Linux/Unix

Ensim MySQL connection problems in high security mode

Posted on by Andy

Hello, if you use a site with high security settings, the site's services are chrooted to the virtual file system. Usually the mysql socket file is hardlinked inside the virtual site but in my case this stopped working once and the socket is not linked correctly, resulting in the website not finding the database server.

Now there are several workarounds for that:

  1. Do NOT use localhost to connect but use localhost.localdomain or 127.0.0.1
  2. edit your /etc/init.d/mysqld script and add following line(s) just before the "return $ret" line in the start() section:

    for dir in `ls -d /home/virtual/site*`;
    do rm -f $dir/fst/var/lib/mysql/mysql.sock;
    ln $socketfile $dir/fst/var/lib/mysql/mysql.sock 2> /dev/null;
done

Apache + mod_deflate

Posted on by Andy

With mod_deflate you can use on-the-fly compression for your content delivered by apache. The content is compressed before it is sent to the browser which decompresses then the received data. Almost all modern browsers support gzip decompression. Although the apache module is called mod_deflate it uses the gzip compression method.

I could reduce the size of a lot of pages by almost 30-40% when delivering. As you can imagine this saves quite some bandwidth and gives you the ability to serve more pages.

So, how to implement this?

first you have to enable mod_deflate in your httpd.conf. Usually this module is already loaded if not uncomment the line or add 

LoadModule deflate_module modules/mod_deflate.so

then create a new .conf file in your httpd config directory (usually something like /etc/httpd/conf.d) and add this 

# add if module is enabled
<IfModule mod_deflate.c>

    # add content compression for given mime types
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript

    # set default compression level (1-9, higher number = higher compression)
    DeflateCompressionLevel 9

    # make some exceptions for problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # set the deflate logging notice
    DeflateFilterNote Input instream
    DeflateFilterNote Output outstream
    DeflateFilterNote Ratio ratio

    # and set the logging format
    LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate

</IfModule>

into a new file, e.g. deflate.conf, save it and restart your apache server. From now on every page loaded will be served with gzip compression.

You can also use gzip compression from .htaccess. Simply add this: 

# add if module is enabled
<IfModule mod_deflate.c>

    # add content compression for given mime types
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript

    # make some exceptions for problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

</IfModule>

Create a master zone in BIND9 (CentOS)

Posted on by Andy

After installing BIND with your package manager (yum) you need to edit the main configuration file. The following configuration was adopted to my needs but you should get the points. For more infos about the config switches you can look at the named manual pages.

edit /etc/named.conf and change following lines:

options {
    listen-on-v6 { none; };
    listen-on port 53 { 127.0.0.1; YOUR_LOCAL_IP; };
    allow-query { localhost; };
    allow-transfer { none; };
    recursion no;
}

add your zone information to the file:

zone "MYDOMAIN" {
    type master;
    file "MYDOMAIN.zone";
    allow-query { any; };
}

now create your zone file /var/named/MYDOMAIN.zone and add following lines:

$TTL 3h
@             IN SOA          ns.MYDOMAIN. root.MYDOMAIN. (
                                     MODIFICATION ; serial
                                     3h ; refresh
                                     1h ; retry
                                     1w ; expiry
                                     1d  ; minimum
)
MYDOMAIN.             IN MX          0 mail.MYDOMAIN.
MYDOMAIN.             IN TXT         "v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.MYDOMAIN -all"
MYDOMAIN.             IN NS           ns.MYDOMAIN.
MYDOMAIN.             IN NS           SLAVE_DNS_SERVER
www.MYDOMAIN.      IN A             MYHOST_IP
ns.MYDOMAIN.         IN A             MYHOST_IP
mail.MYDOMAIN.       IN A             MYHOST_IP
HOST.MYDOMAIN.    IN A             MYHOST_IP

now, save the file and make sure it has the right permissions:

# chown root:named /var/name/MYDOMAIN.zone
# chmod 640 /var/name/MYDOMAIN.zone

then add a firewall rule if not alreaqdy done:

# iptables -A INPUT -m state –state NEW -p udp –dport 53 -j ACCEPT

and (re-)start the nameserver.

article based on this howto