vpn

Windows 10 LT2P/IPSec VPN connection fails silently

A few months ago I had a strange behaviour: Sometimes the L2TP/IPSec connection between my workstation at home and our company VPN silently failed. After clicking on the VPN connection icon in the tasktray it only showed Connecting to… and stopped working after 60 seconds. The VPN connection status did dot get updated and showed just the connection name as nothing has ever happened. Strangely enough, this only happened if the following conditions were true: Read more…

Conditional redirect inside your .htaccess filea

Conditional redirect from HTTP to HTTPS within Apache .htaccess files

Most of the time you are doing local web development without HTTPS and self-signed certificates but good-ol’ plain HTTP. For security and SEO reasons, HTTPS should be enabled in your production environment all the time. One important requirement for production environments is, that every incoming plain HTTP request has to be redirected to HTTPS. If you are using a frontend proxy for HTTPS/TLS termination and your web application is agnostic to the protocol in use, Read more…

appleboy/ssh-actions

Deploying with SSH using GitHub Actions

Shortly after I had started the work on nerdhood.de I built a deployment pipeline. The bash-based build script for my Laravel application was easy but triggering the deployment itself turned out to be more difficult than expected. In the end I built something with two AWS Lambda function, SNS, an S3 bucket for a private key and using the serverless framework. But this is another story. Before I built the – totally over-engineered – AWS Read more…

Supermicro MBD-X10DRI-T4 +

Super Micro X10 hangs with “PEI – Intel Reference Code Execution (A9)”

For a customer of us we had to set up two webserver environment on physical servers. We picked up both server systems (having a Super Micro X10DRI-LN4+ and a PNY Quadro P1000 installed in addition to other components) and booted up the system. During the IPMI initalization phase, the whole process hanged with PEI – Intel Reference Code Execution … (A9). The status code 0xA9 itself does only mean that the setup started. We waited Read more…

WooCommerce für den Verkauf von B2B-Software konfigurieren

Most of my articles are written in English but this topic is more or less focussed on German businesses so I’ll do this write-up in German. Für das WordPress-Plug-in Next Active Directory Integration bieten wir als virtuelle Dienstleistung eine Support-Lizenz in diversen Stufen an. Die Bezahlung der Dienstleistung erfolgt dabei über PayPal, im Backend erfolgt die Verwaltung und der Verkauf über WooCommerce. Rechtliche Bestimmungen und Regeln Am einfachsten ist hier der Gang zum Steuerbüro, die Read more…

Using Atlassian OpsGenie with a localized on-premises Jira instance

We are currently in the process of migrating our alerting infrastructure from OMD to Atlassian’s OpsGenie. Most of the features (SMS, phone call etc.) worked out of the box but we struggled with pushing alerts back into our on-premises Jira instance. Enable logging of POST requests OpsGenie does not provide debug logs of all executed HTTP requests against Jira’s REST API. Instead, only the very generic HTTP status code is provided like Lucky for us, Read more…

Receiving “com.amazonaws.services.s3.model.AmazonS3Exception: Not Found” when using Jenkins’ pipeline-aws-plugin and s3Upload step with Minio

I am currently working on a Jenkins declarative pipeline to connect the Jenkins builds with Kubernetes, Helm and Netflix Spinnaker. One of TODOs has been to deploy different artifacts (e.g. a helm chart my-chart-0.0.1.tar.gz) to an AWS S3-compatible bucket inside a Minio installation with help of pipeline-aws-plugin. When running my pipeline always threw an exception with Trying other clients with Minio At first I suspected some misconfiguration of my Minio installation. I checked the S3 Read more…

Running a Spring Boot JAR service with SELinux enabled

Just a quick reminder how to run a Spring Boot JAR (or any other self JAR executable) with SELinux enabled: To make this persistent you have to use the bin_exec_t type as java_exec_t is just an alias: To let systemd start this service, you have to create a systemd unit file at /etc/systemd/system/myapp.service: And don’t forget to add the service user, reload the systemd services and enable the myapp.service.

Using IPv6 with AWS Application Load Balancer (ALB)

Today I struggled an hour or so to access a AWS hosted web application through IPv6. Just follow these rules: Get an IPv6 CIDR for your VPC: Go to VPC > Your VPCs > ${YOUR_VPC} > Edit CIDRs > Add IPv6 CIDR. The IPv6 CIDR is automatically choosen by AWS. You can’t configure the IPv6 CIDR on your own. For the subnet(s) your ALB is located in, you have to allocate an IPv6 subnet from Read more…

How to programtically insert versionized initial data into Spring Boot applications

One of the common required tasks for an application using a persistence store is to initialize the underlying database with basic data sets. Most of the time this contains something like admin users or default roles. Setting the stage To give a proper example, we have the database table role with two columns id (primary key) as an internal ID and uuid (primary key) as an external key. In Liquibase, our changeset for this table Read more…