Archive

Archive for the ‘New technology’ Category

Nginx + IPv6: “98: Address already in use”

April 12th, 2012 Comments off

If you get this message, you have to change your “listen” statement from

listen 94.229.77.82:80;
listen [2a01:348:226:dead:beef:dead:beef:dead]:80;

to

listen 94.229.77.82:443;
listen [2a01:348:226:dead:beef:dead:beef:dead]:443 ipv6only=on;

For some add reason the first statement (without “ipv6only”) was working for me for some time… odd.

Categories: New technology Tags:

Nginx, PHP-FPM and APC – and your server will love you

August 9th, 2011 Comments off

I have to admit, I really loved Apache with ModSecurity (with the CoreRuleSet), it gave me “peace at night”. But then I noticed that this actually eats quite a lots of memory… and as a heavy TinyTinyRSS user I noticed that TTRSS  is sometimes quite sluggish loading articles. So I had another look on Nginx again. I did have a look at it in the past, but I gave up on it, as the provided version from Debian Lenny didnt support IPv6, the version for Squeeze does though.

So initially I installed Nginx with PHP-FASTCGI. It was good, fast, memory problems were sorted. The sluggishness with TTRSS was solved as well. (Now after some weeks running it, I still notice “phew, memory isnt used at all, how does this work actually?”.)

(Preface: I wont be posting configuration details on here, just my experience and some pointers. I dont like repetition and with the search engine of your choice speckled with some common “sysadmin sense”, you will find what you need.)

I already found some hints that PHP-FPM is much better than PHP-FASTCGI. (I was surprised that this was not good enough.) And so I came recently across dotdeb.org (again), which gives you the ability

  1. to install a more recent Nginx than Debian Squeeze one
  2. Update PHP to 5.3.6
  3. install PHP-FPM

which is even better. I also enabled APC as an PHP opcode cache which helps further (I actually configured the latter one that it does write a logfile (I still want to know when something goes wrong), but the actual service is not restarted, just the new logfile is opened. You can do this by sending SIGUSR1 to the php5-fpm master process. This doesnt empty the cache. At the time of writing I have 473362 Hits vs. 656 Misses (99.9% / 0.1%), I wonder when I have 100%.).

Tests and results

If I did some tests to show you some fancy numbers which prove that this is faster? I am sorry, but I have to disappoint you.

I can give you some hard facts:

  1. The system never ran out of memory  with Nginx and it is now running for maybe 5+ weeks.
  2. The sluggishness with TTRSS (ie. browsing quickly through different RSS articles is much faster, as TTRSS is loading everytime the article and if I did this fast enough, TTRSS was locked up for some time, as Apache didnt deliver the actual article fast enough). On a subjective note: it is definitely faster.

I am happy with my choice. Anything on the internet should be kept up2date anyway – despite the fact you are running ModSec.

And it is faster and uses less memory – what more does a sysadmin want?

PS: I forgot: Next step is enabling the Caching plugin in Nginx this should speed it up even further. When you are serving a lots of static objects, like pictures, Varnish is your friend and very easy to configure.

Post-PS: WordPress optimizations are the next thing! CDN – here I come!

Categories: New technology Tags:

Extending the wireless range of a WRT54GL with Solwise powerline adapters and another WRT54GL

July 24th, 2011 Comments off

I just fixed a quite common problem what most of us have at home – the wireless signal is not that great in other places in the house. I wanted to do two things initially:

  1. Using Solwise powerline adapters, I dont want to drill in walls to install long ethernet cables. (a friend of mine pointed me in that direction)
  2.  Use a second Linksys/now Cisco WRT54GL, as I definitely want to run OpenWRT on it.

Item 1 doesnt need further explanation I suppose. In regards to item 2, I just love OpenWRT, it is slick, fast, easy to configure, very minimalistic, shortly: it does its job perfectly fine.

Solwise powerline adapters

I had a bit mixed feelings whether these work fine, that I get decent througput without errors and such. Now they are here, installed and work perfectly fine…

  1. They come preconfigured with a common Private Network Name. I didnt really like that, so I randomized that, what was really easy todo: press “Connect” for 10s on one unit, then “Connect” for 2s on the other unit.
  2. The connection rate was initially only “good” over a longer distance, when I had the in the same room the connection rate was “best”, as it shared the same electrical circuit. After some time (hours) the connection rate is now “best” even on a longer distance, which is very good.
  3. They introduce a latency of 3 to 4 ms…

Using a second WRT54GL to extend wireless

So initially I went with the most obvious setup, WRT54GL number 2 (W2) is connected via its WAN port to a LAN port on WRT54GL number 1 (W1). This gave me various headaches, a different network behind W2 and as such a separate DNS namespace, so I would have to query both routers to get the IP of a connected client. There are various other hacks to get around this issue, but none of them was good enough.

Then I figured on the second thread of this post that is actually very easy to achieve what I want to have:
  1. Connect W2 and W1 via LAN ports on each side.
  2. Configure the LAN interface of W2 as a normal client in the LAN of W1 – I used a static IP in this case.
  3. No need to configure the WAN interface on W2 – just leave it unconfigured.
  4. Disable DHCP on W2 – /etc/init.d/dnsmasq stop && /etc/init.d/dnsmasq disable
  5. To enable “roaming”, just put the same wireless configuration on W2 as on W1. It is not really roaming, as you need to reconnect the client when you want to connect to the other one. At least it works perfectly when one wireless signal goes away, the client automatically reconnects to the other one (as long automatic reconnection is enabled).
  6. Make sure the firewall is also disabled on W2 /etc/init.d/firewall stop && /etc/init.d/firewall disable
  7. Reboot W2.

After this you have only one network, where one DHCP and DNS is doing its thing.

Tests

I have not really done any speed tests or whether the Solwise powerline adapaters are really doing what they promise. The reason is quite simple: I got 200Mbps Solwise adapters and none of my machines have a Gbit NIC in it, so… *g I mentioned earlier that the Solwise introduce 3 to 4 ms latency between directly connected devices. Thats good enough for me, I am not a Gamer or crave for zero latency.

I actually just tried a speed test, but the problem is that on both ends are WRT54GLs, ie. embedded devices, and the speed I got was just about 4Mbps.

PS: One thing to note, just when I started writing this article I reinstalled W2, ie. plugged everything into the power socket again. The connection rate was shown as “good” the whole time, and just now it has gone to “best”. The speed between the routers has not improved.

PPS: I completely forgot – IPv6 just-works with this setup as well… *g

Categories: New technology Tags:

Horde, SyncML and my Nokia N900

March 5th, 2011 Comments off

A long time back when I started using Horde primarily for emails I noticed they support a feature called “SyncML”, an open synchronization standard.

Now I just picked up on that again, as I wanted to synchronize my N900 with the contacts, calender and tasks.

I installed SyncEvolution on my N900. I wasted quite a lots of time how I configure the synchronization, but I think it is fairly easy:

  1. “Add  a new service” from the menubar
  2. Set the service name to “Horde”, leave the template at “Funambol”.
  3. When the new service “Horde” is listed, click on it.
  4. “Edit service” from the menubar
  5. Set the “Sync URL” to your Horde URL + “rpc.php”. The URL needs to end in “/”.
  6. Web URL is the Horde URL.
  7. Username and password is your normal Horde login.
  8. Contacts database is “contacts”, Calendar database in “calendar”, Tasks database is “tasks” and Notes database is “notes”.

Thats it. It is very important that you set the entries “* syncronization” to “Slow Sync”, as this transfers all the your data for the first time. If you leave it at “Normal Sync” you get nasty errors – this is just a diff sync. You can certainly set a database to “Disabled” if you dont want it synchronized or there are other options as well.

The first sync takes a while dependent on the amount of records. When this succeeds you need to set the “*syncronization” to “Normal Sync” and test the whole bit, ie. do changes locally, sync, check in Horde and vice versa.

It works great, I am happy with it. There is just one wrinkle with syncing the contacts database. Horde cannot handle different email addresses on one contact – I think you can guess what will happen the first time? Yeah, contacts do get duplicated. Thats why I dont sync contacts.

One last thing, you might ask yourself how does this “Automatically sync” work, do I need to leave the application running or what? You dont have to. I have not figured out how this is working, ie. how it is started when SyncEvolution is not running, but I can confirm, it is ran automatically when it is not open.

And all of this with Open Source and Open Standards and for free. Wonderful new world.

Categories: New technology Tags:

Firefox Sync just rocks!

March 5th, 2011 Comments off

If you have a problem like I had “what was that site again, let’s check the browser history…” and after wasting a couple of minutes realizing “it was not this computer, it is still open on my laptop”, you really dont want to experience this again. Or you have a large bookmark collection what you dont want to keep mailing back and forth or or or … *g

I was using XMarks for syncing my bookmarks only (I am a bit paranoid) on my own server. It was fine so far, occasionally it had some issues, but these were sorted – at least some of them quite quickly. Unfortunately using your own server did not let you sync open tabs, so you are stuffed again.

Then I tried Firefox Sync on Firefox 3.

I am using it now for a few months and it just rocks. I never had any issue. It will be integrated into Firefox 4 as described on here, but you can also get an Addon for Firefox 3 here. This support page describes how to set it up, it is very easy…

I started using it on my own server, as I am a bit paranoid. I changed now over to Mozilla’s service and it works just great. You shouldnt obviously use it in conjunction with XMarks…

Some features to point out:

* “Tabs From Other Computers”: When you click at the single down arror on the right hand side in the tab area you will see this item.

* Encryption is done by the client, so Mozilla cannot access and decrypt your bookmarks. Do I need to mention to keep your decryption key in a safe place?

I want to point out this section from Mozilla’s privacy policy:

Encrypted User Data

The Firefox Sync Service encrypts User Data on your computer  and uploads encrypted User Data over
the network using SSL  communication. We believe that user privacy is important, and we require
that the User Data is encrypted to reside on Mozilla’s Firefox Sync  Service servers. Those items you
choose to synchronize across devices  using Firefox Sync are examples of User Data that is designed to
be  encrypted before leaving your computer. These can include your browsing  history, form history,
bookmarks, saved passwords, preferences, and open  tabs.
Categories: New technology Tags: