Regalis Technologies log

Regalis Technologies

technical blog about GNU/Linux, C++, security, electronics

» Make your internal infrastructure offline!

Mon 02 June 2025 in security by Regalis

Keeping your infrastructure isolated and carefully splitting hosts/VMs/interfaces in to the air-gapped security domains is crucial. It is one of the most effective techniques for securing infrastructure against data leaks and remote takeovers.

Why is it so important?

  • Eliminates entire classes of cyberattacks: attackers can’t hit what they can’t reach. Ransomware, zero-days, and automated botnet most likely require inbound/outbound connections to work.
  • No silent data theft – if malware or a malicious insider tries to steal your data, they can’t call home without Internet access. Data stays inside your walls.
  • Simplifies monitoring & forensics - in an offline network, any unexpected connection attempt is an instant red flag (vs. noisy Internet traffic).
  • Future-proofs against unknown threats.
  • Real Zero Trust (without the complexity).

Local Nginx caching proxy + Harbor

Isolating your infrastructure from the Internet prevents direct access to external package repositories and container registries. To maintain updates and deploy containers, you'll need to set up a local caching proxy to serve these resources internally. While this adds some setup, it ensures your environment remains secure and fully operational without external connectivity.

Key benefits:

  • packages are downloaded only once - once fetched, they're distributed via local network, dramatically speeding up multi-host updates,
  • new host deployment (e.g. from templates) becomes instantaneous since all packages are already locally available,
  • no tooling changes required - everything works exactly the same way (just standard apt update && apt upgrade),
  • container images are also cached (Docker/Podman/Kubernetes), using Harbor.

It’s not as hard as you think... Let's go! 🧑‍🏭

Read more

» How to update an offline GNU/Linux system using SSH?

Sat 31 May 2025 in ssh by Regalis

Introduction

Throughout my many years in business, I have constantly encountered servers connected to the Internet... Although it is not necessary. Keeping your server offline is one of the most effective ways to avoid serious security issues such as data leaks and remote takeovers.

What is the most common reason for connecting servers to the Internet? Well, the most common reason I hear is "I have to update it somehow."

There are a few ways to update offline servers very conveniently. Today I'll show you how to do it very easily using ssh. It's not the optimal technique for many servers, but you might find it useful.

A more efficient method for updating multiple hosts is described in my other article about why you should keep most of your infrastructure offline.

Read more

» Building a powerful GNU/Linux workstation with a blazingly fast storage

Wed 11 October 2023 in gnu-linux by Regalis

It's been a while since the premiere of the latest processors for the AM4 platform. That is exactly why it could be the best moment to build a powerful workstation based on this platform (as it comes to performance + stability vs. price). PCI-e 4.0 NVMEs are cheap and have successfully passed the test of time, not to mention DDR4 memory which is widely available and also relatively cheap.

It so happens that I have some AM4-based equipment left in the lab - it is a great opportunity to start a new series about building the ultimate GNU/Linux workstation from scratch.

Regalis Technologies - building AM4-based GNU/Linux workstation

Have you ever wondered what really affects the speed of your computer? Is it a CPU? Or RAM? Not at all... The perceived speed of your system depends mainly on the speed of your storage. I bet you have an intuition that the feeling of using a computer with the latest processor and an old HDD would be very bad.

I will try to demonstrate how to push the speed of mass storage to its limits using a regular home PC. I can assure you that this option is much cheaper than buying a new computer with PCIe 5.0 and what's even more important - the result is much better!

The goal of this series is to present an approach that will lead to building a stable and powerful workstation capable of achieving enormous storage speeds (~30GB/s and more).

All this using Free (as in freedom) production-ready, server grade technology - GNU/Linux.

Read more

» Configuring the SSH client

Mon 02 January 2023 in ssh by Regalis

This part of the SSH series will cover the configuration of the OpenSSH client.

Configuration sources

The ssh client obtains configuration data from the following sources (in the following order):

The client will use the first obtained value for each parameter. Configured options will be used not only by the ssh itself, but by a lot of other tools as well. That is, among others: scp, sftp, sshfs, git, ansible and any other tool which uses the OpenSSH library/suite.

Read more

» Using SSH - the right way

Wed 07 December 2022 in ssh by Regalis

Introduction

The Secure Shell Protocol (SSH) is probably the most used protocol by devops/sysadmins around the world.

Most people think of the SSH as a method of accessing a shell on a remote host. The fact is that this is just one tiny usage example of the SSH. Some other examples include:

Being familiar with all the above features is absolutely essential for any SSH user - both for the sake of convenience and for the security.

Read more

» Steganography - brief introduction

Tue 05 October 2021 in steganography by Regalis

In this article, I will introduce the interesting field of steganography. My goal is to show the basics of steganography and to present a few techniques that will allow you to write clean, simple and, yet powerful program.

What is steganography

Steganography is a practice of concealing a message within another message (or a physical object) in such a way, that the message does not attract attention to itself as an object of scrutiny.

Whereas cryptography is the practice of protecting the content of a message alone, steganography is concerned with concealing the fact that a secret message is sent.

Read more

» Hello world

Fri 10 September 2021 in articles by Regalis

I'm happy to publish my new blog. This is my second approach to finding my place in the wide world of the Web. This page is intended to be a collection of interesting articles which will not only allow you to discover new things, but also gently introduce you to the details of GNU/Linux operating system, programming, security and electronics.

Base on the conclusions from the previous blog - this time the articles will be published in smaller parts, divided into series. Each series will consist of several articles which together will present a complete solution to a certain problem.

What to expect

The order in which articles will be published may be subject to change.