Archive

  • Securing private docs with CloudFront & Lambda@Edge

    In a previous article, we looked at a method of restricting access to a CloudFront distribution with the use of a CloudFront private key that could sign cookies granting access to private files or even a static website. With AWS Lambda@Edge, we can remove a few of the steps in that article and replace them with a Lambda function that...

    Read more
  • Badges for AWS CodeBuild & CodePipeline with CloudWatch and Lambda

    Most build systems have a built-in method of producing status badges or a plugin that will create them. With CodeBuild, we can use CloudWatch Events and a Lambda function to generate a badge when our build succeeds or fails, upload it to S3 and then display it in our README. To get started, the following JSON is a shortened example...

    Read more
  • Mutual auth with GRPC & Node: start to finish

    Setting up mutual authentication can be a little daunting, especially when the docs for a library you’re using don’t always have a good example. Top it off with having to make your own certificates, and the whole process can be a real PITA! To make it easier, we’re going to be using a tool from the great people at Square,...

    Read more
  • Providing password-based access to a private S3 bucket with Lambda and CloudFront

    Amazon’s Simple Storage Service doesn’t natively support password-protected access, however we can use a CloudFront distribution and private ACL to control access to the bucket and then use Lambda to issue signed cookies after validating a password. via GIPHY How it works A user visits the CloudFront distribution. This could either be directly to the abcde.cloudfront.net hostname or a CNAME....

    Read more
  • Want faster Ansible runs? Try enabling pipelining!

    I’ve always wondered if there’s a way to speed up Ansible executions as creating a new SSH connection for each command seemed excessive. However, I’d never looked for a solution until today when I discovered a very neat feature that shares SSH connections called pipelining. Enabling it as simple as adding the following to an ansible.cfg file located somewhere it...

    Read more
  • Finding a connection leak, the easy way

    Finding a connection or memory leak can be difficult at the best of times and near-impossible without good visibility of what your application is doing. To make things worse, it’s easy to end up in production with something leaking that you may not have existing monitoring or metrics for. Adding this to the code might not be an option and...

    Read more
  • Note to self: if you want PostgreSQL to accept your non-lowercase database name, enclosure its name with quotes

    The following creates the database frustratingerror: CREATE DATABASE FrustratingError; The following creates the database FrustratingError: CREATE DATABASE "FrustratingError";

    Read more
  • Configuring ConfigServer Firewall (CSF) for Docker (Debian 8)

    By default, the Docker daemon will automatically configure iptables rules that allow communication with containers and, additionally, the outside world through the use of exposed ports. If you’re like me and using ConfigServer Firewall, this may not be desirable as these rules will bypass the firewall configuration and let anyone access the exposed container ports. To get around this, it’s...

    Read more
  • Installing RancherOS on OpenNebula

    At the time of writing, Rancher does not publish VM images that are not aimed at a particular cloud provider and I therefore set about installing RancherOS with just the provided ISO. Step 1: Download and import images To begin, download the RancherOS ISO and then upload it into OpenNebula’s image system. sudo -u oneadmin -i cd /tmp wget https://releases.rancher.com/os/latest/rancheros.iso...

    Read more
  • Adding a grub menu option to reboot to the BIOS / UEFI settings on CentOS

    I recently played around with a few Linux distros and ended up keeping CentOS as my daily driver. One thing I missed, however, was having the “System settings” option on the grub menu that would reboot the computer into the BIOS / UEFI options (present in Ubuntu & Debian). To add this option on CentOS, create the following file and...

    Read more
  • Compiling a custom FreeBSD kernel to enable VNET support for jails

    One issue I had while replacing FreeNAS with FreeBSD was that, by defualt, vnet support isn’t enabled in the kernel. To resolve this, I compiled a custom kernel as follows: Step 1 - download the kernel sources Change the FreeBSD version, as appropriate. pkg install subversion svn checkout http://svn.freebsd.org/base/release/10.2.0/ /usr/src Step 2 - create a custom config cd /usr/src/sys/amd64/conf #...

    Read more
  • Setting up the discovery of a network share / server with Avahi

    I recently replaced FreeNAS with FreeBSD after installing even basic tools in the main OS (without first using a jail) became tedious and I wanted to explore how each of the components (e.g sharing & plugins) were implemented. Below is a service description file that Avahi will use to broadcast the server’s share capabilities. It allows an easy one-click to...

    Read more
  • Installing f.lux on CentOS

    When working late at night, I enjoy using the excellent f.lux app. Unfortunately, setting it up on CentOS wasn’t as easy as I’d hoped. Below are the steps I took to get it working. Step 1 - install dependencies sudo pip install pexpect sudo yum install gnome-python2-gconf pyxdg python-appindicator Step 2 - install f.lux git clone https://github.com/Kilian/f.lux-indicator-applet.git cd f.lux-indicator-applet sudo...

    Read more

Subscribe via RSS.