All posts by djlarsu

Forcing HTTPS with EC2 / ELB / WordPress

I recently moved this site to Amazon AWS EC2 (as an exercise, don’t read anything into it), and found the process to be straightforward, until I went to force HTTPS.  I first set the wordpress config site url to https://ryanne.tech, and was immediately stopped.

ERR_TOO_MANY_REDIRECTS This webpage has a redirect loop
ERR_TOO_MANY_REDIRECTS

Well, then.   Since I could no longer access the admin page, I forced the URL back to http in wp-config.php

define('WP_HOME','http://ryanne.tech/');
define('WP_SITEURL','http://ryanne.tech/');

Great, access to site restored, but no further towards the goal.

The problem turned out to be that since Elastic Load Balancer was doing the SSL termination and then proxying to the EC2 instance with HTTP, wordpress always considered itself to be serving HTTP.

Unfortunately, while this problem wasn’t uncommon, the solutions were spread among several different pages because of the different technologies in the mix.

In the end, here were my changes to wp-config.php:

define('WP_HOME','https://ryanne.tech/');
define('WP_SITEURL','https://ryanne.tech/');

And most importantly, to my Apache HTTPd config:

<IfModule mod_setenvif.c>
 SetEnvIf X-Forwarded-Proto "^https$" HTTPS
</IfModule>

RewriteEngine On
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}

The first stanza uses X-Forwarded-Proto that ELB sets to the original protocol, so the next stanza, and wordpress, can both determine if the original request was HTTPS.

The second stanza just forces HTTPS if the request is HTTP.  Note that it looks at the header; redirects that key off PORT would not work.

 

 

Secret store value

I’m on a project implementing Hashicorp’s Vault. The big value is coming from onboarding teams that are generating secrets for others, like certificate management and database ops. When they’re putting secrets into Vault, and other teams are consuming them,  rotation becomes cake. And cert renewal can be pushed from the management side without any extra operational steps.

Leadership as an IC

I’ve been putting together a talk about being a leader as an individual contributor. I have been put into management roles on occassion, or named a team lead, but regardless of role I approach a project the same way. I respect arriving at the best solution above almost everything else.

So many “leadership” principles can be distilled to just striving for good work. Listening to others, respecting opinions, valuing the truth. Being driven to do whatever is needed to get the job done. And when people around you know how important that is to you, it becomes important to them. I’ve never set out to be a leader, but when people see you focused on a goal, they’re willing to join you in where you’re going.

Coding vacation

I’ve been helping out another team at work for a few weeks, and getting back to writing all the code.  This week’s projects include adventures in python threading, openstack metadata, and proxying API calls after requesting JWT’s on behalf of the caller.   Super happy to get a chance to level up my python.

teaching 4th graders computer science

One of the many inspirations I came away from GHC with is to volunteer in my youngest’s 4th grade class and expose the kids to compsci.   That’s a big factor in getting girls interested in it as a major and career.  Luckily,  the teacher is science-focused, and the curriculum is science-lacking, so this works out well.

Here’s the lesson plan I’ve put together, with great great help from the hour of code project.

 

I think in 90 minutes, I can deliver an introduction to computer science, coding, loops, if statements, and relate it all to how 3D printing works.

Male Allies Panel at Grace Hopper

The Grace Hopper Celebration of Women in Computing is in Phoenix this year, and I’m fortunate to attend.  Women in technology are the minority, so coming together and seeing so many others like myself is a bit magical and comforting.

I work for Go Daddy (disclaimer: my opinions are mine, not theirs), which has had an awful history of misogynistic ads and public relations.  As our CEO said, when he interviewed he found that public image didn’t match the internal culture, and I agree.  Internally, I think we’re a supportive environment that values diversity.  We don’t do everything right (yet), but top down its clear that we’re on the right track.

I’ve been trying to understand the hateful comments towards the male allies panel at Grace Hopper yesterday, much of it directed towards Go Daddy.  Certainly,  I empathize with frustration towards Go Daddy’s actions in the past and image still haunted by them.  The outrage seems to come in a couple forms.

1. Why are there men in this women’s conference?

2. Go Daddy is a bunch of pigs.

 

Supporting women in tech isn’t a women’s issue.  It’s a tech issue, and tech has guys too.  It frustrates me to the highest level to see minorities like women in tech being exclusionary.  The point of GHC isn’t to be a women’s only clubhouse, it’s to advance women in computing.  That we have a panel with C levels from big tech companies who all want to fix the problem is wonderful, and helpful.  Tearing them down by making misogynistic buzzword bingo cards isn’t.