justin/new-site
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
new-site/infra
History
justin d65f5ea279 nginx: stop blocking /admin (bot-scan rule matched our own dashboard) 
The shared security snippet blocked any path matching /(admin|administrator|
login.action|struts) with 'return 444', which drops the connection. That bare
'admin' token also matched our own operations dashboard at /admin and the new
/admin/compliance-orders, so the browser showed 'This site can't be reached'.
Dropped the bare 'admin' token; administrator/login.action/struts stay blocked.
Applied live on prod (sudo edit + nginx reload); this updates the source of
truth so the ansible nginx role won't reintroduce it.
2026-06-16 00:05:54 -05:00
..
ansible nginx: stop blocking /admin (bot-scan rule matched our own dashboard) 2026-06-16 00:05:54 -05:00
cron hc: warmup must run DAILY for the full 21-day ramp (not weekdays-only) 2026-06-14 21:02:08 -05:00
fail2ban Initial commit — Performance West telecom compliance platform 2026-04-27 06:54:22 -05:00
firewall firewall: allow ezstorehost (207.174.124.51) to reach Forgejo SSH 2026-06-10 22:45:43 -05:00
k8s infra/k8s: shkeeper liveness+readiness probes (fix recurring crypto.performancewest.net downtime) 2026-06-09 04:57:50 -05:00
monitoring monitoring: add .91-.93 IP rehab to daily Telegram warmup alert 2026-06-09 20:34:41 -05:00
mta-sts infra: MTA-STS HTTPS vhost (cert issued, policy live) 2026-06-06 21:03:30 -05:00
nginx infra: nginx vhost for listmonk-hc admin portal (lists-hc.performancewest.net -> 127.0.0.1:9101, LE cert) 2026-06-06 07:02:50 -05:00
postfix warmup: ROLL BACK main pool to 200/h after Gmail spam-blocked IPs at 400/h 2026-06-13 20:10:13 -05:00
systemd hc email: reframe value-add to 'No 2FA. No government portals.' (we have a portal; the pain is CMS 2FA/identity-proofing); cron creates fresh dated campaign when prior is finished; add hc bounce watcher (Postfix->listmonk-hc webhook, hard/complaint->blocklist) 2026-06-06 16:47:12 -05:00