Installing Vaultier under Fedora


So there I was; trying to install Vaultier on a dedicated CentOS machine. Turns out there is only a docker installation, an installation script for Ubuntu and manual install. And for the latter it’s only for Ubuntu (or Debian). Tough luck.

But how hard can it be to install this in CentOS? Next to impossible. The software shipped in the default repositories (and epel) are too old to actually get it to work (without compiling a lot on my own, but that would break the nice updates). And updates are a must on a server that handles sensitive data.

So I took the next best thing: Fedora 24 Server. Even that turned out to be ugly; but in the end it worked. Here is how I did it.


Fedora 23 and fwbuilder

Fedora & Fwbuilder

For both work and private entertainment I have been using fwbuilder, a graphical clicky-clicky firewall configuration tool that totally rocks when you have a shitload of servers to manage. Added a new trusted ip? net? *click*, done. And by deploying the rules with puppet it’s a breeze and almost fun.

As only of recently I began using Fedora (both vanilla and kde spin) as my workstation OS, and so far I like it. Before that I have been using Ubuntu 12.04 LTS since it came out. But it was aged and the upgrade kind of failed (ati, *cough*).

So back on my new and shiny Fedora Station I typed the magic words:

~ $ sudo dnf install fwbuilder
Last metadata expiration check: 2:05:43 ago on Tue May 3 13:21:44 2016.
No package fwbuilder available.
Error: Unable to find a match.

Yikes! Fwbuilder is not in the main repo. I googled and it turns out fwbuilder was removed back in Fedora 21, running 23 any hope of using a 21’ish rpm is gone. Tarball of binaries? No. Nothing.

rpmfind et all does not yield any sort of result. So we need to get our handy dirty.

Lenovo S21e, Linux and the Touchpad

The ‘Ahh’.

I recently bought a Lenovo S21e notebook. I wanted something light, thin and before all: cheap. The usage of a notebook is restricted on doing stuff on the balcony or garden; “stuff” being puppet code, general server management and light web applications. For that the tiny S21e for a mere 180€ at amazon (note: the price actually increased since I bought it) seemed good enough. Sharp display, full size keyboard and no fans or other moving parts. It has no SSD either; the mass  storage is an embedded 64Gb flash card which speed is in between a native spinning hard disk and a SSD. The soldered 2gb ram seemed enough for it’s task and the quad core Celeron; well, it’s a Celeron.

It came with Windows 8 & Bing pre-installed. I always boot into the pre-installed system at least once to test the hardware for defuncts. Later on you can’t tell if it’s a hardware or software problem. A practice that sure helped me…


Upgrading Alfresco

The Situation

I am using Alfresco as a personal document archiving system for all my personal things. Everything that gets (snail-)mailed to me get scanned with my document scanner, which does OCR, page cutting, rotating and optimizing, and then uploaded to alfresco with pretty much one click. Well, one button (scanner), then I need to supply a file-name and finally the document is added via drag&drop to Alfresco. This system works great, even my wife uses it (frequently). The only thing that’s kept on paper are important documents like insurance policies and things like that.

As this is obviously a critical piece of our “digital lives”, it needs to be stable and somewhat up-to-date. I opt-out of going after every update and I seem to upgrade Alfresco only once a year, which works well for me. My Alfresco installation in shielded from the internet, that is, it’s on my private (non-internet connected) server, so bugs and exploits are of no concern here.

Now installing and running Alfresco is straightforward, consisting out of downloading, running and doing the setup and configuration wizard, period. But as some point, you do want to upgrade it. And this is where the fun starts.



Hey folks,

most of you know Atlassian, makers of fine software such as Jira or Confluence. They are in the business of creating tools for companies to manage their programming workflow.

Jira is mostly used for process management and agile development. You create a incident, bug report or an agile Story and you follow this incident throughout the process of its lifetime. It’s awesome. I am using this even for my private things like managing my list of todos. Heck, even my wife has joined in and submits “life bug reports”. Yeah, that garden needs the weeds done, I get it.

I also like to document my personal stuff with confluence. Documenting stuff really can be fun! My wife also likes to write down recipes. And you can link the applications together, so that they become super-integrated. Yeah, I am a big fan!

I would use it for – to manage the team, bugs and all that, but there is a downside to the beauty. It’s not freeware (and this piece of software sure does deserve the odd time). Given the fact that the target user are companies, their licensing models scale up in the thousands, so that’s a no-go for freebies like me.

There is one ray of hope, tho. They are offering a community license to verified individials that are non profit.  I applied for such a license, pointed out all the good things we’re doing and got a reply:


Thank you for your recent community license application.
Please allow ten to fourteen days for your community license application to be processed. We’ll be in touch via email.

I am totally eager to await their response. With that software, especially that confluence license, I can finally make that public Howto-Forge I always wanted. And document the entire server. Lots of work, if approved.

Everyone keep their respective fingers crossed!

Update 05th July: We got accepted! More details later!

Go Atlassian! \o/


Are you in?

“On June 5, I will take strong steps to protect my freedom from  government mass surveillance. I expect the services I use to do the same.”

– me, on

This is not a new pledge. From the very beginning I always tried to create an “territory in the internet” that is free from foreign control, where no ad’s are served (and thus personal information collected and handled) and most of all communications are encrypted.  My Webservers all score A- to A+. The XMPP Server is not only free to use, but enforcing encrypted connection for server to server and client to server.

I am running free Software where I can, be it the operating system or the servers themselves.

Our little piece of the Internet is well guarded, mission accomplished.

Why run a private CA?

As to the “why” I am running my own certificate authority.

Consider a signed certificate from a trusted issuer, like thawte or verisign. They check if you are in control of the domain in question by sending an email to a predefined address, like If you can respond to that email, then the validity of the address is confirmed. That’s it.
Do you trust them because you know them? Do you trust because they check the administrator/ the content thoroughly?  You trust them because your web browser insinuates you to trust it.
The point of the Internet is to decentralize pretty much everything. Consolidation means placing the power and trust in one concentrated spot. If that spot gets compromised, everything gets compromised. If that spot is under control of one company, then you are for all intends and purposes slave to that company (say google?).
Other encryption ideas like GPG take a web of trust approach.

By running my own certificate-authority I am decentralizing the web of trust from the few global players back to the content providers. And by doing so I’ll give you a choice: You can trust me that I am in control of my own server and by doing so you trust all the services I provide — or you don’t. You can even revoke the trust later on if you chose to. Try and distrust thawte. Or verisign.

I am inviting you to do the same – try running your own CA. You will learn a lot in the process, too. And put the trust back where it belongs, to the owner.

The choice is yours.

There we go.

It’s 2013,

and having a simple splash screen with the servers logo does not cut it anymore. Incredibly has made it from 2001 to 2013, thats nearly 13 years of service, with only two major downtimes in all that time. I honestly can’t tell just how many petabytes of data we have pushed around, but it’s save to say a few.

Also, with the new upcoming projects this server just asks for a new, central place of information. This is it.