steamcache for gaming

Assuming you have docker running at home, check out these two docker projects – one is the cache (powered by nginx), the other is the dns servcie (which intercepts steam calls)

  1. https://hub.docker.com/r/steamcache/steamcache
  2. https://hub.docker.com/r/steamcache/steamcache-dns
  3. https://hub.docker.com/r/steamcache/sniproxy

When you have all three up and running you can confirm HITS to the cache by running the following against the steamcache container;

docker exec -it steamcache tail -f /data/logs/access.log

This is great if you have a gaming cafe or LAN over at your house on occasion, all steam games will be cached to local disk so that your internet pipe gets a break. ;)

Update 15/10/2018

  • Added SNI-Proxy. More and more HTTPS request break above if not implemented. Steam is pushing some images / videos via HTTPS now.
  • Replaced steamcache/steamcache with steamcache/generic – seems to have more active development around it
    • watchlog.sh does not appear to be in generic cache yet.

Update 1/11/2018

  • Switched back to steamcache/steamcache. steamcache/generic was much slower (re-validated downloads etc) which isn’t needed for my small network. I’m after performance! :)

pc engine – pfsense as router / firewall

download (1)Just built a pfsense router on  a pc engine to replace my aging 7390 fritzbox…. Very very awesome and fast!

Perfect for UFB (ultra fast broadband) here in New Zealand – FTTH has arrived :)

I’m currently running these services on it (2 x 1GHZ cpu, 4GB RAM, 16GB msata SSD);

  • dhcpd – DHCP server
  • miniupnpd – UPnP server
  • ntpd – NTP server
  • squid – Transparent Proxy & Reverse Proxy
  • snort – IDS (Intrusion Detection System) / IPS (Intrusion Prevention System)
  • ssd – SSH server
  • unbound – DNS Server
  • ipsec – IPsec VPN (site to site VPN)
  • openvpn – Open VPN (client VPN)

Check these links for some great advise…

https://mateh.id.au/2014/09/build-awesome-apu-based-pfsense-router/

http://www.smallnetbuilder.com/other/security/security-howto/31406-build-your-own-ids-firewall-with-pfsense

http://homeservershow.com/building-your-own-super-router-with-pfsense-and-untangle.html

Grab hardware here – http://www.pcengines.ch/apu.htm

IMG_5305

nsswitch.conf SMF config

# svccfg
svc:> select dns/client
svc:/network/dns/client> setprop config/search = astring: \
(“us.company.com” “eu.company.com” “companya.com” “companyb.com” “company.com” )
svc:/network/dns/client> setprop config/nameserver = net_address: \
( 138.2.202.15 138.2.202.25 )
svc:/network/dns/client> select dns/client:default
svc:/network/dns/client:default> refresh
svc:/network/dns/client:default> validate
svc:/network/dns/client:default> select name-service/switch
svc:/system/name-service/switch> setprop config/host = astring: “files dns”
svc:/system/name-service/switch> select system/name-service/switch:default
svc:/system/name-service/switch:default> refresh
svc:/system/name-service/switch:default> validate
svc:/system/name-service/switch:default>
# svcadm enable dns/client
# svcadm refresh name-service/switch
# grep host /etc/nsswitch.conf
hosts: files dns
# cat /etc/resolv.conf
#
# opyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
#

#
# _AUTOGENERATED_FROM_SMF_V1_
#
# WARNING: THIS FILE GENERATED FROM SMF DATA.
# DO NOT EDIT THIS FILE. EDITS WILL BE LOST.
# See resolv.conf(4) for details.

search us.company.com eu.company.com companya.com companyb.com company.com
nameserver 138.2.202.15
nameserver 138.2.202.25

vmware – HA issues

Most of the time your HA issues are going to be DNS related. So ensure that your vcenter can ping all your hosts by FQDN without issue.  In some cases though a stubborn server may not want to play the game even when everything is configured properly.

This method is considered a “last effort” as you’ll need to run some CLI commands on the ESX box. But i have found it useful in a few situations.

This page has a great write up on which files HA uses and how to temporary stop the HA service. http://itknowledgeexchange.techtarget.com/virtualization-pro/vmware-ha-failure-got-you-down/

Remember to get to the console on ESXi you logon to the console press Alt-F1 then type “unsupported” (note: you cannot see what you are typing), then enter the root password.

The main bits are as follows;

Stop the HA service

service vmware-aam stop

Check that HA has stopped (if not then use kill command to kill them)

ps ax | grep aam | grep -v grep

Move the current HA config files to a backup directory (before restarting HA)

cd /etc/opt/vmware/aam

mkdir .old

mv * .old

mv .[a-z]* .old

Then back to your vcenter and select Reconfigure for VMware HA on the effected host. Fingers crossed that it starts up and reconfigures without any issues.

WPAD – Web Proxy Autodiscovery Protocol

When using wpad there are some things that you should take note of;

  • DHCP wpad will override DNS wpad
  • DHCP 252 option can in some cases be slightly slower to resolve than DNS – there may be a patch for WinInet to resolve this.
  • You should always use lower case – wpad.dat  (it is case sensitive)
  • DHCP will allow either a URL or a file location for wpad.dat

Within IE on the LAN settings tab if you have WPAD “automatically detect settings” enabled and also configure a proxy server the WPAD should override the manual proxy configuration.

There is some good detail at the usual places http://en.wikipedia.org/wiki/Web_Proxy_Autodiscovery_Protocol

I’ve done a bit of work around WPAD, but have yet to write up a decent “how-to”. I’ll update this the next time i dabble in the area.

If you are using DNS you may have to remove the globalqueryblock for the wpad entry : http://support.microsoft.com/kb/968732/en-us

Here is a quick example of the syntax of a typical wpad.dat file…

   function FindProxyForURL(url, host) {
      // our local URLs from the domains below example.com don't need a proxy:
      if (shExpMatch(url,"*.example.com/*"))                  {return "DIRECT";}
      if (shExpMatch(url, "*.example.com:*/*"))               {return "DIRECT";}

      // URLs within this network are accessed through 
      // port 8080 on fastproxy.example.com:
      if (isInNet(host, "10.0.0.0",  "255.255.248.0"))    {
         return "PROXY fastproxy.example.com:8080";
      }

      // All other requests go through port 8080 of proxy.example.com.
      // should that fail to respond, go directly to the WWW:
      return "PROXY proxy.example.com:8080; DIRECT";
   }