GNUSYS | GNU/Linux sysadmin notes GNU/LINUX System Administration notes

The problem :

=================

curl_exec error 60 SSL certificate problem

=================

This is mainly caused because the curl root certificates file does not contain the particular root certificate chain.The best method would be add the correct root certificate to the file obtained by running the command

curl-config --ca

or a quick dirty trick would be add the following line

===================

curl_setopt( $ch, CURLOPT_SSL_VERIFYPEER, 0 );

===================

to the file /usr/lib/php/SOAP/Transport/HTTP.php

in function _sendHTTPS

Just after the line

$ch = curl_init();

Posted under php

Today we have different web servers available on the GNU/Linux platform.Here i am listing only the web servers that can be used for a mainstream web hosting environment

The web servers can be classified basically into 2

1. Process based webserver - In a process based web server each new connection is handled by a new web server process or thread. Following are some of the process based servers available on the GNU /Linux platform.A notable draw back for a process based web server is the famous C10K problem ( http://www.kegel.com/c10k.html ).That said there are many implementations of this model that are high performance in nature

• Apache HTTPD - http://httpd.apache.org/  - the most famous web server and the most widely used - supports a very large number of modules and very feature rich
• Cherokee - http://www.cherokee-project.com/ - is a fast flexible easy to configure web server - A notable feature is the administrative interface available that lessens the burden of tampering with the configuration files
• LiteSpeed - http://www.litespeedtech.com/ - Apache compatible web server ,but claimed to be of having improved perfomance

2- Asynchronus web server or non-blocking i/o webserver - Or in laymans words a web server that uses a single process to handle multiple request ,switching over to the next request when the previous one is waiting for an i/o request is to be fullfilled. This architecture is more scalable and theoretically solves the C10K problem.The famous members of this family of servers are

• Nginx - http://wiki.codemongers.com/Main  - pronounced EngineX - is  a powerfull light weight web server and has a cleaner configuration -It is also feature rich and widely used
• Lighttpd  - http://www.lighttpd.net/ -  This is another powerfull and light weight web server and has a very large number of modules and features

All the above mentioned web servers are widely used in the web hosting industry ,in dedicated ,vps and shared hosting environments

Posted under Apache, hosting, nginx, perl, php

A PHP FastCGI Process manager can be a used to spawn php fastcgi server instances when you have configured your web server to pass php scripts to a FastCGI server .This can be used with web servers like Nginx and lighthttpd .

Download the patch file for your php version from http://php-fpm.anight.org/

Download your php version of choice from http://php.net

Heres what i did..remember that both these project are actively updated.So by the time you read this they have better versions available

cd /usr/local/src

wget http://php-fpm.anight.org/downloads/head/php-5.2.6-fpm-0.5.8.diff.gz

wget  http://in.php.net/get/php-5.2.6.tar.bz2/from/us2.php.net/mirror

gzip -cd php-5.2.6-fpm-0.5.8.diff.gz | patch -d php-5.2.6 -p1

cd php-5.2.6

mkdir /usr/local/php

./configure –prefix=/usr/local/php –enable-fastcgi –enable-fpm –with-mcrypt –with-zlib –enable-mbstring –with-openssl –with-mysql –with-mysqli –with-gd –with-jpeg-dir –enable-gd-native-ttf –without-sqlite –disable-pdo –disable-reflection –with-curl –with-curlwrappers –enable-inline-optimization –disable-debug –disable-ipv6

make

make install

Please note that your ./configure script may produce error of missing libraries or header files.You must install these using your OS’s package manager. I use apt-cache search “the missing libs” to get this done easily

Posted under php

According to the official ffmpeg-php website: ffmpeg-php is an extension for PHP that adds an easy to use, object-oriented API for accessing and retrieving information from video and audio files. It has methods for returning frames from movie files as images that can be manipulated using PHP’s image functions

Inodder to use this extension;you must first install ffmpeg http://gnusys.net/install-ffmpeg-with-amr-nb-and-amr-wb-support/

and after that

1.Download ffmpeg-php from http://ffmpeg-php.sourceforge.net/

2.Untar the source package and run the following commands in the source directory

phpize

./configure && make

make install

You must also ensure that the extension is loaded correctly in the php configuration file

php –ini

will show the location of the php.ini file .You must ensure that the following line is present in your php.ini

extension=ffmpeg.so

Thats it.If you are using php as a DSO of apache ;then you may have to restart apache for the change to take effect

Posted under ffmpeg, php

A slight change in the setup and now i can see the user who is executing the scripts in my website

Before when apache intrepets a php script it calls fastcgi which inturn calls the php cgi binary.But still the php binary is executed as the calling user which in our case is the user apache program runs as

In SuPHP a setuid suphp module comes in between and the calls to the php cgi binary happens after the suphp wrapper changes the user and group to whatever we specify

Here is my configuration

neutron:/var/www# cat /etc/apache2/mods-enabled/suphp.load
LoadModule suphp_module /usr/lib/apache2/modules/mod_suphp.so

neutron:/var/www# cat /etc/apache2/mods-enabled/suphp.conf
<IfModule mod_suphp.c>
AddHandler x-httpd-php .php .php3 .php4 .php5 .phtml
suPHP_AddHandler x-httpd-php
suPHP_Engine on
# # Use a specific php config file (a dir which contains a php.ini file)
# suPHP_ConfigPath /etc/php4/cgi/suphp/
# # Tells mod_suphp NOT to handle requests with the type <mime-type>.
# suPHP_RemoveHandler <mime-type>
</IfModule>

neutron:/var/www# cat /etc/apache2/sites-enabled/gnusys.net
<VirtualHost *>
ServerName gnusys.net
ServerAlias www.gnusys.net
DocumentRoot /var/www/gnusys
suPHP_Engine on
suPHP_UserGroup anoop anoop
AddHandler x-httpd-php .php .php3 .php4 .php5
suPHP_AddHandler x-httpd-php

<Directory “/var/www/gnusys”>

AllowOverride FileInfo Limit Options Indexes

</Directory>

</VirtualHost>

neutron:/var/www#

I was getting the error of configuration directive not recognized when i used

suPHP_UserGroup in the apache config.

Later realized that this configuration directive is only supported when suPHP is compiled with setid-mode “force” or “paranoid” *

Now php script runs with whatever is the owner of the script

====

ID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
7275 anoop 16 0 25716 13m 4924 R 6.3 21.2 0:00.19 /usr/bin/php-cgi
6508 root 15 0 7932 1956 1220 R 0.3 3.0 0:00.08 sshd: root@pts/0
6892 www-data 15 0 10356 1548 1120 S 0.3 2.4 0:00.03 /usr/sbin/apache2 -k start
1 root 15 0 1948 488 464 S 0.0 0.7 0:00.00 init [3]
2 root RT 0 0 0 0 S 0.0 0.0 0:00.00 [migration/0]

====

You can see that the access to gnusys.net is shown as process by user anoop

Posted under Apache, Security, hosting, php

Today gnusys.net had a little downtime as i was trying to change my apache-php interface into FastCGI.

The installation of php-cgi and mod_fcgid went pretty simple in my Debian Etch;so was the configuration

The tricky part was that the wordpress blog was giving Internal Server Error in the index page.

====
[Thu May 22 04:15:41 2008] [notice] mod_fcgid: call /var/www/gnusys/index.php with wrapper /usr/bin/php5-cgi
[Thu May 22 04:15:41 2008] [notice] mod_fcgid: server /var/www/gnusys/index.php(10073) started
[Thu May 22 04:15:41 2008] [info] (104)Connection reset by peer: mod_fcgid: read data from fastcgi server error.
[Thu May 22 04:15:41 2008] [error] [client 59.93.6.103] Premature end of script headers: index.php
[Thu May 22 04:15:44 2008] [notice] mod_fcgid: process /var/www/gnusys/index.php(10052) exit(communication error), get unexpected signal 11

====

The above logs were not good enough.I tried changing the file and directory permissions and the normal first aides you give on the symptom of an Internal Server error

Strangely all my other php applications was working just fine except the blog. I also tried removing the object-cache.php file that integrates my wordpress with xcache without much help

In the end the problem was sorted out to be with my xcache php extension.I disabled the extension from the php.ini and hurray the wordpress loaded just fine!

Xcache is not compatiable with mod_fcgid!.Please disable this module if you use mod_fcgid

Heres my configuration with mod_fcgid

neutron:/var/www/gnusys# cat /etc/apache2/mods-enabled/fcgid.load
LoadModule fcgid_module /usr/lib/apache2/modules/mod_fcgid.so
neutron:/var/www/gnusys#

neutron:/var/www/gnusys# cat /etc/apache2/mods-enabled/fcgid.conf
<IfModule mod_fcgid.c>
AddHandler fcgid-script .fcgi .php
SocketPath /var/lib/apache2/fcgid/sock
IPCConnectTimeout 3600
</IfModule>
neutron:/var/www/gnusys#

neutron:/var/www/gnusys# cat /etc/apache2/sites-enabled/gnusys.net
<VirtualHost *>
ServerName gnusys.net
ServerAlias www.gnusys.net
DocumentRoot /var/www/gnusys
<Directory “/var/www/gnusys”>

AllowOverride FileInfo Limit Options Indexes

FCGIWrapper /usr/bin/php5-cgi .php
</Directory>

</VirtualHost>

neutron:/var/www/gnusys#

I am trying to integrate suPHP with this .There is visible perfomance degradation while i dumped my mod_php + xcache config.But this is just more secure and better for a shared environment. And since i am on a dedicated environment i will probably return back to my old config.

Posted under Apache, hosting, php

You can change the php memory_limit value for a particular domain or on a per virtual host basis by the following way

Add the following line to the file

/home/httpd/vhosts/gnusys.net/conf/vhost.conf

php_admin_value memory_limit “128M”

Reconfigure the vhost by running the following command

/usr/local/psa/admin/sbin/websrvmng –reconfigure-vhost –vhost-name=gnusys.net

and restart the webserver using the command

/usr/local/psa/admin/sbin/websrvmng –restart

Check if the setting is correct using phpinfo(); function

Posted under php, plesk