I am beginning to just bounce with the never-ending stream of challenges and puzzles. It is rather fun, actually, to solve one puzzle only to have it reveal another, even more obscure (or terrifying!) technical gaffe. No wonder it seems there is so much overlap between the gamer and the sysadmin communities.
The latest endeavour: tighten up the cloud SSL/TLS, bringing it up to the same level as the others. There was even a notice after the latest upgrade about HSTS. And a whinge about .well-known redirects.
Well, that little notice is GONE! tightened that up to A+ according to SSL Labs, and the cloud developer gives me the same with all updates, stable version… oh, wait, that scan was from July. Oh, other wait, there’s a new notification about proxy header configuration. And those whinges about the .well-known services? still there, verified reporting as 404 despite being in the .htaccess.
And, actually, now I look at it, that .htaccess is pretty crufty, as one might expect after constantly upgrading and migrating (4th server hardware!) I certainly was not in the first generation of self-hosted cloud, but definitely more than 6 years and many versions both major and minor ago.
Now is one of those decision tree moments: Should I stay or should I go now?
Most likely it is a good point to perform a clean install, migrating the content to a new device and set-up, all new installation. It will take a bit more time, but it will have a better result than trying to clean up the existing mess of configurations, backups-pressed-into-service, and leftover files from previous version.
Which means my work on this particular domain is done for now, and I can move on to the next right after I add the new task “New cloud instance, migrate users” to the task queue.