From 42f32f357918acdba211ddbe0ba90e9fdee01002 Mon Sep 17 00:00:00 2001 From: Ales Lerch <13370338+axeII@users.noreply.github.com> Date: Sun, 3 May 2026 17:49:59 +0200 Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=93=9D=20Fix=20em=20dashes=20and=20ty?= =?UTF-8?q?po=20in=20Plex=20post?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 2 +- content/about/index.md | 12 +++++------ content/posts/my-home-lab/index.md | 2 +- .../index.md | 20 +++++++++---------- .../index.md | 2 +- 5 files changed, 19 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index efdfe2f..ac99963 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ themes/blowfish/ # Theme submodule ## ℹ️ About -I wrote a post about migrating from Ghost to Hugo — read it [here](https://blog.axell.dev/favorite/why-i-migrated-from-ghost-to-hugo-and-cloudflare/). +I wrote a post about migrating from Ghost to Hugo - read it [here](https://blog.axell.dev/favorite/why-i-migrated-from-ghost-to-hugo-and-cloudflare/). ## External Dependencies diff --git a/content/about/index.md b/content/about/index.md index bf4f8cb..eeb8404 100644 --- a/content/about/index.md +++ b/content/about/index.md @@ -24,22 +24,22 @@ heroStyle: "background" ## Background -Started as an intern managing GitLab and CI/CD pipelines at [Kiwi.com](https://kiwi.com). After finishing a master's degree I came back as a Python engineer, but eventually found my way back to infrastructure — which is where I belong. +Started as an intern managing GitLab and CI/CD pipelines at [Kiwi.com](https://kiwi.com). After finishing a master's degree I came back as a Python engineer, but eventually found my way back to infrastructure - which is where I belong. ## Currently DevOps/SRE engineer at [Capital Markets Gateway](https://cmgfi.com), where I work on: -- **Kubernetes** — managing AKS clusters at scale -- **Infrastructure as Code** — Terraform for cloud provisioning -- **CI/CD** — GitHub Actions pipelines for engineering teams +- **Kubernetes** - managing AKS clusters at scale +- **Infrastructure as Code** - Terraform for cloud provisioning +- **CI/CD** - GitHub Actions pipelines for engineering teams ## Side Projects -In my free time I maintain **[HomeOps](https://github.com/axeII/home-ops)** — a fully GitOps-managed home lab running on Kubernetes. It's where I experiment with things before they're mainstream (and occasionally break my home network 😱). +In my free time I maintain **[HomeOps](https://github.com/axeII/home-ops)** - a fully GitOps-managed home lab running on Kubernetes. It's where I experiment with things before they're mainstream (and occasionally break my home network 😱). ## This Blog -I write about DevOps, infrastructure, macOS, home labs, and security. Posts tend to be practical — things I actually ran into and had to figure out. The blog itself is [open source](https://github.com/axeII/axell.dev). +I write about DevOps, infrastructure, macOS, home labs, and security. Posts tend to be practical - things I actually ran into and had to figure out. The blog itself is [open source](https://github.com/axeII/axell.dev). Btw if you are on Firefox you will see the background image made by **Damir Babacic** from [here](https://unsplash.com/@onemorephoto). I highly recommend to check out his work, it's amazing. Why the photo is only visible on Firefox? It's because of Firefox's SMIL engine simply can't handle smooth bubbles animations 😢 (it's a known long-standing performance gap). diff --git a/content/posts/my-home-lab/index.md b/content/posts/my-home-lab/index.md index 7649855..9b9ec8f 100644 --- a/content/posts/my-home-lab/index.md +++ b/content/posts/my-home-lab/index.md @@ -1,7 +1,7 @@ --- categories: ["tech", "sys admin"] date: 2021-07-02T23:46:00Z -description: "Introduction to building a home lab in a small space — hardware choices, rack constraints, noise, and heat challenges." +description: "Introduction to building a home lab in a small space - hardware choices, rack constraints, noise, and heat challenges." draft: false slug: "my-home-lab" tags: ["tech", "sys admin","home ops"] diff --git a/content/posts/plex-incident-debugging-infrastructure/index.md b/content/posts/plex-incident-debugging-infrastructure/index.md index accc12c..6334aae 100644 --- a/content/posts/plex-incident-debugging-infrastructure/index.md +++ b/content/posts/plex-incident-debugging-infrastructure/index.md @@ -8,7 +8,7 @@ categories: ["tech", "cyber security"] title: "Debugging Suspicious Plex Connections: A Deep Dive Into My Self-Hosted Infrastructure" --- -Last week, Plex announced a security [incident](https://forums.plex.tv/t/important-notice-of-security-incident/930523) where their user database was compromised, forcing everyone to log out — including server connections. As someone who self-hosts a Plex instance that’s publicly reachable (no VPN in front), this grabbed my attention. Beyond the Reddit threads and confusion, it was a good opportunity to audit my infrastructure. In this post, I’ll walk through how I autdit my Plex server and chased down some weird connections to my Plex server using Grafana, Tautulli, and Cloudflare Tunnel. +Last week, Plex announced a security [incident](https://forums.plex.tv/t/important-notice-of-security-incident/930523) where their user database was compromised, forcing everyone to log out - including server connections. As someone who self-hosts a Plex instance that’s publicly reachable (no VPN in front), this grabbed my attention. Beyond the Reddit threads and confusion, it was a good opportunity to audit my infrastructure. In this post, I’ll walk through how I autdit my Plex server and chased down some weird connections to my Plex server using Grafana, Tautulli, and Cloudflare Tunnel. ## The Wake-Up Call @@ -16,7 +16,7 @@ The Plex incident was a reminder that even well‑secured services can get hit. ## The Investigation Begins -My first instinct was to check my monitoring stack to see if there had been any unusual activity on my Plex server. This is exactly why having proper observability in a homelab matters — during incidents, you need answers quickly. Without logs and monitoring, you’re flying blind. Before we continue here is a quick overview of my setup: +My first instinct was to check my monitoring stack to see if there had been any unusual activity on my Plex server. This is exactly why having proper observability in a homelab matters - during incidents, you need answers quickly. Without logs and monitoring, you’re flying blind. Before we continue here is a quick overview of my setup: ### Core Components @@ -34,17 +34,17 @@ My first instinct was to check my monitoring stack to see if there had been any ### Step 1: Grafana logs -I started with my Grafana dashboard, which aggregates logs from all services running on Kubernetes — including Plex. Almost immediately, something looked off: connections were happening regularly between ~3–9 AM. That’s a unlike play time for my friends or family to use my Plex instance. +I started with my Grafana dashboard, which aggregates logs from all services running on Kubernetes - including Plex. Almost immediately, something looked off: connections were happening regularly between ~3–9 AM. That’s a unlike play time for my friends or family to use my Plex instance. > Worth noting: there’s a known Cloudflare Tunnel issue where some connections aren’t closed properly (see: ), but the pattern here was too consistent to ignore. -The timing was the first red flag. The connections also had a repeatable signature — it almost looked like someone was probing the instance. +The timing was the first red flag. The connections also had a repeatable signature - it almost looked like someone was probing the instance. ![grafana logs](https://img.axell.dev/plex%3Agrafana.webp "Grafana logs showing suspicious connections") ### Step 2: Tautulli check -To verify my suspicions, I checked Tautulli — a great tool for Plex user activity, play stats, and connection details. Tautulli confirmed it: during those ~3–9 AM windows, there were no active users on my server. +To verify my suspicions, I checked Tautulli - a great tool for Plex user activity, play stats, and connection details. Tautulli confirmed it: during those ~3–9 AM windows, there were no active users on my server. That ruled out legitimate activity. The question became: what (or who) was making these connections? @@ -64,11 +64,11 @@ This is where it got interesting. Digging deeper into the Cloudflare admin panel After a longer-than-I’d-like investigation, I finally found the source: my friend’s Plex server. -Years ago, we connected our Plex servers for fun — probably to share libraries or test something — and then completely forgot about it. The connection kept humming along in the background. +Years ago, we connected our Plex servers for fun - probably to share libraries or test something - and then completely forgot about it. The connection kept humming along in the background. ![cloudflare2](https://img.axell.dev/plex%3Acloudlfare2.webp "The Suspicious IP address which was my friend's home ip in the end") -My friend’s server was periodically reaching out to mine, likely for status checks or library updates. Not malicious — just unexpected — and it explained the ~3–9 AM pattern (likely maintenance windows on his side). +My friend’s server was periodically reaching out to mine, likely for status checks or library updates. Not malicious - just unexpected - and it explained the ~3–9 AM pattern (likely maintenance windows on his side). ## Lessons Learned @@ -78,9 +78,9 @@ This incident taught me a few useful lessons about infrastructure and security: - Documentation Matters - Monitoring Pays Off -Good monitoring (Grafana stack + Tautulli) made this fast and boring — which is exactly what you want. Without it, I might never have noticed the pattern. +Good monitoring (Grafana stack + Tautulli) made this fast and boring - which is exactly what you want. Without it, I might never have noticed the pattern. -Even simple, harmless configs can age into problems. What started as a fun experiment turned into a forgotten connection that looked suspicious during a review. If we’d documented the server‑to‑server connection, this would have been a 2‑minute check. Write down changes — even the “temporary” ones. +Even simple, harmless configs can age into problems. What started as a fun experiment turned into a forgotten connection that looked suspicious during a review. If we’d documented the server‑to‑server connection, this would have been a 2‑minute check. Write down changes - even the “temporary” ones. --- @@ -98,7 +98,7 @@ If you run Plex (or anything similar) at home, here’s what’s worked well for ## Conclusion -The Plex incident was a good reminder to audit my setup. The “suspicious” connections turned out to be harmless — a long‑forgotten server share — but the investigation proved the value of visibility. +The Plex incident was a good reminder to audit my setup. The “suspicious” connections turned out to be harmless - a long‑forgotten server share - but the investigation proved the value of visibility. Being able to trace connections end‑to‑end (Grafana logs → Cloudflare analytics) made it easy to gain confidence in the setup. If you self‑host, invest a little in observability and you’ll sleep better. diff --git a/content/posts/why-i-migrated-from-ghost-to-hugo-and-cloudflare/index.md b/content/posts/why-i-migrated-from-ghost-to-hugo-and-cloudflare/index.md index 1a0fbb8..848c554 100644 --- a/content/posts/why-i-migrated-from-ghost-to-hugo-and-cloudflare/index.md +++ b/content/posts/why-i-migrated-from-ghost-to-hugo-and-cloudflare/index.md @@ -3,7 +3,7 @@ title: Why I Migrated my blog from Ghost to Hugo platform (and Cloudflare) date: 2023-12-23 draft: false slug: why-i-migrated-from-ghost-to-hugo-and-cloudflare -description: "Why I migrated from Ghost to Hugo and Cloudflare Pages — cost, performance, maintenance, and GitOps deployment." +description: "Why I migrated from Ghost to Hugo and Cloudflare Pages - cost, performance, maintenance, and GitOps deployment." tags: [Ghost, Hugo, Cloudflare] categories: ["tech", "devops"] From 87c2c367f3e711146f19bbdb63033aa65ef2a88d Mon Sep 17 00:00:00 2001 From: Ales Lerch <13370338+axeII@users.noreply.github.com> Date: Sun, 3 May 2026 18:02:50 +0200 Subject: [PATCH 2/2] fix: background image for smaller resolutions --- content/about/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/about/index.md b/content/about/index.md index eeb8404..4be95c3 100644 --- a/content/about/index.md +++ b/content/about/index.md @@ -42,4 +42,4 @@ In my free time I maintain **[HomeOps](https://github.com/axeII/home-ops)** - a I write about DevOps, infrastructure, macOS, home labs, and security. Posts tend to be practical - things I actually ran into and had to figure out. The blog itself is [open source](https://github.com/axeII/axell.dev). -Btw if you are on Firefox you will see the background image made by **Damir Babacic** from [here](https://unsplash.com/@onemorephoto). I highly recommend to check out his work, it's amazing. Why the photo is only visible on Firefox? It's because of Firefox's SMIL engine simply can't handle smooth bubbles animations 😢 (it's a known long-standing performance gap). +Btw the background image is made by **Damir Babacic** from [here](https://unsplash.com/@onemorephoto). I highly recommend to check out his work, it's amazing. Some users might see bubles animated SVG instead - I like that one more but it has performance issues on some platforms (especially Firefox and iOS).