Eric Mason . net

After enabling SSL on a couple of apps, I got an email from one of my cron jobs telling me my SOAP API was no longer working.  (This is why you always want to have an entry in /etc/aliases forwarding root’s email to an account you will read)

The error message was “unable to get local issuer certificate.”  I thought, no big deal, there must be an easy way to get SOAP4R to find all the root CA certificates.  Unfortunately it took a while searching Google to find the right answer, so I’m posting it here to make it easier for the next person (which just might be me next week).

(more…)

Tonight I decided to set up SSL on two internal web apps I’ve been running for a while. I have a wildcard certificate *.stockpr.com just for this purpose. Each app was originally running on a separate hostname on a single IP address on port 80.

After I started setting up SSL, I realized that I might run into trouble because Apache has always said you can’t combine NameVirtualHost and SSL. The reason for this is that the SSL session is established before the HTTP headers are sent. Since NameVirtualHost relies on the HTTP Host header, which is unavailable since it hasn’t yet been sent at the time SSL is being negotiated, Apache can only use a single SSL cert per combination of IP and port.
(more…)

Tonight I spent two hours banging on an EC2 instance that suddenly went awry. I was adding SSL to a couple of internal applications we host on this instance when my “apache2ctl configtest” command hung. I tried all sorts of things and finally noticed there were tons of entries in /var/log/messages referencing “4gb seg fixup” like this:
(more…)

As I mentioned in the last post, I’m working on hosting email accounts on Amazon EC2. I am experimenting with mounting /var on an EBS volume so my database, logs, etc. will survive the failure of an instance.  The idea is to be able to start a new instance, attach the EBS volume containing the /var partition, and keep going where the previous instance left off.  

The first time I tried to bundle the volume I noticed it was taking a very long time.  I had incorrectly assumed that ec2-bundle-vol would automatically exclude any EBS volumes.  Instead, it only excludes a static list of directories, so I had to add the EBS volume (/mail) to the exclusion list.  

(more…)

I’m working on setting up a server to host email accounts on Amazon EC2 using the newly released Elastic Block Storage.  My benchmarking has shown XFS to be better than ReiserFS for this task - and presumably EXT3, but I ran out of patience.

Since I will need to grow the filesystem in the future, I am using LVM.  This also allows me to break up the logical volume into separate EBS volumes, which should increase random access performance.   (more…)