Time to finally write up MikroTik and Users Management – this one’s been sitting in drafts for ages, and while I’m at it, I’ll also set up SSH key authentication. Let’s walk through the main concepts and settings of Authentication, Authorization, Accounting in MikroTik – groups, policies, and users. What we have and what needs… Read More »
I’d been wrestling with the problem of accessing AWS EKS from the office for a long time – finally lost my patience and figured it out 🙂 Here’s the problem: there’s an AWS EKS cluster with both Public and Private endpoints for the API. Working from my office laptop, sometimes requests to it go through… Read More »
In the post MikroTik: setting up WireGuard and connecting Linux peers I described how to set up MikroTik as a VPN Hub and connect a peer running on Debian Linux. Setup on Arch Linux is mostly the same as on Debian – but every time I end up digging through this blog and my other… Read More »
Sometimes on FreeBSD you need to run services that aren’t officially supported by FreeBSD, and this post actually came about because I was installing Open WebUI on my NAS – and Open WebUI was easier to set up on Linux. So I spun it up in a FreeBSD Linux jail, and to create the container… Read More »
I run a bunch of web services on my home NAS – Grafana, VictoriaMetrics, my own WordPress blog, and half a dozen other small things. The whole series of posts on FreeBSD and NAS starts here – FreeBSD: Home NAS, part 1 – setting up ZFS mirror, there are 15 parts as of now. NGINX+PHP… Read More »
While preparing the infrastructure for migrating RTFM from the DigitalOcean server to AWS (see AWS: basic infrastructure setup for WordPress) I decided to also try AWS ALB mutual authentication (for some reason I thought this feature launched at the last re:Invent, at the end of 2024, but it’s actually been around since late 2023 –… Read More »
I looked at the costs for the infrastructure described in the previous post AWS: basic infrastructure setup for WordPress, and let out a heavy sigh: One NAT Gateway is a quarter of my AWS spend, and even with AWS Credits I can’t help feeling a bit stingy about it. There’s an option to remove the… Read More »
It’s time for a major server upgrade for RTFM, which I usually do by migrating to a new server – because I also do various other upgrades along the way, like upgrading the PHP version or even migrating to a different cloud. This time I’m planning to move from DigitalOcean, where RTFM has been hosted… Read More »
Another one of the many nice features of MikroTik – built-in WireGuard support (although even cheap TP-Link Archers have it). In my setup, the MikroTik RB4011 acts as a “VPN Hub” – all clients connect to it and are united into a single network, and the role of VPN is slightly exaggerated is genuinely important… Read More »
I had been thinking about trying MikroTik for a long time, but I was always a bit too lazy to delve into RouterOS. Finally, riding the wave of the Home NAS project setup (see the beginning in FreeBSD: Home NAS, part 1 – setting up ZFS mirror), I decided it was time to upgrade my… Read More »