< 1 min read
Reverse Proxy Cloudflare Worker
by Alexandru Puiu
- June 3
- in
12 min read When an application starts to become popular, usually it’s time to rejoice, however that depends on how the exact shape of that trend and how prepared you are for it. Sometimes, it’s just a matter of getting a more powerful server, and cloud providers such as Azure have made that incredibly easy, and you can set autoscale to beef up your server when it’s needed. However, at a certain point that hits a limit, and you need to start scaling horizontally. In this post, I’ll discuss some concepts used by…
Work with a REST API using PowerShell
- February 11
- in
2 min read A well-designed REST API can be consumed and interacted with in many ways. Powershell is one of those really useful ones because it’s very dynamic. We’ll also consider that the API is protected using JWT Bearer tokens by an OpenID Connect server. Our example API, in this case, is a simple REST API to query and manage users.
Set required headers:
Adding the bearer token manually to the script in this case, but this step could be automated as well although it’s a lot more involved to initially set up. See the following guide for one way of doing this https://docs.microsoft.com/en-us/information-protection/develop/concept-authentication-acquire-token-ps
$headers = @{}
$headers["Accept"] = "application/json"
$headers["Authorization"] = "Bearer 3a5e90b25ac028ec968def29d0055d418265e9810968eb4a0c531a45fee3b00f"
Cloudflare Worker Conditional Reverse Proxy
- January 12
- in
< 1 min read Cloudflare worker to load content from subdomain/alternate location and replace references to subdomain/alternate location.
addEventListener('fetch', event => {
var url = new URL(event.request.url);
if (url.pathname.startsWith('/blog') || url.pathname === '/blog') {
event.respondWith(handleBlog(event, url));
} else {
event.respondWith(fetch(event.request));
}
})
async function handleBlog(event, url) {
// Load subdomain content / reverse proxy mysite.com/blog to blog.mysite.com subdomain
var originUrl = url.toString().replace('https://mysite.com/blog', 'https://blog.mysite.com');
// Load content
let response = await fetch(originUrl);
// Make sure we only modify text, not images
let type = response.headers.get("Content-Type") || "";
if (!type.startsWith("text/")) {
return response;
}
// Read response body
let text = await response.text();
// Modify it
let modified = text.replace(/blog.mysite.com/g, "mysite.com/blog")
// Return modified response
return new Response(modified, {
status: response.status,
statusText: response.statusText,
headers: response.headers
});
}
Managing Multi-Cloud Hybrid Environments with DevOps Tools
- November 22
- in
11 min read I get asked a lot which cloud provider I prefer, even by people that know me well, and the answer I give lately really surprises them I think. My answer is: a combination of all of them and colocated environments. I think when it comes to the major players in the cloud world namely GCP, Azure and AWS, most of the offerings are pretty much on-par with each other. The preference people have really comes from the trust in the company’s management of the environment, price, friendliness and familiarity of interface; and clear visibility into what’s going on. Well sure, but that’s only good as long as you’re only using one, but in many enterprises, there are really good reasons to use a combination of cloud providers, combined with on-premise and colocated hardware. Some of these reasons include risk of availability in extreme cases of global outages from a single provider (and there are examples of this in the past,) and others include specific niche offerings that are only offered by one provider and only used by a specific department. Let’s take a look at tools some of the top technology companies use to manage their cloud-hybrid environment.
Building a fast and secure blog – Part 4
- October 28
- in
8 min read
Scanning
The most important things in security and performance, more than anything else I’d say is: measure, measure, measure, and when you have all the info, set up automatic measuring and alerts. We’ve already set up scanning for some basic things like malware, but there’s a lot more to scan for.
SSL / Encryption settings / strength
https://www.ssllabs.com/ssltest/
SSL Server Test from Qualys will test the SSL/TLS configuration of your website, and provide you a lot of details about your encryption capabilities, known vulnerabilities and identify misconfigurations. Using the settings configured so far, your grade should be A+, but that can change as new threats are discovered, so you should check this regularly.
Building a fast and secure blog – Part 3
- October 27
- in
9 min read
Setting up Cloudflare
Sign up for a free account at https://www.cloudflare.com/.
Upgrading to Pro has some definite benefits
Add your site
As soon as you log in, you have the option of adding your first site
Verify your DNS records
At the next step it will try to detect and import all your existing DNS records. You’ll next be changing your nameservers to use Cloudflare’s nameservers, so make sure all your DNS records are present. There is an option to avoid this if the situation really requires it, and proceed with CNAME records, but you’ll have to reach out to Cloudflare support to discuss those options.
Building a fast and secure blog – Part 2
- October 26
- in
7 min read
Upgrade wordpress
Upgrade wordpress and any default plugins or themes that have updates
Install theme
If you already have a theme you want to use, you can probably skip to the end of this section.
There are a bunch of great marketplaces. Wordpress’ builtin one and ThemeForest.net are some of the best. Click on Appearance -> Themes
Building a fast and secure blog – Part 1
- October 26
- in
4 min read I find wordpress to be sufficient for my needs for a blog, so it’s my go-to for a really simple site or blog. If custom logic is needed, it’s a no-go, and it’s all the way custom based on what’s needed. “Right tech for the job.”
In this series I’ll show how to create a simple, fast and security-conscious blog.
Part 1: Hosting / installation
Part 2: Plugins, upgrading PHP, HTTP security headers
Part 3: Caching, WAF and Optimizations
Part 4: Monitoring and performance testing
Hosting / Installation
Azure, AWS and GCP have great free offerings for getting started, and free-tier that’s probably sufficient for small blogs. Wordpress.com could be a good option as well. I prefer Digital Ocean in this case, because I have full control over the VM, it’s really cheap ($6/month), it’s a one-click deploy droplet, and really fast. Digital Ocean also monitors security bulletins and sends me relevant info on vulnerabilities, so I can patch anything that’s needed, and they handle backups seamlessly.
Download and extract gzip tar with PowerShell
- April 19
- in
3 min read We found ourselves with a requirement to download an updated version of a public dataset on a regular basis, so PowerShell + windows scheduler came to mind, since the application runs in a windows environment. But only to find that PowerShell doesn’t make this quite trivial. In PowerShell v5+ we have the Expand-Archive command: Expand-Archive c:\a.zip -DestinationPath c:\a but this doesn’t support gzip or tar gzip is a compression algorithm, and is based on the DEFLATE algorithm, which is a combination of LZ77 and Huffman coding. There’s a…
