Security

I’ll be the first to admit my security has room for improvement. Until last year, I was reusing passwords intermixed with a terribly simple mnemonic. Until a few months ago, my phone and computer were totally unencrypted. I’ve been fighting the change because it’s scary. I’m also very lazy and have been dreading the extra work involved with good security. I’ve put off updating SSH credentials for about two years now for that exact reason.

This is the third in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. This post serves as an Ansible primer. It assumes shell knowledge but nothing else.

This is the sixth in a series of several posts on how to do way more than you really need to with Let’s Encrypt, certbot, and a good server. I use all of these things regularly but I’ve never taken the time to take them apart, look at how they work, and spend hours in Google trying in vain to figure out how to put them back together. It was inspired by a disturbing trend of ISP privacy violations and the shocking regulatory capture of the US Federal Communications Commission.

This is the fifth in a series of several posts on how to do way more than you really need to with Let’s Encrypt, certbot, and a good server. I use all of these things regularly but I’ve never taken the time to take them apart, look at how they work, and spend hours in Google trying in vain to figure out how to put them back together. It was inspired by a disturbing trend of ISP privacy violations and the shocking regulatory capture of the US Federal Communications Commission.

This is the fourth in a series of several posts on how to do way more than you really need to with Let’s Encrypt, certbot, and a good server. I use all of these things regularly but I’ve never taken the time to take them apart, look at how they work, and spend hours in Google trying in vain to figure out how to put them back together. It was inspired by a disturbing trend of ISP privacy violations and the shocking regulatory capture of the US Federal Communications Commission.

This is the second in a series of several posts on how to do way more than you really need to with Let’s Encrypt, certbot, and a good server. I use all of these things regularly but I’ve never taken the time to take them apart, look at how they work, and spend hours in Google trying in vain to figure out how to put them back together. It was inspired by a disturbing trend of ISP privacy violations and the shocking regulatory capture of the US Federal Communications Commission.

This is the first in a series of several posts on how to do way more than you really need to with Let’s Encrypt, certbot, and a good server. I use all of these things regularly but I’ve never taken the time to take them apart, look at how they work, and spend hours in Google trying in vain to figure out how to put them back together. It was inspired by a disturbing trend of ISP privacy violations and the shocking regulatory capture of the US Federal Communications Commission.

Hopefully this is useful to someone else. I got confused by the language change from renew to deploy hooks and spent some time ripping the code apart to see how the hooks actually work. I’ve broken down where the hooks are defined, their configuration, and how you can modify them. Notes Overview Initial Change CLI Hook Definitions Execution Current API CLI External Hooks Hook Definitions Execution So What? Expect Change Manually Run Hooks After Initial Creation Create a Generic Server Restart Hook Nginx Apache Pre- and Post-Hooks are Always Run Final Note Notes When I started this, certbot was on 0.

This is the second in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. This post looks at how to quickly and easily mimick common environments in Vagrant.

This is the first in a series of several posts on how to manage ssh via Ansible. It was inspired by a warning from Venafi that gained traction in the blogosphere (read: my Google feed for two weeks). I don’t know many people that observe good ssh security, so my goal is to make it more accessible and (somewhat) streamlined. The Series so Far Code Executive Summary Note Compiling the Series Posts Software Main Windows My Environment Tool Overview ssh Ansible Optional: Vagrant The Series so Far Overview (This section should get updated as series progresses.