website

Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare

April 5, 2018 by Simon

This guide will show you how to enable the latest Transport Layer Security (TLS) 1.3 protocol with it’s predecessor Secure Sockets Layer (SSL) with NGINX and OpenSSL for better website security on an Ubuntu 16.04 server

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Making sure your server is up to date and running the latest SSL software is important. I have updated Open SSL before and blogged about this here. Do backup your server before changing settings and if you use Cloudflare (if you don’t do it now) enable Development Mode (and disable caching until changes are made).

TLS 1.3 is the latest SSL security protocol that can be used between clients and servers to encrypt connections on the web.

TLS 1.3 uptake is only 60% according to https://caniuse.com/#search=TLS%201.3

Read why TLS 1.3 is important and news on TLS 1.3 can be found here: https://www.openssl.org/blog/blog/2018/02/08/tlsv1.3/

The Good and Bad

Done be like this commercial site with very poor security (tested with SSL labs and asafaweb)

Here is what the top 1 million sites do

Here it is!! Alexa Top 1 Million Analysis – February 2018 https://t.co/TjBHNX7zTi
— Scott Helme (@Scott_Helme) February 26, 2018

Installing Open SSL on Ubuntu

Connect to your Ubuntu 16.04 server via SSH (I connected to my Vultr server)

Check what version of OpenSSL you have? My OpenSSL is out of date.

# openssl version
OpenSSL 1.1.0g  2 Nov 2017

1 2	# openssl version OpenSSL 1.1.0g 2 Nov 2017

Tip: What Ciphers does your Open SSL Support?

openssl ciphers -s -v
ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH     Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH       Au=RSA  Enc=CHACHA20/POLY1305(256) Mac=AEAD
ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(128) Mac=AEAD
ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA384
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
DHE-RSA-AES256-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA256
ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA256
ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
ECDHE-ECDSA-AES256-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(256)  Mac=SHA1
ECDHE-RSA-AES256-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA1
DHE-RSA-AES256-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(256)  Mac=SHA1
ECDHE-ECDSA-AES128-SHA  TLSv1 Kx=ECDH     Au=ECDSA Enc=AES(128)  Mac=SHA1
ECDHE-RSA-AES128-SHA    TLSv1 Kx=ECDH     Au=RSA  Enc=AES(128)  Mac=SHA1
DHE-RSA-AES128-SHA      SSLv3 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA1
AES256-GCM-SHA384       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(256) Mac=AEAD
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES256-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA256
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256
AES256-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(256)  Mac=SHA1
AES128-SHA              SSLv3 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA1

openssl ciphers -s -v

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(256) Mac=AEAD

ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD

DHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(256) Mac=AEAD

ECDHE-ECDSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=ECDSA Enc=CHACHA20/POLY1305(256) Mac=AEAD

ECDHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=ECDH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD

DHE-RSA-CHACHA20-POLY1305 TLSv1.2 Kx=DH Au=RSA Enc=CHACHA20/POLY1305(256) Mac=AEAD

ECDHE-ECDSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AESGCM(128) Mac=AEAD

ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD

DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AESGCM(128) Mac=AEAD

ECDHE-ECDSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA384

ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA384

DHE-RSA-AES256-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(256) Mac=SHA256

ECDHE-ECDSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA256

ECDHE-RSA-AES128-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA256

DHE-RSA-AES128-SHA256 TLSv1.2 Kx=DH Au=RSA Enc=AES(128) Mac=SHA256

ECDHE-ECDSA-AES256-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(256) Mac=SHA1

ECDHE-RSA-AES256-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1

DHE-RSA-AES256-SHA SSLv3 Kx=DH Au=RSA Enc=AES(256) Mac=SHA1

ECDHE-ECDSA-AES128-SHA TLSv1 Kx=ECDH Au=ECDSA Enc=AES(128) Mac=SHA1

ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1

DHE-RSA-AES128-SHA SSLv3 Kx=DH Au=RSA Enc=AES(128) Mac=SHA1

AES256-GCM-SHA384 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(256) Mac=AEAD

AES128-GCM-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AESGCM(128) Mac=AEAD

AES256-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA256

AES128-SHA256 TLSv1.2 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA256

AES256-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(256) Mac=SHA1

AES128-SHA SSLv3 Kx=RSA Au=RSA Enc=AES(128) Mac=SHA1

Time to update Open SSL

OpenSSL 1.1.1 beta is available and supports TLS 1.3 but it is n BETA form. OpenSSL code is available here.

I did the following to download and build the latest version of OpenSSL.

mkdir /openssltemp
cd /openssltemp
sudo git clone git://git.openssl.org/openssl.git
cd openssl/
./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -Wl,-rpath,/usr/local/ssl/lib
make
sudo make install

mkdir /openssltemp

cd /openssltemp

sudo git clone git://git.openssl.org/openssl.git

cd openssl/

./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl -Wl,-rpath,/usr/local/ssl/lib

make

sudo make install

I tried to check the open SSL version but had an error?

openssl version 
openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)
openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)

openssl version

openssl: /usr/lib/x86_64-linux-gnu/libssl.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)

openssl: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1: version `OPENSSL_1_1_1' not found (required by openssl)

A quick GitHub ticket revealed I needed to set a path variable.

export LD_LIBRARY_PATH=/usr/local/lib
echo "export LD_LIBRARY_PATH=/usr/local/bin/openssl" >> ~/.bashrc

1 2	export LD_LIBRARY_PATH=/usr/local/lib echo "export LD_LIBRARY_PATH=/usr/local/bin/openssl" >> ~/.bashrc

Open SSL now reports it’s version.

openssl version
OpenSSL 1.1.1-pre3 (beta) 20 Mar 2018

1 2	openssl version OpenSSL 1.1.1-pre3 (beta) 20 Mar 2018

What version NGINX do you have (1.13 supports TLS 1.3) read here

# nginx -v
nginx version: nginx/1.13.9

1 2	# nginx -v nginx version: nginx/1.13.9

Backup your NGINX

Do backup your server files and take a snapshot if need be. I am not responsible;e for a broken server,

sudo cp -R /etc/nginx/ /nginx-backup-26thMar-2018

1	sudo cp -R /etc/nginx/ /nginx-backup-26thMar-2018

Edit NGINX Configuration

Update NGINX configuration: /etc/nginx/sites-available/default

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ecdh_curve secp384r1;

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256;

ssl_prefer_server_ciphers on;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

ssl_ecdh_curve secp384r1;

tip: Review other NGINX hardening settings here. Also remove TLSv1.0

I tested my NGINX config loaded them and restarted NGINX

nginx -t
nginx -s reload
/etc/init.d/nginx restrat

nginx -t

nginx -s reload

/etc/init.d/nginx restrat

Check the status of NGINX

# /etc/init.d/nginx status

[ ok ] Restarting nginx (via systemctl): nginx.service.
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) 
     Docs: man:nginx(8)
  Process: 15154 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
  Process: 15162 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
  Process: 15159 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
 Main PID: 15166 (nginx)
    Tasks: 4
   Memory: 2.3M
      CPU: 27ms
   CGroup: /system.slice/nginx.service
           ├─15166 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           ├─15170 nginx: worker process
           ├─15171 nginx: cache manager process
           └─15172 nginx: cache loader process

# /etc/init.d/nginx status

[ ok ] Restarting nginx (via systemctl): nginx.service.

● nginx.service - A high performance web server and a reverse proxy server

Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)

Active: active (running)

Docs: man:nginx(8)

Process: 15154 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)

Process: 15162 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)

Process: 15159 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)

Main PID: 15166 (nginx)

Tasks: 4

Memory: 2.3M

CPU: 27ms

CGroup: /system.slice/nginx.service

├─15166 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;

├─15170 nginx: worker process

├─15171 nginx: cache manager process

└─15172 nginx: cache loader process

If you have configured Cloudflare then log in and enable TLS support.

Enable TLS 1.3 in Chrome by visiting chrome://flags/#tls13-variant This should be automatic in later versions of Chrome and other browsers.

Verify TLS

I used the developer tools in Chrome to confirm the page was verified in TLS 1.3.

Updated to 1.1.1-pre6-dev

mkdir /temp
cd /temp
sudo git clone https://github.com/openssl/openssl.git
cd openssl/
./config --prefix=/usr/local --openssldir=/usr/local -Wl,-rpath,/usr/local
make
sudo make install
openssl
OpenSSL> version
OpenSSL 1.1.1-pre6-dev  xx XXX xxxx
OpenSSL> exit

mkdir /temp

cd /temp

sudo git clone https://github.com/openssl/openssl.git

cd openssl/

./config --prefix=/usr/local --openssldir=/usr/local -Wl,-rpath,/usr/local

make

sudo make install

openssl

OpenSSL> version

OpenSSL 1.1.1-pre6-dev xx XXX xxxx

OpenSSL> exit

Don’t forget to test your SSL strength with https://dev.ssllabs.com/ssltest/

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.3 added bad ssl cert.

v1.2 ssl test v1.1 updated to 1.1.1-pre6-dev

v1.0 Initial post

Using the Qualys FreeScan Scanner to test your website for online vulnerabilities

March 23, 2018 by Simon

It is possible to deploy a server in minutes to hours but it can take days to secure. What tools can you use to help identify what to secure on your website?

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line, installing a Free SSL certificate and setting up SSL security.

Security Tools

https://asafaweb.com/ is a good tool for quick scanning
Kali Linux has a number of security tools you can use.
You can run a system audit Lynis Audit.
Checking your site for vulnerabilities with Zap.
Run a Gravity Scan malware and supply chain scan
Use Qualys SSL scan to test your SSL certificate: https://www.ssllabs.com/ssltest/

Qualys SSL Labs SSL Tester is the best tool for checking an SSL certificate strength

Most people don’t know Qualys also has another free (limited to 10 scans) vulnerability scanner for websites.

Goto https://freescan.qualys.com/ and click Start your free account.

Complete the signup form

Now check your email to login and confirm your email account

Login now from the email.

Create a password (why the 25 char max Qualys?)

Enter your website URL and click Scan

The scan can take hours

While the scan was being performed I noticed that Qualys offers alerts (I’ll check this out later): https://www.qualys.com/research/security-alerts/

Yes, the scan can take hours, take a walk or read other posts here.

The scan is almost complete

Yay, my latest scan revealed 0 High, 0 Medium and 0 Low-risk vulnerabilities.

It did report 23 informational alerts like “Firewall Detected“.

Threat Report Results

Patch Report Results

This report was empty (probably because I don’t run Windows)

Threat Report Results

The OWASP report contained partial scan results (maybe the full report is available to pro users)

Previous Scan Results

The Qualys dashboard will show all past scans.

My first scan showed a Low priority issue with the /wp-login.php page as the input fields did not have “autocomplete=”off””, I fixed this by adding “autocomplete=”off”” the removing the page (safer).

The second scan found two issues with cookies (possibly ad banner cookies) and 2 subfolders that I created in past development exercises. I deleted the two sub-folders that were not needed.

The third scan was clean.

Here is a scan of a static website of a friends server (static can be less secure if the server underneath is old or unpatched).

Happy scanning. I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.1 Static Web Server Scan

v1.0 Initial post

Setting up a website to use Cloudflare on a VM hosted on Vultr and Namecheap

March 13, 2018 by Simon

This guide will show how you can set up a website to use Cloudflare on a VM hosted on Vultr and Namecheap

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. This post will show how to let Cloudflare handle the DNS for the domain.

Snip from here “Cloudflare’s enterprise-class web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.”

Cloudflare Benefits (Free Plan)

DDoS Attack Protection (Huge network to absorb attacks DDoS attacks over 600Gbps are no problem for our 15 Tbps networks)
Global CDN
Shared SSL certificate (I disabled this and opted to use my own)
Access to audit logs
3 page rules (maximum)

View paid plan options here.

Cloudflare CDN map

Cloudflare CDN says it can load assets up to 2x faster, 60% less bandwidth from your servers by delivering assets from 127 data centres.

Setup

You will need to sign up at cloudflare.com

After you create an account you will be prompted to add a siteCloudflare will pull your public DNS records to import.

You will be prompted to select a plan (I selected free)

Verify DNS settings to import.

You will now be asked to change your DNS nameservers with your domain reseller

TIP: If you have an SSL cert (e.g Lets Encrypt) already setup head to the crypto section and select ” Full (Strict)” to prevent ERR_TOO_MANY_REDIRECTS errors.

Cloudflare UI

I asked Twitter if they could kindly load my site so I could see if Cloudflare dashboard/stats were loading.

Could I kindly ask if you are reading this that you visit https://t.co/9x5TFARLCt, I am writing a @Cloudflare blog post and need to screenshot stats. Thanks in advance
— Simon Fearby (Developer) (@FearbySoftware) March 13, 2018

The Cloudflare CTO responded. 🙂

Sure thing 🙂
— John Graham-Cumming (@jgrahamc) March 13, 2018

Confirm Cloudflare link to a domain from the OSX Comand line

host -t NS fearby.com
fearby.com name server dane.ns.cloudflare.com.
fearby.com name server nora.ns.cloudflare.com.

host -t NS fearby.com

fearby.com name server dane.ns.cloudflare.com.

fearby.com name server nora.ns.cloudflare.com.

Caching Rule

I set up the following caching rule to cache everything for 8 hours instead of WordPress pages

“fearby.com.com/wp-*” Cache level: Bypass
“fearby.com.com/wp-admin/post.php*” Cache level: Bypass
“fearby.com/*” Cache Everything, Edge Cache TTL: 8 Hours

Cache Results

Cache appears to be sitting at 50% after 12 hours. having cache os dynamic pages out there is ok unless I need to fix a typo, then I need to login to Cloudflare and clear the cache manually (or wait 8 hours)

Performance after a few hours

DNS times in gtmetrix have now fallen to a sub 200ms (Y Slow is now a respectable A, it was a C before). I just need to wait for caching and minification to kick in.

webpagetest.org results are awesome

See here: https://www.webpagetest.org/result/180314_PB_7660dfbe65d56b94a60d7a604ca250b3/

Load Time: 1.80s
First Byte 0.176s
Start Render 1.200s

Google Page Speed Insights Report

Mobile: 78/100

Desktop: 87/100

Check with https://developers.google.com/speed/pagespeed/insights/

Update 24th March 2018 Attacked?

I noticed a spike in and traffic (incoming and threats) on the 24th of March 2018.

I logged into Cloudflare on my mobile device and turned on Under Attack Mode.

Cloudflare was now adding a delay screen in the middle of my initial page load. Read more here. A few hours after the Attach started it was over.

After the Attack

I looked at the bandwidth and found no increase in traffic from my initial host VM. Nice.

Thanks, Cloudflare.

Cloudflare Pros

Enabling Attack mode was simple.
Soaked up an attack.
Free Tier
Many Reports
Option to force HTTPS over HTTP
Option to ban/challenge suspicious IP’s and set challenge timeframes.
Ability to setup IP firewall rules and Application Firewalls.
User-agent blocking
Lockdown URL’s to IP’s (pro feature)
Option to minify Javascript, CSS and HTML
Option to accelerate mobile links
Brotli compression on assets served.
Optio to enable BETA Rocket loader for Javascript performance tweaks.
Run Javascript service workers from the 120+ CDN’s
Page/URL rules o perform custom actions (redirects, skip cache, Encryption etc)
HTTP/2 on, IPV6 ON
Option to setup load balancing/failover
CTO of Cloudflare responded in Twitter 🙂
Option to enable rate limiting (charged at 10,000 hits for $0.05c)
Option to block countries (pro feature)
Option to install apps in Cloudflare like(Goole Analytics,

Cloudflare Cons

No more logging into NameCheap to perform DNS management (I now goto Cloudflare, Namecheap are awesome).
Cloudflare Support was slow/confusing (I ended up figuring out the redirect problem myself).
Some sort of verify Cloudflare Setup/DNS/CDN access would be nice. After I set this up my gtmetrix load times were the same and I was not sure if DNS needs to replicate? Changing minify settings in Cloudflare did not seem to happen.
WordPress draft posts are being cached even though page riles block wp-admin page caching.
Would be nice to have ad automatic Under Attack mode
Now all sub-domains were transferred in the setup ( id did not know for weeks)

Cloudflare status

Check out https://www.cloudflarestatus.com/ for status updates.

Don’t forget to install the CloudFlare Plugin for WordPress if you use WordPress.

More Reading

Check out my OWASP Zap and Kali Linux self-application Penetration testing posts.

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.8 host Command from the OSX CLI

v1.7 Subdomain error

v1.6 Cloudflare Attack

v1.5 WordPress Plugin

v1.4 More Reading

v1.3 added WAF snip

v1.2 Added Google Page Speed Insights and webpage rest results

v1.1 Added Y-Slow

v1.0 Initial post

Using Chrome 65 to measure website Performance, Progressive Web Apps, Basic Practices, Accessibility and SEO

March 4, 2018 by Simon

Chrome 65 beta has added SEO to audits in the Developer Tools Audit tab.

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line.

When you develop any site you need to perform regular audits to ensure it is up-to-date and compliant. Google Chrome has audit tools built right in (Chrome 65 has SEO audit tools (yay)

Chrome 64Developer Tools – Audit tool.

Chrome 64 Audit Scan options

Chrome 64 Audit Results

The performance results seem off given I have set up a CDN, optimized WordPress.

Time to download Chrome 65 beta and get new audit tools.

Chrome version confirmed

Audit Options

Chrome 65 Audit Results

Hmmm, results are different (same website, network and time)

Chrome 64 Audit Results:

Performance: 45
Progressive Web App: 30
Accessibility: 86
Best Practice: 56
SEO: N/A

Chrome 65 BETA Audit Results:

Performance: 24
Progressive Web App: 45
Accessibility: 65
Best Practice: 63
SEO: 90

Google recommends you load pages in under 1s, I would suggest using multiple tools to indicate site speed.

https://gtmetrix.com is a great site for testing your sites speed. I used GT Metrix to move my site from 26s to 6 by setting up a WordPress CDN, moving away from CPanel to a self-managed server on Vultr then to 4s with optimising PHP by setting up child workers.

https://www.webpagetest.org is also good for testing websites.

I will continue to use Chrome Audit Tools for other results like SEO

That’s weird Chrome Audit Tools, I thought I did not have meta tags?

I downloaded the WP Meta SEO plugin, I use the wp command from the SLI (setup guide here)

cd /www/wp-content/plugins/
wget https://downloads.wordpress.org/plugin/wp-meta-seo.3.6.6.zip
unzip wp-meta-seo.3.6.6.zip
rm -R wp-meta-seo.3.6.6.zip

cd /www/wp-content/plugins/

wget https://downloads.wordpress.org/plugin/wp-meta-seo.3.6.6.zip

unzip wp-meta-seo.3.6.6.zip

rm -R wp-meta-seo.3.6.6.zip

I activated the plugin in WordPress the loaded the dashboard. WP Meta SEO asked to import data from the Yoast plugin.

Now I can see my metadata is falling behind.

With WP Meta SEO I was able to apply individual page Meta tags.

I added the following meta tags with WP Meta SEO plugin for each page (the metadata below was for this page)

<meta name="viewport" content="width=device-width, initial-scale=1" />
<meta name="twitter:image" content="https://fearby-com.exactdn.com/wp-content/uploads/2018/02/php_pool_featured.jpg" />
<meta name="twitter:card" content="summary" />
<meta name="twitter:site" content="@FearbySoftware" />
<meta name="twitter:domain" content="Programming, IoT and Server Stuff" />
<meta name="twitter:description" content="How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic" />
<meta name="twitter:title" content="Setup PHP FPM on demand child workers in PHP 7.x" />
<meta property="og:image" content="https://fearby-com.exactdn.com/wp-content/uploads/2018/02/php_pool_featured.jpg" />
<meta property="og:site_name" content="Programming, IoT and Server Stuff" />
<meta property="og:description" content="How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic" />
<meta property="og:url" content="https://fearby.com/article/how-to-setup-php-fpm-on-demand-child-workers-in-php-7-x-to-increase-website-traffic/" />
<meta property="og:type" content="article" />
<meta property="og:title" content="Setup PHP FPM on demand child workers in PHP 7.x" />
<meta name="description" content="How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic" />
<meta name="keywords" content="Setup PHP FPM on demand child workers in PHP 7.x" />
<meta name="title" content="Setup PHP FPM on demand child workers in PHP 7.x" />

fyi

I use the free version of the Yoast for SEO plugin in WordPress. The premium version has a lot more to offer, I might have to check Premium out.

I am now on the hunt for meta plugins for WordPress

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.2 WP-Meta SEO

v1.1 Added webpagetest.org link and results

v1.0 Initial post

How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic

February 26, 2018 by Simon

This blog post will show you how to setup PHP FPM on-demand child workers in PHP 7.x to increase website traffic.

My blog was experiencing a number of slow page loads and often running “sudo service php7.0-fpm restart” would resolve the problem. I have blogged before about setting up Ubuntu Servers on AWS, Digital Ocean and Vultr but this post is about debugging and speeding up PHP on Ubuntu self-managed servers.

Background

I tried the normal tweaks in “/etc/php/7.0/fpm/php.ini” like

memory_limit = 512M

1	memory_limit = 512M

I setup servers like this.

Temporary Fix

I had even set up a temporary NGINX and php7.0-fpm restart ever 5 and 1-minute respectively until I had time to look into this.

*/5 * * * * /etc/init.d/nginx restart
* * * * * sudo service php7.0-fpm restart

1 2	/5 * * * /etc/init.d/nginx restart * * * * * sudo service php7.0-fpm restart

Debug

I checked out the PHP7.0-fpm.log and I found the following

[25-Feb-2018 16:35:35] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[25-Feb-2018 17:02:26] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[25-Feb-2018 17:51:09] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[25-Feb-2018 18:18:51] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[25-Feb-2018 20:58:12] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[25-Feb-2018 21:02:57] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[25-Feb-2018 21:30:58] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[25-Feb-2018 21:35:10] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it
[25-Feb-2018 23:36:28] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 16:35:35] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 17:02:26] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 17:51:09] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 18:18:51] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 20:58:12] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 21:02:57] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 21:30:58] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 21:35:10] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

[25-Feb-2018 23:36:28] WARNING: [pool www] server reached pm.max_children setting (5), consider raising it

Setting up a PHP-FPM pool

Read the official guide here on configuring PHP FPM pools etc.

I edited “/etc/php/7.0/fpm/pool.d/www.conf” and added the following to set up a pool of PHP-FPM servers.

; Note: This value is mandatory.
pm = dynamic

; The number ocf child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 40

; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 10

; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 5

; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
pm.process_idle_timeout = 30s;

; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 250

; Note: This value is mandatory.

pm = dynamic

; The number ocf child processes to be created when pm is set to 'static' and the

; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.

; This value sets the limit on the number of simultaneous requests that will be

; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.

; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP

; CGI. The below defaults are based on a server without much resources. Don't

; forget to tweak pm.* to fit your needs.

; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'

; Note: This value is mandatory.

pm.max_children = 40

; The number of child processes created on startup.

; Note: Used only when pm is set to 'dynamic'

; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2

pm.start_servers = 10

; The desired minimum number of idle server processes.

; Note: Used only when pm is set to 'dynamic'

; Note: Mandatory when pm is set to 'dynamic'

pm.min_spare_servers = 5

; The number of seconds after which an idle process will be killed.

; Note: Used only when pm is set to 'ondemand'

; Default Value: 10s

pm.process_idle_timeout = 30s;

; The number of requests each child process should execute before respawning.

; This can be useful to work around memory leaks in 3rd party libraries. For

; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.

; Default Value: 0

pm.max_requests = 250

You may need more or fewer child processes depending on your needs and free memory.

After editing the PHP-FPM config file restart PHP-FPM

sudo service php7.0-fpm restart

1	sudo service php7.0-fpm restart

Restart Nginx

sudo /etc/init.d/nginx restart

1	sudo /etc/init.d/nginx restart

You will be able to view the PHP child process status by typing the following

service php7.0-fpm status
● php7.0-fpm.service - The PHP 7.0 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.0-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-02-26 00:33:17 AEDT; 5min ago
     Docs: man:php-fpm7.0(8)
 Main PID: 1284 (php-fpm7.0)
   Status: "Processes active: 0, idle: 10, Requests: 56, slow: 0, Traffic: 0.2req/sec"
    Tasks: 11
   Memory: 330.1M
      CPU: 39.558s
   CGroup: /system.slice/php7.0-fpm.service
           ├─1284 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)
           ├─1503 php-fpm: pool www
           ├─1504 php-fpm: pool www
           ├─1505 php-fpm: pool www
           ├─1506 php-fpm: pool www
           ├─1507 php-fpm: pool www
           ├─1508 php-fpm: pool www
           ├─1509 php-fpm: pool www
           ├─1511 php-fpm: pool www
           ├─1512 php-fpm: pool www
           └─1513 php-fpm: pool www

Feb 25 10:33:16 servername systemd[1]: Starting The PHP 7.0 FastCGI Process Manager...
Feb 25 10:33:17 servername systemd[1]: Started The PHP 7.0 FastCGI Process Manager.

service php7.0-fpm status

● php7.0-fpm.service - The PHP 7.0 FastCGI Process Manager

Loaded: loaded (/lib/systemd/system/php7.0-fpm.service; enabled; vendor preset: enabled)

Active: active (running) since Mon 2018-02-26 00:33:17 AEDT; 5min ago

Docs: man:php-fpm7.0(8)

Main PID: 1284 (php-fpm7.0)

Status: "Processes active: 0, idle: 10, Requests: 56, slow: 0, Traffic: 0.2req/sec"

Tasks: 11

Memory: 330.1M

CPU: 39.558s

CGroup: /system.slice/php7.0-fpm.service

├─1284 php-fpm: master process (/etc/php/7.0/fpm/php-fpm.conf)

├─1503 php-fpm: pool www

├─1504 php-fpm: pool www

├─1505 php-fpm: pool www

├─1506 php-fpm: pool www

├─1507 php-fpm: pool www

├─1508 php-fpm: pool www

├─1509 php-fpm: pool www

├─1511 php-fpm: pool www

├─1512 php-fpm: pool www

└─1513 php-fpm: pool www

Feb 25 10:33:16 servername systemd[1]: Starting The PHP 7.0 FastCGI Process Manager...

Feb 25 10:33:17 servername systemd[1]: Started The PHP 7.0 FastCGI Process Manager.

You can use htop (commands here) to see child PHP processes in the pool and to verify free memory.

This command is good for watching free memory on a server

watch -n 1 'free -m'

1	watch -n 1 'free -m'

I prefer to use up free memory (if available) and leave about 100mb free.

Every 1.0s: free -m                                                                                                            Mon Feb 26 00:47:55 2018

              total        used        free      shared  buff/cache   available
Mem:            992         518         120          40         353         280
Swap:             0           0           0

Every 1.0s: free -m Mon Feb 26 00:47:55 2018

total used free shared buff/cache available

Mem: 992 518 120 40 353 280

Swap: 0 0 0

Hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.0 Initial Post

Using the free Adminer GUI for MySQL on your website

February 8, 2018 by Simon

Adminer is a free GUI tool that can you can easily install on a PHP web server. Adminer allows you to easily connect to your MySQL instance, create databases/tables/indexes/rows and backup/import databases and much more.

You can read my other posts on Useful Linux Terminal Commands and Useful OSX Terminal Commands.

I used to use phpMyAdmin to manage MySQL databases on AWS, Digital Ocean and Vultr but switched to Adminer due to forgotten issues. You can always manage MySQL via command line but that is quite boring.

The below screenshots were taken on my local Development Mac Laptop (with optional OSX Apache SSL Setup (that reports “Not Secure” (but it is good enough to use locally)). I prefer to code in SSL and warn when SSL is not detected.

Downloading and Installing Adminer

Navigate to https://www.adminer.org/ and click Download.

Click English only (.php file)

Save the Adminder for MySQL (.php) file to your web server and give it a random name and put in a folder also with a random name (I use https://www.grc.com/passwords.htm to generate strong password).

Tip: Uploading this file to a live serve offers hackers and unauthorized people potential access to your MySQL server. I would remove this file from live serves when you are not using it not to be sure.

Tip: Read my guide here on setting up NGINX, MySQL and PHP here. Basically I did this to setup MySQL on Ubuntu 16.04.

sudo apt-get install mysql-common
sudo apt-get install mysql-server
mysql --version
>mysql Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using EditLine wrapper
sudo mysql_secure_installation
>Y (Valitate plugin)
>2 (Strong passwords)
>N (Don't chnage root password)
>Y (Remove anon accounts)
>Y (No remote root login)
>Y (Remove test DB)
>Y (Reload)
service mysql status
> mysql.service - MySQL Community Server

sudo apt-get install mysql-common

sudo apt-get install mysql-server

mysql --version

>mysql Ver 14.14 Distrib 5.7.19, for Linux (x86_64) using EditLine wrapper

sudo mysql_secure_installation

>Y (Valitate plugin)

>2 (Strong passwords)

>N (Don't chnage root password)

>Y (Remove anon accounts)

>Y (No remote root login)

>Y (Remove test DB)

>Y (Reload)

service mysql status

> mysql.service - MySQL Community Server

TIP: Ensure MySQL is secure and has a good root password, also consider setting up Ubuntu Firewalls and Securing Ubuntu. Also ensure the Server is patched and does not have exploits like Spectre and meltdown.

Now you can access your Admirer php file on your Web Server (hopefully with an obfiscated name).

Click Create databaase

Give the database a name and choose the character coding standard (e.g UTF8 ceneral ci). Different standards have different performance impacts too.

Now that you have a database you can create a table.

Consider adding an auto-incrementing ID and say a Key and Value varchar column.

When the table is created you can add a row to the table.

I created one with a “TestKey” and “TestValue” row.

The row was inserted.

The final thing to do is add a database user that code can connect to the database with. Click Privileges.

Click Create user

Tick All privileges and click Save

Now the user is added to the database

Let’s create a PHP file and talk to the database. Let’s use parameterized queries

<?php

date_default_timezone_set('Australia/Sydney');
echo "Last modified: " . date ("F d Y H:i:s.", getlastmod()) . "<br /><br />";

// Turn on if you need to see errors
// error_reporting(E_ALL);
// ini_set('display_errors', 0);

$dbhost = '127.0.0.1';
$dbname = 'dbtest';
$dbusername = 'dbtestuser';
$dbpassword = '*****************************************'';

$con = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbname);
 
// Turn on debug stuff if you need it
// echo var_dump($con);
// printf(" - Error: %s.n", $stmt->error);
 
if($con->connect_errno > 0){

    printf(" - Error: %s.n", $stmt->error);
    die("Error: Unable to connect to MySQL");

} else {

    echo "Charset set to utf8<br />";
    mysqli_set_charset($con,"utf8");
}
 
if (!$con) {

    echo "Error: Unable to connect to MySQL (E002)" . PHP_EOL;
    echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
    echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
    exit;

} else {

    echo "Database Connection OK<br />";
 
    echo "&nbsp; Success: A proper connection to MySQL was made! The $dbname database is great." . PHP_EOL . "<br />";
    echo "&nbsp; &nbsp;- Host information: " . mysqli_get_host_info($con) . PHP_EOL . "<br />";
    echo "&nbsp; &nbsp;- Server Info: '" . mysqli_get_server_info($con) . "'<br />";
    echo "&nbsp; &nbsp;- Server Protocol Info : ". mysqli_get_proto_info($con) . "<br />";
    echo "&nbsp; &nbsp;- Server Version: " . mysqli_get_server_version($con) . "<br />";
    //echo " - Server Connection Stats: " . print_r(vmysqli_get_connection_stats($con)) . "<br />";
    echo "&nbsp; &nbsp;- Client Version: " . mysqli_get_client_version($con) . "<br />";
    echo "&nbsp; &nbsp;- Client Info: '" . mysqli_get_client_info() . "'<br />";
 
    echo "Ready to Query the database '$dbname'.<br />";
 
    // Input Var's that are parameterized/bound into the query statement
    $in_key = mysqli_real_escape_string($con, 'TestKey');
 
    // Output Var's that the query fills after querying the database
    // These variables will be filled with data from the current returned row
    $out_id = "";
    $out_key = "";
    $out_value = "";
 
    echo "1. About to query the database: '$dbname'<br />";
    $stmt = mysqli_stmt_init($con);

    $sql = "SELECT testid, testkey, testvalue FROM tbtest WHERE testkey = ?";
    echo "SQL: $sql (In = $in_key)<br /";

    if (mysqli_stmt_prepare($stmt, $sql)) {

            echo "2. Query Returned<br />";
            /*
                Type specification chars
                Character   Description
                i   corresponding variable has type integer
                d   corresponding variable has type double
                s   corresponding variable has type string
                b   corresponding variable is a blob and will be sent in packets
            */
            mysqli_stmt_bind_param($stmt, 's', $in_key);
            mysqli_stmt_execute($stmt);
            mysqli_stmt_bind_result($stmt, $out_id, $out_key, $out_value);
            mysqli_stmt_fetch($stmt);
     
            // Do something with the 1st returned row        
            echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value <br />";//

            // Do we have more rows to process
            while($stmt->fetch()) { 
                
                    // Output returned values
                    echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value <br />";//
            
            }
            mysqli_stmt_close($stmt);
            
            echo "Done<br />";
        
        } else {
        
            echo "3. Error Querying<br/>";
            printf(" - Error: %s.n", $stmt->error);
        
        }
}    
?>

100

101

102

103

104

105

106

<?php

date_default_timezone_set('Australia/Sydney');

echo "Last modified: " . date ("F d Y H:i:s.", getlastmod()) . " ";

// Turn on if you need to see errors

// error_reporting(E_ALL);

// ini_set('display_errors', 0);

$dbhost = '127.0.0.1';

$dbname = 'dbtest';

$dbusername = 'dbtestuser';

$dbpassword = '*****************************************'';

$con = mysqli_connect($dbhost, $dbusername, $dbpassword, $dbname);

// Turn on debug stuff if you need it

// echo var_dump($con);

// printf(" - Error: %s.n", $stmt->error);

if($con->connect_errno > 0){

printf(" - Error: %s.n", $stmt->error);

die("Error: Unable to connect to MySQL");

} else {

echo "Charset set to utf8 ";

mysqli_set_charset($con,"utf8");

}

if (!$con) {

echo "Error: Unable to connect to MySQL (E002)" . PHP_EOL;

echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;

echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;

exit;

} else {

echo "Database Connection OK ";

echo "  Success: A proper connection to MySQL was made! The $dbname database is great." . PHP_EOL . " ";

echo "   - Host information: " . mysqli_get_host_info($con) . PHP_EOL . " ";

echo "   - Server Info: '" . mysqli_get_server_info($con) . "' ";

echo "   - Server Protocol Info : ". mysqli_get_proto_info($con) . " ";

echo "   - Server Version: " . mysqli_get_server_version($con) . " ";

//echo " - Server Connection Stats: " . print_r(vmysqli_get_connection_stats($con)) . " ";

echo "   - Client Version: " . mysqli_get_client_version($con) . " ";

echo "   - Client Info: '" . mysqli_get_client_info() . "' ";

echo "Ready to Query the database '$dbname'. ";

// Input Var's that are parameterized/bound into the query statement

$in_key = mysqli_real_escape_string($con, 'TestKey');

// Output Var's that the query fills after querying the database

// These variables will be filled with data from the current returned row

$out_id = "";

$out_key = "";

$out_value = "";

echo "1. About to query the database: '$dbname' ";

$stmt = mysqli_stmt_init($con);

$sql = "SELECT testid, testkey, testvalue FROM tbtest WHERE testkey = ?";

echo "SQL: $sql (In = $in_key)<br /";

if (mysqli_stmt_prepare($stmt, $sql)) {

echo "2. Query Returned ";

Type specification chars

Character Description

i corresponding variable has type integer

d corresponding variable has type double

s corresponding variable has type string

b corresponding variable is a blob and will be sent in packets

mysqli_stmt_bind_param($stmt, 's', $in_key);

mysqli_stmt_execute($stmt);

mysqli_stmt_bind_result($stmt, $out_id, $out_key, $out_value);

mysqli_stmt_fetch($stmt);

// Do something with the 1st returned row

echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value ";//

// Do we have more rows to process

while($stmt->fetch()) {

// Output returned values

echo " - Row: ID: $out_id, KEY: $out_key, VAL: $out_value ";//

}

mysqli_stmt_close($stmt);

echo "Done ";

} else {

echo "3. Error Querying ";

printf(" - Error: %s.n", $stmt->error);

}

Result

If you don’t have a server check out my guides on AWS, Digital Ocean and Vultr.

Happy coding and I hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.0 Initial Version

Using Platforma Web Wireframe Kit to build a website (prototype)

November 24, 2017 by Simon

I have blogged before about building a server for users to install WordPress, optimizing images in WordPress, deploying WordPress via CLI, moving WordPress, speeding up WordPress and securing WordPress but what do you do if you want a non-WordPress site without the support hassles?

Recently I gave the https://platforma.ws iOS prototyping library extensions a test. I was delighted to find they had a Web Wireframe Kit (generation suite) for prototyping and exporting working websites. You can try the free version or buy a licence here.

Creating a Website with Platforma Web Wireframe Kit

Goto https://platforma.ws and click HTML Generator (or click here)

You will be presented with an empty website ready for your attention.

Adding Website Elements

It’s as simple as clicking a purple add button.

This reveals a number of HTML templates samples that you can drag and drop to your website design.

You can then choose a category (e.g “Header”) and see the available samples elements.

Simply drag and drop the elements out into your design.

Now, Let’s click the purple Add (in the top left) button and add a sample Header section, sample Contents, sample Slider, sample Body, sample first Call to Action section, sample Pricing Table, sample second Call to Action section, sample Footer section.

30 seconds later and I have generated designed a site ready to edit the exported HTML.

Exporting Your Site from Platforma

Click on the Export button (in the top right).

I was greeted with the following export screen, this page explains the difference in export options: http://app.platforma.ws/docs/

I don’t need “node.js” or “gulp” “Advanced Version” (PUG + STYLUS) so I’ll choose “Simple Version” (HTML + CSS + JS).

You will need to enter a licence key to continue the export.

The website export download came down just fine.

Code

The code looks ok, I did notice that images were missing alt tags so I added those in.

Any Errors in the Code (in Chrome)?

Nope, Chrome loads the code with no errors.

Testing Online

How about HTML5 and WCAG 2.0 AA

I uploaded the zip file to my server (using the scp command), I could have used SFTP.

scp /local/folder/local-file.zip account@www.server.com:/www/destination-folder/

1	scp /local/folder/local-file.zip account@www.server.com:/www/destination-folder/

I unzipped the site with

sudo apt-get install unzip
unzip filename.zip

1 2	sudo apt-get install unzip unzip filename.zip

The site loads just fine in a web browser

Accessibility

I used https://achecker.ca/checker/index.php to test the site with WCAG 2.0 AA, the only remaining issues I found were in relation to the multiple H1, H2 etc tags (this can be fixed by moving the H CSS code to custom classes and removing H1, H2 etc tags altogether (and reference the custom class matching the H* tags)).

fyi: The potential WCAG problems that were being alerted were in relation to…

My alt tags were potentially short
Potential Colour warnings
Potential Contrast warnings
Missing a “Skip to content” block
Reporting of placeholder graphics and alt tags (a checker is smart)
etc

I tested the sites HTML compliance with https://validator.w3.org/, the code passed with flying colours.

Customizing

I could not find a way to edit the elements in the http://app.platforma.ws/# like the Platforma iOS Adobe XD Kit but you can quickly edit in your HTML after exporting (using your editor of choice like Dreamweaver, Sublime or Notepad).

Conclusion

Platforma Web Wireframe Kit is an essential tool for anyone wanting to build quick web prototype (or even live sites) website for themselves, clients etc. I am very impressed with the code created.

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.1 Added more, fixed a bit.

etc

Improving the speed of WordPress

September 22, 2017 by Simon

This post shows my never ending quest to speed up WordPress for free.

I have used to use WP Total Cache in the past but decided to check out what other recommended, I found this post 6 Best WordPress Caching Plugins Compared. Some WordPress Caching Plugins.

What plugin do I use?

Benchmark (No Caching Plugin)

I tested my site before installing a caching plugin with https://www.webpagetest.org/ and my site was loading in 21s (loading over 141 files).

My site loaded in a terrible 21.3 seconds. My blog is hosted on Jumba (Net Registry) on and Ultimate plan for $25 a month.

My site seems to deliver 70% images so I wonder if a page caching plugin can help?

I do run the EWWW Image Optimizer plugin to automatically compress images when I upload them to my site. Read my blog post on the EWWW Image Optimizer here. I do keep images at a high quality to capture all details.

WP Fastest Cache Plugin

I have decided to try the WP Fastest Cache because it’s source was updated 4 hours ago compared to WP Super Cahches update 5 months ago. Both these plugins offer similar GT Metrix performance improvements and WP Fastest Cache has been tested on WordPress v4.8.

Installing WP Fastest Cache

I looked for the WP Fastest Cache Plugin on the WP plugin directory but it was not there.

I downloaded the latest version WP Fastest Cache from https://wordpress.org/plugins/wp-fastest-cache/

I upload the WP Faster Cache plugin to my site.

I Activated the plugin.

WP Fastest Cache plugin is now installed 🙂

It appears to have auto cached/indexed my site?

Now it’s time to run the same benchmark and see if the site is faster (with the same settings (Singapore chrome))?

1 of 3 test are under way.

WP Fastest Cache Results

Wow WP Fastest Cache loaded my site 2 seconds slower (Try 1 = 23 seconds, Try 2 = 21 seconds and Try 3 = 28 Seconds).

This could have been because of weekend traffic or hosting issues but this was not what I expected.

I disabled the WP Fastest Cache plugin and ran the benchmarks again and it was still 23 seconds (weekend traffic?). I re enabled WP Fastest Cache and re ran the test but no improvement.

My bad I think I needed to manually configure the WP Faster Cache plugin by opening the new WP Faster Cache menu on the left-hand side of the WP admin dashboard.

There I enabled caching options in the WP Faster Cache options.

I ran https://www.webpagetest.org tests again and got 16s, 18s and 16s seconds results in three tests and an A on compressed images. It appears you need to manually configure the WP Total Cache plugin after installing it (I missed this step).

I disable WP Fastest Cache and tried the WP Super Cache plugin and the test results were 29s, 24s, 24s (slower than WP Faster Cache). then tried W3 Total cache and the results were ()

I tried the W3 Total Cache plugin and the results were (30s, 16s 26s).

I Tried Autoptimize and it was tested at 45s.

It looks like WP Faster Cache is the fastest, ill turn it back on until try setup a CDN.

Fast Forward to Sept 2017

Since writing this post I have moved away from a shared C-Panel host and have moved my domain to a self-managed Vultr server closer to me, I have moved my email to Google G-Suite. I have learned how to deploy and manage WordPress by command line tools. I have set up servers on Digital Ocean before but the servers are located in Singapore and not Sydney and latency and scalability was poor. SSL will make sites slower and servers far away will just compound the issues.

Re enabling the WP Fastest Cache Plugin

I tried reinstalling the WP Fastest Cache plugin and for me, the plugin just slows down my site by 6 seconds.

I opened my NGINX config and got my NGINX user

sudo nano /etc/nginx/nginx.conf

1	sudo nano /etc/nginx/nginx.conf

My user is: www-data

I enabled the WP Fastest Cache plugin and ensured the WP Fastest Cache has ownership and access to the cache folder.

sudo chown www-data:www-data /www/wp-content/plugins/cache
sudo chown www-data:www-data /www//wp-content/plugins/cache/all
sudo chmod 755 /www/wp-content/plugins/cache *
sudo chmod 755 /www/wp-content/plugins/cache/all *

sudo chown www-data:www-data /www/wp-content/plugins/cache

sudo chown www-data:www-data /www//wp-content/plugins/cache/all

sudo chmod 755 /www/wp-content/plugins/cache *

sudo chmod 755 /www/wp-content/plugins/cache/all *

Below are the settings I use.

installing the WP-Optimize Plugin

I recommend setting up WP-Optimize plugin as it will optimize your database and keep things fast, it only saves me a second on my load times but this helps.

WP-Optimize will allow for to review database optimizations

Setting up Nginx GZip Compression

I set up my Nginx config to include

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

gzip on;

gzip_disable "msie6";

gzip_vary on;

gzip_proxied any;

gzip_comp_level 6;

gzip_buffers 16 8k;

gzip_http_version 1.1;

gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

I set the minimum size to gzip too

gzip_min_length 20;

1	gzip_min_length 20;

Benchmark with G-Zip, Caching and WP Fastest Cache

With WP Fastest Cache I now load my site in 13.9 seconds from Singapore. Time to disable WP Fastest cache plugin as it does not seem to be helping without linking to a CDN.

Setting up Browser Caching

I also setup browser caching by editing in NginX.

sudo nano /etc/nginx/sites-available/default

1	sudo nano /etc/nginx/sites-available/default

Added

location ~*  \.(jpg|jpeg|png|gif|ico|svg|js|css)$ {
        expires 365d;
}

location ~* \.(jpg|jpeg|png|gif|ico|svg|js|css)$ {

expires 365d;

}

Not sure if caching CSS and JS will cause problems in future?

Benchmark with G-Zip, Caching and without WP Fastest Cache (Singapore)

I re-ran the tests and got 10.9 seconds and got a B for cached content. When in Started on C-Panel I was getting near 30s

Benchmark with G-Zip, Caching and without WP Fastest Cache (Sydney)

I have always benchmarked from Singapore (as Sydney was not an option when I started) but now it is. Out f curiosity is my website load time in Sydney?

8.2 seconds. Distance does affect performance.

Google Speed Insights

Google has an awesome tools to help you increase your benchmark mobile and desktop website speeds and reccomend focus areas to resolve problems: https://developers.google.com/speed/pagespeed/insights/

Mobile Speed Score

Desktop Speed Score

Tips

I was getting SVG files failing compassion tests so I added the following under allowed mime types under “http gzip_types” in /etc/nginx/nginx.conf

image/svg+xml text/html+svg

1	image/svg+xml text/html+svg

Minifying JS and CSS

This needs to be done and 50% of my site files appears to be CSS and JS related.

It looks like 30%~40 of your sites google speed index is related to minified/combined JS/CSS.

I installed the Fast Velocity Minify WordPress plugin.

I ran this to install it from the command line

cd /www/wp-content/plugins#
sudo wget https://downloads.wordpress.org/plugin/fast-velocity-minify.2.2.1.zip
--2017-09-23 19:51:46--  https://downloads.wordpress.org/plugin/fast-velocity-minify.2.2.1.zip
Resolving downloads.wordpress.org (downloads.wordpress.org)... 66.155.40.187, 66.155.40.203, 66.155.40.188, ...
Connecting to downloads.wordpress.org (downloads.wordpress.org)|66.155.40.187|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 821621 (802K) [application/octet-stream]
Saving to: ‘fast-velocity-minify.2.2.1.zip’

fast-velocity-minify.2.2.1.zip 100%[=================================================>] 802.36K   830KB/s    in 1.0s

2017-09-23 19:51:47 (830 KB/s) - ‘fast-velocity-minify.2.2.1.zip’ saved [821621/821621]

cd /www/wp-content/plugins#

sudo wget https://downloads.wordpress.org/plugin/fast-velocity-minify.2.2.1.zip

--2017-09-23 19:51:46-- https://downloads.wordpress.org/plugin/fast-velocity-minify.2.2.1.zip

Resolving downloads.wordpress.org (downloads.wordpress.org)... 66.155.40.187, 66.155.40.203, 66.155.40.188, ...

Connecting to downloads.wordpress.org (downloads.wordpress.org)|66.155.40.187|:443... connected.

HTTP request sent, awaiting response... 200 OK

Length: 821621 (802K) [application/octet-stream]

Saving to: ‘fast-velocity-minify.2.2.1.zip’

fast-velocity-minify.2.2.1.zip 100%[=================================================>] 802.36K 830KB/s in 1.0s

2017-09-23 19:51:47 (830 KB/s) - ‘fast-velocity-minify.2.2.1.zip’ saved [821621/821621]

Unzip

sudo unzip merge-minify-refresh.zip

1	sudo unzip merge-minify-refresh.zip

I activated the plugin and set some settings

Verified minify logs

Google Page Insights can now see the minifies, css, js and html

Google Page Insights – Possible Optimizations

And Google Ad Words and Google Analytics appear to be holding back Google Page Insight scores

I am getting a few false positives with plugins javascript but that can be resolved another day.

Pingdom (Melbourne results)

3.2 seconds, a few false positives though.

I was going to test with https://www.webpagetest.org/ (from Singapore) but the service kept stalling and had too many tests before me (even from Sydney).

Address First Byte Time (todo)

If I look at the first-byte load results in the waterfall view my site is taking many seconds to deliver the first byte, this lowers the performance scores about 20%. I need to setup a CDN and or configure NGINX following this guide based on this manual configuration entry (I tried some of the Nginx settings but it appears I need to compile some performance settings into Nginx).

CDN (todo)

I am sure a Content Delivery Network (CDN) will help with the whole page deliver and first-byte times but I am trying to milk as much free as possible and limit future costs. A CDN will trigger higher monthly costs (any CDN providers want to donate a temporary pro plan for review purposes).

Misc Speed Articles

Yoast has a good site speed article here: https://yoast.com/site-speed-tools-suggestions/
Nginx has a good guide on Nginx performance here: https://www.nginx.com/blog/10-tips-for-10x-application-performance/
Google PageSpeed tips: https://developers.google.com/speed/docs/insights/rules

Configuring Ubuntu for Performance

Preventing applications swapping for disk (read more here)

sudo nano /etc/sysctl.conf

1	sudo nano /etc/sysctl.conf

I added this memory related setting.

vm.swappiness = 1

1	vm.swappiness = 1

This will all but prevent applications writing to disk (swap) when they are not active. I had free memory on my VM so I may as well use it.

I will monitor the free ram after reboot and play with php memory settings.

Setup Lazyload for images in posts

cd /www/wp-content/plugins/
sudo wget https://downloads.wordpress.org/plugin/bj-lazy-load.zip
unzip bj-lazy-load.zip
# activate the plugin

cd /www/wp-content/plugins/

sudo wget https://downloads.wordpress.org/plugin/bj-lazy-load.zip

unzip bj-lazy-load.zip

# activate the plugin

Lazyload Plugin Settings

Placeholder Image ( Image: https://fearby-com.exactdn.com/wp-content/uploads/2017/09/placeholder.jpg )

Web Performance Test from Sydney

8.4 seconds ( Score Card F A A A C, was F F F A F ). I was getting up to 28 second load times with Net Registry C Panel servers.

Static Content is cached but Googe Ad Sence, Google Analytics, and some plugins do block the score. The front page does have some features content that has to be loaded and can’t be minified or cached much.

It is obvious I need to work in the initial websitee load (DNS, CDN or SSL), there sis 3 seconds I can save here.

Configuring PHP for Performance

todo: PHP base config.

todo: PHP caching.

Conclusion

I was expecting WP Fastest Cache to deliver faster speeds but in reality but I am getting 4 seconds faster in WordPress. I was going to configure MaxCDN but they are to expensive. Fast Velocity Minify Plugin is working a treat 🙂

I ended up ditching the shared CPanel hosted domain and setup my own server for WordPress. My site seems a lot faster now. A friend set up CloudFlare with great success, more soon. I blogged about my server setup here.

Adding browser cache and compressing and moving away from CPanel to a self-managed server helped.

The only things to try now is to use a CDN and speed up the delivery of my site and improve the First Byte Time.

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.932 added lazy load information (24th Sep 2017)

v1.952 added small changes (23rd Sep 2017)

etc

Personal Development Blog

Coding for fun since 1996, Learn by doing and sharing.

Create your own server on UpCloud here

Follow me on Twitter: @FearbySoftware

View My Old Hobby /blog/

View All Posts.

website

Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare

Using the Qualys FreeScan Scanner to test your website for online vulnerabilities

Setting up a website to use Cloudflare on a VM hosted on Vultr and Namecheap

Using Chrome 65 to measure website Performance, Progressive Web Apps, Basic Practices, Accessibility and SEO

How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic

Using the free Adminer GUI for MySQL on your website

Using Platforma Web Wireframe Kit to build a website (prototype)

Improving the speed of WordPress

Popular

Security

Code

Tech

Wordpress

General