Video

Good to know the video was helpful I think that's the first time I had to do that, but SHA1 was used for a long time

Thanks for the feedback

It depends Nginx and Apache are popular web server solutions But static websites can be good if you don't need fancy dynamic content They have big advantages of being more secure and quicker to serve content My own blog for instance is just static content built using Hugo www.techtutorials.tv

Good to know I do like Semaphore as I think it makes it easier to automate the maintenance jobs

It's just the wall behind my computers at home After a while the walls or even entire rooms end up with themes After buying a print of Audrey Hepburn, this side of the room became Hollywood actresses

Templates are very useful but now I'm steering towards automating as much as possible; less to backup, quicker to recover, quicker to modify, etc Another benefit of automation though is it's easier to scale because you just deploy the same change And as long as you test a change in a lab, you should get the same result in production

Good to know the video was helpful

Early on, some firewalls didn't even have an implicit block rule Then we got some firewalls that log implicit rules and some that don't Then we got a global setting to enable/disable that logging So at some point it just became a common practice to create your own rule at the end as at least you can be sure

It's hard to believe this used to be a hidden feature and you needed to know the key combination to access it It's so useful

@@TechTutorialsDavidMcKone Yeah. On the version i used on Linux it was hidden as well :(

Yeah, but I was really curious what was on the network trying to contact something in that country You need a baseline to know what your devices are up to, what external computers they connect to, including the country, company details, etc. Turns out the IP address is actually allocated to an ISP here in the UK But for some reason Zenarmor thought it was allocated to someone in Australia

Now that says something I've got used to the annoying update reminder, but didn't notice the font

I've never ran into that issue myself, but good to know Thanks for sharing

Thanks for the feedback I think Node-RED makes it so much easier to set up automation rules and troubleshoot them I don't know of another smart home solution that incorporates anything like this, which gives HA such an edge So, good to know the video was helpful

It's from a root CA using openSSL I have a video for that if you're interested czcams.com/video/nOSl4dmywe8/video.html But now I'm leaning towards Step-CA as it basically automates the certificate process, a bit like Let's Encrypt, but it's an internal server czcams.com/video/fhqnj4J7gpU/video.html

Thanks for the feedback and good to know the video was helpful

Thanks for sharing

You don't need VLANs or LACP to bind links together But both sides of the link do need to be configured so that they're in agreement and you can't configure anything on an unmanaged switch so you still need a managed switch

Good to know the video was useful

Thanks and good to know the videos are useful

Good to know the video helped

I like that they built this into the system A NAS usually has a built-in cloud backup solution so it makes life much easier for offline backups

Unfortunately I don't use xcp-ng anymore I suggest you check with the forums

Thanks for the feedback I did look into tools like terraform but it's just an extra tool to learn I've found I can get everything done just using ansible, and my main goal has been to be able to rebuild everything from scratch with less effort I do use vss but sometimes it gets in the way, messing up file structures

Maybe someone else can answer that as I don't have one Personally I prefer to use virtual machines for management

@@TechTutorialsDavidMcKone thanks for answering. One more quick question., would I still need a router to go in between the modem and the switch or does this switch have that functionality built-in omada software

@@FamilyTuned The expectation is that the switch would talk directly to the controller

You can find the details on my blog www.techtutorials.tv/sections//ansible/ansible-gui-semaphore/

That sounds bad According to the specs, it should have 160Gbps switching capacity Are you using supported SFPs and cables? And are you using Jumbo Frames, because without it the standard Ethernet frame size is limiting? Have you asked for a replacement or refund? When I tested mine I was getting near line speed between two ports, but only when using iperf In real life it's unlikely to see that throughput with applications, operating systems, network drivers/buffers, etc not being able to push traffic to the limit So while iperf achieved high throughput, data transfers using smb/samba are slow, because the network throughput is too fast for even an SSD to write the data quickly enough and the computer's buffers soon run out Congestion algorithms then kick in and things slow down, speed up, slow down, etc

Glad you liked the video

I think this has been asked before but It's something I'll need to look into

Difficult to say as I've moved onto a supervised installation But if you can't connect you need to check the logs for instance to see if they report a problem, both on the client side and in HA Each module usually has it's own log page so it shouldn't be too hard to find as it's in the same place where you first go when configuring it If you're connecting from a Linux computer for instance you can run SSH in verbose mode by adding the -v parameter, e.g. ssh ha.local -v -i mysshkey It does provide a lot of information so it's a matter of looking for lines saying why it couldn't connect

DHCP needs a DHCP relay agent when computers are in a different network If I understand this correctly, the clients use one interface of the router, but Kea uses another In which case, the router interface on the client side needs to be configured with a DHCP relay agent That relay agent will also need configuring with the IP address of Kea What will then happen is the clients will send out DHCP broadcast messages The DHCP relay agent will then create unicast messages and send them to Kea, i.e. acting as a relay between the clients and DHCP server Without that relay agent, the broadcasts just get ignored because routers don't forward broadcast messages by design

@@TechTutorialsDavidMcKone thanks for answering, The idea is use a mini pc as router, in that case the clients should use the Kea interface and the traffic must be redirected to internet: +---------+ client <=> | kea_if ext_if | <=> cloud +---------+ But you mention the relay, has Kea a relay configuration or should I add something extra to work as a relay agent?

@ If the clients are in the same network as the DHCP server then it should be picking up the broadcasts itself Check the logs as it's usually quite helpful, for instance Kea might receive a request but it couldn't provide an IP because there wasn't a suitable subnet configured for instance I tend to open a terminal session and run this command on a Linux computer sudo tail -f /var/log/syslog You'll then see live output And you can use Ctrl-C to cancel that Another thing to point is there may be something else using the DHCP server port I had someone mention they were using Ubuntu and dhcpmasq was installed and running That had to be removed to allow Kea to work Another thought, is there a personal firewall installed and does it allow access to UDP port 67?

@@TechTutorialsDavidMcKone nothing else installed, I will try with dhcpmask, thanks 😃👍

Ansible modules are usually just overlays for commands You can do a lot with Proxmox using the qm command pve.proxmox.com/pve-docs/qm.1.html In there you'll find information about options like "import-from"

@@TechTutorialsDavidMcKone I hadn't looked at the module code or the qm CLI which is surely just wrapping the API. I stopped at the community.general docs where it said "it supports these properties", and its lists literally TWO out of the nearly FORTY that are in the qm create section of the manpage. I need to go make a pull request on those docs. Thanks again.

Proxmox VE now has a built-in notification service which offers rule matching You can find it at Datacenter | Notifications I haven't used it myself though as my cluster is still using the older Postfix method. This works as is, so I've no incentive to change it Mailrise supports a lot of alerting methods This video covers sending messages to slack, by sending emails to slack@mailrise.xyz But if you want to forward emails instead, you will need to add those options to the config Check out the Apprise repository for more info github.com/caronc/apprise

Unfortunately I don't use xcp-ng anymore and haven't run into this issue I can only suggest checking out the forums

@@TechTutorialsDavidMcKone I was using it as a test for my HA, still in the process of moving from ESXi. Any suggestions? What are you using now? Thanks so much for everything, thank you for your time.

@@TechTutorialsDavidMcKone oh, I see, Proxmox? :)

@@AlexDiamantopulo I settled on Proxmox VE. I was already familiar with Debian at the time, so it made sense in case there was CLI worked needed. But most things can be done in the GUI anyway

Thanks for asking I don't do software development but if you can provide a link to the website I might still look into this to see if anything fits in with what I cover on this channel

Good to hear the video helped

Good to know the video was helpful

I've never touched one, but I'd be sceptical of buying it based on the review by STH I just looked at

You have to be very careful patching an Internet connection into a switch, if that's your plan I would suggest picking a different VLAN to VLAN 1 That's because switches send out "system" traffic to VLAN 1 In theory you shouldn't be receiving any of that from the carrier, but you certainly don't want to be sending any out to them So pick anything else and set this as an access port, i.e. one that has no tagging but traffic in will be set to VLAN 200 for instance and traffic out will have the tag removed; The carrier won't know or even care about your VLANs You can then patch a firewall for instance into another port that's configured as a trunk port, i.e. it supports tagging for VLAN 200 as well as your internal VLANs This way, Internet traffic is mostly switched between the carrier port and the firewall port The only problem is switches flood traffic when CAM table entries expire and so you can end up with occasions when traffic is going to other ports in that VLAN until a MAC is relearned One way around this is to hard code the MAC address to the port, but if a MAC address changes, things break and you have to update the entries You also have to be very careful and guard against VLAN hopping, hence why in the end it's easier and safer for companies to have a "throw away" switch that does nothing but connect a firewall and carrier link together When you're on a budget though, an access port shouldn't accept any tagging and so it's the next best option As to what switch you buy, well that depends on your end goal and budget i.e. how many 10Gb ports you need now and think you may need in the future At the time I bought this, an 8 x 10Gb port switch was about my limit, and I think I was comparing this with ones from Ubiquiti, QNAP and Mikrotik Combinations of 10Gb and 2.5Gb ports for instance were starting to come out as well, but I've got servers, a NAS and a video editing PC and so my only interest at the time was 10Gb ports Switches like this with SFP+ ports, can usually support multiple speeds on a port though, making them more appealing for the long term. But they are more expensive All I would suggest, is look and see what those vendors offer now I've just been looking on QNAPs website for instance and there are a lot more options to choose from now As to media convertors, that really depends on the end devices so you'll have to look for compatibility For instance, I went with the easy option of filtering for Intel and TP-Link 10Gb SFPs on Amazon as the computers have cards made by Intel for instance

@@TechTutorialsDavidMcKone Thanks. Many things I had not considered. I have a QNAP NAS that has been very good. I've never used their networking products though. Everyone talks about Ubiquity, but I am the opposite of whatever a fan is. I still have a box of Ubiquity stuff that I won't even give away because of their take on security. Then there is their camera line. AMAZING image quality and Phenomenal sound, but when 1 out of 5 bricks when you update them and they are out of warranty... Na. I have used lot's of TP-Link home networking stuff in the past and I have their 1+4PoE+ switch that powers four Raspberry Pi ClusterHat clusters. They always seem to manage to put in nice features you usually only see on higher end equipment. For instance this 1+4PoE+ switch has active monitoring if you are using static IP. It will ping the IP and you set how long it can go without responding before it power-cycles the port. Though I do have a 2960L 48port 10/100/1000 sitting here, I generally consider Cisco and Juniper to be much too pricey for home networking. Cisco is always solid and though they get more than their fair share of vulnerabilities they are very quick to fix it. I guess it's because you pay ENTERPRISE dollars for their support contract to be able to download updates. With all of the very detail information you have given me, I think what I need to do is find a good SBC with two 10Gbps ports to use as an edge router. There are a few and they are all SFP ports so I still face the issue of finding an SFP module with a single mode SC connector (www.amazon.com/dp/B0B4HG6XPV). If I can find the module then there are a few SBC that with 2x10Gbps SFP that will run FreeBSD, which means they should run HardenedBSD as well. That should make for a good edge firewall. I guess I can still use the provided media converter and just get a 10Gbps RJ45 SFP module. I believe I mentioned in my first reply I'm no vlan expert, and with everything you detailed I think I want to steer clear of having the main edge connection directly connected to the router. Thank you very very much.

I'll add it to my list

@@TechTutorialsDavidMcKone thank you man 👍🏻

Any interesting perspective but bear in mind there is a large audience out there, with different backgrounds, different levels of understanding and each with their own take on the type of content they want Now, not many videos go into the details that I look for Folks are told to just to do this, do that without any explanation as to why That's the type of video I would be interested in, hence why I make videos this way

Thanks for the feedback Out of curiosity did you hardcode the version on the NFS server end? I prefer the default mode because both sides will then agree what version to use and when a newer version of NFS comes out I won't have to update the mount(s) They should opt for the highest version they both support as part of the negotiation So I'm using TrueNAS Scale as the server and PVE 8.x for instance as the client and both ends have agreed to use 4.2 You can find out what version they pick by running this command on a PVE node nfsstat -m

Thanks for the feedback I'm afraid my thought process and hand aren't usually in sync, which may explain the cursor movement

You could login as root and manually add the Ansible account to the sudo group If that fixes things then the problem is getting Ansible to grant sudo rights and it needs looking into It can help to run a playbook with the -v flag to get more information about what's going on Sometimes I have playbooks jumping between user accounts for instance and I find the wrong account is trying to do something or the task does/doesn't need sudo rights, so that extra information helps pinpoint the cause

If the switch doesn't support VLANs (802.1Q) , then the VLAN tags have no relevance You would then have connectivity problems

@@TechTutorialsDavidMcKone looks like tp-link TL-SG105S wont work. Was thinking to run opnsense on proxmox... Will get double NIC card then ... Thank you!

Thanks for the feedback, always appreciated