Multi-Gigabit Home Network Setup

  18 Apr 2020     Homelab, Networking, and Linux

The user experience of NAS (network-attached storage) devices largely depends on the connect speeds. Although 10GbE (10 Gigabit Ethernet) was proposed long ago, a wide usage is still limited by the still expensive price. Most Ethernet devices today are still stuck at GbE (1Gb/s). However, with standards like 2.5GBASE-T and 5GBASE-T that support intermediate speeds between GbE and 10GbE, we are now able to experience multi-gigabit networks with affordable upgrades. This article gives a quick guide of multi-gigabit home network setup, listing the necessary hardware required.

PCIe Ethernet Adapters ($30-$50)

Currently almost all consumer grade motherboards by default come with Ethernet ports only supporting GbE. Fortunately, with PCIe cards, we are able to expand the desktop PCs or servers with capabilities of multi-gigabit Ethernet. Especially, 2.5GBASE-T PCIe adapters can be found at price points below $50, which makes them perfect for affordable home network:

On Windows, after installing the PCIe adapter, the driver can be automatically updated by first connecting the internet with on-board Ethernet ports. You should be able to see the network adapter is working properly and you are good to go to switch to the faster 2.5Gbps port.

On Linux, you can download the driver r8125 from Realtek website, and install following the Readme files.

USB3 Ethernet Adapters (~$30)

For laptops, you can use a portable USB3 Ethernet ports like the following:

  • CableCreation USB 3.0 to 2.5 Gigabit LAN Ethernet Cable Adapter (Buy at Amazon)

Both price and size are comparable to a GbE USB Ethernet adapter. In comparison, a portable 10GbE Ethernet adapter typically uses thunderbolt interface, and costs >$150.

Ethernet cables

One advantage of 2.5 Gigabit networks is that most existing CAT-5e cables are already sufficient. 5GBASE-T and 10GBASE-T require at least CAT-6 cables, and CAT-6A is actually recommended for 10GBASE-T.

Network Switches (>$200)

With two devices with 2.5GBASE-T Ethernet adapters, theoretically you already have your multi-gigabit Ethernet by connecting them together. But for more practical use cases, e.g., accessing NAS from multiple devices, a multi-gigabit network switch is necessary. Multi-gigabit network switches are still expensive and the cheapest cost more than $200:

  • NETGEAR 10-Port Multi-Gigabit/10G Smart Managed Pro Switch (Buy at Amazon)

Speed Test

Now enjoy faster connection to your NAS!

speed showcase of multi-gigabit network

SELinux and Firewall Settings for Hosting Flask App with Nginx (on CentOS)

  12 Apr 2020     Web Development and Linux

Hosting Flask App with Nginx

Nowadays, thanks to simple web frameworks such as Flask, everyone one can quickly learn how to become a full stack developer and write his own web applications. The Udacity course Full Stack Foundations is highly recommended. However, to make your web applications actually useful (e.g., within a local network), there is still a missing piece from most introductory courses or tutorials, deployment. And it turns out the deployment of flask apps are even trickier than writing the apps, especially for amateurs like me. Without strong background in networking and system administration, it’s easy to run into all kinds of frustrating errors. Even everything finally works out, the server may be potentially vulnerable because you copied commands you don’t fully under Google. Here I would like to share some of my setups for deploying Flask apps with Nginx on CentOS.

During developing/testing stage, we can simply call Flask’s built-in server within your application app.py for convenience:

if __name__ == '__main__':
    app.run()

However, as suggested by the warnings when running the above python code, Flask’s built-in server is not suitable for production environment. It’s never meant to handle many requests from multiple users. To fulfill the purpose above, a more powerful WSGI server is required. A popular Python WSGI HTTP server such as Gunicorn can launch multiple worker processes to handle more server requests. E.g., the following command launches to 2 works, and binds the server with listening port 8001:

gunicorn -w 2 app:app -b :8001

You should already be able to access your application from http://localhost:8001. Still, we can do better by putting Gunicorn behind a proxy server, such as Nginx. The purpose is to further optimize the performance – for an incoming request, the Nginx can redirect it to Gunicorn if it must be handled by the web application, while Nginx itself can deal with tasks like serving static files efficiently. Of course, Nginx has more advanced features like load balancing, but those features are rarely used within the scale of a home lab or a small local network. A simple Nginx configuration file looks like the following:

server {
    listen       6001 default_server;
    server_name  _;
    root         /www/my-site;
    
    location ~* \.(pdf|html)$ {
        expires max;
    }

    location / {
        proxy_pass http://127.0.0.1:8001;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    }
}

Nginx will be listening from port 6001 from outside requests (and redirect to port 8001 if the requests are for the web application). In addition, Nginx will also serve pdf, html files within the site root by itself. Now start Nginx server with:

sudo systemctl start nginx

The web application should finally be functional! Or not… Most likely, you will still get error codes like 404, 502, when you try to access the web application from a different machine.

Firewall and SELinux Settings

For security reasons, by default, firewall and SELinux policies are enabled in most Linux distros. They tend to prohibit the uncommon behaviors, e.g., using a non-default port 6001 for http server, and permission errors will occur. The quick and dirty way of course is to disable the security settings (as some solutions posted online), however it potentially make the server vulnerable. The better approach is to only add the exceptions necessary for your appliction instead of disabling the firewall or SELinux policies entirely. Commands for related configurations are listed below:

  • To add allowed ports to firewall using firewall-cmd:
sudo firewall-cmd --zone=public --permanent --add-port=6001-6100/tcp
sudo firewall-cmd --zone=public --list-all # Check if ports are enabled in firewall
  • To enable ports for http in SELinux:
sudo semanage port -a -t http_port_t -p tcp 6001-6009
sudo semanage port -l | grep http_port_t # Check if ports are enabled for http
  • To enable http redirection in SELinux:
sudo setsebool httpd_can_network_connect on
sudo semanage boolean -l | grep httpd_can_network_connect  # Check httpd_can_network_connect boolean label

Finally, it’s always recommended for beginners to first go through some overview/introduction materials for firewall and SELinux on Linux. With some background, it will be much easier to find the root cause of errors and save you significant amount of time.


Publication: Resettable Microfluidic Sweat Sensor with Chemesthetic Feedback

  04 Dec 2019     Research

Our recent work was recently published on Nature Communications with title “Resettable skin interfaced microfluidic sweat collection devices with chemesthetic hydration feedback”. Check details on Nature Communications website.