Giving Cloudbric A Try, But I Still Love Cloudflare

Going to try Cloudbric here for a while to see how exactly it compares to Cloudflare

Longren.io will be unavailable for possibly up to 48 hours. As soon as I’ve published this post, I’ll be updating my nameservers to point to Cloudbric, almost feels like cheating on Cloudflare, they’ve been very good to me.

I’ve been using Cloudflare for quite a while, nearly since it became available to the public. I love them and all the services they provide, especially with a Pro (or Enterprise) account. Cloudflare costs money though (if you want certain added protections), and many smaller websites don’t use a lot of bandwidth and aren’t provided the protections they should receive with Cloudflare.

Cloudbric aims to solve that by providing all the features Cloudflare provides (from what I’ve been told at least) for free as long as your site doesn’t use more than 4GB of bandwidth per month. I only have a few Pro sites with Cloudflare (longren.io being one of them), but am trying to cut back on the number of online services I pay for monthly, so this makes sense on a financial level if nothing else.

I’d never heard of Cloudbric until they got in touch with me via direct message on Twitter and introduced me to their services. They appear to provide everything that Cloudflare’s Enterprise service provides, glad they saw one of my tweets praising Cloudflare and decided to get in touch.

Cloudbric has been around for a while (15 years or so I believe) and I talked to one of their reps quite a bit about how what they provide is better than Cloudflare (other than the usage based cost, of course).

Here’s what he said:

1. Unlike other website protection services including Cloudflare, Cloudbric provides full-coverage website protection. Even though Web Application Firewall (WAF) and DDoS Protection features are crucial for website protection, these options cost at least $200/month from Cloudflare. Cloudflare’s free plan does not protect web application layer 3, 4, and 7, which makes it pointless.

2. Our usage-based plan, rather than options plan, allows even free users to enjoy the most comprehensive security service. There are no charges for extra add-ons or features for more security. Users can enjoy all the features for FREE up to 4GB of traffic monthly.

Here’s a handy table from the Cloudbric website showing a feature comparison with similar providers like Cloudflare, Sitelock, and Incapsula.

FEATURES Cloudbric Incapsula SiteLock Cloudflare
Advanced DDoS Protection(Layer 3, 4, 7) FREE $299 /mo Enterprise $200 /mo
PCI-Certified Web Application Firewall(WAF) FREE $59 /mo $299 /mo $20 /mo
Global Content Delivery Network FREE $19 /mo $99 /mo $20 /mo
Web Opimization FREE $19 /mo $99 /mo $200 /mo
OWASP Core Rule Set FREE $59 /mo $99 /mo $20 /mo
Reputation-based Threat Protection FREE $59 /mo $299 /mo FREE
Board Spam Protection FREE $59 /mo X X
Block Visitors by IP or country FREE $59 /mo X FREE
Login Protection FREE $59 /mo X X
SSL Support FREE $19 /mo FREE FREE

Figured I’d try it out on this site as it gets the most traffic out of my personal sites, and if everything’s cool, I’ll eventually be moving all clients over to Cloudbric. Just wish they had a way to import existing DNS records, some of my domain names have at least 50 sub-domains.

Longren.io subscribers will get this post via email, but longren.io could be down for up to 48 hours while stuff updates. I’ll update this post or maybe write a new one after I’ve used Cloudbric for a few days. You should at least check them out, especially if you’re using Cloudflare for a site that doesn’t get enough traffic to make it worth paying for.

I really don’t want to leave Cloudflare, but if Cloudbric stacks up, I’m afraid I’ll have to.

Update: After updating nameservers for longren.io to Cloudbric, an SSL issue was found. I went back to Cloudflare immediately, and within about an hour Cloudbric’s engineering team had a solution worked out. It sounds like they’ll be rolling the fix out on Monday June 29. So until then, longren.io will be on Cloudflare. I’ll post info about the issue in detail after Cloudbric has officially announced it or made the fix active.

SSH Private Key Authentication Tip

So easy to miss, but so important for SSH Private Key Authentication

I don’t allow password logins on any of my servers. Can only login via SSH key based authentication. No root login is allowed, and I specify every user that’s allowed to login via SSH, ie: me.

If you’re a regular here, you know I love DigitalOcean. They have a very nice tutorial on setting up SSH private key login, even walking you through creating SSH keys if you don’t already have one, and even adding that key to your DigitalOcean account.

None of that will be of interest to you if you already know how to generate SSH keys.

I’ll SSH into my new Droplet, only to be rejected. I immediately know why, because it’s happened so many times. It’s due to incorrect permissions on your Droplet, VPS, server, whatever.

For SSH private key authentication to work, the ~/.ssh/authorized_keys file and the ~/.ssh folder need specific permissions:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Run that, and then try logging in via SSH to your Droplet from your local machine. Should go this time.

If you still can’t login to your remote system, something else is likely wrong. If that’s the case, you’ll want to start at the top of the DigitalOcean post about setting up SSH private key authentication and just follow the steps.

After you’ve followed those steps, change permissions on the ~/.ssh/authorized_keys file again and on the ~/.ssh folder again. Like so from your terminal:

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

I’m curious…

Do you allow password logins over SSH?

View Results

Loading ... Loading ...

If you do allow password logins, I’d love to hear what scenario causes you to need to allow password logins. Let me know in the comments if you don’t mind.

Using Gmail SMTP Servers to Send Email From WordPress on DigitalOcean

Use Gmail SMTP Servers for Sending Emails from WordPress

After quite a bit of back and forth between sendmail, postfix, and exim, I’ve settled on using msmtp for sending emails from my servers/droplets at DigitalOcean (affiliate link).

MSMTP is very lightweight and has the ability to send emails via an existing SMTP server, like Gmail’s or Yahoo’s.

To get it working, there’s a few tricks. I’ve pieced this together from this post and this post. And when on DigitalOcean, there’s an IPv6 issue that causes major delays in sending the email, which there’s a fix for at the end of this post.

1. Install msmtp

sudo apt-get install msmtp

2. Configure msmtp to use Gmail

Open up /etc/msmtprc as root: sudo nano /etc/msmtprc, and add the following, removing whatever else is there:

# Gmail/Google Apps
account  gmail 
host   smtp.gmail.com 
port   587 
from   [email protected]
user   [email protected]
password  enter-password-here!
auth   on 
tls   on 
tls_trust_file /etc/ssl/certs/ca-certificates.crt 
 
# Default account to use
account default : gmail

You’ll want to replace the user directive with a valid Gmail email address, a Gmail account or a Google Apps email address will work, too. Don’t forget to change enter-password-here! to the actual password for the Gmail account your using.

Save /etc/msmtprc.

3. Remove Sendmail

Run this:

sudo apt-get remove sendmail-bin

4. Setup Some Aliases

Lots of software on Linux systems uses the sendmail command. Instead, we’re using msmtp, so we’re essentially invoking msmtp when the sendmail command is run.

sudo ln -s /usr/bin/msmtp /usr/sbin/sendmail
sudo ln -s /usr/bin/msmtp /usr/bin/sendmail
sudo ln -s /usr/bin/msmtp /usr/lib/sendmail

5. Tell PHP About msmtp

First, locate your php.ini file that’s being used by Apache. It’s typically in /etc/php5/apache2/php.ini. If that’s not it, use PHP’s phpinfo() function to find the location of your php.ini file.

Find sendmail_path = in php.ini and replace it with this:

sendmail_path = "/usr/bin/msmtp -t"

Now you should be able to send mail using PHP’s mail() function, which will use the Gmail SMTP server to send emails. Add this to a PHP file and access it through your browser to see if it works:

<?php
if(mail("[email protected]","A Subject Here","Hi there,nThis email was sent using PHP's mail function."))
print "Email successfully sent";
else
print "An error occured";
?>

6. Disable IPv6 If You Experience Slowness

Open up /etc/gai.conf like so:

sudo nano /etc/gai.conf

Now, look for a line that looks like this: #precedence ::ffff:0:0/96 100. Uncomment that line (remove the #) and save /etc/gai.conf. An explanation of why this helps can be found in this comment at the DigitalOcean article.

All Done

That should be it. If you run into any issues please do leave a comment, I’ll do my best to help you out. I may have missed a part, so no guarantees this will work for you. It does however work wonderfully on a DigitalOcean droplet that’s running Ubuntu 14.04 with a pretty standard LAMP stack.

You should now be able to send email from WordPress on DigitalOcean.

Passwds.io Source Available on GitHub

Now on GitHub

Took a bit longer than I wanted, but the source for passwds.io is up on GitHub now.

It’s extremely simple, using Twitter Bootstrap, straight PHP, jQuery, and the jQuery prettySocial plugin for the social buttons at the bottom of the site.

Passwords are generated using pwgen-php from Superwayne. pwgen-php was forked a couple years ago by Roderik van der Veer, which I was unaware of.

I’ll be updating to the somewhat newer pwgen-php library from Roderik at some point.

Basically, an AJAX request is sent to a PHP file, grabbing the requested passwords, and then the results are displayed.

Pretty simple. Let me know if you have suggestions or questions. Please be kind, I threw this together in about an hour one evening.

Quickly Deploy LAMP Stacks with ServerPilot

Easily Deploy LAMP Stacks, and it’s free

I have yet to use ServerPilot, but will be setting up a new VPS at DigitalOcean in the coming weeks for a new venture. ServerPilot makes getting a LAMP stack setup very quickly.

ServerPilot will automatically install Nginx, Apache, PHP, and MySQL on a new, freshly installed/created, 64-bit Ubuntu 12.04 or Ubuntu 14.04. So if you’re using DigitalOcean, create your Droplet, and SSH to it. You should be able to harden SSH up a little, but make sure you don’t install any new packages yet.

Getting Started

Getting started with ServerPilot is crazy easy. All you need to be able to do is SSH into your server and run a command. I highly doubt anyone reading this doesn’t know how to do this. If you don’t, Google will tell you how.

1. Sign Up

Sign up for a free account with ServerPilot.

2. Connect A Server

“Connect” a new server. Just enter your servers hostname and click the “Continue With Setup” button. Screenshot below.
serverpilot-connect-server

3. Run The Install

Connect to your server via SSH. Remember, it must be a new server, preferably with no additional packages installed yet. To install Nginx, Apache, PHP, and MySQL, run the command below, from this gist:

The --server-id and --server-apikey values will be provided for you, they’re blacked out in the screenshot below.
serverpilot

Additional Information

On GitHub

ServerPilot also has a GitHub account with two repositories currently. One is ServerPilot/Vagrantfile and the other is ServerPilot/API.

ServerPilot/Vagrantfile

This repository provides a sample Vagrant configuration for testing ServerPilot. Basically a server that you can use to test ServerPilot before using it on a new, paid VPS. The README is very detailed, definitely read it if you need help using Vagrant. There’s even an example on using composer to create a Laravel app.

ServerPilot/API

From the README, The ServerPilot API is RESTful and allows you to manage ServerPilot resources using HTTP requests. All responses return JSON objects, including errors. As seems typical from ServerPilot, the documentation in the README is excellent.

The API will let you do things like list servers, connect new servers, or list all system users, among many others. An example that would list all servers can be seen in the gist below.

That request would return JSON similar to this:

Do you use Vagrant?

View Results

Loading ... Loading ...

Paid Accounts

You get a pretty cool monitoring dashboard for $10/month. I found the screenshot below in a post from Jake Peterson, it appears to be the ServerPilot monitoring dashboard.
serverpilot-dashboard
There’s the free plan, obviously, and then two paid plans. One is $10/month and the other is $49/month. You can see what you get for your money on their pricing page.

End

If you’re a PHP developer and use a VPS provider like DigitalOcean or Linode, ServerPilot is probably worth checking out. Even if you don’t end up using, it’s pretty neat that something like this even exists.

I only have one feature I’d really like to see, the ability to select certain packages to be installed. If that were included in the $10/month plan, I’d definitely do it. As it stands currently, though, it’s definitely a time saver and very well executed.