let’s encrypt via proxy server under debian

i prefer to have strict DROP policy for the outgoing traffic from production servers. let’s encrypt API endpoint is behind Akamai’s CDN and IP address to which acme-v02.api.letsencrypt.org resolves changes frequently. i don’t like playing whack-a-mole every 3 months so i’ve: set up a squid-based proxy server that allows for filtering based on domain names: …

Continue reading ‘let’s encrypt via proxy server under debian’ »

btrfs and nfs dont play nicely together

i use ghettoVCB to take backups of vmware esxi 6.5 vms. data is copied to a nfs share hosted on Debian Linux. for over a year i used btrfs partition as an underlying datastore for the nfs share. and i just could not get it to work for backups which size larger than available RAM …

Continue reading ‘btrfs and nfs dont play nicely together’ »

BLKDE3815TYKH0E headaches

we’re setting up a small computer that will act as vpn end-point. we decided to try something smaller this time – BLKDE3815TYKH0E. as it turned out it’s not as well polished as one would expect from intel. my colleagues had to pull out debian wheezy usb pend-rive with the installer to be able to finish …

Continue reading ‘BLKDE3815TYKH0E headaches’ »

firefighting – asn32 and quagga crash

debian lenny, out-of-the-box quagga_0.99.10-1lenny1_i386 symptoms of disaster in bgpd.log: 2009/05/03 14:00:47 BGP: Assertion `len < str_size' failed in file bgp_aspath.c, line 619, function aspath_make_str_count 2009/05/03 14:00:47 BGP: Backtrace for 14 stack frames: 2009/05/03 14:00:47 BGP: [bt 0] /usr/lib/libzebra.so.0(zlog_backtrace+0x2a) [0xb7f50a5a] 2009/05/03 14:00:47 BGP: [bt 1] /usr/lib/libzebra.so.0(_zlog_assert_failed+0x77) [0xb7f50be7] [..]

poor mans multihoming under linux

purpose: utilize simultaneously symmetric and asymmetric internet connections on linux router to achieve cost efficient way of providing internet access for few dozens of users. why? symmetric connections to internet still tend to be overpriced, poland is no exception. small ISPs providing internet access for 100 or 200 users usually cannot afford pipes fat enough …

Continue reading ‘poor mans multihoming under linux’ »