Hello all,
Would any of you know if the following scenario is "doable"?
We run an old Exchange 2010 infrastructure at my work, and there is no way
they are going to spring for newer: getting them to go from 2003 to 2010
was an ordeal...
Could I set up an Ubuntu Postfix "relay" server between Exchange and the
Internet, that also permits one particular mailbox to be accessible from a
Dovecot install on the same server (as well as relaying the mail for that
mailbox to Exchange)?
Yes/no and pointers most welcomed.
Kind regards
Murray Crane
Hi all,
I am having to leave Proxmox behind - every time there has been a power
cut (every 4-6 weeks), the machine has failed to boot. This last time, I
have had to re-install and restore VMs from backup. So I am
investigating what to use instead, in the hope that it will be less
damaged by power breaks.
VBox is familiar, and the machine is not a lap-top, so running windows
24/7 is not a problem, although I suspect I should reboot once a week,
weather it needs it on not. :)
Xen is another option. New to me, but my websites are on Xen on Bitfolk,
so high compatibility.
The VMs are all Ubuntu. If I use Xen I will have to install a Windows VM
because I use software that has no Linux version yet.
Has anyone any advice or warnings they would like to share?
Thanks
Ian
--
Ian Hobson
Tel (+66) 626 544 695
Hello,
It's often the case that customers want to use disk encryption to
protect against someone with physical access to BitFolk's storage¹
reading their data. The major inconvenience with this is that the VM
doesn't boot on its own any more; it waits for the LUKS passphrase
to be typed into the console.
Today I saw this article that goes through the steps of how to
configure things so that the passphrase can be stored in the initrd
file and used to automatically unlock the root filesystem at boot
time:
https://michael-prokop.at/blog/2023/03/22/automatically-unlocking-a-luks-en…
It might be a useful middle ground for someone.
Obviously anyone with access to the initrd file, which is stored in
the unencrypted /boot, could use it to unlock the disk so this
would not protect against someone with root access to a running
BitFolk server².
In general it should also be considered that someone with root
access to BitFolk's infrastructure can read everything written to
(or displayed on) your consoles, so could just wait for your next
reboot to capture you typing your LUKS passphrase in.
Cheers,
Andy
¹ This doesn't have to be BitFolk staff or an attacker, but could be
someone who got hold of a storage device that was replaced and
taken out of service. Though discard/TRIM is used where possible.
² The attack method would be:
1. Take snapshot of customer disk and transfer it off-site.
2. Unpack initrd file from inside unencrypted customer /boot.
3. Use the LUKS passphrase from within that to unlock customer
root rilesystem.
All of which could be done without your knowledge.
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Hello, a question for the Gentoo users (all 4 or 5 of you?):
Where should portage be mirrored from?
We have a Portage mirror:
https://tools.bitfolk.com/wiki/Local_software_mirrors
It started off being mirrored from
rsync://mirror.bytemark.co.uk/gentoo-portage. That started refusing
connections in January so we switched to getting it from
rsync://rsync.uk.gentoo.org/gentoo-portage. That also started
refusing connections as of 9 March.
So where should this actually be mirrored from?
If no one knows / answers then I'll assume no one is using it and
probably just shut it down. There have been no connections to it in
the last week, except for our own monitoring.
Cheers,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
Looks like my trusty old HP Microserver has come out in sympathy for Andy’s :) Unfortunately, it’s running my personal Mastodon instance.
I’m thinking of hosting it with BitFolk instead of at home. I’m the only user at the moment and I don’t envisage having more than another 2 or 3 users. I’m not connected to any relays as I can’t cope with massive timelines and things are going quite nicely as it is.
Does 2GiB RAM sound reasonable as a start? My HP has 8GB and is running other things as well but I rarely see memory usage go above 1.5GB. I’m using AWS (S3 plus Cloudfront) for the media cache (just for fun and because it’s less than £1 a month) so probably OK with 10-15GiB storage.
Anybody already doing this, either here or with another provider? I did spin up an Amazon Lightsail instance just to see what life is like elsewhere and wasn’t that impressed - it uses Cloud-Config which I find a pain in the backside.
Cheers,
Mike
