Using pfsense / OpenVPN client access and can’t reach your internal LAN?

Remember to create a route from your internal LAN machines to your pfsense / OpenVPN network.

ie if internal lan is 192.168.10.0/24, pfsense is on 192.168.10.3 & your OpenVPN client lan is 192.168.20.0/24, you’d want something like

route add -net 192.168.20.0/24 gw 192.168.10.3

Disable fsync!

libeatmydata is a small LD_PRELOAD library designed to (transparently) disable fsync (and friends, like open(O_SYNC)). This has two side-effects: making software that writes data safely to disk a lot quicker and making this software no longer crash safe.

DO NOT use libeatmydata on software where you care about what it stores. It’s called libEAT-MY-DATA for a reason.

Monitor mail queue with filter

check_mailq_filter – an Icinga / Nagios postfix mail queue monitor with a filter (include or exclude mails matching a pattern).

So to exclude facebook mails from your monitor you may run:

check_mailq_filter.py -x '.*facebookmail.*'

While you’re here, have a look at pfqueue – a console tool for interactively viewing your postfix queue that’s a step up on postcat etc.

Fix ARA warnings with mysql

Getting errors like “/root/.virtualenvs/utils35/lib/python3.5/site-packages/pymysql/cursors.py:170: Warning: (1300, “Invalid utf8 character string: ‘9C1DCE'”)
result = self._query(query)”  when you run an ansible playbook with the ARA plugin?

Change the mysql python lib to cymysql

ie in $ANSIBLE_CONFIG

[ara]
database = mysql+cymysql://ara:dbpass@localhost/ara

Seems like pymysql has issues with utf-8 & python v3

Add tracking IDs to your web application

With a complex multi-tier stack with HTTP requests getting proxied it can be difficult to track a request as it goes around the system.

One thing you can do is enable mod_unique_id in apache – this creates a distinct environment variable UNIQUE_ID in the web server context for each incoming request. Simply loading the module enables it.

You can then add this via header to downstream systems (eg application servers such as php-fpm or python flask uwsgi) and return upstream so you can view it with browser DevTools with the following config:

RequestHeader set my_id %{UNIQUE_ID}e
Header set my_id %{UNIQUE_ID}e

Furthermore you can add it to your webserver logs:

LogFormat "%a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %D %{UNIQUE_ID}e" combinedtime
CustomLog logs/access_log combinedtime

You can do similar in nginx with $request_id.

For a far more in-depth approach to this, look at Open Tracing.