Jonathan Lalou's Blog

Posts Tagged ‘OVH’

I recently started migrating my WordPress site from Free.fr to OVHcloud hosting. The migration is still in progress, but along the way I needed to enable and validate
programmatic publishing through the WordPress REST API (RPC/API calls). This post documents the full process end-to-end, including OVH-specific gotchas and troubleshooting.

My last migration was many years ago, from DotClear 2 to WordPress…

Why move from Free.fr to OVH?

• Performance: More CPU/RAM and faster PHP execution make WordPress snappier.
• Modern PHP: Current PHP versions and extensions are available and easy to select.
• HTTPS (SSL): Essential for secure logins and required for Application Passwords.
• Better control: You can tweak .htaccess, install custom/mu-plugins, and adjust config.
• Scalability: Easier to upgrade plans and resources as your site grows.

What is the WordPress REST API?

WordPress ships with a built-in REST API at /wp-json/. It lets you read and write content, upload media, and automate publishing from scripts or external systems (curl, Python, Node.js, CI, etc.).

Step 1 — Confirm the API is reachable

1. Open https://yourdomain.com/wp-json/ in a browser. You should see a JSON index of routes.
2. Optional: check https://yourdomain.com/wp-json/wp/v2 or
   https://yourdomain.com/wp-json/wp/v2/types/post to view available endpoints and fields.

Step 2 — Enable authentication with Application Passwords

1. Sign in to /wp-admin/ with a user that can create/publish posts.
2. Go to Users → Profile (your profile page).
3. In Application Passwords, add a new password (e.g., “API access from laptop”). It should look like ABCD EFgh IjKl M123 n951 (including spaces)
4. Copy the generated password (you’ll only see it once). Keep it secure.

You will authenticate via HTTP Basic Auth using username:application-password over HTTPS.

Step 3 — Test authentication (curl)

Replace the placeholders before running:

curl -i -u 'USERNAME:APP_PASSWORD' \
  https://yourdomain.com/wp-json/wp/v2/users/me

Expected result: 200 OK with your user JSON. If you get 401 or 403, see Troubleshooting below.

Important on OVH — The Authorization header may be stripped

On some OVH hosting configurations, the HTTP Authorization header isn’t passed to PHP.
If that happens, WordPress cannot see your Application Password and responds with:

{"code":"rest_not_logged_in","message":"You are not currently logged in.","data":{"status":401}}

To confirm you’re sending the header, try explicitly setting it:

curl -i -H "Authorization: Basic $(echo -n 'USERNAME:APP_PASSWORD' | base64)" \
  https://yourdomain.com/wp-json/wp/v2/users/me

If you still get 401, fix the server so PHP receives the header.

Step 4 — Fixing Authorization headers on OVH

Option A — Add rules to .htaccess

Connect in FTP, browse to “www” folder, edit the .htaccess file. Add these lines above the “BEGIN WordPress” block:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>

<IfModule mod_setenvif.c>
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
</IfModule>

Option B — Tiny must-use plugin

Create wp-content/mu-plugins/ if missing, then add fix-authorization.php:

<?php
/**
 * Plugin Name: Fix Authorization Header
 * Description: Ensures HTTP Authorization header is passed to WordPress for Application Passwords.
 */
add_action('init', function () {
    if (!isset($_SERVER['HTTP_AUTHORIZATION'])) {
        if (isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION'])) {
            $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
        } elseif (function_exists('apache_request_headers')) {
            $headers = apache_request_headers();
            if (isset($headers['Authorization'])) {
                $_SERVER['HTTP_AUTHORIZATION'] = $headers['Authorization'];
            }
        }
    }
});

Upload and reload: authentication should now succeed.

Step 5 — Create and publish a complete post via API

Optional: create a category and a tag

# Create a category
curl -i -X POST \
  -u 'USERNAME:APP_PASSWORD' \
  -H "Content-Type: application/json" \
  -d '{ "name": "Tech" }' \
  https://yourdomain.com/wp-json/wp/v2/categories

# Create a tag
curl -i -X POST \
  -u 'USERNAME:APP_PASSWORD' \
  -H "Content-Type: application/json" \
  -d '{ "name": "API" }' \
  https://yourdomain.com/wp-json/wp/v2/tags

Upload a featured image

curl -i -X POST \
  -u 'USERNAME:APP_PASSWORD' \
  -H "Content-Disposition: attachment; filename=header.jpg" \
  -H "Content-Type: image/jpeg" \
  --data-binary @/full/path/to/header.jpg \
  https://yourdomain.com/wp-json/wp/v2/media

Note the returned MEDIA_ID.

Create and publish the post

curl -i -X POST \
  -u 'USERNAME:APP_PASSWORD' \
  -H "Content-Type: application/json" \
  -d '{
        "title": "Hello from the API",
        "content": "<p>Created automatically 🚀</p>",
        "status": "publish",
        "categories": [CAT_ID],
        "tags": [TAG_ID],
        "featured_media": MEDIA_ID
      }' \
  https://yourdomain.com/wp-json/wp/v2/posts

Optionally update excerpt or slug

POST_ID=REPLACE_WITH_ID

curl -i -X POST \
  -u 'USERNAME:APP_PASSWORD' \
  -H "Content-Type: application/json" \
  -d '{ "excerpt": "Short summary", "slug": "hello-from-the-api" }' \
  https://yourdomain.com/wp-json/wp/v2/posts/$POST_ID

Troubleshooting

• 401 Unauthorized / rest_not_logged_inThe Authorization header isn’t reaching PHP. Add the .htaccess rules or the mu-plugin above. Re-test with
  -H "Authorization: Basic …".
• 403 ForbiddenThe user lacks capabilities (e.g., Authors can’t publish globally). Use "status":"draft" or run publishing as an Editor/Admin.
• Media upload failsCheck upload_max_filesize, post_max_size, and file permissions. Try a smaller file to isolate the issue.
• Categories/Tags not appliedUse numeric IDs, not names. Fetch with /wp-json/wp/v2/categories and /wp-json/wp/v2/tags.
• PermalinksPrefer non-Plain permalinks. If using Plain, you can call endpoints with the fallback:
  https://yourdomain.com/?rest_route=/wp/v2/posts.

Conclusion

Moving from Free.fr to OVH brings better performance, modern PHP, and full HTTPS, which is perfect for automation and scheduling.
After ensuring the Authorization header reaches WordPress (via .htaccess or a tiny mu-plugin), the REST API works smoothly for creating posts, uploading media, and managing taxonomy.
My migration is still ongoing, but having a reliable API in place is already a big win.

I am currently reorganizing a website of mine, hosted at OVHcloud, and it is worth reminding some concepts and best practices related to DNS.

(disclaimer: I am not part of OVH at all, I express myself as a mere customer)

DNS (Domain Name System) is the backbone of the internet, translating human-friendly domain names into IP addresses that computers understand. Yet, many website owners and IT professionals struggle with its configuration. Let’s break down the essential DNS records—A, AAAA, and CNAME—and illustrate best practices using OVH’s interface.

Key DNS Records Explained

1️⃣ A Record (Address Record)

• Maps a domain (e.g., example.com) to an IPv4 address (e.g., 192.168.1.1).
• Best practice: Ensure you update this if your server IP changes.

2️⃣ AAAA Record (IPv6 Address Record)

• Similar to A records but maps to an IPv6 address (e.g., 2001:db8::1).
• Best practice: If your hosting provider supports IPv6, use this alongside A records for better future-proofing.

3️⃣ CNAME Record (Canonical Name Record)

• Points a domain (e.g., blog.example.com) to another domain (example.wordpress.com).
• Best practice: Use CNAME for aliases but avoid pointing the root domain (example.com) to another domain using CNAME—stick to A/AAAA records.

Configuring DNS Records in OVH

To set up a subdomain (blog.example.com) on OVH:

1. Log in to your OVH Control Panel.
2. Navigate to Web Cloud → Domains, then select your domain.
3. Go to the DNS Zone tab and click Add an entry.
4. Choose A Record if your blog has a dedicated IPv4, or CNAME if pointing to another domain.
5. Enter your subdomain (blog) and the corresponding IP or domain.
6. Save changes and wait for propagation (~24 hours max).

Best Practices for DNS Management

• Use TTL (Time-To-Live) wisely: Lower values (e.g., 300s) allow faster updates but increase queries to your DNS provider.
• Keep DNS records minimal: Avoid unnecessary CNAME chains to improve resolution speed.
• Secure with DNSSEC: If your registrar supports it, enable DNSSEC to prevent DNS spoofing.
• Regularly review DNS settings: Especially after migrations, new SSL configurations, or changes in hosting.