The trick to get your wordpress behind a reverse proxy

I have been meaning to get this blog SSL protected for a while and since solution like letsencrypt makes it easy I have generated some SSL keys for my domain  and configured it in apache.

So far so good, but the thing is my VM at my hosting provider is pretty small and I have been using varnish for quite some time or I would get out of memory quickly some the kernel OOM killer kicking[1] it.

Varnish don’t do SSL so you have to do something else, I went ahead and used Nginx to provide my SSL endpoint which then would look like this :

nginx-varnish-apache

I could have done it with apache virtualhosts which look like this :

apache-virtualhosts-varnish-ssl

I went finally for nginx since most people seems to say that it was more lean and quick for those kick of ssl accelerator job.

So far so good for the configuration, you can find those informations all over the internet, the nginx ssl configuration was a bit special so I can have the higher secure end of SSL encryption :

Now the thing didn’t work very well when accessing the website, I could not see any of th medias including JS and SSL since they were served on the old non ssl url. I tried to force the wordpress configuration to serve SSL but I would end up in a http redirect loop.

Finally I stumbled on this guy blog and looked at a hack to put in the wp-config.php file. I streamlined it to :

    
if ( (!empty( $_SERVER['HTTP_X_FORWARDED_HOST'])) ||
     (!empty( $_SERVER['HTTP_X_FORWARDED_FOR'])) ) {
    $_SERVER['HTTPS'] = 'on';
}
    

and that’s it, wordpress would then understand it would serve as HTTPS and would add its https url properly.

Hope this helps

[1] I had even a cron sometime ago to mysqlping my mysql server and restart it automatically if it was down since I was so sick of it

XMPP notification for irssi running in a screen on a remote host

Like a lot of people I have my irssi on a server in a screen. This has
been working great so far but my only concerns are the notifications
on the desktop when something happening.

Over the time I have found some different solution with mitigated
results for me :

– Use fanotify script with the libnotify-bin and SSH like mentioned here.

– Setup your irssi (or other) as irc proxy bouncer and connect with
your desktop client (like xchat) to get notification.

The fanotify is kind of very hacky on a laptop with intermittent
connection and having a cron doing a ssh every minutes or so is not
ideal, not talking about no passphrase ssh key or having to snoop the
SSH_AGENT variable to connect without password.

The via proxy method is not my thing and I don’t feel like having
xchat open all the time just for it and I anyway usually forget to
launch it.

My solution is to have a plugin for irssi notify me via XMPP if there
is a direct message addressed to me. I usually get my pidgin or gmail
alway open and if i don’t since it goes to a gmail account I got gmail
sending me an email about it.

You can find all the information about the install and configuration
here :

http://github.com/chmouel/irssi-xmpp-notify

Looking for a flat to rent in Paris?

The Living Room
The Living Room

I have a Friend renting a nice flat  in the center of Paris for short and middle term since I have a lot of friends/colleagues asking me about the best and the cheapest place  to stay in Paris I thought to reference her ads here :

CHARMING APARTMENT TO RENT IN LE MARAIS – BEAUBOURG

Located in the Beaubourg – Le Marais area, this apartment is very well-situated in the historical heart of Paris: five minutes away from Pompidou Center and Châtelet-Les Halles underground station.

Into a 18th Century building, this bright and quiet apartment will let you enjoy the great life of Paris whilst providing you with an intimate and soft nest to relax in.

Discover this charming one bedroom apartment and feel at home

Check the website here for more information :

www.parisrentapart.fr

Netapp sue Sun

This is fun, theses two CEO of theses big companies are dog fighting each others :

Dave post:

http://blogs.netapp.com/dave/2007/09/netapp-sues-sun.html

Johanthan answer:

http://blogs.sun.com/jonathan/entry/on_patent_trolling

but the real (fake) truth about that post is here :

http://fakeschwartz.blogspot.com/2007/09/bring-it-cowboy.html

I tend to believe more NetAPP in this case, just because i don’t know how many time i have sweared on that bloody ps -aux that does not work on solaris.

chmouel.com is moved.

I have finally changed chmouel.com over a new provider. The new
provider is called WebHost and i got a VPS with 50GB of
bandwith and 2GB of storage for 10US$ a month.

My first task was to compile python2.4 on that box which look like
it’s based on RH7.3 with heavy customization. Hopefully python really can compile everywhere.

I would like to thanks Vincent Danen for all his free hosting
during all theses years. He has been answering me every
questions i had and provided me a nice hosting for all theses years i was in travel.
I hope to pass by Alberta one day and invite him for the couples
of hundred beers that i own him now.

So now that i have a private server what can i do with that ? not too
much since webdev is not my hobbies (i have to do that at work and i
find it a pain in the a***), but well it’s cool to have a ssh
from everywhere in the world.

X86_64

On X86_64 VM Emulation works way better with Xen 3.0 than with Vmware. Xen is pretty awesome compared to Vmware for my use. The only thing i have to figure out is how to get rpmstrap get it workin on Debian base system.