What’s block cloning? Block cloning allows to copy files (or parts of it = blocks) without allocating extra space (besides the metadata required for filename, attributes, or the references to existing on disk blocks). Similar techniques are used to implement things like snapshots or deduplication in filesystems supporting them. In practice this feature is very […]
Wireguard is a very nice and fast VPN solution, however it comes with some drawbacks: Most of all it only supports UDP traffic. On an open network this is not a problem, however some networks may deny UDP traffic or may even allow only very specific traffic (like (TCP based) http(s)). So to increase the […]
Rspamd for spam filtering
Why rspamd and not spamassassin? I recently got more and more undetected spam mail, so I was looking around for improvements of my current spamassassin configuration. While doing so I found several articles about rspamd and its ease to set up. So instead of improving my spamassassin configuration I decided to give rspamd a try. […]
While trying to automate SSL certificate deployment for haproxy I had some trouble while doing test-runs (because for certbot –dry-run another account is being used). As I couldn’t find a direct way to list all accounts, here’s how to achieve that anyway (with some extra work). By default certbot show_account lists my official API account: […]
I’m planing to install eduvpn as a personal VPN solution. I also want to separate the VPN functionality (“vpn-daemon“, hostname “eduvpn-node1″) from the management web frontend (controller or “vpn-user-portal“, hostname “eduvpn-portal”). Hostname: eduvpn-node1Software packages: Hostname: eduvpn-portalSoftware packages: vpn-server-node vpn-user-portal vpn-daemon vpn-ca vpn-maint-scripts Software packages installed on the different hosts Adding software repository So we start […]
While it gets more and more common to integrate letsencrypt certificates (and their automated roll-out) into products, there’s plenty of devices out there, that require manual installation of SSL certificates. As the time for valid certificates gets reduced more and more (and letsencrypt uses quite a short lifetime anyway) it’s nice to have some kind […]
While trying to do SSL off-loading/termination using haproxy for some test instances I was looking for a solution to handle certificates from letsencrypt (via certbot) with haproxy (and no separate webserver, neither the built-in one of certbot nor any apache/nginx/…). And there really is a solution for this! A more detailed post about how to […]
While upgrading to Ubuntu 24.04 some of the sources.list files were (automatically) converted to the new APT822 standard. However others were left untouched (or deactivated). For all of you out there, here are some of my findings while doing the file conversion: Let’s take the docker repo as an example (original description here): Make sure […]
After upgrading my Ubuntu 22.04 installation to Ubuntu 24.04.1 (using do-release-upgrade) my NFS exports stopped working. Kernel 6.8.0-41 reported an OOPS as soon as the NFS share was accessed (using sec=krb5b on the NFS client): Looking for a similar bug I found one on the NFS kernel mailing list titled “[PATCH] SUNRPC: Fix loop termination […]
…or to be exact: the Samba version of it 🙂 So as an Open Source guy I obviously don’t run a Microsoft Active Directory. However since Samba version 4 this software does not only support file and print services, it also can act as an Active Directory. And guess what: That’s what I do. Unfortunately […]