DEV Community: Capripot

Use PHP CLI 7.3 on OVHcloud Performance hosting

Capripot — Tue, 21 Jul 2020 01:11:42 +0000

OVHcloud is the 3rd website hosting company worldwide, 1st in Europe. They have a good product called Performance Hosting which includes a direct SSH access to the shared server.

My goal was to use Ruckus Migrations on production the same way I do in my local development. Ruckus is a database migrations manager, it is inspired by the Rake database migration tools available with Ruby-on-Rails framework.

In today's version of the hosting, we can use PHP 7.3

/usr/local/php7.3/bin/php -v
# PHP 7.3.18 (cli) (built: May 20 2020 12:29:48) ( NTS )

Alias it to php7 and source .bashrc so our current terminal re-loads commands present in it.

echo "alias php7='/usr/local/php7.3/bin/php" >> .bashrc
source .bashrc

And we are good to go

php7 ruckus.php db:migrate ENV=production

My original solution

To use it, we need PHP 5.3 minimum. The default php command line on Performance Hosting was PHP 4. But actually, other versions of PHP are available. PHP 5.4.45 cli binary is available under the sweet name of php.ORIG.5_4.

If we try to use it directly, it will complain because it tries to use the php.ini configuration file used for PHP 4, so we should provide the 5.4 ini file. We can find it through the phpinfo() function.

So, after getting to know all these information, we are able to use PHP cli 5.4:

php.ORIG.5_4 -c /usr/local/lib/php.ini-2

But since we probably don’t want to memorize all of that to use PHP cli each time we need it, we should export it as an alias in our .bashrc file.

echo "alias php5='php.ORIG.5_4 -c /usr/local/lib/php.ini-2'" >> .bashrc

After re-sourcing our bash file

. .bashrc

We can now execute our scripts with PHP cli 5.4

php5 ruckus.php db:migrate ENV=production

Originally published on September 23, 2014
Photo by OVHcloud

SSL for Rails with Heroku and Let’s encrypt

Capripot — Tue, 21 Jul 2020 00:40:52 +0000

SSL certificates have been finally made common thanks to Let’s encrypt.

Since I originally wrote this article, Heroku released Automated Certificate Management (ACM) which should be the preferred way to do this task. But for the sake of brain exercising, here is the original article.

Let’s see how we can configure a Rails app hosted on Heroku with a Let’s encrypt generated certificate. The second part can be applied to any certificate.

Replace example.com with your actual domain 😉

Create the page to verify your domain

At this step, I assume you already have an up and running Rails application on Heroku.

You need to add the page to serve the private key given by Let’s encrypt to validate the ownership of your domain.

Create a controller or use one you have already with the following public method:

def letsencrypt
  render text: "#{params[:id]}.#{ENV['LETS_ENCRYPT_KEY']}"
end

In your config/routes.rb file, add a route to the page you just created.

get '/.well-known/acme-challenge/:id', to: "pages#letsencrypt", constraints: { id: /[a-z0-9_-]+/i }

Get Let’s encrypt certificate

We need to get Let’s encrypt binaries first. In a working directory:

git clone https://github.com/letsencrypt/letsencrypt

Then just go in the folder and use letsencrypt-auto binary. It’s in development, so you still need to use the --debug flag. Also, to protect your certificate, you need to run the binary as root user, with sudo for instance.

sudo ./letsencrypt-auto certonly -d your.domain  --debug

Set the environment variable LETS_ENCRYPT_KEY to match the private key given by Let’s encrypt binary, that the part given after the .. Here for instance, when you get prompted

Make sure your web server displays the following content at
http://your.domain/.well-known/acme-challenge/pA0ucRCnGPnG6S-0fVF93A_-0CQb_rSfeDOYvAXh8Ck before continuing:

pA0ucRCnGPnG6S-0fVF93A_-0CQb_rSfeDOYvAXh8Ck.Yq3zvhj7vmfBveGvR85p4nwlOBtf7gip40sSrif__Rr

the private key is Yq3zvhj7vmfBveGvR85p4nwlOBtf7gip40sSrif__Rr. In a second terminal, in your Rails app folder, do the following:

heroku config:set LETS_ENCRYPT_KEY=Yq3zvhj7vmfBveGvR85p4nwlOBtf7gip40sSrif__Rr

You can then continue with the Let’s encrypt process by pressing ENTER.

Now the binary is requesting a certificate via letsencrypt.com and the Authority is checking that your domain is yours by accessing via http protocol, the page http://your.domain/.well-known/acme-challenge/pA0ucRCnGPnG6S-0fVF93A_-0CQb_rSfeDOYvAXh8Ck.

You should get a Congratulations message.

Configure Heroku

Assuming you already installed the Heroku CLI, add the ssl endpoint add-on:

heroku addons:create ssl:endpoint

Add your new fresh certificate to Heroku:

sudo heroku certs:add /etc/letsencrypt/live/your.domain/fullchain.pem /etc/letsencrypt/live/your.domain/privkey.pem

Learn more about SSL endpoints in Heroku doc.

Reconfigure your DNS

Ask Heroku what is the ssl endpoint your application got

heroku certs

You get a list like that:

Endpoint                  Common Name(s)  Expires               Trusted
------------------------  --------------  --------------------  -------
endpoint-0.herokussl.com  example.com     2016-01-01 00:00 UTC  True

Change now your DNS entry to

IN CNAME endpoint-0.herokussl.com.

Learn more about configuring your DNS in Heroku doc.

Test your configuration

After your new DNS entry got propagated, you should be able to access https://example.com with a valid secured connection.

If you want to test it before, you can access directly https://endpoint-0.herokussl.com and check the certificate being properly served.

🍻 Peace!

Originally published on February 24, 2016

Photo by Jason Blackeye on Unsplash

Hello world

Capripot — Mon, 20 Jul 2020 23:59:17 +0000

Hello and welcome to my blog again. I have a bunch of articles I wanted to publish for a while, but work being work, and life being life, I never took the time to do so.

Time is of course not something we can create, we need to choose what to do with it. And I finally am choosing to write.

So what's the plan? I'm restarting with a couple of refreshed old blog posts. And then I will start a live code series.

Thanks for reading! ❤️