So I got the job. Here's a story, never let anyone stop you from accomplishing your dreams!

It all started in 2010. Windows just crashed unrecoverably for the 3rd time in two years. Back then I wasn't good with computers yet so we got our tech guy to look at it and he said: "either pay for a windows license again (we nearly spend 1K on licenses already) or try another operating system which is free: Ubuntu. If you don't like it anyways, we can always switch back to Windows!"

Oh well, fair enough, not much to lose, right! So we went with Ubuntu. Within about 2 hours I could find everything. From the software installer to OpenOffice, browsers, email things and so on. Also I already got the basics of the Linux terminal (bash in this case) like ls, cd, mkdir and a few more.

My parents found it very easy to work with as well so we decided to stick with it.

I already started to experiment with some html/css code because the thought of being able to write my own websites was awesome! Within about a week or so I figured out a simple html site.

Then I started to experiment more and more.

After about a year of trial and error (repeat about 1000+ times) I finally got my first Apache server setup on a VirtualBox running Ubuntu server. Damn, it felt awesome to see my own shit working!

From that moment on I continued to try everything I could with Linux because I found the principle that I basically could do everything I wanted (possible with software solutions) without any limitations (like with Windows/Mac) very fucking awesome. I owned the fucking system.

Then, after some years, I got my first shared hosting plan! It was awesome to see my own (with subdomain) website online, functioning very well!

I started to learn stuff like FTP, SSH and so on.

Went on with trial and error for a while and then the thought occured to me: what if I'd have a little server ONLINE which I could use myself to experiment around?

First rented VPS was there! Couldn't get enough of it and kept experimenting with server thingies, linux in general aaand so on.

Started learning about rsa key based login, firewalls (iptables), brute force prevention (fail2ban), vhosts (apache2 still), SSL (damn this was an interesting one, how the fuck do you do this yourself?!), PHP and many other things.

Then, after a while, the thought came to mind: what if I'd have a dedicated server!?!?!?!

I ordered my first fucking dedicated server. Damn, this was awesome! Already knew some stuff about defending myself from brute force bots and so on so it went pretty well.

Finally made the jump to NginX and CentOS!

Made multiple VPS's for shitloads of purposes and just to learn. Started working with reverse proxies (nginx), proxy servers, SSL for everything (because fuck basic http WITHOUT SSL), vhosts and so on.

Started with simple, one screen linux setup with ubuntu 10.04.

Running a five monitor setup now with many distro's, running about 20 servers with proxies/nginx/apache2/multiple db engines, as much security as I can integrate and this fucking passion just got me my first Linux job!

It's not just an operating system for me, it's a way of life. And with that I don't just mean the operating system, but also the idea behind it :).

Happened a few weeks ago but still awesome.

Me and a good friend have a website together but we don't monitor it too much.
He studied with me in the same class but went towards frontend/apps where I chose backend/servers/security. He knows how to do basic Linux stuff but that's about it.

We were at a party when he noticed that our site was offline. Walked over to me (because I manage the server) to notify me so I could look into it said I'd look into it (phone):
*visits site: nothing*
*online dig tool: got the server ip*
*remembered this one didn't have pubkey authentication - after three passwords attempts I'm in*

"service apache2 status"
*service doesn't exist*
*right, migrated this one from Apache to nginx....*
"history"
*ah, an nginx restart probably suffices...*
"service nginx restart"

BAM, site is reachable again.

*god damnit, lets encrypt cert expired...*
"history"
*sees command with certbot and our domain both in one*
"!892"
*20 seconds later: success message*
*service nginx reload*

BAM, site works securely again.

"Yo mate, check the site again"

Mate: 😶 w-w-what? *checks site and his watch* you started less than two minutes ago...?
Me: yeah..?
Mate: 😶 now this is why YOU manage our server and I don't 😐

His face was fucking gold. It wasn't that difficult for me (I do this daily) but to him, I was a God at that moment.

Awesome moment 😊

Hacking/attack experiences...
I'm, for obvious reasons, only going to talk about the attacks I went through and the *legal* ones I did 😅 😜

Let's first get some things clear/funny facts:
I've been doing offensive security since I was 14-15. Defensive since the age of 16-17. I'm getting close to 23 now, for the record.

First system ever hacked (metasploit exploit): Windows XP.
(To be clear, at home through a pentesting environment, all legal)
Easiest system ever hacked: Windows XP yet again.

Time it took me to crack/hack into today's OS's (remote + local exploits, don't remember which ones I used by the way):
Windows: XP - five seconds (damn, those metasploit exploits are powerful)
Windows Vista: Few minutes.
Windows 7: Few minutes.
Windows 10: Few minutes.
OSX (in general): 1 Hour (finding a good exploit took some time, got to root level easily aftewards. No, I do not remember how/what exactly, it's years and years ago)
Linux (Ubuntu): A month approx. Ended up using a Java applet through Firefox when that was still a thing. Literally had to click it manually xD
Linux: (RHEL based systems): Still not exploited, SELinux is powerful, motherfucker.

Keep in mind that I had a great pentesting setup back then 😊. I don't have nor do that anymore since I love defensive security more nowadays and simply don't have the time anymore.

Dealing with attacks and getting hacked.

Keep in mind that I manage around 20 servers (including vps's and dedi's) so I get the usual amount of ssh brute force attacks (thanks for keeping me safe, CSF!) which is about 40-50K every hour. Those ip's automatically get blocked after three failed attempts within 5 minutes. No root login allowed + rsa key login with freaking strong passwords/passphrases.

linu.xxx/much-security.nl - All kinds of attacks, application attacks, brute force, DDoS sometimes but that is also mostly mitigated at provider level, to name a few. So, except for my own tests and a few ddos's on both those domains, nothing really threatening. (as in, nothing seems to have fucked anything up yet)

How did I discover that two of my servers were hacked through brute forcers while no brute force protection was in place yet? installed a barebones ubuntu server onto both. They only come with system-default applications. Tried installing Nginx next day, port 80 was already in use. I always run 'pidof apache2' to make sure it isn't running and thought I'd run that for fun while I knew I didn't install it and it didn't come with the distro. It was actually running. Checked the auth logs and saw succesful root logins - fuck me - reinstalled the servers and installed Fail2Ban. It bans any ip address which had three failed ssh logins within 5 minutes:
Enabled Fail2Ban -> checked iptables (iptables -L) literally two seconds later: 100+ banned ip addresses - holy fuck, no wonder I got hacked!

One other kind/type of attack I get regularly but if it doesn't get much worse, I'll deal with that :)

Dealing with different kinds of attacks:

Web app attacks: extensively testing everything for security vulns before releasing it into the open.
Network attacks: Nginx rate limiting/CSF rate limiting against SYN DDoS attacks for example.
System attacks: Anti brute force software (Fail2Ban or CSF), anti rootkit software, AppArmor or (which I prefer) SELinux which actually catches quite some web app attacks as well and REGULARLY UPDATING THE SERVERS/SOFTWARE.

So yah, hereby :P

A dude with a THICK Russian accent just called me offering server security services.

After I politely declined, he insisted on a free audit of my servers. I declined that as well.

Now I’m backing up our DB’s and going through my nginx logs.

Am I being racist?

> When the intern claims that nginx is serving more request than apache

Got this glow-in-a-dark sticker.
I finally got a real reason to use Nginx

Funny story about the first time two of my servers got hacked. The fun part is how I noticed it.
So I purchased two new vps's for proxy server goals and thought like 'I can setup fail2ban tomorrow, I'll be fine.'

Next day I wanted to install NginX so I ran the command and it said that port 80 was already in use!

I was sitting there like no that's not possible I didn't install any server software yet. So I thought 'this can't be possible' but I ran 'pidof apache2' just to confirm. It actually returned a PID! It was a barebones Debian install so I was sure it was not installed yet by ME. Checked the auth logs and noticed that an IP address had done a huge brute force attack and managed to gain root access. Simply reinstalled debian and I put fail2ban on it RIGHT AWAY.

Checked about two seconds later if anyone tried to login again (iptables -L and keep in mind that fail2ban's default config needs six failed attempts within I think five minutes to ban an ip) and I already saw that around 8-10 addresses were banned.

Was pretty shaken up but damn I learned my lesson!

Almost every really successfully project...is open source.

Some Examples:
- Linux
- PhP
- Node.JS
- The Chromium Engine
- All the Apache Stuff
- Unreal Engine(WAS closed source)
- nginx

and so many more

Open Source is the best way to build known, stable and useful software

Sometimes I just randomly start installing a new vps, configure the server, put a random sub domain on it, forward nginx with SSL, print something random on the page and then just remove the thing again.

Solely because I enjoy installing servers/configuring them.

Am I weird? 😅

All day trying to configure https with nginx.
Then I see this

configuring nginx is like trying anal for the first time

TGFLE - Thank God for Let's Encrypt

I respect what they're doing, and the certbot they offer.

This fucking customer...
I've told that person so many times that they need to FIX THEIR CODE, because it get's pwned all the time.
To make stuff worse - they are still using Debian 5, and we are unable to upgrade because all their shit will break.

I found his fix today - he installed an old version of NGINX because it is "better".

No fuck you.

I wrote (or, ended up with a very much alpha but usable version) a monitoring system a while back and completely forgot about its existence.

But, it's still running and a few days ago I was building a docker imagine on a system with not that many resources and after about 5 minutes I started getting notifications about a high load!

Then, while I had forgotten about it again, yesterday, I suddenly started getting notifications about websites on my main application server going down.
Logged in and all was good again after restarting nginx.

Gotta say that it feels quite awesome to be notified of shit going wrong by something I wrote myself while I forgot about its existence 😊

Apache or Nginx?

Just realized. The only use of port 80 (providing it runs something like NginX/Apache) is (or, should be anyways) redirecting users from a non-secure connection to a secure one.

Poor port 80 😖

#6

My client tells me there's a new bug with to-www-redirects. He yells they don't work properly anymore and tries to blame me. But fact is I know, they are well configured in the Nginx conf and therefore work like a charm.

I told him I fixed it and charged an hour. Motherfucker.

😓🔨

No. This isn't "free"...

Noob moments #0
The first time you try to pronounce nginx

NO FIREFOX AND CHROMIUM, I ALREADY SET THE FUCKING CORS HEADERS CORRECTLY ACCORDING TO THE OFFICIAL FUCKING NGINX DOCUMENTATION. WHY THE FUCK ARE YOU STILL DISALLOWING CROSS-ORIGIN REQUESTS?!

Spend half the day setting up a dedicated server at work (including getting all the hardware together) and installing CentOS and tweaking around.

For a client? Oh no, there just literally wasn't anything else to do and I didn't want to sit around doing nothing or working on shell scripts AGAIN. (working in support (+ linux server management) and due to the holidays hardly any support requests come in)

*Hmmm, lets install nginx for fun*
"yum install ngi..."
*wait, let's compile from source and make it more fun!*

So yeah, that was my day, I guess.

Have multiple and some server related but hereby:

I forcefully quit php on the server I use for devRant related stuffs because I wanted to quit the bakgrounded php process I had running for the dns proxy thingy since I somehow couldn't find the pid.

Two days later I noticed that none of my sites on that server where running anymore and started looking at nginx error logs.

It took me way too long to figure out that I had PHP-FPM installed which runs as a service and by forcefully quitting php the other day.... Yeah, you get it I think.

Started the process again and remembered that one 😅

Two nginx config files for two different sites.

Both exactly the same except for the fastcgi location, document root and virtual host.

THE MOTHERFUCKING GET VALUES DOESN'T REWRITE PROPERLY WITH ONE OF THEM BUT IT WORKS PER-FUCKING-FECTLY WITH THE OTHER ONE.

GO SUCK A COCK NGINX. AND NO I'M NOT SWITCHING TO APACHE.

I thought this launch (security/privacy blog) would go smooth:
- analytics fell, except for one thing, apart for yet unknown reasons
- MySQL came with a very weird error which took me like half an hour of research before I hacked my way past it.
- the firewall started to fuck around for no reason, works now though.

Nginx worked without issues though, as well as NetData 😅

Yeah, didn't go as planned :P

I decided to setup a little server on my local network just to make use of a 2TB harddrive I use to store videos.

Told everyone in the house I planned to grow the library over time and that they could access it all in a browser using my system name. It's become quite a fun venture and my video library is shaping up nicely.

Using nginx on a Dell XPS 17 with Ubuntu 16.04 to host a server that just auto indexes a shared directory on my external 2TB harddrive. Kind of an embarrassing rig, but it's just a hobby activity and I do plan to upgrade shit later.

The real fun has been getting to understand a bit more about video files. They used to be magic to me, as complex as their file extension. Now I run a script on all of my torrents which checks the video and audio codecs, converting them if they aren't supported by Chrome's and Firefox's web players, and outputting mp4s using ffmpeg. I feel like I have this stuff down fairly well now. Becoming more and more automated.

Next step is to port forward so I can access it from anywhere, but we'll see about that later down the line.

So I did a rookie mistake this week. Connected a webapp for a client using Nginx and installed the SSL cert for the site. I decided to activate the firewall of the server because hey security. All was well. Went home feeling like I am the shit.

Next day I find out I can't log in to the server over ssh. Only to find out that I had forgotten to allow SSH through the firewall.

I had basically locked myself out of the server. 😞

Setting up a server in Amazon ec2. Running all the commands to install nginx and everything.

Only to realize I have been running those commands in my local VM instead of ssh.

TL;DR
Management eats shit for breakfast

Context:
I am the sole Dev on a project.

Stack: Postgresql, redis, nginx,Java with Spring Boot, Neo4j.

I am the only one nearly familiar with : Redis, Neo4j and anything Java.

I'm gonna be on vacation for the next 15 days since they have told me that we where gonna be on a "testing/feedback" period.

My vacation was approved.

Today's meeting: we have a URGENT deadline to meet some criteria that might be the difference between have further investment or not.

Urgent deadline: last day of my vacation.

My face: poker

My thoughts: attached image

Apache no doubt.

Reason? It is good, and it does not want to shove a commercial license into my throat like Nginx wants.

FUCK YOU WORDPRESS

Omfg never been so fucking pissed in my life.

I just wasted 3 hours because this fucking bullshit rewrites the fucking URL based on the URL on a config fucking file?!!?

It fucking ignores: apache virtual host configs and nginx reverse proxy

omfg...

Just managed to setup a tiny/simple privacy-friendly analytics system.

You basically call an api from your backend with the api key and all the headers you received from the browser (php and Apache or nginx in my case) and the analytics api gets useful stuff out of that data without sacrificing privacy.

I get a little bit more insight into my websites usage and the client isn't sacrificing identifiable information!

I've been wanting to make this fucker for fucking months.

Not just another Windows rant:

*Disclaimer* : I'm a full time Linux user for dev work having switched from Windows a couple of years ago. Only open Windows for Photoshop (or games) or when I fuck up my Linux install (Arch user) because I get too adventurous (don't we all)

I have hated Windows 10 from day 1 for being a rebel. Automatic updates and generally so many bugs (specially the 100% disk usage on boot for idk how long) really sucked.

It's got ads now and it's generally much slower than probably a Windows 8 install..

The pathetic memory management and the overall slower interface really ticks me off. I'm trying to work and get access to web services and all I get is hangups.

Chrome is my go-to browser for everything and the experience is sub par. We all know it gobbles up RAM but even more on Windows.

My Linux install on the same computer flies with a heavy project open in Android Studio, 25+ tabs in Chrome and a 1080p video playing in the background.

Up until the creators update, UI bugs were a common sight. Things would just stop working if you clicked them multiple times.

But you know what I'm tired of more?

The ignorant pricks who bash it for being Windows. This OS isn't bad. Sure it's not Linux or MacOS but it stands strong.

You are just bashing it because it's not developer friendly and it's not. It never advertises itself like that.

It's a full fledged OS for everyone. It's not dev friendly but you can make it as much as possible but you're lazy.

People do use Windows to code. If you don't know that, you're ignorant. They also make a living by using Windows all day. How bout tha?

But it tries to make you feel comfortable with the recent bash integration and the plethora of tools that Microsoft builds.

IIS may not be Apache or Nginx but it gets the job done.

Azure uses Windows and it's one of best web services out there. It's freaking amazing with dead simple docs to get up and running with a web app in 10 minutes.

I saw many rants against VS but you know it's one of the best IDEs out there and it runs the best on Windows (for me, at least).

I'm pissed at you - you blind hater you.

Research and appreciate the things good qualities in something instead of trying to be the cool but ignorant dev who codes with Linux/Mac but doesn't know shit about the advantages they offer.

For 10 thousand years I have pronounced "Nginx" as "En ginns" just found out from Ubuntu's official page that it is pronouned "Engine-X".
What a shame (－‸ლ)

Every time I encounter "404 Not Found - nginx" when I was really young, I thought the website was hacked by Nginx(ngingks). When I got to uni and found out what it was and how to say it, I just facepalmed. Even until now, every time I read it on job posts, I still say ngingks in my head and laugh hahaha

So I guess no movies tonight

Senior: Which one you worked on Nginx or Apache..?

Me (As a fresher): XAMPP!!!

Senior:🤦‍♂️

Weekend projects are fun! Although front end is still a challenge, it looks good enough.

Suddenly got the idea to do something with letsencrypt/nginx wildcard subdomains (*.example.com) so created a project around that now through which you can check what your ip address/user agent/operating system/ip version is (maybe more to come) but due to the wildcard part you can enter quite a number of subdomains which all show the related info.

I'd find it very useful myself, not sure if other people would but oh well!

Fucking cloud providers always trying to steal your shit and spy on your things, fucking prying eyes. That's why i've decided to go back hosting my own private cloud from home. Running on some very energy efficient shit: dual core intel atom cpu (so slow that it can't fucking run windows normally), 16gb of ram, because why the fuck not? and 1tb 2.5"hdd, along with unlimited data - 100/100 Mbit/s internet connection with a server response time less than 95ms just to backup my shitty Iphone selfies and cat pics, host some very important files and regularly back up my contacts. This shit runs CentOS, Nginx, https, bitch! This platform is more trustworthy than your shitty dropbox or whatever other shit they offer you. I can choose whether i back-up my shit from local network or over internetz, Costing me no more than 25€ annually(just to keep the machine on 24/7/365).

Needed a list with all domains I run on a server but I don't always give nginx config files the names of their website so I was about to start going through them by hand..... waaait, let's try to automate this with a bash script...

Five minutes later I've got a working bash script which gets all domains from all config files.

Oh, the joys of terminal/bash stuff!

I've found and fixed any kind of "bad bug" I can think of over my career from allowing negative financial transfers to weird platform specific behaviour, here are a few of the more interesting ones that come to mind...

#1 - Most expensive lesson learned

Almost 10 years ago (while learning to code) I wrote a loyalty card system that ended up going national. Fast forward 2 years and by some miracle the system still worked and had services running on 500+ POS servers in large retail stores uploading thousands of transactions each second - due to this increased traffic to stay ahead of any trouble we decided to add a loadbalancer to our backend.

This was simply a matter of re-assigning the IP and would cause 10-15 minutes of downtime (for the first time ever), we made the switch and everything seemed perfect. Too perfect...

After 10 minutes every phone in the office started going beserk - calls where coming in about store servers irreparably crashing all over the country taking all the tills offline and forcing them to close doors midday. It was bad and we couldn't conceive how it could possibly be us or our software to blame.

Turns out we made the local service write any web service errors to a log file upon failure for debugging purposes before retrying - a perfectly sensible thing to do if I hadn't forgotten to check the size of or clear the log file. In about 15 minutes of downtime each stores error log proceeded to grow and consume every available byte of HD space before crashing windows.

#2 - Hardest to find

This was a true "Nessie" bug.. We had a single codebase powering a few hundred sites. Every now and then at some point the web server would spontaneously die and vommit a bunch of sql statements and sensitive data back to the user causing huge concern but I could never remotely replicate the behaviour - until 4 years later it happened to one of our support staff and I could pull out their network & session info.

Turns out years back when the server was first setup each domain was added as an individual "Site" on IIS but shared the same root directory and hence the same session path. It would have remained unnoticed if we had not grown but as our traffic increased ever so often 2 users of different sites would end up sharing a session id causing the server to promptly implode on itself.

#3 - Most elegant fix

Same bastard IIS server as #2. Codebase was the most unsecure unstable travesty I've ever worked with - sql injection vuns in EVERY URL, sql statements stored in COOKIES... this thing was irreparably fucked up but had to stay online until it could be replaced. Basically every other day it got hit by bots ended up sending bluepill spam or mining shitcoin and I would simply delete the instance and recreate it in a semi un-compromised state which was an acceptable solution for the business for uptime... until we we're DDOS'ed for 5 days straight.

My hands were tied and there was no way to mitigate it except for stopping individual sites as they came under attack and starting them after it subsided... (for some reason they seemed to be targeting by domain instead of ip). After 3 days of doing this manually I was given the go ahead to use any resources necessary to make it stop and especially since it was IIS6 I had no fucking clue where to start.

So I stuck to what I knew and deployed a $5 vm running an Nginx reverse proxy with heavy caching and rate limiting linked to a custom fail2ban plugin in in front of the insecure server. The attacks died instantly, the server sped up 10x and was never compromised by bots again (presumably since they got back a linux user agent). To this day I marvel at this miracle $5 fix.

I think I've got a working searx instance which I'd open up for the public.

NOTE: I cannot prove that I don't store anything because for that you'd need root access to the server which I won't give obviously. If you're not comfortable with that, just don't uses it.

I still have to do something for ip address logging anonymising or stripping, though. (nginx + CSF provided enough abuse prevention).

Tips on that?

PSA: "sudo apt-get remove nginx" doesn't actually remove nginx. It will still continue to run and block port 80 on every reboot.

Until you run sudo apt-get autoremove, nginx-core and others still remain.

And that's how twenty seconds of scheduled downtime turns into 10 minutes.

Dammit nginx

Tried deploying a new nginx server today, wrote the site config manually.

"Alright, done! Let's restart the service and look in the browser how it looks"

# systemctl restart nginx
> Process exited with error code.
"Fuuuuck..."
# nginx
> Unexpected } on line 13.

# vim /etc/nginx/sites-enabled/thatconfig.conf
"Wait wtf.. there's nothing wrong with the curly braces.. they're all opening and closing as they should..."
*takes another closer look*
Line 12, missed a fucking semicolon 😑
Append semicolon, :wq, # systemctl restart nginx
Works like a charm 🙄 all because of a stupid semicolon.

Until now I thought that the semicolon jokes were just lame.. but damn you semicolon, you are indeed the superior hide and seek player 😅

I showed a friend of mine a project I made in two days in Docker and Symfony php. It is a rather simple app, but it did involve my usual setup: Nginx with gzip/cache/security headers/ssl + redis caching db + php-fpm for symfony. I also used php7.4 for the lolz

He complained that he didn't like using Docker and would rather install dependencies with composer install and then run it with a Laravel command. He insisted that he wanted a non-docker installation manual.

I advised him to first install Nginx and generate some self-signed certificates, then copy all the config files and replace any environment-injected values (I use a self-made shell script for this) with the environment values in the docker-compose files.

Then I told him to download php-fpm with php 7.4 alpha, install and configure all the extensions needed, download and set up a local Redis database and at last re-implement a .env file since I removed those to replace them with a container environment.

He sent an angry emoji back (in a funny way)

God bless containerized applications, so easy to spin up entire applications (either custom or vendor like redis/mysql) and throw them away after having played with them. No need to clutter up your own pc with runtime environments.

I wonder if he relents :p

First time setting up https and I be like:

*describes problem that a system doesn't work behind an nginx proxy, routing to another nginx instance*

*some random "expert" jumps in*

hurrdurr: It works behind nginx proxy, with APACHE, I don't even get why you would want to run nginx behind nginx omg

Saw this security blunder a while ago. Went onto some site and it showed me this username/password dialog (probably an apache's htpasswd or nginx one). Went away but returned quickly because I noticed I could see all content. Then I thought 'why the fuck not try?' so I dragged the auth popup thingy to the side of the screen and et voila... I could interact with the page as if nothing was wrong while the authentication popup was hovering above the page on the right!

I sat there giggling dramatically for a while.

Finally got my nginx config to work properly (it shouldn't work but it does so I'm not fucking touching it).

Request with curl: check, right http code and getting data back properly.

Request with any browser (with and without incognito): right http code, AND ONLY SEEING DATA WHEN I ECHO ANYTHING BEFORE SENDING THE RESPONSE WITH PHP. When I don't echo whatever before sending the response, the browser doesn't see the data but DOES see the http status code.

HOW?!

Certificate: * expired yesterday *

Chrome: 🚨🚨🚨 THIS WEBSITE MIGHT TRY TO ROB YOU AND TAKE YOUR FAMILY HOSTAGE CALL THE ARMY IMMEDIATELY AND WAIT FOR FURTHER INSTRUCTIONS 🚨🚨🚨

Ofcourse it's sorta justified, but still, it's funny to see what the consequences are of forgetting to reload the nginx server after a certificate renewal 😂

Finally changed my homelab over from Apache to Nginx...

I just spent the last 2 hours trying to set a new max size file upload for nginx from 1MB (default) to 10MB, almost lost my mind when I realized I was testing uploading a file that was 10.9MB the whole time

My first times today:
First time a droplet on Digital Ocean.
First time Nginx.
First time trying to separate mail and website servers.
First time using UFW firewall.
First time Ubuntu webserver.
First try all alone configuration of my webserver.
First time installing all the stuff I need on my own, like MySQL, PHP and so on.
First time only SSH access from the beginning.
First time deployment from bitbucket.

Do you have any advise what I should think about. Or what software I will need. Or what I should think about.

Forget about coffee, nothing wake you up faster than a colleague mentioning your name in the slack channel where the stderr of the app writes.

I'm a "published" freelance dev!

Last night I made my first web application available to the internet. It's an internal enterprise management system for a small non-profit.

It's running on a single $6 a month digitalocean droplet, and the domain is $12 a year, so yearly cost for them is absolutely rock bottom.

It's written in asp.net 6.0 razor pages, nginx reverse proxy, certbot for HTTPS certificates, fail2ban for ssh protection (ssh login is via ssl keys), entity framework with MySQL.

The site itself has automatic IP banning based on a few parameters like login spam, uses JWT tokens, and is fully secured.

All together, it's a lot of value for about $100 a year.

If I had a penny for every time I misspelt 'nginx', I'd be richer that Bill Fucking Gates.

Could you have picked a more typo-prone name!?

Someone told me they identified as an apache helicopter, I responded that I prefer being an nginx helicopter

I had done a fresh reinstall of Ubuntu Server on my server PC, cloned my websites from their GitHub repos, and couldn't for the life of me get Nginx to read them correctly.

I forgot to install PHP. 😑

Roses are red,
Violets are blue,
Bad gateway on port five hundred two.

Hey there!

So during my internship I learned a lot about Linux, Docker and servers and I recently switched from a shared hosting to my own VPS. On this VPS I currently have one nginx server running that serves a static ReactJs application. This is temponarily, I SFTP-ed the build files to the server and added a config file for ssl, ciphers and dhparams. I plan to change it later to a nextjs application with a ci/di pipeline etc. I also added a 'runuser' that owns the /srv/web directory in which the webserver files are located. Ssh has passwords disabled and my private keys have passphrases.

Now that I it's been running for a few days I noticed a lot of requests from botnets that tried to access phpmyadmin and adminpanels on my server which gave me quite a scare. Luckily my website does not have a backend and I would never expose phpmyadmin like that if I did have it.

Now my question is:
Do you guys know any good articles or have tips and tricks for securing my server and future projects? Are there any good practices that I should absolutely read and follow? (Like not exposing server details etc., php version, rate limiting). I really want to move forward with my quest for knowledge and feel like I should have a good basis when it comes to managing a server, especially with the current privacy laws in place.

Thanks in advance for enduring my rant and infodump 😅

I love it when my clients give me free reign to choose the software.

I'm gonna set up nginx with flask on Ubuntu 16.04 on DigitalOcean.

It's gonna be great :D.

Might be nothing for others, but I finally published my Vue website with the following setup:
1. Vue inside docker
2. Nodejs API inside docker
3. MongoDB inside docker
4. Nginx as reverse proxy
5. Let's Encrypt

6. NO I WILL NOT SHARE THE LINK, don't want to be hacked lol and it is for personal use only.

But I'd love to thank devRant members who have helped me reach this point, two months ago I was a complete noob in Vue and a beginner in NodeJs services, now I have my own todo website customized for my needs.
Thank you :)

Init and Hello. My name is git and this is my story.

I just arrived in this system recently by the apt highway. It's not the only way though. Some for example used the npm hype-train, others arrived from the ssh shore. No matter where we came from the next step on our agenda was time to introduce our self at the event destined for all new-comers to the system.
"As many of you I reside in the usr-bin district. I'm really into history and commitment! I like it when people work together, so I'm always eager to bring all branches together."
"But what is it actually good for?", asked Curl, which I already met at the bus station. Many nodded in agreement. It was odd. Somehow I felt not quite at home. All the others seemed so different based on their field of work.
"We have worked here in a really agile environment for ages. There is no need for any kind of strange bureaucracy.", said another voice.
All attempts to convince them from the beauty of history or a little bit of management were unsuccessful. It was just the beginning of a not so interesting stage in my life - to say the least.

Today was another of 'those' days. I live in this community for quiet a while now and unfortunately nothing really changed - at least for the good. I sat on my branch of the tree with all the others around and there was nothing really to do for me. Again. I mean, actually it's true. I have to admit it. There is just no work on this world for someone like me. All the others seem to be so busy, while I just have to sit around and question my own existence. Since I grew tired asking these questions to myself, I stopped it. I can't do a thing actually. That's not how this world works.
"Hey fagit, anything meaningful to add to our delightful conversation?", nginx shouted over to me from another branch of the tree. Before I was able to give an indifferent answer the voice just continued.
"Oh, sorry. I forgot that you have no purpose after all. Well, never mind!"
Everyone started laughing at me. It was not too bad by the way. Actually, this was quite ordinary. These fucktards completely ran out of creativity. If it wasn't for that mere emptiness gaping right above my guts, I'd actually be disappointed. I even got accustomed to the alias 'fagit'. Quiet sad given the fact that i really like my real name. If only someone would mind using it... First too quiet to notice but growing in intensity a rumbling emerged from somewhere deep within the tree. Out of a sudden everyone stopped laughing. The voices slowly faded while the growling from afar grew louder. It had come. Not more than a shadow reached out from the tree and faster than anyone could comprehend nginx was simply gone. Killed in an instance.

Disclaimer: This story is fictional. No systems were harmed in its creation.

No love for Nginx, I see

Holy FREAKING shit!! This was worst stupidest mistake I have ever made!

About 9 hours ago, i decided to implement brotli compression in my server.

It looked a bit challenging for me, because the all the guides involved compiling and building the nginx with brotli module and I was not that confident doing that on live site.

By the end of the guide, the site was not reachable anymore. I panicked.

Even the error logs and access logs were not picking up anything.

About a dozens guides and a new server and figuring out few major undocumented errors later, it turns out the main nginx.conf file had a line that was looking for *.conf files in the sites-enabled directory.

But my conf file was named after the domain name and ending with .com and hence were not picked up by the new nginx.conf

I'm not sure if I wasted my 9 hours because of that single line or not. But man, this was a really rough day!

My whole team like to develop the backend of a very complicated platform in python because it is fast to develop. And host the front-end under nginx. And run everything on windows. And without unit test.

Any NGINX experts here? I'm completely stuck, just can't figure this one out.

Config stuff.

When your websites start returning 502 errors all of a sudden and you can't figure out why. Clear PHP artisan cache, restart Nginx, make sure PHP-FPM is running. Still 502 errors. Then you find out Cloudflare is down. 😐😐😐

This was me last night.

So as all of you web developers know. If you are stepping into the world of web development you stepping into a world of unlimited possibilities, opportunities and adventure.

The flip side is that you step into a world of unlimited choices, tools, best practices, tutorials etc.

Since even for a veteran programmer, this is a little overwhelming, I'd like to take the opportunity to ask you guys for advice.

I know that 'there is no best' and that everything 'depends on what you want to achieve'. So how about just say the pro's and cons or when to use and when not to use. Or why you prefer one over another. Everything is allowed! :D

Maybe it will help others too. Start a nice, professional discussion:)

These are the parts I'd like advice about:

- frontend: what frameworks, libraries
- backend: language, framework, good practice
- server: OS, proxy (nginx, Apache, passenger), extra tips (like don't use root user)
- extras: git, GitHub, docker, anything

Thanks in advance everyone willing to help!:)

Also, if you only know frontend or backend. No worries, just tell me about your specialism!

Fuck it. Today I broke my production server installing the brotli encryption on nginx. -_-

Your web server config is fucked, and your app is down.

~ "Faithfully yours, nginx."

I prefer nginx, because it is more advanced and more powerful.

Today I built an ASP.NET Core 2.0 Rest-Api within a docker-container.

Then I ran a docker-container with the compiled ASP.NET Core 2.0 app behind a nginx router.

It was purely magic!

:)

Debugging a request that got lost in a myriad of containers of a scaled application....

It wouldn't be worth a rant if there wasn't some kinky SM stuff in it, wouldn't it?

Regexes. The fucker who wrote a lot of the NGINX (🤢) configuration decided to use the Perl Regexes with named group matching. A lot.

So now I have to fight wild variables supposedly coming from nowhere (as they stem from the named groups)… fucking single location redirects instead of maps.... A d have to write an explanatory documentation while going down the rabbit hole of trying to find out where the fuck that shitty frigging bastard redirected wrong.

I really wish I could eradicate the person who wrote this shit....

Full stack developer.

I know what it's supposed to mean, but I feel like it gives discredit to the devs who perfect their area (frontend, backend, db, infrastructure). It's, to me, like calling myself a chef because I can cook dinner..

The depth, analysis and customization of the domain to shape an api to a website is never appreciated. The finicle tweaks on the frontend to make those final touches. Then comes a brat who say they are full stack, and can do all those things. Bullshit. 99.9% of them have never done anything but move data through layers and present it.

Throw these wannabes an enterprise system with monoliths and microservices willy nelly, orchestrate that shit with a vertical slice nginx ssi with disaster recovery, horizontal scaling, domain modeling, version management, a busy little bus and events flowing all decimal points of 2pi. Then, if you fully master everything going on there, I believe you are full stack.

Otherwise you just scraped the surface of what complexities software development is about. Everyone who can read a tutorial can scrape together an "in-out" website. But if your db is looking the same as your api, your highest complexity is the alignment of an infobox, I will laugh loud at your full stack.

And if you told me in an interview that you are full stack, you'd better have 10+ years experience and a good list of failed and successful projects before I'd let you stay the next two minutes..

You mother fucking piece of shit.

Whoever taught you programming should be removed from history.

And whatever form of intelligence you claim to possess, let me assure you: breathing is the limit of it.

--

Some of the projects I'm working on are really the epitome of "YOLO let's turn the poopomat machine on in diarrhea mode".

The worst: I cannot really give examples.

I've seen the last days everything.

(bash scripting, docker, services like nginx /haproxy/...)

Eval as an template generator in bash...

Declaring an whole environment in an Dockerfile, that should never be used as it is only necessary for building... But not checking if an env file is provided, so the whole thing can blow up spectacularly.

A nearly 1k long bash calculator for system limits, reading out all kinds of stuff from /proc and /sys, seemingly partially stolen from NGINX Docker.

Declaring and starting an own DNS Server to bypass the Docker DNS service inside an docker container.

Mkfifo fun for creating several stdout and stderrs for seemingly no reason...

Actively not using bash, instead of creating shell only functions to emulate bash...

I could go on.

But really. I'm getting too old for this shit.

My preferred stack is Rails/NginX/Postgres, or Node using the same.

I have a fair amount of material for this week's rant, but in my stack's defense, the quantity is primarily because I've been using it for so long, and I'm apparently a talented breaker. I may share other stories if the motivation arises.

However, today I ran into something definitely deserving of calling out.

The default datatype for a Date+Time column in Postgres is `datetime` which means "date+time without timezone". (while `datetimetz` instead stores the timezone).

Apparently when comparing a datetime with a datetimetz, Postgres doesn't compute the timezone difference correctly, leading to some very unexpected and confusing query results.

Today, I had a record that was both pending (expires_at > now) and expired (expires_at <= now), where now is a DateTime (with tz) literal from Rails. After half an hour's frustrated delving and baffled expressions at query results, I finally figured out that the database's math was incorrect when comparing UTC (+0) and PST (-7).

This during a semi-high-priority bugfix that's blocking for a coworker.

While Time and all of its nuances are honestly extremely difficult to handle correctly, I didn't expect Postgres to get this relatively simple part wrong.

Shame on you, Postgres.
I expected better.

I just found out about Caddy-Webserver.
That's it Nginx, I'm leaving you.

Quick question:

Apache or Nginx?

Currenly I'm using Apache in Ubuntu server running in Virtual box but I was wondering if it's worth switching to Nginx :)

I just installed nginx on a new server, just to find out we have visitors waiting patiently at the door. I guess they must have tried all possible route to get inside an empty room. 😏

See logs hits on 404 files...

Despite common sense, I think technology is not making our lives easier. It's just build chaos on top of chaos.

Take server-side programming for instance.

First you have to find someone to host your thing, or a PaaS provider. Then you have to figure out how much RAM and storage you need, which OS you're going to use. And then there's Docker (which will run on top of a VM on AWS or GCP anyway, making even less sense). And then there's the server technology: nginx, Apache (and many many more; if, that is, you're using a server at all). And then there are firewalls, proxies, SSL. And then you go back to the start, because you have to check if your hosting provider will support the OS or Docker or your server. (I smell infinite recursion here.)

Each of these moving parts come with their own can of worms in terms of configuration and security. A whole bible to read if you want to have the slightest clue about what you're doing.

And then there's the programming language to use and its accompanying frameworks. Can they replace the server technology? Should you? Will they conflict with each other and open yet another backdoor into your system? Is it supported by your hosting provider? (Did I mention an infinite recursion somewhere?)

And then there's the database. Does it have a port to the language/framework of your choosing? Why does it expose an web interface? Is it supposed to replace your server? And why are its security features optional again? (Just so I have to test both the insecure and the secure environments?)

And you haven't written a single line of code yet, mind you.

And my very first purpose built server is online!

Only in LAN still, but not for long :)

The company considers the project manager I work with to be the best. After working with him, I consider him to be everything that is wrong with project management.

This PM injects himself into everything and has a way of completely over-complicating the smallest of things. I will give an example:

We needed to receive around 1000 rows of data from our vendor, process each row, and host an endpoint with the data in json. This was a pretty simple task until the PM got involved and over complicated the shit out of it. He asks me what file format I need to receive the data. I say it doesnt really matter, if the vendor has the data in Excel, I can use that. After an hour long conversation about his concerns using Excel he decides CSV is better. I tell him not a problem for me, CSV works just as good. The PM then has multiple conversations with the Vendor about the specific format he wants it in. Everything seems good. The he calls me and asks how am I going to host the JSON endpoints. I tell him because its static data, I was probably going to simply convert each record into its own file and use `nginx`. He is concerned about how I would process each record into its own file. I then suggest I could use a database that stores the data and have an API endpoint that will retrieve and convert into JSON. He is concerned about the complexities of adding a database and unnecessary overhead of re-processing records every time someone hits the endpoint. No decision is made and two hours are wasted. Next day he tells me he figured out a solution, we should process each record into its own JSON file and host with `nginx`. Literally the first thing I said. I tell him great, I will do that.

Fast forward a few days and its time to receive the payload of 1000 records from the Vendor. I receive the file open it up. While they sent it in CSV format the headers and column order are different. I quietly without telling the PM, adjust my code to fit what I received, ran my unit test to make sure it processed correctly, and outputted each record into its own json file. Job is now done and the project manager gets credit for getting everything to work on the first try.

This is absolutely ridiculous, the PM has an absurd 120 hours to this task! Because of all the meetings, constant interruptions, and changing of his mind, I have 35 hours to this task. In reality the actual time I spent writing code was probably 2-3 hours and all the rest was dealing with this PM's meetings and questions and indecisiveness. From a higher level, he appears to be a great PM because of all the hours he logs but in reality he takes the easiest of tasks and turns them into a nightmare. This project could have easily been worked out between me and vendor in a 30 min conversation but this PM makes it his business to insert himself into everything. And then he has the nerve to complain that he is so overwhelmed with all the stuff going on. It drives me crazy because this inefficacy and unwanted help makes everything he touches turn into a logistical nightmare but yet he is viewed as one of the companies top Project Managers.

So, I've been having to deal with server issues and other BS. All of these issues have caused all of my websites to be down. For the longest time, I couldn't get Nginx to find my websites' directories except for the default Nginx website, so I changed the default Nginx website to what you see in the image.

I tried to be funny, did I succeed? Even a little bit?

The amount of attempts to access my website is just too much O_O

Anyway in nginx to block access if login attempt failed after 3 times?

I was already about to hit my head against the wall: was trying to install nginx all the time, but was greeted by apache default page, over and over again I re-installed the servers, tried connecting directly to the server ip, changed server hardware, picked different distros, manually build from source, did everything possible, even searched the whole system for "apache" and different regex...

It was chrome cache........ after I wiped cache I was greeted by welcome to nginx...... 10 hours wasted.......

me: *hosting docker registry for our team*

me: *sets up ssl and cloudflare dns and shit*

me: *tries to push to registry*

my pc: *413 rEQuEst EnTITy tOo LarGe*

me: *spends 4 hours scrutinizing the shit out of my nginx configs*

me: *finally finds cloudflare sitting there rejecting all of the requests... that cheeky bastard*

In Mr.Robot tv series Eliot write:
sudo apt-get install nginx
And he said im hacking FBI :|

!rant
Just helped one of my professors set up a nginx load balancer with https, rate limiter, firewalls and everything from scratch. It feels so amazing to be able to put all the stuff I learn at work to practice.

Apache > nginx

Sad. Laravel Valet uses Nginx. What if your office system is using Apache and is heavy in using .htaccess?

Ok back to MAMP and Docker. I'll just use Valet for simple things.

I am so mad, I have no words for how fucking much I hate ever having to work or pass work to other incompetent developers or teams, what a fucking waste of time and resources.

After handing off the frontend - for the client to find some team, that would do it in the short time and budget he needs (multiple developers, more fast, much good), he found a team that seemed to be alright for the job and seemed alright to me too, now maybe a month or two later, the client contacts me, that they fucked something up and if I could talk to them.

The email I then received from them seriously made me speechles, mad and sad, all at same time, I spent multiple upon multiple hours, getting a very good readable documentation up (markdown with TOC, properly rendered headers, bulletpoints, all that shit), with all files, all services used, all credentials, even converted all ssh keys into putty ppk format, in case the developers are using windows and are too dumb to do it themselves, nginx configs, it had seriously everything, even too much to list.

They somehow managed to fuck up the entire server, while attempting to "add ssh keys themselves", EVEN FUCKING THOUGH I have included all the keys they need, all the hosting credentials, everything, yet they decided to fuck with shit themselves and completely annihilate the server in the process (HOW?!), so not even the webserver works anymore.

I am fucking speechless, I made it so fucking easy to gather all info and files they need, all properly put into well named folders, along the documentation in an archive and they somehow managed to nuke the fucking server, while attempting to add ssh keys?!

If you don't know how to config a server, then don't fucking touch it and just use everything, that got served to you on a fucking silver platter.

---

I'll just instantly answer the most annoying comment, that somebody could come up with: "why didn't you do it yourself?"

Because in a perfect world, a fully managed team, can do much more than a single developer can, especially in the same timeframe and from what I heard of said client, atleast they did something in terms of developing the system. (which surprises me, considering it's the same people that nuked a server, while trying to add ssh keys)

!rant
I'm so happy with my full stack basic test web application made with: raspberrypi, uwsgi,nginx,python3,flask,sqlite3,render_template,html
I have 2 pages:
/users where I can see the whole users table and filter by id
/insertuser (in the image) where I can add an user to the table users

How hard was the transfer from Apache to Nginx server for you? I'm not quite sure if I should put Nginx on my to-learn-list.

I started programming when I was 14, because I was deeply enrooted in MMORPG hacking communities. It gave me an escape from real life, and I felt empowered by the skill to create something from nothing. My first language was Lazarus FPC, followed by VB.NET, C#, C++ ( managed and unmanaged non CLR ). As time went on, I found more ways to turn my "hacks" into software, and finally I began selling subscriptions which required me writing an authentication system.

After weeks of research, I began writing my own REST API in PHP using MySQL as my database. At this point I had an IPB forum up and running for a year, but with my newly acquired knowledge I was able to couple my API with my forum software. To properly distribute my API i had to learn NGINX to route my API to a subdomain.

Soon after I began writing my own portal for my authentication system, at which point I had become entirely enveloped in Web Development. I was 17 when I dropped my forum, I'm now 21 and freelancing web app consulting, day job as a QA automation developer.

Being a sysadmin can be the most frustrating thing ever, but it's worth it for those moments when you feel like an absolute ninja.

Switched from single threaded gevent server to an nginx configuration, added ssl, and setup a reverse proxy to flask socketio, all with less than 10 minutes aggregate downtime. On the prod server. \o/

I'm learning nginx and it's simplying the way I think about web projects.

I used to think that when I used a server side framework, then that should be the master and all should go through it. Noob me.

I used to put client side projects (like create-react-app of vue-cli projects) right inside the server side project.

But with nginx you can just route subpaths to different places, then instead of having, let's say, the react project inside rails, they would be in separate git projects.

In fact, I no longer need to restrict myself to a single server framework.

I love several aspects of rails. I love several others of node. And if I need multithreaded performance, I'd very much use something like phoenix or go.

Again, with nginx, you setup subpaths with the `location` directive in the same server and voila, a no CORS setup, cookies shared and homogenous versatile website.

Craft CMS deployment on shared server, PHP5, Apache takes 10 - 30 seconds to load.

Craft CMS deployment on virtual shared server, PHP7, Nginx takes 1 - 2 seconds to load.

I just have to ask

Fuck this Apache Server on this elastic beanstalk!!! Nginx is so much better at configuration and ease of use!!!

OpenSSL, Nginx, OpenSSH, Node.JS, V8 and Firefox

There are obviously many more :-)

I think it's the first time in my life I've visited a google-owned page and got a default NGINX webpage.

Updating my nginx config file over and over again. No change is being reflected when I visit the website.

Then I realized instead of restarting the nginx server I was running start command :(

Even Google can make mistakes.

go to gmaps.de and have fun with an nginx error sponsored by big G.

Normally, it should redir to the Google Maps page

Why isn't gzip compression on by default on servers? Cannot think of any case, where this is what the user wishes?

So... I've been messing arround with my first VPS (with little knowledge of Linux).
First installed lxde to learn how to do it, then back to the terminal. then I started with Apache, watching online tuts ...
Then I changed for nginx... Looks way better.
Installed my sql, php and got stuck. Dropped it for a few days.
Today I restarted, deleted Apache, mysql, reinstalled nginx, my php (with lots of problems because of old instalations). Everything is working now except php.
After going round and arround I changed my focus to relax a bit, and remembered I still have Apache on the firewall...
OK Apache and other stuff that I installed.
Delete everything
New rules only for nginx and reset.
Cant ssh to the server... What?
Oh... Forgot to add rules to OpenSSH...
No matter, I can access the terminal directly on the website....
And it loads to ldxe, with no user set...
Fuckkkk.
Oh BTW I'm in a trial free period with no support...

Falling in love with Nginx every day...😍🥰

Hey guys! lambda is amazing! Docker containers! They said the whole amazing point with containers is that they run the same everywhere! Except not really, because lambda 'containers' are an abomination of *nix standards with arbitrary rules that really don't make sense! That's ok though, you can push your shit to fargate, then it will work more like those docker containers you know and love and can run locally! Oh wait! fargate is a pain in the ass x 2 just to setup! You want to expose your REST api running on a container to the world? well ha, you'd better be ready to spend literally 2 weeks to configure every fucking piece of technology that every existed just to do that!!!! it's great, AWS, i love it, i'm so fucking big brained smart!!!

give me a break.... back in my day you'd set up an nginx instance, put your REST / websocket / graphQL service whatever behind it, and call it a day!!!!!!!

even with tools like pulumi or terraform this is a pain in the ass and a half, i mean what are we really doing here folks

way too complicated, the whole AWS infrastructure is setup for companies who need such a level of granularity because they have 1 billion users daily... too bad there are like 5 companies on the planet who need this level of complexity!!!!!!!

oh, and if your ego is bashed because of this post, maybe reread it and realize you're the 🤡

i'm unhappy because i was lied to. docker containers are docker containers, until they aren't. *nix standards are *nix standards, until they aren't

bed time.

Finally a little productive today. Built a LEMP stack web server for my personal stuff later on. I've been using apache for so long but feels great to switch to nginx.

It's so frustrating to see how PHP images for Docker are nicely set up, well documented, come with Apache or Nginx, almost ask you to let them pay your bills, while you get almost nothing from Ruby, and when you think you finally made something that works, it behaves like a fucking drunk irish

Being in a university that has an eSports Academy is less exciting when you're part of the team maintaining it weekly... Well, at least the part where we had to set up a local cache server with docker & nginx was fun

Cheap alternatives to Digital Ocean? Needing a VPS server that will run Algo VPN and/or nginx.

TLDR;
How much do you earn for your skill set in your country vs your cost of living?
BONUS;
See how much I & others earn.

Recently I became aware of just how massive the gap in developers earnings are between countries. I'd love to calculate a fixed score for income vs cost of living.

I know this stuff is sensitive to some so if you prefer just post your score (avg income p/m after tax / cost of living).

I'm not shy so I'll go first:

MY RATES
Normal Rate (Long term): $23
Consulting / Short term: $30-$74
Pen Test: $1500 once off.
Pen Test Fixes: consulting rate.
Simple work/websites: min $400+
Family & Friends: Dev friends are usually free (when mutually beneficial). Family and others can fuck off, even if they can pay (I pass their info to dev friends with fair warning).

GENERAL INFO
Experience: 9 years
Country: South Africa
Developer rareness in country: Very Rare (+-90 job openings per job seeker).
Middle class wage in country: $1550 p/m (can afford a new car, decent apartment & some luxuries like beer/eating out).
Employment type: Permanent though I can and do freelance occasionally.
Client Locality: Mostly local.
Developer Type: Web Developer (True web dev - I do anything web related from custom HTTP servers to sockets, services, advanced browser api's, apps & more).

STACKS / SKILLSETS

I'M PROFICIENT IN:
python, JavaScript, ASP classic, bash, php, html, css, sql, msql, elastic search, REST, SOAP, DOM, IIS, apache

I DABBLE WITH:
ASP.net, C++, ruby, GO, nginx, tesseract

MY SPECIALTIES:
application architecture, automation, integrations, db's, real time data, advanced browser apps/extensions (webRTC, canvas etc).

SUMMARY
Avg income p/m after tax: $2250
Cost of living (car+rent+food): $1200
Score: 1.85

*Note: For integrity when calculating my cost of living I excluded debt repayments and only kept my necessities which are transport, food & shelter.

I really hope you guy's post your results, it would be great to get an idea of which is really the worst / best country to be a developer in.

!rant
How to self host a website?
Seriously, through many guides out there, I was never been able to see my site (hosted on a raspberrypi with nginx) outside the local network. I always tried to link my router to no-ip without success outside my localhost, the port 80 is already open for the raspberrypi. I live in Italy, can it be that the local ISPs obstacle the creation of such homemade website hosts?

So I asked this question yesterday to linuxxx and he had some great tips. But I thought there might be some Linux fanatics here who also have some experience working with vps's that you might have somethings to add something 😁

Recently I got asked if I want to help maintain our webservers (they all run Ubuntu 18.04 with standard webserver stuff, nginx, MySQL, php, ssh)

Does anyone know of some tips or share some helpful knowledge regarding maintaining a VPS? / Keeping it healty?

Spending hours trying to figure out why the stack just won't work with SSL. Nearly lost my mind as we started feeling dumber than ever. I really started to doubt my skills after it did not even work with the most minimal nginx site config I could imagine.
The next day I discovered that we missed the 443 port mapping in the docker-compose file...it only had port 80 mapped.

Yup, stepping back from a problem and getting some sleep is really worth it sometimes.

nginx is pronounced "engine-x" :o
I've even saying it wrong for *years*

The VPS where I host my owncloud instance has had its service tier upgraded since I spun it up. Opening a new one for the same price give you much better hardware stats now. Also, it's running Debian 8, which no longer gets updates from the owncloud repo. So yesterday I took this opportunity to make a new VPS, and try out nextcloud with it. I am floored. It is so much simpler for me. I'm not locked into whatever backend nextcloud chooses-- I have a choice.

Also, I can set up Apache to work however I want. I assume it'll work fine with nginx too.

Once it was installed and ready to go, I noticed I have much more granular and controlled access to my settings.

Happy camper!

Set up an Ubuntu AWS ec2 instance running nodejs reverse proxied by nginx, kept running by pm2 and SSL provisioned by certbot.

I know that sounds like nothing but buzzwords but it really felt awesome to get a little node app stack sorted out!

Attention guys and gals! If you are using grafana in your home setup, update it asap to 4.6.4 or 5.2.3. versions before those two are affected by an authentication bypass vulnerability. CVE 2018-15727
In the meanwhile, my nginx config is blocking everything but the LAN ips :)

I'd like to ask: What's trending at the moment instead....

Either I'm old and senile and missing something, or there is not really sth new.

Okay, JS might be crapping out new frameworks in their common "Not invented here" diarrhea....

But otherwise? What's really new?

I don't really know. I'm not only thinking about languages and stuff, but even in hardware there ain't really a big thing going on in my opinion.

Hab ich wat verpennt?

(Have I overslept?)

We had an interesting and frightening discussion regarding NGINX, as it is russian software today and that a new trend of a true, actively developed webserver is severely lacking... Apache looks semi dead and most other niche webservers, too.

That's all I've seen as a "trend" discussion in the latest time

Why does Windows have to be so fucking useless when running docker. Everytime i need to make a change to the NGINX container, I have to restart the docker daemon, rather than rebuild and restart the container.

I would be doing this on Ubuntu, if I could install it that is.

TLDR: I need advice on reasonable salary expectations for sysadmin work in the rural United States.

I need some community advice. I’m the sysadmin at a small (35 employee) credit card processing company. I began as an intern and have now become their full time sysadmin/networking specialist. Since I was hired in January I have:

-migrated their 2007 Exchange server to Office 365

-Upgraded their ailing Windows server 2003 based architecture to 2012R2

-Licensed their unlicensed VMware ESXi servers (which they had already paid for license keys for!!!) and then upgraded them to 6.5 while preventing downtime on hosted VMs using tricky transfers and deployments (without vMotion!)

-Deployed a vCenter server to manage said ESXi servers easier

-Fixed a three month gap in their backups by implementing Veeam, and verifying its functionality

-Migrated a ‘no downtime’ fileserver to a new hypervisor host, implemented a ‘hot standby’ server as a backup kept up to date by the minute with DFS replication.

-Replaced failing hard drives in a RAID array underlying their one ‘business critical’ fileserver, which had no backups for 3 months at that time

-Reorganized Active Directory and Group Policy deployment from a nightmare spiderweb of OUs and duplicate policies

-Documented the entire old network and now the new one as I’ve been upgrading this

-Audited the developers AWS instances and removed redundant machines, optimized load balancing on front end Nginx servers, joined developer run Fedora workstations to the AD domain and implemented centralized syslog monitoring on them.

-Performed network scans and rewrote firewall exceptions to tighten security

There’s more, but you get the idea. I’ve now been tasked with taking point on an upcoming PCI audit which will be my first.

I’m being paid $16/hr US, with marginal health benefits. This is roughly $32,000 a year, before taxes.

I have two years previous work experience managing a third party Apple repair facility (SimplyMac) and every Apple certification for warranty repair and software troubleshooting. I have a two year degree in general sciences, with about 4 years of college credit (Two years of a physics education and two years of computer science after I switched focus) I’m actively pursuing a CCNA and MCSA server 2016 with exams paid for and scheduled.

I’m going into a salary negotiation in two months. What is a reasonable salary to request, from your perspective, for someone in my position?

Thanks in advance!

I just worked on server stuff for so long I feel like I can speak bash and nginx config better than english

Alrighty. So websockets don't like to forward through Apache2's reverse proxy. Nginx here we come...

Linuxxx I need yo help pls

Dev goal: finishing my lightweight webserver in c++ so there's no need for apache or nginx and I can finally add logic to my webpages without php.

And finishing all my other personal projects obviously :D

Apache or Nginx?

You know the configuration sucks if it's a one file, 10 K lines nginx reverse proxy configuration.

But what really really really sucks....

If the person who wrote it was a google craptastic copy pasta ninja.

For fucks sake, if you don't know what you are doing, just stop.

I've had this in so many rants, it's terrifying how many devs seem to be completely unaware of what they're doing Oo

This time, fuckwad ignored the basic principle of NGINX configuration: set the HTTP version for the proxy.

It's by default HTTP 1.0 - as HTTP 1.1 requires a Host Header _which you must set if not already present_.

The fuckwad had all kinds of scary optimizations enabled. Literally a bukkaka (not a typo) of <way too high value> and <too obscure configuration value that cannot apply here>.

But the most trivial thing, enabling HTTP 1.1 and keepalive. Nope.

Not in it.

It's funny how fast NGINX can be without the bukkaka of configuration values but HTTP keepalive enabled.

*me sits in the silent corner of the plushy pink room with soft walls*

so I installed nginx on my server this week. I feel like a giddy kid now installing one self hosted app after another. REVERSE PROXY ALL THE THINGS!

Right now I have reviewboard and drone (drone.io) installed. Any of you guys have suggestions for other cool stuff to try out? Mostly interested in something with a web API that can do fun stuff :)

If you ever want to make a LAMP stack developer cry, just tell him he's got to work with NGINX and PostgreSQL.

When my Server's RAM is full

At the beginning of the evening I started creating a snapshot of my webserver Ubuntu 16.04 installation, running 5 websites.

When the snapshot was created I started a release upgrade to Ubuntu 18.04.

Finally after upgrade and reboot... Nothing worked anymore. Nginx was running but none of the websites was working.

I started checking logs & searching for a solution, with no luck.

Wanted to restore my snapshot. Reading the docs of Scaleway: only a manual on how to restore to a *new* server...

Dumb me removing my current server and wanting to create a new server: "All servers tempotary out of stock"

Me: *panicing and clicking the resfresh button every second*

"Low stock"
*HITTING the create server button*
Added my snapshot
*Booting up*

Ssh'ing into server
Server: "nope"

#+#£_&-+{$}¥}•+';!

*Sees 'add snapshot to volume'*
*Sees 'add volume to server'*
*All websites running again after nginx restart*

What the fuck.
*End of evening*

I just joined a new company.
Their CI pipeline is to give root access to staging and prod servers to every developer in the company and the manually git pull each repository (8-10 repos per server) and manually set nginx and port configurations. And if this wasn't enough, all of the 30 sites they have are basically the same site and they make the changes manually for each tenant (no env file). I'm amazed at how hard some people are willing to work.

I love nginx' docker container, but it always takes me 2 minutest to remember that an idle nginx container does NOT output any logs

So here's my dumbass staring at the log output, thinking something's wrong

I some time's feel stupid when my Ubuntu start acting up on prod, purge this and that ,fuck apache can't start system CTL that ps ax grep in the p#$#@* , damn apt install nginx full good, mysql can't start too ,OK apt install mariadb-client else percona && apt postgresql thanks ,god no client noticed ..

When nginx decides to just NOT answer to any IPv4 requests, áfter 2 weeks of having it set up for IPv6, just because I updated the Let's Encrypt certificate..

self::facepalm();

Setting up web development environment in Windows is always so annoying...

Just needing to vent a bit...

We start off with classic asp.net & Xamarin. K.

Then we run into the shitshow that's lackluster documentation and heavy push for asp.net core.
Whatever, will just handroll things.

K. Azure is quickly turning expensive..
Well let's find alternatives.

Yeah, no Linux ain't gonna work.
Wanna shell out for a windows server? Nah.
K. Well, let's rewrite in asp.net core then.
Nginx proxy passthrough to kestrel. Ez.

Now.. wtf is the deal with mssql behaving like a turd on Linux?
Oh now some security jibber about telemetry and adding Microsoft keys to root.

Whatever. I can do PHP & MariaDB then.

1001 things wrong about Xamarin now.
Mostly performance related.
Especially cuz custom renderers for everything.
& Abused onPropertyChanged.

Uh la la, look at that sexy thing called react native.
Hippytyhop new tool for the job.

Ugh wee, what's this ? Customer impatient & deadline for months worth in Xamarin => 1 week.

Whelp I be fudge..

Docker with nginx-proxy and nginx-proxy-le (Lets Encrypt) is fucking awesome!

I only have to specify environment variables with email and host name when starting new containers with web servers, and the proxy containers will automatically make a proxy to the new container, and generate lets encrypt ssl certificates. I don’t have to lift a fucking finger, it is so ducking genius

In production, whenever nginx can't find an upstream it will display a static 'maintenance' html file that tells the user the come back later

In development, it shows clippy :D

Wise words

credits : codrTalk

Fucking spent already 2 days trying to proxy pass deluge webui from an internal windows server via nginx, the fucking tab title changes to "deluge webui" but all the files get 404d and since I can't configure another nginx to do try_files on the windows server, I am stuck, for fucks sake.

why the fuck those images wouldn't load? they come corrupt from K8S, but they are fine if I run the container locally, like... wtf? is Ingress NGINX doing something to them or did I configure something wrong?!

One day I helped another teacher with setting up his backend with the currently running Nginx reverse-proxy, peace of cake right?

Then I found out the only person with ssh access was not available, OK then just reset the root password and we're ready to go.

After going through that we vim'd into authorized_keys with the web cli, added his pub key and tried to ssh, no luck. While verifying the key we found out that the web cli had not parsed the key properly and basically fucked up the file entirely.

After some back and forth and trying everything we became grumpy, different browsers didn't help either and even caps lock was inverted for some reason. Eventually I executed plan B and vim'd into the ssh daemon's settings to enable root login and activate password authentication. After all that we could finally use ssh to setup the server.

What an adventure that was 😅

Spent the better part of an hour trying to figure out why nginx was throwing a permission error even though I had the proper user/group permissions. Ends up that the entire path to the web root must have +x applied to it, not just the webroot!!

location /dev/null {
if ($request_method = POST ) {
return 200;
}
if ($request_method = GET ) {
return 204;
}
}

Project with partner company, during the meeting I asked them how can we secure the communication between two services. I suggested api keys, tokens. They were like nope, no need. But I asked them for their IPs to do whitelisting on our side in Nginx.

But their side, nah not even whitelisting, no tokens, no validations. If one has address, can send anything from anywhere.

How hard would it be to do at least, AT LEAST simple token validation. And they are using the very old IIS server. I think for them as long as data flows in as expected, it is fine.

WHY FOR FUCKINGS SAKE DO I HAVE TO ACCEPT YOU SENDING ME BULLSHIT MARKETING MATERIAL WHEN I JUST WANT TO DOWNLOAD THAT SHIT EBOOK????

I see what you did here ngnix...

I realise the latest trend is to leave GitHub, but I will be keeping my Repo's on there for the foreseeable future, or at least until GitLab can get their shit together.

They seem incapable of hosting their own data, and having just wasted 8 hours of my life trying to install this POS I'm unable to trust the platform as a self-hosted model either!

One thing that's been pissing me off about browser devtools lately is that they hide certain requests, like 301s, pretending they didn't make it, but if I look at my Nginx log I see there was in fact a 301 sent. OMFG, I hate this, it has caused me many hours lost on debugging.

What is horizontal and vertical scaling? Can somebody please explain in easy manner?

On my last deployment for the musician client I encountered a really nasty bug.

I configured all the settings in my Nginx. Theoretically everything should work, but it did not. Somehow I always ended up landing on my default Nginx page.

After hours of trying to find the typo, turning it off and on again and praying to all gods I ever heard of, I finally analysed my default Nginx config file. Somehow the server config I posted on the clients conf-file got posted beneath the default configs. WTF?

After deleting those everything worked. 🙄

I deployed docker on a VPS a few weeks ago as a sort of learning experience since I haven't really worked with containers much before. Today I learned that docker doesn't like firewalls.

Or, to be more specific, it adds rules to iptables that are applied prior to ufw rules, allowing external connections that I really didn't want to allow. If I don't explicitly specify that a port is to be published only to localhost, then it punches a hole through my firewall without telling me.

Which means that all of my containers running behind an nginx reverse proxy that auto-redirects to HTTPS... were also accessible directly via HTTP.

I'm... trying to think of a reason why this kind of default behavior was a good idea, but I'm drawing a blank.

Fucking Docker.

cors, really don't have time to fuck around today

The lack of community support for NGINX is horrible (though it is getting better).

I was an NGINX disciple from the beginning; I switched over from Apache as soon as I found it and used it everywhere. The issue with that is that most services only provided Apache configuration files, forcing me to do my own research and translate them.

Thankfully the NGINX community has done a lot of work already; I was able to find a lot of the configurations I needed online, but I also spent a lot of time learning how to use it. Now, if you give me a few hours, I have the knowledge and resources to make it do whatever you need it to do (within reason, of course).

Wait, why is nginx communicating from our cache servers to app servers using HTTP1.0? Added http_version 1.1 to a general config. Moments away our responses return 500 on our production because one of our module doesn't handle gzip. If I ever had a heart attack...

#NotRant - Stoked on getting Nginx micro-services training. should be really cool.

Doing a technical assessment. Slightly different stack than what I am used to!

- NGINX instead of Traefik
- Kubernetes instead of Docker Swarm

Just because the stack is different, anxiety / impostor syndrome is kicking in. I'm proud of myself for commanding my brain and body to execute:

While !done:
- google,
- find simplest straightforward tutorial
- implement

The chemicals inside my body are all over the place. I really want to move out of my current job!!

Development: we need Nginx installed on *insert server list*
Me: ok, let me get in tough with the platform team.
Platform team: This should be installed in the userspace, Unix teams don't support this.

And here I am, trying to get a reverse proxy running on servers on which I do not have sudo rights.
Since it doesn't work, it's my fault, both sides block the door.
I installed it locally on a virtual machine, but the compiled or installed code doesn't work once copied.
The joy of being an "application engineer". This job title means nothing!

Le Me @ the terminal..

$sudo ngixn
Command not found ngixn

OK..

$sudo ngnix
Command not found ngnix

Wtf..

$sudo nginx

Finally! Takes me 3 tries to actually start nginx. Am I the only one ?! ._.)

been fighting with nginx and php-fpm becuase the dev makes php scripts that run longer than 1 minutes even the connection between nginx and the php socks is giving up on life.

At this point of my side project I wanted to check out openresty for dynamic proxy creation in nginx.

Happy to check it out I installed centos 7 as guest using new command I just learned virt-builder that would automate vm creation.

Spend 10 hours debugging why I can ping and ssh but cannot get to application port from any network.

Checked iptables, restarted network, reinstalled vm again 3 times with different methods.
Scrolled trough whole internet and it’s mostly outdated problems.
Learned bunch of new commands without new results.

Results were always the same:
No route to host.

Turned out firewalld is fucking thing now.

systemctl firewalld stop helped

Now I know that systemd would kill me at some point for sure.

What I can add at this point ?

Please add more distros, differences, standards and programming languages so world definitely would be better place.
I need a short break now to actually start making shit that I wanted to start at 4-5pm on Saturday.
It’s Sunday 3:30am and time for breakfast.
At least I am happy it started working.

Well, if your backups don't include /etc/nginx, make them include that directory. Mine's gone and I'll have to configure that again Friday evening. Woops.

It looks like serving http/2 with Nginx is pretty easy. I want to move to that with my websites.
Do you have any experience with switching? Good or bad?

I suck at DevOps at least as hard as I'm good at front-end/UX. I found out as a result of the local job market starting to get needy for 'full-stack'. Stuck for 2 days on setting up a Docker/ Dockerhub/ DigitalOcean/ Bitbucket pipeline with Nginx/ Node/ MongoDB Cloud & Webpack/ React.

*Sigh*

!rant

Is there any alternative to socket.io that doesn't need to expose a server ip directly to any client, needing to set up a full nginx anti ddos/auth config and more?

There is the live-ajax way that requests progress, but it feels more like a hack each time. (especially if the site should be able to handle multiple tabs with different progress)

I thought maybe some framework has live requests inbuilt to update content from a server worker model. (without exposing the server ip)

Back home from vacations tomorrow.
It wasn't the best time I had but the thought of returning to daily life is already giving me a stomach ache.

Gotta take care of my little pug too, my anxiety about his partial eye keratosis isn't doing great too. Since the caretakers don't apply eye medication regularly.

There's this fear of my productivity before uni begins, I really don't want my vacation to end with me returning without completing my application.

I've still got a lot to do, anyone want to partner up with me ? I've still got load balancing and failover mechanisms which I have no real-time experience with (excluding api related stuff). I've got a general idea to use nginx.

Client complains about DDOS but dont want cloudflare.

Installs Nginx. :Evilsmile:

Fuck I feel fucked up just for completing user account management, authentication, email verification, password reset. Securing all of this with ssl and checking for any security loopholes.

I can't believe this took me more than a couple months.
Well I was lazy and unmotivated.
I fucking hate crafting stupid ass routes in nginx.
I fucking hate making a nice responsive gui.
I have to design even the stupid html for the emails. Fuuuuck.

So much boilerplate on top of that with username and email validation.

I learnt regex 5 times over the past couple months, still not enough.

And now I actually have to build the functional part.

On the plus side I can reuse this stupid boilerplate if I can make it more modular and readable.

There's shit ton of comments to the point where I feel like an idiot for including so much info. It's like I've written it for a toddler to take over.

Gawd. Anyways it's over now. 50% I guess.

I can finish the rest of the server more quickly and then spend another year designing the Android application.

I'm really lazy in places where I have to design UI/UX. Although at this point it's kinda what could put my application at the top. (I'm lazy, I ain't bad.. I just hate implementing my ideas I wish I could just visualize and have it appear on my screen)

I do like parts of gui that involve little math problems that would make motion smooth and efficient.