Installing nginx 1.14 / openssl 1.1.1 on Debian 9
Debian is really nice in case a newer version (than what’s in repo) of software is need. Although nginx / openssl provided in their stable repo is somewhat old, it’sContinue reading
Did some tweaks to my VPS / website
TLS 1.3 is now enabled. However, as a side effect, now ssllabs only gives 90 pct. to cipher strength of my TLS configuration. This is unfortunate, as currently there’s (seemingly)Continue reading
Switched to Debian 9 from CentOS 7
Preparing for enabling TLS 1.3. CentOS 7 (RHEL 7) does not come with an out-of-box nginx that supports TLS 1.3. To be fair, this is not a fault of nginx.Continue reading
Transparently proxing packets whose destination matching an ipset (IPv4/6)
IPv6/UDP does not work yet, though.. Not sure if it’s an issue in the rules, xt_TPROXY.ko or the proxy software itself. Glad to embrace IPv6. #!/usr/bin/env bash set -e #Continue reading
Compiling xt_TPROXY for ddwrt
It surprised me a bit that ddwrt (Kong build) is not shipped with xt_TPROXY. Fortunately it’s possible to compile kernel modules for ddwrt and load them later. The major stepsContinue reading
xt_TPROXY does not function properly under ddwrt (/linux 4.4) when used with IPv6
After digging the issue for about two days, it looks like to me that it’s caused by a bug in ipv6.ko. Unfortunately the rootfs is readonly on ddwrt, thus patchingContinue reading
Hello world!
Welcome to WordPress. This is your first post. Edit or delete it, then start writing!