The trick to get your wordpress behind a reverse proxy

I have been meaning to get this blog SSL protected for a while and since solution like letsencrypt makes it easy I have generated some SSL keys for my domain  and configured it in apache.

So far so good, but the thing is my VM at my hosting provider is pretty small and I have been using varnish for quite some time or I would get out of memory quickly some the kernel OOM killer kicking[1] it.

Varnish don’t do SSL so you have to do something else, I went ahead and used Nginx to provide my SSL endpoint which then would look like this :

nginx-varnish-apache

I could have done it with apache virtualhosts which look like this :

apache-virtualhosts-varnish-ssl

I went finally for nginx since most people seems to say that it was more lean and quick for those kick of ssl accelerator job.

So far so good for the configuration, you can find those informations all over the internet, the nginx ssl configuration was a bit special so I can have the higher secure end of SSL encryption :

Now the thing didn’t work very well when accessing the website, I could not see any of th medias including JS and SSL since they were served on the old non ssl url. I tried to force the wordpress configuration to serve SSL but I would end up in a http redirect loop.

Finally I stumbled on this guy blog and looked at a hack to put in the wp-config.php file. I streamlined it to :

    
if ( (!empty( $_SERVER['HTTP_X_FORWARDED_HOST'])) ||
     (!empty( $_SERVER['HTTP_X_FORWARDED_FOR'])) ) {
    $_SERVER['HTTPS'] = 'on';
}
    

and that’s it, wordpress would then understand it would serve as HTTPS and would add its https url properly.

Hope this helps

[1] I had even a cron sometime ago to mysqlping my mysql server and restart it automatically if it was down since I was so sick of it

Dealing with yaml in Emacs

Sometime ago or at least when I started doing programming in the late 90s XML was all the rage, it promised to be the panacea for everything from data to storage to data presentation and processing. People realised that it was just complexity as Joel Spolski points out an attempt to make the complex seem accessible to ordinary people.. Really people were annoyed to write all those tags as those ‘<‘ and ‘>’ are hard to reach on a qwerty keyboard.

Beginning the new millennia in 2000 the web started to get very popular and things like “web services” popped up everywhere, people realised that actually XML is not that great so started to get a format called Json to get computers talking to each others in a sane manner.

But people realise that json was actually not that great to chat between web services as it was actually designed to serialize objects between programming languages. And really down the line it’s more about the programmers being annoyed by all those { } [ ] brackets

So here came yaml the latest “fashion format” based on the popularity of tab based programming languages.

Most new software lately have been using it, all the containers software ecosystem configure things in yaml so you have to deal with it when you work with them.

I don’t know if I like yaml or not, the only thing i know is that when I have a big ass large yaml file it become quickly unreadable. You have no idea which blocks belong to which one and not sure how many indents you need to add to that block to align to that other one that started 800 lines ago.

This has been driving me crazy as I need to write some large kubernetes/OpenShift yaml files and sometime end up for hours trying to detect where I have my tab alignment.

Some may argue, but you do python and python is tab based. Yeah i have been doing python for the last 10 years and this has never been issue cause first I don’t write kick ass 5000 lines python functions and second the python mode of my editor Emacs is properly configured.

Ah there I say it, the editor needs to be configured properly to have a good workflow so here is Emacs to the rescue to make it bearable (and make that post more productive that another rant from the interweb)

So without further ado and with much fanfare, here is the emacs extension i found to make writing yaml bearable :

Highlight Indentation for Emacs

2016-09-07__09-06-21-543

This mode would give you a visual representation of the current indentation with a bar showing the indentation.

Smart Shift

Make Shift

This mode doesn’t give you a visual but allow you to indent blocks of texts easily. Usually in emacs you would use the Control-C Tab command to indent and prefix it with a number for the number of indent. For example C-u 4 Control-C Tab would indent the text for 4 spaces. Smart shift make things much easier to move around.

Flycheck-mode

Flycheck mode

This is a generics mode you should really configure for all your programming needs, it supports yaml files and will try to validate (with ruby-yaml library) your yaml file and see where you have an error.

aj-toggle-fold

2016-09-07__09-36-55-32078

This is a function I found in a post on stackoverflow (by the author of Highlight-Indentation-for-Emacs) it allow you to folds all code on an indentation level greater than the current line. A great way to show you the current outline of the file.

 

emacs anything with magit

I have been using quite a bit the anything-mode for Emacs, it’s basically a Quicksilver/Alfred or Gnome-do for Emacs and allow to configure a lot of different sources to complete some chosen ‘source’with different actions.

With my work on OpenStack I have found myself jumping a lot between git directories and due configured the variable ‘magit-repo-dirs for easy access to most of them easily.

Plugging those two just seemed natural I had already this in my emacs to quickly open those magit repository directories :

(global-set-key (read-kbd-macro "C-S-o") '(lambda ()(interactive) (dired (magit-read-top-dir nil))))

But going with anything is much nicer and I can add another action for openning the source to  magit so I quickly came up with this magit source :

so now I open my different OpenStack Swift projects quickly with only a few keyboard touch (I bind my custom anything function to C-z) which shows graphically like this :

anything switch to magit dirs.

as always my full emacs config is available here:

http://github.com/chmouel/emacs-config

Rackspace CloudDNS python binding

I have released a python binding to Rackspace CloudDNS here which allow you to create/update/delete domains and records. It’s available on github

https://github.com/rackspace/python-clouddns/

The binding is pretty simple and have unfortunately no documentation (or even tests) but you can figure out most of it from here :

https://github.com/rackspace/python-clouddns/blob/master/tests/t.py

I will be very welcoming pull request that add a bit of documentation.

Installing python-cloudfiles from pypi

I have just uploaded python-cloudfiles to pypi available here

This make things easy to add as a dependence of your project like you can have something like this in your setup.py :

requirements = ['python-cloudfiles']

and it will automatically download it as part of the dependence with easy_install or pip.

cool kids on latest debian/ubuntu can do stuff like this (from python-stdeb package) :

pypi-install python-cloudfiles

which would automatically download the tarball from pypi and install it as a packages (like the way it should be for prod machine!)

If you have a virtualenv environment you can easily do a (needs python-pip package) :

pip -E /usr/local/myvirtualenvroot install python-cloudfiles

and magic would be done to get you on latest python-cloudfiles.

As a bonus side you can browse online the python-cloudfiles library :

http://packages.python.org/python-cloudfiles/


[Update] This has been renamed back to python-cloudfiles please update your setup.py or scripts.

Get latest lyrics of a scrobbled LastFM song

All my music players (Spotify, XBMC, Rythmbox etc…) are scrobbling over lastfm but not all of them display song lyrics properly so I came up with a quick Google AppEngine app that grab the latest or current song scrobbled over  last.fm and display its lyrics. No fancy HTML or javascript just the lyrics displayed for your enjoyment.

This is available here :

http://getlastlastfmlyrics.appspot.com/

for the scripter around you can just get (via curl or other) :

http://getlastlastfmlyrics.appspot.com/?u=username

and it will automatically display it for that username.

connecting to self signed SSL certificate from Java on Debian/Ubuntu

You want to connect to self signed SSL certificate from Java using the standard HttpsURLConnection and you are getting this error, because the self signed certificate is obviously not recognized by Java :

SEVERE: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
	at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
	at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1639)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:215)
	at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:209)

it seems that there is a lot of ‘solutions’ (read hack) or workaround around the web which is resumed well on this stack overflow article.

There is actually a very easy (and secure) way on Debian based systems.

– Go to your https url with Firefox
– Right Click to ‘View Page Info’
– In ‘Security’ tab you will see a button saying ‘View Certificate’
– Click now on the ‘Details’ tab
– Finally click on the ‘Export’ button which offer you to save the PEM certifcate of the website somewhere on your filesystem.

Call it my.self.signed.domain.name.pem or whatever my.self.signed.domain.name should be and put the file in /etc/ssl/certs now you just have to run the command :

sudo update-ca-certificates

and it should add your certificate to the java keystore, you can check it with the command (Enter for Password) :

keytool -list -v -keystore /etc/ssl/certs/java/cacerts

Using Jython with the vCloud API

Lately I had to do a lot of works with the VMware VCloud product and since the python API did not seem available and I did not have the courage to use the PHP API I had to do most of the API works with Java. I never did any Java before and while I have found Eclipse+Java development surprisingly pleasant and easy to use/learn my favourite are still Emacs+Python.

I have then started to look over Jython to see if I can interact easily with Java via Python and this was actually pretty easy, it took me less than 10mn to convert a Login/Listing-VAPPS script in Jython.

The script is attached at the end of this post (or on github gist here). Don’t forget to adjust the classpath variable mine are defined like that :

commons-codec-1.3.jar
commons-httpclient-3.1.jar
commons-logging-1.1.1.jar
rest-api-schemas-1.0.0.jar
vcloud-java-sdk-0.9.jar
vCloudJavaSDK-samples.jar

Most of them are the ones shipped with the official Java API

Here is the script  the __main__ should get you the logic and a start how to use it :
#!/usr/bin/jython
import sys

from org.apache.commons.httpclient.protocol import Protocol
from com.vmware.vcloud.sdk  import VcloudClient, Organization, Vdc
from com.vmware.vcloud.sdk.samples import FakeSSLSocketFactory

class VcloudLogin(object):
    """
    VcloudLogin: Login to vcloud class
    """
    vcloudClient = None
    api_version = None
    vcloud_url = None
    
    def __init__(self, vcloud_url, api_version):
        # This is needed if you have a self certified certificate
        # remove it if you have a proper SSL certs.
        self.setup_fake_ssl()
        self.vcloud_url = vcloud_url
        self.api_version = api_version
        
    def setup_fake_ssl(self):
        https = Protocol("https", FakeSSLSocketFactory(), 443)
        Protocol.registerProtocol("https", https)

    def login(self, username, password):
        versions = VcloudClient.getSupportedVersions(self.vcloud_url + "/api/versions")
        self.vcloudClient = VcloudClient(versions.get(self.api_version))
        return self.vcloudClient.login(username, password)


if __name__ == '__main__':
    URL="https://URL"
    API_VERSION="0.9"
    USERNAME="user@organization"
    PASSWORD="password"

    vcl = VcloudLogin(URL, API_VERSION)
    organizations_list = vcl.login(USERNAME, PASSWORD)

    for org in organizations_list.values():
        for vdcLink in \
                Organization.getOrganizationByReference(vcl.vcloudClient, org).getVdcLinks():
            vdc = Vdc.getVdc(vcl.vcloudClient, vdcLink)
            print "VDC Href: %s\n" % (vdcLink.getHref())
            for vapps in vdc.getVappRefs():
                print "Name: %s URL: %s" % (vapps.getName(), vapps.getHref())