Quick programming tip for servers behind load balancers

Oct 28 2011

If you’re using PHP and wanting to check to make sure the incoming connections came over HTTPS, you are probably using the $_SERVER['HTTPS'] variable.

The problem is, if your servers are behind a load balancer which handles SSL encryption for you, this method of checking won’t work.  Fortunately, there are other headers added by the load balancer you can use to detect SSL.  They are the X-Forwarded-* headers.

For example:
$headers["X-Forwarded-For"] == 123.45.67.89 (because $_SERVER['REMOTE_ADDR'] is going to give you the load balancer’s IP address)
$headers["X-Forwarded-Port"] == 443
$headers["X-Forwarded-Proto"] == https

These headers should work with all loadbalancers, including Amazon’s ELB on EC2.

 

No responses yet

Server maintenance tonight

Feb 25 2011

I’ll be performing maintenance on servers Tonight (Feb. 25) between 10pm and midnight (Mountain Time.)  Many servers will require a reboot due to an OpenSSL kernel update.  Other updates will be applied, but more detail on the OpenSSL vulnerability can be found here.

The maximum expected downtime for each server is only a few minutes. Please email me if you have concerns or questions.

No responses yet

Server maintenance tomorrow

Feb 03 2011

I’ll be performing maintenance on servers this Friday night (Feb. 4) between 10pm and midnight (Mountain Time.)  Many servers will require a reboot due to a kernel update. The maximum expected downtime for each server is only a few minutes. Please email me if you have concerns or questions.

No responses yet

Get up and running quickly with Amazon SES on your php website

Jan 28 2011


Note: if you want to setup SES in a way that scales much better and functions even with non-PHP sites, please read this more recent HowTo: How to configure your Postfix server to relay email through Amazon Simple Email Service (SES)



Here’s how you can start using Amazon’s new SES (Simple Email Service) without having to actually implement it in the php of your website:

  • Extract the files and create a new one named “aws-credentials” with your key data in it; for example:

AWSAccessKeyId=022QF06E7MXBSH9DHM02
AWSSecretKey=kWcrlUX5JEDGM/LtmEENI/aVmYvHNif5zB+d9+ct

  • Verify an email address to use with SES

./ses-verify-email-address.pl -k ./aws-credentials -v someaddress@yourdomain.com

  • Check the email account for the address you’re verifying and click on the provided link.
  • Send a test email:

echo "This is only a test." | ./ses-send-email.pl -k ./aws-credentials -s "test subject for email" -f someaddress@yourdomain.com someaddress@yourdomain.com
(Note – Until you receive production access to Amazon SES, you can only send to addresses you have verified. You can request production access here.)

  • Edit the sendmail_path config in your php.ini as follows:

sendmail_path = /path/to/ses-send-email.pl -k /path/to/aws-credentials -f someaddress@yourdomain.com -r

  • Restart/reload Apache and that’s it!

(Additional notes – The “From” address you set in your php.ini file will override any mail headers you set in php.  Sending will fail if you try to set the “From” header to an unverified address or when setting the “Reply-To” header at all in php.)


                    	

16 responses so far

Facebook offers HTTPS option

Jan 26 2011

It took a bit longer than I expected, but Facebook now offers the option for HTTPS all of the time. You can read the full details here:

http://blog.facebook.com/blog.php?post=486790652130

Facebook has finally made the change, are you protecting your users?

No responses yet

« Newer posts Older posts »