HowTo 
From nginx to traefik (and solving X-Forwarded-For)
I recently switched my home setup from nginx to traefik. I had to get used to the new configuration styles and weird doc style of traefik, but suffice to say, I am happy at the end results.
Traefik ships with SNI, allowing me to snoop the connection and prevent unauthorized access to my file server. (One m…
WordPress Containerization Boilerplate
As a step further to my previous post, I have created a boilerplate for future WordPress projects. It can be accessed at https://github.com/andrewwippler/WordPress-Containerization-Boilerplate.
To quickly start a WordPress environment, simp…
Docker-izing WordPress for Kubernetes
WordPress is amazingly popular considering how antiquated the file structure and code appears to be. Even still, it is the easiest CMS that I have used and the community has created plugins to make the copy-folder-for-a-new-theme/plugin at least tolerable. A challenge comes when one wants to use the 1990's method of serving web applications in a mo…
Kubernetes: Heapster to Metrics Server
I recently updated my kubernetes cluster from 1.10.2 to 1.11.0. I noticed heapster was being deprecated and completely removed by version 1.13.0. I thought this would be the perfect time to try out metrics-server. I had to download the git repo to apply the kubernetes yaml to my cluster. Since this is sometime…
Jenkins-x on home kubernetes cluster
Jenkins-x appears to be the next big thing in CI/CD workflows - especially if you develop applications on kubernetes. There were a few tweaks I needed to do to set it up:
I had to manually create Persistent Volumes (no big deal, below are what I have for my NFS share)
Read more →Allowing outside access to Home Kubernetes Cluster
Read more →After I created a home kubernetes cluster, I immediately wanted to allow external access to pods/services/ingresses hosted inside the cluster. One must be aware that in bare metal environments, there is no receiver of an api call to create a load balancer. Since there is not a scriptable environment available to kubernetes, kubernetes cannot reques…
Adding a user to k8s RBAC
In order to add a user to a kubernetes cluster, we will need several things: kubectl, CA.crt and CA.key (found in your head node's
/etc/kubernetes/pkifolder), and openssl.First, create a private key for the new user. In this example, we will name the file employee.key:
Read more →Reusable containers with confd
Read more →I recently had the need to populate a file in a docker container based upon whether or not the container is in production or development. I eventually came across confd which let me populate data in files based upon particular environment variables. While confd excels with dist…
Autosign Puppet certificates on AWS
Let's face it, Puppet's method of certificates is a pain and huge administration overkill if done manually. Thankfully, puppet has designed several methods of auto-signing certificates. One of which is via crafting a special certificate signing request and verifying the certificate signing request is genuine.
On th… Read more →
Captive Portal Overview
I originally authored this on Aug 16, 2016 at http://unix.stackexchange.com. Considering my tutorial did not include an overview, I thought I would re-post it on my blog.
To make a captive portal appear, you need to stop all internet traffic and provide a
302 … Read more →Debugging PHP web applications
Read more →In 2017, this topic seems a little dated and will probably not get me an opportunity to speak at a conference. While all of the elite programmers, cool kids, and CS grads are talking languages such as Go and Erlang - how to do tracing, performance testing, and the like - it seems very juvenile for me to write about PHP.
PHP is a language mad…
Using Puppet to host a private RPM repository
Read more →A repository is a place where files are stored, indexed, and available through a package manager to anyone who has the repository information. With
rpmbased systems, a repository is created with a tool calledcreaterepo. Most of the time, publicly available repositories already offer the packages your server needs. When y…Deploying Puppet Open Source
Read more →Update: (5/28/17) yes, there is the puppet/r10k which supercedes the zack/r10k. While you are free to deviate from the article in your own environment, the below steps still work as intended. I will have to update this article as well as explain why having r10k and dynamic environments is a good idea.
In this guide we will g…
Provisioning VMs with cloud init
One of the easiest ways to deploy a virtual machine in oVirt is first to install the OS then turn it into a template. This will allow you to copy that template to deploy new instances. One mundane task after a new template is copied to a new instance is logging in, changing the IP, setting the hostname, setting up Puppet, running puppet, etc.
Read more →Securing PWM
Read more →In last week's post we set up PWM insecurely. In this post, we are going to secure it down and install mysql to store the reset questions. This guide assumes you have this CentOS 7 server publicly accessible with ports 80 and 443 available t…
Password management portal for end users
Read more →We in IT have heard it often, the #1 request coming into help desk ticket systems is password resets, account lockouts, and the like. PWM is a password reset web application written in Java for use with LDAP directories. You can configure it to work with Active Directory, OpenLDAP, FreeIPA, and others. There are already a handful of good tutorials …
OpenWRT Captive Portal
Read more →In a previous post, I explained how to set up a captive portal on a Raspberry Pi which was running Raspbian (Debian). If you read that article, you can skip the next paragraph.
A captive portal is a piece of software that prompts for user interaction befo…
Access Samba shares from Chromebook
Chromebooks are cloud focused. Many Chromebooks come with very limited storage in hopes you would be storing everything in the cloud. While this is a great habit to practice, in all reality, how likely are you to store 2tb of data in the cloud? Not many cloud providers even offer plans for that much storage.
Today marks a milestone - Read more →
Wayfinding with RPi
Read more →A few years ago I was tasked at looking at solutions for digital, static wayfinding. While there are some cool solutions available now for free with minimum setup, none of these were available to me. We currently were locked in with a digital signage company that charged $7,000/year for generating 640x480 graphics with events that showed up in our …
Linux, nginx, MySQL 5.7, and PHP 7 (LEMP) on AWS with free SSL
Read more →A stack is a group of software that creates a foundation to build upon. The LEMP stack is a web software stack which allows for delivering web applications. It is one of the most common of the web stacks to deliver a PHP application. LEMP uses a Linux kernel, Nginx for the webserver, MySQL or MariaDB for the database, and PHP for the scripting lang…
Secure MySQL 5.7 installation
With the release of MySQL 5.7, I was pleasantly surprised to see the install generated a random, secure password. This prevented me from going through the normal step of running
mysql_secure_installationafter starting and enabling services. To find the generated password, issue one of the commands below:Read more →
Blame as a service (BlaaS)
Read more →Today I am pleased to announce a new offering - Blame as a Service (BlaaS).
With the ever increase of SaaS offerings and cloud providers with high resiliency and low downtime, there will be the inevitable glitch or hiccup whenever a CEO views your team's area of responsibility. With the recent passing of Murphy's Law in IEEE this has become …
Atom editor on Fedora
Read more →The atom editor has quickly become my favorite IDE for working with web projects. I still use Vi/Vim for CLI stuff, but atom is the icon I click when I want a GUI program.
It was becoming a little mundane to go to the atom website and download the new version to install. This is why package managers exist - so users don't have to visit your …
WiFi Captive Portal
Read more →A captive portal is a piece of software that prompts for user interaction before allowing the client to access the internet or other resources on the network. It is a combination of a firewall and a webserver. In this tutorial, I will explain how to create an open WiFi network. Before deploying an open WiFi network, you may want to consult a lawyer…