Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Re: Any Digital Ocean users?
jstubbs wrote #280521:
random blank pages which you mentioned above
That might also be a sign of poor software configuration, which is then causing the web server to crash.
And – which distros would you say are worthwhile? You mentioned Ubuntu gives poor performance on a 512MB RAM droplet. For TXP sites, I guess we’d be looking at Ubuntu and a LAMP stack.
Ubuntu works just fine with that amount of memory. I was just saying that about software configuration. You can run even bigger sites on a small VM, but it means benchmarking the server and configuring the software accordingly.
Offline
Re: Any Digital Ocean users?
Thanks Jukka…. I’m gonna give DO a go – its only my sites… I mean, come on, what can go wrong ;)
Offline
Re: Any Digital Ocean users?
tye wrote #280514:
What specs is everyone running their VPS at?
I’ve got one Future Host which I’m quite happy with using:
BW: 3,000GB
RAM: 1,000MB
Hardrive: 50GBBut I was looking for something smaller for some personal sites but wondered about performance.
Marc – is that uptime list the benchmark as my host isn’t even on there :)
The main specs the providers give don’t matter as much to me as things like practical, day-to-day uptime, support turnaround time, customer communications, etc. Bandwidth is almost a throwaway number at this point, RAM won’t usually be a big deal unless you are running a completely wild WordPress, Joomla, or Drupal site and don’t want to configure things, and disk space really just depends on your needs or your clients’ needs.
No matter who you end up with, I really recommend using a third-party monitoring service. I use Are My Sites Up. I have a VPS with a very highly-rated web host right now that is absolutely terrible in terms of uptime, and I wouldn’t know it without some sort of monitoring.
The benchmark list at that site only applies to people using the paid monitoring service. But that’s a good sign to me—they are paying a third party to monitor their own performance, and they are willing to share the numbers even though competitors show up there too.
Offline
Re: Any Digital Ocean users?
maruchan wrote #280555:
No matter who you end up with, I really recommend using a third-party monitoring service.
Third party monitoring services that merely just do HTTP HEAD requests every n minutes do only catch that once in a n minutes error. Monitoring service will mainly only see actual crashes and longer reachability issues. Now, if such periodical check consistently reports your site being down more than, let’s say, once a month, it’s more of so that your visitors are getting error pages more than that.
In addition to using monitoring service, you may first want to run a log/service notification service on your server itself to track Apache errors and the service uptime. You can track the actual server uptime and status by asking Apache service:
$ service httpd statusThere are tools to monitor service status, and tools specifically built for Apache. One could use Monit and set it up to send “Wohoo Reddit front page — fuck me” notifications when server load reaches certain threshold.
Offline
Re: Any Digital Ocean users?
OK, took Jukka’s advice and moved 6 TXP installs yesterday to a new DigitalOcean droplet.
It does take a while to figure things out – the main steps are to create the virtual hosts and domain.com directories, then rsync files over from the old server. Also have to install phpMyAdmin and very importably mod_rewrite.
Now that the sites are in place I switched the IP addresses on Clouflare and bingo, all set up. The droplet is located in Singapore and I’ve found so far that the sites load much quicker – TXP Tips for me is really snappy.
With Gandi I was paying maybe US$35 a month and it’s been a bit slow – the DigitalOcean droplet is 512MB and only US$5 a month! I’m very pleased with the results – thanks Jukka!
Helpful links:
Setup Apache Virtual Hosts – note Step 2, if you don’t grant permissions your sites will show up blank!
Setup mod_rewrite – note that you need to set AllowOverride All in the /etc/apache2/sites-available/default file to allow an .htaccess file to override the standard configuration.
Setup phpMyAdmin – I didn’t follow the security settings as phpMyAdmin seems to be the latest version.
For rsync – I used something like this to move all files over from Gandi to DigitalOcean:
rsync -azv --progress /srv/d_mydisk/www/txptips.com/htdocs root@my_DO_IP_address:/var/www/txptips.com/public_htmlMaybe should write up a TXP Tip for all this.
Offline
Re: Any Digital Ocean users?
For anyone wanting to try DigitalOcean, there is a current coupon code DODEPLOY available for US$10. That’s what I used – enough for 2 months free hosting ;)
Offline
Re: Any Digital Ocean users?
jstubbs wrote #280575:
For anyone wanting to try DigitalOcean, there is a current coupon code
DODEPLOYavailable for US$10. That’s what I used – enough for 2 months free hosting ;)
Signed up. And i can already see that is going to be painful to setup my free hosting ;-) But I will enjoy the learning curved.
…. texted postive
Offline
Re: Any Digital Ocean users?
To be honest, it is a bit of work but entirely enjoyable. As Jukka said, its your own server and its kind of fun to create and manage it. Besides, if something goes wrong you can probably do something about it rather than wait for someone else to fix it.
Jukka, one thing I did notice with the TXP installs after migration is that Diagnostics reports that Files, Images and Tmp are not writable, but each folder is set to 755.
I saw the same thing after migrating from TextDrive to Gandi, then the error notice disappeared after a while. Any idea about this?
Offline
Re: Any Digital Ocean users?
Diagnostics also reports that the following extensions are not enabled:
The following PHP functions (which may be necessary to run Textpattern) are disabled on your server: pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority,I think we can live without those, correct?
Offline
Re: Any Digital Ocean users?
jstubbs wrote #280580:
Diagnostics also reports that the following extensions are not enabled:
The following PHP functions (which may be necessary to run Textpattern) are disabled on your server: pcntl_alarm, pcntl_fork, pcntl_waitpid, pcntl_wait, pcntl_wifexited, pcntl_wifstopped, pcntl_wifsignaled, pcntl_wexitstatus, pcntl_wtermsig, pcntl_wstopsig, pcntl_signal, pcntl_signal_dispatch, pcntl_get_last_error, pcntl_strerror, pcntl_sigprocmask, pcntl_sigwaitinfo, pcntl_sigtimedwait, pcntl_exec, pcntl_getpriority, pcntl_setpriority,...I think we can live without those, correct?
But all other hosting servers don’t report those missing, so is it a case that you have not installed the Full PHP instance?
…. texted postive
Offline
Re: Any Digital Ocean users?
jstubbs wrote #280579:
Jukka, one thing I did notice with the TXP installs after migration is that Diagnostics reports that Files, Images and Tmp are not writable, but each folder is set to 755.
If you are using Ubuntu/Debian, your Apache by default runs under www-data user. Setting a directory 755 gives write access just to the user owning the directory.
user: 7 = 4 (read) + 2 (write) + 1 (execute)
group: 5 = 4 + 1
world: 5 = 4 + 1Now, you could set the permissions to 777 (I don’t really recommend that), or you could make so that the directories are owned by www-data group, and make sure new files are uploaded with the group too. I personally do it like that. I add the users that are used to upload files to Apache’s used user group, and sticky the group of the directory hosting the VirtualHost.
$ usermod -a -G www-data someuser
$ chgrp -r www-data /path/to/server/document/root
$ chmod g+s /path/to/server/document/rootWhen dealing with permissions what you want to make sure, is that you accidentally don’t give Apache access to write over your files. Make sure the umask used when uploading (client-side setting), is at most 644 for files and 755 for directories.
I think we can live without those, correct?
They are most likely disabled in httpd specific PHP config. Those functions can not be used outside CLI, so the default PHP5 httpd config in Debian/Ubuntu, if I remember correctly, does that at least on some versions.
bici wrote #280582:
But all other hosting servers don’t report those missing, so is it a case that you have not installed the Full PHP instance?
Disabled are functions are explicitly disabled in PHP config, and it’s not related to them being installed or not. The Diagnostics report just lists the items specified disabled in the PHP config.
Last edited by Gocom (2014-05-04 17:59:47)
Offline
Re: Any Digital Ocean users?
Gocom wrote #280583:
If you are using Ubuntu/Debian, your Apache by default runs under www-data user. Setting a directory 755 gives write access just to the user owning the directory.
Yes, using LAMP on Ubuntu 12.04.
Now, you could set the permissions to 777 (I don’t really recommend that)
No chance!
..or you could make so that the directories are owned by
www-datagroup, and make sure new files are uploaded with the group too. I personally do it like that. I add the users that are used to upload files to Apache’s used user group, and sticky the group of the directory hosting the VirtualHost.
Oh, chmod and permissions…my least favourite thing..! Yes, currently just using the root user so that would be causing the TXP error notice with the /images directory.
$ usermod -a -G www-data someuser
$ chgrp -r www-data /path/to/server/document/root
$ chmod g+s /path/to/server/document/rootSo, with your example above, should I change that to:
$ usermod -a -G www-data root (I'm using the root user so far)
$ chgrp -r www-data /var/www/ (websites are all in the /var/www/ directory)
$ chmod g+s /var/www/When dealing with permissions what you want to make sure, is that you accidentally don’t give Apache access to write over your files. Make sure the umask used when uploading (client-side setting), is at most 644 for files and 755 for directories.
Umm, you lost me here! Never heard of umask before. I guess this Linux permissions article covers the topic. Need to read up on this..
Offline
Re: Any Digital Ocean users?
jstubbs wrote #280607:
Yes, using LAMP on Ubuntu 12.04.
Since it’s a new installation, you should update to the current LTS, 14.04. It’s available on DigitalOcean’s image options too. 14.04 offers closer to up-to-date packages.
I’m using the root user so far
www.youtube.com/watch?v=Eal4fep7pK4
First thing you should do, is to create your own user and disable log in through the root. I hope you aren’t running as a root with the random password DigitalOcean gave you. Your server can easily get compromised in few months if you are doing so. There is no rate limiting or protection going on by default.
Basic steps to securing SSH are:
- Change root password and create your own new admin user.
- Rate limit SSH with Fail2Ban
- Set up SSH keys and disable password login.
Oh, chmod and permissions…my least favourite thing..!
Access permissions is one of the best thing about Unix-like systems, tho.
Yes, currently just using the
rootuser so that would be causing the TXP error notice with the/imagesdirectory.
That should always happen, no matter the user ;-) Apache is almost without exception run under its own user. Otherwise Apache has access to all of your files, or could roam around as root.
Last edited by Gocom (2014-05-06 08:28:24)
Offline
Re: Any Digital Ocean users?
Gocom wrote #280612:
Since it’s a new installation, you should update to the current LTS, 14.04. It’s available on DigitalOcean’s image options too. 14.04 offers closer to up-to-date packages.
You mean * Ubuntu 14.04 x64 vmlinuz-3.13.0-24-generic from Droplet > Settings > Kernel? Actually when creating a new Droplet, one can’t choose Ubuntu 14.04 ×64 and a Lamp stack from Applications. It only allows LAMP on Ubuntu 12.04.
Newbie question: Does updating to 14.04 change the Lamp stack in any way?
www.youtube.com/watch?v=Eal4fep7pK4
Ah, so you are saying using root is a no-no, then? ;)
I hope you aren’t running as a root with the random password DigitalOcean gave you. Your server can easily get compromised in few months if you are doing so. There is no rate limiting or protection going on by default.
No, I use 1Password for all passwords and assigned a new one. Slowly creating new PW’s for all logins after Heartbleed.
Basic steps to securing SSH are:
Sigh. Some more work to be done then!
Offline
Re: Any Digital Ocean users?
jstubbs wrote #280614:
You mean
* Ubuntu 14.04 x64 vmlinuz-3.13.0-24-genericfrom Droplet > Settings > Kernel? Actually when creating a new Droplet, one can’t choose Ubuntu 14.04 ×64 and a Lamp stack from Applications. It only allows LAMP on Ubuntu 12.04.
That’s the one. I would recommend sticking in the actual base image, and steering clear from those Applications. Those “Applications” are just images with few additional pre-installed packages. They are not configured in any way to be production safe, and even if you use one, you still have to update it, check conflicts and configure it.
Newbie question: Does updating to 14.04 change the Lamp stack in any way?
The initial set up takes a while. Minimum steps to set up a simple base server are:
- Configure hostname and DNS.
- Create SPF DNS record.
- Set up Fully Qualified Hostname correctly.
- Set up firewall to block ports. Block anything, but SSH (22), HTTP (80) and HTTPS (443).
- Set up MTA for mail delivery.
- Create swapfile to reduce crashes.
- Install Apache, MySQL and PHP.
- Optimize Apache performance by limiting child processes.
Ah, so you are saying using root is a no-no, then? ;)
I don’t know what you are talking about. That’s just a clip I wanted to share ;-P
Last edited by Gocom (2014-05-06 09:36:52)
Offline