Finally, a real fix for the commenting bug that crops up from time to time. Recently, as well as a year and a half ago, WordPress comments would timeout or give NGINX 504 gateway errors. There were two issues, both related to over zealous security settings:
- Modsecurity was treating the comment submission, by some versions of WorPress, as a SQL injection attack
- NGINX security settings were also treating comments as an attack
In both cases security was high, but the server had never been properly tuned for real world situations. We cranked down the security and things seem to be speedy again. Glad to have this fixed because we didn’t want to take the same problem to a new server.
In the coming weeks we will migrate to a new server. After much though and deliberation, we’ve decided to stick with our current host and data center in Germany run by Hetzner.
- Great prices on great hardware
- 100% green energy and CO2 neutral
- Germany’s high level of privacy protection laws
- Big uplinks to major European internet exchanges
- We’re used to them
- An extra hop to US internet exchanges
- An extra two hops to Asian internet exchanges
It was super tempting to go with a data center in Los Angeles. US readers would get things a tiny bit faster, and it would be a bit faster for people in Asia. That’s especially important when we blog and work from China. China connects to Germany through Los Angeles, then New York, then Amsterdam, then onwards to Germany.
Servers suck power and cooling though. Only a jerk would put a server somewhere drought plagued with energy shortages. For now we stick with Hetzner. Our next box will be huge:
- Intel Xeon E3-1270 v3 Quadcore Haswell
- RAM 32 GB ECC RAM
- Hard Drive 2 x 2 TB SATA 6 Gb/s 7200 rpm Enterprise Class
- Connection 1 Gbit/s-Port
- Guaranteed Bandwidth 200 Mbit/s
- Backup Space 100 GB
- Inclusive Traffic 20 TB
Please offer any pros and cons of this setup if you have them.
Our current server doesn’t include backup space so we pay for Jungle Disk (IMHO junk and impossible to actually use…) as well as two different FTP backups for hourly database dumps. We’ll probably dump all but a single FTP backup and use the included off-site backup space, saving nearly a hundred bucks a month.
We also use an Amazon Web Service instance for MUNIN, a server monitoring setup. MUNIN did exactly nothing to help spot the failing drive issues with the current server, not that anyone bothers to monitor it anyways. This should be trashed or moved to a dirt cheap Digital Ocean droplet instead of the really expensive AWS instance.
Most sites, including those run by people we love and respect, invite to their websites alleged NSA collaborators, US government spy facilitators, and general data hogs to monitor your every move for profit, data mining, advertising, etc. As always, we never knowingly run any social media malware that allows Facebook, Twitter, Google, et. al. to track you at Dangerous Prototypes.
Even sites that avoid social malware frequently use Google Analytics for site statistics. We refuse to do that. We host our own stats package called Piwik. It’s open source, compliant with stringent German privacy laws, and only we know what happens on our site. If big brother cares to spy on you they can tap the cable, however we will do our best to keep big business from data mining you.