Accessing Multiple Services over HTTPS via SNI Proxy

Like most people (OK, maybe not most…), I have a range of locally hosted services that I like to access remotely. Because of the joy that is IPv4 depletion (long live IPv6) I’m forced to use different ports for internet access, which is hard to remember and annoying to set up. And because the internet is a bad place, I prefer to use encryption where possible to keep everything safe on it’s journey across the internet. Sure, something like SSH tunnels would work, but that would still require remembering the different port numbers, and isn’t compatible with all devices (such as mobile clients).

Enter SNI Proxy

After some research, I decided to put an end to both these problems, with an install of SNI Proxy. SNI Proxy is a generic HTTP and TLS proxy that identifies the internal host from TLS’ server name indication (SNI). This allows it to seamlessly proxy multiple services on the same port, and heavily increase the WAF for services like https://coffeemachine.jacobmansfield.co.uk and https://photos.jacobmansfield.co.uk . It also makes a nice place to centrally manage SSL certificates and Let’s Encrypt renewals I was under the impression that SNI Proxy could also terminate an HTTPS/TLS connection, though this now appears to be incorrect. (Though I do this on each host, as SNI Proxy doesn’t handle my IPv6 traffic). So, let’s get installing.

Continue reading Accessing Multiple Services over HTTPS via SNI Proxy

Installing Skype on Debian Jessie

Skype LogoGoing to keep this one quick, here’s a quick guide for installing Skype on Debian Jessie. This is based on version 4.3.0.37, but should just need a URL switch for newer versions.

wget http://download.skype.com/linux/skype-4.3.0.37.tar.bz2
tar xvf skype-4.3.0.37.tar.bz2
cd skype-4.3.0.37
sudo aptitude install libxv1:i386
sudo aptitude install libxss1:i386
sudo aptitude install libqtdbus4:i386
sudo aptitude install libqtwebkit4:i386
./skype

From there, you should be able to log in and chat away. Details on autostart (on login) to follow.

Shrinking Raw Disk Images

I recently had a Raspberry Pi image that I wanted to deploy to several Pis (is that the right plural?) for production use. During development of this, I worked on a 32GB SD card for some breathing room, but to save costs, we decided to deploy onto 4GB cards.

This left me with a small issue. Although the file system on the SD card was only using 2.5GB of space, any image files from it were still 32GB, far too large to go onto the SD cards. I need to remove the white space from the end of the image to make it fit. So, here’s a quick tutorial on shrinking raw disk images.

Continue reading Shrinking Raw Disk Images

Testing for SSL Vulnerabilities

2015-04-28 16_15_44-SSL Server Test_ jacobmansfield.co.uk (Powered by Qualys SSL Labs)
Qualys Labs Server SSL Test for jacobmansfield.co.uk

So around now is the annual SSL certificate renewal for most of our internal servers, and I thought it would be a good idea to check them all for SSL/TLS vulnerabilities. A quick Google later, and I’m looking at Qualys Labs SSL Server Test. The scan is nice and shiny, and give an instant (2-3 minute) overview of a server’s security. It also takes care of DNS round-robin to make sure all your servers are handled (though sites with HLBs or similar may need more attention).

Continue reading Testing for SSL Vulnerabilities