I have been hosting my static Hugo generated website on Amazon S3 and serving it using Amazon CDN CloudFront. It works flawlessly except one aspect of CloudFront where it will cause a problem if you enable S3 Bucket Restriction on.

CloudFront only allows you to specify a default root object (index.html), but it only works on the root of the website such as nish.com -> nish.com/index.html. It does not work on any subdirectory such as nish.com/about/. If you were to attempt to request this URL through CloudFront, It would do an S3 GetObject API call against a key that does not exist.

This website was initially created with WordPress a long time ago. There have been several template changes over the years and finally, I was able to get everything working when I installed Thesis Theme around 2010.

Even though WordPress was working for me, it was taking a toll on my time when I had to make sure the security aspect of the website is constantly maintained.

Over the past few years, static Webhosting has become popular since the introduction of Amazon S3 file hosting. This has addressed one of the main issues I had with WordPress, which is Security. Even though WordPress code is very old, in my opinion, is a great solution for the right problem. However, it is not the right solution for a small blog like this one. I had to constantly make sure that the code and plugins are all up to date and the website is fully secured for any attacks.

There has been a rumour floating around lately that Amazon is going to be introducing Ethernet switches. A move like this by Amazon will eventually challenge manufacturers like Cisco Systems. I have came across a video from Packet Pushers where Greg Ferro talks about the possibilities and avenues which Amazon would take to venture into the switching or even networking arena.

As Greg stated, Amazon, in this case AWS already run their own network on their own hardware and software. This is because they cannot have a profit margin by relying on another vendor. It would be cheaper in the long run, to run on your own hardware and software managed and manufactured by themselves. Furthermore, it will be near impossible to run the biggest cloud architecture in the world and run the network on some other vendor. They would most likely run their underlying network as a fabric, controlled by Software Driven Network SDN such as OpenFlow and run the rest of the architecture virtualized and controlled by the AWS console.

It is always best to have Two-factor authentication (2FA) to any method of access control. The following post will guide you to enable 2FA on Debian Linux environment.

It is assumed that we will be using Password Authentication in conjunction with 2FA.

Install Google Authenticator

apt-get install libpam-google-authenticator

Edit /etc/pam.d/sshd and add the following.

auth required pam_google_authenticator.so nullok

Edit the file /etc/ssh/sshd_config and make sure you have the following enabled.

UsePAM yes
ChallengeResponseAuthentication yes

Run Google Authenticator from the account.

google-authenticator

Add the account to your Google Authenticator app and save the emergency codes.

When it comes to subnetting most people usually stop at /30. This will give them a netmask of 255.255.255.252 thus resulting in two usable IP address along with one Network and one Broadcast address.

The /31 subnet prefixes was introduced in RFC3021 which defines that it can be used on a point-to-point link. A point-to-point interface does not need broadcast address, therefore we don’t really need to assign a /30 address prefix. On a /31 bit segment, both addresses are interpreted as hosts addresses.

The main advantage of using /32 prefix will enable us to limit the number of network address required on a segment. Therefore, if a company using multiple point-to-point networks using public IP addresses, then they will be able to save half of its allocated IP space.

This post will cover the IPv6 configuration on Ubiquiti Edge Router ERPoE-5 running Version 1.9.1. I will be going through the whole process of setting up IPv6 connectivity using Hurricane Electric 6in4 tunnel.

I will not be using the real IP Addresses, however the reader should be able to understand and substitute for their own configuration.

This is a home network, therefore a lot of aspects are not considered in the design!

Overview

• There are three VLANs. (Main (1) , Guest (2) , Automation (3) )
• Since there is no native IPv6 support from my ISP, I am using a 6in4 Tunnel to get IPv6 working.
• The EdgeRouter is the public facing device connected to a vDSL Modem via eth0.
• The Ethernet interfaces eth1, eth2, eth3, eth4 are bridged via bridge interface br0.
• Bridge interface br0 has a 192.168.1.1/24 RFC1918 address assigned to VLAN1 and also used as the management IP.

Part 1

In this part, I will be covering the tunnel creation. You need to head to Hurricane Electric [here](https://www.tunnelbroker.net() and get yourself an IPv6 tunnel. I have used a /48 Routed Prefix for my configuration which you can see below.

The Route Distinguisher (RD) and the Route Target (RT) can be somewhat confusing to someone who is trying to learn the concept on MPLS. In this post, I will try and explain what RD and RT are in relation to MPLS.

To answer this question, we will use the following diagram.

T he following Exim mail servers error was encountered while sending out mails. The original error was experienced by Gravity Forms WordPress plugin. However, I was able to test it out by using command line to rule out the plugin.

someone@domain.com R=virtual_aliases: No Such User Here

The debug message I received via Gravity Forms is the following. This confirms the mail has been passed on from WordPress to the mail server.

2016-03-25 11:06:04.042748 - DEBUG --> GFCommon::send_email(): Mail was passed from WordPress to the mail server.
2016-03-25 11:06:04.153172 - DEBUG --> GFFormDisplay::handle_confirmation(): Sending confirmation.

Before I go any further, I would like to give some background information on domain.com, which the following aspects are hosted as below.

Even though I am a big advocate on promoting IPv6, I have came across Debian’s APT / apt-get stuck with the following message. I believe it is due to an issue on the serve concerning the FQDN
http.debian.net and security.debian.org. The easy way to fix is to force APT to use IPv4 as opposed to IPv6.

Visco VIRL sometimes throw the following error stating KVM acceleration is not available on hosts running ESXi.

INFO: Your CPU does not support KVM extensions
KVM acceleration can NOT be used

You can also run the kvm-ok command to find the status of KVM accleration.

This is due to a missing setting on ESXi Guest OS and the following parameter needs to be added VM’s .VMX configuration file.