Adrian's weblog
Most tutorials assume you’ll expose services from your premise through a public static IP. But that’s risky: small connections are easy to DDoS and lack redundancy.Instead of publishing my on-premise LAN directly, I decided to operate public IPs from AWS and route the traffic through a site-to-site VPN back to my own infrastructure. As a …
Continue reading “Hybrid Cloud: A Lab Concept for a Simple AWS ↔ On Premise Bridge”
Today I learned how to properly open etcd ports using firewalld. Here’s a quick guide: FirewallD has a couple of predefined services with various ports. Find available services on FirewallD: You’ll find two services: etcd-client (port 2379/tcp) and etcd-server (port 2380/tcp). Identify Active Firewall Zones: Example output: Add these 2 services to your zone: P.S. …
Continue reading “Today I Learned: How to open etcd ports on Firewalld”
For forwarding a port using ufw it’s necessary to operate on iptables rules defined in /etc/ufw/before.rules Add the following rules to before.rules -A POSTROUTING ! -o lo -j MASQUERADE allows the traffic to be discerned as though not originating from a nat. ! -o lo prevents the lo interface to be masqueraded and break DNS …
Continue reading “Today I learned: How to forward a port using ufw”
When installing Rancher to orchestrate K8s on bare-metal it’s important to mention that turning off firewalld and enabling nftables is essential. Otherwise the dashboard will give a 502 error.
I encountered a problem with HAProxy and SELinux. It seemed like the server wasn’t found and I was getting 503. On inspecting SELinux logs I realized certain changes must be made when working on a SELinux environment. I had no issues on other systems except RedHat family OSes. This configuration was necessary for me when …
Continue reading “Today I learned: Fedora and HAProxy SELinux”
Firstly we need to find the active zones of Firewalld Then we execute the commands to add the services permanently then we reload: We may also do it in such a manner:
I had an issue running my tests because modules were not loading. The issue at heart was that PYTHONPATH wasn’t set. I found out pipenv can read .env files. So this way it’s possible to add the current directory to it.
To ensure proper SSH functionality it’s necessary to setup proper permissions. The .ssh directory in home must be 700. While authorized_keys and private keys should be 600. Public keys should be 644. To start ssh-agent you must execute: To add a key to the agent use:
While using Docker on Fedora 34 I encountered an issue where my containers would not communicate properly. So I had a Docker Compose configuration with an internal network and a default bridge network. While I could ping the various servers from inside the containers, connections to various ports were failing. So ICMP traffic was up …
Continue reading “Today I learned: Firewalld Masquerade & Docker”
Today I will do my best to explain how to configure Varnish cache for Magento 2.4.2. I used the official Docker image for Varnish and built a simple Dockerfile along with a Magento recommended ENV value: The default.vcl file is provided below: As you can see it’s a very simple configuration for bootstrapping the service. …
Continue reading “Today I learned: Activating Varnish cache for Magento 2”