I’ve been using varnish throttling lately to mitigate attacks and crawlers, and thought I’d share how I was able to get the module implemented on my ubuntu hosts.
So you have a site that is on an EC2 instance, and you want to turn it into an SSL site. That’s a common task, but what if you have multiple SSL sites on that host. You can’t share the IP and still have things work for older browsers, so you end up using ELBs.
If you have some static content you want to send to CloudFront, and you don’t want to redo all your hrefs to handle that for you, here’s a quick and dirty way to use Apache instead.
Say you have a bunch of sites that are hosted on an EC2 instances, and for various reasons you’ve setup CloudFront to help handle the traffic. You have your normal webserver logs to give you part of the picture, but you probably will want to dig into the CloudFront logs as well in order to get a better picture of your actual throughput.
Thankfully, this is pretty easy. And somewhat annoyingly complicated.
Ignoring for the fact that there are very good reasons not to do this (latency, eventual consistency, etc), using S3 buckets as filesystems actually fills a niche that AWS doesn’t currently even try. Sure you could just setup an NFS instance on EC2, or even use the storage gateway service to go an off-service data store, but that is overkill for many use cases.
So here’s how I got it done.
First of all, there are some options on how to implement this. Here are the ones I tried out :
I ended up choosing s3fs-c. I used s3fs at first, but the lack of other-client compatibility was a killer. I’m still not sure why this is even a problem to be solved, given that the s3fs-c fork didn’t make major changes to get that feature. Or maybe there are major changes that I didn’t notice on my, admittedly cursory, review.
So I took an S3 bucket, and EC2 instance running ubuntu 12.04, and did the following.
i’ve been happy with my AWS instances that i’m running, but decided tonight to start up a joyent instance to see how that goes. so far i’m fairly disappointed with the documentation, but it isn’t any worse than the AWS EC2 stuff.
still, the whole process was pretty easy to go through, even if it wasn’t easy to actually login to my new ubuntu VM.
i’ll be starting up a mail server on this thing to see how that goes.
Most of the documentation for getting apache’s mod-auth-mysql modules to work under ubuntu are painfully short of at least a couple of configuration lines, so here’s my attempt to be helpful to others that have trouble with this.
Almost a year after I first wrote about dancer, I finally got around to building my first site with it. Overall, it is a pretty nice little framework. If you are already familiar with perl and/or the template toolkit, then I highly recommend this for quickly deploying projects.
In my case, I was able to build and deploy a management interface for a smartos zone server in just a few hours. I fleshed it out over the course of a week or so, and how it is in production managing dozens of zones quite easily. The interface talks to a mysql database, a node.js server I wrote as part of the same project, and even manages a local haproxy instance. All of this in such a tiny space that I keep getting weirded out.
In the future I’ll document some of the pitfalls and oddities that I experienced. I found that once I came around to the dancer way of thinking, it got pretty easy and I’ve rarely had to address the documentation since.
So you have an ubuntu server that you’d like to do LDAP authentication on. Here are the quick and dirty steps. Note that I’m leaving out a lot of additional options and tweaks as many will be situationally different.