Wireguard with GUI features are:

• All-in-one: WireGuard + Web UI.
• Easy installation, simple to use.
• List, create, edit, delete, enable & disable clients.
• Show a client’s QR code.
• Download a client’s configuration file.
• Statistics for which clients are connected.
• Tx/Rx charts for each connected client.
• Gravatar support.

To set up Wireguard server run docker-compose.yaml:

version: "3.8"
services:
  wg-easy:
    environment:
      # ⚠ Required:
      # Change this to your host's public address
      - WG_HOST=raspberrypi.local

      # Optional:
      # - PASSWORD=foobar123
      # - WG_PORT=51820
      # - WG_DEFAULT_ADDRESS=10.8.0.x
      # - WG_DEFAULT_DNS=1.1.1.1
      # - WG_MTU=1420
      # - WG_ALLOWED_IPS=192.168.15.0/24, 10.0.1.0/24
      # - WG_PRE_UP=echo "Pre Up" > /etc/wireguard/pre-up.txt
      # - WG_POST_UP=echo "Post Up" > /etc/wireguard/post-up.txt
      # - WG_PRE_DOWN=echo "Pre Down" > /etc/wireguard/pre-down.txt
      # - WG_POST_DOWN=echo "Post Down" > /etc/wireguard/post-down.txt
      
    image: ghcr.io/wg-easy/wg-easy
    container_name: wg-easy
    volumes:
      - .:/etc/wireguard
    ports:
      - "51820:51820/udp"
      - "51821:51821/tcp"
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
      - SYS_MODULE
    sysctls:
      - net.ipv4.ip_forward=1
      - net.ipv4.conf.all.src_valid_mark=1

Source: https://github.com/gregorgodler/wireguard-with-gui, https://github.com/WeeJeWel/wg-easy

Features:

• No need to register
• Supports multiple languages
• Uses cookies only to store settings
• Can work without JavaScript
• Has its own API
• Open source and self-hosted

docker-compose.yml file:

version: "2"

services:
  lenpaste:
    image: git.lcomrade.su/root/lenpaste:latest
    container_name: pastebin
    restart: always
    environment:
      # All parameters are optional
      #
      # HTTP server
      - LENPASTE_ADDRESS=:80                  # ADDRES:PORT for HTTP server.
      #
      # Database settings
      - LENPASTE_DB_DRIVER=sqlite3            # Currently supported drivers: 'sqlite3' and 'postgres'.
      - LENPASTE_DB_SOURCE=/data/lenpaste.db  # DB source.
      - LENPASTE_DB_MAX_OPEN_CONNS=25         # Maximum number of connections to the database.
      - LENPASTE_DB_MAX_IDLE_CONNS=5          # Maximum number of idle connections to the database.
      - LENPASTE_DB_CLEANUP_PERIOD=3h         # Interval at which the DB is cleared of expired but not yet deleted pastes.
      #
      # Search engines
      - LENPASTE_ROBOTS_DISALLOW=true        # Prohibits search engine crawlers from indexing site using robots.txt file.
      #
      # Storage limits
      - LENPASTE_TITLE_MAX_LENGTH=100         # Maximum length of the paste title. If 0 disable title, if -1 disable length limit.
      - LENPASTE_BODY_MAX_LENGTH=20000        # Maximum length of the paste body. If -1 disable length limit. Can't be -1.
      - LENPASTE_MAX_PASTE_LIFETIME=unlimited # Maximum lifetime of the paste. Examples: 10m, 1h 30m, 12h, 7w, 30d, 365d.
      #
      # Rate limits
      - LENPASTE_GET_PASTES_PER_5MIN=50       # Maximum number of pastes that can be VIEWED in 5 minutes from one IP. If 0 disable rate-limit.
      - LENPASTE_GET_PASTES_PER_15MIN=100     # Maximum number of pastes that can be VIEWED in 15 minutes from one IP. If 0 disable rate-limit.
      - LENPASTE_GET_PASTES_PER_1HOUR=500     # Maximum number of pastes that can be VIEWED in 1 hour from one IP. If 0 disable rate-limit.
      - LENPASTE_NEW_PASTES_PER_5MIN=15       # Maximum number of pastes that can be CREATED in 5 minutes from one IP. If 0 disable rate-limit.
      - LENPASTE_NEW_PASTES_PER_15MIN=30      # Maximum number of pastes that can be CREATED in 15 minutes from one IP. If 0 disable rate-limit.
      - LENPASTE_NEW_PASTES_PER_1HOUR=40      # Maximum number of pastes that can be CREATED in 1 hour from one IP. If 0 disable rate-limit.
      #
      # Information about server admin
      - LENPASTE_ADMIN_NAME=                  # Name of the administrator of this server.
      - LENPASTE_ADMIN_MAIL=                  # Email of the administrator of this server.
      #
      # WEB interface settings
      - LENPASTE_UI_DEFAULT_LIFETIME=         # Lifetime of paste will be set by default in WEB interface. Examples: 10min, 1h, 1d, 2w, 6mon, 1y.
      - LENPASTE_UI_DEFAULT_THEME=dark        # Sets the default theme for the WEB interface. Examples: dark, light.
    volumes:
      # /data/lenpaste.db - SQLite DB if used.
      # /data/about       - About this server (TXT file).
      # /data/rules       - This server rules (TXT file).
      # /data/terms       - This server "terms of use" (TXT file).
      # /data/themes/*    - External WEB interface themes.
      # /data/lenpasswd   - If this file exists, the server will ask for auth to create new pastes.
      #                     File format: USER:PLAIN_PASSWORD on each line.
      - "./data:/data"
      - "/etc/timezone:/etc/timezone:ro"
      - "/etc/localtime:/etc/localtime:ro"
    ports:
      - "9091:80"

Source: https://github.com/gregorgodler/pastebin, https://git.lcomrade.su/root/lenpaste

Features:

• Monitoring uptime for HTTP(s) / TCP / HTTP(s) Keyword / Ping / DNS Record / Push / Steam Game Server / Docker Containers
• Fancy, Reactive, Fast UI/UX
• Notifications via Telegram, Discord, Gotify, Slack, Pushover, Email (SMTP), and 90+ notification services, click here for the full list
• 20 second intervals
• Multi Languages
• Multiple status pages
• Map status pages to specific domains
• Ping chart
• Certificate info
• Proxy support
• 2FA support

docker-compose.yml file:

version: '3.3'

services:
  uptime-kuma:
    image: louislam/uptime-kuma:latest
    container_name: uptime-kuma
    volumes:
      - ./data:/app/data
    ports:
      - 9087:3001  # <Host Port>:<Container Port>
    restart: always

Source: https://github.com/gregorgodler/uptime-monitor, https://hub.docker.com/r/louislam/uptime-kuma

This is a very lightweight Speedtest implemented in Javascript, using XMLHttpRequest and Web Workers. All modern browsers are supported: IE11, the latest Edge, the latest Chrome, the latest Firefox and the latest Safari. Works with mobile versions too.

Features:

• Download
• Upload
• Ping
• Jitter
• IP Address, ISP, distance from the server (optional)
• Telemetry (optional)
• Results sharing (optional)
• Multiple Points of Test (optional)

docker-compose.yml file:

services:
   speedtest:
     image: adolfintel/speedtest
     restart: always
     container_name: speedtest
     ports:
       - "9086:80"

Source: https://github.com/gregorgodler/speedtest, https://hub.docker.com/r/adolfintel/speedtest

Portainer consists of a single container that can run on any cluster. It can be deployed as a Linux container or a Windows native container.

docker-compose.yml file:

version: "3"
services:
  portainer:
    image: portainer/portainer-ce:latest
    ports:
      - 9443:9443
    volumes:
      - ./data:/data
      - /var/run/docker.sock:/var/run/docker.sock
    restart: unless-stopped

Source: https://github.com/gregorgodler/portainer, https://hub.docker.com/r/portainer/portainer-ce

You can use my docker-compose file or check at https://hub.docker.com/_/nginx. Before deploying grab nginx.conf file with nginx settings.

docker-compose.yml file:

version: '3'

services:
  server:
    container_name: nginx-static-webserver
    image: nginx
    restart: always
    ports:
      - 9085:80
    volumes:
      - ./data:/srv
      - ./nginx.conf:/etc/nginx/conf.d/default.conf

nginx.conf file:

server{
        listen 80;
        server_name _;

        location / {
                root /srv;
                # Activate the next line if you want to list files
                # autoindex on;
        }
}

Source: https://hub.docker.com/_/nginx, https://github.com/gregorgodler/nginx-static-webserver

You can use my docker-compose file to set up WordPress with PHP 7.4., MySQL server and PHPMyAdmin. Before deploying grab the .env file with database parameters.

docker-compose.yml file:

version: '3.3'

services:
   db:
     image: mysql:latest
     volumes:
       - ./wordpress.sql:/docker-entrypoint-initdb.d/init.sql # prepopulate database
       - db_data:/var/lib/mysql # persist database data inside docker storage
     restart: "no"
     env_file:
      - .env
     environment:
      DOCKER_COMPOSE_YML_LOCATION: ${PWD}
     container_name: mysql_db

   phpmyadmin:
     image: phpmyadmin/phpmyadmin
     restart: "no"
     ports:
       - "9083:80"
     environment:
       PMA_HOST: db
       MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
       DOCKER_COMPOSE_YML_LOCATION: ${PWD}
     container_name: mysql_phpmyadmin

   wordpress:
     depends_on:
       - db
     image: wordpress:php7.4
     ports:
       - "9084:80"
     restart: "no"
     environment:
       WORDPRESS_DB_HOST: db:3306
       WORDPRESS_DB_USER: ${MYSQL_USER}
       WORDPRESS_DB_PASSWORD: ${MYSQL_PASSWORD}
       WORDPRESS_DB_NAME: ${MYSQL_DATABASE}
       DOCKER_COMPOSE_YML_LOCATION: ${PWD}
     volumes:
       - ./html:/var/www/html
     container_name: wordpress

volumes:
    db_data: {}

.env file:

MYSQL_ROOT_PASSWORD=DEFINE_MYSQL_ROOT_PASSWORD
MYSQL_DATABASE=DEFINE_MYSQL_DATABASE_NAME
MYSQL_USER=DEFINE_MYSQL_DATABASE_USER
MYSQL_PASSWORD=DEFINE_MYSQL_USER_PASSWORD

Source: https://github.com/gregorgodler/wordpress, https://hub.docker.com/_/mysql, https://hub.docker.com/_/wordpress, https://hub.docker.com/r/phpmyadmin/phpmyadmin

Functionality:

• Create, update, and delete your applications and bookmarks directly from the app using built-in GUI editors
• Pin your favorite items to the home screen for quick and easy access
• Integrated search bar with local filtering, 11 web search providers and the ability to add your own
• Authentication system to protect your settings, apps and bookmarks
• Dozens of options to customize the Flame interface to your needs, including support for custom CSS and 15 built-in color themes
• Weather widget with current temperature, cloud coverage and animated weather status
• Docker integration to automatically pick and add apps based on their labels

docker-compose.yml file:

version: '2.1'
services:
  flame:
    image: pawelmalak/flame:latest
    container_name: flame
    volumes:
      - ./data:/app/data
      - /var/run/docker.sock:/var/run/docker.sock # optional but required for Docker integration feature
    ports:
      - 9089:5005
    environment:
      - PASSWORD=DEFINE_YOUR_PASSWORD
    restart: unless-stopped

Source: https://hub.docker.com/r/pawelmalak/flame, https://github.com/gregorgodler/flame

First install python, pip, ffmpeg and git:

apt install python python-pip ffmpeg git

Next step is to install youtube_dl:

sudo pip install --upgrade youtube_dl

Lets get python script from git:

git clone https://gist.github.com/benzap/90ff22790bc0a9c6fd2902e91da4baef

This is source code:
[php]
# Requires: youtube_dl module
# Requires: ffmpeg
# Usage:
#
# python youtube2mp3.py <URL>, …
#
# Example:
#
# python youtube2mp3.py https://www.youtube.com/watch?v=dQw4w9WgXcQ

import youtube_dl
import sys

ydl_opts = {
‘format’: ‘bestaudio/best’,
‘postprocessors’: [{
‘key’: ‘FFmpegExtractAudio’,
‘preferredcodec’: ‘mp3’,
‘preferredquality’: ‘192’,
}],
}

if __name__ == “__main__”:
with youtube_dl.YoutubeDL(ydl_opts) as ydl:
filenames = sys.argv[1:]
ydl.download(filenames)
[/php]

Move script from folder 90ff22790bc0a9c6fd2902e91da4baef:

mv 90ff22790bc0a9c6fd2902e91da4baef/youtube2mp3.py .

Now we are ready to fetch mp3:

python youtube2mp3.py https://www.youtube.com/watch?v=PAzZ0jo9MdI

This is my example:

hamster@wheel:~/Scripts/youtube$ python youtube2mp3.py https://www.youtube.com/watch?v=PAzZ0jo9MdI
[youtube] PAzZ0jo9MdI: Downloading webpage
[youtube] PAzZ0jo9MdI: Downloading video info webpage
[youtube] PAzZ0jo9MdI: Extracting video information
WARNING: "id" field is not a string - forcing string conversion, there is an error in extractor
[download] Destination: Greatest Rock N Roll Vietnam War Music - 60s and 70s Classic Rock Songs-PAzZ0jo9MdI.webm
[download] 100% of 65.34MiB in 00:01
[ffmpeg] Destination: Greatest Rock N Roll Vietnam War Music - 60s and 70s Classic Rock Songs-PAzZ0jo9MdI.mp3
Deleting original file Greatest Rock N Roll Vietnam War Music - 60s and 70s Classic Rock Songs-PAzZ0jo9MdI.webm (pass -k to keep)

python /root/scripts/temperature_logger.py

Python script temperature_logge.py has some more lines:

[php]import os.path
import datetime
import time
from temperusb import TemperHandler

&nbsp;

#Set up the temerusb module to read the temperature
th = TemperHandler()
devs = th.get_devices()
format = "%Y-%m-%d %H:%M:%S"
today = datetime.datetime.today()
s = today.strftime(format)

&nbsp;

while True:
try:
#If the file is new, we’ll write a header row
header_row = None
if os.path.isfile(‘/root/scripts/temperature_log.csv’) == False:
header_row = ‘datetime,temperature_c\n’

#The temperatures will be logged to this file
f = open(‘/root/scripts/temperature_log.csv’, ‘a’)

#Write the header row if needed
if header_row:
f.write(header_row)

#Write the datetime and temperature
f.write(str(datetime.datetime.now()) + ‘ , ‘ + str(devs[0].get_temperatures()[0][‘temperature_c’]) + ‘\n’)

#Close the file until next time…
f.close()
print s, " – " + str(devs[0].get_temperatures()[0][‘temperature_c’])

&nbsp;

#Badly handle any exceptions…
except Exception as e:
print "An error occured…" + str(e)
pass
break
[/php]

This script was running every 10 minutes from July 2016 to the last day of December. Some statistical data about temperature in my cabinet. Average temperature was 21,33 degree, the hottest was on July 22 at 6 PM, it was 31,75 degree. The coldest was in the last day of year 2016 from 9:20 to 11:00, it was only 11,625 degree. Script produced 24.869 lines, that is why I decided to run it only once an hour.
 

Whole solution was found on web page: http://stuffbabiesneed.com/at-night/raspberry-pi-temperature-logger-raspberry-pi-baby-monitor-part-2/

The server detected a new device (dmesg):

[421796.525432] input: RDing TEMPerV1.4 as /devices/pci0000:00/0000:00:12.0/usb4/4-5/4-5:1.0/0003:0C45:7401.0005/input/input5

First update and install next packages:

apt update
apt install python-usb python-setuptools git screen

Next download and unpack the temper-python package from Github:

wget https://github.com/padelt/temper-python/archive/master.zip
unzip master.zip

Just in case I downloaded the package to my server. Continue with installing the Python module:

cd temper-python-master
sudo python setup.py install

When we are done we can read the temperature from a module:

sudo temper-poll

I get these results:

Found 1 devices
Device #0: 22.6°C 72.6°F

But I plan to read the temperature and save the output in some files, so I can see what was the temperature in the past. Continue in part 2.

git clone https://github.com/gkbrk/slowloris.git
cd slowloris
python3 slowloris.py example.com

For my blog I’m using CloudFlare DNS, so my IP is hidden behind their DNS servers. But if you know victims IP address or domain is resolving IP address, then you can have fun. But be aware, making this attacks is illegal!
 

So my web server is victim and my home server it attacker. Victim runs web server Apache 2.4.18 on Ubuntu 16.04. I started slowloris script to attack my web server:
 

Web server started in a minute processing new threads and web page was down.
 

This “slow” attack can be prevented using other web servers (during writing this post I found python script to attack NGINX web server) or using providers who protects you from DDOS. Guy at funtoo suggested to use load balancer or block connections with iptables.
 

iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 100 -j DROP

I tried to block Slow Loris attack with iptables, but in the end the web server still had a lot of threads and page was down. Googling about Slow Loris prevention, I found page Bed Against The Wall and writer recommends using mod_antiloris and mod_limitipconn for apache and fail2ban. This will follow in the next step.

Using the numeric in the first sort will give you the desired result:

cat access.log | awk '{print $1}' | sort -n | uniq -c | sort -nr | head -20

15 212.XXX.XXX.XXX
2 198.XXX.XXX.XXX
1 216.XXX.XXX.XXX
1 139.XXX.XXX.XXX
10 51.XXX.XXX.XXX
2 37.XXX.XXX.XXX
1 76.XXX.XXX.XXX
1 74.XXX.XXX.XXX
1 51.XXX.XXX.XXX

But sort -n didn’t work, so I added some non numeric character between the counter and the IP address

cat access.log | awk '{ print $1 } ' | sort | uniq -c | sed -r 's/^[ \t]*([0-9]+) (.*)$/\1 --- \2/' | sort -rn

15 --- 212.XXX.XXX.XXX
10 --- 51.XXX.XXX.XXX
2 --- 37.XXX.XXX.XXX
2 --- 198.XXX.XXX.XXX
1 --- 76.XXX.XXX.XXX
1 --- 74.XXX.XXX.XXX
1 --- 51.XXX.XXX.XXX
1 --- 216.XXX.XXX.XXX
1 --- 139.XXX.XXX.XXX