networking Setting up TOR and Hosting a Hidden Service This tutorial will show you how to set up TOR as a daemon and host hidden services. Hidden services are only available on the TOR darknet'and allow you to host services without revealing
cloud Customizing Digitalocean Floating IPs Digitalocean allows, for free, the option to add an additional IP address to your virtual machine ("droplet"). These floating IPs are similiar to Amazon AWS Elastic IPs and are tied to
docker Migrating Nginx to a Docker Container This is a write-up of how I migrated my Nginx web server from running as a standard service to running inside a Docker container. We will also see how to customize logging and
web security Everything to do with TLS Today we will learn about hardening SSL/TLS (HTTPS) and will use Qualys SSL labs to evaluate performance and compliance. This configuration gives etherarp.net an A+ rating on SSL Labs. Nginx Configuration
dns Running your own DNS with Unbound (and block ads) Today we will learn how to create your own recursive DNS server using Unbound. This will improve performance through caching. We will also look at ad-blocking.
networking Routeable Loopback Addresses Today we will learn about loopback addresses that can be reached from the outside via routing. This is useful for running services on a router In a previous post, I talked about the
iptables Block all traffic from your neighbours using iptables This tutorial creates rules to limit traffic (both ingress/egress) only to gateway. This prevents traffic from other patrons reaching you when using public wifi
iptables Using Ferm to sweeten IPTables Ferm is a 'frontend' for iptables written in Perl. The best way to describe it is a firewall compiler (although it can do more than that, as we'll see later). Ferm provides a syntax that is simple, rich, and flexible for writing rules, ferm then generates a list of iptables rules.
docker Upgrading Ghost 0.11 to 1.17 in Docker We saw in a previous post how we can Docker stores the stateful/persistent data for containers in volumes. This makes migrating between Ghost instances very easy. However when upgrading from 0.11
linux security Comprehensive OpenVPN Tutorial In this tutorial, we will look at managing an openvpn server and certificate authority and will provide a detailed breakdown of the configuration options Table of contents Setting up a CA Build the
tls Secure SSL configuration for Nginx Here is a handy snippet for configuring a hardened SSL/TLS on Nginx. It receives a A+ rating when tested at Qualys. A later post will discuss the configuration options in detail, what
docker Migrating a Ghost Blog using Docker Volumes Today we will learn how Docker volumes work and use it to synchronize the contents of this website between the remote server hosting the production and the local workstation (for modifying) In a
linux security Writing a port scanner in Bash shell This isn't actually particularly useful but it nicely illustrates an interesting feature of Bash, the /dev/tcp device file. As an extreme example of the "everything is a file" philosophy of
firewall Rate-limiting logging on the Ubiquiti EdgeRouter Lite The Ubiquti Edgerouter Lite has an iptables based firewall. For each firewall rule (and named set of ules) there is a is an option to enable LOG. Unsolicited traffic to tcp ports, especially
tls Securing services with stunnel Stunnel is a tool that allows you to easily add Transport layer security (TLS) to existing TCP services. TLS allows us tosecure the connection against encryption and modification in transit, and optionally, use
networking There's more to localhost than 127.0.0.1 The loopback interface is most familiarly encountered as 127.0.0.1 and is referred to as the local loopback address. This address is present on every IPv4 host and is given the
sms gateway Script to send a SMS when IP changes So this is one application of the SMS gateway. My home internet gets its address via DHCP, however, unless something goes wrong, the addresses are usually reasonably persistent (generally at least 10 days)
linux Using the ss command to view active and established connections The command known as ss which stands for socket statistics. It is used for listing listening and established connections and to find out which processes and users are associated with them. Finding all
linux Pretty printing terminal output into JSON/CSV There is a command called column which allows you to format the lines produced by a command into symmetrical rows/columns, which can then be easily converted into CSV or JSON. This will
docker Docker Firewalling - Unpublishing a port Intro I have a Docker container that has a port unconditionally published (e.g. -p 2368:2368). I've changed my mind and decided I don't want this port exposed to the entire internet;
tls TLS Client Authentication with Certificates (nginx + easyrsa) Today we will learn how to set up Nginx so that clients have to authenticate using certs. This provides additional security above basic password authentication.
security Replacing Google Authenticator with oathtool and gpg I've thought it would be cool to have Two Factor Authentication operating on the command line, perhaps in some isolated container, rather than having it in a phone which can easily be lost
docker Getting Started with Docker using Cockpit (Fedora 26) Introduction For ages, I've been wanting to get into Docker, especially how it's now the next big thing. In this tutorial, we will see how Docker works, it's basic commands, what you can
security sshuttle - a VPN for the lazy sshuttle is a Python based script that allows you to tunnel connections through SSH in a far more efficient way then traditional ssh proxying. By far the greatest perk of sshuttle is that
iptables My IPTables Configuration Script I've talked quite a lot about iptables but haven't really shown how I actually put it into practice. Today I'll share a shell script I wrote to set up IPTables on my Fedora