Apache + mod_deflate

Posted on by Andy

With mod_deflate you can use on-the-fly compression for your content delivered by apache. The content is compressed before it is sent to the browser which decompresses then the received data. Almost all modern browsers support gzip decompression. Although the apache module is called mod_deflate it uses the gzip compression method.

I could reduce the size of a lot of pages by almost 30-40% when delivering. As you can imagine this saves quite some bandwidth and gives you the ability to serve more pages.

So, how to implement this?

first you have to enable mod_deflate in your httpd.conf. Usually this module is already loaded if not uncomment the line or add 

LoadModule deflate_module modules/mod_deflate.so

then create a new .conf file in your httpd config directory (usually something like /etc/httpd/conf.d) and add this 

# add if module is enabled
<IfModule mod_deflate.c>

    # add content compression for given mime types
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript

    # set default compression level (1-9, higher number = higher compression)
    DeflateCompressionLevel 9

    # make some exceptions for problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

    # set the deflate logging notice
    DeflateFilterNote Input instream
    DeflateFilterNote Output outstream
    DeflateFilterNote Ratio ratio

    # and set the logging format
    LogFormat '"%r" %{outstream}n/%{instream}n (%{ratio}n%%)' deflate

</IfModule>

into a new file, e.g. deflate.conf, save it and restart your apache server. From now on every page loaded will be served with gzip compression.

You can also use gzip compression from .htaccess. Simply add this: 

# add if module is enabled
<IfModule mod_deflate.c>

    # add content compression for given mime types
    AddOutputFilterByType DEFLATE text/plain
    AddOutputFilterByType DEFLATE text/html
    AddOutputFilterByType DEFLATE text/xml
    AddOutputFilterByType DEFLATE text/css
    AddOutputFilterByType DEFLATE application/xml
    AddOutputFilterByType DEFLATE application/xhtml+xml
    AddOutputFilterByType DEFLATE application/rss+xml
    AddOutputFilterByType DEFLATE application/javascript
    AddOutputFilterByType DEFLATE application/x-javascript

    # make some exceptions for problematic browsers
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4\.0[678] no-gzip
    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

</IfModule>

Ensim virtualhosting filelists explained

Posted on by Andy

IN THE FILELISTS ARE SOME LETTERS USED. HERE AN EXPLANAITON:

[[T:][U,(|admin):][G,(|admin):][L:][M,:][C:][R:][P:][A:][N:][I:][S,:]( [ // ]| <[!]pattern>)

The optional characters at the beginning are flags. Here are their meanings:

T: This file should be considered a template file (i.e. copied into the domain, and not hardlinked) 

U,(<user>|admin): this file should be owned by the top level user <user>, or by the site admin (if admin is given). This will generally be used with T:, although it could be hard-linked. If hard-linked, the user parameter must be a top-level user, and not the special keyword admin. While expected to be rarely used, one example would be if you wanted to hardlink in an apache-owned file into each domain.

G,(<group>|admin): similar to U:, except that this controls the group ownership 

L: Indicates that this file is a symlink that should be created. <filename2> must be specified, and will be what the created symlink will point to. Symlinks imply the T: flag, since hardlinked symlinks aren't supported over NFS.

M,<mode>: this file should be created with the permissions as given in <mode>. <mode> may be specified as octal (with a leading 0), hexidecimal (leading 0x), or integer. The common case would be to specify it as octal. 

C: this file should be taken from the root filesystem but placed in a different location under the domain filesystem. <filename2> must be specified. For example, you might have the line "/usr/lib/opcenter/sendmail/install/sendmail.mc.site // /etc/mail/sendmail.mc" 

R: this path is a directory, and all files under it should be handled recursively. 

P: this path is a permanent template file, and should not be removed or updated under the templates directory. 

A: this file should always be updated. 

S,<pkg type>: The end of the line contains a package name and pattern. The contents of the package should be listed, and the pattern applied to the list. The resulting list of files will be added to the manifest as if they were listed separately with the rest of the flags given on the original line. If the pattern begins with an !, then the pattern is used to remove files from the package's manifest.

N: should only be specified along with the S flag. Specifies that this package should not be considered a strict dependency of the containing fst package. 

I: Include files that aren't listed in the package file list, but are generated / owned by that package. Example of such file are the files generated in %post scriptlet of rpm. 

<filename> and <filename2> must be absolute paths.

Clean RDP temporary licenses (Windows 2008 R2)

Posted on by Andy

RDP (Remote Desktop) temporary per client licenses will only be created the first time a client logs in. In general they have a 90 days validity period, after which, if no real certificate is issued, the client access is going to be denied. If you have no problem with re-creation of theses temporary certificates for your client and only use these, it's quite simply to renew every certificate for RDP.

Simply open the command-line (cmd) and do:

  • net stop "Remote Desktop Licensing"
  • del /Q c:\windows\system32\lserver\*
  • net start "Remote Desktop Licensing"

That should be it. All certificates are gone and a new database will be created as soon as the first user logs in. To empty your database on a regularly basis, just create a batch file and let it run every month.