Entries tagged "Web Development"

The Jetty documentation for Configuring SSL/TLS is long and daunting, but makes no mention of how to work with the EFF's Let's Encrypt certificate authority, which provides free automated certificates with the aim of having the entire web available over HTTPS.

This article provides the steps for obtaining a Let's Encrypt certificate, importing it into Jetty, enabling HTTPS using the certificate, and handling renewals.

It assumes you have Jetty setup in a home/base configuration, serving over HTTP for one or more Internet-facing domain names.

As with all such guides, it is recommended to read all steps before making any changes, and ensure you have backups for any existing files you may modify.

Continue.

There are various situations where one might want to know the full URL sent over HTTP by the user agent, before any rewriting has occurring.

Depending on the situation and setup, it can be as simple as using CGI variables such as path_info, redirect_url or request_uri, and within a JVM servlet getRequestUrl() may prove useful - but none of those are guaranteed to be the URL which Apache received, nor are any of Apache's other documented variables.

Fortunately there is a workaround, because one variable provided is the first line of the HTTP request, which contains the desired request URL nestled between the method and protocol, i.e: "GET /url HTTP/1.1" - meaning all that needs doing is to chop the ends off.

It is relatively simple to extract the URL, and at the same time provide it to later scripts, by using the RequestHeader directive from mod_headers to set and modify a header, like so:

RequestHeader set X-Original-URL "expr=%{THE_REQUEST}"
RequestHeader edit* X-Original-URL ^[A-Z]+\s|\sHTTP/1\.\d$ ""

The first line creates a header named X-Original-URL with the full value of the variable.

The second line performs a regex replace on the specified header, matching both the request method and its trailing space (^[A-Z]+\s) then the protocol plus its preceding space (\sHTTP/1\.\d$) and replacing with an empty string to leave just the URL.

The * after edit is what makes the replace occur multiple times - without it only the first match would be replaced. (i.e. the * is equivalent to a g/Global flag.)

The name X-Original-URL is used for compatibility with the equivalent header set by the IIS URL Rewrite Module - both that module and the above solution provide the full request URL, including query string, and encoded in whatever manner the user agent sent, but one difference is that the above config always sets the header, whilst the IIS version only sets it when the URL has been rewritten.

Earlier this year I gave a talk on Password Security at Digital Croydon #5, and didn't want to simply put up the slides without any commentary, so I've written this article to accompany them. It is primarily for the benefit of those that attended - by which I mean it wont explain every slide or go into detail on everything the talk covered, but will explain the key points, provide links, etc.

Similarly, as mentioned in the talk, it didn't cover everything there is to know, and this article wont do that either - it's an introduction, not a comprehensive guide.

(At some point I do hope to write up more detailed articles, both on the points covered and on related subjects - if/when that happens I will add the relevant links to this article.)

Continue.

I will be speaking at this year's Scotch on the Rocks conference. My presentation is on the subject of getting help when you are stuck and how to describe your issue in a way that makes it easier for others to help you.

All developers have times when they need help, but it's not always easy to ask for (particularly when all you want is to get past a tricky problem, not have long tangental discussions). Having spent a lot of time both seeking and offering help, I hope to shed some light on the quickest ways to find solutions and effective methods for framing your issues so that fellow developers can understand what you need.

The talk will be aimed at developers of any level who want help with getting help.

Scotch on the Rocks is Europe's longest running conference catering for CFML developers, having been held most years since 2005. This year it takes place on the 6th and 7th of June at the Hilton Edinburgh Grosvenor hotel and covers a wide variety of topics on different aspects of web development - so whether you're looking to learn new techniques and technologies or you want to network and socialise with other programmers, Scotch on the Rocks is the conference for you.

Hurry up and book your tickets before they sell out!

As we (hopefully) all know, using HTML tables for layout is Bad and Wrong.

Unfortunately, the most common way people avoid using tables is to just replace their table, tr and td tags with divs, divs and more divs.

The div tag is a generic container that should be used as a last resort, if there are no other more suitable options.

Whilst the problem of excess divs is not limited to the conversion of table layouts, it is perhaps most obvious here, as it shows the developer is still stuck in the column+row frame of mind, rather than thinking about what they are actually displaying.

In this blog entry, I show an example of how avoiding this mindset can result in much simpler and cleaner code.