-
- Private work.
- Finished a rewatch of Midnight Mass to prep for usher.
- Warriorsssss (suns) nba season opener.
- The jaw gum is $1/piece.
- Ennui = tedium = boredom.
- Hydroponic maintenance. Post-deepclean, so put a dent in the remaining liquid nutrients. Consolidating to dry. Remember ph down 30 for big 20 for small.
- Privateer email is getting a ton of trash marketing email lately.
- Blockfi emerges from bankruptcy, nearly a year later. Now for gemini/genesis to follow.
- SNI = Server Name Indication.
- Cloudfront can take up to 25 minutes to fully deploy changes to a distribution.
- Like WAF, I could use Origin Shield (better caching), with Cloudfront. Just the click of a button. Both incur extra charges.
- Supercontest.
- Deleted the
www A record and surrounding network infra. I don’t want to maintain anything supporting this old format.
- Got a new cert for *.southbaysupercontest subdomains. You can’t edit the alternate domains after a cert is created (and linked with a load balancer + other resources). This makes it easier to manage. This cert can be diff (in diff region, same domain names) than the cert for the elb.
- Also duplicated the cert in us-east-1 (the original was in us-west-1). Cloudfront only allows alternate domains with certs in us-east-1.
- Then add route 53 records to forward from your subdomain to the cloudfront dist (I added an A for ipv4 as well as an AAAA for ipv6).
- Blocked all public access for the s3 bucket. Then added policy rule to only allow traffic from cloudfront. In order to ONLY allow this traffic from MY site, you need to use WAF. S3 can have domain-specific access policies, but cloudfront cannot. Use WAF to restrict requests based on referrer.
- Enabled WAF. It’s pretty cool. Can add rules based on headers, rates, everything. Comes out of the box with some basic protection. Can block, captcha, much more.
