Thursday, August 7, 2008

Using your VPS's /proc/user_beancounters

Using your VPS's /proc/user_beancounters
Solution

If you are having trouble running or installing applications on your VPS, one good way to find the source of the problem is to use the special file /proc/user_beancounters which shows the resource control information about running virtual environments.

To view /proc/user_beancounters on your VPS, login to your VPS via SSH.
In the SSH Terminal you will type:

cat /proc/user_beancounters

Then hit Enter.

After you hit Enter, you should see something that looks similar to the following:

root@srv1 [~]# cat /proc/user_beancounters
Version: 2.5
uid resource held maxheld barrier limit failcnt
10039: kmemsize 5125208 5128321 40098656 44108521 129
lockedpages 0 0 881 881 0
privvmpages 77431 77666 750000 825000 0
shmpages 9051 9051 33324 33324 0
dummy 0 0 0 0 0
numproc 67 67 440 440 0
physpages 44243 44371 0 2147483647 0
vmguarpages 0 0 125000 2147483647 0
oomguarpages 59239 59367 125000 2147483647 0
numtcpsock 37 38 440 440 0
numflock 3 3 704 704 0
numpty 1 1 44 44 0
numsiginfo 0 1 1024 1024 0
tcpsndbuf 79920 88800 4212558 6014798 0
tcprcvbuf 2220 4440 4212558 6014798 0
othersockbuf 19552 91280 2106279 3908519 0
dgramrcvbuf 0 2220 2106279 2106279 0
numothersock 18 20 440 440 0
dcachesize 406435 410022 8750726 9013248 0
numfile 1080 1081 7040 7040 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
dummy 0 0 0 0 0
numiptent 71 71 512 512 0

That is your /proc/user_beancounters file.

If you look at the top line where you see uid to the left of it, that line is the field that displays the numeric identifier of the Virtual Environment.

The field held shows the current counter for the Virtual Environment (resource "usage").
The field maxheld shows the counter's maximum for the lifetime of the Virtual Environment. The lifetime of the Virtual Environment is usually just the time between the start and stop of your VPS.
The barrier and limit fields are resource control settings. For some parameters only one of them may be used, for others, both. These fields may display resource limits or guarantees, and the exact meaning of them is parameter-specific.
The field failcnt shows the number of refused "resource allocations" for the lifetime of the Virtual Environment. Failcnt counter is increased only for accounting parameters.The field failcnt is the field you will be looking at for errors.

If you look at the example above, you will see that the parameter kmemsize has a failcnt of 129. That is because in this example, the VPS did not have enough memory available to install an application. Therefore, the failcnt counter recorded the 129 memory failures, next to the parameter kmemsize in it's /proc/user_beancounters file. We know the problem was memory since the failcnt next to kmemsize increased after trying to install the application.

In this article, we will concentrate on the following parameters:

  • kmemsize
    This is the parameter that shows the size of unswappable memory, allocated by the operating system kernel. If the failcnt value increases on this parameter, most likely there is not a sufficient amount of memory available to run the application.
  • lockedpages
    This is process pages not allowed to be swapped out. The size of these pages is also accounted into kmemsize. Note that typical server applications like Web, FTP, and mail servers do not use memory locking features. If the failcnt value increases on this parameter, most likely there is not a sufficient amount of memory available to run the application.
  • privvmpages
    This is the memory allocation limit. This parameter allows controlling the amount of memory allocated by applications. If the failcnt value increases on this parameter, most likely there is not a sufficient amount of memory available to run the application.
  • shmpages
    This is the total size of the shared memory (IPC, shared anonymous mappings and tmpfs objects). These pages are also accounted into privvmpages. Its configuration affects functionality and resource shortage reaction of the applications in the given Virtual Environments only. Again, If the failcnt value increases on this parameter, most likely there is not a sufficient amount of memory available to run the application.
  • physpages
    This is the total number of RAM pages used by processes in this virtual environment. Unlike other accounting methods, the sum of physpages usage for all Virtual Environments yields to the total number of pages used in the system by all Virtual Environments. This is currently an accounting-only parameter. It does not set any limits or barriers. If the failcnt value increases on this parameter, most likely there is not a sufficient amount of memory available to run the application.
  • vmguarpages
    This parameter controls how much memory is available to the Virtual Environment. The vmguarpages parameter does not have its own accounting. The current amount of allocated memory is accounted into another parameter (privvmpages). If the failcnt value increases on this parameter, most likely there is not a sufficient amount of memory available to run the application.
  • oomguarpages
    This is the guaranteed amount of memory in case the memory is "over-booked" (out-of-memory kill guarantee). The failcnt counter of oomguarpages parameter increases when a process in this Virtual Environment is killed because of an out-of-memory situation, but not when the barrier is reached. Again, If the failcnt value increases on this parameter, most likely there is not a sufficient amount of memory available to run the application.
  • numfile
    This is the number of "files" in use, including real files, sockets and pipes. The configuration of this parameter affects functionality and resource shortage reaction of applications in the given Virtual Environment only. If the failcnt value increases on this parameter, you are trying to have too many files open at once.

Wednesday, August 6, 2008

Passwordless ssh[ssh tunneling]

ssh-keygen -d
[hit enter three times]
[Replacing "username" and "ipaddress" with yours,
copy&paste/type:]
ssh username@ipaddress 'test -d .ssh || mkdir -m 0700 .ssh ;
cat >> .ssh/authorized_keys && chmod 0600 .ssh/*' < ~/.ssh/id_dsa.pub

Tuesday, August 5, 2008

aPaChe ApAcHe

########
# Apache
########
error log
-----------

/usr/local/apache/logs/error-log


daemon
-----------
/etc/init.d/httpd (start/stop/restart)

or

/usr/local/apache/bin/apachectl (start/stop/restart)

Note:- apache http port is 80 and https port is 443



##############
# Optimization
##############
Apache optimization
Timeout 150
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 16
MaxSpareServers 64
StartServers 15
MaxClients 150
MaxRequestsPerChild 0

-----------------------------------
Timeout 300
KeepAlive On
MaxKeepAliveRequests 0
KeepAliveTimeout 16
MinSpareServers 16
MaxSpareServers 64
StartServers 16
MaxClients 512
MaxRequestsPerChild 0
--------------

Timeout 200
KeepAlive On
maxKeepAliveRequests 100
KeepAliveTimeout 3
MinSpareServers 10
MaxSpareServers 20
StartServers 15
MaxClients 250
MaxRequestsPerChild 0
HostnameLookups Off



#######################################
# redirect domain.com to www.domain.com
#######################################

redirect domain.com to www.domain.com
--------------------------------------------------------------------------------
place following code in httpd.conf vhost section or in .htaccess
file.

$ vi .htaccess
Append following config code:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain.com
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=permanent,L]

Save and close the file. Above code will redirect users to
www.domain.com


--------------------------------------------------------------------------------

NB:- path of .htaccess => /home/username/public_html

################
# rebuild Apache
################

rebuild Apache for Cpanel Server?

----------------------------------------------------------
Login as the root using ssh

/scripts/easyapache

you should see a menu on screen asking you which options you would like
built into your apache install. Select options as per your
requirements. Once it has completed it will automatically restart Apache for you
and you will then be able to use the new features.

----------------------------------------------------------

NB:-you can also use EasyApache by logging into the WHM interface,
going to the “Software” section then clicking on “Apache Update.”
Note that you may want to “Load Previous Config” as your first step
to load your server’s existing configuration so you have a good idea
of what is currently on the server as you customize Apache and PHP.
####################################
# enable file and directory indexing
####################################
Q. How do I enable apache file and directory indexing? Currently it is
disabled and I would like to enable the same for /pdfs/ directory
(http://domain.com/pdfs).

---------------------------------------------------------------------------------------------------------------

A. Under Apache web server automatic index generation is enabled with
using Options +Indexes or Options Indexes directive.

If a URL which maps to a directory is requested, and there is no
DirectoryIndex (e.g., index.html) in that directory, then mod_autoindex will
return a formatted listing of the directory.

Option # 1: Using Apache config file
----------------------------------------------

Add directory option to Apache configuration file /etc/httpd/httpd.conf
or /etc/apache2/apache2.conf:
# vi /etc/apache2/apache2.conf
Add following code:

Options Indexes FollowSymLinks


Save and close the file. Restart Apache:
# /etc/init.d/httpd restart
OR
# /etc/init.d/apache2 restart


Option #2: Using .htaccess Files with Apache
----------------------------------------------------------

You can place config line Options Indexes in .htaccess file. Make sure
.htaccess file support is enabled.
Change directory to pdfs
$ cd pdfs
Open .htaccess file
$ vi .htaccess
Append following apache directive:
Options Indexes
Save and close the file.
---------------------------------------------------------------------------------------------------------------

##############################################################################
# Forbidden - You don’t have permission to access this page error and
solution
##############################################################################
Q. Why I am getting this error message? I am using Apache web server
and my directory is located at /home/myname/public_html.

-------------------------------------------------------------------------------
A. The permissions on your Web page are not correct. Login over ssh
session and use chmod command to setup correct permission. Go to directory
(for example public_html or /var/www/sitename.com/dir/) and type the
following command

$ chmod 755 *.*

OR

$ chmod o+x ./

If you have more subdirectories use -R option:
$ chmod -R 755 *.*

If you have access to Apache configuration file check out for these
tips to get rid of Apache 403 forbidden error.

-------------------------------------------------------------------------------
###############
# 403 forbidden
###############
Sounds like the permissions or ownership on public_html may be set
wrong.

They should be set like this:
Code:

chown YOUR_USER_NAME:nobody /home/public_html
chmod 750 /home/YOUR_USER_NAME/public_html

-------------------------------------------------
That could possible be caused by mod_dosevasive/mod_evasive. If you're
using it in httpd.conf try disabling the module load lines (2) and
restart httpd.
#############################################################
# prevent hot linking or leeching of images using mod_rewrite
#############################################################
Q. My site hosts lots of good images and other site hot links to my
images from their own site. Hot linking is eating lots of my bandwidth.
How do I stop leechers?

---------------------------------------------------------------------------------------------------

A. This is problem you may encounter, particularly if your site hosts
unique images. However solution is quite simple ban image hot linking
using Apache mod_rewrite to check the referral information the browser
provides.
How do I prevent hot linking of images?

There are many ways to block hot linking of images.

You can add any one of the following code to .htaccess file or to your
own httpd.conf file to prevent.

Make sure Apache mod_rewrite is enabled.
Solution # 1 : Prevent “hot linking” of images

Open httpd.conf or .htaccess file using vi text editor
# vi httpd.conf
Append following config directive:

SetEnvIfNoCase Referer "^http://www.cyberciti.biz/" banimages=1
SetEnvIfNoCase Referer "^http://cyberciti.biz/" banimages=1
SetEnvIfNoCase Referer "^$" banimages=1

Order Allow,Deny
Allow from env=banimages=1


Or you can use following simple code:

RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?cyberciti.biz/.*$ [NC]
RewriteRule ^.*.(bmp|tif|gif|jpg|jpeg|jpe|png)$ - [F]

Solution # 2 : Prevent “hot linking” of images and redirect to new
image

This method stop hotlinking and displays alternate image to endusers

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www.)?cyberciti.biz/.*$ [NC]
RewriteRule .*.(gif|jpe?g|png)$ http://www.cyberciti.biz/noop.jpg
[R,NC,L]

Unless the image is displayed on cyberciti.biz, browers would see the
image noop.jpg. Replace domain cyberciti.biz and upload noop.jpg to
webroot.

If you made changes to httpd.conf file; restart Apache:
# /etc/init.d/httpd restart

---------------------------------------------------------------------------------------------------
################################
# name based VirtualHost example
################################
Q. Can you give or specify an example for Apache name based VirtualHost
feature?

A. The term Virtual Host refers to the practice of maintaining more
than one web site on one Apache machine or server.

The NameVirtualHost directive is a required directive if you want to
configure name-based virtual hosts.

With the NameVirtualHost directive you specify the IP address on which
the server will receive requests for the name-based virtual hosts. This
will usually be the address to which your name-based virtual host
names resolve.

For example if your IP address is 203.54.2.5. Set it as follows in
httpd.conf file:
# vi /etc/httpd/conf/httpd.conf
Set NameVirtualHost as follows:
NameVirtualHost 203.54.2.5:80
Let us see how your virtual host entry looks for two domains called
theos.in and nixcraft.com . Code for theos.in domain:

ServerAdmin webmaster@theos.in
DocumentRoot /var/www/theos.in
ServerName theos.in
ServerAlias www.theos.in
ErrorLog /var/logs/httpd/theos.in/error_log
CustomLog /var/logs/httpd/theos.in/access_log common


Code for nixcraft.com domain:

ServerAdmin webmaster@nixcraft.com
DocumentRoot /var/www/nixcraft.com
ServerName nixcraft.com
ServerAlias www.nixcraft.com
ErrorLog /var/logs/httpd/nixcraft.com/error_log
CustomLog /var/logs/httpd/nixcraft.com/access_log common


Save and close the file. Restart Apache:
# /etc/init.d/httpd restart

Make sure both domains theos.in and nixcraft.com points to (A address)
203.54.2.5. Also make sure you create /var/logs/httpd/domain-name
directories and point ftp user directory to appropriate /var/www/domain-name
directory.
########################################################################################
# Address already in use: make_sock: could not bind to port 80 or 443
error and solution
########################################################################################
Q. How do I fix an error, while restarting Apache ~ Address already in
use: make_sock: could not bind to port 80?

A. If you are running SELinux disable temporary for port 80.
Apache Address already in use: make_sock: could not bind to port 80
error and solution

First make sure port 80/443 is not used by any other service or
application with netstat command:

# netstat -tulpn| grep :80

If port 80 is bind to httpd, kill all process:
# killall -9 httpd

Now start the httpd:
# /etc/init.d/httpd start

Also make sure you are root while starting the httpd.
#############################################
# change a default page other than index.html
#############################################
Q. How do I display or change a default page other than index.html or
index.php under Apache web server?

A. You need to use DirectoryIndex directive under Apache to set a
default page other than index.html or index.php.

The DirectoryIndex directive sets the list of resources or file to look
for, when the client requests an index of the directory by specifying
a / at the end of a directory name.

Open your Apache configuration file httpd.conf
# vi httpd.conf

Find out line that read as follows:
DirectoryIndex

Now set it as per your requirements:
DirectoryIndex index.html index.htm default.htm index.php index.pl

Save and close the file. Restart the Apache webs server:
# /etc/init.d/httpd restart

Please note that if you donĂ¢€™t have access to Apache
configuration file. Add DirectoryIndex to .htaccess file.

You can also specify php or pl dynamic script. Also note that the
documents do not need to be relative to the directory. Consider following
example
DirectoryIndex index.html index.pl /nav/index.php

Above would cause the php script /nav/index.php to be executed if
neither index.html or index.pl existed in a directory.
###########################################
# Server Side Include (SSI) is not working?
###########################################
Q. I would like to use Server Side Include (SSI) from my html pages.
But it is not working for VirtualHost. How do I configure Apache Server
Side Include?

A. From Aapache site, “SSI (Server Side Includes) are directives that
are placed in HTML pages, and evaluated on the server while the pages
are being served. They let you add dynamically generated content to an
existing HTML page, without having to serve the entire page via a CGI
program, or other dynamic technology”.

Make sure you have following configuration directive/line in your
.htaccess or httpd.conf file:

vi /etc/httpd/httpd.conf

OR

vi .htaccess

Add following directive:

Options +Includes

Above directive (Options +Includes) tells Apache that you want to
permit files to be parsed for SSI directives.

Next, make sure Apache knows which files should be parsed using SSI.

AddType text/html .shtml
AddHandler server-parsed .shtml

Now test your configuration by adding any one of the following SSI
directive:

$ vi test.shtml

Append any one of the following SSI directive:



OR



Save the file. Restart Apache and test your configuration.
###################
# htaccess redirect
###################

The .htaccess file needs to be placed in the root directory of your old
website (i.e the same directory where your index file is placed)


****Redirect to www (htaccess redirect)****

Create a .htaccess file with the below code, it will ensure that all
requests coming in to domain.com will get redirected to www.domain.com

Options +FollowSymlinks
RewriteEngine on
rewritecond %{http_host} ^domain.com [nc]
rewriterule ^(.*)$ http://www.domain.com/$1 [r=301,nc]

Please REPLACE domain.com and www.newdomain.com with your actual domain
name.

Note* This .htaccess method of redirection works ONLY on Linux servers
having the Apache Mod-Rewrite moduled enabled.

-----------Other rules------------
ErrorDocument 404 http://www.partypantygirl.com

# Spam Protection
SetEnvIfNoCase Via pinappleproxy spammer=yes
SetEnvIfNoCase X-AAAAAAAAAAAA 1 spammer=yes
SetEnvIfNoCase Referer tramadol spammer=yes

----------mod_security off-------------
SecFilterEngine Off
SecFilterScanPOST Off
-------------------------------
############################################################################
# Using Find to change permissions. Fixing php suexec internal server
errors
############################################################################
Make sure this is only done in the public_html directory or a directory
inside the public_html. If this is done above this, it will cause
problems.

*Change permissions to 644 for EVERY file
find -type f -exec chmod 644 ‘{}’ \;

*Change permissions to 755 for EVERY folder
find -type d -exec chmod 755 ‘{}’ \;

*Change permissions to 755 for EVERY folder
find -iname “*.pl” -exec chmod 755 ‘{}’ \; -o -iname
“*.cgi” -exec chmod 755 ‘{}’ \;

*Change the ownership of the files so that the are set correctly.
chown `pwd|cut -d/ -f3`.`pwd|cut -d/ -f3` -R .
#########################################
# php parsing for HTML files on phpsuexec
#########################################
php parsing for HTML files on phpsuexec
--------------------------------------------------
The .htaccess code :

“AddType application/x-httpd-php .html”

no longer works on phpsuexec’d servers. You need to use the following
code instead of that one :

AddHandler application/x-httpd-php .php .php3 .phtml .html .htm .php4

##############
# Fixing https
##############
Make sure Apache is running in SSL mode. Issue these commands:

service httpd stop

killall -9 httpd (run this a few times until you see 'no process
found')

service httpd startssl
####################################
# to see if mod_rewrite is turned on
####################################
Put this in .htaccess

RewriteEngine On
RewriteRule ^test.html$ /test2.html [R=301]

This will redirect to test2.html if mod_rewrite is working.

test.html put text: not working
test2.html put text: working
#####################
# disablemod_security
#####################
Create or edit the .htaccess file and add this to it:

SecFilterEngine off
Disable mod_security through httpd.conf Apache

Go to the virtualhost entry for the users domain and add this in
# Turn off mod_security filtering.
SecFilterEngine Off

# The below probably isn’t needed, but better safe than sorry.
SecFilterScanPOST Off
Save the httpd.conf and restart apache.
##############################################
# password protect a directory using .htaccess
##############################################
1. Login to your server via SSH and “su -” to root (do not forget
the - after su).

2. Create the .htpasswd file. We are going to create it above your web
root to make sure noone has the ability to download it from the web.

**note: only use -c for adding the first user**

# htpasswd -c /home/testuser/.htpasswd testuser
New password:
Re-type new password:
Adding password for user testuser

3. Open /etc/httpd/conf/httpd.conf in your favorite editor and find the
VirtualHost section for your domain. You will need to add the
following lines to your VirtualHost section:


AuthType Basic
AuthName ” Protected Area ”
AuthUserFile /home/testuser/.htpasswd
require valid-user

4. Restart Apache with:

# service httpd restart
####################################
# Manually adding a domain to apache
####################################
In this HowTo I’m going to be using “testdomain.com” as the
example.

1. Log into your server with an SSH client, then “su -” to root (do
not forget the “-” after su).

2. If you do not have a user account created for this site, you must
create one at this time:

# adduser testuser
# passwd testuser
Changing password for user testuser.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
#

3. Now you must create the directories where the web site files will be
located:

# cd /home/testuser
# mkdir -p testdomain.com/{cgi-bin,htdocs,logs}
# chown -R testuser: testdomain.com

4. The next step is to add the domain to the Apache configuration. You
can use any text editor that you are familiar with to open
/etc/httpd/conf/httpd.conf and add the following section at the end:

# Replace 1.2.3.4 with the IP address of your server
DocumentRoot /home/testuser/testdomain.com/htdocs
ServerName testdomain.com
ServerAlias www.testdomain.com
ScriptAlias /cgi-bin/ /home/testuser/testdomain.com/cgi-bin/
CustomLog /home/testuser/testdomain.com/logs/access.log
ErrorLog /home/testuser/testdomain.com/logs/error.log
** If you do not have DNS set up for this domain, or DNS is pointing to
another server, add the following to your httpd.conf before your
VirtualHost. This will allow you to view the new site at
http://1.2.3.4/testdomain.com/ before DNS is working **
ServerName 1_2_3_4
DocumentRoot /var/www/html
Alias /testdomain.com/ /home/testuser/testdomain.com/
5. After you add the VirtualHost section and save the httpd.conf, you
must restart httpd in order for your changes to take effect:

# /sbin/service httpd restart # RedHat
or
# /etc/init.d/apache restart # Debian

6. Check if your new site is working. You can use
http://www.testdomain.com if the DNS is pointing to your server or
http://1.2.3.4/testdomain.com/ if DNS is not setup yet.

#######################
# Modify suspended page
#######################
Modify the suspended page
------------------------------------
If you need to suspend an account at any time, you may want to change
the default suspended page offered through cPanel. You may want to brand
it or change the page to something which will say something other than
account suspended. To modify the suspended page, please do the
following:

1. Create an HTML page that appears exactly how you would like it to
be.
2. Click on Modify Suspended Account Page in the Account Functions
menu.
3. Copy and paste the HTML code of your modified page over the content
of the default Suspended Account page
4. Click on the Save button.

You have just modified the suspended page of your server.

more on VPS..

#####
# VPS
#####
##############
# VPS commands
##############

from central node :-

vps configuration file path=>
/etc/sysconf/vz-script/

to dispaly list of vps=>
vzlist

to enter the vps =>
vzctl