A comprehensive list of examples of configuring the Caddy webserver. Includes TLS, Proxy, Oauth2, and more!…
read more...Caddy Cheatsheat
on
Built-in Firewall for Systemd Services
on
Systemd includes a feature to restrict which IP addresses can communicate with a service. As an example, let's use this to SSH to the 192.168.1.0/24 subnet…
read more...Connecting Network Namespaces with veth
on
This post will look at how to define network namespaces and connect to and between them using veth pairs…
read more...Sending Emails with cURL
on
In this tutorial, we will look at how the cURL utility can be used to send out emails. This is useful for things like automated alerts…
read more...Verify TLS Servers with Random Art
on
I've always loved the RandomArt feature in SSH that is used to display a visual representation of a peer's public key. I thought it would be great to extend this to TLS.…
read more...Process Privilege Escalation with SUID
on
Did you know that on a Linux system running the ping command requires root privileges? Normal users are able to run the command through a special permission known as setuid…
read more...Network Isolation of Services with Systemd
on
This tutorial will look at how network namespaces can be defined in systemd service unit definitions. This example will at running the Nginx service inside a separate network namespace that has its own physical interface. Like most of my tutorials, this will be done on a Fedora system.…
read more...Generating Memorable Hostnames for a Subnet
on
This is a simple Bash script I wrote to generate memorable names for an IP address space. The names are camelCase word pairs obtained by shuffling a list of the thousand most common English words. This produces readable and memorable hostnames, e.g. FormerAbility.…
read more...Send IM when site goes offline
on
This tutorial will show how I used a Python script, Systemd timers, and the XMPP protocol to send myself an instant message when my website goes offline.…
read more...Github Login on Caddy
on
How to log into your Caddy webserver using your Github account (Oauth2). Requires http.jwt and http.login plugins.…
read more...Firewalld Tutorial
on
Comprehensive and example rich reference on Firewalld, the default firewall for RHEL/CentOS/Fedora…
read more...Protect your infrastructure with SSH Jump Hosts
on
This post shows you how to use SSH jump hosts to access internal SSH servers. It also shows how to create limited accounts that can only be used for jumphost access…
read more...Migrating the Blog (Ghost+Caddy+Docker)
on
In this post, I'll discuss how I migrated this Ghost blog to a new server, and its configuration using docker-compose and Cloudflare.…
read more...Dynamic DNS with Route53
on
This is a python script I made for dynamic dns with Amazon Route53. I also made a Python REST API.…
read more...Encrypting Files using an RSA Public Key
on
This posts looks at how to encrypt files with RSA using the OpenSSL command. It also shows how RSA public keys can be retrieved from SSH and TLS servers…
read more...Lets Encrypt HTTP-01 using Amazon S3
on
How to obtain Let's Encrypt certificates via an S3 bucket with optional Cloudflare origin-host configuration…
read more...Reverse Port Forwarding with Bash
on
I had wondered for a while how SSH reverse port forwarding works. RPF allows you to publish any reachable port upstream to a server. This allows you to act as a server without having to open any external ports.…
read more...Using S3 for temporary storage
on
I often use S3 for ad-hoc storage. This post will look at configuring auto-deletion of objects, as well as generating temporary public URLs…
read more...Dnsmasq Cheat Sheet
on
Comprehensive documentation of all of the options for the dnsmasq DNS/DHCP server, with practical examples…
read more...Self Hosted DNS using NSD
on
In this tutorial, I'll be setting up a pair of authoritative DNS servers using the NSD DNS server daemon.…
read more...Script to detect firewall misconfiguration
on
This script will detect if SSH has inadvertently been exposed to the outside world.…
read more...OpenWRT/LEDE Bridging Firewall
on
It would be neat if my wireless access point could bridge directly to my cable modem so that clients would have proper public IP addresses. Being directly connected to the internet significantly increases vulnerability so the aim is to address this with a bridge firewall.…
read more...Cloud based Two Factor Authentication with gpg+s3
on
This is an experimental script I made to store encrypted TFA credentials in the cloud. It uses GPG to protect the the uploaded data. The tokens can be accessed anywhere on anything that has access to the GPG key.…
read more...Bash port scanner
on
The script, using only Bash, will scan common ports, and if an open port is found, it will display a base64 encoded output of the servers response.…
read more...Reactive malware blocking with ipset
on
This tutorial will demonstrate how to create reactive firewall rules. If a device attempts to communicate with known malware command-and-control servers, the potentially compromised device will be added to a blacklist, and its internet access will be immediately disabled.…
read more...