Cloud network design

System Administration Cloud Platforms Networking

Cloud VPCs come with some subnet configuration predefined. It is usually best to delete the default VPCs, and define subnets yourself. This article contains an overview of how to design subnets in the cloud, and gives concrete examples to use in real environments.

SFTP server with isolated users

System Administration SFTP Security

SFTP is an old protocol that still sees a lot of usage, for a good reason, it is very secure. Let’s take a look at how to configure SSHD to support multiple isolated SFTP users, using Ansible.

PostgreSQL rotate password

Software Engineering PostgreSQL Security

Quick recipe for how to rotate password in PostgreSQL without downtime. PostgreSQL roles can be created as members of another role, giving them the potential to inherit their privileges, assuming the INHERIT attribute is set (the default).

Counters with PostgreSQL and Django

Software Engineering PostgreSQL Python Django

Almost all web apps will need counters. Let’s take a look at how to create counters that are accurate and have good performance. Perhaps you want to count the number of related objects per object, such as total number of comments per article. Or perhaps you want to count the total number of things in a system, such as total number of users. In either case, there are certain things that must be taken into consideration, to avoid slowing down performance, and to ensure correctness.

Docker builder pattern

Software Engineering Docker Linux

When talking about Docker, the typical case is that the resulting build artifact of the project is a Docker image that will be pushed to a Docker registry and subsequently run on some production server. That’s not what this blog post is about. Docker can be used very effectively in a project, to create isolated build environments, even if the result of the project has nothing to do with Docker or containers.

Django settings package

Software Engineering Python Django

When starting a new Django project, you get a file with some initial basic settings in it. This is rarely complex enough for real world projects. Lets take a look at how to improve the settings management in Django. There is no claim that the examples here will fit perfectly for your specific project. However, this provides a framework for dealing with Django settings, and it is based on several years of real world experience in large Django projects.

Samba 4 on FreeBSD with ZFS and NFSv4 ACLs

System Administration FreeBSD ZFS Storage

Configuring Samba has never been one of my favourite things. This is just a quick recipe setting up Samba on FreeBSD with a dedicated ZFS filesystem that uses ACLs. It is set up for a single user, where the user gets full control over all files. It can be adapted to support more users by using groups, and configuring permissions / ACLs for that. It is written for FreeBSD 11 and Samba 4.

FreeBSD Iocage Primer

System Administration FreeBSD Jails

Jails is a very stable and mature feature in FreeBSD. However, the standard interface for jails is slightly too cumbersome for my taste. The Iocage project provides a higher level interface for administrating jails. Currently, the project is in a bit of flux, the original (now legacy) version was written in shell script. The new version is written in python. The new version is not available as a binary package, it’s only available from ports, under the name sysutils/py3-iocage, and requires Python 3.

SuperMicro X11SSM Assembly

Hardware FreeBSD ZFS

The main purpose of this server build is to be a NAS. To host a bunch of storage, and related network services such as Samba. Similar to FreeNAS, but based on a regular FreeBSD install. But I also wanted to be able to do a bit more, such as experiment with different applications, and run multiple virtual development servers, and maybe even run some heavier things like a public game server.

PC Engines APU2C4 Assembly

Hardware Networking

So, I decided I need want a new router. Partly because the support ended for my current Netgear router, and because I always wanted a good reason to run some BSD so I could learn more about it and networking in general. I researched a bunch of boards with Intel Atom / Celeron CPU’s at first. But finally decided on a PC Engines apu2c4, for some not too shabby reasons: