This post, as most of my posts tend to be, is my attempt at documenting how I set something up so that future Jeff can do it again, or troubleshoot it when it inevitable breaks at some point in the, hopefully, distant future. On my various web servers, I’ve been moving more and more of my content into Docker containers to, hopefully, aid in isolation (both security and unintended interactions/interdependencies) and maintainability. [Read More]
FastAPI, React and Docker
I’ve recently been working on a fun Advent of Code project for work and using some new (to me) technologies like FastAPI and Docker for deployment. This post is a simplification of the project structure and deployment configuration I used (mostly as a reference for future me, but perhaps someone else will find it useful too). The focus is on project structure and deployment. This is not intended to be an interesting sample project for FastAPI or React. [Read More]
Monica on Docker
I recently came across a post on Mastodon about someone adopting a personal CRM (Monica CRM) as a way of keeping track of their personal relationships. This idea resonated with me. I have a really hard time remembering details of past conversations, and getting in the habit of reaching out to friends (life just plows ahead). It’s not that I don’t care… it just doesn’t stick. Monica CRM captured my interest for several reasons: [Read More]
Adventures with Golang, WebSockets, Create-React-App and NGINX
I’m a huge fan of both privacy and cool technology, so it goes without saying that I’m also a huge fan of the Tor Project. Tor is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name “The Onion Router”. Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. [Read More]
Blog with Hugo, Gitlab CD, and Caddy
This post is an overview on how I setup this site (built using Hugo) to be automatically deployed to my Caddy server using Gitlab’s continuous deployment. I routinely swap between fancy blogging tools like Ghost and Wordpress as well as static site generation tools like Jekyll and Hugo far more often than I should. I keep coming back to static site generation for several reasons: Server footprint - It’s easy to host static files. [Read More]
Wireguard Access Server
For years, I’ve relied on SSH as the gateway into my LAN from the outside world. I figure that, as far as services I could place on “the front-line” go, it’s pretty solid. It sure beats publicly exposed RDP right?! My usual setup is to configure Linux and OpenSSH Server on a Separate VM or RaspberryPi, and forward inbound SSH requests to that machine. I prohibit password-based logins in /etc/ssh/sshd_config and also install and configure DuoSecurity’s PAM module as an additional layer when logging in from the outside world over SSH. [Read More]
Ubuntu 18.04 - Encrypted Disks with USB Boot
I’m setting up a new Ubuntu 18.04 server and wanted the drives to be encrypted. Since the machine is headless in my basement, however, entering a password on boot is annoying.[Read More]
NGINX Semi-private Site
We used to run a development blog for work. We wanted:
- To use NGINX to host this content. It was all static pages.
- To limit access to people within our network, or to employees while outside the network (phones, laptops, etc.).
- We didn’t want to deal with user accounts, active directory, etc.
- We wanted super low friction for users.
GPG/SSH with the YubiKey 5
Yubico just announced the new YubiKey 5 and of course I needed to buy one! This gave me a great opportunity to update my somewhat popular GPG/SSH with YubiKey guide. The YubiKey 5 includes support for: Universal Second Factor (U2F) - FIDO & FIDO 2! (nothing uses FIDO 2 but I had to have it ;) CCID Smart Card: RSA (and now ECC) / OpenPGP NFC (starting to be supported by some iOS apps) This guide walks through: [Read More]