Currently Viewing Posts in Web & Network

HTTP/2 vs SPDY 3.1

I have a web site, which was powered by Nginx 1.7. The SPDY 3.1 was enabled. Later last week, I upgraded it to Nginx 1.9.7 mainline version.

HTTP/2 already built with Nginx from version 1.9.5.  Why not enable HTTP/2?

I just did a very rough test.

 

1. Pingdom testing tool

SPDY 3.1: Performance Grade 97/100, 18 request,  load time 3.17s

HTTP/2: 97/100 18 request,  867ms

2015-11-23_110618

2. GTmetrix

SPDY 3.1: Pagespeed score A 98%, YSlow score A 95%, Pageload 1.0s,

HTTP/2: Pagespeed score A 98%, YSlow score A 95%, Pageload time 0.6s

3. Webpagetest

SPDY 3.1: Grade F A A n/a C Check

HTTP/2:

2015-11-23_110914

Continue reading “HTTP/2 vs SPDY 3.1”

Email Server Settings for ZOHOMail

Here is a notes for Email Server Settings. It is not just for Email server. It is mainly for DNS setting for Email server.

The purpose of it is to prevent from your outgoing email into spam box.

I have a web page, which use PHPMailer to send email. The problem of it is most of time the recipient found the email in the spam box. I am using sendmail to send out email.

Later I choose to use ZOHO as my email service provider. And choose smtp in PHPMailer.

So, the solution is here for ZOHO.

  1. SPF record
  2. DomainKeys

Continue reading “Email Server Settings for ZOHOMail”

Tools to check your SSL Installation

I have tried some tools to diagnose my SSL certificate installation.

Some related to correct certificate, and more on certificate chain issues.

SSL Certificates are trusted from its parent, or issued by its high lever certificate. It looks like a chain, one connect to other one and gos to the CA root.

Say, I have a SSL certificate for domain seo.g2soft.net.

  • Certificate of seo.g2osft.net is issued by Comodo RSA domain Validation Secure Server CA
  • Comodo RSA domain Validation Secure Server CA is issued by Comodo RSA certification Authority
  • Comodo Rsa Certification Authority is issued by AddTrust External CA Root.

The last one, AddTrust External CA Root is one of root CAs.  It is issued by itself. Root Certificates was installed in every computer or browsers already. It is trusted and in the trust store.

certificate-chain

The above is a corrected installation.

Tool One:

Geocerts SSL Checker

https://www.geocerts.com/ssl_checker

Tool Two:

DigiCert SSL Installation Diagnostics Tool

https://www.digicert.com/help/

Continue reading “Tools to check your SSL Installation”

CloudatCost VPS – an VPS service provider from Canada

I am customer of CloudatCost, which is a VPS service provider at Ontario, Canada.

I saw the Ads on twitter, or just someone make a tweet. The most interesting thing is the one time payment and no more recurring invoice. Only one time setup fee.  It also has monthly plan.

For example, the very basic plan, Developer 1, $1/month or $35/one time.

If subscribe the monthly plan, it will be $1/month, after a year, you paid $12.  One time fee $35 is about three year subscription fee. So pay three year service in the front. That’s it. You own the plan for ever.

cloudatcost-plans

I purchased plan Developer 2, by one time fee.

Developer 2:

  • $10/month or $70/one time
  • 2 Xeon vCPU
  • 1 public IP
  • 1GB ECC RAM
  • 20GB SSD
  • 100Mbit Network
  • 1TB monthly transfer

 

I have a coupon for 50% off, that means you just need to pay $35/one time fee, you can have it for ever. See the coupon code :

Continue reading “CloudatCost VPS – an VPS service provider from Canada”

Wifi Standard 802.11ac

802.11ac is main stream as well as 802.11n.

Because 802.11n has better distance and more power to pass-through wall. But 802.11ac is much fast than 802.11n.

802.11ac Technology Overview:

11n Specification:

  • 2.4 and 5Ghz  Supported
  • Wider channels 40MHz
  • Better modulation 64QAM
  • Additional streams up to 4 streams
  • Beam forming
  • Backwards compatibility, with 11a/b/g

11ac introduces:

  • 5GHz supported
  • Even wider channels 80Mhz and 160 Mhz
  • Better modulation 256 QAM
  • Additional streams up to 8
  • Beam forming
  • Backwards compatibility with 11a/b/g/n

Wider Channels:

80MHz channels is 4.5x faster than 20MHz

 

Now 802.11ac v2 is comming. Also called wave 2. It is expected to be available in 2015.

Here is some highlights of wave 2 802.11ac.

MU-MIMO

  • Use AP MIMO resources more effectively
  • Transmit data to multiple devices simultaneously.

4×4:4SS

  • Benefit of additional stream mostly for MU-MIMO
  • Not anticipating any 4×4:4SS client devices
  • Adds 33% to max datarate

VHT160

  • Double s max datarate
  • Practical problem: only 2 VHT160 channels in entire 5GHz band

Continue reading “Wifi Standard 802.11ac”

Fix some Crawl errors of my blog

I found some errors in Google Search Console —  Crawl Error. More than 400 errors of Not-Found.

After checking the details of these errors, I am noticed that they are the dead links which were brought after I converted this blog from MovableType to WordPress.

Some links are changed and I forgot to implement the redirection.

OK. Now I add some rules in .htaccess file to make these dead link to redirect to the correct URLs.

301_htaccess_redirect

Here is some examples.

Monthly archives:

Old url is https://www.yinfor.com/archives/2012/09/

New url is https://www.yinfor.com/2012/09/

So I added following rule into .htaccess file in root.

# Redirect monthly archives
RewriteRule ^archives/([0-9\/]*)/ /$1/ [R=301,L]

Tag page:

Old tag page is https://www.yinfor.com/mtcgi/mt-search.cgi?IncludeBlugs=4,1&tag=beta&limit=20

New tag page is https://www.yinfor.com/tag/beta/

I add following rule into .htaccess

RewriteCond %{QUERY_STRING} ^IncludeBlogs=([0-9,]*)&tag=(.*)&limit=20$
RewriteRule ^(.*)$ https://www.yinfor.com/tag/%2? [L,R=301]

Another type of tag page:

Old tag page is https://www.yinfor.com/mtcgi/mt-search.cgi?tag=Gogle&blog_id=5

New tag page is https://www.yinfor.com/tag/Google/

Add following into .htaccess file.

RewriteCond %{QUERY_STRING} ^tag=(.*)&blog_id=([0-9])$
RewriteRule ^(.*)$ https://www.yinfor.com/tag/%1? [L,R=301]

Server Name Indication (SNI)

Server Name Indication is an extension to the TLS computer networking protocol by which a client indicates which hostname it is attempting to connect to at the start of the handshaking process.

The most import reason to have this extension is to allow a server to present multiple SSL web site, or multiple certificates on the same IP address and TCP port number. So one IP address can serve more than one HTTPS web sites.

This extension insert the host name in the very first request sending from client Hello header. The standard TLS will send host name after handshaking.

TLS handshake using SNI

Continue reading “Server Name Indication (SNI)”

HHVM 3.6 has problem with MariaDB

The same script php file, always works smoothly on HHVM 3.2 to HHVM 3.5. Until I upgrade it to HHVM 3.6.

It is a simply script which use mysqli connection and so on. Now it is shown the error as below:

Connect failed: Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

I tried to find the answer and faild. So I upgrde the HHVM to nightly build version. It is 3.7-dev.

davidyin@fiob:/etc/hhvm$ hhvm --version
HipHop VM 3.7.0-dev (rel)
Compiler: heads/master-0-g0359d4a4bbb22c5defd7eb024194aed0af24c80b
Repo schema: 9008d5e6e7f6584d09ed3b14deceac5a34f363c1

And it did solve the error, and the script is working as expected.

But, later I found the reason why it happen.

Add

hhvm.mysql.socket = /tmp/mysql.sock

into server.ini

To specify the mysql socket and let HHVM knows how to connect mySQL server or MariaDB server.

I did not try the solution.  I found it here.

Linode has a security updates

Received an email from Linode about the security updates. It happened on yesterday.

The Email said:

Linode recently received several Xen Security Advisories (XSAs) that require us to perform updates to our host servers. In order to apply the updates, hosts and the Linodes running on them must be rebooted. The XSAs will be publicly released by the Xen project team on March 10th, therefore we must complete the updates before that date.

These updates are required to protect the security and safe operations of not only our infrastructure, but yours as well. We understand that a disruption with such limited notice is inconvenient, and we hope you understand that these measures are warranted due to the severity of the XSAs.

Your Linodes have been assigned a maintenance window in which a reboot will occur. These times are listed within the Linode Manager[1] in the timezone set in your user’s My Profile[2]. Your schedule in UTC timezone is as follows:

* 2015-03-08 3:00:00 PM UTC – linodexxxxxx

During the maintenance window Linode instances will be cleanly shut down while we perform the updates. Your Linode will be inaccessible during this time. A two-hour window is allocated, however the actual downtime can be much less. After the maintenance, each Linode will then be booted. See our Reboot Survival Guide[3] for tips and hints on configuring and testing that your Linode services boot properly after the maintenance.

Unfortunately, due the logistical demands of this effort, your assigned windows are not changeable and the host reboots are mandatory.

 

It is about one hour sever down time on my VPS.

xen-security

http://xenbits.xen.org/xsa/

  • Archives