Posts

Home VPN with DNS server

you have some servers at home (e.g. a kubernetes cluster) but you want to work with them at Starbucks or out in the green? Here is how to setup a VPN server in your home network with a DNS server that would resolve anything you want. The DNS Server Even if you don't need the VPN, you can set up a DNS server, that would resolve any host you want. Of course you can just put the hosts in the /etc/hosts file on every device, but that could be tricky if you have a lot of devices/VMs and change/add hosts frequently, or if you need them on a tablet/smart phone. The following shows how to install and configure the DNS server bind9 on a Ubuntu Server. It could be a standalone server or a VM or even a Raspberry Pi. Install bind9 bind9 is the DNS server that I am going to use. Here is how to install it: $ sudo apt update $ sudo apt install bind9 $ sudo apt install dnsutils Add Forwarders Edit the file /etc/bind/named.conf.options and add: forwarders { 8.8.8.8; }; You can use a

Refreshing Access Tokens in a Reactive Environment with Spring-Boot and Webflux

Image
 Let's say we have a typical oauth2 setup with a frontend service, an authorization server and a resource server, based on Spring Boot and using Webflux. The login of the end-user is processed using the "authorization_code" grant type. Here is how it works: 1. The user opens the URL of the frontend service in their browser (e.g. https://www.mysite.com). The frontend service redirects the user to the authorization server (e.g. https://auth.mysite.com). 2. The browser follows the redirect, opens the authorization server's URL and the user logs in with their credentials. The authorization server redirects the user back to the frontend service, including a code (authorization_code) parameter in the URL. 3. The browser follows the redirect and opens the frontend service URL. The frontend service calls internally the authorization server with the code provided and receives the access and refresh tokens. It stores them in the http session of the user. The login is completed.

Home Kubernetes cluster

Image
Want to learn and/or experiment with kubernetes but minikube is not enough? Then the best way is to have a real cluster of your own. On your home PC, out of charge. All you need is some basic Linux knowledge and a PC with at least 6GB of RAM. The setup in this post uses virtual machines for the cluster nodes, run by Oracle VirtualBox. The OS of the nodes is Ubuntu Server 22.04. The version of Kubernetes is 1.24.3. It was tested on a Windows 10 Host (but should work on any OS, supported by Oracle VirtualBox). Create a virtual machine and install Ubuntu Server Install Oracle VirtualBox , if not already done so and create a VM with 2 CPUs and (at least) 2GB RAM. Install Ubuntu Server on it. Here are the steps in detail: 1. Create the VM, name it "kube01". This will be the control-plane node. 2. Set the RAM to 2GB (2048MB). 3. Create a virtual hard disk. 4. Select VDI as type. 5. Choose dynamically allocated size. 6. Select 20GB for size and finish the wizard. 7. Edit the created

Using and customizing spring-security-oauth2-resource-server with Spring Boot

As you might know, the old spring-security-oauth2-autoconfigure was deprecated and replaced by spring-security-oauth2-resource-server. Here I will try to demonstrate how to use it in a typical setup: web server (as a client, using authorization_code grant type) - authorization server - resource server, with some customization (loading additional properties from the check_token and user info endpoints). The Authorization Server A lot has been going on in the spring framework about this, so I am not going to put much details here. You can use any authorization server implementation, including the deprecated one from spring-security-oauth2 or the new one spring-security-oauth2-authorization-server or any other non-spring implementation, that follows the oauth 2.0/2.1 specification. All of the following examples are based on spring-boot and using spring-security. The Resource Server Dependencies <dependency> <groupId> org.springframework.security </groupId> <