networked day to day technical issues


Secure and Scalable WordPress In the Cloud (Amazon S3 for content delivery and EC2 for authoring)

Several months ago I decided to move all of the stuff running on my server (Droplet on Digital Ocean) to various cloud providers. My main motivation was that I did not have time any more to manage my email server which was made up on Postfix + Zarafa + MailScanner + SpamAssassin + ClamAV + Pyzor/Razor/DCC + Apache2 + Mysql . Then I was also dealing with monitoring + backups.
Anyway moving the mail was easy as there are plenty of cloud solutions which are mature.

With my blog (which I did not post to since a long time ago) I decided to try something a bit more interesting so I decided to move it to Amazon S3 as a static website.
In order to achieve this I had to solve the following:

  • convert WordPress from dynamically generated pages to static ones. This was easy using the plugin "WP Static HTML Output" which does what it says
  • find a solution for the comments as with a static page you won't be able to add comments. The solution was to start using Disqus. I've installed the plugin "Disqus Comment System", created a Disqus account and then using the plugin proceeded to import all of the comments which were stored in WordPress' database
  • find a solution for search. Again this was not hard and I've moved to using Google Search (plugin "WP Google Search")
  • once I had the above I generated the a static release which was a .zip file.
  • I've created an S3 bucket called . The bucket must be named as your site/blog and bucket names are unique across all of AWS S3 which means that if someone else is already having a bucket called like that then you're out of luck and your remaining option then is to use CloudFront together with a differently named S3 bucket

Multiple domain selfsigned ssl/tls certificates for Apache (namebased ssl/tls vhosts)

This is an old problem: how to have ssl/tls name based virtual hosts with Apache .
The issue is that the ssl/tls connection is established before Apache even receives a HTTP request.When Apache receives the request already the SSL connection is established with a particular hostname - ip & ssl certificate combination so this means that it is capable of serving NameBased virtual hosts only for that particular ssl/tls certificate.

There are two possible solutions here:

  • Multi domain or wildcard SSL/TLS certificates. Those are certificates which are configured with more than one name so you can create virtual hosts (in case of apache) for those domains. This is fairly easy to set up and at least for me it has worked ok in the past.
  • Server Name Indication (SNI) which is an extension to the SSL/TLS protocol and allows the client to specify the desired domain earlier and the server to be notified so it supplies the correct SSL/TLS certificate depending on the requested hostname. The problem is SNI is fairly new and few server side software supports it, also client side software needs to be fairly new. On the long run this is going to be the best solution as it has been designed to overcome this specific problem
Filed under: Apache, Linux, ssl, Web Continue reading