whatsdoom.com

Docker compose pokes holes in Firewalls

Date Fri 24 March 2023Readtime 4 minutes Tags

docker / firewall / ufw

Docker port forwarding uses iptables which can override your firewall rules, specify a host ip to limit access.

more ...

Updating the Expiration Date of a GPG key

Date Tue 28 February 2023Readtime 5 minutes Series Part 2 of Getting Started with GPG Tags

gpg

I use gpg to sign my git tags and recently I had an issue where signing failed. Something like:

$ git tag -m "1.5.0" v1.5.0
error: gpg failed to sign the data
error: unable to sign the tag

And after some debugging I discovered that my subkeys …

more ...

Platform based dependencies in poetry

Date Sun 24 July 2022Readtime 1 minutes Tags

python / poetry

Problem

I have a small django project that I develop on both linux and mac. I deploy this project using the alpine version of the python docker image.

Originally, I had installed the psycopg2-binary package on my mac for local development, but once started to package up the app, I …

more ...

Optimizing Docker build speed and image Size for a Django project

Date Sun 27 February 2022Readtime 6 minutes Tags

docker / django

The Problem

I have a personal project that I have been working on for about a year now. It is a pretty basic project with a Django backend and a SvelteKit based frontend. I deploy it to a VPS using docker images and traefik as reverse proxy.

Recently as feature …

more ...

Docker Compose Log File Settings

Date Sat 03 April 2021Readtime 1 minutes Tags

docker

The Problem

I recently connected to a remote machines and found a disk space warning.

In order to diagnose the cause of the disk space issue, I used a neat tool called ncdu (NCurses Disk Usage).

sudo ncdu /

Using the excellent interface, I was able to trace the issue to …

more ...

SSH Certificates with `step-ca`

Date Sat 29 February 2020Readtime 4 minutes Series Part 2 of Step CA tools Tags

ca / tls / ssh

Installation

Follow instructions on the previous post or the step readme

Setup

Create required root and SSH signing keys:

$ step ca init --ssh
✔ What would you like to name your new PKI? (e.g. Smallstep): Whatsdoom
✔ What DNS names or IP addresses would you like to add to your new …

more ...

Build your own certificate authority

Date Sun 23 February 2020Readtime 3 minutes Series Part 1 of Step CA tools Tags

ca / ssl / tls

Recently, I built my own CA using step and step ca by smallstep. They have created tools for secure automated certificate management.

Installation

On my VPS, I installed both the step cli and the step-ca cli tools. On the laptop, I just installed the step cli tool.

Instructions and packages …

more ...

Creating your own Virtual Private Cloud

Date Sat 15 February 2020Readtime 3 minutes Tags

wireguard / vpc / vpn

Recently, I read a comment on Hacker News about someone who had created their own private mesh network between their Virtual private servers (VPS).

I decided to try and replicate this myself across three of my VPS instances.

Installing WireGuard

All three of my instances are running Ubuntu 18.04 …

more ...

Creating Airgapped keys for Yubikey

Date Sat 30 June 2018Readtime 9 minutes Series Part 1 of Getting Started with GPG Tags

gpg / yubikey

Introduction

Before you begin, it would probably be a good idea to have three flash drives and a Yubikey.

Your first USB stick will be a Live USB that will boot the airgapped system.
The second will store the packages that you will need to install on the newly booted …

more ...

Restricting rsync access with SSH

Date Tue 07 November 2017Readtime 2 minutes Tags

ssh / rsync

SSH public keys can be added to ~/.ssh/authorized_keys on a typical system to allow the holder of the private key to access the system. Sometimes however you might want to restrict the access a particular key has.

In my case, I wanted my CI system to be able to …

more ...