When for some reasons, the Let’s Encrypt certificate has not be renewed on your Synology and those bloody stupid Web browsers won’t let you connect to the DSM for “Security Reasons”, you can still count on SSH to solve the problem. Simply run:
# /usr/syno/sbin/syno-letsencrypt renew-all
Where there’s shell, there’s a way.
I own a server at Online.net which now runs VMware ESXi free edition. The thing is VMs have to access the Wild Wild Web and provide public services while still being protected. So let’s configure OpenBSD to do so. Continue reading “Protect the ESXi virtual machines with OpenBSD”
My ESXi is provided by Online.net and accessible from Internet. Reading the VMware documentation, one can see:
ESXi includes a firewall that is enabled by default.
At installation time, the ESXi firewall is configured to block incoming and outgoing traffic, except traffic for services that are enabled in the host’s security profile.
But the default security profile is way too loose! So here’s how to harden it a bit.
Continue reading “Enforce IP filtering on ESXi”
I decided to run VMware ESXi on my Online/Scaleway Start-2-L server. Using the online.net installer, you can “only” get ESXi 6.5.0d (64BITS). So here’s how to upgrade to 6.7.
Continue reading “Upgrade VMware ESXi 6.5 to 6.7 using the esxcli console tool”
On my new OpenBSD servers, I decided to use memory filesystem for /tmp. After looking at old servers usage, I decided that 64M of memory space would be enough.
# grep mfs /etc/fstab
swap /tmp mfs rw,nodev,nosuid,-s=64m 0 0
And that seemed well sized. Until I ran syspatch(8) and got a whole bunch of errors:
Continue reading “syspatch(8) and /tmp sizing”