Getting Chasquid up and running on Debian

An article, posted 6 days ago filed in Chasquid, email, postfix, mail, tls, letsencrypt, debian, linux & server.

For quite some time I have been looking into setting up my own mail server. But having configured postfix for a little service I run, I'd been cautious making changes into that direction. Postfix offers too many configuration options, too many settings and all in a way that's too arcane to me; every change in fear of accidentally creating an open relay by accident.

But recently I came across an article by SIDN about four modern systems for self hosting e-mail and I was intrigued. Especially about Chasquid, with its limited scope and focus on security, also through ease of configuration.

Getting started

Actually the tool comes with a nice setup guide. And first bonus, it suggest to just make use apt (although it won't get you the latest); no special repos. So I made sure a test server I had running was updated to the latest Debian and installed Chasquid a…

Continue reading...

Block troublemakers using fail2ban

An article, posted more than 3 years ago filed in how i do it, debian, unix, configuration, server, devops, security & nginx.

I don't mind running my own virtual servers. Fail2ban is a tool I've had running on my servers for years. It helps fencing of requests from ip-addresses that repeatedly misbehave when connecting to SSH and postfix. I never got to creating my own rules. I thought I had to write it in some arcane scripting language, but recently I learned it is pretty easy.

In this case I wanted to block 500 (internal server error) and 422 (Unprocessable Entity) errors. A server error once in a while is expected, but repeated server errors are suspicious. Common source of these errors are scripts that scan for things like SQL injections.

Examples given are for Debian.

/etc/fail2ban/filter.d/nginx-errors.conf

[Definition]

failregex = ^ -.*"(GET|POST|HEAD).*HTTP.*" (500|422)
port = http,https
ignoreregex =
backend = auto
logpath = /var/log/nginx/access.log
bantime = 600
maxretry = 10

And appending to /etc/fail2ban/jail.local

Continue reading...

A somewhat secure Debian server with nginx, Passenger, rbenv for hosting Ruby on Rails with mail support and deployment with Capistrano

An article, posted almost 11 years ago filed in ruby, rails, passenger, postfix, debian, installation, rbenv, setup, vps, configuration, nginx, mailing, deployment, capistrano, linux, server, ssh, guide, how i do it & security.

Basically this is a technical note to myself, in case I need to setup another server for running yet another personal Ruby on Rails project. And don't worry, I'm not going to replicate all nice guides out there, just filling in the gaps.

So let's start with the list of bookmarks I follow as a start. Note that in these tutorials mostly a user is used named 'deploy'. Typically I create a user per project and name databases etc. accordingly.

  1. Get security right first: My first 5 minutes on a server or essential security for Linux servers
  2. Then I get Rails up and running with this how to install Ruby on Rails with rbenv on Debian
  3. (in case you want to use the server as your remote git repo too) [Git setting up a …

Continue reading...

How to do it: Using screen

An article, posted almost 12 years ago filed in tutorial, linux, server, introduction, ssh, unix, guide, debian, command line & how i do it.

A technical note to myself: One way of doing multiple things simultanenously on a server can be by setting up multiple connections via SSH, that's how I used to do things before. An alternative is to use a single connection and use the command screen on the remote server. Another good reason to use screen is if you have a long running process that you don't want to break just because your SSH connection flips on and off with your computer going in and out of stand-by.

This is for absolute beginners. If you don't know about screen, this is for you. If you are already familiar with screen, I probably won't be able to educate you :o

So what is Screen?

GNU Screen is a kind of window managment system for the terminal (you're ought to say terminal multiplexer) and has several advantages over using multiple SSH connections. Most importantly: the processes keep running when SSH d…

Continue reading...