RSS
 

Archive for the ‘Server Management’ Category

Fix PHP 500 Internal Server Error when using date()

31 May 2016

For a particular project I was working on, I set up a website with a really simple script that used the php date() function. However, the use of the date() function resulted in a 500 internal server error. After some testing, I determined this was caused because of a configuration in php.ini. There was an invalid value for the date.timezone setting.

This is what my php.ini file looked like:

Now if date.timezone is set to an invalid timezone (one that does not exist) then it produces a 500 internal server error. However, Australia/Sydney is a valid timezone and should not result in that behaviour.

I then wrote a little script to see what timezones PHP was recognizing:

This resulted in the following output:

Note that Australia/Sydney is missing from the list. Finally I realised that the timezone file for Australia/Sydney was missing on the box (for some unknown reason).

I was using Centos 6.7 and needed to obtain and replace the missing Sydney timezone file so it was available here:

After making this change and restarting php and apache, the issue was solved!

 
No Comments

Posted in Server Management

 

Fixing Mixed Content warnings using CRONjobs

02 Dec 2015

So if you, like myself, have a HTTPs only website you may have noticed that your green bar, green label or security shield (image below) disappears if your webpage fetches an image from another website over HTTP and not HTTPS.

Chrome Secure Green Lock

HTTPS Secure Chrome Lock

Now this isn’t an issue in itself which is why all modern browsers only produce a small warning in the console.

Console Warning Message

Mixed Content Message in Console

Unfortunately, most browsers also remove the secure label which is unfortunate as most business websites want to display their secure logo for customer reassurance reasons if nothing else. Personally, I just think it looks cool so I like to keep it green.

 

Easy (Obvious) Solution

The obvious solution is obviously  to host the image yourself or move the image to a website that supports HTTPS (like imgur.com).

However! The real issue is when the image is being produced by some API and you do not have access to the source code of the script producing the image.

Cronjobs!

Okay so in this case, we are using some API which regular updates an image.
We want our CRON job to run daily (or whenever required based on your needs) and to download that image and store it locally, so that your website has access to it (over HTTPs!)
This makes all the mixed content errors disappear.
I came up with the following bash script in my case:

Simply save this as some_name.sh and add a CRONjob to run the script at some interval (like daily at 3AM when your server isn’t being used much).

Check out this post on how to make CRONjobs:
http://www.cyberciti.biz/faq/how-do-i-add-jobs-to-cron-under-linux-or-unix-oses/

 

 
No Comments

Posted in Server Management

 

How to get an A+ on Qualy’s SSL Labs Server Test (Apache)

27 Nov 2015

The SSL Server Test by Qualy’s SSL Labs is an easy way to determine how secure your SSL set up actually is.

You can run the test at: https://www.ssllabs.com/ssltest/

This is the score for this domain/server:

MohammadG.com SSL Server Test

 

How to get an A+ score on an Apache HTTP server

The default Apache configuration for websites running HTTPs leaves your set up vulnerable to a variety of attacks. So you will need to modify the configuration file for your SSL enabled website.

First navigate to the httpd.conf file and open it in your favourite text editor. In my case this file was located at: /etc/httpd/conf

Navigate to the VirtualHost line that corresponds to the SSL enabled website.

Here is where we add all on configuration options. I’m not going to explain what each option does but do research that if it interests you.

The important configuration options we set are: SSLProtocol (disable SSLv2 and SSLv3), SSLHonorCipherOrder (Beast attack), SSLCipherSuite (support wide range of secure protocols) and HTTP Strict Transport Security. Obviously, replace the placeholder paths, server name (example.com) and file names.

Thats it!
Now restart your apache server ( service httpd restart ) and run the test.

 
No Comments

Posted in Server Management