In my last TIL I talked about how to set additional security headers for Gitlab. But I also had to do this for other applications I was supporting, where it was more straight-forward to do it (meaning: with code).

I needed to set the access-control-allow-origin header in the other applications …

Recently, I had to configure some security headers in GitLab. GitLab uses Nginx as its web server, and it allows for easy configuration changes for some settings. For instance, enabling HTTP to HTTPS redirection can be done simply by setting nginx['redirect_http_to_https'] = true in the gitlab.rb configuration file.

However …

For one of our customers we needed to install the Docker-plugin for loki. To install it, you run:

docker plugin install loki

However this failed with the following error message:

Error response from daemon: dial unix /run/docker/plugins/d442cff8568254659f9aa7d2dd5a30526b69d1ac62593c628b65da8b9e933c6a/loki.sock: connect: no such file or directory

Running strace …

The announcement of the recent attacks on Tor-users that exploit a Firefox vulnerability in Javascript suggested some things to remain anonymous whilst using Tor, such as disabling JavaScript, using the most recent versions of Firefox, install firewalls and so on. One interesting measure named was to often change your MAC …