Jacky Fong

Last post on 2025, yay. ٩(◕‿◕)۶ Reverse Proxy, for example, Caddy, is handy to auto generate a HTTPS certificate with auto renewal, but it does have one problem. endpoint.of.your.s3.domain.tld { reverse_proxy garage:3900 } The scenario I have a DNS record A *.foo.bar.com, to add/remove multi-level domain record without configure DNS everytime. Also I don’t want someone to spy and scan the domain by not expose them on DNS record. Once I setup something like https://whoops.foo.bar.com, I am happy to use the service through internet. The weird thing is, despite I don’t expose A whoops.foo.bar.com in DNS record. ...

You might quite found some scenario that needs to check the content of HTTP request, or just a placeholder HTTP server for tests / development, or even just a honeypot to intercept some internet traffic for analysis. In some cases, you can just use utility like netcat or python3 -m http.server 8000 to quickly spin up a HTTP server for request interception. But I found that a dedicated honeypot is a better fit for this job. ...

The goal I want a service that automatically convert image to webP image, and serve the converted image while the mobile access the original image. Requirements When an image is uploaded to the S3, send an event to server to convert the image to WebP After converting it into WebP, save it into the bucket (The WebP Server is good but I want to serve ther WebP content static) For each mobile image request, redirect the request to the WebP image After resolving the reverse proxy url rewrite PoC , let’s focus on the S3 event triggering PoC. ...

The goal I want a service that automatically convert image to webP image, and serve the converted image while the mobile access the original image. Requirements When an image is uploaded to the S3, send an event to server to convert the image to WebP After converting it into WebP, save it into the bucket (The WebP Server is good but I want to serve ther WebP content static) For each mobile image request, redirect the request to the WebP image So I PoC the redirect logic first For each reverse proxy, rewritting url is a basic requirement. So it should be easy enough, just handle the image extension checking and the mobile User-Agent checking. ...

What Happened Recently I need to serve a 10MB+ json file as a static API JSON endpoint. (Don’t ask me why the API content-length is that high) Turns out that Garage and Ferron does not do the compression and I need to do that manually. The trick Compress it locally and instruct the browser to treat that file as gzip by passing specific header. Content-Encoding: gzip Compress the file locally $ gzip -c example.json > example.json.gz ...

What just happened I have a repo to collect the ProtonVPN data just for my convenience and further network check. This “API” is undocumented (It is never meant to be an API), and it is known for the users to get the endpoint and loading for each server. Until it was unavailable without authentication, it needs cookie to do that. The endpoint worked just fine for a bit. Until the behavior changes recently, affecting the account profile generation and the chrome extension (In my record, the response starts changing in October). ...

As of my last garage setup , I use Caddy as my reverse proxy, it worked just fine. But Ferron 2 was released recently, so I give it another shot. Ferron is small in image size (the alpine image is just 15MB in size). Which is good enough for just a reverse proxy with AutoTLS at that size, Caddy seems to be overkill in my usage. Reverse Proxy Configuration For Ferron, it takes almost nothing to configure the reverse proxy by passing the config kdl to the container. ...

Recently I want to host my Pangolin instance to expose some services to internet. Instead of finding VPS like AWS Lightsail, Vultr, etc, I go to Lowendtalk. Lowendtalk is a great place to find some crazy VPS deals, and bought too much VPS for the purpose. Finally I found a suitable VPS instance, and left some VPS idle. To make use of these idle VPS, I have a static side project and I think it is good to test it out. ...

Off topic, again Lilo Coffee Roasters is good, but not as shockingly great as Glitch. Coffee bean is a OK for me, bit too light roasted for me. May be just for the beans next time. Back to the topic Recently I built a small project and I want to run the code inside Docker container. I am going to host this Docker container inside my homelab, but too lazy to do the manual docker build and docker run each time I change something. ...

Off Topic Yay! First post written across two countries. Osaka + Kobe = perfect short break destination. The Glitch Coffee offers great quality coffee with reasonable price. Back to the topic Recently I want to ditch Portainer for couple of reasons: Why not? It is always fun to tinker. 5 instances limit for Portainer CE, which is not that enough for tons of VM. Even there is free Portainer BE provided, it is only 3 nodes and requires unnecessary information Some core functions are paywalled, e.g. auto-update image, you need watchtower to do that on Portainer CE. So I check for the FOSS options available, and I found 2 of them ...