May 6th, 2010 by Rudolf

Passing IP’s to apache with nginx proxy

When you use nginx as a proxy to an Apache backend server your apache will pick up the IP address of your nginx proxy as the clients IP.  Because of this your apache log files becomes useless and .htaccess IP based access control stops to work.

Nginx provides a HTTP X-Forwarded-For header containing the clients real IP address however this is something apache will not notice by default.

You can configure apache to recognize the original client IP  from the X-forwarded-for as the original client IP with
the help of the mod_rpaf apache module. On debian or ubuntu, this can be done by installing the rpaf package:

<shell> sudo apt-get install  libapache2-mod-rpaf

Once the mod_rpaf module has been installed, you need to reconfigure apache.
You will need to add your nginx IP after the RPAFproxy_ips setting:

On a debian or ubuntu box you can edit the following file replacing  WWW.XXX.YYY.ZZZ for the IP of your nginx proxy if you run nginx and apache on the same box this IP might be the loopback address 127.0.0.1

<shell> sudo nano etc/apache2/mods-available/rpaf.conf

<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips WWW.XXX.YYY.ZZZ
</IfModule>

If you installed the ubuntu package, this should be set up for you automatically in / .

Once you restart apache, you should be able to see the correct IP addresses in the apache access logs and .htacces IP
based access should work again.

Rudolf Maduro – Life Coach & IT specialist

www.rudolfmaduro.com

nginx, nginx proxy, Passing IPs to apache with nginx proxy, wrong IP

May 6th, 2010 by Rudolf

Extracting one Database From a full mysqldump File

Normal system administrators make a full database dump as a safety guard against server or disk failure with the following command:

shell>mysqldump -e -u root –password=securepasswd –all-databases > fulldump.sql

The idea behind a full dump, when recovering from a crash it is easy to recover all databases in one go. You can restore all databases with a single command (watch out do not use this command on a live databaseserver it will overwrite all existing databases and tables):

shell> mysql -u root -p securepassword database_name < fulldump.sql

If you want to recover online ONE single database from a full dump file use the following command with the –one-database flag!

mysql> mysql -u root -p –one-database testdb < fullserverdump.sql

If you don’t want to restore the database, but you only want to extract the database testdb out of the full dump file you can do this with sed:

shell> sed -n ‘/^– Current Database: `test`/,/^– Current Database: `/p’ fulldump.sql > test.sql

if the above does not work (older mysql versions) try:

shell> sed -n ‘/^– Current Database: test/,/^– Current Database: /p’ fulldump.sql > test.sql

“You just need to change “testdb” to be the name of the database you want extracted.”

Rudolf Maduro – Life Coach and IT specialist

www.rudolfmaduro.com

Disclaimer: Test all commands on your sandbox system first. I assume no responsibility if you break your system using this information.

Extracting one Database, from a full mysqldump

May 5th, 2010 by Rudolf

Virtualisation for Linux

Virtualisation for Linux is a technique to divide one hardware server into smaller virtual servers (containers/jails/vps)

The main reasons to virtualise your server is performance and security. Now you can divide your regular hosting server into 2 containers, one for your mysql server and one for your apache. So you can tweak both servers individually for better performance and security. So you can give your MySQL server an non-routable IP so it can not be reached from the outside IP.

In my work as a system administrator I too had to test out different virtual systems. I had a next to nothing budget for buying software because I invested most of my budget into good quality server hardware from HP.

Because the regular servers already run on debian I tried to look for a solution that runs on debian. The solution I found and that I have been using for more than a year now is OpenVZ.

If you are using debian stable (Lenny) you can install de OpenVZ kernel easily from the debian mirrors there is even a 64 AMD architecture available for 64 bit CPU’s.

Over the year I have successfully installed over 40 OpenVZ homenodes remotely for clients all over the world. I still remotely manage some of these home nodes for my clients. Some of my clients even use my Remote Server Monitoring service to monitor their homenode server and installed VPS servers.

If you want to try virtualisation but you are having troubles with the installation you can always contact me for help. Within one evening I can remotely install an OpenVZ kernel if you are using Debian OS/

I even install my script cve.sh (Create VE) a bash script to easily make VPS servers from the console.

Depening on what kind of services you want to run on your server and how many public IP’s you have you might end up using one virtual container as a proxy to transfer traffic to all your other virtual servers.

With OpenVZ you can now easily divide your server up into slices for better performance and security. Give OpenVZ and you will be amazed.

author: Rudolf Maduro (Life Coach and IT specialist)

64 AMD architecture, 64 bit CPU, HP server, OpenVZ, Virtualisation for Linux

May 5th, 2010 by Rudolf

Backup all mysql databases to separate dump files

With this script I backup my whole MySQL database into separate files. Restoring a broken DB is easier this way.

I included the possibility to keep 3 days worth of snapshots plus any backup older than  3 days will be removed automatically.

#!/bin/bash
# (c) 2007-2010 rmaduro backup all mysql databases
bakdir=/home/backup/backups
user=backup
password=xxxx
#
date=`date -I`
for i in /var/lib/mysql/*/; do
dbname=`basename $i`
mysqldump -u $user --password=$password $dbname > /$bakdir/$dbname-$date.sql
done
#cd to backupdir
cd $bakdir
#give to correct readonlyrights
chmod 600 $bakdir/*.sql
# Remove files older than 3 day from backupdir - don't touch code below!
#
find $bakdir -type f -mtime +3|xargs -i rm -f {}
#
#done
#

all databases, all databases at once, Backup Scripts, full database backup, full MySQL backup, MySQL, separate dump files

April 21st, 2010 by Rudolf

linux debian server installation help

Debian Linux is a good choice when configuring a robust Linux server. A good sysadmin can configure a system capable of handling thousands of connections per second with a simple out-of-the box installation with some minor tweaks  here and there.

When configuring a server that needs to handle a lot of connections to the apache webserver you might want to do a virtualisation setup with OpenVZ and some virtual containers. This is so you can isolate your webserver from your MySQL server for performance reasons. One other tweak that is overlooked many times is the Apache daemon. The out-of-the-box configuration file of apache is not capable to handle a thousands of connections. You might need to tweak this by hand.

Using nginx as a front-end proxy to direct http/https traffic to your apache servers is also a good choice to split up the load to increase performance.

If you currently have a site that is drawing a lot of traffic and you are in need to split up the load you may contact me for assistance. I do like these kind of projects.

greetz,

Rudolf Maduro (mail+@+ rudolfmaduro+.+ com)

apache, Debian, http, Lenny, load balancing, nginx, OpenVZ, virtualisation

April 19th, 2010 by Rudolf

This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later

If you are using Debian Lenny with Amavis and ClamAV you probably noticed that email is not being delivered anymore. Maybe you noticed the following in your mail.log:

“This ClamAV version has reached End of Life! Please upgrade to version 0.95 or later”

Clamav announced that on the 16th of April 2010 all support will be  dropped for versions before 0.95. Debian Lenny stable branch has ClamAV 0.94 this version can no longer be used. Debian can be quite slow with updating packages that reach end-of-life. This is the best workaround until a new package is merged into the stable branch.

You can fix this issue by using clamav from the volatile branch for now

To do this you follow these steps:

1. as root: edit the /etc/apt/sources.list add the following line  without the quotes ” deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free “
2. as root: apt-get update
3. as root: apt-get remove clamav
4. as root: apt-get install clamav
5. as root: /etc/init.d/clamav-daemon restart

If all goes well you should be receiving your queued e-mail as well. If you are in need of help I do offer

remote system administration services for Linux Servers.

Rudolf Maduro (IT specialist and Personal Life Coach)

CEO of www.remote-server-monitoring.com , www.network-monitoring.biz and www.onlinelifecoach.nl

Note: I assume no responsibility when the above information is used. Any damages to you or your users after using this procedure is your own responsibility. This information is given for educational purposes only.

0.94, 0.95, 5.0, ClamAV, Debian, End of Life, Lenny