Tagged in

devops

My random OpenVPN tricks

script-security 2
up /etc/openvpn/update-systemd-resolved/update-systemd-resolved
down /etc/openvpn/update-systemd-resolved/update …

stunnel transparent proxy to localhost

Just a quick tip on setting up stunnel in transparent proxy mode (ie. target service sees original source IP address) pointing at services running on localhost. (mostly based on sslh documentation)

Use the following iptables/sysctl rules:

#!/bin/bash

set -e

# Set route_localnet = 1 on all interfaces so that ssl …

How to use Let's Encrypt in local networks

A little solution for properly encrypted HTTP traffic in semi-public networks.

Let's Encrypt, as everyone knows, offers publicly-recognized SSL certificates. Pretty much the only downside is, that these are only issued with validity period of 90 days. Default ACME challenge scheme (http-01) requires some HTTP server to be publicly accessible …

Author
Piotr Dobrowolski

Piotr Dobrowolski

Just a random guy from the internet.™