Postifx TLS certificate validation from clients on local subnet behind the firewall

I have a working postfix server behind firewall configured with graylisting, DKIM, SFP, amavis and clamav and properly configured MX, “A” record and reverse DNS entry. I can send and receive mails to other domains on the internet. The postfix is using certificates from LetsEncrypt for the domain. The mail server is located on a…

Criteria for Determining How Many AWS VPCs to Use for Apps? Inter-VPC vs. Intra-VPC Traffic

I can’t seem to find any specific guidance on what constitutes good practice with regards to the use of one VPC vs. many for application hosting. This link touches on the subject, but is quite old and doesn’t really provide an answer. I’m currently working on a migration of a traditionally hosted environment that consists…

Should an admin enforce HTTPS inside kubernetes network, or just for outside traffic (via ingress)?

In a microservices scenario, each web-api container should serve itself through HTTPS or is it ok to internally work through HTTP and have all ingresses configured with certificates and redirecting to port 80 of the containers? I think the easiest approach is to protect only the outside traffic, because to configure an Asp.Net Core WebAPI…

nginx hangs some POST requests for a while

I have the following stack running on Ubuntu 18.08 and defined as docker-compose: instance of mariadb:10.3.20 custom wordpress instance based on wordpress:5.3.0-php7.2 with installed ioncube on it custom nginx instance based on nginx:1.13 with installed nginx-amplify-agent on it nginx’s config: user nginx; worker_processes auto; error_log /var/log/nginx/error.log warn; pid /var/run/nginx.pid; events { worker_connections 10000; } http…

Is it pratical or logicall to have a model in which the transport layer is unreliable but the network layer is reliable?

Assuming the transport layer gives unreliable services to the application layer and the network layer gives reliable services to the transport layer. I think this model will fail. An example is the buffers at the transport layer. Assume there is a buffer overflow and packets are dropped. No one will retransmit these lost packets. If…