Hi there 👋

Incoherent ramblings from a Principal Magento Engineer. Covering SRE / Devops / Platform Eng / Magento Dev

Self Hosting Sentry.io for one year, what have we learned?

In Short: Its very cost effective, we are seeing savings between £2500 and £3500 per month, over hosted estimates. Its been very stable (a setup and forget type situation) Updates are released fairly frequently, and are simple to apply Be very mindful of free disk space, it runs postgres which can massive pain to clean up when close to limits. Sentry’s disk clean up functionality seems to be flaky The CSP functionality gets the job done Cost Cost is the leading factor to self hosting sentry for us, and its a win win scenario....

November 25, 2024 · 4 min · 736 words · Me

Debouncing Magento 2 FPC Purge Requests

Heading into Black Friday, cache hit rates are a metric to monitor closely. Having poor cache performance, is likely to see dramatic increases in page load speed, higher autoscaling infrastructure costs, or even worse. 500 series errors. As part of our pre-emptive precautions, we have built an experimental module which intercepts and defers Varnish cache purges to a set schedule. We’ve rolled it out to some of the stores with problematic ERP systems and problematic store admins… Hopefully we can leave it disabled the entire time, but its a nice piece of mind....

November 8, 2024 · 1 min · 118 words · Me

Is 100% uptime a bad goal?

I hear the claim of 100% uptime thrown around a lot. Although is 100% uptime really a good goal to have? Like most things in tech, the answer is, it depends. If your running your Magento store within a fault tolerant cluster, sure 100% website uptime is a good goal. Whereas if your are running Magento on a single instance, or even multiple servers but not in a cluster. Then claiming to aim for 100% uptime is more of a red flag than something to be proud of....

October 21, 2024 · 3 min · 460 words · Me

Automating Magento 2 Updates

🔥 Hot Take: Stop offloading poor engineering practises onto clients. There is no wonder merchants are apprehensive about using Magento 2, when we are quoting them excessive amounts to even keep their store up to date and secure. In some recent research, I’ve seen estimates in excess of 100 hours for an update. That seems wild to me! I’ve found Magento releases have been getting a lot more stable & bug free in recent years, especially since Adobes acquisition....

October 14, 2024 · 4 min · 788 words · Me

Chaos Engineering in Magento 2

Chaos. Those who know me, knows that I love a bit of chaos in my work. Data center caught fire? Server fell out the rack? Its like a free roller coaster. For someone who’s role is to reduce the chaos, I enjoy and thrive on it a little bit too much. Why implement Chaos Engineering practises? This is where Chaos Engineering comes into play, nobody wants to be woken up at 3am because OOMKiller has decided your database is not important any more....

October 7, 2024 · 3 min · 545 words · Me

The Magento 2 Setup Endpoint is leaking your Magento Version

The default Nginx sample configuration, and htaccess files shipped by Magento have the /setup/ route publicly accessible. And this route displays your current magento version, including patch level. For all prying eyes to see. Currently this affects all Magento versions up to 2.4.7-p1 (the latest at time of writing), including 2.4-develop. It is worth noting, I believe the web installed was removed in 2.4. Is there any need for this route to continue to exist, apart from leaking version data?...

October 2, 2024 · 2 min · 242 words · Me

Debugging Varnish Cache Performance in Magento 2

I do a fair bit of performance oriented consulting/contracting work with Magento Agencies / Developers. A common theme seems to be difficulty monitoring/debugging Varnish. The Varnish Service Watching a specific URLs Age We can monitor how long a specific URL is staying in cache, by wrapping a curl command within a while loop. (Note: You may need to update your varnish config to stop removing the Age header) while true; do curl -Iso /dev/null -w '[%header{Date}] %{http_code} %{url} %header{x-cache} %header{age}\n' https://example....

September 20, 2024 · 3 min · 494 words · Me

Stop Overpaying for New Relic Data Ingest by reducing Tracing Data

I was doing some health checks on some new brownfield projects we’ve taken on recently, ahead of migrating them to our own infrastructure. And I noticed that their NewRelic invoices seemed abnormally high for the amount of traffic the stores received. I was expecting most of the stores to still be in the free tier, or at least under 200/300GB total ingest. Looking at the “Manage Data” account page in NewRelic....

August 27, 2024 · 2 min · 339 words · Me

Magento Trojan Orders (CVE-2022-24086) - addAfterFilterCallback

So it appears the Magento 2 Trojan order exploit (CVE-2022-24086) is making the rounds again. With the recent rise in exploit attempts I am going to go out on a whim, and assume the exploit kit was recently sold/released again. Trojan Order was identified and patched back at the start of 2022. The relevant security Bulletin is APSB22-12. It states versions 2.3.0 to 2.3.3 are not affected but any other versions below 2....

August 16, 2024 · 3 min · 511 words · Me

Magento 2 Optimising Static Content Deploy

Typically a lot of Magento 2 stores are slow to build, some taking up to and over an hour. This becomes a bigger pain point as stores grow and more themes & locales are added. Often optimising build time is often towards the bottom of the priority list. The Magento Static Content Deploy Docs provides a good amount of detail on this subject, and is a good read. Just remember, typically, your pipeline execution time also affects your time to release fixes to critical production issues....

August 12, 2024 · 4 min · 641 words · Me

Lights: tobyj

Snowman: alikhalilifar

Tree: ssmkhrj