OpenSSL CSR generation in a single command without prompting

If you need to generate a CSR, OpenSSL has a helpful prompt interface for completing the required fields one at a time. However, if you are using automation, collecting STDIN is not always an option. While working with Ansible, I learned that OpenSSL CSR generation allows you to pass the…

Transport security for HTTP/2 protocol with Nginx

With Google sunsetting the SPDY protocol, and broad support for HTTP/2 shipping with most modern browsers, I began investigating moving our SPDY support over to HTTP/2. Nginx recently released official support for HTTP/2 with the mainline repository version 1.9.5. While upgrading to the new release…

Meaningful hostnames with Ansible

Like anyone who spends a good deal of time in a terminal window, switching between machine instances is fairly commonplace. I keep a persistent tmux session open to manage a handful of connections. Knowing which machine you're currently using is obviously imperative, but can be little challenging in highly dynamic…

Globally install Composer on OS X 10.11 El Capitan

Update: this also works as expected with macOS Sierra. The El Capitan release of OS X introduces a more strict security model around the concept of root level access to the underpinnings of the operating system. For a typical user, this is great news for avoiding malware, etc. As a…

Alias a version for Composer

I previously published instructions on using a specific commit hash for Composer. This is a quick and useful way for referencing the most recent version of our work during the development process. In some cases, specifying a commit hash as the current version may compromise the dependency tree, causing a…

Multiple SSL domains on AWS ELB with Nginx

Is it possible to serve multiple domains (each with a unique SSL certificate) via HTTPS behind a single load balancer on AWS? Yes you can; with TCP and Proxy Protocol. Proxy Protocol allows you to safely and transparently forward TCP (layer 4) requests while attaching upstream client address information. More…