Modern SSL nginx

We can use the helpful tool from Mozilla to generate a secure web server configuration. For my purposes, I chose nginx as the webserver and modern profile, this severely limits the legacy clients that can connect, but the definition of "legacy" in this case, is users who haven't…

Caching Ubuntu updates using Squid

Using Squid Deb Proxy to cache updates and save bandwidth. Assumptions VM or bare metal machine running Ubuntu 16.04 server Bridged or exposed IP for VM to talk to clients using AVAHI/broadcast NOTE: By default deb proxy uses a 40gb allocation on /, for this setup I've increased the…

LXC Bridge to LAN

Prerequisites Ubuntu 16.04 LXC/D installed Working eth0 Install utilities sudo apt install lxc bridge-utils Bridge your interface Edit config sudo nano /etc/network/interfaces Set eth0 to manual Add section for br0 (or whatever you'd like to label the bridge) Make sure you include eth0 (or your interface…

Updating Cloudflare DNS entries programmatically

Using the cloudflare API and some code written by LINKIWI, we can update the DNS pointers on Cloudflare automatically. I am launching a separate container for this, just because I can. NOTE: The python script only works with python 2 Install required software sudo apt update && \ ## Install build…

Ad-Blocking at the DNS server

Prerequisites Ubuntu 16.04 Machine or VM with accessible port 443/80 (will not work in container without extra steps) Local terminal or SSH access Upstream DNS/DHCP server (not using PiHole for this) On the DHCP server, set a reservation on so IP doesn't change. For pfsense this is…