Linux System Admins Blog » sysadmin

HowTo remove a list of files

marius — Fri, 09 Jul 2010 21:33:28 +0000

Here is a quick tip on how to remove a list of files. Let’s say you have the list of files inside a file called files_to_remove. Usually I would do something like this:
LIST=`cat files_to_remove`
and then
ls -al $LIST
just to check what is in the list and if it looks good.

And finally:
rm -vf $LIST

Google will use site performance and page load speed in SERP ranking – sysadmin SEO here we come

andrew — Wed, 14 Apr 2010 04:48:56 +0000

Page Load speed just became a lot more important – Google announced recently that it will use page speed in its SERP rankings. Here is a quote that will make the SEO and marketing folks knock on sysadmin doors:

We encourage you to start looking at your site’s speed (the tools above provide a great starting point) — not only to improve your ranking in search engines, but also to improve everyone’s experience on the Internet.

The post lists a number of tools everyone should be using already, such as YSlow, google’s own PageSpeed, online speed waterfall diagram tool and webmaster tools. Webmaster tools recently added a beta feature which provides data about your sites speed relative to other sites on the internet.

Here is a sample report:

webmaster tools page speed chart

Performance overview
On average, pages in your site take 6.3 seconds to load (updated on Apr 11, 2010). This is slower than 83% of sites. These estimates are of medium accuracy (between 100 and 1000 data points). The chart below shows how your site’s average page load time has changed over the last few months. For your reference, it also shows the 20th percentile value across all sites, separating slow and fast load times.

Linus System admin blog will have a series on page speed improvement. Stay tuned!

Enable/Disable APC on virtual host level

marius — Thu, 18 Mar 2010 21:53:29 +0000

APC (Alternative PHP Cache) is a free, open, and robust framework for caching and optimizing PHP intermediate code. APC is a great tool to speed up a php driven site and I can’t even think of a big site running on a php framework without an opcode cache (other good choices are eaccelerator or xcache). Why would not everyone want to use this? The reason why this is not enabled by default everywhere is because in certain situations it can break things. Most peoples will not see any problems, but still, if you run a server with many clients sharing the same apache service this might be a problem (as the apc module loading it is a server-wide config). This post will show how we can use APC globally and disable it for some vhosts (that might have a problem with using APC) or the reverse to just use it one a special vhost that might need this.

I’ll assume that you have installed apc already, if this is not the case this will probably be something as simple as running
pecl install apc
or downloading the archive from pecl and running:
phpize; ./configure; make; make install

The APC extension needs to be enabled either in php.ini or in one included file with a line like this:
extension=apc.so
there are many other parameters that apc can be fine tuned (see the official doc for more info), but without any other change, just with this line apc will be enabled on all the vhosts on the server.

Disabling some vhosts from using APC
- if we want to disable APC for a particular vhost we just have to add to the vhost config or to .htaccess:
php_flag apc.cache_by_default Off

Enabling APC only on some vhosts
- if we want to have APC disabled by default globally we will have in php.ini:

extension=apc.so
[apc]
apc.cache_by_default=0 # disable by default
... other apc settings...

and we will enable APC for the particular vhost config or using .htaccess using:
php_flag apc.cache_by_default On

Hopefully you found this post useful and this will give you a reason to use APC with more confidence knowing that you have the granularity to disable/enable it as needed in a shared environment.

Mail Relay Issue on Cpanel Server

gerold — Tue, 16 Feb 2010 14:05:00 +0000

I noticed lots of email being relayed on one of our shared hosting server, CentOS5 with Cpanel and running Exim, and the strange thing is that the email server (MX) for these accounts are pointing to Google (GoogleApps), and we have correct entries for localdomains and remotedomains for these account. The relayers (‘From’ server/address) looks like spam anyway. From the mail logs I noticed that the relayed messages have ‘fixed_login‘ and key (‘rsa-sha1‘) for their authentications.

Since the mail server for these accounts are pointing to other servers, I deleted all the email accounts, forwarders, mailinglists, etc. After this I’ve seen sending error/failure messages from mail logs of the said accounts It shows ‘fixed_login authenticator failed for hostxx’ [535 Incorrect authentication data].

Change Squid outgoing address

max — Mon, 19 Oct 2009 18:45:34 +0000

Typically Squid caching proxy server listen and outgoing IP address are the same. Sometimes, for various reasons we want to alter the outgoing IP address. The new address must first be brought up as an interface on the squid server. In squid.conf look for tcp_outgoing_address line, uncomment it and replace the default IP value with your new outgoing ip address and restart Squid. Your Squid server will still listen and accept connections on the current IP while all outbound traffic will originate from the new IP. This modification works with access ACL and detailed instructions can be found here for latest stable branch (3.0)

HowTo display PHP errors when you don’t have access to php.ini

marius — Tue, 15 Sep 2009 12:10:34 +0000

If you are using a shared server, or just have a limited account on your company servers, you might not have access to your php configuration file php.ini (this is usually found under /etc/php.ini in rhel/centos and /etc/php5/apache2/php.ini in debian/ubuntu). Still, in many situations it might be needed to enable php errors in the browser so you can see what is the actual problem instead of an empty page (if the server has error reporting disabled as most production systems should have).

In order to enable error reporting for your php script or application include inside your code the following lines:
error_reporting(E_ALL); ini_set("display_errors", 1);
and this will result in displaying in the browser any errors your application might have.

ps: once you are done with this and fixed the issue, don’t forget to remove the error reporting lines, as we don’t want our users/clients to see errors in the browser in case something went wrong.

CentOS 4.8 finally released!

marius — Tue, 01 Sep 2009 10:03:36 +0000

After a long development time, Centos 4.8 was finally released on the 21st August. This is a good thing that after the latest problems between the centos developers, they were able to pull this out finally and now be able to focus on the upcoming 5.4 release.

There are no major changes in this update, mostly bug fixes and security fixes, and it should be a quick and easy upgrade for most people still running the 4.x branch (you should really consider upgrading to 5.x ).

Using wildcards in nginx valid_referers

marius — Tue, 25 Aug 2009 11:05:25 +0000

This quick post will show how we can easily allow only certain http referrers see some location using nginx. This might be useful for example if you are using nginx as a static content provider and want to not allow everyone hot-linking your images and only your own sites. Doing something like this in nginx is very simple and we could start with a configuration like this (from nginx.conf):

location /images {
	valid_referers   none  blocked  server_names  mydomain.com www.mydomain.com;
	if ($invalid_referer) {
		return   403;
	}
	... else serve the content
}

This works fine in this simple case; but what if we need to list more sub-domains? like images.mydomain.com an static.mydomain.com, etc? It would be nice to be able to use a regexp for this, right? Fortunately nginx has support for this and this can be done using a valid_referers line like:
valid_referers none blocked server_names ~(mydomain.com)

And this will match all the subdomains *.mydomain.com. Going even further you might want to allow google as a referrer for you content. Still google has so many subdomains and even different domains (like google.com, google.de, etc.) For this we could add ~(google.) and have our final configuration look like this:

location /images {
	valid_referers   none  blocked  server_names  ~(mydomain.com|google.);
	if ($invalid_referer) {
		return   403;
	}
	... else serve the content
}

This simple example shows how powerful the configuration of nginx is and how easy it is to do things that are rather impossible with other similar softwares.

Using svn+ssh with a non-standard ssh port

marius — Mon, 17 Aug 2009 09:25:05 +0000

Many people use subversion over ssh for a simple and secure way to work on remotely hosted svn repositories. This is normally as simple as running:
svn co svn+ssh://user@server/repo .

If the remote ssh server is not running on the default ssh port (tcp 22) then this needs a little tweaking to get it working. Normally I was expecting that adding a custom entry for the svn server in the /etc/ssh/ssh_config file with the appropriate port would make this work on the fly without changing the command line; or if not, adding the ssh port in ‘telnet like’ way: server:port would make a difference. Still none of those worked and in order to get this working I had to dig into the subversion documentation on how we can define a special tunnel.

We can define a new tunnel in the svn configuration file (.subversion/config):
[tunnels] sshtunnel = ssh -p

And after this we can use svn as usual but with a url like svn+sshtunnel:// :
svn co svn+sshtunnel://user@server/repo .

System Admin Day – July 31st

andrew — Thu, 30 Jul 2009 18:41:14 +0000

We will celebrate the Linux System Administrator Appriciation day tomorrow. Yes, there is such a thing, if its in wikipedia (wiki system administrator appreciation Day), than it must be true!

See what its all about here:

System Administrator Appreciation Day, also known as Sysadmin Day, SysAdminDay or SAAD, was created by system administrator Ted Kekatos. Kekatos was inspired to create the special day by a Hewlett-Packard magazine advertisement in which a system administrator is presented with flowers and fruit-baskets by grateful co-workers as thanks for installing new printers.

Here is one of our own getting some appreciation from our colleagues.

Max, our gets nominated as a favorite linux system administrator by some of his office fans

So don’t forget to buy your system administrator a coffee, beer, donut, or whatever he prefers, and dont ask any stupid questions tomorrow.

The system administrator song

And here is a link to another System administrator song from the UK

http://www.ukuug.org/sysadminday/