SITE: comments fixed for real, new server coming

SMPTE_Color_Bars.svg

Finally, a real fix for the commenting bug that crops up from time to time. Recently, as well as a year and a half ago, WordPress comments would timeout or give NGINX 504 gateway errors. There were two issues, both related to over zealous security settings:

  • Modsecurity was treating the comment submission, by some versions of WorPress, as a SQL injection attack
  • NGINX security settings were also treating comments as an attack

In both cases security was high, but the server had never been properly tuned for real world situations. We cranked down the security and things seem to be speedy again. Glad to have this fixed because we didn’t want to take the same problem to a new server.

In the coming weeks we will migrate to a new server. After much though and deliberation, we’ve decided to stick with our current host and data center in Germany run by Hetzner.

Pros:

  • Great prices on great hardware
  • 100% green energy and CO2 neutral
  • Germany’s high level of privacy protection laws
  • Big uplinks to major European internet exchanges
  • We’re used to them

Cons:

  • An extra hop to US internet exchanges
  • An extra two hops to Asian internet exchanges

It was super tempting to go with a data center in Los Angeles. US readers would get things a tiny bit faster, and it would be a bit faster for people in Asia. That’s especially important when we blog and work from China. China connects to Germany through Los Angeles, then New York, then Amsterdam, then onwards to Germany.

Servers suck power and cooling though. Only a jerk would put a server somewhere drought plagued with energy shortages. For now we stick with Hetzner. Our next box will be huge:

  • Intel Xeon E3-1270 v3 Quadcore Haswell
  • RAM 32 GB ECC RAM
  • Hard Drive 2 x 2 TB SATA 6 Gb/s 7200 rpm Enterprise Class
  • Connection 1 Gbit/s-Port
  • Guaranteed Bandwidth 200 Mbit/s
  • Backup Space 100 GB
  • Inclusive Traffic 20 TB

Please offer any pros and cons of this setup if you have them.

Our current server doesn’t include backup space so we pay for Jungle Disk (IMHO junk and impossible to actually use…) as well as two different FTP backups for hourly database dumps. We’ll probably dump all but a single FTP backup and use the included off-site backup space, saving nearly a hundred bucks a month.

We also use an Amazon Web Service instance for MUNIN, a server monitoring setup. MUNIN did exactly nothing to help spot the failing drive issues with the current server, not that anyone bothers to monitor it anyways. This should be trashed or moved to a dirt cheap Digital Ocean droplet instead of the really expensive AWS instance.

Most sites, including those run by people we love and respect, invite to their websites alleged NSA collaborators, US government spy facilitators, and general data hogs to monitor your every move for profit, data mining, advertising, etc. As always, we never knowingly run any social media malware that allows Facebook, Twitter, Google, et. al. to track you at Dangerous Prototypes.

Even sites that avoid social malware frequently use Google Analytics for site statistics. We refuse to do that. We host our own stats package called Piwik. It’s open source, compliant with stringent German privacy laws, and only we know what happens on our site. If big brother cares to spy on you they can tap the cable, however we will do our best to keep big business from data mining you.

Join the Conversation

5 Comments

  1. Ian, thank-you for such extensive open sharing or your site setup! No sure if you can also share the cost you pay for your server subscription?

    1. The PX60 is 69 euros/month plus 99euros setup. That’s discounted a bit because it includes 19% VAT and as a US company we don’t pay it. Currently we pay 49EUR/month which comes to 30-something. After talking to the server admin who will setup the new box we decided on a 49euro box again instead with 49 euro setup. Its still more powerful and has double memory and net speed of current box, and is only 100 pasmark(?) points under the Xeon.

      1. Additionally per month (from memory…):
        ~$20 for Jungle Disk
        ~$24 for AWS server
        ~$5 for FTP #1
        ~$15 for FTP #2

        Yearly:
        ~$400 for tuning, upgrading, debugging
        ~$10 for domains

  2. I manage 50+ Hetzner servers for clients, and they’re, in the most part, amazing. Much of the Hetzner complaints you see online are from people who purchase an unmanaged server and complain when they don’t get red-carpet treatment when their website goes down or get hacked.

    One Hetzner caveat is… their included backup space doesn’t allow access from outside their network!

    1. I agree they’re the best I’ve seen. They gave me red carpet treatment even as an unmanaged server user, but my only complaint is they’re a bit stubborn. A disk on this box is clearly failing, an expert in smart data posted here and we discussed it by email a bit. The drive is also corrupt and unreadable. I requested disk checks several times, which they did right away, but the cursory disk check found nothing so they wouldn’t go further. Maybe that’s the norm. Alex, the amazing server guy who setup and hardened this box, told me to just get a new one and not expect more than 2-4 years from a box.

      Thanks for the heads up on the backup. That should still work for us.

Leave a comment

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.