OneSeal:
New feature → `npm install` → start coding
Environment broken →
Compliance audit → export git history
Secret rotation → regenerate SDK → bump version
Think of it as bringing GitOps practices to configuration management.
Built OneSeal to solve this: github.com/oneseal-io/oneseal
Terraform/Vault → encrypted SDK → version control → developer productivity
What's your onboarding time for new developers? How do you handle config/secret distribution across teams?
https://redd.it/1o40aq1
@r_devops
New feature → `npm install` → start coding
Environment broken →
git log shows what changedCompliance audit → export git history
Secret rotation → regenerate SDK → bump version
Think of it as bringing GitOps practices to configuration management.
Built OneSeal to solve this: github.com/oneseal-io/oneseal
Terraform/Vault → encrypted SDK → version control → developer productivity
What's your onboarding time for new developers? How do you handle config/secret distribution across teams?
https://redd.it/1o40aq1
@r_devops
GitHub
GitHub - oneseal-io/oneseal: 🔐 Secrets, configs, and platform outputs as code — typed, versioned, encrypted.
🔐 Secrets, configs, and platform outputs as code — typed, versioned, encrypted. - oneseal-io/oneseal
Will DevOps teams become smaller because of AI?
What are your thoughts? Any prior experiences from work would also be really appreciated...
https://redd.it/1o44drt
@r_devops
What are your thoughts? Any prior experiences from work would also be really appreciated...
https://redd.it/1o44drt
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
What category of software am I looking for?
The requirement from the business is:
As part of our running software we want to be able to 'send events' to a central place, and have other software consume them.
These 'events' might be informational or an error that has been hit.
Not huge volume, but important and very specific info about what has happened.
Like data processing of X data item from Y provider failed because Z reason.
We then want downstream services and guis to be able to subscribe to these 'events'.
Like in the above example, we might care about more providers than others.
Originally we thought this sounds like a logging problem, but I'm having my doubts about that. Realtime/push/apis being the main thing.
The more I dig, the more it sounds like this should be a solved problem and my googling is not helping.
I google event software and get random software to help organise events.
Is this a solved problem? maybe something that sits on top of a logging platform.
https://redd.it/1o44ng1
@r_devops
The requirement from the business is:
As part of our running software we want to be able to 'send events' to a central place, and have other software consume them.
These 'events' might be informational or an error that has been hit.
Not huge volume, but important and very specific info about what has happened.
Like data processing of X data item from Y provider failed because Z reason.
We then want downstream services and guis to be able to subscribe to these 'events'.
Like in the above example, we might care about more providers than others.
Originally we thought this sounds like a logging problem, but I'm having my doubts about that. Realtime/push/apis being the main thing.
The more I dig, the more it sounds like this should be a solved problem and my googling is not helping.
I google event software and get random software to help organise events.
Is this a solved problem? maybe something that sits on top of a logging platform.
https://redd.it/1o44ng1
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Loglens - complete log analysis with easy to learn syntax
hey guys
I recently made a new tool for log analysis.
It allows you to search and query your JSONL files with a more natural language syntax than your usual SQL/jq/grep/awk filters. It has a stats command to get all the important statistics for your files, and a smart TUI that can look into any log file of any size. Much focus has gone into performance and making sure it can parse very large files. It's faster than a standard jq or gunzip pipeline for querying because of the multi core processing. You can read zipped files directly without unzipping them first as well.
It's free to try out so let me know what you think if you find this useful. I'm quick to add new features so if there's something you think the tool should definitely be able to do let me know!
https://redd.it/1o49bge
@r_devops
hey guys
I recently made a new tool for log analysis.
It allows you to search and query your JSONL files with a more natural language syntax than your usual SQL/jq/grep/awk filters. It has a stats command to get all the important statistics for your files, and a smart TUI that can look into any log file of any size. Much focus has gone into performance and making sure it can parse very large files. It's faster than a standard jq or gunzip pipeline for querying because of the multi core processing. You can read zipped files directly without unzipping them first as well.
It's free to try out so let me know what you think if you find this useful. I'm quick to add new features so if there's something you think the tool should definitely be able to do let me know!
https://redd.it/1o49bge
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Need Advice in Upskilling for Network Dev Engineer/Cloud Engineer Positions
Hey y'all, I've been searching the job market for Network Engineering positions and nearly all of them require CI/CD, Terraform or IaC, and Kubernetes experience. Trouble is, coding is my worst skill and I don't use these cloud services in my day job. I can read and understand Python but don't ask me to create something. If I study these core skills will my coding match up to what is needed?
I currently have my CCNA and AWS SAA certifications. But I'm stuck on where to study and skill up in next.
I have considered the following and curious is any of these certifications will give me the core knowledge for those skills in a NDE/Cloud Engineer role.
* Cisco DevNet Associate - seems too Cisco centric
* AWS DevOps - looks like it has core skills for CloudFormation but not Terraform. Maybe CI/CD?
* CKA - I've seen this one pop-up a lot on reddit, only touches on one of the skills
* CCNP-ENCOR with CCSDWI core - SDWAN core certification - network heavy obviously but some API exam topics. After all, it is software-defined.
* If there is a crash course in Python for these skills I'm definitely open to that as well
Any feedback and guidance is appreciated
https://redd.it/1o4b5gt
@r_devops
Hey y'all, I've been searching the job market for Network Engineering positions and nearly all of them require CI/CD, Terraform or IaC, and Kubernetes experience. Trouble is, coding is my worst skill and I don't use these cloud services in my day job. I can read and understand Python but don't ask me to create something. If I study these core skills will my coding match up to what is needed?
I currently have my CCNA and AWS SAA certifications. But I'm stuck on where to study and skill up in next.
I have considered the following and curious is any of these certifications will give me the core knowledge for those skills in a NDE/Cloud Engineer role.
* Cisco DevNet Associate - seems too Cisco centric
* AWS DevOps - looks like it has core skills for CloudFormation but not Terraform. Maybe CI/CD?
* CKA - I've seen this one pop-up a lot on reddit, only touches on one of the skills
* CCNP-ENCOR with CCSDWI core - SDWAN core certification - network heavy obviously but some API exam topics. After all, it is software-defined.
* If there is a crash course in Python for these skills I'm definitely open to that as well
Any feedback and guidance is appreciated
https://redd.it/1o4b5gt
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Overemployed Setup. Share your equipment, audio streams, and KVM options.
I'm thinking about how to improve my setup to be more comfortable managing both jobs, maybe even getting another one.
I'd like to know the setups of my more experienced overemployed friends. What do they use and how do they use them? Do they listen to everything through the same headset? Do they use a sound mixer? Do they have a dedicated microphone for each job? Do they use a KVM switch?
https://redd.it/1o4dp05
@r_devops
I'm thinking about how to improve my setup to be more comfortable managing both jobs, maybe even getting another one.
I'd like to know the setups of my more experienced overemployed friends. What do they use and how do they use them? Do they listen to everything through the same headset? Do they use a sound mixer? Do they have a dedicated microphone for each job? Do they use a KVM switch?
https://redd.it/1o4dp05
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Stop losing customers to slow load times. What's you worst bounce rate experience ?
Hii,You guys!
I want to share something with you all, for months my co-founder and i were really really losing our minds. we did spend serious money on Google Ads to bring people to our store and What! only to watch them bounce before the product image even loaded fully. We were literally paying for traffic just to frustrate people. We really tried every possible complicated speed plugin its either broke our site or made zero difference.
We eventually got so damn fed up that we decided to build the thing we actually needed and created "Website Speedy" tool because we were tried of being tied up knots over speed optimization. If your site is moving slowly, you're not just annoying the customers but you're throwing money away on Ads.
Okay has anyone else been absolutely by slow load times? And What was your biggest 'I quit' moment ? Tell me.
https://redd.it/1o4fzyk
@r_devops
Hii,You guys!
I want to share something with you all, for months my co-founder and i were really really losing our minds. we did spend serious money on Google Ads to bring people to our store and What! only to watch them bounce before the product image even loaded fully. We were literally paying for traffic just to frustrate people. We really tried every possible complicated speed plugin its either broke our site or made zero difference.
We eventually got so damn fed up that we decided to build the thing we actually needed and created "Website Speedy" tool because we were tried of being tied up knots over speed optimization. If your site is moving slowly, you're not just annoying the customers but you're throwing money away on Ads.
Okay has anyone else been absolutely by slow load times? And What was your biggest 'I quit' moment ? Tell me.
https://redd.it/1o4fzyk
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
What's the one of your project you're most proud of, even if it never got a ton of traction ?
Hii guys!
I have been working on a speed optimization tool ( Website Speedy ) and truthfully it can be a real grind some days and it got me thinking about all the other developers out there.
What's a project you poured your heart into? Share some of your story whether it's a website, cool command line tool, a game whatever and what you built and why it matters to you ?
https://redd.it/1o4ioo0
@r_devops
Hii guys!
I have been working on a speed optimization tool ( Website Speedy ) and truthfully it can be a real grind some days and it got me thinking about all the other developers out there.
What's a project you poured your heart into? Share some of your story whether it's a website, cool command line tool, a game whatever and what you built and why it matters to you ?
https://redd.it/1o4ioo0
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
How do you test IaC nginx configs in CI before deploying?
Our team would like to store nginx configs in git and deploy them via Gitlab CI/CD + Ansible. That idea sounds pretty smart to me as it helps to follow and check any changes we want to make in nginx configs and with proper checking process it should reduce amount of errors.
My first impulse was to pass changed configs into nginx docker container in CI job and run nginx -t in it but heres a problem that I have bumped into: you cant check configs without failure if you have not exact same copy of files that you are including into configs, for example snippets, keys and etc. But this is a sensitive information and I dont want to reflect secrets in git however I also cant ignore those included files in configs because I'm going to deploy them in later stage of pipeline. My stupid idea is to store empty dummy files which nginx could open without failures so we can check syntax of configs and deploy them if checks are passed.
Im not sure that this solution is optimal. GPT gives me the same solution but maybe I could find any brilliant idea here or just learn something new. So how do you keep nginx in IaC? Do you just write new configs and instantly deploy them or do you check them beforehand and if yes how do you do that?
https://redd.it/1o4imsf
@r_devops
Our team would like to store nginx configs in git and deploy them via Gitlab CI/CD + Ansible. That idea sounds pretty smart to me as it helps to follow and check any changes we want to make in nginx configs and with proper checking process it should reduce amount of errors.
My first impulse was to pass changed configs into nginx docker container in CI job and run nginx -t in it but heres a problem that I have bumped into: you cant check configs without failure if you have not exact same copy of files that you are including into configs, for example snippets, keys and etc. But this is a sensitive information and I dont want to reflect secrets in git however I also cant ignore those included files in configs because I'm going to deploy them in later stage of pipeline. My stupid idea is to store empty dummy files which nginx could open without failures so we can check syntax of configs and deploy them if checks are passed.
Im not sure that this solution is optimal. GPT gives me the same solution but maybe I could find any brilliant idea here or just learn something new. So how do you keep nginx in IaC? Do you just write new configs and instantly deploy them or do you check them beforehand and if yes how do you do that?
https://redd.it/1o4imsf
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Diagram tools
Hi everyone, which diagram tools you use to create infrastructure diagrams? I personally like Lucid but it’s not free, alternative is Draw.io but it feels outdated. Which diagram tools would you recommend?
https://redd.it/1o4lbp8
@r_devops
Hi everyone, which diagram tools you use to create infrastructure diagrams? I personally like Lucid but it’s not free, alternative is Draw.io but it feels outdated. Which diagram tools would you recommend?
https://redd.it/1o4lbp8
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
AI tools in DevOps
Hi all, I am just wondering how AI tools are adopted in your DevOps teams? I feel like DevOps is critical role and tool(s) selection is crucial. In my team, on a enterprise client project, we’re limited to GitHub copilot, but I see a lot of cool AI tools that might help in everyday tasks. One good example that I miss from my previous project is OpenCommit which generates commit messages using AI. Are you currently using any AI tools and how?
https://redd.it/1o4m4u6
@r_devops
Hi all, I am just wondering how AI tools are adopted in your DevOps teams? I feel like DevOps is critical role and tool(s) selection is crucial. In my team, on a enterprise client project, we’re limited to GitHub copilot, but I see a lot of cool AI tools that might help in everyday tasks. One good example that I miss from my previous project is OpenCommit which generates commit messages using AI. Are you currently using any AI tools and how?
https://redd.it/1o4m4u6
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
How’s the DevOps/SRE job market in India right now for experienced folks?
Hey folks,
Just wanted to check how the job scene’s been lately for people with 10+ years of experience in DevOps/SRE.
I’ve got around 13 years of hands-on experience across IaC, CI/CD, cloud platforms, automation, and monitoring. But honestly, I haven’t been getting as many interview calls lately.
I’m based in a city that’s mostly full of service-based companies, so I’ve been actively looking for remote opportunities, ideally with product-based or global companies.
Curious to know —
• How’s the market looking for senior DevOps/SRE roles?
• Are remote jobs still a thing for Indian engineers?
• Any tips on improving visibility — like where to look, how to get noticed, certifications that actually help, or any job boards that work?
Would love to hear how others are navigating this phase.
https://redd.it/1o4pwsv
@r_devops
Hey folks,
Just wanted to check how the job scene’s been lately for people with 10+ years of experience in DevOps/SRE.
I’ve got around 13 years of hands-on experience across IaC, CI/CD, cloud platforms, automation, and monitoring. But honestly, I haven’t been getting as many interview calls lately.
I’m based in a city that’s mostly full of service-based companies, so I’ve been actively looking for remote opportunities, ideally with product-based or global companies.
Curious to know —
• How’s the market looking for senior DevOps/SRE roles?
• Are remote jobs still a thing for Indian engineers?
• Any tips on improving visibility — like where to look, how to get noticed, certifications that actually help, or any job boards that work?
Would love to hear how others are navigating this phase.
https://redd.it/1o4pwsv
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
How to bootstrap argoCD cluster with Bitwarden as a secrets manager?
So, to start things off I'm relatively new to DevOps and GitOps. I'm trying to initialize an argoCD cluster using the declarative approach. As you know, argoCD has a application spec repository whose credentials it needs to bootstrap because that's where the config files are. After reading the docs I found out the external secrets operator server needs to run HTTPS (and it recommends cert-manager for this). So, I'm trying to initialze the cluster with argoCD configs, sealed secrets and an ESO to get the secrets BUT the ESO needs https which again is cert-manager. So, other than manually installing the cert-manager outside of argo and setting it up that way how would I do it? I'm also thinking just putting secrets in a sealed secret without an ESO to bootstrap argo first and then install everything else. If I missed anything please let me know.
https://redd.it/1o4sacp
@r_devops
So, to start things off I'm relatively new to DevOps and GitOps. I'm trying to initialize an argoCD cluster using the declarative approach. As you know, argoCD has a application spec repository whose credentials it needs to bootstrap because that's where the config files are. After reading the docs I found out the external secrets operator server needs to run HTTPS (and it recommends cert-manager for this). So, I'm trying to initialze the cluster with argoCD configs, sealed secrets and an ESO to get the secrets BUT the ESO needs https which again is cert-manager. So, other than manually installing the cert-manager outside of argo and setting it up that way how would I do it? I'm also thinking just putting secrets in a sealed secret without an ESO to bootstrap argo first and then install everything else. If I missed anything please let me know.
https://redd.it/1o4sacp
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
How to totally manage GitHub with Terraform/OpenTofu?
Basically all I need to do is like create Teams, permissions, Repositories, Branching & merge strategy, Projects (Kanban) in terraform or opentofu. How can I test it out at the first hand before testing with my org account. As we are up for setting up for a new project, thought we could manage all these via github providers.
https://redd.it/1o4s1nl
@r_devops
Basically all I need to do is like create Teams, permissions, Repositories, Branching & merge strategy, Projects (Kanban) in terraform or opentofu. How can I test it out at the first hand before testing with my org account. As we are up for setting up for a new project, thought we could manage all these via github providers.
https://redd.it/1o4s1nl
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Centralizing GitHub repo deployments with environment variables and secrets: what is the best strategy?
I have somewhere 30+ repos that use a
I am thinking about "consolidating" it such that:
- There is a single repo that serves as the "deployment code" for other repos
- Other repos will connect and use the
Is this a viable approach? Additionally, if I check out two times to both repo, will the connection to the service originated from the child repo, or the template repo?
Any other thought is appreciated.
https://redd.it/1o506dx
@r_devops
I have somewhere 30+ repos that use a
.py noscript to deploy the code via GitHub Actions. The .py file is the same in every repo, except the passed environment variables and secrets from GitHub Repository configuration. Nevertheless, there exists a hassle to change all repos after every change made to the .py file. But it wasn't too much of work until now that I decide to tackle it.I am thinking about "consolidating" it such that:
- There is a single repo that serves as the "deployment code" for other repos
- Other repos will connect and use the
.py file in that template repo to deploy codeIs this a viable approach? Additionally, if I check out two times to both repo, will the connection to the service originated from the child repo, or the template repo?
Any other thought is appreciated.
https://redd.it/1o506dx
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Built a Claude Code plugin for Google Genkit with 6 commands + VS Code extension
I built a plugin that adds /genkit-init, /genkit-run, /genkit-flow (with RAG/Chat/Tool templates), /genkit-deploy, and /genkit-doctor commands.
Also published a VS Code extension with the same features + code snippets and a Genkit Explorer sidebar.
Quick install:
• Claude Code: /plugin marketplace add https://github.com/amitpatole/claude-genkit-plugin.git
• VS Code: ext install amitpatole.genkit-vscode
Supports TypeScript, JS, Go, Python. Works with Claude, Gemini, GPT, and local models. Deploys to Cloud Run, Vercel, Docker, etc. Comes with a specialized @genkit-assistant that knows Genkit inside-out.
Built 34 plugins total (test generation, monitoring, image/audio/video, vector DBs, etc.) - all MIT licensed.
GitHub: https://github.com/amitpatole/claude-genkit-plugin
Would love feedback from the community!
https://redd.it/1o51vkq
@r_devops
I built a plugin that adds /genkit-init, /genkit-run, /genkit-flow (with RAG/Chat/Tool templates), /genkit-deploy, and /genkit-doctor commands.
Also published a VS Code extension with the same features + code snippets and a Genkit Explorer sidebar.
Quick install:
• Claude Code: /plugin marketplace add https://github.com/amitpatole/claude-genkit-plugin.git
• VS Code: ext install amitpatole.genkit-vscode
Supports TypeScript, JS, Go, Python. Works with Claude, Gemini, GPT, and local models. Deploys to Cloud Run, Vercel, Docker, etc. Comes with a specialized @genkit-assistant that knows Genkit inside-out.
Built 34 plugins total (test generation, monitoring, image/audio/video, vector DBs, etc.) - all MIT licensed.
GitHub: https://github.com/amitpatole/claude-genkit-plugin
Would love feedback from the community!
https://redd.it/1o51vkq
@r_devops
GitHub
GitHub - amitpatole/claude-genkit-plugin: Firebase Genkit Plugin for Claude Code
Firebase Genkit Plugin for Claude Code. Contribute to amitpatole/claude-genkit-plugin development by creating an account on GitHub.
AWS to GCP Migration Case Study: Zero-Downtime ECS to GKE Autopilot Transition, Secure VPC Design, and DNS Lessons Learned
Just wrapped up a hands-on AWS to GCP migration for a startup, swapping ECS for GKE Autopilot, S3 for GCS, RDS for Cloud SQL, and Route 53 for Cloud DNS across dev and prod environments. We achieved near-zero downtime using Database Migration Service (DMS) with continuous replication (32 GB per environment) and phased DNS cutovers, though we did run into a few interesting SSL validation issues with Ingress.
Key wins:
* Strengthened security with private VPC subnets, public subnets backed by Cloud NAT, and SSL-enforced Memorystore Redis.
* Bastion hosts restricted to debugging only.
* GitHub Actions CI/CD integrated via Workload Identity Federation for frictionless deployments.
If you’re planning a similar lift-and-shift, check out the full step-by-step breakdown and architecture diagrams in my latest Medium article.
[Read the full article on Medium](https://medium.com/@rasvihostings/migrating-a-startup-from-aws-to-gcp-a-step-by-step-journey-efeb2bc20334)
What migration war stories do you have? Did you face challenges with Global Load Balancer routing or VPC peering?
I’d love to hear how others navigated the classic “chicken-and-egg” DNS swap problem.
**(I led this project happy to answer any questions!)**
https://redd.it/1o5044g
@r_devops
Just wrapped up a hands-on AWS to GCP migration for a startup, swapping ECS for GKE Autopilot, S3 for GCS, RDS for Cloud SQL, and Route 53 for Cloud DNS across dev and prod environments. We achieved near-zero downtime using Database Migration Service (DMS) with continuous replication (32 GB per environment) and phased DNS cutovers, though we did run into a few interesting SSL validation issues with Ingress.
Key wins:
* Strengthened security with private VPC subnets, public subnets backed by Cloud NAT, and SSL-enforced Memorystore Redis.
* Bastion hosts restricted to debugging only.
* GitHub Actions CI/CD integrated via Workload Identity Federation for frictionless deployments.
If you’re planning a similar lift-and-shift, check out the full step-by-step breakdown and architecture diagrams in my latest Medium article.
[Read the full article on Medium](https://medium.com/@rasvihostings/migrating-a-startup-from-aws-to-gcp-a-step-by-step-journey-efeb2bc20334)
What migration war stories do you have? Did you face challenges with Global Load Balancer routing or VPC peering?
I’d love to hear how others navigated the classic “chicken-and-egg” DNS swap problem.
**(I led this project happy to answer any questions!)**
https://redd.it/1o5044g
@r_devops
Medium
Migrating a Startup from AWS to GCP: A Step-by-Step Journey
In the fast-paced world of startups, cloud infrastructure decisions can make or break scalability and cost efficiency. Recently, our team…
Getting pushback on agent deployment for security tools
Our infra team is losing their minds over the number of agents we're being asked to deploy. Performance monitoring, vulnerability scanning, compliance checks, runtime protection. Each vendor wants their own agent installed everywhere.
Management keeps asking why we can't just use agentless security solutions instead. I get the appeal but wondering about coverage gaps.
What's everyone's experience with agentless vs agent-based approaches? Are we missing critical visibility without agents?
https://redd.it/1o54mnq
@r_devops
Our infra team is losing their minds over the number of agents we're being asked to deploy. Performance monitoring, vulnerability scanning, compliance checks, runtime protection. Each vendor wants their own agent installed everywhere.
Management keeps asking why we can't just use agentless security solutions instead. I get the appeal but wondering about coverage gaps.
What's everyone's experience with agentless vs agent-based approaches? Are we missing critical visibility without agents?
https://redd.it/1o54mnq
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community
Dealing with fake traffic on NGINX instance
Hi, didn't know what subreddit to use for this; hopefully, there will be people with relatable experience here.
My nginx instance (reverse-proxying multiple services) was recently hit with a flood of, idk, DDoS attacks? Doesn't make a lot of sense, because my stuff is irrelevant to anybody, but it did cause CPU usage alarms on otherwise calm VPSs. I played with fail2ban, added some filters, and the biggest offenders are now banned.
However, it caused me to look closer at my access.log, and I don't like what I'm seeing still. Requests every 1-2 second on average, IPs are always different and come from all over the world, and they clearly show signs of scraping. I don't like that, is there a way to get rid of that? I have my limit_req setup (but it's tricky, since in testing, I haven't been able to distinguish between wget -r and a user hitting F5 multiple times, so I'd like to get rid of that), and User-Agent filtering, but as you can see, those are legit-looking User-Agents:
2025-10-13T02:06:48+00:00 - 200 - 14.188.178.49 - GET /config-links/commit/test/unit/dest/1.txt?follow=1 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
2025-10-13T02:06:49+00:00 - 200 - 66.249.79.206 - GET /cmake-common/tree/project/__init__.py?id=8534a341eba07fba8fe3a3eadfbe0e9be2072065 HTTP/1.1 - Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.7339.207 Mobile Safari/537.36 (compatible; GoogleOther)
2025-10-13T02:06:49+00:00 - 200 - 201.69.206.43 - GET /math-server/plain/test/benchmarks/lexer.cpp?id=6aac08009254909aab3e0359f3ad7ab4e87a91e9 HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
2025-10-13T02:06:50+00:00 - 200 - 45.175.114.54 - GET /windows-home/diff/%25APPDATA%25/ghc/ghci.conf?follow=1&id=e87414387fe6060b81955b31376136ca1cb8a8eb HTTP/1.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36
2025-10-13T02:06:51+00:00 - 200 - 45.234.17.16 - GET /maintenance/tree/inventory.ini?h=old&id=c3af9ee6eafe56c4be78bf6c356c789255d27a08 HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36
2025-10-13T02:06:54+00:00 - 200 - 66.249.79.206 - GET /winapi-common/log/?id=3a75e40fa6d92cea4b908fe537831219186cd0f0 HTTP/1.1 - Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.7339.207 Mobile Safari/537.36 (compatible; GoogleOther)
2025-10-13T02:06:54+00:00 - 200 - 14.175.66.1 - GET /cmake-common/log/examples?follow=1&h=v0.1&id=795dd9e87e44d1c49f160cd003cdde4113ee8247 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
2025-10-13T02:06:57+00:00 - 200 - 14.191.94.42 - GET /config-links/log/Makefile?follow=1&h=debian&id=51d1d3010aeadf2bd9da82aaa549bd7a6f2632ed HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
2025-10-13T02:07:03+00:00 - 200 - 191.219.191.160 - GET /blog/diff/Gemfile?id=59114a1dfa1c71c285443b183a61e9639fb4edff HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/89.0.4389.72 Safari/537.36
2025-10-13T02:07:10+00:00 - 200 - 45.187.141.12 - GET /linux-home/diff/.minttyrc?h=macos&id=0778b117c0f5949dc65340185cc35d0b1db560d9 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36
2025-10-13T02:07:11+00:00 - 200 - 113.176.179.2 - GET /jekyll-docker/log/?id=7d1824a5fac0ed483bc49209bbd89f564a7bcefe HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/88.0.4324.96 Safari/537.36
2025-10-13T02:07:12+00:00 - 301 -
Hi, didn't know what subreddit to use for this; hopefully, there will be people with relatable experience here.
My nginx instance (reverse-proxying multiple services) was recently hit with a flood of, idk, DDoS attacks? Doesn't make a lot of sense, because my stuff is irrelevant to anybody, but it did cause CPU usage alarms on otherwise calm VPSs. I played with fail2ban, added some filters, and the biggest offenders are now banned.
However, it caused me to look closer at my access.log, and I don't like what I'm seeing still. Requests every 1-2 second on average, IPs are always different and come from all over the world, and they clearly show signs of scraping. I don't like that, is there a way to get rid of that? I have my limit_req setup (but it's tricky, since in testing, I haven't been able to distinguish between wget -r and a user hitting F5 multiple times, so I'd like to get rid of that), and User-Agent filtering, but as you can see, those are legit-looking User-Agents:
2025-10-13T02:06:48+00:00 - 200 - 14.188.178.49 - GET /config-links/commit/test/unit/dest/1.txt?follow=1 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36
2025-10-13T02:06:49+00:00 - 200 - 66.249.79.206 - GET /cmake-common/tree/project/__init__.py?id=8534a341eba07fba8fe3a3eadfbe0e9be2072065 HTTP/1.1 - Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.7339.207 Mobile Safari/537.36 (compatible; GoogleOther)
2025-10-13T02:06:49+00:00 - 200 - 201.69.206.43 - GET /math-server/plain/test/benchmarks/lexer.cpp?id=6aac08009254909aab3e0359f3ad7ab4e87a91e9 HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
2025-10-13T02:06:50+00:00 - 200 - 45.175.114.54 - GET /windows-home/diff/%25APPDATA%25/ghc/ghci.conf?follow=1&id=e87414387fe6060b81955b31376136ca1cb8a8eb HTTP/1.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.7113.93 Safari/537.36
2025-10-13T02:06:51+00:00 - 200 - 45.234.17.16 - GET /maintenance/tree/inventory.ini?h=old&id=c3af9ee6eafe56c4be78bf6c356c789255d27a08 HTTP/1.1 - Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36
2025-10-13T02:06:54+00:00 - 200 - 66.249.79.206 - GET /winapi-common/log/?id=3a75e40fa6d92cea4b908fe537831219186cd0f0 HTTP/1.1 - Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.7339.207 Mobile Safari/537.36 (compatible; GoogleOther)
2025-10-13T02:06:54+00:00 - 200 - 14.175.66.1 - GET /cmake-common/log/examples?follow=1&h=v0.1&id=795dd9e87e44d1c49f160cd003cdde4113ee8247 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
2025-10-13T02:06:57+00:00 - 200 - 14.191.94.42 - GET /config-links/log/Makefile?follow=1&h=debian&id=51d1d3010aeadf2bd9da82aaa549bd7a6f2632ed HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
2025-10-13T02:07:03+00:00 - 200 - 191.219.191.160 - GET /blog/diff/Gemfile?id=59114a1dfa1c71c285443b183a61e9639fb4edff HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/89.0.4389.72 Safari/537.36
2025-10-13T02:07:10+00:00 - 200 - 45.187.141.12 - GET /linux-home/diff/.minttyrc?h=macos&id=0778b117c0f5949dc65340185cc35d0b1db560d9 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_16_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36
2025-10-13T02:07:11+00:00 - 200 - 113.176.179.2 - GET /jekyll-docker/log/?id=7d1824a5fac0ed483bc49209bbd89f564a7bcefe HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 11_0_1) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/88.0.4324.96 Safari/537.36
2025-10-13T02:07:12+00:00 - 301 -
149.100.11.243 - GET / HTTP/1.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36
2025-10-13T02:07:14+00:00 - 200 - 190.12.104.161 - GET /cmake-common/plain/.clang-format?h=v3.2&id=0282c2b54f79fa9063e03443369adfe1bc331eaf HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36
2025-10-13T02:07:16+00:00 - 200 - 179.222.178.65 - GET /cmake-common/commit/toolchains/boost?h=v3.4&id=37b051e99fc6b0706f5dc4b2f01dbbbb9b96355a HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/79.0.3945.88 Safari/537.36
2025-10-13T02:07:17+00:00 - 200 - 66.249.79.193 - GET /cgitize/diff/?h=v2.1.0&id=8d2422274ae948f7412b6960597f5de91f3d8830 HTTP/1.1 - Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.7339.207 Mobile Safari/537.36 (compatible; GoogleOther)
2025-10-13T02:07:17+00:00 - 200 - 179.49.32.156 - GET /config-links/diff/debian/changelog?h=debian%2Fv2.0.3-5&id=0a4df2ead72546cca8328581b1b41b172b83e769 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
2025-10-13T02:07:17+00:00 - 200 - 14.231.40.70 - GET /vk-noscripts/commit/vk/utils?h=v1.0.1&id=ee7a170df79287aac3bccfead716377ec8600c5c HTTP/1.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
2025-10-13T02:07:18+00:00 - 200 - 113.177.166.37 - GET /wireguard-config/plain/.ruby-version?id=ab97b021462809453a38b4f6b87944acd00d51b9 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/84.0.4147.125 Safari/537.36
2025-10-13T02:07:19+00:00 - 200 - 177.141.68.37 - GET /infra-terraform/log/.gitattributes?follow=1&h=v1.2.0&id=78dd4f3cc9d408df69fac270860b283e310fe379 HTTP/1.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4950.0 Iron Safari/537.36
2025-10-13T02:07:19+00:00 - 200 - 124.243.188.173 - GET /sorting-algorithms/commit/Gemfile?h=migration&id=9b3e6d409340369a6b450e997723f773f0aa3505&follow=1 HTTP/2.0 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Edg/101.0.1210.47
(The log format I use is customized, I don't like the default one. Google bot is fine.) Any tips? Like, set up a reCAPTCHA or something?
https://redd.it/1o57jqx
@r_devops
2025-10-13T02:07:14+00:00 - 200 - 190.12.104.161 - GET /cmake-common/plain/.clang-format?h=v3.2&id=0282c2b54f79fa9063e03443369adfe1bc331eaf HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36
2025-10-13T02:07:16+00:00 - 200 - 179.222.178.65 - GET /cmake-common/commit/toolchains/boost?h=v3.4&id=37b051e99fc6b0706f5dc4b2f01dbbbb9b96355a HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/79.0.3945.88 Safari/537.36
2025-10-13T02:07:17+00:00 - 200 - 66.249.79.193 - GET /cgitize/diff/?h=v2.1.0&id=8d2422274ae948f7412b6960597f5de91f3d8830 HTTP/1.1 - Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/140.0.7339.207 Mobile Safari/537.36 (compatible; GoogleOther)
2025-10-13T02:07:17+00:00 - 200 - 179.49.32.156 - GET /config-links/diff/debian/changelog?h=debian%2Fv2.0.3-5&id=0a4df2ead72546cca8328581b1b41b172b83e769 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.109 Safari/537.36
2025-10-13T02:07:17+00:00 - 200 - 14.231.40.70 - GET /vk-noscripts/commit/vk/utils?h=v1.0.1&id=ee7a170df79287aac3bccfead716377ec8600c5c HTTP/1.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36
2025-10-13T02:07:18+00:00 - 200 - 113.177.166.37 - GET /wireguard-config/plain/.ruby-version?id=ab97b021462809453a38b4f6b87944acd00d51b9 HTTP/1.1 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Brave Chrome/84.0.4147.125 Safari/537.36
2025-10-13T02:07:19+00:00 - 200 - 177.141.68.37 - GET /infra-terraform/log/.gitattributes?follow=1&h=v1.2.0&id=78dd4f3cc9d408df69fac270860b283e310fe379 HTTP/1.1 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4950.0 Iron Safari/537.36
2025-10-13T02:07:19+00:00 - 200 - 124.243.188.173 - GET /sorting-algorithms/commit/Gemfile?h=migration&id=9b3e6d409340369a6b450e997723f773f0aa3505&follow=1 HTTP/2.0 - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36 Edg/101.0.1210.47
(The log format I use is customized, I don't like the default one. Google bot is fine.) Any tips? Like, set up a reCAPTCHA or something?
https://redd.it/1o57jqx
@r_devops
Reddit
From the devops community on Reddit
Explore this post and more from the devops community