icon for rtCamp's easy engine software

Quick post about easy engine

tl;dr: Use easyengine from rtCamp

I have followed rtCamp for over a year now.  I based my tutorials largely on Rahul’s tutorials.  I had tried many other ways to set up Nginx from various resources including the ones on Digital Ocean.  Not only was Rahul’s tutorials exactly what I needed to connect the dots, the end product was simple and followed the WordPress codex very closely and just made sense.  On top of it they have put together very detailed instructions on almost every scenario an administrator may need to unleash WordPress.

What does it do?

icon for rtCamp's easy engine software
Check out easy engine!!

easyengine allows you to easily manage your Nginx/WordPress web server.  It manages installing everything you need to serve WordPress from your choice of caching.  W3 total cache, wp-super cache or using Nginx’s fast_cgi_cache module.  The project is being developed steadily and the foundations of a professional Nginx/WordPress/Postfix management solution are emerging.

I recommend anyone who found their way onto my test server head over and check out Rahul’s tutorials and easy engine.  Rahul is a beast when it comes to his support forum.  He answers all comments and questions very quickly and in a manner that is very easy to understand.

 

 

 

image link to united nuclea

United Nuclear , Scientific Equipment & Supplies

 

The sole purpose of United Nuclear Scientific Supplies, LLC  is to put the “fun” back into science.
image link to united nucleaCurrently, both private and public schools (as well as other learning institutions) are removing chemicals & glassware from their chemistry labs, electronic components from their engineering classes… along with many other important pieces of “hands-on” learning equipment.  In exchange, they have students conduct  experiments on computer or simply read text instead of actually coming into contact with the equipment & materials they are learning about.
Most professors & teachers we have spoken with completely disagree with this concept.
It is our intention make these and other interesting/scientific related items once again available to the hobbyist, teacher, experimenter, and professional organizations.

Part 8 of my create your own webserver series

Optimize APC cache and increase file upload size in PHP and Nginx for WordPress

Welcome to Part 8 of this Series:

Support for APC doesnt exist for php 5.5, there is a forked project APCu for user cache.  Check out rtCamp’s easy engine instead.  Use built in Zend optimizer+ & Memcached & W3tc instead, or the apcu project on Github for user cache.

If you’re not following this tutorial and you want to be able to view apc.php from your browser(Ubuntu 12.04lts)

sudo cp /usr/share/doc/php-apc/apc.php /path/to/webroot

In the long run fragmentation amounts don’t matter much.  I spent too much time worrying about fragmentation.  The thing to realize here is fragmentation is all taking place in ram not to disk and is normal.  The only thing you have to really worry about is whether the cache fills, as it will flush the entire cache by default.  Increasing the default memory will ensure that your Cache full count will remain at 0.

APC works right out of the box, but it doesn’t work well with WordPress without increasing the memory.  I installed two copies of WordPress, example.com and example.org and randomly visited a bunch of pages The picture below is from a copy of this virtual machine that I installed two copies of WordPress on.  Within 5 minutes of caching WordPress, the default shared memory size of 32 MB quickly fills.

example of heavy fragmentation in apc.php

“Fragmentation is a measure of the non-available portion of apc.shm_size due to lack of contiguous memory large enough to accept new cache items. 100% fragmentation means the available memory is broken into hundreds of small pieces that are too small to accept new cache items. This occurs when cached items expire and new cached items fill their vacated memory slots; usually the new item is slightly smaller than the old item, and the leftover space may be too small for a new cache item.”

To view APC’s interface on your virtual machine simply point your browser at www.example.com/apc.php.

Open PuTTY log in and gain sudo privileges.

sudo su

Enter your password again. Now lets use Nano to open up apc.ini and add a few of our own directives.

nano /etc/php5/mods-available/apc.ini

In a nut shell we are going to increase APC’s memory to 128 megabytes.

Adding values here will change defaults values.  extension=apc.so will already be present.

Visit php.net’s APC Runtime Configuration page for details.

Make your file look like below.

extension=apc.so
apc.shm_size="128"
apc.max_file_size="10M"         
apc.num_files_hint=20000        
apc.user_entries_hint=20000     
apc.ttl=7200
apc.user_ttl=7200
apc.stat=0
apc.slam_defense=0

ctrl+x” “y” and “enter” to save and exit Nano.
Restart PHP to load new values.

service php5-fpm restart

(edit)-

apc.stat determines if APC should perform a stat() call on the file to see if it has changed since it was cached.  By default this is on.  We are setting it to off which will require us to reset the cache when updating from time to time but gives us a nice boost in performance.

Below is an example of the same virtual machine after adding the above directives and surfing the two domains for roughly the same amount of time.  The miss rate will continue to drop as the cache fills up.

APC.php example with less fragmentation

 

Increase max file upload size.

If you try to upload an image file larger than 1 megabyte WordPress is going to throw an error.  We need to configure PHP and Nginx to allow larger file sizes.

Gmail allows for max file size of 25 megabytes, let’s go ahead and do the same.  You can set it to whatever you like.  Your needs may vary.  I am going to make the change to Nginx in its global http block so that any new domains will pick up the configuration.  If you want to set domain specific file upload sizes then you would add this to each server block instead.

Login through PuTTY and gain sudo if you aren’t already and open up nginx.conf with Nano.

nano /etc/nginx/nginx.conf

While we are here lets first change the amount of worker_processes to 1.  This value should represent the amount of CPU cores your system has.  As we set the virtual machine up with one CPU we want this value to reflect that.

VMware will still use all the cores on your host system so don’t worry if you have a quad-core system.  All 4 cores will still be working for Ubuntu.

Next we are going to use the arrow keys to scroll down just inside the http {} block and add the line “client_max_body_size 25m;

Make the top of the file look like this…

user www-data;
worker_processes 1;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
# multi_accept on;
}

http {

client_max_body_size 25m;

##
# Basic Settings
##

ctrl+x” “y” and “enter” to save the file in Nano.

Next we have to set upload_max_filesize, and post_max_size in our php.ini file.

nano /etc/php5/fpm/php.ini

Once Nano is open use “ctrl+w” to open search field. Search for “upload_max_filesize”.

upload_max_filesize = 25M

Search again for post_max_size and change its value to 25.

post_max_size = 25M

ctrl+x” “y” and “enter” to save the file in Nano.

Reload Nginx and PHP.

service nginx reload
service php5-fpm reload

That’s all for Part 8 see ya @ Part 9 WordPress security

Series Navigation

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8Part 9
Part 7 of my create your own webserver series

Create a MySQL database and install WordPress

Welcome to Part 7 of this Series:

The first thing we need to do is create a MySQL database for WordPress.  More specifically a database for example.com.  You can choose either to use one WordPress database for all your sites or you can have a separate database for each domain/WordPress install.  For this tutorial I am going to suggest a separate database for each domain.  I have a few reasons for this.   I am not going to go into them but there is an old saying “don’t keep all your eggs in one basket”.  Doing this will keep backups that include just that domains information and is a much cleaner way of administering individual clients WordPress installs.

Point your browser at www.example.com/phpmyadmin.  Log in with username=root and password=password2.phpmyadmin login page screenshot from my tutorial how to series

Click on the “databases” tab.

Next name the database example.com and press create button.screenshot displaying database creation screen in phpMyadmin

That’s it, you just created a database.  Repeat these steps for example.org and example.net if you plan on using those domains.

If your following along with this tutorial you should at this point be able to point your browser at www.example.com and see this…

new WordPress default landing page

Continue untill you come to the below page and make it look like it does below.Database details for this tutorial

Click Submit.

All right Sparky!  Continue on.

The next screen needs to be discussed a little.  First things first never use the default username of admin.  Every evil script out their hunting for vulnerable WordPress installs will try that username.  I will post more about hardening your WordPress install more later, but for now not using the username admin is arguably the easiest and most important step you can take to make WordPress more secure.  The second is the password.  Make it strong, stronger the better.  This is where I would suggest using a 3rd password different from Ubuntu or MySQL.  I don’t follow my own suggestions and use the same password as I use with Ubuntu.

Also you’ll need to use your real email address here if you want to add smtp email support.  Needed to allow WordPress to send a variety of different emails from adding users to security alerts.

 Ok run the install.  All we have to do now is activate the 2 plugins that the script installed.

The first one sftp-updater-support adds support for WordPress to use SSH to update itself instead of ftp.  This will also allow you to install plugins directly through WordPress.

The second one Nginx-helper by rtCamp.  Controls purging Nginx’s cache every time a page or post is added or edited.

On the left hand column about mid way down is the plugin tab, select “installed plugins”.  Your actually going to see 4 deactivated plugins.  The other two come with WordPress by default.  Go ahead and activate the two I just mentioned.

Also be aware that we installed APC object cache backend which is considered a drop in plugin and can be seen by clicking the drop in link at the top of the page.

Lets quickly configure and test sftp-updater-support.  Probably the easiest way to do this is to try and install a plugin.  Doesn’t matter which plugin you install but I will suggest you install Configure-smtp.  This plugin will allow your WordPress install to send Email and works well for me.

At the top of the plugins page you will see a button that says “add new”, click on it and enter “configure smtp” into the search field.  Find the plugin, it was at the very top for me but may or may not be for you.  Click “install now” and confirm.

You now have to add your SSH info, use the image below as a guide replacing 192.168.1.4 with the IP address you used when setting up PuTTY and Filezilla.  Be sure to append :9010 to the end of your IP address or the plugin will try to connect on the default SSH port 22.sftp plugin configuration screen

If it worked you’ll see “Successfully installed the plugin Configure SMTP 3.1.”

Go ahead and activate the plugin.  It can be configured under the “settings” tab on the left.  Visit the plugins page on WordPress.org for help configuring it to use Gmail or whatever email provider you use.

That’s all for Part 7     see ya @ Part 8 where we will optimize APC cache as well as increase the allowed file upload size.

Series Navigation

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8
Part 9
Using WordPress locally without a domain name

Using WordPress locally without a domain name

Welcome to Part 6 of this Series:

The XPress Nginx appliance is an excellent free alternative to wamp.

The Gods of the internet have set aside some top level domains intended for use in examples and for development and testing environments.  See RFC 2606 – Reserved Top Level DNS Names for more information.   Basically all this means is that our internet overlords knew they needed a way for people to use domain names and email address’ for examples and testing.  It’s an attempt to stop harmless tutorials being accidentally released onto the internet causing name resolution conflicts and jamming up the tubes of the internet(DNS).

If you browse to www.example.com you will be taken to IANA’s reserved page.  If you ping that address you will see that the domain name www.example.com resolves to the IP address 192.0.43.10.  We are going to manipulate the hosts file on our Windows computer so that it will resolve www.example.com to the local IP address of our server instead.  In this case my server has a local IP address of 192.168.1.4  You will have to repeat these steps on every computer on your home network that you want to access WordPress on.

We will also do that for the other two reserved TLD’s www.example.org and www.example.net.  This will allow us to set up 3 separate WordPress sites for testing and development.  You may substitute example.com with any domain name you wish.  Entries in your hosts file will be used before any network level name resolution.

If your following along this tutorial I am going to assume you are running VMware Workstation on either Windows Vista or 7.  To edit your hosts file… start>all programs>accessories.  Locate and right-click on Notepad and choose “Run as administrator“.  Open C:WindowsSystem32driversetchosts and add this at the bottom.

Don’t see your hosts file?  See how to restore it here.

/etc/hosts on Unix systems.

#test domains
192.168.1.4 www.example.com
192.168.1.4 www.example.org
192.168.1.4 www.example.net

Substituting 192.168.1.4 with the IP address of your Ubuntu virtual machine.

example of my hosts file

This is what my Windows 7 hosts file looks like.  It may look different on Vista or Windows 8.  Either way just add those lines.  Save the file.  You may have to restart Windows for the changes to take effect.  Make sure to shut down Ubuntu first!!

That’s all for Part 6    see ya @ Part 7 where we will create a database for and set up WordPress.

Series Navigation

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8
Part 9
VMware Ubuntu12.04 Nginx MySQL php APC WordPress

Configuring Nginx’s cache location and installing WordPress

Welcome to Part 5 of this Series:

This is all based on WordPress’s Nginx codex with credit to Rahul Bansal’s fantastic Series – “WordPress Nginx Tutorials.

I’ve automated the process of creating new server blocks and installing WordPress.  The tar archive that we will download on Ubuntu in this tutorial contains the Nginx-helper plugin for WordPress, sftp-updater-support plugin for WordPress, APC object cache backend plugin as well as a script that will setup new server blocks intended for multiple single site installs of WordPress owned by user alphard.  The new server blocks share the same php pool which is a security issue if you have evil WordPress users.

Define an Nginx cache zone:

We have to tell Nginx to store cache in ram.  Go ahead open PuTTY, log in and gain root privileges.

sudo su

lets open /etc/nginx/nginx.conf.

nano /etc/nginx/nginx.conf

Add this between the log and gzip section.

##
# set cache location
##
fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:500m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;

ctrl+x” save and close nginx.conf
Test and reload Nginx.

nginx -t && service nginx reload

You should see…

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now that we have the cache location set in the global block lets download the tar archive containing 3 WordPress plugins, the script to create new server blocks and its accompanying server block template.

Relinquish sudo

exit

Download the file and decompress it in /home/alphard/ and make it executable.

wget https://www.dropbox.com/s/45jk9l9dukhapk1/script_template_and_plugins.tar
tar -xvf script_template_and_plugins.tar

The script is heavily commented.  Be aware that var/www/example.com/htdocs permissions are set to 775 to allow WordPress to create wp-config.php.  In part 9 we will move wp-config.php up one level and change its permissions to 640 and change htdocs back to recommended 755.  It also creates an uploads folder in wp-content with permissions also set to 775 to allow file uploads.

sudo nano /home/alphard/create_new_wordpress.sh

and the virtual hosts template.

 sudo nano /home/alphard/wordpress_vhost.template

At this point your server has everything it needs to install WordPress.  Setting up a domain and forwarding ports on a router as well as DNS is beyond the scope of this tutorial.

There is however a very easy way to set up a local WordPress install.  Perfect for learning WordPress or as a testing and development environment similiar to wamp, xamp or mamp.

Lets restart the virtual machine and take a snapshot.

sudo reboot

You can now log into Ubuntu and gain sudo privileges and enter.

sudo su

The next command is going to run the script. If you own a domain and plan on mapping it to this server substitute example.com with your domain name. If you want to set up a local test server you can just run the command and it will setup a new Nginx server block to listen for example.com and www.example.com. It will also install WordPress and create symbolic links for phpMyAdmin and APC.php to the newly created web root.

./create_new_wordpress.sh example.com

You now have the latest version of WordPress and a Nginx server block listening on port 80 that will respond to any requests for example.com or www.example.com.

Shut down the virtual machine and take a snapshot.

ctr+m

This concludes Part 5.     See ya @ Part 6 where I will cover in detail how to change your hosts file so that you can reach WordPress from any computer on your home network.

Series Navigation

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8
Part 9
VMware Ubuntu12.04 Nginx MySQL php APC WordPress

Install Nginx MySQL PHP5.4 APC and phpMyAdmin on Ubuntu 12.04

Welcome to Part 4 of this Series:

Install MySQL-server:  Open PuTTY and connect to your server, log in and gain sudo privilages.

sudo su
apt-get update && apt-get upgrade
apt-get install mysql-server -y

This will start the MySQL-server install wizard. When prompted choose a password for the root MySQL user.  I use a different password here than the one I am using for Ubuntu or WordPress.  For this tutorial I am using “password2″.  Later in the tutorial we will install phpMyAdmin which will allow us to easily manage MySQL through A web based interface.

PHP 5.4:

The official repo for Ubuntu 12.04 LTS will install PHP version 5.3.  So to get PHP 5.4 we will use an unofficial launchpad repo maintained by Ondřej Surý.

apt-get install python-software-properties -y
add-apt-repository ppa:ondrej/php5

Press enter when prompted to add the PPA and then update apt cache.

apt-get update

Now we can install PHP 5.4.

apt-get install php5-common php5-mysql php5-xmlrpc php5-cgi php5-curl php5-gd php5-cli php5-fpm php-apc php-pear php5-dev php5-imap php5-mcrypt -y

We can test to see that we have the correct version by issuing

php -v

Confirm you indeed have PHP 5.4, if for some reason you have 5.3 restore the snapshot that you took at the end of part 3 and start over.

Install Nginx:  Lets install a version of Nginx that has the fastcgi cache purge module recommended by WordPress.org.

add-apt-repository ppa:brianmercer/nginx
apt-get update
apt-get install nginx-custom -y

Shut the virtual machine down and take a snapshot.

poweroff

ctrl+m to open snapshot manager..

phpMyAdmin

Start the Virtual machine back up, login and gain sudo.  I suggest using PuTTY for following tutorials because copying and pasting commands is faster with less chance of typos.  But you can hand type everything into the VMware display.

sudo su

Lets install phpMyAdmin so we can easily create and manage our MySQL database’s.

apt-get install phpmyadmin -y

The install wizard is going to ask which web server your using, Nginx isn’t in the list so we are going to just hit “enter” to proceed.

Choose “yes” at the next prompt to allow phpMyAdmin to create and configure its own database.

Next we need to enter our root MySQL password.  If your following along you’ll remember we used “password2“.

The next screen asks you to provide a password for phpMyAdmin to register with the database server.  Leave it blank and “enter” to proceed.

To symlink phpMyAdmin to an existing webroot

ln -sf /usr/share/phpmyadmin /path/to/WordPress/
sudo service nginx reload

Delete your browser cache.

That’s all for Part 4.     See ya @ Part 5.

Series Navigation

Part 1Part 2Part 3Part 4Part 5Part 6Part 7Part 8
Part 9
Part 3 of my nginx how to series

Configure PuTTY and Filezilla over SSH

Welcome to Part 3 of this Series:

In this tutorial we are going to set up everything we need to administer our web server with PuTTY and Filezilla over SSH locally.

Once we get PuTTY set up we will be able to copy and paste commands into Ubuntu.  Something we can’t do now in the VM(unless you installed the desktop…).

Lets go ahead and download PuTTY and Filezilla.  The download page for putty can be a little confusing so to save time here is a download button for the PuTTY installer and Filezilla’s download on Sourceforge.

Download Filezilla

 

 

You can install both programs now and configure them later or wait until we get to configuring them further down in this post.  For now we are going to set up SSH in our Ubuntu virtual machine.  Go ahead and open VMware workstation and start the virtual machine and log in and gain sudo privileges.

sudo su

SSH setup:

For this tutorial we will be using password authentication with SSH. There are a few reasons for this.  Because our web server is running on the same network we are working on we don’t need to forward any ports for ssh on our router. This means that SSH is only accessible from our LAN and not the rest of the internet. Your SSH password can only be brute forced if the attacker is already on your local network. Having your server on a Windows host also opens up using Teamviewer or a VPN to tunnel past your router keeping all but port 80 from being accessible from the internet.

We will be using the command line Nano editor to edit files from within terminal.

Quick tips for using Nano:

Use arrow keys to navigate, ctrl-w to search and ctrl-x to exit and save.  Copy and paste will work through PuTTY once we set this up so don’t fret you wont have to type commands for longer.

nano /etc/ssh/sshd_config

Change the port to whatever you want. Default is 22.  If your following this tutorial, you’ll remember that we opened port 9010 in part 2.  Use arrow key to scroll down till you see “PermitRootLogin” and change it to “no” and add the line “UseDNS no” to the bottom of  # Authentication section.

# What ports, IPs and protocols we listen for
Port 9010
# Authentication:
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
UseDNS no

There are other ways to harden the security on SSH but for now this gets us started. To save the edited file in Nano use “ctrl-x“. Nano will ask you to confirm that you want to save the edited file press “y” and then “enter“.
You should be back in Terminal. We need to restart SSH for our changes to take effect.

service ssh restart

We now need to determine what IP address your router assigned to the virtual machine during Ubuntu setup.

ifconfig

You will see something similar to…

eth0      Link encap:Ethernet  HWaddr 00:0c:29:f6:ca:0f
          inet addr:192.168.1.4  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fef6:ca0f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:539 errors:0 dropped:0 overruns:0 frame:0
          TX packets:622 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:54344 (54.3 KB)  TX bytes:71683 (71.6 KB)

I have highlighted the IP address that my router assigned to my VM.  Yours will be different.  Write that address down we will be using it in the next couple steps.

That is it you can now use “ctrl+alt” to remove mouse and keyboard from the virtual machine and take a snapshot “ctrl+m” and minimize it.

Configuring PuTTY:

If you did not install Putty earlier do so now and open it.  The PuTTY installer is going to open an options window, just use the defaults.  Make the PuTTY configuration window look like the image below. Substituting your local IP address with the one you wrote down earlier and click save.example of PuTTy configuration menu

You can now go ahead and connect to Ubuntu. You will see a pop up the first time you connect.  Just select “yes“.  You should then be greeted with a prompt for your username.  Go ahead and log in.

That’s it you now have a Linux shell on Windows.  You can now copy and paste from your browser into your PuTTY terminal(right-click).  Lets gain sudo privileges and update the server just to test it out.  

sudo su
apt-get update && apt-get upgrade -y

Lets go ahead and take a snapshot of the virtual machine.  Remember “ctrl+m” to open the snapshot manager.

Configuring Filezilla:

FTP is an insecure protocol.  We are going to configure Filezilla to use FTP over SSH, S(FTP).

Go ahead and install Filezilla and open it up.  In the top left just below “file” is the button to open the”connections manager”, open the connections manager and click on “new site”.  Make that window look like the picture below then click connect.Filezilla site manager screen

You can now go ahead and connect.

You can now transfer, rename, move and change file permissions in Ubuntu assuming you own the file or directory, or are part of a group that has permissions to read, write or execute.

This concludes Part 3        see you @ Part 4
You should now be able to connect PuTTY and Filezilla to your Ubuntu server securely over SSH from any computer on your local network.