A Web Developer’s Blog
I need to work on some cross site javascript and so I need a trusted TLS cert installed an running in my dev system.
I was already running via FrankenPHP and Docker Compose
I used (mkcert)[github.com/FiloSottile/mkcert] and customised the Caddyfile that FrankenPHP uses
At work I’m using Digital Ocean and their managed Kubernetes offering - DOKS
The cluster is almost entirely managed via Helm charts - and even system components that are installed via the Digital Ocean “1 Click” installers are Helm charts really.
Recently we ran into a problem where we needed real IP addresses available to our application - but these were being lost to the load balancer - and I needed to configure Proxy Protocol to re-enable them.
I setup Laravel with Redis and made sure all my articles were cached, and still saw a lot of database traffic.
All the route bound parameters get magically injected - but of course behind the scenes these are looked up in the database.
Although these are simple queries that run pretty fast - a lof of them are repeated very frequently so can be efficiently cached.
I’m using Laravel Inertia and the resulting form submission returns JSON objects - which I wanted to validate.
In my case I have a quiz - which has questions which in turn have answers and those answers have user-submitted responses.
If the CMS editor tries to delete answers which have responses this will result in an SQL referential integrity error - so I want a validation rule for each answer which says
If the answer object has property “deleted” and the database has responses for this answer - fail.
I’m running a service on Kubernetes that hosts multiple websites via different domains.
I had followed the default Helm Chart pattern and ended up with one TLS cert for all the sites.
This worked OK - except that I kept getting downtime when I needed to add a new domain.
So I refactored to have a different certificate for each site.
Read more ...
Creating a read-only database user on Postgresql for all databases, on a Digital Ocean Managed Database.
There is a fairly severe bug here Ingress-nginx CVE-2025-1974
My understanding is that it is a privilege escalation bug within Kubernetes - and given that I work for a very small team where actually I’m the only one with access - I don’t think I’m immediately vulnerable.
But my understanding is limited and I’m a fan of defence in depth so it’s time to upgrade.
My Laravel project is in part a headless CMS - this means it has and API that gets called by a frontend system - with around 10 API requests per page view.
We can cache some of that - but sometimes caches are empty and the site still has to be responsive.
The meant I needed to optimise my Laravel site and after a few experiments I found that using [Laravel Octane]](https://laravel.com/docs/12.x/octane) with FrankenPHP gave me the performance boost I needed without needing any significant code change.
I want to use a distributed cache in my Laravel Application to make the app more responsive and reduce database load.
I’m not sure whether to use Memcache or Redis