Problem :
I built a network monitoring solution following this guides :
Truly, a great job.
But I has build the solution at home for another network, I would like that my raspberry start and monitor at boot. And I missed in the comments or text a few thing.
Solution :
I created services as described in the comment for prometheus, add another for the tcpdump. Don't forget prometheus working directory in this configuration (no specific user for prometheus).
[Unit]
Description=Prometheus
After=tcpdump.service
[Service]
User=pi
Group=pi
Type=simple
WorkingDirectory=/home/pi/prometheus/prometheus-2.23.0.linux-armv7
ExecStart=/home/pi/prometheus/prometheus-2.23.0.linux-armv7/prometheus \
--config.file /home/pi/prometheus/prometheus.yml
[Install]
WantedBy=multi-user.target
/etc/systemd/system/tcpdump.service
[Unit]
Description=TCPDump service for traffic monitoring
After=network-online.target
[Service]
Type=idle
ExecStart=python3 /home/pi/network-traffic-metrics/network-traffic-metrics.py "(src net 192.168.10.0/24 and not dst net 192.168.10.0/24) or (dst net 192.168.10.0/24 and not src net 192.168.10.0/24)"
[Install]
WantedBy=default.target
But I had some network issues :
First, disable dhcpcd and install isc-dhcp-server
In my case, I keep dhcpcd as it mount the network interfaces eth0 & eth1. I also put a no gateway on eth0 (my lan part)
My dhcpcd.conf configuration for interfaces :
interface eth1
static ip_address=192.168.1.10
static routers=192.168.1.1
static domain_name_servers=1.1.1.1
static domain_search=1.1.1.1
interface eth0
static ip_address=192.168.10.1
static routers=192.168.10.1
static domain_name_servers=1.1.1.1
static domain_search=1.1.1.1
nogateway
But with this configuration, at boot :
- isc-dhcp-server and tcpdump
were not started because eth0 was not up or plugged. In my case, I could plug eth0 later.
So I took a while, but I found the network hook that works (forget all /etc/network thing, dhcpcd do not use it).
Create a file (not a directory...) called /etc/dhcpcd.exit-hook with
#!/bin/bash
if [ "$interface" = "eth0" & "$reason" = "STATIC" & "$if_up" = "true" ]
then
systemctl start tcpdump
systemctl start isc-dhcp-server.service
fi
And all is starting when eth0 is going up.
Problem :
I had a problem, nearly simple : on an angular 11 application, font was not displayed on IE11 on customer site.
After a few tests :
- I reproduce it on my demo site
- I do not reproduce in dev mode
Solution :
Well, I search for a while, and here is a summary.
- IE11 has a problem if header "Cache-Control: nostore" is set for fonts... Not easy to find but there is some reference here
- On my dev, it's working, after a check, I'm not setting Cache-Control: nostore
- On my demo site, I have this header, but I have a Nginx as a reverse proxy. Ok, that's why
- On customer site, I do not have control on network elements. One must add it also
I made the assumption that if I set a Cache directive, intermediate server won't modify it.
It works on my demo site. I'll check next on my customer site.
To add cache control on springboot, thanks Baeldung !
registry.addResourceHandler("/assets/**").addResourceLocations("classpath:/static/hpa-portal/assets/")
.setCacheControl(CacheControl.maxAge(1, TimeUnit.DAYS));
Problem :
On Debian, do not update resolv.conf (DNS) when we have multiple DHCP network interfaces.
Solution :
A first link : Never update resolv.conf with DHCP client
But we don't want to never update, but sometimes update...
On Redhat families it's simple (see the previous link) : PEERDNS=NO on the right interfaces
On Debian families.... let's use the hook as suggested :
Create hook to avoid /etc/resolv.conf file update
You need to create /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate file under Debian / Ubuntu Linux:
# vi /etc/dhcp3/dhclient-enter-hooks.d/nodnsupdate
Append following code:
#!/bin/sh
make_resolv_conf()
{ : }
OK, but the hook prevent ALL interfaces to update resolv.conf, the idea :
- in the hook test the interface name
- if one authorized, call the original make_resolv_conf
- otherwise to nothing
In bash it's not easy to have multiple function with the same name, but thanks stackoverlow !:
#!/bin/bash
# copies function named $1 to name $2
copy_function() {
declare -F $1 > /dev/null || return 1
eval "$(echo "${2}()"; declare -f ${1} | tail -n +2)"
}
# Import the original make_resolv_conf
# Normally useless, hooks are called after make_resolv_conf declaration
# . /sbin/dhclient-script
copy_function make_resolv_conf orignal_make_resolv_conf
make_resolv_conf() {
if [ ${interface} = "auhtorizedInterface" ] ; then
original_make_resolv_conf
fi
}
Update :
The previous solution is not working... declare is not known by sh/dash and the script is run by sh/dash. So the copy function is not possible.
Ideas :
- copy make_resolv_conf in this file under original_make_resolv_conf : it works, but ugly due to security patch not handled
- use 2 hooks : one enter : save resolv.conf, one on exit : restore resolv.conf if ${interface} is not authorized
- try to extract make_resolv_conf from /sbin/dhclient-script : not so easy...
Best solution, the two hooks, it's a pity :) I like the copy_functions :) :
# vi /etc/dhcp3/dhclient-enter-hooks.d/selectdns-enter
#!/bin/sh
cp /etc/resolv.conf /tmp/resolv.conf.${interface}
# vi /etc/dhcp3/dhclient-exit-hooks.d/selectdns-exit
#/bin/sh
if [ ${interface} = "auhtorizedInterface" ] ; then
echo "${interface} not authorized"
cp /tmp/resolv.conf.${interface} /etc/resolv.conf
fi