jamon.ca

22 January 2022

And We're Back

It has been a few years since I published something here. I’ve got a few ideas for things to write about: Kubernetes has happened in a big way since 2016, so that’s something. I passed the CKA exam recently, so hopefully I can write some meaningful articles about what I have learned while building and running K8s clusters for clients and employers. I’ve learned (some) Golang. I wouldn’t call myself an expert, but I’ve got a decent handle on things like goroutines with the sync package etc.

26 March 2016

Make your hubot coffee scripts into reusable standalone programs

In part 1 of this 2 part series on making your module.exports reusable as standalone programs in JavaScript/CoffeeScript, I explained that this pattern allows for flexible reuse of a function like main:

var main = function(args) {
  console.log(args)
}

module.exports = main

if (module.parent === null) {
  main(process.argv)
}

In this article, I’ll show how to make a hubot script that wraps the dig command into a reusable standalone program. Assuming you’re using Linux, OSX, or another BSD and you have dig installed, let’s get started.

19 March 2016

Make your Node.js module.exports more reusable as a standalone program

Likely we’ve all written something that is structurally like this when writing helper functions in JavaScript & CoffeeScript (I’ll be using JavaScript syntax in this article, but the principle is the same in CoffeeScript):

module.exports = function(args) {
  //something something here
}

And you’re all set to reuse your something something here anonymous functionalty elsewhere in your application’s codebase.

Introduction An Apache AH00526: Syntax error message occurs when there is a typo or misconfigured setting somewhere in your Apache configuration files. It is a generic error that can be indicative of a number of underlying problems. The error can be detected using apachectl configtest before an invalid configuration is loaded. It can also be found using the systemctl and journalctl commands. In the latter two cases, Apache will be unable to run because of the error.

Introduction An Apache AH00558: Could not reliably determine the server's fully qualified domain name message is generated when Apache is not configured with a global ServerName directive. The message is mainly for informational purposes, and an AH00558 error will not prevent Apache from running correctly. In this tutorial you will learn how to detect an AH00558 message using the methods described in the How to Troubleshoot Common Apache Errors tutorial at the beginning of this series.

Introduction Apache generates an AH02572: Failed to configure at least one certificate and key error message when it is configured to use the ssl module, but is missing a TLS/SSL public certificate and corresponding private key. The error will prevent Apache from starting up, and the error message itself will be found in Apache’s logs. In this tutorial you will learn how to troubleshoot an AH02572 error using the methods described in the How to Troubleshoot Common Apache Errors tutorial at the beginning of this series.

Introduction An Apache AH00072: make_sock: could not bind to address error message is generated when there is another process listening on the same port that Apache is configured to use. Typically the port will be the standard port 80 for HTTP connections, or port 443 for HTTPS connections. However, any port conflict with another process can cause an AH00072 error. The error is derived from the underlying operating system system’s network stack.

[label Download the Complete eBook!] Kubernetes for Full-Stack Developers eBook in EPUB format Kubernetes for Full-Stack Developers eBook in PDF format Introduction to the eBook This book is designed to help newcomers and experienced users alike learn about Kubernetes. Its chapters are designed to introduce core Kubernetes concepts and to build on them to a level where running an application on a production cluster is a familiar, repeatable, and automated process.

Introduction An HAProxy cannot bind socket error message is generated when there is another process listening on the same interface and TCP port combination that HAProxy is configured to use, or when HAProxy attempts to use an IP address that is not assigned to a network interface. Both error conditions derive from the underlying operating system’s network stack. In the first case, when there is another process that is already using an interface and port that HAProxy is attempting to bind to, the underlying error on Linux is EADDRINUSE.

Introduction In this tutorial you will learn how to troubleshoot and fix an HAProxy Setting tune.ssl.default-dh-param to 1024 by default warning message using the methods described in the How to Troubleshoot Common HAProxy Errors tutorial at the beginning of this series. One you confirm that your server is generating the warning message, you will learn how to fix it by setting HAProxy’s ssl-dh-param-file configuration option to use a custom dhparams.pem file.

Introduction Adding and removing users on a Linux system is one of the most important system administration tasks to familiarize yourself with. When you create a new system, you are often only given access to the root account by default. While running as the root user gives you complete control over a system and its users, it is also dangerous and possibly destructive. For common system administration tasks, it’s a better idea to add an unprivileged user and carry out those tasks without root privileges.

Introduction Adding and removing users on a Linux system is one of the most important system administration tasks to familiarize yourself with. When you create a new system, you are often only given access to the root account by default. While running as the root user gives you complete control over a system and its users, it is also dangerous and possibly destructive. For common system administration tasks, it’s a better idea to add an unprivileged user and carry out those tasks without root privileges.

Introduction Velero is a convenient backup tool for Kubernetes clusters that compresses and backs up Kubernetes objects to object storage. It also takes snapshots of your cluster’s Persistent Volumes using your cloud provider’s block storage snapshot features, and can then restore your cluster’s objects and Persistent Volumes to a previous state. The DigitalOcean Velero Plugin allows you to use DigitalOcean block storage to snapshot your Persistent Volumes, and Spaces to back up your Kubernetes objects.

Introduction The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore how to integrate Suricata with Elasticsearch, Kibana, and Filebeat to begin creating your own Security Information and Event Management (SIEM) tool using the Elastic stack and CentOS 8 Stream.

Introduction The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore how to integrate Suricata with Elasticsearch, Kibana, and Filebeat to begin creating your own Security Information and Event Management (SIEM) tool using the Elastic stack and Debian 11.

Introduction The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore how to integrate Suricata with Elasticsearch, Kibana, and Filebeat to begin creating your own Security Information and Event Management (SIEM) tool using the Elastic stack and Rocky Linux 8.

Introduction The previous tutorials in this series guided you through installing, configuring, and running Suricata as an Intrusion Detection (IDS) and Intrusion Prevention (IPS) system. You also learned about Suricata rules and how to create your own. In this tutorial you will explore how to integrate Suricata with Elasticsearch, Kibana, and Filebeat to begin creating your own Security Information and Event Management (SIEM) tool using the Elastic stack and Ubuntu 20.

[label Download the Complete eBook!] How To Code in Go eBook in EPUB format How To Code in Go eBook in PDF format Introduction to the eBook This book is designed to introduce you to writing programs with the Go programming language. You’ll learn how to write useful tools and applications that can run on remote servers, or local Windows, macOS, and Linux systems for development. This book is based on the How To Code in Go tutorial series found on DigitalOcean Community.

Introduction DNS, or the Domain Name System, is often a difficult component to get right when learning how to configure websites and servers. While most people will probably choose to use the DNS servers provided by their hosting company or their domain registrar, there are some advantages to creating your own DNS servers. In this guide, we will discuss how to install and configure the Bind9 DNS server as authoritative-only DNS servers on Ubuntu 14.

Introduction HAProxy, which stands for High Availability Proxy, is a widely used TCP and HTTP-based proxy server that runs on Linux, Solaris, and FreeBSD. It is used to load balance applications by distributing requests between multiple servers, and to ensure that applications are highly available for users. By default on many CentOS 8 installations, HAProxy is not configured to write its log output to a file. This quickstart tutorial will explain how to configure HAProxy logging with Rsyslog by using a Unix domain socket for reliability, speed, and security.

Introduction HAProxy, which stands for High Availability Proxy, is a widely used TCP and HTTP-based proxy server that runs on Linux, Solaris, and FreeBSD. It is used to load balance applications by distributing requests between multiple servers, and to ensure that applications are highly available for users. By default on many Rocky Linux 8 installations, HAProxy is not configured to write its log output to a file. This quickstart tutorial will explain how to configure HAProxy logging with Rsyslog by using a Unix domain socket for reliability, speed, and security.

Introduction By default, Jenkins comes with its own built-in Winstone web server listening on port 8080, which is convenient for getting started. It’s also a good idea, however, to secure Jenkins with SSL to protect passwords and sensitive data transmitted through the web interface. In this tutorial, you will configure Nginx as a reverse proxy to direct client requests to Jenkins. Prerequisites To begin, you’ll need the following: One Ubuntu 22.

Introduction When managing a server, you’ll sometimes want to allow users to execute commands as “root,” the administrator-level user. The sudo command provides system administrators with a way to grant administrator privileges — ordinarily only available to the root user — to normal users. In this tutorial, you’ll learn how to create a new user with sudo access on Ubuntu 22.04 without having to modify your server’s /etc/sudoers file. <$>[note] Note: If you want to configure sudo for an existing user, skip to step 3.

Introduction TLS, or “transport layer security” — and its predecessor SSL — are protocols used to wrap normal traffic in a protected, encrypted wrapper. Using this technology, servers can safely send information to their clients without their messages being intercepted or read by an outside party. In this guide, you will create and use a self-signed TLS certificate with the Apache web server on Ubuntu 22.04. You’ll use the openssl command line tool to create the certificate, and then you will configure Apache to use it.

Introduction TLS, or transport layer security, and its predecessor SSL, which stands for secure sockets layer, are web protocols used to protect and encrypt traffic over a computer network. With TLS/SSL, servers can send traffic safely between the server and clients without the possibility of the messages being intercepted by outside parties. The certificate system also assists users in verifying the identity of the sites that they are connecting with.

Introduction The previous tutorials in this series guided you through how to install and configure Suricata. They also explained how to use Filebeat to send alerts from your Suricata server to an Elastic Stack server, to be used with its built-in Security Information and Event Management (SIEM) functionality. In this final tutorial in the series, you will create custom Kibana rules and generate alerts within Kibana’s SIEM dashboards. Once you have rules in place and understand where and how to filter Suricata’s logs using Kibana, you’ll explore how to create and manage cases using Kibana’s timeline analysis tools.

A previous version of this tutorial was written by Jamie Scaife. Introduction Linux servers are often administered remotely using SSH by connecting to an OpenSSH server, which is the default SSH server software used within Ubuntu, Debian, CentOS, FreeBSD, and most other Linux/BSD-based systems. Significant effort is put into securing the server-side aspect of SSH, as SSH acts as the entry into your server. However, it is also important to consider security on the client-side, such as OpenSSH client.

A previous version of this tutorial was written by Jamie Scaife. Introduction Linux servers are often administered remotely using SSH by connecting to an OpenSSH server, which is the default SSH server software used within Ubuntu, Debian, CentOS, FreeBSD, and most other Linux/BSD-based systems. OpenSSH server is the server side of SSH, also known as SSH daemon or sshd. You can connect to an OpenSSH server using the OpenSSH client, specifically by running the ssh command.

Introduction Configuration management systems are designed to streamline the process of controlling large numbers of servers, for administrators and operations teams. They allow you to control many different systems in an automated way from one central location. While there are many popular configuration management tools available for Linux systems, such as Chef and Puppet, these are often more complex than many people want or need. Ansible is a great alternative to these options because it offers an architecture that doesn’t require special software to be installed on nodes, using SSH to execute the automation tasks and YAML files to define provisioning details.

Introduction Laravel is an open-source PHP framework that provides a set of tools and resources to build modern PHP applications. With a complete ecosystem leveraging its built-in features, Laravel’s popularity has grown rapidly in the past few years, with many developers adopting it as their framework of choice for a streamlined development process. In this guide, you’ll install and configure a new Laravel application on an Ubuntu 22.04 server, using Composer to download and manage the framework dependencies and Nginx to serve the application.

Introduction Neo4j is a graph database that records relationships between data nodes, whereas traditional relational databases use rows and columns to store and structure data. Since each node stores references to all the other nodes that it is connected to, Neo4j can encode and query complex relationships with minimal overhead. Prerequisites To follow this tutorial, you will need the following: One Ubuntu 20.04 server set up by following the Ubuntu 20.

Introduction Neo4j is a graph database that records relationships between data nodes, whereas traditional relational databases use rows and columns to store and structure data. Since each node stores references to all the other nodes that it is connected to, Neo4j can encode and query complex relationships with minimal overhead. Prerequisites To follow this tutorial, you will need the following: One Ubuntu 22.04 server set up by following the Ubuntu 22.

Introduction Postfix is a popular open-source Mail Transfer Agent (MTA) that can be used to route and deliver email on a Linux system. It is estimated that around 25% of public mail servers on the internet run Postfix. In this guide, you’ll learn how to install and configure Postfix on an Ubuntu 22.04 server. Then, you’ll test that Postfix is able to correctly route mail by installing s-nail, a Mail User Agent (MUA), also known as an email client.

Introduction Virtual Network Computing, or VNC, is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes managing files, software, and settings on a remote server easier for users who are not yet comfortable with the command line. In this guide, you’ll set up a VNC server with TightVNC on an Ubuntu 22.04 server and connect to it securely through an SSH tunnel.

A previous version of this tutorial was written by Kathleen Juell. Introduction Memory object caching systems like Memcached can optimize backend database performance by temporarily storing information in memory, retaining frequently or recently requested records. In this way, they reduce the number of direct requests to your databases. In this guide, you will learn how to install and configure a Memcached server. You’ll also learn how to add authentication to secure Memcached using Simple Authentication and Security Layer (SASL).

A previous version of this tutorial was written by Kathleen Juell. Introduction Memory object caching systems like Memcached can optimize backend database performance by temporarily storing information in memory, retaining frequently or recently requested records. In this way, they reduce the number of direct requests to your databases. In this guide, you will learn how to install and configure a Memcached server. You’ll also learn how to add authentication to secure Memcached using Simple Authentication and Security Layer (SASL).

Introduction Memory object caching systems like Memcached can optimize backend database performance by temporarily storing information in memory, retaining frequently or recently requested records. In this way, they reduce the number of direct requests to your databases. In this guide, you will learn how to install and configure a Memcached server. You’ll also learn how to add authentication to secure Memcached using Simple Authentication and Security Layer (SASL). Finally, you’ll learn how to bind Memcached to a local or private network interface to ensure that it is only accessible on trusted networks, by authenticated users.

Introduction To containerize an application refers to the process of adapting an application and its components in order to be able to run it in lightweight environments known as containers. Such environments are isolated and disposable, and can be leveraged for developing, testing, and deploying applications to production. In this guide, we’ll use Docker Compose to containerize a Laravel application for development. When you’re finished, you’ll have a demo Laravel application running on three separate service containers:

Introduction Composer is a popular dependency management tool for PHP, created mainly to facilitate installation and updates for project dependencies. It will check which other packages a specific project depends on and install them for you, using the appropriate versions according to the project requirements. Composer is also commonly used to bootstrap new projects based on popular PHP frameworks, such as Symfony and Laravel. In this tutorial, you’ll install and get started with Composer on an Ubuntu 22.

Introduction In this quickstart guide, we’ll install Composer on an Ubuntu 22.04 server. For a more detailed version of this tutorial, with more explanations of each step, please refer to How To Install and Use Composer on Ubuntu 22.04. Prerequisites To follow this guide, you’ll need access to an Ubuntu 22.04 server as a sudo user. If you would like to experiment with installing Composer using a terminal in your browser, click the Launch an Interactive Terminal!

Introduction The Elastic Stack — formerly known as the ELK Stack — is a collection of open-source software produced by Elastic which allows you to search, analyze, and visualize logs generated from any source in any format, a practice known as centralized logging. Centralized logging can be useful when attempting to identify problems with your servers or applications as it allows you to search through all of your logs in a single place.

Introduction Go, also known as golang, is a modern, open-source programming language developed by Google. Go tries to make software development safe, fast and approachable to help you build reliable and efficient software. This tutorial will guide you through downloading and installing Go from source, as well as compiling and executing a “Hello, World!” program on a Debian 10 server. Prerequisites To complete this tutorial, you will need access to a Debian 10 server and a non-root user with sudo privileges, as described in Initial Server Setup with Debian 10.

Introduction Jenkins is an open-source automation server that automates the repetitive technical tasks involved in the continuous integration and delivery of software. Jenkins is Java-based, installed from Ubuntu packages or by downloading and running its web application archive (WAR) file — a collection of files that make up a complete web application to run on a server. In this tutorial you will install Jenkins on Ubuntu 22.04, start the development server and create an administrative user to get started exploring Jenkins automation.

Introduction MariaDB is an open-source database management system (DBMS), commonly used as an alternative for the MySQL portion of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack. It’s intended to be a drop-in replacement for MySQL and Debian now only ships with MariaDB packages. If you attempt to install MySQL server-related packages, you’ll receive the compatible MariaDB replacement versions instead. The short version of this installation guide consists of the following three steps:

Introduction MariaDB is an open-source database management system, commonly used as an alternative for the MySQL portion of the popular LAMP (Linux, Apache, MySQL, PHP/Python/Perl) stack. It is intended to be a drop-in replacement for MySQL. In this tutorial, we will explain how to install the latest version of MariaDB on a Rocky Linux 8 server. If you’re wondering about MySQL vs. MariaDB, MariaDB is the preferred package and should work seamlessly in place of MySQL.

Introduction Metabase is a Java-based open-source Business Intelligence (BI) tool. It can connect to a number of different databases and has a question builder tool that can hide the complexity of large SQL queries. In this tutorial you will install Metabase using Docker Compose, then install Nginx to act as a reverse proxy for your Metabase site. Next, you will enable secure HTTPS connections by using Certbot to download and configure a TLS certificate from the Let’s Encrypt Certificate Authority.

Introduction MySQL is an open-source database management system, commonly installed as part of the popular LEMP (Linux, Nginx, MySQL/MariaDB, PHP/Python/Perl) stack. It implements the relational model and Structured Query Language (SQL) to manage and query data. This tutorial explains how to install MySQL version 8 on a Rocky Linux 8 server. Prerequisites To complete this tutorial, you will need a server running Rocky Linux 8. This server should have a non-root user with administrative privileges and a firewall configured with firewalld.

Introduction Odoo is an open-source enterprise resource planning (ERP) tool written in Python. It supports a number of plugins for different kinds of business needs like accounting, payroll, inventory management, and more. In this tutorial you will install Odoo and a PostgreSQL database using Docker Compose, then install Nginx to act as a reverse proxy for your Odoo site. Finally, you will enable secure HTTPS connections by using Certbot to download and configure a TLS certificate from the Let’s Encrypt Certificate Authority.

A previous version of this tutorial was written by alenaholligan. Introduction PHP is a popular server scripting language known for creating dynamic and interactive web pages. Getting up and running with your language of choice is the first step in learning to program. This tutorial will guide you through installing PHP 8.1 on Ubuntu and setting up a local programming environment via the command line. You will also install a dependency manager, Composer, and test your installation by running a script.

A previous version of this tutorial was written by Lisa Tagliaferri. Introduction An open-source programming language, R is widely used for performing data analysis and statistical computing. Supported by the R Foundation for Statistical Computing, it is an increasingly popular and extensible language with an active community. R offers many user-generated packages for specific areas of study, which makes it applicable to many fields. In this tutorial, you will install R and show how to add packages from the official Comprehensive R Archive Network (CRAN).

Introduction Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic when it detects suspicious packets or requests to any number of different services running on a server. By default Suricata works as a passive Intrusion Detection System (IDS) to scan for suspicious traffic on a server or network.

Introduction Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic when it detects suspicious packets or requests to any number of different services running on a server. By default Suricata works as a passive Intrusion Detection System (IDS) to scan for suspicious traffic on a server or network.

Introduction Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic when it detects suspicious packets or requests to any number of different services running on a server. By default Suricata works as a passive Intrusion Detection System (IDS) to scan for suspicious traffic on a server or network.

Introduction Suricata is a Network Security Monitoring (NSM) tool that uses sets of community created and user defined signatures (also referred to as rules) to examine and process network traffic. Suricata can generate log events, trigger alerts, and drop traffic when it detects suspicious packets or requests to any number of different services running on a server. By default Suricata works as a passive Intrusion Detection System (IDS) to scan for suspicious traffic on a server or network.

Introduction Django is a full-featured Python web framework for developing dynamic websites and applications. Using Django, you can quickly create Python web applications and rely on the framework to do a good deal of the heavy lifting. In this guide, you will get Django up and running on an Ubuntu 22.04 server. After installation, you will start a new project to use as the basis for your site. Different Methods There are different ways to install Django, depending upon your needs and how you want to configure your development environment.

Introduction When building modern, stateless applications, containerizing your application’s components is the first step in deploying and scaling on distributed platforms. If you have used Docker Compose in development, you will have modernized and containerized your application by: Extracting necessary configuration information from your code. Offloading your application’s state. Packaging your application for repeated use. You will also have written service definitions that specify how your container images should run.

Introduction In this guide, you will build a Python application using the Flask microframework on Ubuntu 20.04. The bulk of this article will be about how to set up the Gunicorn application server and how to launch the application and configure Nginx to act as a front-end reverse proxy. Prerequisites Before starting this guide, you should have: A server with Ubuntu 20.04 installed and a non-root user with sudo privileges.

A previous version of this tutorial was written by Kathleen Juell. Introduction In this guide, you will build a Python application using the Flask microframework on Ubuntu 22.04. The majority of this tutorial will be about how to set up the Gunicorn application server and how to launch the application and configure Nginx to act as a front-end reverse proxy. Prerequisites Before starting this guide, you should have: A server with Ubuntu 22.

Introduction UFW, or Uncomplicated Firewall, is a simplified firewall management interface that hides the complexity of lower-level packet filtering technologies such as iptables and nftables. If you’re looking to get started securing your network, and you’re not sure which tool to use, UFW may be the right choice for you. This tutorial will show you how to set up a firewall with UFW on Ubuntu 22.04. Prerequisites To follow this tutorial, you will need:

A previous version of this tutorial was written by Justin Ellingwood and Namo Introduction A virtual private network, or VPN, allows you to securely encrypt traffic as it travels through untrusted networks, such as those at the coffee shop, a conference, or an airport. Internet Key Exchange v2, or IKEv2, is a protocol that allows for direct IPSec tunneling between the server and client. In IKEv2 VPN implementations, IPSec provides encryption for the network traffic.

Introduction A virtual private network, or VPN, allows you to securely encrypt traffic as it travels through untrusted networks, such as those at the coffee shop, a conference, or an airport. Internet Key Exchange v2, or IKEv2, is a protocol that allows for direct IPSec tunneling between the server and client. In IKEv2 VPN implementations, IPSec provides encryption for the network traffic. IKEv2 is natively supported on some platforms (OS X 10.

Introduction A Certificate Authority (CA) is an entity responsible for issuing digital certificates to verify identities on the internet. Although public CAs are a popular choice for verifying the identity of websites and other services that are provided to the general public, private CAs are typically used for closed groups and private services. Building a private Certificate Authority will enable you to configure, test, and run programs that require encrypted connections between a client and a server.

Introduction A Certificate Authority (CA) is an entity responsible for issuing digital certificates to verify identities on the internet. Although public CAs are a popular choice for verifying the identity of websites and other services that are provided to the general public, private CAs are typically used for closed groups and private services. Building a private Certificate Authority will enable you to configure, test, and run programs that require encrypted connections between a client and a server.

Introduction A Certificate Authority (CA) is an entity responsible for issuing digital certificates to verify identities on the internet. Although public CAs are a popular choice for verifying the identity of websites and other services that are provided to the general public, private CAs are typically used for closed groups and private services. Building a private Certificate Authority will enable you to configure, test, and run programs that require encrypted connections between a client and a server.

Introduction A Certificate Authority (CA) is an entity responsible for issuing digital certificates to verify identities on the internet. Although public CAs are a popular choice for verifying the identity of websites and other services that are provided to the general public, private CAs are typically used for closed groups and private services. Building a private Certificate Authority will enable you to configure, test, and run programs that require encrypted connections between a client and a server.

Introduction A Virtual Private Network (VPN) allows you to traverse untrusted networks as if you were on a private network. It gives you the freedom to access the internet safely and securely from your smartphone or laptop when connected to an untrusted network, like the WiFi at a hotel or coffee shop. When combined with HTTPS connections, this setup allows you to secure your wireless logins and transactions. You can circumvent geographical restrictions and censorship, and shield your location and any unencrypted HTTP traffic from untrusted networks.

Introduction A Virtual Private Network (VPN) allows you to traverse untrusted networks as if you were on a private network. It gives you the freedom to access the internet safely and securely from your smartphone or laptop when connected to an untrusted network, like the WiFi at a hotel or coffee shop. When combined with HTTPS connections, this setup allows you to secure your wireless logins and transactions. You can circumvent geographical restrictions and censorship, and shield your location and any unencrypted HTTP traffic from untrusted networks.

Introduction A Virtual Private Network (VPN) allows you to traverse untrusted networks as if you were on a private network. It gives you the freedom to access the internet safely and securely from your smartphone or laptop when connected to an untrusted network, like the WiFi at a hotel or coffee shop. When combined with HTTPS connections, this setup allows you to secure your wireless logins and transactions. You can circumvent geographical restrictions and censorship, and shield your location and any unencrypted HTTP traffic from untrusted networks.

Introduction Django is a powerful web framework that can help you get your Python application or website off the ground. Django includes a simplified development server for testing your code locally, but for anything even slightly production related, a more secure and powerful web server is required. In this guide, you will install and configure some components on Ubuntu 22.04 to support and serve Django applications. You will be setting up a PostgreSQL database instead of using the default SQLite database.

Introduction SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a Debian server, chances are you will spend most of your time in a terminal session connected to your server through SSH. In this guide, we’ll focus on setting up SSH keys for a vanilla Debian 11 installation. SSH keys provide an easy, secure way of logging into your server and are recommended for all users.

Introduction SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a Rocky Linux server, chances are you will spend most of your time in a terminal session connected to your server through SSH. In this guide, we’ll focus on setting up SSH keys for a Rocky Linux 8 server. SSH keys provide a straightforward, secure method of logging into your server and are recommended for all users.

Introduction WireGuard is a lightweight Virtual Private Network (VPN) that supports IPv4 and IPv6 connections. A VPN allows you to traverse untrusted networks as if you were on a private network. It gives you the freedom to access the internet safely and securely from your smartphone or laptop when connected to an untrusted network, like the WiFi at a hotel or coffee shop. WireGuard’s encryption relies on public and private keys for peers to establish an encrypted tunnel between themselves.

Introduction WireGuard is a lightweight Virtual Private Network (VPN) that supports IPv4 and IPv6 connections. A VPN allows you to traverse untrusted networks as if you were on a private network. It gives you the freedom to access the internet safely and securely from your smartphone or laptop when connected to an untrusted network, like the WiFi at a hotel or coffee shop. WireGuard’s encryption relies on public and private keys for peers to establish an encrypted tunnel between themselves.

Introduction WireGuard is a lightweight Virtual Private Network (VPN) that supports IPv4 and IPv6 connections. A VPN allows you to traverse untrusted networks as if you were on a private network. It gives you the freedom to access the internet safely and securely from your smartphone or laptop when connected to an untrusted network, like the WiFi at a hotel or coffee shop. WireGuard’s encryption relies on public and private keys for peers to establish an encrypted tunnel between themselves.

Introduction There are three main commands, and a set of common log locations that you can use to get started troubleshooting Apache errors. Generally when you are troubleshooting Apache, you will use these commands in the order indicated here, and then examine log files for specific diagnostic data. The commands that you will commonly use to troubleshoot Apache across most Linux distributions are: systemctl - Used to control and interact with Linux services via the systemd service manager.

Introduction There are three main commands, and a common log location that you can use to get started troubleshooting HAProxy errors. Generally when you are troubleshooting HAProxy, you will use these commands in the order indicated here, and then examine the log file for specific diagnostic data. The commands and log that you will commonly use to troubleshoot HAProxy across most Linux distributions are: systemctl - Used to control and interact with Linux services via the systemd service manager.

Introduction Ansible is a configuration management tool that is designed to automate controlling servers for administrators and operations teams. With Ansible you can use a single central server to control and configure many different remote systems using SSH and Python as only requirements. Ansible carries out tasks on servers that it manages based on task definitions. These tasks invoke built-in and community maintained Ansible modules using small snippets of YAML for each task.

Introduction When you first create a new Rocky Linux 8 server, there are a few configuration steps that you should take early on as part of the basic setup. This will increase the security and usability of your server and will give you a solid foundation for subsequent actions. Step 1 — Logging in as Root To log into your server, you will need to know your server’s public IP address.

Introduction When you first create a new Ubuntu 22.04 server, you should perform some important configuration steps as part of the initial setup. These steps will increase the security and usability of your server and will give you a solid foundation for subsequent actions. Step 1 — Logging in as root To log into your server, you will need to know your server’s public IP address. You will also need the password or the private key for the root user’s account if you installed an SSH key for authentication.

[label Download the Complete eBook!] Making Servers Work: A Practical Guide to System Administration eBook in EPUB format Making Servers Work: A Practical Guide to System Administration eBook in PDF format Introduction to the eBook This book highlights practical sysadmin skills, common architectures that you’ll encounter, and best practices that apply to automating and running systems at any scale, from one laptop or server to 1,000 or more. It is intended to help orient you within the discipline, and hopefully encourages you to learn more about system administration.

Introduction Sockets are a way to enable inter-process communication between programs running on a server, or between programs running on separate servers. Communication between servers relies on network sockets, which use the Internet Protocol (IP) to encapsulate and handle sending and receiving data. Network sockets on both clients and servers are referred to by their socket address. An address is a unique combination of a transport protocol like the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP), an IP address, and a port number.

Introduction The first tutorial in this series explained how to install and configure Suricata. If you followed that tutorial, you also learned how to download and update Suricata rulesets, and how to examine logs for alerts about suspicious activity. However, the rules that you downloaded in that tutorial are numerous, and cover many different protocols, applications, and attack vectors that may not be relevant to your network and servers. In this tutorial you’ll learn how Suricata signatures are structured, and some important options that are commonly used in most rules.

Sockets are a way to enable inter-process communication between programs running on a computer, or between programs running on separate computers. Programs that communicate via network sockets typically rely on using the Internet Protocol (IP) to send and receive data. There are a number of different types of sockets. The most common are: Stream sockets: which use the Transmission Control Protocol (TCP) to encapsulate and ensure reliable delivery of a stream of data.

SELinux stands for Security Enhanced Linux, which is an access control system that is built into the Linux kernel. It is used to enforce the resource policies that define what level of access users, programs, and services have on a system. In its default enforcing mode, SELinux will deny and log any unauthorized attempts to access any resource. This approach, usually referred to as the principle of least privilege, means that explicit permission must be given to a user or program to access files, directories, sockets, and other services.

Many Linux distributions use systemd to manage system settings and services. systemd organizes tasks into components called units, and groups of units into targets, that can be used to create dependencies on other system services and resources. systemd can start units and targets automatically at boot time, or when requested by a user or another systemd target when a server is already running. The systemctl command is used to interact with processes that are controlled by systemd.