Completed: Urgent router maintenance 2017-03-21

Update: The maintenance work was performed successfully.
We also managed to squeeze in our maintenance work scheduled for 2017-03-25 00:00 – 06:00 during this service window. This means we can cancel the service job and await STOKAB to complete theirs.

 

We’ll be performing urgent router maintenance tonight starting from 01.00 to coincide with some other big networks performing similar updates.
The upgrade is to ensure the routing plane receives an important update for BGP / routing that requires a reboot of our CISCO routers.

We’ll standby to reboot the primary router as well if we notice no issues on the backup/secondary router.
This will cause a disruption of a couple of minutes until all BGP announcements have updated.
Affected network: 46.253.192.0/20 ( 46.253.192.0 – 46.253.207.255)

We apologize for the inconvenience. This service job is unrelated to the planned maintenance 25/3 .

For full L3 redundancy we also offer IPs in multiple location/routers. Please contact us if you need IPv4 assignment for dual-homing of your own services.

We’d like to remind customers that on the night of 23rd March, there may be some service disruption to Adminors telephony number as we switch provider.
The backup number that has previously been sent out may be used in that case.

Problems with Microsoft Exchange Online protection

SRX617031793313519ID  – OLSRV.EXOO.EU.00.EN.WIP.BCH.TS.T01.POD.ST.EM@css.one.microsoft.com
Some customers are experiencing delay with Microsoft Online Protection services according to Microsoft.

————–

13:30 We’ve been informed by Microsoft that they are working on this issue.
23:00  Email delivery has resumed to some affected networks as seen by test emails.
Adminor continues to monitor this situation and will update this advisory if Microsoft changes their status.

Maintenance window 20137-03-25 & 2017-03-27 00:00 – 06:00

Hej / Hello
English version below

Vi på Adminor har blivit notifierade av Stokab som har planerat in ett driftavbrott på fiberförbindelser där vissa tjänster kommer påverkas.

Orsak till åtgärden är: Driftarbete av Stokab för flytt av kablar pga tvärbanan.

Adminor kommer växla över till sekundär länk mellan: 2017-03-25 kl. 00.00-06.00 och återställa till primärdrift EFTER att STOKAB 27/3 slutfört sitt arbete.
Överflytten beräknas ta några minuter vid varje tillfälle.
Avbrottet hos STOKAB kommer att ske mellan: 2017-03-27 kl. 00.00-06.00 och beräknas inte påverka Adminors kunder under deras servicefönster.

För eventuella frågor v.v. kontakta oss på [email protected], www.uppe.nu, telephone 08 564 314 30  eller tilldelat journummer.

English version

Adminor is hereby informing you of a planned maintenance of Stokab fibre connections servicing our datacenters.

The reason for this outage is: Rerouting of cables by Stokab due to construction works.

Adminor will switch-over to secondary paths: 2017-03-25 kl. 00.00-06.00 och återställa till primärdrift AFTER STOKAB 27/3 has performed their maintenance work. This is expected to take a couple of minutes at each change.
The outage with STOKAB is planned: 2017-03-27 at 00.00-06.00 and should not affect Adminor customers during their service window

If there are any questions regarding the above you are welcome to contact us at [email protected], www.uppe.nu, telephone 08 564 314 30  eller tilldelat journummer.

De berörda tjänsterna är / The services affected are:

Primary interconnect between Hammarby Datacenter and Västberga ( Virtual Machine replication between datacenters may be delayed ).
Services hosted on 46.253.192.0 – 46.253.207.254, 185.111.240.0/24 in Västberga DC but not in Hammarby DC.

For customers with services on 46.253.192.0/20 IP range, we offer replacement IPs on different IP ranges that originate from Västberga DC.

Let’s encrypt for varnish?

Do you have a site that’s accelerated with varnish but noticed that there is no native SSL support for Varnish?

No problems!
You can use a bunch of different methods to terminate SSL .
In this post I’m not going to be posting a bunch of configuration or setup steps. But discuss the caveats of terminating SSL .

Let’s say you are using drupal or wordpress.
Your current setup probably looks something like this:

varnish –> apache OR nginx backend -> application (wordpress/drupal) .

With Let’s encrypt you’re going to want to setup an SSL terminator. In the past I’ve recommended using ”pound” as an SSL terminator, but due to the slow development cycles I’ve moved towards nginx or haproxy.

Of the two I’d setup nginx SSL terminator in most cases as the Let’s encrypt certbot supports nginx natively for issuing and renewing SSL certificates.

Haproxy is awesome if you plan to use multiple backends or caches. If you use haproxy you probably know what you are doing but the problem with Let’s encrypt is that you have to run certbot in standalone mode with the ”certonly” variable on the commandline .

Haproxy will be configured to pass the acme-challenge to the standalone daemon that certbot launches. The renewal process will also use the forwarded requests .

With nginx it’s as simple as just creating the cert using certbot and configuring SSL proxy onwards to varnish.

We assume that you have previously managed to configure apache mod_rpaf , mod_remoteip or nginx to handle x-forwarded-for to provide the right IP to the web application.

One big issue that we’ve seen on customer installations when adding let’s encrypt support to already running setups is the fact that the backend application has no clue about https protocol. This sometimes causes forwarding loops or problems with loading http:// resources over a https:// connection (modern webrowsers raises alerts and refuses to load resources outside the https:// connection if it’s properly configured).

It’s important that the x-forwarded-for and protocol is passed on in all steps of the chain.

With haproxy you use option forwardfor and x-forwarded-proto.
Nginx needs to do the same.

On the backend side you can force SSL in a number of different ways.
The easiest way in php is to force https. Drupal and WordPress have a number of plugins to do so, you can also edit the php config files to force SSL.

For example in wp-config.php :
define(’FORCE_SSL_ADMIN’, true);
// in some setups HTTP_X_FORWARDED_PROTO might contain
// a comma-separated list e.g. http,https
// so check for https existence
if (strpos($_SERVER[’HTTP_X_FORWARDED_PROTO’], ’https’) !== false)
$_SERVER[’HTTPS’]=’on’;

Do you need help to add SSL and let’s encrypt for your current varnish setups? Feel free to contact us 

Adminor also offers ready-made VM images with Let’s encrypt varnish proxies for our VPS customers.