Proxy+UPS: Unterschied zwischen den Versionen
(Die Seite wurde neu angelegt: „=== apps === webmin squid with daily adblocker-urls pihole as dns adblocker pdns dns cache pvr for mediathek etc. logrotate failban ssh knocking ports ids / ips rootkit checker === filesystem === btrfs compress filesystem zfs compress fs + 2nd drive cache ssd → hdd === usv/ups === ups/usv - lan cable off → shutdown in 10min when (blocker-file not exists) or (wlan usb not exists) otherwise enable wlan (when exists and promote in cloud private ip?) la…“) |
K (+link Proxy, +automation) |
||
| (2 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
see also see also [[Proxy]] | |||
=== apps === | === apps === | ||
webmin | webmin :10000 (TSL/SSL) | ||
squid with daily adblocker-urls | |||
pihole as dns adblocker | squid with daily adblocker-urls (80/443 transparent, 8080/8443 standard) | ||
pdns dns cache | |||
pihole as dns adblocker (53, 80/443) | |||
pdns dns cache (53) | |||
pvr for mediathek etc. | pvr for mediathek etc. | ||
logrotate | logrotate | ||
failban | failban | ||
ssh knocking ports | ssh knocking ports | ||
ids / ips | ids / ips | ||
rootkit checker | rootkit checker | ||
=== filesystem === | === filesystem === | ||
btrfs compress filesystem | btrfs compress filesystem | ||
zfs compress fs + 2nd drive cache ssd → hdd | zfs compress fs + 2nd drive cache ssd → hdd | ||
=== usv/ups === | === usv/ups === | ||
ups/usv - lan cable off → shutdown in 10min when (blocker-file not exists) or (wlan usb not exists) otherwise enable wlan (when exists and promote in cloud private ip?) | ups/usv - lan cable off → shutdown in 10min when (blocker-file not exists) or (wlan usb not exists) otherwise enable wlan (when exists and promote in cloud private ip?) | ||
lan by power-ethernet with remote switched outlet (manual on / off by user, shutdown by lan-off detection) | lan by power-ethernet with remote switched outlet (manual on / off by user, shutdown by lan-off detection) | ||
=== behaviour === | === behaviour === | ||
vm: lan off → shutdown 10min → write zerofile (for better backup-compression of vm file), each time a new till no empty space (leave space when shutting down for next bootup) | vm: lan off → shutdown 10min → write zerofile (for better backup-compression of vm file), each time a new till no empty space (leave space when shutting down for next bootup) | ||
raspi: lan off → log file entry / remove blocker file → shutdown 10min | raspi: lan off → log file entry / remove blocker file → shutdown 10min | ||
=== parameters === | === parameters === | ||
blocker file (like /etc/nossh) to prevent shutdown by lost lan connection | blocker file (like /etc/nossh) to prevent shutdown by lost lan connection | ||
no graphical mode (server mode) | no graphical mode (server mode) | ||
hardened? | hardened? | ||
no mitigations (url boot parameter fast linux?) | no mitigations (url boot parameter fast linux?) | ||
squid as proxy port 80 | squid as proxy port 80 | ||
squid as transparent proxy (ssl bump, ssl/tls certs of squid in client installed) | squid as transparent proxy (ssl bump, ssl/tls certs of squid in client installed) | ||
web-cache promotion by lan ad (proxy file?) | web-cache promotion by lan ad (proxy file?) | ||
=== hardware === | === hardware === | ||
vm without hyperthreading on host (bios, ht intel, smt amd) | vm without hyperthreading on host (bios, ht intel, smt amd) | ||
raspi 2 + usv battery (compiler help by PC) | raspi 2 + usv battery (compiler help by PC) | ||
little ssd as cache, hdd as | |||
little ssd as cache, hdd as big storage (media, web cache squid) | |||
usb tv with remote control for pvr | usb tv with remote control for pvr | ||
=== linux distro === | === linux distro === | ||
vm gentoo 64 / 32 (compiler help for arm raspi) | vm gentoo 64 / 32 (compiler help for arm raspi) | ||
raspi2 gentoo 32 (64?) | raspi2 gentoo 32 (64?) | ||
=== nice to have === | === nice to have === | ||
raspi camera / motion detection | raspi camera / motion detection | ||
=== automation / repeatable === | |||
script / log | |||
ansible | |||
Aktuelle Version vom 25. Oktober 2022, 18:46 Uhr
see also see also Proxy
apps
webmin :10000 (TSL/SSL)
squid with daily adblocker-urls (80/443 transparent, 8080/8443 standard)
pihole as dns adblocker (53, 80/443)
pdns dns cache (53)
pvr for mediathek etc.
logrotate
failban
ssh knocking ports
ids / ips
rootkit checker
filesystem
btrfs compress filesystem
zfs compress fs + 2nd drive cache ssd → hdd
usv/ups
ups/usv - lan cable off → shutdown in 10min when (blocker-file not exists) or (wlan usb not exists) otherwise enable wlan (when exists and promote in cloud private ip?)
lan by power-ethernet with remote switched outlet (manual on / off by user, shutdown by lan-off detection)
behaviour
vm: lan off → shutdown 10min → write zerofile (for better backup-compression of vm file), each time a new till no empty space (leave space when shutting down for next bootup)
raspi: lan off → log file entry / remove blocker file → shutdown 10min
parameters
blocker file (like /etc/nossh) to prevent shutdown by lost lan connection
no graphical mode (server mode)
hardened?
no mitigations (url boot parameter fast linux?)
squid as proxy port 80
squid as transparent proxy (ssl bump, ssl/tls certs of squid in client installed)
web-cache promotion by lan ad (proxy file?)
hardware
vm without hyperthreading on host (bios, ht intel, smt amd)
raspi 2 + usv battery (compiler help by PC)
little ssd as cache, hdd as big storage (media, web cache squid)
usb tv with remote control for pvr
linux distro
vm gentoo 64 / 32 (compiler help for arm raspi)
raspi2 gentoo 32 (64?)
nice to have
raspi camera / motion detection
automation / repeatable
script / log
ansible