Author: Mark Woodbury

Mark is a Lead Solutions Architect at Rackspace, with 10 years experience with Infrastructure, Applications and Security.
Posted on

Meltdown, Spectre and “Cloud Myths”

Meltdown and Spectre logos

With the news, impact analysis and resolution of the Meltdown and Spectre fun still ongoing, it’s fair to say there’s been a few difficult discussions ongoing worldwide about how to resolve the issue but there’s also been the fair share of #fakenews making its way around that could be considered “Cloud Myths”.

Without going into the details too much of Meltdown and Spectre (because there’s much more intelligent security teams publishing details about that), let’s address some of the Cloud Myths:

“These updates are going to cause me unacceptable downtime”

AWS, Azure, GCP and others have all been completing patching and rolling reboots for their infrastructure (or will do so soon) and additional patching may (depending on your platform) be required for your instance level Operating Systems with additional reboots.  Unfortunately, there’s multiple complaints of those reboots meaning downtime to users.

Continue reading “Meltdown, Spectre and “Cloud Myths””

Posted on

Cloudflare configuration for Ghost(Pro) blogs

I’ve been using Ghost for a while, but I’m now in the process of moving back over to WordPress.  Whilst I’ve been using Ghost(Pro), I’ve still maintained Cloudflare in front of that directly, to have more control over the caching and security configuration.

One of the main reasons I’ve been using Cloudflare is to cache everything at the Cloudflare edge to increase end user performance.  The below rules set caching on everything other than the Ghost editor and the post preview functionality.

Note: The below was useful for my personal blog where there was very little change from day to day.  If your site changes, especially on the same pages, you’ll need to take care using these rules.

Continue reading “Cloudflare configuration for Ghost(Pro) blogs”

Posted on

2017: The year of browser certificate warnings?

With the world rapidly moving towards a “HTTPS by default” approach, Mozilla reporting over 48% of webpages in Firefox being loaded via HTTPS and Google now serving 85% of their traffic over HTTPS the web is undoubtedly becoming more secure for transport (in one way and does not necessarily mean more secure overall), however it’s looking likely to be a rougher road to HTTPS than it’s been in the past.

Starting January 2017 (or whenever Chrome 56/Firefox 51 rolls): Part 1

Users in Chrome and Firefox will start to see sites using WoSign and StartCom Certificates getting Certificate Warnings as Google moves to distrust the organisations issues certificates in response to “WoSign knowingly and intentionally misissued certificates in order to circumvent browser restrictions and CA requirements” and attempting to “mislead the browser community”. Firefox is also following the same process

Starting January 2017 (or whenever Chrome 56/Chrome 51 rolls): Part 2

Continue reading “2017: The year of browser certificate warnings?”

Posted on

Redirect multiple domains to one site using Cloudflare

If you’ve got more than one domain (such as example.co.uk, example.uk, example.io etc.) that you want to be redirected to the same site (example.com), then it can easily be configured using Cloudflare’s PageRule functionality.

Steps

This guide assumes you’re already using Cloudflare’s services for all the domains to be redirected and have caching/performance enabled (i.e. not DNS only). If not, go follow this guide from Cloudflare

Continue reading “Redirect multiple domains to one site using Cloudflare”

Posted on

Performance, Availability and Security for success

When designing for critical applications, such as e-commerce sites or applications, where Performance, Availability and Security influence revenues, it is important to optimise at multiple points for success.

Location, Location, Location

With an ever increasing number of Data Centre locations and providers to choose from, it is generally possible to keep data and application systems within the same continent as users when working on a regional market, sometimes even within the country. Even for global applications, whilst the increase in legal complexity may introduce challenges for some markets, it is still possible to provide your users with a highly performant site.

One of the methods to achieve this is by using a Content Delivery Network (CDN) to serve your site from multiple locations worldwide, which (given the choice available of providers) likely includes from a Point of Presence (POP) within the country or countries of your target market.

Continue reading “Performance, Availability and Security for success”