Direct Debit Errors and Santander’s customer service

So today as usual I had my monthly telephone line rental taken out by direct debit. Unusually I’m not with BT or Virgin Media (for those in cables areas) but I use The Phone-Coop, the original reason being they offered line rental contracts for a minimum contract of 6 months against the usual 12 months from BT.

I don’t actually use my land-line, but sadly it’s a pre-requesite for ADSL in the UK and naked DSL isn’t available due to lack of demand, says BT.

So today I notice two sums being deducted, one for myself and another nearly double. A closer inspection of my statement shows this has been going on for the past 4 months* resulting in a total overpayment of ~£130.00.
*Yes, I know I should have checked my statements more closely before…

The Phone Co-Op were my first port of call, I reported the issue to them and they said they would investigate and get back to me. Still annoyed and quite impatient I did some research into Direct Debits and found that under the terms of the direct debit guarantee I was entitled to a full and immediate refund, so decided to call Santander…

Initially the call centre advisor was quite helpful, I ran off the four direct debits and she advised they have been reclaimed – unfortunately when she read them back to me it was clear two of the four were incorrect. When I asked if the two incorrect claims could be cancelled she advised they couldn’t and I would have to repay the company concerned manually.

Great, I thought, Santander have made an error on my account, I am going to have to mess about with a manual payment and explain to another company why their direct debits have been reversed. Knowing how call centres are structured I asked to be escalated to a manager who thankfully was based in Britain and not East Asia; he apologised and made a £15.00 credit to my an account for the inconvenience.

They still weren’t able to reverse the incorrect direct debit reclaims, and apparently they can only go back two months on their system whereas I needed to go back four; His answer was that I needed to “contact the originating company for a refund.”, which as shown here is not true. This shouldn’t be a suprise to me at all given that Santander has been voted the worst bank for customer service , they also recently managed to send out 35,000 bank staments to the wrong addresses.

Moral of the story, don’t settle for poor customer service.

Installing a Godaddy SSL Certificate into Apache Ubuntu Linux

Godaddy is probably the cheapest SSL certificate provide on the web with their root CA present in all the major browsers. I was able to pick up a 12 month SSL certificate for only $12.99 (~£10.00 inc VAT) by following the link HERE

Now on to the good stuff.

  • Webserver: Ubuntu 8.04 LTS
  • Apache2 with http.conf: /etc/apache2/http.conf

First we need to generate a ‘key’ file that tells our server apart from other servers. You should have openssl installed on your machine, if not, simply type in

sudo apt-get install openssl

Then change to the directory to the place you would like to store everything. In my case, I chose:

mkdir /etc/apache2/ssl
kdir /etc/apache2/ssl/certs
mkdir /etc/apache2/ssl/private
cd /etc/apache2/ssl/private
openssl genrsa -out websitename.key 2048

This will spit out a key for our server to create the CSR which is what we need to send to send to Godaddy in order to get the required files to finish the setup. Next we generate a CSR (so in the same directory):

openssl req -new -key websitename.key -out websitename.csr

When filling out the CSR via the terminal it will ask you for several things(Country Name, State or Province, Locality Name, Organization Name, Organizational Unit Name, Common Name, Email Address, and Password) Some of these are optional, but make sure that under Common Name you put your website url (website.com).

Now, we need the contents of this CSR to give to godaddy.

cat websitename.csr

Copy the text and paste it into Godaddy’s CSR pane. Make sure you keep the —Begin— and —End— stuff or else godaddy will reject it. I also chose the Starfield Technologies certificate just because it sounded cooler than Godaddy. Once accepted, you would then download the certificate.

Click on the common name [yourwebsite] then on download. Select Apache server type. This will give you a zip file with two files in it. You need to copy the website.crt to /etc/apache2/ssl/certs and the sf_bundle.crt to /etc/apache2/ssl I used a program called WinSCP to drag and drop these files in there via ssh.

Recap:

Folder Layout >
/etc/apache2/ssl/
        -certs
        |__ website.crt
        -private
        |__ website.key
        |__ website.csr (Can be deleted)
        -sf_bundle.crt

We need to edit our http.conf file to make sure that we have a valid path for the SSL. Here is my Vhost listing for the ssl. As you can see I have added a few extra things to make it play nice. I turned on SSLEngine and included the files for it to work properly. Feel free to copy and paste with minor changes.

<VirtualHost *:443>
  ServerName example.com
  ServerAlias example.com
  SSLEngine on
  SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
  SSLCertificateFile /etc/apache2/ssl/certs/website.crt
  SSLCertificateKeyFile /etc/apache2/ssl/private/website.key
  SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt
  DocumentRoot /var/www/www.website.com/htdocs
</VirtualHost>

Now when you restart apache:

/etc/init.d/apache2 restart

Apache Secured Shared Hosting with mod_proxy and mod_chroot

I have been investigating how I can isolate the various sites I host on my VPS box. Ideally I would have my own dedicated server with each site in it’s own VPS, this may be an option if I roll my own dedicated server in the near future but for now the next best option appears to be a chroot jail for each site proxied behind the primary Apache instance.

First step ensure Apache2 and mod_chroot are installed on your box, for Ubuntu this is:

apt-get install apache2 libapache2-mod-chroot

Then for each domain, create a virtual host config like /etc/apache2/sites-available/example.com:

<VirtualHost *:80>
  ServerAdmin test@example.com
  ServerName example.com
  ServerAlias *.example.com

  ProxyRequests Off
  ProxyPreserveHost On
  ProxyPass / http://localhost:8000/
  ProxyPassReverse / http://localhost:8000/
  <Proxy *>
    Allow from all
  </Proxy>

  ErrorLog /home/example/www/example.com/log/error.log
  LogLevel warn
  CustomLog /home/example/www/example.com/log/access.log combined
</VirtualHost>

This will be used by the Apache proxy, which is the normal system apache2 running as the default “www-data” user. This proxy handles name-based virtual hosts, and proxies the requests to a second process, running at localhost on port 8080.

Note that the logs are configured here and not in the user’s Apache process, for two reasons:

  1. Keep logs pristine in the event of a break-in on a user site (for example via a buggy or malicious PHP script)
  2. Single system-wide log file analysis process instead of per-user

Next, create a user account for each domain:

mkdir -p /home/example/www/example.com
cd /home/example/www/example.com
mkdir htdocs logs conf
chown www-data:www-data logs
chown example:example htdocs/

Create the following in /home/example/www/example.com/conf/apache2.conf:

ServerRoot "/home/example/www/example.com/"
LockFile /home/example/www/example.com/conf/accept.lock
PidFile /home/example/www/example.com/conf/apache2.pid
Timeout 300
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
User example
Group example
AccessFileName .htaccess
<Files ~ "^\.ht">
  Order allow,deny
  Deny from all
</Files>

Options -Indexes

DefaultType text/plain
HostnameLookups Off
ErrorLog /home/example/www/example.com/conf/error.log
LogLevel warn
LoadFile /lib/libnss_dns.so.2
LoadModule chroot_module /usr/lib/apache2/modules/mod_chroot.so
Include /etc/apache2/mods-enabled/*.load
Include /etc/apache2/mods-enabled/*.conf
Listen 8000
DocumentRoot /home/example/www/example.com/htdocs
ChrootDir /home/example/www/example.com

Once the chroot has been applied the root directory as far as the Apache process is concerned is /home/example/www/example.com – this creates a problem whereby the DocumentRoot is actually now /htdocs. The way round this is to use the –bind option of mount shown here:

mkdir -p /home/example/www/example.com/home/example/www/example.com
mount --bind /home/example/www/example.com /home/example/www/example.com/home/example/www/example.com

Now launch the new Apache process:

apache2 -f /home/example/www/example.com/conf/apache2.conf -k start

Everything should now work, but you may notice some problems, particularly with scripts like PHP, CGI etc. Generally the way round this is to make parts of the system available in the chroot and by ammending paths using the apache2.conf file in the jail.

This is as far as I have got, I have been working on getting startup right with an init script and automating the mount –bind by editing the /etc/fstab entries. I will cover my success (or otherwise) in another post.

Rails 3 + HAML, SASS, Blueprint and Compass

For my latest project I’ve decided to take the plunge with Rails 3. Some of the gotchas I encountered included rails server vs. script/server and the new gemfile.

First, add the Haml and Compass gems in the gemfile in the root of your project:

gem 'haml'
gem "compass", ">= 0.10.5"

Next install the gems. Haml includes sass at default and compass will take care of installing blueprint.

bundle install

Then setup compass with blueprint.

compass init rails . --using blueprint

If you recieve a compass: command not found then like me you may not have gem bin folder in your path. I corrected this by adding C:\Ruby192\lib\ruby\gems\1.9.1\bin to my path where Ruby192 is your install folder. This was on my Windows 7 system, so obviously YMMV.

Note that compass needs selection on 2 different options:

  • Yes on the first option to store sass files in a stylesheets directory in the app directory.
  • No on the second to compile css to a separate directory

I chose the recomended options for both and selected yes.

Compass recommends that you keep your stylesheets in app/stylesheets
  instead of the Sass default location of public/stylesheets/sass.
  Is this OK? (Y/n) y

Compass recommends that you keep your compiled css in public/stylesheets/compiled/
  instead the Sass default of public/stylesheets/.
  However, if you're exclusively using Sass, then public/stylesheets/ is recommended.
  Emit compiled stylesheets to public/stylesheets/compiled/? (Y/n) y
...
Congratulations! Your rails project has been configured to use Compass.
Just one more thing left to do: Register the compass gem.

In Rails 2.2 & 2.3, add the following to your environment.rb:

  config.gem "compass", :version => ">= 0.10.6"

In Rails 3, add the following to your Gemfile:

  gem "compass", ">= 0.10.6"

Then, make sure you restart your server.

Sass will automatically compile your stylesheets during the next
page request and keep them up to date when they change.

Next add these lines to the head of your layouts:

%head
  = stylesheet_link_tag 'compiled/screen.css', :media => 'screen, projection'
  = stylesheet_link_tag 'compiled/print.css', :media => 'print'
  /[if lt IE 8]
    = stylesheet_link_tag 'compiled/ie.css', :media => 'screen, projection'

(You are using haml, aren't you?)

Sass will automatically compile your stylesheets during the next
page request and keep them up to date when they change.

Now you can convert your application template to haml

Rename application.html.erb to application.html.haml and change the contents to look something like:

!!!
%html
  %head
    %title
      App Name
    = stylesheet_link_tag 'compiled/screen.css', :media => 'screen, projection'
    = stylesheet_link_tag 'compiled/print.css', :media => 'print'
    /[if lt IE 8]
      = stylesheet_link_tag 'ie.css', :media => 'screen, projection'
    = stylesheet_link_tag :all
    = javascript_include_tag :defaults
    = csrf_meta_tag
  %body
    = yield

All going well your project should now be setup for haml, sass, blueprint and compass!