Easy Secure Web Serving with OpenBSD’s acme-client and Let’s Encrypt

As recently as just a few years ago, I hosted my personal website, VPN, and personal email on a computer running OpenBSD in my basement. I respected OpenBSD for providing a well-engineered, no-nonsense, and secure operating system. But when I finally packed up that basement computer, I moved my website to an inexpensive cloud server running Linux instead. Read more on Easy Secure Web Serving with OpenBSD’s acme-client and Let’s Encrypt…

Conference Room A/V Build-Out

We recently moved to our new building at 1034 Wealthy. We took the opportunity to update the A/V equipment for our conference rooms. Previously, we largely relied on projectors for presentation capabilities, an external USB microphone/speaker for audio, built-in webcams on laptops for video, and a table where we staged everything. This worked, but it was certainly not ideal. With the new building, I had the opportunity to standardize a new conference room A/V build-out that would be better suited to our needs.
Read more on Conference Room A/V Build-Out…

How (and Why) to Log Your Entire Bash History

For the last three and a half years, every single command I’ve run from the command line on my MacBook Pro has been logged to a set of log files.

Uncompressed, these files take up 16 MB of disk space on my laptop. But the return I’ve gotten on that small investment is immense. Being able to go back and find any command you’ve run in the past is so valuable, and it’s so easy to configure, you should definitely set it up today. I’m going to share how to do this so you can take advantage of it as well.

Read more on How (and Why) to Log Your Entire Bash History…

Ansible Communication with AWS EC2 Instances on a VPC

I’ve recently started using Ansible to manage Elastic Compute Cloud (EC2) hosts on Amazon Web Services (AWS). While it is possible to have public IP addresses for EC2 instances on an AWS Virtual Private Cloud (VPC), I opted to place the EC2 instances on a private VPC subnet which does not allow direct access from the Internet. This makes communicating with the EC2 instances a little more complicated.

While I could create a VPN connection to the VPC, this is rather cumbersome without a compatible hardware router. Instead, I opted to create a bastion host which allows me to connect to the VPC, and communicate securely with EC2 instances over SSH.
Read more on Ansible Communication with AWS EC2 Instances on a VPC…

Managing AWS Route 53 Hosted Zones with AWS Lambda

On AWS, I use a Route 53 private hosted zone for Amazon VPC to allow me to conveniently address EC2 instances and other resources. While all EC2 instances are automatically assigned a private DNS entry, it is usually something fairly unintelligable such as “ip-172-31-51-229.us-west-2.compute.internal.” An entry like “website-production.atomic.aws” is much more helpful, especially when trying to configure communication between various EC2 instances that comprise a larger system.

I constructed an AWS Lambda function to automatically update the DNS records in my Route 53 private hosted zone whenever new instances are created. This ensures that the private hosted zone is up-to-date and can be relied upon for communication between EC2 instances.
Read more on Managing AWS Route 53 Hosted Zones with AWS Lambda…

Managing AWS CloudFront Security Group with AWS Lambda

One of our security groups on Amazon Web Services (AWS) allows access to an Elastic Load Balancer (ELB) from one of our Amazon CloudFront distributions. Traffic from CloudFront can originate from a number of a different source IP addresess that Amazon publishes. However, there is no pre-built security group to allow inbound traffic from CloudFront.

Read more on Managing AWS CloudFront Security Group with AWS Lambda…

Bash Completion, Part 2: Programmable Completion

Don’t miss the previous post in this series: Bash Tab Completion


With Bash’s programmable completion functionality, we can create scripts that allow us to tab-complete arguments for specific commands. We can even include logic to handle deeply nested arguments for subcommands. Read more on Bash Completion, Part 2: Programmable Completion…

Bash Completion, Part 1: Using Tab Completion

One of the most useful features I learned when I first started working with Linux was the “tab completion” feature of Bash. This feature automatically completes unambiguous commands and paths when a user presses the <TAB> key. I’ll provide some examples to illustrate the utility of this feature. Read more on Bash Completion, Part 1: Using Tab Completion…

SSL Certificate Expiration Checker

IT Operations teams frequently have the responsibility to ensure that SSL certificates for various websites are valid and renewed on a regular basis. While SSL certificate vendors often provide reminders and warnings when the certificates are about to expire, this is not always effective–especially when a variety of different SSL vendors have been used, or different parties are responsible for purchasing and maintaining the certificate.

To prevent SSL certificate expirations from going unnoticed, I wrote an application that checks the certificates from a variety of sites and ensures that they will remain valid for a certain number of days in the future.
Read more on SSL Certificate Expiration Checker…