Skip to content

3rd April 2023

Coding

Languages

Configure Docker to host the application

  • New: Disable ipv6.

    sysctl net.ipv6.conf.all.disable_ipv6=1
sysctl net.ipv6.conf.default.disable_ipv6=1

DevOps

Authentication

Authentik

  • New: Protect applications that don't have authentication.

    Some applications don't have authentication, for example prometheus. You can use Authentik in front of such applications to add the authentication and authorization layer.

    Authentik can be used as a (very) simple reverse proxy by using its Provider feature with the regular "Proxy" setting. This let's you wrap authentication around a sub-domain / app where it normally wouldn't have authentication (or not the type of auth that you would specifically want) and then have Authentik handle the proxy forwarding and Auth.

    In this mode, there is no domain level nor 'integrated' authentication into your desired app; Authentik becomes both your reverse proxy and auth for this one particular app or (sub) domain. This mode does not forward authentication nor let you log in into any app. It's just acts like an authentication wrapper.

    It's best to use a normal reverse proxy out front of Authentik. This adds a second layer of routing to deal with but Authentik is not NGINX or a reverse proxy system, so it does not have that many configuration options.

    We'll use the following fake domains in this example:

    • Authentik domain: auth.yourdomain.com
    • App domain: app.yourdomain.com
    • Nginx: nginx.yourdomain.com
    • Authentik's docker conter name: auth_server

    The steps are:

    • Configure the proxy provider:
    # ---------------
# -- Variables --
# ---------------

variable "prometheus_url" {
  type        = string
  description = "The url to access the service."
}

# ----------
# -- Data --
# ----------

data "authentik_flow" "default-authorization-flow" {
  slug = "default-provider-authorization-implicit-consent"
}

# --------------------
# --    Provider    --
# --------------------

resource "authentik_provider_proxy" "prometheus" {
  name               = "Prometheus"
  internal_host      = "http://prometheus:9090"
  external_host      = var.prometheus_url
  authorization_flow = data.authentik_flow.default-authorization-flow.id
  internal_host_ssl_validation = false
}

Operating Systems

Linux

Linux Snippets

  • New: Automatic reboot after power failure.

    That's not something you can control in your operating system. That's what the BIOS is for. In most BIOS setups there'll be an option like After power loss with possible values like Power off and Reboot.

    You can also edit /etc/default/grub and add:

    GRUB_RECORDFAIL_TIMEOUT=5

    Then run:

    sudo update-grub

    This will make your machine display the boot options for 5 seconds before it boot the default option (instead of waiting forever for you to choose one).

  • New: Add sshuttle information link.

    If you need a more powerful ssh tunnel you can try sshuttle