A few days ago I wanted to play with HAProxy SSL offloading. It was a good experience and alternative to Nginx SSL offloading (I already talked about in this blog). But this is not the topic here… When I was trying to make the offload working on the blog, I modified WordPress options which switched my blog into an infinite loop mode. As it was late and I was tired (bad idea), I just wanted to rollback my changes and needed to recover a SQL backup to do it fast.
Continue reading

News in bulk

As I do not really have a good blog post for today, here are some things I wanted to talk in a summary. Some good projects have been updated like: WordPress 4: no big updates at the first view but it’s nice to see how this project works and grow (videos, WYSIWYG,…) HAProxy 1.5: Offlloading SSL embedded, Full HTTP Keepalive, ACL enhancement… BIG update! MySecureShell 2.0: Using GnuTLS instead of OpenSSL, available in Debian upstream repositories, new doc… Nginx 1.
Continue reading

I’ll talk about things that may frustrate you with Sphinxdoc and ReadTheDocs. ReadTheDocs has a beautiful theme and you certainly want to use it with Sphinxdoc. However the size of the main text may be too small for you. Or you noticed that when you try to generate a version locally you’ll see it works like a charm but when it’s compiled on Readthedocs, it will fail. Here is a solution on how to make it work both locally and on Readthedocs:
Continue reading

I recently heard of HSTS which is a way to force users to come back to your website in SSL if they’ve already be to HTTPS once. It is simple, just add this line:

HSTS (force users to come in SSL if they've already been once) add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; If you want to have an overview of a complete configuration with it, look at the my wiki.


Continue reading

I recently worked on a client issues because of massive SQL injections. As it wasn’t easily for the client to fix on the application side and the request was urgent, I dig into writing fail2ban custom rules and it works quite well. I decided to adapt those rules to block bruteforce login attack for WordPress. The problem is WordPress is not returning 403 error code when a user fail to logon but return a 200 instead :-/.
Continue reading

For several years, I was wondering how to make Mediawiki search case insensitive. I didn’t really had time to look at it until I was really fed up. That’s why after a few seconds of search, I’ve found an extension for Mediawiki which is working perfectly called TitleKey. The TitleKey extension provides a case-insensitive title prefix search. It uses a separate table for the keys, so if it works cleanly it can be deployed without an expensive rebuild of core tables, and dumped when Wikimedia gets a nicer backend through Extension:LuceneSearch (pre 1.
Continue reading

Author's picture

Pierre Mavro / Deimosfr


SRE Lead DevOps at Criteo  •  Nousmotards Co-Founder

Paris - France