Generating a CSR with SAN at the command line

Lately, I’ve explored creating my own CSRs for use with Let’s Encrypt, so I can control the common name and subject names. I’m neurotic enough that I can’t bear to let Let’s Encrypt decide.

Including additional domains, a technique known as Subject Alternatives Names or subjectAltName (SAN), requires a configuration file to pass the relevant arguments to OpenSSL.

Continue reading Generating a CSR with SAN at the command line

The stuff of nightmares…

This is why I have many redundant backups plans. From The Independent:

Man accidentally ‘deletes his entire company’ with one line of bad code

I feel badly for any clients who relied on this hosting service and didn’t have their own backups. There’s sadly so little chance of the company recovering any data given what’s described in the original ServerFault thread.

I’m terrified of some catastrophe befalling my servers or hosting providers, so I’ve gone to extremes: “Assuaging my paranoia with redundancy and many, many backups.”

Request type and nginx caching

A few weeks ago, I published a new post and was immediately contacted by Aaron Brazell reporting that the page was blank. A few moments of testing couldn’t reproduce the issue before it “resolved itself,” so I attributed his trouble to some transient problem and thought little more of it. After all, I’d received just one inquiry about this over the last several months of regular publishing.

I should’ve investigated further, as the problem proved quite easy to reproduce.

Continue reading Request type and nginx caching

Solr search for Dovecot and WordPress

Perhaps the most-significant effect of leaving Gmail behind was the loss of its search capabilities. While I miss labels, I’ve found that filing an email into a single folder has forced me to be more deliberate, more organized. Search, however, was a feature I had to replicate.

When considering search solutions, any potential choice, at a minimum, needed to support Dovecot 2.21. Ideally, WordPress would also be indexed by whatever solution I chose.

Continue reading Solr search for Dovecot and WordPress

  1. Full-text search options changed in version 2.2, hence my emphasis on that particular point release. Dovecot Pro, which I don’t pay for, includes a new full-text search tool, which supersedes the option Dovecot provided previously.

Simple WordPress shortlinks

I recently decided to abandon YOURLS as my shortlink solution, opting instead to handle short URLs entirely within WordPress. This choice is not a reflection on YOURLS–it’s still a great product–but rather was borne from my use case for shortlinks; I concluded that, since I only used them in conjunction with WordPress, an external shortlink service was excessive.

While WordPress has provided a native shortlinks feature since the 3.0 release, it uses query strings rather than pretty permalinks. This means that the shortlink for this post would be http://ethitter.com/?p=6360. It’s not the prettiest URL, nor will many systems cache that request; as a result, each shortlink that’s followed would load all of WordPress just to perform a redirect to the post’s full URL. Unsatisfied with Core’s handling but also unwilling to retain YOURLS, I wrote a small WordPress plugin to address my needs.

Continue reading Simple WordPress shortlinks

Planning for the post that Matt links to

For most of the time that I’ve had my multisite network and the underlying infrastructure that I’ve written about lately, I’ve been overly focused on performance and scalability.

I say “overly focused” because I average about 50 views a day here on ethitter.com, on a good day. I write about exceedingly technical–or exceedingly uninteresting–topics, so that’s no surprise.

It’s also no surprise that my two most-popular posts are both about Automattic: the first announcing my hiring, the second declaring that Matt will have to fire me to be free of me. Interest in our hiring process and company culture far exceeds that which exists for my blathering.

When Matt retweeted the latter post back in January, my heart paused, then skipped into overdrive. Beyond the excitement of Matt recognizing my post, I immediately feared the embarrassment of my site crashing.

As it turns out, I had nothing to worry about. The pageviews were, while meaningful for this humble site, insignificant as far as the infrastructure was concerned. No resource-usage alerts were triggered, nor did my provider inform me that I’d exceeded my plan’s allotments. Between Redis-based object and page caching, nginx microcaching, and a robust CDN, there was really no cause for concern.
Continue reading Planning for the post that Matt links to

Experiments with mailserver redundancy

When I decided to test if I could successfully configure and operate my own mailserver, I knew I’d need to account for times when that server was down. Overall, my primary server has had very few disruptions, but when this website was the only service that could be impacted, I also wasn’t as concerned about 100% uptime.

Continue reading Experiments with mailserver redundancy

X-Frame-Options and WordPress post embeds

WordPress 4.4 simplified the process of embedding WordPress content on other sites with the introduction of post embeds. From the feature’s announcement post:

WordPress has been operating as an oEmbed consumer for quite some time now, allowing users to easily embed content from other sites. Starting with version 4.4, WordPress becomes an oEmbed provider as well, allowing any oEmbed consumer to embed posts from WordPress sites.

The problem

As exciting as this feature is, it ran into an incompatibility with my server configuration. I’ve set the X-Frame-Options header to SAMEORIGIN near-universally within my nginx configuration, thereby blocking other sites from displaying my sites in frames; instead, my sites can only display their own content inside of frames. I’ve done so as a security measure against “clickjacking.” This header has no impact on my use of WordPress, nor on visitors’ interaction with my sites, but as I discovered, it breaks post embeds in an awkward way.

Continue reading X-Frame-Options and WordPress post embeds