Environment variables for services in a systemd-based system

My current config deployment automation project has required me to set up a dev/staging environment for my load balancers, since I don’t want to break stuff by deploying untested configurations. This environment is functionally identical to a single load balancer and can be used along with a hosts file on a client to not only… Continue reading Environment variables for services in a systemd-based system

Continuous Deployment of Load Balancer Configurations

I thought I’d describe some optimizations I’ve made to my load balancers at work, both for the good of the older me, and in case someone would benefit from some of my ideas. Background The load balancers are based on four software packages that integrate to create a powerful whole: Keepalive Daemon provides a common… Continue reading Continuous Deployment of Load Balancer Configurations

Load Balancing Exchange 2016 behind HAProxy

I recently started the upgrade to Exchange 2016 at work. A huge benefit over Exchange 2010, is that REST based client connections are truly stateless. In effect this means that if a server goes down, clients shouldn’t really notice any issues as long as something redirects them to a working server. In my system, this… Continue reading Load Balancing Exchange 2016 behind HAProxy

SFTP revelations

I got myself into a situation where I had to copy some files from my computer to a server that presented sftp but not scp. Since I’ve never needed to use the sftp protocol from a cli-only machine, I haven’t really thought about how it works in non-interactive mode. Batch mode allows you to create… Continue reading SFTP revelations

WordPress behind HAProxy with TLS termination

My current project has been to set up a publicly accessible web server with a decent level of security. It has been an interesting exercise in applying “old” knowledge and gathering some new. This weekend I finished this project for now. The current setup is as follows: Behind my firewall, where I NAT port 80 and… Continue reading WordPress behind HAProxy with TLS termination

Securing an Internet accessible server – Part 2

In part 1 we made it significantly harder to gain access to our server once it is opened up to the Internet – but we’re not quite ready for that yet. In this post we’re exploring a firewall in Ubuntu, ufw, which stands for “uncomplicated firewall”, and we’ll set up some additional hardening using Fail2Ban to protect ourselves… Continue reading Securing an Internet accessible server – Part 2

Monitoring Keepalived with SNMP on Ubuntu 14.04

Introduction Using keepalived in combination with a couple of HAProxy instances is a convenient yet powerful way of ensuring high availability of services. Up until now, I’ve considered it enough to monitor the VMs where the services run, and the general availability of a HAProxy listener on the common address. The drawback is that it’s hard to see if… Continue reading Monitoring Keepalived with SNMP on Ubuntu 14.04

Setting up my gaming computer in Ubuntu 16.04

This is really a how-to for my personal hardware setup in case I want to try other distributions or operating systems on my gaming computer down the line. However it may be helpful to anyone who would like to play games or run flight sims in a Linux environment. What? Stranger things have happened!