Anatomy of a Phishing Email

2020-10-27 | #infosec #malware #reversing

Intro We all get spam. Most of it is devoured by our mail providers’ spam catcher, and we never see it. Every now and then, one slips through the cracks. In this case, I received an email earlier this week with a subject of “Re: Notification your test results COVID-19 [ note-7893 ]”. Classic, making me think it’s in reply to one of my email…that I sent about their test results?

Continue reading 

Configuring multiple routers & services with Traefik

2020-06-28 | #docker #traefik

Quick note on configuring a single Docker container that needs to expose multiple ports using Traefik. For this example, I’m using Ubooquity as it uses a separate port for admin that I wanted to just route on the same domain. version: "3.7" services: ubooquity: image: linuxserver/ubooquity container_name: ubooquity environment: - PUID=1000 - PGID=1000 - TZ=America/Chicago - MAXMEM=1024 # MB labels: - traefik.http.routers.ubooquity.rule=Host(``) - traefik.http.routers.ubooquity.service=ubooquity - - - traefik.http.routers.ubooquity.tls=true - traefik.

Continue reading 

Running certbot behind nginx

2020-04-27 | #letsencrypt #nginx

I’ve talked about my bizarre double-reverse-proxy approach before. Today I ran into an issue getting a real letsencrypt cert on a backend host. I just wanted to share the config – this goes on the frontend nginx host. Assuming you’re using the certbot-nginx plugin, no special config is needed on the backend. rewrite ^(/.well-known/acme-challenge/.*) $1 break; location ^~ /.well-known/acme-challenge { proxy_pass http://backend-host; } This will get around the sane default http -> https redirects you’ve probbaly set up.

Continue reading 

Migrating from vSphere to KVM

2020-04-20 | #kvm #networking #vmware

I recently acquired a new server to upgrade my aging HP Gen6 boxes. Since I was consolidating down from 2 to 1 host (but going up to 32 logical threads and 384GB memory), I figured the “HA” portion of VMware/vSphere/vCenter (I’ve entirely forgotten to mind my spheres & centers!) was less necessary. I could have switch to Proxmox, but where’s the challenge in that!? Instead, I switched to plain Ubuntu 20.

Continue reading 

Configuring LDAP auth for Traefik (and more!)

2020-02-17 | #ldap #nginx #traefik

As it stands now, my setup for web-accessible Docker-hosted sites is a bit convoluted. Traffic from the gateway flows into a bastion host in my DMZ. This is a tiny box running Nginx acting as a reverse proxy. There’s a hole in the firewall poked in from this bastion host to the Docker host running on my internal network. Traefik runs in Docker and provides SSL termination among other things.

Continue reading 

LetsEncrypt wildcard + Ansible

2018-07-09 | #ansible #letsencrypt #security

When LetsEncrypt announced the availability of wildcard certs, I knew I wanted in. In my homelab, in order to get SSL up and running, I’d been running Caddy, since it automagically gets a cert by doing DNS validation. However, that’s an extra step that can complicate things. With a wildcard cert, I can even put SSL places I couldn’t previously - such as my router and my FreeNAS box. How To Do Obtaining a wildcard cert Due to popular demand, I’ll provide some basic steps to get your wildcart cert.

Continue reading 

Running Caddy as a daemon on Ubuntu

2017-11-18 | #linux

These instructions work for me on Ubuntu 16.04.3. YMMV. First, install Caddy by running curl | bash -s personal hook.service,http.realip,tls.dns.cloudflare. If you don’t trust them (and you shouldn’t!), wget the script first and inspect it before running. Next, add a user for Caddy: useradd -r -s /usr/sbin/nologin caddy. Then, add a place to store config: mkdir /etc/caddy && chown caddy:caddy /etc/caddy. Finally, give Caddy a logfile: touch /var/log/caddy.log && chown caddy:caddy /var/log/caddy.

Continue reading 

Fixing Proxmox cluster disconnects

2017-06-05 | #proxmox

I have a cluster of 3 hosts running Proxmox as a virtualization platform. They provide a total of 28 vCPUs, 72GB of memory, and ~10TB usable storage. I went with Proxmox because I have a mix of CPU types in these boxes (1x Intel C2750, 1x Xeon E5649, 1x FX-8350), and KVM supports migration between Intel and AMD procs. Pretty much ever since setting this cluster up, I noticed that the hosts would disconnect from each other according to the web interface, but the hosts and any VMs on them would remain accessible otherwise.

Continue reading 

Dockerizing a web host

2017-03-03 | #docker

Intro I maintain a web server for this blog and a few other things (my portfolio, for example). I had a pretty decent setup going, whereby nginx would serve all incoming requests. Sites like my portfolio (which is a Jekyll static site) are served straight-up by nginx, whereas sites like this blog (which runs on Ghost) are proxy-passed to the correct process. I even had a pretty nice reusable snippet for setting up SSL using Let’s Encrypt certs.

Continue reading 

Ansible for fun and profit!

2016-10-08 | #ansible

Let’s face it, maintaining your awesome homelab is exhausting! All those hosts, logins, configurations…blech! It’s enough to make anybody’s head spin. I fully understand why companies and people who do this because they must use configuration management…why can’t we do the same? We can! After poking around the various options (Salt, Puppet, Chef…), I settled on Ansible. Why Ansible? It’s pretty lightweight It’s open source, written in Python, and maintained by Red Hat.

Continue reading 