About

I'm a Linux/Unix sysadmin with experience in High Availability, scaling and clustering, security, (Open)SSL and general linux system administration. I've worked as a sysadmin (devops) for Certificate Authorities, Hospitals, Managed Service providers, Datacenters Development shops and large Internet Service providers. I currently work for an Openstack provider. I like to design, build and manage large, complex and high available systems. I like to work with configuration management tools and version control systems. Documentation, monitoring and backups are things I do first, not when the time allows it later.
This is my personal website, please do note that these articles do not reflect opinions or policies of any of my (previous) employers, only my personal one.


Latest Items

Use the Nitrokey HSM or SmartCard-HSM with mod_nss and Apache

20-06-2016 | Remy van Elst

This is a guide on using the Nitrokey HSM with mod_nss and the Apache webserver. The HSM allows you to store the private key for a SSL certificate inside the HSM (instead of on the filesystem), so that it can never leave the device and thus never be stolen. The guide covers the installation and configuration of mod_nss, coupling the HSM to NSS, generating the keys and configuring Apache, and last but not least we also do some benchmarks on Apache with the HSM and different key sizes.

Read more...

HTTP Strict Transport Security for Apache, NGINX and Lighttpd

19-06-2016 | Remy van Elst

HTTP Strict Transport Security (often abbreviated as HSTS) is a security feature that lets a web site tell browsers that it should only be communicated with using HTTPS, instead of using HTTP. This tutorial will show you how to set up HSTS in Apache2, NGINX and Lighttpd.

Read more...

Get started with the Nitrokey HSM or SmartCard-HSM

17-06-2016 | Remy van Elst

This is a guide to get started with the NitroKey HSM (or SmartCard-HSM). It covers what a HSM is and what it can be used for. It also goes over software installation and initializing the device, including backups of the device and the keys. Finally we do some actual crypto operatons via pkcs11, OpenSSL, Apache and OpenSSH.

Read more...

Toggling in a simple program DEC PDP-8 and PiDP-8 using the switch register

08-06-2016 | Remy van Elst

In this guide I'll show you how to toggle in a simple program on the DEC PDP-8 or the PiDP-8, or in a front-panel simulator named BlinkenBone if you lack the hardware. I have a replica of the PDP-8/I (the PiDP-8) but lacked the actual knowledge on the front panel and switches to get started and do something cool. This guide has step by step instructons, with pictures, and basic explanation. After all, what is an expensive blinking light panel without fun stuff to toggle in?

Read more...

Ansible - Add an apt-repository on Debian and Ubuntu

15-05-2016 | Remy van Elst

This is a guide that shows you how to add an apt repository to Debian and Ubuntu using Ansible. It includes both the old way, when the apt modules only worked on Ubuntu, and the new way, now that the apt-modules also support Debian, plus some other tricks.

Read more...

Migrating personal webapps and services

05-05-2016 | Remy van Elst

Recently I've migrated some of my personal servers and services to new machines and newer operating system versions. I prefer to migrate instead of upgrading the OS for a number of reasons. I'll also talk about the migration process and some stuff to remember when migrating web applications and services.

Read more...

Build a FreeBSD 10.3-release Openstack Image with bsd-cloudinit

27-04-2016 | Remy van Elst

We are going to prepare a FreeBSD image for Openstack deployment. We do this by creating a FreeBSD 10.3-RELEASE instance, installing it and converting it using bsd-cloudinit. We'll use the CloudVPS public Openstack cloud for this. We'll be using the Openstack command line tools, like nova, cinder and glance.

Read more...

IPv6 in a Docker container on a non-ipv6 network

12-04-2016 | Remy van Elst

At work and at home my ISP's have native IPv6. I recently was at a clients location where they had no IPv6 at all and had to set up and demonstrate an application in a Docker container with IPv6 functionality. They said the had IPv6 but on location it appeared that IPv6 wasn't working. Since IPv6 was required for the demo the container needed a workaround. This article describes the workaround I used to add IPv6 to a Docker container on a non IPv6 network.

Read more...

Active Directory and Exchange Command Line Powershell

27-02-2016 | Remy van Elst

This is a collection of Powershell snippets to install Active Directory, create a new Active Directory Domain, join an existing Active Directory domain and to install Microsoft Exchange 2013. The snippets were tested on Windows Server 2012 R2.

Read more...

Let's Encrypt with DirectAdmin, now built in!

24-02-2016 | Remy van Elst

Let's Encrypt is a new certificate authority, recognized by all major browsers. They make it a breeze to set up TLS certificates for your web server. And for free! Let's Encrypt is supported by major players like Mozilla, Akamai, Cisco, the EFF, the Internet Security Research Group and others. Let's Encrypt provides free, automatic and secure certificates so that every website can be secured with an SSL certificate. This article shows you how to setup Let's Encrypt with the DirectAdmin web control panel. DirectAdmin now supports Lets Encrypt natively since 1.50, so no more ssh fiddling, just via the control panel, for all the users on the server.

Read more...

Recap of week 04, 2016

30-01-2016 | Remy van Elst

Recap of week 04 of 2016, covering open source and sysadmin related news, articles, guides, talks, discussions and fun stuff.

Read more...

Recap of week 03, 2016

23-01-2016 | Remy van Elst

Recap of week 03 of 2016, covering open source and sysadmin related news, articles, guides, talks, discussions and fun stuff.

Read more...

Ansible playbook for GoAccess Log Analyzer

17-01-2016 | Remy van Elst

This is a small Ansible playbook to deploy the GoAccess log analyzer on Debian based systems. Next to Piwik, I use goaccess myself to get better insights in who and what visits my servers. This role is ment to be included in your webserver playbooks.

Read more...

Recap of week 02, 2016

16-01-2016 | Remy van Elst

Recap of week 02 of 2016, covering open source and sysadmin related news, articles, guides, talks, discussions and fun stuff.

Read more...

Deborphan cleanup until no more orphaned packages left

11-01-2016 | Remy van Elst

Deborphan removes packages it thinks your system doesn't need anymore. It is a great tool for package cleanup and maintenance. Sometimes, after cleaning up the packages, it will find new packages that are orphaned (because you just cleaned up). This is a small script that cleans up with deborphan until there is nothing more to cleanup.

Read more...

Recap of week 01, 2016

10-01-2016 | Remy van Elst

Recap of week 01 of 2016, covering open source and sysadmin related news, articles, guides, talks, discussions and fun stuff.

Read more...

Microsoft Office 2013 and 2010 on Linux

02-01-2016 | Remy van Elst

This guide shows you how to run Microsoft Office 2013 and 2010 on Linux using CrossOver. It guides you through the installation and gives a review on what parts of the Office suite work with Linux.

Read more...

Recap of week 53, 2015

01-01-2016 | Remy van Elst

Recap of week 53 of 2015, covering open source and sysadmin related news, articles, guides, talks, discussions and fun stuff.

Read more...

Recursively find all [installed] package dependencies

31-12-2015 | Remy van Elst

This small script shows you all packages [installed] that are a dependency from a package, and the dependencies of those packages. I installed the build-essential package, but apt-get remove-ing that package doens't remove the development tools. So I was wondering what packages were installed, including those dependencies, to remove the ones I didn't want. This small script shows you all packages that are dependencies of a package, and repeats that for those packages.

Read more...

Recap of week 52, 2015

26-12-2015 | Remy van Elst

Recap of week 52, covering open source and sysadmin related news, articles, guides, talks, discussions and fun stuff.

Read more...

IPSEC VPN on Ubuntu 15.10 with StrongSwan

20-12-2015 | Remy van Elst

This is a guide on setting up an IPSEC VPN server on Ubuntu 15.04 using StrongSwan as the IPsec server and for authentication. It has a detailed explanation with every step. We choose the IPSEC protocol stack because of vulnerabilities found in pptpd VPNs and because it is supported on all recent operating systems by default. More than ever, your freedom and privacy when online is under threat. Governments and ISPs want to control what you can and can't see while keeping a record of everything you do, and even the shady-looking guy lurking around your coffee shop or the airport gate can grab your bank details easier than you may think. A self hosted VPN lets you surf the web the way it was intended: anonymously and without oversight.

Read more...

All Items