Collating Kevin

Learn from my mistakes. Build it better.

Who Am I

2024-01-01 Author Personal
Hi, my name is Kevin. I’ve spent the better part of the last decade working as a network engineer, cloud and systems architect, and programmer. I’ve worked at small startups, as well as companies working alongside Fortune 500 performers. It feels like I’ve been involved in a little bit of everything from: Development, product design, and deployment at scale. While I primarily write for this blog, I’ve also worked on sites for non-profits and open source projects. Continue reading
Meta Author Site

Building a High Availability DNS Recursive Resolver Utilizing DoT

2024-05-26 Dns Docker High Availability Linux Networking Kevin Olynyk
Why Do You Need a Highly Available Forward Resolver? The domain name system (DNS) is the backbone of the internet. Acting like a directory, DNS is a critical service that translates human parsable domain names such as example.com into IP addresses 93.184.215.14. At the heart of this system are 13 root servers which contain a list of all the domains in the internet 1. The root servers themselves get these names from top-level domain, and authoritative nameservers. Continue reading
Dns Docker Container Linux Domain Name Server Resolver Networking

Up and Running With Talos OS

2024-04-24 Talos Kubernetes K8s Kevin Olynyk
What is Talos OS? Talos OS (hereafter reffered to as Talos) is a linux based operating system designed specifically for running containerized workloads like K8s and Docker. Talos has a couple of features that make administration a breeze, such as immutable upgrades, container based management, and automatic provisioning. Prerequesites There are a few prerequisites that are required when setting up Talos, but these also apply to K8s in general. Setting up the prerequisites goes beyond the scope of this article, but they are summarized below. Continue reading
Talos Os Kubernetes K8s Immutable Os Quickstart Cookbook

Securing Mikrotik Routers: IP Blocklists

2024-04-14 Mikrotik Routeros Scripting Kevin Olynyk
If you’re only interested in the blocklist, skip to it, here. Mikrotik Mikrotik is a manufacturer of low cost and full featured routers and networking equipment. Routers built by Mikrotik run RouterOS, a customized Linux distribution and RouterOS utilizes iptables for filtering, shaping, and routing traffic and as such the interface is familiar to any seasoned Linux veteran. Securing the Network Unfortunately, since RouterOS is using iptables under the hood it lacks a good number of features that are found in modern next-generation firewalls (NGFW). Continue reading
Cybersecurity Mikrotik Security Routeros Blocking Safety Blocklist Securing Routeros Securing Mikrotik Acl Filtering Iptables Denylist

I Was DDoS'd This Week, How I Used ASN Blocking to Resolve The Problem

2024-02-03 Cybersecurity Nginx Hosting Linux Geoip Kevin Olynyk
The Alerts “Why do things always have to happen on a Friday?”, was the question I asked myself at 5:04 when I read the Grafana alert delivered to my phone. I had just booted up my gaming PC and I was going to get started on an early weekend gaming session when my phone began buzzing and the notifications began piling up. Bereft of hundreds of frames per second for the moment I logged in to my dashboard to see what was wrong. Continue reading
Cybersecurity Nginx Content Linux Geoip

Playing With Promtail: Labelling Hostnames From File Names

2024-02-01 Kevin Olynyk
The Problem I’ve recently needed to move to using a more robust logging solution that I was before. Previously, I had fluent running in a container collecting logs, but this was finicky and if something went wrong with the container, I would never know about it. I installed rsyslog on a dedicated host and started pushing logs to this new VM. This was working great, I was now handling hundreds of messages a second without issue, so I installed Promtail and began exporting the logs, and here is where the issues arose. Continue reading

Securing NGINX With HTTPS and LetsEncrypt

2024-01-10 Cybersecurity Nginx Hosting Linux Kevin Olynyk
Encryption has become increasingly important over the last several years, you would be hard pressed to find a site on the internet today that isn’t protected by HTTPS encryption. Some of the benefits of running HTTPS include: Higher Search Result Rankings Search engines favour HTTPS sites and will rank them higher. HTTPS is an important part of search engine optimization. Improved Security Since connections are encrypted, they are technically impossible to view in transit. Continue reading
Cybersecurity Nginx Content Linux

Build Nginx OpenResty with Modsecurity

2024-01-05 Kevin Olynyk
This article was originally posted 14 December 2022 What is OpenResty OpenResty is a fork of nginx that contains a built in lua interpreter, allowing the web server to serve dynamic content on it’s own, or modify requests/responses going to a proxy. What is a WAF A web application firewall (WAF) is a protective mechanism which inspects inbound requests to a web server. It can prevent malicious actors from sending specially crafted requests to a resource behind a web server. Continue reading
Older posts
© 2024 Kevin Olynyk - rss
Built using Hugo and the Bilberry-Hugo-Theme