Yesterday I made a terrible mistake by updating Yoast SEO plugin to its latest version (8.3) without prior testing. This resulted in significant server load. Luckily, the fix was easy.
Newer Is Not Necessarily Better: Updated Yoast SEO to 8.3
nginx: Mitigating the BREACH Vulnerability with Perl and SSI or Addition or Substitution Modules
BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is a security exploit against HTTPS when using HTTP compression. This article shows several ways to deal with BREACH using Length Hiding technique with nginx’s builtin modules.
How to Import Cloudflare IP List into nginx ACL Automatically
When using Cloudflare to hide IP address of the origin server (for example, to protect against DoS attacks), it is important to configure ACLs to allow connections to the origin server only from Cloudflare IPs. However, the list of Cloudflare IP ranges is not static, it changes over time. This post describes how to import this list into nginx automatically.
How to Get Maximum Score in SSL Labs Test (nginx)
This article provides a configuration for nginx that successfully passes SSL Labs tests with A or A+ mark, and 100% score for all metrics (certificate, protocol support, key exchange, cipher strength).
Mapping OpenSSL Cipher Suite Names to RFC Names
Correspondence between OpenSSL cipher suite names and RFC names taken from http://testssl.sh/openssl-rfc.mapping.html.
TLS Configuration for nginx to Get A+ in HTBridge and SSL Labs Tests
This post presents a TLS configuration for nginx to get A+ score in HTBridge and SSL Labs tests. According to HTBridge, this configuration is compliant with PCI DSS, NIST, and HIPAA guidelines.
Signal Desktop and Failed to Map Segment from Shared Object Error
Signal is a great encrypted communications application built upon Electron framework. Couple of months ago I faced the issue that Signal had failed to start showing a message like this: “Uncaught Exception: Error: /tmp/.org.chromium.Chromium.j4ITUv: failed to map segment from shared object”.
Here is the solution.
Pitfalls When Upgrading Ubuntu Xenial to Bionic
The article describes a few pitfalls I encountered when trying to upgrade from Ubuntu 16.04.5 (LTS) to Ubuntu 18.04.1 (LTS) and possible solutions.
Sometimes I Hate systemd
After upgrading from the latest Ubuntu 16.04 LTS to Ubuntu 18.04.1 LTS, the server refused to reboot. I had to use IPMI to connect to the otherwise unresponsive server and forcibly reboot it. I probably should have used sync; reboot
CentOS 7: How to Change SSH Port
Many times my colleagues have asked me how to change SSH port on CentOS 7, because the way they did it themselves resulted in failures of OpenSSH to start. This happened because of SELinux, and the post explains how to overcome the issue without turning SELinux off.