David Saliba

Rate Limiting in iptables

Posted on July 12, 2014 by David Saliba

iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 15 –connlimit-mask 32 -j REJECT –reject-with tcp-reset

Allowing Apache to see client ip from Behind a trusted proxy.

Posted on July 12, 2014July 12, 2014 by David Saliba

With high speed caching based on nginx, varnish or CDNs in general the client ip gets lost. All
IPs get reported as 127.0.0.1 since the proxy is making the socket request. Solution is two phased:

1) enable reporting the client IP to the X-Forwarded-For header at the proxy or CDN.

This depends on the proxy will be covered in separate posts.

2) installing and configuring the mod_remoteip in Apache 2.

Project link L https://github.com/ttkzw/mod_remoteip-httpd22
mkdir /usr/local/src/mod_remoteip
cd /usr/local/src/mod_remoteip
wget https://raw.githubusercontent.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.c
wget https://raw.githubusercontent.com/ttkzw/mod_remoteip-httpd22/master/mod_remoteip.conf
wget https://raw.githubusercontent.com/ttkzw/mod_remoteip-httpd22/master/Makefile

yum install httpd-devel
make
make install

Configuration in the Apache config file:

in /etc/httpd/conf/httpd.conf

# Load and configure mod_remoteip for Google PageSpeed Service
LoadModule remoteip_module /usr/lib64/httpd/modules/mod_remoteip.so
RemoteIPHeader X-Forwarded-For

service apache reload

voila 🙂

How to test varnish vcl file

Posted on July 6, 2014 by David Saliba

Unlike most other configuration systems varnish went with a compiled configuration so if there is a mistake all you get is :

Starting varnish HTTP accelerator: [FAILED]

To check what the problem is use the following :

varnishd -C -f default.vcl

varnishd -C -f default.vcl
Message from VCC-compiler:
Expected return action name.
(input Line 37 Pos 13)
return (hit_for_pass);
————############–
Running VCC-compiler failed, exit 1[root@MyHost1 varnish]# vim default.vcl
[root@MyHost1 varnish]# varnishd -C -f default.vcl
Message from VCC-compiler:
Invalid condition ‘&’ on numeric variable
only ‘==’, ‘!=’, ‘<‘, ‘>’, ‘<=’ and ‘>=’ are legal
(input Line 51 Pos 17)
if (obj.hits > 0) {
—————-#——–

Rightly so the error shouts back at you with a # under it.

Very clear and to the point, the vcl I had was HTML’ed and replaced > with >

That’s it..

nJoy 😉

How To Install WordPress on Centos 6

Posted on July 5, 2014 by David Saliba

About WordPress

WordPress is a free and open source website and blogging tool that uses php and MySQL. It was created in 2003 and has since then expanded to manage 22% of all the new websites created and has over 20,000 plugins to customize its functionality.

(more…)

Gluster peer probe fails (repeated UUID)

Posted on June 30, 2014 by David Saliba

The UUID for a node is stored in   /var/lib/glusterd/glusterd.info
The uuidgen tool is used to create a new UUID.

voila

nJoy ;-)

Installing couchbase

Posted on June 25, 2014June 25, 2014 by David Saliba

Tested in AWS and CENTOS6

sudo yum install wget -y
mkdir binaries
cd binaries
http://packages.couchbase.com/releases/2.2.0/couchbase-server-community_2.2.0_x86_64_openssl098.rpm

 sudo yum install -y pkgconfig -y
 sudo yum install openssl098e -y 
 sudo yum install couchbase-server*.rpm -y

nJoy 😉

To cleanup a brick previously used under glusterfs

Posted on June 23, 2014 by David Saliba

This must be done after you REALLY know this brick is going to be re-used elsewhere not in the same volume it was used before.
NOTE: Potential data loss

setfattr -x trusted.glusterfs.volume-id $brick_path
setfattr -x trusted.gfid $brick_path
rm -rf $brick_path/.glusterfs

Playing with Glusterfs

Posted on June 18, 2014June 30, 2014 by David Saliba

More details in a later post but I finally realized the order of things ? Thought I’d share.

Reference sites:
http://www.gluster.org/community/documentation/index.php/Getting_started_configure
http://www.redhat.com/magazine/009jul05/features/gfs_practices/

mkdir ~/gluster
cd ~/gluster

wget -l 1 -nd -nc -r -A.rpm http://download.gluster.org/pub/gluster/glusterfs/LATEST/RHEL/epel-6/x86_64/

 

yum install glusterfs-libs-*.el6.x86_64.rpm -y
yum install glusterfs-*.el6.x86_64.rpm -y
yum install glusterfs-fuse-*.el6.x86_64.rpm -y
yum install glusterfs-cli-*.el6.x86_64.rpm -y
yum install glusterfs-server-*.el6.x86_64.rpm -y
yum install glusterfs-geo-replication-*.el6.x86_64.rpm -y

service glusterd start
chkconfig glusterd on

service glusterfsd start
chkconfig glusterfsd on

gluster peer probe <hostname of the other server in the cluster, or IP address if you don’t have DNS or /etc/hosts entries>


dd if=/dev/zero of=~/test.bin count=10000k
losetup /dev/loop0 test.bin

fdisk /dev/loop0 ---> new partition all blocks fdisk --> n -> p -> 1 -> from 1 to 637 in this case

yum install xfsprogs xfsdump -y

mkfs.xfs -i size=512 /dev/loop0 -f

--- Testing fs --------
mkdir /mnt/test
mount /dev/loop0 /mnt/test



--------fstab -----

/root/test.bin /mnt/test xfs loop 0 0

>>>>> test rebooting


mkdir -p /mnt/test/brick

gluster volume create gv0 replica 2 192.168.1.81:/mnt/test/brick 192.168.1.79:/mnt/test/brick

gluster volume info

Volume Name: gv0
Type: Replicate
Volume ID: cb3110c8-82b0-45f5-9e38-98652a95b54b
Status: Created
Number of Bricks: 1 x 2 = 2
Transport-type: tcp
Bricks:
Brick1: 192.168.1.81:/mnt/test/brick
Brick2: 192.168.1.79:/mnt/test/brick 




gluster volume start gv0

Just the client

  yum install glusterfs-libs-3.5.0-2.el6.x86_64.rpm -y
  yum install glusterfs-3.5.0-2.el6.x86_64.rpm -y
  yum install glusterfs-fuse-3.5.0-2.el6.x86_64.rpm -y

nJoy 😉

Auto-blacklist iptables

Posted on February 27, 2014 by David Saliba

Gather a list of ips which fail logins and drop from firewall for the future

lastb | awk '{ FS == "[ \t]+" ; print $3; }' | egrep -o '([[:digit:]]{1,3}\.){3}[[:digit:]]{1,3}'| grep -v "192.168." | sort | uniq | xargs -n 1 -I {} iptables -A INPUT -s {} -j DROP

if you want to make it permanent simply

[root@DellR510-3 ~]# /sbin/service iptables save

That’s it.

nJoy 😉

Fix node Geoip update fails

Posted on February 8, 2014February 8, 2014 by David Saliba

After a routine update of a customer’s application resulted in a broken package

npm update

gyp ERR! configure error
gyp ERR! stack Error: `gyp` failed with exit code: 1
gyp ERR! stack at ChildProcess.onCpExit (/usr/local/lib/node_modules/npm/nod
gyp ERR! stack at ChildProcess.EventEmitter.emit (events.js:98:17)
gyp ERR! stack at Process.ChildProcess._handle.onexit (child_process.js:789:
gyp ERR! System Linux 2.6.32-431.1.2.0.1.el6.i686
gyp ERR! command “node” “/usr/local/lib/node_modules/npm/node_modules/node-gyp/b
gyp ERR! cwd /root/pmt/node_modules/geoip
gyp ERR! node -v v0.10.24
gyp ERR! node-gyp -v v0.12.1
gyp ERR! not ok
npm ERR! geoip@0.4.12 install: `node-gyp rebuild`
npm ERR! Exit status 1

npm ls in the folder reveals : UNMET DEPENDENCY geoip 0.4.x marked in red.

npm ERR! missing: geoip@0.4.x, required by Autheticatagainstdb@
npm ERR! not ok code 0

Solution :

(more…)

← Newer posts Older posts →