Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
server
Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
This is a draft post showing how you can monitor the performance of a server (or servers) with NixStats and receive alerts by SMS, Push, Email, Telegram etc
fyi: This is not a paid post, this is just me using the NixStats software to monitor my servers and send alerts.
Advertisement:
Finding a good host
If you have not read my previous posts I have now moved my blog to the awesome UpCloud host (signup using this link to get $25 free UpCloud VM credit). I compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here). Here is my blog post on moving from Vultr to UpCloud.
Buy a domain name here
Monitoring Servers
The post below will show you how you can monitor servers online with https://nixstats.com/ and send alerts when resources reach limits or servers fail.
I signed up and started a Nixstats (14 day free trial).
After I created an account I was emailed by Nixtsats with agent install instructions for Linux (1 line). I was also advised to add contacts and to set up alerts.
I logged into the Nixstats settings and set up…
- My Timezone
- Default reporting period
- First name and Surname
- Reporting emails
- etc
Nixstats Subscription Upgrade
Subscription options
- Free (5 monitors, 1 server, 24-hour data retention etc)
- Founder (25 monitors, 10 servers, 30-day data retention etc)
- Business (100 monitors, 15 servers, 60-day data retention etc)
I enabled the limited founder subscription so I can monitor 10x servers (this deal is too good to miss). I tried creating a status page myself last year and it is terribly hard.
I am now out of the free trial period 🙂 Let’s start monitoring many servers.
I enabled two factor Auth to Nixstats logins
I created a Nixstats API key for future use (watch this space)
I installed the Nixstats agent (the dashboard gave a 1 line command you can run as root to install the agent (on Linux)).
FYI: Command (######################## is a number linked to your account)
1 | wget --no-check-certificate -N https://www.nixstats.com/nixstatsagent.sh && bash nixstatsagent.sh ######################## |
Output
1 2 3 4 5 6 7 | wget --no-check-certificate -N https://www.nixstats.com/nixstatsagent.sh && bash nixstatsagent.sh ######################## --2018-10-02 09:53:56-- https://www.nixstats.com/nixstatsagent.sh Resolving www.nixstats.com (www.nixstats.com)... 2400:cb00:2048:1::6819:8013, 2400:cb00:2048:1::6819:8113, 104.25.128.19, ... Connecting to www.nixstats.com (www.nixstats.com)|2400:cb00:2048:1::6819:8013|:443... connected. HTTP request sent, awaiting response... 200 OK Length: 38708 (38K) [application/octet-stream] Saving to: 'nixstatsagent.sh' |
nixstatsagent.sh 100%[====================================================>] 37.80K –.-KB/s in 0.1s
2018-10-02 09:53:56 (338 KB/s) – ‘nixstatsagent.sh’ saved [38708/38708]
Found Ubuntu …
Installing …
Installing Python2-PIP …
Installing nixstatsagent …
Generation a server id …
Got server_id: ######################
Creating and starting service
Created symlink /etc/systemd/system/multi-user.target.wants/nixstatsagent.service -> /etc/systemd/system/nixstatsagent.service.
Created the nixstatsagent service
Server Dashboard
below is a summary of all connected servers ( https://nixstats.com/dashboard/servers ).
Monitor Setup
I set up a number of monitors to monitor ping replies and https traffic
Advanced Monitoring
I can also set the monitor credentials, timeouts, retries, auth methods, max redirects and frequency. If you server blocks login or resource GET attempts you may need to whitelist IP’s. IP’s of monitoring servers are located here https://nixstats.com/whitelist.php
Monitor Summary
The default dashboard is very informative. Feel free to create your own dashboards that focus on your own infastructure or apps.
Individual Server Reports
Advertisement:
You can click on a server and monitor it in detail.
Server Memory Graphs
Long-term memory graphs.
Install Optional Nixstats Plugins
Nixstats offers many plugins to monitor software that is installed on your server (e.g NGINX, MySQL, PHP etc).
1) NGINX Monitoring (Plugin)
To enable NGINX monitoring I read https://help.nixstats.com/en/article/monitoring-nginx-50nu7f/
I edited my NGINX sites-enabled config.
1 | sudo nano /etc/nginx/sites-enabled/default |
I added the following
1 2 3 4 5 6 7 8 9 | server { listen 127.0.0.1:8080; server_name localhost; location /status_page { stub_status on; allow 127.0.0.1; deny all; } } |
I tested, reloaded and restarted NGINX
1 2 3 | nginx -t nginx -s reload /etc/init.d/nginx restart |
The status page will only be available on the local machine, I tested the page on the local machine
1 2 3 4 5 | wget -qO- http://127.0.0.1:8080/status_nginx Active connections: 3 server accepts handled requests 15 15 31 Reading: 0 Writing: 1 Waiting: 2 |
It’s Working.
I edit /etc/nixstats.ini
1 | sudo nano /etc/nixstats.ini |
I remove comments before these lines to enable the plugin
1 2 3 | [nginx] enabled = yes status_page_url = http://127.0.0.1:8080/status_nginx |
I ran the following command to see if NGINX monitoring is possible
1 | nixstatsagent --test nginx |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 | nginx: { "accepts": 39, "accepts_per_second": 0.0, "active_connections": 6, "handled": 39, "handled_per_second": 0.0, "reading": 0, "requests": 119, "requests_per_second": 0.0, "waiting": 5, "writing": 1 } |
It’s Working
I restarted the nixstatsagent
1 | service nixstatsagent restart |
I can now view NGINX properties like active_connections in my dashboard. 🙂
2) Enable PHP-FPM Monitoring (Plugin)
Looks like a PHP-FPM monitoring was recently added lets set that up too. Read my guide on setting up PHP child workers here.
We’ve added a premade dashboard for PHP-FPM. If you’re not yet monitoring PHP-FPM take a look at the integration guide https://t.co/X4ywRHw9hX pic.twitter.com/aag1fTsr3R
— Nixstats (@nixstats) September 6, 2018
To enable PHP-FPM monitoring I read https://help.nixstats.com/en/article/monitoring-php-fpm-1tlyur6/
I edited my PHP-FPM ini file
1 | sudo nano /etc/php/7.2/fpm/pool.d/www.conf |
I added the following line
1 | pm.status_path = /status_phpfpm |
Restart PHP
1 | sudo service php7.2-fpm restart |
I added the following to /etc/nginx/sites-enabled/default localhost server block added above Note I use php 7.2 below (read more here).
1 2 3 | server { listen 127.0.0.1:8080; server_name localhost; |
location /status_phpfpm {
access_log off;
allow 127.0.0.1;
deny all;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
log_not_found off;
}
}
I tested, reloaded and restarted NGINX
1 2 3 | nginx -t nginx -s reload /etc/init.d/nginx restart |
I restart PHP-FPM
1 | sudo systemctl restart php7.2-fpm |
Enabled the plugin in /etc/nixstats.ini
1 2 3 | [phpfpm] enabled = yes status_page_url = http://127.0.0.1:8080/status_phpfpm?json |
I tested the status page
1 | wget -qO- http://127.0.0.1:8080/status_phpfpm?json |
Output:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | { "pool":"www", "process manager":"static", "start time":1538654543, "start since":178, "accepted conn":28, "listen queue":0, "max listen queue":0, "listen queue len":0, "idle processes":49, "active processes":1, "total processes":50, "max active processes":2, "max children reached":0, "slow requests":0 } |
Advertisement:
I tested the agent
1 | nixstatsagent --test phpfpm |
Output:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 | phpfpm: { "accepted_conn": 51, "accepted_conn_per_second": 0.0, "active_processes": 1, "idle_processes": 49, "listen_queue": 0, "listen_queue_len": 0, "max_active_processes": 2, "max_children_reached": 0, "max_listen_queue": 0, "pool": "www", "process_manager": "static", "slow_requests": 0, "start_since": 318, "start_time": 1538654543, "total_processes": 50 } |
I can now query PHP-FPM status values in Nixstats 🙂
Enable MySQL Monitoring (Plugin)
To enable MySQL monitoring I read https://help.nixstats.com/en/article/monitoring-mysql-1frskd8/
I edited the nixstats.ini
1 | sudo nano /etc/nixstats.ini |
I enabled the mysql section in nixstats.ini and added my mysql credentials
1 2 3 4 5 6 7 8 | [mysql] enabled=yes username=mysqluser password=####################### host=127.0.0.1 database=mysql port=3306 socket=null |
I ran this command to test MySQL querying
1 2 3 | nixstatsagent --test mysql mysql: Load error: No module named MySQLdb |
I had an error.
A quick Google revealed I had to install a mysql python module.
1 | sudo apt-get install python-mysqldb |
Allow localhost to connect to MySQL
Edit /etc/mysql.cnf and allow all localhost and external connections (I could not bind to localhost and an external IP at the same time)
1 | bind-address = 0.0.0.0 |
TIP: Ensure you have firewalled access to your MySQL server, never open it up without protection.
Let’s try again
1 | nixstatsagent --test mysql |
Output
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 | mysql: { "aborted_clients": 0, "aborted_connects": 0, "binlog_cache_disk_use": 0, "binlog_cache_use": 0, "bytes_received": 0, "bytes_sent": 0, "com_delete": 0, "com_delete_multi": 0, "com_insert": 0, "com_insert_select": 0, "com_load": 0, "com_replace": 0, "com_replace_select": 0, "com_select": 0, "com_update": 0, "com_update_multi": 0, "connections": 0, "created_tmp_disk_tables": 0, "created_tmp_files": 0, "created_tmp_tables": 0, "key_read_requests": 0, "key_reads": 0, "key_write_requests": 0, "key_writes": 0, "max_used_connections": 3.0, "open_files": 14.0, "open_tables": 316.0, "opened_tables": 0, "qcache_free_blocks": 1.0, "qcache_free_memory": 16760152.0, "qcache_hits": 0, "qcache_inserts": 0, "qcache_lowmem_prunes": 0, "qcache_not_cached": 0, "qcache_queries_in_cache": 0, "qcache_total_blocks": 1.0, "questions": 0, "select_full_join": 0, "select_full_range_join": 0, "select_range": 0, "select_range_check": 0, "select_scan": 0, "slave_open_temp_tables": 0.0, "slow_launch_threads": 0, "slow_queries": 0, "sort_range": 0, "sort_rows": 0, "sort_scan": 0, "table_locks_immediate": 0, "table_locks_waited": 0, "threads_cached": 2.0, "threads_connected": 1.0, "threads_created": 0, "threads_running": 1.0, "uptime": 35837.0 } |
Nice,
I restart MySQL
1 | sudo systemctl restart mysql |
I restart my Nixstats service
1 | service nixstatsagent restart |
Now let’s monitor MySQL in Nixstats
I can now view MySQL metrix
Status Page
Nixstats allows you to create a status page ( https://nixstats.com/pages/overview ) where you can add any servers or monitors to that page. This stats page is truly awesome, it builds a live status page based on data coming from your installed agents.
You can even set up a custom subdomain that points to a Nixstats hosted status page too (e.g https://status.yourdomain.com).
FYI: An SSL certificate on your staus page may take a few hours to set up. Don’t panic if it is not instantatly available.
Nice.
This saves doing it yourself. The status page will look like it running on your server.
Status Page
You can create a status page that automatically aggregates collected data from monitors and displays them in a nice layout.
This is great, I used to do my own status pages but not anymore.
Alerts
I added a contact so I could receive alerts. I could then add my mobile, email and PushOver key (to receive push notifications) and Telegram Bot API token.
Test Alerts
I sent a test alert to each service against the contact.
Advertisement:
I activated a Pushover licence on my Android device for about $7.49 AUD (one off) to ensure I keep getting Push Notifications.
Nixstats have links that show you how you can create a Telegram Bot and Pushover.net account.
Pushover will cost about $5 USD one off per device (see faq).
I created the following alerts
Alert: Disk Usage higher than 90%
Alert: Load greater than 90 per cent for 1 minute
Alert: Less than 5 percent memory free.
Summary of alerts.
I also added a CPU reached 95% one for 5 mins alert too (but it’s not pictured above)
I forgot to specify alert recipients and methods for each alert so I edited each alert and added the contact.
Now it’s time to test the alerts.
I shut down a server to test alerts
1 | shutdown -h now |
Alerts to my defined Email, SMS, Push and Telegram are working a treat 🙂
After I rebooted the server I also received alerts about the server being back up.
The status page showed the server that was offline too.
Nice
Troubleshooting
I had an issue instaling the agent on Debian
I ran the following command
1 2 3 4 5 6 | wget --no-check-certificate -N https://www.nixstats.com/nixstatsagent.sh && bash nixstatsagent.sh ####################### --2018-10-02 00:41:38-- https://www.nixstats.com/nixstatsagent.sh Resolving www.nixstats.com (www.nixstats.com)... 2400:cb00:2048:1::6819:8113, 2400:cb00:2048:1::6819:8013, 104.25.129.19, ... Connecting to www.nixstats.com (www.nixstats.com)|2400:cb00:2048:1::6819:8113|:443... connected. HTTP request sent, awaiting response... 304 Not Modified File 'nixstatsagent.sh' not modified on server. Omitting download. |
nixstatsagent.sh: line 508: [: Installer exited with error code 0. See nixstatsagent.log for details.: integer expression expected
An error occured, please check the install log file (nixstatsagent.log)!
Contents of nixstatsagent.log
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 | cat nixstatsagent.log Ign:1 http://deb.debian.org/debian stretch InRelease Hit:2 http://deb.debian.org/debian-security stretch/updates InRelease Hit:3 http://deb.debian.org/debian stretch-updates InRelease Hit:4 http://deb.debian.org/debian stretch Release Ign:5 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic InRelease Ign:7 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic Release Ign:8 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main all Packages Hit:9 https://packages.sury.org/php stretch InRelease Ign:10 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main amd64 Packages Ign:11 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main Translation-en Ign:8 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main all Packages Ign:10 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main amd64 Packages Ign:11 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main Translation-en Ign:8 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main all Packages Ign:10 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main amd64 Packages Ign:11 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main Translation-en Ign:8 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main all Packages Ign:10 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main amd64 Packages Ign:11 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main Translation-en Ign:8 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main all Packages Ign:10 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main amd64 Packages Ign:11 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main Translation-en Ign:8 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main all Packages Err:10 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main amd64 Packages 404 Not Found Ign:11 http://ppa.launchpad.net/ondrej/php/ubuntu cosmic/main Translation-en Reading package lists... W: The repository 'http://ppa.launchpad.net/ondrej/php/ubuntu cosmic Release' does not have a Release file. E: Failed to fetch http://ppa.launchpad.net/ondrej/php/ubuntu/dists/cosmic/main/binary-amd64/Packages 404 Not Found E: Some index files failed to download. They have been ignored, or old ones used instead. nixstatsagent.sh: line 118: apt-get upgrade returned error code 100. Please see nixstatsagent.log for details.: command not found |
I asked the Nixstats chat help and I was advised I had a dead repository (I removed this (editing the dead repo in the appropriate file in /etc/apt/) and all was ok)
I had trouble testing my Telegram alerts but it was my fault as I forgot to follow the bot account I created. Telegram does not allow message from a user (bot) unless you follow them.
A chat with the Nixstats staff sorted me out. Thanks, Nixstats chat team.
I had an issue with a missing python mysql package
1 | Load error: No module named MySQLdb |
I solved it by instaling python-mysqldb
1 | sudo apt-get install python-mysqldb |
Nixstats Help
Nixstats have a help subdomain: https://help.nixstats.com/en/
Error Logs Plugin
I did ask Nixstats on Twitter and they said they are working on a logging plugin, I can’t wait for that.
We’re launching a closed beta for Logging at Nixstats. Contact us to get setup! You can search and tail log files across all your servers! pic.twitter.com/FIeip2SOUw
— Nixstats (@nixstats) October 4, 2018
I now have access to beta log features and can see log tabs in Nixstats
I had or check the version of my rsyslogd
1 2 3 4 5 6 7 8 9 10 11 12 13 14 | rsyslogd -v rsyslogd 8.32.0, compiled with: PLATFORM: x86_64-pc-linux-gnu PLATFORM (lsb_release -d): FEATURE_REGEXP: Yes GSSAPI Kerberos 5 support: Yes FEATURE_DEBUG (debug build, slow code): No 32bit Atomic operations supported: Yes 64bit Atomic operations supported: Yes memory allocator: system default Runtime Instrumentation (slow code): No uuid support: Yes systemd support: Yes Number of Bits in RainerScript integers: 64 |
I edited: /etc/rsyslog.d/31-nixstats.conf
I pasted
1 2 3 | ########################################################## ### Rsyslog Template for Nixstats ### ########################################################## |
$WorkDirectory /var/spool/rsyslog # where to place spool files
$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList # run asynchronously
$ActionResumeRetryCount -1 # infinite retries if host is down
template(name=”NixFormat” type=”string”
string=”<%pri%>%protocol-version% %timestamp:::date-rfc3339% %HOSTNAME% %app-name% %procid% %msgid% [5bb8825c3f0bc16aa068f144@5fJR7vuYTJOX6cEiyZlLv5By tag=\”rsyslog\”] %msg%\n”
)
action(type=”omfwd” protocol=”tcp” target=”log.nixstats.com” port=”514″ template=”NixFormat”)
#################END CONFIG FILE#########################
I restarted the rsyslog service
1 | sudo service rsyslog restart |
Live Log Output
I can see a live log from (unknown) logs.
I can see the firewall blocking access to certain ports.
Search logs
Blacklist Checking (Beta)
Nixstats tweeted “We just launched a new blacklist check feature. Monitor your IP and hostname reputation. Free during the Beta!”
I enabled it.
I received a Blacklist notification
I requested removal at junkmailfilter.com
Thanks Nixstats
Conclusion
This is one of the best software packages I have seen in a while. I have developed status
pages in the past (no more). Great work Nixstats.
Please check out Nixstats today, they are awesome. Signup for a free account and consider the limited time founder plan (it’s a bargain).
Nixstats Live chat support is awesome
Server Plug
If you need a server, consider using my referral code and get $25 UpCloud VM credit if you need to create a server online.
https://www.upcloud.com/register/?promo=D84793
Advertisement:
Ask a question or recommend an article
Revision History
v1.3 Blacklist beta
V1.2 Logs beta
v1.1 Logging Tweet
v1.0 Initial Post
Upgrading an Ubuntu server on UpCloud to add more CPU, Memory and Disk Space
Before UpCloud, when I had 512MB ram on Vultr I had multiple NGINX crashed a day so I used a bash script and scheduled a cron job to clear memory cache when memory fell below 100MB (view the script here). To further increase the speed of the WordPress I have configured the OS to use memory over the disk. About once a day free memory falls below 100MB (this is not a problem as my script clears cached items automatically).
Read the full article here: https://fearby.com/article/upgrading-an-ubuntu-server-on-upcloud-to-add-more-cpu-memory-and-disk-space/
Upgrading an Ubuntu server on UpCloud to add more CPU, Memory and Disk Space
Upgrading an Ubuntu server on UpCloud to add more CPU, Memory and Disk Space
Advertisement:
If you have not read my previous posts I have now moved my blog from Vultr to the awesome UpCloud host (signup using this link to get $25 free credit).
Recently I compared Digital Ocean, Vultr and UpCloud Disk IO here and UpCloud came out on top by a long way (read the blog post here). Here is my blog post on moving from Vultr to UpCloud.
Spoiler: UpCloud performance is great.
Why Upgrade
I have 1 CPU, 1 GB memory and 50GB storage and it is running well? I have PHP child workers set up and have set up the preferred use of memory over swap file usage.
Before UpCloud, when I had 512MB ram on Vultr I had multiple NGINX crashed a day so I used a bash script and scheduled a cron job to clear memory cache when memory fell below 100MB (view the script here). To further increase the speed of the WordPress I have configured the OS to use memory over the disk. About once a day free memory falls below 100MB (this is not a problem as my script clears cached items automatically).
I’d like to add more memory as I am working on some things (watch this space) and I will use the extra memory. I’d prefer the server is set up now for the expected workload.
How to Upgrade
This is how I upgraded from 1xCPU/2GB Memory/50GB Storage/2TB Transferred Data to a 2 CPU/4GB Mmeory/80GB Storage/4TB Transferred Data server.
UpCloud Pricing: https://www.upcloud.com/pricing/
Upgrade an UpCloud VM
I shut down my existing VM. Read this guide to setup a VM.
1 | shutdown -P |
Login to the UpCloud dashboard, select your server (confirm the server has shut down) and click General Settings, choose the upgrade and click Update.
I confirmed the upgrade options (2x CPU, 4096 MB Memory).
Click Update
After 10 seconds you can start your server from the UpCloud server.
I confirmed the CPU upgrade was visible in the VM
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 63 model name : Intel(R) Xeon(R) CPU E5-2687W v3 @ 3.10GHz stepping : 2 microcode : 0x1 cpu MHz : 3099.978 cache size : 16384 KB physical id : 0 siblings : 2 core id : 0 cpu cores : 2 apicid : 0 initial apicid : 0 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology cpuid pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm invpcid_single pti fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt arat bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass bogomips : 6199.95 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: processor : 1 vendor_id : GenuineIntel cpu family : 6 model : 63 model name : Intel(R) Xeon(R) CPU E5-2687W v3 @ 3.10GHz stepping : 2 microcode : 0x1 cpu MHz : 3099.978 cache size : 16384 KB physical id : 0 siblings : 2 core id : 1 cpu cores : 2 apicid : 1 initial apicid : 1 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc arch_perfmon rep_good nopl xtopology cpuid pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave avx f16c rdrand hypervisor lahf_lm abm invpcid_single pti fsgsbase tsc_adjust bmi1 avx2 smep bmi2 erms invpcid xsaveopt arat bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass bogomips : 6199.95 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: |
Software Tweaks Post Upgrade.
I added these settings to the top of /etc/nginx/nginx.conf to ensure the extra CPU was used.
1 2 | worker_processes auto; worker_cpu_affinity auto; |
I increased PHP FPM ( /etc/php/7.2/fpm/php.ini ) to increase the memory usage and child workers. I doubled child workers and max memeory limit.
1 2 3 4 5 | memory_limit = 3072M pm.max_children = 80 pm.start_servers = 30 pm.min_spare_servers = 10 pm.max_spare_servers = 30 |
I restarted NGINX and PHP
1 2 3 4 | nginx -t nginx -s reload /etc/init.d/nginx restart service php7.2-fpm restart |
I tweaked WordPress max memory limits
1 2 | define( 'WP_MEMORY_LIMIT','3072M'); define( 'WP_MAX_MEMORY_LIMIT','3072M'); |
MySQL Tweaks: I logged into MySQL
1 | mysql -u root -p |
I ran “SHOW GLOBAL STATUS” to view stats
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 | mysql> SHOW GLOBAL STATUS; +-----------------------------------------------+--------------------------------------------------+ | Variable_name | Value | +-----------------------------------------------+--------------------------------------------------+ | Aborted_clients | 0 | | Aborted_connects | 0 | | Binlog_cache_disk_use | 0 | | Binlog_cache_use | 0 | | Binlog_stmt_cache_disk_use | 0 | | Binlog_stmt_cache_use | 0 | | Bytes_received | 3179986 | | Bytes_sent | 223872114 | | Com_admin_commands | 0 | | Com_assign_to_keycache | 0 | | Com_alter_db | 0 | | Com_alter_db_upgrade | 0 | | Com_alter_event | 0 | | Com_alter_function | 0 | | Com_alter_instance | 0 | | Com_alter_procedure | 0 | | Com_alter_server | 0 | | Com_alter_table | 0 | | Com_alter_tablespace | 0 | | Com_alter_user | 0 | | Com_analyze | 0 | | Com_begin | 0 | | Com_binlog | 0 | | Com_call_procedure | 0 | | Com_change_db | 284 | | Com_change_master | 0 | | Com_change_repl_filter | 0 | | Com_check | 0 | | Com_checksum | 0 | | Com_commit | 0 | | Com_create_db | 0 | | Com_create_event | 0 | | Com_create_function | 0 | | Com_create_index | 0 | | Com_create_procedure | 0 | | Com_create_server | 0 | | Com_create_table | 0 | | Com_create_trigger | 0 | | Com_create_udf | 0 | | Com_create_user | 0 | | Com_create_view | 0 | | Com_dealloc_sql | 0 | | Com_delete | 18 | | Com_delete_multi | 0 | | Com_do | 0 | | Com_drop_db | 0 | | Com_drop_event | 0 | | Com_drop_function | 0 | | Com_drop_index | 0 | | Com_drop_procedure | 0 | | Com_drop_server | 0 | | Com_drop_table | 0 | | Com_drop_trigger | 0 | | Com_drop_user | 0 | | Com_drop_view | 0 | | Com_empty_query | 0 | | Com_execute_sql | 0 | | Com_explain_other | 0 | | Com_flush | 0 | | Com_get_diagnostics | 0 | | Com_grant | 0 | | Com_ha_close | 0 | | Com_ha_open | 0 | | Com_ha_read | 0 | | Com_help | 0 | | Com_insert | 342 | | Com_insert_select | 0 | | Com_install_plugin | 0 | | Com_kill | 0 | | Com_load | 0 | | Com_lock_tables | 0 | | Com_optimize | 0 | | Com_preload_keys | 0 | | Com_prepare_sql | 0 | | Com_purge | 0 | | Com_purge_before_date | 0 | | Com_release_savepoint | 0 | | Com_rename_table | 0 | | Com_rename_user | 0 | | Com_repair | 0 | | Com_replace | 0 | | Com_replace_select | 0 | | Com_reset | 0 | | Com_resignal | 0 | | Com_revoke | 0 | | Com_revoke_all | 0 | | Com_rollback | 0 | | Com_rollback_to_savepoint | 0 | | Com_savepoint | 0 | | Com_select | 16358 | | Com_set_option | 849 | | Com_signal | 0 | | Com_show_binlog_events | 0 | | Com_show_binlogs | 0 | | Com_show_charsets | 0 | | Com_show_collations | 0 | | Com_show_create_db | 0 | | Com_show_create_event | 0 | | Com_show_create_func | 0 | | Com_show_create_proc | 0 | | Com_show_create_table | 0 | | Com_show_create_trigger | 0 | | Com_show_databases | 3 | | Com_show_engine_logs | 0 | | Com_show_engine_mutex | 0 | | Com_show_engine_status | 0 | | Com_show_events | 0 | | Com_show_errors | 0 | | Com_show_fields | 921 | | Com_show_function_code | 0 | | Com_show_function_status | 0 | | Com_show_grants | 0 | | Com_show_keys | 1 | | Com_show_master_status | 0 | | Com_show_open_tables | 0 | | Com_show_plugins | 0 | | Com_show_privileges | 0 | | Com_show_procedure_code | 0 | | Com_show_procedure_status | 0 | | Com_show_processlist | 0 | | Com_show_profile | 0 | | Com_show_profiles | 0 | | Com_show_relaylog_events | 0 | | Com_show_slave_hosts | 0 | | Com_show_slave_status | 0 | | Com_show_status | 6 | | Com_show_storage_engines | 0 | | Com_show_table_status | 0 | | Com_show_tables | 2 | | Com_show_triggers | 0 | | Com_show_variables | 6 | | Com_show_warnings | 1 | | Com_show_create_user | 0 | | Com_shutdown | 0 | | Com_slave_start | 0 | | Com_slave_stop | 0 | | Com_group_replication_start | 0 | | Com_group_replication_stop | 0 | | Com_stmt_execute | 4 | | Com_stmt_close | 4 | | Com_stmt_fetch | 0 | | Com_stmt_prepare | 4 | | Com_stmt_reset | 0 | | Com_stmt_send_long_data | 4 | | Com_truncate | 2 | | Com_uninstall_plugin | 0 | | Com_unlock_tables | 0 | | Com_update | 70 | | Com_update_multi | 0 | | Com_xa_commit | 0 | | Com_xa_end | 0 | | Com_xa_prepare | 0 | | Com_xa_recover | 0 | | Com_xa_rollback | 0 | | Com_xa_start | 0 | | Com_stmt_reprepare | 0 | | Connection_errors_accept | 0 | | Connection_errors_internal | 0 | | Connection_errors_max_connections | 0 | | Connection_errors_peer_address | 0 | | Connection_errors_select | 0 | | Connection_errors_tcpwrap | 0 | | Connections | 292 | | Created_tmp_disk_tables | 1124 | | Created_tmp_files | 30 | | Created_tmp_tables | 1369 | | Delayed_errors | 0 | | Delayed_insert_threads | 0 | | Delayed_writes | 0 | | Flush_commands | 1 | | Handler_commit | 6094 | | Handler_delete | 33 | | Handler_discover | 0 | | Handler_external_lock | 38571 | | Handler_mrr_init | 0 | | Handler_prepare | 0 | | Handler_read_first | 2299 | | Handler_read_key | 134761 | | Handler_read_last | 237 | | Handler_read_next | 310119 | | Handler_read_prev | 2733 | | Handler_read_rnd | 222350 | | Handler_read_rnd_next | 472820 | | Handler_rollback | 0 | | Handler_savepoint | 0 | | Handler_savepoint_rollback | 0 | | Handler_update | 15605 | | Handler_write | 17310 | | Innodb_buffer_pool_dump_status | Dumping of buffer pool not started | | Innodb_buffer_pool_load_status | Buffer pool(s) load completed at 180624 23:38:01 | | Innodb_buffer_pool_resize_status | | | Innodb_buffer_pool_pages_data | 1035 | | Innodb_buffer_pool_bytes_data | 16957440 | | Innodb_buffer_pool_pages_dirty | 0 | | Innodb_buffer_pool_bytes_dirty | 0 | | Innodb_buffer_pool_pages_flushed | 1936 | | Innodb_buffer_pool_pages_free | 7144 | | Innodb_buffer_pool_pages_misc | 13 | | Innodb_buffer_pool_pages_total | 8192 | | Innodb_buffer_pool_read_ahead_rnd | 0 | | Innodb_buffer_pool_read_ahead | 0 | | Innodb_buffer_pool_read_ahead_evicted | 0 | | Innodb_buffer_pool_read_requests | 306665 | | Innodb_buffer_pool_reads | 950 | | Innodb_buffer_pool_wait_free | 0 | | Innodb_buffer_pool_write_requests | 26509 | | Innodb_data_fsyncs | 1229 | | Innodb_data_pending_fsyncs | 0 | | Innodb_data_pending_reads | 0 | | Innodb_data_pending_writes | 0 | | Innodb_data_read | 16273920 | | Innodb_data_reads | 1078 | | Innodb_data_writes | 2857 | | Innodb_data_written | 53379584 | | Innodb_dblwr_pages_written | 1275 | | Innodb_dblwr_writes | 109 | | Innodb_log_waits | 0 | | Innodb_log_write_requests | 450 | | Innodb_log_writes | 585 | | Innodb_os_log_fsyncs | 793 | | Innodb_os_log_pending_fsyncs | 0 | | Innodb_os_log_pending_writes | 0 | | Innodb_os_log_written | 664064 | | Innodb_page_size | 16384 | | Innodb_pages_created | 56 | | Innodb_pages_read | 988 | | Innodb_pages_written | 1936 | | Innodb_row_lock_current_waits | 0 | | Innodb_row_lock_time | 0 | | Innodb_row_lock_time_avg | 0 | | Innodb_row_lock_time_max | 0 | | Innodb_row_lock_waits | 0 | | Innodb_rows_deleted | 2 | | Innodb_rows_inserted | 19219 | | Innodb_rows_read | 249102 | | Innodb_rows_updated | 77 | | Innodb_num_open_files | 81 | | Innodb_truncated_status_writes | 0 | | Innodb_available_undo_logs | 128 | | Key_blocks_not_flushed | 0 | | Key_blocks_unused | 12751 | | Key_blocks_used | 645 | | Key_read_requests | 321877 | | Key_reads | 648 | | Key_write_requests | 196 | | Key_writes | 150 | | Locked_connects | 0 | | Max_execution_time_exceeded | 0 | | Max_execution_time_set | 0 | | Max_execution_time_set_failed | 0 | | Max_used_connections | 3 | | Max_used_connections_time | 2018-06-24 23:43:48 | | Not_flushed_delayed_rows | 0 | | Ongoing_anonymous_transaction_count | 0 | | Open_files | 229 | | Open_streams | 0 | | Open_table_definitions | 206 | | Open_tables | 786 | | Opened_files | 502 | | Opened_table_definitions | 208 | | Opened_tables | 817 | | Performance_schema_accounts_lost | 0 | | Performance_schema_cond_classes_lost | 0 | | Performance_schema_cond_instances_lost | 0 | | Performance_schema_digest_lost | 0 | | Performance_schema_file_classes_lost | 0 | | Performance_schema_file_handles_lost | 0 | | Performance_schema_file_instances_lost | 0 | | Performance_schema_hosts_lost | 0 | | Performance_schema_index_stat_lost | 0 | | Performance_schema_locker_lost | 0 | | Performance_schema_memory_classes_lost | 0 | | Performance_schema_metadata_lock_lost | 0 | | Performance_schema_mutex_classes_lost | 0 | | Performance_schema_mutex_instances_lost | 0 | | Performance_schema_nested_statement_lost | 0 | | Performance_schema_prepared_statements_lost | 0 | | Performance_schema_program_lost | 0 | | Performance_schema_rwlock_classes_lost | 0 | | Performance_schema_rwlock_instances_lost | 0 | | Performance_schema_session_connect_attrs_lost | 0 | | Performance_schema_socket_classes_lost | 0 | | Performance_schema_socket_instances_lost | 0 | | Performance_schema_stage_classes_lost | 0 | | Performance_schema_statement_classes_lost | 0 | | Performance_schema_table_handles_lost | 0 | | Performance_schema_table_instances_lost | 0 | | Performance_schema_table_lock_stat_lost | 0 | | Performance_schema_thread_classes_lost | 0 | | Performance_schema_thread_instances_lost | 0 | | Performance_schema_users_lost | 0 | | Prepared_stmt_count | 0 | | Qcache_free_blocks | 1 | | Qcache_free_memory | 16760152 | | Qcache_hits | 0 | | Qcache_inserts | 0 | | Qcache_lowmem_prunes | 0 | | Qcache_not_cached | 16355 | | Qcache_queries_in_cache | 0 | | Qcache_total_blocks | 1 | | Queries | 19164 | | Questions | 19155 | | Select_full_join | 0 | | Select_full_range_join | 0 | | Select_range | 2677 | | Select_range_check | 0 | | Select_scan | 2098 | | Slave_open_temp_tables | 0 | | Slow_launch_threads | 0 | | Slow_queries | 0 | | Sort_merge_passes | 12 | | Sort_range | 4859 | | Sort_rows | 244452 | | Sort_scan | 854 | | Ssl_accept_renegotiates | 0 | | Ssl_accepts | 0 | | Ssl_callback_cache_hits | 0 | | Ssl_cipher | | | Ssl_cipher_list | | | Ssl_client_connects | 0 | | Ssl_connect_renegotiates | 0 | | Ssl_ctx_verify_depth | 0 | | Ssl_ctx_verify_mode | 0 | | Ssl_default_timeout | 0 | | Ssl_finished_accepts | 0 | | Ssl_finished_connects | 0 | | Ssl_server_not_after | | | Ssl_server_not_before | | | Ssl_session_cache_hits | 0 | | Ssl_session_cache_misses | 0 | | Ssl_session_cache_mode | NONE | | Ssl_session_cache_overflows | 0 | | Ssl_session_cache_size | 0 | | Ssl_session_cache_timeouts | 0 | | Ssl_sessions_reused | 0 | | Ssl_used_session_cache_entries | 0 | | Ssl_verify_depth | 0 | | Ssl_verify_mode | 0 | | Ssl_version | | | Table_locks_immediate | 11962 | | Table_locks_waited | 0 | | Table_open_cache_hits | 19395 | | Table_open_cache_misses | 817 | | Table_open_cache_overflows | 12 | | Tc_log_max_pages_used | 0 | | Tc_log_page_size | 0 | | Tc_log_page_waits | 0 | | Threads_cached | 2 | | Threads_connected | 1 | | Threads_created | 3 | | Threads_running | 1 | | Uptime | 2944 | | Uptime_since_flush_status | 2944 | +-----------------------------------------------+--------------------------------------------------+ 353 rows in set (0.00 sec) |
Read more on SHOW GLOBAL STATUS here. Read more on the values here.
I can see NO major errors here (possibly due to UpClouds awesome disk IO) so I won’t be making memory tweaks in MySQL. Sign Up using this link and get $25 credit free on UpCloud and see for yourself how fast they are.
Configure Ubuntu System Memory Usage
Edit /etc/sysctl.conf
Add the following to allow things to sit in ram longer
1 | vm.vfs_cache_pressure=50 |
Snip from: https://www.kernel.org/doc/Documentation/sysctl/vm.txt
1 2 3 4 5 | This percentage value controls the tendency of the kernel to reclaim the memory which is used for caching of directory and inode objects. At the default value of vfs_cache_pressure=100 the kernel will attempt to reclaim dentries and inodes at a "fair" rate with respect to pagecache and swapcache reclaim. Decreasing vfs_cache_pressure causes the kernel to prefer to retain dentry and inode caches. When vfs_cache_pressure=0, the kernel will never reclaim dentries and inodes due to memory pressure and this can easily lead to out-of-memory conditions. Increasing vfs_cache_pressure beyond 100 causes the kernel to prefer to reclaim dentries and inodes. Increasing vfs_cache_pressure significantly beyond 100 may have negative performance impact. Reclaim code needs to take various locks to find freeable directory and inode objects. With vfs_cache_pressure=1000, it will look for ten times more freeable objects than there are." |
Read these pages here and here regarding setting MySQL memory.
Reboot
1 | shutdown -r now |
Resize the disk
The 2x CPU, 4GB memory plan comes with 80GB storage allowance. My disk at present is 50GB and I will update the size soon following this guide soon.
Quick Benchmark
I used loader.io to load 500 users to access my site in 1 minute.
The benchmark worked with no errors.
This benchmark was performed with no Cloudflare caching. I should get Cloudflare caching working again to lower the average response time. I loaded my website manually in Google Chrome while loader.io threw 500 users at my site and it loaded very fast.
Conclusion
After a few days, I checked my memory logs and there were no low memory triggers (just normal internal memory management triggers). Ubuntu was happier.
This graph was taken before I set “vm.vfs_cache_pressure” so I will update this graph in a few days.
I hope this guide helps someone.
Please consider using my referral code and get $25 credit for free.
https://www.upcloud.com/register/?promo=D84793
Ask a question or recommend an article
Revision History
1.0 Initial Post
Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
This guide will show you how to enable the latest Transport Layer Security (TLS) 1.3 protocol with it’s predecessor Secure Sockets Layer (SSL) with NGINX and OpenSSL for better website security on an Ubuntu 16.04 server
Advertisement:
I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Making sure your server is up to date and running the latest SSL software is important. I have updated Open SSL before and blogged about this here. Do backup your server before changing settings and if you use Cloudflare (if you don’t do it now) enable Development Mode (and disable caching until changes are made).
For the best performing VM host (UpCloud) read my guide on the awesome UpCloud VM hosts (get $25 free credit by signing up here).
TLS 1.3 is the latest SSL security protocol that can be used between clients and servers to encrypt connections on the web.
TLS 1.3 uptake is only 60% according to https://caniuse.com/#search=TLS%201.3
Read why TLS 1.3 is important and news on TLS 1.3 can be found here: https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/
The Good and Bad
Done be like this commercial site with very poor security (tested with SSL labs and asafaweb)
Here is what the top 1 million sites do
Here it is!! Alexa Top 1 Million Analysis – February 2018 https://t.co/TjBHNX7zTi
— Scott Helme (@Scott_Helme) February 26, 2018
Installing Open SSL on Ubuntu
Connect to your Ubuntu 16.04 server via SSH (I connected to my Vultr server)
Check what version of OpenSSL you have? My OpenSSL is out of date.
1 2 | # openssl version OpenSSL 1.1.0g 2 Nov 2017 |
Tip: What Ciphers does your Open SSL Support?
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 | openssl ciphers -s -v ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384 ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384 DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256 ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256 ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256 DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256 ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1 ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1 DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1 ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1 ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1 DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1 AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256 AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256 AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1 AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1 |
Time to update Open SSL
OpenSSL 1.1.1 beta is available and supports TLS 1.3 but it is n BETA form. OpenSSL code is available here.
I did the following to download and build the latest version of OpenSSL.
1 2 3 4 5 6 7 | mkdir /openssltemp cd /openssltemp sudo git clone git://git.openssl.org/openssl.git cd openssl/ ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -Wl,-rpath,/usr/local/ssl/lib make sudo make install |
I tried to check the open SSL version but had an error?
1 2 3 | openssl version openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl) openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl) |
A quick GitHub ticket revealed I needed to set a path variable.
1 2 | export LD_LIBRARY_PATH=/usr/local/lib echo "export LD_LIBRARY_PATH=/usr/local/bin/openssl" >> ~/.bashrc |
Open SSL now reports it’s version.
1 2 | openssl version OpenSSL 1.1.1-pre3 (beta) 20 Mar 2018 |
What version NGINX do you have (1.13 supports TLS 1.3) read here
1 2 | # nginx -v nginx version: nginx/1.13.9 |
Backup your NGINX
Do backup your server files and take a snapshot if need be. I am not responsible;e for a broken server,
1 | sudo cp -R /etc/nginx/ /nginx-backup-26thMar-2018 |
Edit NGINX Configuration
Update NGINX configuration: /etc/nginx/sites-available/default
1 2 3 4 | ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256; ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; ssl_ecdh_curve secp384r1; |
tip: Review other NGINX hardening settings here. Also remove TLSv1.0
I tested my NGINX config loaded them and restarted NGINX
1 2 3 | nginx -t nginx -s reload /etc/init.d/nginx restart |
Check the status of NGINX
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 | # /etc/init.d/nginx status [ ok ] Restarting nginx (via systemctl): nginx.service. ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) Docs: man:nginx(8) Process: 15154 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS) Process: 15162 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Process: 15159 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS) Main PID: 15166 (nginx) Tasks: 4 Memory: 2.3M CPU: 27ms CGroup: /system.slice/nginx.service ├─15166 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; ├─15170 nginx: worker process ├─15171 nginx: cache manager process └─15172 nginx: cache loader process |
If you have configured Cloudflare then log in and enable TLS support.
Enable TLS 1.3 in Chrome by visiting chrome://flags/#tls13-variant This should be automatic in later versions of Chrome and other browsers.
Verify TLS
I used the developer tools in Chrome to confirm the page was verified in TLS 1.3.
Updated to 1.1.1-pre6-dev
1 2 3 4 5 6 7 8 9 10 11 | mkdir /temp cd /temp sudo git clone https://github.com/openssl/openssl.git cd openssl/ ./config --prefix=/usr/local --openssldir=/usr/local -Wl,-rpath,/usr/local make sudo make install openssl OpenSSL> version OpenSSL 1.1.1-pre6-dev xx XXX xxxx OpenSSL> exit |
Don’t forget to test your SSL strength with https://dev.ssllabs.com/ssltest/
I hope this guide helps someone.
Ask a question or recommend an article
Revision History
v1.4 fixed typo
v1.3 added bad ssl cert.
v1.2 ssl test v1.1 updated to 1.1.1-pre6-dev
v1.0 Initial post
How to purchase your own domain name and set up a web server from $5 a month
This guide will show technically minded people how you can purchase your own domain name, set up a web server on Vultr with an online store using WordPress/WooCommerce from $5 a month. Warning this post is technical (if you have never used SSH, Ubuntu, Linux Command Line, hate risk or are not patient then this is NOT the guide you are after).
Advertisement:
Draft Post (released early to share)
I personally recommend (not a paid endorsement) the free WooCommerce plugin for the free WordPress.org CMS on the free Ubuntu Operating system with the free NGINX web server and the free MYSQL database engine and free SSL certificates from Lets Encrypt.
Update 2018: For the best performing VM host (UpCloud) read my guide on the awesome UpCloud VM hosts (get $25 free credit by signing up here).
Buy a domain name from Namecheap here.
Sorry for using the word free a lot but I like free things. One of the benefits of a using a self-managed server is you get the option to install free software and configure the server how you want and secure it how you want. Truth be told managed ho (e.g CPanel, etc) are in the business of making money via monthly feed, expensive SSL certificates, taxing your transactions or pushing you to higher priced tiers.
Legend:
- Self Managed Server = A server that you create, you configure patch and support (all the reward and risk is owned by you and costs are low).
- Hosted Server = A server you have partial control of and the hosts manage the server and support (You hand away all risk and most of the control and pay for support/features).
I moved to a self-managed server after I was paying $25/m for a poorly performing website and $150/y for a poor quality SSL certificate and a slice of a server that seemed to always say “Usage Limit Exceeded”. Why pay for an insecure website that my visitors could not view because the usage limit was exceeded.
fyi: Fearby.com costs me $10 a month for a server and $5/m for CDN abilities.
CPanel hosts are an option when you don’t want to self-manage a service and take on the hassle but be prepared for server limitations (The image below was taken on an older CPanel based hosts before I moved to a self-managed Vultr server)
I recently discovered a well known and established website hosting service (that I used to use) and a friend is still using is insecure. My friend’s site has a static website on it but the server underneath was very old and insecure. Having a secure web server should be at the top of your list with any self-managed or hosted website (this will help search engine optimization and prevent risks to your website visitors).
Sites like Virus Total, SSL Labs and Alexa Site Info , Qualys are good ways to review a site’s credibility.
fyi: The awesome https://seositecheckup.com/ is awesome for evaluating our sites SEO score.
Before we set up a server with WordPress on your own server let’s quickly look at the alternative commercial ready to go website builders.
Alternative (paid) DIY Website Builders
The following leading commercial sites will allow you to build a site online.
- https://www.wix.com/
- https://www.squarespace.com/
- https://www.shopify.com.au/
- https://www.weebly.com/au
- https://www.wordpress.com
In my opinion, five things matter with setting up site online website.
- Setup Costs, Monthly Cost and Commissions (what are the hidden charges)
- Security (having a food SSL Certificate is key to having a good organic traffic from search engines)
- Site Speed (Having a slow site will impact search engine optimization and drive visitors away)
- Accessibility (if your site is not WCAG accessible it will not rank high on search engines).
- Control (will you be able to do everything you want too, nothing worse than going so far and being limited)
Ok, let’s see how much it will cost to set up a simple business site on the sites above.
Wix
Setup: Goto https://www.wix.com/, Login to Wix, click Create Site, click Business, Click Choose a Template, Edit the page, Click Save, Click “Connect your own customized domain“, Click “Connect a domain you already own“.
I was redirected to a Wix plan pricing page where I need to choose a plan to continue. From what I researched you cant control HTML on Wix so can’t add a MailChimp newsletter signup form so you would have to go with the $24.5/m option to enable Email Campaigns.
I could not see information about included SSL certificates, SEO or other chargers. SSL is free after you pay right?
The Wix editor appears OK (it may take a bit of learning though).
I clicked publish and the site was live
A quick check of the SSL, Accessibility and SEO and no obvious deal breakers here apart from the price and platform lock-in.
I performed a security check on the site with https://freescan.qualys.com (passed)
Conclusion: I hear Wix templates are hard to change so choose your template wisely, A large collection of apps are available that you can add to the site.
Although Wix was nice and it does include a full-featured look at the engine it is not for me ($24/m USD is too expensive).
Squarespace
Squarespace basic websites cost $16/$25 a month or $34/52 for online stores: https://www.squarespace.com/pricing/
Setup a Squarespace website: Goto https://www.squarespace.com/, Click Start a Free Trial, Choose a Template, Create an Account (a quick read of the terms of service and privacy policy, #scary), SpareSpace sites are pre-published?
Loading the webpage on a non-logged-in (with SquareSpace login) browser displays a trial warning. Trial pages are essentially restricted (unlike Wix).
The mobile view does not match the template? I guess the chosen template is more of a vibe and not a template.
Setting up a Squarespace website may take some time. Squarespace does have some nifty advance options in a slide-out menu though.
Because the public view of the page is restricted I cannot scan it with WCAG accessibility tools. Scanning the site performance speeds with gtmetrix also fails.
Squarespace is well known to be difficult to set up a website when compared to other drag and drop editors (but Squarespace sites do look nice).
I am not paying $54/m for a website so let’s move on.
Shopify
Shopify Setup: Goto https://shopify.com and click Create, Sign up and enter your store name. Complete the wizard.
Choose a Shopify Plan
Scalping transactions, no thanks. let’s move on.
Weebly
Weebly Setup: Goto https://www.weebly.com/au and click Get Started under Create Store. Enter your account details and click Create Your Site, enter the name of the store, Click I’m just trying Weebly, click the type of product you will be selling.
Weebly Site Setup
Theme Selection
Choose a Domain
Publish the site
Clicking publish appears to be a dead end.
“Please contact Weebly Support to verify your account”, No Thanks, let’s move on.
One candidate remains and that is WordPress hosted (wordpress.com not wordpress.org).
WordPress.com
WordPress.com offer hosted plans for WordPress in the cloud.
Setup a WordPress site, the only one that removes WordPress branding and allows third-party plugins to be installed it the Business plans for $33 a month.
Setup Basics
Choose a WordPress theme.
Assign a Domain
In order to buy a domain, you need to log in (top right) with an account
My working WordPress account (is no longer working), it was in my password manager.
I seem to be stuck in a signup loop
Time to move on. Time to set up my own server on Vultr and setup WordPress and WooCommerce,
But, before we do, let’s ensure our name is secure online.
Search for your Name/Brand
Do search for your website (or thing) in search engines to see if your name is already taken, don’t buy a domain that is owned or has IP or trademark presence. It is a good idea to use sites like https://namechk.com/ to see if your site or social media is already taken.
namechk.com will allow you to search for name availability online. The name “mything” is not fully available online.
You will want to see all green squares (name available) below before buying a domain name. This looks better.
I would recommend you create your social media accounts before or right after buying your domain. Sites like Twitter will insist on short usernames names so get your social media sites first.
Trademark and Brand Search
Also, perform a trademark and IP search.
Australian Trademark Search: https://search.ipaustralia.gov.au/trademarks/search/quick
United States Trademark Database: https://www.uspto.gov/trademarks-application-process/search-trademark-database
Global brand Search: http://www.wipo.int/branddb/en/
etc
Self Managed Warning
I tend to go the “self-managed server route” and install the free WordPress CMS because:
- I can.
- I am tight.
- I like having full control (usually the best features for online web hosts are hidden behind subscriber tiers, you can install and do whatever you want on your own server like build API’s, distributed MySQL servers, install MongoDB or Redis , use up to date PHP etc).
- I have been stung by CPanel hosts charging $150/y for a crappy SSL certificate (You can set up your own SSL certificate for $0 and set up super secure SSL rules).
- I can manage WordPress via the command line
- I can upgrade the server and restore it whenever I want.
- I can manage my own server performance (e.g setup PHP child workers) or install a Content Delivery Network.
- I can direct domain email to google G Suite, see pricing here.
- etc.
There are many reasons why you would not want to “self-manage” your own server
- Technical Requirements (and time to support).
- Higher Risk.
- Applying Updates and Patches.
- etc.
Being technically minded and choosing a “self-managed web servers” can take away time from the fun stuff like SEO, Site Design, customer needs, branding etc.
Self Managed Costs
For $5 a month you can buy a server with enough memory to install WordPress (cheaper if you don’t need WordPress)
Vultr is great. Vultr does have ready to go servers that you can deploy that have WordPress all set up.
The Vultr template above does use the Centos OS (read my guide setting up Centos on a different service provider here) but I prefer to manually setup a server with Ubuntu 16.04 OS on Vultr.
Wih a $5 server you can do what you want with it. I have blogged before about setting up your own Server. e.g Installing Centos and Ubuntu server on Digital Ocean. Digital Ocean does not have data centres in Australia and this kills scalability. AWS is good but 4x the price of Vultr. I have blogged about setting up and AWS server here (and upgrading an AWS instance). I tried to check out Alibaba Cloud but the verification process was broken so I decided to check our Vultr.
Manual Setup of Vultr on an Ubuntu 16.04 server
- Deploy a Vultr Server – Guide here ($2.5/m to New Jersey or Florida or $5/m to Sydney, I would recommend you opt in for the auto backup for $0.50c/m and $1/m respectively).
- Setup NGINX.
- Setup PHP and PHP-FPM (see guide above), consider adding PHP child workers.
- Setup and secure MySQL (see guide above), create a database for WordPress to use.
- Instal Adminder MySQL GUI (guide here).
- Setup a free Lets Encrypt SSL certificate (guide here).
- Install WordPress (and Jetpack plugin).
- Install WordPress CLI.
- Instal the WooCommerce Storefront WordPress Theme.
- Install WooCommerce Plugin.
- Secure Ubuntu.
- Also consider linking your domain to Cloudflare to boost performance, scanning your site with Qualys Freescan and OWASP ZAP).
- Consider setting up a WordPress image compressor and CDN plugin. like EWWW.io
Manual WooCommerce Plugin Setup
Once you setup Woocommerce you can setup the store defaults. Goto the WordPress dashboard and click WooCommerce Settings
Settings – General
- Set Address, City and State and Postcode
- Set allowed countries to sell in (e.g Australia)
- Set allowed countries to ship items to (e.g Australia)
- Set Enable Taxes
- Set Currency
- etc
Settings – Products
- Set Weight
- Set Dimensions
- Enable Product Reviews
- Enable Star Ratings on Reviews
- etc
Settings – Shipping
- Enable Shipping Calculator
- Add Shipping Classes
- Shipping Zones
- etc.
Settings – Checkout
- Force Secure Checkup
- Create a Terms and Conditions page (and set).
- etc
Settings – Account
- Set Account Options
- etc
Settings – Emails
- Set Email Preferences
- Set Email Header Image
- Set Email Colour
- Set Footer Text
- etc
Settings – API
- API can be disabled if you don’t need it.
Optional Actions
- Setup Yoast Plugin
- Setup other plugins
Instaling a Woo Commerce Child Theme
Goto https://woocommerce.com/product-category/themes/storefront-child-theme-themes/ and choose a theme.
Purchase and Install the desired child theme (I uploaded it to my /wp-content/themes/ folder with forklift). I chose a free deli theme.
Goto your WordPress then themes folder and activate your new child theme.
Post Site Setup
Just because your site is live does not mean you can rest.
SEO Optimization
Do use sites like https://seositecheckup.com/ and follow recommended actions to improve your SEO like updating meta tags.
More Reading
Attaching an email to your domain
You can pay $5 a month and link a G Suite email to your domain.
- Dedicated professional Google G Suite email account for $5 a month with 30GB storage (If you don’t want ot to buy a G Suite email and link it to your domain then you don’t need this).
Once you have a G Suite account you can link other domains (and domain emails) to it. You can login to your G Suite emails via G Mail and send emails from apps or the command line.
Why Vultr
I use the server host Vultr as they have data centres all around the world and the support of great, Digital Ocean is good too but they don’t have data centres in my country (Australia). Vultr allows you to deploy all over the world upgrade servers, move servers, add storage and restore servers.
Alternatively, you can buy a $2.5/m server and generate a static website
I use the Platforma Web HTML generator to build mobile and WCAG compliant websites.
Buying a domain, I buy my domains from https://www.namecheap.com/ it is a good idea to look for coupons first at https://www.namecheap.com/promos/coupons.aspx before buying a domain.
Once you buy a domain you can point it to a Vultr server and upload your website.
I hope this helps someone.
Donate and make this blog better
Ask a question or recommend an article
Revision History
v.1.2 WordPress WooCommerce
v1.1 SEO
v1.0 Initial Draft
Backing up OSX or an Ubuntu server with Backblaze B2 Cloud Storage from the Command Line
This computer will show you can back up computer or server with Backblaze B2 Cloud Storage from the Command Line n OSX and Ubuntu.
Advertisement:
This post is still being written. I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Also, I have blogged about how you can add block storage to a Vultr server, backup and restore snapshots , syncing files with rsync along with using GitHub and Bitbucket but what do you do if you need to backup large amounts of data?
Backblaze has a Cloud storage solution that costs as low as $0.005c a GB (a month), The first 10G is free. Backblaze say “From bytes to petabytes Backblaze B2 is the lowest cost high-performance cloud storage in the world. ”
Back Blaze have open sourced internal drive enclosure designs and drive failure stats and it’s time I gave them a try.
Goto https://www.backblaze.com
Create or sign in.
After you login got the dashboard.
Click Backblaze B2 Cloud Storage
Create a Bucket
Name the bucket (long names with a GUID are good).
You can rename the bucket here and change public/private and or upload/download files manually.
The first thing I did was limit the versions of files under the lifecycle settings for the bucket.
Now I created a series of subfolders to store files from different servers (I could have used many buckets but one bucket will do).
I can upload files via the Backblaze bucket GUI if I needed to.
Back Blaze has a command line tool for uploading: https://www.backblaze.com/b2/docs/quick_command_line.html
Install Steps
Backblaze state “The B2 command-line tool is available from the Python Package Index (PyPI) using the standard pip installation tool. Your first step is to make sure that you have either Python 2 (2.6 or later) or Python 3 (3.2 or later) installed.”
I have Python 2.7 installed
1 2 | python --version Python 2.7.10 |
Install PIP
1 2 3 4 5 6 7 8 9 10 11 12 13 | sudo easy_install pip Password: Searching for pip Best match: pip 1.5.6 Processing pip-1.5.6-py2.7.egg pip 1.5.6 is already the active version in easy-install.pth Installing pip script to /usr/local/bin Installing pip2.7 script to /usr/local/bin Installing pip2 script to /usr/local/bin Using /Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg Processing dependencies for pip Finished processing dependencies for pip |
I ran into issues updating b2 CLI
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 | sudo pip install --upgrade b2 Requirement already up-to-date: b2 in /Library/Python/2.7/site-packages Requirement already up-to-date: arrow>=0.8.0 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: logfury>=0.1.2 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: requests>=2.9.1 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: six>=1.10 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: tqdm>=4.5.0 in /Library/Python/2.7/site-packages (from b2) Requirement already up-to-date: futures>=3.0.5 in /Library/Python/2.7/site-packages (from b2) Downloading/unpacking python-dateutil from https://pypi.python.org/packages/bc/c5/3449988d33baca4e9619f49a14e28026399b0a8c32817e28b503923a04ab/python_dateutil-2.7.0-py2.py3-none-any.whl#md5=5a86a548fe776cc079bf4a835473e3f8 (from arrow>=0.8.0->b2) Downloading python_dateutil-2.7.0-py2.py3-none-any.whl (207kB): 207kB downloaded Installing collected packages: python-dateutil Found existing installation: python-dateutil 1.5 Uninstalling python-dateutil: Cleaning up... Exception: Traceback (most recent call last): File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/basecommand.py", line 122, in main status = self.run(options, args) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/commands/install.py", line 283, in run requirement_set.install(install_options, global_options, root=options.root_path) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1431, in install requirement.uninstall(auto_confirm=True) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 598, in uninstall paths_to_remove.remove(auto_confirm) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/req.py", line 1836, in remove renames(path, new_path) File "/Library/Python/2.7/site-packages/pip-1.5.6-py2.7.egg/pip/util.py", line 295, in renames shutil.move(old, new) File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 299, in move copytree(src, real_dst, symlinks=True) File "/System/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/shutil.py", line 208, in copytree raise Error, errors Error: [('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/parser.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/zoneinfo-2010g.tar.gz'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo/__init__.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/zoneinfo'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/tz.py'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc', '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc', "[Errno 1] Operation not permitted: '/tmp/pip-jWEHna-uninstall/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/relativedelta.pyc'"), ('/System/Library/Frameworks/Python.framework/Versions/2.7/Extras/lib/python/dateutil/rrule.pyc', |