Monthly Archives: November 2014

Now is the time to switch to secured connections via SSL. Howto for Apache 2.4

Since a couple of moths Google is using SSL as a ranking signal which means that the use of secured SSL connections will improve the ranking of your page in the Google Serp. Furthermore it will increase the trust in your project if you use SSL connections. Switching to SSL is has never been easier than now. Here a short step-by-step guide which is showing you how to make your website secure.

Step 1: Create your a private and public key

The first thing you have to do to get started with encrypting your website is getting creating a SSL key and a certification request file based on that key. Using Linux this step is very easy. Just execute the following tow commands.

openssl genrsa -out mykey.key 2048 
openssl req -new -key mykey.key -out mykey.csr -config req.conf

The directory where you execute the command has also to contain the following req.conf:

[ req ]
default_bits        = 2048
default_keyfile     = mykey.key
distinguished_name  = req_distinguished_name
req_extensions     = req_ext # The extentions to add to the self signed cert

[ req_distinguished_name ]
countryName           = US
countryName_default   = US
stateOrProvinceName   = Colorado
stateOrProvinceName_default = Colorado
localityName          = Denver
localityName_default  = Denver
organizationName          = myproject.com
organizationName_default  = myproject.com
commonName            = www.myproject.com
commonName_max        = 64

[ req_ext ]
subjectAltName          = @alt_names

[alt_names]
DNS.1   = www.myproject2.com
DNS.2   = www.myproject3.com

Important: The [ req_ext ] and [alt_names] sections are only needed if you want to issue a certificate which is valid for multiple domains. Otherwise you can just leave these tow sections out.
Step 2: Now we arrived at the time where you have to issue your SSL certificate. You can either do that for free or get a commercial certificate. The advantage of the latter solution is that these certificates are recognized by all common web-browsers while the free certificates still have some acceptance issues.

A a really good provider of free SSL certificates is CaCert.org. The acceptance of these free SSL certificates will increase with the time so it is definitely worth considering this option. If you decide to get a non-free certificate you might have a look at Namecheap.com or GoDaddy.com to get cheap ones.

The certificates are simply issued after you uploaded your CSR Request file you have created before. If you got your certificate the only thing missing is to correctly setup your Apache Webserver

Step 3: Configure your webserver to use the SSL Certificates
The easiest way to do is to use virtual hosts. Adding the following two configs to your webserver will do both enable SSL and also maintain the normal HTTP connection.

<VirtualHost *:443>

   <Directory "/var/www/html">
      Require all granted
    </Directory>

    DocumentRoot /var/www/html
    ServerName www.mysite.com
    SSLEngine On
    SSLCertificateFile /etc/httpd/conf.d/ssl.key/cert.crt
    SSLCertificateKeyFile /etc/httpd/conf.d/ssl.key/djvupdf.key
    SSLCACertificateFile /etc/httpd/conf.d/ssl.key/cert.ca-bundle
</VirtualHost>

<VirtualHost *:80>
    DocumentRoot /var/www/html
    ServerName www.mysite.com

   <Directory "/var/www/html">
      Require all granted
   </Directory>
</VirtualHost>

The files cert.crt and cert.ca-bundle will be provided by your certification authority after the transaction has been completed.

Step 4: Solving SEO issues and testing your SSL configuration
Now you are done already. Your server is reachable via secured connections now. You can test if your SSL configuration is up-to-date at the following site:

https://www.ssllabs.com/ssltest/

If you get an A+ to A- there you are completely fine.

In case you did not disable the normal HTTP connection to your server there is a little issue with duplicate content you should solve. Search engines do not like duplicate content therefore you should tell them which is the preferred version of your site. This can be done easily by including the so-called canonical tag to the header section of your pages and setting it to the https:// URL of the particular page. This will fix those issues. Make sure, that the URL is exact!

A example how this looks like is the following line. Make sure to put it in the head section:

<link rel="canonical" href="https://www.go4epub.com/" />

Host WordPress using Apache 4.2

Want to host your own WordPress installation with a recent version of the apache webserver (e.g. apache 4.3). Here you find everything you need. If you have been upgrading from an older apache version there might be a little obstacle you have to get around but with the directory permissions which is already perfectly fixed in the code sample below. Setting up WordPress is really easy. Here all the steps needed:

1. Download WordPress from WordPress.org

2. Unpack the Zip Archive you just have downloaded and put it into the document root of your webserver

3. Create a virtual host for your new apache installation.

To create the virtual host you simply have to put the following code snippet into your httpd.conf. In the following example the blog has been unpacked in the directory /var/www/myblog

<VirtualHost *:80>
 
      DocumentRoot /var/www/mydailyhacks
 
      ServerName www.mydailyhacks.org
      ServerAlias mydailyhacks.org *.mydailyhacks.org
 
      <Directory "/var/www/mydailyhacks/">
            Require all granted
            Options FollowSymLinks
            AllowOverride Limit Options FileInfo
            DirectoryIndex index.php
      </Directory>
 
</VirtualHost>

Make sure that you use all the directory setting exactly as they show up here, otherwise you will run in trouble.

4. The last step before you can activate your blog is setting up a MySql data base which can be used by wordpress. This is a lot easier than it sounds. Assuming you are running linux you have to make sure that the mysql-server is installed. In Fedora, Centos etc. you can achieve this by typing

yum install mysql-server
/sbin/service mysqld start

5. Now you only have to set up a new user and (in the example for simplicity the root user is used) and create the database for your WordPress install.

mysqladmin -u root password 'mypassword'
mysql -u root -pmypassword
CREATE DATABASE wordpress;

5. Just contact your virtual server now under the address you defined in step 3. The automatic setup interface for your new blog will show up. Enter wordpress at database name and also enter the username and password which have been defined before.

Thats it! Enjoy your new self-hosted blog!

PHP Multifile Uploader for PHP 5.4, 5.5

Have you been looking for a simple PHP Multifile uploader script? Since version 5.4 PHP brings all the features to implement this fairly easy. No add-ons like APC are needed anymore. The script presented here can be used for multi- and single file uploads. It is really easy to install and therefore ideal for everyone who does not want the to figure out the built-in features of PHP.

It consists of the following components:

  • A simple from with a submit button
  • A Ajax Progress bar which is showing the progress of the upload
  • A feature to add as many inputs for as many files as you want

The script has been tested in a wide range of use cases and therefore proven to be operating stable. Upload limits for filesize etc. can easily be added to in the php.ini. That is all you need to know about the script. This is how the interface looks like:

To install the script you simply have to copy the files: php-multi-file-upload-script.php progress-frame.php, style-progress.css and upload.php in the same directory of your server which supports PHP > 5.4. After that the script should already work and you can customize the layout for your needs.

A live demonstration of the script you find here

The source code is available for download also for free here. It comes as a zip archive:

In case PHP is not configured correctly for file uploads just have look at you php.ini file. There the following three parameters should be adapted to your requirements:


;;;;;;;;;;;;;;;;
; File Uploads ;
;;;;;;;;;;;;;;;;

; Whether to allow HTTP file uploads.
; http://www.php.net/manual/en/ini.core.php#ini.file-uploads
file_uploads = On

; Temporary directory for HTTP uploaded files (will use system default if not
; specified).
; http://www.php.net/manual/en/ini.core.php#ini.upload-tmp-dir
upload_tmp_dir=&quot;/tmp&quot;

; Maximum allowed size for uploaded files.
; http://www.php.net/manual/en/ini.core.php#ini.upload-max-filesize
upload_max_filesize = 12M

Do not miss to set file_uploads to “On” otherwise PHP will winge. After you went through these steps the users of your website can enjoy fast and straight forward file uploads. Especially if larger uploads are required for your project your users will really enjoy the presence of this progress bar. Otherwise the might be to impatient to wait for the file upload having finished.

How to set up a Load Balancer with Apache in 5 Minutes

True, there are professional tools for Load Balancing like the HAP Proxy which are used by big enterprises in the web. However, for small-scale until medium scale users such a high end tool may be a bit of an overhead. Instead one could think of using the build-in load balancing features of the apache webserver. They are really easy to set up and full-fill basic requrirements. A simple setup looks like follows

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED

<Proxy balancer://mycluster>
                # WebHead1
                BalancerMember http://node1:80/ route=1 loadfactor=4
                # WebHead2
                BalancerMember http://node2:80 route=2 loadfactor=6

               # Security "technically we aren't blocking
                # anyone but this the place to make those
                # chages
                Order Deny,Allow
                Deny from none
                Allow from all

                # Load Balancer Settings
                # We will be configuring a simple Round
                # Robin style load balancer.  This means
                # that all webheads take an equal share of
                # of the load.
                ProxyPreserveHost On
                ProxySet lbmethod=bybusyness
                #ProxySet lbmethod=byrequests
                ProxySet stickysession=ROUTEID
 </Proxy>

In this case the load balancer is thought to produce use sticky sessions which is achieved by a cookie. If you want to achive really persistent session you might think just setting the expiration date of your cookie far in the future. An example you can find here. The load-factor simply defines a weight for the particular node.

Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; Expires=Tue, 15-Jan-2019 21:47:38 GMT; path=/" env=BALANCER_ROUTE_CHANGED

There are also other ways to implement stickyness for the Apache Load Balancer. You can find a good overview about them in the apache documentation:

http://httpd.apache.org/docs/2.2/mod/mod_proxy_balancer.html#stickyness_implementation

That is everything you need to know to set up a load balancer using mod balancer and Apache. Hope that helps. Life can sometimes really be easy…