let’s encrypt via proxy server under debian

i prefer to have strict DROP policy for the outgoing traffic from production servers. let’s encrypt API endpoint is behind Akamai’s CDN and IP address to which acme-v02.api.letsencrypt.org resolves changes frequently. i don’t like playing whack-a-mole every 3 months so i’ve: set up a squid-based proxy server that allows for filtering based on domain names: ... Read More

btrfs and nfs dont play nicely together

i use ghettoVCB to take backups of vmware esxi 6.5 vms. data is copied to a nfs share hosted on Debian Linux. for over a year i used btrfs partition as an underlying datastore for the nfs share. and i just could not get it to work for backups which size larger than available RAM ... Read More

BLKDE3815TYKH0E headaches

we’re setting up a small computer that will act as vpn end-point. we decided to try something smaller this time – BLKDE3815TYKH0E. as it turned out it’s not as well polished as one would expect from intel. my colleagues had to pull out debian wheezy usb pend-rive with the installer to be able to finish ... Read More

pigz –rsyncable, rdiff

i’m backing up in total ~90GB of mysqldumps each night. the more data, the bigger pain it is.

Linux and H/W optimizations for MySQL

good stuff: http://en.oreilly.com/mysql2011/public/schedule/detail/17111 http://assets.en.oreilly.com/1/event/56/Linux%20and%20H_W%20optimizations%20for%20MySQL%20Presentation.pdf

firefighting – asn32 and quagga crash

debian lenny, out-of-the-box quagga_0.99.10-1lenny1_i386 symptoms of disaster in bgpd.log: 2009/05/03 14:00:47 BGP: Assertion `len < str_size' failed in file bgp_aspath.c, line 619, function aspath_make_str_count 2009/05/03 14:00:47 BGP: Backtrace for 14 stack frames: 2009/05/03 14:00:47 BGP: [bt 0] /usr/lib/libzebra.so.0(zlog_backtrace+0x2a) [0xb7f50a5a] 2009/05/03 14:00:47 BGP: [bt 1] /usr/lib/libzebra.so.0(_zlog_assert_failed+0x77) [0xb7f50be7] [..]

2x full bgp feed with quagga

maybe someone will find this one handy. it’s description + config file for bgp setup i’ve recently put on production using debian lenny + quagga.

poor mans multihoming under linux

purpose: utilize simultaneously symmetric and asymmetric internet connections on linux router to achieve cost efficient way of providing internet access for few dozens of users. why? symmetric connections to internet still tend to be overpriced, poland is no exception. small ISPs providing internet access for 100 or 200 users usually cannot afford pipes fat enough ... Read More