I decided to contact Dreamhost about my Apache logs showing 200 statuse codes for all mod_rewrite
responses. It took seven back-and-forths to get across what was happening, discuss options, and conclude that “DreamHost systems are configured with a default environment meant to meet the most common webapp and customer requirements”.
dreamhost posts page 2
Dreamhost, mod_rewrite, and logged status codes
I’ve done some more testing on the problem I mentioned before of all requests showing up as 200
‘s in the Apache log on my Dreamhost shared server. I’m pretty sure it’s specific to their mod_rewrite
module.
Dreamhost must’ve had an outage of some sort this (last) morning. I noticed a little after 11 that I couldn’t upload anything to or log into my (shared) server. My sites were inaccessible. I tried the sites of a couple other people I know using Dreamhost (also shared), and they were also inaccessible, so it must’ve been something somewhat significant. Strangely, nothing relevant was on Dreamhost status. I tweeted about it at 11:20 and got a response from DreamhostCare that they were looking into it. They didn’t say anything more, but I noticed things were up and running again around 11:42. I found later that it must’ve been a DDoS on their nameservers. Outages have been rare, but certainly annoying when they happen.
Got moved to a new server in a new datacenter by Dreamhost this weekend. Seems to be significantly faster than the old one for first page load, like an order of magnitude. It’s more in line with what I get when testing locally. I assume the server I was on was just overloaded. It had often had a load average in the 6’s or 7’s. I had been wondering what was wrong and if I should swtich to VPS. This one’s been at less than one. Hopefully it stays snappy and doesn’t get too loaded up over time.
Dreamhost now has PHP 7, so I’ve switched my main sites to it. Seem at least slightly faster.
On my site, I’m using Apache’s ‘mod_deflate’ and ‘mod_filter’ to compress my compressible responses (mostly text), with a setup based on h5bp’s server config. I got my sites running over HTTPS recently, and today, when looking at my site performance with webpagetest.org, I noticed that my content wasn’t compressing. It was still working fine over HTTP. I noticed in h5bp’s comments that <IfModule mod_filter.c>
could be removed in Apache versions below 2.3.x. I removed it, and sure enough, compression was working again. I’m not sure why it’s different depending on what protocol I use. Perhaps Dreamhost has separate versions of Apache running for the two protocols. Or perhaps it’s just something different about the configuration in the virtual hosts. Regardless, it’s working now. I just hope this doesn’t cause problems whenever they move to Apache 2.4.
Struggling to figure out why every response from my Symfony application is showing up in the log files as a ‘200’ status. I thought it was related to this and this, since I’m running under FastCGI on Dreamhost, but attempting to set a Status
header didn’t help. Setting a regular response header in a plain PHP file does work, in fact. If I use ‘mod_rewrite’ to write another URL to load that same plain file, however, the status shows as ‘200’, so it must have something to do with ‘mod_rewrite’. Must get to bed though, so I will have to try another day.
My sites now HTTPS with LetsEncrypt
My sites are now HTTPS-enabled with LetsEncrypt. It was easy to set up with Dreamhost’s panel. It was just a few clicks and some waiting. This is the first time my own sites have been available over HTTPS. I’ve been wanting to do it for a while, but it was kind of costly until the free LetsEncrypt became available. This brings my sites in line with the “HTTPS Everywhere” movement. I’ve also been wanting to play with the new installable apps forming standard for making web apps installable almost like native apps.
I had written a post before about how I’m setting my security-related headers. I’ve now added an HTTPS related header in a similar manner: HSTS.Upgrade-Insecure-Requests
and
Dreamhost now supports LetsEncrypt even with shared hosting. LetsEncrypt provides free SSL certificates. I’m going to have to try it out on my domains. My plan is to make my visitor targeted domains have https as the canonical protocol but still support http for older browsers.