Categories
Computing HAProxy Linux Security Web Services

WordPress behind HAProxy with TLS termination

My current project has been to set up a publicly accessible web server with a decent level of security. It has been an interesting exercise in applying “old” knowledge and gathering some new. This weekend I finished this project for now. The current setup is as follows: Behind my firewall, where I NAT port 80 and […]

Categories
Active Directory Computing VMware Windows

The paravirtual SCSI controller and the blue screen of death

For driver reasons, the default disk controller in VMware guests is an emulated LSI card. However, once you install VMware Tools in Windows (and immediately after installing the OS in most modern Linux distributions), it’s possible to slightly lower the overhead for disk operations by switching to the paravirtual SCSI controller (“pvscsi”). I’m all for lower […]

Categories
Computing Linux Security Web Services

Securing an Internet accessible server – Part 2

In part 1 we made it significantly harder to gain access to our server once it is opened up to the Internet – but we’re not quite ready for that yet. In this post we’re exploring a firewall in Ubuntu, ufw, which stands for “uncomplicated firewall”, and we’ll set up some additional hardening using Fail2Ban to protect ourselves […]

Categories
Computing Linux Security Web Services

Securing an Internet accessible server – Part 1

This article is part of a series. Part 2. Let’s look at a simple scenario, and see how common tools in the Linux and BSD world can help us: We want to be able to remote control a server from wherever in the world, but we really don’t want others to be able to log […]