Thursday, July 27, 2017

Running ipfire in a Proxmox KVM

Long ago my network equipment at home was simple: just used a Belkin N600 router to connect to my ISP. All my computers and devices, including some raspberry pi, mobile phones and pads will access the internet via the router. As the number of clients increased, I found that the Belkin router did not serve well. Therefore I installed a software firewall, IPFire, on a Raspberry Pi (Model B) and replace the existing router. (I still needed the N600 as a wireless bridge so I switch it to a bridge mode)

IPFire is a great software firewall. You can have a look at the website so see the features. Running IPFire on Raspberry Pi is surprisingly stable too. Everything was fine until I change the ISP plan from 8M (8mbps/1mbps)  to 100M (100mbps/30mbps).

The problem was the hardware limitation of the Raspberry Pi. The builtin LAN and another usb ethernet adapter worked fine when I was using 8M. However after I changed to use the 100M plan I found that the maximum speed was 30M something. In order to utilize my bandwidth I planned to run IPFire on another hardware.

I didn't have a big budget at that time so I wondered if I can make use of my existing hardware. My N54L that is running proxmox seems to be a good choice. So I decided to create a KVM for this.

The config of the IPFire VM is simple:
1. 512M ram
2. 1 CPU
3. 16GB virtual disk (virtio driver)
4. one bridged network (virtio driver)

One tricky thing I have done was to passthrough USB adapter from host to the VM, which should have a better performance.

By running lsusb on host:
# lsusb
Bus 003 Device 002: ID 0bca:8133 Realtek Semiconductor Corp. RTL8153 Gigabit Ethernet Adapter
Bus 003 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Then add a line at /etc/pve/qemu-server/.conf
usb0: host=0bca:8133,usb3=yes

note that only use "usb3=yes" if you are using a usb3 device.

When the setting was done, I started the VM, the USB adapter was detected and just followed the instruction to setup. In my case I connected USB adapter to RED (internet), the virtual adapter to GREEN (internal). As I did a IPFire configuration backup from raspberry pi. I just import it back to the VM and everything ran out of the box!

I did a quick test by running the command line version of speedtest (speedtest-cli). the result was 80mpbs/26mbps which is acceptable.

[root@ipfire ~]# ./speedtest-cli
Retrieving configuration...
Testing from XXXXXXX (
Retrieving server list...
Selecting best server based on ping...
Hosted by xxxxxxxx[22.51 km]: 8.898 ms
Testing download speed................................................................................
Download: 81.54 Mbit/s
Testing upload speed................................................................................................
Upload: 25.93 Mbit/s

In summary IPFire is a good solution if you want to have a software firewall. There are other free firewalls such as pfsense or opnsense. I will try them and compare. But for now, I am happy to use IPFire.

Wednesday, June 28, 2017

Playing Yeelight with Python

Recently I've been playing a Yeelight Smart LED Bulb. It'd be a good starting of learning home automation, as such smart LED Bulbs do not depend on any modification of your home electricity system. This yeelight bulb is already bundled with the WIFI chip so that you can configure it using its official app (both Android and iOS are available)

Using the official app is straight forward, then I wondered can I play it 'harder'. Then I searched and found some interest use cases:

  1. Controlling yeelight by Python
  2. Controlling yeelight by Siri (wow!)
  3. Controlling yeelight by Home-Assistant
In fact there should be more cases, including Amazon Alexa or Google Home, but I do have these products and the setup will be very similar to 2. and 3, that I will explain it in another post later. Right now I am going to share how to play the yeelight with python.

First, you need the official app to enable developer mode. Then just use python yeelight package and you are good to go!

import yeelight
yeelight_ip='' # your yeelight bulb IP
light = yeelight.Bulb(yeelight_ip, effect='smooth')

# Set it to white
# Set the brightness

Not very difficult right? If you have a raspberry Pi you can set some cronjobs in order to turn the light on in the morning as a silent  alarm clock, or place the bulb in your kid's bedroom, then change the brightness from 100% to 1% (then off, of course) in one hour.

If you think it's too dummy to control such a bulb, I agree. That's why there will be some more elegant solutions. Next time I'll show how I setup a virtual HomeKit and ask Siri to control the bulb.


Saturday, June 03, 2017

Nextcloud on Archlinux

Recently I'm trying Nextcloud, which is a fork of Owncloud.

I have to admit that I am not a big fan of PHP apps. When I tested Owncloud several years ago I only felt it's very slow.....As someone recommended Nextcloud a few weeks ago I'd like to give it a try.

The installation doc was well but since it is only for Redhat and Ubuntu. I'd like to add some notes when using Archlinux (with Nginx, PHP-FPM, Mariadb, Redis Server):

  1. The official packages are needed ("pacman -Sy nginx, php-fpm, mariadb, redis")
  2. The AUR package php-smbclient is needed if you want to use the external storage feature with SMB/CIFS
  3. Using memory caching can improve the performance. From the doc you can choose APCu, Memcached and Redis. I am using Redis server since it should be most flexible approach. AUR package php-redis, again, is needed.
  4. Download the latest Nextcloud package. Extract and put it under /var/www
  5. under /etc/php/php.ini, make sure these lines are uncommented:
  6. Following the official method to setup Nginx 
  7. Enable the services so that they will bring up after a reboot. (systemctl enable xxx)
  8. Using SSL is highly recommended. It's very easy to get one from Let's Encrypt with zero cost.
I will setup a container on my proxmox and evaluate for a while and give a brief review about it  later.

Thursday, September 01, 2016

Eclipse Che setup - on a server with Docker

If you take a look at the official site you'll see the installation is super easy - just a single line:

docker run --rm -t -v /var/run/docker.sock:/var/run/docker.sock eclipse/che start

Of course it is assumed that you have Docker 1.8 or later installed.

If you run it in your desktop or laptop, you can start using it. Just go to "http://localhost:8080" and create a workspace for your development:

Since I am going to install it on my HP N54L server (ArchLinux), I need to put from environment variables:

docker run --rm -t -e CHE_HOST_IP= -v /var/run/docker.sock:/var/run/docker.sock  eclipse/che  stop

Then I can go ot "http://:8080" to enjoy this web IDE.

Another thing I discover is that if you run "docker ps" you will see:

CONTAINER ID        IMAGE                                                                       COMMAND                  CREATED             STATUS              PORTS                                                                                                                       NAMES
6b5cf5c1c0e9        eclipse-che/workspacef2v2k7ltal4gbsxp_machineph3hokyhknjhxa90_che_default   "/home/user/entrypoin"   42 hours ago        Up 42 hours>22/tcp,>4401/tcp,>4403/tcp,>4411/tcp,>8080/tcp   workspacef2v2k7ltal4gbsxp_machineph3hokyhknjhxa90_che_default
ac63c449f4b8        codenvy/che-server:latest                                                   "/home/user/che/bin/c"   42 hours ago        Up 42 hours         8000/tcp,>8080/tcp                                                                                            che-server

Just remember do not stop it by running "docker stop che-server". I did once and when I start the che-server my previous setting, including workpsaces and projects were gone.

Instead, we should run 

docker run --rm -t -e CHE_HOST_IP= -v /var/run/docker.sock:/var/run/docker.sock  eclipse/che  stop

Or simply download the start/stop script from

curl -sL > che
then run
 ./che start / stop / restart

for my case I need to set the environemnt:
CHE_HOST_IP=je54 ./che  start
CHE_HOST_IP=je54 ./che  stop

Eclipse Che (coding within a browser)

I am not a professional programmer or developer. But I do need to code time to time. 90% of my coding is done with "vi". It's very powerful if the project is small. I also tried or sublime text, but they are just too powerful that I don't want to invest too much time. Then I found Eclipse Che.

Eclipse was a heavy IDE and I was using it 10 years ago, when I was still a big fans of Java. I put it down for years but when i visit the site again I found there is an interesting project: Eclispe Che - . Unlike Atom or Sublime Text, it's not a editor or IDE but a development infrastructure. It's not necessary to install it in your PC or laptop, but another server or even in the cloud. Even you install it in your PC you just install a docker container and use a browser to work:

As you can see everything is in docker. For my case I can put it in my HP N54L and then I can code with any computers. The installation is pretty simple, I will show it in the next post.