Guide till starka lösenord

Använd minst 12 tecken långa lösenord. Ha olika lösenord för varje tjänst. Låt en lösenordshanterare komma ihåg dem så du slipper. Tre råd som löser de flesta lösenordsproblem för användare. Läs vidare för mer information om lösenord för både användare och utvecklare.

Content security policy headers when using Matomo or Google analytics

I recently added a Content Security Policy header to my web servers. I found a number of issues around getting analytics and embedded videos and maps working. Other sites will have more issues but I suspects these are among the most common.

Setting up a server firewall with nftables that support WireGuard VPN

With Debian 10 (buster) the default firewall is nftables so it’s time to convert my iptables rules. Since Debian stable is never first with anything I was surprised to see how relative few articles and blogs there are about nftables compered to iptables.

Using Ansible to setup a WireGuard VPN server on Debian

I have been watching the WireGuard project with interest for a couple of years. I like how WireGuard is constructed. A small code base that focus on the core functionality. The use of standard Linux networking tools and simple public/private keys.

Security camera with Raspberry Pi

Some tulips eating animals gave rise to the need of a security camera system. One could have bought a ready made system but that’s boring and as recent events show, their security is often abysmal. Much better to build my own system and I have been mening to play with the Raspberry Pi computers.

My first 2 minutes on a server - letting Ansible do the work

After reading articles like My First 5 Minutes On A Server by Bryan Kennedy and My First 10 Minutes On a Server by Cody Littlewood I was inspired to write up how I setup a new server. There are no special tricks in the way I setup servers to make them secure.

Let's Encrypt my servers with acme tiny

Let’s Encrypt is a project that offer free domain validated SSL/TLS certificates. The organisations and companies behind it includes EFF, Mozilla, Akamai and Cisco as well as many other. EFF has long been working for HTTPS Everywhere and Let’s Encrypt is a big step in this direction.

Set upp SSH account that only allows Bazaar server commands via key authentication

Here follows a solution for a convenient and secure way of allowing other machines to connect to the Bazaar repository on my server via SSH and key authentication. I only want to allow Bazaar commands and not any other. This setup should be easy to adapt for Git and Mercurial (hg) or any other application that sends command via SSH.