Blog

  • Standing up a Wireguard VPN

    VPN’s have traditionally been slow, complex and hard to set up and configure. That all changed several years ago when Wireguard was officially merged into the mainline Linux kernel (src). I won’t go over all the reasons for why you should want to use Wireguard in this article, instead I will be focusing on just…

    Read More

  • Hardening your web server by only allowing traffic from Cloudflare

    Harden your origin server by only allowing access from Cloudflare IP addresses.

    Read More

  • Debugging running Nginx config

    I was recently working on project where a client had cPanel/WHM with Nginx and Apache. They had a large number of sites managed by Nginx with a large number of includes. I created a custom config to override a location block and needed to be certain that my changes where actually being picked up. Anytime…

    Read More

  • Fun with bots – SSH tarpitting

    For those of you who aren’t familiar with the concept of a network tarpit it is a fairly simple concept. Wikipedia defines it like this: A tarpit is a service on a computer system (usually a server) that purposely delays incoming connections. The technique was developed as a defense against a computer worm, and the idea is that network abuses such as spamming or broad…

    Read More

  • Traefik 3.0 service discovery in Docker Swarm mode

    I recently decided to set up a Docker swarm cluster for a project I was working on. If you aren’t familiar with Swarm mode, it is similar in some ways to k8s but with much less complexity and it is built into Docker. If you are looking for a fairly straightforward way to deploy containers…

    Read More

  • Stop all running containers with Docker

    These are some handy snippets I use on a regular basis when managing containers. I have one server in particular that can sometimes end up with 50 to 100 orphaned containers for various reasons. The easiest/quickest way to stop all of them is to do something like this: Let me break this down in case…

    Read More

  • Automating CI/CD with TeamCity and Ansible

    In part one of this series we are going to explore a CI/CD option you may not be familiar with but should definitely be on your radar. I used Jetbrains TeamCity for several months at my last company and really enjoyed my time with it. A couple of the things I like most about it…

    Read More

  • Self hosted package registries with Gitea

    I am a big proponent of open source technologies. I have been using Gitea for a couple years now in my homelab. A few years ago I moved most of my code off of Github and onto my self hosted instance. I recently came across a really handy feature that I didn’t know Gitea had…

    Read More

  • Traefik with Let’s Encrypt and Cloudflare (pt 2)

    In this article we are gonna get into setting up Traefik to request dynamic certs from Lets Encrypt. I had a few issues getting this up and running and the documentation is a little fuzzy. In my case I decided to go with the DNS challenge route. Really the only reason I went with this…

    Read More

  • Traefik with Let’s Encrypt and Cloudflare (pt 1)

    Recently I decided to rebuild one of my homelab servers. Previously I was using Nginx as my reverse proxy but I decided to switch to Traefik since I have been using it professionally for some time now. One of the reasons I like Traefik is that it is stupid simple to set up certificates and…

    Read More