Tag Archives: server

CEntos 6.7 Migrating from mysql-server/mysql-community-server into latest MariaDB

Ok, first you should install yum-replace plugin if you haven’t already have it.

yum install yum-plugin-replace

Get MariaDB packages repo from MariaDB repos builder here
MariaDB repo builder
You’ll get some repo config text that you can save to /etc/yum.repos.d/MariaDb.repo like these:

# MariaDB 10.1 CentOS repository list - created 2016-04-17 23:39 UTC
# http://mariadb.org/mariadb/repositories/
[mariadb]
name = MariaDB
baseurl = http://yum.mariadb.org/10.1/centos6-amd64
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB
gpgcheck=1

Do update your repo chache

yum update

If you’re installing mysql-server from CentOS 6.7 default repo, you should do this:

yum replace mysql-libs --replace-with=MariaDB-common

If you’re installing mysql server from webtatic repo (mysql55w-server), you should do this:

yum replace mysql55w-libs --replace-with=MariaDB-common

If you’re installing from MySQL Community repository, do this:

yum replace mysql-community-common --replace-with=MariaDB-common

Just answer with ‘Y’ if the yum replace command show you some conflicts.
Next, just install all MariaDB related packages:

yum install MariaDB-*

Start MariaDB:

/etc/init.d/mysql start

Confirm that you’re using MariaDB:

[root@www ~]# mysql --version
mysql  Ver 15.1 Distrib 10.1.13-MariaDB, for Linux (x86_64) using readline 5.1

Don’t worry, if you have successfully installing MariaDB over MySQL:

  1. your web app that use MySQL will not broken, no need to change anything
  2. your data will stay intact (no data loss)
  3. use MySQL commands as usual (such as: mysql -u root -p)
  4. the MariaDB config is still in /etc/my.cnf

In short, business as usual!

Save bandwidth, block image hot linking

Image hot-linking is (simply put): other site is showing your image that still on your server. This can cause problem for bandwidth limited website, they steal your bandwidth! Also, this doesn’t make visitor from that notorious site to come to your site.  More visitor for them, more bandwidth lost for you. We will handle this issue using htaccess.

Remember that to use .htaccess fully (including this tips), you have to activate Apache mod_rewrite.

In our case, we will allow only few sites that directly show/link our image. Other sites that have no permission will show an error/no leech image. This is the full .htaccess code:


RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^facebookexternalhit.*$ [OR]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ahowto.net [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mp32u.net [NC]
RewriteCond %{HTTP_REFERER} !^.*google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^.*bing.com/.*$ [NC]
RewriteCond %{REQUEST_URI}  !^/images/no_leech.jpg
RewriteRule \.(jpe?g|png|gif)$ http://www.ahowto.net/images/no_leech.jpg [L]

 

The explanation:

  • (line 1) Activate rule only if mod_rewrite is activated
  • (line 4) we don’t allow Facebook bot to steal our image. Comment (#) this line if you want to allow Facebook to grab image from your site (this is used by Facebook to create thumbnail image whenever FB users posting your website  URL)
  • (line 6-9) allow only few sites to direct link/hot link our image: ahowto.net, mp32u.net, google.com and bing.com
  • (line 10) don’t apply the rule for “no leech” image that will be served to bandwidth leecher/stealer. Don’t forget this line, or you’ll get forever loop that eventually stress your webserver.
  • (line 11) Serve the leecher with our error/no leech image. I suggest you to use more informative image, such as image that contain messages “visit my site to view the image”
example no_leech image

just an example that might annoy bandwidth stealer

Special case for Wordpress

Yes, I know that there are few “anti-leech/anti-hot-linkplugins out there, but make sure they have the correct htaccess code placement. Make sure the placement is before main wordpress htaccess default code. So, your wordpress blog htaccess code would be like this:

# BEGIN Hotlink Protection

RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_USER_AGENT} ^facebookexternalhit.*$ [OR]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?ahowto.net [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mp32u.net [NC]
RewriteCond %{HTTP_REFERER} !^.*google.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^.*bing.com/.*$ [NC]
RewriteCond %{REQUEST_URI}  !^/images/no_leech.jpg
RewriteRule \.(jpe?g|png|gif)$ http://www.ahowto.net/images/no_leech.jpg [L]

# END Hotlink Protection

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

 

execute html as php via .htaccess

Whenever a web site is accessed by users, the web server detect the file extension and decide what would it do with the file; directly served or run it as script. If the file extension is .htm or .html, the web server usually serve this file directly. If the extension is .php, the web server will run it as script using PHP interperter and serve the script’s result to user.

Some common problem: You discover an ideal piece of software, and you need to add this functionality in your website, however you have to use PHP in your web page for this to working properly. You can simply rename your own webpages to php rather than html, however, your URL is already indexed in search engine as .html file. Renaming your file into .php will render this .html page to be not found (404 error). And you need to resubmit the correct URL to search engine and waiting to be indexed again. What a pain!

There’s a simple solution for that. Just run the PHP codes inside HTML files! But this feature is not enabled by default. You need to add this line below in your .htaccess:

AddType application/x-httpd-php .html .htm

What does that line tell? It tells the web server to treat .html and .htm as PHP script, therefore need to run it against PHP interpreter before serving it to users.

Most of web host allowed you to change/have your own .htaccess file. Be careful when editing .htaccess file, it may already another server side settings for your website. If you didn’t see the file, try choose to “show hidden files” in your file manager (such as cpanel). If it’s still not there, then there’s no .htaccess file yet (not all site had .htaccess by default), so you can create an empty text file named .htaccess.

Create SOCKS5 server

Distribution used: Debian 6 (squeeze). Unfortunately Debian 5 (lenny) doesn’t provide dante server

In the previous post, I’ve shown you on how to create your own SOCKS5 server on localhost (on your Windows PC) using XShell 4 and a SSH server.

Now, I’ll guide you on how to create a more permanent SOCKS5 proxy server using your Debian 6 squeeze server. No need to logged-in to your SSH server each time you want to use SOCKS5 server. We will use Dante server.

Install dante-server

apt-get install dante-server

edit dante server configuration file (/etc/danted.conf). This is the minimum dante server configuration that I often use:


# the server will log both via syslog, to stdout and to /var/log/lotsoflogs
#logoutput: syslog stdout /var/log/lotsoflogs
logoutput: syslog

# The server will bind to the address 10.1.1.1, port 1080 and will only
# accept connections going to that address.
internal: eth0 port = 2727


# outgoing connection
external: eth0

# methods for socks-rules.
method: username none #rfc931


user.privileged: proxy

user.notprivileged: nobody

user.libwrap: nobody

# client IP addresses that allowed to use this service
client pass {
    from: 114.79.0.0/16 port 1-65535 to: 0.0.0.0/0
}

client pass {
    from: 127.0.0.0/8 port 1-65535 to: 0.0.0.0/0
}


# block everyone else
client block {
	from: 0.0.0.0/0 to: 0.0.0.0/0
	log: connect error
}


block {
	from: 0.0.0.0/0 to: 127.0.0.0/8
	log: connect error
}

#allow client to connect to all ip addres/site via this proxy
pass {
    from: 114.79.0.0/16 to: 0.0.0.0/0
    protocol: tcp udp
}
    
pass {
    from: 127.0.0.0/8 to: 0.0.0.0/0
    protocol: tcp udp
}
        
block {
    from: 0.0.0.0/0 to: 0.0.0.0/0
    log: connect error
}

Done. Start dante server.

service danted start

A bit explanation about the configuration: 

  • watch for line #8. you must specify in what port number will your SOCKS5 server run and in which ethernet card the server will listen. You can change this “eth0” with your server IP address. Note: if you have firewall activated, don’t forget to allow traffic from the SOCKS5 proxy port as you configured here.
  • As for line #12, the value should the same as line #8, either ethernet card name or your server IP address.
  • Line #26, change “114.79.0.0/16” with your own (public) IP address. I specified IP address range here because I have dynamic IP address.
  • Line #48, the same as line #26. Put your (public) IP address here.

 

 

Test your SOCKS5 proxy server. Use it as SOCKS5 proxy in Firefox and access http://reverse.vrank.org/ipinfo.php . Check if your IP address is already detected as the same as server’s IP.

Controlling your visitors/users bandwidth usage and speed using mod_cband

Again, I’m using my beloved Debian 6 squeeze distribution to test this tutorial.
What is mod_cband? Directly taken from the one that maintain this piece of work:

mod_cband is an Apache 2 module provided to solve the problem of limiting users’ and virtualhosts’ bandwidth usage. The current versions can set virtualhosts’ and users’ bandwidth quotas, maximal download speed (like in mod_bandwidth), requests-per-second speed and the maximal number of simultanous IP connections (like in mod_limitipconn)

I recommend you to install this module into your server if your site providing download or stream service. Benefit after installing this module is: justice for all. For you as server owner: you can control the bandwidth usage and limiting your user’s download/stream speed, keep your server’s memory usage in control. For users: high availability server, no users dominate the bandwidth alone.

OK, let’s start:
install needed package (you need to compile mod_cband by yourself)

apt-get install apache2-prefork-dev make

download and extract mod_cband

wget http://sysdesign.pl/downloads/cband/mod-cband-0.9.7.5.tgz
tar xzf mod-cband-0.9.7.5.tgz

EDIT: it seems that site is not hosting mod-cband anymore, you can download mod-cband form my site instead: http://www.mp32u.net/mod-cband-0.9.7.5.tgz

go inside mod-cband directory and do ./configure

cd mod-cband-0.9.7.5
./configure

fixing Makefile; without doing this trick, you will get error message when trying to restart Apache2 afterwards. This is the error messages:

apache2: Syntax error on line 203 of /etc/apache2/apache2.conf: Syntax error on line 1 of /etc/apache2/mods-enabled/cband.load: Cannot load /usr/lib/apache2/modules/mod_cband.so into server: /usr/lib/apache2/modules/mod_cband.so: undefined symbol: truncf
Action ‘configtest’ failed.
The Apache error log may have more information.
failed!

edit Makefile produced by ./configure before. add “-lm ” after “APXS_OPTS=” and before “-Wc” on line 12. See screenshot:

cband Makefile

Watch for line #12

save it and then do “make&&make install

make&&make install

restart apache2

service apache2 restart

This isn’t enough. Now, configure your virtual host to use mod_cband. This just example virtual host configuration that I use:

NameVirtualHost 74.117.233.146:80

	ServerName mp32u.net
	ServerAlias www.mp32u.net nw.mp32u.net
	ServerAdmin achmad.zaenuri@hotmail.com

	DocumentRoot /var/www/mp32u

	ErrorLog ${APACHE_LOG_DIR}/mp32u.error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel warn

	CustomLog ${APACHE_LOG_DIR}/mp32u.access.log combined

	CBandRemoteSpeed 102400kb/s 4 5   # speed limit, number of request per second and max. number of connections
        
		SetHandler cband-status  # whenever http://www.mp32u.net/bwm is accessed, bandwidth statistics will be shown
        

For more extensive and descriptive options, head to mod_cband documentation page

Example result: http://3gp.ytconv.net/bwm