Category Archives: Linux

Updates and WordPress update

Posted on by
Reply

Again a lot of updates, especially for php5 and wordpress jumped to 3.3.

13 packages can be updated.
13 updates are security updates.

aptitude safe-upgrade
Reading package lists... Done
Building dependency tree
Reading state information... Done
Reading extended state information
Initializing package states... Done
The following packages will be upgraded:
  bzip2 libapache2-mod-php5 libbz2-1.0 php-pear php5 php5-cgi php5-cli
  php5-common php5-curl php5-dev php5-gd php5-mysql php5-pgsql
13 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 13.3MB of archives. After unpacking 0B will be used.

flattr this!

MUC-FRA-LND-NYK-LND-BRU-LND-BRU-AMS-BRU-DEAD

Posted on by
Reply

Interesting routing issue this morning. Normally this goes MUC-NBG.

traceroute to 178.63.61.72 (178.63.61.72), 64 hops max, 52 byte packets
 1  192.168.0.1 (192.168.0.1)  1.423 ms  1.050 ms  3.151 ms
 2  ppp-default.m-online.net (82.135.16.28)  358.439 ms  204.568 ms  138.582 ms
 3  gi0-0-0-32-171.r4.muc2.m-online.net (212.18.7.37)  32.430 ms  78.920 ms  11.349 ms
 4  xe-0-3-0.r3.muc2.m-online.net (82.135.16.202)  240.887 ms
    xe-1-1-0.r3.muc7.m-online.net (82.135.16.242)  23.796 ms  6.142 ms
 5  62.140.24.49 (62.140.24.49)  9.266 ms  64.491 ms  30.544 ms
 6  ae-4-4.ebr1.frankfurt1.level3.net (4.69.134.2)  12.860 ms  20.502 ms  31.932 ms
 7  ae-81-81.csw3.frankfurt1.level3.net (4.69.140.10)  13.089 ms
    ae-71-71.csw2.frankfurt1.level3.net (4.69.140.6)  60.880 ms
    ae-91-91.csw4.frankfurt1.level3.net (4.69.140.14)  66.135 ms
 8  ae-62-62.ebr2.frankfurt1.level3.net (4.69.140.17)  12.420 ms
    ae-82-82.ebr2.frankfurt1.level3.net (4.69.140.25)  157.467 ms
    ae-72-72.ebr2.frankfurt1.level3.net (4.69.140.21)  12.591 ms
 9  ae-23-23.ebr2.london1.level3.net (4.69.148.193)  47.827 ms  36.042 ms  53.680 ms
10  ae-41-41.ebr1.newyork1.level3.net (4.69.137.66)  185.216 ms
    ae-44-44.ebr1.newyork1.level3.net (4.69.137.78)  190.551 ms
    ae-41-41.ebr1.newyork1.level3.net (4.69.137.66)  95.741 ms
11  ae-91-91.csw4.newyork1.level3.net (4.69.134.78)  178.675 ms
    ae-61-61.csw1.newyork1.level3.net (4.69.134.66)  104.084 ms
    ae-91-91.csw4.newyork1.level3.net (4.69.134.78)  159.411 ms
12  ae-2-70.edge1.newyork1.level3.net (4.69.155.78)  101.230 ms  91.009 ms  173.873 ms
13  4.68.110.154 (4.68.110.154)  107.450 ms  140.533 ms  204.142 ms
14  sl-crs2-lon-0-8-3-0.sprintlink.net (144.232.9.162)  184.150 ms  94.185 ms  91.192 ms
15  sl-bb20-bru-14-0-0.sprintlink.net (213.206.129.42)  96.598 ms
    sl-bb23-lon-0-0-0.sprintlink.net (213.206.128.185)  117.846 ms
    sl-bb20-bru-14-0-0.sprintlink.net (213.206.129.42)  129.868 ms
16  sl-bb21-ams-3-0-0.sprintlink.net (213.206.129.142)  214.406 ms
    sl-bb21-bru-15-0-0.sprintlink.net (80.66.128.42)  153.944 ms *
17  * * *
18  * * *
19  * * *

flattr this!

End of support for Ubuntu 10.04 (Lucid Lynx) Netbook and ARM

Posted on by
Reply

Ubuntu announced the 10.04 Netbook Edition and Ubuntu for ARM products
18 months ago, on April 29, 2010. At that time, Ubuntu committed to
ongoing security and critical fixes for a period of 18 months for these
specific products.

This support period is now ending, and on October 29, 2011 the 10.04
Netbook Edition and Ubuntu for ARM products will no longer be supported.
Ubuntu 10.04 LTS Desktop and Server products continue to be supported.

The upgrade path from Ubuntu 10.04 Netbook and ARM is to Ubuntu 10.10.
Instructions and caveats for the upgrade may be found at

https://help.ubuntu.com/community/MaverickUpgrades.

Ubuntu 10.04 LTS for Desktop and Server products continues to be
actively supported with security updates and select high-impact bug
fixes. All announcements of official security updates for Ubuntu
releases are sent to the ubuntu-security-announce mailing list,
information about which may be found at

https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce.

Since its launch in October 2004 Ubuntu has become one of the most
highly regarded Linux distributions with millions of users in homes,
schools, businesses and governments around the world. Ubuntu is Open
Source software, costs nothing to download, and users are free to
customise or alter their software in order to meet their needs.

Kate Stewart,
Ubuntu Release Manager

flattr this!

Ubuntu Security Notice USN-1231-1 October 18, 2011 php5 vulnerabilities

Posted on by
Reply 
==========================================================================
Ubuntu Security Notice USN-1231-1
October 18, 2011

php5 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 11.10
- Ubuntu 11.04
- Ubuntu 10.10
- Ubuntu 10.04 LTS
- Ubuntu 8.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php5: HTML-embedded scripting language interpreter

Continue reading

flattr this!

DIY: Location mapping Part 3 – Google Earth live updates

Posted on by
Reply
Trails Munich Horizon

Trails Munich Horizon

This is part 3 of the DIY Location mapping. This time we will integrate with google earth to see live updates from our devices, we tracked with part 1.

Therefore I have had the tracking running for some days with an update interval of 15 minutes, so that I does not drain my battery too much. By enhancing the update frequency you will get fine grained location data.

We need to add the following PHP script to deliver a valid KML file, which is loaded by another KML file. The second KML file is loaded into Google Earth and does poll data via the PHP scripts to enable the live updates. Continue reading

flattr this!

Dennis Richie *1941 – ✝2011

Posted on by
Reply

The godfather of C and Unix died.

Thanks for all you left.

“Unix is simple and coherent, but it takes a genius – or at any rate a programmer – to understand and appreciate the simplicity.”

“The greatest danger to good computer science research today may be excessive relevance. If we can keep alive enough openess to new ideas, enough freedom of communication, enough patience to allow the novel to prosper, it will remain possible for a future Ken Thompson to find a little-used Cray/1 computer and fashion a system as creative, and as influential, as Unix.”

flattr this!

DIY: Location mapping Part 1 – Getting the location data

Posted on by
3
Location based services needs to be switched on

Location based services needs to be switched on

Inspired by the question in the http://fanbóys.org/ podcast, I will write down, what I have up and running for over two years now.

Goal: Have a background method running, which collects your location during the day and displays it on a map and has some export functionality.

Ingredients: An Apple iPhone, an Apple ID, activated Find My iPhone, a LAMP system and additional Google Maps. Continue reading

flattr this!

How to setup nginx varnish apache on a CentOS

Posted on by
Reply

This small script does install all necessary parts to get nginx, varnish and apache running on your CentOS:

yum install screen sysstat net-snmp htop
rpm --nosignature -i http://repo.varnish-cache.org/redhat/el5/noarch/varnish-release-2.1-2.noarch.rpm
yum install varnish
wget http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm -Uvh epel-release-5-4.noarch.rpm
yum install nginx
chkconfig varnish on
chkconfig httpd on
chkconfig nginx on
vi /etc/nginx/nginx.conf
vi /etc/nginx/conf.d/virtual.conf
vi /etc/varnish/default.vcl
vi /etc/httpd/conf/httpd.conf

flattr this!

Varnish – blast your wordpress off the ground

Posted on by
2

This is my varnish configuration, which enhances the wordpress blogs:

backend default {
  .host = "localhost";
  .port = "81"; # This need to be the same as the Apache vHost port listener!
}

acl purge {
	"localhost";
}

sub vcl_recv {
	if (req.http.host ~ "^piwik.klammeraffe.org$") {
		return(pipe);
	}
	if (req.url ~ "/server-status") {
		return (pipe);
	}
	if (req.url ~ "/wp-admin") {
		return (pipe);
	}
	if (req.url ~ "/mailman") {
		return (pipe);
	}
	if (req.request == "PURGE") {
			if (!client.ip ~ purge) {
				error 405 "Not allowed.";
			}
		return(lookup);
	}
	if (req.url ~ "^/$") {
		unset req.http.cookie;
	}
}

sub vcl_hit {
	if (req.request == "PURGE") {
		set obj.ttl = 0s;
		error 200 "Purged.";
	}
}

sub vcl_miss {
	if (req.request == "PURGE") {
		error 404 "Not in cache.";
	}
	if (!(req.url ~ "wp-(login|admin)")) {
		unset req.http.cookie;
	}
	if (req.url ~ "^/[^?]+.(jpeg|jpg|png|gif|ico|js|css|txt|gz|zip|lzma|bz2|tgz|tbz|html|htm)(\?.|)$") {
		unset req.http.cookie;
		set req.url = regsub(req.url, "\?.$", "");
	}
	if (req.url ~ "^/$") {
		unset req.http.cookie;
	}
}

sub vcl_pipe {
	set bereq.http.connection = "close";
	if (req.http.X-Forwarded-For) {
		set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
	} else {
		set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
	}
}

sub vcl_pass {
	set bereq.http.connection = "close";
	if (req.http.X-Forwarded-For) {
		set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
	} else {
		set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
	}
}

sub vcl_fetch {
	if (req.url ~ "^/index.php/archives/20") {
		set beresp.http.Cache-Control = "max-age=1000";
		set beresp.ttl = 600s;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "^/$") {
		set beresp.http.Cache-Control = "max-age=30";
		set beresp.ttl = 15s;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
		set beresp.http.Cache-Control = "max-age=14400";
		set beresp.ttl = 1w;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "^/$") {
		unset beresp.http.set-cookie;
	}
	if (!(req.url ~ "wp-(login|admin)")) {
		unset beresp.http.set-cookie;
	}
	if (beresp.ttl < 60s) {
		set beresp.ttl = 60s;
	}
}

flattr this!

NVA setup – nginx varnish apache

Posted on by
1

The running WordPress blogs on a well known domain is slow, if you don’t optimize for speed. As the requests are going through the full LAMP stack, caching stuff is the first stop. Second I don’t use apache as primary delivery webserver, I use nginx to do this. I have chosen this setup as it provides lots of performance and there is no need to change anything in the existing WordPress installation. Even experienced WordPress users do not see the difference on the WordPress side.

LAMP - Linux Apache MySQL PHP

LAMP - Linux Apache MySQL PHP

From LAMP to NVA

Classical LAMP setup uses following apache config for a webserver with name based virtual hosts:

##### start ww.linuxpinguin.de
Listen 80
NameVirtualHost 178.63.61.72:80
LogFormat ”%V %v %h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User−Agent}i\”” cvh
<VirtualHost 178.63.61.72:80 >
  DocumentRoot /var/www/linuxpinguin.de
  ServerName www.linuxpinguin.de
  php_admin value open_basedir /var/www/linuxpinguin.de:/usr/share/php:/usr/share/pear
  ErrorLog /var/log/apache2/linuxpinguin.de/error.log
  CustomLog ”|/sbin/cronolog −−symlink /var/log/apache2/linuxpinguin.de/access.log /var/log/apache2/linuxpinguin.de/access.log %Y−%m” cvh
</VirtualHost>
##### ende www.linuxpinguin.de
NVA - nginx varnish apache

NVA - nginx varnish apache

This is converted into the following apache config to fit into the NVA setup. As you see only the Listen port and the binding address have changed.

<VirtualHost 127.0.0.1:81>
  <Directory "/var/www/web5/web">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Directory>
  ServerName www.linuxpinguin.de
  ServerAlias www.linux-pinguin.de
  ServerAlias linux-pinguin.de
  ServerAlias linuxpinguin.de
  ServerAdmin webmaster@linuxpinguin.de
  DocumentRoot /var/www/web5/web
  ErrorLog /var/log/apache2/error.log
  LogLevel warn
  CustomLog /var/log/apache2/access.log vhost_combined
  ServerAlias linuxpinguin.de www.linux-pinguin.de
  DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
  ScriptAlias  /cgi-bin/ /var/www/web5/cgi-bin/
  AddHandler cgi-script .cgi
  AddHandler cgi-script .pl
  ErrorLog /var/www/web5/log/error.log
  AddType application/x-httpd-php .php .php3 .php4 .php5
  php_admin_flag safe_mode On
  php_admin value open_basedir /var/www/linuxpinguin.de:/usr/share/php:/usr/share/pear
  AddType text/html .shtml
  AddOutputFilter INCLUDES .shtml
  Alias /error/ "/var/www/web5/web/error/"
  ErrorDocument 400 /error/invalidSyntax.html
  ErrorDocument 401 /error/authorizationRequired.html
  ErrorDocument 403 /error/forbidden.html
  ErrorDocument 404 /error/fileNotFound.html
  ErrorDocument 405 /error/methodNotAllowed.html
  ErrorDocument 500 /error/internalServerError.html
  ErrorDocument 503 /error/overloaded.html
  AliasMatch ^/~([^/]+)(/(.*))? /var/www/web5/user/$1/web/$3
  AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web5/user/$1/web/$3
  RewriteEngine on
  RewriteCond %{HTTP_HOST}   ^www\.linux-pinguin\.de [NC]
  RewriteRule ^/(.*)         http://www.linuxpinguin.de/$1 [L,R]
  RewriteCond %{HTTP_HOST}   ^linux-pinguin\.de [NC]
  RewriteRule ^/(.*)         http://www.linuxpinguin.de/$1 [L,R]
  RewriteCond %{HTTP_HOST}   ^linuxpinguin\.de [NC]
  RewriteRule ^/(.*)         http://www.linuxpinguin.de/$1 [L,R]
</VirtualHost>

Now were do the request for 127.0.0.1:8080 are coming from? They come from our varnish caching daemon. Here is the smallest configuration for it:

backend default {
  host = ”localhost ”;
  port = ”8080”; # This need to be the same as the Apache vHost port listener !
}

varnish itself listens on 127.0.0.1 port 6081, so we now need to know where varnish gets its requests from? They are coming from the nginx webserver. This is the configuration of the nginx:

###### start linuxpinguin.de
server {
 listen 80; # Default listen port
 server_name www.linuxpinguin.de linuxpinguin.de www.linux-pinguin.de linux-pinguin.de;
 access_log /var/log/apache2/linuxpinguin.de/access_log;
 gzip on; # Turn on gZip
 gzip_disable msie6;
 gzip_static on;
 gzip_comp_level 9;
 gzip_proxied any;
 gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;

 location / {
  proxy_redirect off; # Do not redirect this proxy - It needs to be pass-through
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Server-Address $server_addr;
  proxy_pass_header Set-Cookie;
  proxy_pass http://127.0.0.1:6081; # Pass all traffic through to Varnish
 }
}
##### end linuxpinguin.de

flattr this!

How to renew SSL certificates for courier pop3 and imap server on Debian or Ubuntu?

Posted on by
Reply

This articles describes the renewal of SSL certificates for courier pop3 and imap server. This is nescessary e.g. when the certificates are expired or contain the wrong hostname.

First delete the exsiting certificates:

rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

Then edit the template that contains the details for the ecrtificates so that the hostname in the certificate matches the hsotanme of your server and that the email address matches your postmaster email address:

vi /etc/courier/imapd.cnf
vi /etc/courier/pop3d.cnf

and create the new certificates:

mkimapdcert
mkpop3dcert

Courier pop3 and imap have to be restarted so they pick up the new certificates:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

flattr this!

Ubuntu 10.04.3 LTS released

Posted on by
Reply

“Be brief, be pointed, let your matter stand lucid in order, solid and
at hand; spend not your words on trifles but condense; strike with the
mass of thought, not drops of sense; press to the close with vigor,
once begun, and leave – how hard the task” – Joseph Story

The Ubuntu team is proud to announce the release of Ubuntu 10.04.3 LTS,
the third maintenance update to Ubuntu’s 10.04 LTS release. This
release includes updated server, desktop, alternate installation CDs
and DVDs for the i386 and amd64 architectures.

Continue reading

flattr this!