Servers

Apache + mod_deflate

Posted on by Andy

With mod_deflate you can use on-the-fly compression for your content delivered by apache. The content is compressed before it is sent to the browser which decompresses then the received data. Almost all modern browsers support gzip decompression. Although the apache module is called mod_deflate it uses the gzip compression method.

I could reduce the size of a lot of pages by almost 30-40% when delivering. As you can imagine this saves quite some bandwidth and gives you the ability to serve more pages.

So, how to implement this?

first you have to enable mod_deflate in your httpd.conf. Usually this module is already loaded if not uncomment the line or add 

LoadModule deflate_module modules/mod_deflate.so

then create a new .conf file in your httpd config directory (usually something like /etc/httpd/conf.d) and add this 

# add if module is enabled
<IfModule mod_deflate.c>

    # add content compression for given mime types
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript

    # set default compression level (1-9, higher number = higher compression)
    DeflateCompressionLevel 9

    # make some exceptions for problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # set the deflate logging notice
    DeflateFilterNote Input instream
    DeflateFilterNote Output outstream
    DeflateFilterNote Ratio ratio

    # and set the logging format
    LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate

</IfModule>

into a new file, e.g. deflate.conf, save it and restart your apache server. From now on every page loaded will be served with gzip compression.

You can also use gzip compression from .htaccess. Simply add this: 

# add if module is enabled
<IfModule mod_deflate.c>

    # add content compression for given mime types
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript

    # make some exceptions for problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

</IfModule>

Ensim virtualhosting filelists explained

Posted on by Andy

IN THE FILELISTS ARE SOME LETTERS USED. HERE AN EXPLANAITON:

[[T:][U,(|admin):][G,(|admin):][L:][M,:][C:][R:][P:][A:][N:][I:][S,:]( [ // ]| <[!]pattern>)

The optional characters at the beginning are flags. Here are their meanings:

T: This file should be considered a template file (i.e. copied into the domain, and not hardlinked) 

U,(<user>|admin): this file should be owned by the top level user <user>, or by the site admin (if admin is given). This will generally be used with T:, although it could be hard-linked. If hard-linked, the user parameter must be a top-level user, and not the special keyword admin. While expected to be rarely used, one example would be if you wanted to hardlink in an apache-owned file into each domain.

G,(<group>|admin): similar to U:, except that this controls the group ownership 

L: Indicates that this file is a symlink that should be created. <filename2> must be specified, and will be what the created symlink will point to. Symlinks imply the T: flag, since hardlinked symlinks aren't supported over NFS.

M,<mode>: this file should be created with the permissions as given in <mode>. <mode> may be specified as octal (with a leading 0), hexidecimal (leading 0x), or integer. The common case would be to specify it as octal. 

C: this file should be taken from the root filesystem but placed in a different location under the domain filesystem. <filename2> must be specified. For example, you might have the line "/usr/lib/opcenter/sendmail/install/sendmail.mc.site // /etc/mail/sendmail.mc" 

R: this path is a directory, and all files under it should be handled recursively. 

P: this path is a permanent template file, and should not be removed or updated under the templates directory. 

A: this file should always be updated. 

S,<pkg type>: The end of the line contains a package name and pattern. The contents of the package should be listed, and the pattern applied to the list. The resulting list of files will be added to the manifest as if they were listed separately with the rest of the flags given on the original line. If the pattern begins with an !, then the pattern is used to remove files from the package's manifest.

N: should only be specified along with the S flag. Specifies that this package should not be considered a strict dependency of the containing fst package. 

I: Include files that aren't listed in the package file list, but are generated / owned by that package. Example of such file are the files generated in %post scriptlet of rpm. 

<filename> and <filename2> must be absolute paths.

Create a master zone in BIND9 (CentOS)

Posted on by Andy

After installing BIND with your package manager (yum) you need to edit the main configuration file. The following configuration was adopted to my needs but you should get the points. For more infos about the config switches you can look at the named manual pages.

edit /etc/named.conf and change following lines:

options {
    listen-on-v6 { none; };
    listen-on port 53 { 127.0.0.1; YOUR_LOCAL_IP; };
    allow-query { localhost; };
    allow-transfer { none; };
    recursion no;
}

add your zone information to the file:

zone "MYDOMAIN" {
    type master;
    file "MYDOMAIN.zone";
    allow-query { any; };
}

now create your zone file /var/named/MYDOMAIN.zone and add following lines:

$TTL 3h
@             IN SOA          ns.MYDOMAIN. root.MYDOMAIN. (
                                     MODIFICATION ; serial
                                     3h ; refresh
                                     1h ; retry
                                     1w ; expiry
                                     1d  ; minimum
)
MYDOMAIN.             IN MX          0 mail.MYDOMAIN.
MYDOMAIN.             IN TXT         "v=spf1 ip4:YOUR_PUBLIC_IP/32 mx ptr mx:mail.MYDOMAIN -all"
MYDOMAIN.             IN NS           ns.MYDOMAIN.
MYDOMAIN.             IN NS           SLAVE_DNS_SERVER
www.MYDOMAIN.      IN A             MYHOST_IP
ns.MYDOMAIN.         IN A             MYHOST_IP
mail.MYDOMAIN.       IN A             MYHOST_IP
HOST.MYDOMAIN.    IN A             MYHOST_IP

now, save the file and make sure it has the right permissions:

# chown root:named /var/name/MYDOMAIN.zone
# chmod 640 /var/name/MYDOMAIN.zone

then add a firewall rule if not alreaqdy done:

# iptables -A INPUT -m state –state NEW -p udp –dport 53 -j ACCEPT

and (re-)start the nameserver.

article based on this howto