In less than a week, after almost ten years (!), the GoDaddy hosting plan I had for this site will expire. Transferring it and all its existing content to Microsoft Azure (and securing it along the way) has been a journey and a half, let me tell you, and over the past month or so – you may have noticed when stuff didn’t work – I’ve been finalizing all the tweaks I had to do. For future reference, here in no particular order were some of the last minute fine-tuning I had to do.
Some of the relevant posts along the way:
I alluded to this in that blog post about Pinterest and AddThis, but finally fixed it properly. Instead of working out all of the various URLs that a page may go to to download some script or images or whatever, just use a generic
<system.webServer> <rewrite> <outboundRules> <rule name="CSP"> <match serverVariable="RESPONSE_Content-Security-Policy" pattern=".*" /> <action type="Rewrite" value=" default-src 'self' https:; script-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: data:; style-src 'self' https: 'unsafe-inline'; font-src 'self' https:;" /> </rule> </outboundRules> </rewrite> </system.webServer>
Much easier to understand.
OK, OK, OK, I have to add that the
unsafe-eval you see there is not going to last long: the admin backend for GraffitiCMS (which is the blogging engine I still use for this site and a couple of others) needs it – yeah, barf! – but I’m slowly rewriting the admin site using DevExpress ASP.NET controls. (It took me a while to work out why the backend for boyet.com was working just fine, but that for 64SAINT.com wasn’t – I thought it was the admin code, but no, it turned out to be this
unsafe-eval thing. The programmer’s life, eh? Sigh.)
Quick bit of background here: on GoDaddy, the blog post URLs for this site were of the form
http://blog.boyet.com/blog/blog/foo/bar. Too long to explain why, that triple-repeated
blog has annoyed me for years, but with the migration they were going to be changed to
https://boyet.com/blog/foo/bar. For some reason, I originally had two rewrite rules: one to remove the blog subdomain, and one to remove the first
blog folder name (see that Pinterest post for an example of this with 64SAINT.com). And then came the head-desk moment when I realized I could rewrite them as one:
Three cheers for regex. Gone were the entries from the 404-redirection log I have where the server was applying the “remove subdomain” rule but not the next “remove folder name” rule. Yay.
A long while back I used to add a “Now Playing” block to the end of blog posts (see this post for an example). I wrote a little helper extension for Windows Live Writer that would interrogate iTunes to find out what I was listening to, and then go online to request a link to the album from Amazon, along with an image of the album, and inject the lot into the post. That Amazon-request bit was linked to my Amazon seller id, so that, in theory, if someone clicked on the “Now Playing” album image and bought the album, I’d get 2 cents. Well, I made so little money from this (if any, to be honest), Amazon finally cancelled my seller id. Oh well, never mind.
However, those album images all came from an Amazon site called
http://ecx.images-amazon.com. It turns out that that site is http only, not https. Since boyet.com was now secure, it was causing an error and the image was not being retrieved or displayed. I finally found out that Amazon have a secure site that serves up these album images:
https://images-na.ssl-images-amazon.com. All I had to do was run a quick SQL command on my Posts table to make the replacement. Now you know.
So, because I joined the Kickstarter for making version 5.0 of Font Awesome at the $50 level, I got the Pro version. Brilliant! And the mug, of course.
So, as part of this move to Azure I decided I should update my sites from version 3.5 to use this Pro version instead. Updated everything as they recommended, but, my oh my, their CDN can be s-l-o-w sometimes. I eventually switched to self-hosting instead, and my sites are now much faster. Just a thought, if you also have purchased Pro Font Awesome.