Friday, 31 January 2014

Sysctl file optimized for more transfer speed


#Kernel sysctl configuration file for Red Hat Linux
 #
 # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
 # sysctl.conf(5) for more details.

 # Disables packet forwarding
 net.ipv4.ip_forward=0

 # Disables IP source routing
 net.ipv4.conf.all.accept_source_route = 0
 net.ipv4.conf.lo.accept_source_route = 0
 net.ipv4.conf.eth0.accept_source_route = 0
 net.ipv4.conf.default.accept_source_route = 0

 # Enable IP spoofing protection, turn on source route verification
 net.ipv4.conf.all.rp_filter = 1
 net.ipv4.conf.lo.rp_filter = 1
 net.ipv4.conf.eth0.rp_filter = 1
 net.ipv4.conf.default.rp_filter = 1

 # Disable ICMP Redirect Acceptance
 net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.lo.accept_redirects = 0
 net.ipv4.conf.eth0.accept_redirects = 0
 net.ipv4.conf.default.accept_redirects = 0

 # Enable Log Spoofed Packets, Source Routed Packets, Redirect Packets
 net.ipv4.conf.all.log_martians = 0
 net.ipv4.conf.lo.log_martians = 0
 net.ipv4.conf.eth0.log_martians = 0

# Disables IP source routing
 net.ipv4.conf.all.accept_source_route = 0
 net.ipv4.conf.lo.accept_source_route = 0
 net.ipv4.conf.eth0.accept_source_route = 0
 net.ipv4.conf.default.accept_source_route = 0

 # Enable IP spoofing protection, turn on source route verification
 net.ipv4.conf.all.rp_filter = 1
 net.ipv4.conf.lo.rp_filter = 1
 net.ipv4.conf.eth0.rp_filter = 1
 net.ipv4.conf.default.rp_filter = 1

 # Disable ICMP Redirect Acceptance
 net.ipv4.conf.all.accept_redirects = 0
 net.ipv4.conf.lo.accept_redirects = 0
 net.ipv4.conf.eth0.accept_redirects = 0
 net.ipv4.conf.default.accept_redirects = 0

 # Disables the magic-sysrq key
 kernel.sysrq = 0

 # Decrease the time default value for tcp_fin_timeout connection
 net.ipv4.tcp_fin_timeout = 15

 # Decrease the time default value for tcp_keepalive_time connection
 net.ipv4.tcp_keepalive_time = 1800

 # Turn off the tcp_window_scaling

 # Turn off the tcp_sack
net.ipv4.tcp_sack = 0

 # Turn off the tcp_timestamps

 # Enable TCP SYN Cookie Protection
net.ipv4.tcp_syncookies = 1

 # Enable ignoring broadcasts request
 net.ipv4.icmp_echo_ignore_broadcasts = 1

 # Enable bad error message Protection
 net.ipv4.icmp_ignore_bogus_error_responses = 1

 # Log Spoofed Packets, Source Routed Packets, Redirect Packets
 net.ipv4.conf.all.log_martians = 1

 # Increases the size of the socket queue (effectively, q0).
 net.ipv4.tcp_max_syn_backlog = 1024

 # Increase the tcp-time-wait buckets pool size
 net.ipv4.tcp_max_tw_buckets = 1440000

 # Allowed local port range
 net.ipv4.ip_local_port_range = 16384 65536
 net.core.wmem_max=12582912
 net.core.rmem_max=12582912
 net.ipv4.tcp_rmem= 10240 87380 12582912
 net.ipv4.tcp_wmem= 10240 87380 12582912
 net.ipv4.tcp_window_scaling = 1
 net.ipv4.tcp_timestamps = 1
 net.ipv4.tcp_sack = 1
 net.ipv4.tcp_no_metrics_save = 1
net.core.netdev_max_backlog = 5000



 # Set the number of pages to be used.
 # Each page is normally 2MB, so a value of 40 = 80MB.

 # Increase the amount of shmem allowed per segment
 # This depends upon your memory, remember your
 kernel.shmmax = 4294967295
 kernel.shmall = 268435456




# Increase the maximum total TCP buffer-space allocatable
net.ipv4.tcp_mem = 57344 57344 65536

# Increase the maximum TCP write-buffer-space allocatable
net.ipv4.tcp_wmem = 32768 65536 524288

# Increase the maximum TCP read-buffer space allocatable
net.ipv4.tcp_rmem = 98304 196608 1572864

# Increase the maximum and default receive socket buffer size
net.core.rmem_max = 524280
net.core.rmem_default = 524280

# Increase the maximum and default send socket buffer size
net.core.wmem_max = 524280
net.core.wmem_default = 524280

# Increase the tcp-time-wait buckets pool size
net.ipv4.tcp_max_tw_buckets = 1440000

# Allowed local port range
net.ipv4.ip_local_port_range = 16384 65536

Subnet calculation


http://forum.parallels.com/showthread.php?70762-Plesk-Firewall-amp-IP-Range


You want to use the bitmask at the end, heres a quick cheat sheet:

11.11.11.11/32 <- just the host 11.11.11.11

11.11.11.0/24 <- the whole 11.11.11.0 network (254 ips)

11.11.0.0/16 <- the 11.11.0.0 network (64k ips)


11.0.0.0/8 <- the 11.0.0.0 network (16million ips)

Ahh taking out germany huh. So netmasks can be kind of daunting if you don't understand the guts of tcp/ip. Short version, the bitmask is a binary representation of a network block.

So what that means is that in binary this:

255.255.255.0

looks like
11111111.11111111.11111111.00000000

and if you add all those 1's up you get:

24

It helps if you can do math in binary. Which is probably one of the least useful skills a person can have. Its actually my 2nd least useful skill, my first is I can also read heiroglyphics. But I digress, the answer for your firewall netblocks question is you need 2 networks:

89.145.16.0/20 (89.145.16.1 - 89.145.31.254)
89.145.32.0/19 (89.145.32.1 - 89.145.63.254)

This is because TCP/IP is base 8, dividing each section of an IP address into an octet. We're dealing with subdividing a 16 bit network (2nd position), so we start all calculations from there. Cheat sheet:

bits 0 = 256
bits 1 = 128
bits 2 = 64
bits 3 = 32
bits 4 = 16
bits 5 = 8
bits 6 = 4
bits 7 = 2
bits 8 = 1



Forget about networks for a moment, and just do the math using into the largest group that fits into the above, in your case 89.145.16.0 - 89.145.64.0 is a total of 48 networks. So you need a block of 16 (4 bits) and a block of 32(3 bits) to get (16 + 32) 48. We're chopping up a class B (16 bit) network into smaller pieces so we start our math problem at 16. Using the network 89.145.16.0 as a jumping point, if we add 16 networks (or 4 bits) to our class B (16 bits) we get 16 + 4 = 20:
89.145.16.0/20 (89.145.16.1 - 89.145.31.254)

If you started at 89.145.32.0/20, you would be covering the network space from: 89.145.32.1 - 89.145.47.254


Another way to look at it is a 4 bit netmask breaks the network up into 16 pieces:
0-15
16-31
32-47
48-63
64-79
80-95
96-111
112-127
128-143
144-159
160-175
176-191
192-207
208-223
224-239
240-255



For the 2nd net block, I start at the IP 89.145.32.0, and add 32 networks to it. Again since we're playing in Class B (16 bit) network space, we start at 16, and add 3 bits (32 networks) to it: 16 + 3 = 19:
89.145.32.0/19 (89.145.32.1 - 89.145.63.254)

a 3 bit netmask breaks the network up into 8 pieces:
0-31
32-63
64-95
96-127
128-159
160-191
192-223
224-255

Confused yet? Oh and for your first question, while you can use .0 or .255 as IP addresses, it's not a good idea to use the starting or ending IP's for a netblock. This is because they are used for either defining the network (IE, 10.10.10.0/24 uses 10.10.10.0 to define the network) or for broadcasts on the network (10.10.10.255 is the broadcast IP).

PHP-FPM installation


PHP-FPM installation has been completed. I have removed php in
> /etc/yum.conf exclude list and installed php-fpm through yum. mod_fcgid
> enabled and working fine.
> /etc/php-fpm.conf
> /etc/httpd/conf/php.conf
>
> LoadModule fcgid_module modules/mod_fcgid.so
>
> Website is working fast now while compare previous php settings.

Lighttpd,nginx and Litespeed


Lighttpd

    Brief info: Pronounced “Lighty”, Lighttpd is as the name implies a small, lightweight web server which has a low memory footprint and light CPU load. Lighttpd is a good alternative to serve static content but it has also gained recognition in the Ruby on Rails and PHP communities.
    Used by: Wikimedia (Wikipedia), Sourceforge, YouTube, The Pirate Bay, Meebo, Imageshack, Sendspace, Mininova.
    Cost: Free
    Open Source: Yes
    OS platforms: Linux, freeBSD, Solaris, MacOS X, Windows (under Cygwin)
    Homepage: www.lighttpd.net

Nginx

    Brief info: Pronounced “engine X”, Nginx is a lightweight web server and reverse proxy. Originally written by Igor Sysoev for Rambler.ru (Russia’s second most visited website). Nginx is known for stability and simple configuration in addition to its low resource consumption. It can also act as an IMAP/POP3 proxy.
    Used by: Yellow Pages, Hulu, Zimbra, the Friends for Sale Facebook app, Rambler, and it also seems that WordPress.com just started using it instead of LiteSpeed.
    Cost: Free
    Open Source: Yes
    OS platforms: Linux, FreeBSD, Solaris, MacOS X
    Homepage: www.nginx.net

LiteSpeed

    Brief info: LiteSpeed is a commercial web server designed specifically for large websites. One of LiteSpeed’s advantages is that it can read Apache configurations directly which makes it easy to integrate with existing products to replace Apache. The server is lightweight and as the name implies very fast.
    Used by: WordPress (until recently at least, but now WordPress.com appears to be using nginx), Twitter, GigaOm, Bravenet.
    Cost: Free to $1,299 depending on the edition.
    Open Source: No
    OS platforms: Linux, FreeBSD, Solaris, MacOS X
    Homepage: www.litespeedtech.com


/scripts/upcp not work


I tried "/scripts/updatenow --force" but that doesn't work either.


I fixed it by deleting upcp from /scripts/ and using rsync to get it from rsync://rsync.cpanel.net/scripts/

rsync -av rsync://rsync.cpanel.net/scripts/ /scripts/

Internal server error message when i try to access email queue option from WHM.


We are receiving internal server error message when i try to access email queue option from WHM.
Here is the error:

Internal Server Error

500

No response from subprocess (/usr/local/cpanel/whostmgr/docroot/cgi/addon_cmq.cgi): subprocess exited with status 2

cpsrvd/11.38.0.19 Server at server06.247workinghost.com



solution:



/scripts/perlinstaller –force JSON::XS

Horde not send mails in postfix




I found that horde will use 'popen' function to open /var/qmail/bin/sendmail.

And will use 'escapeshellcmd' function to send an e-mail.

After removed those two functions from 'disable_functions' parameter (/etc/php.ini), horde and mail system will be OK.

 escapeshellarg - removed this function in disable_functions. [which means enabled in php.ini]



     It's just a setting change:
    edit /usr/share/psa-horde/config/conf.php.

    Change the line that says:
    $conf['mailer']['type'] = 'sendmail';

    to

    $conf['mailer']['type'] = 'smtp';

http://forum.parallels.com/showthread.php?75426-Failed-to-open-sendmail-Horde-not-sending-emails

Enable backups for all accounts in cpanel


The following will enable legacy backups for all accounts

Code:

https://<hostname>:2087/<session_token>/xml-api/backup_skip_users_all?api.version=1&backupversion=legacy_backups&state=1

The following will disable legacy backups for all accounts.

Code:

https://<hostname>:2087/<session_token>/xml-api/backup_skip_users_all?api.version=1&backupversion=legacy_backups&state=0

The following will enable all accounts for the new backup system.

Code:

https://<hostname:2087/<session_token>/xml-api/backup_skip_users_all?api.version=1&backupversion=backups&state=1

The following will disable all users from using the new backup system.

Code:

https://<hostname>:2087/<session_token>/xml-api/backup_skip_users_all?api.version=1&backupversion=backups&state=0

Running any of the mentioned API calls will take some time to update (depending on how many accounts your machine has). Took me an average 10 minutes to disable legacy backup on 300 accounts.

Fixing file and directory permission.




Fixing file and directory permission.

find /home/*/public_html/* -type f -exec chmod 644 {} \;
find /home/*/public_html/* -type d -exec chmod 755 {} \;
we can specify user by replace * with usename

To fix the permission for all the websites.

for i in `ls /var/cpanel/users` ; do chown -R $i.$i /home/$i/public_html/* ; done






for folder only to be 700 + sub dir
find . -type d -exec chmod 0755 {} \;

for file only to be 600 + sub dir
find . -type f -exec chmod 0644 {} \;

find /home/*/public_html -type d -exec chmod 0755 {} \;

find /home/?/public_html -type d -perm 777 -print -exec chmod 755 {} \;

find /home/*/public_html -type f -perm 777 -print -exec chmod 644 {} \;

find /home/*/public_html/wp-content/uploads -exec chmod 777 -R {} \;




or use this technique:

find /home/*/public_html -type d -perm 777 > badpermlist
find /home/*/public_html -type d -perm 777 > badpermlist


for each in `cat badpermlist`
do
chmod 755 $each
done


# This script makes the user's files in public_html to have
# permissions 644 so that they are viewable by browser.

USER=`whoami`
PUB_DIR=/users/$USER/public_html
TMP=/tmp/publish.$$
                               
ls $PUB_DIR > $TMP
sync                                                                          
sleep 1
                                                                             
while read fname              
do                            
   if [ -f "$PUB_DIR/$fname" ]
   then                        
      chmod 644 "$PUB_DIR/$fname"
   fi                          
done < $TMP

rm $TMP                              
exit 0

Thursday, 30 January 2014

Replace failed hard drive in software RAID

Partitioned disk using sgdisk as follows,which means disk structure copied to replaced drive.

# sgdisk --backup=table /dev/sdb
# sgdisk --load-backup=table /dev/sda
# sgdisk -G /dev/sda

OR

Use sfdisk command,
-replace the old /dev/sda hard drive with a new one

 sfdisk -d /dev/sdb | sfdisk /dev/sda

OR

 sfdisk /dev/sdb > part_table
sfdisk /dev/sda < part_table
sfdisk /dev/sda < part_table --force



To view the disk structure.
parted  /dev/sdb
parted  /dev/sda

Added the partition to raid array,
Ex:

/dev/sda1 to /dev/md1 array and /dev/sda2 to /dev/md2

  mdadm --add /dev/md1 /dev/sda1---------------->add the sda1 to raid md1.
   mdadm --detail /dev/md1--------------------->details

To remove failed disk from raid.

   mdadm /dev/md1 -f /dev/sda1  ---------->mark sda1 as faulty drive.
    mdadm --detail /dev/md1------>shown sda1 degraded
   mdadm /dev/md1 -r /dev/sda1 ---------------->remove sda1 from md1.

Refer:-  http://www.cyberciti.biz/faq/linux-backup-restore-a-partition-table-with-sfdisk-command/

Tuesday, 28 January 2014

Mysql Variables


# Other default tuning values
# MySQL Server Instance Configuration File
# ----------------------------------------------------------------------
# Generated by the MySQL Server Instance Configuration Wizard
#
#
# Installation Instructions
# ----------------------------------------------------------------------
#
# On Linux you can copy this file to /etc/my.cnf to set global options,
# mysql-data-dir/my.cnf to set server-specific options
# (@localstatedir@ for this installation) or to
# ~/.my.cnf to set user-specific options.
#
# On Windows you should keep this file in the installation directory
# of your server (e.g. C:\Program Files\MySQL\MySQL Server X.Y). To
# make sure the server reads the config file use the startup option
# "--defaults-file".
#
# To run run the server from the command line, execute this in a
# command line shell, e.g.
# mysqld --defaults-file="C:\Program Files\MySQL\MySQL Server X.Y\my.ini"
#
# To install the server as a Windows service manually, execute this in a
# command line shell, e.g.
# mysqld --install MySQLXY --defaults-file="C:\Program Files\MySQL\MySQL Server X.Y\my.ini"
#
# And then execute this in a command line shell to start the server, e.g.
# net start MySQLXY
#
#
# Guildlines for editing this file
# ----------------------------------------------------------------------
#
# In this file, you can use all long options that the program supports.
# If you want to know the options a program supports, start the program
# with the "--help" option.
#
# More detailed information about the individual options can also be
# found in the manual.
#
#
# CLIENT SECTION
# ----------------------------------------------------------------------
#
# The following options will be read by MySQL client applications.
# Note that only client applications shipped by MySQL are guaranteed
# to read this section. If you want your own MySQL client program to
# honor these values, you need to specify it as an option during the
# MySQL client library initialization.
#
[client]

# pipe
# socket=mysql
port=3306

[mysql]

default-character-set=utf8


# SERVER SECTION
# ----------------------------------------------------------------------
#
# The following options will be read by the MySQL Server. Make sure that
# you have installed the server correctly (see above) so it reads this
# file.
#
# server_type=1
[mysqld]

# The next three options are mutually exclusive to SERVER_PORT below.
# skip-networking
# enable-named-pipe
# The Pipe the MySQL Server will use
# socket=mysql

# The TCP/IP Port the MySQL Server will listen on
port=3306


# The default character set that will be used when a new schema or table is
# created and no character set is defined
character-set-server=utf8

# The default storage engine that will be used when create new tables when
default-storage-engine=INNODB

# Set the SQL mode to strict
sql-mode=""

# The maximum amount of concurrent sessions the MySQL server will
# allow. One of these connections will be reserved for a user with
# SUPER privileges to allow the administrator to login even if the
# connection limit has been reached.
max_connections=10000

# Query cache is used to cache SELECT results and later return them
# without actual executing the same query once again. Having the query
# cache enabled may result in significant speed improvements, if your
# have a lot of identical queries and rarely changing tables. See the
# "Qcache_lowmem_prunes" status variable to check if the current value
# is high enough for your load.
# Note: In case your tables change very often or if your queries are
# textually different every time, the query cache may result in a
# slowdown instead of a performance improvement.
query_cache_size=6G

# The number of open tables for all threads. Increasing this value
# increases the number of file descriptors that mysqld requires.
# Therefore you have to make sure to set the amount of open files
# allowed to at least 4096 in the variable "open-files-limit" in
# section [mysqld_safe]
table_cache=9

# Maximum size for internal (in-memory) temporary tables. If a table
# grows larger than this value, it is automatically converted to disk
# based table This limitation is for a single table. There can be many
# of them.
tmp_table_size=4G

# How many threads we should keep in a cache for reuse. When a client
# disconnects, the client's threads are put in the cache if there aren't
# more than thread_cache_size threads from before. This greatly reduces
# the amount of thread creations needed if you have a lot of new
# connections. (Normally this doesn't give a notable performance
# improvement if you have a good thread implementation.)
thread_cache_size=9

#*** MyISAM Specific options
# The maximum size of the temporary file MySQL is allowed to use while
# recreating the index (during REPAIR, ALTER TABLE or LOAD DATA INFILE.
# If the file-size would be bigger than this, the index will be created
# through the key cache (which is slower).
myisam_max_sort_file_size=100G

# If the temporary file used for fast index creation would be bigger
# than using the key cache by the amount specified here, then prefer the
# key cache method. This is mainly used to force long character keys in
# large tables to use the slower key cache method to create the index.
myisam_sort_buffer_size=7G

# Size of the Key Buffer, used to cache index blocks for MyISAM tables.
# Do not set it larger than 30% of your available memory, as some memory
# is also required by the OS to cache rows. Even if you're not using
# MyISAM tables, you should still set it to 8-64M as it will also be
# used for internal temporary disk tables.
key_buffer_size=64M

# Size of the buffer used for doing full table scans of MyISAM tables.
# Allocated per thread, if a full scan is needed.
read_buffer_size=64K
read_rnd_buffer_size=256K

# This buffer is allocated when MySQL needs to rebuild the index in
# REPAIR, OPTIMZE, ALTER table statements as well as in LOAD DATA INFILE
# into an empty table. It is allocated per thread so be careful with
# large settings.
sort_buffer_size=256K

#*** INNODB Specific options ***
# innodb_data_home_dir=0.0

# Use this option if you have a MySQL server with InnoDB support enabled
# but you do not plan to use it. This will save memory and disk space
# and speed up some things.
# skip-innodb

# Additional memory pool that is used by InnoDB to store metadata
# information. If InnoDB requires more memory for this purpose it will
# start to allocate it from the OS. As this is fast enough on most
# recent operating systems, you normally do not need to change this
# value. SHOW INNODB STATUS will display the current amount used.
innodb_additional_mem_pool_size=0

# If set to 1, InnoDB will flush (fsync) the transaction logs to the
# disk at each commit, which offers full ACID behavior. If you are
# willing to compromise this safety, and you are running small
# transactions, you may set this to 0 or 2 to reduce disk I/O to the
# logs. Value 0 means that the log is only written to the log file and
# the log file flushed to disk approximately once per second. Value 2
# means the log is written to the log file at each commit, but the log
# file is only flushed to disk approximately once per second.
innodb_flush_log_at_trx_commit=1

# The size of the buffer InnoDB uses for buffering log data. As soon as
# it is full, InnoDB will have to flush it to disk. As it is flushed
# once per second anyway, it does not make sense to have it very large
# (even with long transactions).
innodb_log_buffer_size=1G

# InnoDB, unlike MyISAM, uses a buffer pool to cache both indexes and
# row data. The bigger you set this the less disk I/O is needed to
# access data in tables. On a dedicated database server you may set this
# parameter up to 80% of the machine physical memory size. Do not set it
# too large, though, because competition of the physical memory may
# cause paging in the operating system. Note that on 32bit systems you
# might be limited to 2-3.5G of user level memory per process, so do not
# set it too high.
innodb_buffer_pool_size=15G

# Size of each log file in a log group. You should set the combined size
# of log files to about 25%-100% of your buffer pool size to avoid
# unneeded buffer pool flush activity on log file overwrite. However,
# note that a larger logfile size will increase the time needed for the
# recovery process.
innodb_log_file_size=1G

# Number of threads allowed inside the InnoDB kernel. The optimal value
# depends highly on the application, hardware as well as the OS
# scheduler properties. A too high value may lead to thread thrashing.
innodb_thread_concurrency=9
innodb_file_per_table
max_allowed_packet=512M
transaction-isolation=READ-COMMITTED
innodb_lock_wait_timeout = 120
wait_timeout = 120
max_connect_errors=1000000

mod_padespeed into ram


mod_pagespeed caches resources to disk. If you are running on a heavily loaded server or a VPS, disk IO is a premium.
So we should really cache to memory, its faster, cheaper and easy to set up.

Put this in /etc/fstab, please change the uid & guid to the appropiate user & group of your apache webserver, and the path to your needs. Feel free to change the size (here it is 256Mb) and set to use the httpd user.

    tmpfs /var/www/mod_pagespeed/cache tmpfs size=256m,mode=0775,uid=httpd,gid=httpd 0 0

Save it, and after that mount the tmpfs:

/bin/mount tmpfs /var/mod_pagespeed/cache -i -t tmpfs

mod_pagespeed will now be even faster!

tmpfs shown error during mount


[root@tlondon ~]# mount -t tmpfs tmpfs /ephemeral
mount: wrong fs type, bad option, bad superblock on tmpfs,
       missing codepage or helper program, or other error
       (for several filesystems (e.g. nfs, cifs) you might
       need a /sbin/mount.<type> helper program)
       In some cases useful info is found in syslog - try
       dmesg | tail  or so


TRY this,

[root@tlondon packages]# /bin/mount tmpfs /ephemeral -i -t tmpfs
/bin/mount tmpfs /var/mod_pagespeed/cache -i -t tmpfs

Set cache and expire headers


for apache put this entry in .htaccess files,

<FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
Header set Cache-Control "max-age=290304000, public"
</FilesMatch>

## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
## EXPIRES CACHING ##

For nginx,put this entry in domain vhost file[/etc/nginx/vhost/ser.com]

location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso)$ {
expires 365d;-------------------------------->mentioned 1 year[you will edit if you want]
add_header Cache-Control "public, max-age=290304000";-------------------->cachecontrol-maxage is set to 290304000
access_log off;
log_not_found off;
try_files $uri @backend;
}


To use this check result:

#curl -I http://iraq4allnews.dk/images/test02.jpg

[emerg] (28)No space left on device: Couldn't create accept lock


1) There is huge session problem. Some
time all start working well and some time no body able to login.
Apparently session variable stop working.

Error:  Within the Apache error logs, this message appeared over and over:

[emerg] (28)No space left on device: Couldn't create accept lock

command to see semaphores,

Added the below lines in /etc/sysctl.conf
Increased Apache Semaphore value system wide
kernel.msgmni = 15727
kernel.sem = 250 256000 32 1024

2). Open file limits error.

 Modified fs.file-max=200000 in /etc/sysctl.conf

Change duplex in linux


It is recommended to run these commands in a screen (remote management module console) session as you will likely lose the SSH connection as soon as the new settings are applied

Important: Ensure that Ethtool is installed on your operating system before proceeding further.

Open the file:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0

Append following line directly beneath the ‘DEVICE’ line:
ETHTOOL_OPTS="speed 100 duplex full autoneg off"

You can simply restart networking to change the port settings of your network interface. WARNING: This will terminate your SSH connection.

/etc/init.d/network restart

XML parse error

Need to increase the max_input_vars value.

Remote SMTP setup


If you are using cPanel with Exim and want to relay your email through SendGrid, go to Main > Service Configuration > Exim Configuration Editor, click on the Advanced Editor button, and enter the following:

   

begin authenticators

sendgrid_login:
  driver = plaintext
  public_name = LOGIN
  client_send = : username : YourSendGridPassword

Only include “begin authenticators” if it’s not already in the configuration.

Add a route in the Router Configuration Box:

 

send_via_sendgrid:
  driver = manualroute
  domains = ! +local_domains
  transport = sendgrid_smtp
  route_list = "* smtp.sendgrid.net::587 byname"
  host_find_failed = defer
  no_more

Add a transport to the Transport Configuration Box:


sendgrid_smtp:
  driver = smtp
  hosts = smtp.sendgrid.net
  hosts_require_auth = smtp.sendgrid.net
  hosts_require_tls = smtp.sendgrid.net

Once you have completed and saved all changes to Exim’s configuration files, you will need to restart it to activate those changes:

$ /etc/init.d/exim4 restart

Load Monitoring script


#!/bin/bash
tech=$(cat /proc/loadavg | awk '{print $1}' | awk -F. '{print $1}')
if [ $tech -ge 50 ]
then
/bin/ps -ef | mail -s "imediatube server PROCESS report" aztest@gmail.com
/usr/bin/tail -n50 /var/log/{messages,dmesg} | mail -s "imediatube server
DMESG report" aztest@gmail.com
fi

Add wildcard DNS entry for newly created accounts


Need to add the wildcard dns entry in the template file: /var/cpanel/templates/apache2_2/vhost.default

[% FOREACH alias IN vhost.serveralias_array -%]
    ServerAlias [% alias %]

ServerAlias *.[% wildcard_safe(vhost.servername) %]

After transferring some web sites to new server, most of them (joomla, and similar php applications) stopped working because of errors like "fatal error: out of memory"

After research, it turned out that reason is too low RLimitMEM parameter in httpd.conf. It had value that were set by "Memory Usage Restrictions" script from cPanel Apache Configuration.

Most of them try to increase the php memory limit.

-Remove the RLimitMEM directives in httpd.conf


libmysqlclient.so.18: cannot open shared object file: No such file or directory


Apahce Errorlog:
libmysqlclient.so.18: cannot open shared object file: No such file or directory

root@x3430-24863 [/usr/lib64]# php
php: error while loading shared libraries: libmysqlclient.so.18: cannot open shared object file: No such file or directory

which means php needs shared library libmysqlclient.so.18,but it doesn't exit.

Fix:

root@x3430-24863 [/usr/lib64]# ln -s libmysqlclient.so.16 libmysqlclient.so.18
 To create symlink it with before .so file version.

Libxml error while compiling dual php


At the time of dual php compilation,we can face this error,

/usr/src/php-5.2.17/ext/dom/node.c: In function ‘dom_canonicalization’:
/usr/src/php-5.2.17/ext/dom/node.c:1953: error: dereferencing pointer to incomplete type
/usr/src/php-5.2.17/ext/dom/node.c:1955: error: dereferencing pointer to incomplete type
make: *** [ext/dom/node.lo] Error 1

It need to install libxml[http://xmlsoft.org/sources/libxml2-2.7.7.tar.gz]

And compile with specific path,

./configure --prefix=/opt/xml/


Then during Dual php compilation give like this.......>--with-libxml-dir=/opt/xml/


 Method 2:
-------------

1. cd php-5.2.17
 2. ./configure --disable-fileinfo --enable-bcmath --enable-calendar --enable-ftp --enable-gd-native- ttf --enable-libxml --enable-sockets --prefix=/opt/php52 --with-config-file-path=/opt/php52/lib --with-co nfig-file-scan-dir=/opt/php52/lib/php.ini.d --with-curl=/opt/curlssl/ --with-freetype-dir=/usr --with-gd --with-imap=/opt/php_with_imap_client/ --with-imap-ssl=/usr --with-jpeg-dir=/usr --with-kerberos --with-l ibdir=lib64 --with-libxml-dir=/opt/xml2/ --with-mysql=/usr --with-mysql-sock=/var/lib/mysql/mysql.sock -- with-openssl=/usr --with-openssl-dir=/usr --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-pic --w ith-png-dir=/usr --with-xpm-dir=/usr --with-zlib --with-zlib-dir=/usr

3.  make
4. wget https://mail.gnome.org/archives/xml/2012-August/txtbgxGXAvz4N.txt
5. patch -p0 -b < txtbgxGXAvz4N.txt
6. make
7. make install

Install php module in Dual Php

For example,if you want to install ffmpeg php module for secondary php.

At the time of compiling,please add the secondary php installation path.

Ex:

./configure --with-php-config=/opt/lsphp53/bin/php-config  --enable-shared







Dual php in DSO


In suphp,it is easy to install dual php,but it is bit difficult in dso.

At first,Need to compile the dual php,please follow the below link: http://servermanagement24x7.com/how-to-configure-dual-php-or-two-versions-of-php-on-a-linux-cpanel-server.html

1. We need to enable/install suphp module in apache via easyapche or manually.

2. Add the suphp module in php.conf,

After the DSO module entry,add the entry as below.


LoadModule suphp_module modules/mod_suphp.so
suPHP_Engine on
<Directory />
    suPHP_AddHandler application/x-httpd-php53---->for php5.3
</Directory>

3. Set Userid for suphp binary file.

chmod u+s /opt/suphp/sbin/suphp


That's all.

Wildcard settings for non-existing accounts[existing accounts will show their own content]

1. Add wildcard entry in DNS zone of main domain.

2. Dont create server alias[*.example.com] in main doamin,then both non-existing & existing accounts will show main domain content. we need create seperate

3.  Create an dummy account in WHM and change its vhost as below,


ServerName example1.com
ServerAlias *.example.com[wildcard to main 
DocumentRoot /home/example/public_html

Now all non-existing accounts will show main domain content and existing accounts will show their own contents.


Monday, 27 January 2014

Apache Optimize script


ps -ylC apache2 | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'