Wow, its been a while….. 681 days since my last post. What the hell happened? I’ve been slack. I’ve wanted to keep up the blogging and documenting cool open source stuff but its been a hectic few years. You know, pandemic and such. So heres a little recap of my life since the last post. Kept up the routine of my 12Km New Years hike up a mountain (twice) Sold my house just before the COVID-19 pandemic went into full swing and Melbourne got locked down for what seemed like an eternity Moved house Bought a block of land Designed a floorplan for a new house Had said house built Moved house again Worked a few security incidents at work Learnt a lot about Splunk Phantom and SOAR Started building a new homelab Built a NAS using a few ODROIDS, and glusterfs Played around a fair bit with Home Assistant, ESP32 devices and Grafana Doesnt seem like a lot to squeeze in during that time.
Well what a write off of a year so far. Over the Xmas break, I wasn’t able to get in as many hikes as I would like due to the terrible fires we have had over the last few months. Given the air quality has been rated as hazardous, I’ve erred on the side of caution, not wanting to fill my lungs with it. I was however able to write up the 3 that I did.
In the previous article I covered all the steps and code that was required so that I can add a contact form with a reCaptcha on this very blog. These are the actual implementation steps I took to include them. Don’t worry the hard part has been done in part 1! Create contact form Using the client side HTML code I created the /content/contact.html file ensuring that I included the correct API Gateway URL’s for the post requests and the reCaptcha site key.
“You need to add reCaptcha to your webforms” - Its advice I’ve given out to security teams each time I see a malicious link or some spam pusher in the resulting email. Its the poor user who cops the brunt of them, increasing the chance of a click, increasing that chance of compromise. Reading through formspam is just a waste of time for everyone. I recall an instance where an internal securiy team miscofigured a tool they were using, set it to run overnight and that mailbox ended up with 35k+ emails in it.
In my last post, after updating the blog to use TLS1.2 and adding a CAA record thinking I would clear an A+ rating, I only retained an A rating. In this post I continue the journey striving for that A+ rating. Enabling HSTS It turns out that Mozilla observatory has a test you can also run, one that looks to be way stricter and they were not as impressed giving my site an F rating with a score of zero!
When it comes to your website, whats better than an A on your Qualys report? Why it has to be that A+! It might not seem like a big deal, but I still wanted to max out my score where I could. Little did I know I was about to get an education in the process. The Qualys SSL labs tester can be accessed via this URL https://www.ssllabs.com/ssltest/analyze.html. My initial report came back as follows:
This post I want to talk about how easy Hugo Shortcodes are to use and I’m totally kicking myself for not trying them out sooner! I have a number of blog posts that have turned into a blog series and I wanted to have some kind of Table of Contents or reference in them and doing this manually each time, for every post just wasn’t sustainable. If I wanted to make a minor change, then every post would need updating, and there would be all this extra markdown in the post.
It’s been just over 12 months since I’ve started bloging and this is now the 3rd iteration of the blog. First it was Wordpress on Lightsail. There was a cost involved and if you really want to make wordpress useful you need to add the security holes also know as plugins. It’s not that Wordpress was a bad solution, but I had no need for all the bells and whistles it could provide.
Now that I’ve established the blog, I would like to proof of concept a Continuous Integration, Continuous Deployment (CI-CD) pipeline for it. Its something that I know I will be able to utilise in the future and its a valuable skill to be across given that my line of work does include automation and scripting for both personal and professional reasons. Having the code stored in a git repository is the first step to this.
Adding a digital certificate from LetsEncrypt was not to hard to achieve. Instead of reinventing the wheel there were 2 documents that I followed from the Bitnami support pages. The high level steps are taken from this link https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ Download the lego client Generate a certificate supplying your email address and domain Configure the web server to use the new certificate Restart the web server Test to ensure you have the certificate installed correctly Setup auto renewal via crontab The next thing I went about doing is ensuring that http is redirected to https.