rand(Ø)

> beautiful code & photos

about <

Posts tagged: howto

MySQL: silent insecure password warning

I won't invent anything new here but I'll share a quick improvement on an answer I've found on Stack Overflow.

If you are doing batch actions and don't want to write in .mylogin.cnf file, there's the trick: use a process substitution!

$ mysqldump --defaults-extra-file=<(printf "[client]\nhost = host.rds.amazonaws.com\nuser = username\npassword = \$PassW0rd\$") \
    database > dump.sql

This also works for any other file input, like Docker env file run param:

> Continue Reading

Cross-region & cross-account AWS resources Terraform planning

Hey, it's been a while, right?

Lately, I'm leading some big changes in our infrastrure since I'm wrapping a Blue/Green deployment into another one. Uh?

Long story short: our product runs on AWS ECS Docker containers, and because we have one sub-domain per app instance, we use Apache wildcard sub-domains. Meaning a single container handles traffic from many clients/instances. We already have a Blue/Green deployment process in place but at the Docker container level, not at the client level. The idea is to entirely duplicate the whole stack (with all its flaws) and a sub-domain pointing to

> Continue Reading

CSP Header Hacking for Apache2

Hello,

I write here to report my latest dirty hack. Story—

While enforcing our HTTP server configuration at work, we are slowly implementing CSP policies and one of them allow Web browsers to report violations to a given endpoint.

At this moment, we are only at the reporting step of the implementation because the first time we attempted to roll this header out, it ended up breaking our staging env.

So, it's recommended to set the Content-Security-Policy-Report-Only header.

This header takes the report-uri directive which allows the browser to push the violation findings to a given endpoint.

For this example:

> Continue Reading

S3: List objects using filters

One thing that really sucks about the Amazon S3 command is not being able to efficiently list objects using the exclude and include filters.

I recently had a case when I needed to list GZip archives from one of our S3 buckets but only the ones ending by .gzip.

Since the ls command doesn't support filters (yet?), I found another way to get that listing: use the cp command, but in dry-run mode:

#!/bin/bash
export AWS_ACCESS_KEY_ID=
export AWS_SECRET_ACCESS_KEY=

# Very important: DO NOT remove the --dryrun flag!
aws s3 cp s3://bucket-name . --recursive --no-progress
> Continue Reading

MySQL: adding an index on a big-ass table

Okay, I'll admit it: SQL and big data things aren't at the top of my skillset.

No earlier than today, I resolved an issue we had in our customer databases: adding a missing index.
Seems easy at first but if the table is HUGE (yea, 8GB+ is big for me) with about 246MM rows (!!), it gets damn slow and the downtime doesn't last for an eye blink.

Reminder: ALTER TABLE allows read operations while altering the table then blocks reads and writes ops when the alteration is done and needs to go live. This may vary according to the configuration

> Continue Reading

Chrome: how to fix a gone basic auth dialog

Last night, I tried to display a basic auth protected page but without any success because I didn't know the credentials. Obviously, I got a 401 Error.

Today, I was back to that page with the credentials but Google Chrome wouldn't display the basic auth dialog anymore. How annoying to have directly the HTTP 401 Error page right away!

I found the fix from this page and I'm sharing it here so it will be faster for me to get to the fix as it might be for you as well.

Anyway, from the command line (I'm a OSX user)

> Continue Reading