Harden your public webserver
This three-part guide shows three simple steps to increase server security.
Set up a simple SSH bruteforce check in Graylog
There is no security without proper log monitoring, but nobody has time to check all logs all the time. Graylog automates that.
Sandbox Systemd Units
What many do not know is that SystemD offers the possibility to restrict services and very easily displays the exposure level.
Add 2FA in OPNsense NGINX reverse proxy
OPNsense version of NGINX supports “auth_request” only very limited. 2FA apps like Authelia as authentication provider are not possible behind OPNsense’s NGINX version. Nevertheless, you do not have to do without 2FA completely.
Add two factor authentifcation (2FA) to paperless-ngx
Paperless-ngx does not support a second factor by default. However, with Authelia and a NGINX reverse proxy, this can be retrofitted.
Inject Nextcloud secrets via environment variables
Few know that you can also configure Nextcloud via environment variables. With this possibility you can save the storage of passwords in the Nextcloud config.php.
Secure your Docker passwords with Hashicorp Vault and Ansible
Two part series: Password security with Hashicorp Vault and Ansible for Docker
Get dynamic secret variables in VSCode’s Thunder client from Hashicorp Vault
Those who want to test APIs usually need passwords or tokens, which almost all API test clients keep plaintext. With Hashicorp Vault as a secret manager, however, you have a way to remedy this deficiency as well.