My site is moved to another VPS, but still with Linode.
This time, it is at Fremont, CA. As I mentioned in my last post, the CPU is E5-2697 v4.
There is a few changes on the default VPS.
- Turn on BBR.
- php opcache cache size from 128MB to 256MB
- MariaDB default collection from utf8mb4_general_ci to utf8_general_ci
Continue reading “Some changes on VPS”
My new server uses Nginx as a web server. When I check the error log of it, I saw a lot of warnings.
2016/08/27 07:30:03 [warn] 11951#11951: *590544 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/3/28/0000008283 while reading upstream, client: 220.127.116.11, server: www.phpbbchinese.com, request: “GET /download/file.php?id=109 HTTP/1.1”, upstream: “fastcgi://unix:/run/php/php7.0-fpm.sock:”, host: “www.phpbbchinese.com”
I did the search and found some posts about this kind of warnings. OK, let record it and see what happened later.
fastcgi_buffers 32 8k;
Continue reading “Change directives of Nginx”
When you saw this post, it means the blog is moved to a new server at Linode.
New server is a little bit better than the old one at DigitalOcean.
Here is how old server looks like:
- Operating system Ubuntu Linux 14.04.4
- Kernel and CPU Linux 3.13.0-88-generic on x86_64
- Processor information Intel(R) Xeon(R) CPU E5-2630L v2 @ 2.40GHz, 1 cores
- 1 GB RAM
- 20 GB Storage SSD
New server at Linode has following specs:
- Operating system Ubuntu Linux 16.04
- Kernel and CPU Linux 4.6.3-x86_64-linode70 on x86_64
- Processor information Intel(R) Xeon(R) CPU E5-2680 v3 @ 2.50GHz, 1 cores
- 2 GB RAM
- 24GB Storage SSD
Continue reading “Move to Linode Server”
It is good to know that Amazon AWS service adds new edge locations in Montreal and Toronto for Cloudfront. I hope it will be soon to have a new edge in Canada West, such as Vancouver.
Amazon CloudFront adds new edge locations in Montreal and Toronto, our first in Canada
We are pleased to announce the launch of our newest edge locations in Toronto and Montreal, our first edge locations in Canada. Adding locations in Canada has been frequently requested by our customers so we are excited to add these two locations to our global network. If you’re already using Amazon CloudFront, you don’t need to do anything to your applications as requests are automatically routed to these locations when appropriate.
These new edge locations help improve performance and availability to end users of your applications and support all Amazon CloudFront features at no additional cost. Pricing for the new edge locations in Canada is the same as that in the US.
We have also added a second edge location in Sao Paolo, Brazil, our third edge location in Brazil. With the addition of the new locations in Canada and the second edge location in Sao Paolo, Amazon CloudFront now has a total of 59 edge locations worldwide. To see a list of all Amazon CloudFront global edge locations, please see our edge location list. To learn more about the service, attend a monthly office hour session that includes Q&A with Amazon CloudFront Engineers and Product Managers. Visit Amazon CloudFront for more information and register for the next office hour.
Continue reading “Amazon CloudFront adds Canadian edge servers”
It is 2016, your website must be SSL encrypted. Now, you have questions, how about my server and how about my SSL installation? This is the answer to this question. You must try these five free tools to test, check, analyse your https website.
It is an SSL checker. Enter server hostname and click check SSL button. It will give you the brief results, including server type, certificate CA, expiration day, etc.
No.2 Symantec CryptoReport
It is a powerful tool with good design. The result is more and it is the only one can tell you how many certificates installed. Look at below, the report said, I have RSA and ECC certificates installed. The report
The report has following information:
- Certificate is installed correctly.
- Certificate chain installation part.
- Server configuration:(Server type, IP, Port, Protocols, Cipher suites, etc.)
Continue reading “5 Free SSL Tools You Must Try in 2016”
Now my Blog, David Yin Blog is https encrypted . And it is also HSTS enabled. And latest, it is HSTS preload enabled.
It has three layers meaning.
- https support.
- HSTS enabled.
- HSTS preload enabled.
Let me explain them one by one.
First, add https support. I did this step on Feb. 2016, when I announced that SSL added. I recorded how I get the SSL certificate and install it on Nginx web server.
After that, all content send back and force from my Blog to an audience is encrypted. Even ISP can not read the content from the data traffic.
Second, I add the HSTS into the Nginx configuration, to make it more secure.
What is HSTS?
HTTP Strict Transport Security (HSTS) is a web security policy mechanism which helps to protect websites against protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. HSTS is an IETF standards track protocol and is specified in RFC 6797
Continue reading “Add my Blog to HSTS preload list”
Now, a lot of web site are going to add SSL for security purpose.
Just like my site here, the SSL Report is as below.
It is A+. The score is great. When I look at it close. There are four parts. Three of them are not 100%.
Can I make it all 100?
I use one test site to do my research and try to make it 100.
OK. Let me show you why and how to do it.
Continue reading “How to make the SSL site 100 in all four fields of SSLLAB Server Test”
To provide higher security and better privacy protection, I added SSL certificate on my Blog, here.
When you enter the url of my blog: http:///www.yinfor.com/, it will redirect you to the SSL version, https://www.yinfor.com/
The certificate is purchased from gogetssl.com , three years certificate of Comodo PositiveSSL.
The latest price is $13.15/3years.
Look at the comodo secure lock, it is a site seal.
Continue reading “SSL added”
When I wrote my last post about the SSL issue of Burnaby City Website, I made a tweet and @cityofburnaby. They replied me on second day.
The official account of CityofBurnaby said the information has been forwarded to their IT team for review.
I thought my job is done. As a residence of Burnaby, I just have duty to help our city be noticed the issue.
Two days after that, @cityofburnaby send me another notice and said their IT team has applied the needed fix. The error is now resolved for Chrome browser on cell phones.
Continue reading “City of Burnaby Web Site SSL issue was fixed”
It is an error. When I enter the url of Burnaby City hall at Chrome browser on my cellphone, it displayed with error.
Red crossing line on the https. It said Your connection is not private. Attackers might be trying to steal your information from www.burnaby.ca.
It is OK when I browse the site on desktop. It looks normal.
I use SSLLABS server tool to check the certificate installation.
The report said it has a certificate chain issues: missing intermediate certificate. Continue reading “Web site of Burnaby City has SSL error”