows\NTDS
-DomainMode WinThreshold
-DomainName domain.tld
-DomainNetbiosName NETBIOSDOMAIN
-ForestMode WinThreshold
-InstallDns:$true
-LogPath C:\Windows\NTDS
-NoRebootOnCompletion:$true
-SysvolPath C:\Windows\SYSVOL
-Force:$true
ForestMode = WinThreshold = for Windows 2016
To add AD Domain Controller to the existing domain:
Install-ADDSDomainController -CreateDnsDelegation:$false
-DatabasePath C:\Windows\NTDS
-DomainName domain.tld
-InstallDns:$true
-LogPath C:\Windows\NTDS
-NoGlobalCatalog:$false
-SysvolPath C:\Windows\SYSVOL
-NoRebootOnCompletion:$true
-Force:$true
-Credential (Get-Credential)
Saturday, January 13, 2018
AWS Certified Solutions Architect - Associate
New year, 2018! New challenges!!
Passed the exam and now I am officially AWS Certified Solutions Architect - Associate. Next is Professional #StayTune
Passed the exam and now I am officially AWS Certified Solutions Architect - Associate. Next is Professional #StayTune
Sunday, December 31, 2017
Let's Encrypt Certificate Renewal
To renew the certificate that was generated by Let's Encrypt:
1# Go to sslzero.com site
2# Use the same Let's Encrypt Key generated by the site when certificate was originated
3# Get the CSR
4# That's it
1# Go to sslzero.com site
2# Use the same Let's Encrypt Key generated by the site when certificate was originated
3# Get the CSR
4# That's it
Wednesday, November 22, 2017
Proxy PAC Tester v.2.0
New version of Proxy PAC Tester that supports client IP address to be passed to some of the JS function that checks against client IP address.
#LoveCoding
#LoveCoding
Wednesday, October 25, 2017
Active Directory GUID
Active Directory GUID is stored as Byte array (Byte[]).
To convert from Byte[] to string:
string guid = new Guid(Byte[] Object).ToString()
To convert from string to Byte[]:
string guid = <string guid here>
Guid g = Guid.Parse(guid);
Byte[] gba = g.ToByteArray();
string result = "";
foreach(Byte b in gba){ result += @"\" + b.ToString("x2"); }
To convert from Byte[] to string:
string guid = new Guid(Byte[] Object).ToString()
To convert from string to Byte[]:
string guid = <string guid here>
Guid g = Guid.Parse(guid);
Byte[] gba = g.ToByteArray();
string result = "";
foreach(Byte b in gba){ result += @"\" + b.ToString("x2"); }