Posts Tagged ‘Linux’

Setting up https with Apache

Wednesday, April 14th, 2010

Been months since I wanted to do this.

I always thought that setting up https with Apache was very complicated. Specially because of the certificates.

For the last couple of days I’ve been working on setting up a linux server. It would be used for hosting a couple of pages so I need it to have the basic functionality like smtp, pop, imap, http and ssh as well as a couple of other things like memcached.

I had set up httpd before but honestly never https because I thought it was very difficult but it isn’t!!!

Things are really really simple, follow these simple steps once you have httpd running:

1.Install mod_ssl for apache

yum install mod_ssl

2.Restart httpd

service httpd restart

Now you have https available with a default certificate! so the next step would be creating your own certificate

3. Run the following command

openssl req $@ -new -x509 -days 365 -nodes -out /var/www/html/certs/mycert.pem -keyout /var/www/html/certs/mycert.pem

Remeber to change the path to your certificate or copy it later to the httpd certificate’s path.

You’ll be asked for some info.

4. Open ssl.conf (In my case, I have a Centos 5 distro, it’s the following path: /etc/httpd/conf.d/ssl.conf) and search for the following line:

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

Replace the path with your own certificate’s path.

Comment the following line:

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

5.Now restart httpd

Done! you have https running on port 443 with your own certificate.

Remember the certificate is valid for your site but since it’s not registered with an authority browsers will keep sending a warning.

Managing SVN repositories

Monday, November 16th, 2009

Now that I have an SVN server and I’m making extensive use of my repos I was asked by a friend to create a repo for a small project he has. Since the project was for the company he works for then aI became aware that I couldn’t just put up a repo and expect he didn’t take a look at my personal projects.

Since his repo would be on the same folder as mine I needed a way to keep his eyes away from my projects and still allow him full control of his own.

This is the easiest solution I came up to.

Under my repos folder I created a repo for my friend called “friendrepo”:

svnadmin create friendrepo

Then assigned the proper owner and group so my apache could handle it:

chown -R user:group friendrepo

Then I created a domain name for him to use in no-ip.org: svn.friendscompany.no-ip.org

Added the proper lines to httpd.ini to handle the domain, then added a folder to be pointed by that domain which looks something like this:

/var/www/html/friendrepo

also changed the owner and group to those of my http server.

After that I created a soft link to my friends repo and voilá!!!! It’s done!

Next I just added the users he asked me and there he goes! now he has a repo on my server and he can’t see my repos!!!

I’ll keep playing with SVN to see if there’s an easier way.

The SVN (Subversion) experience

Monday, November 9th, 2009

Wow! it’s been a while since the last time I posted a comment.

Mainly because of dev projects and other stuff that kept me busy and away from my blog.

While developing some stuff I found myself in real problems when a client asked me to change some code to the way it was a couple of months… WHAT?! all this work and now they wanted me to rollback! ok, that shouldn’t be difficult… well it took me almost a couple of weeks.

For the past months I’ve been involved in a couple of projects for a company called Impremedia. One thing I learned from them is keeping track of my code through their SVN server. When my client asked me to rollback a piece of code I wished I had an SVN to make my life simpler. After finishing the rollback I proposed myself to get an SVN server up and running ASAP and moving all my codes there.

After a couple of failed attemps Voila! my SVN server is up and running!

It took me a week to solve problems, edit and reedit conf files, start-stop-starting services and testing the server and finally it’s up. I’ll be moving all my source codes to it these week so I’m really reeeeaaaally happy!

What did I had to do?

Ok, It’s been a long way but I’ll resume all  to the minimum.

Get acces to your box

Get httpd(apache) installed and running. Version 2.2 worked for me.

Install subversion.

Install dav_module and dav_svn_module.

Now it’s time for big decisions. Choose a folder where you would like to set your repository. Let’s suppose you want it under your web folder files (/var/www/html/) and you want to call it “svnrep”.

Go to /var/www/html/ and create the dir svnrep (mkdir svnrep).

Make it available for the httpd with a command that looks like this:

chown -R user:group /var/www/html/svnrep

Ok, that’s the repositories main directory. You noticed i said repositories? yes, this way you’ll be able to create many repositories in a blink.

Let’s enable the apache conf file.

Go ahead, open the httpd.conf file, get to the modules section and add the following:

LoadModule dav_module modules/mod_dav.so

Now let’s configure apache to be aware of the repositories.

Go to your virtual host section and add this lines :

<VirtualHost *:80>

ServerName svn.mydomain

ServerAdmin user@mydomain

<Location />

DAV svn

SVNParentPath /var/www/html/svnrep

</Location>

</VirtualHost>

Once you added that “domain” restart your httpd.

If everything went fine your server will restart gracefully, the next thing you’ll want to do is creating a repository. Go ahead to /var/www/html/svnrep.

Assuming you want to create a repo called “myfirstproject” you’ll type:

svnadmin create myfirstproject

That will set the project files and configurations.

Then you’re done! next thing is importing your files to the repo and voilá!

Please visit this link to get more detailed info about installation and configuration of SVN.

When a server asks for help!

Saturday, September 26th, 2009

So it’s been a couple of days since the last post but I’ve been occupied with Nsteins WCM, customer support and server maintenance.

This post has to do with server maintenance and the proper diagnosis of problems.

About a month ago one of our most important customers called arguing that their web page was “down”. I’m no longer working full time for that customer but because I’m basically the server admin the ball was thrown to me.

Not all the site was down, it was a subdomain wich was aquired to a third party because they did such a great job with a project. So the company I work for was given the task to improve and mantain the site. Since the guy that created the site was proficient with Javascript and not that good with PHP he decided to code the whole site in Javascript and deal with the database through simple PHP scripts (right! AJAX).

He even coded a javascript obfuscator! He’s a man in his old 40’s so I was really impressed.

Anyway there’s this tiny minimum html code and then a HUGE obfuscated Javascript code.

Since the former programmer wasn’t really a programmer he coded the stuff to work forgeting about efficiency, security and errors management. Being the lack of errors management the issue that made me go bananas for like a week.

The site was displaying just HTML code, anything related to databases was blank. No error messages, not a clue of what was happening. So my coleagues asked me to take a look at the server and so I did.

First thing I checked were the files then the permissions. After that I went to php.ini and enabled error messages. Then I got this error saying that the script weren’t able to connect to the database, cool! this looked like an easy task!

Typed top, view the server status and realized MySQL was down but trying to start. Why wasn’t it starting?

I manually tried to start MySQL and got an error that after a couple of minutes I realized means the server HD is full. It was a 70 Gb HD so what was growing so fast?

Went to mysql data folder and realized a table was using 17Gb, ok still I’m missing lots of Gb so i started to look for very big files playing with find:

find / -type f -size +1000000k -exec ls -lh {} \;

I got a huge list and saw a couple of access log files related to apache. All of them adding a total of approx 12Gb. So I went and deleted them and left one so Apache could use it.

Everything went fine for a couple of weeks and then it happened again and I did the same thing I did before: delete the files and restart MySQL.

A week ago happened the same and also yesterday so I thought the database was growing really fast and indeed it was taking all the disk’s free space so I went ando told that to my boss and made a petition to get another disk up ASAP.

Just today the server went down again! I deleted the files and freed 2 Gb, a couple of hours later it went down again! WTF! something weird is happening! the database couldn’t grow so fast so I took a dive in the server searching again for long files and ther it was! a HUGE log file (25Gb) called mysqld.log…..

So stupid me read the last 50 lines and became aware that a table was damaged and needed to be repaired… the whole 25 Gb were the same message!!!! To make it better the damaged table size was 17Gb… 😮

repair table [table];

After a couple of hours I got a message indicating the table was repaired, reduced the log file size to cero and gave me a hug, everything was ok. Later that day just checked the logs again and surprise! they were empty. The thing is that the damaged table didn’t stored any onfo for about a month…. Next time the first thing I’ll check will be logs.

If a server asks for help this is how it’ll talk to me. Rookie no more hahahaha

ASP and PHP running under Apache on Linux

Wednesday, September 16th, 2009

So for years I’ve been developing on PHP, I’m even certified and certainly it’s a great language but unfortunately ASP programmers are way better paid so I decided to start learning ASP. I do have windows installed on my lap but my server is a CentOs with Apache hosted on my home.

Since I have quite a lot of things hosted there installing IIS on a Windows and set it to answer on another port wasn’t my desire so I wento to google for a couple of hours and after I typed “Apache ASP” I found this project called Mono. Very interesting but the main thing is that through a couple of installations and onfigurations you may get your linux/apache server running asp pages, even .Net Wow!

What did I do? First I installed the mono module for apache which is called mod_mono.so after that I only added the module to my apache with the following lines:

LoadModule mono_module /etc/httpd/modules/mod_mono.so

Then installed the following with yum: XSP and mono-devel (mono-devel will also instal mono-web and mono-winforms).

Then after installing XSP I created a Virtual host on apache to host asp apps.

The Virtual Host entry looks something like this:

<VirtualHost *:80>

ServerName asp.localdomain

ServerAlias *.asp.localdomain

DocumentRoot /var/www/html/localdomain/asp

MonoAutoApplication disabled

AddHandler mono .asp .aspx .ascx .asax .ashx .config .cs .asmx .axd

MonoApplications “/:/var/www/html/localdomain/asp”

</VirtualHost>

After this I copied the files under /usr/lib/xsp/test to the folder I specified as the DocumentRoot

Then I restarted apache and typed on a browser: http://asp.localdomain/index.aspx

And Bingo!!!! It’s aliiiive!

Oh don’t forget to read mono documentation here and here!

Managing yum repositories (Dag)

Saturday, September 5th, 2009

So I got a memcached project working fine on my dev env. I showed it to my boss and told him all about the advantages of having memcached working on a production server so he gave me green light to implement it.

Since we have a dedicated hosting package (Codero, former Aplus) I thought It’ll be easier to ask our hosting provider to install memcached on our servers… they mailed us back saying that it would be considered advanced support and we’ll be charged 99dlls if we wanted to install it… of course we said no. We had ssh access so we were able to do it and spare the money 😀

Since on my dev env I just did yum installs I had the idea it’ll be the same on prod server, WRONG!

Th thing is that they have the default yum repositories and memcached was found on Dag repo so I needed to add it to get memcached. Looked for info over the web and found this web with the proper instructions.

I’m on a CentOS server so I’ll put here a brief description of what I did.

1. go to /etc/yum.repos.d/

2. create a file called dag.repo with this content:

[dag]

name=Dag RPM Repository  for Red Hat Enterprise Linux

baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag

gpgcheck=1

enabled=1

3. download the GPG key to your server and import it with the following command:

rpm –import RPM-GPG-KEY.dag.txt

4. congratulate yourself!

[dag]
name=Dag RPM Repository for Red Hat Enterprise Linux
baseurl=http://apt.sw.be/redhat/el$releasever/en/$basearch/dag
gpgcheck=1
enabled=1

Now I was able to install the memcached server and the memcached php module:

yum install memcached

yum install php-pecl-memcache

Then I just restarted httpd and done!

Hope this is helpful.