The trick to get your wordpress behind a reverse proxy

I have been meaning to get this blog SSL protected for a while and since solution like letsencrypt makes it easy I have generated some SSL keys for my domain  and configured it in apache.

So far so good, but the thing is my VM at my hosting provider is pretty small and I have been using varnish for quite some time or I would get out of memory quickly some the kernel OOM killer kicking[1] it.

Varnish don’t do SSL so you have to do something else, I went ahead and used Nginx to provide my SSL endpoint which then would look like this :


I could have done it with apache virtualhosts which look like this :


I went finally for nginx since most people seems to say that it was more lean and quick for those kick of ssl accelerator job.

So far so good for the configuration, you can find those informations all over the internet, the nginx ssl configuration was a bit special so I can have the higher secure end of SSL encryption :

Now the thing didn’t work very well when accessing the website, I could not see any of th medias including JS and SSL since they were served on the old non ssl url. I tried to force the wordpress configuration to serve SSL but I would end up in a http redirect loop.

Finally I stumbled on this guy blog and looked at a hack to put in the wp-config.php file. I streamlined it to :

if ( (!empty( $_SERVER['HTTP_X_FORWARDED_HOST'])) ||
     (!empty( $_SERVER['HTTP_X_FORWARDED_FOR'])) ) {
    $_SERVER['HTTPS'] = 'on';

and that’s it, wordpress would then understand it would serve as HTTPS and would add its https url properly.

Hope this helps

[1] I had even a cron sometime ago to mysqlping my mysql server and restart it automatically if it was down since I was so sick of it

Using python to drive OpenShift REST API

I have been meaning to automate my deployment directly from my small python application without having to use the openshift client (oc) directly.

OpenShift use a REST API and the oc client uses it to communicate with the server, you can actually see all the REST operation the oc client is doing if you specify the –loglevel=7 (it goes to 10 to get even more debug info) :

$ oc --loglevel=7 get pod 2>&1 |head -10
I0919 09:59:20.047350   77328 loader.go:329] Config loaded from file /Users/chmouel/.kube/config
I0919 09:59:20.048149   77328 round_trippers.go:296] GET https://openshift:8443/oapi
I0919 09:59:20.048158   77328 round_trippers.go:303] Request Headers:
I0919 09:59:20.048162   77328 round_trippers.go:306]     User-Agent: oc/v1.4.0 (darwin/amd64) openshift/85eb37b
I0919 09:59:20.048175   77328 round_trippers.go:306]     Authorization: Bearer FOOBAR
I0919 09:59:20.048180   77328 round_trippers.go:306]     Accept: application/json, */*
I0919 09:59:20.095239   77328 round_trippers.go:321] Response Status: 200 OK in 47 milliseconds
I0919 09:59:20.096056   77328 round_trippers.go:296] GET https://openshift:8443/version
I0919 09:59:20.096078   77328 round_trippers.go:303] Request Headers:
I0919 09:59:20.096084   77328 round_trippers.go:306]     User-Agent: oc/v1.4.0 (darwin/amd64) openshift/85eb37b

I was thinking to come up with my own python rest wrapper since a google quick search didn’t come up with any binding. But since openshift is build on kubernetes and fully compatible with it (i.e: no fork or changes that make it incompatible) it was as easy as using the tools provided for kube.

The first project coming up on the google search is pykube and it’s easily installable with pip.

You need to provide a kubeconfig that was already setup (with username/passwd) or already identified if it’s token based (i.e: oauth, oid etc) and you can use this example like this :

import pykube
api = pykube.HTTPClient(pykube.KubeConfig.from_file("/Users/chmouel/.kube/config"))
pods = pykube.Pod.objects(api).filter(namespace="test")
for x in pods:

see the documentation of pykub on its website

Getting openshift origin “cluster up” working with xhyve

In latest openshift client (oc) there is a nifty (relatively) new feature to get you a OpenShift cluster starting (very) quickly. It’s a pretty nice way to get you a new openshift origin environment on your laptop  without the hassle.

On macosx there is a (as well relatively) new lightweight virtualization solution called xhyve it’s a bit like KVM in the sense of being lightweight and does not need like virtualbox or vmware to get a UI running. It seemed to be a perfect fit to try those two together.

xhyve docker machine driver needed to be installed first so I just went on its website here :

and followed the installation instruction from the README which I could see everything was working :


I then fired up the “oc cluster up –create-machine” command and to my disappointment it was starting by default the virtualbox and I could not see anything in the options how to specify the “–driver xhyve” option to docker-machine which is what the oc cluster feature is using on the backend to bootstrap a docker environment.

Digging into the code it seems that the oc cluster has those feature set in static as virtualbox :

since there was no way to pass other options I first looked in the github issues to see if there was nothing reported about it and sent a feature request here,

I started to think a little bit more about a workaround going from modifying to my liking and recompiling the oc client or to just give up on xhyve but in fact the solution is actually much simplier.

Since there is the ability to specify to “oc cluster up” an already configured docker-machine environment with the “ –docker-machine” option. We just had to configured previously properly first (which is with the option –engine-insecure-registry :


and after a bit the new docker should be setup which can be easily used with the command eval $(docker-machine env xhyve)

I then just have to start my oc cluster up with the option  –docker-machine=”xhyve” and I would get my nicely setuped openshift origin cluster to play with in mere seconds :


Triathlon gear checklist


I have been doing triathlon for the last few years and I am getting more and more people around me looking to do their first triathlons.

There is much information on the interweb about training plans and other tips to get you to the finish on time but the thing I found that was the most missing that I could not find was what to bring on a triathlon.

I am known to always forget one thing, I am like that guy that always come back home twice home when he goes out because he forgot something. And since triathlon you have so much to bring it fast became a nightmare if I don’t get organized and make a checklist.

So here it is or my version of it, this may help you to kickstart your own list for what to bring.

(I probably update it along the way)


Tri Suit
Race Belt
Base layer
Caffeine Pills (to wakeup)


Towel to dry legs while putting shoes
Spare swimming cap


Cycling Jersey
Cycling Bottles x 2 (shitty ones to be thrown away)
Cycling Gloves
Cycling Shoes
Cycling Socks
Cycling rain jacket
Mini saddle bag with Tire Levers, CO2 inflator and patch kit
Tubes x 3
Wrench/Allan key tool


Running hat
Running Shoes
Warm jumper for after race.
Energy Gels
Energy Drink (capsules)


Garmin Edge 800
Garmin Edge 800 Charger (Mini-USB)
Garmin Forerunner 910XT
Garmin Forerunner Charger
Garmin ANT USB Key for transfer
Ear plugs
Cycling Bag for train transport
CR2032 batteries (in case off for cadence/power/hr strap)
Heart Rate Monitor



Phnom Penh half marathon, race report

[This is a post I posted on reddit on 14th of June 2016, reposting in all its glory here for prosperity]


Update: the results came in and I came 24 out of 150]

I ran this week-end the Phnom Penh half marathon, an interesting half marathon started only two years ago in the capital of Cambodia.

I was not planning to do it, I had two weeks of work booked in Singapore and one week for time off with not much plans. When I saw on the website that there was a race in Cambodia this week-end I thought to myself why not and registered for around 40$ which is like a fortune for here but that’s the foreigner price.


I didn’t prepare myself much I have been doing a lot of triathlons in May (two half-IM and one olympics) but I haven’t been running much after that due of a bad knee I picked up during one of the half-IM. I did try to go for a run in singapore by 7:30AM and started doing 5k at my normal pace (around 4’45km/7’40mi) but I could feel my body overheating and I walked back to my hotel. After that I didn’t run much during the week, once on the treadmill (which I hate) and my knee started to feel painful and actually could not walk much during that day.

By that time I was giving up on running that week-end and let myself goes, i.e: drinks, smoking and not much sleep by night but when I arrived in Phnom Penh on Friday night I started to feel my knee was feeling a bit better so I though why not maybe I run/walk for a few k take pictures and at least soak up the experience.

I went to pickup my bib just in front of the Royal Palace which was two minutes away from my very cheap and fancy hotel. The registration went smoothly and was like the one you find in Europe/US, you check your number on a big list, you show your ID and there we go you have your bib number and a nice t-shirt, no useless flyers or freebies tho.

I met a local expat there from canada and It was nice to talk to him a bit, his first comment about the race was, well it’s not a very nice course as there is not much places to run but it’s not too baaaaadd (I am trying to put the canadian accent in writing for context). That didn’t inspire me much confidence but I have run in some crappy places around the world and it doesn’t really bother me much.

I had some good cambodian food with a beer (the local one taste like water anyway) by the evening which looked like pad thai i think and went to sleep early for the 6AM start.

By the morning at 5AM I could not find any place to eat so I had to skip breakfast and went straight to the race. We were just around 100 people max I think doing the half marathon, but they announced over 5000 for the 10k and 3km fun race, which I kind of doubt but I guess you need to trust the communist propaganda. it was starting to be already hot but still bearable like just under 30C and a light wind,.


Off we started, I went cool and easy to not trigger my knee injury and tried to run by feeling only, my watch just beeped the first km at just around 4’50/km. At first the traffic was completely blocked, the policemens were really strict when the motorbikes or tuk tuk was trying to get into the traffic, and actually started shooting at them really angrily. There was policemen like on every corners to watch for traffic and things were looking well from this side (more on that later).

The water station was located at every 2km they had hot (as not iced) water by the first one and some of them had iced cold water. There was some bananas as well every 5km I think which I filled up since I didn’t have any breakie.

I was controlling my pace and was feeling good until we got to the Japaness built bridge (that’s how it’s actually called) when the sun came out which you could see in one of my picture and the heat started to surge.

After the bridge it became much harder, since we were in some desert area where there was cars and motorbike starting to pop up near us and there was some very bad smell in those places. It was annoying the motorbikes but it was not too bad yet, it became really really annoying when you have to cross a really large roundabout and zigzag between the tuktuk that goes around you at full speed, those guys are actually quite good (there is no red light in PP so they have skills) as long you make the right eye contacts.

We went north of PP near the island and was making our way back, it was starting to really get hot around 36C and humid and my pace started to be more in the 5’00km/8’00mi which was okay for me. On the way back from the island we joined the runnings who were doing the 10k race, by that time it was only the ‘fun runners’ so it was mostly walkers and selfie takers. It was good fun tho to see them enjoying it, it seems that for a lot of them was their first time doing running and felt happy for them.

I went on and on and noticed another half marathoners from japan i think that was keeping pace with me. Before then I was only passing people for most of the time so this gave me a boost to catch up with him. By the 16km/10mi I was feeling my knee starting to hurting me but I went on and ignored it and started to slow down a little bit more my pace.

The half marathoners ‘forked’ from the 10k runner around the 18km and off by ourselves we went, by that time there was a lot of marshal, writing down our numbers by every 500m (how many people can you hire doing that job i guess for 40$ which is like a monthly local salary ?). There was the chipset thing as well but I guess they wanted to make sure nobody was cheating. I was also surprise that the written down kilometers on the floor were exactly on pace with my garmin watch, I guess not having tall building made the GPS good and they really worked out the distance.

By that time I was mostly running by myself with my Japan race buddy just behind I guess, it was very very hot now and I could feel my body overheating, I am a dark skin person from southern europe so I usually don’t fear the sun but this one from Cambodia had a special taste.

We had another bridge crossing, an annoying one and I was getting very tired, there was a slight ascent to the bridge and a water station just before, I stopped this time and took some ice lemonade and walked the ascent instead of running. My Japaneses race buddy was already out of my sight and off he was. After the bridge I started to run again properly and my pace went up.

On the 20k we were making our way back to the royal palace and the finish line on a very long
straight road, this is were I started to get my adrenaline kick, forgot about my injury and the heat and off I ran a relatively fast 4’30km/7’15mi to the finish line. Just before the finish I saw my Japaneses friend getting there and slowing so I started to sprint like a maniac to pass him right before he crossed. I felt sorry (it was kind of douchey) and hugged him by the finish he didn’t seem to mind. My pace was exactly 1h45:40s on my watch, which is 5’00/km 8’00/mi which was perfect time for me even tho I would have rather do at least 1h40 🙂


When I arrived a lot of people was there and it was some kind of party with a lot of people ‘selfying’ and taking pictures. There was no refreshment by the finish line which was a bit weird and had to wait in line under the burning sun.

I talked with a few people and some fellow french women that went second in the race (1h36) they were mostly all locals and was surprised I came here as a tourist to race this. I was tired and went back to my hotel to shower and enjoy the swimming pool.

They don’t have the official results yet on the website but if I take the 2015 results, I am right around the 20 first from 100.

Would I do that race again? Probably not, but I encourage anyone in the region to do it. When chatting with the locals, it definitely impressed them and maybe inspired them to running a little bit more in the future.


Dealing with yaml in Emacs

Sometime ago or at least when I started doing programming in the late 90s XML was all the rage, it promised to be the panacea for everything from data to storage to data presentation and processing. People realised that it was just complexity as Joel Spolski points out an attempt to make the complex seem accessible to ordinary people.. Really people were annoyed to write all those tags as those ‘<‘ and ‘>’ are hard to reach on a qwerty keyboard.

Beginning the new millennia in 2000 the web started to get very popular and things like “web services” popped up everywhere, people realised that actually XML is not that great so started to get a format called Json to get computers talking to each others in a sane manner.

But people realise that json was actually not that great to chat between web services as it was actually designed to serialize objects between programming languages. And really down the line it’s more about the programmers being annoyed by all those { } [ ] brackets

So here came yaml the latest “fashion format” based on the popularity of tab based programming languages.

Most new software lately have been using it, all the containers software ecosystem configure things in yaml so you have to deal with it when you work with them.

I don’t know if I like yaml or not, the only thing i know is that when I have a big ass large yaml file it become quickly unreadable. You have no idea which blocks belong to which one and not sure how many indents you need to add to that block to align to that other one that started 800 lines ago.

This has been driving me crazy as I need to write some large kubernetes/OpenShift yaml files and sometime end up for hours trying to detect where I have my tab alignment.

Some may argue, but you do python and python is tab based. Yeah i have been doing python for the last 10 years and this has never been issue cause first I don’t write kick ass 5000 lines python functions and second the python mode of my editor Emacs is properly configured.

Ah there I say it, the editor needs to be configured properly to have a good workflow so here is Emacs to the rescue to make it bearable (and make that post more productive that another rant from the interweb)

So without further ado and with much fanfare, here is the emacs extension i found to make writing yaml bearable :

Highlight Indentation for Emacs


This mode would give you a visual representation of the current indentation with a bar showing the indentation.

Smart Shift

Make Shift

This mode doesn’t give you a visual but allow you to indent blocks of texts easily. Usually in emacs you would use the Control-C Tab command to indent and prefix it with a number for the number of indent. For example C-u 4 Control-C Tab would indent the text for 4 spaces. Smart shift make things much easier to move around.


Flycheck mode

This is a generics mode you should really configure for all your programming needs, it supports yaml files and will try to validate (with ruby-yaml library) your yaml file and see where you have an error.



This is a function I found in a post on stackoverflow (by the author of Highlight-Indentation-for-Emacs) it allow you to folds all code on an indentation level greater than the current line. A great way to show you the current outline of the file.


Road to Ironman Frankfurt 2017

IRONMAN Frankfurt 2015 – Skynamic Drone Footage for Hessischer Rundfunk from on Vimeo.

It’s been almost a year since I blogged so today is for something almost completely different is a post about my “sporting” life.

For most people who knows me I have been doing quite a lot of sports since i passed thru my 30s 7 years ago and i have slowly ramped up to the challenge and distance in running and triathlon with marathons and half ironman.

Even if i keep enjoying doing it I have felt that i was reaching to a plateau for this year, it was quite a complete year with 2 half IronMan, one olympic distance triathlon, 2 half marathon (including one in Pyong Penh Cambodia) and 1 marathon in october in amsterdam. I can always improve my times and such but always had the full IronMan distance in mind since I have started doing and I guess there is no better time than now.

So after much thinking I decided to get myself to the full ironman happening in 2017 by frankfurt.


My preference would have been to do the ones in France like Vichy or Nice. Nice is quite popular around triathlete in france and I know that a lot of my friends are planning or want to do it but for me since Nice’s swim is in the open water and since I am such a bad swimmer (yeah really that bad) I can’t even think having to do 3.8km (2.3 miles) in open water with all the waves and such, ironman frankfurt has the swim in the lakes and an australian exit which make things much easier for bad swimmer.

Vichy has the swim in lakes too but the race happen too late in summer (30st of August) and since I have a 10 year kid and want to enjoy with him the holiday without having to worry about the training I’d rather having it earlier in summer like for Frankfurt which is the first week of July.

There is a nifty blog post on from 2010 but still relevant i would guess on the different difficulties of all the ironmens triathlons around the world. The easiest one seemed to happen in Austria which seems wonderful and very much enjoyable but the transport was looking to be a pain from Paris almost 11 hours drive and multiple change of train/flight to get there by public transport. For frankfurt it’s a relatively easy 5h drive from paris and there is the thalys which goes directly by train there. It’s even quicker than to go to nice from paris.


There is as well the fact that ironman frankfurt is known as being one of the most supported race in the world second only to challenge roth (which actually happen 200km away on the same day), the german are usually is a very groupe crowd of supporter. I ran Koeln half marathon in 2013 and really enjoyed the people there it was a very much incredible experience.

Frankfurt is too a big city so it is not going to be too difficult to find reasonably priced accommodations (it was such a pain for ironman 70.3 in UK in exmoore since it was out of nowhere and there is great bars and pubs for after party drinks if everything goes well hopefully 😉

openshift-sdn with OpenStack SDN and MTU

I am lucky enough to have a cloud available to me for free it obviously runs OpenStack and I can kick VM like I want.

Since I am playing with OpenShift a lot lately I have seen issues in that cloud where pushing an image to the internal registry was just randomly failing.

Networking is definitely not my pedigree but I could definitely sense it was a networking issue. Since I could nost just blame the underlying cloud (hey it’s free!) I had to investigate a bit.

Using the “access to internal docker registry” feature of OpenShift, I could definitively push from the master (where the registry was) in 2s but not from the node where it was completely stucks at the end while it could only push some bits at first and after waiting forever there.

I came back to our internal mailing list and the local experts there pointed me to the file :


and the interesting part is this :

# The $DOCKER_NETWORK_OPTIONS variable is used by sdn plugins to set
# $DOCKER_NETWORK_OPTIONS variable in the /etc/sysconfig/docker-network
# Most plugins include their own defaults within the scripts
# TODO: More elegant solution like this
# DOCKER_NETWORK_OPTIONS='-b=lbr0 --mtu=1450'

I uncommented and adjusted my MTU to 1400 since 1450 wasn’t working for me and after a reboot I could push properly my images from the nodes to the internal registry.

Thanks to sdodson and Erik for pointing me to this

Deploy openshift router and registry only on a master nodes with no others

Something that has come up when using OpenShift and that was tricky enough to be shared on a blog post.

On OpenShift you have this routers  and registry which by default are on the master nodes and that’s fine. Things get tricky if you don’t want anything else in there.

I finally figured this out after digging in some internal mailing lists and this is actually not too difficult. The key thing is to have this on the ‘default‘ namespace annotations : region=infra

The default namespace is an internal namespace used for openshift infrastructure services.

Let me describe this a little bit further, here is my node labels configuration :

root@master:~$ oc get node
NAME                                 LABELS                                                                                STATUS    AGE,region=infra,zone=default   Ready     2d,region=primary,zone=west     Ready     2d,region=primary,zone=east     Ready     2d

I had already a router running fine on my master by forcing (this was generated by the oadm router command) it with a nodeSelector on the deploymentConfig :

root@master:~$ oc get pod router-1-q3am8 -o yaml
region: infra

Now I am going to edit my /etc/origin/master/master-config.yaml and add :

    defaultNodeSelector: "region=primary"

which force all new nodes to get on the primary region.

As expected if I delete my router and redeploy it :

root@master:~$ oc delete pod router-1-q3am8
root@master:~$ oc deploy router --latest

The router was not able to be deployed since getting since we explicitely told the scheduler that we want pods only on infra :

Sep 23 09:45:52 origin-master[2879]: I0923 09:45:52.203596 2879 event.go:203] Event(api.ObjectReference{Kind:"ReplicationController", Namespace:"default", Name:"router-1", UID:"454f46b0-5fbc-11e5-9c22-fa163e93ac32", APIVersion:"v1", ResourceVersion:"99201", FieldPath:""}): reason: 'failedCreate' Error creating: pods "" is forbidden: pod node label selector conflicts with its project node label selector

So what I had to do now is to edit the default namespace (not project but namespace that’s a critical point) and add in the metadata/annotations section :

apiVersion: v1
kind: Namespace
   annotations: region=infra

which to say that the default project can be indeed deployed on region=infra.

Now let’s try again :

root@master:~$ oc deploy router --latest

and check the log :

Sep 23 09:47:25 origin-master[2879]: I0923 09:47:25.341257 2879 event.go:203] Event(api.ObjectReference{Kind:"ReplicationController", Namespace:"default", Name:"router-1", UID:"454f46b0-5fbc-11e5-9c22-fa163e93ac32", APIVersion:"v1", ResourceVersion:"99201", FieldPath:""}): reason: 'successfulCreate' Created pod: router-1-l5r0e

which seems to work fine and deployed on infra :

root@master:~$ oc get pod|grep router
router-1-ed6dk            1/1       Running   0          1h

Using yaml for OpenShift v3 templates

I have been experimenting a lot with OpenShift v3 and love how everything work well together plugging Kubernetes and Docker with a PAAS workflow.

One of the thing that I don’t get is to have to write manually verbose json templates, it’s wonderful for machines and to parse but writing it can get as painful as (dear I said it) XML.

OpenShift natively support very nicely yaml files and it’s a straight conversion of what you would have in json format.

Since at this time most of the examples are in json I wrote a script to quickly convert them to yaml and came up with this command line using python and bash :

for i in $(find . -name '*.json');do  python -c 'import sys,json,yaml;print(yaml.safe_dump(json.loads(, default_flow_style=False))' < $i > ${i/json/yaml};done

Happy Yameling (I just made this word up and I am not even drunk)