White listing IPs on Apache and Varnish

• Varnish

acl white {
    "localhost";
    "1.1.1.1";
    "5.5.0.0"/16;
    # Add as many IPs as you need here
}

if (req.http.host == "somewhere.example.net") {
if (client.ip ~ white) {
   set req.backend = default;
   return(pipe);
   }
error 403 "Forbidden";
}

• Apache

<VirtualHost *:8080>
    DocumentRoot /var/www/something
    DirectoryIndex index.php index.html
    ServerName somewhere.example.net
        <Directory "/var/www/somewhere">
                Options FollowSymLinks Indexes
                AllowOverride all
                Order deny,allow
                Deny from all
                Allow from 127.0.0.1
        </Directory>
</VirtualHost>

Quick and easy self signed SSL certificates

So, there are many answers for that, but this one worked best for me:

First thing first, prerequisites:

yum install mod_ssl openssl nc -y

Now for the certificates, note that 'Common Name' is the most important field, where you put your site's FQDN:

cd ~/
mkdir ssl
cd ssl
openssl genrsa -out server.key 1024
openssl req -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt
mkdir -p  /etc/ssl/certs
mkdir -p  /etc/ssl/private
sudo cp server.crt /etc/ssl/certs/self_signed.crt
sudo cp server.key /etc/ssl/private/self_signed.key

In apache:

SSLEngine on
SSLCertificateFile /etc/ssl/certs/self_signed.crt
SSLCertificateKeyFile /etc/ssl/private/self_signed.key
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog logs/ssl_request_log \
   "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

Creating multiple users at once

 So you need to create a bunch of standardized users for whatever reason and you need them 10 minutes ago?

for username in user_one user_two user_three; \
do useradd -m -G user_group ${username}; \
echo -e "user_password\nuser_password"|passwd --stdin ${username]; \
mkdir /home/${username}/some_folder; \
chown -R ${username}:${username} /home/${username}; \
done

Varnish for multiple hosts, following redirects

Using Varnish 3.x for two servers, caching the remote one and following redirects internally.

backend default {
.host = "localhost";
.port = "8080";
}

backend backoffice {
    .host = "backoffice.example.net";
    .port = "80";
}

sub vcl_recv {

    if (req.http.host == "host.example.net") {
        #You will need the following line only if your backend has multiple virtual host names
        set req.http.host = "otherhost.example.net";
        set req.backend = backoffice;
        return (lookup);
    }
     set req.backend = default;
     return(pass);
}

sub vcl_fetch {
    if (beresp.status == 302) {
        set beresp.http.X-Magic-Redirect = "1";
        return(deliver);
    }
}

sub vcl_hit {
    if (obj.http.X-Magic-Redirect == "1") {
        set req.url = obj.http.Location;
        return (restart);
    }
}

sub vcl_deliver {
    if (resp.http.X-Magic-Redirect == "1") {
        unset resp.http.X-Magic-Redirect;
        return(restart);
    }
    return(deliver);
} 

I am running my web server on port 8080 on the front facing server and on the default port 80 on for the backoffice one. Varnish will rewrite the host request to the corresponding virtual host on the backoffice, cache the results and even follow redirects without changing the URL line in the browser.

Upgrading ImageMagick on CentOS 5.6

You are special, you are unique and so is just about anyone else. This also means that whatever question you have, most chances are others have asked it before. There's a reasonable chance someone even answered it, more than once.
So instead of reinventing the wheel with every problem or challenge I face, I turn to google to see if someone has already solved it before.
Not every time I find an answer, sometimes there is an answer but it simply doesn't work for me.
My idea here is pretty simple, collect the problems I had to solve on my own for future reference. It's for me, not for you, but if it helps you, the better.

Today's problem: upgrading ImageMagic 6.2.8 to 6.7.9-10 on CentOS 5.6
I assume you are root, and that you know what you are doing.

cd /root/repo
rpm -Uvh http://mirror.i3d.net/pub/fedora-epel/5/x86_64/epel-release-5-4.noarch.rpm
wget ftp://ftp.sunet.se/pub/multimedia/graphics/ImageMagick/linux/CentOS/x86_64/ImageMagick-6.7.9-10.x86_64.rpm
wget ftp://ftp.sunet.se/pub/multimedia/graphics/ImageMagick/linux/CentOS/x86_64/ImageMagick-devel-6.7.9-10.x86_64.rpm
yum remove ImageMagick\* -y
yum install -y --downloadonly --downloaddir=/root/repo/ ImageMagick-6.7.9-10.x86_64.rpm ImageMagick-devel-6.7.9-10.x86_64.rpm
rpm -Uvh ImageMagick-6.7.9-10.x86_64.rpm \
         ImageMagick-devel-6.7.9-10.x86_64.rpm \
         libtool-ltdl-1.5.22-7.el5_4.x86_64.rpm \
         xz-libs-4.999.9-0.3.beta.20091007git.el5.x86_64.rpm \
         jasper-libs-1.900.1-14.el5.x86_64.rpm \
         jasper-devel-1.900.1-14.el5.x86_64.rpm \
         fltk-1.1.9-4.el5.x86_64.rpm \
         fftw3-3.2.2-3.el5.x86_64.rpm \
         openexr-1.4.0a-1.el5.rf.x86_64.rpm

You might need to change a little here or there, your list of downloaded files might be different, but the basic idea is there.

• If you don't need the '--downloadonly' you can skip the last rpm command.
• For those lacking the '--downloadonly' option, you can have it here:
  How do I use yum to download a package without installing it?

Cheers.