Enabling HTTPS LetsEncrypt on WordPress

Leave a reply

Been interested with the movement to secure the web for free (one of them is CloudFlare and the other is LetsEncrypt initiation) – and since WordPress.com enable LetsEncrypt for all their custom domain customers – so I choose LetsEncrypt project to secure this site (and also since CloudFlare’s Universal SSL kind of need their account)

I follow the guide on this To enable letsencrypt on Nginx. And here’s my nginx site snippet

listen 443 ssl spdy;
server_name mydomain.com; root /opt/www/mydomain.com;
ssl on; 
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; 
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem;
index index.php index.html;
access_log off; error_log /opt/www/mydomain.com/log/error.log;
charset utf-8;
location / { try_files $uri $uri/ /index.php?$args; }
location ~ /.well-known { allow all; }
.....

The ~ /.well-known location block will be written by letsencrypt tool to make sure that we own the domain (in a sequence they call ACME validation). It’s basically just their server check for the existence of a randomized-token file for acknowledgement.

Here’s the script that I use to ask for new certificate.

sudo ./letsencrypt-auto certonly -a webroot --webroot-path=/opt/www/mydomain.com -d mydomain.com -d www.mydomain.com

And for the auto renew. I just put this on crontab -e

30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

If you use vanilla nginx then use

35 2 * * 1 /etc/init.d/nginx reload

If you use upstart loaded nginx then use

35 2 * * 1 service nginx reload

So it will ask for renew for every week, if it’s about to expired then it will be automatically refreshed by a new cert (you need to do this on some interval – since letsencryt cert only valid for around 3 months)

As for wordpress. I just make sure the Site URL setting refer to https:// URL instead of http

Nifty!

WordPress from PHP to HHVM

2 Replies

This blog was using nginx+php5.5+mysql and I’ve been reading about hhvm and it`s 100% compability with WordPress.

So it’s worth to test.

OK, what I was doing basically installing hhvm using this guide

sudo apt-get install software-properties-common
sudo apt-key adv --recv-keys --keyserver hkp://keyserver.ubuntu.com:80 0x5a16e7281be7a449
sudo add-apt-repository 'deb http://dl.hhvm.com/ubuntu trusty main'
sudo apt-get update
sudo apt-get install hhvm

Since hhvm is also fastcgi compatible, all I do is changing my nginx sites configuration to

location ~ \.(hh|php)$ {
    fastcgi_keep_conn on;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include        fastcgi_params;
 }

Restart hhvm and restart nginx to make sure the configuration got reloaded. And done!

Home Automation By Presence Detection

Leave a reply

Some friends asking me about my Homebred setup for my home automation – It’s been a while since I promise to write about it – so here you go. (will open the code as soon as I can make it readable for public and clean it up from my custom setups)

The setup is simple, nothing fancy.

It’s using tricky simple presence detection – a.k.a detecting MAC address of my phone and trigger scripts based on that. The weakness of it that it will need DDWRT router (you can use other router that list connected clients MAC address, but you will need to adjust the scrapper code to login and scrap your router interface)

Presence Detection

Install DDWRT on your router. Make sure the setting to expose info page

Info

After this is enabled. It will expose Info.htm that you can use to scrap for information about your router. See the Wireless clients table on the bottom of the Info.htm page

Info.html

Create daemon that check DDWRT status page on some interval and check for the existence of specific MACs. If some specific MACs is detected, go to a folder and run all scripts.

The Presence Script

The daemon itself is a Nodejs script that run on my Raspberry Pi. It run using cron on some certain interval.

I use Nodejs script for easy development effort :). For request Nodejs have Request and for scrapping it have Cheerio that makes all scrapping needs as easy as creating jQuery selector. For the DDWRT info page.

var request = require('request'); 
var cheerio = require('cheerio');
request('http://10.0.1.1/Info.htm', function (error, response, body) { 
    if (!error && response.statusCode == 200) { 
        var $ = cheerio.load(body); 
        var clients = $('#wireless_table tr'); 
        // loop for clients - do the necessary MAC detection here. Don't forget to save it to external flag file so you can create event 
        // `onEnter`, `onExit` etc 
        // I save list of MACs that need to be checked in a simple JSON file 
    } 
 });

When the above script detect an event, it will try to list all executable scripts in a folder – For example I have /opt/MYMACADDRESS/enter.d/ and /opt/MYMACADRESS/exit.d/ so when my MAC is detected as entering, it will executes all executable scripts in /opt/MYMACADRESS/enter.d/*

In Nodejs, it’s as easy as

// loop for scripts and execute it using the code below
child = exec(scriptFileName, function (error, stdout, stderr) { 
    console.log('stdout: ' + stdout); 
    console.log('stderr: ' + stderr); 
    if (error !== null) { 
        console.log('exec error: ' + error); 
    } 
});

So I can create many scripts using shebang notation in the folder and those will be executed accordingly.

Scripts

The scripts are fine tuned to my home setup. But it can be anything. Here’s some Ideas

  1. Set transmission torrent client to unlimited /usr/bin/transmission-remote -D && /usr/bin/transmission-remote -U (when I am at work)
  2. Set transmission to 0kb/sec /usr/bin/transmission-remote -d 0 && /usr/bin/transmission-remote -u 0 (when I am at home)
  3. Bash script that update Dynamic DNS provider with my new IP – It used to twit my public IP to a protected twitter account 🙂
  4. Twit to the protected twitter account if some specific MACs is entering my wifi network
  5. Turn on Air Conditioner by accessing IR arduino trough raspberry GPIO
  6. Wake On Lan my gaming PC by utility called powerwake powerwake 10.0.1.100

Non DDWRT Router

Well the idea can be applied to other router interface. Most router use basic authentication to access the internal web application. In Nodejs it’s as easy as (or use basic auth bearerToken)

request.get('http://192.168.1.1/').auth('username', 'password', false);

And then tweak your scrapper accordingly to harvest for MAC address or static IPs.

The New Begining

Leave a reply

Me

I remember it was 1995, I was young, around 10-11 years old kid with identity issue. What Identity issue you may ask? One example is – I used to ask myself Who Am I? What is the purpose of living?. I used to identify it as an identity issue because when I ask that kind of question to older people. most of them shrug, laugh or telling me that someday I’ll figure it out (with loud laugh or simple smirk of course)

Is it wrong for a 10 years old to get the answer of it? the purpose of their life? How old a person can get the real answer of their purpose of life? 20? 30? 40? or by the deathbed?

Continue reading