Security - Tag - IT Guy Journals

Building a Home Virtualization Server With Proxmox

Luka Krapić — Sat, 05 Jul 2025 19:21:00 +0200

Running a dedicated virtualization server at home is a practical way to centralize always-on workloads like self-hosted services, infrastructure tooling, or test environments. In this post, we’ll walk through one possible setup using Proxmox VE as the hypervisor, Ansible for configuration management, and Packer to create reusable virtual machine templates.

The configuration is tailored for a single-node homelab using a compact mini-PC, but the principles can be adapted to larger or different environments. All playbooks, templates, and configuration files used in this guide are available in this GitHub repository for reference and reuse.

Building SOHO Network With Ubiquiti UniFi: Step-By-Step Guide

Luka Krapić — Sun, 22 Sep 2024 16:56:47 +0100

In this guide, we’ll take you through building a segmented, secure SOHO (Small Office/Home Office) network using Ubiquiti UniFi hardware. The network will be tailored to isolate different types of traffic, set up VLANs for specific use cases, and apply strong firewall rules to protect sensitive data and infrastructure.

While the principles outlined here are generally applicable to most networks, this implementation is specifically designed for UniFi OS version 4.06 and Network Application version 8.4.62.

Tiered Access To CloudFront Content With Self-Signed Cookies

Luka Krapić — Fri, 19 Jul 2024 16:56:47 +0100

This blog post is a follow-up to our previous post, where we implemented tiered access to S3 data using presigned URLs.

In most production applications, CloudFront is used to serve static content to users. In this post, we will explore how to implement restricted access when serving content through CloudFront.

You can find the complete example here.

What is CloudFront?

In simple terms, CloudFront is a content delivery network (CDN) managed by AWS. A CDN is a network of servers deployed close to end users, serving as a caching layer to improve content delivery speed and reliability.

Kubernetes Secrets Management Using Kubernetes Sealed Secrets

Luka Krapić — Thu, 23 May 2024 16:56:47 +0100

Security is a major concern in continuous integration (CI), especially when managing sensitive information like API keys, passwords, and other secrets. For Kubernetes resources, Sealed Secrets offer an effective solution for securely managing sensitive information within your repository. In this blog we will explore what are Sealed Secrets, how to use them and some common management tasks around Sealed Secrets.

What are Sealed Secrets?

Sealed Secrets is a set of Kubernetes resources, controller and custom resource definition, that enables secure storage of secrets in your version control system (VCS). Unlike standard Kubernetes Secrets, which are base64-encoded and easily decoded, Sealed Secrets use asymmetric encryption to ensure your secrets remain encrypted until deployed to your Kubernetes cluster. Once deployed, the Sealed Secrets controller decrypts them into regular Kubernetes secrets, making them accessible to your applications.

Securing Kubernetes Cluster With Cert-Manager And Self-Signed Certificates

Luka Krapić — Mon, 06 May 2024 16:56:47 +0100

Kubernetes is an incredible tool for deploying, scaling, and managing containerized applications. One crucial aspect of kubernetes security is ensuring that communication between different entities is secure. By default, kubernetes management network is secure and pod network is handled by 3rd party plugin which mostly support encryption.

Today we will focus on properly securing outside-in web communication to our cluster with Cert-Manager and self-signed certificates. We assume that you have access to working kubernetes cluster with ingress controller.