WordPress, Varnish, Jetpack, and SSL/HSTS

If you’re self-hosting WordPress on the HAProxy + Varnish + Nginx stack we’ve long talked about here at BigDino, you might have run into a few configuration quirks during set-up that went outside the scope of our blog entries a bit. One of those quirks is getting WordPress working with Jetpack, a WordPress plugin by the WordPress folks that adds a whole dump truck’s worth of extra management features and functionality to self-hosted WordPress.

Read more

HTTPS and HSTS with Varnish, thanks to HAProxy

(Now updated to work with HAProxy 1.6.x!)

The unencrypted web is on the way out. We made the switch here at BigDino Central to all-HTTPS a few weeks ago, but doing so brought with it a problem: how can we keep using Varnish cache with HTTPS traffic? The answer turned out to be by adding another layer into the web stack—and now we’re using HAProxy to terminate SSL. It wasn’t difficult to set up, and it works for all the different sites we host on our one physical web server.

Keeping Varnish in the mix felt important, because we’ve been using it for a few years (wow, has it been that long?), and it’s a neat tool that’s helped the site bear up under some crazy Reddit- and Ars-driven traffic storms. But the nature of Varnish means that out of the box it won’t help you with HTTPS traffic. Because the HTTPS negotiation happens between the end user and Nginx—which sits below Varnish in the stack—all Varnish sees of HTTPS traffic is the encrypted side, and you can’t cache what looks like an unending string of unique, encrypted nonsense.

Read more

Why leave Octopress for Ghost?

More than one person has e-mailed me in the past few months asking why I switched away from Octopress—which I was initially so excited about!—to Ghost. Octopress, after all, has a lot of attractive qualities—it can live on Github (though I’ve never bothered with that functionality); you can write blog posts in vim; it uses static pages rather than requiring PHP or Node or something running behind the scenes to generate stuff.

After a year of semi-regular blogging with Octopress, though, I was just kind of…bored with it. The official Octopress blog hasn’t received an update since July 2011, only a few months before I actually started using Octopress myself. Blogging with vim and banging out a static site and pushing it via rsync was cool, but ultimately it just wasn’t as convenient as I’d wanted it to be, and the longer I went between blog entries, the more of Octopress/Jekyll’s liquid tags I’d have to go look up again.

And so…Ghost.

Read more

Custom Twitter URL shortening and image uploading

I don’t know what normal people do on days off from work, but I do things that are too esoteric even to write about for Ars Technica because…because I think there’s something wrong with me. So, last Friday I spent a few hours setting up a vanity URL shortening service and custom image uploading service for Twitter, so I can, I don’t know, be cooler than everyone else. It was surprisingly fun!

First, though, the annoying caveat: Twitter already shortens every link with its t.co service, and you can’t opt out. The reasons they give are mostly marginal and downplay the fact that aggregate clicking behavior has a substantial dollar value attached to it, but there you go. Still, it’s totally cool to have your own link shortening—you just get to have your links double-shorted when they’re posted inside of tweets.

Link shortening works best with a cool short domain, and I desperately wanted bigdi.no as mine. Unfortunately, to register a domain in the .no TLD requires an actual business presence in Norway, so that was out. I settled on registering bigsaur.us instead, which is only two letters longer.

Read more

Working on a new comment system

This is an old post. It may contain broken links and outdated information.

In the previous post, I walked through setting up Discourse, a Ruby-based web forum. I’m in the process of shifting this blog’s comment system from Disqus, which I’ve never been wholly comfortable with, over to using Discourse instead. There is being done via a plug-in for Octopress currently under development by one of the posters over at the main Discourse development forum.

Read more

Setting up Discourse with Passenger and Nginx

This is an old post. It may contain broken links and outdated information.

Hi there, visitors from Google! The procedure outlined here will work to get Discourse up and running, but you are way, way better off following the official Discourse installation guide and utilizing the Discourse Docker image. Proceed below at your own risk!

I like fiddling with new software and seeing if I can make it work—that’s what most of this blog is about, in fact. Most of the web-based apps I’ve walked through deploying have been written with PHP, but there’s a fancy new bit of Ruby-based forum software that I’ve sort of fallen in love with: Discourse.

Discourse is shiny and new, and the developers (including Jeff Atwood, one of the folks behing StackExchange). It’s made out of Ruby instead of PHP, and it uses PostgreSQL and Redis for its back-end. The project is still very, very beta; there are multiple methods of deploying it and it has a robust development environment that you can set up and start hacking away on.

This doesn’t matter much to me, though—I dont’ code. I just wanted to set it up and play with it. So, this is a walkthrough on how to deploy Discourse on Ubuntu, using Nginx and Phusion Passenger. If you want to see the end result, check out my Discourse test forum—when we’re done, you’ll have something similar up and running.

Read more

Node.js, Redis, and Etherpad

This is an old post. It may contain broken links and outdated information.

Etherpad Lite is a real-time collaborative text editor which allows multiple users to simultaneously fiddle with a document. Everyone can see everyone else’s changes in real time, which is really cool. The “lite” tag after the name is there because the Etherpad Lite project was spawned from the ashes of the original Etherpad project, which itself was snapped up by Google and transformed into the ill-fated Google Wave. Wave was never really all that popular and has since been killed, but the core idea is still totally cool—to present a document to more than one user and have all users be able to make changes to it, and to have those changes shown to all other users as they’re made. It’s a surprisingly complex problem to solve. For one thing, it’s entirely possible that more than one user can change the same thing at the same time; there has to be a way of telling who “wins” and whose changes are tossed out. Even more complex is figuring out a way to track all the changes and organize them, and then display them for everyone.

The original Etherpad project solved this with a full mix of heavy web technologies, requiring you to install Java, Scala, and MySQL; it utilized no small amount of server resources and was difficult to scale. Etherpad Lite jettisons a lot of its predecessor’s bulk and does things in a much more web two-point-oh fashion. Specifically, Etherpad Lite runs on Node.js, a server-side Javascript engine which can be used for lots and lots of fancy things—Node is really deserving of its own blog entry, and we’re using only a tiny subset of its features here. Etherpad Lite also needs a database to hold the documents and store changes; out of the box it can use MySQL, but in this post we’re going to take things even further and configure it to run on Redis, an extremely fast memory-based key-value store. Finally, we’ll do a tiny bit of hacking on Etherpad’s HTML to force it to display a list of all the “pads” (documents) currently in its database.

Read more

Platforms and value judgments

This is an old post. It may contain broken links and outdated information.

My name is Lee, and I am a Mac user.

There, I said it. I’m a dirty, dirty Mac user, and I’m okay with that.

My intent with this blog was for it to remain purely technical, with no personal entries at all; I’ve been down that road before with my last blog and it didn’t end well. However, an article went up this past weekend on Ars where the staff posted pictures of their office desks, and the amount of herpderping in the article’s comments about the mostly-Mac setups was boggling. Maybe it struck me so hard because I consciously avoid platform flame war discussions, having taken part in more than my share in the 80s and 90s; whatever the reason, some of the shit bubbling up to the surface in that article’s discussion thread just blows my mind.

The computing platform you start with might say something about your economic status (can’t afford a Mac, gotta use a hand-me-down Packard Bell!) or your computing ability (“I’ve got a Dell!” “What model?” “….Dell!”), and the computing platform you choose might say something about your goals and preferences (“GONNA DRIVE THE FRAG TRAIN TO TEAMKILL TOWN WITH MY FIFTEEN GRAPHICS CARDS!”), but judging someone’s intelligence and worth as a human being based on whether they’re using a home-built Windows 7 PC or a Mac is ludicrous. I’ve built more PCs from parts in the past quarter-century than any hate-spewing MACS SUCK noob on any discussion board you’d care to name, and yet the computers I use most often throughout any given day have an Apple logo on them.

Things weren’t always thus.

Read more

Adventures in Varnish

This is an old post. It may contain broken links and outdated information.

In the previous entry, I touched briefly on how some experimentation with Blitz.io led to me installing Varnish Cache on the Bigdino web server. Varnish Cache is a fast and powerful web accelerator, which works by caching your web site’s content (html and css files, javascript files, images, font files, and whatever else you got) in RAM. It differs from other key-based web cache solutions (like memcache) by not attempting to reinvent the wheel with respect to storing and accessing its cache contents; rather than potentially arguing with its host server’s OS and virtual memory subsystem on what gets to live in RAM and what gets paged out to disk, Varnish Cache relies wholly on the host’s virtual memory subsystem for handling where its cache contents live.

Read more

Blitz.io makes load testing fun

This is an old post. It may contain broken links and outdated information.

Web site performance has been on my mind a lot lately. An average day for this blog means serving only a few hundred visitors and maybe 4-500 page views, but bigdinosaur.org also hosts the Chronicles of George, which carries with it a much higher average load; on days when a link hits Reddit or a popular Facebook page, the CoG can clock 10-12,000 pageviews. This is still small potatoes compared to a truly popular site, but it pays to be prepared for anything and everything. Setting up a web server to be as fast as possible is good practice for the day it gets linked to from Daring Fireball or Slashdot, and even if that day never comes, there’s nothing wrong with having an efficient and powerful setup which can dish out a huge amount of both static and dynamic content.

So in the course of some casual perusing for Nginx optimizations, I happened across Blitz.io, a Heroku-based site which gives you the ability to load-test your web server. I was immediately intrigued; I’ve done load testing on my LAN before using Siege and Apachebench; LAN-based testing is useful to a point, but it won’t help you to understand the over-the-net performance of your web site. Blitz.io fills a gaping hole in web site testing, letting you observe how your site reacts under load in real-world conditions. I was intrigued and I signed up, and I ended up killing several hours with testing, mitigation, and re-testing. The results were unexpected and incredibly valuable.

Read more