09.21.05
Posted in linux at 7:38 pm by Clinton
I’m running Apache2 (on Debian), for several name-based virtual hosts. For a while now i’ve been wanting some of my admin pages to be using https so that I would be happy to allow myself the use them whem I’m outside the protected home LAN. (They currently use basic authentication / sessions / passwords, and that’s really safe in the big wide world now isn’t it! :~)
I am already aware that you can only run one https server (on port 443) because the SSL layer doesn’t allow the reuse of IP/ports for different identities as HTTP 1.1 will. Fine. But I just spent ages getting one https server to run with my other virtual existing servers… it should be easy right?Plenty of docs on the net right?
Ian Miller has a nice Debian, Apache2 and SSL primer, but it “assumed” some things about “default” files that didn’t match up to my current config or woes.
The apache2-ssl-certificate script is a very nice thing for apache2 certificate setup.
Well, it is easy if you know how - and if I had had better error messages then… but that really was the problem. My incorrect configuration problems were *working* configurations - but not the way I wanted (no https!!!) My precious https:// connections were being handled by my default http virtual host - gurr!
See, there are several flexible variations of virtual host matching/setup - that was the problem. They didn’t match easily to what I wanted to do with a new port specific “virtual” host.
Resources that were some help… (perhaps I should have read more and hacked less to start with…)
http://httpd.apache.org/docs/2.0/mod/mod_ssl.html
http://httpd.apache.org/docs/2.0/ssl/ssl_howto.html
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html
http://httpd.apache.org/docs/2.0/vhosts/name-based.html
http://httpd.apache.org/docs/2.0/vhosts/examples.html
So anyway, below is a quick config example that is similar to my final result, and would really have helped me. (Its one of the apache2 doc examples modified for my virtual hosts + https case). It shows how I tell apache2 to listen to both port 80 and 443, and then two examples of virtual (name-based) hosting on port 80, and the all important single (~virtual) host on port 443 that uses mod_ssl. (I’m catching all IP’s with * so that a) its easier and b) it works for internal and external requests… but that’s another story.)
Listen 80
Listen 443
NameVirtualHost *:80
NameVirtualHost *:443
ServerName www.example1.com
DocumentRoot /var/www/example1-80
ServerName www.example2.org
DocumentRoot /var/www/example2-80
# there can be only one domainname certificate on this ip, so forget it.
# ServerName www.example.org
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
DocumentRoot /www/otherdomain-443
...
I’m really beginning to like the way that apache2 is setup on debian (i don’t know what is debian specific however). You create sites in /etc/apache2/sites-available/ and if you want to enable them a2ensite <i>myconfigfile</i> creates a symlink into /etc/apache2/sites-enabled for you and all the symlinks are read in by the main /etc/apache2/apache2.conf files. (I always forget ln syntax otherwise… :-). There is a matching a2dissite to remove sites from being active, and similar a2enmod/a2dismod to add and remove apache2 modules.
I also use the apache2ctl start:restart:stop script (rather than /etc/init.d/apache2 …)
Well, now that i’ve won that battle, I think I’ll probably move my admin status/ tools pages to a different port (ie 447 etc) so that I can leave the standard 443 port for typical *standard* visitors… seeing a strange port number in a url can really mess with less informed and cautious people I suspect.
I love sunrise… staying up with a … “challenge” … is my normal opportunity.
Permalink
Posted in web dev at 7:49 am by Clinton
...
if ($permission && file_exists(PATH.$filename)) {
header('Content-Disposition: inline; filename='.$filename);
header('Content-Type: image/jpeg');
header('Content-Length: '.@filesize(PATH.$filename));
@readfile($filename);
exit;
} else {
die('Who the heck are you? - or- What the heck are you asking for?');
}
...
Usually, if i really wanted to make sure that people didn’t cache the content I’d include some extra headers like
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
and I thought this was good. However, recently I used the same technique for a photo-gallery, and noticed that the performance was not good - images were not being cached (exactly what i’d asked for), and I really should have another think about this.
I went over to http://php.net/header but most of the notes people have left are about making sure things are not cached - I now wanted to allow caching for a limited time (say 10 mins).
Anyway, one of the user contributed comments lead me to the web-caching.com site, and they have good info on supporting the use of caching by sending the right headers. In particular I landed on their implementation notes and so I replaced my old cached control header with:
// allow cache for 600 seconds = 10 mins
header('Cache-Control: max-age=600');
and this works as advertised (afaik with the browsers i’ve tested).
Overall, i’ll be thinking about cache headers a little more carefully in future, because caching is not something to be avoided entirely, but used wisely, and makes the net a better place.
$0.05
Permalink
09.19.05
Posted in linux at 1:32 pm by Clinton
That, and I didn’t think my baby would appreciate the self test beeps of complaint. :~)
So, I had to remember what the UPS brand/model was (APC Back-UPS Pro), and then did a bit of a search for suppliers/price. The final three contenders…
- From the manufacture website http://www.apc.com : $169.99 (US or AUS? +postage?? no thanks)
- From a company in sydney called UPS Solutions http://www.upssolutions.com: $134.02 (+postage??) Their online payment form appeared to be http not https… hmm. Better price, but No thanks.
- Battery World. No info online, but they have a store near me.
So I wandered up to battery world with a printout of the APC battery web page, and basically said “got one of these?” - “yes, i think so. How many do you need” - “one” - “that’s good, we only have one in stock”. $49.95. Yes thanks.
I removed the old battery (’you can do a “hot swap” - very cool, erugh.. hot… I had to tripple check the manual to be a believer though :) and inserted the new one. Great. However, the UPS firmware still thinks its got a dead battery and needed to be told to do a new self test. Bummer. I did find some docs related to doing a reset or test with the apcupsd tools, but didn’t quite figure it out. I used the MS approach and did a complete reboot. Fixed, but so much for my hot swap. It may have fixed itself at the next auto test time, but i was impatient.
Well, one final thing - i really wanted to update the battery date in the EEPROM of the UPS so my reports would be right… and if i’m still using this UPS in a few years i’ll know when it died. As i’ve mentioned before, I use debian
on my server, and i’ve been using the apcupsd package (apt-get install apcupsd == done (almost)) to monitor the power and perform auto warning, test, shutdown as need. I also have things set up to auto reboot when the power comes on, and that was fun to set up (not) but worth it in geek points to me when I set it up.
RIght - back to the date update. I used the “acptest” utility to connect and communicate to the UPS. Only, i needed to stop the monitoring daemon first so that the test util could do its thing.
/etc/init.d/apcupsd stop
Then:
> apctest
2005-09-19 17:18:44 apctest 3.10.18 (21 July 2005) debian
Checking configuration ...
Attached to driver: apcsmart
sharenet.type = DISABLE
cable.type = CUSTOM_SMART
You are using a SMART cable type, so I'm entering SMART test mode
mode.type = BKPRO
Setting up the port ...
Creating the device lock file ...
Hello, this is the apcupsd Cable Test program.
This part of apctest is for testing Smart UPSes.
Please select the function you want to perform.
1) Query the UPS for all known values
2) Perform a Battery Runtime Calibration
3) Abort Battery Calibration
4) Monitor Battery Calibration progress
5) Program EEPROM
6) Enter TTY mode communicating with UPS
7) Quit
I selected 5 to mess with the EEPROM
This is the EEPROM programming section of apctest.
Please select the function you want to perform.
1) Print EEPROM values
2) Change Battery date
3) Change UPS name
4) Change sensitivity
5) Change alarm delay
6) Change low battery warning delay
7) Change wakeup delay
8) Change shutdown delay
9) Change low transfer voltage
10) Change high transfer voltage
11) Change battery return threshold percent
12) Change output voltage when on batteries
13) Change the self test interval
14) Set EEPROM with conf file values
15) Quit
Select function number: 2
Enter new battery date -- DD/MM/YY: 19/09/05
Attempting to update UPS battery date ...
The old UPS battery date is: 03/23/99
The new UPS battery date is: 19/09/05
Done. Well, except i needed to start the monitor again.
/etc/init.d/apcupsd start
Very happy. Now I won’t be bugged with warning emails every 5 hours because of the stuffed battery and I can spend more time on other fun things!
Permalink
09.04.05
Posted in teach, learn at 2:06 pm by Clinton
Just spotted (2003) Aaron Swartz’s powerpoint “remix” of Edward Tufte’s essay on powerpoint. hehe… argh.. anyway.
Sadly, that demonstrates my sense of humour. Oh well. :~/
Thought i’d also point people to the Don Norman / Chris Atkinson (ask Mr Cain) interview for more powerpoint is good or bad powerpoint chatter. Enjoy.
Permalink
Posted in teach, learn at 1:54 pm by Clinton
Mr Coathup and Mr Cain
Have you heard of Edward Tutfe (wikipedia)? If not, but you care about information and presentation, then please check him out … I have three of his books, and I think they’re awesome! (A bit of a stunner for the coffee table too… but too precious for small children and animals perhaps :~)
There’s something to learn even if you don’t become a believer in his religion. His religion eh? Well, strong words I know, but he does believe very strongly about good and bad forms of visual communication. Guess which category the Prof. puts Powerpoint into eh? Well, to be more accurate, he says the use of powerpoint templates “usually weaken verbal and spatial reasoning”. See his essay info and some slides on powerpoint.
Famously and somewhat controversally, he’s credited powerpoint (usage) with contributing to NASA’s space shuttle Columbia tragedy. Google away for more on that one…
However, I like this quote of Don Normand over at jnd.org:
“Is PowerPoint bad? No, in fact, it is quite a useful tool. Boring talks are bad. Poorly structured talks are bad. Don’t blame the problem on the tool.” in defense of power point The rest of that article is good too and gets me thinking.
Lucien and I were recently wondering about different printed material for a subject, and how to most effectively revamp some material. Again, Don makes an interesting distinction for three very different types:
- Personal notes - by the speaker, for the speaker, not for the public. essential for good presentation.
- Illustrative slides - major points, illustrate, motivate the “listener”. (note - not “presenter”)
- Handouts - the place for refs, data, appendices, detail. To help remember the presentation, but also go on futher in the future.
When teaching and presenting lectures, how can we capitalise on this? Point 2 has been the topic of recent discussion around here… slides in lectures eh?. They should add to the talk, not distract from it. Words are not needed. “What good is a cleverly drafted talk if the audience is not listening” writes Don. And this brings me back to Andrew Cains recent personal observation experiments on whether attention is on the slides, the presenter etc.
Hmm.. gets me thinking. Back to Don “And don’t blame the tool for a poorly prepared, poorly presented talk.”
Yeap. Nuf said. Now if i can just stop being human, and start being perfect…
Permalink