moving wordpress to http2 (via https)

    

I just moved my wordpress site to http2 (via https). Some advice on steps to moving your site ;

  • Run it behind nginx + lets encrypt – offload ssl certs and get http2 performance
  • Setup nginx default to redirect all http -> https
  • update your WordPress site to correct URL (via admin / settings / general)  i.e. https://sigtar.com
  • Run WP plug-in to change all media / links to new https links. Else you get mixed secuirty (some http, some https)

SSL caching and redirects in chrome

While setting up SSL reverse proxy using lets encrypt and nginx i  had a few troubles with testing via googles Chrome browser.

  • Chrome caches some SSL responses which can be cleared by deleting your browsing data via settings or Ctrl+Shift+Del.
  • Chrome also caches http -> https redirects, you can see these by going to chrome://net-internals and select “HSTS” from the drop down. Enter the domain name under “Delete domain” and press the Delete button

The easiest thing to do during testing is use incognito mode. You will not need to clear the cache every time you change config or re-issue certificates.

bye bye http – hello letsencrypt

I’ve been a fan of HTTP and caching since my dial-up modem.

Skip to today where google returns HTTPS sites higher in its search results. Its could also be possible that you cannot trust a man in the middle HTTP cache any longer either right? :)

SSL certs have traditionally been expensive, but say welcome to lets encrypt which provides a free way of securing all of your websites. If you haven’t heard of it check it out here – https://letsencrypt.org/

As always i’ve implemented my LetsEncrypt trial via docker. The container image i have been using has been put together by the linuxserver guys  – https://hub.docker.com/r/linuxserver/letsencrypt/
(i use a few of their container images, they seem legit)

This container image comes ready to roll with Nginx built in which can act as a reverse proxy to your unsecured websites at the back-end. I’ll be testing it for the next few days to see how it stacks up, but so far so good. Nginx is fast, so a good transition if only to offload all my SSL traffic. If all goes well it will be the end of my squid reverse proxy which i have used happily for many years.

In the past http had the performance, certs were too difficult (but are they?) and expensive to implement and i was a fan of my sites being cached. New times are here, SSL (TLS) rules supreme.

On another note, HTTP 1 sites are dwindling, SPDY didnt last long but apparently some of that has been built into HTTP/2 – exciting!

Check out these links for some interesting reading on performance – 
https://samrueby.com/2015/01/26/why-is-https-faster-than-http/
http://www.httpvshttps.com/

Handy link for testing if your site is using HTTP2 – https://www.ssllabs.com/ssltest/

steamcache for gaming

Assuming you have docker running at home, check out these two docker projects – one is the cache (powered by nginx), the other is the dns servcie (which intercepts steam calls)

  1. https://hub.docker.com/r/steamcache/generic/
  2. https://hub.docker.com/r/steamcache/steamcache-dns/
  3. https://hub.docker.com/r/steamcache/sniproxy/

When you have all three up and running you can confirm HITS to the cache by running the following against the steamcache container;

docker exec -it steamcache tail -f /data/logs/access.log

This is great if you have a gaming cafe or LAN over at your house on occasion, all steam games will be cached to local disk so that your internet pipe gets a break. ;)

Update 15/10/2018

  • Added SNI-Proxy. More and more HTTPS request break above if not implemented. Steam is pushing some images / videos via HTTPS now.
  • Replaced steamcache/steamcache with steamcache/generic – seems to have more active development around it
    • watchlog.sh does not appear to be in generic cache yet.

Ubuntu – Disable Firewall

if your working with Ubuntu in lab or test env, you may want to disable firewall…. two simple commands;

sudo ufw disable 

sudo apt-get remove ufw 

Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
ufw
0 upgraded, 0 newly installed, 1 to remove and 3 not upgraded.
After this operation, 838 kB disk space will be freed.
Do you want to continue? [Y/n] Y
(Reading database ... 64052 files and directories currently installed.)
Removing ufw (0.35-0ubuntu2) ...
Skip stopping firewall: ufw (not enabled)
Processing triggers for man-db (2.7.5-1) ...

Unifi Video Controller NVR for UNRAID

If you run UNRAID at home and you have a UniFi Camera system then check out my latest container….

https://hub.docker.com/r/superd/unifi-nvr/

A dockerised UniFi NVR

Ubiquiti UniFi-Video-Controller (NVR) — Docker Container

Ubuntu 16.04, UniFi-Video-Controller 3.8.3

Setup / Quick Start

docker run \
--net=host \
-v /var/lib/unifi-video/:<YOUR DATA DIR> \
-v /var/log/unifi-video/:<YOUR LOG DIR> \
superd/unifi-nvr

Troubleshooting

UNRAID – If you have issue with MongoDB continually restarting please check your data mapping. I have seen issues where user shares do not work correctly. Please try mapping direct to a single disk or to cache drive to ensure smooth operation.

i.e. instead of /mnt/user/usershare/nvr/data  use  /mnt/disk1/usershare/nvr/data

my first few docker containers

This is my first dabbling in creating my OWN git hub (for the code) and docker hub (for the orchestration / build)

https://hub.docker.com/u/superd/

I have created a container for Unifi-Video NVR and storj. Yet to update documentation on Storj container.

I’m currently working on building containers for a news indexer, either newsnab or nzedb. There is another docker project called pynab which was an interesting idea, but seems to have gone stale over time. It used to be almost hands free indexer that ran reasonably efficiently. I’m hoping to re-create something similar soon.

https://github.com/Murodese/pynab

netdata – live server metrics

If your looking for a really good opensource realtime resource monitoring tool check out netdata.io

Very light, looks great and is super fast. I have it running as a docker instance on my unraid server (which runs this website, and a couple of other docker instances).

If you want to show extra info about containers / docker running on your host add the following host mappings;

container <- host

/var/run/docker.sock  <–  /var/run/docker.sock
/host/proc  <–  /proc
/host/sys  <–  sys

Lots of metrics, check out the website here – https://github.com/firehol/netdata

Docker – Running Ubiquiti NVR and Plex

downloadBye bye virtual machines and their inherent OS bloat. Docker and containerization is here…

The trick to containerization is picking the right workload (as with most things). Think about data, its state and where it lives and whether there are any benefits to running as a container.

Both Ubiquiti’s NVR and Plex’s media server software run’s some base application, this app within its own container then maps to data (which can exist outside the instance) that is consistent.

The fun continues when you can update a container (updating the running application), but keeping the data intact at another location. This can really help with version control etc where you can sometimes just point the new container at the data and turn off the old instance. Rollback? easy. Turn off new container and roll back to old.

Of course things are easier if you are running applications that do not change the data.  Both NVR and Plex only index and capture new data (in consistant format), which makes moving between application versions much easier.

The nature of containerization means that the full power of the host is taken into regard. This is different to regular visualization where each guest is limited to the virtual hardware it is assigned. There are of course challenges where resource is congested, but this can also happen in the latter (cpu scheduling, under / over allocation of resources).

Availability also has to be built with containers in mind, with load balances and instances across multiple hosts.

Update : this site has now now been migrated from a VM to 2 x docker containers…. One for MySQL Backend and one for WordPress FrontEnd. Containers can be linked – so the WordPress container can access MySQL container via its own local port. Very cool.