DevOps – FoolControl – Phear the penguin

Automated way of getting Let’s Encrypt certificates for WordPress using Docker + Ansible

March 10, 2018

From security reasons, over feature requests, to announcement that Chrome 68 will render all HTTP sites as “not secure” in beginning of July … it’s obvious this is where the web is heading and it had to be done.

For HTTPS encryption, my obvious choice was Let’s Encrypt which I wrote about in past, so without further ado let’s get right to it.

containerized-wordpress-project: Let’s Encrypt update

Few months ago I launched containerized-wordpress-project which let’s you “automagically deploy & run containerized WordPress (PHP7 FPM, Nginx, MariaDB)”.

In latest update I’ve added support for Let’s Encrypt which allows you to have HTTPS encrypted sites/blogs out of box.

I rewrote Nginx container image deployment which now relies on https-portal. Result is updated containerized-wordpress Ansible role whose major updates are to its Docker Compose file as well as deployment of Let’s Encrypt enabled Nginx configs.

For existing sites HTTPS integration is seamless, every HTTP link is automatically redirected to its HTTPS counterpart and certificates will be renewed automatically.

more “Automated way of getting Let’s Encrypt certificates for WordPress using Docker + Ansible”

Automagically deploy & run containerized WordPress (PHP7 FPM, Nginx, MariaDB) using Ansible + Docker on AWS

May 21, 2017

Update: containerized-wordpress-project comes with enabled HTTPS site encryption using Let’s Encrypt certificates.

In this blog post, I’ve described what started as simple migration of WordPress blog to AWS, ended up as automation project consisting of publishing multiple Ansible roles deploying and running multiple Docker images.

If you’re not interested in reading about my entire journey, cognition gains and how this process came to be, please skim down to “Birth of: containerized-wordpress-project (TL;DR)” section.

Migrating WordPress blog to AWS (EC2, Lightsail?)

Since I’ve been sold on Amazon’s AWS idea of cloud computing “services” for couple of years now. I’ve wanted, and been trying to migrate this (WordPress) blog to AWS, but somehow it never worked out.

Moving it to EC2 instance, with its own ELB volumes, AMI, EIP, Security Group … it just seemed as an overkill.

When AWS Lightsail was first released, it seemed that was an answer to all my problems.

But it wasn’t, disregarding its bit restrictive/dumbed down versions of original features. Living in Amsterdam, my main problem with it was that it was only available in a single US region.

more “Automagically deploy & run containerized WordPress (PHP7 FPM, Nginx, MariaDB) using Ansible + Docker on AWS”

Secure (HTTPS) public access to Synology NAS using Let’s Encrypt (free) SSL certificate

February 17, 2017

Secure public access to your Synology?

Every time I’m outside of my home network, and I need to get something from my Synology NAS, I’m facing the same dillema. Who’s sniffing the network I’m on, and who will I hand over my credentials in plain text using HTTP.

Of course, you can add extra security to your Synology account by using 2 step authentication, or first establishing connection to (preferably private) VPN connection. But even then … footprint of sensitive data you’re leaving behind you is just not worth it.

To resolve this problem, you could get a self-signed SSL certificate, but whole process will cost you time and money. But thanks to good people at Let’s Encrypt, this whole process now takes 15 minutes process and is free!

Secure (HTTPS) access to Synology NAS using Let’s Encrypt (free) SSL certificate

There are couple of tutorials which cover this same topic, however reason why I wrote my own is because none of them worked for me.

more “Secure (HTTPS) public access to Synology NAS using Let’s Encrypt (free) SSL certificate”

Kernel agnostic, DisplayLink Debian GNU/Linux driver installer (Debian/Ubuntu/Elementary)

November 29, 2015

I use DisplayLink at work for multi display setup/Ethernet/etc, all by connecting to a single USB port. Although it’s a nifty little device, its software support isn’t that great.

Only Linux driver they have is for Ubuntu. Which is only optimized to work with 14.04, and latest kernel they support is 3.19!

Their installer script can be modified to work with Debian and Systemd, but even so if you’re using any Linux kernel version other then >=3.14 && <=3.19 you’re not going to have a good time.

displaylink-debian (github)

That’s why I decided to take things in my own hands, and created displaylink-debian.

Tool which allows you to seamlessly install and uninstall DisplayLink drivers on Debian/Ubuntu based Linux distributions.

more “Kernel agnostic, DisplayLink Debian GNU/Linux driver installer (Debian/Ubuntu/Elementary)”

Taking control over Debian and its package repositories

October 29, 2013

When we talk about Debian we must talk in the superlative. One of the reasons why Google and International Space Station are choosing Debian as their default Linux distribution is because it has (by far) the biggest package collection. At the time of writing this document, there are 61801 packages in Debian Sid (Unstable/Development distribution).

But as with many things in life, your greatest asset can be also your biggest liability—unless you take things under control. As an example, people usually complain how package versions in Debian “Stable” are too old, and they are spot on ~~right~~ ignorant. The author of this document has never used Debian “Stable” outside of production and has solely relied on some of the ingenious mechanisms provided by Debian, which when properly configured can provide you with unlimited possibilities.

APT Pinning

Pinning allows you to install and run package versions from other (Testing/Unstable/Experimental) Debian branches without having to upgrade the whole distribution to that particular branch.

Example 1:

You are running Debian 7.2 (Wheezy), and you want latest “libjmagick6-java” version (i.e: 6.6.9), however you only see the version which is present in Stable repository (6.2.6). When you look for the package on Debian packages, you can see that the version you want is present in Testing/Unstable.

more “Taking control over Debian and its package repositories”

FoolControl – Phear the penguin

Category: DevOps

Migrating WordPress blog to AWS (EC2, Lightsail?)