The post Create a Self-Signed Certificate for Apache SSL on CentOS appeared first on Justin Silver.
]]>A self-signed certificate can be used for many things, but in this case it is to provide HTTP over SSL from Apache, HTTPS. In many cases a CA signed certificate is not required – a self signed certificate offers the same level of encryption at no cost if you can live with the warnings (or install the cert in your keystore).
Use yum to get OpenSSL and ModSSL plus dependencies.
yum -y install mod_ssl openssl
This will generate a 2048 bit RSA key and certificate good for ~10 years (3650 days).
mkdir -p /etc/httpd/ssl cd /etc/httpd/ssl openssl genrsa -out ssl.key 2048 openssl req -new -key ssl.key -out ssl.csr openssl x509 -req -days 3650 -in ssl.csr -signkey ssl.key -out ssl.crt
You can now use the key and crt files in apache, either in the general configuration included by default in /etc/httpd/conf.d/ssl.conf
or in a VirtualHost as below.
<VirtualHost *:443> ServerName my.server.com DocumentRoot /var/www/html # Enable SSL and specify the certificate and key SSLEngine on SSLCertificateFile /etc/httpd/ssl/ssl.crt SSLCertificateKeyFile /etc/httpd/ssl/ssl.key # If you are reverse proxying from HTTP to HTTPS make sure to include a header rewrite #Header edit Location ^http: https: </VirtualHost>
The post Create a Self-Signed Certificate for Apache SSL on CentOS appeared first on Justin Silver.
]]>The post Moving WordPress’ /wp-content/uploads out of your DocumentRoot appeared first on Justin Silver.
]]>Why might you want to move your /wp-content/uploads
folder out of your DocumentRoot? In my case, I use DropBox to sync files between my desktop and my laptop for doing development – no matter where I was working last, my changes, including Subversion status from the hidden .svn
directories, are ready to go on the other computer (assuming I have Internet access of course, but even then DropBox will copy over the local network if it’s available, which means it’s pretty quick at home). For some of my site’s, like this one, there are gigabytes and gigabytes of images in my uploads directory, but they don’t really do that much for me in terms of development, but I still need them.
The solution for me was to move the uploads folder outside of the Apache DocumentRoot
, were it can still be accessed, but doesn’t count against my DropBox usage (and doesn’t suck up bandwidth syncing thumbnail generation and the like.)
My first order of business was to break uploads out into a different SVN path – otherwise it will just update the folder every time you run an “svn up
“. On the production server, you would want to do the following:
# WordPress Files # https://svn.example.com/mysite/web/trunk svn co https://svn.example.com/mysite/web/trunk /var/www/mysite/html # WordPress Uploads # https://svn.example.com/mysite/uploads/trunk svn co https://svn.example.com/mysite/uploads/trunk /var/www/mysite/html/wp-content/uploads # add "uploads" to your svn:ignore in the wp-content folder svn propedit svn:ignore /var/www/mysite/html/wp-content/ svn up /var/www/mysite/html/wp-content/ svn commit -m "saving svn:ignore for uploads" /var/www/mysite/html/wp-content/
And then on your Workstation, the following:
# WordPress Files # https://svn.example.com/mysite/web/trunk svn co https://svn.example.com/mysite/web/trunk ~/Dropbox/MySites/mysite # WordPress Uploads # https://svn.example.com/mysite/uploads/trunk svn co https://svn.example.com/mysite/uploads/trunk ~/Documents/MySites/mysite
I also added the following rules to /etc/subversion/config
on my server and ~/.subversion/config
on my workstation to prevent thumbnails from being added – there are lots of ways these can be regenerated if necessary.
[miscellany] global-ignores = *-[0-9]*x[0-9]*.jpg -[0-9]*x[0-9]*.gif -[0-9]*x[0-9]*.png -[0-9]*x[0-9]*.bmp -[0-9]*x[0-9]*.jpeg
Now in your Apache configuration for your workstation, you need to set an AliasMatch
for the uploads directory so that Apache can serve up these files. I use MAMP running as my user, so I don’t have to worry about permissions, but you should keep this in mind depending on your configuration.
<VirtualHost *:80> DocumentRoot "/Users/justinsilver/Dropbox/MySites/mysite" ServerName local.mysite.com # Reference the uploads folder in your Documents AliasMatch ^/wp-content/uploads/(.*) /Users/justinsilver/Documents/MySites/mysite/wp-content/uploads/$1 <Directory /Users/justinsilver/Dropbox/MySites/mysite> AllowOverride All </Directory> </VirtualHost>
With all of this done, you’re good to go as far as serving files, but WordPress will still be confused when it tries to write to the directory, since it uses an absolute path. To fix this, we can use a static defined in wp-config.php
(which should be different than production anyway, considering you probably had to set overrides for WP_HOME
and WP_SITEURL
plus the local database configuration) and use that to selectively change the path to the uploads directory. Thus, add the absolute path to your wp-config.php like so, on the workstation:
define('WP_DEV_UPLOADS', '/Users/justinsilver/Documents/MySites/mysite/wp-content/uploads');
With this set, add the following to your theme’s functions.php, or your functions plugin (more on this at a different time) to hook to the “upload_dir” and change the uploads directory that WordPress uses.
if (defined('WP_DEV_UPLOADS')){ if (is_dir(WP_DEV_UPLOADS)){ // use directory outside of Dropbox for uploads so they dont go to Dropbox (uses Alias in VirtualHost) function wp_dev_upload_dir($upload_dir){ $upload_dir['path'] = str_replace( $upload_dir['basedir'], WP_DEV_UPLOADS, $upload_dir['path'] ); $upload_dir['basedir'] = WP_DEV_UPLOADS; return $upload_dir; } add_filter('upload_dir', 'wp_dev_upload_dir'); } else { error_log('WP_DEV_UPLOADS is defined but does not exist: ' . WP_DEV_UPLOADS); } }
The post Moving WordPress’ /wp-content/uploads out of your DocumentRoot appeared first on Justin Silver.
]]>The post phpMyAdmin + CentOS + Apache Worker MPM appeared first on Justin Silver.
]]>After installing phpMyAdmin I kept getting the above error which reads:
The mysqli extension is missing. Please check your PHP configuration. <a href="Documentation.html#faqmysql" target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation" /></a>
I had run “yum install php-mysqli” with success, and “php -i | grep mysqli” was showing the mysqli was enabled but looking at phpinfo() through the Apache it didn’t look like mysqli was enabled after all. It then occurred to me that I am using the Apache Worker MPM, which requires the use of php-zts rather than regular php. It looked like php-mysqli doesn’t include the extension for php-zts, which was verified by checking out /usr/lib64/php-zts/modules – no php_mysqli.ini file here.
What to do.
The answer for me was to remove php-mysqli and replace it with php-mysqlnd.
>yum remove php-mysqli yum install php-mysqlnd service httpd restart
Reload the page, and the error should be gone. Yay!
The post phpMyAdmin + CentOS + Apache Worker MPM appeared first on Justin Silver.
]]>The post Trac 0.12.3 + MySQL + Apache + Subversion on CentOS 5.5 appeared first on Justin Silver.
]]>The documentation for Trac is decent, but it isn’t super clear what to do, especially if you aren’t familiar with python. Some quick random info:
First install the prerequisites using yum, then make sure you have everything with easy_setup
yum install python MySQL-python mod_fastcgi mod_python subversion wget http://peak.telecommunity.com/dist/ez_setup.py python ez_setup.py easy_install Genshi
Now to install Trac, we must first get the source and then run the installer. Note that you will need root or sudo access to install.
cd ~ wget http://download.edgewall.org/trac/Trac-0.12.3.tar.gz tar -xzvf Trac-0.12.3.tar.gz cd Trac-0.12.3 sudo python ./setup.py install
Now let’s create the Trac project. It will ask you for a project name and a database connection – I’m using Mysql and already created a project schema called trac_PROJECT and user that has full access to it. My connection string looks like mysql://user:password@host/trac_PROJECT,
mkdir /var/trac trac-admin /var/trac/PROJECT initenv
Now edit the trac.ini file for your project, located at /var/trac/PROJECT/conf/trac.ini. We want to set the properties “repository_dir = /var/svn/repository” and “repository_sync_per_request = ” – remove (default).
Next we need to create an htpasswd file, as this is what Trac uses for authentication. Enter a password for the admin user. If you want to create more users, leave out the -c since this creates a new file every time and will overwrite your first entries if it’s present. The next line gives this user TRAC_ADMIN rights to your project
sudo htpasswd -c /var/trac/.htpasswd admin trac-admin /var/trac/PROJECT permission add admin TRAC_ADMIN
Create the commit hook in your Subversion repository.
/var/svn/repository/hooks/post-commit
#!/bin/sh export PYTHON_EGG_CACHE="/tmp" /usr/bin/trac-admin /var/trac/PROJECT changeset added "$1" "$2"
Make it executable
chmod 755 /var/svn/repository/hooks/post-commit
Configure Apache to use mod_fastcgi and not mod_php to serve PHP files – this is the first step to serving up Trac pages.
First we need to create the FastCGI wrappers that we will use to execute requests. We are going to need two, one for PHP and one for Trac. Both will go in /var/www/cgi-bin and it’s important to make sure that they are executable.
/var/www/cgi-bin/php.fcgi
#!/bin/sh export PHP_FCGI_CHILDREN=4 exec /usr/bin/php-cgi -c /etc/php.ini
The second file is named trac.fcgi and will contain the following – note that this is one place where PYTHON_EGG_CACHE is set, and that we have to include the parent path to our Trac environment. You can also serve a single project by just setting TRAC_ENV instead of TRAC_ENV_PARENT_DIR.
/var/www/cgi-bin/trac.fcgi
#!/usr/bin/env python import os from trac.web.main import dispatch_request try: from flup.server.fcgi import WSGIServer except ImportError: from trac.web._fcgi import WSGIServer if __name__ == '__main__': os.environ['TRAC_ENV_PARENT_DIR'] = '/var/trac' os.environ['PYTHON_EGG_CACHE'] = '/tmp' WSGIServer(dispatch_request).run()
Make both executable:
chmod 755 /var/www/cgi-bin/*.fcgi
Now we need to tell Apache to use these FastCGI wrappers. In /etc/httpd/conf.d/ you will need rename php.conf to php.conf.off and edit fastcgi.conf.
mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.off
Now create the FastCGI wrapper for PHP.
/etc/httpd/conf.d/fastcgi.conf
LoadModule fastcgi_module modules/mod_fastcgi.so FastCgiServer /var/www/cgi-bin/php.fcgi AddHandler php-fastcgi .php SetHandler fastcgi-script Action php-fastcgi /cgi-bin/php.fcgi DirectoryIndex index.html index.shtml index.cgi index.php AddType application/x-httpd-php .php
Create a VirtualHost in Apache that will serve Trac.
<VirtualHost *:80> ServerName trac.DOMAIN.com DocumentRoot /var/trac <Directory /var/trac> Order allow,deny Allow from all </Directory> ScriptAlias / /var/www/cgi-bin/trac.fcgi/ <LocationMatch "/[^/]+/login"> AuthType Basic AuthName "Trac" AuthUserFile /var/trac/.htpasswd Require valid-user </LocationMatch> </VirtualHost>
Restart Apache by running
service httpd restart
You should be able to visit http://trac.DOMAIN.com/PROJECT/login in your browser and log on using admin and the password you selected. All you have left to do is enable the plugins to tie Trac and Subversion commits together.
Choose Admin on the top right, then Plugins on the left. You will need to click the arrow to expand the list of plugins and go to the bottom. You should see CommitTicketReferenceMacro and CommitTicketUpdater – check the box next to them to enable both.
Should be good to go!
The post Trac 0.12.3 + MySQL + Apache + Subversion on CentOS 5.5 appeared first on Justin Silver.
]]>The post Memcached with MAMP 2.0.5 and Brew appeared first on Justin Silver.
]]>Requires that you have brew installed which is pretty easy, info here, but run:
/usr/bin/ruby -e "$(/usr/bin/curl -fsSL \ https://raw.github.com/mxcl/homebrew/master/Library/Contributions/install_homebrew.rb)"
We ultimately want to install memcached-php, and since libmemcached and memcached are both dependencies for it we can get them all at once. First we need to access the proper repository with “brew tap josegonzalez/php”
Io:/ $ brew tap josegonzalez/php Cloning into /usr/local/Library/Taps/josegonzalez-php... remote: Counting objects: 757, done. remote: Compressing objects: 100% (386/386), done. remote: Total 757 (delta 308), reused 703 (delta 267) Receiving objects: 100% (757/757), 105.33 KiB, done. Resolving deltas: 100% (308/308), done. Tapped 26 formula
Now we can access the memcached-php with “brew install memcached-php”
Io:/ $ brew install memcached-php ==> Installing memcached-php dependency: memcached ==> Downloading http://memcached.googlecode.com/files/memcached-1.4.13.tar.gz ==> ./configure --prefix=/usr/local/Cellar/memcached/1.4.13 ==> make install ==> Caveats You can enable memcached to automatically load on login with: mkdir -p ~/Library/LaunchAgents cp /usr/local/Cellar/memcached/1.4.13/homebrew.mxcl.memcached.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist If this is an upgrade and you already have the homebrew.mxcl.memcached.plist loaded: launchctl unload -w ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist cp /usr/local/Cellar/memcached/1.4.13/homebrew.mxcl.memcached.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist Or start it manually: /usr/local/bin/memcached Add "-d" to start it as a daemon. ==> Summary /usr/local/Cellar/memcached/1.4.13: 9 files, 168K, built in 5 seconds ==> Installing memcached-php dependency: libmemcached ==> Downloading http://launchpad.net/libmemcached/1.0/1.0.4/+download/libmemcached-1.0.4.tar.gz ==> ./configure --prefix=/usr/local/Cellar/libmemcached/1.0.4 ==> make install /usr/local/Cellar/libmemcached/1.0.4: 224 files, 3.1M, built in 33 seconds ==> Installing memcached-php ==> Downloading http://pecl.php.net/get/memcached-2.0.1.tgz ######################################################################## 100.0% ==> phpize ==> ./configure --prefix=/usr/local/Cellar/memcached-php/2.0.1 --with-libmemcached-dir=/usr/local/Cellar/libmemcached/1.0.4 ==> make ==> Caveats To finish installing memcached-php: * Add the following line to /usr/local/etc/php.ini: extension="/usr/local/Cellar/memcached-php/2.0.1/memcached.so" * Restart your webserver. * Write a PHP page that calls "phpinfo();" * Load it in a browser and look for the info on the memcached module. * If you see it, you have been successful! ==> Summary /usr/local/Cellar/memcached-php/2.0.1: 4 files, 100K, built in 6 seconds
The rest of the process is actually spelled out in the brew output. You can memcached manually as a daemon by running the following.
memcached -d
Alternatively you can start memcached up every time you log in by running these commands.
mkdir -p ~/Library/LaunchAgents cp /usr/local/Cellar/memcached/1.4.13/homebrew.mxcl.memcached.plist ~/Library/LaunchAgents/ launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist
Next we need to install the extension in MAMP, so copy the following into the section labeled “; Extensions” in your php.ini file. Mine is located at /Applications/MAMP/bin/php/php5.3.6/conf/php.ini.
extension="/usr/local/Cellar/memcached-php/2.0.1/memcached.so
Restart the Apache service via the MAMP console and you should be good to go. You can check by making a file called phpinfo.php in your root that contains ““. Loading http://localhost:PORT/phpinfo.php will have a section titled “memcached” if the module loaded successfully.
PS – don’t forget to actually start the memcached server via “memcached -d” or you won’t actually be using it even if the module is enabled :/
The post Memcached with MAMP 2.0.5 and Brew appeared first on Justin Silver.
]]>