Language Selection

English French German Italian Portuguese Spanish

New Content/Layout OK?

Varnish Proxy

Silly me, a poll would not work on the new server. I forgot that with the Varnish cache proxy at the front almost all visitors arrive from the same IP address (the proxy), which means that Drupal would allocate just one vote to all (except registered and presently logged in users). With Drupal upgrade we can perhaps find polling software that overcomes this.

rpaf

You must use mod_rpaf to fix this problem that Varnish introduces.
See eg https://www.varnish-cache.org/lists/pipermail/varnish-misc/2008-September/016470.html
mod_rpaf for EL6 64bit here: http://centos.alt.ru/repository/centos/6/x86_64/mod_rpaf-0.6-2.el6.x86_64.rpm

Proxy

Thank, we will look into it. Currently, a lot of stuff other than the poll (e.g. views being counted) are not compatible with Varnish and it makes it look as though not many people visit and can participate in the site.

For sheer stats you could use

For sheer stats you could use an external (i.e. not cached by varnish) service, such as Google Analytics or run your own Piwik.

Piwik

Google Analytics is spyware, but Piwik would be a possibility (Stallman recently told me that it's good). Can it be installed on a cache proxy? I'd have to gain access to it first. Either way, this would not facilitate per-post page request count. Susan had it set up with a module, but it's no longer working correctly. In turn, rating/sorting posts by popularity is no longer possible, and that's the real downside (the front page can no longer list popular items for today).

The problem is not just that IP addresses are not unique. Some requests are never seen by the CMS and Apache.

For the non-unique addresses

For the non-unique addresses look at mod_rpaf, it was made for this situations.
Is this drupal6 or 7? With 6 varnish integration sucks from what I've seen.

See also
https://drupal.org/project/varnish
https://fourkitchens.atlassian.net/wiki/display/TECH/Configure+Varnish+3+for+Drupal+7

Agreed on Google Analytics. You can just install Piwik on the same host and tell Varnish either not to cache it or you can just set its virtualhost on a port other than 80 so it bypasses Varnish completely.

Varnish

Thanks for the pointers.

Yes, it's Drupal 6 and there are other issues that I am beginning to see, such as lack of updates from the RSS feeds around the page (I am currently investigating this, maybe it's related to a cron job or module config although I very much doubt the latter as I haven't changed configs).

Non-unique addresses could be bypassed as an issue even by writing random IP addresses, but that would enable easy poll rigging. I guess it's not essential for operation of the site, but it's a nice-to-have...

From Drupal.org: "This module provides integration between your Drupal site and the Varnish HTTP Accelerator, an advanced and very fast reverse-proxy system. Basically, Varnish handles serving static files and anonymous page-views for your site much faster and at higher volumes than Apache, in the neighborhood of 3000 requests per second."

I have had such issues with Varnish on top of WordPress and MediaWiki (pages served improperly from cache) and it all makes me wonder if removing Varnish altogether is the best way to proceed.

As for Piwik, I have never tried it before, so I will look into it.

I would keep Varnish on for

I would keep Varnish on for static files (css, js, jpeg etc) and to clean up HTTP traffic (Varnish will not forward incomplete or malformed HTTP requests to the backend, it should also be the front line against synfloods etc).

Here's a sample of what I use (test it first, I'm just beginning with Varnish myself)

director default dns {
.list = {
.port = "8080";
.connect_timeout = 5s;
.first_byte_timeout = 600s;
.between_bytes_timeout = 600s;
.max_connections = 10000;
"172.16.1.53"/32;
}
}
sub vcl_recv {
if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
return(lookup);
}
}
sub vcl_fetch {
if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
unset beresp.http.set-cookie;
}
if (req.restarts == 0) {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For =
req.http.X-Forwarded-For + ", " + client.ip;
} else {
set req.http.X-Forwarded-For = client.ip;
}
}
}

Then install mod_rpaf and make sure your Apache is listening on port 8080 and add this to /etc/httpd/conf.d/rpaf.conf:
LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
RPAFproxy_ips 127.0.0.1 IPs_OF_THE_SERVER
RPAFsethostname On
RPAFheader X-Forwarded-For

PS: looks like drupal is messing with my comments, here's a text version http://fpaste.org/74672/raw/

Thanks

Thanks, I will look at it and into it in the weekend.

RSS feeds

The Piwik demo looks impressive, I have just given them a word of endorsement.

I am still trying to resolve some other issues we've identified.

I think I found the source of the issue above (RSS feeds). It seems like any external site access is denied by default, which helps explain why RSS feeds cannot be retrieved by the Drupal part of the site:


[root@tuxmachines ~]# wget lxer.com
--2014-02-05 04:34:37--  http://lxer.com/
Resolving lxer.com... 108.166.170.174
Connecting to lxer.com|108.166.170.174|:80... failed: Connection refused.
[root@tuxmachines ~]# wget linuxtoday.com
--2014-02-05 04:34:54--  http://linuxtoday.com/
Resolving linuxtoday.com... 70.42.23.121
Connecting to linuxtoday.com|70.42.23.121|:80... failed: Connection refused.

Looks like a firewall issue

Looks like a firewall issue at the first glance.

Firewall

Nux wrote:

Looks like a firewall issue at the first glance.

Yes, it was a simply issue to tackle. It works now.

Pageview count and polls

I'll have a look and see if configuration can solve not just the polling issue but also pageview count. The site of this module is down and it seems like it may require configuration on the cache server too.

More in Tux Machines

Who cares about Emacs?

GNU Emacs isn't the oldest interactive text editor for Unix—it's predated (at least) by the Vi editor—nor is it the only Emacs in existence. However, it's surely the most popular Emacs and one of the best editors available on POSIX. Or it was until fresh new editors, like Atom, VSCode, and Brackets, came to the fresh new open source landscape of today. There are so many options for robust text editors now, many of which have iterated upon Emacs' ideas and traditions, that you may well wonder whether GNU Emacs is still relevant. Read more

Devices: PicoCore, u‑blox and ESP32

  • PicoCore MX8MN is a Tiny NXP i.MX 8M Nano Computer-on-Module

    The PicoCore MX8MN Nano carries the NXP i.MX 8M Nano F&S Elektronik Systeme has announced the development of the smallest i.MX 8M based CoM yet: the PicoCore MX8MN Nano.

  • u-Blox Launches JODY-W3 WiFi 6 & Bluetooth 5.1 Module for Automotive Applications

    u‑blox has just launched JODY-W3 wireless module which the company claims to be the first automotive-grade WiFi 6 module. Apart from supporting 802.11ax WiFi with 2×2 MIMO, the module also comes with dual-mode Bluetooth 5.1 connectivity. WiFi 6 will be used for applications demanding higher bitrates such as ultra‑HD video infotainment streaming and screen mirroring, wireless back‑up cameras and cloud connectivity as well as vehicle systems maintenance and diagnostics. Bluetooth 5.1 will be used for keyless entry systems and other applications leveraging direction-finding and the longer range offered by the latest version of Bluetooth.

  • Barracuda App Server for ESP32 Let You Easily Develop Lua Apps via Your Web Browser

    We covered Real Time Logic’s open-source lightweight Minnow Server for microcontrollers last year, and now the company has released another project: Barracuda App Server for ESP32. This project is more complex and requires an ESP32 board with PSRAM to run such as boards based on ESP32-WROVER module with 4 to 8MB PSRAM. The Barracuda App server (BAS) comes with a Lua VM, and in complement with the LSP App Manager that facilitates active development on the ESP32 by providing a web interface. The Barracuda App Server runs on top of FreeRTOS real-time operating system part of Espressif free ESP-IDF development environment.

3-D Printing and Open Hardware: MakerBot, AAScan and RISC-V

  • MakerBot Targets Schools With Rebranded Printers

    MakerBot was poised to be one of the greatest success stories of the open source hardware movement. Founded on the shared knowledge of the RepRap community, they created the first practical desktop 3D printer aimed at consumers over a decade ago. But today, after being bought out by Stratasys and abandoning their open source roots, the company is all but completely absent in the market they helped to create. Cheaper and better printers, some of which built on that same RepRap lineage, have completely taken over in the consumer space; forcing MakerBot to refocus their efforts on professional and educational customers.

  • 3D-Printed 3D Scanner made to work with your phone

    An Arduino-based 3D scanner was created by an industrious 3D printing enthusiast and released open source this week for all to enjoy. This open source project was made to take out the most time-consuming component of the 3D scan process, giving said process instead to an Android phone combined with 3D-printed parts, a cheap motor, and an Arduino. This is not the first time such a system has been attempted, but it does appear to be the most complete and ready-to-roll system to date.

  • AAScan open source Arduino 3D scanner utilizes the power of your smartphone

    Using the power of Arduino and utilising the camera and powerful performance of a smartphone QLRO has created a fantastic 3D scanner aptly named the AAScan. Check out the video below to learn more about the Android 3D scanner which is open source and fully automated.

  • Video: RISC-V momentum around the world, from edge to HPC

    In this keynote talk from the 2020 HiPEAC conference, RISC-V Foundation Chief Executive Calista Redmond explains how the RISC-V open-source instruction set architecture is gathering momentum around the world, finding applications across the compute continuum from edge to high-performance computing.

  • Weekend Discussion: How Concerned Are You If Your CPU Is Completely Open?

    For some interesting Sunday debates in the forums, how important to you is having a completely open CPU design? Additionally, is POWER dead? This comes following interesting remarks by an industry leader this weekend. Stemming from discussions on Twitter about Raptor's new OpenBMC firmware with a web GUI in tow, one of the discussions ended up shifting to that of open CPU designs and the belief that secretive CPU startup NUVIA could be having an open-source firmware stack.

Security and FUD: SpaceX, NMap, Polyverse, MongoDB, NGINX and Kubernetes

  • All Those Low-Cost Satellites in Orbit Could Be Weaponized by Hackers, Warns Expert

    Last month, SpaceX became the operator of the world's largest active satellite constellation. As of the end of January, the company had 242 satellites orbiting the planet with plans to launch 42,000 over the next decade. This is part of its ambitious project to provide internet access across the globe. The race to put satellites in space is on, with Amazon, UK-based OneWeb and other companies chomping at the bit to place thousands of satellites in orbit in the coming months.

  • NMap - A Basic Security Audit of Exposed Ports and Services

    For a plethora of reasons, auditing the security of our servers and networks is of paramount importance. Whether we are talking about a development server, a workstation, or a major enterprise application, security should be baked into every step of the deployment. While we can easily check our firewall settings from “the inside” of our systems. It is also a good idea to run a security audit from "the outside”. Using a network enumeration tool such as the famous and highly vetted Network Mapper (NMap).

  • Cybersecurity startup Polyverse raises $8M to protect Linux open-source code from hackers [Ed: Right around the corner from Bill Gates, another company like Black Duck and it'll "protect" Linux... just buy its proprietary software]

    Polyverse has been validated by the U.S. Department of Defense for mitigating zero-day attacks, intrusions that occur just as a vulnerability becomes public, such as the infamous WannaCry ransomware and hacks of companies like Equifax. The company says its technology is “running on millions of servers.”

  • MongoDB: developer distraction dents DevSecOps dreams

    MongoDB’s director of developer relations has just opened a piece of internal research that suggests as few as 29% of Europe’s developers take full responsibility for security. Now, 29% is a somewhat arbitrary figure, cleary i.e. it could be 22.45% or it could be 39.93%… the fact that the firm has pointed to an exact sum in this way is merely intended to show that it has undertaken a degree of calculation and statistical analysis

  • NGINX Unit Adds Support for Reverse Proxying and Address-Based Routing

    NGINX announced the release of versions 1.13 and 1.14 of NGINX Unit, its open-source web and application server. These releases include support for reverse proxying and address-based routing based on the connected client's IP address and the target address of the request. NGINX Unit is able to run web applications in multiple language versions simultaneously. Languages supported include Go, Perl, PHP, Python, Node.JS, Java, and Ruby. The server does not rely on a static configuration file, instead allowing for configuration via a REST API using JSON. Configuration is stored in memory allowing for changes to happen without a restart.

  • Kubernetes Security Plagued by Human Error, Misconfigs

    Following a year of numerous security bugs within the Kubernetes ecosystem and the first security audit of Kubernetes conducted by the Cloud Native Computing Foundation (CNCF), which hosts the open source platform, continued wide-spread adoption has seen security become somewhat of an afterthought. However, if security concerns continue inhibiting business innovation, does that fall on businesses for neglecting security practices or the market for not providing them with the tools to confidently secure their deployments? “People just get security wrong sometimes,” McLean said. “Companies need a combination of increased learning, cross-pollination, new tooling, and updated processes to identify and remediate these security ‘mistakes’ during build and deploy vs. waiting for exposure during runtime.”