Projects

Do you ever find yourself wanting to access machines, but due to the permissions of he computer you’re currently on or network restrictions you’re unable to do so? Or maybe you have users that you would like to have access to remote machines, but you don’t want to have to worry about what remote administration tools they have on their devices. Guacamole is cool because it allows a user to access Windows and Linux machines through a variety of different protocols such as SSH, RDP, or VNC through a web browser as all of the tools are separated from the client machine and resident on the server side meaning administration can be done on any computing device capable of web browsing to prove it, once we have this set up i will access a remote machine via my PlayStation 4.

Most people see VPN and they think of the commercial, hide myself within another million people’s traffic, product such as Nord or PIA. But this article is simply an interesting take on the technology used to bridge the physical gap between work-spaces that many professionals both technical and not became intimately familiar with over the recent 2021 pandemic. What is Nebula and how is it different?# In a traditional sense a VPN functions as a router that bridges different LANs over an encrypted tunnel, and the traffic passed between LANs travels much like traditional traffic would when passed between LANs, in a star-like topology where all traffic destined for a peer must first pass through a switching/routing device, but what if that wasn’t the case?

Everyone hates advertisements and thanks to the raspberry pi and the Pi-hole project, keeping them out of your life has become easier and easier. By setting up a local Domain Name Service(DNS) server you can block the connection to add servers before they’re even initiated. Pi-hole also presents the user with a beautiful user interface and is easily configured for even the newest of IT enthusiasts (I’m serious, its like… one command.

So having keys via LetsEncrypt is pretty cool given the fact that they’re free, but unlike other certs these are only good for about 90 days, and while manually moving keys over a couple times a year is not the most annoying thing in the world, I’m pretty lazy so i like to automate trivial tasks as much as possible. I’m doing this with the assumption that you’ve already set up your certs using the pfSense ACME client so what we’re going to be doing is as simple as using rsync to ensure that these files are always up to date.

If your house is like mine you have some rooms that run a little hotter than others (especially if you have servers running). Because of this the need to monitor temperature readings in rooms became a little more important, now there’s a multitude of different ways to tackle this problem but this is by far the cheapest (although more time consuming on the front end) and doesn’t require any cloud services to keep it running.

Synopsis# Sometimes you may find yourself in a situation in which you would like to host a service but sometimes you’re stuck behind a double NAT, or even just a firewall in which you do not control all of the rules for. Here I’m going to show you how to use Wireguard VPN to finagle around this issue and simply give your private server a public IP address. Important note: in order for this to work, you will need a publicly accessible VPS, preferably with a static IP address, i would recommend either AWS Lighsail or Linode as they are both cost-effective options with their cheapest tiers being bout $3.

In an attempt to automate the deployment as well as get my feet wet with a little Ansible in my homelab i created a playbook to automate the deployment of the minimal LXCs that build to deploy certain apps like pi-hole, nginx proxies, and sql databases. The documentation on certain things were pretty sparse so I will try to explain the intentions that I had, the issues that I ran into, as well as why I chose the routes that I took for my solution.

Synopsis# When hosting public servers, whether that be Web, SSH, or whatever you want to roll out, people’s biggest concerns are either automated attacks consuming resources and denying your access or those same attacks constantly attempting to authenticate to your application through brute forcing your authentication. I’m going to write this from the perspective of someone simply trying to secure a service that they expect a limited amount of use to, in my case ssh.

Intro# I was a pretty big user of the LinuxServer.io LetsEncrypt container since it integrated all of the things that I wanted to put in front of my applications into a simple-to-setup container with minimal configuration. Unfortunately, the team has had to transition to a different setup due to a trademark request. Due to my own laziness, I didn’t really feel like learning how to use the new system so I ended up doing things the hard way for a couple of years, don’t do what I did.

If you’ve ever set up an application like Plex with a web server on a non-standard port, wanted a bit more security to go into accessing applications over networks that you may not fully trust, or even just wanted to ensure all of your requests to your web services just go to one place so you don’t have to mess with firewall rules every time you make something new then this article is for you.