Docker Swarm Load Balancing and SSL Termination with DockerCloud HAProxy


Prerequisite If you have internet facing VMs, particularly 2 of them, as a manager and a worker, and your own domain, that would be great. You can also do this with locally hosted VMs on internal network and self-signed certificate, but you would miss the Let’s Encrypt SSL configuration part. I’m using two Ubuntu 18.04…

Getting Tomcat ready for production


So you decide that the application is ready for prime time, it’s time to deploy them to production. Before that happens, let’s make sure everything is fine and dandy on the server side. 1. Secure the operating system Runaway services You can start by reviewing out services that are listening to incoming connection and which…

Enabling Hibernate on Ubuntu 19.04 Disco Dingo


So I decided to migrate my ThinkPad X230 from Ubuntu 18.04 to the newly released Ubuntu 19.04, codenamed “Disco Dingo”. To get Disco (or any recent, SystemD-ladden Ubuntu releases) to play nice with hibernate, you need to plan ahead. Prepare swap partition. In the installation process, prepare and create a swap partition as large as…

fail2ban, ufw, and sshd with custom port on Ubuntu


One of the tool we can use to secure our Ubuntu box from incoming attacks, if we can’t establish a whitelist for incoming connection is fail2ban. Point fail2ban to your “/var/log/auth.log” on debian-based,  or “/var/log/secure” on Redhat-based distros to automatically add offending IPs to your firewall and stopping them from DDoS-ing the server. On Ubuntu,…

WebRTC-based Video Conference with Jitsi


So the company i’m working for regularly held a grand meeting where participants from multiple cities Indonesia log into the meeting with Skype via crappy DSL lines. The result of course was far from satisfactory. So I searched around for a solution that I can deploy locally (since we do have stable, private connection to…

Review: Lenovo N700 Dual Wireless Mouse & Presenter Combo


The N700 is a usb/bluetooth 4.0 combo wireless mouse,  as well as  a combo of mobile mouse and a laser pointer equipped wireless presenter. Does that sound confusing to you? It really isn’t. Basically you connect the N700 to your PC or laptop either with the included USB dongle, or by pairing it your laptop…

Channel Bonding Guide on CentOS/RHEL


I’m recycling one of my old post regarding creating a channel bonding from multiple network interfaces with some updated instructions to make it work on modern linux distros. ..In a video format. Have look: As for the config files’ templates: /etc/sysconfig/modules/bonding.modules #!/bin/sh if [ ! -c /dev/input/uinput ] ; then         exec /sbin/modprobe bonding >/dev/null…

Review: Lenovo ThinkPad X230


I know, I know. A review of 2012 laptop in 2017? Ludicrous! So I marked the end on 2016 by crossing another entry off my bucket list, which is to own an IBM/lenovo ThinkPad. I never intended to buy them new, because a new T or X series ThinkPads, which to me, are the only…

Where is my my.cnf? And disabling strict mode in mysql


Due to having to maintain compatibility with coping with old and perhaps broken codes, I decided to turn off mysql strict mode. It started with the php paging spurting out  database error such as “Error Number 1265” \As well as these “Error Number 1292” This happens because MySQL server is running on strict mode, and…

sftp hardening with chrooting and ACL


Chrooting is always a great option when you want to roll out  a service that will be accessed by a lot of users, even more so if it’s on the internet. On OpenSSH’s sftp server, chrooting is a couple of lines of setup away. You can add ACL on top of that to get more…