Hiking near the DMZ, Baengmagoji, Cheorwon via the DMZ Train and visiting Korean War ruins

Visiting the DMZ is one of the most popular tourist activities when visiting South Korea, however most people get bus tours from Seoul and go on a closely guided tour including Panmunjeom and a few other sites. There's nothing wrong with these tours, however I'm not a big fan of being herded like a sheep to the most popular place so when I heard of the DMZ train it sounded like a much better option.

The DMZ Train

For tourists wanting to visit the DMZ more independently Korail has recently launched the DMZ trains, these offer daily direct services from Seoul Station to either Dorasan Station (part of the traditional tour route) or to Baengmagoji.

DMZ Train in Baengmagoji Station

These trains are not the only way of reaching the destinations, however other routes require navigating a couple of changes in obscure stations (Dongducheon, some old details here: http://koreantrains.blogspot.co.uk/2013/07/types-of-trains-in-korea-1-commuter.html) on the edge of Seoul where little English may be found and information is scarce online.

The train route:

DMZ Train Route Map

On the train the staff organise entertainment, which to a non Korean speaker was all very confusing but very interesting to watch and try to work out what the hell was happening however it helped pass the time in between chatting to a middle aged Korean lady in semi broken English.

The interior of the trains can only be described as psychedelic:

Interior of the DMZ train

Buying tickets

I first attempted to buy tickets from the machines in Seoul Station a few days before however they never manged to complete the transaction, for some reason I had to go to the ticket office, however this went without issue but it helps to have the times and train number written down if you're not a Korean speaker. My train was full and seemed to sell out a day or two before so I'd recommend booking in advance.

If you wish to take a more organised approach there are bus tours into the DMZ which match the train times, tickets are sold on the train and next to the station.

Baengmagoji

Baengmagoji is interesting as it marks the northern end of the South Korean Rail network on an old line that once ran deep into North Korea. Now the terminus is located just outside the military line of control (the buffer zone around the DMZ) and can be explored freely (or at least mostly as we'll see later). It's close to several significant Korean War sights (my reason for visiting) and also a great hiking area.

The end of the line at Baengmagoji Station

Baengmagoji Station

My intention was to walk from the station to the former headquarters of the the Korean Labor Party (i.e. the North Koreans), a ruined building with a notorious past including the torture of many South Korean people who objected to the North Korean invasion, helpfully there was a decent map outside the station which showed many possibilities for exploring the area (I basically followed the black line:

Baengmagoji local map

Korean Labor Party Headquarters (Nodongdangsa)

Around 35-40 minutes walk from the station is the former Korean Labor Party Headquarters, it's an imposing building and is quite a contrast to the beautiful natural surroundings:

Korean Labor Party Headquarters (Nodongdangsa)

Korean Labor Party Headquarters (Nodongdangsa)

Korean Labor Party Headquarters (Nodongdangsa)

Despite taking a route along the road with no footpath the walk from the station is quite easy and interesting, along with the military checkpoints going into the DMZ (which you can't go through on foot) and passing military patrols keeping a close eye on me there is also an area of mines and some tank defense obstacles to block the road in the event of an invasion, all set in a really amazing landscape of rice paddies and stalks:

Minefield warning near the DMZ

Anti tank defenses near the DMZ

Rice fields near the DMZ

Rice fields near the DMZ

White Horse Hill Battle Memorial

My next stop was back towards Baengmagoji, one of the most intense battles of the Korean War was for White Horse Hill, a major vantage point within the DMZ. There is now a very small museum and memorial to commerate those who died.

White Horse Hill Memorial Bell

As soon as I started photographing towards the DMZ a friendly solider appeared and calmly watched my every move:

White Horse Hill Memorial Bell and solider

After this I passed time walking around the village of Baengmagoji before catching the train home. If I went again I'd love to hike more, in the time I had I could have taken a more scenic route through the fields to Nodongdangsa, from vague comments online I understand there to be various military paraphernalia left around in the area between the station and Nodongdangsa including a hilltop observation point which can be visited. I'd thoroughly recommend exploring this area to anyone who's looking for something different in Korea rather than the usual bus tour to Panmunjeom.

Installing Nodered using Ansible

Recently I've been playing around with Vagrant and Ansible to configure my home server. The server runs a few local network services and I'm working on some home automation stuff which I hope to base on NodeRed, in this post I'll describe how I've used Ansible to install NodeRed with git.

Installation

Dependencies

Since Nodered is a NodeJS application, we need to install a few dependencies first, I'm using apt and npm to do this but the method can be easily modified to the appropriate package manager:

- name: Add node key
  sudo: yes
  apt_key: url=https://deb.nodesource.com/gpgkey/nodesource.gpg.key state=present

- name: Add repos
  sudo: yes
  apt_repository: repo='deb https://deb.nodesource.com/node precise main'
  
- name: Install packages
  sudo: yes
  apt: upgrade=dist
  apt: pkg= state=installed update_cache=yes
  with_items:
 
  - nodejs
  - git-core

- name: Setup Forever
  sudo: yes
  npm: name=forever global=yes

NodeRed

There are a few ways to install Nodered; from a downloaded archive, using git or plain npm, I've chosen git as it allows me to easily upgrade just by changing the version tag and rerunning Ansible. All the functionality to get the code is built into Ansible:

- name: GetNodeRed
  sudo: yes
  sudo_user: oliversmith
  git: repo=https://github.com/node-red/node-red.git dest=/home/oliversmith/NodeRed version=0.9.0

- name: Install NodeRed
  sudo: yes
  sudo_user: oliversmith
  npm: name=npm global=yes registry=http://registry.npmjs.org state=latest
  npm: path=/home/oliversmith/NodeRed/ production=yes

Running

Launching node applications from the command line is tricky as if they crash the application doesn't have a mechanism to recover, I've chosen to use forever to solve this issue, however it won't make the application start on boot so further configuration would be required to enable that.

Forever has already been installed using npm (above) so after installation we can dive straight into running it:

- name: Run NodeRed
  sudo: yes
  sudo_user: oliversmith
  shell: forever start red.js
  args:
    chdir: /home/oliversmith/NodeRed/

Dandong, China 2014

I recently traveled to Dandong, China as a side trip from Beijing. I choose Dandong as I wanted to visit a normal Chinese city not usually on the tourist trail. Dandong is certainly a normal city and not one which sees millions of Western visitors every week. I also have an intermittent fascination with North Korea and Dandong happens to be one of the main crossing points into North Korea.

I spent most of my time exploring town and riverside areas including visiting the Korean War Museum (Museum of the War to Resist U.S. Aggression and Aid North Korea) and stopping at a remote outpost of Tesco to pick up supplies. There isn't a tonne of stuff to do in Dandong but enough to fill a weekend. If you're feeling more energetic than I (I'd hurt my ankle a few days before in Beijing) you can take a bus or taxi to see the most easterly section of the Great Wall.

Below are a few highlights of my trip:

The broken Yalu River bridge (alongside the working Friendship Bridge):

Bridges over the Yalu River, Dandong

View from the broken bridge over the Yalu river looking towards North Korea

North Korean boats on the river:

North Korean cargo ships moored on the Yalu River, Dandong

Walking the streets of Dandong:

Walking through the city to the war museum showed Dandong is very detached from the more vibrant and shiny areas of Beijing and lived up to my expectations of being slightly gritty and dirty.

Apartments seen while walking in Dandong

A typical street, Dandong

While I was taking this photo someone on an upper floor threw something large and glass out of the window and it smashed in the middle of the road, fortunatly not hitting anything.

Museum of the War to Resist U.S. Aggression and Aid North Korea:

While not very photogenic this is a very interesting museum if you're into history, it covers the Korean War from the Chinese angle and portrays America in a very different light to what most Western visitors will be used to. It's fully translated into English and has a wide selection of artifacts from the war as well as an outdoor display of military hardware.

Museum of the War to Resist U.S. Aggression and Aid North Korea

Statues inside The Museum of the War to Resist U.S. Aggression and Aid North Korea

On my way back to the hotel I picked up some local beer from Tesco, it wasn't great - I think I'll stick to TsingTao in future

Yalu River Beer

I stayed at the Crowne Plaza Hotel and can thoroughly recommend it, it's a little outside the CBD but a pleasant 30 minute walk along the river or a few minutes taxi ride. The concierges were particularly helpful and unlike their Beijing counterparts haven't grown to expect American style tipping (yet). Below are some views from my room, N. Korea is on the far bank:

View of the Yalu river and North Korea from my room in the Crown Plaza Hotel, Dandong

View of the Yalu river and North Korea from my room in the Crown Plaza Hotel, Dandong

You can even watch North Korean TV live on the TV, that was quite surreal!

Watching North Korean TV in the hotel

At the time of visiting there was a daily Air China flight to/from Beijing and less frequent services to Harbin, Shanghai and Shenzhen. Dandong Airport has just opened a shiny new terminal which was deserted until an hour or so before my flight.

Dandong Airport Terminal

Dandong Airport Terminal

Configuring SSL and Gitlab through an Apache Reverse Proxy

I've recently started to use Gitlab as an alternative to a Github paid account for projects I don't wish to make public. I wanted to install Gitlab on a server which is used for a few other applications which all use Apache, while Gitlab is really easy to install it installs nginx by default and expects to run on port 80. Normally in this situation I would configure Nginx to point to a non standard port, proxy through apache on the same server and terminate the SSL at apache, however there are some quirks in Gitlab which make this difficult; in this post I'll describe how to proxy Gitlab through apache using SSL.

The Problem

While Gitlab can be manually installed to work with apache this makes upgrades / changes difficult, it comes with a very nice Chef based installer but it assumes it's the only thing installed, if a simple HTTPS proxy is configured (terminating the SLL at Apache) then Gitlab will still mix in some non SSL URLs as it thinks it's still using an unencrypted connection, while not a huge risk this is untidy and annoyed me.

The Solution

The solution is to configure Gitlab to use SSL too and enable an SSL proxy in Apache, this involves defining options in two files:

gitlab.rb

external_url 'https://<url>:4443'
nginx['ssl_certificate'] = "/etc/ssl/localcerts/<certname>.crt"
nginx['ssl_certificate_key'] = "/etc/ssl/localcerts/<keyname>.key"

After which don't forget to run

sudo gitlab-ctl reconfigure
to push the changes into the nginx config

Apache vhost

<VirtualHost <ip>:443>

        ServerName <server url>
        SSLEngine on
        SSLCertificateFile /etc/ssl/localcerts/<certname>.crt
        SSLCertificateKeyFile /etc/ssl/localcerts/<keyname>.key
    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>

    SSLProxyEngine on
    ProxyRequests Off
    ProxyPass / https://<url>:4443/
    ProxyPassReverse / https://<url>/

    Header edit Location ^http://<url>/ https://<url>/
    RequestHeader set X-Forwarded-Proto "https"

</VirtualHost>

Dynamic DNS with the Linode CLI - Version 2

A while back I posted a method of creating your own Dynamic DNS server using the Linode API, shortly after they tweeted me with a tip which greatly simplifies the code. Now no remote service is required to provide your external IP address and it becomes an elegant one liner:

linode domain record-update -l oliversmith.io -t A -m lan -T 5 -R [remote_addr]