Blog Update: scottlinux.com is now Debian!

By | 2014/04/18



I have been pondering switching from Ubuntu to Debian for scottlinux.com. After the new Linode plans on SSD have been announced I thought that now is the time!



Before: scottlinux.com ran on a 32bit Ubuntu 12.04 2GB ram Linode.
Now: scottlinux.com runs on a 64bit Debian 7 2GB ram linode on SSD with new Ivy Bridge E5-2680.v2 CPU


Check out the insane disk performance:

$ sudo hdparm -Tt /dev/xvda

/dev/xvda:
 Timing cached reads:   19644 MB in  1.98 seconds = 9902.33 MB/sec
 Timing buffered disk reads: 2966 MB in  3.00 seconds = 988.45 MB/sec



vpsbench:

$ ./vpsbench 
Benching I/O ... OK
Benching CPU. Bzipping 25MB file ... OK
Benching inbound network. Downloading 100MB file ... OK
Share at https://github.com/mgutz/vpsbench/wiki/VPS-Hosts


_04/19/2014 - VMPLAN - DATACENTER - OS - AUTHOR_
```
CPU model:  Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz
Number of cores: 2
CPU frequency:  2800.056 MHz
Total amount of RAM: 1993 MB
Total amount of swap: 255 MB
System uptime:   1 day, 22:27,       
I/O speed:  675 MB/s
Bzip 25MB: 4.84s
Download 100MB file: 144MB/s
```

Other changes:

– Switched from Apache 2.2 to nginx! scottlinux.com is WordPress running under nginx, php-fpm, and memcached.


– We now have PFS and slightly higher SSL Labs score (A+) with nginx than what was possible with Apache 2.2.


– Implemented recently re-generated SSL cert (re: heartbleed!)


– Migrated all sites and data via rsync over ssh and re-did Postfix configs from scratch.


– All done in about two hours!


This change was performed via sweet feature of Linode: network hotplug. I brought a new Debian 7 host up to speed and when ready, I switched IP addresses in my Linode control panel.


Also running on this host is a public iperf server which you are free to use:


http://iperf.scottlinux.com

Rock on,






Update: Here is my nginx config.



/etc/nginx/sites-available/scottlinux.com

server {
        listen 80; 
        listen [::]:80;
        server_name scottlinux.com www.scottlinux.com;
        access_log  /var/log/nginx/scottlinux.com.access.log;
        root /var/www/scottlinux.com;

        location / {
        return 301 https://scottlinux.com$request_uri?;
      }

}

server {
        listen 443; 
        listen [::]:443;
    server_name scottlinux.com;                                                            
    root /var/www/scottlinux.com; 
        access_log  /var/log/nginx/scottlinux.com.ssl-access.log;                                                 
   index index.php;                                                        
                                                                                           
   ssl on;
   ssl_certificate /etc/ssl/certs/scottlinux.com-2014.pem;
   ssl_certificate_key /etc/ssl/private/scottlinux.com-2014.key;
   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
   ssl_prefer_server_ciphers on;
   ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";

   ssl_session_cache shared:SSL:10m;
   ssl_session_timeout 10m;
   add_header Strict-Transport-Security max-age=31536000;

        location ~* \.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt)$ {
            access_log        off;
            expires           1y;
        }
 

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass unix:/var/run/php5-fpm/scottlinux.com.sock;
                fastcgi_index index.php;
                include /etc/nginx/fastcgi_params;
                fastcgi_buffer_size 128k;
                fastcgi_buffers 256 16k;
                fastcgi_busy_buffers_size 256k;
                fastcgi_temp_file_write_size 256k;
        }


}



php5-fpm

I made a copy of the default Debian /etc/php5/fpm/pool.d/www.conf file as scottlinux.com.conf


This is useful to run multiple php sites at once. Give each site its own ‘listen = ‘ socket and other config options in its own pool.d/ conf file!


File:

/etc/php5/fpm/pool.d/scottlinux.com.conf


Relevant changes:

[scottlinux.com]
listen = /var/run/php5-fpm/scottlinux.com.sock
pm = static
pm.max_children = 16




Check out $ ps axf when you have this setup. This makes it helpful to see what php site is taking resources.

30131 ?        Ss     0:02 php-fpm: master process (/etc/php5/fpm/php-fpm.conf)                                
30150 ?        S      1:16  \_ php-fpm: pool scottlinux.com                              
30153 ?        S      1:14  \_ php-fpm: pool scottlinux.com                              
30156 ?        S      1:17  \_ php-fpm: pool scottlinux.com                              
30159 ?        S      1:16  \_ php-fpm: pool scottlinux.com                              
30161 ?        Sl     1:16  \_ php-fpm: pool scottlinux.com                              
30162 ?        S      1:18  \_ php-fpm: pool scottlinux.com                              
30163 ?        S      1:14  \_ php-fpm: pool scottlinux.com                              
30164 ?        S      1:16  \_ php-fpm: pool scottlinux.com                              
30165 ?        S      1:17  \_ php-fpm: pool scottlinux.com                              
30166 ?        S      1:18  \_ php-fpm: pool scottlinux.com                              
30167 ?        S      1:16  \_ php-fpm: pool scottlinux.com                              
30168 ?        S      1:15  \_ php-fpm: pool scottlinux.com                              
30169 ?        S      1:13  \_ php-fpm: pool scottlinux.com                              
30170 ?        S      1:16  \_ php-fpm: pool scottlinux.com                              
30171 ?        S      1:16  \_ php-fpm: pool scottlinux.com                              
30172 ?        S      1:14  \_ php-fpm: pool scottlinux.com                              

4 thoughts on “Blog Update: scottlinux.com is now Debian!

  1. Scott

    Good move, I’ve been on Deb for awhile, but migrating to the newer Linode as we speak. I am also planning a move to Nginx with Pelican as new blogging platform, and wondered if you could share the parts of your config which redirect all traffic to the SSL-enabled site. I would like to drop the http version of the site, and use only a non-www, SSL-enabled version.

    Reply
    1. Scott Miller Post author

      Thanks – I updated the post with some config info!

      Reply
  2. maltris

    Great to hear!

    Also this looks like a very good configuration. DOes your provider give you the VPS with XEN, OpenVZ or KVM or something similar?

    ALso thats for the vpsbench-Tool. Didnt see this before and looked for such tool a few months ago when testing another VPS to post on my site.

    maltris

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.