Posts

Terraform

Terraform Terraform is an open-source infrastructure as code software tool created by HashiCorp. It enables users to define and provision a datacenter infrastructure using a high-level configuration language known as Hashicorp Configuration Language, or optionally JSON. Here is a simple guide on how to install Terraform on your system and how to use it to provision a datacenter infrastructure. Table of Contents Prerequisites Getting Started Commands welp Prerequisites Docker Docker Compose Proxmox VE Proxmox VE API Token Getting Started Create a directory for Terraform and a docker compose file mkdir -p ~/Terraform cd ~/Terraform nano docker-compose.

Saturday, January 25, 2025 | 3 minutes Read

Monitoring with Grafana

Introduction Grafana is an open-source platform for monitoring and observability. It allows you to query, visualize, alert on, and understand your metrics no matter where they are stored. In this post, we will see how to monitor a Kubernetes cluster using Grafana. Prerequisites A Kubernetes cluster Helm The following argument in your kubernetes service file to enable additional metrics: --kube-controller-manager-arg bind-address=0.0.0.0 --kube-proxy-arg metrics-bind-address=0.0.0.0 --kube-scheduler-arg bind-address=0.0.0.0 --etcd-expose-metrics true --kubelet-arg containerd=/run/k3s/containerd/containerd.sock Install Grafana & Prometheus Add the Helm repository helm repo add prometheus-community https://prometheus-community.

Tuesday, April 30, 2024 | 4 minutes Read

Traefik with Cert-Manager on Kubernetes

Introduction Traefik is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy. It is designed to handle high traffic workloads and can be used to route traffic to different services based on various criteria. Traefik is a popular choice for Kubernetes users because of its ease of use and powerful features. Installing helm Helm is a package manager for Kubernetes that allows you to easily install and manage applications on your cluster.

Sunday, April 21, 2024 | 7 minutes Read

Wazuh Agents management with ansible

This Ansible project aims to streamline the management of Wazuh agents across a distributed infrastructure. By automating the installation, maintenance, and removal of Wazuh agents, this project ensures secure and uniform host monitoring within the network. Prerequisites Ansible 2.9+ installed on the control machine. SSH enabled on all target hosts. Target hosts must be running Linux with apt (e.g., Debian, Ubuntu). The variables file vars/vars.yml must be correctly configured with your environment’s details.

Sunday, April 21, 2024 | 4 minutes Read

Authentik

💡 To secure access to applications using Traefik as a proxy/reverse proxy and Authentik as an Identity Provider, it's crucial to understand the role of each component and how they interact. Here's a detailed documentation based on the provided configuration files and specified requirements. Traefik Configuration Traefik acts as a dynamic reverse proxy, routing client requests to the appropriate backend services. It’s configured to use Let’s Encrypt for SSL certificates via Cloudflare, enabling secure HTTPS traffic.

Saturday, April 20, 2024 | 5 minutes Read

Bind9

💡 DNS (Domain Name System) is a crucial component of the internet infrastructure, and BIND9 is one of the most widely used DNS server software. This tutorial will guide you through the basics of setting up and configuring BIND9 for your DNS needs. Installing BIND9 with Docker Compose To install BIND9 using Docker Compose, follow these steps: Create a new directory for your BIND9 configuration files. Create a new file named docker-compose.

DNS
Docker

Saturday, April 20, 2024 | 4 minutes Read

Traefik

1. Prerequisites Docker and Docker Compose installed on your server. Access to a domain and Cloudflare API credentials for SSL certificate management via ACME. 2. Traefik Configuration Your Traefik setup is split into two main parts: the docker-compose.yml file and the traefik.yml configuration. Docker Compose for Traefik docker-compose.yml --- networks: frontend: external: true services: traefik_NESS: container_name: traefik_NESS image: traefik:2.10.5 ports: - 80:80 - 443:443 volumes: - ./config:/etc/traefik - /var/run/docker.sock:/var/run/docker.sock:ro - .

Saturday, April 20, 2024 | 4 minutes Read

GPG

GPG 💡 The main objective of this project was to secure file transfers between two servers using GPG encryption. This measure aims to ensure that sensitive data remains confidential and intact during transmission and storage. Prerequisites: Have SSH installed and configured on both servers 1. GPG Installation Server 1 and Server 2: GPG was installed on both servers to enable file encryption and decryption. The installation was done via the package manager of each operating system.

Wednesday, March 20, 2024 | 4 minutes Read

GitLab

Gitlab install Pre-requis Ubuntu server CPU: 2 // RAM 4Go // Disk : 16Go Install and configure the necessary dependencies sudo apt-get update sudo apt-get install -y curl openssh-server ca-certificates tzdata perl Add the GitLab package repository and install the package curl https://packages.gitlab.com/install/repositories/gitlab/gitlab-ce/script.deb.sh | sudo bash sudo EXTERNAL_URL="https://gitlab.your-domain.com" apt-get install gitlab-ce Create user Acces the GiLab Rails Console: sudo gitlab-rails console Create User user = User.new(username: 'username',name: 'name', email: '[email protected]', password: 'password', password_confirmation: 'password') user.

Sunday, March 3, 2024 | 1 minute Read

AWX Install

Introduction to AWX AWX provides a web-based user interface, REST API, and task engine built on top of Ansible, which is a powerful IT automation tool. It is the upstream project for Red Hat Ansible Tower, a commercial derivative of AWX. AWX allows users to manage Ansible playbooks, inventories, and Schedule jobs to run using the web interface. Key Features of AWX: Web Interface: AWX offers a user-friendly web interface that makes it easy to manage and run Ansible playbooks.

Friday, March 1, 2024 | 3 minutes Read

SIEM Wazuh

Clone git repository git clone https://github.com/wazuh/wazuh-kubernetes.git -b v4.7.3 --depth=1 cd wazuh-kubernetes Setup SSL Certificate You can generate self-signed certificates for the Wazuh indexer cluster using the provide script or provide your own. Generate indexer self-signed certificate wazuh/certs/indexer_cluster/generate_certs.sh You can generate self-signed certificates for the Wazuh dashboard cluster using the provide script or provide your own. Generate dashboard self-signed certificate wazuh/certs/dashboard_http/generate_certs.sh The required certificates are imported via secretGenerator on the kustomization.yml file:

Monday, February 26, 2024 | 3 minutes Read

SIEM Elastic

Intro This tutorial aims to guide you through the process of setting up a robust log management solution using Elastic Stack. Elastic Stack, comprising Elastic Search, Kibana, and other components, offers powerful tools for searching, analyzing, and visualizing log data in real-time. Pre-requis Elastic : server Ubuntu 22.04 > RAM : 4G // CPU : 2 // Disk : 32Go Fleet Server : server Ubuntu 22.04 > RAM : 2G // CPU : 1 // Disk : 16Go Elasticsearch Installation of Elasticsearch sudo apt install curl wget -qO - https://artifacts.

Friday, February 23, 2024 | 3 minutes Read