2020-04-20 | #kvm #networking #vmware
I recently acquired a new server to upgrade my aging HP Gen6 boxes. Since I was consolidating down from 2 to 1 host (but going up to 32 logical threads and 384GB memory), I figured the “HA” portion of VMware/vSphere/vCenter (I’ve entirely forgotten to mind my spheres & centers!) was less necessary. I could have switch to Proxmox, but where’s the challenge in that!? Instead, I switched to plain Ubuntu 20.
2020-02-17 | #ldap #nginx #traefik
As it stands now, my setup for web-accessible Docker-hosted sites is a bit convoluted. Traffic from the gateway flows into a bastion host in my DMZ. This is a tiny box running Nginx acting as a reverse proxy. There’s a hole in the firewall poked in from this bastion host to the Docker host running on my internal network. Traefik runs in Docker and provides SSL termination among other things.
2018-07-09 | #ansible #letsencrypt #security
When LetsEncrypt announced the availability of wildcard certs, I knew I wanted in. In my homelab, in order to get SSL up and running, I’d been running Caddy, since it automagically gets a cert by doing DNS validation. However, that’s an extra step that can complicate things. With a wildcard cert, I can even put SSL places I couldn’t previously - such as my router and my FreeNAS box. How To Do Obtaining a wildcard cert Due to popular demand, I’ll provide some basic steps to get your wildcart cert.
2017-11-18 | #linux
These instructions work for me on Ubuntu 16.04.3. YMMV. First, install Caddy by running curl https://getcaddy.com | bash -s personal hook.service,http.realip,tls.dns.cloudflare. If you don’t trust them (and you shouldn’t!), wget the script first and inspect it before running. Next, add a user for Caddy: useradd -r -s /usr/sbin/nologin caddy. Then, add a place to store config: mkdir /etc/caddy && chown caddy:caddy /etc/caddy. Finally, give Caddy a logfile: touch /var/log/caddy.log && chown caddy:caddy /var/log/caddy.
2017-06-05 | #proxmox
I have a cluster of 3 hosts running Proxmox as a virtualization platform. They provide a total of 28 vCPUs, 72GB of memory, and ~10TB usable storage. I went with Proxmox because I have a mix of CPU types in these boxes (1x Intel C2750, 1x Xeon E5649, 1x FX-8350), and KVM supports migration between Intel and AMD procs. Pretty much ever since setting this cluster up, I noticed that the hosts would disconnect from each other according to the web interface, but the hosts and any VMs on them would remain accessible otherwise.
2017-03-03 | #docker
Intro I maintain a web server for this blog and a few other things (my portfolio, for example). I had a pretty decent setup going, whereby nginx would serve all incoming requests. Sites like my portfolio (which is a Jekyll static site) are served straight-up by nginx, whereas sites like this blog (which runs on Ghost) are proxy-passed to the correct process. I even had a pretty nice reusable snippet for setting up SSL using Let’s Encrypt certs.
2016-10-08 | #ansible
Let’s face it, maintaining your awesome homelab is exhausting! All those hosts, logins, configurations…blech! It’s enough to make anybody’s head spin. I fully understand why companies and people who do this because they must use configuration management…why can’t we do the same? We can! After poking around the various options (Salt, Puppet, Chef…), I settled on Ansible. Why Ansible? It’s pretty lightweight It’s open source, written in Python, and maintained by Red Hat.
