Replacing Apache with NGINX on an AWS Linux server

So I had a huge amount of pain with this and felt it would make sense to collate the action points I’d taken to transition to NGINX.

This was for a working Magento setup, and I just needed to replace the memory-bleeding Apache with something friendlier.

yum install nginx
yum install php-fpm php-common
yum install php-pdo php-mysqlnd php-mysql

Now we have nginx, php-fpm etc installed. Great stuff! Let’s get it running now

chkconfig php-fpm on
service php-fpm start
(NOTE: config at /etc/php-fpm.conf and /etc/php-fpm.d/ if you need it)

Now php-fpm is running. If you like you can telnet localhost:9000 and test it – be sure not to open this port to outsiders as it can be a potential security risk… My AWS config blocks port 9000 outside.

Editing: /etc/nginx/nginx.conf
removed comment from the line "gzip on"
changed the port number from 80 to 81 (for initial testing)
chkconfig nginx on (because I'm sure this is going to work :)
service nginx start
(NOTE: config at /etc/nginx/nginx.conf if you need it)

AND THEN, IT FAILED!! Rofl, so I needed to figure out some serious stuff – which took as much as 20-25 minutes!

What caught me off guard was the nginx.conf server {} config part

listen 81;
 server_name localhost;
 root /var/www/html;

location / {
# THIS IS MOST IMPORTANT - DO NOT MISS
 try_files $uri $uri/ @handler;
 expires 30d;
 }

# Good security measures
 location /app/ { deny all; }
 location /includes/ { deny all; }
 location /lib/ { deny all; }
 location /media/downloadable/ { deny all; }
 location /pkginfo/ { deny all; }
 location /report/config.xml { deny all; }
 location /var/ { deny all; }


 location ~ \.php$ {
# if you uncomment this you will be in hell 
  #root html;
 fastcgi_pass 127.0.0.1:9000;
 fastcgi_index index.php;


# the line below does not contain document_root by default - you NEED to add it in there!!
 fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 include fastcgi_params;
 }

# the following 2 pieces are very important too - not there by default
 location @handler {
 rewrite / /index.php;
 }

location ~ .php/ {
 rewrite ^(.*.php)/ $1 last;
 }

Software projects, for BSc IT or Engineering students

We all know this by now – I won first prize in all the software competitions I’ve ever participated in. Ever since then, I’ve been asked to give ideas for BSc IT or Engineering students’ final year projects time and time again. Funny thing is all though running Wherrelz IT Solutions we made a lot of projects (over 300 up until 2009) but only agreed to take on a few students/interns for their live projects. Anyways, I think we’re now ready to offer guidance to budding engineers or ‘bachelors’ (lol) of science IT with their final year projects – includes: 1. Select a project 2. Construct the framework 3. Write the project plan 4. Create the project (programming et al) 5. Write project documentation 6. Implement design and make a complete product Which I should note was missing in my time! If you find this interesting feel free to contact me on +91.9820760253

Marketing ‘training’

How often have you announced a new training session for your team just to hear them groan “Not another training! It’s boring!!”

Sadly despite technology being an ever-changing field few people realize the advantages of consistent learning and continue to muck through work on a day to day basis. In my mind that really is foolish… Continued learning means:

1. You’re always up to date with the latest in your field

2. You remain learning-active, and thus learning remains relatively easy even with sudden changes in your field

3. Those around you remain continually encouraged to learn something new

4. The value of brand “you” does not fade over time – it grows.

But of course when you want your team to continue learning vs to continue wanting to learn, that’s two different things. Often companies sponsor expensive training for their employees and find the training is put to little or no use – sometimes the training itself becomes key to that person’s next job, instead of solidifying their role in their current organization.

Why does that happen? Simple: people want to grow as they learn, so if you’re being trained on ‘project X’ and you’re never going to use ‘project X’ in your current role, you will naturally want to move out of the organization into a place where you CAN use it. If you’re given a ‘free’ course on basics – and you like it and understand it and use it on a daily basis – and then not allowed to take the intermediate course (and thus not allowed to grow into the next possible position) you’ll of course want to leave.

The solution is clear, provide growth along with the opportunity to learn, and you will have people sticking around longer, work better, feel happier and generally not want to really shift jobs too early.

When you do some “internal marketing” – and get buy-in from your team before you have a course – and then increase their responsibilities proportionally, you will see a much better, more positive response from them.

My experience with the Dell Venue 8 Pro

Let’s start with the ‘bad’ bit first before we come to the ‘good’ bit. As always I will be unbiased in my judgement, and I’m continuing to use the device so it can’t be ALL bad….

In a word – Nauseating. With an average of 4-5 ‘hang’s per day I was already getting sick of the device until this morning when it comes up with a smart ‘Hard drive not found’ message.

Wtf, I mean you can’t even open the device let alone fiddle around with the hard drive…. 2 reboots didn’t fix it so tried again after removing both the sim card and the micro SD – and it booted (finally).

For a device that costs 41K you expect it to be more stable than my HP Probook 4440 (which cost Rs 36K) – but I’m happy to note that my choice of HP is better any day. Specially since it’s never malfunctioned for a whole of 1.6 years now.

On the good side – it’s a stable (until it hangs, 4-5 times a day) device that allows me to check email, read newsletters, watch movies, listen music and generally remain engrossed in office work on-the-move.

Disk read speed is pretty quick, playing an HD movie at 8x rate (muted) while on a Skype call doesn’t even slow it down. Camera is below average for a 5 megapixel device.

Overall, I’d say give them a couple of years to get it right or go for the HP.

Open source suddenly insecure?

If you haven’t heard of the Heartbleed bug in the past month or so, and you use computers – you seriously need to refresh your knowledge. The fundamental concept of “Open source is good because so many developers contributed to it” has been proved to be a myth as of the 7th of April 2014.

A major vulnerability in the OpenSSL crypto library that’s thrown open ‘private’ keys to hackers – affects half a million of the internet’s web servers and possibly billions of internet users. And could affect transactions to the tune of billions of dollars – all for some FREE software??

May have been a better choice to spend on some quality.

According to wikipedia, an analysis on GitHub of the most visited websites on April 8, 2014 revealed vulnerabilities in many including Yahoo!ImgurStack OverflowSlate, and DuckDuckGo.[89][90][91] The following sites have services affected or made announcements recommending that users update passwords in response to the bug:

The Canadian federal government temporarily shut online services of the Canada Revenue Agency (CRA) and several government departments over Heartbleed bug security concerns.[116][117]

Platform maintainers like the Wikimedia Foundation advised their users to change passwords.[113]

The servers of LastPass were vulnerable,[118] but due to additional encryption and forward secrecy, potential attacks were not able to exploit this bug. However, LastPass recommended that its users change passwords for vulnerable websites.[119]

The Tor Project recommended that Tor relay operators and hidden service operators revoke and generate fresh keys after patching OpenSSL, but noted that Tor relays use two sets of keys and that Tor’s multi-hop design minimizes the impact of exploiting a single relay.[15] 586 relays later found to be susceptible to the Heartbleed bug were taken off-line as a precautionary measure.[120][121][122][123]

Broadcom NetXtreme Gigabit Ethernet running at 100Mbps

In a funny turn of events we noticed one of the Broadcom NetXtreme Gigabit Ethernet points on our server (HP’s DL380 G8) was running at just 100Mbps. A closer look at the adapter settings showed no option for 1000Mbps / 1Gbps!!

Important to remember: All Broadcom chips have an “Auto” option that also includes 1000Mbps / 1Gbps – unlike the Intel NICs which say “Auto 1000Mbps” the Broadcom guys didn’t feel it necessary to mention ‘Gigabit’ except in the name of the NIC.

Swapping the network cable resolved this issue immediately. Next time when the office is painted, we need to remember to hide the good cables… else the dummies here use LAN cabling as a tie wire for the power cabling, and then smother the whole thing with a liberal coat of paint.

Happy May!

May day, MAY DAY! Yes it’s the first of May – and I’ve lost (sob, sniff) the whole of April. I was planning to post about my research, Doctor On Call, internet governance and a host of other things (including my needle phobia and 2 really cute chicks) but got tied up doing nothing.

Two cute chicks
Two cute chicks

I wonder, how did people look busy before computers… A mystery we’ll never solve.

ONWARD!

If I’m researching e-governance applicability for www.doctoroncall.org

doconcall Does that make me an electronic health records system technologist? Or a medical records system researcher? I wonder.

Simply put, Doctor On Call is a blend between a electronic health records system and a e-Triage system. This is in fact the first of it’s kind in India that offers true niche benefits.

The service coverage is:

  1. Electronic medical records systems
  2. Emr systems (to help maintain the software medical records)
  3. Naturally free e-Triage would be included for all participants of the programme, which is one of the key benefits of ehr (and emr, but a little different for both).

Interestingly the organization does not offer electronic medical software, but instead focuses on ehealth services – what I would call a more ‘wholesome’ approach.

I will be posting updates on what happens with this over a period of time as my research unravels. Keep reading!

More developments on Ocuara

I’ve been working on developing various fragments of Ocuara. All of this is of course in HTML5/Canvas; so it makes an interesting HTML5/WebGL capability preview as well.

shuttle

The Lunar Lander! Ok this is relatively simple, but took only about an hour to develop. Basically when you reach one of the later levels in Ocuara you will be able to purchase a Space Shuttle and ‘mine’ asteroids and suchlike. The idea of this preview is to demonstrate the ‘landing’ part of the deal. Naturally you’ll have one bit of ‘launch’-ing, some travel, and one bit of mining after you land (all 3 are pending :)) but you can see this and send me your feedback on chaitanyabd@gmail.com.

still

The second demo is a Distillery. I guess this is the first “Distillery” game out there – you’re given 500L of Mash (ground up pre-fermented raw material for producing alcohol). You simply need to click through the steps to ‘purify’ it into its final stage – clear alcohol. You need to adjust temperatures, maintain fluid levels and empty out the still tank once its nearly full – quite a click-heavy adventure. And good learning too!

Naturally all of this is purely for fun, and you must not do any of this at home. Just play the game and enjoy!! It’s all free.

Research about my Internet and e-Governance research!