Tag: Linux
-
Installing WordPress on Docker Behind an Nginx Reverse Proxy
That title is quite the mouthful but it has to be as this particular set up has a couple of gotchas in it. I assume that you have Docker installed and that the firewall is correctly configured as detailed in this earlier guide. I can’t stress enough, you have to have proved that the firewall…
-
Setting up an Nginx Reverse Proxy with Certbot Under Docker
I’m assuming you have the containers you want to reverse proxy to already set up and running correctly. Initial Setup Create a directory and file structure like the one shown below. The certbot directory is shared between nginx and certbot. It’s where certbot creates the certificate files and where nginx reads them from. You will…
-
Installing Docker on Debian with nftables
I’m going to assume you have a working and secured Debian install, I’ll be starting from where this article ended. The big issue that we’ll face with setup is getting Docker to work with nftables. Actually, I’m not even going to try and get them to work together I’m just going to configure nftables myself.…
-
How to Configure SSH
Coming into this article I’m expecting you to have a a machine with SSH access authenticated using passwords. Disable Root Login Via SSH To disable root login you’ll need to open the SSH config file and make a small change. Shelled into the machine open the SSH config file: Scroll down until you find a…
-
Installing and Configuring Fail2Ban
Fail2Ban is a service that scans log files for event such as failed login attempts and then updates firewall rules to ban connections from that address. This doesn’t solve problems with weak authentication but it does greatly slow down the rate of attacks. Fail2Ban is a must have if you run an accessible SSH server.…
-
Installing and Configuring nftables on Debian
Introduction Firewalling in Linux is, by necessity, a complex topic. There’s just no easy way around the problem, the firewall has a lot of moving parts and requires a lot of configuration options. To complicate matters further the Linux ecosystem is undergoing something of a change. The older iptables system is being replaced with nftables…
-
Configuring Sudo
Sudo is almost perfectly configured out of the box but the one thing I find a little irritating is the short default timeout for the session. I’m not against having a timeout but I’m the only person that has physical access to my machine and if some has gained remote access and has set up…
-
Monitor what is Happening With Sudo
Just a very quick note to show how you can monitor what is happening with the sudo command by running: If you run this command without the sudo prefix you will only get a list of your own sudo commands. Any attempt to use sudo by a user that doesn’t have sudo privileges will be…
-
Setting up a New Debian Server
I recently got a new server and I realized I don’t have a comprehansive guide for setting a machine up from scratch. This guide is particularly useful for setting up something like a VPS where you only have SSH access, it assumes you have installed a bare bones headless version of Debian and have root…
-
Making Google Drive work on Debian with Rclone
In an earlier article on setting up KDE Neon I mentioned that I was going to use KIO-Gdrive to access my Google Drive though Dolphin. That was a total failure due to a bug with the way KIO-Gdrive handles the token needed for access – it seems to forget the token every few operations. Digging…
-
Debian System Management
In an ideal world all the software I use would be installed from the Debian repositories and it’d be a single click to keep it all up to date. In reality it’s not that simple. The built in package manager does a pretty good job but there are pieces of software that can’t be installed…
-
Replacing a drive in a ZFS array
I have a ZFS RAIDZ2 array in my main server and recently it suffered a drive failure. Naturally I was woefully under prepared for this occurrence so I rushed out and bought a replacement drive and got cracking with learning how to safely replace the drive. Background If you don’t already have one you need…