Category: Uncategorized

boot order – Raspbery pi

  • Edit boot order(read from right to left)
rpi-eeprom-config -e
ValueModeDescription
0x0SD CARD DETECTTry SD then wait for card-detect to indicate that the card has changed – deprecated now that 0xf (RESTART) is available.
0x1SD CARDSD card (or eMMC on Compute Module 4).
0x2NETWORKNetwork boot – See Network boot server tutorial
0x3RPIBOOTRPIBOOT – See usbboot
0x4USB-MSDUSB mass storage boot – See USB mass storage boot
0x5BCM-USB-MSDUSB 2.0 boot from USB Type C socket (CM4: USB type A socket on CM4IO board). Not available on Raspberry Pi 5.
0x6NVMECM4 and Pi 5 only: boot from an NVMe SSD connected to the PCIe interface. See NVMe boot for more details.
0x7HTTPHTTP boot over ethernet. See HTTP boot for more details.
0xeSTOPStop and display error pattern. A power cycle is required to exit this state.
0xfRESTARTRestart from the first boot-mode in the BOOT_ORDER field i.e. loop

boot order: https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#BOOT_ORDER

wordpress proxy with nginx

Error:

Mixed Content: The page at ” was loaded over HTTPS, but requested an insecure stylesheet ”. This request has been blocked; the content must be served over HTTPS.

  • install nginx with $IP_ADDRESS:8080 
version: '3.1'

services:
  wordpress:
    image: wordpress:6.2.0
    restart: always
    ports:
      - 8080:80
    volumes:
      - ./wordpress:/var/www/html

  db:
    image: mysql:5.7.39
    restart: always
    ports:
      - 3310:3306
    environment:
      MYSQL_ROOT_PASSWORD: root
    volumes:
      - ./mysql:/var/lib/mysql
  • Update https://test.example.com inside wordpress admin panel
worpress-nginx-proxy
  • update wp-config.php

define('FORCE_SSL_ADMIN', true);
if ( isset( $_SERVER['HTTP_X_FORWARDED_PROTO'] ) && strpos( $_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false ) {
$_SERVER['HTTPS'] = 'on';
}

  • /etc/nginx/conf.d/test.exmaple.conf nginx config
server {
    server_name test.example.com;
    location / {
        proxy_pass http://10.209.229.54:8080/; 
        proxy_http_version 1.1;
        proxy_buffering off;
        proxy_read_timeout    90;
        proxy_connect_timeout 90;
        proxy_redirect        off;
        proxy_set_header Host $host;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header Proxy "";
    }

    listen 443 ssl;
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;

}

server {
    if ($host = test.example.com) {
        return 301 https://$host$request_uri;
    }
    server_name test.example.com;
    listen 80;
    return 404;
}

Reference:

Administration Over SSL

On demand ecs fargate as Jenkins worker node

  • Create separate ecs-farget template for different kind of workload.
  • Do the proper tagging of resources so that we get proper costing

Docker with TLS:

###### server
dockerd \
    --tlsverify \
    --tlscacert=ca.pem \
    --tlscert=server-cert.pem \
    --tlskey=server-key.pem \
    -H=0.0.0.0:2376

##### client
docker --tlsverify \
    --tlscacert=ca.pem \
    --tlscert=cert.pem \
    --tlskey=key.pem \
    -H=$HOST:2376 version

##### secure by default
mkdir -pv ~/.docker
cp -v {ca,cert,key}.pem ~/.docker
export DOCKER_HOST=tcp://$HOST:2376 DOCKER_TLS_VERIFY=1


##### make sure to have correct host/DNS name while creating the server cert