Running Ghost on Ubuntu

Ghost blogging platform was released to public on Oct 14, 2013. It’s a nodejs app, that was started out as a kickstarter.

Since it’s out for public download, I tried to deploy it on a droplet from Digital Ocean running Ubuntu 13.04.

Firstly, Ubuntu repository does not have the latest version of nodejs. Ghost requires nodejs later than 0.8, while nodejs in Ubuntu is 0.68. I had to install nodejs from ppa and later proxy though my current nginx server.

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:chris-lea/node.js
sudo apt-get update
sudo apt-get install nodes

These are the steps required to make it work:
(Initial requirement is that you already have nginx server setup and running).

  1. SSH into your machine and download the file from
  2. Unzip the file into a directory.
  3. Then run “npm install –production”
    (If you don’t have the latest version of npm, it will throw errors)
  4. In your nginx server definition, add this location:
    [bash]location / {
    proxy_set_header Host $host;
    proxy_buffering off;
  5. Then re-start your nginx and from the Ghost installation directory run “npm start”
  6. You should see something like this, if everything is okay:
    $ npm start
    > ghost@0.3.2 start /home/msoe/public_html/ghost
    > node index
    Ghost is running...
    Listening on
    Url configured as:
    Ctrl+C to shut down
  7. Now try to access, through your nginx server. You should start seeing console is logging requests coming in.

This document is based on Ghost’s deployment guide.

Python: Pyql module to obtain stock quotes from Y! Finance

I just made an initial attempt to fetch the stock quotes via YQL, and put the codes into a module. The method “lookup” will return a list of python dictionary item(s), based on the information decoded from Yahoo’s JSON data.

The current snapshot is posted on Google Code. The code doesn’t work with Python 3. It should work fine with Python 2.2 or higher.

To clone the source codes to a local resource, please feel free to do so via mercurial.

hg clone pyql

Example Usage:

import pyql

tickers = ['AAPL', 'GOOG']
print ( pyql.lookup( tickers ) )
singleTicker = ['FFIV']
print ( pyql.lookup( singleTicker) )

Running WordPress with Nginx on ArchLinux

I just moved this blog over to Nginx server from Apache httpd server. I’m pretty satisfied with the overall result. I had to take some time to convert my current httpd configuration over to Nginx, since the new server does not support .htaccess or mod_redirects. This is my current requirements for move over:

  • The site is available on both HTTP and HTTPS.
  • “wp-admin” session is forced to use SSL.
  • I have “quicklook” (to check my server status) and “webalizer” directories under the blog, and they are protected by HTTP BasicAuth.
  • HTTP BasicAuth is to be carried out via SSL.
  • To enforce gzip compression on HTTP connection while disabling it on HTTPS.

Basically I followed the ArchLinux wiki for the implementation, and I will briefly describe what I did.

Nginx (pronounced “Engine X”) is a light-weight open-source http server. Its low resource consumption is the primary purpose for the moveover, and it’s suitable for my server on the cloud.

Firstly, I needed to install the package. And installed “php-cgi” package which is used to provide fastcgi interface to PHP.

~$ sudo pacman -S nginx php-cgi

Then, I configured fastcgi daemon, and add it to rc.d. So the following script was needed to be added to /etc/rc.d as “fastcgi”


. /etc/rc.conf
. /etc/rc.d/functions

case "$1" in
	stat_busy 'Starting Fastcgi Server'
	if /usr/bin/php-cgi -b &
		add_daemon fastcgi
		stat_fail	fi
	stat_busy 'Stopping Fastcgi Server'
	[ -e /var/run/daemons/fastcgi ] && kill $(pidof php-cgi) &> /dev/null;
	if [ $? -gt 0 ]; then 
		rm_daemon fastcgi
	$0 stop
	$0 start
	echo "Usage: $0 {start|stop|restart}"

And I gave it an executable permission:

~$ sudo chmod +x /etc/rc.d/fastcgi

What that script does is to have php-cgi process to listen on port 9000. Now, we would be able to start/stop/restart the daemon with “sudo /etc/rc.d/fastcgi start”. But the script will not be automatically started when the unit is rebooted. It needs to be added to /etc/rc.conf. So I added fastcgi to the rc.conf. Here’s the snippet.

DAEMONS=(syslog-ng ... fastcgi nginx ...)

Then I edited the /etc/nginx/conf/nginx.conf file to point to my blog physical directory. We need to add two servers, one for HTTP and one for HTTPS. This is my sample configuration for server myfineblog.local

    server {
        listen       80;
        server_name  myfineblog.local;
        access_log      /var/log/httpd/myfineblog.local-access.log;
        error_log       /var/log/httpd/myfineblog.local-error.log;
        root            /srv/http/myfineblog;
        gzip            on;

        location ~ ^/(wp-admin|quicklook|webalizer)/* {
            rewrite ^/(.*) https://myfineblog.local/$1 permanent;

        location / {
            index  index.html index.htm index.php;
            root                /srv/http/myfineblog;
            if (!-e $request_filename) {
                rewrite ^.+/?(/wp-.*) $1 last;
                rewrite &.+/?(/.*\.php)$ $1 last;
                rewrite ^(.+)$ /index.php?q=$1 last;

        location ~ \.php$ {
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /srv/http/myfineblog/$fastcgi_script_name;
            include        fastcgi_params;

Line 3 defines the server name (so we can configure virtual hosts based on names).
Line 4-5 defines the access logs for this web site.
Line 6 is the physical location of the web site on local system.
Line 7 is used to turn on gzip.
Line 9-11 is redirect to SSL by sending HTTP redirect if the uri contains any of wp-admin or quicklook or webalizer)
Line 13-21 is the definition of website directory and an equivalent scripts for Apache’s mod_rewrite.
Line 23-29 is the connection to the fastcgi daemon we configured above. It is *important* to change the SCRIPT_FILENAME variable to suit the real physical path of the wordpress script.

To enable SSL server, I assume we already have the certificate and key for the website. The configuration looks the same but it will have SSL options enabled and Basic HTTPAuth section for a certain directories.

    server {
        listen          443;
        server_name     myfineblog.local;
        ssl                     on;
        ssl_certificate         /etc/ssl/certs/myfineblog.crt;
        ssl_certificate_key     /etc/ssl/private/myfineblog.key;
        ssl_session_timeout     5m;
        ssl_ciphers             HIGH:MEDIUM;
        ssl_prefer_server_ciphers       on;
        ssl_protocols           SSLv3 TLSv1;

        root                    /srv/http/myfineblog;
        access_log              /var/log/httpd/myfineblog.local-ssl_access.log;
        error_log               /var/log/httpd/myfineblog.local-ssl_error.log debug;
        gzip                    off;

        location ~ ^/(quicklook|webalizer)/* {
                auth_basic      "Private Section";
                auth_basic_user_file    /srv/http/myfineblog/.htpasswd;
        location / {
                index   index.html index.htm index.php;
                root    /srv/http/myfineblog;
        location ~ \.php$ {
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /srv/http/myfineblog/$fastcgi_script_name;
            fastcgi_param  HTTPS on;
            include        fastcgi_params;

This configuration turned on “SSL”, disabling SSLv2 and weak ciphers. It enabled HTTP Basic Authentication for two directories. I disabled gzip on SSL stream. And it tells the fastcgi server to turn HTTPS on.

And started the daemons with “/etc/rc.d/fastcgi start” and “/etc/rc.d/nginx start”.

SSL and HTTP Basic Authentication

In general, when I want to force the browser to access certain part of my website via https if the request is made with http, I would put a .htaccess inside that web directory.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

But when I want to protect the directory with HTTP Basic Auth, it creates double authentication. I’ll expand this section after I captures the headers.

As a quick workaround, I use this hack in .htaccess

SSLOptions +StrictRequire
AuthUserFile /home/minn/.htpasswd
AuthType Basic
AuthName "Private Section"
Require valid-user
ErrorDocument 403

A Walk in the Clouds

I’ve moved this site over to the cloud servers, by Rackspace from my previous shared host. Actually I was looking for a cloud server and cloud space so that I can play with Hadoop. I found Amazon EC servers and S3, but their services charges are expensive for me. While searching for alternatives, CloudServers caught my attention.

It is cheaper than Amazon services, but at the moment I don’t think I can test Hadoop on CloudServer and with CloudSpace. I’m using it more like a virtual private server, that gives me “root” access. The good thing is you can modify the resources as you wish, so I would say it’s quite scalable. You are also charged by hours (uptime). Rackspace will also charge you even if you turn off the machine. They will not charge after we have deleted the server. If you want to test something for a project, you can just subscribe for desired amount of memory and disk space. And delete the server after it’s been used. We will only be charged for those period. That’s the flexibility that I prefer.

I’ll see what I can do with my server, and update the blog again.

Short notes on Linux Libraries

Libraries are the compiled code that is usually incorporated into a programer at a later time.

  • Three types: Static Libraries, Shared Libraries, and Dynamically Loaded Libraries
  • Static libraries are a collection of normal object files.
  • They usually ends with “.a”.
  • Collection is created with “ar” command.
  • Shared libraries are loaded at program start-up and shared between programs.
  • Dynamically loaded libraries can be loaded and used at any time while a program is running.
  • DL libraries are not really in any kind of library format.
  • Both static and shared libraries can be used as DL libraries.

Linux Processes and CPU Performance

In Linux, a process can be either:

  • runnable, or
  • blocked (awaiting some events to complete)

When it’s runnable, the process is in competition with other processes for CPU time. A runnable process may or may not be consuming CPU time. It is the CPU scheduler that decides which process to run next from the runnable processes list. The processes form a line, known as run queue, when they are waiting to use the CPU.

When it’s blocked, it may mean it’s waiting for data from IO device or the results of a system call.

System usually shows the load by totalling the running processes and the runnable processes.

When it comes to multitasking, the OS can be:

  • cooperative multitasking, or
  • preemptive multitasking

In preemptive multitasking, scheduler gives the processes time slices for CPU. The process will be involuntarily suspended after it has consumes the allocated time. It prevents one process from monopolizing the available CPU time.

In cooperative multitasking, the process will not stop running until it is voluntary. When it suspends itself, it is called yielding. The scheduler cannot make decision how long the process should run.

Starting from kernel 2.5, Linux gets itself a new scheduler, O(1). Now it’s been replaced with CFS, as I’ve written about it in my earlier posts.

Tools to view the CPU performance
I usually use these tools to check:

  • vmstat
  • top

Those tools are quite basic, yet are able to produce pretty good information, and they come with almost every distro.

vmstat, I would check the number interrupts fired (in), the number of context switches (cs), as well as CPU utilization such as User (us), System (sy), Idle (id). I expect to see lower “cs” than “in”. I’ll try to explain the context switches and the interrupts in my future posts. For the time being, kindly google for them.

top, version 3 produces more stats. We can check the states of the processes, as well as the user cpu stats, system cpu stats (softirq, iowait, irq).

Linux Package Management

I always like to play around with new distros that I can find from Gentoo being my primary distribution, I have Arch as my second distribution. Arch also offers the flexible system. Almost every linux systems are the same in functionality and the features, and from as far as I can see, the only difference arethat how they implement the front-ends, and how they manage the packages.

With Gentoo, I am not being fancied by easy or pretty front-ends (you can say Gentoo text output is quite colorful), but I’m more interested in how to add/remove/update new software package onto the system. I don’t think anyone will content with the packages that comes with the distro. Package Management offers various ways to install/remove the software as well as update one package or the whole system. It also allows us to select software repositories which we download the packages from. These are some package management systems that usually tied to a distro and its variants:

apt-get for Debian, Ubuntu, etc.
emerge for Gentoo, Sabayon
yum for Fedora, etc.

For more information about the package management systems for linux distributions, you can always refer to those good documents:

“Cannot find -lGl”

I’m setting up another Gentoo on my office desktop.

My compiler on Gentoo stops at this error when compiling certain packages. I just noticed that as I tried to install binary drivers for ATI card (X1300).

I tried to re-emerge GCC, but it didn’t help. But finally I noticed the cause as I searched through the forum and the net.

It’s because of the missing symbolic to in /usr/src.

I was using ATI drivers for OpenGL so my Gentoo symbolically linked to that library. “dri” was not working so I tried to downgrade the driver to lower version by uninstalling it. But when I did a re-install, compiler stopped there, saying it “Cannot find -lGl”.

Actually what I should have done is to switch the OpenGL library to Xorg libraries before uninstalling the ATI drivers.

Now I’m able to compile the ATI drivers, but still “dri” is not working. I need to figure it out.