David Yin's Blog

Tech geek. Life geek.

Category: L.A.M.P. (Page 3 of 23)

PHP Benchmark of php 7.1, php7.2, php7.3 and even php5.6

December 24, 2018 / / 0 Comments

Here I run the PHP benchmark script on my Virtualbox guest OS Ubuntu 16.04.

Every version of PHP I tested 7 times. So get rid of the highest one, and the lowest one. Get the average of the rest five scores.

php5.6.39
The average is 5.13 seconds.

--------------------------------------
|        PHP BENCHMARK SCRIPT        |
--------------------------------------
Start : 2018-12-20 17:49:49
Server : t.g2list.win@192.168.1.120
PHP version : 5.6.39-1+ubuntu16.04.1+deb.sury.org+1
Platform : Linux
--------------------------------------
test_math                 : 1.523 sec.
test_stringmanipulation   : 1.594 sec.
test_loops                : 1.147 sec.
test_ifelse               : 0.808 sec.
--------------------------------------
Total time:               : 5.072 sec.

php 7.1.25
The average is 1.859 seconds.

--------------------------------------
|        PHP BENCHMARK SCRIPT        |
--------------------------------------
Start : 2018-12-20 17:41:51
Server : t.g2list.win@192.168.1.120
PHP version : 7.1.25-1+ubuntu16.04.1+deb.sury.org+1
Platform : Linux
--------------------------------------
test_ifelse               : 0.517 sec.
test_loops                : 0.378 sec.
test_stringmanipulation   : 0.561 sec.
test_math                 : 0.389 sec.
--------------------------------------
Total time:               : 1.845 sec.

php7.2
The average is 1.286 seconds.

--------------------------------------
|        PHP BENCHMARK SCRIPT        |
--------------------------------------
Start : 2018-12-20 17:44:37
Server : t.g2list.win@192.168.1.120
PHP version : 7.2.13-1+ubuntu16.04.1+deb.sury.org+1
Platform : Linux
--------------------------------------
test_ifelse               : 0.164 sec.
test_loops                : 0.274 sec.
test_stringmanipulation   : 0.495 sec.
test_math                 : 0.336 sec.
--------------------------------------
Total time:               : 1.269 sec.

php7.3
The average is 1.31 seconds.

--------------------------------------
|        PHP BENCHMARK SCRIPT        |
--------------------------------------
Start : 2018-12-20 17:47:16
Server : t.g2list.win@192.168.1.120
PHP version : 7.3.0-1+ubuntu16.04.1+deb.sury.org+1
Platform : Linux
--------------------------------------
test_ifelse               : 0.181 sec.
test_loops                : 0.350 sec.
test_stringmanipulation   : 0.469 sec.
test_math                 : 0.323 sec.
--------------------------------------
Total time:               : 1.323 sec.

I do have to say that the tests I run is not good enough. It does’t test all the php features. Actually, it is just a very small part of it.
If you count on the database, memory usage, etc., the answer will be quite different.

Wikipedia

How to pass the Real IP Address of client to Nginx Server

December 19, 2018 / / 0 Comments

I use a Nginx as  the reverse proxy. Here is the scenario.

The original server is Server A. The reverse proxy is Server B. Web users are browser the website through Server B.

Wikipedia

The web log of Server A just received the IP address of server B. All users are shared one remote address. It is Server B.

 

To pass the real IP address of client to the Web server, or server A.

  1. Set up on Server B.
    Let server B add the X-Forwarded-For header to the request. It is the real IP of users.
  2. Set up on Server A.
    Add following in to Nginx server block

    set_real_ip_from IP_Address_of_Server_B;
real_ip_header X-Forwarded-For;

 

Continue reading

How to use GeoIP database to block a country in Nginx

December 14, 2018 / / 0 Comments

First I need to make sure my Nginx has the geoip module.

Check it by entering the command below.


nginx -V

My Nginx shown the results as below.

nginx version: nginx/1.14.1
built with OpenSSL 1.1.1 11 Sep 2018
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-urYIzg/nginx-1.14.1=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/build/nginx-urYIzg/nginx-1.14.1/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-urYIzg/nginx-1.14.1/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-urYIzg/nginx-1.14.1/debian/modules/http-echo --add-dynamic-module=/build/nginx-urYIzg/nginx-1.14.1/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-urYIzg/nginx-1.14.1/debian/modules/http-subs-filter

I found  –with-http_geoip_module=dynamic

It is cool, I have the geoip module with my Nginx installation.

Second,  I need GeoIP country database.

Here is the official site to download the database.

I use the commands in my terminal window.

wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz

gunzip GeoIP.dat.gz

sudo mkdir/etc/nginx/geoip

sudo copy GeoIP.dat /etc/nginx/geoip

Continue reading

Untrack files already added to git repository based on .gitignore

September 9, 2018 / / 0 Comments

There is some files added to your git repository before you created .gitignore file. So they are already in the repos. Even you input the file name into .gitignore.  It is still there. Every time you change this file. It will be tere.

How to remove it?

Step 1: Commit all your changes.

It is the first step. Check your git status and commit all your changes. Including the .gitignore file.

Step 2: Remove everything from the repository

It is clean up. Enter following command:

git rm -r --cached .
  • rm is the remove command
  • -r  is an option to allow recursive removal
  • -cached will only remove files from the index. Your files will still be there, untouched.
  • The . indicates that all files will be untracked.

Step 3: Add everthing now

git add .

Step 4: Commit 

git commit -m ".gitignore fix"

Step 5: Push

git push

Then. Your repository is as clean as you expect.

How to get a perfect SSL Labs score

August 11, 2018 / / 0 Comments

It is easy to get an A+ on your website. But it is a little bit hard to make a 4 parts, Certificate, Protocol Support, Key Exchange, and Cipher Strength, to be 100%.

Most of time, I got A+ rating of my site. For individual scores, the last two are 90%.

Let me break down.

Certificate

It is preaty easy to get 100% here.

  • Make sure your certificate and intermediate certificate and CA are in the correct order.
  • Don’t use SHA1 for the signature algorithm. Use SHA256 instead. Actually all main CA are using SHA256 now.
  • Use a trusted CA. Do not use WoSign, StartCom.

Protocol Support

  • SSL 2.0 0%
  • SSL 3.0 80%
  • TLS 1.0 90%
  • TLS 1.1 95%
  • TLS 1.2 100%

So it is best to just use TLS 1.2.

 

Key Exchange

Make a strong DHE (Ephemeral Diffie-Hellman) paramaaters.

openssldhparam -out /etc/nginx/ssl/dhparam.pem 4096

It is not enough. Add following into Nginx settings.

ssl_ecdh_curve secp384r1;

Cipher Strength

  • 0 bits (no encryption) 0%
  • < 128 bits (e.g., 40, 56) 20%
  • < 256 bits (e.g., 128, 168) 80%
  • >= 256 bits (e.g., 256) 100%

So I just use 256 bit cipher suites.

 

Here is a test site, I tried it today, 2018-08-11. It is A+ with four 100% scores.

Here is the most important part of Nginx config file. I put them all together.

ssl_certificate /etc/nginx/ssl/whovpn.com/fullchain;
ssl_certificate_key /etc/nginx/ssl/whovpn.com/key;
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

ssl_dhparam /etc/nginx/ssl/dhparam.pem;

# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384';
ssl_prefer_server_ciphers on;

ssl_ecdh_curve secp384r1;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;

 

## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /etc/nginx/ssl/whovpn.com/fullchain;

resolver 8.8.8.8;

Ubuntu 17.10 (Artful Aardvark) End of Life reached on July 19 2018

July 19, 2018 / / 0 Comments

Today, I received the email, regarding the life of Ubuntu 17.10. You will see it is end of life on July 19, 2018, means Today.
If you are still using Ubuntu 17.10, you would better to upgrade to Ubuntu 18.04.

This is a follow-up to the End of Life warning sent earlier this month
to confirm that as of today (July 19, 2018), Ubuntu 17.10 is no longer
supported. No more package updates will be accepted to 17.10, and
it will be archived to old-releases.ubuntu.com in the coming weeks.

The original End of Life warning follows, with upgrade instructions:

Ubuntu announced its 17.10 (Artful Aardvark) release almost 9 months
ago, on October 19, 2017. As a non-LTS release, 17.10 has a 9-month
support cycle and, as such, the support period is now nearing its
end and Ubuntu 17.10 will reach end of life on Thursday, July 19th.

At that time, Ubuntu Security Notices will no longer include
information or updated packages for Ubuntu 17.10.

The supported upgrade path from Ubuntu 17.10 is via Ubuntu 18.04.
Instructions and caveats for the upgrade may be found at:

https://help.ubuntu.com/community/BionicUpgrades

Ubuntu 18.04 continues to be actively supported with security updates
and select high-impact bug fixes. Announcements of security updates
for Ubuntu releases are sent to the ubuntu-security-announce mailing
list, information about which may be found at:

https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

On behalf of the Ubuntu Release Team,

Adam Conrad

php Benchmark test on php 7.2

June 7, 2018 / / 0 Comments

Now it is a php 7.2. Included in the Ubuntu 18.04.

My site is running on this platform. I also want to try to run the php Benchmark test, and see how fast it is.

 

--------------------------------------
|        PHP BENCHMARK SCRIPT        |
--------------------------------------
Start : 2018-06-07 11:38:41
Server : webexample.win@50.116.5.237
PHP version : 7.2.5-0ubuntu0.18.04.1
Platform : Linux
--------------------------------------
test_ifelse               : 0.159 sec.
test_loops                : 0.249 sec.
test_stringmanipulation   : 0.394 sec.
test_math                 : 0.284 sec.
--------------------------------------
Total time:               : 1.086 sec.

I ran five times and the average time is 1.113 second.

Compare with the previous PHP.

  • php 7.0, 2.342 seconds
  • HHVM 5.6.99,  1.4 seconds
  • php 5.5, 5.646 seconds
  • php 5.4, 5.417 seconds
  • php 5.3, 6.567 seconds

Continue reading

Color Scheme for the command line of bash

May 29, 2018 / / 0 Comments

When I install the Ubuntu server and ssh to the server, the default shell is bash.

It looks like below.

I prefer to have a colorful terminal window. So I goole it and find the solution:

  • open ~/.bashrc in an editor
  • copy this and add it at the end of .bashrc file:
PS1='\[\033[1;36m\]\u\[\033[1;31m\]@\[\033[1;32m\]\h:\[\033[1;35m\]\w\[\033[1;31m\]\$\[\033[0m\] '
  • save the file and restart bashrc:
source ~/.bashrc

After that, the terminal window changed as below:

The user name, host name, path have different colors.

 

Continue reading

Waiting for the Ubuntu 18.04 LTS

April 24, 2018 / / 0 Comments

Based on the schedule of release, Ubuntu 18.04 LTS (Bionic Beaver) will be released on April 26, 2018, the day after tomorrow.

Now, my all VPS is running on the Ubuntu 16.04 LTS. LTS is an abbreviation for “Long Term Support”.  An LTS version is released every two years. So after Ubuntu 16.04 LTS, it is Ubuntu 18.04 LTS.  Now all LTS version has five years support.

I can use Ubuntu 16.04 LTS until 2021. Security updates will be released during the time period.

I am waiting for the release of Ubuntu 18.04 LTS. I would like to try it on my staging server, or a virtual machine. Try all my existing web programs on Ubuntu 18.04 LTS. Find the compatible problems then fix them.

Maybe after a few months testing. I am sure there are no issues with it. I will install a new VPS with Ubuntu 18.04 LTS and move the websites to it.

Continue reading

Resize the partition

Extend VirutalBox disk of Ubuntu 16.04

October 16, 2017 / / 0 Comments

I have a VM using VirtualBox on Windows 10. The VM was created last year. Now I feel it is too small.  I am going to increased the disk without damaging the data on it.

The basic information of the VM.

  • It is Ubuntu 16.04 server mode. It means no GUI installed.
  • The original disk size is 8GB.
  • VDI disk file.
  • LVM file system was used when I installed the VM.
  • Windows 10 pro (15063.674 build) is the host system.
  • VirtualBox 5.1.28 when I do the following.

I am going to increased the disk size from 8Gb to 12GB.

Step 1: Increase the vdi file.

D:\VirtualBox VM&gt;"C:\Program Files\Oracle\VirtualBox\VBoxmanage" modifyhd "ubuntu 16.04.vdi" --resize 12000
0%...10%...20%...30%...40%...50%...60%...70%...80%...90%...100%

Step 2: Use Gparted CD image to modify the size of partition.

  • Download the latest verion of Gparted v0.30 iso file.
  • Attached the iso file to storage of the VM.
  • Start the VM.
  • Using default option of Gparted tool.
  • The following screen shown in the VM terminal window.

partition with the lockThere are two locks on the partitions, sda2 and sda5.

I have to unlock them first.  Highlight the sda5, right-click and choose Deactivate.

Deactive the partition Continue reading

« Older posts Newer posts »

© 2020 David Yin's Blog

Theme by Anders NorenUp ↑