tag:blogger.com,1999:blog-77690576784927407192024-02-02T15:50:44.924-08:00Computation-Technology-Sciencenishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comBlogger49125tag:blogger.com,1999:blog-7769057678492740719.post-73661674489032041332016-03-26T00:51:00.000-07:002017-06-03T02:53:14.892-07:00Parsing and Analyzing Apache Log file using linux commandsThis content has been moved to a new URL.<br />
<br />
<a href="http://nishalspace.com/parsing-and-analyzing-apache-log-file-using-linux-commands/">Click here to read the actual article</a>nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-54384100143044326152015-02-09T04:39:00.001-08:002015-02-09T04:40:37.623-08:005 step process to improve your SEO in a monthSEO (Search Engine Optimization) is something which is bit intangible and unpredictable and so quite interesting area also. Lots of people think to do the SEO but hardly anyone understand what they want to achieve out of SEO. <br />
<br />
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHNHW9Ha6SP8GvUk148t6Fkx7Jkzv3dSF75zC50_T1rcif3hA9YiO2Vp21m6nk77oUd6T4g0Gh7Bsv1xqnMGHJM-mP1EipwhH89Z3mvu7Dsg1AiRNUYDNxMOcb7vkinP5zInUvTGCIOPE/s1600/SEO.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHNHW9Ha6SP8GvUk148t6Fkx7Jkzv3dSF75zC50_T1rcif3hA9YiO2Vp21m6nk77oUd6T4g0Gh7Bsv1xqnMGHJM-mP1EipwhH89Z3mvu7Dsg1AiRNUYDNxMOcb7vkinP5zInUvTGCIOPE/s1600/SEO.jpg" height="206" width="400" /></a></div>
Lets try to understand the intent and possible achievement out of SEO.<br />
<br />
SEO can be understood as marketing strategy, by ranking up high in Google, but it's the only 1st step of SEO. SEO has 2 more steps left which has almost remained hidden.<br />
So what are the steps:<br />
<br />
<b>1. Short term strategy -</b> Helps in quick marketing, few keyword ranking for increasing your reach-ability, estimated time is 1 month<br />
<b>2. Long term strategy -</b> Helps in building a sustainable traffic, estimated time is 6 months<br />
<b>3. Ecosystem strategy -</b> Helps search engineer in refining their knowledge and search, estimated time is 2 years and more<br />
<br />
Now a days the search engine algorithm is mature, intelligent, and intuitive. While there are quite a few things that require technical expertise, the overall theme of SEO is pretty simple. So if you are targeting something short term strategy and planning to do some keyword ranking optimization, it's pretty simple.<br />
<br />
<h3>
Do these 5 step process and it would improve SERP within a month.</h3>
<br />
<b>1. High performance is must :</b> Your page should load as fast as possible, As an average measurement in GA if it is taking more than 7 seconds, you are bad, 4 seconds is awesome, even if it is 5 seconds, it's good. Write good HTML to save DOM execution time, use CDN to deliver CSS, JS and Image, use caching etc.<br />
<br />
<b>2. Understand your business and customers and write a quality blog</b> about educating your product, talking about peripheral of your business domain, product and may be your competitors. This helps a lot to Search engine to decide your seriousness of the product, their social need and as the people will start consuming your product, Search engine will give lot of weight to your product, your website. Blog is to educate them, providing extra value about your product. Google algorithm also considers social websites, blogs and social contents to be pushed into Google news section, which is an advantage.<br />
<br />
<b>3. Keep watching your spamy links</b> <b>:</b> Google Penguin updates are targeting to penalized website who create spamy link backs. With October Penguin 3.0 update it's much more clear that any anchor text manipulation and spamy link will get penalized. It's good to keep watching your links through webmaster or some tool and audit them at least once in 6 month. And work towards get good quality link back, blog is one of the strategy to get good link backs.<br />
<br />
<b>4. Content is the king and play on keyword density:</b> Creating high quality content is still the central idea in SEO. Think about creating a content in much more organized, creative and new style. Like providing good meta information, images, bread crumbs for navigation, readable and something new(be creative). Use the keyword density keyword repetition intelligently on the page. You can use SEO quake kind of tool to check the keyword density. Every keyword repetition should have a value, it should not be just stuffed.<br />
<br />
<b>5. Promote your website on social website</b><br />
Create Facebook page, twitter handle and other social properties to talk about your product, gather people and promote your website, links. This has 2 advantage, one social index score becomes better which also plays a role in SEO and other you can get extra traffic from social media. <br />
<br />
<b>And Few small things to remember:</b><br />
<ol>
<li>Don't publish or build business on illegal stuffs</li>
<li>HTTPS serving websites are getting extra value</li>
<li>Don't play on aggregation and content farming, now it doesn't work</li>
<li>Only keyword stuffing can kill you</li>
<li>Being mobile friendly website is quite helpful to receive mobile traffic</li>
</ol>
<br />
It's still simple to achieve good but you've have to focused, consistent and dedicated. It works, it really works :)<br />
<br />
<br />
<br />nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-10569895803722974152014-09-01T11:45:00.001-07:002017-06-03T03:13:59.811-07:00Some concepts of Solr<b>This article has been moved to a different location.</b><br />
<b><a href="http://nishalspace.com/relevance-and-query-concept-in-solr/">Click here to read the entire article</a></b>nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-7504448273997568492014-06-09T07:45:00.001-07:002014-06-09T07:45:49.355-07:00Enabling JMX in TomcatAny Java program can be monitored using Jconsole. Jconsole is an user interface which comes by default with any JDK package, you just need to type <b>jconsole </b>on your terminal and it will show you the interface. Jconsole works along with JMX, which has to be enabled in the respective java program or JVM.<br />
<br />
<h2>
How to enable JMX in tomcat?</h2>
You to enable these variables while starting of the JVM. In tomcat you can simple enable them by using CATALINA_OPTS variable in setenv.sh file in bin folder of tomcat.<br />
<br />
<pre class="bash" style="background-color: #f7f7f9; border-bottom-left-radius: 4px; border-bottom-right-radius: 4px; border-top-left-radius: 0px; border-top-right-radius: 0px; border: 1px solid rgb(209, 209, 232); color: #333333; font-size: 13px; line-height: 1.5; margin-bottom: 20px; overflow-x: auto; padding: 10px;">-Dcom.sun.management.jmxremote
-Dcom.sun.management.jmxremote.port=<span style="color: #7a0874; font-weight: bold;">{</span>port to access<span style="color: #7a0874; font-weight: bold;">}</span>
-Dcom.sun.management.jmxremote.authenticate=<span style="color: #c20cb9; font-weight: bold;">false</span>
-Dcom.sun.management.jmxremote.ssl=<span style="color: #c20cb9; font-weight: bold;">false</span>
-Djava.rmi.server.hostname=<span style="color: #7a0874; font-weight: bold;">{</span>optional, allow what <span style="color: #c20cb9; font-weight: bold;">ip</span> to access this Tomcat<span style="color: #7a0874; font-weight: bold;">}</span></pre>
export CATALINA_OPTS="$CATALINA_OPTS -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=9999 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=<ip address="" of="" server="" tomcat="">"</ip><br />
<br />
To know more details about variables, you can check here,<br />
http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html<br />
<br />
After changing this, start the tomcat and then run jconsole from anywhere and connect using<br />
"IP:port", if authentication is enable, enter the credentials also. Now you can see all the JVM stuff, threads, memory usages, CPU usages, GCs performed etc.<br />
<br />
<br />
<br />
<br />nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-55276145370939215892014-04-25T03:57:00.001-07:002014-04-25T03:57:55.418-07:00RSA server certificate CommonName (CN) 'www.domain.com' does NOT match server nameHi,<br />
<div>
<br /></div>
<div>
I was getting this error on restarting of my Apache,</div>
<div>
<br />
<div>
<h3>
"I receive the Error: "RSA server certificate CommonName (CN) 'www.domain.com' does NOT match server name"?"</h3>
And there was on website which was able to tell me that is something wrong, which is http://www.sslshopper.com/ssl-checker.html<br />
<br />
In my case, I had missed an entry of "ServerName" directive in Apache virtual host configuration.<br />
<br />
<VirtualHost _default_:443><br />
ServerAdmin webmaster@domain.com<br />
ServerName www.domain.com<br />
<br />
SSLEngine on<br />
SSLCertificateFile /root/ssl/domain.crt<br />
SSLCertificateKeyFile /root/ssl/server.key<br />
SSLCertificateChainFile /root/ssl/bundle.crt<br />
<br />
</VirtualHost><br />
<br />
So after entering the ServerName, apache error.log file stopped showing the error message. And the website sslshopper also, started getting the certificate of diagnosis, which made me believe, that issue is resolved.<br />
<br />
In general, you should also check<br />
1. DNS entry (host name and IP is correct)<br />
2. /etc/hosts file<br />
3. while creating CSR file, did you miss the common name by any chance, In this case create a new CSR and Re-key the certificate and deploy new certificates.<br />
4. Check in Apache or Nginx, ServerName must match, certificates are issued for a fix domain.<br />
<br />
<br />
<br />
<br /></div>
</div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-42829645864029983392014-02-25T07:03:00.002-08:002014-02-25T07:04:13.911-08:00fb:share_button/fb:login_button/fb: failed to resize in 45sI saw one strange issue while using fb_share button which I would like to share and How did I fix it.<br />
<br />
When you use fb_share buttons with their stats, means you are using some javascript to get the starts and show beside of the button. When the page load it was working fine, but when you navigate to any other page by clicking on a link or button, and you do browser back to the same page again, it tries to load fb_share button again.. but it keep the <b>textarea locked for 45 seconds</b>, which was quite strange.<br />
<br />
I guess it had to be with while fb tries to get the data it also tries to make the proper UI of the button, size and all, and during that period, it locks the textarea.<br />
<br />
I started searching for the issue and got a pathetic solution on stackoverflow which says to use this css<br />
<br />
.fb-share-button span,<br />
.fb-share-button iframe {<br />
width: 120px! important;<br />
height: 25px! important;<br />
}<br />
<br />
And amazing part is, it works :)nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-60406322958396330332013-12-05T05:32:00.000-08:002013-12-05T05:32:27.684-08:00Make an anchor tag with href but do not let user navigate awayThis can be utilized a lot for SEO purposes. Anchor tag href would be crawled by search engines, but when user will be click, it will not navigate away the user from the page, and you can handle the onclick even in anyway you want to.<br />
<br />
<a href="http://www.google.com" onclick="dothis(event); return false;">Click me</a><br />
<br />
<script><br />
function dothis(e){<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>if (!e) var e = window.event;<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>alert("ok");<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>if (e.stopPropagation)<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>e.stopPropagation();<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>return false;<br />
}<br />
</script><br />
<b:includable id="main" var="thiswidget">
</b:includable>nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-20337432141897405002013-07-14T01:11:00.000-07:002014-06-08T23:36:10.126-07:00Useful linux commands<h4>
OS Details</h4>
$ lsb_release -a<br />
No LSB modules are available.<br />
Distributor ID:<span class="Apple-tab-span" style="white-space: pre;"> </span>Ubuntu<br />
Description:<span class="Apple-tab-span" style="white-space: pre;"> </span>Ubuntu 10.04.4 LTS<br />
Release:<span class="Apple-tab-span" style="white-space: pre;"> </span>10.04<br />
Codename:<span class="Apple-tab-span" style="white-space: pre;"> </span>lucid<br />
<br />
<h4>
System Information</h4>
$ uname -a<br />
Linux p3307963.pubip.serverbeach.com 2.6.32-46-generic #108-Ubuntu SMP Thu Apr 11 15:56:25 UTC 2013 x86_64 GNU/Linux<br />
<br />
<br />
<h4>
$ uname -v</h4>
x86_64 (means system is 64 bit machine, otherwise its 32 bit machine)<br />
<br />
<br />
<h4>
User specific resource limit get/set</h4>
$ulimit -a<br />
core file size (blocks, -c) 0<br />
data seg size (kbytes, -d) unlimited<br />
scheduling priority (-e) 20<br />
file size (blocks, -f) unlimited<br />
pending signals (-i) 16382<br />
max locked memory (kbytes, -l) 64<br />
max memory size (kbytes, -m) unlimited<br />
open files (-n) 1024<br />
pipe size (512 bytes, -p) 8<br />
POSIX message queues (bytes, -q) 819200<br />
real-time priority (-r) 0<br />
stack size (kbytes, -s) 8192<br />
cpu time (seconds, -t) unlimited<br />
max user processes (-u) unlimited<br />
virtual memory (kbytes, -v) unlimited<br />
file locks (-x) unlimited<br />
<br />
Above command is very very important. Many a times TCP/IP socket connection grows a lot, if you sense that kind of problem, too many connections at a time, try to change "open files" limit to higher value, 20000 is good enough. How to change the limit, you should read this article <a href="http://nishal-tech.blogspot.in/2013/07/how-to-set-ulimit-in-ubuntudebian-linux.html">How to set ulimit in ubuntu/debian linux systems</a><br />
<br />
<h4>
Which user has opened how many files in sort order</h4>
$ lsof | awk '{if(NR>1) print $3}' | sort | uniq -c | sort -nr<br />
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"> 1256 root</span><br />
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"> 655 nishal</span><br />
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"> 16 www-data</span><br />
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"> 4 syslog</span><br />
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"> 4 ntp</span><br />
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18px;"> 4 daemon</span><br />
<br />
<b>Check listening ports</b><br />
$ netstat -nlp<br />
<b><br /></b>nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-64388414630051827782013-07-14T01:07:00.000-07:002014-06-08T23:32:07.811-07:00change the open file limit in debian/ubuntu/linux system<span style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; text-align: justify;"><span style="font-size: x-small;"><span style="line-height: 19px;">For every user there is a resource limit configuration in linux. If it is not specified, it picks the default values, you can check them by command </span></span></span><br />
<span style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; text-align: justify;"><span style="font-size: x-small;"><span style="line-height: 19px;">$ <b>ulimit -a</b></span></span></span><br />
<br />
<h3>
Change Open file limit, ulimit on Debian/Ubuntu/Linux systems</h3>
------<br />
<span style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">Now to change it first of all </span><span style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">pam limits by default is not loaded in ubuntu</span><br />
<br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">$ vi /etc/pam.d/su</strong><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">Un-comment the following line</strong><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">#session required pam_limits.so</strong><br />
<span style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">to</span><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">session required pam_limits.so</strong><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;"><br /></strong>
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">Now</strong><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">$ vi </strong><strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">/etc/security/limits.conf</strong><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;"><br /></strong>
<span style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">and add the following lines to the end of the file (before the line # End of file)</span><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">* soft nofile 16000 </strong><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">* hard nofile </strong><span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18.479999542236328px;"><b>64000</b></span><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;"><br /></strong>
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">Save the file and quit vi.</strong><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;"><br /></strong>
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;">Now To bring this in affect, you must restart the machine.</strong><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;"><br /></strong>
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18.479999542236328px;">Below two lines will change the limit only for mysql user</span><br />
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18.479999542236328px;">mysql soft nofile 10240</span><br />
<span style="background-color: white; color: #222222; font-family: Arial, Tahoma, Helvetica, FreeSans, sans-serif; font-size: 13px; line-height: 18.479999542236328px;">mysql hard nofile 10240</span><br />
<strong style="background-color: white; color: #222222; font-family: 'Helvetica Neue', Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19px; text-align: justify;"><br /></strong>
Usually we need to change the "open file" limit from 1024(which is default) to higher value. But before that you should check which user is opening how many files.<br />
$ lsof | awk '{if(NR>1) print $3}' | sort | uniq -c | sort -nr<br />
1256 root<br />
655 nishal<br />
16 www-data<br />
4 syslog<br />
4 ntp<br />
4 memcache<br />
4 daemon<br />
<br />
The above result clearly says that root user has opened 1256 files, in such cases default limit of 1024 will start creating IO wait issue, connection timeout issue. To fix them, above article is beautiful.<br />
<br />
------------<br />
<br />
<h3>
How to change Open file limit, ulimit on CentOS/Fedora/Red Hat</h3>
<br />
Command to check<br />
ulimit -n<br />
ulimit -a<br />
<br />
<br />
1. vi sysctl.conf and add this line fs.file-max = 65536<br />
<br />
2. vi /etc/security/limits.conf<br />
* soft nproc 16384<br />
* hard nproc 65535<br />
* soft nofile 16384<br />
* hard nofile 65535<br />
<br />
3. Restart the server<br />
<br />
4. ulmiit -n<br />
16384<br />
<br />
<br />nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-61044666520609938732013-07-14T00:39:00.000-07:002013-07-14T00:39:03.473-07:00Mantis is not sending Email, How to fix?I installed mantis for bug tracking system and it was done quite quick, may be in an hour. But the miserable part is, it was not sending email notification for any update, and it took more than couple of hour and still not fix... wtf is that.<br />
<br />
OK, Chill !!!! <b>I got the solution</b><br />
<b><br /></b>
<b></b><br />
Configuring the email settings is challenging task for most of the users start working with Mantis. The confusion is partially caused because PHP (so therefore Mantis) does not give you a very precise description about why it can not deliver emails. But you should try to see the log file /var/log/apache2/error.log and see if you can get some valuable information to proceed further.<br />
<br />
<br />
In Most of the cases the configuration is very easy, and the good part is Mantis does maintain the mail related configuration variable as global ones.<br />
So just need to change them and it should start working.<br />
<br />
<br />
1. open your config_inc.php (located in: /var/www/mantis/config_inc.php)<br />
2. copy the following code to the file:<br />
<br />
$g_allow_signup = ON; //allows the users to sign up for a new account<br />
$g_enable_email_notification = ON; //enables the email messages<br />
<b>$g_phpMailer_method = PHPMAILER_METHOD_SMTP; // this is most important</b><br />
$g_smtp_host = 'smtp.gmail.com';<br />
$g_smtp_connection_mode = 'tls';<br />
$g_smtp_port = 587;<br />
$g_smtp_username = 'youraccount@gmail.com'; //replace it with your gmail address<br />
$g_smtp_password = '*********'; //replace it with your gmail password<br />
$g_administrator_email = 'admin@example.com'; //this will be your administrator email address<br />
<br />
3. go to your Mantis homepage (http://www.example.com/mantis)<br />
4. click sign up for a new account<br />
5. create a dummy account with your gmail address<br />
6. press Signup<br />
7. check your mail<br />
<div>
<br /></div>
<div>
--------------</div>
<div>
Suppose you want to use other modes of smtp_connection, you can read about them at here <a href="http://www.mantisbt.org/docs/master-1.2.x/en/administration_guide/admin.config.email.html">http://www.mantisbt.org/docs/master-1.2.x/en/administration_guide/admin.config.email.html</a></div>
<div>
<br /></div>
<div>
If you want to use your own SMTP server without TLS or SSL conneciton, it would be something like.</div>
<div>
$g_smtp_host = 'smtp.example.com';<br />
$g_smtp_connection_mode = '';<br />
$g_smtp_port = 25;<br />
$g_smtp_username = 'youraccount@example'; //replace it with the email which can access your mail server<br />
$g_smtp_password = '*********'; //replace it with your email account password</div>
<div>
<br /></div>
<div>
--------------</div>
<div>
<div>
/**</div>
<div>
* select the method to mail by:</div>
<div>
* PHPMAILER_METHOD_MAIL - mail()</div>
<div>
* PHPMAILER_METHOD_SENDMAIL - sendmail</div>
<div>
* PHPMAILER_METHOD_SMTP - SMTP</div>
<div>
* @global int $g_phpMailer_method</div>
<div>
*/</div>
<div>
$g_phpMailer_method = PHPMAILER_METHOD_MAIL;</div>
</div>
<div>
<br /></div>
<div>
Above code is present in "/mantis_home/config_defaults_inc.php" file.</div>
<div>
As you see above mantis provide various ways of sending email, default is mail() command of linux, better is is make it "<b>PHPMAILER_METHOD_SMTP</b>", so that you can send email using any email server.</div>
<div>
<br /></div>
<div>
In the same file you can change from email also which will be shown in email. For that you need change the constant </div>
<div>
$g_from_email = "mantis@example.com"</div>
<div>
$g_from_name = "Mantis Nishal Bug Tracker"</div>
<div>
<br /></div>
<div>
Note : For any further help, use this link <a href="http://www.mantisbt.org/forums/viewtopic.php?t=15398&f=3">http://www.mantisbt.org/forums/viewtopic.php?t=15398&f=3</a></div>
<div>
<br /></div>
<div>
#mantis not sending email notifications</div>
<div>
<div>
#mantis email system not working</div>
<div>
#mantis is not sending email</div>
</div>
<div>
#mantis "sh: /usr/sbin/sendmail: not found"</div>
<div>
<br /></div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-31203521397254754722013-07-02T23:15:00.002-07:002013-07-14T01:12:41.425-07:00Using compression, gizp, mod_deflate, amazon cloudfront issue with gzipIf you are not using compression, you are missing something great feature. Please enable it, you'll find a big difference in page load time.<br />
<br />
<h3>
How does gzip work over the HTTP ?</h3>
<br />
When browsers make a request to a server, they send a Accept-Encoding header.<br />
For most of the browser they will send Accept-Encoding: gzip, deflate. The server then knows that this browser accepts data compressed using gzip or deflate. Now, the server sees Accept-Encoding: gzip, deflate, sends the response compressed as gzip and marks it with the response header Content-Encoding: gzip.<br />
<br />
The server can also optionally send another header Vary: Accept-Encoding. This tells proxies to vary the object in the proxy cache based on the Accept-Encoding header. The result is that the proxy will have a compressed and uncompressed version of the file in cache (and maybe even three: uncompressed, gzip compressed, deflate compressed). Failing to provide the Vary header may result in the wrong encoding going to an incompatible browser. The Vary header was introduced in HTTP/1.1<br />
<br />
<br />
<h3>
How to use gzip/deflate?</h3>
<br />
<h4>
With Apache, it comes with a module mod_deflate. </h4>
In any standard installation of Apache it comes with mod deflate. If it is not enabled, you can enable using.<br />
$ a2nmod defalte<br />
And reload conf or restart apache. After enabling, check the configuration<br />
/etc/apache2/mods-enabled/deflate.conf<br />
<br />
<IfModule mod_deflate.c><br />
# these are known to be safe with MSIE 6<br />
AddOutputFilterByType DEFLATE text/html text/plain text/xml<br />
<br />
# everything else may cause problems with MSIE 6<br />
AddOutputFilterByType DEFLATE text/css<br />
AddOutputFilterByType DEFLATE application/x-javascript application/javascript application/ecmascript<br />
AddOutputFilterByType DEFLATE application/rss+xml<br />
</IfModule><br />
<br />
<h4>
Nginx comes by default with gzip module</h4>
edit the fle /etc/nginx/nginx.conf<br />
<br />
gzip on;<br />
gzip_disable "msie6";<br />
gzip_vary on;<br />
gzip_proxied any;<br />
gzip_comp_level 6;<br />
gzip_buffers 16 8k;<br />
gzip_http_version 1.1;<br />
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;<br />
<br />
<h3>
Issues with Amazon aws cloudfront and nginx and compression</h3>
If you are using cloudfront as a CDN to deliver the static content, then using nginx, you'll suddenly see that cloudfront is serving unzipped static contents.<br />
<br />
The reason is cloudfront uses HTTP 1.0 to make request to origin server, but in nginx there is directive "gzip_http_version" which is set to 1.1, just check the above configuration. So what you need to do it make it 1.0<br />
<br />
gzip_http_version 1.0;<br />
<br />
That will enable the compression for cloudfront requests as well.<br />
<div>
<br /></div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-75904561381136403392013-07-01T03:38:00.000-07:002013-07-01T03:38:21.319-07:00Install latest version of Nginx$ sudo -s<br />
$ echo "deb http://ppa.launchpad.net/nginx/$nginx/ubuntu lucid main" > /etc/apt/sources.list.d/nginx-$nginx-lucid.list<br />
$ apt-key adv --keyserver keyserver.ubuntu.com --recv-keys C300EE8C<br />
$ apt-get update<br />
<br />
At this step you might get an error in upgrading<br />
"W: GPG error: http://nginx.org lucid Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY ABF5BD827BD9BF62"<br />
<br />
So try this<br />
$ wget http://nginx.org/packages/keys/nginx_signing.key<br />
$ cat nginx_signing.key | sudo apt-key add -<br />
OK<br />
$ apt-get update<br />
<br />
Now Install<br />
$apt-get install nginx<br />
<br />
$/usr/sbin/nginx -V<br />
<div>
<br /></div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-10903192784685829632013-06-27T23:26:00.003-07:002013-06-27T23:29:24.281-07:00Redirect in nginx<h3>
From www.example.com to example.com</h3>
<br />
server {<br />
server_name www.example.com<br />
return 301 $scheme://example.com$request_uri;<br />
}<br />
<br />
<h3>
From example.com to www.example.com</h3>
<br />
server {<br />
server_name example.com<br />
return 301 $scheme://www.example.com$request_uri;<br />
}<br />
<br />
-------<br />
Some people try it in this way also, but it's a bad way of doing redirect as per nginx documentation. <a href="http://wiki.nginx.org/Pitfalls">http://wiki.nginx.org/Pitfalls</a><br />
<br />
server {<br />
server_name www.domain.com;<br />
rewrite ^/(.*)$ http://domain.com/$1 permanent;<br />
}<br />
<br />
server {<br />
server_name domain.com;<br />
rewrite ^/(.*)$ http://www.domain.com/$1 permanent;<br />
}<br />
<br />nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-71525226784661815392013-06-27T05:32:00.000-07:002013-06-27T05:32:01.366-07:00Securing your website while using nginx, Deploying SSL certificates in nginxNginx is very very simple for deploying certificated and start serving HTTPS requests. Just create the copy of server block that you have written for serving HTTP requests and create another server block with the following changes.<br />
<br />
server {<br />
server_name www.example.com;<br />
listen 443;<br />
ssl on;<br />
ssl_certificate /etc/ssl/certs/www.example.com.crt;<br />
ssl_certificate_key /etc/ssl/private/server.key;<br />
<br />
ssl_session_cache shared:SSL:10m;<br />
ssl_session_timeout 10m;<br />
<br />
location ~* \.(jpg|jpeg|gif|css|png|js|ico|html|txt|pdf)$ {<br />
root /var/www;<br />
access_log off;<br />
expires 365d;<br />
}<br />
<br />
location / {<br />
proxy_pass http://localhost:8181/;<br />
<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
add_header Front-End-Https on;<br />
}<br />
}<br />
<br />
<h3>
Issues and troubleshoots</h3>
<br />
1. While installing certificates, in the configuring you do not need to keep the intermediate certificate as you would have seen in Apache. Browsers usually store intermediate certificates which they receive and which are signed by trusted authorities, so actively used browsers may already have the required intermediate certificates and may not complain about a certificate sent without a chained bundle.<br />
To check that try this URL : http://www.sslshopper.com/ssl-checker.html<br />
<br />
To solve this possible issue : copy the intermediate certificate content in the main certificate content but after the main content.<br />
<br />
$ cat bundle.crt >> www.example.com.crt<br />
<br />
2. Here is a known error which you might face<br />
"SSL_CTX_use_PrivateKey_file(" ... /www.example.com.key") failed (SSL: error:0B080074:x509 certificate routines: X509_check_private_key:key values mismatch)"<br />
<br />
This error means "nginx has tried to use the private key to use the certificate" and you might have copied the intermediate certificate first and then main certificate content, because in that case private key will not match. So change the content on www.example.com.crt to have main content first and<br />
then intermediate certificate contents.<br />
<br />
$ cat main_certificate bundle.crt > www.example.com.crt<br />
<br />
If that is the not the case, possibly you should check the certificate issuing authorities, because somehow private key is not matching. Or try to figure out by reading the log file "/var/log/nginx/error.log".<br />
<br />
3. One of the most important thing is to add these lines in configuration<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><b>proxy_set_header X-Forwarded-Proto $scheme;</b><br />
<b> add_header Front-End-Https on;</b><br />
<br />
Because when you do the proxy_pass you do it on http protocol, so even if user is making https request, your back-end server won't be aware of that. So pass that information in a X header, "X-Forwarded-Proto" is de-facto to pass the protocol information over proxies.<br />
<br />
Correspondingly in tomcat, if you are using JAVA based application, request.isSecure() will not work any more. So write a central API to get the<br />
protocol information, something like this.<br />
<br />
public static boolean isSecure(HttpServletRequest request){<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>String protocol=request.getHeader("X-Forwarded-Proto");<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>if("https".equals(protocol)){<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>return true;<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}else{<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>return request.isSecure();<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
}nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-83870159862455533632013-06-22T00:44:00.003-07:002013-06-22T00:50:07.087-07:00nginx proxy_pass configuration, complexity, settings, issues, solutionsIdeally when you set these parameters for proxy_pass, its good enough.<br />
<br />
location / {<br />
proxy_pass http://localhost:8080;<br />
proxy_set_header Host $host;<br />
<span style="white-space: pre;"> </span>proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
<br />
proxy_connect_timeout 30;<br />
proxy_send_timeout 30;<br />
proxy_read_timeout 600;<br />
<br />
proxy_buffer_size 4k;<br />
proxy_buffers 4 16k;<br />
proxy_busy_buffers_size 64k;<br />
proxy_temp_file_write_size 64k;<br />
}<br />
<br />
<h3>
How to pass the remote address to back-end server while using nginx</h3>
<br />
In case of proxy_pass, there is a complexity, when back-end server will try to access the requested IP address it will return either 127.0.0.1 or may be the local subnet IP where nginx is deployed, because nginx is proxy server and it overrides the information of requested IP address. So <b>the solution is to set an extra parameters in request header at the time of making proxy</b>.<br />
statement "proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;" meant for that only.<br />
<h3>
<br /></h3>
<h3>
How to get the remote address in your back-end server while using "X-Forwarded-For"</h3>
<br />
Story is not yet over, Not now you have to do something at your back-end server to extract the requested IP from request header.<br />
<br />
In case of back-end is Apache it is little simple, you just need to install a module<br />
$ sudo apt-get install libapache2-mod-rpaf<br />
And configure the file /etc/apache2/mods-available/rpaf.conf <br />
<ifmodule mod_rpaf.c=""></ifmodule><br />
<IfModule mod_rpaf.c><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>RPAFenable On<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>RPAFsethostname On<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>RPAFproxy_ips 127.0.0.1<br />
</IfModule><br />
<div>
<br /></div>
<div>
But in case of back-end as Tomcat, it is little complex, </div>
<div>
you will never get it via request.getRemoteAddr(); So write a global API to access the remote address, like this,</div>
<div>
<br /></div>
<div>
<div>
public static String getRemoteAddress(HttpServletRequest request){</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>String ip = request.getHeader("X-Forwarded-For");</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>if(ip==null || "".equals(ip)){</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>ip=request.getRemoteAddr();</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>}</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>return ip;</div>
<div>
}</div>
</div>
<div>
<br /></div>
<div>
So if it is found in "X-Forwarded-For" as a request headers, it will return or else it will get from request.getRemoteAddr(). This kind of programming is good because tomorrow if you plan to use Apache proxying using AJP protocol, then you don't need to make any back-end change, in case of AJP, it will get you remote address directly from request object, and in case of other proxying, it will get you from "X-Forwarded-For" header.</div>
<div>
<br /></div>
<h3>
Some other configurations points</h3>
<div>
<div>
1. proxy_connect_timeout directive assigns a timeout for the connection to the upstream server(or back-end server). It's default value is 60s.</div>
<div>
<br /></div>
<div>
This is not the time until the server returns the pages, that is the proxy_read_timeout statement. If your upstream server is up, but hanging (e.g. it does not have enough threads to process your request so it puts you in the pool of connections to deal with later), then this statement will not help as the connection to the server has been made. </div>
<div>
<br /></div>
<div>
So in case you ever get proxy_connect_timeout at nginx, check your back-end connection limit.</div>
<div>
<br /></div>
<div>
2. <b>proxy_read_timeout</b> - this is very very important, default value is 60s.</div>
<div>
This directive sets the read timeout for the response of the proxied server. It determines how long nginx will wait to get the response to a request. The timeout is established not for entire response, but only between two operations of reading.</div>
<div>
<br /></div>
<div>
In contrast to proxy_connect_timeout, this timeout will catch a server that puts you in it's connection pool but does not respond to you with anything beyond that, then proxy_read_timeout will come in picture. Be careful though not to set this too low, as your proxy server might take a longer time to respond to requests on purpose (e.g. when serving you a report page that takes some time to compute). </div>
<div>
<br /></div>
<div>
You can also set different proxy_read_timeout which could be higer value like 10minutes for certain location.</div>
<div>
<br /></div>
<div>
location /admin/reports/ {</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>// other proxy_pass settings</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>proxy_read_timeout 600;</div>
<div>
}</div>
<div>
<br /></div>
<div>
location / {</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>// other proxy_pass settings</div>
<div>
<span class="Apple-tab-span" style="white-space: pre;"> </span>proxy_read_timeout 30;</div>
<div>
}</div>
<div>
<br /></div>
<div>
3. proxy_send_timeout - default value is 60s</div>
<div>
This directive assigns timeout with the transfer of request to the upstream server. Timeout is established not on entire transfer of request, but only between two write operations. If after this time the upstream server will not take new data, then nginx is shutdown the connection.</div>
</div>
<div>
<br /></div>
<br />nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-54404903355562598182013-06-22T00:17:00.001-07:002013-06-27T23:21:20.652-07:00Nginx setup for segregating static and dynamic content from nginx and back-end server using proxy_passThis configuration will set the static contents to be served from nginx and dynamic contents from back-end server, may be Apache (in case of PHP based application), Tomcat (in case of Java based application).<br />
<br />
For this purpose we essentially use proxy_pass module of nginx. Its very very simple with nginx, create two different location context and serve them differently. Once using the root mean providing the directory where to find the file, and other use proxy_pass<br />
<br />
server {<br />
server_name www.example.com;<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>root /var/www;<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>access_log off;<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>expires 365d;<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>}<br />
<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span>location / {<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> proxy_pass http://localhost:8181;<br />
<span class="Apple-tab-span" style="white-space: pre;"> </span> proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<span class="Apple-tab-span" style="white-space: pre;"> </span><br />
<span style="white-space: pre;"> </span>}<br />
}<br />
<br />
<h3>
Now here come some basic knowledge of nginx</h3>
1. In nginx you can set as many locations as possible, what ever is best match will be picked and executed.<br />
2. If you want to create something like "www.example.com/static/" and entire URL after /static/ should be served from nginx only, you can do that.<br />
location /static/ {<br />
root /var/www/static/;<br />
access_log off;<br />
expires 30d;<br />
}<br />
<br />
3. "access_log off" means, it will not create any log record for such request which match that location.<br />
<br />
4. "expires 30d" means, it will set expiry header to 30 days for all such requests which will match that location. Like in apache we use mod_expires for setting expiration time of the static contents, so that browser can cache that contents for a long time. In nginx its just a one line, :)<br />
<br />
5. proxy_pass will let you forward the request to any back-end server.<br />
"proxy_pass http://localhost:8080;" will forward your request for dynamic contents possibly to back-end tomcat server.<br />
<br />
#How to set expiration time for static contents while using nginx<br />
<br />
<br />nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-33305886510880968792013-06-07T09:14:00.003-07:002013-06-07T09:14:46.239-07:00nginx - (13: Permission denied) while reading upstream2013/06/07 21:13:38 [crit] 17799#0: *717313 open() "/var/lib/nginx/proxy/2/19/0000000192" failed (13: Permission denied) while reading upstream, client: 122.167.17.4, server: www.example.com, request: "GET /web/jsp/example.jsp HTTP/1.1", upstream: "http://127.0.0.1:8181//web/jsp/example.jsp", host: "www.example.com"<br />
<br />
Typically this is a problem of saving the buffered data from the proxy server and sending it back. <b>When the upstream server response returns large number of bytes</b> then nginx keeps the part of data at the disk and start sending the first received bytes to browser. So for that it uses a certain directory to maintain the data at the configured directory, which is "/var/lib/nginx/proxy" in my case. So you just need to give access to that directory to worker user of nginx.<br />
<br />
1. open the /etc/nginx/nginx.conf to find worker user of nginx<br />
2. Or ps -ef | grep nginx and check which user is running worker process<br />
$ ps aux | grep “nginx: worker process” | awk ‘{print $1}’<br />
www-data<br />
3. In my case it is www-data<br />
4. Give access to that directory<br />
$ chown -R www-data.www-data /var/lib/nginx<br />
5. Done<br />
<br />
<br />
Nginx access related articles <a href="http://nishal-tech.blogspot.in/2013/05/why-nginx-usually-throws-403-forbidden.html">Why nginx usually throws 403, Forbidden?</a><br />
<br />
# Nginx is returning on part data in response<br />
# Nginx response is chunked abnormallynishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-90775466961639025782013-05-31T05:07:00.001-07:002013-05-31T05:07:51.030-07:00Configure an alternate JAVAGet the new JDK and put it in /usr/liv/jvm and run this commands<br />
<br />
$ update-alternatives --install "/usr/bin/java" "java" "/usr/lib/jvm/jdk-7u21/bin/java" 1<br />
$ update-alternatives --install "/usr/bin/javac" "javac" "/usr/lib/jvm/jdk-7u21/bin/javac" 1<br />
$ update-alternatives --install "/usr/bin/javaws" "javaws" "/usr/lib/jvm/jdk-7u21/bin/javaws" 1<br />
<br />
$ chmod a+x /usr/bin/java<br />
$ chmod a+x /usr/bin/javac<br />
$ chmod a+x /usr/bin/javaws<br />
$ chown -R root:root /usr/lib/jvm/jdk-7u21<br />
<br />
Make sure you read the below command output clear and choose which Java you want.<br />
$ update-alternatives --config java<br />
There are 2 alternatives which provide `java'.<br />
<br />
Selection Alternative<br />
-----------------------------------------------<br />
+ 1 /usr/lib/jvm/java-6-openjdk/jre/bin/java<br />
* 2 /usr/lib/jvm/jdk-7u21/bin/java<br />
<br />
Press enter to keep the default[*], or type selection number: (<b>If you want java 6, write 1 and if you java 7 write 2</b>)<br />
<div>
<br /></div>
<div>
* This commands are being good in debian/ubuntu system. I am not sure about Red Hats/CentOs</div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-66290174579802738982013-05-31T05:01:00.000-07:002013-05-31T05:01:18.934-07:00Load Balancing using Apache mod_jkAfter installing apache, install mod_jk module.<br />
<br />
1. $ apt-get install libapache2-mod-jk<br />
<br />
2. create a file jk.conf(if not present) in mods-available directory and write these lines<br />
JkWorkersFile /etc/apache2/workers.properties<br />
JkLogFile /var/log/apache2/mod_jk.log<br />
JkShmFile /var/log/apache2/mod_jk.shm<br />
JkLogLevel error<br />
<br />
After creating file, may be you need to do symbol linking to mods-enabled directory. Or just disabling and enabling the mod_jk will do.<br />
<br />
$ a2dismod jk<br />
$ a2enmod jk<br />
<br />
3. <b>create a file /etc/apache2/workers.properties</b><br />
and write lines for load balancing, creating a load balancer and workers and assembling the workers in load balancer. In below configuration server1 will take 60% load and server2 will take 40%.<br />
#<br />
worker.list=loadbalancer<br />
<br />
worker.server1.port=8009 (-- The product server port where you want to forward the request)<br />
worker.server1.host=server1 IP Address (-- The proxy server IP where you want to forward the request)<br />
worker.server1.type=ajp13 (-- Protocol setting, in case of mod_jk module, it will be always ajp13)<br />
worker.server1.lbfactor=60 (-- This parameter to set, how much load this server1 will be given)<br />
<br />
worker.server2.port=8009<br />
worker.server2.host=server2 IP Address<br />
worker.server2.type=ajp13<br />
worker.server2.lbfactor=40<br />
<br />
worker.loadbalancer.type=lb<br />
worker.loadbalancer.sticky_session=true<br />
worker.loadbalancer.balance_workers=server1,server2<br />
<br />
<b>4. In virtual host configuration of Apache</b><br />
In below example, all the request starting with /web/static/css(js)(images), will be JkUnMounted so , they will be served from apache document root directory(which is /var/www ), and rest all requests will be JkMounted, so they will be forwarded to load balancer and load balancer will forward the reuqest either to server1 or server2. This is done using AJP protocol, so make sure that you have configured AJP protocol in your application server like tomcat. TO configure the tomcat, you can check this url <a href="http://nishal-tech.blogspot.in/2010/10/configuring-apachetomcat-for-serving.html">Configuration Apache and Tomcat to user Mod_jk connector for proxy passing</a><br />
<br />
<virtualhost></virtualhost><br />
ServerAlias www.example.com<br />
DocumentRoot /var/www<br />
ServerName example.com<br />
<br />
DocumentRoot /var/www/<br />
<br />
JkMount /* loadbalancer<br />
JkUnMount /web/static/css/* loadbalancer<br />
JkUnMount /web/static/js/* loadbalancer<br />
JkUnMount /web/static/images/* loadbalancer<br />
<br />
ErrorLog /var/log/apache/example-com-error_log<br />
CustomLog /var/log/apache/example-com-access_log combined<br />
<br />
<br />
<div>
<br /></div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-61962970819451766272013-05-31T04:38:00.000-07:002013-05-31T04:38:23.376-07:00Apache performance tuning and security tuning<h3>
MaxKeepAliveRequests</h3>
It's actually the maximum number of requests to serve on a TCP connection. If you set it up to 100, clients with keepalive support will be forced to reconnect after downloading 100 items. Default in Apache is 100, you can increase it if you have enough memory on the system.<b> If you are serving a page which contain high number of images then keeping is high is better because then it utilize the alive connections to serve the image requests.</b><br />
<br />
<h3>
KeepAliveTimeout</h3>
KeepAliveTimeout determines how long to wait for the next request. Set this to a low value, perhaps between two to five seconds. If it is set too high, child processed are tied up waiting for the client when they could be used for serving new clients.<br />
<br />
<h3>
MaxRequestsPerChild</h3>
The MaxRequestsPerChild directive sets the limit on the number of requests that an individual child server process will handle. After MaxRequestsPerChild requests, the child process will die. It's set to 0 by default, the child process will never expire. It is appropriate to set this to a value of few thousands. This can help prevent memory leakage, since the process dies after serving a certain number of requests. Don't set this too low, since creating new processes does have overhead.<br />
<br />
<h3>
Proper user of MPM (Multi-Processing Module)</h3>
This I have already explain at this URL<a href="http://nishal-tech.blogspot.in/2010/10/configuring-apachetomcat-for-serving.html">Configuring Apache/Tomcat for serving Maximum number of requests</a><br />
<br />
<h3>
Security tweaks</h3>
<b>1. ServerTokens</b><br />
This directive configures what you return as the Server HTTP response<br />
Header. The default is 'Full' which sends information about the OS-Type and compiled in modules.<br />
# Set to one of: Full | OS | Minimal | Minor | Major | Prod<br />
where Full conveys the most information, and Prod the least, you can also set it to "ProductOnly" which is best<br />
<br />
ServerTokens ProductOnly<br />
<br />
<b>2. ServerSignature</b><br />
Optionally add a line containing the server version and virtual host<br />
# Set to one of: On | Off | EMail<br />
You can Set to "EMail" to also include a mailto: link to the ServerAdmin, better to set it to Off<br />
<br />
ServerSignature Off<br />
<br />
<b>3. TraceEnable </b><br />
This Allow TRACE method to enable/disabled<br />
# Set to one of: On | Off | extended<br />
Set to "extended" to also reflect the request body, best it to make it Off<br />
<br />
TraceEnable Offnishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-78273713958489661172013-05-27T07:40:00.000-07:002013-05-31T04:29:44.152-07:00Why nginx usually throws 403, Forbidden?<br />
A. This problem is mostly because user (who is running the nginx) doesn't have the access of that resource.<br />
<br />
Opne file /etc/nginx/nginx.conf<br />
------------------<br />
user www-data;<br />
worker_processes 4;<br />
pid /var/run/nginx.pid;<br />
<br />
events {<br />
worker_connections 768;<br />
# multi_accept on;<br />
}<br />
server {<br />
listen 80;<br />
server_name www.healthcaremagic.com;<br />
access_log /var/log/nginx/localhost.access.log;<br />
index index.html;<br />
root /var/www/<br />
}<br />
<br />
--------------------<br />
Try these:<br />
1. Open nginx.conf, <b>locate user directive (change as per who has the access, may be www-date is good)</b><br />
2. Nginx master process would be running using the user who start the nginx service may be the root, but nginx will use another user to create threads to serve the contents, which is configured in nginx.conf file. <b>Note that this user only need to have read access of the directory which are set using root directive.</b><br />
2. Go to directory which you set as root in location context (which is /var/www in above example) and check the access, ls -al should show<br />
3. You can change the ownership of files and direcotry using command "chown -R usergroup.username directoryName"<br />
<div>
<br /></div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-88608284433630984922013-05-17T01:16:00.003-07:002013-05-17T01:16:59.362-07:00Create user in mysql<br />
<b>Create an admin user who can access anything from anywhere</b><br />
<br />
mysql> grant all privileges on *.* to 'admin'@'%' identified by 'password';<br />
<br />
<b>Create an user who can access any database from a network colcation</b><br />
<b><br /></b>
mysql> grant all privileges on *.* to 'admin'@'192.168.%' identified by 'password';<br />
<br />
*If somehow this doesn't work, execute this<br />
update mysql.user set Host='192.168.%' where User='admin';<br />
<br />
<b>Create an user who can only access from localhost</b><br />
mysql> grant all privileges on *.* to 'admin'@'localhost' identified by 'password';<br />
<br />
<b>Create an user who can access only one fix database</b><br />
mysql> grant all privileges on dbname.* to 'admin'@'localhost' identified by 'password';<br />
<br />
<h3>
<b>Here is the description of every word in the above command</b></h3>
<b>grant all privileges</b> - its granting permission(so it creates user also)<br />
<b>on dbname.*</b> - its dbname and table name access restriction (*.* means all db, dbname.* means only one datase)<br />
<b>to 'admin'@'localhost'</b> - its first quoted string is username, and 2nd quoted string is host access, who can connect to the mysql db, in the current only, only localhost host users would be allowed to connect<br />
<b>identified by 'password';</b> - its the password which is required to connect the mysql db server<br />
<br />
<b>Note : </b><br />
Here do not get confused with "bind-address" configuration in mysql configuraiton file, which actually provides binding access, click here to read more about<b><a href="http://nishal-tech.blogspot.in/2013/02/creating-user-in-mysql-access-settings.html"> "bind-address" and access point</a></b><br />
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.com0tag:blogger.com,1999:blog-7769057678492740719.post-14734181676607825322013-05-08T04:05:00.000-07:002014-04-25T04:36:24.302-07:00Secure your website with SSL - guidelines and experience<br />
1.<br />
First generate the key file<br />
<b>$ openssl genrsa -des3 -out server.key 2048</b><br />
It will ask for a pass phrase, which will be further used to start the web server, so save it properly<br />
<br />
2.<br />
Now generate the CSR (Certificate Signing Request) file<br />
<b>$ openssl req -new -key server.key -out server.csr</b><br />
<br />
This ask informations like, Location, Company Name, Common Name. Its better to ignore the "challenge password". Be careful with entering common name, which has to be your domain name.<br />
<br />
If you serve your users with www.example.com, common name should be "www.example.com". Once certificate is issued for www.example.com, it won't be valid for example.com. If you want to secure with and without www, there is a certain preference you'll have to choose at the time of buying the certificate. If you want to secure all subdomains, there will be different prerefernece as well. Depending of number of sub domains you are looking for to make secure, cost will also vary. As of today verisign charges $ 400 USD for one domain, $ 600 for with and without www, and around $ 1500 USD for securing infinite sub domains.<br />
<br />
3. Now use this CSR and avail the certificates which is crt file from any CA (certificate authority) company like verisign(costliest), go daddy cheapest (may be $ 10 USD)<br />
<br />
4. Once you buy the SSL certificate, the product management will guide you on how to get the certificates. Its very simple.<br />
<br />
5. In case of verisign, they will take average of 2 to 4 days for the entire process execution, as they will validate "CSR Verification", "Proof of Organization" and "Proof of Domain Registration".<br />
They would ask company registration certificates also as a part of process. But if you buy from go daddy, no verification process, only based on CSR file they will issue you the certificates within a minute.<br />
<br />
6. At the time of downloading the certificates makes sure that you also download the intermediate certificate. Intermediate certificates are connecting the certificate chains. In few browsers(without having intermediate certificate), some users might face unwanted error message.<br />
<br />
7. Deploying the certificates, copy these 3 files at the following places and restart Apache<br />
<br />
$ cp server.key /etc/ssl/private/<br />
$ cp example.com.crt /etc/ssl/certs/<br />
$ cp intermediate.crt /etc/ssl/certs/<br />
<br />
<br />
8. Now change in apache<br />
Enable the ssl module, if you are on debian(Ubuntu, RedHat) systems then you can use command <b>a2enmod ssl.</b><br />
Go to virtual host configuration and write these lines<br />
<br />
SSLEngine on<br />
SSLProtocol -all +TLSv1 +SSLv3<br />
<br />
SSLCertificateKeyFile /etc/ssl/private/server.key<br />
SSLCertificateFile /etc/ssl/certs/example.com.crt<br />
SSLCertificateChainFile /etc/ssl/certs/intermediate.crt<br />
<br />
$ /etc/init.d/apache2 restart (It will ask for the pass phrase that you created at step 1)<br />
- and its Done :)<br />
8. To validate everything done properly or not there are several websites to check one is, http://www.sslshopper.com/ssl-checker.html<br />
<br />
<br />nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-44483424568700480022013-03-04T23:42:00.000-08:002013-03-04T23:44:53.910-08:00How to setup replication (Master Slave) in MySQLI'll start the article by assuming that there are two MySQL server ready and we just need to do the configuration setup to start the replication.<br />
<br />
<h3>
Go to Master Server</h3>
<div>
1. Make all the tables engine = innodb </div>
<div>
As only innodb engines have binary logging feature which is essentially used for replication. Binary logging must be enabled on the master because the binary log is the basis for sending data changes from the master to its slaves. If binary logging is not enabled, replication will not be possible. MyIsam does not support binary logging.</div>
<div>
<br /></div>
<div>
Use following command to convert all the tables to InnoDB</div>
<div>
<br /></div>
<div>
<div>
mysql > SELECT CONCAT('ALTER TABLE ', table_name, ' ENGINE=InnoDB;') as ExecuteTheseSQLCommands</div>
<div>
FROM information_schema.tables WHERE table_schema = 'db_name' </div>
<div>
ORDER BY table_name DESC;</div>
</div>
<div>
<br /></div>
<div>
<div>
2. Start binary logging on Master and Assign server Id (Server ID assigning is necessary, If you omit server-id (or set it explicitly to its default value of 0), a master refuses connections from all slaves).</div>
<div>
edit the file /etc/mysql/my.cnf</div>
<div>
[mysqld]</div>
<div>
log-bin=mysql-bin</div>
<div>
server-id=101</div>
</div>
<div>
<br /></div>
<div>
*For the greatest possible durability and consistency in a replication setup using InnoDB with transactions, you should use innodb_flush_log_at_trx_commit=1 and sync_binlog=1 in the master my.cnf file.</div>
<div>
<br /></div>
<div>
3. Create a slave user on Master DB</div>
<div>
mysql> grant REPLICATION SLAVE on *.* to 'slave'@'IP_ADDRSS_OF_SLAVE' identified by 'slavePassword';</div>
<div>
mysql> flush privileges;</div>
<div>
<br /></div>
<div>
<div>
4. Restart Master DB</div>
<div>
and check </div>
<div>
mysql> show master status;</div>
</div>
<div>
<br /></div>
<div>
You can also check if mysql-bin log files are getting created on not, where you have given path of data to be stored, may be at /var/lib/mysql</div>
<div>
<br /></div>
<div>
5. Take a dump of database</div>
<div>
mysqldump -uroot -proot --single-transaction --master-data --databases db1,db2 > all_db.sql</div>
<div>
And transfer the file on slave Machine</div>
<div>
<br /></div>
<h3>
Go to slave Machine</h3>
<div>
<div>
6. Assign Server Id on slave DB</div>
<div>
[mysqld]</div>
<div>
server-id=102</div>
</div>
<div>
<br /></div>
<div>
7. Restart Slave DB</div>
<div>
<br /></div>
<div>
8. Import the dump file in database</div>
<div>
mysql -uroot -proot < all_db.sql</div>
<div>
<br /></div>
<div>
9. Make this slave listen to Master</div>
<div>
mysql> CHANGE MASTER TO MASTER_HOST='MASTE_HOST_IP_ADDRESS',MASTER_USER='slave',MASTER_PASSWORD='slavePassword';</div>
<div>
mysql> flush privileges;</div>
<div>
<br /></div>
<div>
10. slave start</div>
<div>
mysql > slave start;</div>
<div>
mysql > show slave status;</div>
<div>
<br /></div>
<h3>
DONE :)</h3>
<div>
Some troubleshoots and points:</div>
<div>
<ol>
<li>You can configure on slave mysql configuration that which all database or even which all tables you want to replicate or do not want to replicate<br />http://dev.mysql.com/doc/refman/5.0/en/replication-options-slave.html</li>
<li>If replication fails due to data consistency issue means, data already exist in slave and master is still trying to push (may be due to several kind of issue), you can change the slave configuration to move ahead</li>
</ol>
mysql > change MASTER TO MASTER_LOG_POS=desired_position;<br />
mysql > change MASTER TO Master_Log_File='mysql-bin._desired_bin_log_file'</div>
<div>
<br /></div>
<div>
Reference : http://dev.mysql.com/doc/refman/5.0/en/replication-howto.html</div>
<div>
<br /></div>
<div>
<br /></div>
<div>
<br /></div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.comtag:blogger.com,1999:blog-7769057678492740719.post-57895396379132911612013-02-27T23:18:00.002-08:002013-02-27T23:20:46.657-08:00Using POP on multiple clients or mobile devices<br />
<div class="answer_heading" style="background-color: white; color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
<h2 class="answer-title" style="display: inline; float: left; font-family: Arial; font-size: 20px; font-weight: normal; line-height: 24px; margin: 0px; padding: 0px 0.5em 0px 0px;">
Using POP on multiple clients or mobile devices</h2>
<div class="clear" style="clear: both;">
</div>
</div>
<div class="article_content article-content-47948" id="article-content-div" style="background-color: white; margin-top: 10px;">
<span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">If you have configured the email on outlook and on Blackberry/Android/iPhone/Gmail too, and on one of the client you are not able to receive the email, this article is useful to you.</span><br />
<span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;"><br /></span>
<span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">Essentially</span><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: x-small;"><span style="line-height: 19.4375px;"> POP (Post office protocol) is a one-way download of your messages that allows you to access your mail with a mail program like Outlook Express or Apple Mail. POP only offers one-way communication, which means that actions you take in the mail program. </span></span><span style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;"><b>You should know two things "recent mode" and "Leave a copy of message on server".</b></span><br />
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
<strong><br /></strong></div>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
<strong>What is 'recent mode?'</strong></div>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
If you're accessing Gmail on multiple clients through POP, Gmail's 'recent mode' makes sure that all messages are made available to each client, rather than only to the first client to access new mail.</div>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
Recent mode fetches the last 30 days of mail, regardless of whether it's been sent to another POP<span class="super" style="font-size: xx-small; vertical-align: top;">1</span> client already.</div>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
<strong>Setting up 'recent mode'</strong></div>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
In your POP client settings, replace 'username@gmail.com' in the 'Username' or 'Email' field with '<strong>recent:</strong>username@gmail.com'</div>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
Once you enable recent mode, please be sure to configure your POP client to leave messages on the server according to the instructions below:</div>
<ul style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
<li>Outlook or Outlook Express: on the <strong>Advanced</strong> tab, check the box next to 'Leave a copy of messages on the server.'</li>
<li>Apple Mail: on the <strong>Advanced</strong> tab, remove the check next to 'Remove copy from server after retrieving a message.'</li>
<li>Thunderbird: on the <strong>Server Settings</strong> tab, check the box next to 'Leave messages on server.'</li>
</ul>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
<br /></div>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
* This is an exact copy the URL https://support.google.com/mail/bin/answer.py?hl=en&answer=47948</div>
<div style="color: #222222; font-family: Arial, Helvetica, sans-serif; font-size: 13px; line-height: 19.4375px;">
<br /></div>
</div>
nishalspacehttp://www.blogger.com/profile/00249273847059658150noreply@blogger.com