Migrating from vSphere to KVM

2020-04-20 | #kvm #networking #vmware

I recently acquired a new server to upgrade my aging HP Gen6 boxes. Since I was consolidating down from 2 to 1 host (but going up to 32 logical threads and 384GB memory), I figured the “HA” portion of VMware/vSphere/vCenter (I’ve entirely forgotten to mind my spheres & centers!) was less necessary. I could have switch to Proxmox, but where’s the challenge in that!? Instead, I switched to plain Ubuntu 20.

Continue reading 

Configuring LDAP auth for Traefik (and more!)

2020-02-17 | #ldap #nginx #traefik

As it stands now, my setup for web-accessible Docker-hosted sites is a bit convoluted. Traffic from the gateway flows into a bastion host in my DMZ. This is a tiny box running Nginx acting as a reverse proxy. There’s a hole in the firewall poked in from this bastion host to the Docker host running on my internal network. Traefik runs in Docker and provides SSL termination among other things.

Continue reading 

LetsEncrypt wildcard + Ansible

2018-07-09 | #ansible #letsencrypt #security

When LetsEncrypt announced the availability of wildcard certs, I knew I wanted in. In my homelab, in order to get SSL up and running, I’d been running Caddy, since it automagically gets a cert by doing DNS validation. However, that’s an extra step that can complicate things. With a wildcard cert, I can even put SSL places I couldn’t previously - such as my router and my FreeNAS box. How To Do Obtaining a wildcard cert Due to popular demand, I’ll provide some basic steps to get your wildcart cert.

Continue reading 

Running Caddy as a daemon on Ubuntu

2017-11-18 | #linux

These instructions work for me on Ubuntu 16.04.3. YMMV. First, install Caddy by running curl https://getcaddy.com | bash -s personal hook.service,http.realip,tls.dns.cloudflare. If you don’t trust them (and you shouldn’t!), wget the script first and inspect it before running. Next, add a user for Caddy: useradd -r -s /usr/sbin/nologin caddy. Then, add a place to store config: mkdir /etc/caddy && chown caddy:caddy /etc/caddy. Finally, give Caddy a logfile: touch /var/log/caddy.log && chown caddy:caddy /var/log/caddy.

Continue reading 

Fixing Proxmox cluster disconnects

2017-06-05 | #proxmox

I have a cluster of 3 hosts running Proxmox as a virtualization platform. They provide a total of 28 vCPUs, 72GB of memory, and ~10TB usable storage. I went with Proxmox because I have a mix of CPU types in these boxes (1x Intel C2750, 1x Xeon E5649, 1x FX-8350), and KVM supports migration between Intel and AMD procs. Pretty much ever since setting this cluster up, I noticed that the hosts would disconnect from each other according to the web interface, but the hosts and any VMs on them would remain accessible otherwise.

Continue reading 

Dockerizing a web host

2017-03-03 | #docker

Intro I maintain a web server for this blog and a few other things (my portfolio, for example). I had a pretty decent setup going, whereby nginx would serve all incoming requests. Sites like my portfolio (which is a Jekyll static site) are served straight-up by nginx, whereas sites like this blog (which runs on Ghost) are proxy-passed to the correct process. I even had a pretty nice reusable snippet for setting up SSL using Let’s Encrypt certs.

Continue reading 

Ansible for fun and profit!

2016-10-08 | #ansible

Let’s face it, maintaining your awesome homelab is exhausting! All those hosts, logins, configurations…blech! It’s enough to make anybody’s head spin. I fully understand why companies and people who do this because they must use configuration management…why can’t we do the same? We can! After poking around the various options (Salt, Puppet, Chef…), I settled on Ansible. Why Ansible? It’s pretty lightweight It’s open source, written in Python, and maintained by Red Hat.

Continue reading 