Introduction LetsEncrypt is a fantastic service and it has quite literally revolutionised how people use TLS certificates, but having a Single Point Of Failure for these things is always a bad idea. The good news is that other providers of free certificates are starting to emerge and one of the first is ZeroSSL. Unlike LetsEncrypt they don’t rate limit, but they do require the use of External Account Binding (EAB) which means it’s not quite a drop in replacement in your config....

So in preparation for Google’s changes to Photos and the impact on my storage quota and I went and checked what I was using. Turns out my drive storage was using up 9.64Gb, which seemed like a lot, so I compared it to what my locally synced copy was using: 2.3Gb. Did some Googling and found out that items in your trash count towards the quota, so I went and emptied it....

This is just a quick collection of random bits I’ve learned about Traefik since writing my original How To.

Update Since posting this the scripts have changed slightly so the line numbers are no longer correct, that said the functional elements are still the same so it shouldn’t be too hard to figure out where to make the changes. Also get_region_and_token.sh is now get_token.sh and get_region.sh so you’ll need to run the two of them in your init script (get_token.sh first). Introduction Compared to a lot of VPN providers PIA have been pretty slow off the mark in supporting DIY Wireguard connections; they’ve had Wireguard support in their client for a while but that doesn’t help if you want to use something like the linuxserver/wireguard container as your client....

One of the most common questions around Docker is “how do I know when I new version of an image gets published?”. Even if you’re tied to a specific version tag, security and bug fixes can still result in new images being pushed and there’s no built-in mechanism to notify you that it’s happened.

Introduction Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It’s ideal if you want to make your self-hosted services accessible from the internet without letting every man and their dog nose through your stuff. If you haven’t got Traefik up and running yet, my guide to setting it up as a reverse proxy for Docker will help you out....

Traefik is a reverse proxy and load balancer which automatically discovers the right configuration for your docker containers based on labels you set when you create them.

So apparently members of the Protected Users group can’t edit Wired 802.1x group policy. Wireless 802.1x? Sure. Every other group policy setting? Yup. Wired 802.1x? Can’t load the snapin. Got to love the consistency there, Microsoft.

Windows 10 has made a lot of changes from previous versions, one of which is that you can no longer view System Properties as a non-admin user. This means you can no longer view/edit your user environment variables via System Properties. There are 3 ways around this: Use another method such as set or Powershell or direct registry editing Go to Control Panel->User Accounts->Change My Environment Variables Run "C:\WINDOWS\System32\rundll32.exe" sysdm.cpl,EditEnvironmentVariables to envoke the Environment Variables window directly

If you’ve ever looked at configuring the Exchange Availability Service to allow cross-forest free/busy lookups you’ve probably realised that the documentation surrounding it is awful. Get-MailboxServer | Add-ADPermission -Accessrights Extendedright -Extendedrights "ms-Exch-EPI-Token-Serialization" -User "<Remote Forest Domain>\Exchange servers" From here, doesn’t even work for a start, because Get-MailboxServer doesn’t return the correct identity objects for Add-ADPermission. Once you’ve worked out how to get that sorted and done your Add-AvailabilityAddressSpace -Forestname ContosoForest.com -AccessMethod PerUserFB -UseServiceAccount:$true You’re probably thinking that you’re done, but it usually isn’t that simple....