Let’s Encrypt

October 17, 2017

#https #letsencrypt #ssl #tls

Additional fields added to the Custom Taxonomy
bunhill.com @ ssllabs.com

With Let’s Encrypt we can create, install and manage our own certificates and enable HTTPS (SSL/TLS) for websites, for free. These are not self-signed certificates – Let’s Encrypt is a properly recognised certificate authority (CA) sponsored by some of the internet's leading brands.

It’s a particularly good solution for anyone running their own server or VPS – using the Certbot client the process of obtaining and installing a certificate is largely automated for both Apache and NGINX. Excellent tutorials here at DigitalOcean. There is a little more involved when running multiple domains on a single VPS but it is easy to do.

Installing a third-party certificate with managed hosting is also possible in some cases via cPanel. GoDaddy has this tutorial. Let’s Encrypt certificates can also be created using a wide variety of third party alternatives to Certbot which implement the ACME protocol. Personally I am most comfortable using the Certbot client.


DigitalOcean: Cloud computing designed for developers

August 17, 2017

#DigitalOcean #VPS Hosting

DigitalOcean is a VPS provider – it offers a high performance alternative to fully managed hosting for developers who are comfortable setting up and self managing their own Linux installations. It’s functionally similar in many ways to working with a dedicated physical server but unlike fully bare-metal solutions, DigitalOcean offers virtualized instances. DigitalOcean has data-centers in San Francisco, New York, London, Amsterdam, Frankfurt, Bangalore & Singapore. 

DigitalOcean has a wealth of excellent documentation and I have been using it a lot over the past two years. I more comfortable working like this than with managed hosting – simplification often makes things more convoluted. Anecdotally, much faster too – and it is certainly typically easier to upgrade the server specification, add load balancing, migrate to a different country etc. I am okay using managed hosting interfaces such as cPanel  – but I would much prefer to use the command line and a simple text editor. That’s my working environment of first choice. It’s great being able to quickly spin-up a ‘droplet’ based server – or to be able to trivially create a sub-domain, for example in order to create a staging version or to demonstrate possible changes. And if something isn’t working or is acting strange then I can be straight into the logs to try to figure out why.

Accessing remote databases using phpMyAdmin running locally

August 17, 2017

#Linux #MySQL #PHP #phpMyAdmin #Raspberry Pi #WordPress

I believe it makes a lot of sense to only ever use a local copy of the phpMyAdmin client typically used to manage MySQL databases – ie to access live servers remotely via the local client. Installing phpMyAdmin on an actual server creates an additional unnecessary potential vulnerability – another login point.

I have the phpMyAdmin client installed on the Raspberry Pi which is use as a local network web server for development. I can then access the client interface from any machine on the local network and use phpMyAdmin to manage the remote databases.

There are plenty of guides explaining this online. In brief – two steps involved in setting this up to access remote databases:

  1. Create new entries for each of the remote databases in the config.inc.php file.

  2. Use SSH tunnelling to create a secure connection from the local machine to the remote host. Eg: sudo ssh -fNL 3307:localhost:3306 sudo_user@REMOTE_HOST_IP_ADDRESS

NB: I found that the repository version of phpMyAdmin for my Linux distribution was always somewhat out of date. I decided, instead, to manually install phpMyAdmin under the local web server’s default root directory and to access it directly from there. I probably wouldn’t have wanted to do that if I were not running it from behind a NAT router.

Raspberry Pi local web server for development

July 17, 2017

#Apache #LAMP #Linux #MySQL #PHP #Raspberry Pi #Squid #SSHFS #WordPress

Ideally we never want to be working or testing on a live public-facing installation. But we want our test environment to mimic the actual domain – eg URLs etc. For a while I was using MAMP Pro running under macOS on my development machine. MAMP creates a local Apache/MySQL/PHP stack. Over time however I found this to be a relatively convoluted solution. In particular I found myself having to sometimes solve specific MAMP related issues. Or after a re-installation, I would have to work through how to do set everything up again under MAMP.

A headless Raspberry Pi + LAMP stack running on the local network is a great platform on which to run a local web server for development (it’s important that the Pi is running off a USB stick since constant write cycles would apparently quickly destroy an SD Card). I’m using a Pi 3 connected via wifi. I don’t need to remember a different set of ways of doing stuff – it’s more or less like the actually Linux server environments we work with.

Apache virtual hosting is configured exactly as if the server were on the live internet – with Squid set up such that the Pi also serves as a proxy server. This way all devices on the local network can potentially see the development domains as if they were on the real internet (eg https://www.example.com is on the local network during development or testing). Testing or developing under macOS or a desktop Linux, edit /etc/hosts such that example.com points to the local web server address – but on iPads, phones etc this is not trivial – hence the benefit of running a proxy server. Under iOS and Android the proxy settings can be appended to the network connection.

The local webserver is accessed exactly as if it were on the real internet – eg via SSH. Or we can use SSHFS to mount the remote file systems locally – such that the directories and files needed can be browsed locally or opened for editing. Under macOS we can use FUSE.

Visual Studio Code
Visual Studio Code with remote file system mounted via SSHFS using FUSE for macOS
1 3 4 5