Moving From Server Side Sessions To Client Side Session Tokens with Servant

Documenting my move from Network.Wai.Session to Web.ClientSession


12 minute read

tl;dr - I moved from server-side stored sessions provided by Network.Wai.Session to client-side signed+encrypted session tokens provided by Wai.ClientSession for my Servant-powered webapp, it’s pretty easy, skim through to see the setup code, /login and /logout code that was required. UPDATE After posting to r/haskell, user u/cocreature pointed out the existence of the servant-auth package – it looks like an awesome solution so also make sure to give that a try before rolling your own.

SSH tunneling using an intermediary computer

SSH tunnel sandiwch? The proxy computer is the lunch meat.


8 minute read

tl;dr - I had to SSH tunnel with a proxy computer in the middle due to some weird ISP restrictions/regular OpenVPN not working properly for me. Basically the setup is to SSH tunnel from one machine to another, and run another tunnel on the proxy computer. I used this surprisingly low latency setup to run a SOCKS5 proxy that did the job. “Remote Port Forwarding” is what I was doing, and a super awesome blog post helped show me the way.

Docker on Arch Linux - docker0 just doesn't seem to want it's IPv4 address

Recent instability running Docker on Arch -- docker0 just doesn't want to keep it's IPv4 address.


4 minute read

tl;dr - My setup of Docker on Arch Linux is having some issues, around docker0 not properly holding on to it’s IPV4 addresses (listed as inet in ip addr output). I originally though it was a problem with Alpine CDNs, but it was actually docker0 throwing up repeatedly. Short term work around I’ve found is to just create the missing link again, w/ sudo ip addr add dev docker0.

Setting Up Piwik on Kubernetes

Setting up a new Piwik instance on Kubernetes (including migrating old data)


9 minute read

tl;dr - Setting up piwik is pretty straight forward, since I’ve gone through the trouble of setting up a database before, and piwik’s web based setup is pretty convenient. This post is the last in the pipeline that’s related to Kubernetes for a bit. One of the most useful tools I’ve ever come across is Piwik – it’s an excellent self-hostable tool for doing web analytics like tracking visits to your website (this very site uses it as well).

Gandi 2017 Redesign redesigned their website, and it's pretty nice


3 minute read

tl;dr - Gandi redesigned it’s website and I like it I’m a happy user of Gandi.NET’s domain services, and I recently noticed that they went through a redesign that I thought was pretty well done (read: didn’t make me angry). It’s not like their old interface was bad by any stretch, it was pretty easy to find things, it wasn’t terrible looking, and it was pretty much consistent. I actually liked it a lot as it was.

Serving email on Kubernetes with Mailu

How I set up mailu on Kubernetes.


20 minute read

tl;dr - Setting up Mailu on Kubernetes was pretty simple, once TLS and Ingress are all set up. It’s just a matter of configuring the ingress controller, adding the right ingress resources, and making the right resource configuration for Mailu. I encounter some (mostly self-inflicted) issues along the way, but you can find the resource config that worked for me at the end. Up until now on every VPS that I’ve purchased/used, I’ve manually set up Postfix and Dovecot and all the related services on the machine, navigating documentation, setting up additional users, adding virutal mailboxes, etc.

Within seconds of using Pingdom I got email spam

This just happened, and I wonder how often it happens


3 minute read

tl;dr - I do a web speed test on this site, get spam from a firm that does website speed consulting, I rant a little bit about it, then share a little bit about a startup idea I had at the end. I’ll be back to regular “exploring Kubernetes” related posts tomorrow! So this just happened (<5 minutes ago), but within seconds of heading over to Pingdom’s Speed test (I was really trying to test Piwik tracking on this blog), I got an email from some firm called SpeedUpgency that I’ve never heard of:

Kicking The Tires On Rancher 2.0

Checking out Rancher 2.0


19 minute read

tl;dr - Rancher 2.0 is out, Check out the demo video, it’s pretty slick. I start to set up Rancher, mess up, do some debugging, and eventually get it working with a bit of a hack. Skip to the end section (named “The whole process, abdridged”) before wrap up to see the full list of steps I took for getting Rancher running on my own local single node Kubernetes cluster.

Serving a HTTPS enabled application on Kubernetes

How I went about serving a full HTTPS enabled 3 tier application application on Kubernetes


7 minute read

tl;dr - It’s pretty easy if you have let’s encrypt certificates set up, and Kubernetes Ingress/DNS working properly (I’ve covered how I set these up in previous posts so check them out for reference). Skim through to see the final Kubernetes resource configuration that I use in production for So far we’ve gone through a lot of Kubernetes related posts, from setting up Kubernetes manually on a single machine, to getting regular non-authenticated HTTP apps running on Kubernetes, to setting up a database on kubernetes and setting up letsencrypt-powered TLS certificates.

Setting Up SSL Certs on Kubernetes

Setting up SSL for Kubernetes with ployst/docker-letsencrypt


6 minute read

tl;dr - letsencrypt is awesome, ployst/docker-letsencrypt makes it easy to use with Kubernetes (feel free to check out the blog post that describes it). There are even easier ways to do it these days that I haven’t tried: kube-lego which looks pretty amazing. After going through figuring out how to run HTTP applications on Kubernetes, as well as how to run databases on Kubernetes, the next natural step is to figure out how to gear up to running HTTPS applications on Kubernetes.