 Okay, it's done. So, we're starting now? Okay. All right, cool. And I have to, like, stand here, right? You can sit wherever, just do whatever you want to do. Hello, viewers at home. My name is Kai Hendry, and I'm going to give a talk about PHP. It's those people there that are more important. Actually, no, you guys are just important. So my initial problem, and that video is here, I was struggling to deploy PHP on a lot of servers. I'm not into clustering. I think clustering is evil. So I have found a nice way to deploy PHP, and I wanted to share it with you guys. So, yeah, my previous video was a cry for help. If you see someone like me in the video, he is in trouble to send him a message of love. Don't let him do what he was doing. He went crazy, I think, didn't he? And I told you what I was looking for. I was looking at a way of deploying to PHP. I was looking at a way of reducing the complexity. You know, deploying typically what people do was, I guess, deploy NGINX with PHP on a Debian server. I mean, how do you guys deploy PHP? Do you have any idea? Does it really work for you guys? I use Docker. Well, I'm going to propose a Docker-type solution with you guys. So it won't be terribly new for you. Also, since Let's Encrypt came out, I wanted to make sure that my sites that I load up have SSL immediately. I didn't want to mess around. And with Let's Encrypt sort of NGINX plugins, I couldn't really figure it out. It looked a bit too complex. Same with Apache. I hate that stuff. So basically, I have now a good solution using CoreOS. Who knows what CoreOS is? No one. CoreOS is basically a Linux distribution that just runs Docker. But the added benefit is that CoreOS randomly reboots. It doesn't quite randomly reboot. It reboots in order to upgrade itself. So even a distribution that's just Linux and Docker, the Linux has to be updated security patch for one reason or another. And the way it does it is that CoreOS sort of downloads the updates and has another partition and then reboots. And it's a bit complicated. But I think RancherOS or something is probably better than CoreOS. But CoreOS is available on DigitalOcean. That's why I use it. I use SystemD. Who knows what SystemD is? It's a rocking way to manage your services. I'll show you a little bit about it. I use Docker. Who knows what Docker is? It's like a bloated version for containers. But it's pretty cool. And then I'm using also Caddy. Who knows what Caddy is? Caddy is a new web server. It's based on Golang's HTTP implementation. And the cool thing about that is that when HTTP2 comes out, I think it's going to have one of the best implementations, I dare say. And the cool thing about Caddy is that it can also do some other stuff. I'll show you later. And I wanted to boast that the setup here, besides me setting up the DNS and booting up a DigitalOcean instance, all the config is about 30 lines to set up my machines. Is that good? I think so. Can you beat it? I hope not. I hope you can, because then I'll get better. Here are the configs. Maybe it's best for me just to use the configs instead of me trying to explain to you what they do. Well, I can quickly show you. This is what a SystemD service file looks like. In the old days, they had these things called init scripts. Or is it called RC5 init scripts? And they're basically a shell script describing how a process starts, how it gets stopped, and how it gets reloaded and restarted. In today's world, in the modern world, 2016 world, we have SystemD. And the SystemD has this crux to say when it gets started, like after Docker, because it depends on Docker, and it has all these different lines. And this is actually a very complicated one. Maybe it's just an exec start saying what is the binary to run. But this one's a bit complicated because why is it so fricking complicated? It's because before it starts, it actually pulls down the PHP image. And it's a little bit complicated because of the binds to the web root and things like that. And it's a little bit complicated because if a Docker pull doesn't work, it restarts every five seconds, until it does. And Docker pull can sometimes not work because maybe the network isn't ready or the network is down, and that happens surprisingly often. Okay, what is my next slide? Well, my next slide, I wanted to do a quick demo for you guys. So can you guys offer me a prayer for the live demo gods? Because this never really works, does it? This never really works. And how much time do I have? Okay, so first step, I'm going to create a DNS record. Who uses Amazon Route 53? I'm going to call this PHP. Oh, no, actually that's a bad idea. I'm going to set up a core OS instance. For some reason, DigitalOcean asked me to use an alpha version, but I'm not going to use alpha version. I'm not going to use the $20 or $640. I'm going to use the $5 version. I'm going to show you Singapore because I'm not an idiot. I hate people that use the servers. Who uses a server outside Singapore? I hate you. None of you, thank God, hate you. I use it to watch Netflix. Netflix is available. No? And one of the dumbest things I've seen in my life is this whole, like, spawn four droplets. Why would you want to spawn more than one droplet in a location is beyond my... is beyond? It's just so dumb. It's unbelievable. But anyway, they want you to be dumb so that they earn more money from your dumbness. Don't be dumb. So, oh, I did something stupid. Sorry. I didn't... I didn't name... The important thing is to name your droplet with the right hostname. But this is cool because just a lotion takes only a few seconds to start up something. Not. Okay. So, I'm going to... Give me a name for a hostname. Give me a name for a machine. Something really interesting. How do you name your machines? Wombat. Okay, I'm going to call it Wombat.natalian.org, which is my domain. Okay, now that should hopefully work. So, what happens is I set up a CoreOS instance with the right... what do you call it? Domain. And the domain is important because that's how SSL works. Well, let's encrypt rather... let's encrypt queries that domain and then once that domain sort of matches up in a DNS way, then it gives you the SSL cert. Then I copy that IP to my DNS hoster thing, which is called root53 and root53 is pretty good actually. I recommend it. It's better than dreamhost. But then again, probably anything is better than dreamhost. So, okay, so I've got the DNS entry in there and hopefully it's going to update pretty quickly. And here is my new machine running CoreOS. Oh, I should probably get a bigger ST big. Can you read that? Okay, all I'm going to do now is copy this configuration which amounts to less than... what do you call it? What did I say? Less than 30 lines of code. Okay, so the candy file controls the web server and the web server just says what the root directory is and start PHP. It's kind of a fault. Okay, let me start the caddy service. Oops. What do you call it? onebat.natalian.org. So what you should be seeing is that once you start the service it pulls the Docker thing down and runs it. And with any luck, this would have worked. So onebat.natalian.org. Oops. Oh, I know why it's not working. So let's do the important sort of hello world in PHP. As you all know is PHP info. Sorry. SSL, PHP. Okay, it's not running the latest PHP 7 but I'm a bit conservative about running PHP 7. I don't know if it sucks yet. Does PHP 7 rock? Anyway, I'm using 5.6. So there you have it. I think I daresay that configuration file was six lines. The whole thing that sort of pulled down and manages the Docker thing is 18 lines. That's like 18 plus 6 is 24 lines of code to manage everything. And the cool thing about this is that the core OS, as I mentioned, keeps up to date. And then when it restarts the service, the PHP container, whatever, keeps up to date with that pull. Sorry, I did something weird there. So all I need to do now is just focus on my PHP code. What do you call it? The container, the PHP interpreter, there's probably a technical name for this. It just runs my app. And I don't have to worry about it. I don't have to worry about SSL. I don't have to worry about Linux updates. I don't have to worry about my wife. No way I have to worry about her. I have to keep on worrying about her all the time. So there you have it. And I can also probably show you the padlock. It probably proves that this has come down from Let's Encrypt. Why did you put the SSL cert? The SSL cert is actually cached by Caddy into this root dot. Caddy directory? You come from. You need to issue the SSL cert in the first place. Inside Caddy has this sort of Let's Encrypt endpoint or something, and it does a request and then it receives the cert from Let's Encrypt and then puts it in the right place and gets everything running straight away. This is what it does right before. Exactly. So Let's Encrypt is like a new way of doing it. And interestingly, Amazon has a similar service, but obviously only works with Amazon CloudFront or something. Okay, going back to my, was that all of it? Thank you for that live demo. I have a video doing exactly the same thing. If you didn't follow or if you want another video, this video would be online. Sorry, I really want to start back from the SSL point. So for the cert, you typically need to pay and get an issue. Yes, but things have changed. Probably you need to tell us more about that. Oh, okay. So there's this thing called Let's Encrypt. Actually, I don't really know the technical details, but the way Let's Encrypt, it's quite technical, but Let's Encrypt allows you to issue certificates. It has their CA installed everywhere and it lets you issue certificates based on your domain. It's interesting. I think it's Google and Mozilla, the usual assholes. They're great. I love those companies. It's a fairly new thing. I think I only launched like a month and a half ago, maybe two months ago. And it's got good backing. And previously, when you ordered an SSL certificate, they usually emailed you, like emailed webmaster at my domain. But now you don't have to do that. It just verifies it on your TNS. So how did Caddy manage to get the private key on to the instance? Well, it just generates one. And sends it over to Let's Encrypt. And then it caches it on your in-adopt directory. Then anybody could do a manual attack, right? Respectful of the domain. So when you issue the lesson with certificate Y, actually the script running on your server will ping the Let's Encrypt server. Then the Let's Encrypt server will ping back to your endpoint. So if you are doing it on a live server, you actually have to take your server down, run a Caddy or Nginx or Apache that have different modules to it. Then once they're verified on their server side, verify your domain is valid. This is a valid domain. This server is actually serving this domain. Then you will issue directly the certificate back to you. So it's basically saying that I own the host name, send it over to me, and it basically pushes it to you. So I think it's kind of interpreted as a lower form of a normal certificate because a normal certificate has more checks by the more check being checking your email address. But to be honest, that's not true. Does it work for wildcards? No, it doesn't. It doesn't work for wildcards. But they are trying to address that problem. I saw someone saying to me, oh, they're going to address that problem. Well, they're standing there because it's free. Just issue. Yeah. But the cool thing is you don't really need wildcard. I mean, you do need wildcard if you have a website. Like, I have a website that basically takes queries by subdomain, which is an idiotic way to do a web app. But if you did it the bad way, then it becomes a problem because there's a couple of seconds to get the SSL cert. But if you have a umpteen subdomain and you know them in advance, it's not a problem. It's really not a problem. So what are the pitfalls of my approach, my 24 lines of code to rule the world? Yeah, I have a problem where it depends on Docker Hub and I just hate Docker Hub. And I haven't figured out a way of seeing what image I'm running. Maybe you guys know. Oh crap, I don't know where I am anymore. I'm here. Like, when you run a Docker image and you get like a hash to describe the image, I'm not too sure how you bubble that up to the web app because I want to know I'm running A072 because I want to know the versions of the images that I'm running on all my different hosts. So anyway, that's a problem I probably will figure out one day. Just put a cron and get that cron. Yeah, and then push it somewhere. But I have another problem. It's like when you're on Docker Hub, like this image is called... Oh crap, what is this image called? It's called... I hate Docker Hub. I hate it. I hate it. I hate it. It's called ABO... Sorry, you're looking... It's called ABO Soft PHP. Like, I'm here on Docker Hub. How do you see the latest image hash? I don't know. Is it here? No, it doesn't tell you there. Huh? No, it doesn't. No, it doesn't. It's like... I hate this website. So... It pushes it to tag it. Yeah, it's not... Anyway, the thing that annoys me, I haven't figured that problem out yet and I haven't figured that one out. So, to wrap up... Sorry, I don't know what I left. To wrap up... Oh, I mean, Caddy actually does a lot and I didn't really get into it, but this is the Caddy website. What I love about it is that, you know, unlike Apache configuration, Nginx configuration, you can do things in just like, you know, five lines. Like, this is the Caddy file. All it says is like, hostname. When you do with Let's Encrypt, you also have like an email just to say you can recover something. Not a biggie. And then you say what the root is, you say the PHP thing, blah, blah, blah. So, with... Huh? It just, it actually starts it up. It does, it has some code to manage the process or something. I really like Caddy. It's a new web server. It does automatic HTTPS, as you can see there. Sorry, the font renders really badly on my browser. It's... It's syntax is really easy. It's even got like quite cool things like a very simple syntax to set up... Is it called a FIFO? Like a file system FIFO for a web socket? So you can map a web socket to a file system FIFO. I think it's called a FIFO. FIFO for... I mean, it's just like one line. And instantly you have what you can start writing a web socket service that sort of hooks into one of your shell utilities. It's pretty awesome. It's even got like really cool things that you don't even get in a fully blown HTTPS. Like for example, in my business, I did... My customers download assets, but I need to know if they completely downloaded the asset. I want to know if they downloaded the entire 100 megabyte movie file. And sometimes that's really hard to do on Nginx and Apache. And here it's very easy. It does JSONP. It does IP filter. It does all sorts of really cool... It even does V-hosts. It's a very good... And it's written in Golang and it's got HTTP too. Which is going to be awesome. And... Wait, is that it? Thank you, thank you guys. Please ask me questions. I know you might not have them ready or you might... Just email me or contact me. Just feel free. I'm happy to answer you. You don't have to ask me now. Because I want to order an Uber now. Okay. Any questions guys? Wasn't that awesome? I just... I mean it took me a couple of minutes to fill up an SSL PHP site. Have you never done this before? Haven't you felt the pain of setting up a PHP instance? Huruku doesn't run in Singapore. Didn't you hear my rule that anyone who doesn't run a server in Singapore is an idiot?