It’s never a good idea to let doors open. Neither should there be unnecessary open ports on your server. With Iptables, a firewall shipped with Ubuntu, it’s not that hard to secure your server. A very detailed and nice introduction can be found in the Ubuntu Wiki.

Example setup

A sample setup might look like the following. First step is to allow already established connections.

sudo iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT

Then the ssh and http ports should be accepted.

sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT

Finally all other traffic shall be blocked.

sudo iptables -A INPUT -j DROP

Note that the order of the iptables list is important. It works from top to bottom and when for example DROP all is the first entry, nothing else is allowed to enter. Also make sure to not block your ssh port! Else you got a problem.

Adding new rules

Now we realise, we forgot one port. But that’s no problem! We can not only append new rules, we can also specify where to include the rule. Take a look at the already created list.

sudo iptables --list

We decide to add port 12345 as 3rd rule. So let’s do that!

iptables -I INPUT 3 -p tcp --dport 12345 -j ACCEPT

Checking back on the list should show the added port.

Preserve rules

Preserving the iptables rules after rebooting is pretty easy.

sudo iptables-save

Now you’re done! Your server should be (more) secure and your life easier.

Since there is php-fpm in Nginx it’s save to run PHP applications without an Apache webserver just using Nginx. I’ll explain how to set up php-fpm to run your php app. My system runs on Ubuntu 12.04 server and Nginx is already installed and running.

First thing to do is to install php-fpm. In my case:

sudo aptitude install php5-fpm

This gives you all the needed packages. Now there are two options to run your php server. The default is running it on a specific port (default for that is port 9000). The second option is to run it as a socket. To change that behaviour to your liking just edit /etc/php5/fpm/pool.d/www.conf in the line that starts with listen = to one of the following:

listen = 127.0.0.1:9000
listen = /var/run/php5-fpm.sock

I’m running on the socket. So after restarting the php-fpm service (sudo service php5-fpm restart) you can talk to your php app from Nginx. Just tell Nginx to do so by editing the config! My config in /etc/nginx/nginx.conf contains somthing like this:

server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/nginx/examplecom;
    index index.php index.html index.htm;

    location / {
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }
}

Don’t forget to restart the nginx service before heading over to example.com! No you should see the desired output of your index.php.

What next?

Head over to to if !1 0 for some neat tricks to optimize Nginx in general and in case you’re using PHP-FPM some details on the configuration.

Ever tried to build a mobile first website and had the problem that IE8 and older don’t like your media queries? So they end up with the one-column-mobile layout in most cases like this site. Thankfully SASS 3.2 (to be released) will be able to generate a separate stylesheet for the desktop look.

Some basic but very effective techniques you should use in your responsive design.

… how well is GitHub doing on front end performance?

Do you have the feeling that github is slow? No? Me neither. But even though, there is a lot of potential to optimize it’s site performance. Read about some interesting and common problems and solutions to optimize your Front End.

Find out what is the current state of the art. This article by Rebecca Murphey gives you a nice overview on the tools every Front-End dev should know.

This document defines formatting and style rules for HTML and CSS. It aims at improving collaboration, code quality, and enabling supporting infrastructure. It applies to raw, working files that use HTML and CSS, including GSS files. Tools are free to obfuscate, minify, and compile as long as the general code quality is maintained.

A deep look into all the features the WebKit inspector. Good to know!

Explanation how to run an Express.js app in production mode. Also gives an overview of the differences between development and production mode.

Basicly you just need to execute the following, to set your profile to production mode:

$ echo export NODE_ENV=production >> ~/.bash_profile
$ source ~/.bash_profile

Some best practices. What to do and what not to do in Javascript.