GitLab 10.5 and later: Solution for error “Validation failed for domain” with Let’s Encrypt

GitLab 10.5 introduced built-in support for Let’s Encrypt.

Unfortunately, if you follow the official GitLab instructions how to enable Let’s Encrypt support, you may encounter the following error when rebuilding GitLab:

Running handlers:
There was an error running gitlab-ctl reconfigure:

letsencrypt_certificate[yourhost.yourdomain.com] (letsencrypt::http_authorization line 3) had an error: RuntimeError: acme_certificate[staging] (/opt/gitlab/embedded/cookbooks/cache/cookbooks/letsencrypt/resources/certificate.rb line 20) had an error: RuntimeError: [yourhost.yourdomain.com] Validation failed for domain yourhost.yourdomain.com

Running handlers complete
Chef Client failed. 11 resources updated in 11 seconds

Warnings:

Let’s Encrypt is enabled, but external_url is using http

The last line is rather misleading, as the domain validation can apparently also fail if one sets  external_url = “https://yourhost.yourdomain.com”

As a workaround, add the following two additional lines to /etc/gitlab/gitlab.rb (hat tip to Kai Mindermann and Thomas Jost for the hints):

nginx['redirect_http_to_https_port'] = 80
nginx['redirect_http_to_https'] = true

 

So, all in all, you need to set in /etc/gitlab/gitlab.rb:

external_url 'https://yourhost.yourdomain.com'

and add the following lines (adjust the notification e-mail address):

letsencrypt['enable'] = true
letsencrypt['contact_emails'] = ['gitlab-notifications@yourdomain.com'] # optional
nginx['redirect_http_to_https_port'] = 80
nginx['redirect_http_to_https'] = true

Make sure that your firewall doesn’t block access to ports 22 (SSH), 80 (HTTP), 443 (HTTPS).

After that, reconfigure GitLab (in a shell):

# gitlab-ctl reconfigure

That’s it! You can now register/login at https://yourhost.yourdomain.com.

Combining the Eisenhower Matrix and Kanban on Trello

I like the Eisenhower Matrix a lot: In everyday life, the simple concepts often tend to be the most practical ones, and in the end, usually also the most useful and powerful ones. Remember: “Everything should be made as simple as possible, but not simpler” (although that’s also a reminder to not over-simplify things).

Here’s an idea how to combine the concept of 2-dimensional triage (Eisenhower Matrix) with the idea of JIT workflows (JIT processes from supply chain to production to delivery) in Kanban / Kanban in software development, using Trello:

eisenhower_matrix_combined_with_kanban_on_trello

The top Kanban workflow would thus be:

1. INBOX: If urgent & important: DO!

2. If urgent & not important: DELEGATE!

3. If not urgent & important: DECIDE+PLAN!

4. Rest: Not urgent & not important: ELIMINATE!

(& := logical AND)

This would guarantee, that first, all incoming tasks/requests (e-mails, phone calls, mail, visitors, time-triggered events, other events, ..) would get proper (highest) attention and get collected in the INBOX list. They would then be triaged (qualified) and, if appropriate, distributed/moved to the other lists accordingly. If nothing else matches, they would end up in the low priority box (not urgent AND not important), i.e. the equivalent of a “trash”.

In this order, it’s a failsafe workflow, where all incoming tasks are treated as highest priority tasks at first by default. In some seldomn special cases, usually just temporarily, one could also imagine that reversing the workflow would make more sense (e.g. in a situation of a foreseeable flood of low-prio incoming requests, when you only have time to pick the high-priority ones out of these and leave almost all tasks in the “trash” by default -> this is not failsafe, of course!)

Integrating a particular product’s Kanban workflow would require adding further “sub-lists” for each of the steps of the product lifecycle. Or one could also think of using a separate board for each of the 4 states of the Eisenhower matrix, with lists representing the Kanban states/stages connected through Kanban JIT processes.

Note that each team member can (and should) have her/his own Eisenhower sub-matrix in addition, also combined with her/his own Kanban sub-workflow.


Side note: One could also extend the above board and make it more fine-grained by subdividing each list into the following 5 GTD (Getting Things Done) sub-workflows:

capture, clarify, organize, reflect, and engage

These would ideally be represented by sub-lists, which don’t exist in Trello (yet?). Currently, one would thus have to improvise a bit and e.g. use cards for them, using comments as “sub-cards” – or add further lists, e.g. “1.1 capture”, “1.2 clarify”, “1.3 organize”, “1.4 reflect”, “1.5. engage”.

One could also treat the above combination of the Eisenhower Matrix and Kanban as an application of the 5 GTD workflows and do without making those explicit. At the moment, I favor this view and, for simplicity, don’t recommend visualizing these GTD “meta-workflows”.


 

Disclaimer: The ideas proposed here are “work in progress”, likewise this post. This is just one example of many imaginable ones. I’ll probably edit this post or clarify, correct or extend it in follow-up posts.

Guaranteeing memory safety in Rust | Air Mozilla

Nicholas Matsakis of Mozilla on how Rust guarantees type soundness, memory safety, and data-race freedom while still offering control similar to C/C++:

(via Guaranteeing memory safety in Rust | Air Mozilla.)

Rust, with its funny name, reminds more of a mutt than an academic programming language. It’s that pragmatism however, that has a lot of potential to help solving well-known “real world” reliability problems in software engineering. It would definitely make a worthwhile addition to other programming languages taught in CS classes.

Mozilla has already started building Servo, a web browser engine based on Rust. While still far from usable (Disclaimer: I’ve just compiled and quickly tested the current master branch sources on Mac OS X Mavericks), it’s the right strategic move and I wonder when other browser projects, like Chromium, will start shifting to safer programming languages too.

Modern web browsers are very complex and accordingly vulnerable pieces of software and yet, with the rise of the browser as an app platform, we depend more and more on their reliability, safety and security.

Ironically, my Chrome browser irrecoverably froze while I was drafting this blog post. Although chrome doesn’t rust, some Rust would actually be a good thing for Chrome, in the long term.

macvim – Vim for the Mac

When using Mac OS X, I used to use the CLI vim by the excellent Homebrew package manager.

Now I’ve just stumbled over macvim, which is kind of a “deluxe vim” for Mac OS X, including adjusted key bindings for the Mac and a GUI menu, supporting Cocoa file dialogs, among others.

It’s highly recommended if you want to have the best of both the CLI and GUI editor worlds.

Download

System information on Mac OS X

Mac OS X comes with a pretty useful tool to list all the details about your system:

# system_profiler

E.g. to find out whether your RAM supports ECC:

# system_profiler|grep ECC
          ECC: Disabled

Or wether your SSD supports TRIM:

# system_profiler|grep TRIM
          TRIM Support: Yes

Some helpful Git resources

A friend recently told the following joke:

“The idea that git can be used offline is an illusion – you still need connectivity for googling which arguments to pass to what command.”

That’s an exaggeration, of course, but as always, there’s a grain of truth in it. So here we go: