0 25 min 7 yrs

There have been lots of problems with our GNUsocial instance, starting at the very beginning with Identi.ca, which rendered Identi.ca users unable to subscribe. We’ve learned a lot, but now stuck between a rock and a hard place. If there is any single rule to running a GNUsocial instance, it’s this: DO NOT EVER CHANGE YOUR URI. All of OStatus is built on your GNUsocial profile URI, and if you change it, everything falls down like a house of cards. For this reason, when implement HTTPS, we left it in mixed mode and web servers responded to both types of requests, and things were good. Sort of. More on that later.

Register easy domain like YourName.social or MyNews.media or our.party at http://indiahosting.org with VPS Hosting and start your own social media or community.

Another key to keeping GNUsocial working is not messing with the database. We have seen half a dozen instances go down in flames because the database has become corrupt somehow. The last thing we want to do is to mess up the database. Sometimes, people will request we make a change that requires us to run a command directly on the database, and we ignore them. Keep multiple backups in place in case we needed to revert.

The reason this has all come undone is due to both GNUsocial and browsers enforcing higher security. Browsers don’t allow mixed functionality like they used to, so the realtime plugin no longer works. The meteor server only talks HTTP (as far as I can tell), and I haven’t had a chance to look at replacements. GNUsocial has also removed the “Mixed” setting for HTTPS from its software in a recent update. You now have two choices: completely disable HTTPS, or force it everywhere. Because we have subscriptions registered in both plain HTTP and HTTPS, this causes a problem.

GNUsocial has created a catch-22: it no longer allows instances to respond to both HTTP and HTTPS addresses, but does not have the ability to correct bad OStatus URIs. GNUsocial broke it’s own golden rule by changing URIs, and doesn’t remove the need for the rule.

To install GNUsocial, install the required libraries/daemons/etc using the following aptitude command:
apt-get install php5-fpm php5-gd php5-mysql php5-intl php5-memcache php5-memcached mariadb-server

You also need to enable backports on Debian to get a more updated version of nginx. This allows you to enable HTTP/2, which saves a lot of traffic overhead.

aptitude -t jessie-backports install nginx-full

Setting up the database/user in MariaDB is beyond the scope of this article. If you don’t know how do that, running GNUsocial is going to be a rough ride. You might want to reconsider.
nginx configuration

The nginx configuration that FragDev uses has several modifications over the default GNUsocial nginx configuration.

server {

# Enable HTTP/2 to speed up connections
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
root /var/www/micro.fragdev.com;
index index.php;

location / {

# Try fetching requests in the following order:
# – Look for a static file at that address
# – Look for a directory at that address
# – Rewrite the address
try_files $uri $uri/ /index.php?p=$uri&$args;

# Prevent any avatar images from being run as PHP
location /avatar {
location ~ .php {return 403;}
try_files $uri =404;

# Prevent any user-uploaded files from being run as PHP
location /file {
location ~ .php {return 403;}
try_files $uri =404;

# Parse PHP files
location ~ .php {

# Using try_files prevents PHP from having to process 404s
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
include fastcgi.conf;

[ Other common configurations… ]

This is much simpler and faster than the stock nginx configuration, because it removes a regular expression rewrite with a simpler, faster try_files entry. At high volume, this could save a decent amount of CPU – on our instance, it wasn’t terribly noticeable.

HTTP/2 handles multiple requests for things like avatar images and other files with a single connection, saving a bunch of redundant connections and HTTP headers. Extra bandwidth is always nice.

GNUsocial is the most demanding services I run, by far. The strain on the database from all of the different GNUsocial, Friendica, etc. instances retrieving their subscribed users’ feeds is more than I anticipated. Luckily, this story has a happy ending!

TL;DR: Install php5-memcached and memcached, enjoy fame and fortune.

For months, resource usage on my VPS has been creeping up. This month it finally broke 100%, or one whole CPU busy on average, which was a little scary. There are people (including myself) who depend on my VPS for their business, and that meant something needed to be done.

I scheduled an upgrade of GNUsocial, and started looking into possible solutions. Since the load was mostly DB-related, I started cleaning out old subscriptions (more on that later), and looked into caching. A cached query is one less query, right?

I’d heard about memcache, but never used it. A quick install later, and it was running (woo Debian). I learned that there are two PHP libraries for memcache; the “php5-memcache” library and “php5-memcached”, which uses an external library and is generally preferred on unix-y systems.

I enabled the memcached plugin, installed php5-memcached, restarted php-fpm, and found that things were running much faster! Overjoyed, I posted a notice that maintenance was complete, and refreshed my timeline… which did not refresh. It seems like the memcached froze my timeline, which was not ideal.

I enabled the memcache plugin, and it caused an infinite loop of redirects. Also not the greatest.

I disabled them all in my GNUsocial config, but left the memcache server and PHP extensions installed. I remembered seeing a merge request in MMN’s blog that gave me hope:

38ac5a7 Automatic memcache support enabler for config

After a check this morning, my CPU usage is hovering around 30%. Apparently, if you have a memcache server running, GNUsocial just uses it! Fantastic!

I’ll be monitoring it closely for the next few days, but I think that has solved my performance issues. Thanks, GNUsocial!
No Vacancy

With over 50 registered users, the FragDev GNUsocial instance is much larger than I ever expected it to grow. To be honest, I figured it would probably be my own personal instance and not much more.

Instead, it’s become a collection of the finest users around. I really like most people on my instance, and I enjoy the fact that I can help them use GNUsocial.

However, with the exploding popularity of GNUsocial, it’s also upped the load on my VPS. GNUsocial takes up around 30-50% of my CPU to do whatever it does, so I’m taking a couple steps to curb that.

The most public facet of this is that I will no longer be taking any new users on. We’re full up! If you want an account at FragDev, you’re just going to have to shower a current user with bribes until they give you their spot. Register a YourName.social or MyAgenda.blog or just a joint.family at http://shop.osspl.com with VPS Hosting and start your own social media.

Feel free to copy some ideas and details from live Mastodon social media. Visit https://t.wisepoint.org

Leave a Reply