Cristian Livadaru's Blog

My personal view on things

Wonderwall

Songs, they have this magic abbility to reappear after multiple years when they do, they bring a backpack full of memories with them. Sometimes, our encounter with an old fammiliar song might come from an unexpected place.

Authentik Authorization Webhook

We have a custom application that needs to authenticate users against Authentik, but we also need to assign this user to a group in Paperless NGX. To accomplish this, we will use the Authentik Notification Webhook.

Sync UCS LDAP to Authentik

We decided to use Authentik as our SSO solution, but we need to sync the users from our UCS LDAP to Authentik. The LDAP sync is not that hard, but there are some pitfalls to look out for to getting the right values mapped from LDAP to Authentik.

Database Backups in Docker with Tailscale

Running a Rails application in Docker, with a PostgreSQL is nothing new, the database however needs to be reachable from another site through where Tailscale comes in. This might make backups a bit more complicated, but it’s not impossible.

Postfix complains about Cannot start TLS: handshake failure

Ok, this was a huge waste of time going down this rabbit hole. Postfix complains about handshake failure when trying to send emails over TLS. Non TLS works fine, receiving mails via TLS works fine, what gives?

Backing up databases to Minio S3 with Docker

You have lots of databases and you want to back them up to a central location. You could use a cloud provider, but what if you want to keep the data on your own server? Minio S3 is a great solution for this and with Docker it’s easy to set up.

Generating let's encrypt wildcard SSL certificates with INWX and DNS challenge

Using INWX as a DNS provider for the DNS challenge with nginx-proxy-manager and Let’s Encrypt wildcard SSL certificates is easy, but what the hell is that shared secret?

Generating let's encrypt wildcard SSL certificates with ISPConfig and DNS challenge

Generating wildcard SSL certificates with Let’s Encrypt and DNS challenge is a bit tricky with ISPConfig. It could be very straight forward but there is a little bug in the ISPConfig API or the nginx-proxy-manager that calls the API. Here is how you can work around it.

Happiness is temporary; all scenarios lead to loss

If you could be really happy but knew from the start it would end in sadness, would you choose that happiness or would you avoid it?

Fixing GitLab CI: dial tcp: lookup docker no such host

Another issue I keep encountering with project upgrades, which I tend to forget about, is that during the build phase on GitLab CI, the old dind (Docker in Docker) setup no longer works, resulting in a ’no such host’ error message.