Month: April 2014 (page 1 of 1)

April 27, 2014

The replacement VPS didn’t go BOOM!

Yesterday I moved my WordPress network from one VPS in Chicago to Atlanta (different VPS hosting company). I like using a VPS because it maintains my illusion of being in control of my server.

*Drinks more coffee*

Surprisingly it went well. Except for missing a couple of PHP modules I had no problems and the site has been stable overnight.

If you plan to do this then give this Codex article a read. Of course I didn’t read it myself, it’s much more fun for me just winging it.

Create and configure my new VPS

I installed an image of Ubuntu 13.04 and made sure SMTP was configured to work. Apache2, PHP, mysql and mod_ssl were added and activated as well.

That was a surprise for me. The default image installs a ton of stuff that I don’t think I’ll ever need or want. I would have preferred to use a 14.04 LTS image (not available, too new) but that one is still maintained so it’s all good.

Creating the new empty database was straight forward. I used the same database name and user from the original VPS setup. Configuring the vhosts was just a matter of copying the old config files and making sure the certs and directories are all preserved.

Set DNS TTL on stun

My default DNS TTL (time-to-live) is 1800 seconds. I wasn’t sure if this would go well or not so I made the TTL 300 seconds (5 minutes). I didn’t change any IP addresses but if I broke something and couldn’t fix it then I was looking at only 5 minutes for it to come back to life.

Copy the files and database

My WordPress network has around 1.4 GB of file data from the last 7 years or so and the mysqldump was about 70MB . The file copy was just scp -r and the mysqldump command was just for that one network database.

Importing the database was just

zcat dumpfile.sql.gz | mysql -u name -p databasename

Once that was all done I updated my DNS IP and waited.

And I waited. And waited some more.

Why didn't my DNS cache flush?

— Jan Dembowski (@jan_dembowski) April 26, 2014

I could see in my access log that my new site was getting hits but I was still hitting my old web server (I was tailing the old logs in another windows) well after 5 minutes.

What the heck? It’s DNS. Setting the TTL just works. Except when it doesn’t.

I was using Google Chrome and that has it’s own application level DNS cache. It has a DNS cache that apparently doesn’t honor the TTL on the record.

Dear web browsers: Application level DNS caching is STUPID. Thanks for playing.

— Jan Dembowski (@jan_dembowski) April 26, 2014

Once I cleared that cache then I could see myself hitting the new IP address.

Nothing broke! Fantastic.

Next steps

Once I’ve confirmed that I have moved everything off the old VPS and onto the new then I’ll rebuild the old one and might re-do this whole exercise in the other direction. I’m sure the unstable nature of the old one is due to some ~~dumb thing I did~~ code I installed that’s running amok.

In the meanwhile I’m going to enjoy some nice stability and uptime for my site.

Note: The CC image above was a result of my typing “controlled implosion” into the WP Inject WordPress plugin. It’s a very cool plugin for finding CC images and I plan on leaving a review on WordPress.org sometime.

Featured image photo by Savannah River Site

April 22, 2014

Better SSL with mod_substitute

Renewing my SSL certificates was on my to do list for months and today I’m at home recuperating from a fever that kept me up all night. Since my web server is now patched it is a good time to get new SSL certificates. So I contacted StartSSL and did the deed.

WordPress and SSL has always irked me because just putting a certificate on the web server and using the https URL would still give you elements that are loaded via http (not SSL) and your browser’s address bar would look like this.

ssl-conflict

See that yellow warning triangle over the lock? It irks me. It does. It’s a personality flaw, a blemish, an imperfection. It loudly announces to the world that I’m Doing It All Wrong™. I see that on my site and I hang my head in shame.

OK it’s not really that big a deal. I could play with WordPress SSL plugins but part of my background is configuring applications on servers and Apache2 has a useful module called mod_substitute.

I have two configuration files for my site. One is for the http version and the other is for SSL. It’s like two separate virtual hosts with the same directories.

After I enabled mod_substitute I added these lines to my SSL config.

<Location />
 AddOutputFilterByType SUBSTITUTE text/html
 Substitute "s|href="http://blog.dembowski.net/|href="https://blog.dembowski.net/|"
 Substitute "s|href='http://blog.dembowski.net/|href='https://blog.dembowski.net/|"
 Substitute "s|src=' http:|src='|"
 Substitute "s|src="http:|src="|"
</Location>
# NOTE: Remove the space before the http above

I’m using the alternate delimiter “|” because I don’t want to escape out the URL slashes.

That’s probably too many lines. The first two Substitute lines replaces any URLs of mine from http:// to https://. The next two are for any reference that load elements using plain “http:”. I don’t substitute those with “https:” but instead make those URLs “//” without an explicit protocol.

Doing that gets this image in my browser’s address bar.

ssl-conflict-gone

Green is good. Order is restored.

Why didn’t I use a WordPress HTTPS plugin?

Because I’m lazy and not feeling well. Also using mod_substitute lets me filter the HTML output after WordPress has generated it but before it is sent to the web browser. That gives me more confidence that I’ll get all of the URLs that I want to change.

I’m only using this trick on the SSL version of my site. It’s not a perfect solution and I’m curious to find what this breaks. I had to disable Jetpack’s Photon option because some of my images were not being sent to that CDN properly and there may be other thing as well.

This is not something for everyone (if you’re on a shared host for example) but if you can load Apache2 modules and restart your web server then this may work for you too.

Update: ~~Using (.*) instead of “blog” works for my other vhosts as well~~. Nope, that breaks LOTS. reverting back.

April 4, 2014

Careful what you post online

So it began innocently with this Tweet/Foursquare check in.

Screen Shot 2014-04-04 at 8.09.43 AM

I checked in with Foursquare which is something I do on a regular basis. I do this every time I visit the store. It’s a form of advertising in my not so humble opinion.

The store then got a call from someone named “James” asking for me. When I picked up the phone I was asked if I’d locked my key in the car. Naturally I asked who is this and a short game of “Don’t you know?” which ended with Lily saying “That’s nice, everything is fine now, goodbye.” and hanging up.

I thought the call was from a customer so I gave the phone to Lily. “James” claimed to have met her yesterday.

Here’s what happened: either the Tweet or the Foursquare check in matched a search. Somone saw that the store has a web site, the phone number is there and the rest is history. Or it could have been one of my followers (I’d like to think that’s not the case) or I’m on a Twitter list.

Now as stories go this is creepy and definitely stalkerish but it could have gone much worse. There was no swearing, no shouting and we didn’t get a call back (the number was marked private of course). But that really was my own personalized PSA about casually posting some details online.

I’ve been using social media (that’s a great term isn’t it? It beats “online extrovert”) and I am always aware of the risks. We’ve all read about or even know someone who has been harassed and stalked. I’ll try and be more circumspect about details like that in the future. It’s unfortunate but it’s the reality of this media. The world is more connected and that fellow could have been calling from anywhere.

If someone’s reading this and getting a chuckle then thanks for the wake up call. I’ll adjust accordingly.

What really irks me is that I’ve been trying to get Lily to use Twitter. This little episode really cements her opposition to that. It’s not that she has anything against Twitter it’s just that that medium doesn’t interest her. This small event pretty much means her social interactions will remain squarely in the real world.

April 1, 2014

I’ll always be a transplant from Queens

Queens globe photo Photo by Mr.TinDC

You think of a lot of things during a 15 minute drive to the train station. I will never be mistaken for a native Long Islander.

I grew up in Queens, attended high school in Brooklyn, went to City College on 136 street in Manhattan and eventually Queens College (very long story). I didn’t get my first car until I was 24 or so. I lived in the 5 boroughs and I liked taking the subway and trains to anywhere I wanted in NYC.

We moved to Long Island because we needed a bigger house and wanted to send our kids to a better school district than the one in our Queens neighborhood. It’s a great house in a good neighborhood.

That said, I will never get used to Long Island.

There’s no sidewalks anywhere

Part of my weekend routine was having breakfast at the Dunkin’ Donuts near St. John’s University. We lived just a few blocks from there and we were just a little more than across the street from the school. I like being able to walk to shopping for groceries and things.

There’s not anywhere I can walk to. Everything is at least a 10 minute drive. If I was feeling brave I might use my bicycle but less than mile away a cyclist was left as the victim of a hit and run. That pretty much rules that idea out.

Some of the drivers are the worst

Not all of them of course but a lot of them. My biggest pet peeve is the yellow line is perceived as a suggestion. I always drive on my side as I don’t think getting in to a car wreck is a good way to meet new people.

A fun example: I come out of my side street and head to the light. Another driver rounds the corner and is almost half his car width into my lane. I stop my car and put on my least offending “What are you doing?” face and the other driver swerves out of my lane. Usually I get the “What? I didn’t do nothing wrong!” look but on one occasion I got flipped the bird. Maybe he was from NYC too?

People who drive by their own rules irk me too. I’m at a light, it turns green and I advance into the intersection signaling a left turn. I’m waiting in the intersection* for the opposite car to either turn or go straight. That gets me a blank stare and the other driver eventually makes hand motions indicating I should turn in front of him. I usually make my own hand motions right after that.

The grass really isn’t greener and I’m not moving anytime soon

I do like the privacy and it’s a great house on a great property. Also I’ve met some amazing Long Islanders and our friends are the best. Lily and I do like living here.

But I’m typing this on a LIRR train. This leg of the commute is long enough that I can draft up a 600 word blog post from scratch. It’s an adjustment and after almost 10 years I’m pretty sure I’ll continue to do this commute. But I’ll still miss some of the convenience of living in Queens.

*NOTE: Yes, I invented my own intersection driving rules. In NY you are not supposed to enter the intersection until you can successfully make the left turn. It’s my blog and I can complain about what I want. 😉