Simple Scalable Privacy: Unleashing OpenWRT, Pi-hole, Unbound, & Bind9
(forthcoming)
Category: sysadmin
Tolerating Cockpit on Debian
//cockpit// IntroductionThis tutorial covers how to set up Cockpit on Debian. The approach here assumes that Cockpit will be installed on bare metal being used in production, with only ssh exposed. This tutorial assumes you already have a sufficiently hardened and provisioned VPS/VM w/ a LAMP stack and some associated A/AAAA records ready to go.…
Creating a Production Pixelfed Instance
//pix3lfed// Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:pix3lfed [Update: After initially getting approved for Discovery, I then received no response back from the Pixelfed dev team, so pulled the instance down for now. Without Discovery, no one can use the phone app, which renders it pointless. If I receive word back, happy to spin it back up and restart…
Authoritative DNS w/ Bind 9
//bind9dns// Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:bind9dns Introduction This tutorial is for users of Debian GNU/Linux to set up an authoritative DNS server using bind9. An authoritative DNS server serves DNS records about other hosts … that is, you use an authoritative server to serve domain.com’s A, AAAA, DMARC, SPF, etc., records. These records can then be queried…
Monitoring Hard Drives on Production Hosts
Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:monitorvitals This tutorial is Debian GNU/Linux users wanting to regularly monitor the temperature and SMART health of their hard drives, as well as a slew of helpful zfs reports. Any production server I build includes these scripts and techniques. I set the vitals script to send me an email each hour, with the…
Managing AI Bots+ w/ Apache MPM, FPM, & Fail2Ban
//managingbots// Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:managingbots This tutorial is designed for Debian OS and LAMP stack users that want to track and or prohibit bot scraping (or other url requests) that might harm server performance and/or cause it to fail. In my case, I have a multi-site WordPress that includes my tech blog, poetry, and teaching blog.…
Perfecting the Self-Hosted Email Server
//mailserver////roundcube// Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:roundcube Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:mailserver It’s been 5 years since I switched full time to my own email server. When I first built it, I was overtaken by the enormity of migrating all the emails, creating all the new accounts, and building two more servers for the other two domains I used for…
Leveraging Dedicated Hosting by Pebble Host
//backupnode// Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:backupnode As I discussed in the last post, the sudden server failure and/or link failure that happened a month ago were a source of concern for me. After all, in addition to having my own infra there and that of my clients, I also volunteer and host floss instances of the PubGLUG…
Virtualization stack growing pains and PeerTube Hype!
//peertube// Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:peertube As part of the Haack’s Networking business, I run a virtualization stack on a Supermicro 6028U-TRTP+ Dual 8-core Xeon E5-2650 2.2Ghz, with 384GB RAM, which has 576 virtual CPUs to allocate, or 24*12*2, which is threads *cores*sockets. This host uses Debian and virsh+qemu and a collection of bash scripts to manage…
Setting up a Self-Hosted RustDesk Instance
//rustdesk// Latest Updates: https://wiki.haacksnetworking.org/doku.php?id=computing:rustdesk This tutorial is for users of Debian GNU/Linux who want to setup a self-hosted RustDesk instance. This tutorial is designed for a public facing instance/domain which uses an apache2 reverse proxy to serve TLS requests back to the gohttp server listening on port 8000. TLS certs are handled by Let’s Encrypt…