How To Enable HTTP/2 in Apache on Ubuntu 16.04.

Here’s a simple guide showing how you can enable HTTP/2 in Apache on Ubuntu 16.04.

The internet is awesome. It can be used by governments to very efficiently spy on their citizens, it got Donald elected, and it’ll be mentioned in future history books as the main tool used in the second rise of fascism. There are also a few funny cat pictures.

Today’s internet connections are amazingly fast. You younglings might not believe this, but there was a time when we actually had to sit and wait for a website to appear. If you want to experience the internet speeds of the past, give 56k Emulator a try. It will give you the basic idea. And keep in mind that 56K modems were freakin’ fast when they became available.

But I digress. Sorta. Even though today’s internet connections are fast, the technology used to push propaganda around inside the tubes is old and slow. HTTP/1.1 was never intended to be used with the kind of content-heavy website we have today. Thankfully, there’s a new option available, the marvelous RFC-7540. Or HTTP/2, if you will.

HTTP/2 is a major revision of HTTP/1.1. Its main goal is to make web sites appear in your browser quicker, and with the need to send less data than with HTTP/1.1. The “number one HTTP server on the internet”, Apache 2 only has experimental support for HTTP/2. This means that it’s not available in the version Ubuntu 16.04 includes by default.

Once again, we have to turn to our PPA packaging hero Ondřej Surý for support. Not only does he maintain packages for the latest and greatest version of PHP (that we used here), he also makes sure Ubuntu users can be on the bleeding edge of Apache goodness.

Continue reading "How To Enable HTTP/2 in Apache on Ubuntu 16.04."

How to Secure SSH with 2FA on Ubuntu.

As you know, I love two factor authentication (2FA). Now the time has come to secure SSH with 2FA on all our Ubuntu servers.

I recently noticed that the bandwidth usage on VBOX4 had increased slightly. Apart from the spikes that come when the server is doing its nightly offsite backup, there was also an average increase in bandwidth usage. In an ideal world, that would be caused by the success of my Facebook antics, but I’ve got Piwik stats that says otherwise.

Now, that there is a slight bandwidth increase that last for a few days isn’t uncommon. Google sometimes finds it necessary to index the entire site. But I’m a curious little nerd, and with the help of netstat I checked incoming connections. It showed a Chinese IP address trying to connect to poor VBOX4 via SSH. That isn’t necessarily a reason to panic either. If you have a computer connected to the internet, there will be bots trying to connect to various services around the clock. For my own convenience, I’ve got SSH running on the standard port, 22, which makes it a prime target for that kind of shenanigans.

Moving it away from the standard port could be an option. But security by obscurity isn’t really security IMHO. Sure, it makes things a little bit harder. But there are only 65,535 ports to choose from, and if a bot wants to find your SSH port, it will find it eventually. Port knocking might be a better scheme if you want to hide your doors.

Or, you can hire a kick-ass doorman! That’s what we’re going to do with 2FA.

Continue reading "How to Secure SSH with 2FA on Ubuntu."

How To Install the Latest PHP Version on Ubuntu.

Here’s a simple guide showing how you can install the latest PHP version on Ubuntu.

Purchasing the Samsung Galaxy S7 had an unforeseen consequence: My A Picture A Day code stopped pulling GPS coordinates from the EXIF data embedded in the pictures I took with the phone. I knew the GPS data was there somewhere, because every EXIF reader I tried showed it – I just couldn’t get my PHP code to extract the data.

A bit of research on the interwebs revealed that the missing GPS data was caused by a bug in PHP, and the good news was that the bug was fixed in PHP 7.0.10. The bad news was that Ubuntu 16.04 is stuck on PHP 7.0.8.

This is the flip-side to using Ubuntu. APT and the Ubuntu packages make it very easy to install new software. Compiling, dependencies, and standard configuration are handled for you, but you’re also at the mercy of the package maintainers, and how quickly they compile new packages. In the case of PHP, this means Ubuntu 16.04 LTS users currently are locked to PHP 7.0.8, lagging four patch versions behind the official packages available from PHP.net.

Continue reading "How To Install the Latest PHP Version on Ubuntu."

How To Configure RAID and GRUB on Ubuntu 14.04 LTS.

You probably know the feeling: You’ve got a box of new hardware and you can’t wait to assemble everything to build the Greatest Server EverTM. But when you sit down, you run into this seemingly unsolvable problem you just can’t seem to wrap your head around, even though it should be easy as pie.

I had that box of new hardware. An ASUS J1900I-C motherboard, two Kingston SSD drives and gigabytes upon gigabytes of RAM. I was going to build the greatest server ever. It would run Ubuntu 14.04 LTS in a sweet RAID1 configuration. With a nerdy grin on my face, I started the Ubuntu installation process. But of course I ran into a problem I just wasn’t able to solve: GRUB refused to install on my RAID1 setup. It failed with a fatal error1. Hour after hour went by as I tried to figure out why. I was desperatly searching the internet for a solution, but to no avail. Nothing worked. I had almost given up2, when suddenly… great success!

To save you a lot of trouble, here’s what I had to do get GRUB to install correctly on Ubuntu 14.04 LTS running in a RAID1 configuration on a server with an ASUS J1900I-C motherboard. It’s all about configuring the motherboard in exactly the right way. My board has the 0611 x64 BIOS version. If you don’t have this version of the BIOS installed on your own motherboard, your results may vary. Look for similar menu elements and change those.

Continue reading "How To Configure RAID and GRUB on Ubuntu 14.04 LTS."

How To Install Firefox Sync Server 1.5 on Ubuntu.

With Firefox 29, Mozilla introduced a new version of their sync protocol. While new things are (usually) nice, Firefox 29 and later versions of the browser is not compatible with the old versions of the sync protocol. The renders the Sync Server you installed following the guide I wrote useless. It’s time to install the new version of the Firefox Sync Server on your Ubuntu box.

This guide is based on Mozilla’s own installation and configuration instructions, with a few tweaks. My version of the guide will focus on installing the Sync Server behind Apache 2.2, simply because that’s my setup. If you need to know how to use Apache 2.4 or Nginx, please refer to Mozilla’s instructions.

A major change from the old version of the sync protocol is that the new one requires that you use Firefox Accounts for user authentication. With last year’s NSA and PRISM scandal in mind, this is a bad thing, because the authentication for your sync server now goes through a third party. The good news is that you can also run your own installation of a Firefox Accounts server, but this is not covered by this guide. I might eventually get around to write a guide for that as well, but if you’re in a hurry to run your own Firefox Accounts server and can’t wait for that to happen, you can follow Mozilla’s own installation and configuration instructions for the Firefox Accounts Server.

With all that in mind, let’s get started.

Continue reading "How To Install Firefox Sync Server 1.5 on Ubuntu."