Archive for January, 2004

Changed background for the skin Jan 30 2004

Changed the background for the skin to another picture. So far I’m liking the big background pic w/ the text on top and translucent pngs. It would be cool to integrate a Gallery function to auto select a picture and “set as background” for the blog. Shouldn’t be too hard to implement.

Howto: iptables + SSL + Apache 2 Jan 30 2004

It took a bit of searching to finally figure out the right process for getting SSL running properly for Apache. I’ve used it before, of course, but hadn’t personally set it up myself yet.

Here is how to take a stock Red Hat 9 installation that has been updated with the latest patches and allow it to serve SSL pages:

  1. Ensure you have Apache running properly – you can tell if you can point your web browser on the server to http://localhost/ and you get the default web page
  2. Create your key and your certificateGoogle should get you going on this one.
  3. Edit ssl.conf – modify the configuration to point at your newly created key and certificate
  4. Open up port 443 in your firewall – this assumes you’re using a high level of security on your server (definitely recommended).
    # iptables -I RH-Lokkit-0-50-INPUT -p tcp --dport 443 -j ACCEPT
    (The -I adds the rule to the beginning of the chain of rules for the table RH-Lokkit-0-50-INPUT, the -p indicates protocol (tcp), the (important to be double dash) –dport indicates the destination port (443 being the default SSL port), the -j indicating jump to ACCEPT (as opposed to DROP or FORWARD). I’m glad to finally begin to understand the exact syntax of iptables, but it is not the easiest to grasp immediatly. 🙂
  5. Visit your site at https:// instead of http://. Now your communication with the web server will be encrypted. Note that if you’re using a self-signed certificate your browser will alert you to the fact that a trusted third party has not signed the certificate. Just click Accept and you should be good to go.

Next stop: .htaccess protection with a php authentication class beyond that. And then maybe we’re starting to have a decently secure framework for developing and deploying the application.

User connects through layers:
[SSL] -> [Digest Authentication] ->

Digest Authentication md5’s the password so it’s not sent accross in plain text.

So the user 1) negotiates a secure, encrypted session with the server, 2) must enter a valid server username and password (which is then sent after md5 over SSL) and 3) must enter valid username for application. This is security for the paranoid. For the specialists… 🙂

Finished reading the Manual today Jan 29 2004

Finished reading the Manual. Kind of interesting seeing how a document written a hundred years ago is still guiding and leading a movement.

Bug Stomping Jan 28 2004

It’s always gratifying to figure out a problem in an application and solve it. It would be very nice if IE supported .png files with transparency properly. Oh well.

To do for this install of WordPress Jan 28 2004

  • Add top navs, motto
  • Add in Gallery
  • See about integrating between Gallery and WordPress
  • Fix login box (disapears off top of screen in mac IE)
  • Request return of Preview funcitonality
  • Image upload default on simple post view

Thats all for now.

Screenshot of how this site should look in non IE browsers Jan 28 2004

Due to the problem that IE has with displaying transparent .pngs correctly, here is a screenshot of how this site should look in Mozilla, Firebird, Opera, Mac IE:

Site Screenshot

Time for bed.

Post number 2 Jan 28 2004

Working on entry for CSS competition. Man, the IE transparent png issue is just a bummer but it still looks ok, just not perfect. 🙁

mmmmm…. tasty giant background jpg graphics!

First Post Jan 28 2004

First post using fresh WordPress 1.0.1 install for the personal weblog.



sell diamonds