If you have a setup with a single server with multiple services (web, IMAP etc.), and one CNAME per service (www.somedomain.com, imap.somedomain.com), and you would like to get the services signed in a manner that doesn’t give warnings or errors in browsers (especially browsers in phones and tablets with iOS and Android), then this article may be of interest.
Self-signed certificates is a nuisance and the cacert.org initiative has been losing support. Let’s encrypt offers the possibility of having free (as in both cost and feedom) SSL certificates that don’t give warnings in web browsers. The only problem the threshold of taking the time to figure out how to use it.
Continue reading Sign nginx website and dovecot imap server on debian with let’s encrypt
One thing I have been missing since Gnome 2 was suceeded by the (IMO) horrible Gnome 3, is a tool tray notification icon for pending debian updates.
When someone continued Gnome 2 as MATE and MATE became available on debian, there was no notification tooltray icon to be found.
But now there is such a tooltray icon: pk-update-icon and since debian with MATE again is my primary desktop this I was something I was happy to discover.
Continue reading Get update notifications in the MATE desktop on debian jessie
At the end of Using a Raspberry Pi 2 Model B as a router/firewall for the home LAN I wrote that I decided not to put /var/log into tmpfs, because:
- I wanted the logs to be persistent
- I thought that the wear would result in less and less of the sd card to become available (and 16GB for logs should last a loong time)
As it turned out the sd card died after one month.
I don’t know if the cause was excessive logging, the use of ntopng (which did write quite a lot, both in the number of files, the number of files, and in the total storage used, which was approximately 0,5GB after 30 days of uptime) or simply a bad sd card.
However, going forward with a new sd card, I’ve done the following:
- Removed ntopng
- Put /var/log on tmpfs (limited to 100MB in size), synced to a backing store on the sd card using rsync
Continue reading Logging to persistent tmpfs on Raspbian “jessie”
Since 1999 I have been using a 1996 vintage DEC PII desktop as the router/firewall between the internet and my home network. The DEC computer came to me with Win95 (or possibly Win98) in 1998, got SuSE linux and started its mission as router and firewall (and CUPS server, and IMAP server, and various other server stuff). When upgrading the SuSE installation to a newer version went south, it spent a while running ThomasEz’s floppyfw, until I used a floppy net install to install debian potato, immediately switched it to debian testing, until debian woody arrived, when it was moved to debian stable, and then I just kept running “apt-get dist-upgrade” until I finally had it running debian 8 “jessie” on june 6 in 2015.
The old DEC desktop has survived its maker company, survived lightning strikes that have sent the power supplies and/or main boards of other computers on the same LAN into continously beeping mode (i.e. broken). However, in December 2015 it started acting up, and crashing with irregular intervals (sometimes two weeks, sometimes one day).
So… the time for a replacement would have to be not too far ahead. The question was what to replace it with?
Continue reading Using a Raspberry Pi 2 Model B as a router/firewall for the home LAN
Except for work computers with GNU/linux, the last of which was retired in 2008, my GNU/linux computers have been outdated hand-me-downs. And when the P4 I got back in 2010 went belly up, I figured it was time for trying a modern machine.
Note: I wasn’t going for a top-of-the-line gaming computer with high performance everything. Just a modern state of the art computer.
I wasn’t satisfied with the combination of price and specs on the desktop computers sold by the consumer electronic retailers, so I asked an old colleague who likes building his own computers (thanks Alexey!) to help me come up with an order for components that would work when I put it together. This is what I ordered:
- Main board: ASUS H170M-PLUS, Socket-1151
- CPU: Intel Core i5-6600 Skylake
- Memory: Corsair Vengeance LPX DDR4 2133MHz 16GB
- SSD: Kingston SSDNow V300 120GB 2.5″ OEM
- Hard disk: Seagate Barracuda® 1TB
- Cabinet: Fractal Design Define S Black
- Power supply: Corsair CX500, 500W PSU
Continue reading Debian “jessie” on Intel “Skylake”