eric-o
Forum Replies Created
-
When will this be released as a regular wordpress update?
If I install this with githup, will the next update automatically install?
thanks,
EricForum: Plugins
In reply to: [Smart YouTube PRO] images on videos have no protocol, crashing outlookVladimir,
Thank you for the reply. I guess I’ll just patch the code with each version to address this as needed. Believe me, Microsoft drives me crazy with things like this. If it were very easy for you to point me to the relevant file in the bundle to patch to hardcode for http in feeds, I would be grateful. If I figure it out, I’ll post a response here.Thank you,
EricForum: Plugins
In reply to: [Broken Link Checker] Reset Compact view?Thank you so much….that was enough of a hint to help me figure out what was wrong. For anyone else that might encounter this, you need to see if that links-page.css is loading. In my case, it was not, due to an .htaccess file in wp-content/plugins/. I don’t know why that .htaccess file was there but it was forcing any thing with “links” in it’s title to be interpreted by php, which somehow didn’t break everything, only some things.
Just knowing which file to check was a big help. Thank you!!
-erico
Forum: Plugins
In reply to: [Broken Link Checker] Reset Compact view?The color coding is not working, and no, there are no icons there either.
I did try deleting the plugin and reinstalling it, but that seems to make no difference.
I turned off every plugin I could think of and to still run the site. The two that are essential are “WordPress HTTPS” and “social sharing toolkit”. I can try testing it without the latter later this week (it messes the whole site up to not have that plugin), but the https plugin is needed to reach the panel.
Would there be a reason that parts of the plugin code wouldn’t load under https?
thanks for your help!
EricI did end up figuring out a very nice solution, though it was not simple. It involved creating two separate plugins that I have not made public, but would be willing to share if you message me privately.
The essence of the approach I used was this:
1) I created a faceless always-on plugin that directed ssl traffic to one site and non-ssl traffic to a server pool. The basic framework of that plugin was from the stack exchange post I noted above: http://wordpress.stackexchange.com/questions/38902/use-a-different-domain-for-ssl
2) I created a second plugin to replace several commands in pluggable.php that deal with the login cookies as described in http://www.seriouslyproductions.com/512/securing-wordpress-admin-via-ssl-using-a-separate-admin-subdomain/
3) I created a set of rsync scripts to synchronize the important directories that need to be updated at a local level.
These things together allow one to separate out the admin and server functions of wordpress and run it successfully on several (virtual) machines. It is not for the fright-of-heart, but it is really nice to not have one’s admin panel exposed to the internet.
I am afraid I can’t do a step-by-step guide, but that should get you started. If you have experience writing plugins, I’d be happy to share my crude code for doing this if you had interest in making an official plugin.
cheers,
EricForum: Plugins
In reply to: [Root Relative URLs] Blacklist URLs not workingOk, this is ugly and hackerish, but it looks to me like the plugin tends to clobber external urls in scripts…it just strips off the URL path, and assumes that all paths to enqueued javascripts are internal.
Well, so, if you are willing to use the blacklist on the General settings page for both internal pages that shouldn’t be read and for external scripts, it seems to work fine to replace the proper_root_relative_url function in the plugin with one that blocks those scripts from being considered.
So here’s the code I used:
static function proper_root_relative_url($url) { //This method is used for urls that can be acceptably reformatted into root-relative urls without causing issues //related to other deficiencies in the wp core. // HACK : EWO added middle term to if statement below, changed return string on first clause. $url_parsed=@parse_url($url); $host_plus_path=$url_parsed['host'] . $url_parsed['path']; if (self::$massage) { //massage back to absolute because we're rendering a feed and the platform mixes url procurment methods between the delivery methods //despite offering _rss specific filters return $url; // return MP_WP_Root_Relative_URLS::dynamic_absolute_url($url); } elseif ( (string)stripos(get_option('emc2_blacklist_urls'), $host_plus_path ) !== "") { self::$massage = true; #error_log("url REJECTED" . $url ); return $url; } else { $url = @parse_url($url); if (!isset($url['path'])) $url['path'] = ''; return '/' . ltrim(@$url['path'], '/') . (isset($url['query']) ? "?" . $url['query'] : '') . (isset($url['fragment']) ? '#' . $url['fragment'] : ''); } }I know little about wordpress, so use this at your own risk!
The only drawback I now see to this plugin is that it totally doesn’t respect any sistemap generators that I can find. If someone knows a way around hit, please let me know!
cheers,
Eric
I think the technology discussion here is very interesting, thank you!
But I thought I’d just note here that the question of using a separate admin server is not impossible. I’ve so far managed to get it working pretty well. The short version is that I this trick outlined on stackexchange to get SSL onto a separate domain.
I then added an .htaccess rule to fix previews on the ssl box:
RewriteCond %{HTTP_HOST} ^public.domain.com$ [NC] RewriteCond %{QUERY_STRING} .*(/?preview=true.*) [OR] RewriteCond %{QUERY_STRING} (.*&preview=true.*) [NC] RewriteRule ^(.*)$ http://secure.domain.com/$1$2 [L,R=301]Both machines are pointing to the same database. You do need to disable cron on the slave machines so they don’t duplicate tasks.
I have yet to lock down the file system on the apache app server so that it is read only and copied over with rsync. But it is getting close to working. I’d be curious, still, if anyone had any warnings as to why this might be a bad idea or why this isn’t often done. It seems like a nice system…and hey, i can get into my panel even when things are pretty busy on the public site.
-eric
Forum: Plugins
In reply to: [Root Relative URLs] Blacklist URLs not workingi am having trouble figuring out how to add to the blacklist alltogether. I am not finding that a panel shows up to add this. How are you adding to the blacklist?
Pothi,
Thanks for your thoughts. Sigh, yes, part of the reason I am asking the question is because I would like to avoid putting another layer in front of everything. But basically what you are suggesting is to put nginx in front of varnish in order to accept and proxy the incoming SSL connections aimed at the underlying box. Do you have experience running nginx as a load balancer/proxy in front of varnish? And can it be done profitably on the same box? That’s a lot of layers, and starts to make me wonder if one just doesn’t get rid of varnish at that point, and use nginx in front of apache. I’d lose grace mode though, which is not desirable.
right now I have
user–> [varnish / apache app server /https ] —> mysql server
[ square brackets = all on the same box]I can’t tell if you are recommending
user—>[ nginx / varnish] —> apache app servers [1-x] —> mysql servers
or
user—> [nginx] —>[varnish] —>apache app servers [1-x] —> mysql servers
https user [nginx] —> apache app servers [1-x] —> mysql serversAs far as I know, one would not be required to use the second one of these, but I don’t know.
my idea was to not have to have apache server x have a public ip address that one could just https directly into, perhaps with a php directive that forced an https connection to override the wp_home / wp_siteurl settings in the mysql databases.
But it sounds like no one has ever tried that…and that’s probably because there’s some reason it won’t work.
Just to clarify, when you say use nginx here to separate out ssl from non-ssl traffic, you are just using nginx as a proxy server, right? Does wordpress have the ability to purge its cache in that situation? Or do you turn of caching in nginx and essentially use it instead of, say, haproxy?
So any thoughts about putting nginx and varnish on the same box? Or does nginx just end up caching varnish’s cache to disk and slow everything down?
best,
EricDear Pothi,
Thanks for your thoughts. To answer your questions: I am already using varnish. I will use hyperdb when it becomes necessary, but right now one database works just fine if set up with an memcached object cache. I do use php-fpm and xcache (instead of APC), although with Apache. Grace mode in varnish is indeed an awesome thing. I know a fair amount about server systems, but less about the design decisions that have gone into WordPress. I don’t believe in fighting against something that is just inimical to the design. So that is why i am asking philosophically as well as for practical advice.
I am a little intrigued in that regard by why you ask about “backend traffic via SSL”. Do you mean the mysql traffic? That is already done. I think you mean, however, putting the operations of the SSL website (i.e. port 443, and the admin panel) on a separate web server? In fact, that is what I am asking….can one put the wp-admin area on a separate server, or must one distribute the wp-admin file calls equally across all servers serving that website?
I have of course considered making varnish function as a loadbalancer/router/reverse proxy to push all the ssh traffic to a particular host. But the question was really one of considering whether there would be a way to get to that server consistently, via a dns name, even if that varnish server were down. Because of the way that wordpress handles rewrites, it would seem like every attempt to contact https://secure.blog.com is going to get rerouted to http://www.blog.com by the rewrite rules (not just the ones in .htaccess, but the ones in the wordpress rewrite framework). My question is whether there is a way of preventing that rewrite from happening—i.e. of allowing wordpress to modify a database which serves out http://www.blog.com while being accessed through https://secure.blog.com.
So I’m not only trying to *consider* that, I’m actually trying to do it! But is this something someone else has done?
Thanks again!
EricDo you think this is an “advanced” topic? Or does it belong somewhere else? I wasn’t sure which forum to post it in.
I’m happy to post it to another forum or write it up as a feature request. It seems like a pretty straightforward thing that would be very useful. Just being able to get into the panel when the outbound server is under heavy load has got to be an issue.
I do understand it’s a little bit like trying to move /wp-admin out of the path…but I’m willing to learn a fair amount about WP internals to make it work. At the very least I need to show I’ve tried.
thanks,
EricDear Esmi,
I feel like I’m not communicating my question clearly, and I apologize. I thank you sincerely for the help.
The performance issues I speak of are NOT database related, nor are they about the sheer number of hits per page. I’m trying to run a separate web site for the panel admin, rather than spread the panel admin work across a cluster of public servers.
The reason I say it’s not database related is because I’ve done extensive profiling on the site (both front end and back end), and we have everything in front of a reverse-proxy varnish cache and have the databases heavily cached.
The issues that I’m concerned about here are web server (PHP related), occurring whenever there is a cache miss and we must serve up dynamic pages. That costs CPU on the apache box, and slows down the use of the panel, even though most public users never see this slowdown because they are largely seeing cached pages.
It is for the sake of preserving Quality of Service for the writers and administrators of the site when the CPU for apache is busy running processes that I would like to move the admin panel functions to a different dns name.
The boss is willing to pay to have a *guarantee* that the administrative panel always is available and instantaneous. It is for this reason that I’d like the box providing the panel service to be on a separate instance of apache, with a separate IP address and DNS name. Also this would allow the site editing, panel administration, or upgrades to apache to be done while varnish served out old pages.
So has anyone successfully moved that administrative functions to a separate server?
Maybe there’s another practical way to ask the same question: has someone up a website at https://secure.blog.com that administers http://www.blog.com? And if so, were they successful in putting https://secure.blog.com on a separate physical server or virtual instance? Or is that simply *impossible* in the wordpress world? It seems like it would offer all sorts of good things, such as the ability to put one’s admin site on a VPN.
Thanks again,
Eric
Dear Esmi,
Thanks for your suggestion.
I am not using hyperdb right now, but probably will when switching to a load-balancing situation where I need to have multiple databases (largely for geographic diversity of data centers).
But I guess I’m missing how adding multiple database servers (which is hyperdb’s main function) would help with the problem of moving the admin functions to separate web server. I can see that hypderdb would allow one to make one DB a master for all writes, while all other DBs would be read only–and that is useful–but what I’m trying to do is duplicate (and separate out the functions) of the servers running apache. Or is there a function of hyperdb that I’m not seeing?
best,
EricThank you all for posting this. I had same problem…it worked again after reverting to 1.0. When I enabled debugging, i was seeing two strange things:
1) on the browser I had that had a valid login cookie, doing a refresh of the homepage caused it to load a random post, unrelated to the home page
2) on the browser I had that wasn’t logged in, a refresh did nothing that was reflected in the debugging log.
So back to 1.0 for now! Please tell me if i can be of further help.
-eric