Week Review 1/11/2024

Continuing Work on Typewriter

Image of typewriter

I continued work on setting up the typewriter with docker. I found a big error in my workflow where building the docker container would take 20 minutes to build every iteration. This severely limited my development speed so I started looking for a solution to building the docker container faster.

I had some problems building the docker container because I was using the Alpine Linux base image. Alpine Linux uses the Musl C libraries rather than libc. I did not think this was going to be an issue because I am using Python. However in reality Python uses CPython in the Pandas library which was having trouble building.

I wanted to fix this problem by using our server to build the container and find any errors then finally build it on the Raspberry Pi, but when I tried to log into the server I realized that it was down, so I started trying to find a solution.

Fixing the Server

The server went offline so Mr.Christy asked me to reimage the server and set it back up. I used Ubuntu server and I wanted to set up the server to be easier to use than before. Previously the server could only be used on the internal network, but there are many use cases for having an externally accessible server.

I was planning on setting the server up to be externally accessible so I felt that it was important to secure it.

Image of ssh banner

Securing the Server

I started by hardening SSH. Previously on the server SSH was secured simply with a not very secure password. I changed a few rules in the ssh configuration to do this: I disabled root login, I enabled public-key-authentication, and I disabled password login.

I also wanted to make it more hardened to the local network so I set up UFW (Uncomplicated Firewall) so that users can not bind to any ports unless they have enough permissions to change the firewall rules. Firewalls are not perfect for security, but they are still an important security measure.

I set up automatic updates so that the server will hopefully need minimal updating.

Finally I wrote some rules for the usage of the server that will hopefully

Forwarding SSH

Forwarding SSH was very simple using ngrok, I followed this guide but I removed the interactive flag on the docker container and I forwarded port 22 with ssh. One benefit of using ngrok is that it automatically changes the ssh port being used.