There Multiple SPs on same apache vhost By default the helper scripts mentioned above use some default values like file names and local hostname. So in case you need multiple SPs within a single apache web service, we’ll need to generate key pairs and metadata for each of them and use more specific settings for […]
Category: Encryption
Docker hub recently announced an upcoming request limit to their registry. So in order to reduce the amount of requests issued there, the idea of a caching proxy solution comes to mind. Possible solutions Fortunately there are some projects already working on that problem. However there are different approaches. Some of the projects I found […]
Till now I was mainly using mod_auth_mellon in order to do SAML-based authentication for web services. I did so because it seemed quite easy to configure (and the Ubuntu mod_shib package had a nasty bug some years ago when I made first contact with SAML). However mod_shib (part of the shibboleth service provider (SP) implenetation) […]
While trying to automate SSL certificate deployment for haproxy I had some trouble while doing test-runs (because for certbot –dry-run another account is being used). As I couldn’t find a direct way to list all accounts, here’s how to achieve that anyway (with some extra work). By default certbot show_account lists my official API account: […]
While it gets more and more common to integrate letsencrypt certificates (and their automated roll-out) into products, there’s plenty of devices out there, that require manual installation of SSL certificates. As the time for valid certificates gets reduced more and more (and letsencrypt uses quite a short lifetime anyway) it’s nice to have some kind […]
While trying to do SSL off-loading/termination using haproxy for some test instances I was looking for a solution to handle certificates from letsencrypt (via certbot) with haproxy (and no separate webserver, neither the built-in one of certbot nor any apache/nginx/…). And there really is a solution for this! A more detailed post about how to […]
After upgrading my Ubuntu 22.04 installation to Ubuntu 24.04.1 (using do-release-upgrade) my NFS exports stopped working. Kernel 6.8.0-41 reported an OOPS as soon as the NFS share was accessed (using sec=krb5b on the NFS client): Looking for a similar bug I found one on the NFS kernel mailing list titled “[PATCH] SUNRPC: Fix loop termination […]
Update 11.12.2021: Finally got a new test machine and started re-evaluating the current situation. The tests were done on a Quad-Core i5 system, using a 24 GB RAM disk (32 GB RAM total). System is Ubuntu 20.04 (x86_64). Basic test were done using fio with variations of this command: The different benchmark scenarios are these: […]
I recently installed a new home NAS server. For data protection all disks should be encrypted using dm-crypt. However performance was far from what I expected. After searching some time I found the reason (and a proposed solution) in a very interesting article of Ignat Korchagin (also a video talk about this topic is available […]
Building kernel modules To build the kernel modules we first need to install the kernel sources matching the latest kernel. So first we download and install the required packages: And now prepare a kernel source tree for compilation: Now we should have the very same source tree that build our currently running kernel (well at […]