Try not to use paths, you’ll have some weird cross-interactions when two pieces of software set the same cookie (session cookies for example), which will make you reauthenticate for every path.

Subdomains are the way to go, especially with wildcard DNS entries and DNS-01 letsencrypt challenges.

I’m a fan of SystemRescue. It’s specifically designed for backing up and fixing disk layouts, and it supports both BIOS and UEFI booting.

I’ve never tried it on Secure Boot enabled devices (I usually disable secureboot before troubleshooting systems), so I do not know if they use a valid signed efi-stub.

For “simple” stuff, I usually boot a live ubuntu image. If the machine has sufficient RAM, I can get away with installing quite a few packages that I need for troubleshooting (gparted, gdisk, etc.).

RemindMe! 5 months

I second that. Amazing easy to use, configure, supports (LetsEncrypt) certificates via DNS-01 challenge and integrates with ease with most DNS providers.

Paired with authentication providers (keycloak, authelia, authentik), the “advanced” textbox lets you do forward proxying really easy, or customize your “basic proxy”.

I’m not sure how many of these features are present in Traefik, it would be really nice if any of you know if any of these are easily supported in it:

• Forward proxying
• Custom rewrites (nginx internal; rewrites)
• Unattended DNS-01 support with ACME (LetsEncrypt)

Very capable tool, and useful in some cases. Does require security of the ptrace call to be unset (ptrace_scope) or set to the default (insecure one).

I’m a big fan of using ptrace_scope to restrict PTRACE_ATTACH to only allow parents (or grandparents, etc.) to attach to children. Quite useful - this particular security feature was unique to grsecurity and was good enough to be implemented in mainline (changed).

If you care about whether user processes should not be able to attach to other processes under the same UID, don’t use it though!