Tag Cloud
Currently Reading
Latest Book Reviews
- Rancher Deep Dive Posted on March 31, 2023
- Leveraging Kustomize for Kubernetes Manifests Posted on March 24, 2023
- Automating Workflows with GitHub Actions Posted on October 13, 2022
- Deep-Dive Terraform on Azure Posted on August 30, 2022
- Effective DevOps Posted on January 5, 2022 All Book Reviews
Latest Posts
- Leaving Gmail and Google Apps: Part I Posted on November 28, 2013
- Varnish WordPress Performance Testing Posted on November 28, 2013
- Leaving Gmail and Google Apps Posted on November 17, 2013
- Enabling SMART on a hard drive Posted on November 10, 2013
- Nuking GPT partition table Posted on October 28, 2013
November 28, 2013
Leaving Gmail and Google Apps: Part I
by Alpha01
Since I’m paying for essentially unmanaged dedicated hosting so I can run my mail server. I opted to consolidate my personal web applications to the same physical box. This is why I created a KVM guest that would solely be used for my web traffic. One of the main challenges I’m faced is the fact that I only have one public IP address. This means that all of my KVM guests have been configured using the default NAT networking.
For all http traffic I’m using Varnish as the proxy and caching server and for https traffic I’m using Nginx.
First thing that broke using this different architecture on my sites are the mod_access IP restrictions that I originally had set in place previously. This is because the Apache backend see’s all requests originating from the Varnish and Nginx proxies. Luckily both Varnish and Nginx have really simple access control mechanism built in them.
For example, in Varnish I can create a list of IPs that I can use to their block or grant access to certain URLs.
acl admin {
"localhost";
"MyPublicIPAddress";
}
sub vcl_recv {
# Only allow access to the admin ACL
if (req.url ~ "^/secureshit" && req.http.host ~ "rubysecurity.org") {
if (client.ip ~ admin) {
return(pass);
} else {
error 403 "Not allowed in admin area.";
}
}
}
Nginx acl
location /secureshit {
allow MyPublicIPAddres;
deny all;
proxy_pass https://www.rubysecurity.org/secureshit;
}
google centos kvm varnish nginx November 28, 2013
Varnish WordPress Performance Testing
by Alpha01
Thanks to my new job, I’ve been working a lot with Varnish. Man, Varnish is one kick ass HTTP web accelerator! A few months back I ran a few performance Apache performance tests on my WordPress site with different layers of caching enabled:
So now I wanted to see how the results may differ using Varnish.
Configuration
At a bare minimal, Varnish needs to be configured to remove cookies set by WordPress in order to make the content cacheable.
sub vcl_recv {
# Drop any cookies sent to Wordpress.
if (!(req.url ~ "wp-(login|admin)") && req.http.host ~ "rubyninja.org") {
unset req.http.cookie;
}
}
sub vcl_fetch {
# Drop any cookies Wordpress tries to send back to the client.
if (!(req.url ~ "wp-(login|admin)") && req.http.host ~ "rubyninja.org") {
unset beresp.http.set-cookie;
}
}
With this configuration enabled, I ran the same identical ab tests that used to benchmark my server previously.
[root@rubyninja ~]# ab -n 1000 -c 5 http://www.rubyninja.org/index.php
This is ApacheBench, Version 2.0.40-dev <$Revision: 1.146 $> apache-2.0
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Copyright 2006 The Apache Software Foundation, http://www.apache.org/
Benchmarking www.rubyninja.org (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Finished 1000 requests
Server Software: Apache/2.2.15
Server Hostname: www.rubyninja.org
Server Port: 80
Document Path: /index.php
Document Length: 0 bytes
Concurrency Level: 5
Time taken for tests: 39.528015 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Non-2xx responses: 1001
Total transferred: 374139 bytes
HTML transferred: 0 bytes
Requests per second: 25.30 [#/sec] (mean)
Time per request: 197.640 [ms] (mean)
Time per request: 39.528 [ms] (mean, across all concurrent requests)
Transfer rate: 9.23 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 87 100 134.1 93 3092
Processing: 88 95 10.7 91 220
Waiting: 87 94 10.6 90 218
Total: 177 196 134.4 186 3183
Percentage of the requests served within a certain time (ms)
50% 186
66% 192
75% 196
80% 199
90% 207
95% 217
98% 234
99% 251
100% 3183 (longest request)
The requests per second handled by the webserver weren’t much different from the caching layer that I already had enabled previously, which is the WordPress W3 Total Cache plugin configured with Page, Database, Object, and Browser cache enabled using APC, and mod_pagespeed.
However the huge difference is that all requests never reached the Apache backend. Varnish cached all content and served all the requests directly. Varnish is just fucking awesome.
Tags: [varnish apache wordpress testing November 17, 2013
Leaving Gmail and Google Apps
by Alpha01
Ever since finding out about Google’s involvement in PRISM a few months back, I’ve been wanting to completely ditch their Gmail and Google Docs services for good. Having used those services for such a long time, and more importantly them being free (as in beer), deciding which new platform I would use as the replacement was my first challenge. Firstly, all email services will be managed by me solely. So my first task was to find a reliable, and perhaps more importantly, a really cheap unmanaged dedicated hosting provider. I opted to go with OVH. Having first heard of OVH on a Linux Journal advertisement, I became completely sold on their $29.99 a month dedicated hosting offering. Even better, OVH is not an American company and they themselves having to deal with lots of scrutiny for hosting WikiLeaks. The really cheap $29.99 dedicated hosting plan does have a catch, the hardware is not enterprise quality server hardware, but rather desktop hardware. The disk is not RAIDed, and the memory is non ECC. Personally, since I don’t believe my server will have much heavy load, I really don’t see this as a problem. Additionally, using my home Nagios monitoring server and with the help of NRPE, I’m going to monitoring just about everything on the dedicated machine.
My current hypothetical architecture
Install configure KVM on the system, and run three virtual machine instances. The host machine will have the following:
- Varnish, to proxy all HTTP traffic
- Nginx, to proxy all HTTPS traffic
- Proxy POP/IMAP mail traffic using iptables (if this does not work as I expect, I might look into using haproxy instead)
1). VM 1: http
- Apache PHP/Ruby, all of my web apps will be using on this VM. (including this site itself)
2). VM 2: database
- MySQL
- PostgreSQL
3). VM 3: email
- Postfix for sending mail
- Dovecot for receiving mail
google November 10, 2013
Enabling SMART on a hard drive
by Alpha01
Error
[root@backup ~]# smartctl -H /dev/sdb
smartctl 5.43 2012-06-30 r3573 [x86_64-linux-2.6.32-358.23.2.el6.x86_64] (local build)
Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
SMART Disabled. Use option -s with argument 'on' to enable it.
Fix
[root@backup ~]# smartctl -s on /dev/sdb
smartctl 5.43 2012-06-30 r3573 [x86_64-linux-2.6.32-358.23.2.el6.x86_64] (local build)
Copyright (C) 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
=== START OF ENABLE/DISABLE COMMANDS SECTION ===
SMART Enabled.
monitoring October 28, 2013
Nuking GPT partition table
by Alpha01
Error
WARNING: GPT (GUID Partition Table) detected on '/dev/sdb'! The util fdisk doesn't support GPT. Use GNU Parted.
Fix
parted /dev/sdb
mklabel msdos
quit
gparted