Install Jenkins on Kubernetes with Helm
This guide walks you through installing Jenkins in a Kubernetes cluster using Helm, with: Prerequisites Save this as jenkins-pvc.yaml: Apply […]
Jenkins, Kubernetes
Engineering field notes
Practical DevOps, Cloud, and Android Infrastructure Notes
Tested walkthroughs from real lab and production-style setups: Ubuntu, Kubernetes, CI/CD, self-hosted services, storage, networking, and Android builds.
Ubuntu
Kubernetes
CI/CD
Homelab
Android
HAProxy, OPNsense
Set Up HAProxy for TLS Passthrough with SNI Routing on OPNsense
In this guide, we’ll configure HAProxy on OPNsense to support TLS passthrough with SNI-based routing. This allows secure HTTPS traffic
AWS, OPNsense, WireGuard
WireGuard VPN on OPNsense 25.1
Architecture Overview: This setup runs WireGuard on an AWS EC2-based OPNsense firewall (WireGuard server) in the public subnet (10.0.0.0/20). The
AWS EC2, BIND, OPNsense
Configure BIND on OPNsense 25.1 as Internal DNS Server for AWS VPC
Overview Component Value Internal domain maksonlee.com DNS server IP 10.0.128.4 (OPNsense LAN IP) System DNS 127.0.0.1 (loopback) Forwarder AWS DNS
Let's Encrypt, OPNsense
Let’s Encrypt on OPNsense 25.1 Using DNS-01 with Cloudflare
You’ll need this to allow OPNsense to modify DNS records for validation. You may need to re-login to the WebGUI
AWS EC2, OPNsense
Deploy OPNsense 25.1 Nano on AWS
Architecture Overview: Interface Subnet Private IP Public IP WAN (ena0) test-subnet-public1-ap-south-1a 10.0.0.4 Yes LAN (ena1) test-subnet-private1-ap-south-1a 10.0.128.4 No ⚠️ Do
AWS EC2, OPNsense
Create an EC2 AMI from Official OPNsense 25.1 Nano (raw) Image
This post shows how to convert the official OPNsense 25.1 Nano disk image (.img.bz2) into an EC2 AMI using VM
OPNsense
Build OPNsense 25.1.3 Nano Image from Source
OPNsense 25.1.3 is based on FreeBSD 14.2, but follow the build host version recommended by opnsense/tools for your chosen tag.
Let's Encrypt
Automatically Renew Let’s Encrypt Certificates Using Certbot on Ubuntu 24.04
Certbot is designed to automatically renew certificates before they expire. The process works as follows: To verify the timer is