My Profile Photo

Michael Ayvazyan

Software Development in a Nutshell

  1. Secure Caddy Deployment - Rootless Image, Read-Only FS

    We used to host our SPAs in Nginx for years, but several months ago we switched to Caddy. Long story short it’s smaller and has fewer vulnerabilities.

    In our (microk8s) cluster we require all apps to run as a non-root user with a readonly file system. In addition, we remove all Linux capabilities from the container, ensuring the process runs with the minimum possible privileges.

  2. Nginx Ingress and Windows Server 2012 R2 TLS issue

    Several months ago I configured Elastic APM on our kubernetes (microk8s) cluster. It worked just fine for a .NET 5 workloads running on the Linux containers. Recently I needed to enable APM for another .NET 5 project running on Windows 2012 R2 and I faced the following error:

    System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: Authentication failed because the remote party sent a TLS alert: 'HandshakeFailure'.
 ---> System.ComponentModel.Win32Exception (0x80090326): The message received was unexpected or badly formatted.

  3. SlickRun on Ubuntu

    * I’m using Ubuntu 20.04 as my main operating system for some time now. So I’d like to document some tips in my blog.

    I’ve been using SlickRun on Windows for years. It’s just great. I can launch any program or website. For example to open work item #123, I just type wi 123 and it will create a correct URL for me and open that work item in my browser.

    The more generic example might be google abc command to search abc on the eb. It does so by adding abc to the url, so it’s something like https://www.google.com/search?q=abc.

    I needed a similar workflow for Ubuntu and here’s my solution.

  4. Tracking Application Response Time with NGINX, Filebeat and Elastic Search

    Recently we needed to enable Response Time monitoring on NGINX server. Let me try to summarise steps needed to bring response times from NGINX into Elastic Search.

  5. Deployment Group provision in Azure Dev Ops (On Premise)

    We are a long time users of Team Foundation Server (TFS). As you may know recently it’s been renamed into Azure Dev Ops. I absolutely love the new “Dev Ops” version (we are running v. 17.M153.5 by the way).

    But we faced two issues with it, so I’d like to document these here.

  6. OpenSSL saves the day

    We needed to issue a tiny patch release for one of our legacy applications. To do so we had to order a new code-signing certificate. I was a bit surprised then build failed with Invalid provider type specified error. For some reason it was failing to sign Click Once manifest. What’s interesting signtool.exe was able to use that certificate just fine…

  7. Let's Encrypt or HTTPS for everyone

    It’s a year since we are using free certificates on some of our production servers. So I decided to put together a tiny article highlighing how easy is to make connections to your server secure using Let’s Encrypt: ~~~~

  8. Group Policies which could affect your Web Application

    We are working on a web application which heavily depends on the following browsers’ features:

    • Application Cache - it allows websites to ask browser to cache them, so that users are able to open these websites offline.
    • Indexed DB - it allows websites to store data in the browser cache, so that all needed data will be available offline.
    • Web Storage - it allows websites to store settings in the browser cache.

  9. git-crypt - transparent file encryption in git

    Here at Compellotech we are using Octopus to automate all of our deployments for several years now. Recently we started to accommodate Infrastructure as Code (IAC) approach to simplify environments management. It allows us to spin new environments right from Octopus dashboard.

  10. SQL Server Managed Backup to Microsoft Azure

    Recently we migrated one of our projects to SQL Server 2016. As part of migration we enabled TDE for some databases. Next step was to configure backups.

    On our old SQL Server 2008 we already used to backup to Azure. It’s very convenient! So we were happy to use Managed Backup feature of SQL Server 2016.

    There is really good step-by-step tutorial on how to setup it on MSDN I just want to note that then you configure “instance level” backups, keep in mind that you will have to apply the same settings to existing databases manually. So it makes sense to first configure “Instance Level” backup settings and then restore your databases. It might save you a bit of time.

    It was a breeze to configure Managed Backup… very smooth experience. Highly recommend!