Finding the nginx gzip_comp_level sweet spot

When a web server creates a web page it generally pulls loads of crap from the database/disk and stitches together some ginormous hodgepodge of raw markup hundreds or thousands of kilobytes in size. As HTML is literally just a heap of embarrassingly compressible plaintext, turning on nginx’s gzip compression filter is a no-brainer. gzip on; […]

Leveraging the Ansible Python API for infrastructure reporting

A few days ago I had to get some basic information from a handful of servers for an inventory report; just basic stuff like hostname, IP address, storage capacity, distro version, etc. I already manage all of my servers with Ansible, and there’s a wealth of information available in Ansible’s setup module, so I knew […]

Maps and custom error pages in nginx

During a recent web application upgrade I had to limit access to the the web servers; I wanted the administrators and myself to be able to access the site, but for everyone else to see an “Under Construction” page. My initial plan was to test if the $remote_addr was one of the allowed IPs, and […]

Update hosts via Ansible to mitigate bash “Shellshock” vulnerability

On September 24, 2014 someone posted on the oss-sec mailing list about a bash vulnerability that likely affects several decades of bash versions (something like 1.14 – 4.3!). The vulnerability — aptly named “Shellshock” — can lead to remote code execution on un-patched hosts, for example web servers parsing HTTP environment variables via CGI GET […]