A self-signed certificate can be used for many things, but in this case it is to provide HTTP over SSL from Apache, HTTPS. In many cases a CA signed certificate is not required – a self signed certificate offers the same level of encryption at no cost if you can live with the warnings (or install the cert in your keystore).

Install ModSSL and OpenSSL

Use yum to get OpenSSL and ModSSL plus dependencies.

yum -y install mod_ssl openssl

Generate the key, certificate signing request, and certificate.

This will generate a 2048 bit RSA key and certificate good for ~10 years (3650 days).

mkdir -p /etc/httpd/ssl
cd /etc/httpd/ssl
openssl genrsa -out ssl.key 2048 
openssl req -new -key ssl.key -out ssl.csr
openssl x509 -req -days 3650 -in ssl.csr -signkey ssl.key -out ssl.crt

Use Self-Signed Certificate with Apache.

You can now use the key and crt files in apache, either in the general configuration included by default in /etc/httpd/conf.d/ssl.conf or in a VirtualHost as below.

<VirtualHost *:443>
	ServerName my.server.com
	DocumentRoot /var/www/html

	# Enable SSL and specify the certificate and key
	SSLEngine on
	SSLCertificateFile      /etc/httpd/ssl/ssl.crt
	SSLCertificateKeyFile   /etc/httpd/ssl/ssl.key

	# If you are reverse proxying from HTTP to HTTPS make sure to include a header rewrite
	#Header edit Location ^http: https:
</VirtualHost>

The post Create a Self-Signed Certificate for Apache SSL on CentOS appeared first on Justin Silver.

Why might you want to move your /wp-content/uploads folder out of your DocumentRoot? In my case, I use DropBox to sync files between my desktop and my laptop for doing development – no matter where I was working last, my changes, including Subversion status from the hidden .svn directories, are ready to go on the other computer (assuming I have Internet access of course, but even then DropBox will copy over the local network if it’s available, which means it’s pretty quick at home). For some of my site’s, like this one, there are gigabytes and gigabytes of images in my uploads directory, but they don’t really do that much for me in terms of development, but I still need them.

The solution for me was to move the uploads folder outside of the Apache DocumentRoot, were it can still be accessed, but doesn’t count against my DropBox usage (and doesn’t suck up bandwidth syncing thumbnail generation and the like.)

My first order of business was to break uploads out into a different SVN path – otherwise it will just update the folder every time you run an “svn up“. On the production server, you would want to do the following:

# WordPress Files
# https://svn.example.com/mysite/web/trunk
svn co https://svn.example.com/mysite/web/trunk /var/www/mysite/html
# WordPress Uploads
# https://svn.example.com/mysite/uploads/trunk
svn co https://svn.example.com/mysite/uploads/trunk /var/www/mysite/html/wp-content/uploads
# add "uploads" to your svn:ignore in the wp-content folder
svn propedit svn:ignore /var/www/mysite/html/wp-content/
svn up /var/www/mysite/html/wp-content/
svn commit -m "saving svn:ignore for uploads" /var/www/mysite/html/wp-content/

And then on your Workstation, the following:

# WordPress Files
# https://svn.example.com/mysite/web/trunk
svn co https://svn.example.com/mysite/web/trunk ~/Dropbox/MySites/mysite
# WordPress Uploads
# https://svn.example.com/mysite/uploads/trunk
svn co https://svn.example.com/mysite/uploads/trunk  ~/Documents/MySites/mysite

I also added the following rules to /etc/subversion/config on my server and ~/.subversion/config on my workstation to prevent thumbnails from being added – there are lots of ways these can be regenerated if necessary.

[miscellany]
global-ignores = *-[0-9]*x[0-9]*.jpg -[0-9]*x[0-9]*.gif -[0-9]*x[0-9]*.png -[0-9]*x[0-9]*.bmp -[0-9]*x[0-9]*.jpeg

Now in your Apache configuration for your workstation, you need to set an AliasMatch for the uploads directory so that Apache can serve up these files. I use MAMP running as my user, so I don’t have to worry about permissions, but you should keep this in mind depending on your configuration.

<VirtualHost *:80>
    DocumentRoot "/Users/justinsilver/Dropbox/MySites/mysite"
    ServerName local.mysite.com
    
    # Reference the uploads folder in your Documents
    AliasMatch ^/wp-content/uploads/(.*) /Users/justinsilver/Documents/MySites/mysite/wp-content/uploads/$1
    
    <Directory /Users/justinsilver/Dropbox/MySites/mysite>
                AllowOverride All
    </Directory>
</VirtualHost>

With all of this done, you’re good to go as far as serving files, but WordPress will still be confused when it tries to write to the directory, since it uses an absolute path. To fix this, we can use a static defined in wp-config.php (which should be different than production anyway, considering you probably had to set overrides for WP_HOME and WP_SITEURL plus the local database configuration) and use that to selectively change the path to the uploads directory. Thus, add the absolute path to your wp-config.php like so, on the workstation:

define('WP_DEV_UPLOADS', '/Users/justinsilver/Documents/MySites/mysite/wp-content/uploads');

With this set, add the following to your theme’s functions.php, or your functions plugin (more on this at a different time) to hook to the “upload_dir” and change the uploads directory that WordPress uses.

if (defined('WP_DEV_UPLOADS')){
    if (is_dir(WP_DEV_UPLOADS)){
        // use directory outside of Dropbox for uploads so they dont go to Dropbox (uses Alias in VirtualHost)
        function wp_dev_upload_dir($upload_dir){ 
            $upload_dir['path']    = str_replace( $upload_dir['basedir'], WP_DEV_UPLOADS, $upload_dir['path'] );
            $upload_dir['basedir'] = WP_DEV_UPLOADS;
             
            return $upload_dir;
        }
        add_filter('upload_dir', 'wp_dev_upload_dir');
    } else {
        error_log('WP_DEV_UPLOADS is defined but does not exist: ' . WP_DEV_UPLOADS);
    }
}

The post Moving WordPress’ /wp-content/uploads out of your DocumentRoot appeared first on Justin Silver.

After installing phpMyAdmin I kept getting the above error which reads:

The mysqli extension is missing. Please check your PHP configuration. <a href="Documentation.html#faqmysql" target="documentation"><img src="themes/dot.gif" title="Documentation" alt="Documentation" /></a>

I had run “yum install php-mysqli” with success, and “php -i | grep mysqli” was showing the mysqli was enabled but looking at phpinfo() through the Apache it didn’t look like mysqli was enabled after all. It then occurred to me that I am using the Apache Worker MPM, which requires the use of php-zts rather than regular php. It looked like php-mysqli doesn’t include the extension for php-zts, which was verified by checking out /usr/lib64/php-zts/modules – no php_mysqli.ini file here.

What to do.

The answer for me was to remove php-mysqli and replace it with php-mysqlnd.

>yum remove php-mysqli
yum install php-mysqlnd
service httpd restart

Reload the page, and the error should be gone. Yay!

The post phpMyAdmin + CentOS + Apache Worker MPM appeared first on Justin Silver.

The documentation for Trac is decent, but it isn’t super clear what to do, especially if you aren’t familiar with python. Some quick random info:

• For this example we are going to be hosting a Trac server using a vhost in Apache via mod_python
• Download Trac from http://download.edgewall.org/trac/Trac-0.12.3.tar.gz
• PYTHON_EGG_CACHE on my system is set to /tmp. It has temp files and whatnot.
• Subversion repository is install in /var/svn, but we’ll assume there is already a repository there called repository.
• Trac projects are going to be in /var/trac, go ahead and create it.
• Everywhere you see PROJECT replace it with your project name

First install the prerequisites using yum, then make sure you have everything with easy_setup

yum install python MySQL-python mod_fastcgi mod_python subversion
wget http://peak.telecommunity.com/dist/ez_setup.py
python ez_setup.py
easy_install Genshi

Now to install Trac, we must first get the source and then run the installer. Note that you will need root or sudo access to install.

cd ~
wget http://download.edgewall.org/trac/Trac-0.12.3.tar.gz
tar -xzvf Trac-0.12.3.tar.gz
cd Trac-0.12.3
sudo python ./setup.py install

Now let’s create the Trac project. It will ask you for a project name and a database connection – I’m using Mysql and already created a project schema called trac_PROJECT and user that has full access to it. My connection string looks like mysql://user:password@host/trac_PROJECT,

mkdir /var/trac
trac-admin /var/trac/PROJECT initenv

Now edit the trac.ini file for your project, located at /var/trac/PROJECT/conf/trac.ini. We want to set the properties “repository_dir = /var/svn/repository” and “repository_sync_per_request = ” – remove (default).

Next we need to create an htpasswd file, as this is what Trac uses for authentication. Enter a password for the admin user. If you want to create more users, leave out the -c since this creates a new file every time and will overwrite your first entries if it’s present. The next line gives this user TRAC_ADMIN rights to your project

sudo htpasswd -c /var/trac/.htpasswd admin 
trac-admin /var/trac/PROJECT permission add admin TRAC_ADMIN

Create the commit hook in your Subversion repository.

/var/svn/repository/hooks/post-commit

#!/bin/sh
export PYTHON_EGG_CACHE="/tmp"
/usr/bin/trac-admin /var/trac/PROJECT changeset added "$1" "$2"

Make it executable

chmod 755 /var/svn/repository/hooks/post-commit

Configure Apache to use mod_fastcgi and not mod_php to serve PHP files – this is the first step to serving up Trac pages.

First we need to create the FastCGI wrappers that we will use to execute requests. We are going to need two, one for PHP and one for Trac. Both will go in /var/www/cgi-bin and it’s important to make sure that they are executable.

/var/www/cgi-bin/php.fcgi

#!/bin/sh
export PHP_FCGI_CHILDREN=4
exec /usr/bin/php-cgi -c /etc/php.ini

The second file is named trac.fcgi and will contain the following – note that this is one place where PYTHON_EGG_CACHE is set, and that we have to include the parent path to our Trac environment. You can also serve a single project by just setting TRAC_ENV instead of TRAC_ENV_PARENT_DIR.

/var/www/cgi-bin/trac.fcgi

#!/usr/bin/env python
import os

from trac.web.main import dispatch_request
try:
    from flup.server.fcgi import WSGIServer
except ImportError:
    from trac.web._fcgi import WSGIServer

if __name__ == '__main__':
    os.environ['TRAC_ENV_PARENT_DIR'] = '/var/trac'
    os.environ['PYTHON_EGG_CACHE'] = '/tmp'
    WSGIServer(dispatch_request).run()

Make both executable:

chmod 755 /var/www/cgi-bin/*.fcgi

Now we need to tell Apache to use these FastCGI wrappers. In /etc/httpd/conf.d/ you will need rename php.conf to php.conf.off and edit fastcgi.conf.

mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.off

Now create the FastCGI wrapper for PHP.

/etc/httpd/conf.d/fastcgi.conf

LoadModule fastcgi_module modules/mod_fastcgi.so

FastCgiServer /var/www/cgi-bin/php.fcgi
AddHandler php-fastcgi .php

SetHandler fastcgi-script
Action php-fastcgi /cgi-bin/php.fcgi
DirectoryIndex index.html index.shtml index.cgi index.php
AddType application/x-httpd-php .php

Create a VirtualHost in Apache that will serve Trac.

<VirtualHost *:80>
        ServerName trac.DOMAIN.com
	DocumentRoot /var/trac
	<Directory /var/trac>
	        Order allow,deny
	        Allow from all
	</Directory>
	ScriptAlias / /var/www/cgi-bin/trac.fcgi/
	<LocationMatch "/[^/]+/login">
		AuthType Basic
		AuthName "Trac"
		AuthUserFile /var/trac/.htpasswd
		Require valid-user
	</LocationMatch>
</VirtualHost>

Restart Apache by running

service httpd restart

You should be able to visit http://trac.DOMAIN.com/PROJECT/login in your browser and log on using admin and the password you selected. All you have left to do is enable the plugins to tie Trac and Subversion commits together.

Choose Admin on the top right, then Plugins on the left. You will need to click the arrow to expand the list of plugins and go to the bottom. You should see CommitTicketReferenceMacro and CommitTicketUpdater – check the box next to them to enable both.

Should be good to go!

The post Trac 0.12.3 + MySQL + Apache + Subversion on CentOS 5.5 appeared first on Justin Silver.

Requires that you have brew installed which is pretty easy, info here, but run:

/usr/bin/ruby -e "$(/usr/bin/curl -fsSL \
https://raw.github.com/mxcl/homebrew/master/Library/Contributions/install_homebrew.rb)"

We ultimately want to install memcached-php, and since libmemcached and memcached are both dependencies for it we can get them all at once. First we need to access the proper repository with “brew tap josegonzalez/php”

Io:/ $ brew tap josegonzalez/php
Cloning into /usr/local/Library/Taps/josegonzalez-php...
remote: Counting objects: 757, done.
remote: Compressing objects: 100% (386/386), done.
remote: Total 757 (delta 308), reused 703 (delta 267)
Receiving objects: 100% (757/757), 105.33 KiB, done.
Resolving deltas: 100% (308/308), done.
Tapped 26 formula

Now we can access the memcached-php with “brew install memcached-php”

Io:/ $ brew install memcached-php
==> Installing memcached-php dependency: memcached
==> Downloading http://memcached.googlecode.com/files/memcached-1.4.13.tar.gz
==> ./configure --prefix=/usr/local/Cellar/memcached/1.4.13
==> make install
==> Caveats
You can enable memcached to automatically load on login with:
mkdir -p ~/Library/LaunchAgents
cp /usr/local/Cellar/memcached/1.4.13/homebrew.mxcl.memcached.plist ~/Library/LaunchAgents/
launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist
If this is an upgrade and you already have the homebrew.mxcl.memcached.plist loaded:
launchctl unload -w ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist
cp /usr/local/Cellar/memcached/1.4.13/homebrew.mxcl.memcached.plist ~/Library/LaunchAgents/
launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist
Or start it manually:
/usr/local/bin/memcached
Add "-d" to start it as a daemon.
==> Summary
/usr/local/Cellar/memcached/1.4.13: 9 files, 168K, built in 5 seconds
==> Installing memcached-php dependency: libmemcached
==> Downloading http://launchpad.net/libmemcached/1.0/1.0.4/+download/libmemcached-1.0.4.tar.gz
==> ./configure --prefix=/usr/local/Cellar/libmemcached/1.0.4
==> make install
/usr/local/Cellar/libmemcached/1.0.4: 224 files, 3.1M, built in 33 seconds
==> Installing memcached-php
==> Downloading http://pecl.php.net/get/memcached-2.0.1.tgz
######################################################################## 100.0%
==> phpize
==> ./configure --prefix=/usr/local/Cellar/memcached-php/2.0.1 --with-libmemcached-dir=/usr/local/Cellar/libmemcached/1.0.4
==> make
==> Caveats
To finish installing memcached-php:
* Add the following line to /usr/local/etc/php.ini:
extension="/usr/local/Cellar/memcached-php/2.0.1/memcached.so"
* Restart your webserver.
* Write a PHP page that calls "phpinfo();"
* Load it in a browser and look for the info on the memcached module.
* If you see it, you have been successful!
==> Summary
/usr/local/Cellar/memcached-php/2.0.1: 4 files, 100K, built in 6 seconds

The rest of the process is actually spelled out in the brew output. You can memcached manually as a daemon by running the following.

memcached -d

Alternatively you can start memcached up every time you log in by running these commands.

mkdir -p ~/Library/LaunchAgents
cp /usr/local/Cellar/memcached/1.4.13/homebrew.mxcl.memcached.plist ~/Library/LaunchAgents/
launchctl load -w ~/Library/LaunchAgents/homebrew.mxcl.memcached.plist

Next we need to install the extension in MAMP, so copy the following into the section labeled “; Extensions” in your php.ini file. Mine is located at /Applications/MAMP/bin/php/php5.3.6/conf/php.ini.

extension="/usr/local/Cellar/memcached-php/2.0.1/memcached.so

Restart the Apache service via the MAMP console and you should be good to go. You can check by making a file called phpinfo.php in your root that contains ““. Loading http://localhost:PORT/phpinfo.php will have a section titled “memcached” if the module loaded successfully.

PS – don’t forget to actually start the memcached server via “memcached -d” or you won’t actually be using it even if the module is enabled :/

The post Memcached with MAMP 2.0.5 and Brew appeared first on Justin Silver.