Fun with Docker

Well it’s not really all that fun.

SO… in the start of the year I had decided I didn’t want to play site admin all day, and went to a hosted platform.  Things went well for a few months, then things didnt go well with constant database issues.

Then we went down hard for over 24 hours.  I was going to move back, but then everything started to work again.  But things had been spiraling down to unusability again.

So instead of just making a big VM like I had done before , I thought I’d try using Docker to host my website, with a few containers, namely each tier separate.

And oh boy does everyone love edge case docker stuff, but when it comes to actually moving something *INTO* docker, its basically you are on your own.

So yes, the http-https redirect is brokenMy categories are all missing. lots of stuff is busted.  And the supergloblamegacorp.com redirect stuff is missing. I’ll have to re-create that one after I get more stuff sorted out.

I haven’t given up yet…

Half of the fun was setting up the haproxy container, which in itself wasn’t so bad, although some times it wouldn’t pick up any config file changes, so I had to destroy it a few times, but naturally once I ask someone to look, and it’s working fine now.

So for the hell of it, here is my haproxy.cfg


global
maxconn 256
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms

frontend http-in
bind *:80
bind *:443 ssl crt /etc/haproxy/haproxy.pem
http-request set-header Host virtuallyfun.com if { hdr(host) -i virtuallyfun.superglobalmegacorp.com }
http-request set-header Host virtuallyfun.com if { hdr(host) -i superglobalmegacorp.com }
redirect scheme https code 301 if !{ ssl_fc }
mode http
acl host_virtuallyfun hdr(host) -i virtuallyfun.com
acl host_virtuallyfun hdr(host) -i virtuallyfun.superglobalmegacorp.com
acl host_virtuallyfun hdr(host) -i superglobalmegacorp.com
use_backend virtuallyfun if host_virtuallyfun

backend virtuallyfun
balance leastconn
option httpclose
option forwardfor
reqadd X-Forwarded-Proto:\ https
server node1 172.17.0.3:80

I wanted to use Let’s Encrypt to ‘secure’ access to the domains I have, and running the certbot manually…. in a ‘dry run’ I always got this fun and informative error:

NewIdentifier : ACMESharp.AcmeClient+AcmeWebException: Unexpected error
+Response from server:
+ Code: BadRequest
+ Content: {
“type”: “urn:acme:error:malformed”,
“detail”: “Error creating new authz :: DNS name does not have enough labels”,
“status”: 400
}

Which of course got me absolutely nowhere searching.  I thought it may be docker screwing things up, so I shut it down, and fire up an old fashioned standalone copy of Apache, and run the following:

certbot certonly –dry-run –non-interactive –register-unsafely-without-email –agree-tos –expand –webroot –webroot-path /docker/wordpress/html –domain virtuallyfun.com –domain virtuallyfun.superglobalmegacorp.com –domain superglobalmegacorp.com

And get the same result.

I get to the point of absolute frustration, and just decide to forget the dry run all together, as I know I can run it at least 5 times a day before I get banned, for a while, but maybe I’ll get something more useful.

# certbot certonly –non-interactive –register-unsafely-without-email –agree-tos –expand –webroot –webroot-path /var/www/html –domain virtuallyfun.com –domain virtuallyfun.superglobalmegacorp.com –domain superglobalmegacorp.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for virtuallyfun.com
http-01 challenge for virtuallyfun.superglobalmegacorp.com
http-01 challenge for superglobalmegacorp.com
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0000_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0000_csr-certbot.pem

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/virtuallyfun.com/fullchain.pem. Your cert
will expire on 2018-06-26. To obtain a new or tweaked version of
this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run “certbot
renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

Except it actually worked.

Creating the needed haproxy.pem is simple as:

cd /etc/letsencrypt/live/virtuallyfun.com/
cat fullchain.pem privkey.pem > /docker/haproxy.pem

To put the needed key along with the certs.  Naturally when this expires I’ll have to scramble to figure out how I did this.

Managing docker is fun as well. I went ahead and tried out portainer.io, which  naturally deploys as a container.  And it can manage remote servers, which I though was a plus as that means I could deploy it in my office, then simply connect to my server.  But that is where I found out that the config files for Debian are hard coded to always listen on a local socket, which breaks setting the proper JSON file to tell it to listen on a socket, and TCP/IP.  So just edit /etc/systemd/system/docker.service.d/docker.conf and either hard code it all there, or remove it from there and place it in /etc/docker/daemon.json

As always documentation is conflicting and all over the place.

My current feelings about docker…

Crimson Editor and Metapad for Alpha AXP NT

(This is a guest post by Antoni Sawicki aka Tenox)

I was doing some work on my Alpha AXP with Windows NT and needed a decent text editor. I realized there wasn’t really anything beyond Notepad, until now, that is.

Crimson Editor for Windows NT AXP

http://www.tenox.net/get/cedt-ntaxp.zip

Metapad for Windows NT AXP

http://www.tenox.net/get/metapad-ntaxp.zip

 

Enjoy

Calamus for Windows NT RISC

(This is a guest blog post by Antoni Sawicki aka Tenox)

A Christmas gift for those who run Windows NT on Alpha AXP, MIPS or PowerPC. These ports of Windows are really lacking some good applications. Yes, there are utilities and games, Alpha even has Microsoft Word, Excel and Oracle DB, but apart from that there are just no serious apps available.

Calamus is a professional DTP (Desktop Publishing) software. It’s still actively developed and sold by German company Invers. If you want to play around with the latest version you can download a 30 day trial and even purchase the Lite version for 99 Euro on calamus.net. There are versions for Windows, Mac and Atari ST.

Atari ST ?! Well yes, the original Calamus was born some 30 years ago on Atari ST:

I had pleasure of using Calamus professionally on Atari for several years in early 90s. At the time when 486 could have max 64MB RAM and 640×480 VGA, a high end Atari TT packed 256MB Magnum card and 1280×1024 framebuffer and it was much cheaper than Mac. The memory and high resolution displays were really needed to process large images and complex page layouts.  You can read more about my Atari TT restoration efforts.

In the mid ’90s DMC decided to port Calamus to Windows in order to expand to other hardware platforms. An interesting fact is that the port isn’t really a full source code rewrite, which would be impossible due codebase size. Even that Calamus has 100% native Windows GUI and a lot of functionality has been rewritten, inside the software lives a small embedded Atari ST emulator that does on fly translation of some of the Atari/m68k ABI. You can read a bit about it here.

Calamus on Windows NT Alpha AXP

At the time of the port, Windows NT was still being actively developed on RISC platforms, so thankfully Calamus has been compiled on all of the available NT CPUs. Alpha version was probably the most popular choice because of performance. High end Alphas were the fastest machines capable of running Windows among all hardware. When publishing firms were thinking about upgrades they naturally looked at DEC as a first choice as regular PCs weren’t powerful enough.

And this is how I finally found a copy Calamus NT with support for RISC CPUs. It took me quite a lot of time and resources to track down and obtain copy of surviving media from owner of a publishing studio. This is how it looks when you first install it:

Calamus NT Install Wizard

Note that there were separate builds for 386/485 and Pentium CPUs. Also as you can see the disk contains a demo version which now Santa is delivering to you. This is a fully functional trial that expires after some time. If you ever lacked serious apps for your RISC NT machine, you can how play with one! The demo version is distributed with permission of Invers Software.

If you don’t have one of these machines you can still run Windows NT MIPS on Qemu:

Calamus on Windows NT MIPS

And finally to the goods. You can download following files:

Calamus NT v1.5 DEMO for DEC Alpha AXP

Calamus NT v1.5 DEMO for MIPS

Calamus NT v1.5 DEMO for PowerPC

386 and Pentium builds are not available. Please do not ask. For Intel build download the latest version from Invers Software.

Thinking about doing something different about monitization

I hate ads, and didn’t want to go down that road, but I was thinking of something different.  I keep reading in the news about these ‘javascript bitcoin miners’.  Many of them apparently are stealthy, but how about one that is overt?  I saw over at coinhive.com that they do have ‘opt in’ versions of their scripts as opposed to doing it silently.  So I thought this would be something interesting to ask for:

Loading Authed Mine…
100% volentary!

So, buddy, spare some CPU cycles?

And we’re back.

So this last 24 hours has been chaotic.  I’d had this word press installation for a number of years, going back to the 2 week Blogspot outage a long time ago.  But things change and I’ve found dealing with systemd and it’s bizarre need to hide and obscure things, along with it’s worthless logging a losing fight.  So over Thanksgiving I saw this “web reseller” package that has 250gb space and 1TB of network for $15 a year.  And being a reseller means I can add additional domains and whatnot for free.

As you may have seen rss was broken the menu bars stopped working and all kinds of other smaller issues.  I figured it was as good time as any to do a fresh install of word press and only copy the article, comments and user tables.

In the middle of this, the superglobalmegacorp redirection broke as it’s no longer a combined site.  And then disaster struck when I tried to move the install to PHP 7.1, getting away from 5.6 as I was constantly running out of memory.

Something happened on the hosting side and their server lost all configs for virtuallyfun.  I’d opened a ticket, and after 4 hours of nothing I moved the site back to the old machine, but I got interrupted with life and it was all messed up.  As soon as I got up, the issue has been resolved and we are back.

For me, this site feels substantiality faster than the older one.  The old server literally costs me $25 a month.  But it’s old and tired.  I have a sales call out on a new data center in Tai Po, Hong Kong so I may be moving all my USA hosting here. Which would be nice for me, at least the server will literally be down the street.

Oh well you know the internet, things move.

I’ve been debating about doing a SQL dump and purging the user table, and placing a copy of this blog on archive.org ..  I know at the same time people will load it up and place shitty ads all over it..  but at the same time I’d like to keep a better copy of my insane ramblings.  I see some people already tried, but their backup strategy is clearly automated and all they did was capture a single article.

As always, keep backups!

**added

For those with legacy systems, currently the HTTP site works.

OS X 10.6 Safari

Naturally for older systems the SSL support is still SHA-1 centered, and the entire SSL infrastructure is quickly moving to SHA-2.  Plenty of the site’s resources will be linked as https, and that’s pretty much the way it is.

I’ve tried to get some devs to write a simplified front end to the wordpress database to at least make things visible to legacy systems, but for some reason people just run away at the prospect.  Personally I’d love to have one in classical ASP so I can host it on Windows NT Server 4.0 … But I haven’t had any takers.

For my own benefit here is what I amputated to get rss working.


feed-rss2.php
====================================================================
<?php /* (get_option('rss_use_excerpt')) : ?>
    <description><![CDATA[<?php the_excerpt_rss(); ?>]]></description>
<?php else : ?>
    <description><![CDATA[<?php the_excerpt_rss(); ?>]]></description>
  <?php $content = get_the_content_feed('rss2'); ?>
  <?php if ( strlen( $content ) > 0 ) : ?>
    <content:encoded><![CDATA[<?php echo $content; ?>]]></content:encoded>
  <?php else : ?>
    <content:encoded><![CDATA[<?php the_excerpt_rss(); ?>]]></content:encoded>
  <?php endif; ?>
<?php endif; */?>
====================================================================