Have you already the new open-source social network Mastodon ? I have launched few days ago my own instance to contribute to this project.

If you want to launch your own instance, here a quick tutorial to install mastodon on a Ubuntu 16.04 LTS server with Nginx as a reverse-proxy and Cloudflare CDN/SSL.

To follow the steps of this tutorial, a user with sudo rights is enough, you don't need to login as root.

Install the dependencies

sudo apt-get update

curl -sL https://deb.nodesource.com/setup_6.x | sudo bash -
sudo apt-get install imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev nodejs
sudo npm install -g yarn

Install redis-server

sudo apt-get install redis-server redis-tools

Install Postgresql

sudo apt-get install postgresql postgresql-contrib

Login as postgre user to create mastodon

sudo su - postgres
psql
CREATE USER mastodon CREATEDB;
\q

You will also have to enable ident authentication so users can login without password

sudo sed -i '/^local.*postgres.*peer$/a host all     all     127.0.0.1/32    ident' \
/etc/postgresql/9.?/main/pg_hba.conf

And to install the ident daemon :

sudo apt-get install pidentd
sudo systemctl enable pidentd
sudo systemctl start pidentd
sudo systemctl restart postgresql

Install Ruby

sudo apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev

adduser --disabled-password --disabled-login mastodon

su - mastodon

git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
source ~/.bashrc

exit
su - mastodon
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build

rbenv install 2.4.1
rbenv global 2.4.1

ruby -v

Mastodon installation

cd ~
git clone https://github.com/tootsuite/mastodon.git live
cd live
git checkout $(git tag | tail -n 1)

echo "gem: --no-document" > ~/.gemrc
gem install bundler --no-ri

bundle install --deployment --without development test
yarn install

cp .env.production.sample .env.production
nano .env.production

# Service dependencies
REDIS_HOST=localhost
REDIS_PORT=6379
DB_HOST=/var/run/postgresql
DB_USER=mastodon
DB_NAME=mastodon_production
DB_PASS=
DB_PORT=5432
Federation
LOCAL_DOMAIN=yourdomain.com

LOCAL_HTTPS=true

# E-mail configuration
SMTP_SERVER=mail.yourdomain.com
SMTP_PORT=587
SMTP_LOGIN=noreply@yourdomain.com
SMTP_PASSWORD=YourPassword
SMTP_FROM_ADDRESS=noreply@yourdomain.com

For the application secret part, you can use the command bundle exec rake secret to generate the 3 secret keys, then you have just to copy them into the configuration file.

To setup the database and the assets :

RAILS_ENV=production bundle exec rails db:setup
RAILS_ENV=production bundle exec rails assets:precompile

Adding systemd services

nano /etc/systemd/system/mastodon-web.service

[Unit]
 Description=mastodon-web
 After=network.target
[Service]

Type=simple

User=mastodon

WorkingDirectory=/home/mastodon/live

Environment="RAILS_ENV=production"

Environment="PORT=3000"

ExecStart=/home/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb

TimeoutSec=15

Restart=always
[Install]

WantedBy=multi-user.target

nano /etc/systemd/system/mastodon-sidekiq.service

[Unit]
 Description=mastodon-sidekiq
 After=network.target

[Service]
 Type=simple
 User=mastodon
 WorkingDirectory=/home/mastodon/live
 Environment="RAILS_ENV=production"
 Environment="DB_POOL=5"
 ExecStart=/home/mastodon/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
 TimeoutSec=15
 Restart=always

[Install]
 WantedBy=multi-user.target

API service

nano /etc/systemd/system/mastodon-streaming.service

[Unit]
 Description=mastodon-streaming
 After=network.target

[Service]
 Type=simple
 User=mastodon
 WorkingDirectory=/home/mastodon/live
 Environment="NODE_ENV=production"
 Environment="PORT=4000"
 ExecStart=/usr/bin/npm run start
 TimeoutSec=15
 Restart=always

[Install]
 WantedBy=multi-user.target

Then we can enable our systemd services :

systemctl enable /etc/systemd/system/mastodon-*.service

And we can start our mastodon instance :

sudo systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service

Add the required crons for mastodon :

crontab -u mastodon -e

RAILS_ENV=production
@daily cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rails mastodon:media:remove_remote

Nginx reverse-proxy setup :

At first, install Nginx :

wget -O - https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
sudo echo "deb http://nginx.org/packages/ubuntu/ $(lsb_release -sc) nginx" > /etc/apt/sources.list.d/nginx.list
sudo apt update
sudo apt install nginx

We have now to create our nginx configuration file for ou domain, we will use the configuration based on the Angristan's model :

nano /etc/nginx/sites-enabled/yourdomain.com

map $http_upgrade $connection_upgrade {
 default upgrade;
 '' close;
}
server {
 listen 80;
 listen [::]:80;
 server_name www.yourdomain.com yourdomain.com;
 return 301 https://votredomaine.com$request_uri;

 access_log /dev/null;
 error_log /dev/null;
}

server {
 listen 443 ssl http2;
 listen [::]:443 ssl http2;
 server_name www.yourdomain.com yourdomain.com;

 access_log /var/log/nginx/yourdomain.com-access.log;
 error_log /var/log/nginx/yourdomain.com-error.log;

 ssl_certificate /etc/letsencrypt/live/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/privkey.pem;
 ssl_protocols TLSv1.2;
 ssl_ciphers EECDH+AESGCM:EECDH+AES;
 ssl_prefer_server_ciphers on;
 add_header Strict-Transport-Security "max-age=15552000; preload";

 keepalive_timeout 70;
 sendfile on;
 client_max_body_size 0;
 gzip off;

 root /home/mastodon/live/public;

 location / {
  try_files $uri @proxy;
 }

 location @proxy {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto https;
  proxy_pass_header Server;
  proxy_pass http://127.0.0.1:3000;
  proxy_buffering off;
  proxy_redirect off;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;
  tcp_nodelay on;
 }

 location /api/v1/streaming {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwarded-Proto https;
  proxy_pass http://127.0.0.1:4000;
  proxy_buffering off;
  proxy_redirect off;
  proxy_http_version 1.1;
  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection $connection_upgrade;
  tcp_nodelay on;
 }

 error_page 500 501 502 503 504 /500.html;
}

You can start nginx with the command :

service nginx start

Then we will use Let's Encrypt to generate a SSL certificate.

cd /opt
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
./letsencrypt-auto certonly --webroot -w /home/mastodon/live -d www.yourdomain.com -d yourdomain.com --email vous@yourdomain.com --text --rsa-key-size 4096

Updating Mastodon

su - mastodon
cd live
gem install bundler --no-ri
git fetch
git checkout v1.X.X
bundle install --deployment --without development test
NODE_ENV=production npm upgrade --global yarn
yarn install
RAILS_ENV=production bundle exec rails assets:clean
RAILS_ENV=production bundle exec rails assets:precompile
RAILS_ENV=production bundle exec rails db:migrate
exit

sudo systemctl restart mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service

rbenv install 2.4.1
gem install bundler --no-ri

Create your administrator account

RAILS_ENV=production bundle exec rails mastodon:make_admin USERNAME=votre-utilisateur

My instance mastodon.top

Don't hesitate to give your opinion on Mastodon, to tell me if there are errors in the tutorial or to ask for help if you want to deploy your own instance.

You can also follow me on Mastodon : thomas_virtubox@mastodon.top

If you are using a self-hosted Ghost, you may have sometimes to upgrade it to the new release.
To do that, you have at first to download the latest Ghost release.
For that create a new folder next your current Ghost folder and download Ghost :

mkdir newghostfolder && cd newghostfolder
wget https://ghost.org/zip/ghost-latest.zip
unzip ghost-latest.zip

You can make a copy of your current ghost folder and you will have to remove the index.js, all the .md and .json and the core folder. But do not delete the config.js file.
Then you will have to stop the current Ghost instance by using :

forever stop index.js

Copy the new files over your current folder, and install the new dependencies with :

npm install --production

After than you can restart your instance

NODE_ENV=production forever start index.js

Because there is nothing better than self-hosting, you are may looking for a way to manage your apps easily and to be able to host yourself all your web apps ?

I have tried several solutions in the past, but there was always something wrong and I was looking for something easy to deploy and stable.

Cloudron is a platform to run and manage your apps, and if it was only available on AWS EC2 servers, it can be now deployed on any platform, including Scaleway, OVH, DigitalOcean or Linode.

There are a large choice of apps available on the Cloudron App Store which can be deployed with a single click.

Cloudron also provide the ability to backup your server with AWS S3 storage, and keep your server and your apps always up-to-date.

So ton install Cloudron you only need :

• clean Ubuntu 16.04 LTS with 1GB+ RAM
• SSH keys connection
• domain with a wildcard record to your server ip

Because Cloudron will install each application on a new subdomain, so you have to purchase a domain and to use a wildcard if you don't want to add each record manually.

I recommand you to buy a .xyz domain at NameCheap and then to use Cloudflare DNS.

To install Cloudron, the first subdomain needed will be my.yourdomain.com, it will be your homepage.

Then you have to run the following command :

wget https://git.cloudron.io/cloudron/box/raw/master/scripts/cloudron-setup
chmod +x cloudron-setup
./cloudron-setup --domain <domain> --provider <digitalocean|ec2|generic|scaleway>

You will have to replace :

• <domain> with yourdomain.xyz
• <provider> with the provider name or generic

When the process will be done, you will have to go to my.yourdomain.xyz to finish the setup and create your admin account.
There is no maintenance needed with Cloudron but you can read the documentation .

If you have already setup redis-server for object-caching with WordPress, you are maybe looking for something more powerful to setup ?
Magento 2 will be the perfect benchmark for your server. It's an open source e-commerce software and content management system for e-commerce websites based on the PHP Zend Framework. Magento is compatible with the most advanced caching systems including Varnish, Memcached or Redis.

So in this tutorial, we will see how to setup Magento 2.1.7 with Nginx, php7, Mariadb and Redis-server using EasyEngine.

At first, you need a VPS with ubuntu/debian and at least 2GB RAM. In production, 4GB will be the minimum, when 8GB will be better.

Server setup & configuration

## install easyengine
wget -qO ee rt.cx/ee && bash ee

## install Nginx - php5.6 + php7 - Mariadb - phpmyadmin - redis - memcached
ee stack install --web --admin --php7 --redis

## create your domain vhost (--letsencrypt optional)
ee site create yourdomain.com --mysql --php7

## install php-intl for magento and unzip
apt-get update && apt-get install php7.0-intl unzip

Change the php configuration according to magento documentation :

## change php.ini settings for magento
nano /etc/php/7.0/fpm/php.ini

max_execution_time = 1800
max_input_time = 1800
memory_limit = 4096M
post_max_size = 512M

## add the following lines after the extension declaration : [opcache]
opcache.enable=1
opcache.enable_cli=0
opcache.memory_consumption=128
opcache.interned_strings_buffer=4
opcache.max_accelerated_files=20000
opcache.max_wasted_percentage=5
opcache.validate_timestamps=1
opcache.revalidate_freq=2
opcache.optimization_level=0xffffffff

## restart php7.0-fpm
service php7.0-fpm restart

Magento installation

We have already done almost all the server configuration. Now we have to download magento and to launch the installer.

Download it from the Magento website :
https://magento.com/tech-resources/download

To upload it via sftp, set a password for the user www-data with the command

passwd www-data

Then allow shell access for www-data with the command :

usermod -s /bin/bash www-data

After that you will be able to use the sftp client of your choice and to upload the magento archive in your website folder with the correct permissions.
If you are looking for a sftp client for Windows, I recommend you Cyberduck.

Then go into your website folder and unzip the magento archive.

cd /var/www/yourdomain.com/htdocs
unzip Magento-CE-2.1.6_sample_data-2017-03-29-04-34-51.zip

## set www-data as the owner of the directory and all magento files
cd .. 
chown -R www-data:www-data htdocs

But to be able to launch the installer with nginx, we have to edit the site configuration, for that we will use the nginx.conf.sample file included with magento.

I have edit this file with the correct settings for EasyEngine and you can download it here :
magento.conf

You have just to upload this file in /var/www/yourdomain.com/conf/nginx, because with easyengine, all configurations files in this folder are automatically include in your website configuration.

Then edit your website configuration in /etc/nginx/sites-available/yourdomain.com to look like :

server {

    server_name yourdomain.com www.yourdomain.com;
    set $MAGE_ROOT /var/www/yourdomain.com/htdocs;

    access_log /var/log/nginx/yourdomain.com.access.log rt_cache;
    error_log /var/log/nginx/yourdomain.com.error.log;

    include /var/www/yourdomain.com/conf/nginx/*.conf;
}

Check your nginx configuration with the command nginx -t and apply it with service nginx reload

We can now launch the installation by reaching the domain with our browser

Just follow the step, and use the databases user credentials available in the file /var/www/yourdomain.com/ee-config.php

To run properly, Magento require to add some cronjobs. If you are already logged as www-data, you have just to use the command : crontab -e and to add the following lines. Just replace yourdomain.com with your real domain.

* * * * * php /var/www/yourdomain.com/htdocs/bin/magento cron:run | grep -v "Ran jobs by schedule" >> /var/www/yourdomain.com/htdocs/var/log/magento.cron.log
* * * * * php /var/www/yourdomain.com/htdocs/update/cron.php >> /var/www/yourdomain.com/htdocs/var/log/update.cron.log
* * * * * php /var/www/yourdomain.com/htdocs/bin/magento setup:cron:run >> /var/www/yourdomain.com/htdocs/var/log/setup.cron.log

Some other useful command to get started with the magento cli

## deploy the magento sample data
php bin/magento sampledata:deploy

## upgrade your magento install
php bin/magento setup:upgrade

## Generates DI configuration after setup:upgrade
php bin/magento setup:di:compile

## clean magento cache
php bin/magento cache:clean

## backup magento
php bin/magento setup:backup

Your Magento instance is now running properly, but we want to make it faster. For that we will use redis for session storage and full-page caching.
I let you read the Magento DevDocs to understand why Redis is better.

Use redis for session and page cache

So, to use Redis-server, there are no plugins like for WordPress, but we have just to edit the file app/etc/env.php and to set the correct settings to use redis for the session storage and the full page caching instead of files. You can use the following example : env.php

There are two blocks to add to use redis-server, it require to use a database for each block :

1. session caching

'session' => 
   array (
   'save' => 'redis',
   'redis' => 
      array (
	'host' => '127.0.0.1',
	'port' => '6379',
	'password' => '',
	'timeout' => '2.5',
	'persistent_identifier' => 'magento2:',
	'database' => '1',
	'compression_threshold' => '2048',
	'compression_library' => 'gzip',
	'log_level' => '1',
	'max_concurrency' => '6',
	'break_after_frontend' => '5',
	'break_after_adminhtml' => '30',
	'first_lifetime' => '600',
	'bot_first_lifetime' => '60',
	'bot_lifetime' => '7200',
	'disable_locking' => '0',
	'min_lifetime' => '60',
	'max_lifetime' => '2592000',
    ),

2. Full-page caching

'cache' =>
array(
   'frontend' =>
   array(
      'default' =>
      array(
         'backend' => 'Cm_Cache_Backend_Redis',
         'backend_options' =>
         array(
            'server' => '127.0.0.1',
            'port' => '6379',
            ),
    ),
    'page_cache' =>
    array(
      'backend' => 'Cm_Cache_Backend_Redis',
      'backend_options' =>
       array(
         'server' => '127.0.0.1',
         'port' => '6379',
         'database' => '3',
         'compress_data' => '0',
       ),
    ),
  ),
),

You can now refresh the Magento cache to make sure you are using Redis. You can also use EasyEngine to install phpRedisAdmin to see the redis databases with ee stack install --phpredisadmin

Multiple stores configuration

That's one of the main feature of Magento, the ability to host several stores/websites on the same magento instance. At first you have to create a new website, store and store view in the Admin panel. For this part just follow the Magento Guide.
Then create your additional nginx vhost with :

ee site create your2domain.com

And edit it to look like :

server {

    server_name your2domain.com   www.your2domain.com;
    access_log /var/log/nginx/your2domain.com.access.log ;
    error_log /var/log/nginx/your2domain.com.error.log;

    set $MAGE_ROOT /var/www/yourdomain.com/htdocs;

    index  index.html index.htm;

    include /var/www/yourdomain.com/conf/nginx/*.conf;
}

You have to make sure you have included the same magento.conf file than for the main website. After that we have to use the Nginx map directive to pass the values of the Magento variables to nginx, so we will create a file map.conf in /etc/nginx/conf.d with the following content :

map $http_host $MAGE_RUN_CODE {
   yourdomain.com yourdomain-code;
   your2domain.com your2domain-code;
}

So if you want to add another store later, you will just have to create another vhost and to add a line in this file with the new domain and the associated website code.
Then edit the file /etc/nginx/fastcgi_params and add the following line at the end :

fastcgi_param MAGE_RUN_TYPE website;
fastcgi_param MAGE_RUN_CODE $MAGE_RUN_CODE;

Reload nginx with nginx -t && service nginx reload and you can now check if your two stores are working properly.

If you have any issue to setup Magento with EasyEngine, post a reply on the Magento thread already available. I will answer to your questions.

I'm using WordPress for few years now, but that's always the same problem, WordPress require plugins to have some functionalities and plugins make WordPress running slower.

Even with an advanced caching system like redis, that's always a lot of work to make wordpress running fast and safe.

So I have done some tests with Ghost using Docker, and it's really the perfect blog solution for me, because it already include all the features needed to write an article.
No need to look for a plugin to improve SEO or to install a caching system.
You can write you articles in markdown, work with slack and use it as a team, and the theme system is really clean and lightweight.

But I can't post this article without making a tutorial about Ghost.

1) Install NodeJs v4 LTS

wget https://deb.nodesource.com/setup_4.x
chmod +x setup_4.x
./setup_4.x
apt-get install nodejs -y

2) Install Ghost

mkdir /var/www/ghost
cd /var/www/ghost
curl -L https://ghost.org/zip/ghost-latest.zip -o ghost.zip
unzip ghost.zip
npm install --production

3) Starting Ghost

npm start --production

Then you can access to your blog using http://localhost:2368/ghost/signup
All the configuration can be found in the file config.js.

But as you can see, we have to use the port 2368 to access to Ghost. To fix that, the easiest is to use Nginx as reverse proxy. Let's use easyengine !

## install easyengine
wget -qO ee rt.cx/ee && bash ee

## create a proxy with your domain
ee site create anystack.xyz --proxy=127.0.0.1:2368

Then you will be able to use your domain to access to ghost. Don't forget to change your blog url in config.js. And if you want to run Ghost forever, so use forever ...

npm install forever -g
## start ghost
NODE_ENV=production forever start index.js

## stop ghost
forever stop index.js

Last tips ? How to use Ghost with Nginx as reverse proxy with Cloudflare SSL.
Go into you Cloudflare account and in the Crypto tabs, create your origin certificate.

Then create a first file yourdomain-pvkey.pem with the private key generated by Cloudflare. And another file yourdomain-crt.pem with the origin certificate from cloudflare but also the Cloudflare root certificate you can find here

Then your nginx conf for you domain should look like

server {

    server_name anystack.xyz;
    listen 443 ssl http2;
    ssl on;
    ssl_certificate     /etc/nginx/ssl/anystack-crt.pem;
    ssl_certificate_key     /etc/nginx/ssl/anystack-key.pem;
    access_log /var/log/nginx/dev.anystack.xyz.access.log rt_cache;
    error_log /var/log/nginx/dev.anystack.xyz.error.log;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:2368/;
        }

}

And if you want to add a redirect from http to a https, create a file yourdomain.com-ssl.conf in /etc/nginx/conf.d with

	server {
	listen 80;
	server_name anystack.xyz;
	return 301 https://anystack.xyz$request_uri;
}

You want to improve your pagespeed score by optimizing your images in WordPress ? But you don't want to pay a subscription for a plugin ? If you are using a VPS or a dedicated server, you don't need any plugin to optimize all your images easily.

For that you can use this script :

# For debian/Ubuntu
wget -qO optimize.sh https://git.virtubox.net/virtubox/wp-optimize/raw/master/deb-wp-optimize.sh && bash optimize.sh

#For Centos/RedHat
cd /var/www
wget -qO optimize.sh https://git.virtubox.net/virtubox/wp-optimize/raw/master/centos-wp-optimize.sh && bash optimize.sh

If you want to do the process manually

# Debian/Ubuntu
apt-get update && apt-get install optipng jpegoptim -y

# Centos
yum update && yum install optipng jpegoptim -y

Then you just have to go in your web directory and to run the following commands :

cd /var/www
find . -name *.jp* | xargs jpegoptim --strip-all -m76
find . -iname '*.png' -print0 | xargs -0 optipng -o7 -preserve

WordPress use wp-cron to check updates for themes, plugins and some other process but it could have an impact on your website speed because WordPress execute it on every page-loading. So if you have a lot of traffic, it will (no benchmark proof at the moment) delay page loading for users.

So if you are using a linux server (VPS or dedicated), you can easily create a cron job to run it each 5 minutes or each 10 minutes. But remember WordPress need wp-cron to work properly, so don't disable it  totally !

To disable wp-cron, just add the following line in wp-config.php :

define('DISABLE_WP_CRON', true); 

Then to add a cronjob you have to a :

## Run the crontab with your server or vhost user 
crontab -u yourserveruser -e

## method 1 : using curl to run the script
*/10 * * * * curl http://example.com/wp-cron.php > /dev/null 2>&1

## method 2 : using php to run it
*/10 * * * * cd /var/www/example.com/htdocs; php /var/www/example.com/htdocs/wp-cron.php > /dev/null 2>&1

The first method use PHP-CGI when the second use PHP-CLI, the only difference is CLI does not have time limit to run a script.
Because this way, the wp-cron will not impact page loading speed, it's highly recommended to use linux cron instead of default WordPress cron.

You can change */10 with */5 to run the cron each 5 minutes instead of each 10 minutes.

I have already write some articles about EasyEngine, and I'm really in love with this command line tool, because it make Nginx easier to use than Apache. But I haven't talk about all functionality of EE yet. If it provide you the ability to setup a WordPress website easily, you can also use EasyEngine to create a vhost for a static html website ... Or use Nginx as a reverse proxy !

And that make of EE the most complete tool available to use Nginx without having to read thousands of documentation pages to understand how to create a vhost. But don't worry, this article will not only talk about this awesome tool which is EasyEngine.

I have used docker several times in the past, because it's the fastest way to test an application without having to setup a VPS especially for that. But to run several Docker containers in a single VPS, it could quickly be a problem because some container provide you the ability to use a domain like WordPress for example. And some other will use directly your VPS IP and the port of your choice, which is not very friendly when your app is running on http://192.168.0.1:3000 ...

That's why we will use Nginx to act as a reverse proxy for our Docker containers, and we will be able to run several containers on the same server and to access them with the domain of our choice. So the first step is to install Docker. Don't worry you should not need to read the documentation if you are using a VPS with a recent linux distribution and a kernel 3.13+

### install Docker with a single command on debian/ubuntu/centos
wget -qO- https://get.docker.com/ | sh

Docker is now running on your server ! So let's install EasyEngine :

## Install EasyEngine Debian7/8 or Ubuntu 14.04/16.04 LTS
wget -qO ee rt.cx/ee && bash ee

So we have now Docker and EasyEngine installed and we can launch our first Docker App before routing it with Nginx.
We will start with Rocket.Chat, a complete live chat solution to build a community or to provide live support.

## Launch MongoDB container 
docker run --name db -d mongo:3.0 --smallfiles

## Run Rocket.Chat linked to the db and expose port 3000
docker run --name rocketchat -p 3000:3000 --env ROOT_URL=http://localhost --link db -d rocket.chat

So you should be able to access to Rocket.Chat using http://YOUR-VPS-IP:3000.
And to use Nginx as reverse proxy with your domain :

ee site create yourdomain.com --proxy=127.0.0.1:3000

That's it ! You can now use http://yourdomain.com to access to Rocket.Chat

Some other apps to run with Nginx as reverse proxy :

## Hastebin
docker run --name redis -d redis
docker run --name hastebin -d -p 7777:7777 --link redis:redis -e STORAGE_HOST=redis rlister/hastebin

## Pasteboard
docker run --name pasteboard -e ORIGIN=mydomain.tld -e MAX=7 -v /srv/pasteboard/images:/pasteboard/public/storage -p 4000:4000 anthodingo/docker-pasteboard

Today a very small post to talk about NIXStats, a new server and domains monitoring service currently in beta and totally free. You can monitor your server using a bash script or a python script and you domain to receive an alert in case of downtime. You can also have some stats about your server speed so I recommend you to test it during the beta.

Few years ago, the HTTPs protocol was slower than the http, due the the initial handshake of any SSL transaction. But with the HTTP2, there are several improvements available and some rules have change when we talk about web optimization. Most of the PageSpeed tools will recommend you to use domain sharding or to combine your assets to have a website faster. But is it still true ?

The most important feature of the HTTP2 is the multiplexing, it allow to download multiple files with an unique TCP connection when we have to open a new one for each file in HTTP1.1

1) No more assets concatenation

We used to combine as much as possible our assets with HTTP1.1, that's not true with HTTP2 anymore. Because if it reduce the size of the requests done, it also make the rules for caching harder to define and could have  bad results if you don't need a part of the assets on each page of your website

2) No more domain sharding

It was already a "trick" but the domain sharding is not a part of the past. It was used to open more TCP connection than a browser was supposed to. But you will have a negative result by using it with HTTP2 because it will only require unnecessary DNS request and more if the connection is established under TLS.

But there are also rules which are still Best Pratices to have a fast website

• Reduce DNS lookup -> store all assets on the same domain or with a CDN
• Browser Caching
• Minimize HTTP Requests -> cookies and query strings
• Minimize HTTP Response -> Minify your assets

Cloudflare SSL : 3 security levels

You are maybe aware than https will become a standard for all websites in the next few years, because it's encrypt the connection between your visitors and your website, making it safer for them.

With Cloudflare you have 3 level of SSL security. The first one name "Flexible" will not require you to install SSL on your server, acting as a proxy Cloudflare will only use SSL between your visitors and their servers. If your visitors will be able to navigate on your website with an encrypted connexion, this configuration is not really secured as anyone can intercept data between cloudflare and your server. This kind of attack are named "man-in-the-middle".

The second level of SSL with cloudflare will require for you to setup a valid SSL certificate. That doesn't mean you will have top pay for that. You can use letsencrypt to secure your server, and then use cloudflare in "Full SSL" to have this time a totally secured connection between your server and your visitor.

For me, if you want to use SSL, the Full SSL is the minimum to setup. The flexible mode is really useless as it doesn't protect properly your visitors. And the next level the Full "Strict" will require a valid certificate, signed by a trusted authority. This also require to use the HSTS, which is a mechanism to force a browser to use ssl on a website for a fixed period. That mean, if your website don't use SSL all the time, any modern browser will block the connection to protect the user. So when you are using HSTS, you have to be sure than the SSL certificate will always be valid. This is the most secure level to setup with Cloudflare, but it should not be required if you don't need a very high-level of security to process credit card or other transaction.

How to use https instead of http ?

At first you have to be sure than all the content available on your website can be delivered to your visitors using https. That mean you will have to check your if there are not some external css or javascript which is process using http. The easiest way  to have files compatible under https is to link all your assets like that :

<link rel="stylesheet" href="//thedomain.com/css/yourtheme.css" type="text/css" />

But even with this method, if a file could not be processed under https, it will be blocked by the visitor's browser and it will not see the green padlock in his browser. So check properly the sources of your assets, there are a lot of wordpress themes which still request google fonts using http.

So now, we will use letsencrypt to get a free SSL certificate. But before, if you are already using Cloudflare, you will have to disable the proxy mode, because to validate your domain ownership, letsencrypt create a small file named ".well-known" on your webspace and try to access it by resolving your IP. That mean if you are using Cloudflare, it will try to validate the proxy and it will fail.

For Apache on Ubuntu/Debian :

apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt

## you can use it also for a subdomain like -d subdomain.example.com
./letsencrypt-auto --apache -d example.com -d www.example.com

Let's do the same with Nginx

apt-get install git
git clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
cd /opt/letsencrypt
./letsencrypt-auto certonly --webroot -w /var/www/example.com/htdocs/ -d  example.com -d www.example.com --email contact@example.com --text --agree-tos

## then to activate it with Nginx, add this on your server { } config
    listen 443 ssl http2;
    ssl on;
    ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key     /etc/letsencrypt/live/example.com/privkey.pem;

## and reload nginx
nginx -t && service nginx reload

## And if you want to force http to https 
nano /etc/nginx/conf.d/force-ssl.conf
## then add
    server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}

And if you want to renew automatically your certificate, it's not very hard

## to renew automatically your certificate
sudo crontab -e
## then enter
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log

## to update letsencrypt
cd /opt/letsencrypt
sudo git pull

So, you have now a valid SSL certificate, and you should see the small green padlock in your browser. And you can now use Cloudflare in "Full SSL" and that mean your website should be safer for your visitors.

And the last level of security with Cloudflare is now really easier, because it was required to buy an SSL certificate in the past, it's now over because Cloudflare will issue it for you, and it's totally free. So you will have to go to your Cloudflare account in the crypto tabs of your domain. And in the section Origin certificates, you will be able to create a certificate, and then to install it on your server by following the tutorials available for each web server.

But if you are using a control panel like Plesk, it doesn't work the same than with a classic web server. It will require to create a CSR (Certificate Signing request) like if you are planning to buy a certificate. But you will just have to enter your personal details, and then to click on request to have the CSR and you private key. Then you just have to download the .pem file and to open it will a text editor to copy the details at Cloudflare.
And it will give you the certificate to add in your control panel. BUT you will also have to enter the Cloudflare root certificate which is the authority to validate it. It take me few hours to find the post about it on the Cloudflare knowledge base : Root Certificate Cloudflare

So you should have your CSR on your control panel, and you private key, your certificate and the root authority, and you will just have to copy them in the text area available to have a real certificate, validated by an authority. It will allow you to use the Cloudflare "Full SSL (Strict)" mode which is the last security level with Cloudflare.
So all the data between your visitors and your website will be fully encrypted, and you should have the best result at SSLabs when you will test the security level of your SSL server.

And when the https was slower than http few years ago, because it require an initial handshake during the first connection, it include now several features and the biggest one is the HTTP2.

But I will write another post about that later, because it will require a complete article.

I was using a VPS with Plesk Onyx to host the Blog, but even with Redis in a Docker container to make it faster, it wasn't enough ...

So I have setup a small VPS on my dedicated server with Ubuntu 16.04 LTS using VMware vSphere 6. I will make another post about virtualization but in this post, we will talk only about the VPS setup with easyengine, which is really my favorite tool for WordPress setup. You can also read my first post about easyengine : Here

First step, easyengine install :

 wget -qO ee rt.cx/ee && bash ee 

Then WordPress setup :

 ee site create anystack.xyz --wpredis --php7 --letsencrypt 

And it's already good for the server setup with nginx, php7, mariadb, redis-cache and let's encrypt for the SSL. Check your DNS are pointing to your server before launching let's encrypt or it will fail to setup the SSL certificate.

But the work is not finished yet, because I have to upload my database and my files to get my content back. For that i will need to have access to the database, so let's do that with phpmyadmin :

 ee stack install --phpmyadmin 

phpmyadmin is now available at http://my-server-ip:22222

Butt protected by an ACL, and to change the user and the password, you just have to use :

 ee secure --auth 

And to have your login details for phpmyadmin :

 ee site info anystack.xyz 

So I have now uploaded my database, and I need my files. But it's not needed to install ftp. The easiest way to do, is to add a password to www-data and to allow sftp access :

 passwd www-data 

And you will just have to replace /usr/sbin/nologin by /bin/bash in the file /etc/passwd. As FTP/SFTP client, I use Cyberduck which is the fastest client I have found, and you can use it for almost all protocol, including S3 storage at AWS or Google Drive.

After uploading my files, just have to purge the redis cache, and that's already over.

Because I have started using it only few days ago, I have to make a small article about it. If you are using TinyMCE on WordPress, you should already have more functionality for the code rendering in an article. But if you want to have beautiful colors and perfectly readable code there is a small jquery plugin for that.

/////////////////////////////////////////////////////////////////

                          highlightjs

/////////////////////////////////////////////////////////////////

This small jquery code will automatically color 162 languages with 74 styles available.
So let's see how to use it !
You just have to add this code in your theme header:

<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.5.0/styles/railscasts.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/highlight.js/9.5.0/highlight.min.js"></script>
<script>hljs.initHighlightingOnLoad();</script>

And you can replace railscasts.min.css with another style available on the highlightjs website. Currently I'm using gist-github style.

To use highlightjs in your article, just add :

<pre><code> 
Your code
</code></pre>

So let's add some code to our articles !

You don't know what is Cloudflare ? So let's see how cloudflare make your website loading faster, and why you should already use it for all your websites.

1. ) Cloudflare DNS - Free & Fast

Cloudflare provide at first one of the best DNS hosting service available. And to make a website faster you can already start with using a fast DNS hosting.

DNS Provider Speed Comparison by solvedns.com

It's only few Milliseconds but as you can see, Cloudflare is faster than many other providers and most of them offer paid services only. So before paying few dollars for a Premium DNS package, you should try cloudflare. Another feature you will love, is a propagation time around 5 minutes when you edit a record on your DNS. So if you need to migrate your website soon, this is really a good reason to register now.

2. ) Cloudflare - Reverse Proxy with caching 

But cloudflare does not provide only DNS Hosting. It's also a complete solution to speed up and secure your website. For that when Cloudflare manage your DNS if you activate the optimization and security (orange cloud), instead of sending your server IP when a visitor make a DNS request, it will act as a proxy and all your visitors will view only the Cloudflare servers IP when they do a request.

And Cloudflare will not only act as a simple proxy, it will also cache all the static files and deliver them all around the World to your visitors from the nearest Cloudflare datacenter.

The result is awesome because it will make your website faster as it will handle less requests, and it will also save a lot of bandwidth by limiting the number of file requests.

As you can see, with 80 000 visitors per month, it's more than 20GB of bandwidth saved and also more than 20GB of static assets which have been delivered faster.

3) Cloudflare - Website Protection

By acting as a proxy Cloudflare also provide a complete security solution which include :

• Browser integrity check : Each visitor request is checked using the HTTP header and if a thread is found it can be challenged using a captcha or blocked.
• Visitor reputation : Cloudflare analyze daily thousands of IP, and if a visitor try several times to perform any form of hack, it will be marked as a potential thread for Cloudflare
• Page rules : You can use the page rules to allow or disallow access to a part of your website. For example with wordpress your can use a high level of secuirty onthe page  http://yourdomain.com/wp-login.php to protect your website.
• DDoS protection : As  your visitors have to use cloudflare servers to get access to your website,  they will never have access to your server IP and any attack attempt will simply be blocked by the Cloudflare servers. 

  

  But to protect totally your server, you have to be sure there is not any records which point directly to your server. The most common error will be to have a email server with a MX record pointing  on your server IP.  In this case, Cloudflare will not be able to protect your website because the attacker will send the traffic directly on your server IP, and will not have to use the Cloudflare proxy.

  4) Cloudflare - Website Optimization

  And if it wasn't enough, Cloudflare is also able to optimize your website. It can minify all your assets, including the html, reduce the number of connections, and with rocket loader it will make deliver your assets asynchronously. That mean instead of waiting for each file to be downloaded, with cloudflare your browser will download all the assets in the same time when you visit your website, and it will be up to 3x times faster.

  

  The last optimization tool available for free is Rocket Loader, currently in beta, it's a script used by cloudflare to deliver your assets, without blocking the page display. It use the asynchronous loading to load your javascript at the end of the page display and this way it will really improve your pagespeed score. But like any beta, it could create error with some javascript or break your website design by loading too late some assets.

  For this reason you have 2 mode to use Rocket loader :

  • Automatic : Rocket loader will optimize any javascript available on your website but you have the ability to forbid the optimization manually by adding  data-cfasync="false" before the script source.

  
  <script type="text/javascript" data-cfasync="false" src="/js/tether.min.js"></script>
  

  Manual : This time you will have to add data-cfasync="true" for each script you want to optimize with Rocket Loader

  I will complete this article with the HTTP2 and Cloudflare in the next few days.

A small post today to share with you a small tips to remove all the queries strings from WordPress static assets, and also to add featured images of your posts in the WordPress feeds.

1. Go into your WordPress dashboard > Appearance > Editor
2. Then find the file functions.php of your theme
3. Add this code at the end of  functions.php

//remove queries from static assets
function _remove_script_version( $src ){
$parts = explode( '?ver', $src );
return $parts[0];
}
add_filter( 'script_loader_src', '_remove_script_version', 15, 1 );
add_filter( 'style_loader_src', '_remove_script_version', 15, 1 );

// Include thumbnails is the RSS feed
function rss_post_thumbnail($content) {
global $post;
if(has_post_thumbnail($post->ID)) {
$content = '<p>' . get_the_post_thumbnail($post->ID) .
'</p>' . get_the_content();
}
return $content;
}
add_filter('the_excerpt_rss', 'rss_post_thumbnail');
add_filter('the_content_feed', 'rss_post_thumbnail');

You can now try with GTMetrix.com if you have succefully remove the query strings. For the feed, you can test it with any RSS feed reader. Your WordPress feed are normally available at http://yourdomain.com/feed/.