A few days ago I wanted to play with HAProxy SSL offloading. It was a good experience and alternative to Nginx SSL offloading (I already talked about in this blog). But this is not the topic here…
When I was trying to make the offload working on the blog, I modified WordPress options which switched my blog into an infinite loop mode. As it was late and I was tired (bad idea), I just wanted to rollback my changes and needed to recover a SQL backup to do it fast.
As I do not really have a good blog post for today, here are some things I wanted to talk in a summary. Some good projects have been updated like:
WordPress 4: no big updates at the first view but it’s nice to see how this project works and grow (videos, WYSIWYG,…) HAProxy 1.5: Offlloading SSL embedded, Full HTTP Keepalive, ACL enhancement… BIG update! MySecureShell 2.0: Using GnuTLS instead of OpenSSL, available in Debian upstream repositories, new doc… Nginx 1.
I’ll talk about things that may frustrate you with Sphinxdoc and ReadTheDocs. ReadTheDocs has a beautiful theme and you certainly want to use it with Sphinxdoc. However the size of the main text may be too small for you. Or you noticed that when you try to generate a version locally you’ll see it works like a charm but when it’s compiled on Readthedocs, it will fail.
Here is a solution on how to make it work both locally and on Readthedocs:
I recently talked about Sphinxdoc and we wanted (still for MySecureShell project) a solution to host our documentation. ReadTheDocs is a very good, free and pretty solution made for Sphinxdoc :-)
What we liked in addition of the hosting, is the usage with GitHub. You can configure a webhook to your GitHub account to automatically ask ReadTheDocs to build a newer version each time a commit is pushed on your GitHub account.
I recently heard of HSTS which is a way to force users to come back to your website in SSL if they’ve already be to HTTPS once. It is simple, just add this line:
# HSTS (force users to come in SSL if they've already been once) add_header Strict-Transport-Security "max-age=31536000; includeSubdomains"; If you want to have an overview of a complete configuration with it, look at the my wiki.
I recently worked on a client issues because of massive SQL injections. As it wasn’t easily for the client to fix on the application side and the request was urgent, I dig into writing fail2ban custom rules and it works quite well.
I decided to adapt those rules to block bruteforce login attack for WordPress. The problem is WordPress is not returning 403 error code when a user fail to logon but return a 200 instead :-/.
For several years, I was wondering how to make Mediawiki search case insensitive. I didn’t really had time to look at it until I was really fed up. That’s why after a few seconds of search, I’ve found an extension for Mediawiki which is working perfectly called TitleKey.
The TitleKey extension provides a case-insensitive title prefix search. It uses a separate table for the keys, so if it works cleanly it can be deployed without an expensive rebuild of core tables, and dumped when Wikimedia gets a nicer backend through Extension:LuceneSearch (pre 1.