First week review

Fuck me I love this job. And we’ve had the best week for it, a week with a monster vuln showing up.

Well, I say best…ah, you know what I mean. We’ve all been flexing our infosec and sysadmin muscles, and I even helped a bit with the company response to ShellShocked. I won’t link as that would arsey. But I helped.

Genuinely can’t say enough how I feel like I’ve found a home – if they’ll adopt my sorry arse after three months. I’m even remembering arcane old command line stuff I haven’t used in years.

And not having to touch an NT6 box in a week is such a weight off my shoulders.

Looking forward to next week, learning more and starting to dig deeper into internal support and systems – and maybe, once I get a ‘dev week’, working on training materials and documentation, which I think could do with some consolidation! I’m just glad I started with 15 years general admin experience and more than half a decade dicking with Linux – this is not an easy job.

But by fuck, is it fun.

So, Varnish

Seems to be working OK – configuring nginx against it was a bit trickier as I forget where the nginx conf files are – but once I had them, it all seems to be working; varnish reports activity (so it’s definitely working) and a varnish test site shows partial working (which I believe is correct as I have some exceptions put in place for WP cookies and such like) so that seems good.

Pages are also loading a lot faster after a cache clear on the browser, too.

So all good in the proverbial hood, I believe.

Next stop…

Ima gonna varnish this site to make it faster (because fuck me if WordPress doesn’t hog resources).

Expect down time while I dick around. Not that anyone is actually checking this site.

Also, if you’re on debian wheezy or sid LTS, you’ll want to do

apt-get update && apt-get install –only-upgrade bash


It should update your bash to  bash_4.2+dfsg-0.1+deb7u1 which is patched against ShellShock.


Apache fronted by nginx proxy

This was actually surprisingly simple. I did throw a Drupal site on it to give it something scripty to actually work with, and bringing up nginx’s log shows it taking the requests and doing stuff with ’em.

Initially had 403 unauthorised errors as I had the groups set wrong, and also because nitwit here forgot to add index.php to the acceptable index pages in nginxs config.


I also threw Postfix on there, but with a public IP and no domain I could use to relay for, I’m a bit lost as to how to test it. I’ll have a deek at that tomorrow methinks, see if I can work around it (I don’t have access to my DNS control panel so I can’t just drop the TTL to feck all and change it without a bit of faff).

Fun day though. Really rather enjoying myself!


You and your weirdy beardy setup.

Turns out that if you use split config files, it reads the config ahead from some locations, and if you use monolithic config, it reads your macros instead for things like SSL etc.

So when I was experimenting with the split file config, my SSL = TRUE shiznit was being ignored as that’s set in a different config file.

When I went back to monolithic config with macros, bang, worked immediately.

I’m sure there’s a logic to that…I just…can’t….put…my….finger…on it.


Peace out, mofos.

EXIM on debian

My lord, what a monstrous pain in the arse. After an afternoon of faffing, I’ve finally got it recieving mails on a STARTTLS connection, but will it send them? Will it buggery. Just keep getting

550 Relay Not Permitted

Clearly there’s something skewiff here,  but thanks to DebConf abstracting shit away, it’s a right bugger to troubleshoot.

Google is fucking useless. ‘Oh, you’ve just misconfigured the permitted relays in the debconf thing, put the local IP of the ser-‘ no, it’s on the internet, son. Does no-one run EXIM in the wild or have I missed something quite staggeringly obvious?

It’s not like I can VPN my mobile to the server FFS…

Fucking learning curves

Seriously, why the fuck can’t this shit be easier.


Anyway, this site runs on nginx, MySQL and PHP5 atop debian Wheezy, supported by a fuckton of caffiene. And Bytemarks virtual infrastructure.

Next steps – a touch of email or something. I’ll sort that out another time.

Until then – fuckity bye.


Steven R