New year, new blog

It's been quite literally years that I've been putting off updating my blog, both in the underlying technology as well as the content that resides within. While August is probably eight months too late to invoke the new year in a blog title, it's a theme that I can work…

IP Restrictions behind Cloudflare and Varnish

I've recently been working with a client using Drupal, Varnish, and Cloudflare as part of their digital transformation journey. The client had requirements to ensure that requests coming in through Cloudflare, which should be all requests, would include a check to ensure only their internal IP ranges and ours would…

Using Toran Proxy to speed up Drupal builds

Over the last couple of days an internal thread has been making the rounds at Acquia about speeding up Composer for Drupal builds. With Drupal 8, Lightning and the BLT project making heavy use of Composer to manage its dependencies, users frequently rebuilding from source, or those in remote regions…

Installing an Origin CA cert in Pound

Recently I was approached by one of the Cloudflare channel team as they advised all customers about Google's announcement about distrusting SSL certificates from two certificate authorities ("CAs"): WoSign and StartCom. Google's announcement joins Mozilla and Apple and now represents the majority of human-driven browsers. As I was using a…

Migrating into multisite

Quite often in my role as a Solutions Architect at Acquia, I'll see customers looking to bring sites under the multisite banner in order to enact a more controlled code governance model. Amalgamating codebases allows for a more controlled site development experience where 50 different sites can be thought of…

Verifying SSL certificates with drupal_http_request

Recently I was posed with the question about verifying self-signed SSL certificates with drupal_http_request(). The usecase here would be to use private APIs to surface information, secured with SSL, yet using an internally created certificate. By default, drupal_http_request() does not verify the SSL certificate of sites…

Making Nagios check OpenVPN

I've been slowly expanding the amount of automation that runs on the servers I personally maintain. With Puppet as my configuration management system I'm able to deploy changes to however many of my servers quickly and easily. Similarly, if any server dies a fiery death a new one can be…

Fighting back from Drupal hacks

The last thing any website owner, developer or administrator wants to hear is that they've been hacked. Whether the cause was the fault of insecure passwords, problematic file permissions, a vulnerability in the underlying code or the myriad other potential issues, it's an undesirable situation to be in. When Drupal…