Godaddy killed my site

billy2

This is going to be a chronicle on how to build a site/app for onshape.

Turns out last month godaddy decided that traffic from onshape was deemed subversive and shut me down.

Godaddy shutting down my request:


So the way it works is onshape makes a call to www.rustyshed.com and displays the content inside a tab. The words "Not Acceptable" are being generated by godaddy's server where I have a shared hosted account. 

Onshape supplied me with a traceroute which allowed us to see who was shutting down the request.

Godaddy support telling me my site had been hacked:


I reviewed every line of code, about 1,000 lines, and found nothing. They did offer a service called sitelock to cleanup my site which didn't find anything wrong, no security breaches.

Godaddy's refund for sitelock:


Ok, so this is bullshit. 

I've been with Godaddy for a few years and like their support. I question their server speed as they are popular and host 50% of the web traffic out there. The blame is mine trying to get onshape to talk to a shared hosting plan and really should have been my own server. I don't fault Godaddy, their system admins are just trying to save their hosting service from a foreign attack. This is just a case of using the wrong tool for a job.

Ok, if you're going to create an app, don't attach to a shared server plan. Most web hosts use shared hosting such as cpanel.

So what do you do?

I'm now using digital ocean and will move my site. I'll still keep my dns lookup at godaddy as well as my ssl certificate.

To spin up a droplite on digital ocean was painless and it came fully configured.

I've choosen ubuntu LEMP thinking it's going to smoke godaddy's hosted servers:

Now I host many videos which bind up on large file transfer using nginx so I'll have to deal with that. Probably just host videos at youtube. The nice thing about nginx is that it handles 10,000/sec small requests easily. My site pings my server constantly for information making my site interactive. In the past I've used apache which is the grandfather host package. It's good for long transfer requests but limits 100 request/sec. Either of these will work fine for my site as traffic is low.

My new working site that does nothing:




Now I have to: 
-build a developer stack & production stack
-build databases
-hold breathe and update DNS servers
-update ssl certificates
-cross my fingers and hope it shows up from onshape

If you've never transferred a site, the transfers will occur faster than I can type in the ssh commands.


If you've used timecards, I backup the data daily, weekly & monthly so its safe. Once the site's transferred you'll never know it, except it didn't work for a while. The site still works at www.rustyshed.com. If you don't have a timecard account, Lou & I have decided to remove timecards from the apps store until it's transferred to a working host. I have no authentication at timecards and rely on onshape to create an account and authentication. I have no code to let new users into timecards.

Sorry for any inconvenience,

billy2

New server:
-freak'n fast
-extremely secure

If you're going to write an Onshape app I highly recommend a dedicated server. Should have done this a long time ago. You can type my new IP address into a browser but my site won't know who you are. Once the name servers update, this will start working. Also, since I use onshape to authenticate users, I can't create new users, this will start working when the name servers are redirected.



Remaining tasks:
-update ssl
-update name servers
-test with onshape


Completed tasks:
-spun up a dedicated nginx server
-lock that mother down, (make it secure)
-create both a dev stack & prod stack
-attach DB and lock it down
-transfer data from godaddy

billy2

Want to build an app?
I don't know how many people will want their own Onshape app. You don't have to sell it in the app store to have an app and if you have a large engineering team, there's no better way to share information with your colleagues.

Can you believe people are still using spread sheets for part number management and assignment. This really blows me away. This is one of the dumbest things we do.

I'm writing this for those who might want to manage their own database. It's pretty easy to do and will allow you to track anything from anywhere in the world. It's so much better than the file based systems that we've used in the windows world which were locked to private networks and really funky to setup. 

I want my own server
Typically people will pay for a server from a provider. Currently there are 2 basic options of providers giving you shared & dedicated. Shared environments are old and crippled with dedicated being newer, faster, more configurable and in my case not shut downable.

Shared account
Godaddy, eHost, gatorHost are a few host providers with shared accounts. You'll see with these guys use a login & admin page from something called cpanel which is what they run to offer this service. They can attach as much hardware & users to this huge pool of people serving up 1,000s of web pages. By far this is the most prevalent way to build a web site today.

Dedicated server
Digital Ocean, Heroku, Meteor are newer providers filling in where shared accounts fall flat. You get a whole lot of options when you get your own server.

So you want your own dedicated server? It's not that hard. I'm sharing what it took to spin up a server at Digital Ocean. It's not that hard to do and it's soooooo much better.

With a dedicated server you get a prompt much like the days of DOS. In this case it's unix and I'm using a terminal on my mac.


I log into my server and now I'm working on that computer. It's a unix machine so you'll have to learn a little unix.


Setting up the server is pretty easy by just following what others have done. There's no way to talk to someone at Digital Ocean but their support is more than adequate to get things working correctly. Everything I wanted to do was in a support blog and all you end up doing is cut'n & paste'n things from the blog post to your server. Boom, done!

I chose a lemp stack configuration when setting up my server so everything came pre-configured. It's a good habit to edit the configuration files and lock your server down. Once again this wasn't that hard to do since it's all in a blog post. It's not that hard to take a virgin server, load it up & then configure it.

BTW I changed the mysql password after running mysql_secure_installation. Also, the DB doesn't have remote access enabled so you can't get in. This is far more secure than any shared account.

So what's wrong with shared hosting?
-it's slow
-there's only so much they'll let you config
-other processes can kill your site
-most recently if they don't like your request they'll shut you down

shared accounts have gui interfaces and are easier to spin up & manage, but the trend is moving away from these huge massive systems. At godaddy, the system admins are so worried about attacks that they're stopping & shutting down traffic. Not good at all. Not sure who this is, just shut it down.

nginx
So when you go to a web site, the server creates a process with apache, php and everything else you want. Once it's done serving up the content, the process is killed and the server waits for the next task. With old technologies this means a server can handle about 100 short requests/sec. So if 10 people ask for a file to download (long request), there's a good chance the server would be so busy serving up those 10 files to different people, the 11 guy would have to wait till the server calms down. The 11 guy would receive a denial of service meaning the server is just to busy. All I need to do is keep the server busy and others can't use it.

nginx doesn't replicate apache & php but instead uses interrupts to handle requests. Bandwidth switches from 100 request/sec to 10,000 request/sec. This is much better and the reason I chose it for the software running on my server.

Godaddy's denial of service
Often, while hosting at Godaddy I'd get this. This is a denial of service which means their servers are just too busy to handle my request. I paid extra money to prioritize my requests, but it didn't work.

Godaddy's support is pretty good, and they would often say "I'm not allowed to program, but if I where, I'd do this". Digital Ocean support is totally online and very good. I don't need to talk to someone, but would rather search for the answer. Digital Ocean is far better and easier to do.

If you're interested in tracking some data for your engineering department and want to setup a server, let me know. It's easy.

billy2

Turns out there's several name servers that have to be updated.

Digital Ocean's DNS


So when the request is submitted to digital ocean, they now know where to send it. The request will be sent to the A record. Also I setup ip6 which I didn't have before and I'm directing all subdomain to the main site. I don't use subdomains.



Godaddy nameserver:
Since "rustyshed" is registered at godaddy, I have to point rustyshed to my new digital ocean name servers.



Now I'm waiting for it to take place. It takes a day to propagate.

I still need to hook up ssl & test with onshape.

billy2

Timecards started working again through godaddy.



This forum post obviously scared godaddy into rethinking their policy on shutting down website requests and they're now letting my site work.

I'm tired of dealing with them and I'm still marching forward toward digital ocean.

Sorry for the delay of this transition and resurrecting timecards. I have a full time job and I'm limited to working on this Saturday mornings. While your kids are watching cartoons I'm coding away on this website. I enjoy building websites but sometimes it takes longer than I wish. Up rooting a website and moving it somewhere else just takes time. I'm hoping that by posting steps to transition/building a website, maybe I'll be forgiving for the down time.

Once it's done, it'll be worth the wait. I'll have a professional website hosted on the best provider using the latest/fastest server code. It's going to be much better. I'd like to get past the transition and back to writing apps. I'm thinking about a part number app which might be useful and can't wait to spin that website up.

Anyway, it shouldn't be too much longer.

Sorry for hassle,

billy2

Name servers updated last night and timecards is live using www.rustyshed.com.



If your browser sets cookies based on URL, you'll be able to access your data by going to www.rustyshed.com. If your browser uses IP addresses, then the cookie isn't valid and you won't be able to get in. Timecards will not work inside Onshape as Onshape is all about security and my data transport isn't encrypted. If you use timecards at a coffee shop, someone can snoop and read the data. ssl fixes this.

Onshape requires an ssl for all apps. ssl's provide secure transport from the browser to server and is generally a good idea. Google announced yesterday that sites with ssl will be ranked higher than those without.

I have a ssl certificate through godaddy and will be hooking it up to nginx. This will establish a good connection to onshape and allow me to authenticate users and reset cookies. It'll also allow me to accept new users.

I'm on the final stretch trying to relocate to a more professional server. 

billy2

Updating the name servers allowed me access to my account. I was able to access my data without logging into my account. Rustyshed on a new server was able to read the cookie and logged me in. I'm using chrome 


Checking timecards inside Onshape, don't believe this error message, Onshape is refusing to connect because it's not over an ssl connection. RustyShed is willing to talk, Onshape is refusing the connection because I'm not secure. 


This will be fixed soon.

billy2

Got ssl working. Took godaddy about 5 minutes to regenerate a new certificate for my new server. Not bad!



Yeah baby!

That https:// is what it's all about. I've added a server directive to nginx to force all traffic through https. Why not?


And the final test:
This is what this whole thread has been about, making it run inside Onshape.



Yes, it's easy. I have no idea what will happen when you goto timecards, my account worked. If timecards sends you to onshape, go ahead and login I'll sort everything out.

If it doesn't send me an email billc at rndengineering dot com.

Also the MX records are messed up on my new server but it won't be hard to fix that issue. So billc at rustyshed dot com doesn't work currently.


Things left to do:
-get MX records updated
-have a beer