OpenVPN – Selective traffic (mail.ru, yandex.ru, vk.com, ok.ru, kaspersky.ru)

Goal:

Only allow networks that fall under the ban through a VPN, the rest should go directly. The convenience of connecting devices, cross-platform, speed and security are also important.

All steps were performed on CentOS 7.

Install the EPEL repository if it is not already in the system and install the necessary packages:

yum install epel-release -y
yum install openvpn easy-rsa -y

Create a configuration file:

vim /etc/openvpn/server.conf

Continue reading "OpenVPN – Selective traffic (mail.ru, yandex.ru, vk.com, ok.ru, kaspersky.ru)"

OpenVPN – All traffic through VPN

Goal:

Allow traffic from any device via VPN. The maximum convenience is connecting new devices without creating accounts, creating passwords, etc. Fast and encrypted connection.

All steps were performed on CentOS 7.

Install the EPEL repository if it is not already in the system and install the necessary packages:

yum install epel-release -y
yum install openvpn easy-rsa -y

Create a configuration file:

vim /etc/openvpn/server.conf

Continue reading "OpenVPN – All traffic through VPN"

Nginx – WordPress

Example Nginx configuration file for WordPress CMS:

server {
    server_name artem.services;
    root /var/www/html/artem_services;
    index index.php;

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        fastcgi_index index.php;
        fastcgi_pass unix:/var/run/php-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        expires max;
        log_not_found off;
    }
}

Docker Swarm over TLS

In this example, there are 3 servers with Docker installed on it. If docker is not installed, you can see the installation here.

There will be one manager and two workers:

Master – manager (IP: 1.1.1.1)
Slave_1 – worker (IP: 1.1.2.1)
Slave_2 – worker (IP: 1.1.2.2)

Required ports for Docker Swarm to work: 2376 and 2377 (TCP). Make sure that the swarm participants are allowed to interact.

Creating Docker Swarm

On the Master server, do the following:

docker swarm init --advertise-addr 1.1.1.1

We get a message like:

Swarm initialized: current node (ssmj2qyqxejd72p6sa9jinnza) is now a manager.

To add a worker to this swarm, run the following command:

docker swarm join \
--token SWMTKN-1-3qg9vovt2mxyfu1dfj2nocmkzd3i351z1z0aapd9jxxu7mafff-93r77xv8mrqsgfkf9nei902zk \
1.1.1.1:2377

To add a manager to this swarm, run 'docker swarm join-token manager' and follow the instructions.

Swarm is created and there is one manager in it. Information on the swarm can be viewed with the command:

docker info

Continue reading "Docker Swarm over TLS"

 Docker – API over TCP

All steps are relevant for distributions with systemd (tested on CentOS 7 and Ubuntu 18.04)

We look at the Docker launch command:

grep "ExecStart" /usr/lib/systemd/system/docker.service

Ubuntu 18.04 has a different path, "/lib/systemd/system/docker.service"

 

We get something similar:

ExecStart=/usr/bin/dockerd

Now create the "override.conf" file, just enter:

systemctl edit docker

We insert the following there:

[Service]
ExecStart=
ExecStart=/usr/bin/dockerd -H tcp://0.0.0.0:2375

Continue reading " Docker – API over TCP"