Not too long ago in the Linux world, firewall rules were complex. iptables did its job very well, but managing rules was daunting for a newcomer. Debian 9 introduces some changes that make it pretty simple to add a firewall rule. Usually firewall rules are taken care of automatically, when you install a program it takes care of opening up the required ports for itself. In some cases, software can conflict and that is what happened in my case....

This is something that I think is pretty slick in Symfony. With 3.3, Symfony introduced the idea of autowired services. Basically, you just put a type hint for what you need and the container injects the correct service as if by magic. You can take advantage of this in some more unusual places that aren’t immediately apparent after reading the documentation. In my case, I had a controller trait that provides some common functions but it needs to interface with some services to do this....

Today, The Storehouse experienced an outage that lasted approximately 12 hours. This was caused due to updates performed late the night before and services restarting during that process. Last night I ran upgrades of the servers that run The Storehouse, including our three ProxmoxVE nodes. When the upgrades on these nodes were complete, the nodes had an updated kernel version and needed to restart to use the new kernel Restarting is usually a painless process in our environment....

When you have an application, there’s inevitably some things that just need to be done periodically. These aren’t tied directly to user actions, so the quick answer is usually cron. It’s easy to setup, but when it breaks it can cause subtle issues that may impact your customers or application. It’s simple to setup a script that does whatever needs done, and it’s equally easy to tell cron to execute the script at regular intervals....

One thing that’s really handy for your Ubiquiti EdgeRouter is to have it act as a VPN client. This gives all hosts on your network the ability to access the remote VPN without having to login. Setting it up with pfSense is straightforward and pretty easy with the right tools. Setup pfSense In our case, we’re using pfSense as the VPN server. Setting up pfSense is beyond the scope of this particular guide, but there is a handy tool that makes setup much simpler....

One of the new tools I’ve discovered is Chef to manage the configuration and software on Storehouse’s fleet of virtual machines. Chef makes it really handy to update and track config changes, since everything can be tracked using Git or similar. One issue we ran into was having chef-client run at the same time for multiple machines. This issue is kinda subtle, but makes a lot of sense when you think about it....

This is a pretty straightforward thing I’ve wanted to do for some time. Basically, I have a number of sites that I use internally that I wanted to get certificates via Let’s Encrypt, but I also wanted to keep them restricted to only a few IP addresses. The solution is quite simple and works perfectly. We accomplish this with two .htaccess files. One at the site root to restrict IP address that can access the site, the second to disable that restriction on the directory where the Let’s Encrypt challenge is stored....

A subtle issue I ran into was the issue that Proxmox VE would sometimes unmount a GlusterFS volume and would fail to backup. This issue was a bit sneaky though, since the PVE backup program wouldn’t execute it wouldn’t send an email notifying me of the failure. This would make it so the backups would fail silently for some time, until I happened to login and see the errors in the cluster’s log....