We use Debian for our systems. Not only because we love it, but also because you can harden and secure it very well. One of the many security precausions for Debian-based Linux distributions are unattended upgrades.
Adding and removing nginx response headers
If you’re using nginx as your preferred web server, reverse proxy, load balancer or HTTP cache, then you might be familiar with HTTP response headers. Nginx allows you to customise those HTTP response headers very easily.
SSL Certificate with SubjectAlternativeName (SAN)
If you want to create an SSL certificate for multiple subdomains, you could either use a wildcard certificate like *.example.com or you could use an SSL certificate with SubjectAlternativeName (SAN). For example, if you create an SSL certificate with SubjectAlternativeName (SAN) like this: CN: gitlab.example.com SAN: registry.example.com, mattermost.example.com In my understanding it was one main […]
sysctl tuning on Linux
While most Linux Kernels nowadays come with nice sysctl defaults, there’s always room for improvement. Some parameters can be used for performance tuning, others can be critical for security hardening. What is sysctl? sysctl is an interface to view and dynamically change parameters in Linux and other *NIX operating systems. In Linux, most of the dynamic Kernel settings can be […]
Adding a new trusted certificate authority
In this blog post we show you how to add a custom certificate authority to the trusted certificate authorities of an OS distribution. Additional, we’ll publish an Ansible playbook to manage the trusted certificates.
Deploying SSL private keys with Ansible
When you’re using Ansible or any other configuration management tool, you might come in contact with deploying SSL certificates sooner or later. While deploying public SSL certificates isn’t a security issue at all, the deployment of private keys become more critical – at least if you want to deploy them securely.