![](/static/253f0d9b/assets/icons/icon-96x96.png)
![](https://fry.gs/pictrs/image/c6832070-8625-4688-b9e5-5d519541e092.png)
Now that’s a name I’ve not heard in a loooong time.
Now that’s a name I’ve not heard in a loooong time.
What is your root filesystem installed on - lvm, zfs, or bare disk partitions? Are you booting with grub (legacy/bios) or systemd-boot (uefi)?
It would be enormously easier to track Taylor Swift on a random flight in business class, because the moment people saw her on their random flight in business class it would turn into a social media frenzy.
This is just an attack that attempts common username/password combinations on ssh, and the article even states that the worm is dime-a-dozen. Unless you have both password auth enabled and an available account with an easily guessable password (and if you have either you should change that), this is nothing to worry about, even with sshd available to the internet.
Sensationalist title.
I’d personally recommend putting your provisioning steps for each service into Ansible playbooks. That way, you can spin them all up from zero any time, distribute them across different hosts, in vms or lxc containers, any way you like.
I’m with you there. It’s all layer upon layer of vulnerability and false security, and then at the bottom of all of it lurks the Ken Thompson hack.
Still bad advice to tell people it’s okay to use an explicitly vulnerable OS, I think.
Would you advise your enterprise clients that running Windows unpatched is ‘not a big deal as long as you have patched web browsers and AV’? Of course not. Because that’s dangerous advice and could even open you up to legal liability.
So why would you advise otherwise to home users, who are often more vulnerable in the first place?
Not having security patches on a system you do things like go to your banking website on is actually a pretty big deal, and I don’t think it should be dismissed lightly. Also AV is mostly snake oil, and is in no way an adequate substitute for a properly patched OS.
Not dumb questions! All part of the learning process.
A dns entry by nature only points to an ip address, and when you go to that address in a web browser without a port manually specified, your browser will by default connect to port 80 (http) or port 443 (https) on that address.
I’m going to explain using port 80 to start, since you don’t have to setup ssl certificates that way.
Your reverse proxy should be the thing listening on port 80, where it will proxy those requests by hostname (your dns entries) to the ports each other service is listening on. For example, the Adguard web ui should be at port 3000 (its default, I think) instead of 80/443, and in your reverse proxy config you’ll set it up have requests to http:// your-adguard-hostname.yourdomain.tld reverse-proxy to port 3000. Put your other services on other ports (ports in the 8000s are common for this), and have your nginx config point to them by hostname.domain.tld the same way.
Set up that way, when you go to http:// adguard.your-domain.tld in your browser, your request will hit your server on port 80 where your reverse proxy is listening, and your reverse proxy will send it to port 3000 where adguard is listening. You could also go to http:// adguard.your-domain.tld:3000 to bypass the reverse proxy.
As an aside, Adguard will also be listening on port 53 for dns requests, and the dns entries for all of the services you set up will be looked up through that port, not the web proxy.
You can apply the same process to port 443, but it gets more complicated because you need to set up ssl certificates for that. For simplicity, you can set up a single self-signed wildcard certificate for your reverse proxy to use, and you don’t usually need ssl between the reverse proxy and other services on the same server. Your browser will complain about the self-signed certificate, but if it’s all internal it’s okay. Setting up proper certificates for each hostname.domain.tld is a whole other rabbit hole, but great to learn and great to have done.
I think it’s actually just UK (“realise”) vs US (“realize”) spelling differences.
Thank fucking god for the EU, for fighting for global digital rights where nobody else does.
DNS is what you’re looking for. To keep it simple and in one place (your adguard instance), you can add local dns entries under Filters > DNS Rewrites in the format below: