Tech stuff

So recently I’ve been exploring the alternative world of Nginx instead of Apache, and PHP-FPM instead of mod_php. There are plenty of tutorials on the net for getting all of this setup, however not that many are up to date anymore for the Super Cache stuff. Hopefully what I present here will be a more up to date config, that is also mostly secure compare to a good number of ones on the net (to do with passing non PHP files to the php interpreter).

Firstly, my Nginx config for this very blog.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

server {
  server_name www.tim.purewhite.id.au;
  rewrite ^/(.*) http://tim.purewhite.id.au/$1 permanent;
}
 
server {
	server_name tim.purewhite.id.au static.tim.purewhite.id.au;
	root /home/tim/domains/tim.purewhite.id.au/public_html;
 
	access_log /var/log/nginx/tim.purewhite.id.au_access_log;
	access_log  /var/log/nginx/default.access.log host_combined;
	#access_log  /var/log/nginx/uri.log host_combined_uri;
	error_log /var/log/nginx/tim.purewhite.id.au_error_log;
 
	index index.php;
 
	location / {
 
		if ($http_cookie ~ "comment_author_|wordpress|wp-postpass_") {
			rewrite ^/(.*) /loggedin$1 last;
		}
		try_files $uri
		/wordpress/wp-content/cache/supercache/$http_host/$uri/index.html
		$uri/
		 /index.php;
	}
 
	location /loggedin {
		internal;
		rewrite ^/loggedin(.*) /$1 break;
		try_files $uri $uri/ /index.php;
	}
 
 
	location ^~ /code {
	        proxy_set_header Host $host;
	        proxy_set_header X-Forwarded-Server $host;
	        proxy_set_header X-Forwarded-Host $host;
	        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_pass http://127.0.0.1:8080/code/;
	}
 
	location ~* \.(ico|css|js|gif|jpe?g|png)$ {
		expires 1w;
		break;
	}
 
 
 
	fastcgi_intercept_errors off;
 
	location ~ \.php {
		try_files $uri =404;
		include fastcgi_params;
		fastcgi_pass   127.0.0.1:9002;
	}
 
	include drop;
}

The first thing to notice is line 1-4. This simply redirects everyone from www.tim.purewhite.id.au to tim.purewhite.id.au. Simple as that.

Next we define the server and the root document path. Still very standard. Then we define access logs, for various reason I’m logging to more than one place, but that’ll change once everything is finished.

Line 15 is boring, we just define the “index index.php” so that if you access a directory it will load index.php or give you a 404 (which it won’t because of things further down).

Now for the fun. Lines 19-21. These catch a logged in user and send them on an internal redirect down to lines 28-32. This is so we don’t serve cached content to logged in users. That little snippit is thanks to a post at http://permalink.gmane.org/gmane.comp.web.nginx.english/15664.

However, there was a problem in the rest of the code. Thanks to a post at http://wordpress.org/support/topic/lack-of-nginx-support-from-wp-super-cache I realised we needed to test if the cache was being used or not. So I added the extra logging and discovered it wasn’t. I quickly worked out what the problem was. The code at lines 22 – 25 had the middle 2 lines swapped around. So “$uri/” was before the supercache line. What this mean was that it would try if the $uri was a directory, and to load a directory it would try index.php (due to the index line) and so would end up loading wordpress through index.php. However, if we try the supercache line first, we find the cache file and so don’t need to load indexes.

And just like that, magic, it works! We use supercache files for normal users, and if a cache file doesn’t exist, we load wordpress like normal!

I’m also looking at how we run Nginx and PHP-FPM. I have heard of a few ways, one being that root runs a Nginx as user nginx or nobody, and each user runs their own Nginx which we proxy to from the main one. (And users run their own PHP-FPM as well). This sounds like a lot of work, very complicated, but yes, it gives you absolute security as only the user can access his web docs and scripts, and everything runs as that user. No one else’s php process can load your config file to discover your database passwords.

Another way of running it is with Nginx as a nginx/nobody/www-data user, and each user run their own php-fpm but give the nginx/nobody/www-data user read only access to the web directory. If done correctly, this can actually be very secure. First, (as root) you chgrp all the files and directories in the users doc root (htdocs, www, public_html etc) to the user nginx will run as. Ideally, you also only allow them read access (so `chmod g+rX,g-w -R public_html` will give them access to read, but not write). You then set the gid bit on the directory; `chmod g+s public_html` (and do this for any directories that already exist underneath). Now any files the user creates underneath the public_html dir will be readable to the nginx user, so nginx can serve static files. Now running php-fpm as each user (I use php-fpm with a pool per user), the php process can read all the files that user can, so only the users own php process can read their config files with the password in it! And it also means that files you upload (i.e. wordpress media files) will be owned by the user, not by www-data or what ever the web user is. This is SO much better than Apache and mod_php, and easier than suExec with mod_php.

Once I have more of my domains moved to Nginx, I’ll do a report on memory and cpu usage.

Print PDF

I think today is Day 13.

So finally I’ve had a chance to sit down and nut this out. First things first, getting hello world to run on the iPhone. Finally I worked out how to self sign a certificate, and get Xcode to build it, then using a custom script I found on the net, sign the code so the iPhone will run it. Yay! Hello World runs on the iPhone!

Next step. Get a GPS app running on the iPhone. After following a pretty good tutorial from http://www.vellios.com/2010/08/16/core-location-gps-tutorial/ I finally got a GPS test app running. (After making some changes so it would run on iOS 3.1). However, this is the end of the good news. So far, as I suspected, the iPhone 3GS isn’t performing well on the GPS. Accuracy of 1km isn’t good enough, that can be achieved with just network location! We need down to about 10m. I’m thinking maybe I will need to upgrade to a newer iOS to see if it’s an issue with the hardware or the software. However I want this app to run on iOS 3.1, so am hesitant to do any upgrades.

The last of the good news is that the Objective-C is starting to make some sense to me, and I’ll now work on learning the major differences, and some more subtle ones, between Objective-C, C++ and C.

Print PDF

I’ve decided to blog this journey of learning and challenge. I am developing a mobile app, initially for iOS and eventually for Android. I have given myself an initial 60 days to get it done, 60 days from getting the equipment.

Being an iOS app, I required an Apple Mac computer to run the required development tools. Tuesday afternoon an iPhone 3GS and a MacBook arrived, curtsey of a friend of Jun’s. First thing I needed to do was download the Lion update, so I could run XCode 4.1. This started Tuesday evening and was finished by Wednesday morning (Day 1). I then prepared a USB Drive to boot the installer from, and went and purchased a new laptop HDD to upgrade the MacBook. By lunch time I’d fitted the new 500Gb HDD and the OS X Lion install was finished. Now started the 6-8hr download of XCode. Meanwhile I spent some time getting aquainted with this MacBook and OS X. No, I’m not converted like some people have been asking, however it probably will be my main computer for the next 60 odd days.

Yesterday (day 2) I wrote a Hello World app in XCode for iOS. It was copied straight from a tutorial on the net, and I quickly discovered that Apple wants $99 from me to be able to even test it on my iPhone! Come on Apple, you already get the money for the MacBook, the iPhone, and now you want more money just so we can test apps on our OWN devices!?!? Eventually we’ll need to fork out this money so we can sign our apps and put them on the App Store. For now though, I think I’ll just jailbreak for testing purposes.
I’ve continued getting acquainted with the MacBook. It now runs Firefox and Thunderbird, iCal is 2 way syncing my calendar. Clementine has become my music player (iTunes, no thanks), LibreOffice is installed. TextWrangler may become my other code editor if it is good enough. Dropbox is setup for syncing between my MacBook and certain folders on my main computer. So far, it’s been nice using this computer, however it’s certainly not better than similar hardware running Linux. For a start, it took me a long time to get network shares with our NAS working well, even though it supports AFP. Eventually it was easier to just setup NFS. I’m getting used to all the keyboard shortcuts, which once learned certainly speed up some navigation. Annoyingly, there have been some things where a keyboard doesn’t work and you have to use a mouse.

Regarding code, it looks like I’ll probably use Git for the SCM as its built in to XCode.

Thats all for Day 3 so far. I need to get some uni work done and we have a busy weekend. I look forward to next week when I’ll have to make this iPhone run my apps!

Print PDF

By now you should have heard about Google+. You may have some idea of what it is, or you may have none, so hopefully I can answer some of your questions and help you get started.

Firstly, Google+ is Google’s latest entry into social networking. Already it looks much better than Buzz or Wave. What I like about it already is that the interface is clean and simple, and most importantly it is very easy to control your privacy settings. Now Facebook does have a similar feature, but it is extremely difficult to use.

Circles. You simple assign your “friends” to different circles, they can be in more than one. Then, you can share a post/photo/video etc with different circles, individual people, or the public. (There is also an extended circles which I believe shares it with people in your circles, and people in their circles). Want to let the world know about your new baby, simply post it public! (Like twitter). Want to post how you are having a dodgy day but only want your friends to know, and not your boss, just post it to your friends circle and make sure you boss is in your work circle. Want to share some good news with family and few close friends, post it to your family circle and then add the extra friends in as well!
Circles make it very simple to control who see’s what on your Google+ profile. Given the security scares of facebook stalkers and the like, it’s good to know you have total control over who see’s what.

Currently there are no Google+ games or apps. However for me that’s a bonus. I’m sick of all these status updates of “I just completed level 235 of bubble popping game….” and lots of other meaningless things like that. I don’t mind people playing games, but I don’t want to hear about it! What Google+ offers you out of the box though, is an amazing tool for social network communications that will allow you to easily keep in contact with people from all areas of your life, without getting cluttered down in the mechanisms of the communications. Huddles allow you to create a group of people for discussing something, like a group assignment, complete with group video chat (which arrived before Facebook announce the Skype Video partnership).

I’m hoping that you have read this far and are at least interested in trying Google+. For many people, until all your friends are there, you aren’t going to move. In fact, unless you are sick of the bloat of facebook, you probably have very little incentive to move unless you have privacy concerns with facebook. However I urge to to consider this, someone has to take the first steps so that others will follow. And if you need a good reason to take those first steps, I believe the privacy issues of facebook should be enough for anyone to think twice about facebook. And, if Google+ does flop, or you want to run away from it, all the stuff you put on it is yours, there is a nice easy way to download all your photos and other things on Google+ so you aren’t locked in!

Now here is the hard part, Google+ is still currently invite only as it’s still in it’s “trial” stages while they work out bugs. So below is a form that you can put your name and email address in, and a short note if you desire, and I’ll invite you to Google+. Due to the demand for invites, there are 2 things we do to try and get you in. First we send you an invite, then we share a post with you. You’ll get 2 emails, try the invite one first, which should have a red button to “Learn more about Google+” which will hopefully take you to the signin page to create your profile. If that fails, the second email will have a link to “View or Comment on Blah Blahs Post”. This link will also hopefully take you to a page where you can fill out your public profile and then sign in to Google+.
Both methods work at different times, so if it doesn’t work for you immediately, please wait an hour and try again.

I promise to not do anything with your email address other than invite you to Google+. Please be patient as I need to manually invite each person unless I can work out some way to automate this. I am happy to invite people I don’t know, however please don’t be offended if you don’t end up in my circles.

(Form removed as invites no longer needed)

Print PDF

Drupal upgrades have not been easy, and they should be easy. You look at wordpress, one click and the upgrade is done! Plugins, themes and core can all be upgraded from in the browser.

Drupal upgrades are traditionally backup, move all files out, extract new fresh files, move selected files back. Now there is an easier way! Patch files from http://fuerstnet.de/en/drupal-upgrade-easier allow you to backup, and then inplace upgrade the Drupal core files! No nasty moving things around that is almost guaranteed to break something because you forgot to move something back.

I still look forward to the day when Drupal upgrades are as easy as WordPress. Until then, I have a good enough method!

Print PDF