The Perfect Reverse Proxy (NGINX, SSL, WebUI Management)

Reverse Proxy.  I’ve been implementing reverse-proxy solutions in lab and in production for some time now, but I always come across the same problem; It’s not the easiest type of a system to manage, especially when there are SSL certificates involved. Now, before I started looking for an easy-to-manage SSL solution, I figured I’d find some sort of web interface for the NGINX config files and other basic server management. After some searching and testing, I decided on Ajenti. Ajenti is a python-based linux control panel that makes installing packages…

Read More

netdata: A remarkable server monitoring utility.

I wanted to write a short introduction to a tool that I’ve been using a lot on my newest servers and development projects. This tool seriously provides the most amazing way of monitoring and comprehending your server’s performance and other metrics that I’ve seen in such a simple, lightweight installation. Here’s the current RAM utilization of my server, thanks to netdata: From the readme: netdata is a system for distributed real-time performance and health monitoring. It provides unparalleled insights, in real-time, of everything happening on the system it runs (including…

Read More

How to install NGINX, get a free SSL certificate, and configure a reverse proxy (part two)

This is part two, the final part of configuring NGINX with SSL as a reverse proxy. Now that you have successfully installed NGINX and obtained a free SSL cert, you can proceed.   There is one important thing to note when configuring reverse proxy: For each “subfolder” you want to act as a proxy to another server, you must have that server configured to listen on that subfolder.   This makes little sense in plain english so let’s review briefly, using CouchPotato as our example: Say I run CouchPotato on…

Read More

How to provide Guest WiFi network access securely with Cisco Meraki Appliances

If you have an office, facility, or residence with a lot of guest traffic and are needing to provide the guests with their own network using your existing Meraki equipment, this is the best way to do it. For this example the environment is using the following devices: Cisco Meraki MX100 Router Cisco Meraki MS350-48p Switches Cisco Meraki MR42 APs Brief: The Guest clients should: be denied access to the Secure network (LAN, Secure WLAN, etc) be unable to communicate with each other (client isolation). have bandwidth restrictions. have unique content…

Read More

What ports (TCP and UDP) are required for remote access to ESXi with vSphere Client?

I manage a large number of ESXi hosts. These are at remote locations and it’s sometimes extremely difficult for me to gain access to the vSphere console unless we have a site-to-site VPN connection with the client. One of my recent challenges (hah) was remotely accessing and managing an ESXi console via port forwarding. So, even though it’s generally no problem finding information like this, I struggled finding the ports that pertain only to vSphere remote access. The other articles showed me way too much! So here it is! How to…

Read More

Secure your Sophos Network: Use Network Groups for Trusted Remote Hosts.

My primary concern lately as my internet presence has grown has been in the general realm of security. How do I know that no one is accessing my port-forwarded server? How do I know that no one is logging into my router? […] An easy answer to this has always been limiting inbound connections to trusted hosts; But that’s not always an easy solution. Most consumer routers don’t even support this (correct me if i’m wrong) and in most firewall applications it can be cumbersome to append and manage trusted…

Read More

How to fix Sophos UTM 9.4 install.tar wasn’t found on the installation media

I’ve been deploying Sophos Virtual Appliances recently and so I was presented with a bit of a challenge when the install was failing on physical hardware. Error: install.tar wasn’t found on the installation media. Error: install.tar wasn’t found on the installation media. This happens because during part of the installation process. the USB drive is un-mounted and needs to be mounted again. It also expects to find install.tar at /install/install/install.tar and so we must mount the device to the /install path.   You don’t need to be a wizard to…

Read More

Terminology: Understanding MDFs and IDFs

Many times, early on in my tinkering or trying to learn about computer systems, I would wonder about certain terms or ideas that would come up on a “higher level”. The capabilities of my brain sometimes couldn’t wrap up the thoughts that make up an idea or a concept into a single term, and so I didn’t understand some of these things, like when I saw MDF or IDF for the first time. MDF is short for main distribution frame. This is the central point of a network, no matter the size.…

Read More

Sophos UTM Country Blocking: Oops!

Background: My girlfriend has an AirBnB service for a spare room in her home. I have a Sophos UTM appliance running her home network. Okay! Last night my girlfriend received a text on behalf of our guest stating that the WiFi wasn’t working. We were out for pizza + beer, so we didn’t exactly rush home to check it out. […] This morning we got word again; “the WiFi isn’t working, they say they need to use the WeChat app” I logged in to the Wireless AP and it checked out. It’s…

Read More

How To: Set up Client VPN Remote Access on Sophos UTM for iOS, iPhone, iPad

The iPhone supports IKEv2, IPsec, and L2TP Client VPN. Sophos UTM supports SSL, PPTP, L2TP over IPsec, IPsec, and more VPN protocols. For this guide, we are going to use iPhone’s L2TP VPN Client to remotely connect to our Sophos UTM. To start, log in to your Sophos UTM and select the “Remote Access” section Click L2TP over IPsec for compatibility with iOS   Enable the protocol by toggling the switch to “enabled” Choose Authentication Mode: Preshared key Create a secure key and repeat it 2x below Assign IP address…

Read More