Tag Archives: security

LiteLLM: AI Gateway for LLMs – Features Overview
0 (0)

4 June 2026

In the previous posts on OpenTelemetry and VictoriaTraces (see OpenTelemetry: OTel Collectors in Kubernetes and integration with the VictoriaMetrics stack and VictoriaTraces: Tracing, Observability and OpenTelemetry) we covered the general concepts of what observability is and how to work with traces. But this topic actually came up on the project when we realized that using… Read More: LiteLLM: AI Gateway for LLMs – Features Overview0 (0) »

MikroTik: User Management, access permissions, and SSH
5 (1)

23 May 2026

Time to finally write up MikroTik and Users Management – this one’s been sitting in drafts for ages, and while I’m at it, I’ll also set up SSH key authentication. Let’s walk through the main concepts and settings of Authentication, Authorization, Accounting in MikroTik – groups, policies, and users. What we have and what needs… Read More: MikroTik: User Management, access permissions, and SSH5 (1) »

Okta: Integration with Google Workspaces, Part 1 – Provisioning
0 (0)

27 April 2026

Continuing with Okta setup for our project. In previous parts we did SSO for Grafana (see Okta: setting up Grafana SSO with OIDC and Role mapping) and AWS (see AWS: setting up Okta SSO with AWS IAM Identity Center), and now the most interesting part: integrating Okta with Google Workspaces. What we’ll need to do:… Read More: Okta: Integration with Google Workspaces, Part 1 – Provisioning0 (0) »

AWS: Setting up Okta SSO with AWS IAM Identity Center
0 (0)

31 March 2026

In the previous part of the Okta series we set up SSO for Grafana (see Okta: configuring Grafana SSO with OIDC and Role mapping) – now for a more interesting task: configuring SSO for AWS, with not just login but also user provisioning. Okta has a ready-made AWS IAM Identity Center App that lets you… Read More: AWS: Setting up Okta SSO with AWS IAM Identity Center0… »

Okta: Configuring Grafana SSO with OIDC and Role Mapping
5 (1)

27 March 2026

We finally “grew up” to using Okta on the current project, so there’s a short series of posts coming up on it. I wrote about Okta before, but that was 5-6 years ago, and there have been some interesting changes since then (see the #okta tag). Today we’ll be configuring SSO login via Okta for… Read More: Okta: Configuring Grafana SSO with OIDC and Role Mapping5 (1) »

AWS: ALB and Cloudflare – Configuring mTLS and AWS Security Rules
0 (0)

16 March 2026

While preparing the infrastructure for migrating RTFM from the DigitalOcean server to AWS (see AWS: basic infrastructure setup for WordPress) I decided to also try AWS ALB mutual authentication (for some reason I thought this feature launched at the last re:Invent, at the end of 2024, but it’s actually been around since late 2023 –… Read More: AWS: ALB and Cloudflare – Configuring mTLS and AWS Security… »

TCP/IP: SYN flood attack on the RTFM server, and “Hacker News hug of death”
0 (0)

2 January 2026

Got an alert from the monitoring system this morning, indicating that the blog is down: Well, I thought: another one DDoS, not the first time. Investigating the issue I went to the Cloudflare admin, enabled the Under Attack Mode, and started the investigation. Checked the requests: I think, okay, it’s simple – requests are coming… Read More: TCP/IP: SYN flood attack on the RTFM server, and “Hacker… »

SSH: sshd hardening on FreeBSD and Linux, and 1Password integration
4 (1)

29 December 2025

It is time to tidy up SSH on FreeBSD itself and on the clients – laptops running Arch Linux, as I am still using password authentication on my home machines. Actually, the settings described below are specific neither to FreeBSD nor to Linux, as the SSH server is the same on all systems (OpenSSH_9.9p2 on… Read More: SSH: sshd hardening on FreeBSD and Linux, and 1Password integration4… »

FreeBSD: Home NAS, part 3 – WireGuard VPN, Linux peer, and routing
4.1 (15)

25 December 2025

I am continuing to set up my home server on FreeBSD 14.3, which is intended to serve as a NAS. In the previous post, FreeBSD: introduction to Packet Filter (PF) firewall, we got acquainted with firewalls; the next step is to configure a VPN for access. The main idea is to (finally!) connect my “office”… Read More: FreeBSD: Home NAS, part 3 – WireGuard VPN, Linux peer,… »

FreeBSD: Home NAS, part 2 – introduction to Packet Filter (PF) firewall
3.7 (6)

24 December 2025

I’m continuing to gradually set up my home NAS on FreeBSD, and the first thing I want to dive into is FreeBSD firewalls. I used to work with IPFW back in the day – FreeBSD: initial setup of IPFW, from 2012. Currently, there are three “built-in” firewalls in the system – Packet Filter (PF), IP… Read More: FreeBSD: Home NAS, part 2 – introduction to Packet Filter… »