-
namespaces - overview of Linux namespaces http://man7.org/linux/man-pages/man7/namespaces.7.html
-
mount_namespaces - overview of Linux mount namespaces
#!/bin/bash | |
# Replace these variables with your own values | |
# sender | |
# - Consider not using no-reply@, and instead use SES Inbound to receive replies | |
# - Consider a descriptive username@; some mobile clients will display it prominently, so it should make sense to the recipient. | |
# - Consider using a subdomain for bulk and transactional mail. Don't use the domain used by your users. | |
# - Consider using a verified domain identity. Don't use an email address identity within a domain that has a DMARC policy. | |
sender="hello@example.com" | |
subject="My great email" |
L0 = bare metal machine | |
L1 = VM on bare metal | |
L2 = VM on VM | |
First, ensure virtualization is enabled on L0 as described here: https://docs.fedoraproject.org/en-US/quick-docs/using-nested-virtualization-in-kvm/#proc_enabling-nested-virtualization-in-kvm | |
Next, launch L1 with the following Vagrant config (or an equivalent directly on the hypervisor): | |
Vagrant.configure("2") do |config| | |
config.vm.box = "generic/ubuntu1604" |
This is a guide that I wrote to improve the default security of my website https://fortran.io , which has a certificate from LetsEncrypt. I'm choosing to improve HTTPS security and transparency without consideration for legacy browser support.
WARNING: if you mess up settings, lose your certificates, or decide to no longer maintain HTTPS certs, these steps can and will make your domain inaccessible.
I would recommend these steps only if you have a specific need for information security, privacy, and trust with your users, and/or maintain a separate secure.example.com domain which won't mess up your main site. If you've been thinking about hosting a site on Tor, then this might be a good option, too.
The best resources that I've found for explaining these steps are https://https.cio.gov , https://certificate-transparency.org , and https://twitter.com/konklone
... or Why Pipelining Is Not That Easy
Golang Concurrency Patterns for brave and smart.
By @kachayev