In my last post regarding the usage of GPG Agent for SSH Authentication (read here) I presented my first solution to replace the default OpenSSH Agent with GPG’s SSH Agent support. With the update to Ubuntu 21.04 I had to reconfigure this, since the current way stopped working.Read more “GPG Agent for SSH Authentication (Update)”
If you want to run your own Kubernetes Cluster, you have plenty of possibilities: You can set up a single node cluster using minikube locally or on a remote machine. You can also set up a multi node cluster on VPS or using managed cloud providers such as AWS or GCE. Alternatively, you can use hardware, e.g. Raspberry Pis or bare metal servers. However, without the functionality provided by a managed cloud provider, it is difficult to take full advantage of the complete high availability capabilities of Kubernetes. We have tried – and present here the instructions for a highly available Kubernetes cluster on Hetzner bare metal servers.Read more “Kubernetes Cluster on Hetzner Bare Metal Servers”
Last week at the 7th Collaborative Workshop on Evolution and Maintenance of Long-Living Systems, together with Sven Peldszus, I presented a paper regarding the Maintenance of Long-Living Smart Contracts.Read more “Maintenance of Long-Living Smart Contracts”
Sometimes, regardless of the possibilities offered by “the cloud”, you want to host important services yourself. For me as a software and DevOp engineer, this applies to my source code. For this reason, I host my GitLab instance myself. Since the GitLab package for DSM provided by Synology is outdated, I will explain here how to install the latest version of GitLab on a DiskStation using Docker.Read more “GitLab on a DiskStation”
Yesterday I attended the 2nd IEEE International Conference on Blockchain conference in Atlanta, Georgia. Besides many interesting and exciting lectures, I also presented my first paper there:
I would also like to say thanks for the interesting conversations I had at the conference.
In this article I described how to set up a FritzBox LAN 2 LAN VPN with StrongSwan. Meanwhile I replaced Ubuntu on the server with pfSense. Of course I have set up my FritzBOX VPN connections again. So here’s a tutorial on how to set up a FritzBox LAN 2 LAN VPN with pfSense.Read more “FritzBox LAN 2 LAN VPN with pfSense”
When setting up Kubernetes clusters, it makes sense for the individual nodes of Kubernetes to live in the same private network. If Kubernetes is set up on bare metal machines from suppliers such as Hetzner, it may not necessarily be possible to set up a common network of this kind natively. This is where tinc comes in: it makes it very easy to set up a virtual network across all participating nodes. To keep the configuration of tinc parallel to that of Kubernetes (I use Kubespray for my Kubernetes setup), I developed an Ansible Role for tinc VPN and made it available on GitHub.
- Installing and setting up tinc VPN service
- In-place private key generation (private keys are never copied)
- Support for additional nodes where host machines are not covered by the playbook
- Support for custom routes for the VPN interface
- Support for joining existing bridge interfaces on the host machine
- Custom scripting for up/down hook scripts
For setup instructions or a tutorial how to use my Ansible Role for tinc VPN please check the README. It always contains the up-to-date instructions for using this role and will be updated, if new features come up.
There are a lot of instructions available on how to connect your FritzBox to a server via VPN. But since it took me a long time to find a working tutorial myself, here again a post describing how to set up a FritzBox LAN 2 LAN VPN with StrongSwan (based on the site https://seffner-schlesier.de/news/ipsec-zwischen-avm-fritzbox-und-strongswan/).Read more “FritzBox LAN 2 LAN VPN with StrongSwan”
It’s happened to me several times now that an application I run on my DS 1817+ has problems with websockets. This is because I use the reverse proxy built into DSM, which does not support websockets by default. For this reason, here’s a little tutorial on how to enable Websockets for Synology DSM reverse proxy.
Enable Websockets in DSM Reverse Proxy
Actually, it is extremely easy to enable Websockets for Synology DSM reverse proxy:
- Open Control Panel > Application Portal
- Change to the Reverse Proxy tab
- Select the proxy rule for which you want to enable Websockets and click on Edit
- Change to the Custom Headers tab
- Add two entries in the list:
- Name: “Upgrade”, Value: “$http_upgrade”
- Name: “Connection”, Value: “$connection_upgrade”
Repeat these steps for every rule where you want to enable Websockets.