Extra Pepperoni

To content | To menu | To search

Tuesday, January 13 2009

More than I ever wanted to know about URL rewriting

Since I moved from WordPress to Dotclear, my feed URLs changed. Tonight (this morning), I mapped the old ones to the new ones. There were several complicating factors:

  • WordPress uses a whole mess of different URLs for feeds.
  • WordPress is very popular, so most of the posts I found were about how to point to WordPress feed URLs, not how to redirect WP URLs to another system's. I found some Feedburner docs, but they were old and not quite appropriate.
  • mod_rewrite is powerful and complicated. I wanted to use the much simpler (and lower overhead) redirects provided by mod_alias.
  • WordPress uses Query Strings, which are not part of the normal URL space, and thus awkward to work with.

Thanks to #apache (particularly Sling) for a pointer in the right direction.

Here's what I ended up with in the .conf file for my www.extrapepperoni.com virtual host (yes, I realize I mapped some URLs that were never used, but I cannot go check what was available now that the old site is mothballed):

# WP uses top-level years for permalinks, but DC puts them under /post/.
    RedirectPermanent /2008         http://www.extrapepperoni.com/post/2008
    RedirectPermanent /2007         http://www.extrapepperoni.com/post/2007
    RedirectPermanent /2006         http://www.extrapepperoni.com/post/2006

# People who just ask for a feed, without specifying type. Note `$`, so these don't eat URLs that do specify type.
    RedirectMatch permanent /feed$  http://www.extrapepperoni.com/feed/atom
    RedirectMatch permanent /feed/$ http://www.extrapepperoni.com/feed/atom

# If they specify a type, provide DC's closest match.
    RedirectPermanent /feed/atom/   http://www.extrapepperoni.com/feed/atom
    RedirectPermanent /feed/rss2/   http://www.extrapepperoni.com/feed/rss2
    RedirectPermanent /feed/rss/    http://www.extrapepperoni.com/feed/rss2
    RedirectPermanent /feed/rdf/    http://www.extrapepperoni.com/feed/rss2

# Not sure if putting it inside this block avoids unnecessary processing for sub-paths, but it works this way, so it's all good.
# For all the feed queries, map to the appropriate feed URL, and strip the Query String to avoid looping.
# These are permanent redirects, and end mod_redirect processing.
    <Location />
        SetHandler dotclear
        RewriteEngine On
        RewriteCond %{QUERY_STRING} feed=atom
        RewriteRule / http://www.extrapepperoni.com/feed/atom? [L,R=301]
        RewriteCond %{QUERY_STRING} feed=rss2
        RewriteRule / http://www.extrapepperoni.com/feed/rss?  [L,R=301]
        RewriteCond %{QUERY_STRING} feed=rss1
        RewriteRule / http://www.extrapepperoni.com/feed/rss?  [L,R=301]
        RewriteCond %{QUERY_STRING} feed=rss1
        RewriteRule / http://www.extrapepperoni.com/feed/rss?  [L,R=301]
        RewriteCond %{QUERY_STRING} feed=rdf
        RewriteRule / http://www.extrapepperoni.com/feed/rss?  [L,R=301]
        RewriteCond %{QUERY_STRING} feed
        RewriteRule / http://www.extrapepperoni.com/feed/atom? [L,R=301]

Monday, December 1 2008


Dotclear is a slick new blogging package. It offers multiple blogs and native SSL support. The software and documentation are still actively being translated from French to English, and rather slim, but usable -- and the developers are actively working on it.

I spent some time getting it set up, and it looks quite good so far. Now that I have a working installation, I'm going to try moving my movie reviews into DC, and setting up a new blog for interesting links.



  • Multiblog Configuration, Method #2
  • cd /var/www/dotclear2 && mkdir cache public && chown apache:root cache public && chmod g+w cache public
  • Make sure public_theme & public_path are right.
  • mkdir /var/www/dotclear2/public && chown apache:root /var/www/dotclear2/public && chmod g+w /var/www/dotclear2/public
  • mkdir /var/empty/empty


  • Enable robots for each blog: Search engines robots policy
  • Enable XML/RPC per blog.

Sunday, November 23 2008

Put the Drupal down!

I got Drupal 6.6 installed, and then someone suggested Acquia Drupal (more bundled modules, and it integrates with Acquia's brand-new network services and support). So I installed that. Not too bad, but definitely more involved than my original hosted one-click WordPress install.

It's doing SSL and I have Apache mapping a couple vhosts to the main Drupal installation per http://drupal.org/getting-started/6/install/multi-site, but I don't want to deal with a mix of shared and unique MySQL tables across sites.

Drupal's blogging is pretty basic, and it's not immediately obvious how to promote vhosts to top-level virtual hosts (probably mod_rewrite, which seems pretty central to Drupal). I'm not sure how easy it would be to hide the non-blog parts of Drupal I'm not interested in, and there's no WYSIWYG built-in. I like to write raw Markdown or HTML, but one of my goals is to make it easy to host blogs for friends & family, who generally want WYSIWIG. I found YUI Editor, but Yahoo is pretty confused about it today, and the instructions are lacking.

So for now, it looks like I'm going to set up 3 more personal WP blogs, and hope that in a year or two either WP-MU gets better SSL support, or Movable Type becomes more attractive. I guess I should try DotClear first, as they tell me it handle logins for multiple blogs through a shared site.

Tuesday, November 18 2008


I decided to move off WordPress due to some security concerns and other issues.

  • Plain WordPress doesn't do multiple blogs (there are several hacks, but they are immature). I want to host at least 6 blogs, without having to keep each one upgraded separately -- each of our current 3 blogs used 11 plug-ins last time I counted. Also, it's insecure. It's sadly ironic that they claim "WordPress is a state-of-the-art publishing platform with a focus on aesthetics, web standards, and usability. -- but their XML export ("WRX") is invalid XML.
  • I looked at Expression Engine, but don't like the license.
  • I looked at Movable Type, but found it complicated and problematic, and they really only offer a few themes, with color/banner graphic variations (in 2 and 3 column variants, though!). Also, their support system is pretty broken; they offer corporate support, which requires payment, and they have 2 different fora, but only one of them appears to be available for unpaid users. Very confusing, and I found a bunch of bugs (in the site, not in MT); also, I like to do a lot of testing, and then migrate from test to live, and they lack good support for moving blogs around.
  • Textpattern looked good, but I quickly found significant breakage and incompleteness.
  • I looked at WordPress MU, thinking perhaps I'd live with the security risks -- after all, this content is public. Unfortunately, WordPress' built-in SSL support requires the HTTPS URLs to match the HTTP URLs (except the scheme), but I don't have 6 free IPs for blog management. No, I don't want to use funky ports to make the SSL vhosts work. The Admin-SSL plug-in can use a different SSL prefix ("Shared SSL") with regular WordPress, but not under WordPress MU. I reported this as a bug, but don't expect a fix soon.
  • Now I'm looking at Drupal, which is supposed to be very flexible (and complicated); I suspect it can handle my SSL requirements, but don't know how good its blogging features are. Goldman stalled my investigation, but now that my job hunt is winding down, I should have a bit more time to figure it out.
  • If Drupal cannot do it, I will look at EE & MT again. If I cannot (bring myself to?) get them working, I'll probably stick with a bunch of separate WordPress blogs for now.

Very frustrating!

Monday, November 10 2008

Apparently I'm Not Going to Use Textpattern

I've been looking at migrating from WordPress to Movable Type, but been stalled for a while. Recently, Kevin van Haaren mentioned Textpattern, and I was impressed by its simplicity. Unfortunately, it doesn't yet look sufficiently mature. Among other things, Textpattern cannot import from a WordPress WXR file. Movable Type can (with some massaging), even though WordPress generates invalid XML.

Textpattern can only import from a live WP database, and I don't want my test server to have access to the live server. I set it up for a test, and Textpattern threw several types of errors.

Additionally, I couldn't see Textpattern's default comment, even before importing. The import caused me to abort before I got to investigate this one, though.

So back to MT, which has annoying limitations around blog management, but no dealbreakers so far.

Monday, June 9 2008

This Must Be 2008 -- Blogs Are Everywhere!

When Amy mentioned to Joyce (of Scarce) that she now has a blog, Joyce was amazed and impressed at how cutting-edge Amy is. There's definitely a geographical factor here, because at my picnic earlier the same day, we figured out that of the 6 adults and Julia present (all Brooklynites), every single one of us has a blog.

Devjani's is firewalled. Julia's Journal runs on hand-crafted HTML rather than blogging software, but that's because it dates back to mid-2002; I will move it over at some point. Sharon has two. In addition to Extra Pep, I edit Securosis.

Friday, April 11 2008

WordPress upgraded

Half because WordPress really needs to stay upgraded, and half in hopes of fixing the Admin-SSL bug which was blocking posting, I upgraded to WordPress 2.5, a compatible beta of Admin-SSL (now under new management), and a few other plug-ins.

Not knowing how well the upgrade would go, I did the safe thing -- I installed WP 2.5 separately from the live Extra Pepperoni site, installed and configured all the plugins I use (with my personal patches), created a new MySQL database, and configured everything, including a couple test comments (not as myself). After I got it working, I brought down the old site, moved the new one in place, reconnected it to the old MySQL DB (with all posts and comments), clicked the button to upgrade, and we're up.

Unfortunately, there's still a problem with comments. When I log into a new account to comment, I get a link to https://secure.reppep.com/wp-admin/profile.php, which is bogus; it needs to be https://secure.reppep.com/ep/wp-admin/profile.php. If you have an existing account (Tony), you might be able to login through https://secure.reppep.com/ep/wp-admin/ and comment, but it seems that viewing an actual post (which must be non-SSL) still loses its association with the login session, so you can visit the HTTP site as an anonymous user, or use the HTTPS site as your registered user, but the plaintext side has no access to comment, and the encrypted side doesn't show the posts you would want to comment on. Hopefully BCG will be able to fix the problem in Admin-SSL. He's already fixed the Preview function.

Also freaky: When I log into EP as a brand-new user (to comment), I get the Dashboard, telling me I (the brand-new user) have 184 posts. I didn't think Subscriber users saw the Dashboard, but the post count is definitely bogus.

I did the initial installation as a Subversion checkout, which is very cool. Now, though, I have to create my own private WP hacks repos (easy), and figure out how to set up externals to pick up my additions.

A tip: Don't try to check out the WordPress source over AFP; the permissions weren't right, and the checkout couldn't complete; when I did it locally on the Linux server, there was no problem. I hadn't even noticed I was running "svn co" on the Mac instead of the server, but it was easy to fix once I noticed the cause.

Monday, March 17 2008

Commenting Is Currently Broken

pctony (congratulations on your Apache httpd PMC membership, Tony!) just informed me that comments here are broken. I knew Preview was broken, and am guessing that it's a problem with my configuration of Admin-SSL, but hadn't known it affected anyone other than myself. Admin-SSL in this configuration creates a disruption between the public (reading) side and the SSL-encrypted authenticated side, and preview & user logins for commenting both appear to be falling into that crack.

If I can't get Admin-SSL working this way, I'll come up with something else, although at this point I'm hoping Haris can tell me how to sort myself out.

In the meantime, I'm sorry for the inconvenience (especially Tony's).

His two suggestions were to quote the path in the UltraEdit installer, or to use "dir /x" in CMD.COM to find the DOS-style 8.3 pathname of the destination folder. Unfortunately, I seem to have been wrong about the cause for their installer's terribly vague "1925" error message, as I tried another viable path (not containing spaces) today, and UE failed to install there too. Perhaps it's a registry access issue -- I sent email to IDM Software, and hope they have a more useful suggestion than "become an administrator".

Wednesday, March 12 2008

Extra Pepperoni Re-Hosted

After DreamHost's breach 8 months ago, I was aggravated at their poor handling of the situation, but willing to give them the benefit of the doubt, and still happy with their low prices and flexible services.

With the new bad news and worse confirmation (still with poor incident handling), though, it's time to get out of dodge.

I have moved Extra Pepperoni back onto my own hardware. I started blogging on Apple's Blojsom install, but gave up on Tiger Server for Blojsom (and Mailman) because the services kept silently shutting down, leaving me to notice they were disabled days or weeks later (no fault of Blojsom or Mailman -- Apple didn't do a good job porting SpamAssassin either). Bringing up a WordPress blog and mailing lists at DreamHost was easy and cheap, but that's no good if they are unsafe.

I'll look at moving a couple very light-duty Mailman lists off DH next, but the lists are so lightly used I'm not too concerned. There just isn't any confidential information on the mailing lists, aside from their tiny subscriber lists.

Ah, well. I now know much more about WordPress and MySQL than I cared too, but the setup wasn't too bad. I hadn't realized how many customizations and tweaks I made to WordPress until it came time to recreate them on my own system:

  1. Almost Spring theme (included by DreamHost); with minor hack
  2. PHP Markdown Extra; with minor hack
  3. MySQL admin UI
  4. WP-DB-Backup (DH included one, which I'm no longer using)
  5. mod_rewrite for permalinks
  6. Admin-SSL, with "Shared SSL" tweak, integrated into my existing SSL site (meaning EP is available through two different "sites", and I have to keep the Apache configurations reconciled)
  7. Twitter
  8. WP-Cache (DH standard)
  9. Akismet anti-spam registration
  10. Technorati pinger (came over automatically with the DB).
  11. Fix for widget.php to use legal JavaScript tag.

Friday, January 4 2008

Twitter Is ...

Glenn hung up his Tweets a few days ago, which makes this an apropos time to ponder Twitter and whether it's worthwhile.

  • Micro-blogging.
  • Super chat status line messaging.
  • Perhaps the easiest way to flex your vanity, Web 2.0 style.
  • A chat room without walls.
  • A remarkably uninformative way to exercise your vanity, since one has no idea how many people might read a tweet.
  • A particularly 21st-century game of one-upsmanship -- # followers vs. # following.
  • A pleasant diversion / horrendous distraction.
  • An excellent way to broadcast information, including emergency notifications, although its lack of pervasiveness limits what it's good for.
  • Access to lazyweb.

Saturday, December 2 2006

Blog Moved

I've been using the customized Blojsom installation Apple provides in Mac OS X (Tiger) Server to host my blog and a few others. Unfortunately, it's not stable. Last week, it died several times, and I gave up on waiting for Apple to fix the problems in Leopard Server (expected early 2007).

I've migrated the blog (including all old my posts) to WordPress, hosted by DreamHost, at www.extrapepperoni.com. As a bonus, WordPress includes many more (interesting) themes than Apple's very small (and classy, but simple) set, and additional features which Apple doesn't provide. Unfortunately, Apple's customized Blojsom can't take advantage of the many designs people have developed for mainstream Blojsom, and its plugin architecture is broken as well.

The main advantage of Blojsom is that all posts are simple (pairs of) text files, while WordPress is based on a MySQL database. Fortunately, WordPress/DreamHost hide much of the complexity.

In addition to my blog, I'm moving a couple mailing lists to DreamHost, again because Apple's Mailman is unstable.