Marcos Placona Blog

Programming, technology and the taming of the web.

Category: Technology (page 1 of 8)

All of the general techie / technology talk that will not fit on any of the other specific categories

How to secure Apache with Let’s Encrypt and CloudFlare on Centos

Reading time: 4 – 7 minutes

I took it upon myself to converting a couple of my domains to use Let’s Encrypt in order to offer a secure connection to them. If you haven’t heard about Let’s Encrypt by now you’ have probably been living under a rock. If that’s the case though, have a read at this page and you’ll get up to speed with it.

Their getting started page describes the entire process of installation, but that didn’t really resonate with me. Upon some googling I found a great Digital Ocean article which made a lot more sense to me. That is an absolutely fine tutorial if you’re not using CloudFlare. If you came to this article from a Google search though, chances are you’re also using CloudFlare and are having issues like some of the following:

  • Failed authorization procedure
  • The following ‘urn:acme:error:unauthorized’ errors were reported by the server
  • urn:acme:error:unauthorized :: The client lacks sufficient authorization ::

Hopefully this article will show you how to get that nice green padlock showing on your website. Props to the article on Cloudflare’s support page that took me halfway the process.

Install the dependencies

I usually SSH to my server to get these things done, but this step may vary if you access your server differently.

On your terminal start by installing EPEL (Extra Packages for Enterprise Linux) repository:

Then install GIT. We will use it to get the latest version of the Let’s Encrypt Client.

Download and install Let’s Encrypt Client

Start off by cloning the repository and then saving it to /opt/letsencrypt. Feel free to save it elsewhere but /opt is a good location for third party packages.

Generate a new SSL certificate

This is where we go differently from the Digital Ocean article as we will generate our SSL certificate using the webroot option.

We’ve used the following flags for this setup.

  • –webroot-path is the directory on your server where your site is located. This is not your webserver’s root directory but your website’s
  • –renew-by-default selects renewal by default when domains are a superset of a previously attained cert
  • –email is the email used for registration and recovery contact.
  • –text displays text output
  • –agree-tos agrees to Let’s Encrypt’s Subscriber Agreement
  • -d specifies hostnames to add to the SAN. You can specify as many domains and subdomains as you need here as shown above

After you run that you should get a message saying your certificate chain has been saved.


Apparently I also need to read about upgrading Python on Centos without breaking everything

Setting up the SSL certificate with Apache

With your certificate created it’s time to tell Apache that you want it to use that. On terminal run:

And you should get a screen that looks like this:


Apache still doesn’t know about this new certificate but we’re about to change that by selecting option 1 and on the subsequent screen choosing whether we want to make HTTP required or optional. I chose Secure here as I want all of my requests to be redirected to HTTPS.

You should then end up with a confirmation screen that tells you to check that your certificates are correctly installed. This procedure will have modified your httpd.conf file to add redirects so all requests that are non HTTPS are now redirected to be HTTPS.


Go ahead and hit those URL’s and you should see that they both get a grade A pass.


Updating Cloudflare

We need to tell CloudFlare that we now have an SSL certificate and want the communication to our website to use it. On CloudFlare’s dashboard for your chosen website choose Crypto and under SSL choose Full (Strict). You will probably want to use Flexible here if during the previous step you chose HTTPS to be optional.


At this point you should be done and your website should be showing a nice green padlock on the URL bar.


You’re using WordPress. In this case you will also want to update it so the URL is always HTTPS. You can do that by going into WordPress Admin, and then navigating to Settings > General.


And that will make sure every image and every URL on your WordPress site is served via HTTPS.

I’m joining Twilio

Reading time: 2 – 2 minutes

So the time has come for me to move on and accept a new challenge. As of the October 20th,  I’ll be joining Twilio as a Developer Evangelist.

Twilio has been no stranger to me for quite a while now,  and when I saw an open position in their devangelism team,  I wasted no time and applied for it.

The whole process took a bit of time, but both Twilio and I were quite keen to make sure we would be a good fit for each other.

I had a number of telephone interviews,  and then flew over to Twilio HQ 3.0 for the final round of interviews. The process was quite thrilling,  and I got so excited about it, this was the only company I actually applied for. Halfway the interview process, and after having met and spoken to some of the most clever people I have ever spoken with, I knew I wanted nothing but to work  with them.

I am supper excited with the prospect of not only writing  lot of code and working with some amazingly clever people, but also helping other developers writing some kick a$$ code in conferences, meetups, hackatons, stackoverflow…. or the pub.

Also, I will loudly and proudly wear my Twilio jacket to make sure people know they can approach me to have a chat about any Twilio integration, development in general, or life if they fancy it.

Here’s an example of what I will be doing.

So keep tuned, and get in touch!

Varnish with Apache and WordPress on Centos

Reading time: 12 – 20 minutes

Varnish Cache

Varnish is wicked! It works on your webserver as a reverse proxy to cache HTTP requests. According to their website:

Varnish Cache is really, really fast. It typically speeds up delivery with a factor of 300 – 1000x, depending on your architecture

I have only just installed it on this very website, and have already seen an improvement of about 500 times without actually having to do much. I spent about 2 hours to configure it all, but could probably attribute 1 hour to this to dumbness on my side while trying to get it all configured.

I have now come up with a configuration that works perfectly (so far) on this website, and have used a mix and match of resources such as this and this. They are both great, but I found that they didn’t particularly cater for what I was looking for as I have very particular needs.

In my VPS, I have a few domains running, but only really wanted to have this website cached, since the other domains either get their content updated too often, or get too few hits to actually justify caching.

I also didn’t want to cache any of my sub-domains, as most of them are actually running on the cloud and being proxied by Apache via mod_rewrite. It turns out those didn’t really wanna play when the HTTP requests were cached, and because they are mostly dynamic applications, I didn’t think it was worth spending time and energy configuring them to get the cache purged.

Installing Varnish

Start by making sure you have all the necessary stuff to install it. You will have to do this in your terminal either by logging in to your server or SSH’ing to it.

We now install Varnish. At the moment, the latest stable version of Varnish is 3.0.4, and I’m currently only interested in stable versions, but because I want this post to be timeless, I will give you the Installation on RedHat link which will always give you latest version.

Grab the link that corresponds to your Centos version (5 or 6) and paste it in your terminal

Now all that is left to install Varnish is to run

sudo yum install varnish

We want Varnish to run every time we restart our server, and we want it to run automatically, so let’s add it in

chkconfig --level 345 varnish on

Being able to listen to connections

You are probably running your website through port 80 (which is the most often used port by HTTP). that is fine, and you obviously already have it running fine. But because we will be running Varnish before our webserver, we will also need to use another port, which means we need to make sure that port also accepts TCP connections. We will be using port 8080 here, which is fine if you’re not running tomcat (it normally defaults to this port), but you can use any other port you want really, as long as it’s not already in use by anything else. We will end up with the following architecture:

Varnish + Apache

To be able to use this port, we need to make sure our firewall actually allows that port to receive HTTP connections. luckily I have already written an article about this, so give it a read to understand a little better why we’re doing this. a tl;dr version of it would be as such:

sudo vim /etc/sysconfig/iptables

Find where port 80 is being opened, and add a new line under it with the following:

-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT

Restart iptables

sudo service iptables restart

Configuring Varnish

Once you have installed Varnish, it will create a file under /etc/sysconfig/varnish. This file contains 4 alternatives of pre-configured settings for Varnish. It’s very good to get you going, but you will probably find there will be things you’re going to want to change. I have used “Alternative 2” as I found it to be the one that suits me the most. Feel free to read through all the other alternatives though, and choose the one that takes your fancy. Make sure you comment the other alternatives out so you end up with only one.

One thing you should definitely do, is set how much memory you will allow Varnish to take up. Depending on how much memory you have on your server, you will want to configure it accordingly.

Varnish Options

I have configured mine as follows:

DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-u varnish -g varnish \
-S /etc/varnish/secret \
-s file,/var/lib/varnish/varnish_storage.bin,256m"

On the first line, I’m telling Varnish to listen to port 80, and on the last line I’m specifying how much memory I want Varnish to take up. 256mb is quite a lot to be honest, but you can allow more in case you have some to spare.

The VCL Configuration

Put it this way… you configure your websites here, so you will want to pay some attention to this file. Getting it wrong will give you a lot of grief, and likely to take your website down for a few minutes until you get whatever you got wrong right. The configuration you will see here is my suggested configuration, and again, is an amalgam of a few configurations I found plus a few extra things I wanted to add myself.

backend default {
.host = "";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 800;
sub vcl_recv {
# all domains in here will return a "pass" which means they won't be cached
if ( ~ "(www\.)?(||") {
return (pass);
# all sub-domains listed here will also return a pass, so no caching either
else if( ~ "(ads|cfaday|cffunctionaday|cftagaday|wallpapers|examples|coinconverter|langithub|top40)(\"){
return (pass);
# now this is cached
else if( == ""){
set req.backend = default;
else {
set req.backend = default;
remove req.http.X-Forwarded-For;
set req.http.X-Forwarded-For = client.ip;
set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(_[_a-z]+|has_js)=[^;]*", "");
set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");
if( req.url ~ "^/wp-(login|admin)" || req.http.Cookie ~ "wordpress_logged_in_" ){
return (pass);
if (req.request == "PURGE") {
return (lookup);
if (req.url ~ "^/phpmyadmin") {
return (pass);
if( req.url ~ "\?s=" ){
return (pass);
if ( req.request == "POST" || req.http.Authorization ) {
return (pass);
unset req.http.Cookie;
return (lookup);
# accept purges from w3tc and varnish http purge
sub vcl_hit {
if (req.request == "PURGE") { purge; }
return (deliver);
# accept purges from w3tc and varnish http purge
sub vcl_miss {
if (req.request == "PURGE") { purge; }
return (fetch);
sub vcl_fetch {
# allow phpmyadmin
if (req.url ~ "^/phpmyadmin") {
return (hit_for_pass);
# remove some headers we never want to see
unset beresp.http.Server;
unset beresp.http.X-Powered-By;
# only allow cookies to be set if we're in admin area - i.e. commenters stay logged out
if( beresp.http.Set-Cookie && req.url !~ "^/wp-(login|admin)" ){
unset beresp.http.Set-Cookie;
# don't cache response to posted requests or those with basic auth
if ( req.request == "POST" || req.http.Authorization ) {
return (hit_for_pass);
# only cache status ok
if ( beresp.status != 200 ) {
return (hit_for_pass);
# don't cache search results
if( req.url ~ "\?s=" ){
return (hit_for_pass);
# else ok to cache the response
set beresp.ttl = 24h;
return (deliver);
sub vcl_deliver {
# add debugging headers, so we can see what's cached
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT";
else {
set resp.http.X-Cache = "MISS";
# remove some headers added by varnish
unset resp.http.Via;
unset resp.http.X-Varnish;
remove resp.http.Age;
remove resp.http.X-Powered-By;
remove resp.http.X-CF-Powered-By;
sub vcl_hash {
hash_data( req.url );
# ensure separate cache for mobile clients (WPTouch workaround)
if( req.http.User-Agent ~ "(iPod|iPhone|incognito|webmate|dream|CUPCAKE|WebOS|blackberry9\d\d\d)" ){
return (hash);

A few important things here happen in the very beginning of the file. I will repeat it down here to be able to explain it better:

backend default {
.host = "";
.port = "8080";
.connect_timeout = 600s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 800;

We are telling Varnish our host IP address is localhost, so it should proxy requests to it, and am also telling it to proxy them through port 8080. If you have chosen a different port, this is where you should change it to that port.

On sub vcl_recv we then specify which domains we don’t want to cache by returning “pass”. This according to the documentation defines:

When you return pass the request and subsequent response will be passed to and from the backend server. It won’t be cached. pass can be returned from vcl_recv

# all domains in here will return a "pass" which means they won't be cached
if ( ~ "(www\.)?(||") {
return (pass);
# all sub-domains listed here will also return a pass, so no caching either
else if( ~ "(ads|cfaday|cffunctionaday|cftagaday|wallpapers|examples|coinconverter|langithub|top40)(\"){
return (pass);

So we are skipping Varnish here and doing our own thing, which in this case is exactly what we want to do.

We then move on by telling Varnish what we actually want to cache

# now this is cached
else if( == ""){
set req.backend = default;

Bonus Varnish trick

Great, if you have made all your changes, but somehow messed up, Varnish is likely to not even start, but if it does, it will cause you a lot of heartache, so what you should do, is check that your configuration is correct. you can do so by running:

varnishd -C -f /etc/varnish/default.vcl

And if everything is OK, you should see that your configuration got compiled correctly and nothing like “Running VCC-compiler failed, exit 1” was returned. If it does, you will then need to go back to your file and edit it. The compiler is pretty OK though and will tell you in which line the error happened.

Configuring Apache

If you’re still with me, you’re just a few moments away from being pretty pleased with your new setup, but bear with me for another moment as we still need to make a couple of changes in Apache.

Remember back in the last image where we discussed Apache would now listen to port 8080? Well there we go, it’s time to change this.

Let’s open our Apache configuration file by running the following:

sudo vim /etc/httpd/conf/httpd.conf

We will then change

To be

This is now effectively telling Apache to listen to port 8080, which in our case is the port Varnish will be communicating with.

Configuring Virtual Hosts

This step can be considered optional, as not everyone uses virtual hosts. I use quite a few of them, so in my case, I had to go to each and every virtual host and also modify them to listen to port 8080 as opposed to 80. You would do this as follows:

<VirtualHost *:8080>
DocumentRoot /var/www/awesome

Bonus Apache trick

Wanna check your Apache configurations are all working before you go on restarting it? Just run:

/usr/sbin/httpd -t

If you get “Syntax OK” you’re laughing!

Guess what?

Your website is just about to be faster than about 70% of the web. which is absolutely incredible if you consider the amount of time we spent together getting this done.

But we need to turn it on…

sudo service varnish start
sudo service httpd restart

 Bonus browser trick

Check that your content is really being cached by opening an incognito window (or private browsing if you’re in Firefox) and press the F12. this should show your developer toolbar (or firebug).

Now click on the Network tab (or Net tab) and expand the first GET request (this should be the same as the URL of your website). Also pay attention to how long this item took to complete.

Look in request headers, and if this is the first request to that page you should see something like:

HTTP/1.1 200 OK
Vary: Accept-Encoding,Cookie
Content-Encoding: gzip
Expires: Thu, 15 Apr 2015 20:00:00 GMT
Content-Type: text/html; charset=UTF-8
Content-Length: 14529
Accept-Ranges: bytes
Date: Wed, 23 Apr 2014 08:17:33 GMT
Connection: keep-alive
X-Cache: MISS

If you’re seeing this, it means your cache is actually working, but because you’re the first one to hit this page, you’ve got a cache miss, which basically means Varnish still didn’t have that entry cached.

If you refresh the page, you should see two things here:

  1. Your page load is now much faster
  2. X-Cache now says HIT

Because you’re now caching your request, your page loads will be much faster in general. Obviously this won’t account for page loads on external resources, but you can use other methods to cache those resources (see my CDN post here).

Every subsequent request you make to that page will also come from cache. The more hits you get in different pages, the best results your users will get. Spiders also work in your favour here as by hitting pages, they are also warming up your cache for you.

But… IP’s…

That’s right, you have now noticed every new comment you get on your blog is coming from Remember when we changed Apache to only listen to Varnish? We have also made every single request internal, which means everything now comes from localhost. There is a very simple plugin to correct this, which will resolve this by using the variable X-Forwarded-For to get the correct user’s IP. You can check it out here.

Final thoughts

I am super happy with Varnish installed on my server, I have already seen a real benefit on my server’s performance, and the CPU is pretty much always running at about 25%, which is really good considering my traffic. Memory is always running slightly above it would have been before, but that is mainly because I’m now effectively using it, instead of just throwing stuff at it and leaving it to be disposed.

I have also installed a plugin called Varnish HTTP Purge, which manages my cache, and clears it every time I post a new entry. it also allows me to purge my cache manually, or control some other things such as which kind of requests to cache. you can find it here.

Make sure you benchmark your requests and report back on how much of improvement Varnish has made into your webserver.

A first look at Dart

Reading time: 7 – 11 minutes

A few weeks ago, I went to a Google sponsored event called Dart Flight School. The aim is to promote the language by doing a road trip and presenting use-cases and samples. The presentations were brief, and mainly focused on discussing the language’s functionalities, and its seamless integration with AngularJS (also maintained by Google)

I had a chance to look at Dart before, and was interested in finding out more things about it. Turns out the language (and platform) are pretty slick, and the development tool-set is pretty complete. The IDE is pretty good (and free), and their package management system is pretty similar to NPM’s in NodeJS.

Dart is also very (very, very) fast, and is in fact faster than V8 (VM used by NodeJS). A performance comparison can be seen below.

Dart vs V8 Engine

Data gathered from

It comes bundled with an out of the box converter to JS, which means you can write your entire application in Dart, and then convert it to JavaScript. I must say I was initially sceptical about this conversion, but upon looking on the performance page, it seems even after conversion, JS generated by dart still manages to be faster than V8 (purple line above). The JS converter is a Dart application written in Dart, which means you could then convert it to a JS application using itself…. bewildering eh?


From a language point of view, dart seemed to be very readable, and compliant with contemporary languages such as Java and C#. It is a class based language that allows you to fully use object orientation, and has some very nifty functionalities embedded in it, where you can for example define a method using shorthand syntax as such:

Data Structures

Its core library also provides you with Lists, Sets and Maps, which basically means no imports, as you get that straight out-of-the-box. So for example if you wanted to create a Map and iterate through it, you could simply do:

Unit Tests

A big part of writing great code lies with the ability to provide unit tests that will make sure your code remains awesome even after refactoring. With dart, you can as easily create unit tests by importing unittest

And obviously I could have just as easily grouped my tests in a single group to have them maybe organized in smaller units. I’ve also used shorthand syntax to define my tests here


Is supported by a library called Mirrors (enough said?). Though I feel I haven’t played with that enough to give you any better example than this.


According to Dart’s own website, a Future represents a means for getting a value sometime in the future. When a function that returns a Future is invoked, two things happen:

  1. The function queues up work to be done and returns an uncompleted Future object immediately.
  2. Later, when a value is available, the Future object completes with that value (or with an error).

Why would I use Futures instead of simply calling my expensive processes and waiting for them to complete?

I like to think that the people who read my blog know better than asking the question above, as it makes me feel fuzzy and warm. However if you thought of asking this question but were ashamed to actually do so, I will take you through it, and we will pretend this never happened.

It turns out, that if you do that, you will lock the thread until your application becomes responsive again, which can range from a few milliseconds to God forbid a few seconds. Meaning your users will stay put (or most likely leave) until you finish processing their request and show them some meaningful content. Think of it as “waiting ’till Friday is upon us”.

Seth Ladd gives a great example of the power a Future can have in your application

You can read more here.


Need I say anything? Need I?


In this day and age, you want to be able to work with a language that offers you integrated package management. I have worked with numerous languages in the past, and managing third party packages has always been the pain of my life. The first time I looked at Ruby, I immediately fell in love with its package management system. Granted some languages try to accommodate for this by adding capabilities to builders such as Gradle, Ant or Maven. But I digress….

Dart comes with a package manager called Pub, which means all you need is a yaml file inside your project where you can specify any libraries your project needs, as well as which version you would like to be locked to. that way, you only need to package your application with what it really needs, and all the external libraries will be downloaded on the time you deploy your project. This makes your application lean and easy to maintain.

A pubspec.yaml file would look something like:

Then run the following from terminal to download all dependencies:

Cool Factor

Dart is a cool language and very simple to pick up, but as with all the things in life (although you don’t always like to admit it), the known is always a lot simpler, and Dart strives to offer simplicity, which means if you have done any proper language in the past, you’ll be able to read and write Dart code with ease. Dart themselves state

“We did throw in some nice syntactic features such as this. constructor args and => for one-line functions, but we’d agree that Dart chooses familiarity over excitement”

Final Verdict

It’s very exciting to see such fresh language being supported and built by Google. In my opinion, the language offers everything the “cool kids platforms” offer and more. It also has capabilities that allow you to run Dart on the server side, client side and even natively on the browser. According to their documentation, the engineers behind Dart have an Android and Google App Engine integration on the back of their heads, and even though they say it’s not completely down to them, they mention on their FAQ’s you’d need to ask the team. But I’d say the fact they have thought of it is already half the battle won.

From a language perspective, I found nothing that would put me off writing code on it (and I’m pretty fussy about semantics). Instead I have found I genuinely enjoyed writing code in Dart, and was left with a nice after-taste after attending Dart Flight School. Even though I understand we had a much cut-down version of the even here in the UK.

From Here

New TeamCity agents the right way

Reading time: 2 – 2 minutes

TeamCity Logo

At work, I’m gradually moving our CI server from Hudson to TeamCity.

Nothing against Hudson really, but I feel that TeamCity is a much more robust CI Server when it comes to integrating with .Net. It allows you to publish artifacts from your builds, and has a killer integration between developers IDE’s and itself, which is amazingly helpful to help developrs make sure they’re not going to break the build… well before they break it.

But anyway, one thing that was slightly annoying me with TeamCity, is the fact that the build agents would often get disconnect, and all my builds would stay in a queue until I went and manually restarted the agents.

The “Build Agent Disconnected” quickly became very annoying, and by quickly looking up on Google, I found lots of people had the same issue, and while there were lots of responses or people claiming they found a solution to it, I never actually found anything of much use other than the screenshot this guy posted.

When you add build agents on TeamCity, you get the option of adding them as a windows service, or simply as an agent that runs with TeamCity. I had tried to add multiple build agents as windows services before, but for a very strange reason, I would always end up with only one agent no matter what I did. TeamCity’s documentation wasn’t much help to be honest, and I ended up figuring this out after a couple of hours of trial and error. So here’s how you do it properly.

Continue reading

Older posts