AWS CloudWatch Logs storage charge == S3 storage charge. Possibly less, since the logs are gziped level 6 first. CW Logs makes more sense than using AWS Elasticsearch at small scale – prices start at 1.8c an hour + EBS charges vs 50c/GB of log ingestion + storage For pure log storage & bulk retrival, […]
Posted by Sysadmin on April 11, 2016in
I had a working OpenVPN configuration. But it wasn’t the best it could be. The manpage for OpenVPN 2.3 (community.openvpn.net/openvpn/wiki/Openvpn23ManPage) was used to find particularly interesting options. For most of the changes I had to find examples and more information through Googling, though blog.g3rt.nl/openvpn-security-tips.html is of particular note for popping up very often. Improving TLS […]
Posted by Linux on April 3, 2016in
TL;DR: This post documents the process I took to get S3 to return redirect requests over HTTP + HTTPS to a given domain. I’m trying to trim down the number of domains and subdomains that I host on my server, since I’m trying a new policy of moving servers every few months in an attempt […]
Posted by Sysadmin on March 7, 2016in
I recently discovered the slurp module within Ansible when I was attempting to find new modules in Ansible 2.0. It is particularly interesting for me since I’ve been doing a bunch of stuff involving the contents of files on remote nodes for my OpenVPN playbook. So I decided to try using it in one of my […]
Posted by Sysadmin on March 2, 2016in
I’m moving my jenkins instance to a new server, which means meaning up & restoring it. Backup The nice thing about it is that it’s almost entirely self-contained in /var/lib/jenkins, which means I really only have 1 directory to backup. I’m using duply to back the folder up – but it’s 1.9GB in size. So to […]
Posted by Sysadmin on February 21, 2016in
The motivation for this came from trying implement running a command that depended on whether or not a previous command succeeded. In this case, I was trying to make the creation of duply profiles idempotent. Duply will exit with an error if you attempt to create a profile that already exists, and I didn’t want […]
Posted by Programming on January 13, 2016in
Before I found the –keep-until-expiring option in the Let’s Encrypt command line client, I was thinking I’d have to parse the cert, extract the expiry date, then check it against the current date before returning True or False. Thankfully I found the much easier option, but I decided to post the code I wrote to […]
TL;DR: Run dnf –releasever 23 distro-sync instead of dnf system-upgrade on OpenVZ systems I run Fedora on my servers almost exclusively. This means I usually fall behind in upgrading to the latest release, leading me to wonder why I don’t just go with the latest version of CentOS. Then I have lovely cases where CentOS gets horribly […]
TL;DR – Let’s Encrypt requires a newer version of OpenSSL than CentOS 5 has installed. Unless you want to pass around with compiling OpenSSL yourself, don’t try it.
Got my first domain using a cert from Let’s Encrypt in under ~10 minutes, including setting up Let’s Encrypt itself. Yes, this is rather game changing. Now to write ansible playbooks around it, and figure out how to get it working for proxied domains automatically.