Druapl 7 problems behind a proxy

I run Drupal behind an Apache Traffic Server caching proxy. In my setup, the proxy listens on port 80, and the real Apache HTTPD server listens on port 82 (which is firewall off). In my Traffic Server remap.config, I have a rule like

map http://www.boot.org  http://www.boot.org:82

Granted, in retrospect, this is not the best of setups, but it does however causes serious problems with Drupal 7, whereas it does not cause problems with Drupal 6. In D7, the favicon.ico and all JS and CSS URLs in the head are created to use absolute URLs. I don't set an explicit $base_url in my Drupal settings.php, more on that later, and this causes the URLs to get the wrong base! These URLs are all getting a form like

http://www.boot.org:82/misc/favicon.ico

Yikes! This obviously fails, since port 82 is not accesible from the outside. Browsing the forums, the "solution" seems to be to set the $base_url in the Drupal settings.php configuration file, e.g.

$base_url = 'http://www.boot.org';  // NO trailing slash!

This does indeed solve the problem, however, it now breaks when I want to use e.g. https://www.boot.org for admin access. Besides, why these URLs should be absolute, is a mystery to me, they certainly were not in D6.

The solution I'm ending up with is of course to change Apache Traffic Server to use what we call "pristine host headers", so that the Origin server (Apache HTTPD and Drupal) sees the original client Host: header. I could not get any help from the Drupal IRC, or forums, but if anyone has any insight on why D7 is doing this crazy stuff with absolute URLs, please post. In an ideal world, they really should change these to be relative, e.g. /misc/favicon.ico.

Hacking: 

Drupal, Traffic Server, HTTPS and CDNs

I use Drupal for most of my sites. It generally works well, despite all the weirdness it does (Drupal 7 is doing strange things behind a proxy, more later). One thing is, I've started using a CDN (NetDNA) for my site. With HTTPS, this generally doesn't work well, since I'm not enabling HTTPS for the CDN (at least not yet). The CDN module in Drupal generally works well, but I couldn't see an option to prevent it from using the CDN with HTTPS. This would generate those annoying warnings from Internet Explorer for example.

Since I'm also using an Apache Traffic Server proxy in front of Apache HTTPD, the protocol information was lost oncey it hit Apache, PHP and Drupal. Bummer. I browsed through the CDN code, and noticed they do indeed honor a header of X-Forwarded-Proto, which if set to "https" will prevent the CDN from being used. I added a plugin for my remap rules, with a config like

[SEND_REQUEST_HDR]
        X-Forwarded-Proto =https=

And I activated this for the https remap.config rules for Apache Traffic Server. With this, my Drupal site now stops using the CDN when Apache Traffic Server maps from https:// to the http://localhost URL.

Hacking: 

Mouse follow focus on OSX

I always configure my Linux window managers to use "focus follow mouse". Meaning, whichever window the mouse cursor is currently in, gets keyboard focus. This is not possible with most OSX applications, because of how they've designed the UI with one Menu bar etc. However, at least two apps. Terminal and the X11 server, can be configured to do just this. It's really easy:

$ defaults write org.x.X11 wm_ffm -bool true
$ defaults write com.apple.terminal FocusFollowsMouse -string YES

 

Hacking: 

xclip

I use more and more remote X11 applications now, and VNC, since I switched my desktop (and laptops) over to use OSX entirely. This works great. Sometimes, it can be a bit annoying to get the clipboards and selections to synchronize across windows, or even to just get a portion of a file from e.g. X11 into OSX. There's a very useful command for this, that can easily be scripted (and bound) to some key of your own preference. For example, to take the clipboard from an X11 app, and put it into the main selection buffer, you can do

$ xclip -o -selection clip | xclip -i

To put a portion of  a file into both the clipboard and the primary selection:

$ head -10 /etc/group | tee >(xclip) >(xclip -sel clip) > /dev/null

You can obviously make some convenience macros around this, or simple shell scripts.

Hacking: 

sharethis.com and web site performance

I started using the sharethis.com service a while ago. And, as much as I think it's neat, it really (I mean, really!) makes the site slow down noticeably. For now, I have changed my Drupal modules to not show the sharethis.com buttons on the front page (or any "teaser") page. Instead, they have a prominent place when you view an individual article. This is a reasonable compromise I think.

Kindle Fire vs Apple iPad

I've had my Kindle Fire now for a few weeks, and as an Apple/ iOS fanboy, I have to admit I actually like it. However, I find myself liking it despite of Android, not thanks to it. Here's my initial thought on what is good, and bad with this device, in a heads-up comparison with the iPad.

Physical device

This is an easy winner to pick. the iPad is vastly superior in pretty much every category. However, it's also more than 2x as expensive. I have no idea why the Kindle is shipped with such small storage capacity, and what's worse, no SD storage slot! Again, what are they thinking, this is the "killer" feature of Android hardware, making them expandable. Alas, the Kindle Fire is not... However, I do like the size of the Kindle, it's extremely convenient, since it fits nicely into my cargo shorts front pocket. I can now carry a "book" with me no matter where I go. It is damn heavy though, and I honestly don't know why. This thing is a brick!

The touch screen on the Kindle Fire is much less accurate than the iPad. Perhaps it's a software issue (it got a bit better with the software update), perhaps it's the smaller size. But I find it really difficult to type on the Fire, much more so than on the iPad.

Winner: Apple iPad hands down.

Applications and app store

This is the easiest comparison, and it's pretty much a wash between the Android apps and the iOS apps. Pretty much everything that I need and is used to from my iOS experience exists in the Android / Kindle app stores. However, for reasons I can not understand, I'm not allowed to download Android apps from the Google Market app-store! Is this not supposed to be an open platform? At least let me download the apps that are free, for example, the Linux Journal reader. I know, I know, I can ask a friend with a registered Android phone to download the app for me, but again, wtf.

The Amazon app-store is pretty nice though, and I really do like that I can download the free apps without having to type in my password over and over again. I understand why the Apple store requires me to authenticate before purchasing apps, but why would it need to do that for free apps? Now, the Amazon app-store is too liberal here, and actually lets you, deliberate or accidentally, install expensive apps with little confirmation.

I've installed several apps from the Kindle app-store that works incredibly poorly on the Kindle. I've even almost been tricked into installing spy-ware already (although, I managed to avoid it thanks to the the reviews on the app. But Amazon, and I'm guessing Google, clearly have to do a much better job protecting consumers from this crap. There are certainly crappy iOS applications out there, and it saddens me to see that the closeness of iOS and the App Store actually seems to help. Please Google and Amazon, make this work in an open platform and market.

Winner: Apple Store, by a small margin thanks to it's much better screening of applications.

Internet device

The Kindle fire works fairly well for web browsing, and various other network and "web" type applications. For its small size, it's quite nice. There's one big caveat here: the email client is a complete disaster, and a joke. It's hard to read and navigate the mail boxes I have (I use IMAP), and it's impossible (as far as I can tell) to make in-line comments in replies. All it supports is top-posting... I know I can (and probably should) install a better client, but come on Amazon, you clearly can do much better than this.

I don't have much experience with the "cloud" integration with the Kindle, other than it does seem to work. With the iPad though, the new iCloud stuff works great, and I'm quite happily synchronizing between all my iOS and OSX apps without any problems.

Winner: By far, the Apple iPad.

Reader device

This is where the Fire excels, the Kindle application (which does work nicely on the iPad) is obviously great on the Kindle Fire. I love reading on this thing! That combined with the small size makes it the perfect reader. The iPad has no serious flaws in this regards, with its Amazon Kindle app, and the iTunes reader. But, it's not by any means as convenient as the Fire.

Winner: Kindle Fire.

Summary

So which device is the best? Well, overall, the iPad is a much better portable "tablet" device. But, if what you need is a Kindle reader, with some decent internet / Web applications, the Kindle is a good device. And, the Kindle has a very nice price tag, to say the least!

Hacking: 

Swap and UUID

I recently had to repartition a disk (using parted), to resize some partitions. This meant redoing the swap partition. In my /etc/fstab, all mounts are done via UUID's, including the swap. So, poking around a bit to figure out what the UUID is/was for my new swap partition, I did the following:

root@jake 272/0 # mkswap  /dev/sda4
Setting up swapspace version 1, size = 3894268 KiB
no label, UUID=7d0f43ed-85f9-4e05-be8f-42cf12104bad
root@jake 273/0 # blkid
/dev/sda2: UUID="7b0741cd-a19a-4111-a3fe-3ed4d74706ba" TYPE="ext4"
/dev/sda3: UUID="49fac9f3-3547-420f-afc0-88dfac70459f" TYPE="ext4"
/dev/sda4: UUID="7d0f43ed-85f9-4e05-be8f-42cf12104bad" TYPE="swap"

Then it's just a matter of using the new UUID for the swap partition (/dev/sda4) in /etc/fstab, e.g.

UUID=49fac9f3-3547-420f-afc0-88dfac70459f /                       ext4    defaults        1 1
UUID=7b0741cd-a19a-4111-a3fe-3ed4d74706ba /boot                   ext4    defaults        1 2
UUID=7d0f43ed-85f9-4e05-be8f-42cf12104bad swap                    swap    defaults        0 0
tmpfs                                     /mnt/tmpfs              tmpfs   size=192m,noatime 0 0

My desktop

Recently, I decided to simplify my office setup: Software, hardware, email folders, everything! As such, i decided to only keep my two MacBook's in the office, and move everything to the basement (for now). I also replaced the three 24" monitors with one 30" monster Dell. This is what the new setup looks like:

 

So what's here? The laptop to the right is a MacBook Pro, with 8GB and (soon) a 240GB SSD drive. This connects to the Dell 30" using a mini-DisplayPort to DisplayPort, running at 2560x1600 resolution. The laptop screen resolution is 1440x900. Next to this laptop is also my Chumby! This replaces all my old Linux desktop use, long term, I'm planning to build a combined file server and Virtual Machine server to have just one high power box running 24x7. I'm not there quite yet, but next hardware upgrade will be a monster box with lots of disk and lots of RAM and CPU.

The laptop to the left is a MacBook Air with 4GB RAM (sigh, Apple, why, why?) and 256GB SSD. This is my primary Go Daddy work laptop (thanks to my manager, who somehow managed to pull that through IT). This is also my main travel laptop at this point, it has everything I need, and it's lightweight, and fast!

The keyboard is a Gouldtouch "split keyboard", for Mac. Love it!

Missing emacs symlink on Fedora Core

I just finished installing Fedora Core 16 on a new router I'm planinng on installing up in our little cabin. Things went mostly well, except the symlink to Emacs was missing. The horror! The RPM was most certainly install, but no emacs in my path was to be found. Well, it turns out, for some reason (who knows why ...), the installer did not finish creating the Emacs symlink. It's quite possible it missed other links too, but Emacs was obviously the number one priority. Poking around a little, it was easy to restore life as we know it:

sudo alternatives --install /usr/bin/emacs emacs /usr/bin/emacs-23.3 10

Hacking: 

Pages

Subscribe to Ogre.com RSS