Category: Technology

Verizon’s ONT was serving over coax as the house was wired with coax. Now that we use YouTube TV rather than traditional cable, we don’t need coax for anything, so rewired the house with cat5e to all floors. This change made it easier to get rid of the rental ($10 per month) Quantum router, since there was no advantage to serving anything over coax.

Bought a Ubiquiti Edgerouter X to replace the Quantum. Almost bought the ER-4 instead, but we only have 300/300 internet and it seemed that, at worst, the ER-X would be able to handle these speeds with hardware offloading. We’ve been beta testing Plumes for WiFi for a couple years now, so it was an advantage to have a router without built-in WiFi.

After setting up a basic config with the “WAN+2LAN” wizard everything was working fine, but there were some latency issues at busy times. Looking into the QOS options, the Smart Queue seemed the best candidate for solving latency by holding back some bandwidth in order to handle new requests. Unfortunately, the ER-X is not robust enough to handle Smart Queue with 300/300, so I ended up applying it only to uploads and by lowering the speed to around 100. Seemed better to allow new streams some space, rather than allowing existing streams to fully saturate connection.

In hindsight, an ER-4 might have been a choice for our speeds and apparent need for QOS, but the ER-X was only about $60, whereas the ER-4 was about $185. If we get additional speed upgrades from Verizon, we’ll have to either offload routing to the ER-X’s hardware, or pony up additional money for the ER-4. That said, even though the 4 is much beefier, it isn’t entirely clear to me that it could handle Smart Queue for speeds much higher than 300/300 anyway. It’s also unclear to me why Smart Queue should be necessary for speeds much higher than 300/300.

Update: removing smart queue and enabling offloading seems to be the best policy at this point. Investigating community project of adding CAKE for controlling individual devices that might be hogging bandwidth. Smart Queue seems to solve the wrong problems for my network at this point.

Moved vhost farm to Ubuntu 18.04 on Linode and hit some snags after deciding to move to php-fpm instead of mod-php.

Adding this to apache.conf instead of to each vhost config seems to work fine:

<FilesMatch "\.php$">SetHandler "proxy:unix:/var/run/php/php7.2-fpm.sock|fcgi://localhost/" </FilesMatch>


Add

<If "-f %{SCRIPT_FILENAME}"></If>

around the FilesMatch line to keep non php from being sent to unix sockets and ending up as lines in the Apache error log.

This also seems to work fine in apache.conf to enable http2 for all vhosts:

Protocols h2 http/1.1

Need to edit children in /etc/php/7.2/fpm/pool.d/www.conf as the default is set to 5. 35 seemed better.

Then a2enmod proxy_fcgi && a2dismod php7.2 gets you most of the way there.

Newer kernel prevented php-fpm from launching automatically on reboot, so rolled back to 4.15.18-x86 and this seems to fix php-fpm not launching on a reboot.

service php7.2-fpm reload never hurts, but shouldn’t be necessary on reboot.

This was helpful in getting to the bottom of the reboot issue: https://www.linode.com/community/questions/17135/php72-fpmservice-failing-after-reboot-nginx-error-502

Get rid of red padlock on email sent from server:

smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt

LetsEncrypt/Certbot Fun

sudo ./letsencrypt-auto –apache -d example.com -d www.example.com

Remove cert:

certbot revoke --cert-path /etc/letsencrypt/live/CERTNAME/cert.pem