3rd February
written by simplelight

Renew the certificate at RapidSSL (or look around for a new vendor)

In the end, all that is needed is to copy the following into /etc/ssl/localcerts

a) private key file (.key)

b) certificate file which is created by cut and pasting first the regular certificate and then the intermediate certificate

Then, run the checks below to make sure everything is working correctly.

Then restart nginx:

sudo /etc/init.d/nginx restart

Note: I had some weird permission issues to it is easiest to just edit the actual files rather than try to create new ones.

Todo next time: Investigate whether it is worth the effort to generate a CSR (certificate signing request) on our server. Also, consider using Let’s Encrypt


Checking that the Private Key Matches the Certificate

The private key contains a series of numbers. Two of those numbers form the “public key”, the others are part of your “private key”. The “public key” bits are also embedded in your Certificate (we get them from your CSR). To check that the public key in your cert matches the public portion of your private key, you need to view the cert and the key and compare the numbers. To view the Certificate and the key run the commands:

$ openssl x509 -noout -text -in server.crt
$ openssl rsa -noout -text -in server.key

The `modulus’ and the `public exponent’ portions in the key and the Certificate must match. But since the public exponent is usually 65537 and it’s bothering comparing long modulus you can use the following approach:

$ openssl x509 -noout -modulus -in server.crt | openssl md5 $ openssl rsa -noout -modulus -in server.key | openssl md5

And then compare these really shorter numbers. With overwhelming probability they will differ if the keys are different. As a one-liner:

$ openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
  openssl rsa -noout -modulus -in server.key | openssl md5

And with auto-magic comparison (If more than one hash is displayed, they don’t match):

$ (openssl x509 -noout -modulus -in server.pem | openssl md5 ;\
   openssl rsa -noout -modulus -in server.key | openssl md5) | uniq

BTW, if I want to check to which key or certificate a particular CSR belongs you can compute

$ openssl req -noout -modulus -in server.csr | openssl md5
8th November
written by simplelight

We have written previously about the outsourcing of the web stack. In this post, we will add more color on why the outsourcing of the entire web platform makes sense. While developers have gravitated en masse to offerings like Heroku, there is still a wider lack of appreciation for why PaaS is a major trend.

In this post, we are going to set aside the wider question of the economics of running your application on a PaaS versus hosting and maintaining your own servers. Our aim is to describe what constitutes a PaaS and how it differs from IaaS (such as Amazon Web Services) and other SaaS offerings like

The Four Pillars of a PaaS

  1. No installation required. Whether your application is written in Ruby on Rails, Python, Java or any other language de jour there should be no need to install an execution environment when deploying your application to a PaaS. Your code should run on the platform’s built-in execution engine. While minor constraints are necessary, our view is that the successful PaaS providers will largely conform to the language specifications as they are in the wild. This ensures portability of your application between platforms and other hosted environments.
  2. Automated deployment. A single click or command line instruction is all that stands between the developer and a live application.
  3. Elimination of middle-ware configuration. Tweaking settings in Apache or Nginx, managing the memory on your MySql instance, and installing three flavors of monitoring software are now in the past.
  4. Automated provisioning of virtual machines. Application scaling should happen behind the scenes. At 3am. Without breaking a sweat.

There are a few other characteristics of the new breed of PaaS services which we would regard as optional components of a platform but which greatly enhance its utility. By integrating other components into the web stack and constraining these to a few, well-curated and proven bundles, a PaaS offering can both consolidate services into a single bill but, perhaps more importantly from a developer’s point of view, ensure inter-operability and maintain a best-of-breed library. Heroku has done a great job of facilitating easy deployment of application add-ons such as log file management, error tracking, and performance monitoring.

There is often confusion as to the difference between PaaS and SaaS: a PaaS offering is an outsourced application stack sold to developers. A SaaS offering is a business application typically sold to business users.

The difference between PaaS and IaaS is more subtle and over time the dividing line is likely to blur. Today, the PaaS platforms begin where the IaaS services leave off: IaaS effects the outsourcing of the hardware components of the web stack. PaaS platforms effect the outsourcing of the middleware components of the web stack. It is the abstraction of the repetitive middleware configuration that has caught the imagination of developers. PaaS saves time and expedites deployments.

Tags: ,
19th September
written by simplelight

I used Ubuntu 10.04 so that I know I don’t need to upgrade for the next four years.

1. Follow Linode’s excellent ‘Getting Started‘ instructions.

2. Add a new user and add them to the sudoers file.

3. Use Josh’s ‘Railsready‘ script to install Ruby etc.

Rather than using RVM to create gemsets, I prefer to ‘Vendor Everything‘, so I didn’t use RVM to install Ruby.

4. Install Passenger (this will also install nginx)

19th July
written by simplelight

In this way you can obtain the list of the ten oldest processes:

ps -elf | sort -r -k12 | head -n 10

To sort processes by memory usage use “Shift M” when running.

Use ‘c’ to show full path for command.

For other useful ‘top’ configurations.

Tags: ,
25th August
written by simplelight

When you’re debugging/analyzing MySQL queries in the Rails console, it helps to turn on ActiveRecord logging:

#Enable ActiveRecord logging
def loud_logger(enable = true)
  logger = (enable == true ? : nil)
  ActiveRecord::Base.logger = logger
11th August
written by simplelight

collect {|item|block} and map{|item|block} do the same thing – return an array of things returned by the block.  This is different from returning specific items in the collection being iterated over.

Which leads to select.

select{|item|block} will return actual collection items being iterated over if, for each item, the block condition evaluates to true. Not the same as returning what the block, itself, may return.  In the case of select, the block would always return an instance of class TrueClass or FalseClass.  Typically, [true, false, ..., true] is not what you’re looking for in your resulting array.

Slightly modifying the core RDoc example:

a = ["a", "b", "c", "d"]      #=> ["a", "b", "c", "d"] {|item|"a" == item}     #=> [true, false, false, false] {|item|"a" == item}  #=> ["a"]

14th September
written by simplelight

The complete guide to handling web sessions in a Ruby on Rails framework

5th July
written by simplelight

I use the Rails console mainly to poke around in my database. Unfortunately the display of the records returned leaves a lot to be desired. Hirb solves this problem perfectly! Here are the quick steps you need to get the basic functionaliy:

  1. Install the gem: sudo gem install cldwalker-hirb –source
  2. Start the console: ruby script/console
  3. Require Hirb: require ‘hirb’
  4. Enable it: Hirb.enable
  5. Try it: x = Model.find(:all)