So I was investigating how to setup a Kubernetes cluster that is both highly available and cheap. After some investigation I discovered that it is actually possible using the cheapest VMs you can find at Hetzner Cloud and their LB offering. * CX11 x 3 = 8.88 EUR * LB11 = 5.83…
Since we use k8s more and more at work and some of my small micro-services are using ConfigMaps I needed a simple way to reload the config on-the-fly without the need to restart the whole service. At the time of solving the problem there was nothing my Google-Fu skills could…
Now that ACME v2 is released and supports wildcard certificates I just had to update my configuration and thought I would share it here. I also took the opportunity to switch to a dns-01 based verification since its easier to maintain and there is no need expose a webserver/www-root…
Since the last couple of years I've been growing so used to Go that I use it more and more for almost everything. It's such a simple language (with batteries included) to use that I often find myself using it even for the most simple of…
Until Let’s Encrypt is up and running its possible to use Cloudflare that has this great free service called Universal SSL where they basically offer free wildcard certificates for all their customers. I am not affiliated with Cloudflare in any way but they do offer some nice stuff for…
In these times of privacy intrusion I thought it was about time to step up my security a bit and enforce SSL on everything I run. I am currently using haproxy on my site to proxy all traffic to my local services (nginx, node, etc) and since haproxy is able…
Do you have the problem that you want to ban/purge elements on your site using both absolute and relative matching? Let say your vcl contains ban("req.url ~ (?i)" + req.url);, what happens if you purge the root / is that it will purge your whole site since…
So I changed my site, its now a static site running nginx instead of my old Varnish + LAMP setup. This simplifies the complexity a lot and allows me to add support for the spdy protocol. As of this writing Nginx supports spdy/2 and not spdy/3 unfortunately. It'…