Month: November 2010

Server Upgrade

Not sure if anyone has noticed this – might or might not be a good thing – but I have upgraded the server hosting this blog. Externally, nothing much has changed but underneath, things have changed quite a bit. The reason for the upgrade was due to the last server, constantly choking under any slight increase in load. The new server is cheaper too.

The specs for the new server are not all impressive, but it is good enough for hosting a simple blog. There is 128MB of RAM and 256MB of swap. It runs 32-bit Debian Lenny as the OS and has MySQL with Lighttpd and PHP5. It runs smoothly with two threads of PHP managing all the connections. I have stress tested it with siege and it gracefully handles about 10 concurrent connections with a response time of under 3 seconds.

Maybe this is a good time for me to describe my methodology for tuning a web server.

Firstly, I run siege -g example.com to see if the site is working correctly. This is useful for debugging the entire web stack because it will also display the HTTP headers sent and received.

Next, I simulate a random series of connections by using siege -i -c 5 example.com to simulate a number of concurrent connections. While I am doing this, I am also running htop on the server to monitor the server load and resource consumption.

Finally, I hammer the server with increasing number of concurrent connections using siege -b -c 10 example.com while continuously monitoring the server load and the response times. I tweak the numbers until performance drops.

That gives me some statistics that I can use as a benchmark. Then, I tweak the server settings and repeat the siege to get new numbers. Rinse and repeat until the desired concurrency and response times are achieved.


Lifting the server siege... done.
Transactions: 502 hits
Availability: 100.00 %
Elapsed time: 151.08 secs
Data transferred: 6.40 MB
Response time: 1.50 secs
Transaction rate: 3.32 trans/sec
Throughput: 0.04 MB/sec
Concurrency: 4.97
Successful transactions: 502
Failed transactions: 0
Longest transaction: 6.09
Shortest transaction: 0.76

Typical Server Setup

Since there are so many little tweaks that I do to my regular web-server setup, I felt that I should put down some of my thoughts here, for the purpose of documentation.

Operating System
I invariably go with Debian. If the VPS provider does not provide a Debian option, I will not buy a VPS from them. When choosing between Debian installs, I tend to choose 32-bit images because I do not believe in having a single large server with more than 4GB of RAM. A 32-bit installation allows me to do some wonderful optimisations. I can run a MySQL and web server with PHP5 in under 64MB of RAM on a 32-bit Debian install.

Security
Firstly, security. My firewall of choice is Shorewall because it has been around for ages and I have been using it for just as long. It has only gotten better with age. I am one of those who believes in host-based security. Every person should be vigilant and take care of themselves when going out – same with servers. I will just tweak the example configurations provided with the documentation pack.

Next, I will install Dropbear and remove OpenSSH server. The reason that I do this is largely due to resource consumption. Since the SSH server is rarely used except for administrative work, I just use a light-weight one instead, to conserve RAM. I will set it with the “-w” option to block remote root logins. Other than that, I leave things as they are.

Database
Since most Open Source web applications tend to use MySQL as their database, I need to configure this. Depending on the amount of RAM available, I will select the example configuration provided with the documentation pack. The amount of recommended RAM is stated in the example config files themselves. I will tweak it by adding the skip-networking, skip-bdb, skip-innodb flags to reduce RAM usage.

Web server
I prefer to use Lighttpd because it provides a lean web-server that is easy to configure. IMHO, Nginx is not as friendly to configure while Apache is too resource intensive. There are a number of configurations that I will do with this. I will set server.tag to emit some useful information – typically the name of the actual machine that is serving up the page. I will disable server.dir-listing. I will set the SSL certificates if required and set the algorithm to AES128-SHA to conserve CPU resources. I will also tweak the FastCGI numbers depending on the resources and expected performance of the server.

Web application
I tend to run PHP5 because that is what most Open Source stuff use. I will tweak it by turning on zlib.output_compression, reducing memory_limit and turning off expose_php for security and performance purposes. The actual values to tweak will depend on the resources available on the server.

Some points to note:

If using an opcode cache like XCache, it is important to reduce the number of FastCGI processes and increase the child threads because the cache is stored per-process. Otherwise, it is better to reduce the child threads to zero and increase the FastCGI processes to reduce resource consumption.

Miscellaneous
Other minor tweaks that I will install would be things like etckeeper that helps to keep track of maintenance issues. I may also install cron-apt to help with some update notifications. I also reduce swappiness to improve memory performance.

Typodermic Fonts

I doubt that I will ever be for want of a font again. I just found an artist who gives away 390+ fonts for free, including commercial usage.

Typodermic is a site created by the artist, Ray Larabie, who has been obsessed with typefaces and fonts since his childhood. There are lots of styles on the site and a large number of them are free.

What can I say, I am a sucker for peng, leng, zheng stuff.

Another great source of stylistic fonts is Dieter Steffmann, though I am not quite clear about their licensing.

IE8 Development on Linux

As an open-source advocate and Linux developer, I sometimes face the problem on creating websites that do not work correctly in IE because it is a borked browser. While IE is fast losing its market share to other browsers, it is still the dominant PC desktop browser and needs to be supported by any web applications that I develop.

To that end, I need to make sure that my code works on IE and these are the two steps that I recommend.

Firstly, use the X-UA-Compatible meta tag to ensure that IE works in a more standards compliant mode. This meta tag can be set either by the web-server or it can be set in the HTML header section itself. It is simple, just stick the following code in the header section of any HTML page:

<meta http-equiv="X-UA-Compatible" content="IE=8">

There are a number of parameters that are possible and these are described in the appropriate knowledge base page. The important thing is to ensure that your site adheres to web standards and to set the compatibility mode to IE8, which is the most standards compliant IE browser at the moment.

The next gem that I recently discovered is the availability of IE8 testing images from Microsoft. Turns out that Microsoft provides VPC images that can be used to run special VMs that can be used to test websites under IE8 rendering. Since I do not use VPC, I had to tweak things a little and run things under VirtualBox instead.

Even then, there are a couple of gotchas to note:

First, it is essential that the network drivers be installed when the VM is first booted. This is to allow the VM to activate itself online. Otherwise, on a second bootup, the VM will not allow the user to login because it is not activated, and will not be able to activate itself because it is not online – an infinite loop.

To do this, once the VirtualBox machine is booted and the Guest Additions disc is inserted, run the following command:

D:\VBoxWindowsAdditions-x86.exe /extract /D=C:\Drivers

Immediately after that, use the Windows Add/Remove Hardware wizard to detect the new network card and specify the drivers manually. They will reside in the earlier subdirectory. Once this is done, bridge the VMs network to your existing Internet network and ensure that the network settings are all working. Launch an instance of IE8 to see if the site works correctly.

Then, after a reboot, the VM will insist on activating itself online. If the network was working correctly earlier, just proceed with the activation. It works after that like any normal Windows except that it will display an “evaluation” notice on the desktop.

This is a good solution to work with IE8 development on Linux.

Sassy Sass

I had a public holiday today and I ended up spending it on hacking some code. I decided to do a WordPress Theme for my company blog instead of lazing around. It was a fun thing to do on a lazy holiday – not very healthy but quite fun. In order to spice things up, I decided to take this opportunity to learn some Syntactically Awesome Style Sheet (SASS).

That is how I do every project – I make sure that there is something new to learn.

According to their website, “Sass makes CSS fun again. Sass is an extension of CSS3, adding nested rules, variables, mixins, selector inheritance, and more. It’s translated to well-formatted, standard CSS using the command line tool or a web-framework plugin.” Essentially, it is a meta-language that can be transformed into legal CSS using an external tool. On top of all the advantages stated, it can be used to automate the generation of complicated style-sheets.

One other advantage that it can deliver is eliminate the need for multi-file CSS that is currently used for organising CSS. SASS is like a programming language in many ways and can include stuff from other files, perform variable substitution and even evaluate some basic expressions and built-in functions. With all that, it can still generate a single compressed CSS file for the browser, which will reduce the number of loads needed.

Anyway, it was a fun project. I will convert the other subdomains on my company site later.

VirtualBox vs QEMU

Turns out that VirtualBox is extremely easy to use for personal virtualisation. I have been using KVM and XEN based virtualisation solutions on the server. They both work wonderfully for that purpose. However, for local machine virtualisation, they are both a chore to setup.

Turns out that another open source product – VirtualBox, is better suited for local virtualisation. I will ensure that it is made available for all my machines in the future. It even supports non-VT based hosts after KVM decided to drop support for it in their recent versions.

I have been setting up some personal virtual machines for the purpose of testing software. It is always a good idea to start off with a virgin machine when doing testing.

I hope that Oracle does not kill this product!