# uname -a


vendredi 3 novembre 2017

Je suis hype, j'ai un Tipeee

Voilà, c'est fait.

Presque deux ans après avoir retiré Flattr et ses bénéfices mirobolants, profitant d'un rhume qui verrouille mon cerveau en mode "lecture seule" depuis deux jours, j'ai fini par me laisser convaincre à créer un Tipeee.

Vous trouverez donc sous chaque article un petit rappel que oui c'est possible de donner un euro pour remercier le type qui vous a fait gagner 20 minutes, qui vous a fait sourire, ou que vous trouvez simplement sympathique.

À très bientôt sur le blog :)

jeudi 19 octobre 2017

Setup Letsencrypt certificates on Gitlab and Mattermost

The new versions of Gitlab are embedding the Mattermost server. Here is how to setup the certificates for these instances.

1. Install certbot

Read the docs here (choose Nginx on the appropriate system) : certbot.eff.org

2. Make a webroot

mkdir -p /var/www/letsencrypt/.well-known

3. Configure Gitlab and Mattermost to answer /.well-known to this webroot

Edit /etc/gitlab/gitlab.rb and add :

nginx['custom_gitlab_server_config']="location ^~ /.well-known/ {\n alias /var/www/letsencrypt/.well-known/;\n}\n"
mattermost_nginx['custom_gitlab_mattermost_server_config']="location /.well-known/ {\n alias /var/www/letsencrypt/.well-known/;\n}\n"

And reconfigure Gitlab :

gitlab-ctl reconfigure

4. Create the certificates

Run the certbot command :

certbot certonly --staging --webroot --webroot-path=/var/www/letsencrypt/ -d gitlab.your-domain.com
certbot certonly --staging --webroot --webroot-path=/var/www/letsencrypt/ -d mattermost.your-domain.com

5. Tell Gitlab to use the certificates

Edit /etc/gitlab/gitlab.rb again, and add :

nginx['redirect_http_to_https'] = true
nginx['ssl_certificate']= "/etc/letsencrypt/live/gitlab.your-domain.com/fullchain.pem"
nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/gitlab.your-domain.com/privkey.pem"

mattermost_nginx['redirect_http_to_https'] = true
mattermost_nginx['ssl_certificate'] = "/etc/letsencrypt/live/mattermost.your-domain.com/fullchain.pem"
mattermost_nginx['ssl_certificate_key'] = "/etc/letsencrypt/live/mattermost.your-domain.com/privkey.pem"

6. Done

Reconfigure Gitlab again :

gitlab-ctl reconfigure

mardi 10 octobre 2017

Elasticsearch, Kibana : mapper [hits] cannot be changed from type [long] to [integer]

Every time I upgrade my ELK stack, it breaks. This time, it was the Kibana index with this obscurous errors :

[DEBUG][o.e.a.a.i.m.p.TransportPutMappingAction] [logs] failed to put mappings on indices [[[.kibana]]], type [timelion-sheet]
java.lang.IllegalArgumentException: mapper [hits] cannot be changed from type [long] to [integer][DEBUG][o.e.a.a.i.m.p.TransportPutMappingAction]

[DEBUG][o.e.a.a.i.m.p.TransportPutMappingAction] [logs] failed to put mappings on indices [[[.kibana]]], type [timelion-sheet]
java.lang.IllegalArgumentException: mapper [version] cannot be changed from type [long] to [integer]

Here is how to fix it. You will have to re-create an index with the correct mapping, and then reindex it.

Lire la suite...

mardi 12 septembre 2017

The war on SPAM: an review of the real world tools

Anti-spam techniques review: a few hints and tools review from my own experience.

Spam mesage are very common these days, but filtering them out is not as easy as it seems. The filtering techniques have evolved at the same rate than the spammers' evasive techniques, and the risk of filtering out a legitimate message is greater than ever.

It is also quite difficult to find good and up-to-date counter-measures list that anyone can implement.

Here is a summary of the anti-spam strategies I used / am still using. I hope it will help you understanding today's threats, and build your own solutions.

Lire la suite...

lundi 17 juillet 2017

Mémo rsync pour mes collègues

Un rappel de l'usage pratique de rsync pour mes collègues qui oublient tout le temps les commandes à taper.

Lire la suite...

- page 1 de 31