The daemons that bugged me.

December 1st, 2007

With every major enterprise Linux release, Red Hat adds a number of new daemons to the startup of the server. Most of these daemons has a very clear function. I have however pondered what all the daemons are for. Although nice to have many of the daemons simply eats away at your resources and if not needed should really be disabled.

Red Hat was kind enough to release the following information in the Red Hat Magazine article, with the heading: “Understanding your (Red Hat Enterprise Linux) daemons“.

Of course the above information is very handy for CentOS, which is based on Red Hat Enterprise Linux.

Dr.Web and CentOS5

December 1st, 2007

Dr.Web and CentOS5 does not like each other by default.

The version of Dr.Web used in Plesk 8.2.x, is linked against older versions of libstdc++ and openssl.

To get Dr.Web to run on CentOS5, you need to install the some compatibility libraries.

The following should get you sorted:

yum install compat-libstdc++-33.i386 openssl097a.i386

Upgrade ….

December 1st, 2007

After a very long time I had to revert back to my blog and saw it needed a bit of TLC so I upgraded it to the latest available version of WordPress.

The old theme is broken in the new version so I reverted to the “WordPress Default”, for the time being.

Re-writing the source with iptables.

March 2nd, 2007

Recently I ran into a problem where my primary IP address on the server was blacklisted. This had the negative effect that mail being sent from the server to other servers that use the blacklist, blocked our emails.

In a shared hosting environment, one user can easily get a server blacklisted.

All our servers have at least 2 publicly accessible IP addresses. I thought that it would be great if I could get the mail to appear to be from one of the secondary IP addresses.

Below is a iptables rule, that achieves just this:

iptables -t nat -A POSTROUTING -o eth0 \
-s <primaryIPAddress>/32 -p tcp --dport 25 \
-j SNAT --to-source <secondaryIPAddress>

Plesk 8.x – Disabling the newsfeeds.

February 24th, 2007

Yes, SWsoft decided that our users should be bombarded with news feeds. This may be a feature that certain users like or desire, but as the system administrator you are not given a choice.

I believe choice is important, especially in a product that costs many dollars.

Here is some perl code to disable the newsfeeds:

For clients:

$query = "SELECT id FROM clients WHERE login='$client'";
@cID = $queryDBpsa->($query);
$query = "REPLACE INTO cl_param (param, val , cl_id) VALUES ('news_dismissed', '1', '$cID[0]');";
$queryDBpsa->($query);

For domains:

$query = "SELECT id FROM domains WHERE name='$domain'";
@dID = $queryDBpsa->($query);
$query = "REPLACE INTO dom_param (param, val , dom_id) VALUES ('news_dismissed', '1', '$dID[0]');";
$queryDBpsa->($query);

Plesk 8.1.0 – Disabling Virtuozzo Promo

February 24th, 2007

SWSoft decided that the wise thing to do is to start advertising their products in the control panel, effectively spamming the clients that pay a lot of money for the licenses.

To disable the promo, edit the language file, located here:

/usr/local/psa/admin/plib/locales/en-US/messages_en-US.php

Search for the following string:

virtuozzo__promotion or virtuozzo__promotion_top

SWSoft promised that it will remove the advertising from future versions. Let’s hope they do.

Remember, you may need to edit different files for different languages.

Edit: This also works in versions 8.1.1, 8.2.0 and 8.2.1

Redirecting http:// to https:// automatically

October 5th, 2006

To redirect all http:// traffic to the corresponding https:// traffic, we make use of a bit of mod_rewrite magic.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]

Replace www.example.com with your own SSL URL.

To force SSL for a particular folder (not the entire site), use the following instead:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} somefolder
RewriteRule ^(.*)$ https://www.example.com/somefolder/$1 [R,L]

Replace somefolder with your folder path and www.example.com with your SSL URL.

Admin Login fails.

September 20th, 2006

Problem,
Fatal error: Unable to logon user (EV1SERVE-01UIT2\Plesk Administrator): (1327) Logon failure: user account restriction. Possible reasons are blank passwords not allowed, logon hour restrictions, or a policy restriction has been enforced. in C:\Program Files\SWsoft\Plesk\admin\htdocs\login_up.php3 on line 3

Solution,

In the C:\Program Files\SWsoft\Plesk\admin\bin\ folder run the papswd.exe file with the following values,
papswd –set –password=’NewPassword’

RHEL4 / CentOS 4 and kernel 2.6.9-34

August 19th, 2006

Please be aware that certain servers running stock standard kernel 2.6.9-34, 2.6.9-34.0.1 or 2.6.9-34.0.2 may experience problems with high IO wait times. You will also notice that not all the memory on the server is used.

A patch was included in the above kernels that caused the kernel to start swapping to disk long before all the memory was used. This caused serious performance issues on some servers, running the above kernel versions.

The patch was removed from the 2.6.9-42 kernel and bliss has returned to all the servers.

kernel 2.6.9-42 is also included in the RHEL 4 Update 4 and will hopefully be included in CentOS 4.4.

Plesk 8.0.1 and pleskbackup

August 19th, 2006

Since Plesk 8 for Unix, SW-Soft, changed the backup utility from the old psadump/psarestore utilities available in Plesk 7.5.4 and earlier to the new pleskbackup/pleskrestore utilities.

I have read a lot of posts from unhappy people about the new utilities. I can honestly say that my only complaint is that SW-Soft decided to break compatibility between the pre-Plesk 8.0 and the post-Plesk 8.0 backup utilities.

That being said, the first version of the backup utilities that I tried was for Plesk 8.0.1, with at least one, maybe 2 hotfixes applied.

I have found the new Plesk 8.0.1 backup utilities to be a lot faster and a lot easier to use than their predecessors.

Yes, the backup file is still a gzipped, MIME encoded file but at least the backup utilities now add the filenames to each MIME part, making it possible to extract the backup archive into multiple clearly named files. Then it is a simple untar of the correct part to get your data.

All in all, not too bad.

By default, the new backup utilities will split your backup file into 1GB chunks. You may change this behaviour, by setting the following variable before running the backup:

PLESKX_SPLIT_SIZE=2147483648
/usr/local/psa/bin/pleskbackup –all /path/to/file/FILENAMEHERE -verbose

The PLESKX_SPLIT_SIZE variable expects a number of bytes as input. In the above example we set the chunk size to 2GB.

To be able to work with the MIME files, you will need a MIME decoder. You may want to search for mpack or get ripmime.

Running suPHP and mod_php side by side on Plesk

May 14th, 2006

By default all the Plesk servers runs mod_php for speed. This has one major drawback and that is that if a clients creates files via PHP, they are owned by the webserver user under which mod_php runs. The solution to the problem seems to enable suPHP for the clients that needs to create files via PHP.

Below is the procedure that I found to work:

  1. Download the mod_php RPM from the Dag Wiers repository:

    wget http://dag.wieers.com/packages/mod_suphp/mod_suphp-0.6.1-2.1.el3.rf.i386.rpm

  2. Install the mod_php RPM:

    rpm -Uvh mod_suphp-0.6.1-2.1.el3.rf.i386.rpm

  3. Disable able the mod_suphp AddHandler in /etc/httpd/conf.d/suphp.conf
  4. Your /etc/httpd/conf.d/suphp.conf, should only have the following lines:

    LoadModule suphp_module modules/mod_suphp.so
    LoadModule php4_module modules/libphp4.so
    suPHP_Engine off

    Putting the above into your config will default to PHP pages being run by mod_php.

  5. To switch a virtual host over to mod_suphp, use the following:

    <Directory /home/httpd/vhosts/<VHOST>/httpdocs>
    <IfModule sapi_apache2.c>
    <IfModule mod_suphp.c>
        RemoveHandler x-httpd-php
        php_admin_flag engine Off
        suPHP_AddHandler x-httpd-php .php
        suPHP_Engine on
        AddHandler x-httpd-php .php
        suPHP_UserGroup <USER> <GROUP>
    </IfModule>
    </IfModule>
    </Directory>

    The config above will only activate if both mod_php and mod_suphp is loaded. Remember to replace the <VHOST>, <USER> and <GROUP> entries with the correct virtual host, Unix user and Unix group.

EDIT: In later versions of PHP, the CLI and CGI version are 2 separate binaries. You now need to edit the /etc/suphp.conf file to reflect the correct binary in the x-httpd-php=php:/usr/bin/php-cgi entry. To determine which binary you need to add, simple do a php -v on the command line. The binary that outputs the cgi information as part of the version information, is the correct binary.

RubyGems on RHEL3/CentOs3

May 13th, 2006

This howto guide is based on RubyGems version 0.8.11 which was the current version at the time of writing this guide.

Download the mod_RubyGems source code from: http://rubyforge.org/frs/download.php/5207/rubygems-0.8.11.tgz

Extract the .tgz file to a suitable location:

cd /usr/src
tar zxvf /usr/local/src/rubygems-0.8.11.tgz
cd rubygems-0.8.11.tgz

Run the setup command:

ruby setup.rb

Now compile the program:

make

Finally, install ruby:

make install

It is now time to configure Apache to run with mod_ruby. Please see this post.

Howto install mod_ruby on RHEL3/CentOS3

May 10th, 2006

This howto guide is based on mod_ruby version 1.2.5 which was the current version at the time of writing this guide. We also need version 1.2.5, since it supports the Apache::RailsDispatcher, which is needed if we want to run RubyOnRails in our Plesk environment.

Download the mod_ruby source code from: http://www.modruby.net/archive/mod_ruby-1.2.5.tar.gz

Extract the .tar.gz file to a suitable location:

cd /usr/src
tar zxvf /usr/local/src/mod_ruby-1.2.5.tar.gz
cd mod_ruby-1.2.5

Run the configure command:

./configure.rb --with-apxs=/usr/sbin/apxs

Now compile the program:

make

Finally, install ruby:

make install

It is now time to configure Apache to run with mod_ruby.

Apache::RailsDispatcher can run multiple applications in the same process. It works like this:

  • require loads libraries into the top level, and they are shared with all applications.
  • require_dependency loads libraries into an anonymous module for each application.
  • In the development environment, the anonymous module is orphaned on each request. So required_dependency loads libraries every time.
  • In the production environment, the same anonymous module is used for the same application. So required_dependency loads libraries only at once.
  • Rails configurations such as ActiveRecord::Base.colorize_logging are reset on each request.

This hack is just a workaround until YARV supports multiple VM instances. We can get it in the near future, I hope.

To use Apache::RailsDispatcher, you have to write the following configuration in httpd.conf.

RubySafeLevel 0
# If you use RubyGems
# RubyRequire rubygems
RubyRequire apache/rails-dispatcher
RubyTransHandler Apache::RailsDispatcher.instance
<Location /ruby-application-name>
    SetHandler ruby-object
    RubyHandler Apache::RailsDispatcher.instance
    RubyOption rails_uri_root /ruby-application-name
    RubyOption rails_root /path/to/rails/root
    RubyOption rails_env production
</Location>

Please note that you can’t override exinting classes like this:

class Array     def cycle()         self.each_with_index {|o, i| yield(o, %w(odd even)[i % 2])}     end end

You should prepend Object:: to the class name:

class Object::Array     def cycle()         self.each_with_index {|o, i| yield(o, %w(odd even)[i % 2])}     end end

This behaivour is same as Kernel.load(filename, true). If you don’t like this, please convince Matz to change it.

Your done. You should now have a valid ruby interperter running on your server.

Portions of this post is courtesy of: http://blog.shugo.net/articles/2005/08/03/running-rails-on-mod_ruby

Configure Ruby 1.8.4 on RHEL3/CentOS3

May 10th, 2006

This howto guide is based on ruby version 1.8.4 which was the current version at the time of writing this guide.

Download the ruby source code from: http://www.rubyonrails.org/down

Extract the .tar.gz file to a suitable location:

cd /usr/src
tar zxvf /usr/local/src/ruby-1.8.4.tar.gz

Run the configure command:

./configure --prefix=/usr --sysconfdir=/etc --enable-shared --enable-install-doc

Now compile the program:

make

Run the test suite:

make test

You should receive a: “test succeeded” output.
Finally, install ruby:

make install

Your done. You should now have a valid ruby interperter running on your server.

Howto: Install mod_python on Plesk

May 10th, 2006

This is a simple guide to install/upgrade mod_python on a Plesk RHEL box, running Apache 2.0.x. You need to have at least Python version 2.2.1 installed for this to work.

I could not get mod_python version 3.2.8 running at the time of writing.

  1. Download and extract mod_python:

    cd /usr/local/src
    wget http://apache.mirrors.pair.com/httpd/modpython/mod_python-3.1.4.tgz
    tar zxvf mod_python-3.1.4.tgz

  2. Configure & install mod_python

    cd mod_python-3.1.4
    ./configure --with-apxs=/usr/sbin/apxs (check where your apxs is by typing: locate apxs)
    make
    make install

  3. Configure Apache:

    vi /etc/httpd/conf.d/pyhton.conf

    Locate your LoadModule – section and add the following line under the others:

    LoadModule python_module modules/mod_python.so

  4. Installation done, now time for testing:

    First go to a publicly accessible directory. Make a test directory for mod_python by typing:

    mkdir python

    Now open vi and write the following lines:

    AddHandler python-program .py
    PythonHandler testingpython
    PythonDebug O
    n

    save the file as .htaccess.

    Now open up vi again and copy/paste the following lines:

    from mod_python import apache

    def handler(req):
            req.send_http_header()
            req.write("Hello World!")
            return apache.OK

    close and save as testingpython.py. Those are tabs not spaces. If you left align everything you will get this error:

    IndentationError: expected an indented block (testingpython.py, line 4)"

    Now restart Apache by typing: service httpd restart

Take your browser to www.mydomain.com/python/testingpython.py and you should see “Hello World!” If you can see this message then you have succesfully installed mod_python.

Dr.Web, qmail & SpamAssassin on Plesk 7.5.4

May 3rd, 2006

For some reason the Dr.Web, qmail and SpamAssassin integration on Plesk sometimes does not work properly after an upgrade.

It is important to make sure that the binaries in the /var/qmail/bin directory have the following permissions, to enable Dr.Web, qmail and SpamAssassin to work together.

-r-s–x–x 1 drweb qmail 161024 Mar 19 01:34 qmail-queue
-r-s–x–x 1 drweb qmail 161024 Mar 19 01:34 qmail-queue.drweb
-r-s–x–x 1 qmailq qmail 15936 Aug 24 2005 qmail-queue.origin

The process runs as follows:

  1. Incoming mail will be delivered using the qmail-queue binary, which is a specially compiled version that allows qmail to scan the email for viruses.
  2. The qmail-queue binary will write a temporary file in the /var/drweb/spool/ directory. It is therefore important to check the permissions on the /var/drweb/spool/. They should be:

    drwxrwx— 2 drweb nofiles 4096 May 3 13:20 spool

  3. The qmail-queue binary will also read the /etc/drweb/drweb_qmail.conf file and it will execute the file found in the QmailQueue = tag, once virus scanning is complete. The QmailQueue = tag usually contains:
    /var/qmail/bin/qmail-queue.origin

  4. After the virus scanning process completes, the qmail-queue.origin binary will run. This binary will in turn run the SpamAssassin rules as defined in each users configuration.

The following files maybe useful in locating a problem:

  1. /usr/local/psa/var/log/maillog – This file contains the mail logs and you will quickly see if any errors are being generated in it.
  2. /var/drweb/log/drwebd.log - This file contains the Dr.Web logs for all scanned emails.

Seeking the badblocks

April 27th, 2006

One always learns about neat utilities when you are faced with some real problems. This is how I discovered badblocks. badblocks is a Linux command for the ext2 and ext3 file systems, maybe others. badblocks will basically scan you hard drive for any bad blocks on the drive and will mark them bad, so that the file system does not use them. The Seagate drive that made me use this utility had groups of 4 bad blocks.

The command is simply:
badblocks </dev/to/test>

Plesk 7.5.4 Restore

April 27th, 2006

Finally I had to do a Plesk restore. I think I may have developed an ulcer trying to prepare for this event, but I have survived it.

I had a full Plesk dump following the backup method mentioned here.

The restore was quite straight forward:
1. I had to create an ip map file. My file contained the following information, since I was restoring Plesk to the same server:
10.0.0.24 -> eth0 : 10.0.0.24 255.255.255.255 (Only this single line). The file was called: ipmap
2. The restore required a shells map file. My file contained the following information, since I was restoring Plesk to the same server:
/bin/sh => /bin/sh
/usr/local/bin/rbash => /usr/local/bin/rbash
/usr/bin/false => /usr/bin/false
/bin/csh => /bin/csh
/bin/bash => /bin/bash

The file was called: shellsmap

I then ran a test restore, using the following command:
cat <backup_file_base>.* | /usr/local/psa/bin/psarestore -t --force --restore-admin --restore-server -m ipmap -s shellsmap -f -

Finally I ran a full restore, using the following command:
cat <backup_file_base>.* | /usr/local/psa/bin/psarestore --force --restore-admin --restore-server -m ipmap -s
shellsmap -f -

During the restore I had a large number of errors, about:

sh: – : invalid option
Usage: sh [GNU long option] [option] …
sh [GNU long option] [option] script-file …

It would however appear as if these errors had very little impact on the over all restore.

The biggest problem I had after the restore was that no FTP account was working any more. Luckily I wrote a little script to extract the FTP usernames and passwords from the database and then used the information to reset the password on the system account. This fixed the problem.

Upgrading Plesk

March 1st, 2006

Since Plesk Reloaded version 7.5.3, one can disable the quotacheck for the upgrade procedure, which will increase the speed of the upgrade.

As per the documentation:

If PLESK_QUOTACHECK_OFF environment variable is not empty then quotacheck will be skipped during Plesk installation.

Plesk 7.5.4, MySQL 4.1.x and PHP 4.x.x

December 21st, 2005

Although it seems that Plesk 7.5.4 for Unix/Linux is almost compatible with MySQL 4.1.x, there is one problem with the PHP 4.x.x series, that still uses the old MySQL 3.23.x libraries to interface to MySQL. If you have the above scenario on your server you have to set MySQL 4.1.x to use the old password format or you will receive an error along the lines of:

Error (1251) : Client does not support authentication protocol requested by
server; consider upgrading MySQL client.

Adding the entry below to the [mysqld] section of your /etc/my.cnf file solves the problem:

old_passwords=1