SSH timeout due to inactivity is annoying. Here’s how to keep your SSH sessions alive and prevent the SSH timeout:
To be honest, I don’t exactly know too much about Big-IP, but I’ve come across someone who use it. They terminate HTTPS in Big-IP and WordPress runs on plain HTTP on port 80 on the backend nodes. By default, this makes WordPress confused, so you can’t login to the WordPress dashboard. Continue reading “WordPress behind Big-IP”
Experimental support for HTTP/2 became available in Nginx version 1.9.5 (mainline). It is really easy to enable, and I’ll show you how. Continue reading “Enable HTTP/2 on Nginx”
Using HTTPS helps preventing someone from snooping your username/password or hijacking your sessions. Using HSTS makes sure the connection stays on HTTPS, even if a MITM tries to redirect you to the plain HTTP version of a web site. But it is easier than you might think for a MITM to use a rogue certificate, making you believe everything is fine. HTTP Public Key Pinning (HPKP) helps the browser check that everything actually is fine. Continue reading “HTTP Public Key Pinning (HPKP)”
As I’m writing this, the calendar shows April 14 2015. According to the PHP 7.0 timeline, it has a projected release date of November 2015. But if you want to try it out (to check out the speed), you can already do so. Continue reading “Running PHP7-FPM Nightly Build on Ubuntu 14.04”
HHVM can really speed up your PHP-based web site. Most reports are somewhere in the range of 2–4x faster. Unfortunately, HHVM isn’t very stable and will suddenly die, just of the blue, from time to another. Fortunately, if you’re running Nginx it’s really easy to set up PHP-FPM as a fallback. Continue reading “Running HHVM with fallback to PHP-FPM”
Fail2ban works by filtering a log file with a regular expression triggering a
ban action if the condition is met. After a preset time, it will trigger an
unban action. Without much effort, we can have WordPress log all authentication events and have fail2ban react on them. Continue reading “Using fail2ban to block WordPress login attacks”
If your fail2ban is on a host behind a Rackspace Cloud LoadBalancer, you’ll want to block the offending IP addresses directly in your LoadBalancer. If your LB is acting as a reverse proxy, you’ll HAVE to block in the LB, but it is also nice to protect all other nodes behind the LB and offload the lifting. Continue reading “Using fail2ban from behind a Rackspace Cloud LoadBalancer”
Since version 3.9, WordPress have been 100% compatible with HHVM and I have begun replacing PHP with it on a few of my servers to experiment. Continue reading “Running HHVM instead of PHP with Nginx on Ubuntu”
Any organization where multiple developers cooperate on a regular basis needs some guidelines to assure optimal quality of the end result. Most of these rules applies to freelancers as well. Continue reading “WordPress Quality Guidelines”
OK, so you might have been at a WordCamp listening to talks or reading a few blog posts and you get that you should really get your WordPress site speed optimized. Starting all over isn’t either tempting nor something you have the time for. Don’t despair, you’ll get a long way by installing 5 plugins.
Continue reading “«Slap-on» speed optimization of your WordPress site”
Recently, I’ve done some WordPress load optimization with Thomas Bensmann (read his post «Full score on Google PageSpeed, Pingdom and GTMetrix») and to achieve full effect, you do have to load the Google Analytics tracking script, ga.js, from your own server.
There are now several years since WordPress was considered a blog platform only. Today, it’s a full blown CMS and perfectly capable of powering corporate web sites. Here I provide you with 5 non-technical reasons why WordPress is well fit for a corporate CMS. Continue reading “Why use WordPress as your corporate CMS?”
Adding a certificate and using the HTTPS protocol is a good improvement to the security in the communication between the browser and the server, and should be in place on all sites that have a user login. Contrary to what many (older) guides say, it doesn’t add much load on your server and is fairy easy and cheap to set up right. Continue reading “Securing Nginx with HTTPS”
I always run the latest LTS version of Ubuntu on all my servers. Unfortunately, the Nginx versions tend to be quite the bit behind the current release. So how do you get an updated, current version of without resorting to having to maintain the packages yourself? Luckily, the Nginx team have their own Ubuntu apt repository so it’s easy to keep current with the latest version of Nginx. Continue reading “Install latest version of Nginx on Ubuntu”
I always run the latest LTS version of Ubuntu on all my servers. Currently the latest LTS is 14.04 which comes with PHP version 5.5, but as of November 2014, the latest stable version is 5.6. So how do you get an updated, current version of PHP without resorting to having to maintain the packages yourself? The answer is in PPA. Continue reading “Install latest version of PHP on Ubuntu”
You have finished that WordPress site, and want to deploy it – move it from your test server to the production server where it goes live. But how? WordPress have a famous 5-minute-install, but there is no 5-minute-go-live-script*. I’ll show you how in these 5 easy-to-follow steps. Continue reading “Publishing WordPress site from development to production server – or moving your WordPress installation from one host to another”
If you have a static IP address, like from your own VPN, it is very easy to increase your security tremendously. Simply restrict all logins to that IP address.
Continue reading “Restricting access to WordPress login by IP address”
When it comes to VPNs, there is the choice between PPTP and OpenVPN. PPTP is pretty quick to setup and works out of the box with most (all?) OSes and devices.
These are the first steps you should perform on your shiny, brand new VPS to set out on a safe journey on the internets. You don’t actually have to understand each of the steps here, but this post is intented for people who have some clue of what they’re doing. If there is such a thing as a «VPSes for dummies», it should not be read. VPSes are not intended for dummies.
TL;DR: Varnish lacks support for SSL and SPDY. Nginx handles it just fine, and has very fast cache with either memcache or disk storage (ramdisk). Both can serve stale cache if your backend is down. But Nginx can not write to the memcache storage directly, it has to be done by the application. Also, Nginx can not purge the cache itself, without you compiling your own package.
OK, so I was ready to give Jekyll another shot today. But one thing I’m not that happy with is the need for specifying the YAML front matter on every post. At this point, I’m not really using it for any practical matter. Continue reading “Using Jekyll without YAML front matter”