Category Archives: Site admin

Installing a secure Apache webserver to run Perl

So, you want to run Perl on the web, because it’s the 90s all over again. You want HTTPS, because… no, there’s no because.  You want HTTPS.  Who wouldn’t?  Here’s what you do on a Debian Linux such as Ubuntu:
sudo apt-get install apache2 libapache2-mod-perl2
mod-perl is an Apache module that allows Perl programs to be executed from Apache.

Our goal is to get /var/www/html/index.pl running at http://www.example.com/index.pl:

#!/usr/bin/perl
print "Hello World"

Disable the default Apache virtual host:

sudo a2dissite 000-default.conf

Create an example.com.conf file in /etc/apache2/sites-available with your text editor, replacing instances of example.com with your own domain name in both the configuration file and in the file name /etc/apache2/sites-available/example.com.conf

<VirtualHost *:80>
     ServerName example.com
     ServerAlias www.example.com
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory /var/www/>
              Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
              AllowOverride None
              AddHandler cgi-script .pl
              Require all granted
     </Directory>
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
     ServerName example.com
     ServerAlias www.example.com
     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined
     <Directory /var/www/>
              Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
              AllowOverride None
              AddHandler cgi-script .pl
              Require all granted
     </Directory>
</VirtualHost>
</IfModule>

If you have multiple sites, you’ll want to do things with DocumentRoot to isolate them from each other. But that’s for another post.

You might add in DirectoryIndex /index.pl to make http://www.example.com/ execute your program.

The Directory section above allows you to isolate executable code from served code, which is good practice. For this example we’re dumping the executable in with everything else, which is questionable.

Repeat this process for any other domains you host.

sudo a2ensite example.com.conf
sudo ln -r -s /etc/apache2/sites-available/example.com.conf /etc/apache2/sites-enabled/example.com.conf
sudo service apache2 restart

Punch holes in your firewall for ports 80 and 443.  Navigate to http://www.example.com/index.pl to check all is okay. You ought to see Hello World displayed for your website.

Having security used to be a pain.  SSL certificates signed by a recognised CA cost money, and then you’d have to keep them up to date, and there wasn’t process automation, so you’d do all that stuff by hand.  LetsEncrypt address all these problems, handing out free certificates and scripted everything.

Now it’s time for the S part of HTTPS:
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-apache
sudo certbot --apache

certbot renew
If that works, we’ll automatically renew our 90-day certificates every month:
echo '@monthly root /usr/bin/certbot renew >> /var/log/letsencrypt/letsencrypt-auto-update.log' | sudo tee --append /etc/crontab

Done.  You’ll never have to worry about certificates again. Now alter your Apache sites-available file (look in /etc/apache2/sites-available/) to include the (optional) redirect HTTP to HTTPS and the mandatory location of the SSL certificates:

<VirtualHost *:80>
....
# Only allow HTTPS
RewriteEngine on
RewriteCond %{SERVER_NAME} = example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>
...
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Now make the secure version live, and in the process the insecure one… shy? When a request is made for a http page, like http://example.com/index.html, the response will be “Here’s https://example.com/index.html where what you asked for has moved to… forever!”:
sudo service apache2 restart
Now requesting http://www.example.com/index.pl ought to deliver you to https://www.example.com/index.pl

Working on the server

Upgrading to WordPress 3, that kind of thing. Hold off new comments and posts until done. I’m also moving servers.

If you can see this, it’s done!

Here’s the process I’m following for moving these various sites:

Take an export of the database.

Run the SQL: update wp_posts set comment_status = ‘closed’ so nobody comes in and writes a comment subsequently lost.

Import into the new site and upload the new WP installation and the old theme and images etc onto the new site.

(I’ve found my new web ISP’s DDOS protection gets antsy if I use the default Filezilla setting of two simeltaneous connections.)

Hack the hosts file to look at it while getting it perfected.

Run /wp-admin/upgrade.php and let it upgrade the database

Go into the Admin screens, to the Permalink settings and save the default so the .htaccess file is updated

Apart from then switching the registrar so the domain looks at the new IP address, that’s about it.

Will also re-load the old .htaccess settings like the deny list for the big-hitting bandwidth thieves.

And I’m installing the W3 Total Cache plugin to optimise the site a bit. (I used to have WP set to deliver gzip-compressed pages; sometime before version 2.9, that option’s been removed.)

Update: Finally, WP3 seems to have fixed the weird bug that caused some comments and posts to be rejected dependent on particular words being present.

Don’t panic

This is not a Towel Day post. Rather, it’s just to say I’m upgrading WordPress tonight to 2.9.2, so things may be a little weird.

Update 10:07pm. Done. The big question is: have they fixed this bug?

If they have, I’ll be able to say Lynx with a space after it (in a post or a comment) and not have it give me back an error.

No. It still does it. (I’ve used a &nbsp; above.)

Server move!

Oh, the joys of fiddling with web servers.

This one’s being moved. Comments disabled until it’s finished.

PS. 23:18. Hey, what gives, this JPG won’t display, though others will. Oh well, re-delegating anyway, will sort it out in the morning.

A few good links

Last night I upgraded this site to the latest version of WordPress 2.2.1. Thank goodness it always seems to go smoothly. To my surprise, even the template (which dates back to WP 1.5) didn’t need modifying (well, not for technical reasons, anyway — I’m considering tweaking it on aesthetic grounds!)

Anyway, here’s a few good links from this week:

How Google Earth Really Works.

You’re used to the Mac/PC adverts… here’s the Parallels adverts, highlighting their virtual PC for Mac “Parallels Desktop” product.

Something I’ve talked about before highlighted again: The growing problem of accessing old digital file formats is a “ticking time bomb”, the chief executive of the UK National Archives has warned.

Site maintenance

NOW HEAR THIS, all contributors and readers:

The site will be moving servers. This is expected to happen on Wednesday afternoon. During the move, we should remain reachable, but interactive features (that means Comments) will be turned off to avoid data loss. They’ll come back on as re-delegation to the new server reaches completion.

Contributors should avoid posting their brilliant and lengthy diatribes until it’s all over.

Wednesday 9:40pm. Well, that wasn’t entirely without its challenges. But we should be okay now.

MySql woes

We’ve got MySql problems here at Geekrant central.

MySQL said: Documentation
#1016 – Can’t open file: ‘wp_comments.MYI’ (errno: 145)

Doesn’t sound good, does it? The ISP is looking into it.

Nothing else seems to be AWOL, but I’ve taken a backup of everything just in case. Wouldn’t you know it, the backup I have of wp_comments isn’t particularly recent. Hopefully the ISP has a newer one, but if not, I’ve grabbed a bunch of comments via Newsgator’s cache. Gawd knows how I’d restore them though.

Update: Fixed. May I just say, the support guys at AussieHQ hosting are deadset legends.

Missed anniversary

It’s probably the type of anniversary that can be most easily missed without dire consequences, but I just realised that as of the 1st of this month, Geekrant.org was a year old. Thanks to my co-conspirators and (some only occasional, alas) contributors Tony, Josh, Andy and Brian.

Traffic has continued to climb, so obviously somebody’s reading, even if it does seem to be mostly a handful of regulars who keep commenting.

And if you’re wondering, the biggest hitting entry is the one with those pictures of Bill Gates.

Traffic climbing

I’d like to welcome all the readers we seem to have picked up over the last few weeks. I don’t know where you’ve all come from (haven’t had time to properly peruse the logs) but the graphs are clear: like a thriving assassination business, we’re getting more and more hits all the time. Hopefully it’s not ‘cos it’s a couple of people who’ve got their RSS readers pounding us every 5 seconds.

Don’t forget to leave us comments. We love to hear your thoughts on the gumpf we post up here. If you were waiting for a post where you felt you could contribute something witty, relevant and intelligent, well… you can keep waiting, or feel free to say hello on this one.

Bearing in mind that we’re currently on a low budget cheapo traffic plan at the moment, and perilously close to blowing out our monthly quota after just 3 weeks into March, I’ve fiddled the WordPress settings to only serve 10 posts via the home page or RSS feed — down from the default of 20. This should still give you about a week’s worth of Geekrant Goodness, which should be plenty for most people. And hey, it’s all in the archives if you want to delve back further. But let us know if it effects you.

And if the traffic keeps climbing, I’ll be pushing the plan up a notch to handle it.

Smoke me a kipper…

About to upgrade this blog to WordPress 1.5.

11:40pm. Done. The main difference noticeable to readers will be that your comments automatically go to moderation if you’ve never left a comment before.

WP admin heading in Firefox.One thing notable to us authors is that the top of the admin pages looks a bit screwy in Firefox (but okay in IE). Not sure why that is, because WP1.5 doesn’t do that on my other blogs… something to look at when I have more time.

Spam Karma

Well after deleting what seems like hundreds of bloody comment and trackback spams over the past week, I’ve installed Spam Karma (billed as a “fearless Spam Killing Machine”) on this blog. If it’s successful, I’ll be installing it on my other WordPress blogs.

It includes blacklists, captcha or email verification for suspicious comments, a myriad of settings, all that good stuff. For now I’ve set it to “lenient” mode until I get a feel for how strict it is. Feel free to leave junk comments here to see how it goes. (But beware of deliberately leaving spammy comments — for all I know it may decide to blacklist your IP address!

PS. Tuesday 21:25. The manual install as in the ReadMe worked for fine me, except that you can’t get to the config page through the menus, you have to activate it from the plugins page, then go to the URL it quotes. (This is apparently a known thing with WP1.2, but I guess it applies to WP1.2.2 as well, which we’re running here. Presumably it doesn’t apply to the current nightly builds or to the future 1.5.)

Also be sure to try the test captcha page (linked off the config page) to make sure that bit works (eg the correct PHP libraries are there somewhere. If they’re not, I guess you need to hassle your ISP. Works fine for me.)

PS. Wednesday 21:15. There is a hitch: the e-mail it sends out summarising what it’s done is encoded with something. I think this is an incompatibility with the PHP setup on my ISP… the same thing happened with WordPress 1.2’s password reminder messages. I’ll have to dig around for a fix.

It should also be noted that Tony has tried to plonk it onto a blog he runs, and is having some issues. So it’s not all beer and skittles.

On the bright side, it tells me it caught 20 spam comments in the last 24 hours. I certainly haven’t seen any get let through.

PS. Thursday 20:05. Some are getting through, but evidently nowhere near the total number being caught. Hmmm.