nginx/php single config for SSL and non-SSL connection

This morning I noticed I haven’t upgraded WordPress MU Domain Mapping plugin to the latest version. It supposedly brings better SSL support. And after upgrading I couldn’t log in to my mapped domain blogs (e.g. this blog). Wasn’t it a great way to start my morning?

After some digging, I found out the problem was because I don’t have one PHP(?) parameter – HTTPS – passed properly. It should set to True whenever one is using SSL connection otherwise there’s no way the PHP process can know if the connection is secure or not. Previous version of WPMUDM have a bug in which skips SSL check but in turn enables using HTTPS even without such parameter. Decided it’s my fault (I believe it would completely breaks phpMyAdmin), adding the parameter then I did.

But it’s not that simple: I’m using unified config for both my SSL and non-SSL connection’s PHP include. Splitting the config would make the duplication worse (it’s already relatively bad as it is) so that’s not an option. Using the evil if is also not a solution since it doesn’t support setting fastcgi_param inside it.

Then the solution hit me. The map module – a module specifically made for things like this and to avoid usage of if. I tested it and indeed worked as expected.

Here be the config:

...
http {
  ...
  map $scheme $fastcgi_https {
    https 1;
    default 0;
  }
  ...
  server {
    ...
    location ~ .php$ {
      ...
      fastcgi_param HTTPS $fastcgi_https;
    }
...

And WordPress MU Domain Mapping is now happy.

Update 2012-02-20: nginx version 1.1.11 and up now have $https variable. No need to have that map anymore.

Ore no Kanojo to Osananajimi ga Shuraba Sugiru chapter 8

Hello there. This manga has fucking long title. And the scanlator decided to skip on giving DDL after their previous attempts in using watermark. Inb4 they reinvent SecuROM.

Ripped from batoto with following command:

for i in {1..37}; do
 curl -O "$(curl http://www.batoto.net/read/_/76060/ore-no-kanojo-to-osananajimi-ga-shuraba-sugiru_ch8_by_japanzai/$i 
 | grep 'img src="http://img.batoto.com/comics/' 
 | sed -E 's/.*src="([^"]+)".*/1/')"
done

Whoopsie, as it turns out, the files are actually gif. Brb fixing them.

Here be fix:

for i in *.png; do mv $i ${i%%.*}.gif; done
for i in *.gif; do convert $i -flatten ${i%%.*}.png; rm $i; done

Links updated to fixed pack.

[ Fileserve | myconan.net ]

This pile of crap called OpenLDAP

In attempt to learn THE directory service called LDAP, I tried to setup OpenLDAP in Scientific Linux. The install went all right and slapd can be immediately started without much problem. Except that the config is one big mystery and there’s not even a rootpw defined by default. Being a complete newbie in LDAP thingy, I decided to build configuration and all from zero.

…except that it’s not actually trivial. Most examples/tutorials are for OpenLDAP prior to 2.4 which still uses slapd.conf which was obsoleted in favor of configuration in meta-format using LDAP’s ldif. Instead of one nice config, instead we have directories called cn=config etc inside slapd.d. Someone must’ve been into Linux too much (xxx.d – Linux users sure love “modularizing” their configs).

Anyway, the example in manual page of slapd-config doesn’t even work because the include syntax was wrong (should be file:///etc/… instead of /etc/…) and even after fixing that there still an error:

[root@charlotte openldap]# slapadd -F /etc/openldap/slapd.d -n 0 -l initman.ldif
str2entry: invalid value for attributeType olcSuffix #0 (syntax 1.3.6.1.4.1.1466.115.121.1.12)
slapadd: could not parse entry (line=626)
_#################### 100.00% eta   none elapsed            none fast!
Closing DB...
[root@charlotte openldap]# slaptest
slaptest: bad configuration file!

The example from the guide also gives exact same error.

In short, I kind of given up and tried to follow the “Quick Start” from the very same guide. Instead of using slapd.d format, it still uses slapd.conf format despite it being a guide for 2.4. Seems like following a pattern, the config example also spit out error:

[root@charlotte openldap]# vi slapd.conf
[root@charlotte openldap]# slaptest
/etc/openldap/slapd.conf: line 2:  invalid DN 21 (Invalid syntax)
slaptest: bad configuration file!

So much for an example. Few attempts later at both methods, I gave up and wrote this post.