Search Results

Here's a quick and dirty way to upload SSH keys to a remote user account, using the CAT command. This can be done, if your local host doesn't have the ssh-copy-id utility. If you do not have ssh-copy-id available, but you have password-based SSH access to an...

See this article for an update based on obsolete SHA-1 RSA key usage: Ubuntu 22.04 SSH the RSA key isn't working since upgrading from 20.04 NOTE: We currently have two tutorials for this, that need to be consolidated into one. So, maybe this alternate tutoria...

Here are special instructions for setting up a vault cluster. NOTE: See the regular setup page for other details: Hashicorp Vault Setup DNS Resolution Since the vault services will communicate with eachother over TLS, they will need certificates.And as such...

These steps are for a new vault cluster that has been configured and started up, but is in an unsealed state. For an existing cluster with unsealed nodes, see this page: Handling Vault Node Restart Leader Initialization The following will initialize a new v...

When creating access tokens for HashiCorp Vault, you always want to prevent them from falling into the wrong hands, or showing up as clear-text in command line history, logs and audit trains. To reduce the chance of tokens being passed in the clear, you can c...

Here are notes on access token administration. Be sure that you've already setup an administrative policy in your vault cluster.See this page for how: Vault Administrative Setup Creating Admin Tokens Once the admin policy exists, you can create administrati...

Here are instructions on how to unseal a single-node vault cluster. Vault CLI Comms For the vault command to communicate with the running service, we must set an env variable for it: export VAULT_ADDR=https://your_domain:8200 NOTE: You may have to set the ...

Once you have a vault instance or cluster unsealed, you can setup auditing, and administrative policies, with these instructions. See this page for how to setup a vault instance or cluster: Hashicorp Vault Setup Audit Logging Create a folder for capturing a...

Here are steps you can follow to setup a vault instance as a Root CA. NOTE: This page assumes that you have created a single-node vault instance to serve as your Root CA.See this page for how to do that: Hashicorp Vault Setup NOTE: These steps will create a ...

Here are instructions for setting up a vault instance as an Intermediate CA. NOTE: This page assumes that you have created a single-node vault instance to serve as your Root CA.See this page for how to do that: Hashicorp Vault Setup NOTE: Always create the I...

Accessible at: 192.168.1.12Project files stored here: “\\192.168.1.11\zfs_mirror3\Projects\Dormant\NTP Raspberry Pi Server” Build Data Runs Raspian on a Raspberry PI Static IP Address was set in: /etc/dhcpcd.conf Installed ntpstat with this: sudo apt in...

Status For hosts in isolated VLANS, we provide access to a local NTP server, via firewall rules. The local NTP server is at: 192.168.1.12. See this page for the local NTP server: Local GPS NTP Time Server The main router includes a floating firewall rule t...

Each time a Vault node restarts, you will have to unseal it, so that it can participate in the cluster.Here are steps to do that. Switch to root on the node with: sudo -i Set exports for the node: NOTE: Make sure that the vault_addr variable is pointing to...

Current as of: 20250126 This list will be revised as more steps get automated. This is a working list of manual steps that cover the genesis to deployment of a new cloud service, library, or app. It includes steps to define, document, create, configure, aut...

Here are steps to install Visual Studio 2022 in an offline environment. It involved creating a layout fileset, which is what the installer runs from.This is created by a bootstrap executable, below. Layout Download From a machine with internet access, downl...

https://www.linkedin.com/pulse/raft-leader-election-net-practical-guide-david-boyarov-z5x4e/ https://raft.github.io/ https://thesecretlivesofdata.com/raft/ https://medium.com/microsoftazure/geo-redundant-stateful-service-made-easy-with-asp-net-core-next-and...

Here's quick instructions for deploying an SSL key/cert pair to an NGINX instance. NOTE: These steps are assumed to be executed as root. Elevate to Root Elevate to root with this: sudo -i Create SSL Folder By default, a fresh NGINX install doesn't yet co...

When running an API behind a reverse proxy, such as NGINX, the service will not, by default, see the scheme and port of the incoming call. By default, the API service will see the scheme and port of the direct call to it, which will likely be http and some int...

If you have an API service that is called by multiple server blocks of an NGINX proxy, and the server_name is different between each one, then your NGINX is using hostname separation to identify what origin is used. When this happens, the origin (scheme, host...

This is a series of pages that describe a generic object management stack. The idea being that it will have: Common Object Properties All object types will be identified and referenced by a UUIDv7. The identifier shall be called an ObjID, or just Id, if in...