Well, this is embarrassing…

I found out today that I have been configuring Apache wrong for a while. How long?

Around 15 years. 

ಠ_ಠ
Everyone who has configured Apache has probably done work with the <VirtualHost> declaration. You know how it usually looks:

NameVirtualHost *:80

<VirtualHost myserver.whatever.com:80>
# apache stuff goes here
</VirtualHost>

But that’s wrong. It’ll work, of course, but it’s wrong.

Continuing, if you have multiple sites, and you were devoted to doing it wrong (or at least, never bothering to really grok the documentation), you’d do this:

NameVirtualHost myhost.mydomain.com:80
NameVirtualHost myotherhost.mydomain.com:80
# and maybe we’ll get fancy with some https
NameVirtualHost securehost.mydomain.com:443

<VirtualHost myhost.mydomain.com:80>
ServerName myhost.mydomain.com
# Other Stuff
</VirtualHost>

<VirtualHost myotherhost.mydomain.com:80>
ServerName myotherhost.mydomain.com
# Other Stuff
</VirtualHost>

<VirtualHost securehost.mydomain.com:443>
# ServerName securehost.mydomain.com
SSLEngine On
# Other SSL stuff here
# Other domain stuff here
</VirtualHost>

Yeah, that’s wrong too. When you do it, you get these niggling little errors:

[warn] NameVirtualHost myotherhost.mydomain.com:80 has no VirtualHosts
[warn] NameVirtualHost securehost.mydomain.com:443 has no VirtualHosts

…but it works. So you’re like, “that’s weird. well, it works, I’ll figure it out later”, but you never do.

Well today, I did. And I learned something. And I’m going to tell you.

See, my misunderstanding was all in the “NameVirtualHost” line. I thought, because it’s called “NameVirtualHost”, it wanted the name of a virtual host. Call me crazy.

Instead, what that ACTUALLY does is point to an IP address that Apache is going to listen on. It’s just that by putting the domain name, it looks it up, and comes up with the IP address.

So if myhost.mydomain.com has a DNS record (or a host file entry) of 192.168.1.10, then these two lines are equivalent:

NameVirtualHost myhost.mydomain.com:80
NameVirtualHost 192.168.1.10:80

…and that’s why it always works. Up above, when you wanted to enable ssl, you were like, “I’ve already go a web server; let’s make this happen!”, so you just added a CNAME (or maybe another A record) for securehost that matched the IP of myhost, and went on your merry way.

The other symptom of this problem, apart from the “has no VirtualHosts” error, is whenever you have multiple SSL-enabled sites on the same IP address. The way https works is that the browser connects to port 443, magic happens when the certificates are exchanged, and then your web browser is like, “it would be a shame to waste this secure tunnel. How about you give me securehost.mydomain.com?”.

If you have “othersecurehost.mydomain.com”, too, then you might see the problem. The certificate has already been exchanged by the time the server figures out what site the client wants…and the way it works in the apache config is that the first virtualhost encountered take precedence, so your browser might WANT othersecurehost, but the certificate it gets will be for securehost.

This sort of things will be obvious if you administer multiple externally-visited https-enabled sites, because you’ll get certificate warnings all over the place. But 99% of what I work with has been building https-enabled internal sites where I just never, as a rule, bothered to spin up a good reliable certificate service and sign my own stuff, so I was always USED to certificate errors.

The site that finally helped me figure out what was going on is Apache Common Misconfigurations. And incidentally, there has been an extension to the SSL standard that allows multiple SSL-enabled sites to be hosted on the same IP address. Not every browser supports it (for those of you who still cater to IE6 users, you would now have even more sympathy from me, if that were possible), but if you have a reasonable expectation that your visitors’ web browsers were written after the Bush administration, then you should be OK.

So anyway, today I’m happy to admit my blinding ignorance if you will accept for it an offering of knowledge. I apologize for going this long without investigating that one weird little error that didn’t seem to be causing problems. I’ll try not to let it happen again. Too often.

LISA’12 Early-Bird Registration discounted through November 26th

I didn’t actually cover it before, but the discounted “Early Bird” registration for LISA12 in San Diego ended last night.

They have actually extended it another week, though, so use all the discounts you can (members of LOPSA even get an additional discount) and register now.

I’ll be there on the USENIX Blog team, along with Ben Cotton, Greg Riedesel, and Rikki Endsley. We’ll be covering the “happenings” and “goings on”, so if you see us around, come say hello.

So the bottom line is, Register for LISA 12 right now!

Review: Gunnar Rockets (anti-headache glasses)

A few weeks ago, I picked up a pair of Gunnar Rockets. They’re (slightly) tinted glasses which are touted as helping people who have issues staring at computer screens for long periods of time.

I didn’t used to have any problems, but after taking a year off of being a sysadmin, I think my eyes gave out on me, because I’ve been having headaches and a gritty feeling in my eyes after much shorter sessions than I did before. I decided to pony up $60 and give it a shot. I figured, “Hey, if it works, it’ll pay for itself in aspirin in no time”.

My first thoughts, after putting them on, were “wow, bright!”

The yellow tint of the lenses seems to make certain things “pop” that didn’t before. I can’t put my finger on it, but it seems like the tint makes the blacks blacker. The whites become slightly yellowed, but brighter somehow. I’m not sure why that is, but my theory is that it may have something to do with the fact that the eye’s peak sensitivity is around 555 nanometers, which is pretty close to the color of the Gunnar lenses (look for Fig. 249 on that link for the right graphic).

Also, there’s a slight magnification. It’s very slight, but just enough to make you go “whoa, something is different”. If you take them off, hold them in front of your face, and pass them over text, it’s clear that the curvature of the lens causes some very wide differences in diffraction across the length of the lens. If you look at the picture below, you can see that at the top, near the earpiece, there’s a pretty big discrepancy between through the glasses and not. At the nosepiece, there’s almost none.



Click to embiggen

My initial response was confusion, because normally this would make the image through the glasses altered, kind of like how your windshield is “weird” near the edges, but with these glasses, that’s not the case at all. My current working theory is that because of the curvature of the lens, it’s actually equidistant from the lens in your eyeball as it swivels in your eye-socket. This means that although it’s heavily curved, there’s no image warp. It also means that there’s an optimal distance in front of your eye for the glasses to sit.

For me, that seems to be pretty close, so I do find them sliding down my nose sometimes. It isn’t bad, and I live with it. The reason for the closeness might also have to do with the “microclimate” that the sales literature talks about, which is supposed to keep your eyes moist without condensing on the lens (and there really is no condensation that I’ve seen). This could be confirmation bias, but it does seem like my eyes aren’t as dry or sandpaper-y as they usually are. There were some days where I’d close my eyes and they just burned because I never seem to blink enough.

The proof is in the pudding, as they say, so I waited a while before I reviewed them in case some things changed.To be very very honest, if I would have reviewed these after the first week, I would have given them a negative review. I was actually writing it in my head. I didn’t notice anything different, and really, I couldn’t recommend spending money on them. Then that weekend, I used my computer a lot.

So, do you have a splinter in your finger right now? Probably not. You almost certainly have in the past, though, and you can remember that it really sucks, and it’s annoying. But the thing is, our brain is wired to forget the magnitude of pain (otherwise no one would have more than one child), so you don’t remember how much it sucks to have a splinter in your finger. But it sucks more than you can remember right now, and if you had a splinter in your hand, you’d constantly be smacking it against things and rubbing it the wrong way, and you would have trouble concentrating on anything else without thinking of it.

So by the Sunday following my first week with the Gunnars, I keenly remembered what it was like spending hours staring at a screen, and I realized that it wasn’t that they made no difference, it was that they made so much difference that I forgot about life without them. I don’t think I need to say anything else.

There are downsides, of course. These are glasses. If you already wear prescription glasses, then these aren’t really an option for you, unless you want to spend significantly more for prescription Gunnars. I don’t know how much they are, but the glasses by themselves are $60 on sale, so I imagine they’re quite a bit more.

Another downside is that they smudge. I read a lot of reviews that claimed that they smudged easily, but I kind of ignored it. I mean, people in general (myself, too) abuse sunglasses, and I figured that they were overreacting, but let me tell you…don’t wear these things unless you’ve got a microfiber cloth handy. Not only do they smudge easily, but because of the wavelength of the light, YOU NOTICE. I think that’s probably why it’s so bad, actually. I doubt that they smudge more than a pair of Oakleys with iridium lenses, it’s that the color is designed to make you notice it. So keep a cleaning cloth handy. I just leave one at my desk under my monitor (and they come with a nice microfiber cloth bag to keep them in, too).

There are also a lot of frame styles to choose from, so you don’t have to get the nerdy wireframe thing I did. I don’t think I look great in glasses, but this is about as non-bad as it gets for me:



For some reason, I never get mistaken for Bono as much as I’d like

The end result is, if you have trouble with headaches while using your computer for long stretches, or if you notice that it burns when you blink after staring at your screen, then there’s probably a good chance these will help. If you know someone who has a pair, I’d recommend borrowing them first, because that’s a lot of cheese to spend on something that may not end up working for you. I’m not sure about the return policy on things like this – it may be simpler to return them Amazon if you buy them from there. But if they’re an option for you, and in your financial reach, then I would get them now.

You can pick them up at Amazon with my Associate code or without (I get pretty small percentage of the sale, but it keeps me in things like arduino parts).

I’ve talked to a TON of people that also have Gunnars since I got mine, and pretty much everyone raves about them. If you’ve got an opinion, positive or negative, let me know in the comments. Thanks!