- Hide menu

Blog

Migrating WordPress and setting up SSL on new host

I’ve just gone through moving a set of WordPress sites that was part of a multisite network on a Digital Ocean droplet. The motivation was having the multisite move off Ubuntu 14 to the more recent version Ubuntu 18.04.5 LTS so I could use certbot to install and keep up to date SSL certificates from LetsEncrypt.

There’s a lot of opinions, suggestions and tips on how to do this. One of the most informative is here. Essentially, there’s two approaches. Use the built in Export/Import fuction that exports an XML file that can be imported on another WordPress site, or a plugin that backs up everything and migrates it on another host at the filesystem level.

The benefit of the latter is that if you have a highly customised site with lots of plugins, after migrating to a new host, everything should just work. The downside is that there are many tools, none are free, and it’s not clear if it will work until you pay for the plugin.

Since my sites were relatively straightforward, I used the built in Export/Import function and then manually installed the required theme and settings. This might not work for complex e-commerce and customised sites.

To get SSL working, these tips on Digital Ocean is helpful: enable-https and apache-virtual-hosts. After setting it all up, you should check that you have all your virtual hosts setup properly.

Then check to see the quality of your SSL implementation at ssllabs.com. To get an A+ you might need to disable old protocols like TLS 1.0 and weak ciphers. And enabe HSTS. When that’s done, sit back and smile.

Accepting IPv6 ICMP on UDM and USG routers

There’s no clear instruction on how to allow this via the Unifi Controller. On my UDM running 1.5.6.2150 the solution is to Accept IPv6-ICMP protocol on the WAN-IN interface of the Firewall. Most settings say to use the WAN-Local interface and the ICMPv6 protocol but I found that my setting is the one that allows this https://ipv6-test.com to pass. Note that running this web site test yields different results on Safari, Chrome and Firefox. Chrome passes 20/20, Safari gets 19/20 and Firefox gets 18/20 as at this date.

Use your Fujifilm camera as a webcam on macOS via USB

Just saw a video on using Fujifilm cameras as a web cam on Apple computers. Basically the steps are:

  1. Download and install Camera Live app on Github
  2. Download and install CamTwist Studio
  3. Run a command on your Mac via Terminal on the app you want to use the camera on
  4. Setup your Fujifilm camera
  5. Connect and go

Here are some tips on each of the steps:

  1. I’ve tested version 13 alpha on macOS 10.15.5
  2. I’ve tested version 3.4.3 on macOS 10.15.5
  3. The command to run in Terminal is
    “sudo codesign –remove-signature /Applications/<name of app>”
    I’ve tested this with Skype. Others are reporting that it works fine with Zoom.  For Skype, the command would be:
    “sudo codesign –remove-signature /Applications/Skype.app”
  4. Set camera to photo, not video, mode;
    In Connection Settings, select USB TETHER SHOOTING AUTO;
    Set camera to manual focus, and focus (You can try setting Pre-AF to On);
    Set exposure to manual and dial it in, check how it looks in Live View.
  5. Connect USB cable between camera and Mac;
    Start Camera Live app and select the Fuji camera (see image below);
    Start the CamTwist Studio app and select Syphon as the video source, and Camera Live in the Syphon server dropdown menu (see image below);
    Start the app you want to use the camera with eg Skype, and choose CamTwist as the camera (see image below).

How Preview settings in Lightroom Classic affect processing times

Lightroom Classic users know that there are five types of previews. The original four are Minimal, Embedded, Standard and 1:1. Then Smart Previews came along with the cloud based Lightroom. You also probably know that the time it takes to render 1:1 previews takes a lot longer than Standard and Smart versions. But you probably don’t know how much longer.

Here are some times for creating previews for 500 Nikon D850 Raw/NEF files using a 2017 iMac Pro with 3.2Ghz 8-core, 32GB RAM, 1TB SSD:

Import with Minimal Preview: 9 seconds
Rending Smart Previews 110 seconds
Render 1:1 Previews 471 seconds

So 1:1 Previews take almost 5 times longer than Smart Previews. About 1 second per file. One could argue that since Smart Previews allow you to edit with full functionality, there’s probably no benefit to use 1:1 previews anymore given the processing time penalty.

But what you may not know is the generally used Standard Preview has a setting that can also dramatically affect the processing time to generate previews. In the Catalog Settings, there is a Standard Preview Size. The default is an “auto” setting that Lightroom sets based on the resolution of the screen the software is running on. For an iMac Pro, that is a huge 5120 pixels for it’s 5K display. For a Retina MacBook Pro 13″, it is 3360 pixels.

Here are the times for generating standard previews for the 500 Nikon D850 files:

Standard Preview @ 5120px 219 seconds
Standard Preview @ 2880px 23 seconds
Standard Preview @ 2048px 19 seconds

The time required to render 5120 pixel previews is almost a whopping 10 times slower than ones at 2880 pixels, and Smart Previews take 5 times longer than the 2880 ones.

My takeaway is for my iMac Pro, set Standard Previews to 2048, and use Smart Previews instead of 1:1 Preview for the best compromise of speed versus detail.

 

Building a private DOH server with Pi-hole and DNS-Crypt

There are good reasons to have your own private secure DNS server, with the Pi-hole ad-blocker. If you want to setup a private server on your home’s network, you can have a read on why it’s a good idea, and how to do it via https://scotthelme.co.uk/securing-dns…. I didn’t want to have a box running on my home’s LAN so wanted a way to set up a DNS server on the Net that was accessible when I was at home or out and about. This only works well if you can get to the server securely, and that’s where the DNS over HTTPS protocol comes in. Here’s a guide on setting a DOH+Pi-Hole server up at the rent-a-host Digital Ocean:

1. DOH server on Digital Ocean with Pi-hole

2. Setting up MacOS client to use the DOH server

3. Setting up iOS client to use the DOH server

1. DOH server on Digital Ocean

I used this guide to set up a DOH server: https://www.bentasker.co.uk/…dns-over-https-server; I followed all the steps with these exceptions:

  • Stopped at the Adblock setup stage. Didn’t need this as I was going to use Pi-hole
  • Skipped the firewall rules as I’m going to use the Firewall at Digital Ocean
  • The instructions are a little fuzzy on setting up administration access to Pi-hole. You’ll need to get a LetsEncrypt https certificate for the Pi-hole admin virtual server.

2. Setting up MacOS client to use the DOH server

Follow the instructions at https://github.com/DNSCrypt/…macOS; to install a DNS-Crypt proxy that talks to the DOH server we set up at DO. I’ve configured it to use only the DOH server setup in step 1, and not use any of the publicly available DOH server.

Also install a little utility called dnscrypt-proxy-switcher that sits on the menu bar that allows you to switch between different DNS settings.

3. Setting up iOS client to use the DOH server

Install DNSCloak • Secure DNS client on iPhone and iPad. Then add your DOH server from step 1.