security

A friend wanted to learn Linux, so I offered to spin up a VM under Proxmox. Done. Just kidding. I mean, that would work (assuming you handled port forwarding) if you were hitting an IP, but FQDNs are much easier for people to remember. Except ssh isn’t based on HTTP, so how do you forward them? One way is with nginx’s stream module. Something like this suffices. stream { upstream ssh { server $DEST_IP:$SSH_PORT; } server { listen $FORWARDED_PORT; proxy_pass ssh; } } And that’ll handle one person just fine....

Because alliteration. Moving on. If you’re interacting with APIs of any kind regularly, you probably have the credentials saved somewhere. Maybe you’re already using a solution to securely store these, in which case congratulations, you’re better than most. I, for one, was not. I assuaged my guilt with the knowledge that my Mac’s disk encryption meant that they were protected, but the whole thing still felt icky. This was briefly discussed in Slack, and this method of dealing with the problem came up....