Review: Hosting WordPress with GoDaddy
GoDaddy recently entered the turnkey WordPress hosting fray, offering a one year trial for $1 a month. I had been toying with the idea of another blog, so I decided to give them a try. The experience of hosting at GoDaddy has been...sort of neutral.Filtering .raw fields with Python Elasticsearch DSL High-Level Client
It took me a while to figure out how to search the not_analyzed ".raw" fields created by Logstash in Elasticsearch indices, using the high-level Python Elasticsearch client. Because keyword arguments can't have attributes, Python throws an error if you try it the intuitive way (this assumes you've already set up a client as es and an index as i, as shown in the docs):Instead, you create a dictionary with your parameters and unpack it using the ** operator:
This produces the Elasticsearch query we want:
Filtering .raw fields with Python Elasticsearch DSL High-Level Client
It took me a while to figure out how to search the not_analyzed ".raw" fields created by Logstash in Elasticsearch indices, using the high-level Python Elasticsearch client. Because keyword arguments can't have attributes, Python throws an error if you try it the intuitive way (this assumes you've already set up a client as es and an index as i, as shown in the docs):Instead, you create a dictionary with your parameters and unpack it using the ** operator:
This produces the Elasticsearch query we want:
Installing cAdvisor and Heapster on bare metal Kubernetes
If you’ve spent some time with Kubernetes, or docker in general, you probably start to wonder about performance. Moreover, you’re probably wondering how to gauge performance of he overall host as well as the containers running on it. This is where cAdvisor comes in. CAdvisor is a open source tool for monitoring docker and it’s running containers. The best part about cAdvisor is that it has native docker support and is super easy to integrate into an existing Kubernetes cluster. Additionally, cAdvisor runs in a container (starting to see why docker is awesome?) so the configuration changes required on the host are super minimal. AKA – You just need to tell the host to run the container.
In addition to installing cAdvisor on our bare metal Kubernetes cluster, we’re also going to install another awesome open source Google tool call Heapster. Heapster gathers all of the data from each Kubernetes node via cAdvisor and puts it all together for you in one spot.
So let’s get started with installing cAdvisor…
The cAdvisor container needs to run on each host you want cAdvisor to monitor. While we could do this through the Continue reading
Protecting web origins with Authenticated Origin Pulls
As we have been discussing this week, securing the connection between CloudFlare and the origin server is arguably just as important as securing the connection between end users and CloudFlare. The origin certificate authority we announced this week will help CloudFlare verify that it is talking to the correct origin server. But what about verification in the opposite direction? How can the origin verify that the client talking to it is actually CloudFlare?
TLS Client Authentication
TLS (the modern version of SSL) allows a client to verify the identity of the server it is talking to. Normally, a TLS handshake is one-way, that is, the client is able to verify the server's identity, but the server is not able to verify the client's identity. What about when both sides need to verify each other's identity?
Enter TLS Client Authentication. In a client authenticated TLS handshake both sides provide a certificate to be verified. If the origin server is configured to only accept requests which use a valid client certificate from CloudFlare, requests which have not passed through CloudFlare will be dropped (as they will not have our certificate). This means that attackers cannot circumvent CloudFlare features such as our WAF Continue reading