Release-3359: Let’s Encrypt Firefox fix
We’ve improved the let’s encrypt implementation. Firefox now accepts the certificates as expected.
Read moreRelease-3331: Increased server_names_hash_bucket_size and more
In this release we made a couple of minor changes to our configurations on Hypernode. Increased the server_names_hash_bucket_size to 128 The server_names_hash_bucket_size NGINX config value was increased from 64 to 128 as it was causing issues with longer domain names. For example previously trying to generate an SSL configuration for domains of a certain length…
Read moreRelease-3331: Fix multiple domains in user generated SSL configs and changes to WAF
Yesterday we started rolling out a pre-configured Let’s Encrypt automatic renewal and configuration mechanism based on dehydrated. We noticed a bug in our SSL config generation script that made it impossible to load certificates for more than one domain. This has been fixed now. If you ran in to this problem you can re-run dehydrated…
Read moreRelease-3323: Let’s Encrypt support [BETA]
In this release we started rolling out compatibility with Let’s Encrypt auto-renewal. Previously it was already possible to use Let’s Encrypt certificates on Hypernode by uploading them to the service panel, but the real beauty of Let’s Encrypt is in it’s short lived certificates which can be automatically updated. Requesting a Let’s Encrypt certificate on…
Read moreRelease-3318: patch OpenSSL CVE-2016-6304, notify out of memory killed on SSH login
The last couple of weeks we have been mostly focused on improving our back-end logic for dealing with external API failures and implementing extra tests for our automation. However there were some things we did that might be interesting to hear about for Hypernode users so here is a short summary. OpenSSL CVE-2016-6304 Early last…
Read moreRelease-3294: new magerun commands, prepare for Let’s Encrypt
This release contains an update of the wildly popular Hypernode & Elgentos n98-magerun modules. Import change: all Hypernode commands can now be found in the hypernode:* namespace (see a list here). Also, we have released software to support Let’s Encrypt in an upcoming release shortly.
Read moreRelease-3285: updated Blackfire and GeoIP database, and added GeoIP city
We updated the Blackfire PHP5 probes to the latest versions (agent 1.7.4, PHP probe 1.12.0) We updated the GeoIP* database to the latest version which comes with Ubuntu 16.04 We included the GeoIP city database into NGINX. The city fields are now available in the PHP $_SERVER environment variable. Fixed a problem where backups were…
Read moreRelease-3274: NGINX upgrade for all remaining nodes
Today all Hypernodes starting with N-Z and 0-9 will be upgraded to a newer NGINX version. Additionally we made some changes to our Web Application Firewall (WAF). If you notice something out of the usual or think this new configuration is somehow clashing with your NGINX configuration, please contact us.
Read moreRelease-3272: PHP 7 update to version 7.0.10
We’ve deployed the latest PHP 7.0 to all nodes running PHP 7.0. This is PHP 7.0.10, that contains a couple minor security fixes. Please find the changelog here: http://www.php.net/ChangeLog-7.php#7.0.10
Read moreRelease-3270: NGINX upgrade, hypernode-importer can use a jumphost
Today all Hypernodes starting with the letters A-M will be upgraded to a newer NGINX version. Additionally we made some changes to our Web Application Firewall (WAF). If you notice something out of the usual or think this new configuration is somehow clashing with your NGINX configuration, please contact us. Also we upgraded the globally…
Read moreRelease-3237: hypernode-importer can import ZIPs and SQL dumps
This release contains a couple of new hypernode-importer features that have been used by our onboarding team for a while already and today they have been added to the help menu so they can be used by all Hypernode users. Importing the webroot from the filesystem instead of the remote host This flag enables you…
Read moreRelease-3229: per IP PHP worker limit for all (remaining) nodes
The per IP dynamic worker limit is now enabled for all nodes starting with N-Z and 0-9. Any IP address who is using too many PHP workers (already) will receive a 429 error code on their next request. Documentation on how to whitelist IPs or disable this feature can be found in our support documentation.
Read moreRelease-3204: installed Node.js, Compass and Sass
We installed Compass and Sass, a CSS pre-compiler that provides organizable, reusable CSS. This tool received 18 votes on our Uservoice. Please let us know if you have any issues with the versions we’ve provided, as they come from the default 12.04 repositories. Also, we installed Node.js (version 0.10.37) by default on all Hypernodes. No need to install…
Read moreRelease-3200: increase FastCGI buffers and dynamic IP limit overrideable
In this release we increased the FastCGI buffers by default, because in some corner cases customers had to increase these themselves. Next to that we changed the implementation of the dynamic request limit per IP in such a way that it can be overridden in the Nginx config. Documentation about this will follow.
Read moreRelease-3179: Enable slot limiting for nodes with the letter A-M and disable MySQL binlog
All nodes starting with the letter A-M, will have the slot limiting enabled as described here. We’ve disabled the MySQL bin logs, since we do not do any replication. This avoids unneeded overhead.
Read moreRelease-3168: New n98-magerun commands for Varnish and more
We released a few minor changes and improvements to the platform: We’ve added two new Magerun commands for Varnish: turpentine turpentine:config:save Save and apply Turpentine’s VCL configuration to Varnish turpentine:varnish:flush Flushes all cached varnish URL’s. We’ve installed ‘zip’. Allow files from within /.well-known/ folder as per RFC5785. It’s used for discovery of policy or other…
Read moreRelease-3150 (update): WebForms Pro 2 vulnerability – deny PHP files in upload directory
A vulnerability was discovered in the Magento module WebForms Pro 2. We’ve added a security filter to deny PHP files to be executed from within the upload directory of the module WebForms Pro 2. All requests looking like /js/webforms/upload/*.php will be denied. All users of the module WebForms Pro 2 should immediately update to the…
Read moreRelease-3138: filter against amasty feed vulnerability
We’ve release a filter for the amasty feed plugin vulnerability (more information here). Anyone using this plugin should update immediately! The filter is placed inside /data/web/nginx/amastyfeed.conf. If you updated your plugin and want to disable the filter, please comment out the filters in that file. We now also deny any requests made towards the /shell/…
Read moreRelease-3114: per IP PHP worker limit
We will be (slowly) releasing a limit for how many PHP workers a source IP can use. Initially we will allow a source IP to use all but 2 PHP workers, in the long run this limit may get set even lower. Today we released this change for all Hypernodes starting with the letter A….
Read moreRelease-3112: Rotate nginx logs by size
Rotate nginx logs every hour if they are larger than 200MB. This is to avoid using excessive disk space for access logs on the root partition. For the most successful hypernodes rotating the logs on a nightly basis was no longer enough. Instead of keeping 14 logs we now keep the last 30 rotated logs.
Read moreRelease-3110: Mitigate httpoxy
Today a set of vulnerabilities was disclosed surrounding CGI-like environments. Luckily due to Hypernode’s thoroughly tested continuously integrated deployment environment we were able to roll out a mitigation strategy on all Hypernodes quickly and safely soon after the news broke. block the HTTP_PROXY header from being passed on to PHP-FPM The Nginx configuration now contains…
Read moreRelease-3014: Varnish pipe_timeout and more streamlined SOLR migrations
Longer pipe_timeout for Varnish. Click here for more information. We added -p pipe_timeout=300 to the Varnish DEAMON_OPTS SOLR is stopped and started during migrations to prevent stale locks from being transferred Lock out the app user during crucial parts of migrations for safer upgrades Improved the automatic cron flocking pattern matching The hypernode-importer also synchronises…
Read moreRelease-3085: Vagrant updates
We’ve been gradually improving our standard of quality for the Magento Vagrant development environment hypernode-vagrant. This is becoming increasingly important with the growing adaptation of the boxfile among our customers and other Magento developers. This week we have deployed various changes to both increase ease of use and performance. package the latest virtualbox guest additions…
Read moreRelease 3071: SSH with password, new DC, Magento 2.1
Release 3071 brings a lot of goodness to your Hypernode. The default DigitalOcean data center where Start, Grow and Professional Hypernodes are booted has been changed. The Magento 2 install on new Trial accounts has been updated to version 2.1 (trials with Magento 1 are still possible). Using SSH on your Hypernode is now possible with the password…
Read more