Let’s Encrypt, ACME and SLES – with some Azure and CloudFlare in the mix.

A work in progress. Some notes.

  • Certbot does not run on SLES 12 (GA, SPx)
  • Dehydrated script works well
  • Documentation is patchy

So far:

Dehydrated, install RPM from http://ftp.gwdg.de/pub/opensuse/distribution/leap/42.3/repo/oss/suse/noarch/dehydrated-0.4.0-1.1.noarch.rpm

To document:

  • How, what, when
  • Setting up cron for renewal
  • Email for renewals
  • Logging

Resources:

Dehydrated: a bash client for Let’s Encrypt

 

SLES 12 Service Pack upgrades on Azure

I’ve been bitten multiple times with the SLES service pack upgrade routine – with Red Carpet Enterprise (ouch – that’s a long time ago) and all of the various permutations of update tooling since.

Happy to say that SLES 12 SP1 to SLES 12 SP3 was zero fuss, fast and efficient. Less than five minutes per server on Azure and around 30 seconds of planned outage.

Good job SUSE team!

WordPress pingback ddos

Woke up to a whole pile of uptime alarms flagging that various websites were not “up” and responding. Azure, Jetpack, Cloudflare – something was clearly wrong.

As you can see from the Apache access logs – hundreds of thousands of hits per minute from the same IP address range – 185.188.204.x

Easy fix to create a deny rule in Azure to block this. I don’t think CloudFlare was touching it.

Tumble Dryer

Sometimes life is not about technology.

Tumble dryer stopped heating – so take it apart, realise thermal fuse is blown. Clean all of the dust and lint out – reassemble – it works for a few minutes.

Repeat and rinse. This time replace thermal fuse, thermostat and heating element. Same again.

Third time run the vent pipe cleaner up the pipe – and there’s a birds nest in the vent pipe. Desiccated dead bird and all.

Moral of the story – tumble dryer problems – always clean and clean the vent just to be extra sure.

20170321_20464720170321_20510920170323_19572020170323_234748

Azure and Project Nami

Some notes for later.

App Service Editor is incredible.

Uploading webfonts (woff/woff2) requires that wp-config.php has

define(‘ALLOW_UNFILTERED_UPLOADS’, true);
set for the short time.

Serving woff/woff2 fonts requires that MIME types are put in place.

Add this to web.config under system.webserver. https://blogs.iis.net/richma/adding-mime-types-to-your-windows-azure-web-site

<staticContent>
<mimeMap fileExtension=”.woff” mimeType=”application/x-font-woff” />
<mimeMap fileExtension=”.woff2″ mimeType=”application/x-font-woff2″ />
</staticContent>

Monthly updates

Need to go research the phpmailer issues more.

The following NEW package is going to be installed:
  libncurses6

The following packages are going to be upgraded:
  aaa_base dbus-1 dbus-1-32bit gd hwinfo ImageMagick kernel-default
  kernel-default-base libcares2 libesmtp libMagickCore1 libMagickWand1 mailx
  ntp release-notes-sles sg3_utils sudo tar timezone vim vim-base vim-data w3m
  xorg-x11-libs xorg-x11-libs-32bit xorg-x11-libX11 xorg-x11-libX11-32bit
  xorg-x11-libXfixes xorg-x11-libXfixes-32bit xorg-x11-libXrender
  xorg-x11-libXrender-32bit xorg-x11-libXv xorg-x11-libXv-32bit zlib zlib-32bit

Monthly updates

Looks like a pretty large update this month:

The following packages are going to be upgraded:
  apache2-mod_php53 bind-libs bind-utils crash crash-eppic curl gd gtk2
  gtk2-32bit gtk2-lang kernel-default kernel-default-base ksh libcurl4
  libjasper libnetpbm10 libtiff3 libtiff3-32bit libxml2 libxml2-32bit
  libxml2-python mysql mysql-client netpbm parted php53 php53-ctype php53-curl
  php53-dom php53-gd php53-iconv php53-json php53-mysql php53-pdo php53-sqlite
  php53-tokenizer php53-xmlreader php53-xmlwriter php53-zlib python-setuptools
  timezone wget yast2-core