- Installed Docker
docker volume create portainer_data
opentaq opentaq
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| version: "3" | |
| services: | |
| app: | |
| image: 'jc21/nginx-proxy-manager:latest' | |
| restart: unless-stopped | |
| ports: | |
| # These ports are in format <host-port>:<container-port> | |
| - '80:80' # Public HTTP Port | |
| - '443:443' # Public HTTPS Port | |
| - '8081:81' # Admin Web Port |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ``` | |
| version: '3' | |
| volumes: | |
| nextcloud: | |
| db: | |
| services: | |
| db: | |
| image: mariadb | |
| restart: always | |
| command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed |
opentaq
/ Installing Vaultwarden.md
Created
July 24, 2022 16:49
opentaq
/ Installing Docker.md
Last active
April 20, 2024 21:57
opentaq
/ Securing a Proxmox exposed host.md
Last active
April 6, 2024 23:52
When you look for tutorials on how to install Proxmox, it always stops after the initial installation - which is quite dangerous, since it leaves a Proxmox host being exposed to the internet while listening to Ports 22 and 8006.
Heck, there is not even any SSH-hardening covered - your SSH is typically set to default values, which means: Password-authentication with the root account is perfectly possible. While you can mitigate some of these things by harding SSH or by installing fail2ban (which we will do anyhow), the host still exposes ports 22 and 8006.
For a secure system, these ports (and actually, apart from one single port ANY ports) have to be disabled. The only acceptable management access to the system should either happen via a Jumpserver or - if not available - via a direct VPN-connection.
In this gist, you find all the required steps to secure your Proxmox exposed host. This gist should work for any Proxmox host with - say - Hetzner, OVH or other vendor
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo apt install apt-transport-https curl | |
| sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg | |
| echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list | |
| sudo apt update | |
| sudo apt install brave-browser |
opentaq
/ gist:121daf71989dfcfcc65a3321f5ff63f5
Created
February 12, 2022 21:41
Adguard Installation Command
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| server: | |
| interface: 127.0.0.1 | |
| port: 5335 | |
| # IPv4 / IPv6-settings | |
| do-ip6: no | |
| do-ip4: yes | |
| do-udp: yes | |
| # Set number of threads to use |