Last week, one of our application servers died. We have four app servers, so in theory, the death of one app server shouldn't bring the entire platoon down. However, real-life had other plans: 95% of requests were handled fine, but around 5% were being dropped. Here's the story of how we diagnosed and fixed the issue with our realtime charts.
…to enable non-ssl mode has no effect. This commit ensures we render a both anand HTTPS version of the lb config. This behavior now also matches Private Chef.
This fixes the following issues:
CHEF-4029 configurable bookshelf url & nginx ssl port issue
config respects configured ports.
This patch makes Nginx's rewrite and proxy set header directives respect the configured SSL port ( node['chef_server']['nginx']['ssl_port'] …
§ Absolutely! 14 lessons after five years of professional programming :
6. If you feel one use-case scenario will "probably be ok", that's the one that's going to lead to catastrophic failure a month in production. Trust your paranoid gut, test and verify.
It's about assurance. It's about establishing …
…for yourself. Use the FQDN of your newly installed Chef Server, with HTTPS. The validation key needs to be copied over from the Chef Server from /etc/chef-server/chef-validator.pem to ~/.chef to use it for automatically bootstrapping nodes with knife bootstrap . % knife configure -i WARNING: No knife configuration file found Where should I put the config file? [/home/jtimberman/.chef/knife.rb] Please enter the chef server URL: [http://chef.example.com:4000] https://chef.example.com Please …
…acceleration is slower than a normal SDURLCache . Handling refreshes with content that pops in "above" the current scroll position like a / UICollectionView is not perfect yet. Despite these issues, there's plenty of benefits :. data with HTTPS didn't seem to work, so we dropped in
Rapid iteration on our mobile web views without pushing a new build
All mobile web users on any device benefit …
…the TCP handshake is complete, and if we're connecting to a secure destination ( HTTPS), then the SSL handshake must take place. This can add up to two additional roundtrips of latency delay between client and server. If the SSL session is cached, then we can "escape" with just one additional roundtrip.
I hate dealing with server mysteries.
Squash - bug trackers with some interesting new capabilities.
How to: Configure Burp and - A useful trick to know. for HTTPS ( ) packet inspection and web site debugging on OSX
Case Study: Pro-active Log Review Might Be a Good Idea - A cute story of developer malfeasance.
jQuery 1.9 final, - 2.0 beta, final released updates from the jQuery folks.
Thredis - Threaded fork of redis.
Configure Elastic Beanstalk for HTTPS
Our application uses HTTPS to secure our users from snoopers. It's highly recommended that all portions of your site be served over HTTPS (not just the registration/login portions). To setup HTTPS on Elastic Beanstalk requires two steps. First, create and upload an SSL certificate, then configure Elastic Beanstalk to use your certificate.
For a production application, you should use a purchased certificate from a reputable Certificate Authority…
Configuring HAProxy for, HTTPS, and
What we want to do is to configure our SSL termination proxy . Meaning, HAProxy will be the one serving our back to the client, and all traffic forwarded to our internal servers will flow unencrypted . This also means that HAProxy will need to handle the NPN handshake. In fact, ideally, it should handle and route all types of traffic: HTTP, HTTPS, and SPDY.as an
defaults log 127 .0.0.1 local0 …
§ Well written and with an interactive map you can explore, hopefully this will drive the point home. Latency: The New Web Performance Bottleneck :
when it comes to your web browsing experience, it turns out that latency, not bandwidth, is likely the constraining factor today.
§ HTTP Strict is nifty: Security
HSTS tells browsers to always make requests over HTTPS to HSTS sites.become HSTS either by being built into the browser, or by advertising a header