Category Archives: *nix

SSL for your local development server

So, some of you may have gotten MAMP to work happily with self-generated SSL certificates. It’s a bit tricky and I’ll assume you’ve got that working.

… a quick tip on getting OS X to shut down the default installed apache so Mamp can run on port 80 and 443:
(found here… https://gist.github.com/jfloff/5138826 )

First of all you need to be able to run MAMP in port 80. This is a “heat check” if you don’t have any process jamming http ports. You can check it like this:

sudo lsof | grep LISTEN

If you do happen to have any process with something like this *:http (LISTEN), you are in trouble. Before with adventure check if it isn’t MAMP itself (yeah, you should close that beforehand)

ps If you don't see MAMP, you are in good hands, I have just the thing for you:
# I've forced the removal of the job
$ launchctl remove org.apache.httpd

# and load it again
$ launchctl load -w /System/Library/LaunchDaemons/org.apache.httpd.plist

# and unload it again
$ launchctl unload -w /System/Library/LaunchDaemons/org.apache.httpd.plist

Now you should be able to use port 80 (and almost any other) in MAMP. Just go to MAMP > Preferences > Ports Tab and click the Set to default Apache and MySQL ports.

….now back to SSL certs

However, there’s a new wrinkle. Chrome and FF both have decided that self-signed certificates need to be of the Version 3 variety, rather than the plain old ones generated by MAMP. I ran into an issue where chrome was complaining about a missing subjectAltName in the certificate that I had set up.

So, here’s the article I used to get my stuff sort of working:

https://alexanderzeitler.com/articles/Fixing-Chrome-missing_subjectAltName-selfsigned-cert-openssl/

Here’s another version of that:

How to Create Your Own SSL Certificate Authority for Local HTTPS Development

OMG, you say, that’s like waaaaaaa? No worries, I’ll help break it down here and do it a little differently.

They have you create all sorts of scripts. I’m not sure why, probably because it’s the right way to do it, but here’s the straight forward way to set up.

What you are doing is creating your own CA certificate (aka a certificate authority), then using that to create a certificate for your site that needs ssl.

In the following directions, you need to replace YOURLOCALSITEDOMAIN with the domain your are setting up on your MAMP server. You know, like mysite.dev, or sams-site.dev, etc…

Go to the directory, where you store your ssl certificates for MAMP and do the following:

STEP 1
On the command line type out the following:

openssl genrsa -des3 -out rootCA.key 2048
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.pem

– this sets your server up to be a CA certificate issuer
– it’s going to ask you a bunch of questions about the country, state, city, and other things. Just answer them with your own info 🙂 The questions will be similar to the parameters you see in the [dn] section in the code below.

STEP 2
Create a file called YOURLOCALSITEDOMAIN.csr.cnf with the following:

[req]
default_bits = 2048
prompt = no
default_md = sha256
distinguished_name = dn

[dn]
C=US
ST=New York
L=Rochester
O=End Point
OU=Testing Domain
emailAddress=your-administrative-address@your-awesome-existing-domain.com
CN = YOURLOCALSITEDOMAIN

– This is a configuration file that will be used when generating your specific site certificates. Change the ST, L, email parameters to whatever you want. I’d go ahead and use your own email.

STEP 3
Then, create a file called v3.ext with the following:

authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = localhost
DNS.2 = YOURLOCALSITEDOMAIN

– This is the file that is used by the CA issuer to ensure your cert is version 3 and offers up the named domain as you see in the parameter DNS.2.

STEP 4
Then generate the certificates with this!!! On the command line type out the following (don’t forget to replace the YOURLOCALSITEDOMAIN with whatever development domain you are using:

openssl req -new -sha256 -nodes -out YOURLOCALSITEDOMAIN.csr -newkey rsa:2048 -keyout YOURLOCALSITEDOMAIN.key -config <( cat YOURLOCALSITEDOMAIN.csr.cnf )

openssl x509 -req -in YOURLOCALSITEDOMAIN.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out YOURLOCALSITEDOMAIN.crt -days 5000 -sha256 -extfile v3.ext

Now, when you need to get a second site working, you'll repeat steps 2 through 4. HOWEVER, you won't recreate the v3.ext file. You'll just add a new DNS parameter with your new domain. So, in the above example, I'd be adding DNS.3 = NEWSITEDOMAIN. You'd add a new DNS parameter for each new secure site you do.

STEP 5
Now, open your keychain access app in OS X and add your new certs, then set them to always be trusted. That way your mac will stop throwing warnings. Also, if you are looking at your site in the CodeKit Bonjour URL, then you'll need to add the Temp SSL certificate Codekit creates. You'll find that in the My Certificates section of the Keychain Access app.

I also ran into a thing with iThemes Security. The .htaccess rules were causing redirect loops for the SSL. You could get to the home page, but no secondary pages. Secondary pages resulted in a 500 error. Replacing the iThemes Security SSL feature with the plugin, 'really simple ssl', then clearing out the config that iThemes put in the .htaccess file cleared that right up.

OMG, that made your brain hurt, right? It made mine hurt for a bit too, but hopefully all is working for you now.

Grep find xargs regex and other great tools

This is a little dumping ground for me to use to store useful recipes.

Find a file that was created between two ranges, say on the same day…

touch -t 201608200000 start
touch -t 201608202359 stop
find . -newer start \! -newer stop


Find all files with a particular name or extension and delete if you want

find . -name "*.bak" -type f -delete

Just run without -delete to review before you do it

Find files or directories with a certain permissions set, or without a certain permissions set

find files that don’t have permissions of 644
find /path/to/dir/ -type f ! -perm 0644 -print0

find files that don’t have permissions of 644 and change them
find /path/to/dir/ -type f ! -perm 0644 -print0 | xargs -0 chmod 644

counts all .php and .html files from the current directory that aren’t under the “includes” or “forum” directories.
wc runs wordcount on each file that matches. the “tr” through “bc” takes those numbers and adds them up.

find . -not \( -path ./includes -prune \) -not \( -path ./forum -prune \) -regex ‘.*/.*\(php\|html\)’ -exec wc -l \{\} \; | tr -s ‘ ‘ ‘ ‘ | cut -d ‘ ‘ -f 2 | paste -sd+ – | bc

Partial Content 206 error on fonts after a hosting migration

I’ve recently encountered an issue twice in the last few weeks where the font-face fonts on a website stopped working after a migration to a new hosting provider.

I used the nifty tool, Backup Buddy from iThemes, and all went well, except on the new server the embedded fonts weren’t rendering. :/

After many hours of searching, checking headers, and such, I bothered to look at the console output in Chrome and noticed that there was an error speaking to cross-domain issues specifically regarding the font files.

So what was the issue? In WordPress, you can set the WordPress Address and the Site Address separately. If one is www.somedomain.com and the other is somedomain.com (aka the sub-domain doesn’t match) then you’ll get this pesky error.

Hope that helps.

Tips for setting up your own LAMP stack in Mac OSX

Hey, this is NOT a comprehensive guide to setting up your own development environment, but I thought I’d post a few pitfalls I’ve discovered.

Most macs are set up out of the box to run apache found in /etc/apache2/. Normally, the system user and group for apache is _www. If you try to set up sites in /usr/HOMEDIR/Sites, it’ll likely give the files there the ownsership:group of YOURUSER:staff (or something else than staff). It either needs to be _www:_www OR YOURUSER:_www (and then you change the httpd.conf file to reflect YOURUSER for the User variable).

Also to edit any system files like that, be sure to edit as a super user or sudo.

Android Emulator

Most of you know that you can install an Android Emulator on your computer to test apps and websites.

I’ve got the Android SDK installed so I can run an emulator. Recently, I removed an old version of the SDK and started from scratch. I’d installed it in a place I didn’t like and wanted to start over. The problem I ended up having was that the 4.x version that I installed had an insanely slow emulator. Here’s a nice little write by Mirko Juric-Kavelj up on how to speed up that emulator 🙂