New Domain Names

As part of re-arranging my online presence, the purchase of two new domains was part of the plan.

Re-arranging My Online Presence

As I have undoubtedly stated numerous times before, the eventual purpose of this site is to bring all of my online activity to one place, a hub of content if you will.

Just over a year ago I made the first move by renewing WatfordJC.com for another 2 years. You may consider renewing a .com for two years as nothing out of the ordinary, however, my actual thought process at the time was "I had better renew this domain otherwise a huge chunk of my online identity will disappear".

The fact of the matter is that I know how long it takes me to do things, including things that I want to do. This Web site is evidence of how slow I am at completing tasks. That is not to say that I did not have a timescale in mind a year ago.

Deserting USA

Perhaps a tad melodramtic for a heading, and I'm not sure if I was aiming for that or not. Anyway...

The second stage in my plan came a couple of months later in February 2014, when I bought WatfordJC.co.uk and (after a couple of days of negotiations) JohnCook.co.uk.

Now you have to bear in mind that I was not thinking in terms of "what can I do now?" but rather "how can I completely rearrange my entire online personas?" Nominet were opening up second level domains (SLDs) for .uk and the rules decided on were that if someone owned a .co.uk at a certain date then they would have "right of first refusal" for 5 years (or put another way, if you own the .co.uk you have 5 years to decide whether you want to purchase it or not).

Although I did pay quite a lot of money for JohnCook.co.uk, I wanted that domain for any professional or business site I may have at a later date. By buying it when I did, however, I was also getting the right to buy JohnCook.UK, which I intend(ed) to use for my public persona.

As for WatfordJC.co.uk, I bought that for two reasons. The first was to gradually move everything over from my .com so that I was less tied to America. The second was that it would give me the rights over WatfordJC.UK, which I intend(ed) to use for my less public persona (i.e. somewhere I can put my rants when they contain strong language).

So, between December 2013 and March 2014 I had decided on a plan, if you can call it that. When Heartbleed hit I took my servers offline anyway, and at that point I (If I Recall Correctly) moved www.watfordjc.com's base domain to web.watfordjc.co.uk. Google still has results for site:watfordjc.com partly because remnants of it still remain and possibly because of my use of 307 temporary redirects - web.watfordjc.co.uk is not a "permanent" location of anything.

My .com now is pretty much used for nothing. Everything is either using one of my .co.uk's and/or is using TheJC.me.uk - my "core" domain that isn't much to look at in terms of the Web, but is used extensively behind the scenes from DNS servers to mail servers and Dynamic DNS. The only thing left to do with my .com is to create new "permanent" redirects, but I need the target locations to actually exist first, which as you might have guessed is slow going.

Rip Off Domain Registrars

One thing that really annoyed me (I'd rather say something stronger but I want this page to have a SFW flag) is that when the .UK SLDs came out my (former) registrar, 123-Reg, started advertising "pre-orders". When the actual date came when the SLDs were available to purchase 123-Reg were charging a premium over .me.uk, .org.uk, and .co.uk.

Nominet had ruled against themselves charging more for .UK Second Level Domains because they eventually decided there was no business case for doing so. Had they not reached that conclusion there would undoubtedly have been even more people claiming the only reason Nominet were doing it was as a money grabbing exercise.

After another argument with 123-Reg about an unfair change in terms where I would have to pay a fee to take my business away from them, I became a self-managed Nominet registrar and transferred my .co.uk domains away from them. Eventually, that is - 123-Reg's systems did not accept my registrar tag because they manually update their list of registrars, meh.

Now the only issue with moving the domains to my own tag was that the cost of renewals is rather steep and as a non-member I can only renew domains when they are up for expiry. After a lot of pondering over the issue my ESA back payment came through and I decided to use a large chunk of it to become a Nominet member.

Although the 120 GBP per year membership is expensive, at £10 per month it doesn't sound that expensive. Especially when it means I am my own registrar and I have pretty much full control over my domain names with no middle men in the way messing things up.

On Christmas Day 2014 I took the plunge and registered both WatfordJC.UK and JohnCook.UK using my Nominet tag. I couldn't be bothered to boot up my laptop to use GPG-signed Automaton e-mail requests so used the Nominet Web interface armed with my Google Authenticator 2FA. Not long later I had my new domains registered for 2 years (I'll renew them when I have some spare change) and ignoring my Nominet Member Fees I paid "cost" price for them - no rip-off middlemen adding their cut.

Less Than 12 Months To Go

There are less than 12 months to go until my .com expires. There is a little over 14 months until WatfordJC.co.uk expires. The first thing I will need to do is move all e-mail contacts to domains that I won't be allowing to expire.

The one advantage I am going to have of changing my e-mail addresses from *@watfordjc.co.uk to *@johncook.co.uk is that I started switching to *@watfordjc.co.uk after switching to a dedicated e-mail address for each contact. Therefore I know exactly where I need to change my e-mail address and where I don't.

Switching domains is, however, going to be much harder when it comes to Web. Although it will be rather simple to switch JohnCook.co.uk to JohnCook.UK, switching from WatfordJC.com and WatfordJC.co.uk to WatfordJC.UK is going to be much harder, especially given the .com is already giving invalid certificate errors (has that certificate expired yet?)

In fact I spent half an hour yesterday trying to work out which configuration file is responsible for web.watfordjc.co.uk actually working and was left frustrated and confused. What I am likely going to have to do is transfer the content from that site to the new site, get the new domains working, and then close the old site down and put in a load of 301 Moved Permanently redirects to the new domains.

HTTP/1.1 301 Moved Permanently

I am not currently using MySQL anywhere on this site. The reason is mainly to do with performance and giving less surface area for possible cracking attempts (you can't crack a user database if no such database exists).

Because of that, every file is manually modified when I make a change that requires all content pages to have an identical change made so they function as intended.

The most pertinent thing here is when it comes to 301 redirects. All 301 redirects will be manually coded. All pages with SFW == SFW (as opposed to equalling NSFW or NULL) will have a 301 to their new permanent location at JohnCook.UK whereas all SFW == NSFW pages will have a 301 to their new permanent location at WatfordJC.UK.

How is the SFW flag determined? By the content of the page. That means I need to read every page before deciding whether it is SFW (Suitable For Work) or Not (Suitable For Work). With a lot of content on multiple sites, this will take a while.

HTTP/1.1 300 Multiple Choices

Some pages will have SFW == NULL, meaning that it is neither SFW nor NSFW (i.e. it has different content on JohnCook.UK to WatfordJC.UK. One example will be the home page, where the canonical link is in fact the current page.

As far as redirects go, that leaves a bit of a conundrum. In fact, JohnCook.co.uk will be in an identical position to WatfordJC.com, WatfordJC.co.uk, and Web.WatfordJC.co.uk - no 301 can exist because the canonical location of the requested content is indeterminate.

Ergo, the 300 Multiple Choices HTTP response code is most suited for this purpose. If it is impossible to redirect to the new page because there are multiple possibilities (such as /news.php going to / at two different domains or /status at a completely different domain... things are going to be complicated.

And herein lies the problem: in order to make things uncomplicated, I have possibly made them too complicated for me to uncomplicate them. Google says a redirect should go straight to the target page, which means I will need a complete list of 3 different domains with cross-references of what target goes to what page(s) which will undoubtedly be a complete mess.

So, what will be the first stage? MX records for the new domains and the creation of TLS certificates for Web.WatfordJC.UK and Web.JohnCook.UK (because, for the time being, I am going to stick with the Web. sub-domain naming convention).

Bringing Electronic Mail and Telecommunications In-House

Another underlying issue is that of brining all my communications in-house. Progress has stalled on the e-mail side of things because of the complexity that will be involved in making things "as secure as possible" resulting in never-ending procrastination of doing what needs to be done.

On the telecoms side of things, things are working even though the set-up is not how I wanted things to be. SMS messaging is cobbled together in such a way it is a suprise it works at all.

I will not be able to fully bring e-mail in-house any way. My mail server has been using the same IP address for the last 3 years and is not on a single black-/block-list. A consumer ISP connection is the sort of thing that should never be sending e-mail. Virgin Media don't offer consumers static IP addresses, and even if they did I have no idea what sort of trouble the previous holder of such an IP would cause me by way of reputation.

Ergo, even if I do bring all of my e-mail in-house, I will still need to relay outgoing and incoming messages through my VPS. This does, however, have an upside: bringing Web in-house.

Bringing Web In-House

When it comes to the surface area for attacks, hosting anything on a consumer ISP connection is problematic. On the plus side, however, Virgin Media determine their Fair Use Policy on uploads so if my residential connection were to come under attack I could just drop the incoming (D)DOS traffic without responding to it (i.e. silently dropping packets).

At the moment my Digium D70 needs to connect to a Web server to obtain the configuration files, and for me to SSH in to my home server I need a (sub-)domain that resolves. For my IPv6 tunnel endpoint at home to function, it also needs to be pingable by Hurricane Electric.

Anyway, as things currently stand on my VPS my Web-facing server is mostly an HTTPS (TLS) termination endpoint. As mentioned previously in this article the configuration is a complete mess and I don't even know how things currently work, but it is feasible that I could do things so that NGINX is in front of Varnish, and Varnish is front of a CJDNS tunnel to lighttpd on my Home Server.

If with a bit of mystical DNS magic I can make it so that LAN traffic goes straight to the home server instead of via my VPS, I might be able to create a LAN-Only Web server, more commonly referred to as being on the intranet.

A quick sudo du /webroot/ -sh and a bit of waiting later, my VPS has 5.6G out of 30G hard disk space for the Web server chroot and files. Likewise, mail is taking up 292M of disk space, which compared to Gmail is nothing. What is most surprising has to be that my home directory is taking up 1.7G... 1.6 GB after deleting a file called "zerotest".

No, what is most surprising has got to be that I'm using 50% of available disk space and I don't know why. It appears that a lot of little things add up to a big amount of space, and I should really have a clear out.

Anyway, it should be possible to set up my VPS to be a reverse caching proxy for my home server. With a 14-17 millisecond IPv4 ping round trip, and a 32-45 millisecond IPv6 ping round trip, and a 32-42 millisecond IPv6 ULA ping round trip, it does look like IPv4 would be the preferred route but then it doesn't have any security. Oh, hang on, a CJDNS round trip ping response of 15-18 milliseconds looks very nice indeed, and it should be secure.

The next question: Is 20 milliseconds of additional latency going to be a massive slowdown? I don't think it is. There is one major advantage of moving my Web sites in-house and that is RAM availability on my VPS. At present I believe PHP processes and lighttpd (and mysql) use a rather large proportion of available RAM for my Web sites.

In fact two php5-cgi processes are using 3.7% and 2.4% of available RAM on my VPS, with a third using 0.6% of available RAM, and multiple imap-login (dovecot) processes using around 1.5% of RAM each (although I expect they are sharing some memory). mysqld is using 1.5% of RAM.

My Home Server has 8 GiB of total RAM (compared to about 512 MiB on my VPS). My VPS is using 468/487 MiB of RAM, with 296 MB used for buffers/cache and 191 MB free (not used by) buffers/cache.

For comparison, my Home Server is using 6,090/7,439 MiB of RAM, with 2,696 MiB used for buffers/cache and 4,742 free (not used by) buffers/cache. The most telling thing has got to be that I have 1,348 MiB or RAM that is "free" and not being utilised at all (at least with the applications I am currently running).

Of course, if I were to stream a movie, or do something that uses a lot of memory, some (or all) of that free memory will be eaten up. On the other hand, I have a spare memory slot in my home server's motherboard that would allow me to double my RAM to 16 GiB if such a need were to arise.

Anyway, by moving PHP and the heavier (Web) MySQL in-house, that would free a sizeable chunk of RAM on my VPS making it available for Varnish to use for caching. By bringing all my e-mail in-house so that my VPS is only used to proxy messages, that would further free up space but then that is slightly more complex an issue because I would have to decide whether my phone should be using a VPN all the time so it can tunnel to my home server when I'm out and get new mail. That is a question for another time, however.

Create WatfordJC.UK On My Home Server?

I have not yet decided upon how I am going to do things, and whether I will or will not use a reverse proxy on my VPS to my home server or not. It is, however, something I will be considering.