Nope. Just no.
Just no.

Ha. I found out I don’t have a fear of drag queens. I actually have Maquillaphobia – A fear of makeup and cosmetics!

It can probably also explain the fear I have of clowns.
It’s a shame that so many women hide their beauty behind makeup. People should be happy being who they are and not what they hide behind. The media make their money by permanently keeping women feeling insecure about how they look so they can peddle their overpriced potions which contain some key ingredient or extract. Its all junk.
Its nice to know though that I have a known (albeit little known) phobia and its not something that can be branded as being homophobic. I’m not.
For me, this irrational phobia has caused me to become tight-chested around people who wear too much makeup, and in my head it blocks everything, the brightness of burning magnesium, and the sound of white noise, I can’t think, and I start to panic. It’s horrible.
There you have it. Social anxiety, Maquillaphobia, and things in my past that have driven me to dark places that have irreparably broken me.

Monitoring SSL Certificate Expiry in Nagios

Ok, so this is a little quick and dirty, but it does what is needed. Perhaps if I was not in such a rush I could create something better.

Create a file called check_ssl with the following, preferably in the same location as your nagios plugins, or somewhere sensible (and make note of the full path for later):


$hostname = $argv[1];

$date = exec("curl --verbose https://".$hostname." 2>&1 | grep expire\\ date: | awk '{print \$4}'").' 00:00:00';

$diff = strtotime($date)-time();
$days = floor($diff / 86400);
echo $hostname . " expires in " . (int)$days . " days";

if($diff < 604800) { // Critical for 7 days and less
if($diff < 2678400) { // Warning for 31 days or less

Then, set the permissions correctly:

chmod +x check_ssl

test with: ./check_ssl
(replace with your domain name)

In your nagios commands definition file (normally commands.cfg) add (replacing $USER1$ if your check_ssl is not in the same folder as the rest of your Nagios plugins):

define command{
   command_name check_ssl
   command_line $USER1$/check_ssl $ARG1$

Finally, add a check with the rest of your services:

define service{
   use generic-service
   host_name **Your server hostname**
   service_description **description**
   check_command check_ssl!**domain name**

Then restart!

Back to the Foodture

I hate puns. Sorry for that.

So I am hitting Huel again for meal replacements – Lunch and tea on weekdays, and all 3 meals on the weekend.

This evening was my first proper use of my Nutribullet which was recommended to me by someone I had converted to using Huel.

I started off with an Apple, a Banana, some Cashews, and 1/4 of a Lime.

Fruity, nutty base

Next, came a load of water, the Fuel (two large scoops, so about 3 scoops in total), and a wodge (a technical term) of Ginger powder.

Ready to Blend

Blitzed it, and it was delicious. Sorry, no photos. I tasted it, and the ginger and lime flavours were amazing, so it got rapidly consumed. Nom!

Nginx + php-fpm Upload size

If like me you use php-fpm with nginx and you ramp up the upload file size in the fpm configuration, you will also need to remember to put a line into your nginx configuration file.

I prefer to add this on a per-vhost basis but you can add it to the http section of the nginx.conf file:

client_max_body_size 256m;

If you change the 256m to whatever value is set as your upload_max_filesize and restart nginx you will be good to go.

Postfix + Dovecot read-only Inbox Fix

I’ve been building a new mailserver and having problems with the mailbox being read-only.

The configuration uses PAM (standard Linux user accounts) for authentication.

The fix was quite simple. In the config file /etc/dovecot/conf.d/10-mail.conf add the following line:

mail_privileged_group = mail

Then restart dovecot. Your Inbox will now be writable!

Finding problems with strace

I had the fun of trying to find out what was wrong with a long running process – after a day, the process would slow to a halt. I’ve used in a drunken haze in the past a program called strace. This lets you attach to the process and monitors the system calls and signals it makes.

The script is a network and database specific application. I got the process ID from ps aux, and proceeded to attach to the processes (including the threads) using the command:

strace -f -s512 -p<process id>

Immediately, the issue became clear:


The screen scrolled this thousands and thousands of times, briefly showing chunks of other system calls, including the MySQL calls and the queries inline. While at the moment we are unsure what this means, it certainly goes a long way in (a) identifying the issue is with the script and a low-level idea of what the problem is.

What is really fun is seeing what things do in the background.

strace <command>

Will start an application and give you the full list of calls. Adding the -r flag adds the relative time for each call too, so this way you can start to see what system calls are taking the longest.

Hopefully there will be more useful information as I get to use it more often!

WordPress + Nginx + SSL in 5 Minutes

I’ve made the switch from Apache over to Nginx. Its faster, lightweight and just a lot easier to configure, especially when it comes to my new fascination with Docker.


Anyway, I digress.

My Debian server has a squeaky clean Nginx install on it, alongside it I have got Percona as a replacement for MySQL with my WordPress database sat on it. I set out to get wordpress working with Nginx and then get an SSL certificate installed on it too. So, after downloading it, and popping it into a safe place, I started editing the config:

server {
listen 80 default_server;
listen [::]:80 default_server;
root /srv/;
index index.php;
location / {
try_files $uri $uri/ /index.php?$uri;
#try_files $uri $uri/ =404;
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php5-fpm.sock;

That got me working, but I wanted more! I want SSL!

I used certbot which gives out free legit SSL certificates, so I followed the instructions to install it on the box and proceeded to generate a certificate:

$ certbot certonly --webroot -w /srv/ -d

Followed the instructions on-screen and the next thing you know I have a certificate ready and waiting on my machine.

Now the important part. Adding the configuration to Nginx.

This was amazingly simple (after I figured out I had added .com twice in the path). After the listen [::]:80 line, I added the following:

listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/;
ssl_certificate_key /etc/letsencrypt/live/;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

Of course, if you are copy and pasting this, replace with the domain name you registered with Certbot.

Thats it! Once you restart Nginx, your site will be available in