Posted by jpluimers on 2022/05/27
A while ago [Archive.is] Adam Jacob on Twitter: “Let’s say nice things about technology today. I’ll start. If it wasn’t for @lkanies and @puppetize, there is no way we would have been able to adapt as an industry to the rise of the cloud. Quote tweet me with your own.” sparked some interesting threads.
First posts are below; click on them to see the full threads.
Posted in Chrome, Configuration Management, Development, DevOps, Firefox, History, IaC - Infrastructure as Code, Infocom and Z-machine, Infrastructure, KVM Kernel-based Virtual Machine, LSI/3ware, Open Source, PDP-11, Power User, PowerShell, Puppet, Python, Qemu, Rust, Safari, Scripting, Software Development, UCSD Pascal, Vagrant, Veewee, Virtualization, Web Browsers, Xen | Leave a Comment »
Posted by jpluimers on 2022/05/05
Last week, I posted about Setting up a GitHub project so it is served over https as a custom github.io subdomain.
Today it’s the equivalent, but on GitLab.
Why GitLab? Two major reasons: unlike GitHub:
Already 2. and 3. combined are a huge advantage, though we will see that 3. also makes some of the subcases (hosting as user.gitlab.io from account gitlab.com/user where user is your username) is harder than the similar user.github.io, github.com/user combo.
So here we go, starting with a similar set of links:
.gitlab-ci.yml` file | GitLab
The goal is to have
wiert.gitlab.io (like wiert.gitlab.io/wiert)gitlabstatus.wiert.me plain html (or maybe markdown) page project that eventually will show some status information (kind of like status.gitlab.com, but for different things).The beauty of GitLab is that it supports hierarchies of repositories through groups and subgroups, so I already had these subgroups hoping they would cover both the first and second kind of page projects:
Since there are quite a few links above, here are the steps I took from my gitlab.com/wiert account and gitlab.com/wiert.me group.
wiert” (with slug “wiert“) so it would appear at gitlab.com/wiert.me/public/web/sites/gitlab.io/wiertBy default there is no CI/CD pipeline, but there is an enabled blue “Run pipeline” button: confusing.
Warning: When using Pages under the general domain of a GitLab instance (gitlab.io), you cannot use HTTPS with sub-subdomains.
The sites do work (see the [Archive.is http version] and [Archive.is https version]), but the HTTPS fails because wiert.me.gitlab.io does not match the SANs (Subject Alternative Names) in the certificate: *.gitlab.io, gitlab.io
wiertgitlab.com/wiert/public/web/sites/gitlab.io which as URL is gitlab.com/wier1/public/web/sites/gitlab.io because user account wiert already occupies gitlab.com/wiert.wiert” (with slug “wiert“) so it would appear at gitlab.com/wiert.me/public/web/sites/gitlab.io/wiertwiert.gitlab.io/wiert I hoped for☐ Force HTTPS (requires valid certificates)
wiert exists and occupies gitlab.com/wiert, then a group named wiert cannot occupy gitlab.com/wiert, and therefore a project named wiert within that group won’t be deployed to wiert.gitlab.io/wiert.wiert, then no group named wiert cannot be used to contain a project named wiert to host as wiert.gitlab.io/wiert“.wiert” (with slug “wiert“) so it would appear at gitlab.com/wiertwiert.gitlab.io/wiert I hoped for:
Success: published at https://wiert.gitlab.io/wiert/
The sites do work fine (see the [Archive.is http version] and [Archive.is https version]). The HTTP does not redirect to the HTTP version, as I did not tick the
☐ Force HTTPS (requires valid certificates)
wiert.gitlab.io” (with slug “wiert.gitlab.io“) so it would appear at gitlab.com/wiert.me/public/web/sites/gitlab.io/wiert.gitlab.iowiert.gitlab.io I hoped for.
wiert.me.gitlab.io does not match the SANs (Subject Alternative Names) in the certificate: *.gitlab.io, gitlab.io. The HTTP does not redirect to the HTTP version, as I did not tick the☐ Force HTTPS (requires valid certificates)
wiert.gitlab.io” (with slug “wiert.gitlab.io“) so it would appear at gitlab.com/wier1/public/web/sites/gitlab.io/wiert.gitlab.iowiert.gitlab.io I hoped for☐ Force HTTPS (requires valid certificates)
wiert.gitlab.io” (with slug “wiert.gitlab.io“) so it would appear at gitlab.com/wiert/wiert.gitlab.io.wiert.gitlab.io I hoped for with working sites (see the [Archive.is http version] and [Archive.is https version]).☐ Force HTTPS (requires valid certificates)
Having learned from the GitHub githubstatus.wiert.me procedure (where I had to wait a long time for the default *.wiert.me domain mapping timeout and the githubstatus.wiert.me DNS CNAME record to become effective), I started on the DNS CNAME record side which is documented at [Wayback] Custom domains and SSL/TLS certificates: Section 3. Set up DNS records for Pages: For subdomains | GitLab:
Subdomains (
subdomain.example.com) require:
- A DNS
CNAMErecord pointing your subdomain to the Pages server.- A DNS
TXTrecord to verify your domain’s ownership.
From DNS Record To subdomain.example.comCNAMEnamespace.gitlab.io_gitlab-pages-verification-code.subdomain.example.comTXTgitlab-pages-verification-code=00112233445566778899aabbccddeeffNote that, whether it’s a user or a project website, the
CNAMEshould point to your Pages domain (namespace.gitlab.io), without any/project-name.
The value for the TXT record is only known after you created the pages project, but the value for the CNAME record is known beforehand:
From DNS Record To gitlabstatus.wiert.meCNAMEnamespace.gitlab.io
So let’s see if I can do this in one try, with these steps:
CNAME record from gitlabstatus.wiert.me to namespace.gitlab.io:
gitlabstatus.wiert.me CNAME record pointing to namespace.gitlab.io
gitlabstatus.wiert.me” (with slug “gitlabstatus.wiert.me“) so it would appear at gitlab.com/wiert.me/public/web/sites/wiert.me/gitlabstatus.wiert.meCNAME record from gitlabstatus.wiert.me to namespace.gitlab.io into operation by clicking the “New Domain” button:“New Domain” button in the “Pages” settings.
There I filled in the correct gitlabstatus.wiert.me domain name, then pressed the “Create New Domain” button:
New domain becomes
gitlabstatus.wiert.me
CNAME work I already did: the documentation is clearly wrong as these are the two DNS record entries to be made as shown by gitlab.com/wiert.me/public/web/sites/wiert.me/gitlabstatus.wiert.me/pages/domains/gitlabstatus.wiert.me:Correct instructions for the DNS records to get gitlabstatus.wiert.me working
Subdomains (gitlabstatus.wiert.me) require:
- A DNS
CNAMErecord pointing your subdomain to the Pages server.- A DNS
TXTrecord to verify your domain’s ownership.
From DNS Record To gitlabstatus.wiert.meCNAMEwiert.me.gitlab.io._gitlab-pages-verification-code.gitlabstatus.wiert.meTXTgitlab-pages-verification-code=c5619988d386b1a36c253ce05db55dbb
Basically the whole namespace.gitlab.io part of the documentation is a placeholder for the actual namespace that belongs to the leaf group the pages project is in (in my case wiert.me).
TTL to time out and effectuate:New DNS gitlabstatus.wiert.me
CNAMErecord pointing to wiert.me.gitlab.io
Note that this DNS administrative interface from WordPress.com does omit the final period of the CNAME destination (officially this would be wiert.me.gitlab.io.)
CNAME DNS record, I also made the TXT DNS record:New DNS TXT record for verification of gitlabstatus.wiert.me
Then I waited a little for the DNS TXT record to be saved and try the verification of the TXT record.
The DNS TXT record for gitlabstatus.wiert.me finally got verified
CNAME record DNS TTL to expire so I could check the domain and – hopefully – the TLS certificate to be requested by Let’s Encrypt:After the
gitlabstatus.wiertDNS TXT record got verified, I could save the domain information
CNAME record DNS TTL expired and the new CNAME record came into effect, the domain became available as http://gitlabstatus.wiert.me/:Waiting for
gitlabstatus.wiert.meto become active
Domain
gitlabstatus.wiert.meinformation before verification
to this:
Domain
gitlabstatus.wiert.meinformation after verification
gitlabstatus.wiert.me I hoped for with working sites (see the [Archive.is http version] and [Archive.is https version] for the wiert.me domain, and [Archive.is http version] and [Archive.is https version] for the wiert.me domain).☐ Force HTTPS (requires valid certificates)
In retrospect, this could have been shorter when I had done the DNS part later, which is contrary to how to do this with GitHub.
The conclusion seems this:
Gitlab Page repositories to be published as or under
wiert.gitlab.ioneed to reside directly under userwiert. Having them reside under a different group likewiertorwiert.mewon’t work.
Or in more generic terms:
When creating pages as
user.gitlab.ioyou have to put your pages projects directly under your user accountgitlab.com/user.Putting them under groups or leaf groups fails, no matter if the (leaf) group is named
useror otherwise.
In addition, you can add custom domains to any Gitlab repository (even one that never stated out as a GitLab Pages repository). It will work as soon as the domain DNS mapping is setup through both a CNAME mapping record and TXT verification record.
The steps for this in your GitLab repository are:
.gitlab-ci.yml file at the root of your repository; I used the [Wayback/Archive.is] one from [Wayback/Archive] GitLab Pages examples / plain-html · GitLab as my site is purely staticindex.html file in the public directory of your repository, similar to [Wayback/Archive] GitLab Pages examples / plain-html · GitLabgitlab.io, which allows the outside world to visit your GitHub Pages sie, and the Let’s Encrypt Certificate to be generated (and prevents this error: [Wayback/Archive] GitLab Pages integration with Let’s Encrypt | GitLab: “Something went wrong while obtaining the Let’s Encrypt certificate”).CNAME record and DNS TXT record; ensure both are applied on your primary DNS name server and replicated to all authoritative DNS name servers.Settings” -> “Pages” enable the “Force HTTPS (requires valid certificates)” option and save.Note: I saved the TLS information – including certificates here:
5B0C885BD0E0A1A52AD5C29D for *.gitlab.io, gitlab.io.5B0C885BD0E0A1A52AD5C29D for *.gitlab.io, gitlab.io.5B0C885BD0E0A1A52AD5C29D for *.gitlab.io, gitlab.io.3380904328FD4633E6CF27FE9B7D5BE25AE for gitlabstatus.wiert.me.912B084ACF0C18A753F6D62E25A75F5A for R3.4001772137D4E942B8EE76AA3C640AB7 for ISRG Root X1.More about the Let’s Encrypt certificates at [Wayback] Chain of Trust – Let’s Encrypt:
–jeroen
Posted in Cloud, Communications Development, Development, DNS, Encryption, GitLab, Hosting, HTML, HTTPS/TLS security, Infrastructure, Internet, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Software Development, Source Code Management, TCP, TLS, Web Development | Leave a Comment »
Posted by jpluimers on 2022/04/27
Posted in Cloud, Cloudflare, Communications Development, Development, Encryption, GitHub, HTML, HTTP, HTTPS/TLS security, Infrastructure, Internet protocol suite, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, Source Code Management, TCP, TLS, Web Development | Leave a Comment »
Posted by jpluimers on 2022/03/30
For my link archive: [Wayback] Perkeep
Via [Wayback] bradfitz – Joining Tailscale: Simplifying Networking, Authentication, and Authorization (which has many interesting linkis, including [Archive.is] bradfitz/homelab: Brad’s homelab setup)
Perkeep (previously Camlistore, Content-Addressable Multi-Layer Indexed Storage) is a set of open-source formats, protocols, and software for modeling, storing, searching, sharing, and synchronizing data.
–jeroen
Posted in Cloud, Hardware, Infrastructure, Network-and-equipment, Perkeep, Power User, Storage, Tailscale, VPN, Wireguard | Leave a Comment »
Posted by jpluimers on 2022/02/11
A high SEO ranking does not automatically indicate a reliable result.
When the WayBack Machine was down a while ago (it responded to traceroute UDP requests, but would not establish TCP connections on ports 80 and 443), the first Google hit for detecting down status (searching for [Archive.is] waybackmachine down – Google Search) failed miserably because it redirected web.archive.org (which fails) to http://www.archive.org (which succeeds):
IsIdDownRightNow failing to detect web.archive.org downtime
Luckily when asking around on Twitter:
Posted in *nix, cURL, Infrastructure, Internet, InternetArchive, LifeHacker, Power User, WayBack machine | Leave a Comment »
Posted by jpluimers on 2022/02/01
Sometimes it is easier to have current and public CA signed TLS certificates for internal servers than to setup and maintain an internal CA and register it on all affected browsers (including mobile phones).
One of my reasons to investigate this is that Chrome refuses to save credentials on servers that have no verifiable TLS certificate, see my post Some links on Chrome not prompting to save passwords (when Firefox and Safari do) about a week ago.
Below are some links for my link archive that hopefully will allow me to do this with Let’s Encrypt (msot via [Wayback/Archive] letsencrypt for internal servers – Google Search):
Posted in Cloud, Cloudflare, Development, Encryption, ESXi6, ESXi6.5, ESXi6.7, ESXi7, Fritz!, Fritz!Box, Fritz!WLAN, Infrastructure, Internet, Let's Encrypt (letsencrypt/certbot), Power User, Security, Software Development, Virtualization, VMware, VMware ESXi, Web Development | Leave a Comment »
Posted by jpluimers on 2022/01/18
Almost two years ago, GitHub – facebook/osquery: SQL powered operating system instrumentation, monitoring, and analytics published from the automatic blog queue.
It was in the midst of my rectum cancer treatment, so I was glad the blog queue back then was still about 18 months deep.
This meant I looked into osquery in 2018, which I remember because I needed it on MacOS as I did not want to remember the syntax for MacOS specific commands on getting system information. It also coincides with how much my repository fork was behind: [Wayback: jpluimers/osquery commits/Archive: jpluimers/osquery commits].
Fast forward to now, the breath of systems I’m involved with has widened, so I was glad to see that Kristian Köhntopp mentioned it:
So time to try it again (:
The links he mentioned:
osqueryis an operating system instrumentation framework for Windows, OS X (macOS), Linux, and FreeBSD. The tools make low-level operating system analytics and monitoring both performant and intuitive.
The high-performance and low-footprint distributed host monitoring daemon,osqueryd, allows you to schedule queries to be executed across your entire infrastructure. The daemon takes care of aggregating the query results over time and generates logs which indicate state changes in your infrastructure. You can use this to maintain insight into the security, performance, configuration, and state of your entire infrastructure.osqueryd‘s logging can integrate into your internal log aggregation pipeline, regardless of your technology stack, via a robust plugin architecture.The interactive query console,osqueryi, gives you a SQL interface to try out new queries and explore your operating system. With the power of a complete SQL language and dozens of useful tables built-in,osqueryiis an invaluable tool when performing incident response, diagnosing a systems operations problem, troubleshooting a performance issue, etc.
Main site: [Wayback/Archive] osquery | Easily ask questions about your Linux, Windows, and macOS infrastructure
Repository: [Wayback/Archive] osquery/osquery: SQL powered operating system instrumentation, monitoring, and analytics.
–jeroen
Posted in *nix, *nix-tools, Apple, Development, DevOps, Facebook, Infrastructure, Mac, Mac OS X / OS X / MacOS, Power User, SocialMedia, Software Development, Windows | Leave a Comment »
Posted by jpluimers on 2021/12/30
My own motto: learn new things every day.
Florian:
[Archive.is] Florian Haas 🇪🇺 on Twitter: “Docs or it didn’t happen.… “
David:
[Archive.is] ☁David Moreau-Simard on Twitter: “Hey software and system folks, I’m curious: what are some of the mottos you work by ? I’ll start:
Via Florian’s pinned Twitter post I found while writing media.ccc.de – No, we won’t have a video call for that! (Communications in distributed teams by Florian Haas).
–jeroen
Posted in Development, DevOps, Software Development | 1 Comment »
Posted by jpluimers on 2021/12/08
From a while back, but more relevant than ever:
[Archive.is] Jan Schaumann on Twitter: “The secret language of coders, part N of many. Today: “risk acceptance”… “
Obligatory video below the fold.
–jeroen
Posted in Development, DevOps, Infrastructure, LifeHacker, Power User, Security, Software Development | Leave a Comment »
Posted by jpluimers on 2021/11/30
Legacy/IaaS/PaaS/SaaS explained by “Pizza as a service”: from home made, take and bake, pizza delivery to full dining out.
[Archive.is] Katie Anderson on Twitter: “Saw this on Facebook and it’s my new favorite PaaS (Pizza as a Service) breakdown https://t.co/INKKG9UOAK” / Twitter
–jeroen
Posted in Cloud, Conference Topics, Conferences, Development, Event, Infrastructure, Software Development, Systems Architecture | Leave a Comment »
The Wiert Corner - irregular stream of stuff 