Tek's Domain


Fail2Ban Behind a Reverse Proxy: The Almost-Correct Way

Fail2Ban is a wonderful tool for managing failed authentication or usage attempts for anything public facing. However, by default, it’s not without it’s drawbacks: Fail2Ban uses iptables to manage it’s bans, inserting a --reject-with icmp-port-unreachable rule for each banned host. The thing with this is that I use a fairly large amount of reverse-proxying on this network to handle things like TLS termination and just general upper-layer routing. Since it’s the proxy that’s accepting the client connections, the actual server host, even if its logging system understands what’s happening (say, with PROXY protocol) and logs the real client’s IP address, even if Fail2Ban puts that IP into the iptables rules, since that’s not the connecting IP, it means nothing. What I really need is some way for Fail2Ban to manage it’s ban list, effectively, remotely. Luckily, it’s not that hard to change it to do something like that, with a little fiddling.

Continue reading

AbuseIPDB Checking With Postfix

Updated Dec 31, 2021

So if you’ve not heard, there’s this website called AbuseIPDB, which, no affiliation, is a website where webmasters can submit reports of abusive IP addresses, and then query those reports, either manually, or using their REST API. And this is how I did exactly that, to help cut down some of the spam on my email server. Let’s get started.

Continue reading

Graylog, and the Syslog Protocol, Explained

So if you’ve tried enterprise log management systems, you’ve likely heard of Syslog. If you haven’t, Syslog, is, well, a protocol designed to allow multiple hosts to send their system logs over the network to some other server where they can be analyzed and stored. It’s another one of those weird UDP protocols, and this one is actually stupid simple, even in both of the commonly used forms! Oh, we’ll also cover the one piece of software that I use that handles Syslog — Graylog, which by itself is also really cool.

Continue reading

Self Hosted Password Manager: vaultwarden

Updated May 1st, 2020

You familiar with Bitwarden? It’s another one of those password manager services that comes as a browser extension or standalone program, and allows for things like storing TOTP keys, generating new, secure passwords, and all that fun stuff. Except unlike others that I’ve seen, it has one difference: You can self-host an instance. Though, their self-hosted options look a little lacking unless you want to give them money. Well as it happens with an open sourced project, someone decided to create a Bitwarden API compatible server, thus creating vaultwarden. And this is why it’s cool.

Continue reading

How Git Efficiently Transmits Your Changes

So here’s a fun one. Have you ever noticed that even for huge changes to a repository, a git push only sends over a few kilobytes, maybe a few megabytes at most? If you’re familiar with the internals of git, you know that git stores an entire copy of the new file on commit. So how are these changes so small?

Continue reading

BorgBackup: (TODO: Insert Borg Joke Here)

I was really fighting with my inner self to have a straightforward title for this one, but alas, resistance is futile.

BorgBackup, or, for short, just “Borg”, is a relatively fast (more on that later), efficient, secure, and authenticated way of backing up multiple devices either on a single network, or even across networks (you’ll see, again, later). This is currently what I use for backing up my stuff, and, well, it’s just cool, and definitely something you should take a look at.

Continue reading

How Time Machine Works

For those unaware, Time Machine is the built-in backup application within macOS that will take incremental backups of your system to an Apple Time Capsule, or another local disk. Simple premise, almost as simple in execution. Let’s take it apart, shall we?

Continue reading
Older posts