Category: GNU/Linux

Stuff about GNU/Linux distro, tips and tricks or information

Posted on

How to install NGINX with PageSpeed module in Ubuntu LTS / Debian

UPDATE: You can now install NGINX with PageSpeed in Ubuntu LTS with deb package: https://blog.mypapit.net/2015/08/install-nginx-with-pagespeed-using-deb-for-ubuntu-lts-amd64.html

INSTALLING NGINX USING UBUNTU APT-GET SOURCE
PageSpeed modules are open source modules developed by Google Inc that can perform website optimization to ensure faster site delivery, automatically.

PageSpeed module is not included in NGINX installation in Ubuntu or Debian. So you need to recompile NGINX together with PageSpeed module, to enable its functionality.

You can install NGINX 1.8.0 with PageSpeed for Ubuntu 14.04 LTS here, using dpkg:
or you can compile it from source code using apt-get.

There are several steps to this method, first you need to get the latest nginx stable (or mainline) from PPA (optional)

#this step is optional, only if you want to get the latest Ubuntu version of nginx

sudo apt-get -y install software-properties-common

sudo -s

nginx=stable # use nginx=development for latest development version
add-apt-repository ppa:nginx/$nginx

apt-get update 

apt-get -y upgrade

Then, you’ve to install dpkg-dev, unzip utility and nginx source from apt repository 

apt-get -y install dpkg-dev unzip

apt-get install nginx

apt-get source nginx

After that, you need to download PageSpeed module, this instruction is adapted from

https://developers.google.com/speed/pagespeed/module/build_ngx_pagespeed_from_source

**note replace ${NGINX_VERSION} with the version of NGINX available from apt-get, in my case – its “1.8.0”

cd
export NPS_VERSION=1.9.32.4
export NGINX_VERSION=1.8.0

wget -c https://github.com/pagespeed/ngx_pagespeed/archive/release-${NPS_VERSION}-beta.zip

unzip release-${NPS_VERSION}-beta.zip

cd ngx_pagespeed-release-${NPS_VERSION}-beta/

wget -c https://dl.google.com/dl/page-speed/psol/${NPS_VERSION}.tar.gz

tar -xzvf ${NPS_VERSION}.tar.gz

cd nginx-${NGINX_VERSION}

Install all build dependencies (your configuration may varies, but i keep it within default Ubuntu configuration.

apt-get -y install libpcre3-dev libssl-dev libxslt1-dev libgd-dev libgeoip-dev geoip-bin geoip-database libpam0g-dev zlib1g-dev memcached

Then configure nginx, remember to replace ${NGINX_VERSION} with your current version of NGINX. In my case, its “1.8.0”

cd nginx-${NGINX_VERSION}

./configure  --with-cc-opt='-g -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=debian/modules/nginx-auth-pam --add-module=debian/modules/nginx-dav-ext-module --add-module=debian/modules/nginx-echo --add-module=debian/modules/nginx-upstream-fair --add-module=debian/modules/ngx_http_substitutions_filter_module --sbin-path=/usr/local/sbin --add-module=$HOME/ngx_pagespeed-release-${NPS_VERSION}-beta

After that, run make and make install

make

make install

The newly compiled nginx will be installed in “/usr/local/bin” without overwriting the original binary file.

Create nginx-pagespeed /etc/init.d file

Optionally you may duplicate nginx in init.d, and rename it to nginx-pagespeed, and stop the original nginx server

cp /etc/init.d/nginx /etc/init.d/nginx-pagespeed

sed -i 's|/usr/sbin/nginx|/usr/local/sbin/nginx|g' /etc/init.d/nginx-pagespeed

service nginx stop

You may also enable basic PageSpeed config in /etc/nginx/conf.d/

nano /etc/nginx/conf.d/pagespeed.conf

And add these basic PageSpeed config

#file /etc/nginx/conf.d/pagespeed.conf
        pagespeed on;
        pagespeed FetchWithGzip on;

        pagespeed FileCachePath /run/shm/pagespeed_cache;
        pagespeed RewriteLevel CoreFilters;

Save the file, and test nginx config, after that, start nginx-pagespeed service.

/usr/local/sbin/nginx -t

service nginx-pagespeed start

**Note: This instruction has been tested under Ubuntu 14.04 LTS with nginx 1.8.0 from ppa:nginx/stable respository. The LTS is chosen because it has much longer support for server, and nginx 1.8.0 supports both spdy 3.1 and latest PageSpeed.

***Please share any thoughts or opinion or suggested correction if this guide didn’t work for you. Thanks!!

Recommended Reading

Posted on

How to change timezone in Ubuntu / Debian from command-line

This guide assumes that you use Ubuntu or Debian-based GNU/Linux distro. There are two ways to change timezone from bash command line.

sudo dpkg-reconfigure tzdata

or,

sudo ln -sf /usr/share/zoneinfo/Asia/Kuala_Lumpur /etc/localtime

You can also specify other timezone in the second method, for example:

sudo ln -sf /usr/share/zoneinfo/GMT /etc/localtime

or for Eastern Standard Time (US)

sudo ln -sf /usr/share/zoneinfo/EST /etc/localtime

This command is handy when administrating multiple servers across different continents.

Posted on

FastSSH.com – free SSH tunnelling account !

FastSSH.com is a provider for FreeSSH account, which can be use for secure tunneling account or to avoid from Firewall.

User has to select SSH account from a set of locations (refer to picture below), which has its own features and limited. (ie: some server offer protocol forwarding in UDP and TCP, while some impose limit on 500 connections/day).

fastssh-selection

Creating an account is as easy as filling the “Account Creation Form”, which does not require email. Account created through FastSSH is valid for SEVEN(7) days.

fastssh-selection-4

However, I personally do not use FastSSH as I’ve my own box, and relying on a 3rd party SSH provider for my tunneling needs would pose security concerns over sensitive data. You’ve been warned.

*FastSSH does not offer UNIX shell, instead it only offers SSH tunneling service. See Simple SSH Tunelling Tips and SSH port forwarding in Microsoft Windows for more information on SSH tunelling

Posted on

Simple SSH Tunnelling tips

SSH tunelling is usually used to avoid firewall restriction or to ensure point-to-point encrypted communication.

For example, if you want to send email to smtp server “smtp.yourserver.com” on port 587, but your organization currently blocking smtp port 25 and 587, then you can benefit from SSH tunelling to avoid from being blocked.

To get around that, you need an intermediate server, fastssh.com currently provide SSH tunneling service with 7days trial account.

Simple SSH tunnelling command, if you’re using fastssh.com service.

ssh -f fastssh.com-username@sg.fastssh.com -L 2000:smtp.yourserver.com:587 -N

So in your mail setting, you can safely put, SMTP Server = “127.0.0.1”, SMTP port = “2000” in your setting, in order to automagically connect to “smtp.yourserver.com” port 587 without firewall restriction.

Please refer here, for port forwarding in Microsoft Windows environment using PuTTY

Posted on

How to Optimize and speed up PHP with OPCache

PHP 5.5 and 5.6 comes with OPCache. OPCache speeds up PHP execution by storing precompile bytecode of PHP in shared memory. Taking advantage of fast memory operations compared to hard disk operation, OPCache eliminates the process of having to read PHP scripts from the disk each time whenever a script must be executed.

In short, OPCache saves the time needed to serve PHP-powered websites!

How to enable OPCache?
This tutorial is written from Ubuntu 14.04 LTS standpoint – using php5-fpm, but it should also work for other Linux distro.

  1. First edit ‘/etc/php5/fpm/php.ini‘ file.
  2. Find “opcache” section in the PHP ini.
  3. Uncomment and change opcache.enable to opcache.enable=1
  4. Do the same for >opcache.memory_consumption, changed its value from 64 to 128 (or 256)
  5. Change opcache.interned_strings_buffer from 4 to 16
  6. Changed the opcache.max_accelerated_files to 8192

Activate OPCache with php5enmod command.

sudo php5enmod opcache

Save file and restart php5-fpm. 

sudo service php5-fpm restart

PHP OPCache should be running on your server now. Here’s a reference of /etc/php/fpm/php.ini file in Ubuntu 14.04 LTS.

[opcache]
; Determines if Zend OPCache is enabled
opcache.enable=1

; Determines if Zend OPCache is enabled for the CLI version of PHP
opcache.enable_cli=0

; The OPcache shared memory storage size.
opcache.memory_consumption=128

; The amount of memory for interned strings in Mbytes.
opcache.interned_strings_buffer=16

; The maximum number of keys (scripts) in the OPcache hash table.
; Only numbers between 200 and 100000 are allowed.
opcache.max_accelerated_files=8192

BONUS: How to verify whether PHP OPCache is running ??
You can verify whether OPCache is running by using opcache-status by Rasmus Lerdorf. Just drop the script in one of your web directory and browse. If you’re not a Git fan, I’ve also have taken the liberty of mirroring the download: opcache-status.zip

opcache-status screenshot
opcache-status-ss

Posted on

How to check if your website supports SPDY 3.1

Although Google has announce to drop SPDY support by early February 2016 in favor of HTTP/2, SPDY remains the best HTTP protocol extension to maximize compression and reduce webpage load latency.

The current and final SPDY implementation supported by Mozilla Firefox and Google Chrome is SPDY/3.1.

In order to check if your webserver supports SPDY 3.1, just simply:

  1. Go to your website, eg: https://blog.mypapit.net/
  2. Using Chrome, type – “chrome://net-internals/#spdy” at the addressbar
  3. You should see your website name and spdy/3.1 protocol listed, refer to Screenshot below

spdy

Additionally, you could go to spdycheck.org to check if your web server supports SPDY.

Have fun!