I’m an avid user of Docker containers, using base images pulled from the public registry DockedHub. As you may know, Docker containers are based on Docked base images, e.g. I run postgres containers that are based on Postgres base image. It occurs that base images could get updated by their respective author (in our case Postgres team) and pushed to DockerHub. … Continue reading Automatically update your Docker base images with watchtower
Category: linux
Docker and containerd on openSUSE: reaching the limit for cgroup (and how to overcome it!)
I recently encountered a limitation during an experiment I was conducting; after some trial and error, I recognized that the limitation was due to cgroups. But let’s start from the beginning. I open sourced docker-salt, a small pet project I had in mind in order to have a full blown setup for SaltStack: a master … Continue reading Docker and containerd on openSUSE: reaching the limit for cgroup (and how to overcome it!)
Secure your SSH server against brute-force attacks with Fail2ban
The problem: SSH can be brute-forced I usually leave an SSH server on a dedicated port on every server I administer and, as you may recall, I even linked two well-written guides to properly configure and harden SSH services. Now, Internet is a notoriously bad place: scanners and exploiters have always been there, but brute-forcers … Continue reading Secure your SSH server against brute-force attacks with Fail2ban
OpenSUSE Leap 42.2: this is how I work (my setup)
Motivation I switched my distribution of choice to OpenSUSE. There are a lot of motivations behind this choice: I wanted an enterprise-grade quality of software in terms of stability, package choice, and supportability Growing interest in software non-distribution specific and/or customized, e.g. Gnome Dogfooding After nearly one year of usage, I can say that I … Continue reading OpenSUSE Leap 42.2: this is how I work (my setup)
OpenVPN with multiple configurations (TCP/UDP) on the same host (with systemd)
As much more people are getting worried about their online privacy (including me), I started to use a server as a VPN termination (with OpenVPN) when I need to access the Internet via non-secure wired or wireless networks (e.g., hotel wireless network, airport Wi-Fi, etc.). Some overzealous network admins, though, try to lock down the … Continue reading OpenVPN with multiple configurations (TCP/UDP) on the same host (with systemd)
PSA: this website now is TLS-enabled
After some thinking, I decided to switch my current domain registrar and hoster: in fact, I stayed for 5 years with Netsons.org for domain registration and hosting. I had a very pleasant experience with them, I will recommend their hosting to everyone (it’s very cheap in the plethora of Italian super-expensive hosters). Since I recently … Continue reading PSA: this website now is TLS-enabled
Packaging software for Debian/Ubuntu: eclipse
Eclipse is my (Java, Python, Ruby, XML, <insert any other text format here) editor of choice, and it has been for many years. One thing that bothers me is that Eclipse package is outdated in Ubuntu: so, instead of using apt, I should resort to download/unpack/copy/create links to install it. These days are finished, though. … Continue reading Packaging software for Debian/Ubuntu: eclipse
Workaround for OpenVPN PAM authentication broken on Ubuntu 15.10
After updating to Ubuntu 15.10 a box with an OpenVPN termination I am using to browse when I travel and use insecure networks, my VPN tunnel stops working. I am using, in this particular box, an OpenVPN server that relies on PAM plugin for authentication (and 2-step verification). Given the fact that I keep all … Continue reading Workaround for OpenVPN PAM authentication broken on Ubuntu 15.10
Getting started with cloud-init and CoreOS
Lately I’ve been experimenting with CoreOS, a Linux distribution that enforces containerization (I made some experiments with Docker and I’d say that this area is fun!). CoreOS layer of containerization was based Docker, but now that they moved to Rocket. Not only Rocket, though: CoreOS brings some curious innovations to lightweight Linux distributions like clusterization … Continue reading Getting started with cloud-init and CoreOS
Playing with Docker: tips and tricks to write effective Dockerfiles
Recently I have been playing with Docker containers, and I am sure you already know what Docker is. In this post I will describe what I have learnt while using Docker containers and preparing Dockerfiles. What is Docker? In a few words: Docker is a software to manage and run Linux containers in which you … Continue reading Playing with Docker: tips and tricks to write effective Dockerfiles