major.io words of wisdom from a systems engineer

Woot! Eight years of my blog

The spring of 2015 marks eight years of this blog! I’ve learned plenty of tough lessons along the way and I’ve made some changes recently that might be handy for other people. After watching Sasha Laundy’s video from her awesome talk at Pycon 2015, I’m even more energized to share what I’ve learned with other people. (Seriously: Go watch that video or review the slides whether you work in IT or not. It’s worth your time.)

Let’s start from the beginning.

History Lesson

When I started at Rackspace in late 2006, I came from a fairly senior role at a very small company. I felt like I knew a lot and then discovered I knew almost nothing compared to my new coworkers at Rackspace. Sure, some of that was impostor syndrome kicking in, but much of it was due to being in the right place at the right time. I took a lot of notes in various places: notebooks, Tomboy notes, and plain text files. It wasn’t manageable and I knew I needed something else.

Rackspace ZeppelinMany of my customers were struggling to configure various applications on LAMP stacks and a frequent flier on my screen of tickets was WordPress. I installed it on a shared hosting account and began tossing my notes into it instead of the various other places. It was a bit easier to manage the content and it came with another handy feature: I could share links with coworkers when I knew how to fix something that they didn’t. In the long run, this was the best thing that came out of using WordPress.

Fast forward to today and the blog has more than 640 posts, 3,500 comments, and 100,000 sessions per month. I get plenty of compliments via email along with plenty of criticism. Winston Churchill said it best:

Criticism may not be agreeable, but it is necessary. It fulfils the same function as pain in the human body. It calls attention to an unhealthy state of things.

I love all the comments and emails I get - happy or unhappy. That’s what keeps me going.

Now Required: TLS (with optional Perfect Forward Secrecy)

I’ve offered encrypted connections on the blog for quite some time but it’s now a hard requirement. TLS 1.0, 1.1 and 1.2 are supported and the ciphers supporting Perfect Forward Secrecy (PFS) are preferred over those that don’t. For the super technical details, feel free to review a scan from Qualys’ SSL Labs.

You might be asking: “Why does a blog need encryption if I’m just coming by to read posts?” My response is “Why not?”. The cost for SSL certificates in today’s market is extremely inexpensive. For example, you can get three years on a COMODO certificate at CheapSSL for $5 USD per year. (I’m a promoter of CheapSSL - they’re great.)

Requiring encryption doesn’t add much overhead or load time but it may prevent someone from reading your network traffic or slipping in malicious code along with the reply from my server. Google also bumps up search engine rankings for sites with encryption available.

Moved to nginx

Apache has served up this blog exclusively since 2007. It’s always been my go-to web server of choice but I’ve taken some deep dives into nginx configuration lately. I’ve moved the blog over to a Fedora 21 virtual machine (on a Fedora 21 KVM hypervisor) running nginx with PHP running under php-fpm. It’s also using nginx’s fastcgi_cache which has really surprised me with its performance. Once a page is cached, I’m able to drag out about 800-900 Mbit/sec using ab.

Another added benefit from the change is that I’m now able to dump my caching-related plugins from WordPress. That means I have less to maintain and less to diagnose when something goes wrong.

Thanks!

Thanks for all of the emails, comments, and criticism over the years. I love getting those emails that say “Hey, you helped me fix something” or “Wow, I understand that now”. That’s what keeps me going. ;)