Posts

It’s been a while – but that doesn’t mean I have stopped working. Holiday gets a bit in the way. Something I have been planning to do for quite a while now was to expand the RNET to a secondary site utilising OpenVPN tunnels in PfSense. I looked into setting up a secondary Proxmox Server… Read More »PfSense Site-to-Site VPN

I’ve rebuilt the Proxmox servers – the migration was pretty uneventful and incredibly easy. I installed PVE 7.2 onto a standby server, got that all configured to the way I kinda want it (LAGs, VLANs, storage). Backed up all LXC’s and VM’s, and used SCP to copy them over to the standby server. Switching them… Read More »RNET Rebuild – 2022 – 3 (Migration)

One of the fundamental things I’m trying to achieve here is primarily a complete rebuild of the production Proxmox servers. Secondly, a rebuild of all VM’s on these servers. I’ve realised that perhaps I need to shift my focus directly on the Proxmox servers rather than the VM’s within these servers. So let’s focus on… Read More »RNET Rebuild – 2022 – 2 (Standby Migration)

I feel like I’ve lived the Dunning-Kruger curve when working on this LDAP server, and perhaps I may still be in the Valley of Despair. I’m thinking to myself, why does LDAP have to be so absurdly fiddly when all that I require is a authentication server with a couple ACL rules! Currently (previously?) I… Read More »RNET Rebuild – 2022 – 1 (LDAP)

It’s not that I don’t like what I’ve done, but it’s that I feel I could do better. I feel like I’ve learnt a lot recently and want to give it another show. So the next couple posts are really just going to be progress updates, detailing what I have achieved. I’ve been thinking of… Read More »RNET Rebuild – 2022 – 0

Very quick post about something that has been bugging me for quite some time now, only now just putting up the effort to look for a solution. I’ve found the default interface of PfSense to be rather narrow, which got particularly frustrating when managing Firewall rules because of text wrapping. I found this lovely solution… Read More »How to make PfSense UI Wide

In a previous post I spoke about how imperative it is to keep you WordPress (and for that matter, many other things) as up-to-date as possible to counter frequently emerging exploits. Keep It Simple, Stupid As with most things applications we run, with complexity comes vulnerabilities. A primary tool we have for keeping our services… Read More »Checking your WordPress Server’s Security with WPScan

I primarily focus of Linux – though I recently came across this issue from a friends computer. Thought I might share the fix. It’s a bit of an obscure issue, and I thought there weren’t enough well document guides on how to fix this, particularly for non-tech-savvy users. It’s a relatively straight-forward procedure, it involves… Read More »Unable to Extend Windows Boot Partition – Blocked by Windows Recovery Partition

Last year I wrote about how to self-host a UniFi controller to manage some of your Ubiquiti gear without having to shell out for their UniFi Dream Machine and devices alike. What I did not elaborate on what how to configure the controller’s web UI to use port 443, instead of port 8443. The controller… Read More »How to make the Ubiquiti UniFi Controller use port 443

PatchStack, a leader in WordPress security and threat intelligence has recently released a whitepaper outlining the state of security in WordPress in 2021. The paper identifies quite a few staggering statistics, and some that should serve as a wake-up call for WordPress SysAdmins. Let’s quickly get the important details out of the way: WordPress has… Read More »Heed Caution WordPress Administrators

When you first install InfluxDB, if you head over to the API Tokens tab under “Load Data”, you’ll find an API token called something like “admin’s token”. This key is known as an Operator Token, it grants full read and write access to all resources across all organisations in InfluxDB. An Operator Token is effectively… Read More »Whoops! I deleted the InfluxD Operator Token

There comes a point where you begin to run out of time to individually babysit each of your VM’s and LXC’s. Actively and broadly monitoring your systems becomes a crucial point to maintaining your systems. To aid you in this, you can use Grafana dashboarding to present data Proxmox sends to InfluxDB. Understanding our Setup… Read More »Monitoring Proxmox PVE with Grafana and InfluxDB

If you’re collaboratively managing larger networks, with multiple subnets or VLANs, it’s best to move away from an spreadsheets and onto purpose built IP Address Managers. I use phpIPAM. It’s free and open source, has a lovely friendly user interface, free and open source, and manages more than subnets and IP addresses like devices, racks,… Read More »Installing NGINX phpIPAM on RHEL, CentOS, or RockyLinux

This guide can apply to basically any desktop, however there are some additional details I will be covering specifically for iMacs. I used to own an old 2008 iMac. Roughly around 2014 I built my own computer, and ever since this poor iMac has been collecting dust in my garage. It’s about time I got… Read More »Physical to Virtualisation for iMac

It’s 2022-02-08T21:45:17+11:00 here. Already, approximately 10% of the year has rushed passed. I’ve spent the last 6 weeks travelling over-sea’s, keeping a close eye on my servers from over 10,000 KM away. What are my plans this year? Network Rebuild One thing for sure is that you’re never going to get it right, not even… Read More »What’s Next?

Queue index.wma, we’re going back to 2008. I’ve been blessed with 3 Dell PowerEdge Servers (R710x2, T610). They’re not very fancy but they perform beautifully. Each server is equipped with an iDRAC 6 Enterprise card which I can use to access the servers remotely. Unfortunately, they’re about 10 years old and use deprecated encryption algorithms… Read More »Using iDRAC 6 in 2021

For a while now, I’ve been using UniFi at home, and have since been impressed with its reliability and capabilities. Though, I have only purchased the Unifi AP’s, and no other Ubiquiti networking equipment (so far) because, well, I can’t afford it lol. To operate UniFi AP’s to a decent extent, you really need to… Read More »Self-Hosting the Ubiquiti UniFi Controller

I thought I’d just take a moment to draw attention to a BBC News article regarding Internet Centralisation that I had raised earlier, titled “Why does the internet keep breaking”. I previously mentioned a couple of similar issues but I feel like Prof. Buchanan describes it well. Internet scientist Professor Bill Buchanan agrees with this… Read More »RE: Fall of the Decentralised Internet

What once was the “World Wide Web” is now turning into more of a “World Wide Logical Star”, where practically all of our infrastructure is controlled by a select few corporations powered by greed and control, not for the greater for the internet but the greater of their pocket. The Beauty of Decentralisation Way back… Read More »Fall of the Decentralised Internet

Subnets and VLANS What was the saying? Don’t keep all your eggs in one basket? A fundamental requirement for properly securing a network is to segment it based on it’s requirement. To do this we split our network into subnets and VLANs (Virtual LAN). Although all the devices may share one physical connection, we can… Read More »Securing your PfSense Network (Part One?)

Foreword Let me start by getting this out of the way – I don’t disagree with assigning an IP address on the machine itself, it’s a great way of ensuring that a machine gets the right IP address. That being said, there comes a point when you have too many machines to manage and it… Read More »Using ISC Kea DHCP

Enjoyed this and thought it should be shared.

It’s hard to come by an online service that does not utilise some form of username/password method of authentication. It’s an unfortunate (but difficult to commonly replace) system of verifying access that has been so greatly implemented in all our systems. Fortunately, we’re seeing the rise of Multi-Factor Authentication, and password security awareness but habits… Read More »Your Password Mutation Formula is Not Enough

I’m ashamed to admit, it took me quite a while to get LDAP authentication up and running. I’m looking to ensure that I can authenticate using LDAP for all my services, it’ll save me from having to either remember a million different passwords or have to go through a mad hassle if I need to… Read More »PfSense LDAP Authentication

I’ve launched status.rajchert.net using statping. Statping sends ICMP, HTTP, and UDP messages to various services that operate on my servers as well as some 3rd party services. It’s pretty impressive, and was rather straight forward to install. Now, I can foresee an issue with the method of installation I have taken. The correct way of… Read More »RNET Status Monitor