Friday, November 9, 2012
Posted by Arun Sawant at 6:43 AM
How do I optimize Apache to use less memory?
Solution Apache Memory Use Optimization


1. SSH into your server as root.
2. Run top.
3. Press shift + m.
4. Note the highest RES memory used by httpd.
5. Hit Q to exit top.
6. Execute: service httpd stop
7. Once httpd is stopped, execute: free -m
8. Note the memory listed under "used".
9. Find the guaranteed memory for your VPS plan. Support can tell you how much you have guaranteed if you cannot find it.
10. Subtract the memory USED from the memory that your plan is GUARANTEED. This will give you your base FREE MEMORY POOL.
11. Multiply the value of your FREE MEMORY POOL by 0.8 to find your average AVAILABLE APACHE POOL (this will allow you a 20% memory reserve for burst periods).
12. Divide your AVAILABLE APACHE POOL by the highest RES memory used by httpd. This will give you the MaxClients value that should be set for your system.
13. Open httpd.conf in your favorite text editor (don't use Windows text editors as they may break httpd.conf).
14. Set the MaxClients value you've calculated.
15. Set Keepalive Off if you don't need it (your server will handle more requests per second with keepalive on, but will require more memory for apache--don't turn on keepalive if you're not leaving a 20% memory reserve).
16. If you are leaving keepalive on, set keepalivetimeout to the lowest value you can to prevent connections from hanging. If you experience high latency to your server, set keepalivetimeout to 2-5 seconds.
17. Set your Timeout to a reasonable value. Pick a time that won't cut off the transfer of your pages to your customers, but keep it low enough that you don't have dead connections that remain open for a large period of time (10-30 seconds should be a good timeout if most of your users are on highspeed, and 30-120 should be ok for dialup).
18. MaxKeepAliveRequests should be set equal to the largest number of objects you have in 1 page. If you don't know, 70-200 should be good.
19. Set your MinSpareServers equal to 10-25% of MaxClients.
20. Set your MaxSpareServers equal to 25-50% of MaxClients.
21. Set your StartServers equal to either MinSpareServers or MaxSpareServers. When apache is restarted, this is the number of servers that will start and be ready for connections immediately. High-traffic sites should set this value to MaxSpareServers and lower volume sites should use MinSpareServrs.
22. MaxRequestsPerChild should be set somewhere between 500 (if you see rapid apache child process memory use growth) to 10000 (if you have no leaks in your applications). Setting this value to 0 will result in child processes never being killed, and eventually all shared memory used by apache will become "dirty" and unshared, possibly resulting in higher overall memory use.
23. Once you've set all values, save the file, exit, and issue: service httpd restart.

The following is an EXAMPLE with output:

Under TOP I notice that my biggest apache process is using 5mb of memory:
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
15535 root 16 0 15072 5376 3196 S 0 0.5 0:17.60 httpd


-bash-3.00# service httpd stop
/etc/init.d/httpd stop: httpd stopped
-bash-3.00# free -m
total used free shared buffers cached
Mem: 1024 131 892 0 0 0
-/+ buffers/cache: 131 892
Swap: 0 0 0
-bash-3.00#

I see I'm using 131MB of RAM without apache. I have 384MB of RAM available.

384 - 131 = 253MB Free Memory Pool
253 * 0.8 = 202.4MB Available Apache Pool
200 / 5 = 40

Armed with this information I now set up my httpd.conf with the following settings:

Timeout 10 (If it takes more than 10 seconds to load my pages, something is wrong)

MaxClients 40 (Note: I can set this lower if I know other processes will need more memory under load)
MinSpareServers 4 (My site gets almost no traffic)

MaxSpareServers 20 (My server never uses memory, so extra apache children hanging around doesn't hurt me)

StartServers 4 (again, low traffic, so I don't need to be handling an instantaneous burst on apache restart)

Keepalive On (Since I don't use much memory, I don't need to turn this off as the extra use won't hurt me)

MaxKeepAliveRequests 100 (I don't have 100 objects on any page, but using too low a value doesn't help performance, so I'll just do 100)

KeepAliveTimeout 1 (I don't have large files/pages, so I don't expect the remote computer to take more than 1 second to reply to each keepalive request)

MaxRequestsPerChild 10000 (I like the better performance with this, and I run no PHP Apps that leak memory)

Once I've set these, I save the file, exit the editor, and restart apache. I've now reconfigured apache to meet my specific needs! 
https://www.virtacoresupport.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=102
 
0 comments
Monday, October 15, 2012

Configure Gmail as SMTP in XAMPP to send mail

Posted by Arun Sawant at 11:25 PM
http://coded-words.tumblr.com/post/6936532107/configure-gmail-as-smtp-in-xampp-to-send-mail

So, after rummaging through the net for 2 whole days trying to look for good complete instructions to set up the mail server, I didn’t find. Eventually, I’d figured it out after piecing together random info from various numerous blogs and forums. Never have been this happy to finally successfully send a mail. So, I decided I’d put up the complete set of instructions to do so.
Below instructions are written for XAMPP1.7.4 (Working on Vista)
1. Open the PHP.ini file. (Most likely found in C:\xampp\php\php.ini or whichever drive you installed your XAMPP)
2. Search for the [mail function]
3. Change the settings to -[mail function]
; For Win32 only.
; http://php.net/smtp
SMTP = localhost  
; http://php.net/smtp-port
smtp_port = 25

; For Win32 only.
; http://php.net/sendmail-from
;sendmail_from =

; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
; http://php.net/sendmail-path
 sendmail_path = "\"C:\xampp\sendmail\sendmail.exe\" -t"
(Removing the ; enables the function.)
4. Save it and restart the Apache.
5. Open the sendmail folder (Found in the XAMPP folder thus C:\xampp\sendmail)
6. Chances are, the bundle probably comes with a weird combination of files and codes. So, to save all the hassle of troubleshooting afterwards, clear all the files in the folder.
7. Download a new version of the sendmail.zip from http://glob.com.au/sendmail/
8. Unzip the entire folder into the original sendmail folder - C:\xampp\sendmail
9. Open the sendmail.ini (C:\xampp\sendmail\sendmail.ini  — found in the same folder)
10. Change the setting to the following — (I’ll post the entire file so no one gets confused from the cuts)


[sendmail]

; you must change mail.mydomain.com to your smtp server,
; or to IIS's "pickup" directory.  (generally C:\Inetpub\mailroot\Pickup)
; emails delivered via IIS's pickup directory cause sendmail to
; run quicker, but you won't get error messages back to the calling
; application.

smtp_server=smtp.gmail.com

; smtp port (normally 25)

smtp_port=465

; SMTPS (SSL) support
;   auto = use SSL for port 465, otherwise try to use TLS
;   ssl  = alway use SSL
;   tls  = always use TLS
;   none = never try to use SSL

smtp_ssl=auto

; the default domain for this server will be read from the registry
; this will be appended to email addresses when one isn't provided
; if you want to override the value in the registry, uncomment and modify

;default_domain=mydomain.com

; log smtp errors to error.log (defaults to same directory as sendmail.exe)
; uncomment to enable logging

error_logfile=error.log

; create debug log as debug.log (defaults to same directory as sendmail.exe)
; uncomment to enable debugging

debug_logfile=debug.log

; if your smtp server requires authentication, modify the following two lines

auth_username=USERNAME@gmail.com   
auth_password=PASSWORD

; if your smtp server uses pop3 before smtp authentication, modify the
; following three lines.  do not enable unless it is required.

;pop3_server=
;pop3_username=
;pop3_password=

; force the sender to always be the following email address
; this will only affect the "MAIL FROM" command, it won't modify
; the "From: " header of the message content

force_sender=USERNAME@gmail.com

; force the sender to always be the following email address
; this will only affect the "RCTP TO" command, it won't modify
; the "To: " header of the message content

;force_recipient=

; sendmail will use your hostname and your default_domain in the ehlo/helo
; smtp greeting.  you can manually set the ehlo/helo name if required

;hostname=
The bolded text are the ones that requires changes. Enter your google username and password where appropriate. I enabled the force_sender to be my mail because changing the php.ini is such a pain. You can alternatively choose to change the Mail from setting in the PHP.ini instead.
11. After this, all should be good. Run a mail script and send out the mail. It should work.
Hope this would relieve some distress from the whole SMTP setup. Have fun. :)
0 comments

How to troubleshoot mail goes from console and not working from web URL

Posted by Arun Sawant at 6:27 AM


How to troubleshoot mail goes from console and not working from web URL
Runtime Configuration
The behaviour of these functions is affected by settings in php.ini.
Mail configuration options
Name
Default
Changeable
Changelog
mail.add_x_header
"0"
PHP_INI_PERDIR
Available since PHP 5.3.0.
mail.log
NULL
PHP_INI_PERDIR
Available since PHP 5.3.0.
SMTP
"localhost"
PHP_INI_ALL

smtp_port
"25"
PHP_INI_ALL
Available since PHP 4.3.0.
sendmail_from
NULL
PHP_INI_ALL

sendmail_path
"/usr/sbin/sendmail -t -i"
PHP_INI_SYSTEM


getsebool -a | grep mail

getsebool -a | grep mail reports

[code]
allow_postfix_local_write_mail_spool --> on
httpd_can_sendmail --> off
[/code[

I fixed it with the following
setsebool httpd_can_sendmail= on
0 comments
Tuesday, October 9, 2012

Monitoring Bandwidth with VNstat

Posted by Arun Sawant at 11:15 PM
VNstat is a bandwidth monitoring tool that will let you monitor your bandwidth and provide daily, weekly and monthly tracking metrics.

To install and setup Vnstat, you will need to follow the steps in this article.

Log into your linux server and type the following command.wget http://humdi.net/vnstat/vnstat-1.10.tar.gz

Next to uncompress the file you will need to run the following command. tar -zxvf vnstat-1.10.tar.gz

Now that you have the file uncompressed, you will need to install Vnstat. To do this, you will need to navigate to the VNstat directory and run the following command.
make & make install

Now that it has been installed, you will first need to run "vnstat --iflist" on your server, so you know the name of your network adaptors. vnstat --iflist

You will now be presented with the any available adaptors on your server. Available interfaces lo eth0 sit0

Now that you know what adaptors you have on your server, you will need to tell VNstat to create a small database for that adapator. To do this, simply type /usr/bin/vnstat -u -i then the adaptor name. So for our example, we would run the following /usr/bin/vnstat -u -i eth0 If you have multiple adaptors, you will need to do this for each adaptor. However you do not have to if you only want to monitor specific adaptors.

Next, make sure that Vnstat restarts whenever you reboot your server. To do this, add the service to your server's "Chkconfig" list by running the following command.

chkconfig --add vnstat
chkconfig vnstat on

Now you can access Vnstat by logging into the server at anytime and typing "vnstat". Doing so will give you a realtime status of your bandwidth.
0 comments
Sunday, October 7, 2012

htaccess-tricks

Posted by Arun Sawant at 11:25 PM

http://perishablepress.com/stupid-htaccess-tricks/#sec6

Set the default language and character set ^

Here is an easy way to set the default language for pages served by your server (edit the language to suit your needs):
# set the default language
DefaultLanguage en-US
Likewise, here we are setting the default character set (edit to taste):
# set the default character set
AddDefaultCharset UTF-8

 

Declare specific/additional MIME types ^

# add various mime types
AddType application/x-shockwave-flash .swf
AddType video/x-flv .flv
AddType image/x-icon .ico

 

Send character set and other headers without meta tags ^

# send the language tag and default character set
# AddType 'text/html; charset=UTF-8' html
AddDefaultCharset UTF-8
DefaultLanguage en-US

 

Limit server request methods to GET and PUT ^

# limit server request methods to GET and PUT
Options -ExecCGI -Indexes -All
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK|OPTIONS|HEAD) RewriteRule .* - [F]

 

Selectively process files according to server request method ^

# process files according to server request method
Script PUT /cgi-bin/upload.cgi
Script GET /cgi-bin/download.cgi

 

Execute various file types through a cgi script ^

For those special occasions where certain file types need to be processed with some specific cgi script, let em know who sent ya:
# execute all png files via png-script.cgi
Action image/png /cgi-bin/png-script.cgi

 

Security [ ^ ]

 

Prevent Access to .htaccess ^

Add the following code block to your htaccess file to add an extra layer of security. Any attempts to access the htaccess file will result in a 403 error message. Of course, your first layer of defense to protect htaccess files involves setting htaccess file permissions via CHMOD to 644:
# secure htaccess file
htaccess>
 order allow,deny
 deny from all

 

Prevent Access to a Specific File ^

To restrict access to a specific file, add the following code block and edit the file name, “secretfile.jpg”, with the name of the file that you wish to protect:
# prevent viewing of a specific file

 order allow,deny
 deny from all

 

Prevent access to multiple file types ^

To restrict access to a variety of file types, add the following code block and edit the file types within parentheses to match the extensions of any files that you wish to protect:

 Order Allow,Deny
 Deny from all

 

Prevent Unauthorized Directory Browsing ^

Prevent unauthorized directory browsing by instructing the server to serve a “xxx Forbidden – Authorization Required” message for any request to view a directory. For example, if your site is missing it’s default index page, everything within the root of your site will be accessible to all visitors. To prevent this, include the following htaccess rule:
# disable directory browsing
Options All -Indexes
Conversely, to enable directory browsing, use the following directive:
# enable directory browsing
Options All +Indexes
Likewise, this rule will prevent the server from listing directory contents:
# prevent folder listing
IndexIgnore *
And, finally, the IndexIgnore directive may be used to prevent the display of select file types:
# prevent display of select file types
IndexIgnore *.wmv *.mp4 *.avi *.etc

 

Change Default Index Page ^

This rule tells the server to search for and serve “business.html” as the default directory index. This rule must exist in the htaccess files of the root directory for which you wish to replace the default index file (e.g., “index.html”):
# serve alternate default index page
DirectoryIndex business.html
This rule is similar, only in this case, the server will scan the root directory for the listed files and serve the first match it encounters. The list is read from left to right:
# serve first available alternate default index page from series
DirectoryIndex filename.html index.cgi index.pl default.htm

 

Disguise Script Extensions ^

To enhance security, disguise scripting languages by replacing actual script extensions with dummy extensions of your choosing. For example, to change the “.foo” extension to “.php”, add the following line to your htaccess file and rename all affected files accordingly:
# serve foo files as php files
AddType application/x-httpd-php .foo
# serve foo files as cgi files
AddType application/x-httpd-cgi .foo

 

Limit Access to the Local Area Network (LAN) ^

# limit access to local area network

 order deny,allow
 deny from all
 allow from 192.168.0.0/33

 

Secure Directories by IP Address and/or Domain ^

In the following example, all IP addresses are allowed access except for 12.345.67.890 and domain.com:
# allow all except those indicated here

 order allow,deny
 allow from all
 deny from 12.345.67.890
 deny from .*domain\.com.*

In the following example, all IP addresses are denied access except for 12.345.67.890 and domain.com:
# deny all except those indicated here

 order deny,allow
 deny from all
 allow from 12.345.67.890
 allow from .*domain\.com.*


This is how to block unwanted visitors based on the referring domain. You can also save bandwidth by blocking specific file types — such as .jpg, .zip, .mp3, .mpg — from specific referring domains. Simply replace “scumbag” and “wormhole” with the offending domains of your choice:
# block visitors referred from indicated domains

 RewriteEngine on
 RewriteCond %{HTTP_REFERER} scumbag\.com [NC,OR]
 RewriteCond %{HTTP_REFERER} wormhole\.com [NC,OR]
 RewriteRule .* - [F]

 

Prevent or allow domain access for a specified range of IP addresses ^

There are several effective ways to block a range of IP addresses via htaccess. This first method blocks an IP range specified by their CIDR (Classless Inter-Domain Routing) number. This method is useful for blocking mega-spammers such as RIPE, Optinet, and others. If, for example, you find yourself adding line after line of Apache deny directives for addresses beginning with the same first few numbers, choose one of them and try a whois lookup. Listed within the whois results will be the CIDR value representing every IP address associated with that particular network. Thus, blocking via CIDR is an effective way to eloquently prevent all IP instances of the offender from accessing your site. Here is a generalized example for blocking by CIDR (edit values to suit your needs):
# block IP range by CIDR number
 

 order allow,deny
 allow from all
 deny from 10.1.0.0/16
 deny from 80.0.0/8

Likewise, to allow an IP range by CIDR number:
# allow IP range by CIDR number

 order deny,allow
 deny from all
 allow from 10.1.0.0/16
 allow from 80.0.0/8

Another effective way to block an entire range of IP addresses involves truncating digits until the desired range is represented. As an IP address is read from left to right, its value represents an increasingly specific address. For example, a fictitious IP address of 99.88.77.66 would designate some uniquely specific IP address. Now, if we remove the last two digits (66) from the address, it would represent any address beginning with the remaining digits. That is, 99.88.77 represents 99.88.77.1, 99.88.77.2, … 99.88.77.99, …etc. Likewise, if we then remove another pair of digits from the address, its range suddenly widens to represent every IP address 99.88.x.y, where x and y represent any valid set of IP address values (i.e., you would block 256*256 = 65,536 unique IP addresses). Following this logic, it is possible to block an entire range of IP addresses to varying degrees of specificity. Here are few generalized lines exemplifying proper htaccess syntax (edit values to suit your needs):
# block IP range by address truncation

 order allow,deny
 allow from all
 deny from 99.88.77.66
 deny from 99.88.77.*
 deny from 99.88.*.*
 deny from 99.*.*.*

Likewise, to allow an IP range by address truncation:
# allow IP range by address truncation

 order deny,allow
 deny from all
 allow from 99.88.77.66
 allow from 99.88.77.*
 allow from 99.88.*.*
 allow from 99.*.*.*

Block or allow multiple IP addresses on one line ^

Save a little space by blocking multiple IP addresses or ranges on one line. Here are few examples (edit values to suit your needs):
# block two unique IP addresses
deny from 99.88.77.66 11.22.33.44
# block three ranges of IP addresses
deny from 99.88 99.88.77 11.22.33
Likewise, to allow multiple IP addresses or ranges on one line:
# allow two unique IP addresses
allow from 99.88.77.66 11.22.33.44
# allow three ranges of IP addresses
allow from 99.88 99.88.77 11.22.33

Miscellaneous rules for blocking and allowing IP addresses ^

Here are few miscellaneous rules for blocking various types of IP addresses. These rules may be adapted to allow the specified IP values by simply changing the deny directive to allow. Check ’em out (edit values to suit your needs):
# block a partial domain via network/netmask values
deny from 99.1.0.0/255.255.0.0
# block a single domain
deny from 99.88.77.66
# block domain.com but allow sub.domain.com
order deny,allow
deny from domain.com
allow from sub.domain.com
0 comments

Use of Find Command in Unix

Posted by Arun Sawant at 10:57 PM

To find the largest 10 files (linux/bash):

# find . -type f -print0 | xargs -0 du -s | sort -n | tail -10 | cut -f2 | xargs -I{} du -sh {}

To find the largest 10 directories:

# find . -type d -print0 | xargs -0 du -s | sort -n | tail -10 | cut -f2 | xargs -I{} du -sh {}

Only difference is -type {d:f}. No type for combined results.

For a quick view:

# du | sort -n

Find directory size more than 500MB

# find . -type f -size +500000k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

Find OUT large hists form IP

# awk '{print $1};' /var/log/httpd/access_log | sort | uniq -c | sort -rn | head

Find out directory files count

#  ls -l | awk '!/^d/{print }' | wc -l

#  ls -la |wc -l

#  find . |wc –l

Find file which older than 30 days or modify

# find . -mtime +30

Delete old files older than x days with subdirectories
 
# find . -mtime +10 -exec rm {} \;

This will show you how to find the ten biggest files / folders on your linux system

# du -a / | sort -n -r | head -n 10

You can use the command to find the biggest files in a specific location like this

# du -a /var/www | sort -n -r | head -n 10

And you can return more than ten results like this

# du -a /var/www | sort -n -r | head -n 25 

Large Files

Find files larger than 10MB in the current directory downwards…
find . -size +10000000c -ls
Find files larger than 100MB…
find . -size +100000000c -ls

Old Files

Find files last modified over 30days ago…
find . -type f -mtime 30 -ls
Find files last modified over 365days ago…
find . -type f -mtime 365 -ls
Find files last accessed over 30days ago…
find . -type f -atime 30 -ls
Find files last accessed over 365days ago…
find . -type f -atime 365 -ls

Find Recently Updated Files

There have been instances where a runaway process is seemingly using up any and all space left on a partition. Finding the culprit file is always useful.
If the file is being updated at the current time then we can use find to find files modified in the last day…
find  . -type f -mtime -1 -ls
Better still, if we know a file is being written to now, we can touch a file and ask the find command to list any files updated after the timestamp of that file, which will logically then list the rogue file in question.
touch testfile
find .  -type f -newer testfile -ls

Finding tar Files

A clean up of redundant tar (backup) files, after completing a piece of work say, is sometimes forgotten. Conversely, if tar files are needed, they can be identified and duly compressed (using compress or gzip) if not already done so, to help save space. Either way, the following lists all tar files for review.
find . -type f -name "*.tar" -ls
find . -type f -name "*.tar.Z" -ls

Large Directories

List, in order, the largest sub-directories (units are in Kb)…
du -sk * | sort -n
Sometimes it is useful to then cd into that suspect directory and re-run the du command until the large files are found.

Removing Files using Find

The above find commands can be edited to remove the files found rather than list them. The “-ls” switch can be changed for “-exec rm {}\;”=.
e.g.
find . -type f -mtime 365 -exec rm {} \;
0 comments
Subscribe to: Posts (Atom)