My cookbook conflicts with a community cookbook. There doesn't seem to be a knife option to rename or delete a cookbook.
Is there a way to delete a chef cookbook from a server or a way to rename an existing cookbook?
I'm seeing what looks like scanning traffic in nginx access.log (perhaps looking for an open relay?)
HEAD http://www.sina.com.cn HTTP/1.1" -/- 301 0
GET http://www.qunar.com/ HTTP/1.1" -/- 301 178
GET /w00tw00t.at.blackhats.romanian.anti-sec:) HTTP/1.1" -/- 301 178
I'm not sure why nginx is returning a 301 response code. Is there anything to be worried about here?
I am using a very simple location match (adding some more config details as requested)
server {
listen 443
server_name my.hostname
**some ssl settings***
**some proxy settings**
location / {
proxy_pass https://backend_host
proxy_set_header Host $server_name
**set some headders***
**error handling lines**
}
}
I found this note in the nginx documentation:
"If a location is defined by a prefix string that ends with the slash character, and requests are processed by one of proxy_pass ... In response to a request with URI equal to this string, but without the trailing slash, a permanent redirect with the code 301 will be returned..."
If I use a better location match (not ending in a slash) would that help? Is it worth bothering?
location /my/base_url {
[ configuration A ]
}
I created a VPC thinking I wouldn't need subnets. I just gave the vpc a CIDR range like 192.168.0.1/24 I then created a subnet which matches that exactly.
Low and behold RDS requires it's own subnet. What happens if I delete the existing subnet and replace it with two /25?
Will the active instances become unhappy if I delete their subnet? Will they simply not notice or care?
I can't seem to find documentation on this and I'd rather not simply try it and see what happens.
I'm running mon as a secondary monitoring system. It's clean and simple --an excellent backup monitoring system. It has some built-in monitors but not one for https.
Is there a way to quickly and easily monitor internal https services?
I've got an ssh bastion host, but managing the ssh whitelist is annoying, opening ssh to the world is suboptimal. I'd like to tuck a vpn server in front. Can't get openvpn to stay connected for more than an hour (I'm using 2fa and either openvpn or tunnelblick are apparently ignoring reneg-sec 0 causing hourly re-auth events)
openswan seems like a great option, but I can't get the routing working. I have disabled source/destination checking on the instance and created a route the VPC routing table. I can connect and route traffic northbound, but not to the VPC subnets. Has anyone successfully done this? I suspect I specifically need help understanding how openswan is handling routing for client nat.
I'm creating a cassandra upgrade/install recipe with chef.
package "cassandra" do
version "2.1.8"
action :install
end
When I install over the top of an existing version I get prompted about new config files.
Configuration file '/etc/cassandra/cassandra.yaml'
...
*** cassandra.yaml (Y/I/N/O/D/Z) [default=N] ?
Chef barfs because apt is waiting for input.
I've got a dozen or so EBS backed instances of various sizes in a VPC, multiple security groups, route53 for internal name service.
I'd like to clone the whole thing to another availability zone. Has anyone done such a thing? OpsWorks appears to have that feature. Has anyone used it?