Posts · Jurian Sluiman

Prevent Let's Encrypt failed authorizations with Ansible

It happens once every few years. Because of whatever reason I request another VPS at a service provider, provision the machine with Ansible and deploy a few services, usually as docker containers. And what? They don’t work, unfortunately. In 99% of the cases, I forgot to update the DNS records and with Traefik and Let’s Encrypt, I hit the rate limit while investigating and I can’t obtain any new certificate the upcoming hour. With a few lines in Ansible, this won’t happen again. Hopefully.

Continue reading

Pi-hole behind Traefik

This post guides you through the config to put pi-hole’s web interface behind Traefik. For all local (home) services I use Traefik as a reverse proxy, which eases my configuration. However, pi-hole is not a simple web application serving plain HTML, as my local DNS server it has to respond to DNS queries over port 53. Traefik can proxy plain TCP and UDP, but in pi-hole’s case this is not a recommened practice.

Continue reading

S-MQTTT, or: secure-MQTT-over-Traefik

The last days I have been experimenting in different ways how I can secure a MQTT setup for my home automation. There’s an increasing use of IoT here at my home and most of the applications communicate over MQTT. You simply cannot control every device and how it gathers information. To prevent eavesdropping, it’s time to secure MQTT.

Continue reading

All posts are available via search or browse the archive.