Caddy: Custom Domains for SaaS

Building custom domains for your SaaS is not always easy, especially when certificates get involved. With Caddy it becomes very easy! On The Caddy Side { email dns@marco.ninja # Caddy asks this endpoint if it shall handle traffic for a domain on_demand_tls { ask https://backend.local/internal/custom-domain-check/ } } # Accept all domains that pass the ask endpoint https:// { tls { on_demand } handle /.well-known/health { respond "200 OK" 200 } reverse_proxy https://backend. [Read More]
caddy 

Oh Shit, Git!?!

Git is hard: screwing up is easy, and figuring out how to fix your mistakes is fucking impossible. Git documentation has this chicken and egg problem where you can’t search for how to get yourself out of a mess, unless you already know the name of the thing you need to know about in order to fix your problem. Oh Shit, Git!?! is a collection of these situations, in plain English, and how to resolve them. [Read More]
git 

Colorize pattern on CLI

Colorize a pattern in the given input using a neat regex and colorization hack in grep ($ matching all lines but not being able to be highlighted).

color () {
  # Color highlight the pattern in the incoming stream, writing to stdout
  # This effectively matches our PATTERN andy any "$" (line end)
  # But only our PATTERN can be highlighted, line end characters aren't actually there to be highlighted
  local PATTERN=$1

  if [ -z "$1" ]; then
    echo "Usage: color <pattern>"
    echo "Description: Greps input with --color=always -E 'PATTERN|\$' "
    echo "Example: echo \"hello world\" | color \"world\""
    return 1

  fi
  grep --color=always "$PATTERN\|\$"
}

kubectx & kubens

When working with multiple Kubernetes clusters and namespaces switching context can be a chore.

For this I enjoy using kubectx and kubens.

They can be installed using kubectl krew.

kubectl krew install ctx
kubectl krew install ns

Tip

I’ve since switched to kubeswitch, which works much nicer for me.

k8s  tools 

Simple Redirect View for Django

I often find myself replacing an existing MVP based on static html with a Django app, or just needing to preserve some old URL scheme.

This is the code I use to do that:

from django.shortcuts import redirect

def redirect_view(request, redirectable, permanent=True):
  return redirect(redirectable)

Which can then be used like this:

from django.urls import path
from . import views

urlpatterns = [
    path("old-url/", views.redirect_view, {"redirectable": "new_view"}),
    path("some-thing/", views.redirect_view, {"redirectable": "some_thing_new", permanent=False}),
]

Cleanup After Script Exit

Many of my scripts work with temporary files, usually relative to the scripts directory1, while at the same time using set -e to exit as soon as something fails.

In this scenario the script leaves behind these temporary files by default, which is not desirable.

We can however do a proper cleanup using the trap concept.

[Read More]

Vault CLI in Containers

In many CI/CD workflows interfacing with Hashicorp Vault is required.

However, their CLI (or better called unified binary1) is stupidly big with more than 400MB and they seem to have no interest in making it any smaller2.

This is often a undesired size increase, especially when optimizing for pull and run time in CI/CD.

This note outlines a solution that brings us down from 400MB+ on disk for vault to about 300KB using curl and jq.

[Read More]

Caddy: Manual Maintenance Mode

Coming from NGINX and others the concept of a maintenance mode that can be manually enabled is something I have used many times before.

With Caddy it is equally as easy, just using a less obvious syntax.

[Read More]

HaProxy: Think About DNS Resolution

By default HAProxy resolves all DNS names in it’s config on startup and then never again.

This might cause issues down the road if DNS records, for example the ones for backends, change.

This section of the documentation is a good starting point as it describes IP address resolution using DNS in HAProy really well: https://docs.haproxy.org/3.0/configuration.html#5.3

Additionally this guide can also be helpful: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/dns-resolution/

Renovate Bot: Limit Manager To Folder (Ignore Paths)

When using Renovate it can sometimes be required to run a specific manager only on a sub-set of the matching files. Naively you might expect this to be achieved by overwriting the fileMatch property of the manager. However this is not possible, as this property gets merged together, effectively meaning we can only append to it, not replace it. What I found working is an approach using either includePaths or ignorePaths, depending on the situation. [Read More]