Top Nav

Archive | Cloud

WordFence / CloudFront – Automatically Update Trusted Proxies

If you are using WordPress with CloudFront and WordFence then some extra configuration is required. WordFence does blocking based on IP address but it will fail to determine the correct IP address when you have CloudFront and an Elastic Load Balancer in front of the site. The work around is to setup a cronjob that updates the list of trusted proxies in WordFence.

  1. Login to WordPress admin and to to WordFence -> All Options. Under “How does Wordfence get IPs” select “Use the X-Forwarded-For HTTP header”.  Click “Save Changes”
  2. Add a cronjob using the script shown below to update the list of trusted proxies.

Here’s a simple script for the cronjob:

 

 

 

0

Downloading RackSpace CloudFiles Container with Swiftly

Swiftly is a handy utility for managed RackSpace CloudFiles containers from the Linux command line. You can easily download an entire container with a simple command line. Here’s the project page on Github:

https://github.com/gholt/swiftly

And here’s the documentation:

http://gholt.github.io/swiftly/

Installation through a package manager is as follows:

Ubuntu

  1. Update the apt-get database.
  2. Install the Python installer, pip, using apt-get.
  3. Install Swiftly using pip.

CentOS

  1. Install the Python installer, pip, using yum.
  2. Install swiftly using pip.

After installation you can start transferring files. Here’s an example:

The entire [container] will be downloaded to [destfolder].

Check the Swiftly documentation for a wide range of options. You can select with precision which files to download.

0

AWS Resize Partition

After expanding the size of an EBS volume on an AWS EC2 instance, you’ll need to expand the partition and the filesystem. Here are the steps:

  1. Confirm available storage with “lsblk” command.
  2. Expand the partition with “growpart” command like “growpart /dev/xvdi 1”. Of course you’ll need to change the device name to match your system. The partition number on the end will be “1” if there is only one partition on the device or can be changed to select a different partition. “growpart” is in the “cloud-guest-utils” package if it’s now already installed. Note that if you have a large  (> 2TB) partition) created with parted then “growpart” may not work. Instead use the “resize” command in “parted”.
  3. Confirm new partition size with “lsblk” command.
  4. If using LVM then expand the physical and logical volumes:
    1. Reread partitions with “partprobe”
    2. Resize physical volume with “pvresize /dev/xvdi1”
    3. Expand logical volume with “lvextend -l +100%FREE /dev/vg_data2/lv_data2”
  5. Resize the filesystem to fill the expanded partition. Command will depend on the filesystem type:
    • ext2/3/4 – “resize2fs /dev/xvdi1”
    • xfs – “xfs_growfs /dev/vg_data2/lv_data2”

Now you should have the expanded storage available for use.

Here’s the man pages for these commands:

https://www.systutorials.com/docs/linux/man/8-lsblk/

https://www.systutorials.com/docs/linux/man/1-growpart/

https://linux.die.net/man/8/resize2fs

https://linux.die.net/man/8/partprobe

https://www.systutorials.com/docs/linux/man/8-pvresize/

https://www.systutorials.com/docs/linux/man/8-lvextend/

https://www.systutorials.com/docs/linux/man/8-xfs_growfs/

 

0

AWS ELB Subnet Selection

If you have an AWS VPC with public and private subnets, it’s important to remember to select the public subnets when creating an Elastic Load Balancer. When the public subnets are chosen, replies from instances behind the load balancer are returned through the load balancer. If you instead select the private subnets then reply traffic is routed via the routing table for the private subnet. This results in asymmetric routing which can create a range of problems.

0

Fixing CORS Issues With RackSpace Cloud Files CDN, W3 Total Cache and WordPress

A resource makes a cross-origin HTTP request when it requests a resource from a different domain than the one from which it was served.  For example, an HTML page served from http://acme.com makes an <img> src request for http://mydomain.com/image.jpg. Many pages on the web today load resources like CSS stylesheets, images and scripts from separate domains.

For security reasons, browsers restrict cross-origin HTTP requests initiated from within scripts. For example, XMLHttpRequest follows the same-origin policy. So, a web application using XMLHttpRequest could only make HTTP requests to its own domain. The solution to allowing cross-origin requets is the new Cross-Origin Resource Sharing (CORS) mechanism.

If http://acme.com makes a scripted request for http://mydomain.com/image.jpg then the server hosting mydomain.com must include an “Access-Control-Allow-Origin” header. This header signals to the browser that it is ok to use the resource. The value of the header can be “*” which allows requests from all domains or it can be the name of an individual domain like “acme.com”.

If you’re using WordPress with the W3 Total Cache plugin to host static content on RackSpace Cloud Files, then you may need to add the Access-Control-Allow-Origin header to the object in Cloud Files. Let’s take an example … maybe your theme use a font at:

wp-content/themes/mytheme/fonts/myfont.woff

After you’ve activated the CDN features in W3TC, you may notice that myfont.woff is not loading and you’ll see an error in the console log in your browser indicating the cross-origin problem. The solution is to:

a. Login to mycloud.rackspace.com

b. Go to Storage -> Cloud Files and drill down to the file in question

c. Click the gear icon next to the files and select “Headers”

d. Add the “Access-Control-Allow-Origin” header with a value of “*”.

e. Wait a little while for the change to propagate.

Now your font should load without problems.

 

0