This article is a great explanation of the details. To explain.. no, too much. To sum up:

• Go to Google Fonts and browse around and select ones you like, then click the bar in the footer to get an installation guide. This generated link is the important part:
  • https://fonts.googleapis.com/css?family=Lato|Montserrat|Oswald|Quicksand|Roboto
  • Because it is a “heavy thing”, I pared that list down to Montserrat for paragraph text and Quicksand for headings.
• Put one-shot loading of the link into functions.php (details on wiki); example:

function custom_add_google_fonts() {  
    wp_enqueue_style( 
        'custom-google-fonts', 
        'https://fonts.googleapis.com/css?family=Montserrat|Quicksand',
        false 
    );  
}  
add_action( 'wp_enqueue_scripts', 'custom_add_google_fonts' );

• Specify the style in CSS (details on wiki):

body {  font-family: Montserrat, sans-serif;  font-weight: normal;  }
#content h2 {  font-family: Quicksand, sans-serif;  font-weight: bold;  }

Today I updated my gentoo server’s eselected PHP from 5.6 to 7.2 and wordpress phabricator and mediawiki didn’t even hiccup. WordPress went from a steaming pile of stubborn version upgrade refusal right back into line. I used mysqldump to back up all my databases, less than a GB. I git pulled phabricator’s stable branch (updated weekly from master) and ran a boatload of database patches that went smooth as coconut milkfat. I git-skipped the .arcconfig files so i could just update them in place. OK… why did that all just work?

Update: I went ahead and made the phabricator-recommended changes to mysql and PHP, including installing a PHP memory-based cache:

emerge -DavuN dev-php/pecl-apcu

And that, of course, cascaded me into a gentoo server update.

• first I had to [emerge -av glibc] as it was ancient
• do not put comments in [/etc/portage/package.use/zzz_autounmask]
• used advice from gentoo perl docs:

emerge -uDNav --with-bdeps=y --backtrack=100 --autounmask-keep-masks=y @world

And away we go…

UPDATE: ok these are a few more of my “favorite” things…

• mediawiki required an update, I had to manually tweak my multi-site LocalSettings overrides since some themes were removed, and some were added.
• I decided to go through all the phabricator tweaks that it complains about.
• I fell into an update of my fork of Simple Web Server, not really related except that it was YA deep rabbit hole.
• Files served up were made real pretty with this; I had to tweak the .htaccess to make it correctly mo safe.
• Moving to boost 1_69_0 was actually a lot of (CPU) work.
• While I was moving things around, I set up a nice git flow for my stock app, with branches:
  • develop
    • feature/postgress-archive
    • refactor/use-archive-db
  • master
    • release/1.55.41-pre-archive-database

Sometimes you just gotta stop and have a bump…

One deep dive with haproxy and I have handed it complete control of all my certificates.

* One bind statement with every single cert file I own, and haproxy is instantly handling every host’s SSL handshaking using SNI
* It is handling dynamic conversion of http requests to https
* It has removed the need for https on any webserver on the secured LAN
* It allows incredibly flexible load balancing via host, port, url, etc etc
* It is easy to set up to use ssl best practices, so every one of your websites instantly gets A+ ratings on ssl labs

Unbelievable, I’m stunned.

Here’s all I needed to get ssl labs A+ ratings:

global

    # MDM NO SSLv3!  Good ciphers!
    ssl-default-bind-options no-sslv3 no-tls-tickets force-tlsv12
    ssl-default-bind-ciphers AES128+EECDH:AES128+EDH

frontend ....

  # MDM We need to provide an HSTS header to get A+ at ssllabs!
  http-response set-header Strict-Transport-Security max-age=16000000;\ includeSubDomains;\ preload;
      
  reqadd X-Forwarded-Proto:\ https

Also needed this in wordpress wp-config.php:

if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false)
       $_SERVER['HTTPS']='on';

Testing my chatter toggle, I decided to make my blog work again.