How to configure varnish when backend is on shared hosting

This one was almost impossible to google out, so adding this solution here.

First of all backend:

backend default {
    .host = "blog.grzegorzpawlik.com";
    .port = "80";
}

But if host is actually parked domain on shared hosting, varnish will use resolved ip instead of domain name and shared hosting server will not know which catalog to serve.

You will see some general page (most probably similar to when you point a new domain to shared hosting server but didn’t park domain there yet).

The solution is easy:

sub vcl_recv {
   set req.http.host = "blog.grzegorzpawlik.com";
}

Just make sure you’ve restarted varnish and then purged cache:

sudo varnishadm  'ban req.url ~ ".*"'

Ofcourse this is just a start. And one need more sophisticated vcl_recl to effectively cache wp site.

Share Button

Android! WTF is wrong with you?

Why something unacceptable in, let say, websites is ok enough in native apps world?

I don’t even want to touch the topic of ridiculously elevated permissions (recently QR code scanners wanted my phone number, read text messages and access to my location).

Let’s get some other example: Cloud Magic. I wanted to check this nice looking mail client. It integrates with gmail so I wanted to give it a try and see if it fits me. Unfortunately it doesn’t. And I didn’t even started to use it.

I somehow swallowed permissions it requested (Device & App history: Allows the app to view (…) which apps are running, browsing history and bookmarks – Gulp!).

And next I could see nice looking first screen:

Screenshot_2014-09-09-15-42-49

Tapped Gmail, and couldn’t believe my eyes:
Screenshot_2014-09-09-15-43-01

So in this app I was presented something very similar to google services mobile log-in form. Looks legit. Looks! And only looks (even beginner phishing adept knows how to do that). I can’t check address to which this form data is going. So basically what Cloud Magic want’s me to do is to provide my google login and password. And in the same time I have my google account added in to my system, so CM could just ask me to allow them to use it.

How is this even remotely ok? This is phishing. I’m in the third party app and it asks me for other service credentials pretending to be this other service legit form.

WTF Google, WTF Android and WTF CloudMagic?

Share Button

Wyróżniająca się usługa online.

Jestem fanem firm, które wychodzą na przeciw klientom. Szczególnie może Ci się to przytrafić w firmach małych, gdzie każda decyzja nie przechodzi przez 50 pionów i 20 akceptacji.

Do tej pory najbardziej chwaliłem sobie współpracę z moim ulubionym hostingiem za elastyczność i wychodzenie na przeciw potrzebom klientów. Dziś z przyjemnością do tej listy dodaję chłopaków od http://centrumfaktur.pl/. Integrując centrum faktur z aplikacją którą piszę zauważyłem brak w api (chodziło o możliwość dodania wpłat do faktury, do tej pory można było to było zrobić tylko przez interfejs użytkownika). Napisałem do nich maile i voila! Tydzień, może dwa później api się wzbogaciło.

Dodam jeszcze, że jedyne konto jakie u nich mam jest darmowe…

Share Button