My sister in law, Ushani, is currently building a web site for her exam. In order to get a good review, her site must get a high rank on google. The url is If you want learn about dishes from all around the world, feel free to visit

This very first post of my new blog post series about useless use of some commands when writing shell scripts.

Let's start with find and grep. When I started with shell scriptig, I used to use find /path/to/dir | grep -E '\.ext$' in order to exclude files with .ext.

But, did you know find offers better way to exclude files? Try find /path/to/file ! -name '*.ext, the result will be the same, without spanning a new process.

How about exluding multiple extensions? One may ask. Just repeat ! -name ext like this: find /path/to/file ! -name '*.ext1' ! -name '*.ext2' ! -name '*.extN'. And depending on number files types/names to exlude, this may become unreadble. In this case, take advantage of operators offered by find: find /path/to/dir ! \( -name '*.ext1' -or -name '*.ext2' -or -name '*.extN' \)

I installed varnish as a cache frontend for my apache web server few weeks ago. In this process, I changed apache's listening address from my public ip to localhost. But, I was still using apache for my https sites (webmail and few other virtual hosts). Today, I setup pound as a SSL reverse proxy for apache and completly removed mod_ssl from my apache's configuration.

Even if pound is easy to set up, there is a pain point on this type of migration: in fact, apache is able to run an external command to get the passphrase in order to unlock the ssl private key, which pound is not capabale of.

Pound won't start if the SSL key is protected by a passphrase. Thus, on the migration process, one need to remove the pass phrase from the private key before starting pound. Needless to say, the private key must be properly protected.

If you're using tinyca for managing your certificates, follow how to get rid of the passphrase:

  • Do not forget to backup tinyCA data before doing any changes!

  • Find the private key file. It should be located in ~/.tinyCA/SITE/keys directory. Filenames are encoded using base64. ls | perl -MMIME::Base64 -ne 'print decode_base64($_)' ; echo will display them in an human readable format.

  • Remove the passphrase by openssl rsa -in INPUT_FILE -o OUTPUT

  • Check the new file with openssl rsa -check -in OUTPUT

  • Replace the old file with by the newly key.
  • Start tinyca2 and reexport the certificate and the private key.

I have switched my laptop from debian Linux to arch linux. I did the switch, not that because, I'm unhappy with debian. I still and will continue to use debian on my servers. I did it because I wanted to learn new stuff.

On my debian installation, I used to use tinyca2 to manage my ssl certs. When I tried to install tinyca2 on arch, the aur package failed to install (primary site seems to be dead, and there were some bugs).

So, using the work done by Marti Raudsepp (the maintainer of tinyca2's Aur package), I have updated the pkgbuild and uploaded it to aur and github. I, also, forked the source on github. The new pkgbuild includes patches from debian, which were cleaned up to be applicable on the raw source and will use the fork on github as the source for tinyca2 (as the primary site seems dead).

Feel free to get the package either from Aur or github and send to your comments.

Few years ago, switched my web site from a custom cms (written by Erwan Pinvidic) to moinmoin wiki engine. Some months (or years?), later I implemented an authentifcation plugin which is using my mail server as a credentials' provider. At that time, I wanted to use https for authentifcation and tried few things to force apache to redirect to https on specific url pattern, and I failed. At this stage, I modified my plugin to reject authentification if the login and password were sent over http and forgot all that stuff...

Few days ago, I setup varnish in front of my apache server and moved few http to https redirections from apache to varnish. And while updating varnish's configuration, I recalled my attempts with moinmoin's login page redirection and wanted implement this using varnish. And this time, I did it using the setup below:

sub vcl_recv {
if ( ~ "" && req.url ~ "\?action=login") {
       set req.http.x-host =;
       set req.http.x-url = req.url;
       return(synth(750, "https://" + req.http.x-host + req.http.x-url));

sub vcl_synth {
    if (resp.status == 750) {
      set resp.http.Location = "https://" + req.http.x-host + req.http.x-url;
      set resp.status = 301 ;

So, don't worry if you don't succeed the first time. Try later using the right toolTM!