Since our BIND server currently does not support TLS secured queries natively, we will be using Nginx rather than Stunnel to provide a secured endpoint. Not only is Nginx already part of our system, i...
TLS
Mail Server using LDAP backend w/ Postfix and Dovecot
We will set up OpenLDAP as backend for our mail services using a custom schema for our users. The schema uses a dedicated organization unit which acts as a container for our hosted domains and users. ...
Drop clients which do not indicate server names
Sometimes we want to drop clients which do not send valid server_names but probe our Nginx IPs. Using Server Name Indication (SNI) for our virtual hosts we want to drop all clients which do not speci...