Category Archives: Home Server

Upgrading D-Link DIR-868L A1 firmware to Tomato

I was finally able to upgrade the firmware on my old but trusty D-Link DIR-868L router to Tomato firmware.

The process is a little bit involved and it’s very easy to brick your router. Fortunately, this router provides a relatively easy way to perform recovery.

Note this instruction is for DIR-868L rev A1. There are more than one version of this router and the process could differ for each of those versions.

At a high level, you will need to upgrade the firmware to DD-WRT first and then to Tomato. We will use Tomato by Shibby.

Step 1: Upgrade to DD-WRT

You cannot simply use any DIR-868L version of DD-WRT firmware. You need R25974 or prior. If you use any firmware after that version you may not be able to flash it and if that happens your device will be bricked.

You will need two files: factory-to-ddwrt.bin and dir868-webflash.bin

Download the two files from this link. The links are for R25974.

After you download, first flash the firmware “factory-to-ddwrt.bin” using the D-Link router’s firmware upgrade page.

The process could take up to 3 minutes. Once successfully flashed your router will reboot. Then go to the router page (default is and immediately upgrade the firmware to “dir868-webflash.bin“. If all goes well router will reboot once again. At this point, you are set to proceed to Step 2

Step 2: Upgrade to Tomato firmware

Download the latest Tomato by Shibby firmware from this link. The build I used was 140; direct link.

Download the zip file and extract it. Then flash the “tomato-DIR868L-ARM–xxx-special.trx” file with “Reset to Default Settings”. As usual the process could take up to 3 minutes. Once complete, Tomato firmware should boot up. Right after this, go to “Administration -> Configuration” and choose “Erase all data in NVRAM memory (thorough)” option. This will take a few more minutes. Once done, you are all set!

Bricked the router?

D-Link DIR-868L provides an easy way to recover.

  • Download the latest available firmware on the official D-Link website of the router revision
  • Unplug all cables (incl. power cable) from the router
  • Connect the router to the PC using one of the 4 switch ports
  • Set the PC TCP/IPv4 address to and use as the Subnet mask
  • Power-on the router with a paperclip pushing the hidden reset button located on the bottom of the device for a few seconds, when the Power LED starts blinking, release the reset button
  • Open browser and navigate to
  • Upload the stock firmware, when completed the router should report to reboot
  • The router should now be running stock and accessible on the default address.

mjml + jinja2 = awesome

If you have ever tried programmatically sending HTML emails, you probably know how giant of a pain in the rear it is. It’s all because while HTML has progressed in the world of Internet, the Email HTML is still way way behind. There are no set standards and most of the times, you end up doing too much manual HTML coding. In today’s world, surely there must be something you can do about it, right? Turns out, yes. MJML tries to standardize and speed up HTML email layout creation. Think of it as Bootstrap for Email. MJML comes with it’s tagging format. The resulting layouts are very cross-platform and responsive, just like today’s modern websites are. Granted, things can never be 100% perfect in the Email world, but MJML gets you to at least 90% there.

Then, if you are using Python you can make Emails dynamic using Jinja library. There is some work involved in tying the two together, i.e. making MJML and Jinja work seamlessly, but once set up, they work very very nicely.

To be continued…

SELinux fix for Mergerfs to allow Docker and Samba access

I recently started using Snapraid and Mergerfs setup to manage my disk pool. I have ~27TB of raw storage which I am managing.

While setting up Mergerfs as usual ran into SELinux issues that will prohibit Docker and Samba access to the storage. So, here’s my fix.



Docker Container for SMTP Relay

SMTP Relay service allows you to use an external SMTP server to send your mails through. After many frustrating hours of working with several SMTP Relay Docker Images, I finally found the one that works.


Configuration is very easy; Sample Run script

After this you will have a running Docker container that will relay all your emails to the “smtpserver” you have set.

Docker Container for phpMyAdmin

Been containerizing a lot of my tools and just added phpMyAdmin to that list.

It’s very easy to get going with it esp. if you also happen to have a Docker container running MySQL albeit with one minor issue.

Official docker hub page:

Use an example Docker Run script below

  • localport is the port you want phpMyAdmin to use. Generally it’s port 80 but I like to override that with a different port#
  • mysqlcontainer is the name of the running MySQL container
  • The “-e” option with “PMA_HOST” must be provided (atleast for now) with value equal to the name of the running MySQL container. Note that the official docs do not indicate that but without this I was receiving following error while trying to log in. So PMA_HOST is a workaround

#2002 – php_network_getaddresses: getaddrinfo failed: Name does not resolve — The server is not responding (or the local server’s socket is not


Docker Transmission Container with Windscribe VPN

Found this awesome container that has Transmission with VPN support which I can use with Windscribe VPN.

Docker Hub Link –

Run command:

Things to keep in mind:

  • I had to use dns parameters with Google DNS because my Docker container was not able to resolve any domains. You may not need it
  • user name and password is different from the ones you use to login to Windscribe site. Get these from here:
  • iprange is something like depending upon your local area network
  • SELinux will cause issues. So, use following code to set an SELinux policy

  • All the “-e” options that start with TRANSMISSION are Optional but I find those useful to set
    • Use rpc_user / rpc_pass if you want to have transmission use a user for login
    • somescript is a post-download script you want to execute
    • Set the Upload speed and queue size
    • Set the Download queue size

Additionally, I discovered that by default this container will use Port 1194 to connect to Windscribe. I prefer to use 443. There are many ways you can override the port and here’s how I preferred to do it.

I downloaded the OVPN file from Windscribe using link:

Then modified the OVPN file to add “/config/openvpn-credentials.txt” at the end of the line that starts with “auth-user-pass”. The file referenced will be automatically created by the container with Windscribe user/pass values you provide in the Run script. Then OpenVPN can use this auth information and seamlessly connect to Windscribe.

Thereafter, modified the Run script to use a CUSTOM provider and also mapped the location of OVPN file to /etc/openvpn/custom/default.ovpn.

Notice that this does not have “OPENVPN_CONFIG” variable set. This is because we are overriding OpenVPN default config file.

Fire up your container, and you are all set!

Fixing Random Samba Share Lockouts w/Docker

Continuation of my previous post about fixing random Samba Share lockouts. I discovered that Docker and Samba were fighting to gain access to the folders. If I set the label to samba_share_t, then Docker loses access. If I allow Docker (with “Z” option while running container), then Docker resets the label to “svirt_sandbox_file_t”. How can I make both use it? Turns out there is a solution. Credit to this Serverfault post:

Create a new SELinux Policy Module to allow Samba to access the Docker label.

Then start the Docker container with Volumes mounted using “Z” option. You should now be good to go with both Samba and Docker living together happily ever after…


Fixing Random Samba Share Lockouts

Ever had Samba shares on CentOS become randomly inaccessible? If so, I might have a cure… Turns out the culprit is (yet) again SELinux. Thank you SELinux for your super sensitive security policies…

It turns out that you might have lost extra important SELinux label on the share and sub-folders. Don’t ask me why and how? Perhaps a boot failure or power failure or random act of God?!

OK, here’s the solution you are looking for. Logon to your CentOS server and simply issue the chcon command. Be sure to do it recursively if you want to access sub-folders inside.

and that’s it! This will once again make that share accessible. Really… that simple!

EDIT: I figured out why lockouts were happening. It turns a Docker container was accessing these shares and resetting the label. If I set the label back to samba_share_t and make Docker container stop resetting it, then Docker container loses access to the folders. argh!