January 21st, 2010 — Linux
Webpagetest.org is a great tool to learn how you can improve your website loading time (you should use it if you aren’t using it already).
Today after running a report I’ve seen that we had a large image on the home page that can be compressed to minimize loading time.
Smaller images means faster pages, faster pages means happy users 
. To compress images on Linux there are at least 2 alternatives:
OptiPNG: Advanced PNG Optimizer
OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats (BMP, GIF, PNM and TIFF) to optimized PNG, and performs PNG integrity checks and corrections.
Install optipng package from EPEL repository:
[root@silver ~]# yum install optipng
[...]
[root@silver ~]# optipng
OptiPNG 0.6.2: Advanced PNG optimizer.
Copyright (C) 2001-2008 Cosmin Truta.
Type "optipng -h" for advanced help.
Synopsis:
optipng [options] files ...
Files:
Image files of type: PNG, BMP, GIF, PNM or TIFF
Basic options:
-h, -help show the advanced help
-v verbose mode / show copyright, version and build info
-o <level> optimization level (0-7) default 2
-i <type> interlace type (0-1) default <input>
-k, -keep keep a backup of the modified files
-q, -quiet quiet mode
Examples:
optipng file.png (default speed)
optipng -o5 file.png (moderately slow)
optipng -o7 file.png (very slow)Pngcrush
Pngcrush is an optimizer for PNG (Portable Network Graphics) files. It can be run from a commandline in an MSDOS window, or from a UNIX or LINUX commandline.
Its main purpose is to reduce the size of the PNG IDAT datastream by trying various compression levels an PNG filter methods. It also can be used to remove unwanted ancillary chunks, or to add certain chunks including gAMA, tRNS, iCCP, and textual chunks.
Install pngcrush from DAG’s repository:
[root@silver ~]# yum install pngcrush
[...]
[root@silver ~]# pngcrush --help
| pngcrush 1.7.3
| Copyright (C) 1998-2002,2006-2009 Glenn Randers-Pehrson
| Copyright (C) 2005 Greg Roelofs
| This is a free, open-source program. Permission is irrevocably
| granted to everyone to use this version of pngcrush without
| payment of any fee.
| Executable name is pngcrush
| It was built with libpng version 1.2.40, and is
| running with libpng version 1.2.40 - September 10, 2009
| Copyright (C) 1998-2004,2006-2009 Glenn Randers-Pehrson,
| Copyright (C) 1996, 1997 Andreas Dilger,
| Copyright (C) 1995, Guy Eric Schalnat, Group 42 Inc.,
| and zlib version 1.2.3.3, Copyright (C) 1998-2002 (or later),
| Jean-loup Gailly and Mark Adler.
| It was compiled with gcc version 4.1.2 20080704 (Red Hat 4.1.2-46).
[...]
usage: pngcrush [options] infile.png outfile.png
pngcrush -e ext [other options] files.png ...
pngcrush -d dir [other options] files.png ...
options:
[...]Now you can compress PNG images to reduce its size using command line:
[vitalie@silver ~]$ optipng -o7 example.png
[vitalie@silver ~]$ pngcrush -brute -e ".compressed.png" *png
I’ve achieved 20% – 24% file size reduction after compression.
More on the subject:
Indopedia
Raymond.cc
December 18th, 2009 — Linux, MySQL
Somehow my Lua rpm package missed the /usr/lib/pkgconfig/lua.pc file and MysqlProxy couldn’t detect Lua install:
[vitalie@silver tmp]$ rpmbuild -ta --define 'with_lua 1' mysql-proxy-0.6.0.tar.gz
[...]
checking for LUA... checking for LUA... configure: error: Package requirements (lua5.1 >= 5.1) were not met:
No package 'lua5.1' found
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
Alternatively, you may set the environment variables LUA_CFLAGS
and LUA_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.
The solution was to specify LUA_CFLAGS and LUA_LIBS variables:
[vitalie@silver tmp]$ LUA_CFLAGS="-I/usr/include" LUA_LIBS="-llua -lm -ldl" rpmbuild -ta --define 'with_lua 1' mysql-proxy-0.6.0.tar.gz
[...]
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: libc.so.6()(64bit) libc.so.6(GLIBC_2.2.5)(64bit) libc.so.6(GLIBC_2.3)(64bit) libc.so.6(GLIBC_2.3.4)(64bit) libc.so.6(GLIBC_2.4)(64bit) libdl.so.2()(64bit) libdl.so.2(GLIBC_2.2.5)(64bit) libevent-1.1a.so.1()(64bit) libglib-2.0.so.0()(64bit) libm.so.6()(64bit) libm.so.6(GLIBC_2.2.5)(64bit) rtld(GNU_HASH)
Processing files: mysql-proxy-debuginfo-0.6.0-0
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/vitalie/rpmbuild/tmp/mysql-proxy-0.6.0-0-root
Wrote: /home/vitalie/rpmbuild/SRPMS/mysql-proxy-0.6.0-0.src.rpm
Wrote: /home/vitalie/rpmbuild/RPMS/x86_64/mysql-proxy-0.6.0-0.x86_64.rpm
Wrote: /home/vitalie/rpmbuild/RPMS/x86_64/mysql-proxy-debuginfo-0.6.0-0.x86_64.rpm
Executing(%clean): /bin/sh -e /home/vitalie/rpmbuild/tmp/rpm-tmp.9187
[...]
References:
October 24th, 2009 — Linux, Rails, Ruby
Installing RMagick 2 on CentOS/RHEL 5 it’s not that hard, you just need to install ImageMagick newer than 6.3.5 (CentOS/RHEL 5 is shipping ImageMagick 6.2.8) and that’s the hardest part of the job.
[root@silver ~]# gem install rmagick
Building native extensions. This could take a while...
ERROR: Error installing rmagick:
ERROR: Failed to build gem native extension.
/usr/local/bin/ruby extconf.rb
checking for Ruby version >= 1.8.5... yes
checking for gcc... yes
checking for Magick-config... yes
checking for ImageMagick version >= 6.3.5... no
Can't install RMagick 2.12.2. You must have ImageMagick 6.3.5 or later.I’ve tried to avoid ImageMagick upgrade and to install RMagick 1, but RMagick 1 failed to install with a strange compile error, probably because the gcc compliler shipped with CentOS/RHEL 5 is too new for version 1.
I didn’t wanted to patch RMagick 1, neither to install from sources (I do prefer RPM packages). So, I’ve decided to upgrade ImageMagick library to satisfy RMagick 2 requirements.
Subscribe your system to the following repositories:
Install the following packages:
[root@silver ~]# yum --enablerepo=epel --enablerepo=rpmforge --enablerepo=centosplus install djvulibre-devel libwmf-devel jasper-devel libtool-ltdl-devel librsvg2-devel openexr-devel graphviz-devel gcc gcc-c++ ghostscript freetype-devel libjpeg-devel libpng-devel giflib-devel libwmf-devel libexif-devel libtiff-devel
Add “–noplugins” if you are using “yum-priorities”, or it will fail to install packages.
Download ImageMagick.spec to your SPECS directory and ImageMagick-6.5.7-0.tar.bz2 to SOURCES directory and then rebuild the rpm using rpmbuild:
[root@silver SPECS]# rpmbuild -ba ImageMagick.spec
[...]
Or just grab the source RPM from here:
http://red.penguin.ro/SRPMS/ImageMagick-6.5.7-0.src.rpm
and build it:
[root@silver ~]# rpmbuild --rebuild ImageMagick-6.5.7-0.src.rpm
Installing ImageMagick-6.5.7-0.src.rpm
warning: user vitalie does not exist - using root
warning: group vitalie does not exist - using root
warning: user vitalie does not exist - using root
warning: group vitalie does not exist - using root
Executing(%prep): /bin/sh -e /home/worf/rpmbuild/tmp/rpm-tmp.11936
+ umask 022
+ cd /home/worf/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /home/worf/rpmbuild/BUILD
+ rm -rf ImageMagick-6.5.7-0
+ /usr/bin/bzip2 -dc /home/worf/rpmbuild/SOURCES/ImageMagick-6.5.7-0.tar.bz2
+ tar -xf -
[...]
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Requires: /bin/sh ImageMagick-c++ = 6.5.7-0 ImageMagick-devel = 6.5.7-0 libMagick++.so.2()(64bit)
Processing files: ImageMagick-debuginfo-6.5.7-0
Provides: Magick.so.debug()(64bit) analyze.so.debug()(64bit) art.so.debug()(64bit) avi.so.debug()(64bit) avs.so.debug()(64bit) bmp.so.debug()(64bit) braille.so.debug()(64bit) cals.so.debug()(64bit) caption.so.debug()(64bit) cin.so.debug()(64bit) cip.so.debug()(64bit) clip.so.debug()(64bit) cmyk.so.debug()(64bit) cut.so.debug()(64bit) dcm.so.debug()(64bit) dds.so.debug()(64bit) dib.so.debug()(64bit) djvu.so.debug()(64bit) dng.so.debug()(64bit) dot.so.debug()(64bit) dpx.so.debug()(64bit) ept.so.debug()(64bit) fax.so.debug()(64bit) fits.so.debug()(64bit) gif.so.debug()(64bit) gradient.so.debug()(64bit) gray.so.debug()(64bit) hald.so.debug()(64bit) histogram.so.debug()(64bit) hrz.so.debug()(64bit) html.so.debug()(64bit) icon.so.debug()(64bit) info.so.debug()(64bit) inline.so.debug()(64bit) ipl.so.debug()(64bit) jp2.so.debug()(64bit) jpeg.so.debug()(64bit) label.so.debug()(64bit) libMagick++.so.2.0.0.debug()(64bit) libMagickCore.so.2.0.0.debug()(64bit) libMagickWand.so.2.0.0.debug()(64bit) magick.so.debug()(64bit) map.so.debug()(64bit) mat.so.debug()(64bit) matte.so.debug()(64bit) meta.so.debug()(64bit) miff.so.debug()(64bit) mono.so.debug()(64bit) mpc.so.debug()(64bit) mpeg.so.debug()(64bit) mpr.so.debug()(64bit) msl.so.debug()(64bit) mtv.so.debug()(64bit) mvg.so.debug()(64bit) null.so.debug()(64bit) otb.so.debug()(64bit) palm.so.debug()(64bit) pattern.so.debug()(64bit) pcd.so.debug()(64bit) pcl.so.debug()(64bit) pcx.so.debug()(64bit) pdb.so.debug()(64bit) pdf.so.debug()(64bit) pict.so.debug()(64bit) pix.so.debug()(64bit) plasma.so.debug()(64bit) png.so.debug()(64bit) pnm.so.debug()(64bit) preview.so.debug()(64bit) ps.so.debug()(64bit) ps2.so.debug()(64bit) ps3.so.debug()(64bit) psd.so.debug()(64bit) pwp.so.debug()(64bit) raw.so.debug()(64bit) rgb.so.debug()(64bit) rla.so.debug()(64bit) rle.so.debug()(64bit) scr.so.debug()(64bit) sct.so.debug()(64bit) sfw.so.debug()(64bit) sgi.so.debug()(64bit) stegano.so.debug()(64bit) sun.so.debug()(64bit) svg.so.debug()(64bit) tga.so.debug()(64bit) thumbnail.so.debug()(64bit) tiff.so.debug()(64bit) tile.so.debug()(64bit) tim.so.debug()(64bit) ttf.so.debug()(64bit) txt.so.debug()(64bit) uil.so.debug()(64bit) url.so.debug()(64bit) uyvy.so.debug()(64bit) vicar.so.debug()(64bit) vid.so.debug()(64bit) viff.so.debug()(64bit) wbmp.so.debug()(64bit) wmf.so.debug()(64bit) wpg.so.debug()(64bit) x.so.debug()(64bit) xbm.so.debug()(64bit) xc.so.debug()(64bit) xcf.so.debug()(64bit) xpm.so.debug()(64bit) xps.so.debug()(64bit) xwd.so.debug()(64bit) ycbcr.so.debug()(64bit) yuv.so.debug()(64bit)
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/worf/rpmbuild/tmp/ImageMagick-6.5.7-0-root-root
Wrote: /home/worf/rpmbuild/RPMS/x86_64/ImageMagick-6.5.7-0.x86_64.rpm
Wrote: /home/worf/rpmbuild/RPMS/x86_64/ImageMagick-devel-6.5.7-0.x86_64.rpm
Wrote: /home/worf/rpmbuild/RPMS/x86_64/ImageMagick-doc-6.5.7-0.x86_64.rpm
Wrote: /home/worf/rpmbuild/RPMS/x86_64/ImageMagick-perl-6.5.7-0.x86_64.rpm
Wrote: /home/worf/rpmbuild/RPMS/x86_64/ImageMagick-c++-6.5.7-0.x86_64.rpm
Wrote: /home/worf/rpmbuild/RPMS/x86_64/ImageMagick-c++-devel-6.5.7-0.x86_64.rpm
Wrote: /home/worf/rpmbuild/RPMS/x86_64/ImageMagick-debuginfo-6.5.7-0.x86_64.rpm
Executing(%clean): /bin/sh -e /home/worf/rpmbuild/tmp/rpm-tmp.25482
+ umask 022
+ cd /home/worf/rpmbuild/BUILD
+ cd ImageMagick-6.5.7-0
+ rm -rf /home/worf/rpmbuild/tmp/ImageMagick-6.5.7-0-root-root
+ exit 0
Executing(--clean): /bin/sh -e /home/worf/rpmbuild/tmp/rpm-tmp.25482
+ umask 022
+ cd /home/worf/rpmbuild/BUILD
+ rm -rf ImageMagick-6.5.7-0
+ exit 0
Uninstall i386 ImageMagick libraries if you are on x86_64 system:
[root@silver ~]# rpm -qa | grep ImageMagick | grep -i i386 | xargs rpm -e
Install the new RPMs compiled in the previous steps:
[root@silver x86_64]# rpm -Uvh ImageMagick-6.5.7-0.x86_64.rpm ImageMagick-c++-6.5.7-0.x86_64.rpm ImageMagick-c++-devel-6.5.7-0.x86_64.rpm ImageMagick-devel-6.5.7-0.x86_64.rpm
Finally, install the RMagick 2 plugin:
[root@silver ~]# gem install rmagick --no-rdoc --no-ri
Building native extensions. This could take a while...
Successfully installed rmagick-2.12.2
1 gem installed
October 21st, 2009 — Ruby
Ruby Enterprise Edition is a server-oriented friendly branch of Ruby which includes various enhancements:
* A copy-on-write friendly garbage collector. Phusion Passenger uses this, in combination with a technique called preforking, to reduce Ruby on Rails applications’ memory usage by 33% on average.
* An improved memory allocator called tcmalloc, which improves performance quite a bit.
* The ability to tweak garbage collector settings for maximum server performance, and the ability to inspect the garbage collector’s state. (RailsBench GC patch)
* The ability to dump stack traces for all running threads (caller_for_all_threads), making it easier for one to debug multithreaded Ruby web applications.
More on Ruby Enterprise Edition’s website:
http://www.rubyenterpriseedition.com/
Download source rpm:
ruby-enterprise-1.8.7-1.el5.src.rpm
Build rpm package using rpmbuild:
[vitalie@silver SRPMS]$ rpmbuild --rebuild --define 'dist el5' ruby-enterprise-1.8.7-1.el5.src.rpm
Installing ruby-enterprise-1.8.7-1.el5.src.rpm
Executing(%prep): /bin/sh -e /home/vitalie/rpmbuild/tmp/rpm-tmp.89437
+ umask 022
+ cd /home/vitalie/rpmbuild/BUILD
+ LANG=C
+ export LANG
+ unset DISPLAY
+ cd /home/vitalie/rpmbuild/BUILD
+ rm -rf ruby-enterprise-1.8.7-20090928
+ /bin/gzip -dc /home/vitalie/rpmbuild/SOURCES/ruby-enterprise-1.8.7-20090928.tar.gz
+ tar -xf -
+ STATUS=0
+ '[' 0 -ne 0 ']'
+ cd ruby-enterprise-1.8.7-20090928
++ /usr/bin/id -u
+ '[' 500 = 0 ']'
++ /usr/bin/id -u
+ '[' 500 = 0 ']'
+ /bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ exit 0
Executing(%build): /bin/sh -e /home/vitalie/rpmbuild/tmp/rpm-tmp.89437
+ umask 022
+ cd /home/vitalie/rpmbuild/BUILD
+ cd ruby-enterprise-1.8.7-20090928
+ LANG=C
+ export LANG
+ unset DISPLAY
+ ./installer --auto /usr/local --dont-install-useful-gems --destdir /home/vitalie/rpmbuild/tmp/ruby-enterprise-1.8.7-20090928-root-vitalie
[...]
Provides: ruby-enterprise(rubygems) = 1.3.2
Requires(interp): /bin/sh
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 rpmlib(VersionedDependencies) <= 3.0.3-1
Requires(pre): /bin/sh
Requires: /usr/local/bin/ruby ruby-enterprise >= 1.8
Processing files: ruby-enterprise-debuginfo-1.8.7-1.el5
Provides: bigdecimal.so.debug()(64bit) bubblebabble.so.debug()(64bit) cparse.so.debug()(64bit) curses.so.debug()(64bit) dbm.so.debug()(64bit) digest.so.debug()(64bit) dl.so.debug()(64bit) etc.so.debug()(64bit) fcntl.so.debug()(64bit) gdbm.so.debug()(64bit) iconv.so.debug()(64bit) libtcmalloc_minimal.so.0.0.0.debug()(64bit) md5.so.debug()(64bit) nkf.so.debug()(64bit) openssl.so.debug()(64bit) pty.so.debug()(64bit) readline.so.debug()(64bit) rmd160.so.debug()(64bit) sdbm.so.debug()(64bit) sha1.so.debug()(64bit) sha2.so.debug()(64bit) socket.so.debug()(64bit) stringio.so.debug()(64bit) strscan.so.debug()(64bit) syck.so.debug()(64bit) syslog.so.debug()(64bit) thread.so.debug()(64bit) wait.so.debug()(64bit) zlib.so.debug()(64bit)
Requires(rpmlib): rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1
Checking for unpackaged file(s): /usr/lib/rpm/check-files /home/vitalie/rpmbuild/tmp/ruby-enterprise-1.8.7-20090928-root-vitalie
Wrote: /home/vitalie/rpmbuild/RPMS/x86_64/ruby-enterprise-1.8.7-1.el5.x86_64.rpm
Wrote: /home/vitalie/rpmbuild/RPMS/x86_64/ruby-enterprise-rubygems-1.3.2-1.el5.x86_64.rpm
Wrote: /home/vitalie/rpmbuild/RPMS/x86_64/ruby-enterprise-debuginfo-1.8.7-1.el5.x86_64.rpm
Executing(%clean): /bin/sh -e /home/vitalie/rpmbuild/tmp/rpm-tmp.76776
+ umask 022
+ cd /home/vitalie/rpmbuild/BUILD
+ cd ruby-enterprise-1.8.7-20090928
+ rm -rf /home/vitalie/rpmbuild/tmp/ruby-enterprise-1.8.7-20090928-root-vitalie
+ exit 0
Executing(--clean): /bin/sh -e /home/vitalie/rpmbuild/tmp/rpm-tmp.76776
+ umask 022
+ cd /home/vitalie/rpmbuild/BUILD
+ rm -rf ruby-enterprise-1.8.7-20090928
+ exit 0
Alternatively you can download just spec file and grab sources from the REE’s website:
ruby-enterprise.spec
October 15th, 2009 — Linux, Rails
Keeping a separate file for each virtual host in /etc/httpd/vhosts.d it’s clean and cool, but when you have many virtual hosts with same settings it’s a pain to keep them updated. We need a template system for Apache configurations and mod_macro module it’s a handy tool for this job.
Download module version suited for your Apache from:
http://www.cri.ensmp.fr/~coelho/mod_macro/
Ensure that you have httpd-devel package installed then untar archive and compile mod_macro module with apxs:
[root@silver tmp]# wget http://www.cri.ensmp.fr/~coelho/mod_macro/mod_macro-1.1.10.tar.bz2
[...]
[root@silver tmp]# tar xvfjp mod_macro-1.1.10.tar.bz2
[...]
[root@silver tmp]# cd mod_macro-1.1.10
[root@silver mod_macro-1.1.10]# apxs -cia mod_macro.c
/usr/lib64/apr-1/build/libtool --silent --mode=compile gcc -prefer-pic -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic -fno-strict-aliasing -DLINUX=2 -D_REENTRANT -D_GNU_SOURCE -pthread -I/usr/include/httpd -I/usr/include/apr-1 -I/usr/include/apr-1 -c -o mod_macro.lo mod_macro.c && touch mod_macro.slo
mod_macro.c: In function 'looks_like_an_argument':
mod_macro.c:316: warning: cast from pointer to integer of different size
mod_macro.c: In function 'say_it':
mod_macro.c:929: warning: cast from pointer to integer of different size
/usr/lib64/apr-1/build/libtool --silent --mode=link gcc -o mod_macro.la -rpath /usr/lib64/httpd/modules -module -avoid-version mod_macro.lo
/usr/lib64/httpd/build/instdso.sh SH_LIBTOOL='/usr/lib64/apr-1/build/libtool' mod_macro.la /usr/lib64/httpd/modules
/usr/lib64/apr-1/build/libtool --mode=install cp mod_macro.la /usr/lib64/httpd/modules/
cp .libs/mod_macro.so /usr/lib64/httpd/modules/mod_macro.so
cp .libs/mod_macro.lai /usr/lib64/httpd/modules/mod_macro.la
cp .libs/mod_macro.a /usr/lib64/httpd/modules/mod_macro.a
chmod 644 /usr/lib64/httpd/modules/mod_macro.a
ranlib /usr/lib64/httpd/modules/mod_macro.a
PATH="$PATH:/sbin" ldconfig -n /usr/lib64/httpd/modules
----------------------------------------------------------------------
Libraries have been installed in:
/usr/lib64/httpd/modules
If you ever happen to want to link against installed libraries
in a given directory, LIBDIR, you must either use libtool, and
specify the full pathname of the library, or use the `-LLIBDIR'
flag during linking and do at least one of the following:
- add LIBDIR to the `LD_LIBRARY_PATH' environment variable
during execution
- add LIBDIR to the `LD_RUN_PATH' environment variable
during linking
- use the `-Wl,--rpath -Wl,LIBDIR' linker flag
- have your system administrator add LIBDIR to `/etc/ld.so.conf'
See any operating system documentation about shared libraries for
more information, such as the ld(1) and ld.so(8) manual pages.
----------------------------------------------------------------------
chmod 755 /usr/lib64/httpd/modules/mod_macro.so
[activating module `macro' in /etc/httpd/conf/httpd.conf]Create a file that will keep your macros in Apache’s conf.d directory (example: _mod_macro.conf), conf.d files are executed after modules are loaded:
# /etc/httpd/conf.d/_mod_macro.conf
# RailsHost macro
<Macro RailsHost $host $dir>
<VirtualHost *:80>
ServerName www.$host
ServerAlias $host
DocumentRoot $dir/current/public
CustomLog "logs/$host_access.log" combined
ErrorLog "logs/$host_error.log"
# Passenger settings
RailsBaseURI /
RailsMaxPoolSize 1
RailsPoolIdleTime 3600
RailsEnv production
# Redirect example.com -> www.example.com
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www.$host
RewriteRule ^/(.*) http://www.$host/$1 [R=301,L]
# Check for maintenance file and redirect all requests
RewriteCond %{DOCUMENT_ROOT}/system/maintenance.html -f
RewriteCond %{SCRIPT_FILENAME} !maintenance.html
RewriteCond %{SCRIPT_FILENAME} !^/images
RewriteCond %{SCRIPT_FILENAME} !^/stylesheets
RewriteCond %{SCRIPT_FILENAME} !^/javascripts
RewriteRule ^.*$ /system/maintenance.html [L]
ErrorDocument 404 $dir/current/public/404.html
ErrorDocument 422 $dir/current/public/422.html
ErrorDocument 500 $dir/current/public/500.html
Use ModDeflate
Use ModExpires
<Directory $dir/current/public>
Options FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
</Macro>
# ModDeflate macro
<Macro ModDeflate>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4\.0[678] no-gzip
BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>
</Macro>
# ModExpires macro
<Macro ModExpires>
<IfModule mod_expires.c>
ExpiresActive On
<LocationMatch "^/(images|javascripts|stylesheets)">
ExpiresDefault "access plus 1 year"
</LocationMatch>
</IfModule>
</Macro>Append RailsHost macro calls to your httpd.conf to define your virtual hosts :
# /etc/httpd/conf/httpd.conf
[...]
Use RailsHost vhost1.com /data/virtualhosts/vhost1.com
Use RailsHost vhost2.com /data/virtualhosts/vhost2.com
Now, your Apache configuration looks much better and when it comes make changes to your configurations you’ll need to change just one macro.
October 12th, 2009 — Linux, Security
I would not talk about how important is to secure your ssh server. One of the tools that helps us to secure ssh server is DenyHosts. From the DenyHosts home page:
DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).
Sending accidentally wrong password to server will block your access. You can avoid it by using public key authentication or when it’s not possible you can configure DenyHosts to ignore IP addresses from your network:
How can I prevent a legitimate IP address from being blocked by DenyHosts?
Since it is quite possible for a user to mistype their password repeatedly it may be desirable to have DenyHosts prevent specific IP addresses from being added to /etc/hosts.deny. To address this issue, create a file named allowed-hosts in the WORK_DIR. Simply add an IP address, one per line. Any IP address that appears in this file will not be blocked.
[...]
more
I do prefer the TCP wrappers way, I’ll just bypass DenyHosts for local networks.
Configure DenyHosts to write blocked IPs to /etc/denyhosts/blocked:
# /etc/denyhosts/denyhosts.cfg
HOSTS_DENY = /etc/denyhosts/blocked
BLOCK_SERVICE =
Allow ssh connection if listed in /etc/denyhosts/ignored, and then the last rule is to allow ssh access unless listed in /etc/denyhosts/blocked:
#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# ssh access
sshd: /etc/denyhosts/ignored : allow
sshd: ALL EXCEPT /etc/denyhosts/blocked
Add IPs/networks to ignore:
# /etc/denyhosts/ignored
# hosts allowed to connect bypassing DenyHosts
192.168.10.0/255.255.255.0
More on the file format:
October 11th, 2009 — Python
After server reinstall Plone website failed to start:
2009-10-11T13:45:56 ERROR Application Could not import Products.ATContentTypes
Traceback (most recent call last):
File "/data/user/site/parts/zope2/lib/python/OFS/Application.py", line 709, in import_product
product=__import__(pname, global_dict, global_dict, silly)
File "/home/apc/ecc/parts/plone/ATContentTypes/__init__.py", line 64, in ?
import Products.ATContentTypes.content
File "/home/apc/ecc/parts/plone/ATContentTypes/content/__init__.py", line 26, in ?
import Products.ATContentTypes.content.link
File "/home/apc/ecc/parts/plone/ATContentTypes/content/link.py", line 39, in ?
from Products.ATContentTypes.content.base import registerATCT
File "/home/apc/ecc/parts/plone/ATContentTypes/content/base.py", line 63, in ?
from Products.CMFPlone.PloneFolder import ReplaceableWrapper
File "/home/apc/ecc/parts/plone/CMFPlone/__init__.py", line 215, in ?
from browser import ploneview
File "/home/apc/ecc/parts/plone/CMFPlone/browser/ploneview.py", line 12, in ?
from Products.CMFPlone import utils
File "/home/apc/ecc/parts/plone/CMFPlone/utils.py", line 5, in ?
from PIL import Image
ImportError: No module named PILOops, we need to install PIL library, thanks to Dag this is extremely easy on CentOS/RHEL/Fedora:
yum install python-imaging
April 7th, 2009 — Linux, Plesk
We alreay know how to extract files from Plesk backup with mpack, but if you do receive “File size limit exceeded” error, it can be from the following reasons:
- Your file system doesn’t have LFS (large file support) support
- OS limits (limits on the system resources imposed by your administrator)
- mpack is not compiled with LFS
Check that your filesystem supports files bigger than 2GB (create a test file with “dd” command).
[vitalie@silver ~]$ dd if=/dev/zero of=test.bin bs=1G count=3 # create 3GB file
Then check your file size limits with ulimit command:
[vitalie@silver ~]$ ulimit -a | grep '^file size'
file size (blocks, -f) unlimited
You can adjust limits from /etc/security/limits.conf, read file comments on how to do it, or read this article:
http://www.cyberciti.biz/faq/file-size-limit-exceeded-error-under-linux-and-solution/
If none above limits you, then the problems comes from mpack, it doesn’t have suport for large files (>2GB).
The guys from the Plesk recommends to grep the backup file, to find begin and end of the file in archive:
http://kb.parallels.com/en/1757
This solutions is not appropriate for large backup files, we’ll just recompile mpack to support large files.
Grab mpack’s RPM source from the Dag’s repository
http://dag.wieers.com/rpm/packages/mpack/mpack-1.6-2.rf.src.rpm
install it:
[vitalie@silver ~]$ rpm -ivh mpack-1.6-2.rf.src.rpm
[...]
Then modify mpack.spec and add the following code after “%build”:
export CFLAGS="-D_FILE_OFFSET_BITS=64"
Then rebuild the package and install it:
[vitalie@silver ~] rpm -ba mpack.spec
[...]
[vitalie@silver ~] rpm -Uvh --force mpack-1.6-3.rf.i386.rpm
[...]
References:
February 8th, 2009 — Linux, Plesk
SMTP stands for Simple Mail Transfer Protocol, it was designed a long time ago when the Internet was a peaceful place. Today we are facing new challenges, so there should be new solutions.
One of the problem is SPAM messages, spammers are keeping to bombard us everyday with junk mails. We did invented black/white list to protect us from them.
If your clients are connecting from an ip address that’s listed in RBL lists (it’s not uncommon for ISPs that are using dynamic ip addresses) they can’t send messages through your server if you are using RBLs.
Disabling RBLs checks it’s not an option, we’ll configure an alternative port for relaying on port 1025 for the clients listed in RBLs.
You can just copy your smtp_psa file and customize it:
cd /etc/xinetd.d/
cp smtp_psa smtp_alt_psa
vim smtp_alt_psa
You need to change service name from smtp to smtp-alt and remove rblsmptd command and it’s -r parameters, finally it should something like this:
# /etc/xinetd.d/smtp_alt_psa
service smtp-alt
{
socket_type = stream
protocol = tcp
wait = no
disable = no
user = root
instances = UNLIMITED
server = /var/qmail/bin/tcp-env
server_args = -Rt0 /var/qmail/bin/relaylock /var/qmail/bin/qmail-smtpd /var/qmail/bin/smtp_auth /var/qmail/bin/true /var/qmail/bin/cmd5checkpw /var/qmail/bin/true
}Append the new service to /etc/services:
smtp-alt 1025/tcp
smtp-alt 1025/udp
And restart the xinetd service:
[root@sirius xinetd.d]# /etc/init.d/xinetd restart
Stopping xinetd: [ OK ]
Starting xinetd: [ OK ]
Verify your configuration with telnet command:
[root@sirius xinetd.d]# telnet localhost 1025
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 sirius.example.net ESMTP
# Ctr+] and quit to exit telnet
Now, instruct your clients to change port in SMTP settings from 25 to 1025, they will be able to send mails through your server even you are using RBL lists.
November 21st, 2008 — Linux
Open your /etc/modprobe.conf file and append:
# Turn off IPv6
alias net-pf-10 off
alias ipv6 off
Then restart your server.