24×7servermanagement.com

Manual Installation of Nginx in Cpanel Apache in proxy mode

1. In order to get the cPanel server ready for nginx – you must first install an apache module called mod_rpaf

Login as root:
# cd /usr/local/src
# wget http://stderr.net/apache/rpaf/download/mod_rpaf-0.6.tar.gz
# tar xvzf mod_rpaf-0.6.tar.gz
# cd mod_rpaf-0.6
# /usr/local/apache/bin/apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

2. Doing so will install the module into the Apache module directory.

Then Go to your  Web Host Manager (WHM) follow the tree here:
Main >> Service Configuration >> Apache Configuration > Include Editor > Pre Main Include and Select the apache version that is running on your cPanel server. and then add following code section there, and replace (place your ips here without the brakets) with the list of IP addresses on your Cpanel server:

==================================================
LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
# Enable reverse proxy add forward

RPAFproxy_ips 127.0.0.1  (place all your ips here without the brakets)

RPAFsethostname On
# let rpaf update vhost settings allowing to have
# the same hostnames as in the “actual” configuration for the
# forwarding apache installation

RPAFheader X-Real-IP
# Allows you to change which header we have mod_rpaf looking for
# when trying to find the ip the that is forwarding our requests
===================================================

3. Once this is completed – we are ready to move Apache to another port. To move the apache to another port follow the below:

Go to your WHM  >> “tweak settings”  and change the apache port from 80 to 81 (find 0.0.0.0:80 and change it to 0.0.0.0.:81)

4. Do the following

# /usr/local/cpanel/whostmgr/bin/whostmgr2 –updatetweaksettings

5. Check your “/usr/local/apache/conf/httpd.conf”  for any occurrences of port 80,
#  vi /usr/local/apache/conf/httpd.conf

Find for port 80 if you found any occurrences of port 80 then rebuild your apache configuration file by running
# /scripts/rebuildhttpdconf   and make sure your httpd.conf file is up to date

6. Then run
# /etc/init.d/httpd restart

7. Now install Nginx. You must install pcre library in order to install Nginx on your cPanel server:

# wget ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-7.9.tar.gz
# tar xvzf pcre-7.9.tar.gz
# cd pcre-7.9
# ./configure
# make
# make install

Now Install Nginx

#wget http://sysoev.ru/nginx/nginx-0.7.63.tar.gz
# tar xvzf nginx-0.7.63.tar.gz
# cd nginx-0.7.63
# ./configure
# make
# make install

9. Create nginx.sh file and put the below code section to the file :

# vi  nginx.sh
===================================================================
#!/bin/sh

cat > “/usr/local/nginx/conf/nginx.conf” <<EOF
user  nobody;
# no need for more workers in the proxy mode
worker_processes  2;

error_log  logs/error.log info;

worker_rlimit_nofile  8192;

events {
worker_connections  1024; # you might need to increase this setting for busy servers
use epoll; #  Linux kernels 2.6.x change to epoll
}

http {
server_names_hash_max_size 2048;

include    mime.types;
default_type  application/octet-stream;

sendfile on;
tcp_nopush on;
tcp_nodelay on;

keepalive_timeout  10;

gzip on;
gzip_min_length  1100;
gzip_buffers  4 32k;
gzip_types    text/plain application/x-javascript text/xml text/css;
ignore_invalid_headers on;

client_header_timeout  3m;
client_body_timeout 3m;
send_timeout     3m;
connection_pool_size  256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size  4k;
output_buffers   4 32k;
postpone_output  1460;

include “/usr/local/nginx/conf/vhost.conf”;
}

EOF

/bin/cp /dev/null /usr/local/nginx/conf/vhost.conf

cd /var/cpanel/users
for USER in *; do
for DOMAIN in `cat $USER | grep ^DNS | cut -d= -f2`; do
IP=`cat $USER|grep ^IP|cut -d= -f2`;
ROOT=`grep ^$USER: /etc/passwd|cut -d: -f6`;
echo “Converting $DOMAIN for $USER”;

cat >> “/usr/local/nginx/conf/vhost.conf” <<EOF
server {
access_log off;

error_log  logs/vhost-error_log warn;
listen    80;
server_name  $DOMAIN www.$DOMAIN;

location ~* \.(gif|jpg|jpeg|png|ico|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|js|css|html|htm|wml)$ {
root   $ROOT/public_html;
}

location / {
client_max_body_size    10m;
client_body_buffer_size 128k;

proxy_send_timeout   90;
proxy_read_timeout   90;

proxy_buffer_size    4k;
# you can increase proxy_buffers here to suppress “an upstream response
#  is buffered to a temporary file” warning
proxy_buffers     16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

proxy_connect_timeout 30s;

proxy_redirect  http://www.$DOMAIN:81   http://www.$DOMAIN;
proxy_redirect  http://$DOMAIN:81   http://$DOMAIN;

proxy_pass   http://$IP:81/;

proxy_set_header   Host   \$host;
proxy_set_header   X-Real-IP  \$remote_addr;
proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;
}
}
EOF
done
done
===================================================================================

8. Save the file and change the permision and then run :
# chmod 755 nginx.sh
# sh nginx.sh

9. Now Check the  Nginx configuration
#/usr/local/nginx/sbin/nginx -t

=============================
Great install instructions, everything worked fine just some additional info if you get error like  invalid event type “rtsig” when you run this commmand: # /usr/local/nginx/sbin/nginx -t

To correct this error you should do this: vi /usr/local/nginx/conf/nginx.conf
Find line 11 and change “rtsig” to “epoll” .

This error occures in case your server is using kernel 2.4.x
===============================

10. Restart Nginx
# /usr/local/nginx/sbin/nginx

11. create init script

# vi /etc/init.d/nginx
And put the below code section to the file:
========================================================================
#!/bin/sh
#
# nginx – this script starts and stops the nginx daemin
# Taken from http://www.hikaro.com
# chkconfig:   – 85 15
# description:  Nginx is an HTTP(S) server, HTTP(S) reverse \
#               proxy and IMAP/POP3 proxy server
# processname: nginx
# config:      /usr/local/nginx/conf/nginx.conf
# pidfile:     /usr/local/nginx/logs/nginx.pid

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
[ "$NETWORKING" = "no" ] && exit 0

nginx=”/usr/local/nginx/sbin/nginx”
prog=$(basename $nginx)

NGINX_CONF_FILE=”/usr/local/nginx/conf/nginx.conf”

lockfile=/var/lock/subsys/nginx

start() {
[ -x $nginx ] || exit 5
[ -f $NGINX_CONF_FILE ] || exit 6
echo -n $”Starting $prog: ”
daemon $nginx -c $NGINX_CONF_FILE
retval=$?
echo
[ $retval -eq 0 ] && touch $lockfile
return $retval
}

stop() {
echo -n $”Stopping $prog: ”
killproc $prog -QUIT
retval=$?
echo
[ $retval -eq 0 ] && rm -f $lockfile
return $retval
}

restart() {
configtest || return $?
stop
start
}

reload() {
configtest || return $?
echo -n $”Reloading $prog: ”
killproc $nginx -HUP
RETVAL=$?
echo
}

force_reload() {
restart
}

configtest() {
$nginx -t -c $NGINX_CONF_FILE
}

rh_status() {
status $prog
}

rh_status_q() {
rh_status >/dev/null 2>&1
}

case “$1″ in
start)
rh_status_q && exit 0
$1
;;
stop)
rh_status_q || exit 0
$1
;;
restart|configtest)
$1
;;
reload)
rh_status_q || exit 7
$1
;;
force-reload)
force_reload
;;
status)
rh_status
;;
condrestart|try-restart)
rh_status_q || exit 0
;;
*)
echo $”Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload|configtest}”
exit 2
esac
========================================================================================

11. save the code and execute
# chmod +x /etc/init.d/nginx

12. make it start when the server run
# /sbin/chkconfig nginx on

13.You can run following command to check if its running:

# service nginx start
# service nginx stop
# service nginx restart
# service nginx reload
# service nginx configtest
# service nginx status

14. To Create an automatic virtualhost entry in nginx virtualhost configuration  (/usr/local/nginx/conf/vhost.conf)  when cPanel account get created on the server follow the below instructions:

Go to the cPanel script that is :

# vi /scripts/postwwwacct
# chmod 755 /scripts/postwwwacct
and put the same code that is used in “nginx.sh” in the step 9 and it will create an virtualhost entry to the nginx.

15.To remove virtualhost entry from nginx virtualhost configuration (/usr/local/nginx/conf/vhost.conf)  when cPanel account get terminated from the server follow the below instructions:

Go to the cPanel script that is :

# vi /scripts/postwkillacct
# chmod 755 /scripts/postwkillacct

and put the same code that is used in “nginx.sh” in the step 9 and it will create an virtualhost entry to the nginx.

DONE!! Cheers!!!!

Domain unable to unsuspend in Plesk 9.5

After upgrading plesk to latest release one of our domain on plesk server was unable to unsuspend thus giving the following error.

“Warning: The domain is still suspended for the following reason: Domain is temporarily suspended for backing up or restoring”

Though it appear to be backup issue but backups were not running for the domain making it quite confusing, So we had the following method to unsuspend the domain.

Login into shell and ran the following command.

/usr/local/psa/bin/domain -u domain.com -status enabled

Segmentation fault

Voila !! So here is the problem plesk binaries is showing segmentation fault so it appears that the plesk upgrade didn’t go properly.  Plesk itself work on these binaries which here appears to be a problem.  Now Login into plesk and under “Updates ” select the plesk base package option and re-install the Plesk Base packages to make the plesk binaries working again.  You should receive a email when the updates are completed.

Follow the steps to reconfigure the domain in plesk database.

Reconfigure Domain:

/usr/local/psa/admin/sbin/websrvmng –reconfigure-vhost –vhost-name=domain.com

Change the status for domain

/usr/local/psa/bin/domain -u domain.com -status enabled

You should get a message the Object successfully enabled, Thats it the domain should be unsuspended in Plesk.

Simple Steps to install mod_flvx with Apache

Today we had to install mod_flvx on CentOs server and here are the steps you need to do. I guess you have already installed Apache web server being cpanel server.  Just be sure that you have apache 2.2 version on the server or else you might have errors during compiling mod_flv.

Download mod_flvx.c

cd /usr/src

wget http://github.com/osantana/mod_flvx/blob/master/mod_flvx.c

Compile and install module:

/usr/local/apache/bin/apxs -i -a -c mod_flvx.c

Add the following handler in /usr/local/apache/conf/httpd.conf

AddHandler flv-stream .flv

Reload configuration:

service httpd restart

ffmpeg-php compile error – make: *** [ffmpeg_frame.lo] Error 1

If you are getting the following error while compiling the latest release of ffmpeg-php-0.6.0 , This will article will let you know how to get this fix.

Error:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_toGDImageâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: (Each undeclared identifier is reported only once
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:336: error: for each function it appears in.)
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c: In function âzim_ffmpeg_frame_ffmpeg_frameâ:
/usr/src/ffmpeg-php-0.6.0/ffmpeg_frame.c:421: error: âPIX_FMT_RGBA32â undeclared (first use in this function)
make: *** [ffmpeg_frame.lo] Error 1

Solution:-

Under the ffmpeg-php-0.6.0 directory modify the file: ffmpeg_frame.c with nano or vi editor and replace every instance of PIX_FMT_RGBA32 with PIX_FMT_RGB32

# nano ffmpeg_frame.c
# Search for PIX_FMT_RGBA32 and replace it with PIX_FMT_RGB32
# Exit from the editor

Then run the following commands:

# cd /usr/local/src/ffmpeg-php-0.6.0
# cp -aP ffmpeg_frame.loT ffmpeg_frame.lo
# make clean
# ./configure
#   make
#   make install

This should fix the errors given above. Finally add the ffmpeg.so extension in php.ini and check phpinfo for the server you should see ffmpeg listed.

Hardening /tmp in Plesk

Hardening /tmp location is very important as you may risk running rootkits, ircbots and trojans from that location. Today we had a similar problem with one of our plesk server where these bots were getting uploaded in /tmp location. However there is NO perfect solution to find how these are getting uploaded under /tmp but its better take preventive mesaures for not letting them execute.

Hardening /tmp

Since /tmp was not seperately mounted there is no need to take the backup of /etc/fstab file. However its good to take in case anything goes wrong.

Create a separate partition for /tmp. For that we need to create a separate device with a certain space. The space allocation is actually depending on the apps running on your machine. Here I’m creating a separate device of size 100M and formatting it with ext3 filesystem.

dd if=/dev/zero of=/dev/tmpFS bs=1024 count=100000

mke2fs –j /dev/tmpFS

Copying existing data which is in the /tmp directory to a sperate temporary directory.

cp –pRf  /tmp /tmp_bkp

Mounting the new partition that we’ve created in the /tmp directory and setting the necessary permissions.

mount -o loop,noexec,nosuid,rw /dev/tmpFS /tmp

chmod 1777 /tmp

Copy the old data which is int /tmp_bkp directory to the new /tmp directory.

cp –pRf  /tmp_bkp/* /tmp

Finally add the following entry to the fstab to make the changes permanent.

/dev/tmpFS /tmp ext3 loop,nosuid,noexec,rw 0 0

That’s it. Your /tmp location is secured now.

Binding multiple network interfaces (NIC) into single interface

Today we had successfully binded two nic cards into one single interface , Basically the purpose is to increase the speed and bandwidth as Linux allows administrators to bind NICs together into a single channel using the bonding kernel module and a special network interface called a channel bonding interface. Channel bonding enables two or more network interfaces to act as one, simultaneously increasing the bandwidth and providing redundancy. Before proceeding make sure both the interfaces eth0 and eth1 are having a uplink. You can check using mii-tool command.

eth0: negotiated 100baseTx-FD, link ok
eth1: negotiated 100baseTx-FD, link ok

To channel bond multiple network interfaces, the system administrator must perform the following steps:

Setting up bounding is easy CentOS release 5.5 (Final)

Step #1: Create a bond0 configuration file

CentOS linux stores network configuration in /etc/sysconfig/network-scripts/ directory. So you need to create bond0 config file:

# nano /etc/sysconfig/network-scripts/ifcfg-bond0

Append following lines to it:-

DEVICE=bond0
IPADDR=12.12.12.12
NETMASK=255.255.255.0
NETWORK=12.12.12.0
BROADCAST=12.12.12.255
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
BONDING_SLAVE0=”eth0″
BONDING_SLAVE1=”eth1″

Make sure you Replace the above IP address with your actual IP address.  Save file and exit to shell prompt.

Step #2: Modify eth0 and eth1 config files:

Open both configuration using nano or vi text editor and make sure file read as follows for eth0 interface

# nano /etc/sysconfig/network-scripts/ifcfg-eth0

Modify/append directive as follows:

DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0
SLAVE=yes

Open eth1 configuration file using nano or vi text editor:

# nano /etc/sysconfig/network-scripts/ifcfg-eth1

Make sure file read as follows for eth1 interface:

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
USERCTL=no
MASTER=bond0
SLAVE=yes

Save file and exit to shell prompt.

Step # 3: Load bond driver/module

Make sure bonding module is loaded when the channel-bonding interface (bond0) is brought up. You need to modify kernel modules configuration file:

# nano /etc/modprobe.conf

Append following two lines:

alias bond0 bonding
options bond0 mode=balance-rr miimon=100

Save file and exit to shell prompt.

Here we are using Round-robin policy which Transmit packets in sequential order from the first available slave through the last.  This mode provides load balancing and fault
tolerance. You need to decide which method you want to use for interface — For More information please check network_card_bonding_centos

Step # 4: Test configuration

Instead of probing the module or doing a network service restart you may hang out from the server so the best way will be to reboot the server.

Verify everything is working by cat /proc/net/bonding/bond0

Output:-

Ethernet Channel Bonding Driver: v3.4.0 (October 7, 2008)

Bonding Mode: load balancing (round-robin)
MII Status: up
MII Polling Interval (ms): 100
Up Delay (ms): 0
Down Delay (ms): 0

Slave Interface: eth0
MII Status: up
Link Failure Count: 1
Permanent HW addr: 00:04:21:d6:fw:db

Slave Interface: eth1
MII Status: up
Link Failure Count: 0
Permanent HW addr: 00:07:e3:0f:6c:f7

List all interfaces using ifconfig command and you should notice that the same Mac address is assigned to all the three interfaces. You can also the RX TX bytes values so That should tell you its working good.

What is VPN ( Virtual Private Network)

VPN stands for Virtual Private Network. A VPN uses the Internet as it’s transport mechanism, while maintaining the security of the data on the VPN. VPNs commonly are used to connect local area networks (LANs) into wide area networks (WANs) using the Internet.

Some of the basic requirements for VPN

1] User Permission: Enable a user to access the VPN. To do this, go to AD Users and Computers, select the user who need to access the VPN, click Dial-in. Check Allow access on the Remote Access Permission (Dial-in or VPN).

2] IP Configuration:  The VPN server should have a static IP address and assign the arrange IP addresses to VPN clients. The VPN server must also be configured with DNS and WINS server addresses to assign to the VPN client during the connection.

3] Data Encryption: Data carried on the public network should be rendered unreadable to unauthorized clients on the network.
4] Protocol Support. The TCP/IP is common protocols used in the public network. The VPN also include IP, Internetwork Packet Exchange (IPX), NetBEUI and so on.

5] Firewall Ports. When you place a VPN server behind your firewall, be sure to enable IP protocol 47 (GRE) and TCP port 1723.

6] Interface(s) for VPN server. If your network doesn’t have a router or the VPN is also a gateway, your computer must have at least two interfaces, one connecting to the Internet and another connecting to the LAN. If it is behind a router, you just need one NIC.

7] One interface for VPN client. The interface can be a dial-in modem, or a dedicated connection to the Internet.
Downloading the new  version of OpenVPN

SolusVM Error : Getting connection error when adding a slave to the master in SolusVM

We had that problem with SolusVM server while adding a Slave to the master in SolusVM control panel

Here is what you need to do…

In that case you need to check the IP address that is listed in /usr/local/solusvm/data/allow.dat on the slave matches the IP Address of the master. You can check the IP running the below command on your shell

# curl -s http://checkip.dyndns.org/ | grep -o “[[:digit:].]\+”

The result for above command should correct IP address. You need to check one thing the IP address is listed on the eth0

PHP modules errors :

SolusVM uses the standard CentOS PHP rpms for its installation so any other version usually breaks the system.

First check the version of php#  php –v

If you get any other version instead of 5.1.6 , it usually means you have extra repos installed in yum, like the old lxlabs repo or rpmforge repo. There is no real need to have these extra repos installed on your node and they can be removed from the /etc/yum.repos.d folder.
Any module errors are usually caused by the modules directory being wrongly defined in /etc/php.ini.

For 32bit systems the module directory should be: /usr/lib/php/modules
For 64bit systems the module directory should be: /usr/lib64/php/modules

Running Windows Plesk control panel on additional port 443.

One of our windows server required plesk to run on dedicated ip on port 443 because of ISP restriction as they only allowed access to port 443 and 80. By default Plesk Control Panel Web site in IIS is configured to listen on port 8443 on all IP addresses. A dedicated IP address needs to be used for Plesk Plesk Control Panel and none of domains hosted on the server for that ip.  This is required to avoid conflicts with existing websites

The following needs to be done:

1. Go to IIS management console

2. Find PleskControlPanel web site

3. Click on Properties

4. Click on Advanced button in Web Site tab

5. Add SSL identity for the Web Site

6. Set IP address that you want to use and set SSL port to 443

7. Apply

Then edit Apache configuration file %plesk_dir%admin\conf\httpd.conf.

1. Find the line

Listen 8443

2. Add the following line below that

Listen IP_address:443

Retsart Plesk Control Panel service using tray monitor.

Apache Error – child pid xx exit signal Segmentation fault (11)

One of our servers apache was going down frequently and while looking at the apache error logs we found the following errors.

tail -f /usr/local/apache/logs/error_logs

[Fri May 07 10:42:08 2010] [notice] child pid 30356 exit signal Segmentation fault (11)
[Fri May 07 10:42:09 2010] [notice] SIGHUP received.  Attempting to restart
[Fri May 07 10:42:09 2010] [notice] seg fault or similar nasty error detected in the parent process

After investigating a little we manage to find the problem was with php failure.

php -v
PHP 5.2.9 (cli) (built: Jan 27 2010 15:56:41)
Copyright (c) 1997-2009 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2009 Zend Technologies
with the ionCube PHP Loader v3.3.7, Copyright (c) 2002-2009, by ionCube Ltd., and
with Zend Optimizer v3.3.9, Copyright (c) 1998-2009, by Zend Technologies
Segmentation fault (core dumped)
Solution:

The core problem was with Xcache installed and we have to remove Xcache settings on the server from php.ini . Please make sure you are using the correct Xcache version which is compatible with Zend Optimizer as Xcache do have problems with Zend Optimizer.