Tuesday night, I wanted to figure out how, as the title says, update this blog without actually having to do a web based login. You see, it kind of bothered me that anyone familiar with typo could just stick an /admin/ after my domain name and try to guess the login and password. How could I update my blog securely, I wondered, without having to set up and pay for a new dedicated IP, or for that matter, a certificate.
So, I figured it out, and as a Public Service to All Typo Bloggers, I’m gonna share it with you. In order for this to work, you’ll need:
If you’re good on all those points, then you’re probably good enough to get this working without too much trouble. If you’re like me (in terms of dev experience), the first three points are pretty easy, but the last one will require extra explanation. Being a Mac guy though, I only used SSH Tunnel Manager to get this to work. The basic idea is the same, but I’m hoping that the adventurous Windows and Linux users among you could provide me with directions for using putty or ssh to set up a tunnel.
Ok, so, what exactly are we going to do here? I’m going to walk you through the process of editing your live blog from a local instance of typo. The magic involved here is setting up a database connection with the live instance of the db over ssh. When that’s done, you’ll be able to access it as though it was on your machine. I’m not sure I have the terminology correct, but we’re basically going to tunnel your db connection over ssh.
If you’ve never set up a tunnel before, then let me go over a bit of background to help you make some informed decisions for your case. In order to set up a tunnel, you need to pick an unused port (you’re probably familiar with common ones, like 80 for http, 22 for ssh, etc.) on your machine. For this exercise, what I reccomend is that you pick a port number that’s one greater than the database’s default port. So, using mysql as an example: it defaults to listening for connections on port 3306; I’ll start my tunnel on port 3307.
At the server end of the tunnel, the port you need to connect to would be the database default. Since I’m going to connect to a mysql db, it’ll be port 3306.
If you’re using a different database engine, like postgresql, you’ll need to look up what it’s default port is, and adjust my example here accordingly.
Textdrive users might want to have a look at this page to see what they say you need to do to get set up. I’m going to flesh out their notes a bit with SSH Tunnel Manager specific info.
With SSH Tunnel Manager running, open up the preferences and fill these fields in:
Skip to the second column, click on the
+ sign on the right, then enter:
Click Apply, then close the prefs box.
You should have one small window, titled Tunnels, left on your screen. If not, go into the SSHTunnelManager menu and select Show Tunnels. You should see your “mysql connection” configuration there. Select it, then click on start. After a moment, you should get a prompt to enter a password. Do so, click OK, and you’ll see a green ball beside the config. You’re now ready to set up your typo blog on your machine.
In your local instance of typo, open up your database.yml file, and fill in the following fields with the same values you used in the server setup. In addition to that, please add a new line called Port:, and fill it with the value 3307 (or whatever port you settled on, given the above discussion).
I just remembered; you need to make one more change. for the host line, instead of using localhost, use 127.0.0.1. I’m not sure why I had to do this, as localhost resolves to 127.0.0.1, but I couldn’t get it to work unless it was this value. Let me know if this observation happens with you.
So, with the edits made, write out the file, and fire it up (by typing
./script/server -e production). Then visit your local copy of typo at
http://localhost:3000/admin. It should bounce you to a login screen, so type in the
login and password that you used to access your live blog, and you should see
all your configuration settings right there.
As a final step, you might want to shut down access to the admin area on the site, to prevent other surfers from trying to gain access. So, let’s get on the server, make a backup copy of routes.rb, and start editing the file.
First off, comment out any route that has admin in it. Next, add the following two lines:
map.connect 'admin/*stuff', :controller => 'theme', :action => 'error'
What that does is ensure that any calls to
admin/anything will result in a 404 error. Write out the file and restart the server.
Now that I’ve set one up, I have to say that I think ssh tunnelling is pretty cool. You’re basically hardwiring remote resources to your local machine, then accessing those resources as if they existed on your machine.
Now I’m wondering though, if there’s a way to get blogging clients like ecto or MarsEdit to send their XML-RPC calls over an SSH Tunnel. One way to accomplish this is to follow the directions here, and run your client against the local installed copy of the blog. You would also need to add a rule to the server routes.rb blocking access to
/backend uri’s. That would suck, though, if you were unable or unwilling to get the rails infrastructure up and running on your local machine. The better way is to somehow tunnel all the XML-RPC calls.
The tunnel is easy enough, just map the server’s localhost:80 to your localhost:8080, and ensure that you’re updating your blog at
http://localhost:8080/backend/xmlrpc/. The part I don’t understand very clearly here is how to ensure that such connections are only accepted if they come from the tunnel. If you think you can work out a method, please let me know!
Copyright © 2009
All Rights Reserved unless otherwise indicated.