As the title may suggest a little while ago the shared folders that had be created on my synology NAS became inaccessible. When trying to access the map drive in Windows / File explorer it would prompt me for a username and password. After clicking ok it would open a dialog that prompted me to select a certificate. …
This is just a quick update about this website and the server it is run on. For a long time this website has suffered from poor performance owing to a multiple factors which likely deterred many potential visitors. This has now been rectified and going forward this should stay this way and hopefully with the added benefit of more frequent posts.
The improvement in performance mainly came from two key changes, they being an upgrade in the VPS tier and the changes to the theme. For those interested a list of changes is provided below:
- Migrated from PHP 5.6 to 7 + enabled opcache. This change alone provided a massive increase in page load time and responsiveness.
- Added a maintenance page. This is shown during wordpress downtime during updates.
- Updated the theme. A few aspects of the theme have been updated / changed.
- Replaced Google font. Removes the need for external resources to be downloaded / rendered.
- Added an about page.
- Updated scripts.
- Server tier upgrade. This allow some other the other changes possible.
A server monitor page has been added which currently checks the uptime of my main server (the one on which this site runs). This monitor can be found at status.moocat.me. The monitor uses a ping (icmp) to check if the server is responsive but this test is fairly limited as it would not detect if this website was accessible. New test types may be added but servers that I come to acquire will be added.
I stumbled across Keybase a little while ago and have finally got round to setting it up / linking to my online identities, such as proving that I’m the admin of this website etc. This process was fast and painless to perform. A link to my Keybase page can be on the link in this post or under the contact section.
I have recently set up a public (open access) s/ntp time server that operates at stratum 2. It is available on both IPv4 & IPv6 with the server name ‘ntp.moocat.me’. A good place to start understanding what NTP is and why it is useful is with this FAQ found at ntp.org. The server also participates in the ntp pool project which was easy to setup and hopefully provides a benefit to the community.
During my second year of my IT A level one of the units required me to create an excel product for a fictional client. The fictional client that I created was a man called steve who needed part of his VPS management system migrating into a digital form. The resulting product and associated documentation can be found below:
Whilst updating the certificate for the postfix server recently, I encountered an issue where emails from some servers were not being delivered / received. Upon further investigation I found the error relating to this problem was “
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher“. Armed with this error information I proceeded to look for a solution online but this process took an extended amount of time for me to find an answer. In hindsight this trivial task should have taken a couple of minutes to perform which is why I have made this post to help others to prevent a similar situation.
The reason why in this case I was receiving the error was due to the other servers not supporting ECDSA certificates and it turns out this is true for many mail servers as well. Knowing this it explains why “no shared cipher” was being displayed due to the lack of ECC (Elliptic Curve Cryptography) support. In order to rectify this I had to use an RSA certificate which is widely accepted. This new cert was self signed but this doesn’t cause an issue as nearly all smtp servers do not validate certificates.
To apply this change on a postfix server first open the main config file (“
/etc/postfix/main.cf“). Once open navigate to “
smtpd_tls_cert_file” and “
smtpd_tls_key_file“, then change them respectively to point to the new location. Keep in mind both files specified must be in the .pem format.