Configuring nginx for letsencrypt

Letsencrypt comes with a plugin for Apache. The one for nginx is still experimental. The manual configuration is pretty easy. On the server to protect with SSL:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
letsencrypt-auto certonly -a manual --rsa-key-size 4096 \
--email you@example.com -d example.com -d www.example.com

This creates a directory /etc/letsencrypt with your account data and your certificates in the live/example.com subdirectory.

Edit you nginx configuration file and add

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

to the SSL configuration of your server. It’s important that you use fullchain.pem for the certificate, and not the cert.pem in the letsencrypt directory. Programs like curl and wget won’t work if you use cert.pem. The reason is explained in the first answer to an issue I wrongly opened to letsencrypt. A more detailed explanation is here.

Restart nginx to test your new certificate.

Remember to setup a cron job to renew the certificate before it expires in 90 days. You should also check Mozilla’s SSL Configuration Generator to improve the security of your https server.

Ruby 2.3.0 InstructionSequence

Ruby 2.3 has been released on Christmas day as every Ruby version. It comes with a nice present: the RubyVM::InstructionSequence class with methods to compile scripts, save them and load them later. A quick example:

rvm install ruby-2.3.0
rvm use ruby-2.3.0
cat > test.rb
class Christmas
  def self.day
    25
  end
end
p Christmas.day

cat > compile.rb
instruction_sequence = 
  RubyVM::InstructionSequence.compile_file("test.rb")
File.open("test.iseq", "wb") do |file|
  file.write(instruction_sequence.to_binary)
end

cat > instruction_sequence = nil
File.open("test.iseq", "rb") do |file|
  instruction_sequence =
    RubyVM::InstructionSequence.load_from_binary(file.read)
end
instruction_sequence.eval

ruby compile.rb
ls
compile.rb  execute.rb  test.iseq  test.rb
ruby execute.rb
25

It works!

InstructionSequence comes with a caveat:

The goal of this project is to provide “machine dependent” binary file to achieve:

• fast bootstrap time for big applications
• reduce memory consumption with several techniques

“Machine dependent” means you can’t migrate compiled binaries to other machines.

Does it means that the compiled code won’t work on another machine? I generated the .iseq file on a Ubuntu 12.04 machine and uploaded it to a Ubuntu 14.04 one, both 64 bit. It keeps working and the directory structure of the two machines can be different, despite the presence in the compiled code of metadata about the source file.

I invite the readers to check the other methods of the class. They let allow for the compilation of strings of text and procs, setting compilation options, disassembling iseq code plus several instance methods that operate on an instruction sequence.

Ruby performances with PostgreSQL and MySQL

(original post in the Italian Ruby Forum)

I had to convert a database seeding script from PostgreSQL 9.4 to MariaDB 10 (customer’s choice and with little enthusiasm I had to comply). This lead to a number of interesting discoveries about the pg and mysql2 Ruby drivers. Apart a few minor issues [1] [2] [3] [4] I immediately noticed that the script with MariaDB run 20 times (twenty) more slowly than the  PostgreSQL one: 21 minutes vs 1 minute and 3 seconds. Unusable and inexplicable.

Such a big difference can not be due to the database, so I started to investigate the configuration. Even the MySQL coming with Ubuntu 12.04 was too slow and I can expect that the distributors set it up reasonably well. At this point the suspect becomes the driver. I opened this issue https://github.com/brianmario/mysql2/issues/623 and they gave me two valuable tips: use a profiler ( https://github.com/ruby-prof/ruby-prof ) and the gem-import activerecord ( https://github.com/zdennis/activerecord-import ). I knew both of them but sometimes you have to be reminded about tools you don’t use often. Ops.

The profiler show that the driver uses pg prepared statements that give obvious benefits with the number of records created by my script (a little over 32,000). The version of mysql2 I had to use (0.3.x) does not have prepared statement (but the newer version does) and that seems to make the difference. I rewrote the script to use activerecord-import, which  inserts a whole array of objects at once. The script looks a bit unnatural, because I repeatedly needed the ids of the record I created to pass them along the associations, but the execution times for mysql2 dropped from 21 minutes to 1 minute and 33″. It was worth it. There are only 1,045 calls to the db and yet is always slower than 32k calls made by the original script with pg. The script with pg and activerecord-import dropped to 47 seconds.

Despite all the enhancements introduced in the import-activerecord calls my script’s calls to PostgreSQL add up to 9.4 seconds. The calls to MariaDB are  49.8 seconds. Ruby accounts for 40 seconds, regardless of the database used.

TL;DR

1) Work on PostgreSQL has performance advantages with Ruby due to drivers.

2) mysql2 0.4.0+ has prepared statements but if you’re working with Rails you must be careful. There are issues [A] [B] and it seems you need Rails 4.2.5+ to use it. I didn’t test the combination yet.

3) For details of my profiling research (tables, times, calls) read https://github.com/brianmario/mysql2/issues/623 

 

Finally, the issues I run into:

[1] https: //mariadb.com/kb/en/mariadb/installing-maria …

[2] For MariaDB install the gem mysql2 with

bundle config \
build.mysql2 --with-mysql-config=/path/to/mariadb/bin/mysql_config

Careful: this is globals so use –with-mysql-config=/usr/bin/mysql_config when you need to connect to MySQL.

[3] My script would clear the db before seeding using TRUNCATE CASCADE, but MySQL and MariaDB don’t have it. This  is the workaround

 connection = ActiveRecord :: Base.connection
 Connection.Execute ("SET foreign_key_checks = 0;")
 [all models] .each do | model |
   Connection.Execute ("TRUNCATE model.table_name # {}")
 end
 Connection.Execute ("SET foreign_key_checks = 1;")

[4] But neither ActiveRecord has TRUNCATE, so either you use some gems that add it to AR or even for PostgreSQL you need a loop like that, but you don’t need the SET foreign_ley_checks statements.