How to setup nginx varnish apache on a CentOS

Posted on by
Reply

This small script does install all necessary parts to get nginx, varnish and apache running on your CentOS:

yum install screen sysstat net-snmp htop
rpm --nosignature -i http://repo.varnish-cache.org/redhat/el5/noarch/varnish-release-2.1-2.noarch.rpm
yum install varnish
wget http://download.fedora.redhat.com/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm -Uvh epel-release-5-4.noarch.rpm
yum install nginx
chkconfig varnish on
chkconfig httpd on
chkconfig nginx on
vi /etc/nginx/nginx.conf
vi /etc/nginx/conf.d/virtual.conf
vi /etc/varnish/default.vcl
vi /etc/httpd/conf/httpd.conf

flattr this!

htop

Posted on by
Reply

I like this version of top most:

  1  [|                         1.3%]     Tasks: 197 total, 1 running
  2  [|                         1.1%]     Load average: 0.30 0.31 0.25
  3  [                          0.0%]     Uptime: 59 days, 00:50:09
  4  [|                         1.3%]
  5  [                          0.0%]
  6  [                          0.0%]
  7  [                          0.0%]
  8  [                          0.0%]
  Mem[|||||||||||||||||||1760/7995MB]
  Swp[|                    16/4100MB]

  PID USER     PRI  NI  VIRT   RES   SHR S CPU% MEM%   TIME+  Command
    1 root      20   0 23692  1736  1232 S  0.0  0.0  0:04.56 /sbin/init
30572 proxy     20   0 28768  6860  1860 S  0.0  0.1  0:53.03  `- /usr/sbin/squi
30573 proxy     20   0  3860   428   340 S  0.0  0.0  0:00.07  |   `- (unlinkd)
28675 root      20   0 28412  1288   320 S  0.0  0.0  0:00.00  `- nginx: master
28677 www-data  20   0 29180  2812   940 S  0.0  0.0  0:31.35  |   `- nginx: wor
28676 www-data  20   0 29180  2808   936 S  0.0  0.0  0:33.21  |   `- nginx: wor
28345 bind      20   0  273M 68152  2404 S  0.0  0.8  0:00.01  `- /usr/sbin/name
28355 bind      20   0  273M 68152  2404 S  0.0  0.8  1:32.96  |   `- /usr/sbin/
28354 bind      20   0  273M 68152  2404 S  0.0  0.8  0:04.61  |   `- /usr/sbin/
28353 bind      20   0  273M 68152  2404 S  0.0  0.8  1:00.34  |   `- /usr/sbin/
F1Help  F2Setup F3SearchF4InvertF5Tree  F6SortByF7Nice -F8Nice +F9Kill  F10Quit

flattr this!

Atomic Floyd

Posted on by
Reply

After being bugged with yearly broken headphones. I invested a bit more money and got these awesome metal rugged ones. They are perfect.

Atomic Floyd - Package Inside
Atomic Floyd - Package Inside
Atomic Floyd - Package Back
Atomic Floyd - Package Back
Atomic Floyd - Headphones metal connection and controls
Atomic Floyd - Headphones metal connection and controls

Atomic Floyd - Package Front
Atomic Floyd - Package Front
Atomic Floyd - Earplugs and jack
Atomic Floyd - Earplugs and jack
Atomic Floyd - Headset
Atomic Floyd - Headset

Atomic Floyd - Headphones jack
Atomic Floyd - Headphones jack

flattr this!

Varnish – blast your wordpress off the ground

Posted on by
2

This is my varnish configuration, which enhances the wordpress blogs:

backend default {
  .host = "localhost";
  .port = "81"; # This need to be the same as the Apache vHost port listener!
}

acl purge {
	"localhost";
}

sub vcl_recv {
	if (req.http.host ~ "^piwik.klammeraffe.org$") {
		return(pipe);
	}
	if (req.url ~ "/server-status") {
		return (pipe);
	}
	if (req.url ~ "/wp-admin") {
		return (pipe);
	}
	if (req.url ~ "/mailman") {
		return (pipe);
	}
	if (req.request == "PURGE") {
			if (!client.ip ~ purge) {
				error 405 "Not allowed.";
			}
		return(lookup);
	}
	if (req.url ~ "^/$") {
		unset req.http.cookie;
	}
}

sub vcl_hit {
	if (req.request == "PURGE") {
		set obj.ttl = 0s;
		error 200 "Purged.";
	}
}

sub vcl_miss {
	if (req.request == "PURGE") {
		error 404 "Not in cache.";
	}
	if (!(req.url ~ "wp-(login|admin)")) {
		unset req.http.cookie;
	}
	if (req.url ~ "^/[^?]+.(jpeg|jpg|png|gif|ico|js|css|txt|gz|zip|lzma|bz2|tgz|tbz|html|htm)(\?.|)$") {
		unset req.http.cookie;
		set req.url = regsub(req.url, "\?.$", "");
	}
	if (req.url ~ "^/$") {
		unset req.http.cookie;
	}
}

sub vcl_pipe {
	set bereq.http.connection = "close";
	if (req.http.X-Forwarded-For) {
		set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
	} else {
		set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
	}
}

sub vcl_pass {
	set bereq.http.connection = "close";
	if (req.http.X-Forwarded-For) {
		set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
	} else {
		set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
	}
}

sub vcl_fetch {
	if (req.url ~ "^/index.php/archives/20") {
		set beresp.http.Cache-Control = "max-age=1000";
		set beresp.ttl = 600s;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "^/$") {
		set beresp.http.Cache-Control = "max-age=30";
		set beresp.ttl = 15s;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "\.(png|gif|jpg|swf|css|js)$") {
		set beresp.http.Cache-Control = "max-age=14400";
		set beresp.ttl = 1w;
		unset beresp.http.set-cookie;
		return (deliver);
	}
	if (req.url ~ "^/$") {
		unset beresp.http.set-cookie;
	}
	if (!(req.url ~ "wp-(login|admin)")) {
		unset beresp.http.set-cookie;
	}
	if (beresp.ttl < 60s) {
		set beresp.ttl = 60s;
	}
}

flattr this!

NVA setup – nginx varnish apache

Posted on by
1

The running WordPress blogs on a well known domain is slow, if you don’t optimize for speed. As the requests are going through the full LAMP stack, caching stuff is the first stop. Second I don’t use apache as primary delivery webserver, I use nginx to do this. I have chosen this setup as it provides lots of performance and there is no need to change anything in the existing WordPress installation. Even experienced WordPress users do not see the difference on the WordPress side.

LAMP - Linux Apache MySQL PHP

LAMP - Linux Apache MySQL PHP

From LAMP to NVA

Classical LAMP setup uses following apache config for a webserver with name based virtual hosts:

##### start ww.linuxpinguin.de
Listen 80
NameVirtualHost 178.63.61.72:80
LogFormat ”%V %v %h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User−Agent}i\”” cvh
<VirtualHost 178.63.61.72:80 >
  DocumentRoot /var/www/linuxpinguin.de
  ServerName www.linuxpinguin.de
  php_admin value open_basedir /var/www/linuxpinguin.de:/usr/share/php:/usr/share/pear
  ErrorLog /var/log/apache2/linuxpinguin.de/error.log
  CustomLog ”|/sbin/cronolog −−symlink /var/log/apache2/linuxpinguin.de/access.log /var/log/apache2/linuxpinguin.de/access.log %Y−%m” cvh
</VirtualHost>
##### ende www.linuxpinguin.de
NVA - nginx varnish apache

NVA - nginx varnish apache

This is converted into the following apache config to fit into the NVA setup. As you see only the Listen port and the binding address have changed.

<VirtualHost 127.0.0.1:81>
  <Directory "/var/www/web5/web">
    Options Indexes FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Directory>
  ServerName www.linuxpinguin.de
  ServerAlias www.linux-pinguin.de
  ServerAlias linux-pinguin.de
  ServerAlias linuxpinguin.de
  ServerAdmin webmaster@linuxpinguin.de
  DocumentRoot /var/www/web5/web
  ErrorLog /var/log/apache2/error.log
  LogLevel warn
  CustomLog /var/log/apache2/access.log vhost_combined
  ServerAlias linuxpinguin.de www.linux-pinguin.de
  DirectoryIndex index.html index.htm index.php index.php5 index.php4 index.php3 index.shtml index.cgi index.pl index.jsp Default.htm default.htm
  ScriptAlias  /cgi-bin/ /var/www/web5/cgi-bin/
  AddHandler cgi-script .cgi
  AddHandler cgi-script .pl
  ErrorLog /var/www/web5/log/error.log
  AddType application/x-httpd-php .php .php3 .php4 .php5
  php_admin_flag safe_mode On
  php_admin value open_basedir /var/www/linuxpinguin.de:/usr/share/php:/usr/share/pear
  AddType text/html .shtml
  AddOutputFilter INCLUDES .shtml
  Alias /error/ "/var/www/web5/web/error/"
  ErrorDocument 400 /error/invalidSyntax.html
  ErrorDocument 401 /error/authorizationRequired.html
  ErrorDocument 403 /error/forbidden.html
  ErrorDocument 404 /error/fileNotFound.html
  ErrorDocument 405 /error/methodNotAllowed.html
  ErrorDocument 500 /error/internalServerError.html
  ErrorDocument 503 /error/overloaded.html
  AliasMatch ^/~([^/]+)(/(.*))? /var/www/web5/user/$1/web/$3
  AliasMatch ^/users/([^/]+)(/(.*))? /var/www/web5/user/$1/web/$3
  RewriteEngine on
  RewriteCond %{HTTP_HOST}   ^www\.linux-pinguin\.de [NC]
  RewriteRule ^/(.*)         http://www.linuxpinguin.de/$1 [L,R]
  RewriteCond %{HTTP_HOST}   ^linux-pinguin\.de [NC]
  RewriteRule ^/(.*)         http://www.linuxpinguin.de/$1 [L,R]
  RewriteCond %{HTTP_HOST}   ^linuxpinguin\.de [NC]
  RewriteRule ^/(.*)         http://www.linuxpinguin.de/$1 [L,R]
</VirtualHost>

Now were do the request for 127.0.0.1:8080 are coming from? They come from our varnish caching daemon. Here is the smallest configuration for it:

backend default {
  host = ”localhost ”;
  port = ”8080”; # This need to be the same as the Apache vHost port listener !
}

varnish itself listens on 127.0.0.1 port 6081, so we now need to know where varnish gets its requests from? They are coming from the nginx webserver. This is the configuration of the nginx:

###### start linuxpinguin.de
server {
 listen 80; # Default listen port
 server_name www.linuxpinguin.de linuxpinguin.de www.linux-pinguin.de linux-pinguin.de;
 access_log /var/log/apache2/linuxpinguin.de/access_log;
 gzip on; # Turn on gZip
 gzip_disable msie6;
 gzip_static on;
 gzip_comp_level 9;
 gzip_proxied any;
 gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;

 location / {
  proxy_redirect off; # Do not redirect this proxy - It needs to be pass-through
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Server-Address $server_addr;
  proxy_pass_header Set-Cookie;
  proxy_pass http://127.0.0.1:6081; # Pass all traffic through to Varnish
 }
}
##### end linuxpinguin.de

flattr this!

Just|Mobile Gum Plus

Posted on by
Reply
Just|Mobile Gum Plus Power Pack

Just|Mobile Gum Plus Power Pack

Just got my hands on this little beauty. Charges via MiniUSB and delivers power via USB port to charge your iPhone or Mifi or whatever needs to be charged.
It does charge your iPhone4 up to three times. The 4400mAh capacity is delivered as 1000 mA.
The power pack comes with iPhone charging cable, USB charging cable and a nifty carrying pouch.

flattr this!

How to renew SSL certificates for courier pop3 and imap server on Debian or Ubuntu?

Posted on by
Reply

This articles describes the renewal of SSL certificates for courier pop3 and imap server. This is nescessary e.g. when the certificates are expired or contain the wrong hostname.

First delete the exsiting certificates:

rm -f /etc/courier/imapd.pem
rm -f /etc/courier/pop3d.pem

Then edit the template that contains the details for the ecrtificates so that the hostname in the certificate matches the hsotanme of your server and that the email address matches your postmaster email address:

vi /etc/courier/imapd.cnf
vi /etc/courier/pop3d.cnf

and create the new certificates:

mkimapdcert
mkpop3dcert

Courier pop3 and imap have to be restarted so they pick up the new certificates:

/etc/init.d/courier-imap-ssl restart
/etc/init.d/courier-pop-ssl restart

flattr this!

Ubuntu 10.04.3 LTS released

Posted on by
Reply

“Be brief, be pointed, let your matter stand lucid in order, solid and
at hand; spend not your words on trifles but condense; strike with the
mass of thought, not drops of sense; press to the close with vigor,
once begun, and leave – how hard the task” – Joseph Story

The Ubuntu team is proud to announce the release of Ubuntu 10.04.3 LTS,
the third maintenance update to Ubuntu’s 10.04 LTS release. This
release includes updated server, desktop, alternate installation CDs
and DVDs for the i386 and amd64 architectures.

Continue reading

flattr this!

Buffalo Terastation not mounting under Lion [Update3]

Posted on by
10

The access to an access limit folder by the AFP is not possible. Time Machine backup is not possible
Firmware update for improvement is planned.

My workaround is to mount it via SMB.

Source: http://www.buffalo-technology.com/knowledgebase/users/kb.php?id=10271&category_id=0&sid2=

[Update] See also (in german): Heise.de Praxistipps zu Lion

[Update 2] Here is a workaround on the support pages from Apple. 

Lion and Lion Server maintains a list of authentication methods that are not allowed. These are the older, less secure authentication methods. You may need to enable one or more of these methods to support legacy devices or protocols.

  1. Open Terminal.
  2. Execute the following commands: 
    sudo chmod o+w /Library/Preferences
sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_host_prefs_version -int 1


  3. Restart the computer.
  4. For an AFP connection, on the client make an AFP connection to another system so that the AFP Client preference file will be filled in with the default set of values.If you want to enable a different User Authentication Method (UAM), execute the apprpriate Terminal command on the client system. For example, this command enables DHCAST128 by removing it from the list of disabled methods: 
    sudo defaults write /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams -array "Cleartxt Passwrd" "MS2.0" "2-Way Randnum exchange"


Additional Information

To see a list of the disabled User Authentication Methods (UAM), run the following command in Terminal on the client:

 

defaults read /Library/Preferences/com.apple.AppleShareClient afp_disabled_uams


 Typically, the disabled UAMs  are “Cleartxt Passwrd”, “MS2.0″, “2-Way Randnum exchange”, and DHCAST128.

To enable one of these UAMs, the list of disallowed methods needs to not list the UAM that you want to exclude.

[Update3] Buffalo released some beta firmware updates. See Compatible devices

flattr this!