Securing Apache Sites With Saml

So I recently have fallen in love with single sign on. I really like centralized user management, and being able to adapt it into many different application is really sweet. Plus, it makes compliance people happy! One feature I like is the ability to secure arbitrary Apache websites with it using a plugin called Mellon. Basically this acts like the native apache authentication, but rather than present a window for a username and password, it redirects you to your SSO provider to login....

October 25, 2019 · Andrew

Using Foundation for Emails (Inky) in a Php Application

One framework that I instantly fell in love with was Inky. Having built a number of emails using pure HTML, having the shorthand syntax was amazing. Coupling it with the inliner and CSS in Foundation for Emails, it’s dead simple to write a good looking email. Just one problem: Foundation for Emails assumes you’re either writing emails as standalone units, or integrated into a Node.JS application. What are you to do if you’re, say, running a PHP Symfony application?...

September 13, 2019 · Andrew

Smart Failover With Redis Sentinel and Keepalived

Through some Google-fu and some other great tutorials, I’ve successfully setup a groups of Redis machines with automatic failover detection via keepalived and sentinel. This sounds mundane, but lets you setup another layer of protection for your Redis cluster without lots of extra configuration. Background – Redis Sentinel and Keepalived Redis Sentinel makes it pretty easy to setup a group of replicated Redis machines and elect new master nodes when others are offline....

December 18, 2017

Autowired Traits in Symfony

This is something that I think is pretty slick in Symfony. With 3.3, Symfony introduced the idea of autowired services. Basically, you just put a type hint for what you need and the container injects the correct service as if by magic. You can take advantage of this in some more unusual places that aren’t immediately apparent after reading the documentation. In my case, I had a controller trait that provides some common functions but it needs to interface with some services to do this....

October 7, 2017

Ubiquiti Edgerouter Openvpn Client Config

One thing that’s really handy for your Ubiquiti EdgeRouter is to have it act as a VPN client. This gives all hosts on your network the ability to access the remote VPN without having to login. Setting it up with pfSense is straightforward and pretty easy with the right tools. Setup pfSense In our case, we’re using pfSense as the VPN server. Setting up pfSense is beyond the scope of this particular guide, but there is a handy tool that makes setup much simpler....

July 23, 2017

Staggering Chef Client Runs

One of the new tools I’ve discovered is Chef to manage the configuration and software on Storehouse’s fleet of virtual machines. Chef makes it really handy to update and track config changes, since everything can be tracked using Git or similar. One issue we ran into was having chef-client run at the same time for multiple machines. This issue is kinda subtle, but makes a lot of sense when you think about it....

July 20, 2017

Make a Site Private but Allow Lets Encrypt

This is a pretty straightforward thing I’ve wanted to do for some time. Basically, I have a number of sites that I use internally that I wanted to get certificates via Let’s Encrypt, but I also wanted to keep them restricted to only a few IP addresses. The solution is quite simple and works perfectly. We accomplish this with two .htaccess files. One at the site root to restrict IP address that can access the site, the second to disable that restriction on the directory where the Let’s Encrypt challenge is stored....

May 22, 2017

MySQL (MariaDB) Galera Cluster Restart

This is a scary problem when you’re recovering from an outage of your database machines. If you’re running a Galera cluster and they all go offline, you’ll need to do a bit of work to restart the cluster and make it safe. Galera relies on the fact that there’s at least one node running in your cluster at all times. If your entire cluster goes offline, you won’t be able to start it again, even with the –wsrep-new-cluster option....

February 5, 2017