DNS zone serial monitoring

My domains are currently hosted on 1984 FreeDNS nameservers. Even though this service is free to use, zones are hosted on 5 servers.

I've been monitoring that, whenever I update one of my zones, changes are properly propagated on their side.

For that, I've been using the following script, and Monit.

Read more  ↩︎

New Year. New Blog.

No new blog post here in over 6 years! Like a server's uptime, a streak like that is meant to be broken, I guess?

I won't be writing anything too technical however, just letting people who might find this blog know what I'm up to.

Read more  ↩︎

Updating passwords with Ansible

I've recently migrated from KeePassXC to Bitwarden_RS (which I highly recommend, by the way) to manage my passwords.

I figured it was an opportunity to update passwords I hadn't changed in... years. My Linux users' passwords were among those.

Instead of updating them manually on each machine, I thought there might be a way to do so with Ansible, and since it turns out there is, I thought I might as well share it here!

Please be careful when it comes to password modification automation. You might end up locking yourself out of your servers.

Read more  ↩︎

Debian repos over HTTPS

I've been using deb.debian.org as the main debian repo on my servers pretty much since it's become available.

I've recently realized that the service is available over HTTPS, and since I'm all about encrypting all of the things, I figured I'd configure it on my servers.

This is going to be a very short post on how to do the same.

Read more  ↩︎

Self-hosted report-uri

I've been playing with the security headers for this website for the past few days, most notably with the Content-Security-Policy as well as the Expect-CT headers.

After having spent a few hours on this, I'm pretty happy with the results !

Screenshot-2018-11-27-at-21.52.58 Source : Observatory by Mozilla

This website runs on a Ghost installation that I keep up-to-date. Since an update might mean that the site will try to load new external resources, the Content-Security-Policy header might need updating as well.

This header has a report-uri directive that makes web browsers send json-formatted messages of policy violations they encounter.

There's a great website (Report-URI) that you can use to handle these reports. It allows up to 10.000 reports per month with a free account, which should be enough for a low to mid trafic website once you've setup your initial policy.

However, since I'm all about self-hosting all of the things, I figured I would configure my own report-uri using a php script.

Read more  ↩︎