Here's some tips which I applied recently on one busy ded server and the result was a significant reduce in disk I/O load and so faster speed, lesser load avg.
- mount /tmp in ramdisk : Here's the /etc/fstab file line related to tmp :
none /tmp tmpfs nr_inodes=200k,mode=01777,nosuid,nodev 0 0
Check if php uses /tmp as session.save_path , mysql also uses /tmp as tmpdir (mysqladmin variables | grep tmpdir). I've notices on websites with high join queries, mysql has a lot of I/O in /tmp so it's recommended to mount this to ram instead of hdd.
- Mysql datadir : /var/lib/mysql , recommended to mount in a SSD disk which will give you much greater performance.
- nginx + php-fpm : There're lots of resources on web suggesting that nginx+php-fpm have much more performance rather than php via apache2 handler.
- ... I'll update this post if I found/remember new tricks ...
- More ?
Monday, December 24, 2012
Sunday, December 23, 2012
Security improvement : nginx symlink and php-fpm chroot features
I've found the new directive in nginx old documentation :
Default value is off ! Setting it to if_not_owner is a good security improve and I recommend it.
Also don't miss php-fpm chroot feature ! You can make a chroot jail for working fpm pool by extracting an OS-template to chrooted folder ! (Select the template which matches your main OS). I had to run the following additional commands to make the dns resolving and php working correctly in chrooted jail :
disable_symlinks if_not_owner; # off | on | if_not_owner
Default value is off ! Setting it to if_not_owner is a good security improve and I recommend it.
Also don't miss php-fpm chroot feature ! You can make a chroot jail for working fpm pool by extracting an OS-template to chrooted folder ! (Select the template which matches your main OS). I had to run the following additional commands to make the dns resolving and php working correctly in chrooted jail :
cd jail-path
mknod -m 666 dev/null c 1 3
mknod -m 666 dev/zero c 1 5
mknod -m 666 dev/zero c 1 5
mknod -m 666 dev/random c 1 8
mknod -m 666 dev/urandom c 19
mknod -m 666 dev/urandom c 19
cp /lib/*dns* lib
cp /lib64/*dns* lib64
echo "nameserver 8.8.8.8" > etc/resolv.conf
chown -R user:user .
Friday, December 14, 2012
Install wine with MS Visual C++ and Visual Basic runtimes
I just wanted to use some win downloaders on linux ( Orbit downloader, HiDownload, Net Transport, ... ) but they didn't run correctly on wine.
Install latest version of wine using epel repo on RHEL . Then you'll need to install MS Visual C++ and Visual Basic runtimes to make them working :
wget http://winetricks.org/winetricks
chmod +x winetricks
(apt-get install cabextract OR yum install cabextract)
sh winetricks corefonts vcrun6 vb6run
And that's it !
Install latest version of wine using epel repo on RHEL . Then you'll need to install MS Visual C++ and Visual Basic runtimes to make them working :
wget http://winetricks.org/winetricks
chmod +x winetricks
(apt-get install cabextract OR yum install cabextract)
sh winetricks corefonts vcrun6 vb6run
And that's it !
Thursday, September 6, 2012
XCache is awesome, at least for joomla. I've configured memcached on some high trafficed joomla sites but it didn't work well, even I saw some slowness.
Then I let the xcache to make a chance and it did ! I've seen reduce of load average and increase the speed of page loading using xcache.
Here's how configure xcache 2.x on centos 6.x.
Don't forget to :
- set a password for xcache-admin
- check the right module path in xcache.ini (zend_extension=/usr/lib/php/modules/xcache.so or zend_extension=/usr/lib64/php/modules/xcache.so)
yum install php-devel -y
cd /usr/src
wget http://xcache.lighttpd.net/pub/Releases/2.0.1/xcache-2.0.1.tar.gz
tar -zxf xcache-2.0.1.tar.gz
cd xcache-2.0.1
phpize --clean && phpize
./configure --enable-xcache --enable-xcache-optimizer
chown -R nobody /usr/src/xcache-2.0.1
sudo -u nobody make
make install
echo -e "[xcache-common]" > /etc/php.d/xcache.ini
echo -e "zend_extension=/usr/lib64/php/modules/xcache.so" >> /etc/php.d/xcache.ini
echo -e "[xcache.admin]" >> /etc/php.d/xcache.ini
echo -e "xcache.admin.enable_auth = Off" >> /etc/php.d/xcache.ini
echo -e "[xcache]" >> /etc/php.d/xcache.ini
echo -e "xcache.shm_scheme = \"mmap\"" >> /etc/php.d/xcache.ini
echo -e "xcache.size = 64M" >> /etc/php.d/xcache.ini
echo -e "xcache.count = 1" >> /etc/php.d/xcache.ini
echo -e "xcache.slots = 8K" >> /etc/php.d/xcache.ini
echo -e "xcache.ttl = 0" >> /etc/php.d/xcache.ini
echo -e "xcache.gc_interval = 0" >> /etc/php.d/xcache.ini
echo -e "xcache.var_size = 32M" >> /etc/php.d/xcache.ini
echo -e "xcache.var_count = 1" >> /etc/php.d/xcache.ini
echo -e "xcache.var_slots = 8K" >> /etc/php.d/xcache.ini
echo -e "xcache.var_ttl = 0" >> /etc/php.d/xcache.ini
echo -e "xcache.var_maxttl = 0" >> /etc/php.d/xcache.ini
echo -e "xcache.var_gc_interval = 300" >> /etc/php.d/xcache.ini
echo -e "xcache.readonly_protection = Off" >> /etc/php.d/xcache.ini
echo -e "xcache.mmap_path = \"/dev/zero\"" >> /etc/php.d/xcache.ini
echo -e "xcache.coredump_directory = \"\"" >> /etc/php.d/xcache.ini
echo -e "xcache.experimental = Off" >> /etc/php.d/xcache.ini
echo -e "xcache.cacher = On" >> /etc/php.d/xcache.ini
echo -e "xcache.stat = On" >> /etc/php.d/xcache.ini
echo -e "xcache.optimizer = On" >> /etc/php.d/xcache.ini
echo -e "[xcache.coverager]" >> /etc/php.d/xcache.ini
echo -e "xcache.coverager = Off" >> /etc/php.d/xcache.ini
echo -e "xcache.coveragedump_directory = \"\"" >> /etc/php.d/xcache.ini
# Check the admin page : http://localhost/xcache-admin/index.php
cp admin /var/www/xcache-admin -R
Tuesday, September 4, 2012
[Tutorial] How optimize images JPG/PNG/GIF on Linux using littleutils package centos 7.x
Littleutils package contains couple of little utils useful for production websites.
I've used the opt-png, opt-jpg, opt-gif to reduce and optimize the size of images on some high trafficed websites without any quality loss.
# Install pngcrush :
cd /usr/src
wget https://sourceforge.net/projects/pmt/files/pngcrush/1.8.10/pngcrush-1.8.10.tar.gz
tar -zxf pngcrush-1.8.10.tar.gz
cd pngcrush-1.8.10
chown -R nobody /usr/src/pngcrush-1.8.10
sudo -u nobody make
cp pngcrush /usr/local/bin
On CentOS 7 you can use : yum install pngcrush
yum install libpng-devel gifsicle lzip libjpeg-turbo-utils lzma imlib2-devel zlib-devel
cd /usr/src
wget http://downloads.sourceforge.net/project/littleutils/littleutils-source/1.0.39/littleutils-1.0.39.tar.bz2
tar -jxf littleutils-1.0.39.tar.bz2
cd littleutils-1.0.39
./configure
chown -R nobody /usr/src/littleutils-1.0.39
sudo -u nobody make
make install
make install-extra
The following script first backup all images in the /home folder, then optimize each one :
#!/bin/bash
SAVEIFS=$IFS
IFS=$(echo -en "\n\b")
cd /home;
NOW=$(date +"%d-%m-%Y");
echo -e "Backup images ...\nBackup file : ./backup-pictures-$NOW.tar";
`find . -regextype posix-extended -iregex "(.*?)\.(gif|jpe?g|png)" -print | tar -cf backup-pictures-$NOW.tar -T -`;
echo "" > log;
echo -e "Backup size is :";
echo `du -hs ./backup-pictures-$NOW.tar`;
echo -e "\nStart optimizing images ...\nLog file: ./log"
pics=`find . -regextype posix-extended -iregex "(.*?)\.(gif|jpe?g|png)"`;
for pic in $pics; do
type=`file "$pic" | awk '{print $2}' | tr '[:upper:]' '[:lower:]'`;
case $type in
"gif" )
opt-gif "$pic" >> log
;;
"png" )
opt-png "$pic" >> log
;;
"jpeg" )
opt-jpg "$pic" >> log
;;
*)
echo -e "file $pic which has type $type is undefined" >> log
;;
esac
done
IFS=$SAVEIFS
I've used the opt-png, opt-jpg, opt-gif to reduce and optimize the size of images on some high trafficed websites without any quality loss.
# Install pngcrush :
cd /usr/src
wget https://sourceforge.net/projects/pmt/files/pngcrush/1.8.10/pngcrush-1.8.10.tar.gz
tar -zxf pngcrush-1.8.10.tar.gz
cd pngcrush-1.8.10
chown -R nobody /usr/src/pngcrush-1.8.10
sudo -u nobody make
cp pngcrush /usr/local/bin
On CentOS 7 you can use : yum install pngcrush
yum install libpng-devel gifsicle lzip libjpeg-turbo-utils lzma imlib2-devel zlib-devel
cd /usr/src
wget http://downloads.sourceforge.net/project/littleutils/littleutils-source/1.0.39/littleutils-1.0.39.tar.bz2
tar -jxf littleutils-1.0.39.tar.bz2
cd littleutils-1.0.39
./configure
chown -R nobody /usr/src/littleutils-1.0.39
sudo -u nobody make
make install
make install-extra
The following script first backup all images in the /home folder, then optimize each one :
#!/bin/bash
SAVEIFS=$IFS
IFS=$(echo -en "\n\b")
cd /home;
NOW=$(date +"%d-%m-%Y");
echo -e "Backup images ...\nBackup file : ./backup-pictures-$NOW.tar";
`find . -regextype posix-extended -iregex "(.*?)\.(gif|jpe?g|png)" -print | tar -cf backup-pictures-$NOW.tar -T -`;
echo "" > log;
echo -e "Backup size is :";
echo `du -hs ./backup-pictures-$NOW.tar`;
echo -e "\nStart optimizing images ...\nLog file: ./log"
pics=`find . -regextype posix-extended -iregex "(.*?)\.(gif|jpe?g|png)"`;
for pic in $pics; do
type=`file "$pic" | awk '{print $2}' | tr '[:upper:]' '[:lower:]'`;
case $type in
"gif" )
opt-gif "$pic" >> log
;;
"png" )
opt-png "$pic" >> log
;;
"jpeg" )
opt-jpg "$pic" >> log
;;
*)
echo -e "file $pic which has type $type is undefined" >> log
;;
esac
done
IFS=$SAVEIFS
Sunday, August 5, 2012
Compile memcached latest version on linux
Recently I've compiled latest memcached version from source :
cd /usr/src
wget http://memcached.org/latest
tar -zxf memcached*
cd memcached*
./configure --prefix=/usr --sysconfdir=/etc
chown -R nobody /usr/src
sudo -u nobody make
make install
#Debian :
cp ./scripts/memcached-init /etc/init.d/memcached
wget vps5.in/files/memcached.conf -P /etc
mkdir -p /usr/share/memcached
cp -R scripts /usr/share/memcached
#centos :
cp ./scripts/memcached.sysv /etc/init.d/memcached
echo -e "PORT=11211\nUSER=nobody\nMAXCONN=1024\nCACHESIZE=64\nOPTIONS=\"\"" > /etc/sysconfig/memcached
chmod a+x /etc/init.d/memcached
chkconfig memcached on
For php usage of memcached you'll need to compile php5-memcache pecl library.
I wanted to use memcached cache for some high-trafficed joomla 1.5 but I've found that joomla 1.5 cache is broken and all cache types are redirected to file caching ! So I'll upgrade to newer joomla versions in future and start using the power of memcached soon ...
cd /usr/src
wget http://memcached.org/latest
tar -zxf memcached*
cd memcached*
./configure --prefix=/usr --sysconfdir=/etc
chown -R nobody /usr/src
sudo -u nobody make
make install
#Debian :
cp ./scripts/memcached-init /etc/init.d/memcached
wget vps5.in/files/memcached.conf -P /etc
mkdir -p /usr/share/memcached
cp -R scripts /usr/share/memcached
#centos :
cp ./scripts/memcached.sysv /etc/init.d/memcached
echo -e "PORT=11211\nUSER=nobody\nMAXCONN=1024\nCACHESIZE=64\nOPTIONS=\"\"" > /etc/sysconfig/memcached
mkdir -p /var/run/memcached
ln -s /etc/sysconfig/memcached /etc/memcached.conf
#chmod a+x /etc/init.d/memcached
chkconfig memcached on
For php usage of memcached you'll need to compile php5-memcache pecl library.
I wanted to use memcached cache for some high-trafficed joomla 1.5 but I've found that joomla 1.5 cache is broken and all cache types are redirected to file caching ! So I'll upgrade to newer joomla versions in future and start using the power of memcached soon ...
Friday, August 3, 2012
how configure php-fpm 5.x and apache 2.4.x for virtualmin on centos 6, debian 6
Apache 2.4.x series introduce mod_proxy_fcgi which allows apache to communicate php-fpm directly over TCP/IP. Now consider your server running the latest high-performance version of apache and php-fpm ! What's your idea ? I can just say 'That is awesome!'
I've integrated this into virtualmin for automatically creating/removing fpm pools. Here's the guide which applies to both centos and debian servers :
1- Install latest version of php-fpm using remi or dotdeb repository.
** Apache 2.4 is shipped with Centos 7.x or Debian 8.x so you can use these default packages instead **
2- Compile latest version of apache 2.4.x from source :
- Install pcre development package :
(yum install pcre-devel) or (apt-get install libpcre3-dev)
- Now edit /opt/apache2/conf/httpd.conf, comment the following lines :
#<Directory />
# AllowOverride none
# Require all denied
#</Directory>
- comment out the following lines :
LoadModule ssl_module modules/mod_ssl.so
<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
# ExpiresDefault "access plus 15 days"
# My favicon
ExpiresByType image/x-icon "access plus 15 days.
# Images
ExpiresByType image/gif "access plus 15 days"
ExpiresByType image/png "access plus 15 days"
ExpiresByType image/jpg "access plus 15 days"
ExpiresByType image/jpeg "access plus 15 days"
# CSS
ExpiresByType text/css "access 15 days.
# Javascript
ExpiresByType application/javascript "access plus 15 days"
</IfModule>
<IfModule deflate_module>
<Location />
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|swf)$ no-gzip dont-vary
</Location>
</IfModule>
NOTE: make sure that you have proxy and proxy_fcgi modules enabled in your apache config file, check your httpd.conf in Centos or run the following commands in Debian:
3- Configure virtualmin to use the new installed apache2 :
4- Integrate php-fpm to virutalmin :
6 - Fixing Script installer issue :
Script installer didn't detect php version unless you compile and install mod_php for httpd :
cd /usr/src
yum install -y libxml2-devel
wget http://us2.php.net/get/php-5.4.31.tar.bz2/from/this/mirror
tar -jxf php-5.4.21.tar.bz2
cd php-5.4.21
./configure --prefix=/usr --with-apxs2=/opt/apache2/bin/apxs
make
cp libs/libphp5.so /opt/apache2/modules
Add the following lines to /opt/apache2/conf/httpd.conf, after LoadModules section (~ Line 158)
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
And also :
Note: Virtualmin adds NameVirtualHost directive to httpd.conf file which is not needed anymore. You might remove the line manually.
It's all ! Now you've run an AWESOME config on your server, enjoy it !
Mos
-----
Attachments
-----
httpd24 startup script for CentOS (save it as /etc/init.d/httpd24):
#!/bin/bash
#
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /opt/apache2/logs/httpd.pid
# config: /opt/apache2/conf/httpd.conf
fullpath=/opt/apache2/bin/apachectl
desc="Apache web server"
case "$1" in
'start')
echo "Starting $desc: "
$fullpath start
RETVAL=$?
;;
'stop')
echo "Stopping $desc: "
$fullpath stop
RETVAL=$?
;;
'restart')
echo "Restarting $desc: "
$fullpath restart
RETVAL=$?
;;
'status')
echo "Status of $desc: "
$fullpath --status-all
RETVAL=$?
;;
*)
echo "Usage: $0 { start|stop|restart|status }"
RETVAL=1
;;
esac
exit $RETVAL
httpd24 startup script for Debian (save it as /etc/init.d/httpd24):
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/stop httpd web server
### END INIT INFO
#
# httpd This init.d script is used to start apache2.
# It basically just calls apache2ctl.
fullpath=/opt/apache2/bin/apachectl
desc="Apache web server"
case "$1" in
'start')
echo "Starting $desc: "
$fullpath start
RETVAL=$?
;;
'stop')
echo "Stopping $desc: "
$fullpath stop
RETVAL=$?
;;
'restart')
echo "Restarting $desc: "
$fullpath restart
RETVAL=$?
;;
'status')
echo "Status of $desc: "
$fullpath --status-all
RETVAL=$?
;;
*)
echo "Usage: $0 { start|stop|restart|status }"
RETVAL=1
;;
esac
exit $RETVAL
php-fpm Script for virtualmin (save it as /script/php-fpm):
#!/bin/bash
# Script to check and create fpm pools
# Simply create the target fpm pool at uid port : 127.0.0.1:UID
# Set the User and Group of fpm pool to User and Group of domain
if [ -d /etc/php-fpm.d ]; then
os="centos";
confdir="/etc/php-fpm.d/";
fpm="/etc/init.d/php-fpm";
elif [ -d /etc/php5/fpm/pool.d ]; then
os="debian";
confdir="/etc/php5/fpm/pool.d/";
fpm="/etc/init.d/php5-fpm"
fi
# There's no need to create pools for sub-servers
if [ "$VIRTUALSERVER_PARENT" = "" ]; then
if
[[ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" && "$VIRTUALSERVER_WEB" = "1" ]] ||
[[ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" && "$VIRTUALSERVER_WEB" = "1" && ! -f $confdir$VIRTUALSERVER_UID.conf ]] ||
[ "$VIRTUALSERVER_ACTION" = "ENABLE_DOMAIN" ]; then
# Create the pool for main domain
echo -e "\nCreating fpm pool $VIRTUALSERVER_USER at 127.0.0.1:$VIRTUALSERVER_UID with config file $confdir$VIRTUALSERVER_UID.conf"
#
echo "[$VIRTUALSERVER_USER]" > $confdir$VIRTUALSERVER_UID.conf
echo "listen = 127.0.0.1:$VIRTUALSERVER_UID" >> $confdir$VIRTUALSERVER_UID.conf
echo "listen.allowed_clients = 127.0.0.1" >> $confdir$VIRTUALSERVER_UID.conf
echo "user = $VIRTUALSERVER_USER" >> $confdir$VIRTUALSERVER_UID.conf
echo "group = $VIRTUALSERVER_GROUP" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm = dynamic" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.max_children = 20" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.start_servers = 2" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.min_spare_servers = 2" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.max_spare_servers = 3" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.max_requests = 2000" >> $confdir$VIRTUALSERVER_UID.conf
echo "chdir = $VIRTUALSERVER_HOME" >> $confdir$VIRTUALSERVER_UID.conf
echo ";request_slowlog_timeout = 0" >> $confdir$VIRTUALSERVER_UID.conf
echo "slowlog = $VIRTUALSERVER_HOME/logs/"$VIRTUALSERVER_DOM"_slow_log" >> $confdir$VIRTUALSERVER_UID.conf
echo "php_admin_value[error_log] = $VIRTUALSERVER_HOME/logs/"$VIRTUALSERVER_DOM"_error_log" >> $confdir$VIRTUALSERVER_UID.conf
echo "php_admin_value[session.save_path] = $VIRTUALSERVER_HOME/tmp" >> $confdir$VIRTUALSERVER_UID.conf
echo "php_admin_flag[log_errors] = on" >> $confdir$VIRTUALSERVER_UID.conf
echo ";php_admin_value[memory_limit] = 32M" >> $confdir$VIRTUALSERVER_UID.conf
echo "Applying php-fpm configuration"
$fpm reload
fi
# Remove php-fpm pool when deleting a virtual-server
if [[ "$VIRTUALSERVER_ACTION" = "DELETE_DOMAIN" ]] ||
[[ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" && "$VIRTUALSERVER_WEB" = "0" && -f $confdir$VIRTUALSERVER_UID.conf ]] ||
[ "$VIRTUALSERVER_ACTION" = "DISABLE_DOMAIN" ]; then
echo "Removing fpm pool $confdir$VIRTUALSERVER_UID.conf";
if [ -f $confdir$VIRTUALSERVER_UID.conf ]; then
rm -fr $confdir$VIRTUALSERVER_UID.conf;
fi
$fpm reload
fi
fi
sed -i /opt/apache2/conf/httpd.conf -e '/^NameVirtualHost/d'
I've integrated this into virtualmin for automatically creating/removing fpm pools. Here's the guide which applies to both centos and debian servers :
1- Install latest version of php-fpm using remi or dotdeb repository.
** Apache 2.4 is shipped with Centos 7.x or Debian 8.x so you can use these default packages instead **
2- Compile latest version of apache 2.4.x from source :
- Install pcre development package :
(yum install pcre-devel) or (apt-get install libpcre3-dev)
cd /usr/src
wget http://mirror.olnevhost.net/pub/apache/apr/apr-1.5.2.tar.bz2
wget http://mirror.olnevhost.net/pub/apache/apr/apr-util-1.5.4.tar.bz2
wget http://mirror.olnevhost.net/pub/apache/httpd/httpd-2.4.25.tar.bz2
tar -jxf httpd-2.4.25.tar.bz2
tar -jxf apr-1.5.2.tar.bz2
tar -jxf apr-util-1.5.4.tar.bz2
wget http://mirror.olnevhost.net/pub/apache/apr/apr-util-1.5.4.tar.bz2
wget http://mirror.olnevhost.net/pub/apache/httpd/httpd-2.4.25.tar.bz2
tar -jxf httpd-2.4.25.tar.bz2
tar -jxf apr-1.5.2.tar.bz2
tar -jxf apr-util-1.5.4.tar.bz2
mv apr-1.5.2 /usr/src/httpd-2.4.25/srclib/apr
mv apr-util-1.5.4 /usr/src/httpd-2.4.25/srclib/apr-util
mv apr-util-1.5.4 /usr/src/httpd-2.4.25/srclib/apr-util
cd httpd-2.4.25
./configure --prefix=/opt/apache2 --with-mpm=event --enable-rewrite --enable-ssl --enable-proxy-fcgi --with-included-apr
./configure --prefix=/opt/apache2 --with-mpm=event --enable-rewrite --enable-ssl --enable-proxy-fcgi --with-included-apr
chown -R nobody /usr/src
sudo -u nobody make
make install
You can use my simple init startup script for centos or debian.(End of the article) enable it at boot startup :sudo -u nobody make
make install
cd /etc/init.d
(SEE END OF THIS ARTICLE, SAVE THE INIT FILE AS httpd24)
(service httpd stop OR service apache2 stop)
(chkconfig httpd off OR chkconfig apache2 off)
(service httpd stop OR service apache2 stop)
(chkconfig httpd off OR chkconfig apache2 off)
chmod a+x httpd24
chkconfig httpd24 on- Now edit /opt/apache2/conf/httpd.conf, comment the following lines :
#<Directory />
# AllowOverride none
# Require all denied
#</Directory>
- comment out the following lines :
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule actions_module modules/mod_actions.so
- Enable expires and deflate modules for more performance :
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
- Alter User and Group line to appropriate user and group.LoadModule actions_module modules/mod_actions.so
- Enable expires and deflate modules for more performance :
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
( www-data for debian, apache for centos )
- Add mod_expires and mod_deflate configurations to the end of httpd.conf file :<IfModule mod_expires.c>
# Enable expirations
ExpiresActive On
# Default directive
# ExpiresDefault "access plus 15 days"
# My favicon
ExpiresByType image/x-icon "access plus 15 days.
# Images
ExpiresByType image/gif "access plus 15 days"
ExpiresByType image/png "access plus 15 days"
ExpiresByType image/jpg "access plus 15 days"
ExpiresByType image/jpeg "access plus 15 days"
# CSS
ExpiresByType text/css "access 15 days.
# Javascript
ExpiresByType application/javascript "access plus 15 days"
</IfModule>
<IfModule deflate_module>
<Location />
SetOutputFilter DEFLATE
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|swf)$ no-gzip dont-vary
</Location>
</IfModule>
NOTE: make sure that you have proxy and proxy_fcgi modules enabled in your apache config file, check your httpd.conf in Centos or run the following commands in Debian:
a2enmod proxy
a2enmod proxy_fcgi3- Configure virtualmin to use the new installed apache2 :
Virtualmin -> Webmin -> Servers -> Apache webserver -> Module config -> System configuration :
root:/opt/apache2
executable:/opt/apache2/bin/httpd
apachectl:/opt/apache2/bin/apachectl
command to start:/etc/init.d/httpd24 start
command to stop: /etc/init.d/httpd24 stop
apply configuration:/opt/apache2/bin/apachectl graceful
apache pid file:/opt/apache2/logs/httpd.pid 4- Integrate php-fpm to virutalmin :
Virtualmin -> System Settings -> Server Templates -> Default Settings -> Apache website
Add the following line after DirectoryIndex line of the 'Directives and settings for new websites' section :
<FilesMatch "\.php$">
SetHandler "proxy:fcgi://localhost:${UID}/"
</FilesMatch>
Alter the following settings to and save the configuration :SetHandler "proxy:fcgi://localhost:${UID}/"
</FilesMatch>
Automatically add appropriate SuExec directive? : No
Default PHP execution mode : mod_php
And Also do the same for sub-server templates :
Download my php-fpm script folder for virtualmin (See end of the article) :And Also do the same for sub-server templates :
Virtualmin -> System Settings -> Server Templates -> Sub-servers -> Apache website
Set the Directives and settings for new websites to From default settings
mkdir /script
cd /script
(SEE END OF THE ARTICLE, SAVE FILE AS php-fpm)
chmod a+x php-fpm
Now enable the script :chmod a+x php-fpm
Virtualmin -> System Settings -> Virtualmin Configuration -> Actions upon server and user creation
Command to run after making changes to a server : /script/php-fpm
Always show output from pre and post commands? : Yes
5- Apply configuration for you existing domains :
virtualmin disable-feature --web --virtualmin-awstats --logrotate --webalizer --all-domains
virtualmin enable-feature --web --virtualmin-awstats --logrotate --webalizer --all-domains
Enable Subdomains :
virtualmin enable-feature --web --all-domains
I've removed some of the virtualmin feature which I didn't use ( dav, mailman, ... ). You may need to compile some extra apache modules.Enable Subdomains :
virtualmin enable-feature --web --all-domains
6 - Fixing Script installer issue :
Script installer didn't detect php version unless you compile and install mod_php for httpd :
cd /usr/src
yum install -y libxml2-devel
wget http://us2.php.net/get/php-5.4.31.tar.bz2/from/this/mirror
tar -jxf php-5.4.21.tar.bz2
cd php-5.4.21
./configure --prefix=/usr --with-apxs2=/opt/apache2/bin/apxs
make
cp libs/libphp5.so /opt/apache2/modules
Add the following lines to /opt/apache2/conf/httpd.conf, after LoadModules section (~ Line 158)
<IfModule prefork.c>
LoadModule php5_module modules/libphp5.so
</IfModule>
And also :
Virtualmin -> Webmin -> Servers -> Apache webserver -> Module config :
Always detect Apache modules automatically? : YESNote: Virtualmin adds NameVirtualHost directive to httpd.conf file which is not needed anymore. You might remove the line manually.
It's all ! Now you've run an AWESOME config on your server, enjoy it !
Mos
-----
Attachments
-----
httpd24 startup script for CentOS (save it as /etc/init.d/httpd24):
#!/bin/bash
#
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /opt/apache2/logs/httpd.pid
# config: /opt/apache2/conf/httpd.conf
fullpath=/opt/apache2/bin/apachectl
desc="Apache web server"
case "$1" in
'start')
echo "Starting $desc: "
$fullpath start
RETVAL=$?
;;
'stop')
echo "Stopping $desc: "
$fullpath stop
RETVAL=$?
;;
'restart')
echo "Restarting $desc: "
$fullpath restart
RETVAL=$?
;;
'status')
echo "Status of $desc: "
$fullpath --status-all
RETVAL=$?
;;
*)
echo "Usage: $0 { start|stop|restart|status }"
RETVAL=1
;;
esac
exit $RETVAL
#!/bin/sh -e
### BEGIN INIT INFO
# Provides: httpd
# Required-Start: $local_fs $remote_fs $network $syslog
# Required-Stop: $local_fs $remote_fs $network $syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start/stop httpd web server
### END INIT INFO
#
# httpd This init.d script is used to start apache2.
# It basically just calls apache2ctl.
fullpath=/opt/apache2/bin/apachectl
desc="Apache web server"
case "$1" in
'start')
echo "Starting $desc: "
$fullpath start
RETVAL=$?
;;
'stop')
echo "Stopping $desc: "
$fullpath stop
RETVAL=$?
;;
'restart')
echo "Restarting $desc: "
$fullpath restart
RETVAL=$?
;;
'status')
echo "Status of $desc: "
$fullpath --status-all
RETVAL=$?
;;
*)
echo "Usage: $0 { start|stop|restart|status }"
RETVAL=1
;;
esac
exit $RETVAL
#!/bin/bash
# Script to check and create fpm pools
# Simply create the target fpm pool at uid port : 127.0.0.1:UID
# Set the User and Group of fpm pool to User and Group of domain
if [ -d /etc/php-fpm.d ]; then
os="centos";
confdir="/etc/php-fpm.d/";
fpm="/etc/init.d/php-fpm";
elif [ -d /etc/php5/fpm/pool.d ]; then
os="debian";
confdir="/etc/php5/fpm/pool.d/";
fpm="/etc/init.d/php5-fpm"
fi
# There's no need to create pools for sub-servers
if [ "$VIRTUALSERVER_PARENT" = "" ]; then
if
[[ "$VIRTUALSERVER_ACTION" = "CREATE_DOMAIN" && "$VIRTUALSERVER_WEB" = "1" ]] ||
[[ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" && "$VIRTUALSERVER_WEB" = "1" && ! -f $confdir$VIRTUALSERVER_UID.conf ]] ||
[ "$VIRTUALSERVER_ACTION" = "ENABLE_DOMAIN" ]; then
# Create the pool for main domain
echo -e "\nCreating fpm pool $VIRTUALSERVER_USER at 127.0.0.1:$VIRTUALSERVER_UID with config file $confdir$VIRTUALSERVER_UID.conf"
#
echo "[$VIRTUALSERVER_USER]" > $confdir$VIRTUALSERVER_UID.conf
echo "listen = 127.0.0.1:$VIRTUALSERVER_UID" >> $confdir$VIRTUALSERVER_UID.conf
echo "listen.allowed_clients = 127.0.0.1" >> $confdir$VIRTUALSERVER_UID.conf
echo "user = $VIRTUALSERVER_USER" >> $confdir$VIRTUALSERVER_UID.conf
echo "group = $VIRTUALSERVER_GROUP" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm = dynamic" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.max_children = 20" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.start_servers = 2" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.min_spare_servers = 2" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.max_spare_servers = 3" >> $confdir$VIRTUALSERVER_UID.conf
echo "pm.max_requests = 2000" >> $confdir$VIRTUALSERVER_UID.conf
echo "chdir = $VIRTUALSERVER_HOME" >> $confdir$VIRTUALSERVER_UID.conf
echo ";request_slowlog_timeout = 0" >> $confdir$VIRTUALSERVER_UID.conf
echo "slowlog = $VIRTUALSERVER_HOME/logs/"$VIRTUALSERVER_DOM"_slow_log" >> $confdir$VIRTUALSERVER_UID.conf
echo "php_admin_value[error_log] = $VIRTUALSERVER_HOME/logs/"$VIRTUALSERVER_DOM"_error_log" >> $confdir$VIRTUALSERVER_UID.conf
echo "php_admin_value[session.save_path] = $VIRTUALSERVER_HOME/tmp" >> $confdir$VIRTUALSERVER_UID.conf
echo "php_admin_flag[log_errors] = on" >> $confdir$VIRTUALSERVER_UID.conf
echo ";php_admin_value[memory_limit] = 32M" >> $confdir$VIRTUALSERVER_UID.conf
echo "Applying php-fpm configuration"
$fpm reload
fi
# Remove php-fpm pool when deleting a virtual-server
if [[ "$VIRTUALSERVER_ACTION" = "DELETE_DOMAIN" ]] ||
[[ "$VIRTUALSERVER_ACTION" = "MODIFY_DOMAIN" && "$VIRTUALSERVER_WEB" = "0" && -f $confdir$VIRTUALSERVER_UID.conf ]] ||
[ "$VIRTUALSERVER_ACTION" = "DISABLE_DOMAIN" ]; then
echo "Removing fpm pool $confdir$VIRTUALSERVER_UID.conf";
if [ -f $confdir$VIRTUALSERVER_UID.conf ]; then
rm -fr $confdir$VIRTUALSERVER_UID.conf;
fi
$fpm reload
fi
fi
sed -i /opt/apache2/conf/httpd.conf -e '/^NameVirtualHost/d'
Tuesday, July 31, 2012
munin 2.0.x on centos 6 ( rhel 6 ) nginx
As there's no munin 2.0.x rpm package available for centos, I've to compile it from source.
I've used nginx as the web server and here is the procedure :
yum groupinstall 'development tools' -y
yum remove munin munin-node -y
mv /etc/munin /etc/munin-old
yum-builddep munin
yum install perl-CGI perl-FCGI perl-File-Copy-Recursive perl-Module-Build perl-Cache-Cache git -y
cd /usr/src
wget http://sourceforge.net/projects/munin/files/stable/2.0.4/munin-2.0.17.tar.gz
tar -zxf munin-2.0.17.tar.gz
cd munin-2.0.17
cd dists/redhat
git clone git://pkgs.fedoraproject.org/munin.git
sed -i Makefile -e 's,CONFIG = Makefile.config,CONFIG = dists/redhat/munin/Makefile.config-dist,g'
chown -R nobody /usr/src
sudo -u nobody make
make install
cp dists/redhat/munin/munin-node.rc /etc/init.d/munin-node
chmod a+x /etc/init.d/munin-node
cp dists/redhat/munin/munin.cron.d /etc/cron.d
service crond restart
service munin-node restart
chkconfig munin-node on
chown -R munin /var/www/html/munin/cgi
chown -R munin /var/lib/munin/cgi-tmp
chown -R munin /var/lib/munin/spool
chown -R nobody /var/lib/munin/plugin-state
chmod 775 /var/lib/munin/plugin-state
chmod 666 /var/log/munin/munin-cgi-graph.log
chmod 666 /var/log/munin/munin-cgi-html.log
cd /etc/munin/plugins
files=`ls -l | awk '{print $9}'`;for file in $files; do echo -e "**********\n$file :\n"; munin-run $file;done &> ../result
#########################
## nginx configuration ##
#########################
yum install spawn-fcgi -y
cd /etc/init.d
wget http://files.julienschmidt.com/public/cfg/munin/spawn-fcgi-munin-html
wget http://files.julienschmidt.com/public/cfg/munin/spawn-fcgi-munin-graph
sed -i spawn-fcgi-munin-graph -e 's,www-data,apache,g'
sed -i spawn-fcgi-munin-html -e 's,www-data,apache,g'
sed -i spawn-fcgi-munin-graph -e 's,/usr/lib/cgi-bin/munin-cgi-graph,/var/www/html/munin/cgi/munin-cgi-graph,g'
sed -i spawn-fcgi-munin-html -e 's,/usr/lib/cgi-bin/munin-cgi-html,/var/www/html/munin/cgi/munin-cgi-html,g'
chmod a+x spawn-fcgi-munin-html
chmod a+x spawn-fcgi-munin-graph
########
### Before starting the service, try to fix permission errors reported in the munin check
########
munin-check
service spawn-fcgi-munin-html start
service spawn-fcgi-munin-html status
chkconfig spawn-fcgi-munin-html on
service spawn-fcgi-munin-graph start
service spawn-fcgi-munin-graph status
chkconfig spawn-fcgi-munin-graph on
########
## configure /etc/munin/munin.conf
## graph_strategy cgi
## html_strategy cgi
## enable plugins
## cd /etc/munin/plugins
## ln -s /usr/share/munin/plugins/load
########
### nginx rewrites
########
location ^~ /cgi-bin/munin-cgi-graph/ {
access_log off;
fastcgi_split_path_info ^(/cgi-bin/munin-cgi-graph)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/munin/fcgi-graph.sock;
}
location /munin/static/ {
alias /etc/munin/static/;
}
location /munin/ {
fastcgi_split_path_info ^(/munin)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/munin/fcgi-html.sock;
}
#######
### run the cron and test the stack
#######
sudo -u munin munin-cron
I've used nginx as the web server and here is the procedure :
yum groupinstall 'development tools' -y
yum remove munin munin-node -y
mv /etc/munin /etc/munin-old
yum-builddep munin
yum install perl-CGI perl-FCGI perl-File-Copy-Recursive perl-Module-Build perl-Cache-Cache git -y
cd /usr/src
wget http://sourceforge.net/projects/munin/files/stable/2.0.4/munin-2.0.17.tar.gz
tar -zxf munin-2.0.17.tar.gz
cd munin-2.0.17
cd dists/redhat
git clone git://pkgs.fedoraproject.org/munin.git
sed -i Makefile -e 's,CONFIG = Makefile.config,CONFIG = dists/redhat/munin/Makefile.config-dist,g'
chown -R nobody /usr/src
sudo -u nobody make
make install
cp dists/redhat/munin/munin-node.rc /etc/init.d/munin-node
chmod a+x /etc/init.d/munin-node
cp dists/redhat/munin/munin.cron.d /etc/cron.d
service crond restart
service munin-node restart
chkconfig munin-node on
chown -R munin /var/www/html/munin/cgi
chown -R munin /var/lib/munin/cgi-tmp
chown -R munin /var/lib/munin/spool
chown -R nobody /var/lib/munin/plugin-state
chmod 775 /var/lib/munin/plugin-state
chmod 666 /var/log/munin/munin-cgi-graph.log
chmod 666 /var/log/munin/munin-cgi-html.log
groupadd munin
useradd munin -g munin -s /sbin/nologin -d /var/www/html/munin
You might test all enabled plugins using the following commads :
files=`ls -l | awk '{print $9}'`;for file in $files; do echo -e "**********\n$file :\n"; munin-run $file;done &> ../result
#########################
## nginx configuration ##
#########################
yum install spawn-fcgi -y
cd /etc/init.d
wget http://files.julienschmidt.com/public/cfg/munin/spawn-fcgi-munin-html
wget http://files.julienschmidt.com/public/cfg/munin/spawn-fcgi-munin-graph
sed -i spawn-fcgi-munin-graph -e 's,www-data,apache,g'
sed -i spawn-fcgi-munin-html -e 's,www-data,apache,g'
sed -i spawn-fcgi-munin-graph -e 's,/usr/lib/cgi-bin/munin-cgi-graph,/var/www/html/munin/cgi/munin-cgi-graph,g'
sed -i spawn-fcgi-munin-html -e 's,/usr/lib/cgi-bin/munin-cgi-html,/var/www/html/munin/cgi/munin-cgi-html,g'
chmod a+x spawn-fcgi-munin-html
chmod a+x spawn-fcgi-munin-graph
########
### Before starting the service, try to fix permission errors reported in the munin check
########
munin-check
service spawn-fcgi-munin-html start
service spawn-fcgi-munin-html status
chkconfig spawn-fcgi-munin-html on
service spawn-fcgi-munin-graph start
service spawn-fcgi-munin-graph status
chkconfig spawn-fcgi-munin-graph on
########
## configure /etc/munin/munin.conf
## graph_strategy cgi
## html_strategy cgi
## enable plugins
## cd /etc/munin/plugins
## ln -s /usr/share/munin/plugins/load
########
### nginx rewrites
########
location ^~ /cgi-bin/munin-cgi-graph/ {
access_log off;
fastcgi_split_path_info ^(/cgi-bin/munin-cgi-graph)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/munin/fcgi-graph.sock;
}
location /munin/static/ {
alias /etc/munin/static/;
}
location /munin/ {
fastcgi_split_path_info ^(/munin)(.*);
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/munin/fcgi-html.sock;
}
#######
### run the cron and test the stack
#######
sudo -u munin munin-cron
Sunday, July 8, 2012
IKEv2 VPN between NATed linux client and the linux server
Finally, I've done running an IKEv2 VPN between Ubuntu on my home pc as the client and Centos on my ded server as the server using strongswan 4.6.4, the client is NATed ( router : dsl modem ! ).
Here's the configuration :
server's ipsec.conf :
conn win7
left=SERVER.IP.ADD.RESS
leftcert=server.cert
leftid=@server.domain.com
leftsubnet=0.0.0.0/0
right=%any
rightsourceip=10.10.3.0/24
keyexchange=ikev2
auto=add
leftfirewall=yes
client's ipsec.conf:
conn ike
left=%defaultroute
leftsourceip=%config
leftcert=client.cert
leftid=@client.domain.com
leftfirewall=yes
right=SERVER.IP.ADD.RESS
rightsubnet=0.0.0.0/0
rightid=@server.domain.com
auto=add
Establish the connection using the following command :
ipsec up ike
Here's the configuration :
server's ipsec.conf :
conn win7
left=SERVER.IP.ADD.RESS
leftcert=server.cert
leftid=@server.domain.com
leftsubnet=0.0.0.0/0
right=%any
rightsourceip=10.10.3.0/24
keyexchange=ikev2
auto=add
leftfirewall=yes
client's ipsec.conf:
conn ike
left=%defaultroute
leftsourceip=%config
leftcert=client.cert
leftid=@client.domain.com
leftfirewall=yes
right=SERVER.IP.ADD.RESS
rightsubnet=0.0.0.0/0
rightid=@server.domain.com
auto=add
Establish the connection using the following command :
ipsec up ike
Tuesday, July 3, 2012
solution to postfix saslauthd problem
If you're using sasluath daemon to authentice postfix users and receive always a user & pass error, first check /var/log/maillog to see if the solution applies to. Mine was:
I've fixed that by adding the following option to /etc/sysconfig/saslauthd :
FLAGS="-r -m /var/spool/postfix/var/run/saslauthd"
then running the following commands :
mkdir -p /var/spool/postfix/var/run/saslauthd
service saslauthd restart
UPDATE 12 July 2012 : With the above commands the saslauthd problem get fixed but I've got another problem : Mails never send through the server with the following errors :
postfix/qmgr: from=<root@domain.com>, size=421, nrcpt=1 (queue active)
postfix/smtp: fatal: unknown service: smtp/tcp
postfix/qmgr: warning: private/smtp socket: malformed response
postfix/qmgr: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description
postfix/master: warning: process /usr/libexec/postfix/smtp pid 29443 exit status 1
postfix/master: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling
postfix/error: to=<someemail@gmail.com>, relay=none, delay=1.1, delays=0.1/1/0/0.03, dsn=4.3.0, status=deferred (unknown mail transport error)
I've checked the /etc/postfix/master.cf , one process was chrooted !
I've changed it to :
then restarted postfix and saslauthd and now everything is working fine !
stack : centos 6.2 + virtualmin
warning: SASL authentication failure: cannot connect to saslauthd server: No such file or directory
I've fixed that by adding the following option to /etc/sysconfig/saslauthd :
UPDATE 12 July 2012 : With the above commands the saslauthd problem get fixed but I've got another problem : Mails never send through the server with the following errors :
postfix/qmgr: from=<root@domain.com>, size=421, nrcpt=1 (queue active)
postfix/smtp: fatal: unknown service: smtp/tcp
postfix/qmgr: warning: private/smtp socket: malformed response
postfix/qmgr: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description
postfix/master: warning: process /usr/libexec/postfix/smtp pid 29443 exit status 1
postfix/master: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling
postfix/error: to=<someemail@gmail.com>, relay=none, delay=1.1, delays=0.1/1/0/0.03, dsn=4.3.0, status=deferred (unknown mail transport error)
I've checked the /etc/postfix/master.cf , one process was chrooted !
smtp unix - - - - - smtp
I've changed it to :
smtp unix - - n - - smtp
then restarted postfix and saslauthd and now everything is working fine !
stack : centos 6.2 + virtualmin
Subscribe to:
Posts (Atom)
-
This post shows how to configure a mail proxy server to connect clients in an intranet to an external mail server. I will use SSL offloading... -
An updated version of this post is available here . I use this tutorial to setup RemoSIM.com product for customers. RasPBX – Asterisk for ... -
I use this tutorial to setup RemoSIM.com product for customers. To do: - Add instructions for enabling fail2ban for asterisk - Fix the fre...