Tagdokku

Running wordpress on HTTPS with dokku and let’s encrypt

An nice (unrelated) pic to start ūüôā

After dusk pic are pretty.

A post shared by Michele Mattioni (@mattions) on

So the big question… Is your site running HTTPS? If no, you should, if yes well done!

Prologue

This personal blog has been moved from wordpress.com into a personal hosting powered by dokku long time ago. While this has been proved to be pretty nice, I honestly think that wordpress has reached a maturity level, where you can just get away running the software on a PHP powered website (like an Apache with the PHP module or whatever), switch on the automatic updates, and be happy with that.

Basically, install once, and then forget about it.

So while doing the upgrade manually via git it’s not a big issue (here is the little README I wrote to remind myself of the procedure), you still have to do the upgrade once in a while.

All this was always feeling a bit as wasted effort, until I decided that I should have moved the site into HTTPS.

Getting these pesky HTTPS certificates

In few words: HTTPS encrypts the traffic that goes from your web browser to the server that handles the request; to perform the encryption a certificate, provided by the server, it is used. The legitimacy of the certificate is provided by a root certificate authority. While you could issue a certificate by yourself, which would be valid and be perfectly valid from a technical standpoint, your site would still be marked not secure. The catch is that Firefox/Chrome and the other web browsers do come with a list of “root authorities” that they recognise as legit. Therefore, your technically valid HTTPS certificate is not connected to any of this “root” authorities, and therefore not recognised by the web browsers.

For quite he only way to get a HTTPS was to buy one from a seller, who will be able to issue one, connected with their root authority. This usually was either for a certain domain, or a wildcard for all the sub-domains and it was costing around 20/30£ per year, depending on the seller. Note that the validity was usually for a year, therefor you had to manually get a new certificate, and do the reinstall, which usually meant run some commands, and then add it to nginx or apache to be able to serve from https.

So this process was pretty labour intensive, it was costly and most importantly, when the certificate was going to expire, the website was going to be “untrusted” the red bar with the broken lock in the address bar was showing up.

Let’s Encrypt to the rescue

Let’s encrypt¬†it’s a root certificate authority that is able to provide HTTPS certificate. Their goal is to make the internet safer and more secure, therefore they provide the HTTPS certificate for free. More over, while they do not charge for the certificate, they also provide a way to programatically get a certificate and renewed it, in a very easy and straightforward way.

What’s super nice, it’s that dokku¬†has a very nice plugin able to make all the process automatic for the user.

In my case, given that I have already wordpress deployed via dokku I just had to run the following command:

$ dokku config:set --no-restart myapp DOKKU_LETSENCRYPT_EMAIL=your@email.tld

This creates the certificate.

Then you have to encrypt your app. It’s just one more command:

dokku letsencrypt myapp

This one sets up the nginx configuration to re-directs the request to the https site for myapp.

It basically worked like a charm on the first go.

There is also the nifty command

$ dokku letsencrypt:cron-job --add

which will create a cronjob for dokku user to re-fetch and renew the HTTPS certificate in an automatic way.

Pretty neat, and now totally worth it to deploy the wordpress via dokku.

Upgrading dokku to 0.3.22: some gotchas

but than I write about it

but then I write about it

I’ve upgraded dokku to the latest master release, to make sure I was running the latest version.

The reason for the upgrade was that I wanted to install supervisord plugin, so when I have to reboot my server due to an upgrade, all my application will come back to life automatically.

After the upgrade of dokku, all my container where down, so I’ve launched the command to rebuild all of them:

dokku ps:rebuildall

Unfortunately this didn’t work as expected.

My web containers (running three apps: django/python, flask/python, wordpress/php) got deployed as expected, instead my databases did not come back to life.

The two plugins I am using to run my databases are: dokku-pg-plugin and dokku-md-plugin.

While both plugins do not offer a clear way to restart the databases containers, I think I found out a way that worked for me as a workaround. It’s different for each plugin.

For the mariadb you have to fake to re-create the database, which will use your old database container and just re-attach to it.

 
dokku mariadb:create <olddbname>

For the postgresql instead, you have to re-link the old database:

dokku postgresql:link <myapp> <mydb>

Each of this command should trigger an instant redeploy, and your application should be back online.

One thing to know: if you stop a command execution with a Control-C, you may leave your application in a blocked state. If you run a rebuild or any other command, you may found out saying “Error your application is locked”. To get rid of that go on your server and blow away the /home/dokku/app_name/.build.lock file.

Watch out: the name of the file and/or error could be different, I just recall from memory.

Handpicked wordpress plugins for your self-hosted wordpress blog

A nice pic of a boat on a lake. Not really relevant with the post

A nice pic of a boat on a lake. Not really relevant with the post, but still pleasing

Intro

With the recent move from wordpress.com to a self hosted wordpress.org blog, I had the possibilities to pick some plugins that really have helped me to set-up and make the blog a tad bit more customized and close to my needs.

I’m gonna list them here, with a small description so it may be handy for someone else that is researching the subject as well

The handpicked Plugins

  • Worpress Importer¬†This plugins lets you import your old wordpress.com blog in the new wordpress installation. Make sure you have `import everything` selected when you do the import, so all the images and attachments are happily downloaded and imported as well.You have to make sure you have increased the max upload file on you server, if you are importing a very big file. This is done changing you php configuration and the limit of max upload either in nginx or apache, depending what you are using. More info how to do this here.
  • Next plugin you want to get is JetPack from wordpress. This plugin has a lot of feautures that you can activate as you see fit. My favourite onese are: publicize (automatic sharing on G+, Facebook and Twitter), Moitor, that keeps an eye if your site goes offline and Photon, to serve images quicker from their CDN.
  • Spam is always a bad thing, and BruteProtect is a way to pretect yourself from it. You just activate it, and it is going to do is job.
  • Once you move to self-hosted blog, you have to manage also the backup for your site.
    A very handy plugin is UpdraftPlus – Backup/Restore, which gives you the ability to:

    1. Make automatic backup of your blog, including database, images, themes and plugins
    2. Upload you backup to a third party service, like for example DropBox
    3. Configure a schedule for your backup, with also a number of old backups you want to keep. My pick was 10 backups, with a weekly schedule.
    4. Restore your old backups with a single click.

    It’s very well designed and it works like a charm. Totally recommended

  • To make sure you write to the point, and keep your post interesting also for search engines, Worpress SEO¬†is a good candidate. Although the title parser looks only for one keyword, so there will be always a disagreement between the plugin and a sane title, it’s extremely handy to keep sitemap up to date and automatically signal google when a new post pop up. Handy tool.
  • Due to the amount of code I tend to post, a nice way to present it, with proper highlighting it’s useful to have. For this I’ve picked Enlighter – Customizable Syntax Highlighter, which does a very good work, comes with themes to nicely integrate with the current palette of your site.
  • Last but not least, the Disqus Comment System¬†is a nice and, according to me, superior way to enable comments on your post. It offers an import function to transfer all your old wordpress.com comments on the disqus system, and it’s pretty nice thing to have.

So there it is, some of the plugins I’m using on this website, which you may, or may not, find useful for your own site.

 

 

© 2018 Train of Thoughts

Theme by Anders NorénUp ↑

By continuing to use the site (scrolling or clicking counts), you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close