Helge Klein

Subscribe to Helge Klein feed
Tools for IT Pros
Updated: 20 hours 37 min ago

How to Configure SoftEther, a Free VPN Server for macOS & Windows

Mon, 02/18/2019 - 18:14
Contents

This post describes a real-world configuration of the free VPN server SoftEther. It shows how to set up a VPN for macOS and Windows clients on a Hyper-V Windows guest VM.

Our Setup and Requirements

Our situation was as follows:

  • Multiple Hyper-V hosts with VMs on an internal network.
  • One VM is the VPN gateway. It is configured with two NICs. One is connected to the internal network, the other to the internet.
  • The VPN should provide remote access via SSTP for Windows and L2TP for macOS clients.
  • It should be possible to connect to the VPN with the clients that come with each operating system. Installing additional client software should not be necessary.
  • The VPN should be bridged to the local network so that VPN clients get IP addresses from the internal network’s DHCP server.
  • Authentication should be performed against a RADIUS server (we use Duo Authentication Proxy).

HTTPS Certificate

SSTP is based on HTTPS. The good thing about that is that most firewalls and hotel networks should let it through. The bad thing is that we need to deal with certificates. I used a TLS certificate from our internal Active Directory root CA.

Caveat: Unreachable CRL

We are using an internal certificate authority that is not accessible from the internet. As a consequence, the CA’s certificate revocation list (CRL) is not accessible from the internet either.

The Windows SSTP client refuses to connect when it cannot contact the CRL specified in a server certificate. There are two ways around that:

  1. Set the following registry values on your VPN clients: HKLM\SYSTEM\CurrentControlSet\Services\SstpSvc\Parameters\NoCertRevocationCheck=1 [REG_DWORD]
  2. On the CA, configure a certificate template to not include revocation information in issued certificates.
Requesting the Certificate

Run the following openssl commands on any Windows or Linux machine that has OpenSSL installed. OpenSSL is part of any Splunk installation, for example (even on Windows).

Create a private key:

openssl genrsa -des3 -out c:\temp\vpn\vpn.key 4096

Create a certificate request with the private key:

openssl req -new -key c:\temp\vpn\vpn.key -out c:\temp\vpn\vpn.csr
  • Submit the CSR to your CA
  • Important: if you want to incorporate multiple server namens in the certificate, specify them in the additional attributes field as follows: san:dns=server1.domain.com&dns=server2.domain.com.com
  • You get a P7B file, but SoftEther expects a CER. To convert, double-click the P7B file to open it in the certificates MMC. Locate your certificate, right-click and select All Tasks – Export. Choose the format “Base-64 encoded X.509 (CER)”.
Importing the Certificate in SoftEther
  • Open SoftEther VPN Server Manager
  • Click “Encryption and Network Settings”
  • Click “Import” and specify the location of the CER file
  • Specify the location of the certificate’s KEY file
  • Enter the key’s passphrase
  • While you are in that dialog:
    • Disable “Use Keep Alive Internet Connection”
    • Switch the encryption algorithm name to ECDHE-RSA-AES256-GCM-SHA384
  • Copy your CA’s root certificate to the directory C:\Program Files\SoftEther VPN Server\chain_certs
Gateway VM Configuration

On the Hyper-V host, go to the gateway VM settings and click “Enable MAC address spoofing” in the “Advanced Features” of the VM’s internal NIC.

SoftEther Configuration Virtual Hub Creating a Virtual Hub
  • Open SoftEther VPN Server Manager
  • Create a virtual hub
User and RADIUS Config
  • Open SoftEther VPN Server Manager
  • Click “Manage Virtual Hub”
  • Click “Manage Users”
  • We are managing users in RADIUS, but we need a wildcard entry here to not block everybody
  • Add a single user with “User Name” set to an asterisk (*) and “Auth Type” set to “RADIUS Authentication”
  • Go back to the “Management of Virtual Hub” dialog
  • Click “Authentication Server Setting”
  • Enable “Use RADIUS Authentication” and provide the necessary information
  • Go back to the main page of SoftEther VPN Server Manager and make sure the virtual hub is online
Blocking Internet Access

In a split tunnel configuration you want your VPN clients to connect directly to the internet, not via the VPN. Split tunneling is a client configuration (see below), but you may want to enforce it by blocking all internet connections originating from VPN clients:

  • Open SoftEther VPN Server Manager
  • Click “Manage Virtual Hub”
  • Click “Manage Access Lists”
  • Add the following rules:
    • Pass, Priority=10, Memo=Enable LAN access, Contents=(ipv4) DstIPv4=10.1.0.0/16
    • Pass, Priority=11, Memo=Enable LAN access (reverse), Contents=(ipv4) SrcIPv4=10.1.0.0/16, DstIPv4=10.1.0.0/16
    • Pass, Priority=12, Memo=Allow DHCP requests, Contents=(ipv4) SrcIPv4=0.0.0.0/32, DstIPv4=255.255.255.255/32, Protocol=UDP, DstPort=67-68
    • Pass, Priority=13, Memo=Allow DHCP responses, Contents=(ipv4) SrcIPv4=10.1.0.0/16, DstIPv4=255.255.255.255/32, Protocol=UDP, SrcPort=67-68
    • Discard, Priority=1000, Memo=Block everything (else), Contents=(ether) \*
Network Bridge
  • Open SoftEther VPN Server Manager
  • Click “Local Bridge Setting”
  • Select your virtual hub
  • Select the LAN adatapter connected to your internal network
  • Click “Create Local Bridge”
  • Exit all dialogs and reboot the SoftEther VM
Protocols and Ports L2TP
  • Open SoftEther VPN Server Manager
  • Click “IPsec / L2TP Setting”
  • Check “Enable L2TP Server Function (L2TP over IPsec)”
  • Uncheck all other options
  • Specify an IPsec pre-shared key (PSK)
SSTP
  • Open SoftEther VPN Server Manager
  • Click “OpenVPN / MS-SSTP Setting”
  • Check “Enable MS-SSTP VPN Clone Server Function”
  • Uncheck the OpenVPN checkbox (unless you want to use it, of course)
Ports
  • Open SoftEther VPN Server Manager
  • In the listener list, delete ports 992 (function unknown), 1194 (OpenVPN), and 5555 (SoftEther remote management)

Note: when you connect to SoftEther Server Manager next make sure so specify 443 (the only remaining one) instead of 5555

Firewall

In your firewall, create rules to enable the following ports:

  • SSTP: TCP 443
  • L2TP over IPSec: UDP 500 and 4500

In the Windows firewall disable or delete the following rules added by SoftEther:

  • SoftEther VPN Server
  • SoftEther VPN Server Manager
  • SoftEther VPN Command-Line Admin Tool
Miscellaneous

Disable DDNS registration of your VPN. In unnecessarily “calls home”.

  • Stop the SoftEther VPN Server service and edit the configuration file “vpn_server.config”
  • In the DDnsClient section, set Disabled to true
  • In the ServerConfiguration section, set DisableNatTraversal to true
  • Start the SoftEther VPN Server service
Client Settings Split Tunneling

Split tunneling refers to a configuration where only those packets are sent from a client to the VPN, that are destined for the VPN’s subnet. Everything else (including internet connections) go through the client’s regular default gateway.

On Windows VPN clients:

Resources

The post How to Configure SoftEther, a Free VPN Server for macOS & Windows appeared first on Helge Klein.

Hardware-Encode Video in H.265 with Free Tools to Save Disk Space

Mon, 02/11/2019 - 20:37
Contents

Many web meeting services have a recording functionality. Most recordings are provided as MP4 files with the video encoded in H.264 because that offers the most universal compatibility. However, it also needs a lot of disk space. H.264 has a successor, H.265, which only requires half the space for the same visual quality. This post shows how to use StaxRip, a free tool, to re-encode H.264 video into H.265 quickly by making use of GPU hardware encoding.

Preparation
  • Download and extract StaxRip. I used the current stable version 1.7 x64
  • Start StaxRip
  • When opening the first video file, StaxRip may ask you to install AviSynth. Do so by clicking Install AviSynth+.
Configuring the Conversion Settings
  • Click x264 and choose one of the following depending on your GPU vendor: NVIDIA H.265, Intel H.265 or AMD H.265
  • Click MKV and select MP4 (mp4box) instead
  • Click the Opus entry next to the first audio stream field and select copy/mux
  • Click the Opus entry next to the first audio stream field and select no audio

The result should look like this:

Performing the Conversion
  • Right-click Source > Open > File Batch and select the files you want to convert
  • Click Next to start the conversion
  • The output files are placed in the same directory as the input files with the extension _new
Conversion Performance

The Nvidia GTX 1060 GPU in my desktop PC encoded H.265 at the impressive rate of approximately 420 frames per second (full HD, 1920×1080).

The Intel HD Graphics 620 (Core i7-7500U) in my laptop only reached about 113 frames per second for the same content. Still impressive, but a lot less fast.

An interesting difference between the two GPUs: while the Nvidia encode used the GPU’s dedicated video encoding engine, the Intel encode used the GPU’s generic 3D engine.

Another noteworthy difference: the file generated by the Intel encode was 38% smaller than the file generated by the Nvidia encode.

Space Savings

The original videos of a four-day training recorded with Skype had a size of 7.6 GB. Converted to H.265 the size was reduced to 2.4 GB, which amounts to 68% savings!

GPU Performance Monitoring

If you are interested in monitoring your GPU’s performance and find out how its various engines are used, take a look at our uberAgent product. During the Nvidia encoding, for example, the GPU’s video encoding engine was nearly at 100% load and its generic compute engine at approximately 20%:

The post Hardware-Encode Video in H.265 with Free Tools to Save Disk Space appeared first on Helge Klein.

Free and Powerful Equalizer for Windows 10

Tue, 01/29/2019 - 07:23

Windows 10 does not come with an equalizer. That can be annoying when you have headphones that are too heavy on the bass, like the Sony WH-1000XM3. Enter the free Equalizer APO with Peace, its UI.

What You Get

Peter’s Equalizer API Configuration Extension (Peace) is pretty easy to use while offering powerful features:

  • Slider changes have an immediate effect
  • Settings can be applied to invididual devices only
  • Great flexibility
  • Saved configurations
  • Easy backup and restore of configurations
  • Can be started at logon so that configured settings are always applied

The UI looks like this (showing my adjustments for the Sony WH-1000XM3):

Installation

Installation is straightforward. Just make sure to install in the following order

  1. Engine: Equalizer APO
  2. UI: Peace Equalizer

Enjoy!

The post Free and Powerful Equalizer for Windows 10 appeared first on Helge Klein.

Modern Multi-Process Browser Architecture

Tue, 01/22/2019 - 17:26
Contents

An architecture overview of current browsers on Windows: Chrome, Firefox and Internet Explorer.

In case you are wondering: I did not include Edge because it is currently being transitioned to the Chromium rendering engine, which might change a few things. I did include Internet Explorer because it is still the default browser in many enterprises.

Looking for a way to monitor web app performance? Take a look at uberAgent, our user experience & application performance monitoring product.

Chrome Architecture

Chrome was the first browser with a multi-process architecture. Put simply, it encapsulates all logical functions in separate processes. More specifically:

  • One main (browser) process
  • One GPU process
  • Each tab: dedicated process
  • Each extension: dedicated process

Chrome is the only browser with a useful task manager. It can be opened with the keyboard shortcut SHIFT+ESC. As you can see below, Task Manager lists all active Chrome processes with their designated functions. For each process, it shows CPU, network and memory resource usage. It also indicates whether frames are hosted in their page’s process or in dedicated processes (more on that below). Finally, Task Manager shows the Windows OS process ID, which makes it possible to correlate data with other system information tools.

Frames and Site Isolation

Frames share a process with their page if the frame and the page are from the same site (based on the URL).

Starting with Chrome 67, frames from different sites are put into different processes. This is called site isolation and aims to mitigate certain types of attacks. Chrome’s Process Internals page (chrome://process-internals/) lists the current status of each frame.

IE Architecture

IE’s multi-process architecture was introduced with IE8. It makes use of two types of processes:

  • One main (frame) process
  • Zero or multiple tab processes

Note the zero above. Depending on configuration, IE may be limited to just one process – in which case a bug in any component or add-on crashes all opened tabs. Keep in mind that IE add-ons are binary Win32 DLLs that are loaded into the tab process(es). A crash in an add-on also crashes the tab process(es) that host it. This is not the case with modern browsers (i.e., all other browsers), where extensions are basically web apps, built with JavaScript and HTML.

IE Tab Process Count

By default, the number of tab processes is auto-managed depending on the amount of RAM. This can be overridden by setting the TabProcGrowth registry value. It can either be a number (REG_DWORD) or a string (REG_SZ) – which is rather unusual.

A Microsoft blog post explains the TabProcGrowth value. It boils down to this:

Value Type Description 0 REG_DWORD single process for frame+tabs no matter what 1 REG_DWORD single process for frame+tabs per bitness (important for 32-bit add-ons on 64-bit machines) >1 REG_DWORD sets the maximum number of tab processes small REG_SZ max. 5 tabs per session medium REG_SZ max. 9 tabs per session large REG_SZ max. 16 tabs per session

Some notes and caveats:

Firefox Architecture

Historically, Firefox has been a single-process browser. As it turned out, running the browser UI plus the HTML rendering and JavaScript for all tabs in a single process is a bad idea. It easily freezes the UI, and it might not be optimal from a security point of view, either.

Mozilla started project Electrolysis as a gradual move to a multi-process architecture. This took 9 versions, from Firefox 48 to 56. The current architecture looks like this:

  • One main process
  • One GPU process
  • One extension process
  • Up to 4 content (tab) processes

The current default of 4 content processes might be changed in future versions. At this point, it can be increased to a maximum value of 7 content processes. Work is underway to encapsulate extensions in dedicate processes.

Summary

Browsers are evolving quickly – except for IE, of course. Microsoft is focusing on Edge. To be very clear: IE will not get any new features. It’s security updates only for the former world’s most popular browser who once had a market share of approximately 95% (in 2003).

It seems there is no way around the multi-process type of architecture. Benefits include increased stability and security. On the downside, we have an increased overhead.

The post Modern Multi-Process Browser Architecture appeared first on Helge Klein.

Bluetooth Audio Quality & aptX on Windows 10

Tue, 01/15/2019 - 19:43

Bluetooth is a flexible standard. It defines various profiles that operate on top of the Bluetooth networking protocol stack and implement specific services, such as hands-free communications. Bluetooth devices each support a small subset of profiles, typically only one or two, according to their designated function.

Bluetooth headphones and speakers implement the advanced audio distribution profile (A2DP). The A2DP profile transports encoded audio streams from one device to another. To guarantee compatibility between devices, any device implementing the A2DP profile needs to offer a common codec, SBC. However, A2DP supports additional codecs that may increase audio quality or reduce latency compared to SBC. One of those optional codecs is aptX. In this article, I am looking at aptX benefits and I am describing how to get aptX on Windows 10.

What is aptX?

aptX is an alternative codec for the Bluetooth A2DP protocol. It comes in multiple flavors:

  • aptX
  • aptX LL (low latency)
  • aptX HD
Is aptX better than SBC?

Qualcomm, who acquired the aptX company CSR in 2015, claims that aptX offers “superior audio”. Figuring out whether that is actually true is harder than expected. Let’s break this quality question down into two different aspects: fidelity and latency.

Audio Fidelity

As this overview shows, the technical specifications of the base aptX code are similar to that of SBC. Specifically, the maximum bitrate of 352 kb/s is not much higher than SBC’s 320-345 kb/s (SBC depending on implementation).

The bitrate by itself does not tell us anything about a codec’s fidelity, however. Different codecs can be very different in encoding efficiency, as are H.264 and its successor H.265 for video (the latter only needs about half as many bits for the same visual quality). Fidelity can only be determined by double-blind listening tests. Unfortunately, nobody seems to have performed such listening tests in a scientific, reproducible manner (at least I could not find any information). Please let me know by commenting below if you know of any publications.

Another aspect influencing fidelity is that implementations do not always use a codec’s maximum bitrate. SBC, for example, comes with three quality modes, low (201 kb/s), middle (229 kb/s) and high (328 kb/s). Devices may select lower-quality modes to favor a stable connection over sound quality (example: these Sony headphones).

Audio Latency

When watching a video, you do not want the audio to lag behind. In other words: the audio latency should ideally be small enough to not be noticeable. Unfortunately, that is often not the case.

Bluetooth audio introduces significant latency, the exact amount of which depends on the codec as well as its implementations in the sending and receiving devices. Most Bluetooth headphone reviews do not include latency measurements, with the notable exception of rtings.com. They even have a list with latencies for all the headphones they ever tested. Plain aptX seems to be slightly better than SBC, but only aptX LL seems to be good enough to not be noticeable.

While, however, the number of devices supporting base aptX is steadily growing, support for aptX LL is still extremely rare (see rtings.com or bluetoothcheck.com).

Audio Quality Summary

There do not seem to be any objective comparisons between the aptX variants and SBC. From my experience it should be safe to say the following:

  • SBC offers pretty good fidelity at maximum bitrate.
  • aptX might be slightly better than SBC at maximum bitrate.
  • Both SBC and aptX introduce significant latency in the range of 150-200 ms.
  • aptX LL drastically reduces latency but is only supported by a handful of devices.
aptX on Windows 10 OS Support

If Microsoft wanted to hide this piece of information, they could not be doing a better job. A single page on microsoft.com mentions aptX. Apparently, Windows 10 has supported the aptX codec since the first release (1507). According to this Reddit thread, Windows 10 aptX support does not require any drivers in addition to what is part of the OS. I am mentioning that because numerous forum posts state you need to install special drivers. That does not seem to be true.

As for aptX HD or aptX LL (low latency): those codecs do not seem to be supported. If you would like to have them in Windows – especially aptX LL would be great when watching video – make sure to vote for this item in Feedback Hub: please add aptX Low Latency codec support to the Bluetooth A2DP driver.

For a list of supported Bluetooth versions and profiles see this page.

External USB Adapter

The Avantree Audicast is a flexible Bluetooth transmitter that can be connected to a PC (via USB) or a TV (via optical input or headphone jack). The Audicast has several neat features:

  • Support for aptX LL (low latency) in addition to regular aptX and, of course, SBC
  • LEDs indicate which codec is being used
  • Two receiving headphones can be connected
  • Small and light
  • No additional power source except for USB required
  • All cables are included

Please note that when connected to a PC, the Audicast does not work as a generic Bluetooth adapter (in which case the OS drivers would be used). Instead, it registers as a USB audio device. No drivers are required.

Which Codec and Bitrate are Being Used?

Amazingly, Windows does not provide any tool or API for monitoring the codec used by A2DP. Whether it is SBC, aptX or something different – users are left completely in the dark. To help change that and encourage Microsoft to provide more visibility, please vote for please let users see what Bluetooth A2DP codec is used.

For the sake of completeness I sent several hours capturing and analysing ETW logs as indicated at the following source, but none of the generated logs seemed to indicate the A2DP codec being used.

The post Bluetooth Audio Quality & aptX on Windows 10 appeared first on Helge Klein.

Saving & Restoring Total Commander Tab Sets

Mon, 01/07/2019 - 17:18

Total Commander’s custom start menu is a great place to quickly launch all kinds of tools and programs that are otherwise hard to get to. However, TC’s start menu is not limited to external tools. It can be used to run internal TC commands, too. In this article, I am using that capability to build a simple solution for saving and restoring sets of Total Commander tabs to and from files.

Why Save and Restore Tab Sets?

The most common use case for multiple tab sets I can think of is people working in different environments or on different projects. Being able to switch the tabs needed at customer A for the tabs needed at customers B, C, or D should be very helpful.

End Result

This is what I am going to build:

The Tabs submenu has entries for loading and saving all tabs from/to a file called %COMPUTERNAME%.tab. This is a simple solution designed as a tab backup. It can easily be extended to a solution that loads and saves multiple different tab sets.

Getting There

Click Start > Change Start Menu… to bring up the dialog that configures Total Commander’s start menu. You might or might not already have entries in your start menu. We are not going to touch them in any way. Instead, we are adding a new section with a Tabs submenu. Instructions:

  1. Navigate to the last of your existing start menu entries.
  2. Add an item with a dash (-) as the title. This creates a dividing horizontal line, separating your existing start menu entries from the new tabs functionality.
  3. Add a submenu with the title Tabs.
  4. In the submenu, add two items.
    • Item 1 title: Load from %COMPUTERNAME%.tab
    • Item 1 command: OPENTABS d:\Data\Total Commander\%COMPUTERNAME%.tab
    • Item 2 title: Save to %COMPUTERNAME%.tab
    • Item 2 command: SAVETABS2L d:\Data\Total Commander\%COMPUTERNAME%.tab

The result should look like this:

Please note:

  • The path used in the commands above must not be enclosed quotes even if it contains spaces.
  • As you can see in the examples, environment variables can be used.
  • The path used above, “d:\Data\Total Commander”, should be adjusted as needed.

That’s it – enjoy!

The post Saving & Restoring Total Commander Tab Sets appeared first on Helge Klein.

Upgrading Ubuntu 16.04 to 18.04 & PHP 7.0 to 7.2 for WordPress

Wed, 12/12/2018 - 00:28

This post describes how I upgraded our webserver running WordPress on Apache from Ubuntu 16.04.5 LTS to 18.04.1 LTS. Please see this article for more information on the server’s installation and configuration.

Backup

Before you begin, create a checkpoint (snapshot) in Hyper-V Manager. If anything goes wrong, a checkpoint makes it trivially easy to get back to the last working state.

Installing all Available Updates sudo apt-get update sudo apt-get dist-upgrade sudo apt-get autoremove

Reboot and check Apache’s error log:

sudo shutdown -r now tail /var/log/apache2/error.log Upgrading to Ubuntu 18.04.1 sudo do-release-upgrade

During the upgrade process:

  • When asked whether to install the updated version of /etc/sysctl.conf, select “yes”
  • When asked whether to install the updated version of /etc/apache2/apache2.conf, select “no”
  • When asked whether to install the updated version of /etc/logrotate.d/apache2, select “yes”
  • When asked whether to install the updated version of /etc/ssh/sshd_config, select “keep the local version”
  • When asked whether to install the updated version of security.conf, select “no”
18.04 Upgrade Package Changes Packages no Longer Supported
  • ntp
  • tcpd

You may want to uninstall these packages once the upgrade is finished by running the commands:

sudo apt-get remove ntp sudo apt-get remove tcpd sudo apt-get autoremove Removed Packages
  • curl
  • systemd-shim
  • libapache2-modsecurity
Upgrade PHP Package Name Changes

In the upgrade from Ubuntu 16.04 to 18.04 the PHP version is upgraded from 7.0 to 7.2, which is a good thing. What is not so great is that the names of all the PHP packages change from php7.0-* to php7.2-*. Due to that name change, Apache’s PHP configuration is broken after the upgrade and must be fixed manually.

Additionally, the upgrade routine is not clever enough to upgrade any manually installed PHP packages. The 7.0 versions of the following packages are uninstalled instead of replacing them with their 7.2 versions:

  • php7.0-curl
  • php7.0-gd
  • php7.0-json
  • php7.0-mbstring
  • php7.0-mcrypt
  • php7.0-mysql
  • php7.0-opcache
  • php7.0-tidy
  • php7.0-xml
  • php7.0-xmlrpc
  • php7.0-cli
  • php7.0-common
  • php7.0-readline
Migrating from PHP 7.0 to PHP 7.2 Apache Configuration

Enable the PHP 7.2 module:

sudo a2enmod php7.2 sudo service apache2 restart Installing Missing PHP 7.2 Modules sudo apt-get install php7.2-mysql php7.2-curl php7.2-gd php7.2-json php7.2-mbstring php7.2-opcache php7.2-tidy php7.2-xml php7.2-xmlrpc sudo apt-get autoremove sudo service apache2 restart

Note: mcrypt is not available any more with PHP 7.2.

PHP 7.2 Hardening and Optimization

Edit /etc/php/7.2/apache2/php.ini:

Add the following to disable_functions: exec,system,shell_exec,passthrough

Configure PHP’s opcache by setting:

opcache.enable=1 opcache.memory_consumption=256 opcache.interned_strings_buffer=10 opcache.max_accelerated_files=10000

Restart Apache:

sudo service apache2 restart Fixing PHP Errors PHP Warning “Illegal string offset”

Cause: a string variable is used like an array, e.g.:

$var[index] = "value";

Fix it by adding an array check:

// DATE PHP 7.2 compat: added check if $var actually is an array if (is_array ($var)) $var[index] = "value"; Removing Obsolete PHP Directories

Clean up remainders from earlier migrations:

sudo rm -r /etc/php5 sudo rm -r /etc/php/7.0 Adjusting the Logrotate Configuration

Edit /etc/logrotate.d/apache2 so that it says:

rotate 30 dateext Re-enabling the mod_pagespeed Repository

This was disabled during the upgrade.

sudo rm /etc/apt/sources.list.d/mod-pagespeed.list sudo mv /etc/apt/sources.list.d/mod-pagespeed.list.distUpgrade /etc/apt/sources.list.d/mod-pagespeed.list Checking for errors

Check Apache’s error log:

tail /var/log/apache2/error.log

The post Upgrading Ubuntu 16.04 to 18.04 & PHP 7.0 to 7.2 for WordPress appeared first on Helge Klein.

PowerShell Script: Test Chrome, Firefox & IE Browser Performance

Tue, 12/04/2018 - 17:58
Contents

There is more than one way to test the performance of web browsers like Chrome, Firefox, or IE, but regardless of how you do it, you need a consistent workload that makes the browsers comparable. Unless you are testing with synthetic benchmarks (which come with a plethora of problems of their own) you need a way to automate browsers opening tabs and loading URLs. This article presents a simple solution to do just that.

Purpose of This Browser Test Script

I have written about various aspects of browser performance and privacy before. For those earlier articles, I manually ran the browsers through a series of tests. This quickly proved to be tedious and error-prone. Obviously, automation is the name of the game.

For this year’s session Web App Performance in a Virtual World which I presented at Citrix Technology Exchange and at community meetups I went ahead and finally automated a large part of the test process, and it paid off immediately. I was able to test more configurations in less time with increased accuracy.

Testing is not enough, of course. You need to measure, too. For that, I have been using our uberAgent user experience and application performance monitoring product. uberAgent measures browser page load duration for all major browsers (which was important here) in addition to providing detailed application usage and performance insights for all installed and running applications – Win32, UWP, Java, App-V, etc.

Tweet source

What the Browser Test Script Does

It is really quite simple. I needed a script that would do the following – mind you, for any number of installed browsers and for a list of URLs supplied through a parameter file:

  • Start the browser
  • Open each URL in a new browser tab, waiting 30 s in between
  • Close the browser (gracefully)
  • Repeat the above three times per browser
Techniques Used in the Browser Test Script

I only rarely use PowerShell, my main development work is in C++. Nevertheless, you might find some of the following interesting.

Starting Applications With Their Name Only

Windows has a functionality for starting applications by name without requiring them to be part of the PATH environment variable. This is as useful as it is rarely known. I explained the mechanics in my article How the App Paths Registry Key Makes Windows Both Faster and Safer. The thing to note in this context is that App Paths entries can be leveraged from PowerShell with the Start-Process cmdlet. I used it in the script to start browsers by providing simple names like “chrome” or “firefox”.

Closing an Application’s Window Gracefully

When you start an application with the Start-Process cmdlet, it returns a process object. This object has an extremely useful method, CloseMainWindow(). It is equivalent to clicking on the “X” in the window’s upper right corner.

The Browser Test Script # # One time setup: # # - Open all sites on the list in all browsers # - Log on the test user UXMetricsGuyA (where applicable) # - Switch the browser window to full screen # - Config per site: # - Accept cookie popups # - Do not accept a site's notifications # - Enable "stay signed in" where applicable # - Config per browser: # - Configure browser startup to not open previous tabs # - Configure start page: "about:blank" # - Do not save passwords in the browser # - Disable browser dialogs: # - asking about not being the default # - asking if you want to close all tabs # # Before each test run: # # - Empty each browser's cache # - Do not delete cookies # - Close all browsers # - Restart the machine # - Log on as test user test01 # - Start a PowerShell console # - Wait five minutes # - Start this script # # # Global variables # # How long to wait between open site commands $waitBetweenSitesS = 30; # How long to wait after a browser's last site before closing its window $waitBeforeBrowserClose = 30; # How long to wait between browsers $waitBetweenBrowsers = 30; # Name of the file containing the sites to open $siteUrlFile = ".\URLs.txt"; # Number of iterations $iterations = 3; # Browsers to start $browsers = @("chrome", "firefox", "iexplore") # # Start of the script # # Read the sites file $sites = Get-Content $siteUrlFile; # Iterations for ($i = 1; $i -le $iterations; $i++) { Write-Host "Iteration: " $i # Browsers foreach ($browser in $browsers) { # Sites $siteCount = 0; foreach ($site in $sites) { $siteCount++; if ($siteCount -eq 1) { if ($browser -eq "chrome" -or $browser -eq "firefox") { # Start the browser with an empty tab because the first page load is currently not captured by uberAgent $process = Start-Process -PassThru $browser "about:blank" } else { # Start the browser with the first site $process = Start-Process -PassThru $browser $site } # Store the browser's main process (the first one started) $browserProcess = $process; # Wait for the window to open while ($process.MainWindowHandle -eq 0) { Start-Sleep 1 } if ($browser -eq "chrome" -or $browser -eq "firefox") { # Open the first site in a new tab Start-Process $browser $site } } elseif ($browser -eq "iexplore") { # Additional IE tabs need to be opened differently, or new windows will be created instead $navOpenInNewTab = 0x800; # Get running Internet Explorer instances $app = New-Object -ComObject shell.application; # Grab the last opened tab $ie = $app.Windows() | Select-Object -Last 1; # Open the site in a new tab $ie.navigate($site, $navOpenInNewTab); # Release the COM objects Remove-Variable ie; Remove-Variable app; } else { # Addition tabs in Chrome/Firefox Start-Process $browser $site } Start-Sleep $waitBetweenSitesS; } Start-Sleep $waitBeforeBrowserClose; # Close the browser $browserProcess.CloseMainWindow(); $browserProcess = $null; Start-Sleep $waitBetweenBrowsers; } } The Script’s URL Input File

The URL input file I used with the script in my 2018 tests looked like this:

https://mail.google.com/mail/u/0/#inbox https://docs.google.com/document/d/1hOc4bdEQ1-KJ5wOsiCt4kVQB-xaHuciQY6Y4X_I7dYA/edit https://www.google.com/maps/ https://twitter.com/ https://onedrive.live.com/edit.aspx?cid=740de493111072ca&page=view&resid=740DE493111072CA!108&parId=740DE493111072CA!106&app=PowerPoint https://outlook.live.com/mail/inbox https://www.dropbox.com/h https://www.nytimes.com/ https://www.nbcnews.com/ https://edition.cnn.com/

The post PowerShell Script: Test Chrome, Firefox & IE Browser Performance appeared first on Helge Klein.

Enabling HTTP/2 in Apache on Ubuntu 18.04

Mon, 11/26/2018 - 02:14

A number of requirements must be met before HTTP/2 can be enabled for a website. This is a compilation of steps I went through to get HTTP/2 working on our Apache web server hosting WordPress sites.

HTTP/2 Requirements Requirement #1: HTTPS

HTTP/2 only works with HTTPS. If you have not switched your site to HTTPS, now is the time to do it. You might be interested in my article Switching a WordPress Site From HTTP to HTTPS.

Requirement #2: Apache 2.4.24

The first version of Apache to support HTTP/2 is 2.4.24. If you are on the LTS branch of Ubuntu, this means you need to upgrade to Ubuntu 18.04. I will describe the upgrade process from 16.04 to 18.04 in another blog post.

Requirement #3: PHP FPM

Short version: if you run PHP in Apache via mod_php, you need to switch to FPM. That is not a bad thing. FPM is newer and faster.

Long version: HTTP/2 is not compatible with Apache’s prefork multi-processing module. However, prefork basically seems to be obsolete so it does not hurt to switch to something more modern, i.e., the event MPM. That, in turn, requires a change in the PHP module from mod_php to php7.x-fpm.

Configuration Changes for HTTP/2 Switching Apache’s PHP Module from MPM Prefork to Event

Run the following commands:

sudo apt-get install php7.2-fpm sudo a2enmod proxy_fcgi sudo a2enconf php7.2-fpm sudo a2dismod php7.2 sudo a2dismod mpm_prefork sudo a2enmod mpm_event sudo service apache2 restart Caveat: W3 Total Cache Shows Apache Modules as Not Detected

W3 Total Cache seems to rely on the function apache_get_modules() to detect Apache modules, which does not work with FPM. According to this support article from Plesk, this issue can be ignored.

Installing and Enabling HTTP/2 in Apache

Enable the module mod_http2:

sudo a2enmod http2 sudo service apache2 restart

Enable the HTTP/2 protocol by adding the following to /etc/apache2/apache2.conf:

Protocols h2 http/1.1 How to Verify that HTTP/2 is Working

Cloudflare put together a comprehensive list of ways you can check a website for HTTP/2 support. The easiest to use are probably Chrome Dev Tools (network view, add the Protocol column) or the online test from KeyCDN.

The post Enabling HTTP/2 in Apache on Ubuntu 18.04 appeared first on Helge Klein.

How to Limit CPU & RAM via the Windows Boot Configuration

Wed, 11/21/2018 - 00:40

Testing the effects of different CPU and memory configurations is easiest when you run the tests on a powerful machine and restrict it to the required number of CPU cores and amount of RAM. Microsoft’s documentation of the relevant command is missing an essential parameter. Here are the commands you need.

Limiting the CPU to N Cores

On an elevated command prompt run:

bcdedit /set {current} numproc NUMBER_OF_CORES

Note: strangely, the numproc parameter is missing from the Microsoft documentation of bcdedit. However, it still works fine on Windows 10 1803.

Limiting the RAM to N MB

On an elevated command prompt run:

bcdedit /set {current} removememory MB_TO_REMOVE_FROM_INSTALLED_RAM With: MB_TO_REMOVE_FROM_INSTALLED_RAM = INSTALLED_RAM - DESIRED_RAM

This is unnecessarily complicated. Instead of specifying the total RAM you want Windows to see, you specify how much of the installed RAM to remove (in MB).

Removing a Bcdedit Setting

To remove a setting, run the following on an elevated command prompt:

bcdedit /deletevalue {current} SETTING_NAME E.g.: bcdedit /deletevalue {current} numproc

The post How to Limit CPU & RAM via the Windows Boot Configuration appeared first on Helge Klein.