Monday, April 17, 2017

[howTo] Fix DNS on OpenVPN headless install + (Private Internet Access)

Ran into an issue when getting a headless OpenVPN client working with Private Internet Access. After the connection was up, system could not resolve DNS.

Quick and dirty solution is to add a public nameserver to /etc/resolvconf/resolv.conf.d/head

cat /etc/resolvconf/resolv.conf.d/head

There's probably a better way to have OpenVPN get a DNS from PIA, but I'll have work that out later.

Friday, February 10, 2017

[howto] Install DokuWiki in Ubuntu 14.04 and nginx on DigitalOcean VPS

This is the base link I used:

Its slightly old, meant for Ubuntu 12.04. But if you're somewhat familiar with linux and how nginx works, you should have no trouble getting it working.

Comments on the bottom also have changes needed to get it working in 16.04, the next LTS.

Thursday, February 09, 2017

[howto] Fix certbot-auto renew failure (404)

Here's how to fix this type of error:

Processing /etc/letsencrypt/renewal/
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for
http-01 challenge for
Waiting for verification...
Cleaning up challenges
Attempting to renew cert from /etc/letsencrypt/renewal/ produced an unexpected error: Failed authorization procedure. (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "
404 Not Found

404 Not Found

", (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from "
404 Not Found

404 Not Found

". Skipping.

All renewal attempts failed. The following certs could not be renewed:
  /etc/letsencrypt/live/ (failure)
1 renew failure(s), 0 parse failure(s)

 - The following errors were reported by the server:

   Type:   unauthorized
   Detail: Invalid response from
   404 Not Found

404 Not Found


   Type:   unauthorized
   Detail: Invalid response from
   404 Not Found

404 Not Found


   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

The error is showing that the client is getting a 404 error webpage as a response to its challenge. The reason this seemed to be happening was that I had HSTS on, which prevented the challenge from going through properly.

For me the the answer was to disable SSL for that website. Then run the certbot-auto renew. This allowed the script to renew the certs. Afterwards simply re-enable SSL.

The simplest way for me to disable SSL was to remove the relevant entries in my config file.

Sunday, December 18, 2016

[howto][svn] Quickly revert a commit

There are more flexible ways, but here is a quick way to simply revert one commit.

svn merge -c -[R]

R = Revision.

So reverting commit 5400 would be:

svn merge -c -5400
Don't forget that dash before the revision.

Taken from:

Tuesday, December 06, 2016

[VirtualBox][howto] Map COM port higher than COM9

According to

Trying to map a COM port higher than COM9 in virtual box will result in this error:

Fehlercode: E_FAIL (0x80004005)
Komponente: Console
Interface: IConsole {6375231a-c17c-464b-92cb-ae9e128d71c3}

The solution is to give the full path:

COM12 would be \\.\COM12.

Saturday, October 08, 2016

[Kodi] [howto] Enable Chinese Subtitles

Enabling chinese ( or really any non-western character based) subtitles in Kodi should be simple, but requires a few steps that, when not performed perfectly, leads to a frustrating set of garbage characters.

1.) Replace Kodi's default arial.ttf ( or add ) a font that has full unicode support. Most tutorials online use DejaVuSans+DriodSansFallback.ttf. Unfortunately the post I found had a faulty link, but a bit of quick googling showed it was available here:

DejaVu Sans Font Free by DejaVu Fonts | Font Squirrel

2.) Place the .ttf file in Kodi's "Fonts" folder. Depending on your platform this can be in different places. Here are the common ones I've found:

Linux: /usr/share/kodi/media/Fonts/.
OSX: /Users//Library/Application Support/Kodi/kodi/media/Fonts

(For OSX, the Fonts folder wasn't there, so I had to create it).

3.) Choose the font in: Settings>Video>Subtitles>Font for use for Subtitles.

4.) Choose the right character set: Settings>Video>Subtitles>Character Set (for Chinese I used "Chinese Simplified (GBK)". Without this step, you will get garbage output, regardless of the font.

5.) Optional: Add the language you'd like to Download for, if you use the subtitle downloaders, which are quite helpful.

If any options don't appear, make sure you're in the "Expert" mode for the settings.


If you're seeing BOXES for the text, then your font doesn't support the right character set, change your font.

If you're seeing GARBAGE for the test, then you haven't chosen the correct character in the settings. Choose the correct one.

Saturday, June 25, 2016

[howto] [Linux] proxychains + SOCKS5 best practices

Recently was messing around with proxychains in order to allow some commands and programs that don't natively support proxies to be used more securely.

I followed this excellent tutorial:

This worked great, but it requires an SSH tunnel. This is great if you have access to a VPS. But what if you're using some kind of commercial VPN service ( such as PIA ). You need to set up proxychains to use SOCKS5. 

This isn't very difficult. You simply need to add the following line to the [ProxyList] section of your proxychains.conf file:

socks5 IP Port Username Password

I set it up for PIA, so this was my config:

 socks5 1080   username ( the one starting with x) password (yes hardcoded, but later on we have a work-around for this glaring security hole).

Unfortunately proxychains seems to not handle DNS names, so I used an IP for PIA's socks proxy ( ).

The instructions are available at:

PIA Instructions Page

nslookup yielded quite a few IPs:



You can pick any one to use. Though, I imagine they are used in round-robbin to share the load of the users. So if your proxy stops working all of a sudden, try changing to another IP.

Also the default setting:

# socks4 9050

Should be disabled, if you are using strict_chain, since it will error at not being able to contact the DNS through the (non-existant) TOR tunnel.

Test the connection:

proxychains wget

Last of all, is the security concern about having to hard-code your password in a .conf file. My workaround has been to use a local, user-only file. Instead of using the above in /etc/proxychains.conf, create the same file in:


Create the directory if its not already there. Then ensure that only your user may read the file:

chmod go-rwx ~/.proxychains/proxychains.conf

A hash or shadow file would be better, but I haven't quite figured out how to have proxychains use something like that unfortunately.

Hope this is helpful!