Run Ghost in Docker behind Nginx

To me installing and upgrading Ghost is way too hard. Using Docker it’s a little more manageable. Launching a Docker container with Ghost is easy - first you have to install Docker (I’m using Ubuntu).

Nginx cheatsheet

I good while back I wrote some stuff about Nginx on an internal wiki. At that time the company was converting from using Apache to Nginx and not everyone was up to speed. I dubbed the wiki entry the Nginx Cheatsheet. I recently unearthed this fine piece of writing and I’m re-posting it here so more people might benefit from the effort.

Using Acme.sh to issue Let's Encrypt certificates

Some time ago I wrote about how to use Let’s Encrypt certificates to get an A+ on the SSL Labs test. Back then the only way to obtain and manage certificates was CertBot. I always thought that solution made it a hassle to manage multiple certificates. My friend Jorijn brought acme.sh to my attention, a new way to issue and manage Let’s Encrypt certificates. It was time for me to revisit the topic.

Mobile

Some people know that I don’t really care what platform I’m on, as long as I have access to some sort of shell and a decent package manager. Because of that it’s constantly in the back of my mind that I should be able to move platforms at any given time. I don’t like lock-in, but sometimes there is no other option. One example of lock-in that I experience is my use of 1password, which lacks a native Linux client. If I were to switch to Linux tomorrow I would have to run 1password in Wine, or use it on the web, neither of which are ideal.

Installing the AWS Cloudwatch Logs Agent on Ubuntu 16.04

Not only can AWS Cloudwatch alert you of problems with your resources, it can also store your log files and make them accesible in the AWS web interface. To make AWS Cloudwatch Logs work you’ll need to install a small agent on your EC2 instances. Currently AWS has support for CentOS, RHEL, Amazon Linux and Ubuntu 12.04 and 14.04, among some other distributions.

The newest LTS version of Ubuntu, 16.04, isn’t on the list of supported versions yet. As Ubuntu switched to Systemd for their default init system you’ll run into some trouble getting the Cloudwatch Logs Agent service started.

Export and import AWS Cloudsearch data

AWS CloudSearch is a highly scalable and reliable solution to implement search in your application or website. You can feed your search data into the service and never have to worry about performance or in any way scaling it to fit your needs. AWS CloudSearch supports about 34 languages and features such as highlighting, autocomplete and geospatial search.

An A+ SSL setup using Nginx and Letsencrypt

Back in 2014 I wrote about getting an A+ on SSL Labs using StartSSL. Much has changed since then, for starters we can now use the awesome Letsencrypt to get our certificates.

Letsencrypt is completely free, just like StartSSL, but it will only give out certificates that are valid for 90 days. Luckily you can renew your certificate just as easily as creating one.

Generate CloudFormation templates using Python

Troposphere is a Python library which makes it easier to write and maintain CloudFormation templates. From the README:

The troposphere library allows for easier creation of the AWS CloudFormation JSON by writing Python code to describe the AWS resources. Troposphere also includes some basic support for OpenStack resources via heat.

To facilitate catching CloudFormation or JSON errors early the library has property and type checking built into the classes.

How to solve Apt-get waiting for headers

Sometimes you play around with some third-party repositories on your Debian-based Linux box, only to find out apt-get hangs while waiting for headers. Really annoying.

Resize the root volume of an Azure VM

Every Azure virtual machine comes with a certain amount of storage for it’s root volume, plus a few hundred GigaBytes of instance storage which will get deleted if you reboot the VM. For storing data you can either create a new disk and attach it to your VM, or you can resize the root volume with a little trick I learned.

Grant an IAM user access to a specific S3 bucket and folder

In Amazon Web Services there’s a product called IAM (Identity and Access Management) which allows you to create users and groups and attach policies to both. In this how to we look at an IAM policy which allows a specific user to only have access to a specific S3 bucket and folder.

Ghost on Debian with Nginx as a reverse proxy

I finally came around to trying out Ghost and I’m loving it. So much that I switched my old Jekyll website over to Ghost. I used a small Ruby script to convert my Markdown files to a JSON file that Ghost can use to import my posts. Here’s a quick tutorial how to install NodeJS and Ghost and use Nginx as a reverse proxy.

Require MFA for AWS API and Console access

Sometimes you want to require your users to enable MFA (multi-factor authentication) before being able to do anything with the Amazon Web Services (AWS) account you gave them access to. There’s a small conditional you have to add to your IAM policy in order to do so. But you’ll also want to enable all users to add, delete and resync their MFA devices.

Using Docker to run WordPress behind an Nginx reverse proxy

Docker really seems to be taking off as a viable solution for development workflows. If you’re working with WordPress there’s already a lot of good tools besides Docker to bootstrap a new WordPress website. But here’s how to do it with Docker.

Getting A+ on SSLLabs with Nginx and StartSSL

Qualys offers an SSL Test where you can check your SSL setup. They make recommendations on what to tweak to get the highest score possible. I want to share how I achieved A+ using Nginx and StartSSL.

Quickly switch between AWS accounts using aws-cli

The AWS CLI tools are really great for quick tasks on your AWS infrastructure, like looking which instances are currently running. You can also using aws-cli for automation of course. One thing I found annoying while working with multiple accounts was having to add –profile to my command each time I wanted to do something with aws-cli.

Impressions of the LG G3 and the Quick Circle case

Some quick things I want to share about the LG G3 and the Quick Circle case.

Having used my Nexus 4 for about 18 months the LG G3 feels HUGE at first. The thin bezels are amazing and it's really the eye catcher of this phone. I've now been using the LG G3 for about a month and I can honestly say, this is the best phone I've ever had.

Fix a CPU consuming logrotate process

This week I noticed something strange about the disk IO of a server running Postfix. As soon as I logged in to the server I saw logrotate consuming 99% CPU and about 50% memory. Here’s how I diagnosed and fixed the problem.

Orchastrator: Arithmetic operation resulted in an overflow

If you, by chance, want to use Microsoft System Center Orchastrator 2012 to create user accounts in your Active Directory, you might run into a problem with the Get User activity. There’s a weird bug persisting in Orchestrator caused by the Maximum Password Age in your Group Policy Object (GPO). If this value is set to 0, the Runbook will fail stating the “Arithmetic operation resulted in an overflow”.

Serve 503 maintenance pages with Lighttpd

Every website needs some maintenance every now and then. Maybe you’re pushing some major updates or your database server needs an upgrade. In any case, it’s nice to have a maintenance page to let your visitors know service will be restored soon. This maintenance page could be a simple HTML file but by default there isn’t really a way to push a 503 status code. I created a small LUA wrapper script to fix this issue.

How to reset iCloud bookmark sync

Some people get into a huge bookmark mess when they want to merge and sync their bookmarks via iCloud. This is how I finally fixed my issue.

How to move a WordPress website to a new domain

If you want to move your entire WordPress website to a new domain there’s just three SQL queries to run. First we can change the base URL of the website.

Monitor Amazon Web Services RDS instances with Nagios

RDS or Relational Database Service allows you to run on-demand servers with full access to MySQL and Oracle databases. When you’re using Nagios it’s nice to have an alert for when your RDS instance becomes unresponsive. Nagios Exchange provides a small Perl script that can do exactly that.

A faster WordPress with Lighttpd

For the sake of this tutorial and my own comfort I’m going to assume you’re using some sort of Debian based Linux distribution. But of course this will work on anything that runs Lighttpd.