Sivel.net  Throwing Hot Coals


Apache to nginx in 90 seconds

I spent about 30 minutes last night and switched all of my personal sites over to nginx, including the one you are on now and FreeMyFeed. Okay, so I know 30 minutes does not equal 90 seconds, but the title sounded more catching. The configuration for a secured, working nginx instance is quite small. On top of that, configuring virtual hosts is really easy.

The largest amount of time it took to get this finished was recreating the rewrite rules for Zenphoto. The rewrite rules can be found here. I haven’t tested all of the rewrite rules yet, but from quickly browsing through my gallery everything appears to be working well. Keep in mind that these rewrite rules were designed for a site where Zenphoto lives in the root. If it lives in a subfolder the rewrite rules will need to be modified accordingly. I can probably help if you ask nicely.

I have also moved over numerous WordPress sites to nginx. I won’t post their rewrite configurations here because you can find them easily using Google.

You can find the nginx rpms for EL4/EL5 in the Fedora Project’s EPEL repo.

If you have any nginx related configuration questions feel free to ask, I’m getting pretty familiar with the app.

CoolStuff Linux Technology

XCache Admin Cannot Login When Using Apache and mod_fcgid

I have been helping a friend setup a dedicated server to host his clients sites on and wanted to make things as streamlined and as easy as possible. To do so I installed Apache 2.2, PHP5, XCache and mod_fcgid. I am using suexec with Apache to run the scripts as the users who own the scripts.

I wanted to verify that XCache was working, so I copied the XCache admin directory into one of the document roots and tried to login. To my surprise I was not able to login even though I was using a known good md5 password hash in the XCache configuration.

It took me about a month of searching to find out that the server variables PHP_AUTH_USER and PHP_AUTH_PW don’t seem to work with mod_fcgid. This Lighttpd forum entry led me to the XCache admin config.php.

Here is what is required:

  1. Create a file in your XCache admin directory called config.php
  2. In this file add the following, using the information you provided in the XCache configuration:

    <?php $_SERVER[‘PHP_AUTH_USER’] = ‘admin_username’; $_SERVER[‘PHP_AUTH_PW’] = ‘admin_password’; ?>

  3. Configure some other means of authentication such as htpasswd or htdigest

HowTo Linux PHP Technology

Dedicated Haiku Follower

A few weeks ago I posted that I would be going out to the LinuxWorld Expo in San Francisco. Yesterday I made my appearance, and took the time to talk to the guys at Haiku for a good while. They seemed to get the idea that I flew out here just to see their booth…Perhaps I may have actually said that.

Anyway, they took a picture and claimed that it would be on the Haiku website by the following day (today). And not really to my surprise, but I’ll say that I am, my picture is indeed there.

Check it out

See the section titled “Interest still strong”.

CoolStuff Linux

Checkgmail Uses 100% CPU at Startup

While using checkgmail on Ubuntu 7.10 I was running checkgmail with no problem at all. I not too long ago upgraded to Ubuntu 8.04 and quickly noticed that checkgmail was taking 30+ seconds to start and was taking 100% of my CPU.

I did a search on Google and found a lot of users experiencing the same problem. It took a bit of reading, which is why I am posting this, and found that it is do the localizations (languages) that are loaded into checkgmail. There are 1,728 lines in checkgmail devoted to localization and I imagine that it is due to parsing this data that is causing the 100% CPU useage.

The solution to speeding up checkgmail is to remove all of the localizations that you don’t need. For me this was removing lines 3089-3280 and 3346-4817 or checkgmail and the corresponding lines in ~/.checkgmail/lang.xml.

I have created some patches to take care of this but cannot guarantee that with updates to the code that the localizations will remain on the same lines as they are this minute. So use with care. The patches can be applied as such:

wget http://sivel.net/patch/checkgmail/checkgmail_1.13svn_slowstart_checkgmail_en.patch
wget http://sivel.net/patch/checkgmail/checkgmail_1.13svn_slowstart_langxml_en.patch
patch /usr/bin/checkgmail checkgmail_1.13svn_slowstart_checkgmail_en.patch
patch ~/.checkgmail/lang.xml checkgmail_1.13svn_slowstart_langxml_en.patch

If you have checkgmail running kill it and start it up again. It should have started almost instantly and not taken 100% CPU to do so.

HowTo Linux

LinuxWorld Expo 2008 San Francisco

I’ll be attending the LinuxWorld Expo in San Francisco at the beginning of August. I’ll be arriving mid way through the conference so that I can attend to my sons first birthday and celebrations.

I’ll be attending the exhibit hall and keynote addresses on Wednesday and Thursday (Aug 6 + 7), as well as Ubucon and flying back out on Friday. To those reading this who will be out there for the conference, maybe we will run into each other.

CoolStuff Linux Technology

Getting Lighttpd, FastCGI and PHP working on CentOS 4

Over the years I have been installing Lighttpd from the RPMforge repository on my CentOS 4 servers for high traffic sites. The one thing that bothers me time and again is that installing lighttpd, lighttpd-fastcgi and PHP; configuring lighttpd.conf to enable FastCGI and configuring FastCGI for PHP isn’t all that is required. Try doing only that and starting Lighttpd. It will die immediately all the while telling you that it started successfully.

The problem is that the default configuration for FastCGI + PHP in lighttpd.conf tries to place the PHP sockets into /var/run/lighttpd/ which doesn’t exist.

Only 2 quick steps are required to finish the installation and configuration:

  1. mkdir /var/run/lighttpd
  2. chown lighttpd. /var/run/lighttpd

Now fire up Lighttpd and enjoy the wonderful world of PHP on a web server that doesn’t suck.

Side Note: For those of you who are trying to find the location of php-cgi on your PHP 4.3.9 install from the base or updates CentOS repo, you aren’t going to find what you are looking for. Uninstall PHP 4.3.9 and install PHP 5.1.6 from the centosplus repo.

HowTo Linux PHP Technology

CheckGmail Problem With Google Hosted Domains

For some time now I have been using CheckGmail to monitor both my gmail.com accounts and my sivel.net accounts. But several months ago Google changed the way that accounts are authenticated for hosted domains.

If you are experiencing this problem I suggest downloading the most recent version of CheckGmail from the CheckGmail subversion trunk. For those of you who don’t have subversion installed or for those of you who don’t know how to use subversion there is any easy way around this.

Simply issue the following command:

sudo wget -O /usr/bin/checkgmail http://checkgmail.svn.sourceforge.net/viewvc/*checkout*/checkgmail/checkgmail

If you currently have CheckGmail running kill it and restart it. Now you will be able to monitor your hosted domain again with CheckGmail.

HowTo Linux

OpenSSH Client notty Disconnection Problem

I recently wrote a script that waits for something to happen and then executes a command on a remote machine via ssh. I ran into a problem where the ssh connection was established and then the ssh connection would never close.

I found out after some diagnostics that becuase there was no tty assigned to the local session that a tty was not being assigned on the remote session and for some reason ssh was not disconnecting after the command had finished.

The solution was to run the ssh command with the -t flag as such:

ssh -t -t user@example.org "somecommand"

The -t is used to force pseudo-tty allocation but when there is no local tty you must use -t -t to force tty allocation on the remote server.

Linux Technology

Single Sign-On with Apache and Active Directory &#8211; Part 2

Part 1 | Part 2

Back on May 23rd, 2007 I wrote an article titled Single Sign-On with Apache and Active Directory which I have now made Part 1 of this topic. In that article I wrote:

There are 3 major solutions for this which are mod_ntlm, mod_auth_kerb and Apache2:AuthenNTLM…I tried mod_ntlm which seemed to be very easy to setup and worked well. But there was one catch…If the browser did not send the NTLM information or correct NTLM information, see the footnotes1 below as to why, the user had to login with the username in the form of DOMAINusername. In my experience with applications already in place they did not require this form of DOMAINusername. This could be resolved if you could specify the default domain in mod_ntlm which you cannot.

Now I will explain why there is a Part 2 to this topic. I used the Apache2::AuthenNTLM Apache Perl module in a large environment and quickly found a serious problem which I could not diagnose or resolve. When using the Apache2::AuthenNTLM Perl module Apache would stop responding to requests to the site after an undetermined number of requests. I tried limiting the file types that would be authenticated but in the end it would still stop reaponding after a while.

So I finally decided to use the Apache mod_ntlm module to handle the authentication. And with the article I had written titled Enabling NTLM Authentication (Single Sign-On) in Firefox, the problem with having to use the username in the form of DOMAINusername in Firefox can be eliminated.

This how to is intended for CentOS 4 and RHEL4 but can be easily adapted for other distributions.

Now for the HowTo:

1) Start by installing Apache by issuing the following command:
yum install httpd

2) Next we need to install the mod_ntlm Apache module

wget http://sivel.net/repo/i386/mod_ntlm-2-0.1.el4.sn.i386.rpm
rpm -ivh mod_ntlm-2-0.1.el4.sn.i386.rpm

3) Now we need to configure mod_ntlm

cd /etc/httpd/conf.d
vi mod_ntlm.conf

Modify the conf like so (the documentation in the conf pretty much covers it also):

<location ~ "/path/to/dir/to/protect/here)/(.*)" >

  # NTLMAuth - set to 'on' to activate NTLM authentication here
  NTLMAuth on

  # AuthNTGroups - text file containing (NT) group names and member user IDs

  # NTLMBasicAuth - set to 'on' to allov Basic authentication too

  # NTLMBasicRealm - realm to use for Basic authentication

  # NTLMAuthoritative - set to 'off' to allow access control to be passed along to lower modules if the UserID is not known to this module
  NTLMAuthoritative on

  # NTLMDomain - set to the domain you want users authenticated against for cleartext authentication - if not specified, the local machine, then all trusted domains are checked
  NTLMDomain MYDOMAIN

  # NTLMServer - set to the NT server to contact to authenticate users
  NTLMServer primary.mydomain.com

  # NTLMBackup - set to the alternate NT server to contact to authenticate users
  NTLMBackup secondary.mydomain.com

  # NTLMLockFile - set to the lock file that is used to prevent simutaneous contacts to DC
  NTLMLockfile /tmp/_mod_ntlm.lck

  AuthName NTAuth
  AuthType NTLM
  require valid-user
  Satisfy all

</location>

4) We need to modify the global conf file now.
vi /etc/httpd/conf/httpd.conf
Find ‘KeepAlive Off’ and change it to ‘KeepAlive On’

5) Let’s start Apache
/etc/init.d/httpd start

6) Let’s setup a simple test page that will utilize the server environment variable that mod_ntlm sets.

cd /path/set/in/step/3/in/location/directive
touch index.php
vi index.php
  • Insert the following information:

    <?php echo “You have logged in as ” . $_SERVER[‘REMOTE_USER’] . “”; ?>

If you do not have PHP installed you can just place a page in the directory and if you login you should be able to see it.

If you get a login prompt check the footnotes1.

Part 1 | Part 2

Footnotes
1. Getting a login prompt can be caused by using Firefox with the default configuration, not being logged on in the domain that you are attempting to authenticate against, or not having the site listed in the Local Intranet security zone in Internet Explorer. Or worst of all you could have mis configured something in step 3

HowTo Linux

Using Sprint PCS Connection Card with Fedora

I have seen a good number of incoming links requesting this page that I had written back when I was using a wiki for my web site. So I decided to bring it back and make some redirects to direct people to the correct location.

With that being said these instructions are for configuring Fedora (Core 5 was used at the time) to use a Sprint PCS Connection Card to connect to the internet. I cannot verify or test this functionality as I no longer have a Sprint PCS Connection Card. So let the fun begin.

  1. With the Sprint PCS Connection Card PC-5740 not inserted boot up the computer into Fedora Core 5.
  2. Open a terminal window and SU to root.
  3. Execute the following command:

tail -f /var/log/messages

  1. Insert the card.
  2. You should see something similar to the following:

Aug 15 13:01:24 fedora-mobile kernel: pccard: CardBus card inserted into slot 0
Aug 15 13:01:24 fedora-mobile kernel: PCI: Enabling device 0000:03:00.0 (0000 -> 0002)
Aug 15 13:01:24 fedora-mobile kernel: ACPI: PCI Interrupt 0000:03:00.0[A] -> Link [LNKA] -> GSI 11 (level, low) -> IRQ 11
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.0: OHCI Host Controller
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.0: new USB bus registered, assigned bus number 5
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.0: irq 11, io mem 0xc2000000
Aug 15 13:01:24 fedora-mobile kernel: usb usb5: configuration #1 chosen from 1 choice
Aug 15 13:01:24 fedora-mobile kernel: hub 5-0:1.0: USB hub found
Aug 15 13:01:24 fedora-mobile kernel: hub 5-0:1.0: 1 port detected
Aug 15 13:01:24 fedora-mobile kernel: PCI: Enabling device 0000:03:00.1 (0000 -> 0002)
Aug 15 13:01:24 fedora-mobile kernel: ACPI: PCI Interrupt 0000:03:00.1[B] -> Link [LNKA] -> GSI 11 (level, low) -> IRQ 11
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.1: OHCI Host Controller
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.1: new USB bus registered, assigned bus number 6
Aug 15 13:01:24 fedora-mobile kernel: ohci_hcd 0000:03:00.1: irq 11, io mem 0xc2001000
Aug 15 13:01:24 fedora-mobile kernel: usb usb6: configuration #1 chosen from 1 choice
Aug 15 13:01:24 fedora-mobile kernel: hub 6-0:1.0: USB hub found
Aug 15 13:01:24 fedora-mobile kernel: hub 6-0:1.0: 1 port detected
Aug 15 13:01:25 fedora-mobile kernel: ohci_hcd 0000:03:00.0: wakeup
Aug 15 13:01:26 fedora-mobile kernel: usb 5-1: new full speed USB device using ohci_hcd and address 2
Aug 15 13:01:26 fedora-mobile kernel: usb 5-1: configuration #1 chosen from 1 choice
Aug 15 13:01:26 fedora-mobile kernel: cdc_acm 5-1:1.0: ttyACM0: USB ACM device
Aug 15 13:01:26 fedora-mobile kernel: usbcore: registered new driver cdc_acm
Aug 15 13:01:26 fedora-mobile kernel: drivers/usb/class/cdc-acm.c: v0.25:USB Abstract Control Model driver for USB modems and ISDN adapters

  1. The above is all important but the line we are most interested in is the following:

Aug 15 13:01:26 fedora-mobile kernel: cdc_acm 5-1:1.0: ttyACM0: USB ACM device

  1. The above line shows us that the device created is ttyACM0 which is actually located at /dev/ttyACM0.
  2. Assuming you are running Gnome, download and install gnome-ppp with the following:

yum install -y gnome-ppp

  1. In order for gnome-ppp to work properly it must be run as root.
  2. Open a terminal window and su to root.
  3. Execute gnome-ppp (Tip: You can add a “ &” to the end of gnome-ppp to disconnect it from the active session allowing you to close the terminal window without closing gnome-ppp).
  4. Click the “Setup” button.
  5. Click the “Detect” button. Your modem (/dev/ttyACM0) should automatically be detected. If not then something above went wrong.
  6. Click the “Init Strings…” button and change “Init 2” to “ATZ” (without the quotes).
  7. For the username you will need to boot into Windows, open the PCS connection application and select Diagnositcs from the menu. Your username will be in the form of username@sprintpcs.com.
  8. With gnome-ppp you are required to enter a password. This will not affect the dial up seeing as though the Sprint servers wont even respond to the password being sent. So type whatever you want in this field.
  9. The phone number is “#777”.
  10. Click connect. You’re done.
  11. If you can’t access anything on the internet after connecting and you have IP address info, it is probably due to gnome-ppp not updating the nameserver statements in resolv.conf

Using gnome-ppp eventually got old for me so I wrote a bash script to take care of it. I won’t post extensive usage information on how to use it so use at your own risk (although I don’t see any actual risk involved).

You will need to do several things to get this up.

  1. Download sprint-dial.sh to your home dir or where ever you want.

wget http://cdn.sivel.net/s/p/sprint-dial.sh

  1. Download or configure your own .wvdial.conf and place it in your home dir and /root

wget http://cdn.sivel.net/w/v/.wvdial.conf

  1. Execute the script

sudo ./sprint-dial.sh

or

su
./sprint-dial.sh

HowTo Linux Technology