You can use your favourite text editor to create a combined full-chain pem certificate. The most important here is the order.
The correct order in a .crt file will be the following: Continue reading
Jun 16 2023
You can use your favourite text editor to create a combined full-chain pem certificate. The most important here is the order.
The correct order in a .crt file will be the following: Continue reading
Jun 16 2023
Full-chain pfx certificate can be created by the one of the following methods
Continue reading
Jun 16 2023
The error Unable to verify the first certificate occurs in Postman cloud agent because it does not have Trusted Root certificates storage with intermediate and root CA certificates thus cannot verify client → intermediate → root CA chain. Azure Application Gateway does not have Trusted Root certificates storage as well so the error occurs under these conditions. Continue reading
May 19 2023
I use HAProxy to do SSL offloading for a WordPress site. Frontend is on 80 and 443 with redirect HAProxy redirect HTTP to HTTPS using
redirect scheme https code 301 if !{ ssl_fc }
Redirection is working well when the page is accessed on port 80.
However the pages loads incomplete and looking in the console of Firefox/Chrome it can be seen that “mixed mode content” is blocked by the browser. Some stylesheets, scripts an images are still accessed over http instead of https.
301 is permanent redirection, so why is this happening? The browser should not even try http because it should be aware of the permanent redirection. And besides that, even when http is used accidentally, it should still be redirect to https instead. Continue reading
May 05 2023
The setup I need to build with HAProxy is the high availability solution consisting of http (http to https redirection must be configured in HAProxy) and https frontends with two backends. Backend servers have HTTPS enabled so HAProxy must establish HTTPS connection to backend servers. We have four backend servers and we want first two servers serve one specific app (
/app
path) and the other two – all other requests so we need path-based routing in HAProxy. In addition, there are multiple domains that must be served by backend servers (and HAProxy).
As we need path-based routing, HAProxy must operate in http mode (on the 7th level) allowing it to examine contents of HTTP headers and extract Host
and Path
headers. Later, the incoming request must be sent to a proper backend based on the Path
header and connection to backend server must be established via HTTPS. As multiple domains must be served by HAProxy and backends we need to install multiple certificates in HAProxy and enable Server Name Indication (SNI) with backend servers.
Here is how configure HAProxy in that way step by step. Continue reading
Apr 26 2023
In case you try to import your website configuration on another IIS and get this error message while you don’t have “mysite” deployed on the new IIS it means that there is a website with the same ID already exists on the new IIS. The solution to Failed to add duplicate collection element error in this case is also simple: Continue reading
Apr 26 2023
When using multiple IIS server in a Load Balanced Environment it will be alot of work to create all your website twice with the same settings on each webserver. Therefor it is possible to export and import your configuration from one IIS webserver to the other.
When you create a website in IIS a unique application pool will also be created and used by this website, that’s why you need to import these application pools first on the second webserver before importing the website(s). Continue reading
Apr 19 2023
Sometimes it’s important to set proper timezone on the server and recently I’ve got this task: set proper timezone automatically based on the server’s location in Azure Cloud. Moreover, I needed timezone to be set automatically by Terraform upon virtual machine creation. In my case I had Ubuntu VMs in Azure and here is the simple and elegant solution I came with: Continue reading
Mar 23 2023
After you complete these steps, you’ll have a list of unattached Azure public IP addresses. The next phase of the operation involves selecting and deleting the addresses that the system isn’t using for any resources. Continue reading
Feb 20 2023
This article enhances the one where I explained the steps of generation and publication code coverage in Azure DevOps pipeline. This time we go further and implement “shift-left” strategy by introducing SonarQube in Azure DevOps CI/CD process. Our task here will be not only configure code analysis in SonarQube but also get code coverage metrics so we can use it in quality gates and follow “clean as you code” principle. Continue reading