Mostly about my amusement

Author: Jan Dembowski (page 32 of 96)

StartSSL and Nginx

I converted this blog from Apache2 to Nginx but forgot a step for SSL. With Apache2 to correctly install the SSL cert, you need to include in your config ca.pem and sub.class1.server.ca.pem. See here for more information.

I didn’t realize I had a problem until I pointed my iPhone at my SSL enabled web site.

With Nginx you’ve got

 ssl  on;
 ssl_certificate  /etc/nginx/ssl/blog.crt;
 ssl_certificate_key  /etc/nginx/ssl/blog.key;

Nginx doesn’t do SSL certificate chaining like Apache2 does. In order to get the ca.pem and sub.class1.server.ca.pem onto your install just append the two files to your certificate file.

curl http://www.startssl.com/certs/sub.class1.server.ca.pem >>blog.crt
curl http://www.startssl.com/certs/ca.pem >>blog.crt

I restarted my Nginx server and had no problems since. I continue to be impressed with StartSSL and at some point I will want to purchase a wild card cert for my domain.

And the snow thrower is back

A few weeks ago I dropped off my snow thrower at the Sears repair location in Melville. On Friday I got an automated call from Sears saying it was done and I could pick it up. The original plan was to pick it up this Saturday. But since tomorrow there is supposed to be a snow storm, Lily and I left work early and got it today. We had to since they close at 5 PM.

There was no charge on the repair. I had been using it when the oil cap came off and I ran it for a few minutes. I found the cap and kept going. Later on the engine seized and the snow thrower just was not working. I told this to the Sears repair staff and expected to get charged.

The unit looks cleaned up, the side height adjusters were replaced, and the back blade was adjusted. I started the thing up as soon as I got home. It’s not quite as good as new but it sure looks like it was well worked on. And if we get snow tomorrow night I’ve got the gas and I’m ready to go.

Those guys at Sears do good work and I sure can’t complain about the price.

So far so good with Nginx

This blog is running on a VPS provided by Slicehost. It’s the 512MB package and I have no complaints. The network connectivity is pretty good too.

512MB is not what it used to be. When I run out of ram, mysql and Apache2 both go insane. My VPS becomes unusable and I end up hitting the remote hard reboot button. There is even a Slicehost iPhone app for that (which I have installed).

I can upgrade to 1GB of RAM but I’d prefer to create a smaller memory footprint. I am constantly floating between 1MB and 90MB free and adding a whole 512MB seems like overkill. Switching to Nginx is my attempt to take care of that. And besides, they have a really cool logo.

Installing it was a breeze. Go over to Donncha O Caoimh’s blog and read up on how to get WordPress, Nginx, and WP Super Cache working. I used his notes but made some changes to my installation. The only thing I did was disable the /etc/nginx/sites-available/default and created virtual server specific files. Also I don’t use WP Super Cache, I just don’t have the traffic. I started with a copy of the default file and added a few lines.

For example, blog.dembowski.net’s file looks like this:

server {
        listen   80;
        server_name  blog.dembowski.net;

        access_log  /var/log/nginx/blog.dembowski.net-access.log;

        # Hot-linking bad, expect when I let it.
        location ~* (.jpg|.png)$ {
                root   /srv/www/vhosts/$server_name;
                valid_referers server_names blocked none
                        *.dembowski.net
                        *.google.com
                        *.feedburner.com
                        *.pingdom.com;

                if ($invalid_referer) {
                        return 403;
                }
        }

        location / {
                root   /srv/www/vhosts/$server_name;
                index  index.php index.html index.htm;

        # if the requested file exists, return it immediately
               if (-f $request_filename) {
                       break;
               }
        # all other requests go to WordPress
               if (!-e $request_filename) {
                       rewrite . /index.php last;
               }

        }

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
                root   /var/www/nginx-default;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ .php$ {
                fastcgi_pass   127.0.0.1:9000;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  /srv/www/vhosts/$server_name$fastcgi_script_name;
                include fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /.ht {
                deny  all;
        }
}

I am lazy efficient enough that all I need to do is replace the server_name and access_log lines for each virtual web host. I tried to use $server_name in the access_log line too, but it didn’t take. That created a file name called $server_name-access.log.

Each of my virtual hosts were already setup in Apache2 this way. All I had to do was get php5-cgi working, shutdown Apache2 and bring up Nginx. I made it permament by running these commands as root:

# update-rc -f apache2 remove
# update-rc -f nginx defaults

This hasn’t really made a big difference in my memory footprint but my blog is more responsive. See this Pingdom report for performance numbers. I may yet upgrade to the next size slice.

Year of the Tiger

Happy Chinese New Year! It’s the year of the Tiger and Sunday was Valentine’s Day too. What a dilemma: do you pay attention to the New Year or to the made up Hallmark holiday? That was solved in seconds and we went to celebrate the New Year.

This has been a busy weekend. On Friday I met up with some old friends who I have not seen for a while. That was great fun and I spent more time catching up and only took a handful of photos. We ate at a place on Bowery Street called Kens Asian Taste.

Saturday we headed to Flushing for errands and to meet up with the in-laws. We drove to Flushing and I thought it was bad. Sunday I would see what a bad driving day is in Chinatown. In the late afternoon we headed over to my brother-in-law’s place and had a great dinner.  You know the family get together that everyone crowds around the dinner table? It was like that and we all had a good time. The only down side was that I forgot to bring my camera and Vonage box. Every year the in-laws call China and the Vonage box would have been useful: China is one on the unlimited calling to countries.

Sunday was the day we all headed to Chinatown. Instead of driving we took the LIRR to Penn station and then the IRT. Good thing we did; the place was a car disaster area.

Lot's of people in Chinatown

Afterward we walked around looking for a place to eat. We ended up going to Hester Street, down to Elizabeth Street and Canal Street, and back to Hester Street once again and went to XO Kitchen. The wait for the table was over an hour. That’s not too bad since over at Gum Fung people said they were not letting any new customer in. They stopped handing out numbers.

Next stop was the Empire State Building. We had heard that they had some sort of Chinese New Year display and wanted to see it.

It was a little disappointing. It was Valentine’s Day also, so after relaxing for a few minutes we all headed home.

Well I sure taught the snow who’s boss

All day yesterday it snowed from around midnight to at least 11:30 PM.  Several times I went out and cleared the driveway.  Around the end of my second pass I noticed that the oil cap came off on my snow thrower and oil was burning. I shut it down and replaced the cap.

Later on when I went to try the snow thrower again, the damn thing would not start. The motor is stuck and will not budge. This weekend I’ll get some oil and hope that I did not permanently damage the engine. The idea is that oil is cheaper than a new one and seriously, I just need it to work this season. That is a lot of drive way to shovel.

But I have a feeling I’ll need to buy a replacement snow thrower instead. If that does happen I’m sure I’ll keep the next one in good shape…

Here’s an idea: just do the right thing

The Tea Party convention has affected me. Go watch this video at CNN.com’s web site. Take your time.

Back? Now let’s pass a law that lets the President of the United States simply point his finger at anyone and say “Enemy Combatant”.  With that one pronouncement the government can grab anyone and do anything to that person. No rights, no trial, just “the President says so”.

This really is not a crazy idea since it’s already happened in this country. The lady in the video (the one with the crib notes on her hand) is playing a popular but dangerous game.

The idea is that we can brush aside the laws of this country, when it is those laws that make this  country great.  This thing, our constitution, this does not happen in other countries. It can take years, but here in the United States that one person can stand up to the government and get redress. It’s doable if you are strong enough and want it enough. It doesn’t always work out but the opportunity exists.

We have rights and they are defined by our constitution, our Bill of Rights, and our amendments. This is an amazing thing and for anyone to say someone here does not have the benefit of our laws is a sign of weakness. It’s cowardice.

What these great patriots just don’t want to admit is this: someone dying is the worse thing that can happen to that person and his family. Someone getting maimed or crippled, or violently losing a loved one, that is a devastating and horrible thing. I pray and hope it never happens to me and mine.

But it’s not the worst thing that can happen to a country. We can be safe and secure without sacrificing the principles that Americans have fought and died for. It’s not easy, but Americans can do anything when they are strong enough.

Will it snow this time?

Last Friday night the LIRR was talking about if 10 inches of snow fall, then they will shut down the entire train system. That only sounds bad since last time it snowed some poor people were kidnapped and held hostage against their will for many hours on a disabled train. The idea is that it is better to strand people at the train station than abandon them on the train tracks.

The amount of snow this last weekend around where I live? None, not one centimeter.  Now the weather man is predicting a ton of snow for tomorrow. I’m all ready to go and it will be great for the kids if we actually do get snowed in.

8 bags of garbage

My family and I have been living in our house for over 5 years now. During that time, I have cleaned up my junk in the basement a couple of times.  Our kids? Not once. Our basement looked like an organized mess.  All of their toys (mostly broken) were piled up against the wall.

That changed today. This morning Lily and I started small and just kept going. We ended up throwing out eight 45 gallon bags (I could have sworn we bought 55 gallon drum liners but they weren’t). The kids helped too, so no hysterics.

What made me a little depressed was that the 1/144 HG Gundam models that my son made were damaged and had parts missing, so he decided to toss them out. Not all of them, but the four that he tossed were ones that I was proud of him working on.

Here are some of the models he tossed today.

It’s not really a big deal, and each one was broken. But I was a little sad at them being tossed out so casually.

The deal with my son is that if we clean out the old stuff, I’ll get him a Lionel O gauge set.  Right now he has an HO scale set but with all the space we cleaned out, we can get another folding table and set up a bigger set.

Geez, I really am getting old and sentimental. You are supposed to get attached to people and not things.  That is something I am trying to teach both my children so I can’t really be unhappy about them letting go of things.