Let’s Encrypt, ACME and SLES – with some Azure and CloudFlare in the mix.

A work in progress. Some notes.

  • Certbot does not run on SLES 12 (GA, SPx)
  • Dehydrated script works well
  • Documentation is patchy

So far:

Dehydrated, install RPM from http://ftp.gwdg.de/pub/opensuse/distribution/leap/42.3/repo/oss/suse/noarch/dehydrated-0.4.0-1.1.noarch.rpm

To document:

  • How, what, when
  • Setting up cron for renewal
  • Email for renewals
  • Logging

Resources:

Dehydrated: a bash client for Let’s Encrypt

 

SLES 12 Service Pack upgrades on Azure

I’ve been bitten multiple times with the SLES service pack upgrade routine – with Red Carpet Enterprise (ouch – that’s a long time ago) and all of the various permutations of update tooling since.

Happy to say that SLES 12 SP1 to SLES 12 SP3 was zero fuss, fast and efficient. Less than five minutes per server on Azure and around 30 seconds of planned outage.

Good job SUSE team!

WordPress pingback ddos

Woke up to a whole pile of uptime alarms flagging that various websites were not “up” and responding. Azure, Jetpack, Cloudflare – something was clearly wrong.

As you can see from the Apache access logs – hundreds of thousands of hits per minute from the same IP address range – 185.188.204.x

Easy fix to create a deny rule in Azure to block this. I don’t think CloudFlare was touching it.

Office 365 and postfix – revisited

Since I wrote this post (a long, long time ago) – Office 365 now adds support for creating a trusted connector between your Linux/postfix environment and Office 365.

Much, much easier than before.

https://support.office.com/en-us/article/How-to-set-up-a-multifunction-device-or-application-to-send-email-using-Office-365-69f58e99-c550-4274-ad18-c805d654b4c4

So as a reminder for me next time:

  • certificate
  • SASL for username/password
  • Postfix main.cf settings
  • Set up Office 365 connector and trusted IP end point

Tumble Dryer

Sometimes life is not about technology.

Tumble dryer stopped heating – so take it apart, realise thermal fuse is blown. Clean all of the dust and lint out – reassemble – it works for a few minutes.

Repeat and rinse. This time replace thermal fuse, thermostat and heating element. Same again.

Third time run the vent pipe cleaner up the pipe – and there’s a birds nest in the vent pipe. Desiccated dead bird and all.

Moral of the story – tumble dryer problems – always clean and clean the vent just to be extra sure.

20170321_20464720170321_20510920170323_19572020170323_234748

Azure and Project Nami

Some notes for later.

App Service Editor is incredible.

Uploading webfonts (woff/woff2) requires that wp-config.php has

define(‘ALLOW_UNFILTERED_UPLOADS’, true);
set for the short time.

Serving woff/woff2 fonts requires that MIME types are put in place.

Add this to web.config under system.webserver. https://blogs.iis.net/richma/adding-mime-types-to-your-windows-azure-web-site

<staticContent>
<mimeMap fileExtension=”.woff” mimeType=”application/x-font-woff” />
<mimeMap fileExtension=”.woff2″ mimeType=”application/x-font-woff2″ />
</staticContent>

Monthly updates

Need to go research the phpmailer issues more.

The following NEW package is going to be installed:
  libncurses6

The following packages are going to be upgraded:
  aaa_base dbus-1 dbus-1-32bit gd hwinfo ImageMagick kernel-default
  kernel-default-base libcares2 libesmtp libMagickCore1 libMagickWand1 mailx
  ntp release-notes-sles sg3_utils sudo tar timezone vim vim-base vim-data w3m
  xorg-x11-libs xorg-x11-libs-32bit xorg-x11-libX11 xorg-x11-libX11-32bit
  xorg-x11-libXfixes xorg-x11-libXfixes-32bit xorg-x11-libXrender
  xorg-x11-libXrender-32bit xorg-x11-libXv xorg-x11-libXv-32bit zlib zlib-32bit