Jach's personal blog

(Largely containing a mind-dump to myselves: past, present, and future)
Current favorite quote: "Supposedly smart people are weirdly ignorant of Bayes' Rule." William B Vogt, 2010

Blog rewrite notes - postponement?

As mentioned in the first post, this blog was running on some pretty ancient infrastructure... well over the past couple of nights I finally decided to do something about it.

The first thing to go was the old Ubuntu 14. Instead of creating a new image on say Ubuntu 20, though, I went with my favorite OS (and the one I use for my PC): Gentoo. Some time ago I remember trying to build my own Gentoo on EC2 with some tooling, but it didn't work. In the end this time I went with an unofficial image.

As usual be careful of your trust tolerances -- I don't know anything about this group other than they've been around offering this thing for years. I spun up a new instance and poked around, it really is quite minimal (excellent!) and nothing crazy jumped out.

As you might glean from Ubuntu 14, I was also running old versions of PHP 5, MySQL, and Apache. I installed all of these fresh in the new Gentoo, leaving me with PHP 7.4.4, Apache 2.4.41, and (I switched to it as I did locally long ago) MariaDB 10.2.29.

Porting the database was easiest. I created a dump of the databases on the old server and imported the file to the new server's database, nothing else was needed and it all works. (Edit: several hours later I started getting many mysql connection errors, I had to adjust my PHP connect to use 'localhost', it was previously using 'p:localhost'. I forget why I had used persistent connections before, I think it might have dated back to hostgator days? I also ran the mysql update script later to get rid of an error in the startup logs but it didn't affect functionality. Finally I've tweaked a few settings to reduce memory consumption.)

Apache took a little bit of work to reconfigure -- every distro wants to do it its own way it seems. But in the end it wasn't too much work -- just making sure to chgrp the rsync'd copy of /var/www/ to apache (ubuntu uses www-data), adjustments to the master httpd.conf, and the only change to my vhosts (besides disabling a couple subdomains on another domain I don't care about) was to use the fullchain SSL cert file instead of the previously separated cert and chain files (that was pre 2.4.8). I use Let's Encrypt, that was also easy to move over. Gentoo has certbot in its repo, so after installing I rsync'd the old /etc/letsencrypt/, adjusted permissions so Apache could read the keys, and certbot could detect the certs. All was well, finished it off with a cron script to run the renew command that makes HTTPS painless.

With the server up, it was time to test the PHP services. I reviewed PHP's 5-to-7 guide (mainly the backwards incompatible changes). Pleasantly surprised that there were few, and had a little laugh about some fixed behavior I never even knew was a thing (like multiple default cases in a switch statement, lol). The main one that affected this blog was a session write hook not returning a boolean, so I fixed that (and a bug where empty data would be inserted for no good reason). I also saw the ereg* family of functions were removed. I only have a handful of those to fix up still, and they're on really old PHP pages not on this blog so I can do that later.

Next was a bit of PHP ini tweaking, mainly to log all errors not otherwise logged (blog uses its own error handler that also emails me about them) and increase the max file upload size and lastly to make mail() work. I route mail() through Amazon's SES, using an old perl script I got from somewhere. The Perl script required me to emerge a few more Perl modules, but after that it ran, and it still works despite Perl having been updated from a very old version too. (Edit 8/2020: For reference, my sendmail path is /opt/bin/ -k /path/to/creds -f fromemail -r The from forces a from email for all my PHP, the -r says to send a raw email that it reads from stdin. Unfortunately Amazon is deprecating their old signing API, so I need to figure out how to update this or (more likely) figure out how to write my own version of this using Lisp..)

In the end it was less effort than expected! It took a bit of time to compile a few things (this is only a t2.micro -- I had to add 2G of swap just to be able to build a couple certain annoying dependencies) but I don't mind. It was also a good reminder of some of the old infrastructure pieces I had forgotten about. (It's great to be able to forget, since it means they just keep working without intervention.) Another such thing was a nightly script to update awstats -- I don't look at them much but they're sometimes fun to look at. And now there's time for some new infrastructure. I added some cron files to keep portage sources up-to-date and email me if there are any security issues I should know about so I can go build the updates. I've got ideas for a few others too.

There's still some work to do. I was running a matrix server on the old instance. I did get a new version running with the latest postgres (12) but with a fresh database (so no account). It seems postgres' migration might be as straightforward as mysql's (dump everything to a file, then import it) but we'll see if it works... (Edit: It worked!)

With this there's less urgency (i.e. ticking time bomb of very old and EOL software) to move to a Lisp rewrite. But it still might happen sooner rather than later. And now I can just install the latest SBCL with portage as god intended and keep the options for deployment strategy maximally flexible.

Posted on 2020-04-10 by Jach

Tags: php


Trackback URL:

Back to the top

Back to the first comment

Comment using the form below

(Only if you want to be notified of further responses, never displayed.)

Your Comment:

LaTeX allowed in comments, use $$\$\$...\$\$$$ to wrap inline and $$[math]...[/math]$$ to wrap blocks.