HackerNews Front Page: I Stayed Up

Load (cpu and memory) was significantly lower than I expected

Didn’t expect anything specific for load, but more load than what I did see, for sure.

A post I made hit the front page of HackerNews the other day. Here’s the discussion at HackerNews. Traffic was steady, For about five hours, there were between 50 and 250 users on the site at any given time.

I use two DigitalOcean droplets, one running Apache 2, the other for MySQL (mostly). The Apache 2 droplet is a 2GB droplet in the NYC2 datacenter and the MySQL droplet is a 1GB droplet in the same datacenter. They talk to each other over a private network.

I’ve really liked the setup so far, and without any tweaks to Apache or MySQL, both servers have performed quite well. I use a WordPress caching plugin and CloudFlare, but that’s all there is for caching.

CPU Usage

CPU usage remained quite low, you can clearly see the HackerNews traffic.

Eventually, one could expect thousands of users on a site at any given time. That greatly depends on the type of site, though.

At that point, you’d probably need the power of Nginx, using it as a front-end (reverse) proxy to Apache.

I’m going to setup a DigitalOcean droplet to serve as a reverse proxy in the event I need to serve massive amounts of traffic. It’s sole job will be to run Nginx.

I simply don’t need it right now, though. Unless this hits the front page of HackerNews and makes it further up the page. ;). Then I’ll be scrambling to get that Nginx box up. So, put me to work later.

Bandwidth Usage

Highest bandwidth usage was 2.33Mbps. DigitalOcean can do a LOT more than that.

I didn’t receive any alerts from New Relic, Mist.io, or Uptime Robot, so all was good. I am, however, still going to prep some kind of solution with Nginx sitting in front of Apache, to at least serve static files.

Nginx, Apache, or Nginx + Apache?

View Results

Loading ... Loading ...

Poor Man’s VPN With a Cheap VPS

VPN using a cheap VPS and sshuttle

It really is awesome, sshuttle basically allows you to browse the web via your VPS, in my case, a VPS from DigitalOcean (sponsored link, as are the others to DigtialOcean). It works on Linux and MacOS.

The GitHub repo explains it better than I can.

Transparent proxy server that works as a poor man’s VPN. Forwards over ssh. Doesn’t require admin. Works with Linux and MacOS. Supports DNS tunneling.

It hasn’t been updated in two years, but, no need to fix or change something that doesn’t need fixing or changing.

So, Why? What’s the point?

I run some Tor relays, one out of my house, thanks Mediacom! ;)

Because of this, many websites block me. Kohl’s, Best Buy, no posting on 4Chan (understandable), even healthcare.gov is blocked. I don’t want to pay for one of the many VPN services. Here’s the message I get at healthcare.gov without sshuttle.

Access Denied

You don’t have permission to access “http://www.healthcare.gov/” on this server.
Reference #18.22ea4d17.1397361569.6bb6afe

VPN’s even provide vital Internet access to those facing government censorship, and worse.

Options

Setting up a secure VPN server on a linux box can be a pain, and definitely takes longer than 5 minutes. sshuttle takes about that, maybe, if you type really slow.

So, for me, when I found sshuttle, my heart was set, the other options didn’t matter.

Setting Up sshuttle On Ubuntu Flavors

Doesn’t get any easier than this. Run the following in a terminal:

sudo apt-get install sshuttle

Now, we’re basically going to SSH to our VPS/server. Again, run this in the terminal:

sshuttle -r [email protected] 0/0 -vv

After running sshuttle -r [email protected] 0/0 -vv you’ll be asked for the root password. And sometimes, for whatever reason, it dies immediately after running the sshuttle command.

If sshuttle doesn’t work after running it the first time, run it again! It should work the second time. It could be something with the system I’m on, so hopefully this is isolated to me. :)

Setting Up sshuttle On MacOS

When someone donates me a new Macbook Pro 15″, I’ll start writing this stuff. :)
Update: April 21, 2014 Have a look at this post for using sshuttle with MacOS. Comes courtesy of Aaron Bull Schaefer in the comments.

And if I need a VPS?

You can find a cheap VPS easily with Google. DigitalOcean has them for $5/month, which will be plenty sufficient to use specifically for sshuttle.

ChunkHost is another good option for a cheap VPS.

Other Options

Lots of other options have been mentioned in the thread at Hacker News. Check em out. Some really good suggestions that are sometimes even cheaper!

Secure SSH By Disabling Password Logins

Make bruteforce attempts almost impossible

I always disable SSH password logins when setting up a new server, allowing authentication via private key only. It’s a good way to secure SSH all-around.

Disabling password logins in Ubuntu is extremely easy.

Open /etc/ssh/sshd_config with nano or vi. You’ll want to change options for 3 different directives, ChallengeResponseAuthentication, PasswordAuthentication, and UsePAM.

Find those directives in /etc/ssh/sshd_config and set them to the following:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Save sshd_config, and reload ssh:

sudo service ssh reload

That’s it, now you won’t be able to SSH to your server and login with a password, and neither will anyone else.

Of course, you’ll want to enable private key authentication, first. If you don’t, you’ll lock yourself out of your server.

DigitalOcean has a good article on how to do this.

Do you allow SSH password logins?

View Results

Loading ... Loading ...

Let’s go a bit farther and only allow specific users to login via SSH. We can do so with by adding a line like the one below to /etc/ssh/sshd_config:

AllowUsers firstuser seconduser thirduser

This will allow only three users to login: firstuser, seconduser, or thirduser. I usually add my AllowUsers directive towards the top of sshd_config.

After modifying /etc/ssh/sshd_config, reload ssh again like so:

sudo service ssh reload

Record Speedtest.net Results From the Command Line

For those who live in the command line as much as possible

Install speedtest-cli

speedtest-cli is a Python app that provides a command line interface for testing bandwidth using speedtest.net. Installation is simple. It should work on Linux and OS X.

The Bash Scripts

There’s two scripts, speedtest.sh and speedtest-simple.sh. Pretty self-explanatory. Results from speedtest.sh are stored in st_results in the current working directory. speedtest-simple.sh results are stored in st_results_simple, also in the current working directory.

speedtest.sh Results

Below are the results of two speedtests run with speedtest.sh, along with the sharing image URL.

Retrieving speedtest.net configuration…
Retrieving speedtest.net server list…
Testing from Mediacom Communications (173.22.40.33)…
Selecting best server based on ping…
Hosted by CHRJO (Council Bluffs, IA) [204.50 km]: 20.981 ms
Testing download speed………………………………….
Download: 32.44 Mbit/s
Testing upload speed…………………………………………..
Upload: 5.57 Mbit/s
Share results: http://www.speedtest.net/result/3335225265.png .
#############

Retrieving speedtest.net configuration…
Retrieving speedtest.net server list…
Testing from Mediacom Communications (173.22.40.33)…
Selecting best server based on ping…
Hosted by American Broadband (Blair, NE) [213.79 km]: 20.981 ms
Testing download speed………………………………….
Download: 33.03 Mbit/s
Testing upload speed…………………………………………..
Upload: 5.49 Mbit/s
Share results: http://www.speedtest.net/result/3335230578.png .
#############

You can get less verbose output by modifying the speedtest-cli flags. speedtest-cli --simple --share will produce very simple results that are a bit easier to read. Two tests with the speedtest-simple.sh script are below. Note the absolute crap speeds. Wonderful hotel wi-fi, hah!

speedtest-simple.sh Results

Ping: 13.351 ms
Download: 1.92 Mbit/s
Upload: 0.94 Mbit/s
Share results: http://www.speedtest.net/result/3342143070.png .
#############

Ping: 13.431 ms
Download: 1.80 Mbit/s
Upload: 0.93 Mbit/s
Share results: http://www.speedtest.net/result/3342149985.png .
#############

It’s a very, very simple way of logging the speedtest.net results, but it’ll do for most situations. When I get some free time this week, I’m going to combine speedtest.sh and speedtest-simple.sh and make it accept a --simple argument to generate the simple log.

After that’s done, I’ll be dropping the results into a SQLite database. I’ve gotten pretty familiar with SQLite lately, so it shouldn’t be too difficult.

Once this stuff is logging to a SQLite databse, I’ll put it up on GitHub, I can’t be the only one who would love to run SQL queries against this sort of personalized bandwidth data.

Update April 19, 2014: Updated the code in the GitHub Gist to include the date and time of the speedtest.

Mist.io for DigitalOcean, and Every Other Cloud Provider, Is Awesome

Control all the things!

I love mist.io. However, I’ll stick with DigitalOcean Swimmer (Android only) for now. There’s even a few good looking iOS apps, but I haven’t tested them, Droplets for DigitalOcean and DigitalOcean Manager. Hopefully, paying for monitoring as well is something I can justify in a few months, when I have a steady job or am getting along with freelancing, which is really what I’d like.

But anyway, mist.io is a really nice service, but the website could use an update. It almost has a standard jQuery mobile feel to it. However, I do know they’re working on some UI changes that should be a vast improvement. But aside from that, the functionality is itself great. You can do the usual, like create new droplets, edit droplets, and you can add multiple backends.

Backends in mist.io are just connections to hosts, like DigitalOcean or Linode. They support a lot of backends, like RackSpace, OpenStack, AWS, HP Cloud, NephoScale, and even bare metal.

The DigitalOcean Swimmer Android app has a great interface, too. It seems to mostly abide by the Android style guide, which is freaking awesome. There’s a little gallery at the end with some screenshots of it as well as the mist.io website.

I love all the apps that support DigitalOcean (referral link), it’s partly why it’s so appealing to me. I really like mist.io because it supports sooo many providers though. The mist.io site looks good on a mobile device, but could still use some updating, which I’d be surprised if they weren’t already working on.

When I do add another different hosting provider (probably Linode), I’ll happily pay for the mist.io service. A real, native Android and even iOS client would be killer, please mist.io? :)

Photos below are of the mist.io site and a couple screenshots from the DigitalOcean Swimmer Android app. For iOS screenshots, see here and here.

Have you used mist.io prior to reading this post?

View Results

Loading ... Loading ...

At the very least you should give mist.io a try. All of the management features are free, like SSH key management, spinning up machines, and image managemenet. Monitoring is the only thing that is paid. So, you can get some really good use out of mist.io totally free!