• Dedicated Bakop storage server instances

    We had been running a Bakop storage server in most of the data centers in which we operate. We are just completing a project to upgrade the Bakop service stack software to the most recent versions. As part of this project we switched to using our RimuHosting API. The service now automatically spins up a…


  • Jailkit chroots with SFTP and interactive SSH logins

    Linux has privileged users and non-privileged users. Privileged users (like root) have a user id less than 1000 and typically have super abilities like being able to listen on low number ports (like the port 80 and 443 for web servers). Privilege separation is a good thing. It is recommended when running websites that the…


  • DNS Aliases for bare/root/apex domains on Zomomi and RimuHosting DNS

    Zonomi and – very shortly – RimuHosting have been updated to permit ALIAS records for root/bare/apex domains. Background. Many web services – eg. Azure, AWS, or our own Woop! Host wordpress hosting service – make use of CNAMEs. They let you point a domain like www.example.com to an alias like site-1234.woop.host. This lets the service…


  • DNSSec

    DNSSec lets domain owners give their registrar a key that permits DNS clients to verify the records they are receiving are valid ones for the zone. This check can help to protect DNS clients getting spoofed records from their ISP name servers. After you enable DNSSec you will need to add a key at your…


  • Server patch tool

    Every now and then there is a security issue that has the potential to impact a large number of customers. RimuHosting has created a server patching tool that automates fixing or mitigating a number of these issues for its customers. Automated Schedule-able Web based Permits opt-out per issue Works across different Linux distros


  • Wireguard VPN setup

    Wireguard VPN setup

    Wireguard is a modern, easy to setup, VPN. It has clients for Windows, Mac, Linux, iPhone, Android, and other OSes. In this post we are following the guide at https://serversideup.net/how-to-set-up-wireguard-vpn-server-on-ubuntu-20-04/ First, Order a VM. This will be the ‘server’ for the VPN. You don’t need a lot of memory or disk to run a VPN…


  • PolicyKit security hole

    A security problem was recently announced that affects the linux distributions that we support. This is being called “PwnKit” (a.k.a. CVE-2021-4034). Most distributions have provided updates, so now is a good time to check and load outstanding OS security updates for your VPS, using apt for Debian and Ubuntu and yum for CentOS 7 and…


  • CentOS Stream, RockyLinux and Alma Linux

    Recently CentOS8 reached its supported end-of-life for security updates. For a number of reasons there will effectively be no more stable releases of CentOS 8 or later. Instead developers are being encouraged to look at CentOS Stream as a future proof option for elX based platforms. This is quite similar to how Gentoo and more…


  • Community group discounts: RimuHosting launches its ‘being useful’ initiative

    The purpose of life is not to be happy—but to matter, to be productive, to be useful, to have it make some difference that you lived at all. Leo Rosten RimuHosting is an employee owned business. We have been helping customers with their websites and hosting needs since 2003. Our business is a collection of…


  • SMTP, SPF, DKIM, DMARC, TLS

    Did you know anyone can send an email impersonating your email address? Back in 1971 when ’email’ was invented and later when it was connected to the Internet both email users knew each other. Since then spammers and other bad actors started to abuse this ‘feature’. And since then some new mechanisms have been added…