Dariusz on Software Quality & Performance

08/02/2014

Self-signed SSL certificate HOWTO

Filed under: en — Tags: , , — dariusz.cieslak @

logo_sslSSL is used for (1) encrypting HTTP traffic and for (2) authentication server against browser's database of trusted certificates. Generating SSL certificate properly is important if you want your customer to use https properly. It costs few bugs per year, but your customers won't have any warnings in browser before SSL session (purpose number 2).

However, for internal applications, self-signed certificate may be a sufficient solution (purpose 1 only). You will find below a minimal commands to generate local SSL certificate (accept default values when asked for data on stdin):

mkdir -p /etc/lighttpd/ssl/local
cd /etc/lighttpd/ssl/local
openssl genrsa -passout pass:1234 -des3 -out server.key 1024
openssl req -passin pass:1234 -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -passin pass:1234 -in server.key.org -out server.key
openssl x509 -req -in server.csr -signkey server.key -out server.crt
cat server.key server.crt > server.pem

Then lighttpd installation:

$SERVER["socket"] == "<YOUR_IP_ADDRESS>:443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/local/server.pem"
ssl.ca-file = "/etc/lighttpd/ssl/local/server.crt"
}

Then you have to accept server certificate in your browser and voila!

19/02/2012

Web2py Lighttpd Deployment

Filed under: en — Tags: , — dariusz.cieslak @

Web2py is "full stack" Python Web Framework, Lighttpd is fast, multi-threaded HTTP server. I'll present a method to connect web2py-based application under lighttpd.

I assume the following setup is already done:

  • A domain named "myapp.com" is configured to point to your server
  • Python / lighttpd is already installed on server
  • Your web2py app is placed under /var/www/web2py
  • Your web2py app has application "myapproot" configured

First of all, you have to configure lighttpd to locate web2py application,  create file /etc/lighttpd/conf-enabled/myapp.conf:

(more…)

20/05/2010

Watch your HTTPD logs

Filed under: en — Tags: , , — dariusz.cieslak @

Recently I observed that AdWords-generated traffic dissapeared from Analytics panel. I thought: WTH?

I checked the logs and saw that URL called by AdWords:

http://my-site.com/?gclid=342343445345....

Generated 403 (Forbidden) server response. That was caused by recent change in Lighttpd filtering rules. I was paying for AdWords traffic but customer hit 403 error page. Ops!

In order to easily spot such problems in future I created the following scanner to easily find all error server responses.

awk '$9>=400' /var/log/lighttpd/access.log | less

If you are boring of 404 errors you can filter them out as well (leaving only 403 / 500 errors for investigation):

awk '$9>=400 && $9 != 404' /var/log/lighttpd/access.log | less

I discovered that the following URLs were inaccessible:

  • /robots.txt (exclusion rules for web crawlers)
  • /favicon.ico (icon used by web browsers)

Next step could be automation of this check (cron job that will send an alert if errant responses count is higher than N). It's left as exercise for the reader.

28/04/2010

SSL Certificate for Lighttpd HOWTO

Filed under: en — Tags: , , — dariusz.cieslak @

When your customer enters your website they do not want to make their passwords / credit card information to be visible for everyone (sniffing local network or one of routers in the way). That's why SSL (Secure Socket Layer) was born. Is simple words it wraps HTTP connection in a secure tunnel.

Another story is man-in-the-middle attack possibility or faking DNS servers response. You (as customer opening the webpage) should ensure that you are connecting to website you intended to (fake bank websites are big risk for your money, so it's important). That's why certification is closely bundled with connection encryption.

I'll show you how obtain and install SSL certificate under Lighttpd web server to make your website more trustworthy for your customers.

(more…)

27/03/2010

How To Effectively Migrate Web Application Between Hosts

Filed under: en — Tags: , , , — dariusz.cieslak @

In Agile world there are no immutable constraints. Your requirements may change, libraries used may be replaced during development, application may outgrown your current server setup etc. I'll show you how to make web application migration between servers as fast as possible: with minimum downtime and data consistency preserved (techniques also apply to hosting providers environment).

Known Problems

You may say: moving a site? No problem: just copy your files, database and voila! Not so fast. There are many quirks you may want to handle properly:

  • DNS propagation time
  • Database consistency
  • Preserve logs
  • Preserve external system configuration
  • Environment change impact integration tests

(more…)

Older Posts »

Powered by WordPress