Skip to content

Instantly share code, notes, and snippets.

View opentaq's full-sized avatar

opentaq opentaq

7 followers · 0 following
View GitHub Profile
@opentaq
opentaq / Installing Portainer.md
Created August 22, 2022 11:20
Portainer Installation

Installing Portainer

Prerequisites

  • Installed Docker

Installation

Creating the volume

docker volume create portainer_data
@opentaq
opentaq / docker-compose.yml
Last active April 20, 2024 21:57
NGINX Proxy Manager w/ database
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:latest'
restart: unless-stopped
ports:
# These ports are in format <host-port>:<container-port>
- '80:80' # Public HTTP Port
- '443:443' # Public HTTPS Port
- '8081:81' # Admin Web Port
@opentaq
opentaq / docker-compose.yml
Last active April 20, 2024 21:57
Nextcloud Container
```
version: '3'
volumes:
nextcloud:
db:
services:
db:
image: mariadb
restart: always
command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW --innodb-file-per-table=1 --skip-innodb-read-only-compressed
@opentaq
opentaq / Installing Vaultwarden.md
Created July 24, 2022 16:49

Installing Vaultwarden

Create a directory for the Vaultwarden data

sudo mkdir /opt/vw

Create a directory for the Vaultwarden Docker Compose file

mkdir vaultwarden
cd vaultwarden
@opentaq
opentaq / Installing Docker.md
Last active April 20, 2024 21:57

Installing Docker on Debian 11 (and Ubuntu)

Prerequisites

sudo apt update -y
sudo apt install ca-certificates curl gnupg lsb-release

Installing Docker GPG-Key

sudo mkdir -p /etc/apt/keyrings
@opentaq
opentaq / Securing a Proxmox exposed host.md
Last active November 15, 2024 18:02

How to secure a Proxmox exposed host

When you look for tutorials on how to install Proxmox, it always stops after the initial installation - which is quite dangerous, since it leaves a Proxmox host being exposed to the internet while listening to Ports 22 and 8006.

Heck, there is not even any SSH-hardening covered - your SSH is typically set to default values, which means: Password-authentication with the root account is perfectly possible. While you can mitigate some of these things by harding SSH or by installing fail2ban (which we will do anyhow), the host still exposes ports 22 and 8006.

For a secure system, these ports (and actually, apart from one single port ANY ports) have to be disabled. The only acceptable management access to the system should either happen via a Jumpserver or - if not available - via a direct VPN-connection.

In this gist, you find all the required steps to secure your Proxmox exposed host. This gist should work for any Proxmox host with - say - Hetzner, OVH or other vendor

@opentaq
opentaq / mailserver.md
Last active November 14, 2024 16:49
Mailserver Installation

Fail2Ban

sudo install fail2ban

UFW

sudo install ufw

UFW Settings

sudu ufw default deny incomoing

sudo ufw default allow outgoins

@opentaq
opentaq / Install Brave
Created March 2, 2022 19:09
Install Brave on Debian
sudo apt install apt-transport-https curl
sudo curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg arch=amd64] https://brave-browser-apt-release.s3.brave.com/ stable main"|sudo tee /etc/apt/sources.list.d/brave-browser-release.list
sudo apt update
sudo apt install brave-browser
@opentaq
opentaq / gist:121daf71989dfcfcc65a3321f5ff63f5
Created February 12, 2022 21:41
Adguard Installation Command
curl -s -S -L https://raw.githubusercontent.com/AdguardTeam/AdGuardHome/master/scripts/install.sh | sh -s -- -v
@opentaq
opentaq / unbound.conf
Last active March 29, 2023 20:33
Unbound configuration
server:
interface: 127.0.0.1
port: 5335
# IPv4 / IPv6-settings
do-ip6: no
do-ip4: yes
do-udp: yes
# Set number of threads to use