Renew the Let’s Encrypt certificate for Synology using SSH

When for some reasons, the Let’s Encrypt certificate has not be renewed on your Synology and those bloody stupid Web browsers won’t let you connect to the DSM for “Security Reasons”, you can still count on SSH to solve the problem. Simply run:

# /usr/syno/sbin/syno-letsencrypt renew-all

Where there’s shell, there’s a way.

Protect the ESXi virtual machines with OpenBSD

I own a server at Online.net which now runs VMware ESXi free edition. The thing is VMs have to access the Wild Wild Web and provide public services while still being protected. So let’s configure OpenBSD to do so. Continue reading “Protect the ESXi virtual machines with OpenBSD”

Enforce IP filtering on ESXi

My ESXi is provided by Online.net and accessible from Internet. Reading the VMware documentation, one can see:

ESXi includes a firewall that is enabled by default.

At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for services that are enabled in the host’s security profile.

But the default security profile is way too loose! So here’s how to harden it a bit.

Continue reading “Enforce IP filtering on ESXi”

Upgrade VMware ESXi 6.5 to 6.7 using the esxcli console tool

I decided to run VMware ESXi on my Online/Scaleway Start-2-L server. Using the online.net installer, you can “only” get ESXi 6.5.0d (64BITS). So here’s how to upgrade to 6.7.

Continue reading “Upgrade VMware ESXi 6.5 to 6.7 using the esxcli console tool”

syspatch(8) and /tmp sizing

On my new OpenBSD servers, I decided to use memory filesystem for /tmp. After looking at old servers usage, I decided that 64M of memory space would be enough.

# grep mfs /etc/fstab
swap /tmp mfs rw,nodev,nosuid,-s=64m 0 0

And that seemed well sized. Until I ran syspatch(8) and got a whole bunch of errors:

Continue reading “syspatch(8) and /tmp sizing”