July 2014 - Page 2 of 3 - ☩ Walking in Light with Christ - Faith, Computing, Diary ☩ Walking in Light with Christ

Archive for July, 2014

Make Apache webserver fix spelling mistyped URL errors and serve files case insensitive with mod_speling

Wednesday, July 16th, 2014

make_apache_fix_mistyped_spelling_urls_errors_and_serve_files_case_insensitive_mod_speling_logo
On most if not all modern GNU / Linux distributions, Apache webserver comes preinstalled with mod_speling.

What mod_speling does is it tries to find and serve files and directories for non-existing (404 return code) urls with a similar name to passed URL. Other thing mod_speling does is it serves files case-insensitive, even though the UNIX / Linux filesystems are built to understand files case-sensitive.

mod_speling is a very useful module especially when files are being pushed (synchronized) to Apache visible from web document folder from operating systems like Windows whose filesystem doesn't store files case sensitive.

Let me give you a small example on M$ Windows a create file NewFile.html, NEWFILE.HTML, NeWfIlE.Html etc. are one and the same file newfile.html and not 3 different files like it is usually on UNIX / Linux filesystems.

If you happen to migrate old static Websites from Microsoft Internet Information Services (IIS) to UNIX / Linux based hosting. Often Html coders which create websites on Windows platform doesn't respect in website hyperlinks case-sensitive, because anyways Windows FS is case-insetive, thus moving the website to Linux host with Apache the website/s will end up with many 404 error pages, whose fixing for big static websites will be a real pain in the ass.

Also there might be need for mod_speling module enabled, for PHP / Python / Perl websites developed on MS Windows platform and tested on Windows host and then officially to be deployed on Linux.

Note that mod_speling name as a funny thing as actually the module is also converting mis-pelled / mis-typed Apache URLs:

If for example, someone tried to link to your website from a forum mistyping the URL address with mod_speling the mistyped URL could still be handled to open the real existing URL:

Lets say you have URL:

http://your-domain.com/files/what-Ever-fle.php

and the actual URL is:

http://your-domain.com/files/what-Ever-file.php

mod_speling will make Apache scan in /files/ for any files with similar name to what-Ever-fle.php and will open any similar matched file name, preventing you from the normal 404 error and therefore often serving exactly what it has to. Of course such a behavior could be unwanted in same cases for CMSes, which depend on 404 error code for proper operating, so be very sure when configuring mod_speling that this is exactly what you need.

mod_speling can be also useful sometimes for Search Engine Optimization – SEO, as it will show less 404 pages to Crawler search engine bots.

1. Enable mod_speling module on Debian GNU / Linux and Ubuntu

Enabling mod_speling in Apache in Debian / Ubuntu etc. debian based Linuxes is done with either creating symlink from /etc/apache2/mods-available/speling.load to /etc/apache2/mods-enabled/speling.load :

ln -sf /etc/apache2/mods-available/speling.load /etc/apache2/mods-enabled/speling.load

Or by using a2enmod – Debian apache module enabling script:

a2ensite sitename

To enable mod_speling mis-speling resolve feature config directive is:

CheckSpelling on

To disable case sensitivity – as I said earlier helpful for migrations from Microsoft Windows hosts to Linux, use directive:

CheckCaseOnly on

To enable both use:

<IfModule mod_speling.c>
CheckCaseOnly on
CheckSpelling on
</IfModule>

Enabling mod_speling case-insensitivity and fixing mistypes in URL could be done from .htaccess, for any <Directory> (vhost) with enabled .htaccess with

AllowOverride All

To enable it for default set host in new Apache install place it in /etc/apache2/apache2.conf and /etc/apache2/sites-enabled/000-default

Then as usual to make the configuration changes take affect, restart Apache:

/etc/init.d/apache2 restart

2. Enablig mod_speling on CentOS, RHEL and Fedora Linux

Most of RPM based Linux distributions have already mod_speling by default in Apache, so there will be no need to explicitly enable the module within HTTPD.

To check whether mod_speling is already enabled in httpd issue:

/usr/sbin/httpd -M |grep -i mod_speling

If you don't get no output from command this means the module is not enabled. This is the case with CentOS Linux 6.5 for example …

To enable mod_speling on Apache level add in /etc/httpd/conf/httpd.conf

LoadModule speling_module modules/mod_speling.so

and restart webserver

/etc/init.d/httpd restart

If you get instead

/usr/sbin/httpd -M |grep -i mod_speling
speling_module (shared)

Then it is already loaded in HTTPD to enable the module for default domain add to /etc/httpd/conf/httpd.conf – within (<Directory "/var/www/html">),

<IfModule mod_speling.c>
CheckCaseOnly on
CheckSpelling on
</IfModule>

Or if you want to make it active for specific directories within /var/www/html/whatever-dir use either new <Directory ..> directive within Apache config, or enable .htaccess processing with AllowOverride All and place them in .htaccess . For complete mod_speling reference check on Apache's official website

Tags: apache2, config, Debian Ubuntu, doesn, filesystem, fix, httpd, Make Apache, NEWFILE, Often Html, operating systems, pain in the ass, php, script, url, website, Windows
Posted in PHP, Web and CMS | No Comments »

Install TorrentFlux Bit Torrent Web management interface on Debian / Ubuntu Linux

Tuesday, July 15th, 2014

Torrentflux is web based, feature-rich BitTorrent download manager.
Torrentflux is a must have installed server software for anyone who does regular torrent downloads and want to access the downloads from anywhere on the internet.

TorrentFlux is a PHP based BitTorrent controller that runs on a web
server. It can manage all of your BitTorrent downloads from anywhere
through a convenient and easy-to-use web interface.
.
TorrentFlux uses a MySQL database to manage the downloads.

TorrentFlux enables you to run BitTorrent downloads unattended on a monitor-less or remote server 24 hours a day, while still maintaining complete control from any web browser. Now you can control your downloading on your firewall, or keep up with downloads while on vacation. It uses the BitTornado client to download files, and also requires a web server with PHP.

Some of the Torrentflux features:

   * Upload Torrents via URL or File Upload
   * Start, Stop, and Delete Torrents with ease
   * Advanced Torrent start options (ports, speeds, etc.)
   * Multi-user interface
   * RSS Feeds, download Torrents files with a click
   * Run several torrents at once
   * View Download Progress of all torrents at a glance
   * View drive space at a glance
   * View Torrent file meta information
   * Built-in User management and Security
   * Private Messaging
   * Themes (selectable per user)
   * Upload History

Before installing Bittorrent you will need to have a running version of Debian, Ubuntu or any other debian derivative (though it can easily be run on any Linux distro). To install AMP (Apache MySQL Server, PHP) you can follow first part of my previous article Installing Usual PHP Apache MySQL for new Debian GNU / Linux installs.

So what for is TorrentFlux Useful?
Torrenflux is precious and must have if you have to access filtered torrent from outside of your homecountry and you have a running server already in your home country in that I was using TorrentFlux to access Bulgarian Zamunda.Net Torrent Tracker from Holland and was downloading first movies from the Bulgarian Torrent Tracker to my Fluxbox installed on my Dobrich home router and then used FTP to transfer movies to the Netherlands. Talking about many people choose to also install VSFTP and use it together with Torrentflux …

1. Install TorrentFlux and its dependencies (BitTornado, Bittorrent, Zip, Unzip, Bzip etc.) the "Debian Way"

On my Debian 7 Wheezy home machine I run

apt-get install –yes bzip2 php5-gd php5-cli unrar-free grep python net-tools mawk wget unzip cksfv vlc-nox uudeview python-crypto libxml-simple-perl libxml-dom-perl libdbd-mysql-perl bittorrent bittornado

a) Install TorrentFlux the Debian Way

apt-get install –yes torrentflux

You will be prompted with a coule of screens, to set a new MySQL database user and password and SQL database, as well as offered to restart Apache to make Torrentflux accessible like as on below screenshots.

configuring-torrentflux-debian-linux-screenshot-2

configuring-torrentflux-debian-linux-screenshot 3

configuring-torrentflux-debian-linux-screenshot-4

To make new installed torrentflux accessible from web you will either have to configure it via some new Apache VirtualHost or make a symbolic link to /usr/share/torrentflux/www :

cd /var/www/
ln -sf /usr/share/torrentflux/www/ torrentflux

That's all you're all done to access torrentflux either access it via your default configured webserver domain name or via localhost if you're logged in to same pc where installing.

http://www.your-domain.com/torrentflux

http://127.0.0.1/torrentflux

configuring-torrentflux-after-first-login-in-web-debian-linux

2. Install latest Torrentflux version from source

Alternatively if you want to have the latest version (because the Debian version is part of the stable distribution is a little bit outdated you will have to fetch Torrentflux-b4rt and unarchive it:

cd /tmp/
wget http://download.berlios.de/tf-b4rt/torrentflux-b4rt_1.0-beta2.tar.bz2
tar -xjf torrentflux-b4rt_1.0-beta2.tar.bz2

mv torrentflux-b4rt_1.0-beta2 /opt/torrentflux

Then to make torrentflux visible from web server I had to create a symbolic link to installation directory:

ln -sf /opt/torrentflux/html /var/www/torrentflux

For further initial configuration its necessery to make Torrentflux config writtable by www-data (the user with which Apache is running on Debian).

chown -R www-data:www-data /var/www/torrentflux/inc/config/

Next it its required to create somewhere download folder where TorrentFlux will keep downloaded Torrents

mkdir /var/lib/torrentflux

Apache HTTP server will have to have write ther:

chown -R www-data:www-data /var/lib/torrentflux

If you already haven't restarted Apache earlier in installing TorrentFlux pre-requirements, you will have to do it now:

/etc/init.d/apache2 restart

As TorrentFlux depends on its MySQL backend, we need to also create manually TorrentFlux database username and a password

export SQL_DB='torrentflux';
TFLUXSQL_USERNAME='torrentflux';
TFLUX_SQL_PWD='any-secret-password';

echo "CREATE DATABASE IF NOT EXISTS $SQL_DB DEFAULT CHARACTER SET utf8 DEFAULT COLLATE utf8_unicode_ci"
| mysql –user=root –password

echo "GRANT ALL PRIVILEGES ON $SQL_DB.*
TO $TFLUXSQL_USERNAME@localhost
IDENTIFIED BY $TFLUX_SQL_PWD;" | mysql –user=root –password

Substitute with your Database, Username and Password above shell variables – $SQL_DB, $TFLUX_USERNAME, $TFLUX_SQL_PWD

To configure TorrentFlux access it in browser:

http://your-domain.com/torrentflux

By accessing it for a first time, you will redirected to setup.php, in case something goes wrong and yuo're not redirected (probably some mod_rewrite issues add setup.php to url – e.g., acess –

http://your-domain.com/torrentflux/setup.php

I will not enter details, about Web config, because everything there is pretty clear.

Just in short – you will have to now choose:

Choose Database
Choose Database Information of database (put in the exact name of TorrentFlux databse previously created)
Uncheck the box for "Create new database"
Choose as a download location upper created directory – /var/lib/torrentflux

If you get an error on software dependencies screen for missing unrar – just install it
VLC may show an error as well, that's not a problem because VLC is probably not to be used.
Finally after completion of all, you will get an error that setup.php cannot be deleted.

To prevent, someone to re-configure it through http://your-domain/torrentflux/setup.php URL remove setup.php

rm /var/www/torrentflux/setup.php

To prevent someone rewrite anything in config file from web we have to revert back config/ folder not to be writable by Apache

chown -R root:root /var/www/torrentflux/inc/config/

Now in browser to access torrentflux type:

http://ipofyourbox/torrentflux

/torrentflux should redirect you to login.php if for some reason it doesn't type it manually in URL.

First account you will login is the super user account, you can allow multiple users to use it by adding multiple accounts.

torrentflux-install-on-debian-ubuntu-gnu-linux-web-management-torrent-interface

As you will see there is plety of configuration options to play with.

You will definitely want to look in Server Page, some very important page to look is the Transfer Page – from there you can adjust the bandwidth of your connection on 100Mbit network this would be 12500 – to use the maximum possible connection provided by your ISP set the max bandwidth to 0. You have the option to also set a default bittorrent client, by default this will be bittornado.

If you have troubles downloading from TorrentTrackers make sure your router is configured to forward port 49160 to 49300

Now if you have a lot of storage create accounts also for your friends and enjoy torrentflux 🙂

Tags: amp, completion, control, Debian Ubuntu Linux, derivative, downloads, installation, Linux, need, php, ports, setup, software, Start, Transfer Page, var, version, www
Posted in Everyday Life, Linux, Linux and FreeBSD Desktop, System Administration, Web and CMS | 4 Comments »

StatusNet – Start your own hosted microblogging twitter like social network on Debian GNU / Linux

Monday, July 14th, 2014

I like experimenting with free and open source projects providing social networking capabilities like twitter and facebook. Historically I have run my own social network with Elgg – Open Source Social Network Engine. I had a very positive impression from Elgg as a social engine as, there are plenty of plugins and one can use Elgg to run free alternative to very basic equivalent of facebook, problem with Elgg I had however is if is not all the time monitored it quickly fills up with spam and besides that I found it to be still buggy and not easy to update.
The other social network free software I heard of isBuddyPress which I recently installed with Multisite (MuSite) enabled.

Since BuddyPress is WordPress based and it supports all the nice wordpress plugins, my impression is social networking based on wordpress behaves much more stable and since there is Akismet for WordPress, the amount of spammer registrations is much lower than with Elgg.

Recently I started blogging much more actively and I realized everyday I learn and read too much interesting articles and I don't log them anywhere and thought I need a way besides twitter to keep flashy notes of what I'm doing reading, learning in a short notes. I don't want to use Twitter on purpose, because I don't want to improve twitter's site SEO with adding my own stuff on their website but I want to keep my notes on my own local hosted server.

As I didn't wanted to loose time with Complexity of Elgg anymore and wanted to try to something new and I know the open source microblogging social network (Twitter Equivalent) – identi.ca runs StatusNet – Free and Open Source Social software. StatusNet is well known under the motto of "Decentralized Twitter"

I took the time to grab it and install it to my home brew machine www.pc-freak.net. If you haven't seen StatusNet so far – you can check out demo of my installation here – registration is not freely opened because, i don't want spammers to break in, however if you want to give a try drop me a mail or comment below and I will open access for you ..

There is no native statusnet package for Debian Linux (as I'm running Debian) so to install it, I've grabbed statusnet.

To install StatusNet, everything was pretty straight forward and literally following instructionsf rom INSTALL file, i.e.:

# status.example.com maps to /var/www/status/ cd /var/www/status/ wget http://status.net/statusnet-0.9.6.tar.gz tar -xzf statusnet-0.9.6.tar.gz --strip-components=1 rm statusnet-0.9.6.tar.gz cd .. chgrp www-data status/ chmod g+w status/ cd status/ chmod a+w avatar/ background/ file/ mysqladmin -u "root" -p "sql-root-password" create statusnet mysql -u root -p GRANT ALL on statusnet.* TO 'statusnetuser'@'localhost' IDENTIFIED BY 'statusnet-secret-password';

To Change default behaviour of URls to be more SEO friendly and not to show .php in URL (e.g. add so called fancy URLs – described in INSTALL):

cp htaccess.sample .htaccess

Then had to configure a VirtualHost under a subdomain http://statusnet.yourdomain.com/install.php or you can alternatively install and access it in browser via http://your-domain.com/status/install.php

An important note to open here is you have to set the URLs via which status.net will be accessed further before proceeding with the install, if you will be using HTTPS here is time to configure it and test it before proceeding with install … Just be warned that if you don't set the URLs properly now and try to modify them further you will get a lot of issues hard to solve which will cost you a lot of time and nervee ..

If you want to enable twitter bridging in Statusnet you will need to get Twitter consumer and secret keys, to get that you have to create new application on https://dev.twitter.com/apps afterwards you will be taken to a page containing Consumer Key & Consumer Secret string.
StatusNet installation will auto generate config.php, you can further edit it manually with text editor. Content of my current statusnet config.php is here.

Most important options to change are:

$config['daemon']['user'] = 'www-data'; $config['daemon']['group'] = 'www-data';

www-data is user with which Apache is running by default on Debian Linux.

$config['site']['profile'] = 'private';

By default Status.Net will be set to run as private – e.g. it will be fitted for priv. use – messages posted will not publicly be visible. Here the possible options to choose between are:

$config['site']['profile'] = 'private'; $config['site']['profile'] = 'community'; $config['site']['profile'] = 'singleuser'; $config['site']['profile'] = 'public';

singleuser is pretty self explanatory, setting public option will open registration for any user on the internet – probably your network will quickly be filled with spam – so beware with this option. community will make statusnet publicly visible but, registration will only possible via use creation / invitation to join the network from admin.

vi /var/www/status/config.php $config['site']['fancy'] = true;

Then to enable twitter to statusnet bridge add to config.php

vi /var/www/status/config.php

addPlugin('TwitterBridge'); $config['twitter']['enabled'] = true; $config['twitterimport']['enabled'] = true; $config['avatar']['path'] = '/avatar'; $config['twitter']['consumer_key'] = 'XXXXXXXX'; $config['twitter']['consumer_secret'] = 'XXXXXXXX'; # disable sharing location by default $config['location']['sharedefault'] = 'false';

Notice, I decided to disable statusnet sharedefault folder, because i don't have a lot of free space to provide to users. If you want to let users be allowed to share files (you the space for that), you might want to set a maximum quote of uploaded files (to prevent your webserver from being DoSed – for example by too many huge uploads), here is some reasonable settings:

$config['attachments']['file_quota'] = 7000000; $config['attachments']['thumb_width'] = 400; $config['attachments']['thumb_height'] = 300;

If you want to get the best out of performance of your new statusnet microblogging service, after each modification of config.php be sure to run:

php scripts/checkschema.php

Running checkschema.php is also useful, to check whether adding new plugins to check whether plugin will not throw an error.

Here is some extra useful config.php plugins to enable:

addPlugin('Gravatar', array()); #addPlugin('Textile'); addPlugin('InfiniteScroll'); addPlugin('Realtime'); addPlugin('Blog'); addPlugin('SiteNoticeInSidebar'); addPlugin('WikiHashtags'); addPlugin('SubMirror'); addPlugin('LinkPreview'); addPlugin('Blacklist');

If you expect to have quickly growing base of users it is recommended to also check out whether your MySQL is tuned with mysqltuner and optimize it for performance

Another useful think you would like to do is to increased the number of Statusnet avatars in the 'following' – 'followers' – 'groups' sections on my profile page by editing

lib/groupminilist.php

and

lib/profileminilist.php

line 36 in both files.
To get the full list of possible variables that can be set in config.php run in terminal:

php scripts/setconfig.php -a

If you happen to encounter some oddities and issues with StatusNet after installation, this is most likely to some PHP hardering on compile time or some PHP.ini functions disabled for security or some missing component to install which is described as a prerequirement in statusnet INSTALL file

to debug the issues enable statusnet logging by adding in config.php

$config['site']['logdebug'] = true; $config['site']['logfile'] = '/var/log/statusnet.log';

By default logs produced will be quite verbose and there will be plenty of information you will probably not need and will lead to a lot of "noise", to get around this, there is the LogFilter Plugin for some reasonable logging use in config.php:

addPlugin('LogFilter', array( 'priority' => array(LOG_ERR => true, LOG_INFO => true, LOG_DEBUG => false), 'regex' => array('/About to push/i' => false, '/twitter/i' => false, '/Successfully handled item/i' => false) ));

If you want tokeep log of statusnet it is a good idea to rorate logs periodically to keep them from growing too big, to do this create in /etc/logrotate.d new files /etc/logrotate.d/statusnet with following content:

/var/log/statusnet/*.log { daily missingok rotate 7 compress delaycompress notifempty create 770 www-data www-data sharedscripts postrotate /path/to/statusnet/scripts/stopdaemons.sh > /dev/null /path/to/statusnet/scripts/startdaemons.sh > /dev/null endscript }

You will probably want to to add new Links, next to StatusNet main navigation links for logged in users, this is possible by adding new line to

lib/primarynav.php

and

lib/secondarynav.php

You will have to add a PHP context like:

$this->action->menuItem('https://www.pc-freak.net/blog/', _m('MENU','Pc-Freak.Net Blog'), _('A pC Freak Blog'), false, 'nav_pcfreak');

Once you're done with installation, make sure you change permissions or move install.php from /var/www/status, otherwise someone might overwrite your config.php and mess your installation …

chmod 000 /var/www/status/install.php There is plenty of other things to do with StatusNet (Support for communication with Jabber XMPP protocol, notification via SMS etc. There are also some plugins to add more statusnet functionality.

Enjoy micro blogging ! 🙂

Tags: avatar, com, configure, Decentralized Twitter, information, installation, logs, php scripts, reading, status, var, variables, webserver, www
Posted in Curious Facts, Entertainment, Everyday Life, SEO, Various, Web and CMS | 5 Comments »

Preserve domain name after redirect with mod_rewrite and some useful mod rewrite redirect and other examples – Redirect domain without changing URL

Friday, July 11th, 2014

If you're a webhosting company sysadmin, sooner or later you will be asked by application developer or some client to redirect from an Apache webserver to some other webserver / URL's IP, in a way that the IP gets preserved after the redirect.

I'm aware of two major ways to do the redirect on webserver level:

1. To redirect From Apache host A to Webserver on host B using ReverseProxy mod_proxy

2. To use Mod Rewrite to redirect all client requests on host A to host B.

There is quite a lot to be said and is said and written online on using mod_rewrite to redirect URLs.
So in this article I will not say nothing new but just present some basic scenarios on Redirecting with mod rewrite and some use cases.
Hope this examples, will help some colleague sys-admin to solve some his crazy boss redirection tasks 🙂 I'm saying crazy boss because I already worked for a start-up company which was into internet marketing and the CEO has insane SEO ideas, often impossible to achieve …

a) Dynamic URL Redirect from Apache host A to host B without changing domain name in browser URL and keeping everything after the query in

Lets say you want to redirect incoming traffic to DomainA to DomainB keeping whole user browser request, i.e.

Redirect:

http://your-domainA.com/whole/a/lot/of/sub/directory/query.php

Passthe the whole request including /whole/a/lot/of/sub/directory/query.php

so when Apache redirects to redirect to:

http://your-domainB.com/whole/a/lot/of/sub/directory/query.php

In browser
To do it with Mod_Rewrite either you have to add in .htaccess mod_rewite rules:

RewriteEngine On
RewriteCond %{HTTP_HOST} ^your-domainA.com [OR]
RewriteCond %{HTTP_HOST} ^http://your-domainA.com
RewriteRule ^(.*) http://your-domainB.com/$1 [P]

or include this somewhere in VirtualHost configuration of your domain

Above mod_rewrite will make any request to your-domainA.com to forward to your-domainB.com while preserving the hostname in browser URL bar to old domain http://your-domainA.com, however still contet will be served by http://your-domainB.com

http://yourdomainA.com/YOUR-CUSTOM-REQUEST-ADDRESS

to redirect to

http://yourdomainB.com/YOUR-CUSTOM-REQUEST-ADDRESS

WARNING !! If you're concerned about your SEO well positioning in search Engines, be sure to never ever use such redirects. Making such redirects will cause two domains to show up duplicate content
and will make Search Engines to reduce your Google, Yahoo, Yandex etc. Pagerank !!

Besides that such, redirect will use mod_rewrite on each and every redirect so from performance stand point it is a CPU killer (for such redirect using native mod_proxy ProxyPass is much more efficient – on websites with hundred of thousands of requests daily using such redirects will cause you to spend your hardware badly …)

P.S. ! Mod_Rewrite and Proxy modules needs to be previously enabled
On Debian Linux, make sure following links are existing and pointing to proper existing files from /etc/apache2/mods-available/ to /etc/apache2/mods-enabled

debian:~# ls -al /etc/apache2/mods-available/*proxy*
-rw-r–r– 1 root root 87 Jul 26 2011 /etc/apache2/mods-available/proxy_ajp.load
-rw-r–r– 1 root root 355 Jul 26 2011 /etc/apache2/mods-available/proxy_balancer.conf
-rw-r–r– 1 root root 97 Jul 26 2011 /etc/apache2/mods-available/proxy_balancer.load
-rw-r–r– 1 root root 803 Jul 26 2011 /etc/apache2/mods-available/proxy.conf
-rw-r–r– 1 root root 95 Jul 26 2011 /etc/apache2/mods-available/proxy_connect.load
-rw-r–r– 1 root root 141 Jul 26 2011 /etc/apache2/mods-available/proxy_ftp.conf
-rw-r–r– 1 root root 87 Jul 26 2011 /etc/apache2/mods-available/proxy_ftp.load
-rw-r–r– 1 root root 89 Jul 26 2011 /etc/apache2/mods-available/proxy_http.load
-rw-r–r– 1 root root 62 Jul 26 2011 /etc/apache2/mods-available/proxy.load
-rw-r–r– 1 root root 89 Jul 26 2011 /etc/apache2/mods-available/proxy_scgi.load

debian:/etc/apache2/mods-avaialble:~# ls *proxy*
proxy.conf@ proxy_connect.load@ proxy_http.load@ proxy.load@

If it is is not enabled to enable proxy support in Apache on Debian / Ubuntu Linux, either create the symbolic links as you see them from above paste or issue with root:

a2enmod proxy_http
a2enmod proxy

b) Redirect Main Domain requests to other Domain specific URL

RewriteEngine On
RewriteCond %{HTTP_HOST} ^your-domainA.com
RewriteRule ^(.*) http://your-domainB.com/YOUR-CUSTOM-URL [P]

Note that no matter what kind of subdirectory you request on http://your-domain.com (lets say you type in http://your-domainA.com/My-monkey-sucks ) it will get redirected to:

http://your-domainB.com/YOUR-CUSTOM-URL

Sometimes this is convenient for SEO, because it can make you to redirect any requests (including mistakenly typed requests by users or Bot Crawlers to real existing landing page).

c) Redirecting an IP address to a Domain Name

This probably a very rare thing to do as usually a Domain Name is redirected to an IP, however if you ever need to redirect IP to Domain Name:

RewriteCond %{HTTP_HOST} ^##.##.##.##
RewriteRule (.*) http://your-domainB.com/$1 [R=301,L]

Replace ## with digits of your IP address, the is used to escape the (.) – dots are normally interpreted by mod_rewrite.

d) Rewritting URL extensions from .htm to .php, doc to docx etc.

Lets say you're updating an old website with .htm or .html to serve .php files with same names as old .htmls use following rewrite rules:. Or all your old .doc files are converted and replaced with .docx and you need to make Apache redirect all .doc requests to .docx.

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.*).html$ $1.php [NC]

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.*).doc$ $1.docx [NC]

The [NC] flag at the end means "No Case", or "case-insensitive"; Meaning it will not matter whether files are requested with capital or small letters, they will just show files if file under requested name is matched.

Using such a redirect will not cause Apache to redirect old files .html, .htm, .doc and they will still be accessible again creating duplicate content which will have a negavite impact on Search Engine Optimization.

The better way to do old extensioned files redirect is by using:

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^(.+).htm$ http://your-domainB.com/$1.php [R,NC]

[R] flag would tell make mod_rewrite send HTTP "MOVED TEMPORARILY" redirection, aka, "302" to browser. This would cause search engines and other spidering entities will automatically update their links to the new locations.

e) Grabbing content from URL with Mod Rewrite and passing it to another domain

Lets say you want zip files contained in directory files/ to be redirected from your current webserver on domainA to domainB's download.php script and be passed as argument to the script

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^files/([^/]+)/([^/]+).zip https://www.pc-freak.net/download.php?section=$1&file=$2 [R,NC]

f) Shortening URLs with mod_rewrite

This is ueful If you have a long URL address accessible via some fuzzy long hard to remember URL address and you want to make it acessible via a shorter URL without phyisally moving the files within a short named directory, do:

Options +FollowSymlinks
RewriteEngine On
RewriteRule ^james-brown /james-brown/files/download/download.php

Above rule would make requests coming to http://your-domain.com/james-brown?file=my.zip be opened via http://mysite/public/james-brown/files/download/download.php?file=my.zip

g) Get rid of the www in your domain name

Nowdays many people are used to typing www.your-domain.com, if this annoys you and you want them not to see in served URLs the annoying www nonsense, use this:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{http_host} ^www.your-domain.com [NC]
RewriteRule ^(.*)$ http://your-domain.com/$1 [R=301,NC]

That's mostly some common uses of mod rewrite redirection, there are thousands of nice ones. If you know others, please share?

References and thanks to:

How to redirect domain without changing the URL

More .htaccess tips and tricks – part 2

Tags: apache2, com, company, directory, domain name, host, make, php script, root root, say, search engines, url, URLs, website, www
Posted in Programming, System Administration, Various, Web and CMS | 1 Comment »

Install Cacti on Debian, CentOS, SuSE and Gentoo Linux – Tracking graphically server performance

Thursday, July 10th, 2014

There are plenty of ways to track graphically server performance in Web (Nagios, Munin, Zabbix, OpenNMS) etc.
Though Munin and Nagios is a great choice for people who prefer simplicity in installation and maintanenance. If you're looking for customizable reports and time windows history on how server (network, cpu, memory, hdd or services) behaved you will probably need to consider using Cacti.

Cacti is a complete network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. All of this is wrapped in an intuitive, easy to use interface that makes sense for LAN-sized installations up to complex networks with hundreds of devices.

Cacti is very much like Munin except Cacti gives you the possibility to select and show statistics for periods in time, making it very convenient to check how server/servers services performed historically in time.

Cacti is a bunch of PHP scripts that gives a nice frontend to the famous RRDTool, it stores all gathered service statistics information in a MySQL database. Web frontend queries the SQL to craete graphs and populate them with data . Cacti has SNMP protocol support for those used to creating traffic graphs with MRTG.
Its easily extendable, there is a "tree view", which allows you to put graphs onto a hierarchical tree for organizational purposes, there is a user based management tool built in so you can add users and give them rights to certain areas of cacti. You can create users that can change graph parameters, while others can only view graphs. Each user also maintains their own settings when it comes to viewing graphs.

Cacti has prebuilt packages for major Linux distributions as well as FreeBSD ports.
Native packages are available via distros repositories for:

Fedora, Debian, SuSE and Gentoo Linux

To work properly Cacti depends on following external packages to be installed:

Apache HTTPD
MySQL
PHP
RRDTool
Net-Snmp
PHP-MySQL module
PHP-Snmp module

1. Install Cacti on Debian 7 or Ubuntu Linux

On Debian based distributions Installation of Cacti is super easy. If you're a debian admin it will save you time:

Cacti package is very well crafted on Debian to have it installed all you have to do is apt-get it:

apt-get install --yes cacti snmpd

You will be prompted a couple of screens requiring you to fill in your MySQL root password (necessery for connection and import of cacti.sql database and tables skele and creation of new user with which cacti will query the db-server.)

mv /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.bak

vi /etc/snmp/snmpd.conf

# this will make snmpd listen on all interfaces
agentAddress udp:161

# a read only community 'myCommunity' and the source network is defined
rocommunity myCommunity 192.168.10.5
rocommunity myCommunity 127.0.0.1

sysLocation Earth
sysContact email@your-domain.com

You will be next prompted to fill in user and password for cacti user, type whatever you like it to be and save the password somewhere for later use.

After installing it Cacti cron will automatically be added to collect cacti statistics on every 5 minutes, e.g.:

cat /etc/cron.d/cacti

MAILTO=root
*/5 * * * * www-data php /usr/share/cacti/site/poller.php >/dev/null 2>/var/log/cacti/poller-error.log

Cacti Cron job script has to run multiple times until Cacti Graphics gets generated so wait for it 5, 10 minutes or run it manually with www-data user credentials

poller.php is making queries to MySQl and connecting to SNMP service on localhost querying information for configured monitoring from Console

rrd data is stored in /var/lib/cacti/rra

You will have to also create manually following files which will be used by cactito store rrd data.

In case of issues with cacti check that permissionsof filesinthere are correct

To do su run:
su www-data -s /bin/sh

touch /var/lib/cacti/rra/localhost_mem_buffers_3.rrd /var/lib/cacti/rra/localhost_load_1min_5.rrd /var/lib/cacti/rra/localhost_users_6.rrd /var/lib/cacti/rra/localhost_proc_7.rrd

2. Install Cacti on Fedora / CentOS Linux

Installation on Fedora is a little pain in the ass as there is plenty of things to do manually to have cacti working
a) Install pre-required RPM packages

yum -y install mysql-server mysql php-mysql php-pear php-common php-gd php-devel php php-mbstring php-cli php-snmp php-pear-Net-SMTP php-mysql httpd net-snmp-utils php-snmp net-snmp-libs

Note! that if you already have a server with Apache + PHP configured many of above packages will report to be installed.

Whether mysql-server was not existing previously, change your MySQL password to a new-one

mysqladmin -u root password NEWPASSWORD

Create database for Cacti to store collected data:

mysql -u root -p -e 'create database cacti'

Connect to mysql server and create cacti user:

mysql> GRANT ALL ON cacti.* TO cacti@localhost IDENTIFIED BY 'very-secret-password'; mysql> FLUSH privileges;

Create SNMP configuration for Cacti and start SNMP

vi /etc/snmp/snmpd.conf

and paste into it:

com2sec local     localhost           public
group MyRWGroup v1         local
group MyRWGroup v2c        local
group MyRWGroup usm        local
view all    included .1                               80
access MyRWGroup ""      any       noauth    exact all    all    none
syslocation Unknown (edit /etc/snmp/snmpd.conf)
syscontact Root (configure /etc/snmp/snmp.local.conf)
pass .1.3.6.1.4.1.4413.4.1 /usr/bin/ucd5820stat

Start SNMPD and make it start automatically on Fedora boot

# /etc/init.d/snmpd start # chkconfig snmpd on

Test whether SNMP server is properly working and returning info:

snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

You should get output like:

IP-MIB::ipAdEntIfIndex.192.168.10.5 = INTEGER: 2
IP-MIB::ipAdEntIfIndex.217.xx.xx.xxx = INTEGER: 3
IP-MIB::ipAdEntIfIndex.127.0.0.1 = INTEGER: 1

Install Cacti package:

yum -y install cacti

Import Cacti initial SQL data:

– Check in RPM package where is default cacti.sql

rpm -ql cacti | grep cacti.sql

/usr/share/doc/cacti-0.8.7i/cacti.sql

mysql -u cacti -p very-secret-password < /usr/share/doc/cacti-0.8.7i/cacti.sql

Configure Cacti:

vi /etc/cacti/db.php

/* make sure these values refect your actual database/host/user/password */
$database_type = "mysql";
$database_default = "cacti";
$database_hostname = "localhost";
$database_username = "cacti";
$database_password = "very-secret-password";
$database_port = "3306";

A small note to make here is Cacti can be configured to also work with MariaDB backend but, I haven't tried it so far …

Set Cacti cronjob to periodically update cacti stats

vi /etc/cron.d/cacti

*/5 * * * * cacti /usr/bin/php /usr/share/cacti/poller.php > /dev/null 2>&1

Make Cacti accessible from Web – add cacti alias in Apache

vi /etc/httpd/conf.d/cacti.conf

#
# Cacti: An rrd based graphing tool
#
Alias /cacti    /usr/share/cacti

<Directory /usr/share/cacti/>
        Order Deny,Allow
        Deny from all
        Allow from 10.0.0.0/8
</Directory>

Restart Apache to load new config

/etc/init.d/httpd restart

3. Install Cacti on Gentoo Linux

Modify your /etc/make.conf so USE="" options looks like this:

USE="symlink mmx sse sse2 bash-completion vhosts xml sockets snmp"

Install Cacti, PHP and Apache and webapp-config with emerge (Gentoo package manager)

emerge apache php cacti webapp-config

Hopefully all should get installed properly, if you get an error like "Could not read settings from webapp-config" run:

cd /etc/ etc-update

Create a vhost if you don’t already have one and then run the following. Then install cacti to the vhost using webapp-config. Remember to change the -h option to reflect the name of your vhost and that you may need to set a different cacti version number if cacti has been updated since I posted this article.

webapp-config -I -h yourdomain.com -d cacti cacti 0.8.7e-r1 mysqladmin -p --user=root create cacti mysql -p --user=root cacti < /var/www/yourdomain.com/htdocs/cacti/cacti.sql mysql -p --user=root mysql GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword'; flush privileges;

Add a cron entry to your tab to get Cacti to update. Add the following entry to your crontab updating the path as needed

crontab -u root -e

And paste

*/5 * * * * apache /usr/bin/php /var/www/yourdomain.com/htdocs/cacti/poller.php > /dev/null 2>&1

Now open in a browser:

http://yourdomain.com/cacti

After logging, Click Graphs tab (located on left top) corner and after a while your should see the graphs start to be drawn.

3. Install Cacti on OpenSuSE

Install Cacti from Yast suse package manager. A very good complete instructions on OpenSuSE installation is here

4. Configuring Cacti to draw statistics for host

So far so good now Cacti is installed but to make it generate its configuration its necessery to do some configuration tampering.
Cacti's configuration is pretty obscure and it needs time and a couple of tries until you have learned how to configure statistics generation.
Cacti's web interface is divided by two major parts Console (From which all kind of configuration is done) and Graphs (From here all confugured graphs can be expected, and information for time periods setted services, memory, CPU, hard drive, etc. can be obtained).

To Complete Cacti installation and configuration using a web-browser

Access URL:

http://your-domain.com/cacti/

cacti-user-login-monitoring-your-server-interactively-in-web-initial-login-screen

By default Cacti is configured to have user admin with password admin. Login to Cacti and you will be prompted to change default password – set it to whatever you like.

cacti_firstscreen_screenshot_linux_debian

Configure Cacti to do SNMP data collection

Cacti will use SNMP protocol to obtain server traffic statistics and visualize them.

Click on:

Devices -> Add

Fill in only fields (and let the rest as it is):

Description: Pc-freak.net
hostname: 127.0.0.1
Select for SNMP Version (drop down menu): SNMP Version 2

and then click on

Create button (located right down)

cacti-snmp-linux-good-config-options-screenshot
Here I've used localhost (127.0.0.1) as a hostname, because localhost server is to be monitored for remote monitoring of cacti set the REMOTE IP or hostname instead.

In field Associated Data queries add Data query for:

SNMP – Get Mounted Partitions
SNMP – Get Process Information
SNMP – Interface statistisc

P.S. Use the Add button for all this ..

Create SNMP graphs collection for first time

Click on Create Graphs for this Host see – top right side.

create-graphs-for-this-host-linux-cacti-screenshot

create-graphs-for-this-host-cacti-debian-redhat-rhel-centos-linux

Select on SNMP – Interface Statistics

Choose a graph type (for exmp. In/Out bytes with total bandwidth)

To Finalize click Create button

Create Graphs for this host

Creating Graph Trees

Use Console -> Graph Trees -> Add -> Sample Tree

Choose:

Setting type: Manual Ordering (No Sorting)

Tree Item Type: Graph

Graph: Server Name – Traffic eth0

Then press Create (button)

To verify the graphs are drawed corretly in a while go to:

Graphs -> Sample Tree (or whatever you named the tree during creation)

Interface Graphs and 64-bit Counters

By default, Cacti uses 32-bit counters in SNMP queries. 32-bit counters are sufficient for most bandwidth graphs, but they do not work correctly for graphs greater than 100 Mbps. If it is known that the bandwidth will exceed more than 100 Mbps, it is always advisable to use 64-bit counters. Using 64-bit counters is not hard at all.

Note! It takes usually around 15 minutes for Cacti to populate new graphs. There is no option to run cacti on cron manually but you have to wait

After some time of Cacti running, you will end up with nice graphics like this:

cacti-example-output-statistics-debian-centos-linux

If you get some issues and even after 15 / 20 minutes you still don't have the graphics drawed to debug the issues check for errors in:

/var/log/apache2/error.log – If there are missing rra files this should be logged here
/var/log/cacti/cacti.log
/var/log/cacti/poller-error.log – If the reason for not drawing the graphics is permissions errors will be here
/var/log/rrd.log – should contain rrd related errors

Important thing to mention is Cacti is requiring php exec() option to be functional. On hosts which has disabled exec(); function for security reasons cacti will fail to produce graphs.

References and thanks to:

http://xmodulo.com/2013/11/monitor-linux-servers-snmp-cacti.html http://openmaniak.com/cacti_tutorial.php http://www.cacti.net/ http://www.debianhelp.co.uk/cacti.htm

Tags: apache php, CentOS, com, community, crontab, Install Cacti, login, multiple times, php, Select, server performance, SNMP, var, www
Posted in Monitoring, Networking, System Administration, Web and CMS | No Comments »

Start Plink SSH tunnel on Windows start – Windows Resource Kit and AlwaysUp start Windows services when computer boots up

Tuesday, July 8th, 2014

start_plink_on_windows_start_boot_up_how-to-start-windows-service-through-windows-resource-kit-and-alwaysup

Recently I blogged How to create dynamic and static SSH tunnels traffic forwarding with Plink.

Another common topic related to SSH tunneling traffic is

How to make the tunnel initialize automatically on Windows PC boot?

E.g. Make just created SSH Tunnel Port forwarding to be active – start up automatically when Windows PC / server starts, is restarted.

There are at least three approaches to make Windows to Linux SSH Tunnel to start with PC Windows boot.

1. Method 1 adding batch script to Windows start up

Probably the fastest and simplest way is to create a batch script launching the tunnel or respawning it if there is none and then Add it to Windows start up by:

Start -> All programs -> Startup (right click on it)
-> Open -> right click batch file ->
(Press right CTRL + SHIFT) or create shortcut -> drag shortcut to startup folder

how-to-add-script-to-windows-startup-screenshto-microsoft-windows-7

2. Method 2 set up Plink SSH Tunnel on start up with (srvany) Windows Resource Kit 2003

An alterantive way to add SSH port forwarding tunnel to start up with PC boot is to use srvany part of Windows Resource Kit 2003.
Microsoft Windows Server 2003 Resource Kit Tools are a set of tools to help administrators streamline management tasks such as troubleshooting operating system issues, managing Active Directory (AD), configuring networking and security features, and automating application deployment. This is a precious package I think every win server sysadmin should install. Just to name few of the many useful tools Windows Resource Kit provides. These are commands like: cleanmem, tail, chklnks, cleanspl, diskuse, dnsdiag, robocopy, lsview, memmonitor, moveuser etc. If you will be installing Win Rerouce Kit, here is list with all extra commands which Windows Resource Kit package provides.

Note! That Windows Resource Kit is originally set of extra commands for Windows Server 2003, Windows XP, however though there is incompitability notice while installing it on WIndows 7, tools work fine o WIn 7.

a) Once Win Resource Kit is installed to set srvany to run as a service in cmd prompt run:

– Whether WIndows is 32-bit (which is not very likely these days)

C:ToolsPutty>instsrv ssh_tunnel "C:Program FilesWindows Resource KitsToolssrvany.exe"

For 64-bit Windows run:

C:ToolsPutty>instsrv ssh_tunnel "c:Program Files (x86)Windows Resource
KitsToolssrvany.exe"

The service was successfuly added!

Make sure that you go into the Control Panel and use
the Services applet to change the Account Name and
Password that this newly installed service will use
for its Security Context.

b) Add to Windows registry ssh_tunnel service

To add it to registry either download add_ssh_tunnel_service_to_registry.reg and double click it to import new registry settings.

You will be prompted with a message that this might harm your system you can safely ignore that.
Here is content of add_ssh_tunnel_service_to_registry.reg file:

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesssh_tunnelParameters]
"Application"="C:toolsputtyplink.exe"
"AppDirectory"="C:toolsputty"
"AppParameters"="-ssh -2 -L www.pc-freak.net:22:localhost:22 -l remote-username -pw Remote_Password www.pc-freak.net -N"

SECURITY WARNING ! Be careful, storing password in plaintext in Windows registry is a very bad security practice, anyone having access to your registry could see the password stored! It is very bad security practice to make ssh tunnels with root privileges and store pass plain text !

As of time of writting this article, I'm not aware of a way to create SSH tunnel and auto-pass the password which is kept encrypted, if someone know of such please share in comments.

c) Add host keys for putty (plink) for the system user to win registry

On first time access a remote ssh server you should have noticed that you're offered to get and store remote ssh host key.
Putty and respectively Plink as part of Putty installation package stores the host key in Windows registry db.

Therefore running Plink as a Windows service, the host key file should be available to the Windows system user, otherwise, plink will fail to connect to the remote server. The workaround for this is explained here.

Here is the work around:

i) Make sure you have accessed Interactively with Putty / Plink remote server for which you will be setting the tunnel to be initialized as a service.

Simply open SSH session with Putty to remote server or initialize a tunnel with plink:

plink -ssh -2 -L www.pc-freak.net:22:localhost:22 -l hipo -pw my_password www.pc-freak.net -N

ii) Run regedit command:

And naviagte to registry key:

HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys

And Export:from File -> Export to some file.

add-putty-plink-host-file-to-windows-registry-screenshot

You will get something like:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USERSoftwareSimonTathamPuTTYSshHostKeys]
"rsa2@22:www.pc-freak.net"="0x10001,0xb5e039dc0443c0fb5e49085610c7b2010238370cd2f02e5e4e3c31ee2510aa502ffad7ae66e369654a2e4e5546e53422fec988a92ee4471dc166927ce6553106a1f91d976ec647d76582f04a9fe5aa410caa41775bb0a425cb5be0acbb05fb7d5e8ba1d27fca94498f31452b5ccd4afbb81bda5b15260e114daded35dc5b6813387ca859a787bae5ca31db6a43fa27a1894c7974c7fb0933fed1365469168cc00a8f02320fae0a3b1a3cf2fc38b7cd504ea8d5ebf6aa2ede7744d813431d20ff4f8bf31f4e3647f87fa20e1a95f81ab863eab67f849ff212c36006912e7101580d99175c818f1cfafc2cd38a73bb4288a2e536d16a9226ce09ddbe3304d8209b"
"rsa2@22:soccerfame.com"="0x10001,0xabd9c222b5345fdb485232ed7e8d78968bde74df04b467c807d9136fa42dfeb253c6e590039e81e8918d28bd8db79b985f73390b5c0b4ce0ca0d8d6e54faf308ee94c621cdb2b15eb7142c6f234e18d12235f842d9d6b3ffec34a2896d0b7a132bc6077f3e02d2db509675d47ab82f6ff4a90afe077e27c21c0b638b57a2eab45bb559f008bd7be33a80a7b589d13e0b55ead454dd7273dba32eed5c8825108d119067223244f3fbffeca61c1a56ea931ed9b59e79c8d01e45f08c17b7da7876222c13f33e9b5330bdb84bb96a554bf678f9b7cf25b4817913143314c05608a82f5f8904550489f290327c7eb9a9eb9184db2ee3af9c06a8b705ea5f4c2d3109"
"rsa2@22:86.101.186.25"="0x23,0xe86ebf194b7047bfe97ef345c0165821d4a822b06534c7dd6591381494a6843c8c0e236d826b02977a9c409fc8388a5019178c7c0bd92c5ae45918c352604f6b2a6b6fef9c108af629f05585ef1d806ee807f038455cbb1230164c44b37d2e7673f57ea80127c71a572433746f9ebdc8459739d67bfa95ef7aa2c73fd59827ff"

iii. You need to substitute in this file value of HKEY_CURRENT_USER to HKEY_USERS.DEFAULT

HKEY_CURRENT_USER

HKEY_USERS.DEFAULT

After changing the value it should look like:

[HKEY_USERS.DEFAULTSoftwareSimonTathamPuTTYSshHostKeys]
"rsa2@22:www.pc-freak.net"="0x10001,0xb5e039dc0443c0fb5e49085610c7b2010238370cd2f02e5e4e3c31ee2510aa502ffad7ae66e369654a2e4e5546e53422fec988a92ee4471dc166927ce6553106a1f91d976ec647d76582f04a9fe5aa410caa41775bb0a425cb5be0acbb05fb7d5e8ba1d27fca94498f31452b5ccd4afbb81bda5b15260e114daded35dc5b6813387ca859a787bae5ca31db6a43fa27a1894c7974c7fb0933fed1365469168cc00a8f02320fae0a3b1a3cf2fc38b7cd504ea8d5ebf6aa2ede7744d813431d20ff4f8bf31f4e3647f87fa20e1a95f81ab863eab67f849ff212c36006912e7101580d99175c818f1cfafc2cd38a73bb4288a2e536d16a9226ce09ddbe3304d8209b"
"rsa2@22:soccerfame.com"="0x10001,0xabd9c222b5345fdb485232ed7e8d78968bde74df04b467c807d9136fa42dfeb253c6e590039e81e8918d28bd8db79b985f73390b5c0b4ce0ca0d8d6e54faf308ee94c621cdb2b15eb7142c6f234e18d12235f842d9d6b3ffec34a2896d0b7a132bc6077f3e02d2db509675d47ab82f6ff4a90afe077e27c21c0b638b57a2eab45bb559f008bd7be33a80a7b589d13e0b55ead454dd7273dba32eed5c8825108d119067223244f3fbffeca61c1a56ea931ed9b59e79c8d01e45f08c17b7da7876222c13f33e9b5330bdb84bb96a554bf678f9b7cf25b4817913143314c05608a82f5f8904550489f290327c7eb9a9eb9184db2ee3af9c06a8b705ea5f4c2d3109"
"rsa2@22:86.101.186.25"="0x23,0xe86ebf194b7047bfe97ef345c0165821d4a822b06534c7dd6591381494a6843c8c0e236d826b02977a9c409fc8388a5019178c7c0bd92c5ae45918c352604f6b2a6b6fef9c108af629f05585ef1d806ee807f038455cbb1230164c44b37d2e7673f57ea80127c71a572433746f9ebdc8459739d67bfa95ef7aa2c73fd59827ff"

iv. Import the new file with modified values back to registry

import-to-windows-registry-registry-host-file-for-plink

d) Start the newly created ssh_tunnel service

Type in win command prompt (cmd.exe)

net start ssh_tunnel

The ssh_tunnel service is starting.
The ssh_tunnel service was started successfully.

If you want to further stop the ssh_tunnel service later run:

net stop ssh_tunnel

Using the same logic you can use instsrv, a new registry setting and the net command to set services to ran on Windows boot.

3. Method 3 – Use AlwaysUP GUI to run plink as a service

The only pity thing about this method is it depends on a Trial non-free program, so if you want to use it permanently either you will have to crack it or you have to buy full version.

Here is how to set plink through alwaysup

i. Download and Install Coretechnologies AlwaysUP

ii. Start AlwaysUP

iii. Select Application > Add to open the Add Application window:

iv. In General Tab

In application field enter the full path to PuTTY's command line executable, PLINK.EXE. In my case this is C:ToolsPutty

v. in Arguments field, enter the Plink SSH tunnel creation full command:

plink -ssh -2 -L www.pc-freak.net:22:localhost:22 -l remote-username -pw Remote_Password www.pc-freak.net -N

vi. In the Name field, enter the name that you will call the application in AlwaysUp. We have specified PuTTY but you can specify another name if you like.

vii. Click over to the Logon tab and enter the user name and password of the account with which you will run Plink command, usually the current logged in user.

AlwaysUp will run Plink in this account so that it can find its settings, such as saved ssh host keys, etc.

vii. Click on Startup tab and check if Ensure that the Windows Networking components have started is ticked. This instructs Always, that PuTTY needs network in order to work.

vii. Click the Save button. PuTTY will show up in few secs within AlwaysUp window, however yet not running.

alwaysup-putty-created-but-not-started-as-service-yet

viii. To Start PuTTY as a service:

Click on Application > Start "PuTTY".

alwaysup-putty-running-screenshot
State will change to Running after a few secs and tunnel will be established.

After a PC restart on next boot, SSH tunnel will come up immediately (even if there is no logged in WIndows user). To test all works as expected give the PC a restart and try tunnel connection.

Tags: Account Name, boots, com, command prompt, key file, make, network, password, Pc, pc boot start ssh tunnel, schedule services on windows, ssh server, start automatically ssh tunnel, start plink tunnel, tail for windows, use, windows boot ssh tunnel, Windows Resource Kit, www
Posted in Computer Security, System Administration, Various, Windows | 2 Comments »

2 Wonderful days in Belgrad Serbia / Belgrad a city you should see! – A trip to KaleMegdan, ZooPark War museum and Kaona monastery

Monday, July 7th, 2014

Flag_of_Serbia-days-in-Serbia-Beograd-must-see-place-zoopark-and-military-museum.svg

Me and my wife Svetlana, spend our weekend in Beograd (or BeoGreat! as it is also famous among English speaking). I was sceptical about Serbian, always thinking Serbians are living poorer and that we Bulgarians have better living standard. What I saw in Beograd convinced me Serbs lives at least half or 1 time better than us Bulgarians. Starting from Road Infrastructure and coming to the prices and ending with buildings, people live and mood and everything is just amazing!
serbian-tram-beograd-city-nice-infrastructure

serbian-tram-beograd-city-nice-infrastructure

Serbs as people have deeply impressed me, they are one of the best people, I've seen really. Serbs have respect for their Church, know how to enjoy their life much more than us. Also the culture in Serbs as they are more western oriented than us. The language is not so easy to understand as a I though, generally you can understand with a serbian as its slavonic similar language. The whole 2 way sleeping car train ticket from Bulgaria ( Sofia ) to Serbia ( Beograd ), costed us about 55 euro per person – which is a bit expensive because the real distance between Sofia and Serbia is only 400
km, but as it is international ride it is a bit overcosted.

bdz_slipenwagen-sleeping-old-car-of-bulgarian-national-railways

The sleeping car were inscribed with the words (Liegen Wagen – in German Sleeping Car) and were an old wagons left from communism – produced in Bulgaria.
Though the wagons were old the were clean and warm, the sleeping sheets were clean and generally it was confortable as we were only 2 people in compartment (this was so because not too many people travel from Beograd to Sofia and vice versa). Also the service in the train is on a high level, the woman who was accomodating us in the train was very affable. In train we were checked twice once by and once by Serbian border control and by Bulgarian border police and customs. On our way to Serbia the train come late with a delay about 2 hours we started from Sofia at 20:30 on 5th of July, Friday and we were supposed to be in Beograd in 05:00 Serbian time (which is 06:00 BG Time).
However the train arrived in Beograd just about 07:00 (Serbian time).

Belgrade_railway_station

We had the great blessing to have a very warm and dry days which was quite nice (especially after the heavy floods that hit Serbia and Bulgaria less than a month ago. The central train station in Beograd is much smaller than Sofia's central station but it looks much beatiful as it is an old-fashioned building probably 100 years old. What striked me right after our arrival is the public transport trams, were very new and clean. Also the cars Serbs drive seem to be newer than Bulgarians, Serbians drive second hand bought cars from West Europe approximately produced in 2006, while the avarage cars we drive here in BG is from 2001 or 2000. There are few buildings in the city center which seemed abondoned and seemed like they need renovation but besides that everything looked quite well looking for a city that was bombed in 1998 – 1999. Later I learned from Galin bombing conducted by Americans was done only on few government and military buildings – and were done in a very "human" way – everything was clear earlier what will be bombed etc. etc.

Serbia-Belgrade-bomb-damage-building

Can you believe, there might be a "human way of bombing?", well according to Americans and UN, there could be! On our arrival merrital god-father Galint took us from train station and brought us to their living apartment located on str. Maršala Birjuzova, Beograd. Andrea (Galin's wife) and our merriage god-mother received us warm harted as always. We met also Andrea's mother Milenka (Serbian equivalent of Bulgarian name Milena) … Andrea's mother Milenka Perolo is owning a small an English to Serbian and Serbian to English translation angecy called "Perolo". Andrea and her mother are by linkage Croation, it is very interesting that genetically Croatiaons are very close to Bulgarians just like we Bulgarians are genetically close to Italians and even according to some researches Italian nation originated from Bulgarian. There is probably something true in that because it seems we can very easily interact with Croations …
23 days old cute baby girl Boryana (which got baptized – becoming a young Orthodox Christian 🙂 )

Galin and Andrea are having only 23 days born baby called Boryana, its their 3rd child after Georgi and Konstantin. After having a good braekfast from fast food like Bulgarian famous Banica (from Pekara – a place where they sell fast food equivalents to Banica) and we bought Yogurt which is something like the Bulgarian Soar Milk (Kiselo Mlijako) with this difference that Serbian Yogurt is not so good for health as Bulgarian Yoghurt (Kiselo Mlijako). After the morning meal Galin brought us to the city center where we enjoyed a lot the Serbian language writtings in shops and buildings. The words are similar to Bulgarian. However cyrillic writting in Serbia is not so common as they tend to write a lot of their words in Latin letters being highly influenced by western culture. After the main city center street full of majestic buildings of significance to Serbian history, the national bank, the national museum, theatres etc. We came to KaleMegdan a very beautiful green park full of statues of Serbian revolutionaries, Kings and national heroes, very much in the spirit of Sofia's Borisova garden (gradina) – Sofia's central park. What striked me is the fortress situated in the middle of the park. KaleMegdan fortress is probably one of the best preserved and biggest early age (12/13th century) fortress and medieval times renewed fortress in Europe. It is the biggest I've seen in my wife so far, in the middle of the fortress there is a tennis court! a basketball field, volleyball field etc. etc. In very middle of KaleMegdan fortress there is a an exposition of tanks and warfare items and heavy anti-tank weapons left from I-st and II world war. There are also a boats and even submarine missles and underwater mines exposed, along with war boats. I was never seriously interested in warfare technology but seeing all this complete took up my attention. Continuing further the fortress one ends to a fortress walls and park continuation from where you see the two rivers Savva (Sava) river and Dunabe mixing beatifully together their blue and green waters, along with a sideview to whole Beograd
city! Again amazingly beuatiful!

Sava_river_in_Belgrade,_view_from_Kalemegdan_fortress

The air of course is very wet and there is humidity everywhere as there is a big river nearby. And in summer in Beograd you feel like being on the beach except there are no beaches. There is an improvised beach on the river, but as I heard from Beograd locals, beaching ont he river is much less enjoyable as going to a real sea beach. In the fortress there are two Churches as well one used to be a military church and interestingly its lusters are all made of war bullets. The otherChurch Saint Petka is historically very famous as it was temporary holding the holy relics of Saint Petka and even today in the Church there is small part of holy relics from Saint Petka. On Dunabe river there is a view of many boats and river resturants beautifully ordered on the river shore so it is perfect for people to relax from heavy stressful daily life. On the city park there is also a large children playground, where children could have a great fun and very near the fortress is situated Beograd
National – City ZooPark!

Beograd-city-center-national-zoo-white-lion

Beograd-city-center-national-zoo-white-lion

The Zoo is fantastic and has even more animals though situated on less space than Sofia Zoo. We went to Famous Beograd Zoo on Sunday 06.07.2014, after being for a holy liturgy in the main cathedral Church of Beograd – St. Archangel Michael (the Church building is situated opposite to Serbian Orthodox Church Holy Synod, and very nearby to a iconographic academy and the patrierchal residency.

Saborna-Crkva-Beograd-city-center

Saborna-Crkva-Beograd-city-center

The Church service was quiet understandable as big parts of the service is in Church Slavonic and as I'm adjusted to understanding big part of the Church slavonic and understand a bit of serbian speech, I was feeling in Serbian church almost like in a service here in Bulgaria. Serving Holy Liturgy in Church in Church slavnic is a big blessing for us slavonic people as we can understand the service in Serbia, Bulgaria, Monte Negro, Croatia, Bulgaria 🙂 After the Church service we went for a coffee in a Serbian coffee nearby the iconographic academy in Beograd. One thing to note here is always in all ex-Yugoslavia, if you order coffee you get a cup of free fresh water with the coffee – a great coffee drinking habit of Serbs. In the street I've seen a car under the brand Yugo which is pretty much like the small old Fiat cars, but it used to be produced in the Federal Republic of Yugoslavia. After the coffee we went back home have a another coffee with a small dinner and a cake with Serbian Coca-Cola which has a little bit of a different taste than the coca-cola in BG and other countries I've been (note I usually hate Cola and I don't drink it but here I dеcided to give it a try with experimental aim 🙂 What impressed me on the Coca Cola plastic bottle was written "This Cola doesn't contain conservants or any chemical substances" – I LOL-ed (Laughted Out Loud ) to this non-sense. We all know cola is one of worst conservant of modern man so such a writtings is a big non-sense.

Pljeskavica - Serbian Traditional most popular food meal
Pljeskavica – Serbian Traditional most popular food meal

For a lunch I ate the most famous Serbian (food) meal called "Pleskavica" a very, very big meat ball – talking about food Serbian are crazy about meat. They probably are the nation with biggest meat consumption in Europe! – I heard for Serbs and Croations, a kilo and a half of meat eaten a day is something very usual!
Monastery-kaonana-putusaba-serbia-monastery-near-Beograd-70-km-monastery-from-Beograd

Monastery-kaonana-putusaba-serbia-monastery-near-Beograd-70-km-monastery-from-Beograd

Kaona Monastery Serbia Monks living cells

After lunch time on Saturday, around 14:00 serbian time, we jumped in our god-fathers Opel car and travelled to Kaona Monastery where was arranged to happen baptism of 23 days new-born baby Boryana. The archimandrite Philimon (which is very young 30 years old) received a us hospitably in Kaona Monastery – a monastery nearby the Serbian village Kaona. The monastery is a true heavenly garden. It has a small monastic property – sheeps, ducks, chickens 🙂

Crkva Kaona Monastir

There is a miraculous water spring like in most monasteries, a baptisterium, two beautiful Churches (a Church school) and lake with a boats where you can have rest sailing with a small rowing boat. My wife Svetlana became the spiritual mother of the 23 days baby Boryana, making our bond with our marriage god-parents family even stronger. We had a safe travel from Beograd to Kaona and vice versa by God's grace. By an old tradition after batism there was small gathering and we ate same biscuits, baklava and drink a little of Rakia, coffee tea etc. After that by Abbot's blessing Philimon we went to the small monastic lake and sailed on the small rawing boat, where I had the chance to oar the boat for a second life in my life (btw rowing is quite pleasurable and healthy thing to do).

Kaona monastery paradise lake
Kaona monastery tiny monastic lake

The Abbot Philemon very much in the monastic spirit of good willness and love invited us to have a dinner together with a few of the other people who was on a pilgrimage journey to the monastery.

Kaona Monastery sheeps

Eating in a monastery is a true blessing as always. Before eating a prayer is said by the abbot and the food is blessed during the dinner. There was a person reading the sayings of the Holy Church fathers, letting the monks remember even when they eat that the spiritual food is more important and should not be forgot even when physical food is eaten.

Church for funeral services nearby Kaona monastery

Kaona Monastery entrance Church side door

Paraklis (Small Baptismal Chapel Kaona Monastery)
Parakles (Small Baptismal Chapel)

Going back from the monastery on late Saturday we had the plan to go outside with Galin and enjoy a bit the night life of Beograd but, we were very tired so we went sleeping almost immediately. On the next day after the Church service, we went to the Zoo and we had 2 hours and a half of great time, and I have the opportunity to see a lot of animals I saw for a first time in my life by God's grace 🙂 Here are some pictures from the zoo-park.

Beograd-National-Zoo-Lamma

hip0-and-a-Lion-in-Beograd-Zoo

My-wife-and-a-Camelopard-in-Beograd-Zoo

hipos in Beograd ZooPark 🙂

Grandmother Camel in Beograd Zoo
In the afternoon after the zoo I went to the Military museum. It is the first war museum visitation in my wife so again quite an interesting experience.

Military-museum-belgrad-voenen-muzei-Belgrad

Among the machine-guns there was even Bulgarian. It is interesting too see that a big part of history of Serbs is in their war history, there war weapons from all ages starting from pre-medieval times, going through the mediaval, the renessance the Serbian liberation war, the Ist and II-nd world war and ending in the just recent war
in Kosovo and conflicts in Monte Negro (Cerna / Crna Gora)

.
Military Museum within fortress wall Belgrad

To end up the great time, few hours before we had to go Galin and Andrea brought and left the two kids for a birthday party and brought us for a drink of few beers in boat-restaurant anchored on the river shore of Savva river.

Rabbit drink / Zaicharsko Serbian beer
Zaicharsko Serbian beer / Rabbit drink 🙂

An interesting fact is Savva river is named after Saint Savva (who was the first Serbian Archibishop, the creator of Serbian Church and partially the creator of Serbian state), St. Savva is considered the greatest serbian saint of all times and protector saint of all Serbian.

Saint-Archibishop-Sava-creator-of-Serbian-Orthodox-Church

A curious fact is saint Savva's dormition happened in nowdays Tarnovo Bulgaria.
As a closure I would say I enjoyed Serbian land a lot and I recommend it to anyone who want to have a great rest time. I think it is a big blessing for Serbians to not be in the European union, and one can feel the difference even spiritually when he is out of EU. In being not yet officially part of European Union though they have put their candidature Serbia reminds me somehow to Belarus.

Serbia just like Bulgarian is a land very rich in saints and martyrs throughout the long history, they're our brothers and we have one faith. One of the ways for a growth and well being for us as Bulgarians is to keep tight connections with our Serbian brothers and sisters. Just as an interesting fact for those who like monastic tourism near Beograd there is a mountain with 17 monasteries! Serbia is also among the countries still having relatively big number of monks, as of my knowledge Serbia has about 2000 monks

Tags: Belgrad Serbia Belgrad, building, Bulgarian Soar Milk Kiselo Mlijako, cars, city, food, fortress, Liegen Wagen, LOL, time in my life, train station
Posted in Curious Facts, Entertainment, Everyday Life, Various | 1 Comment »

Creating Dynamic SSH Tunnel on Windows with Plink – Scriptable SSH Tunnels on Windows

Friday, July 4th, 2014

creating-ssh-tunnel-on-windows-with-plink-ssh-tunnel-diagram-tunnel-email-traffic

In my earlier articles I've explained about Creating SSH Tunnels on Linux and BSD and how to create SSH Tunnels with Putty Terminal client on Windows.

Creating SSH Tunnels is a precious knowledge every advanced computer user, a system administrator or security expert should be well aware of.

Probably still there are plenty of people for which the SSH Tunnelling is something never heard of or even if heard it is a mythical term covered by ancient shadows 🙂

So What is an SSH Tunnel? – SSH Tunnels shortly explained.

A SSH tunnel consists of an encrypted tunnel created through a SSH protocol
connection.

An SSH tunnel can be used to transfer unencrypted traffic over a
network through an encrypted channel between two hosts (host A and Host B) usually using remote and local port.

Requirements for SSH tunnel

Where Host B has to be running a version of OpenSSH server on some reachable port from Host B, (lets say 22).
Host B OpenSSH server has to be with (enabled X11Forwarding – X11Forwarding yes in /etc/ssh/sshd_config) and Host A needs to have some SSH client supporting port forwarding (ssh command on Linux – part of (openssh-client package) and on Windows – Putty / Plink or any other of the many available ssh tunneling clients).

Probably most common SSH Tunnel use is to bypass firewalls that prohibits or filter certain internet services.
In other words SSH Tunnels can be used to get around firewall filtering. If you never heard of Bypassing firewalls with port forwarding I recommend to check this article

We can use a ssh tunnel to securely transfer files between a FTP server and a client even though the FTP
protocol itself is not encrypted, Tnnel traffic to an SQL server, Tunnel traffic from your Desktop PC to a Proxy
SSH tunnels can be used to tunnel outbound E-mail traffic back to your work PC to avoid having to change SMTP servers etc.

A very common SSH Tunnel use is by office workers who don't want their Custom Web browsing habbits and Web history be tracked,

For people who has to travel a lot tunneling SSH traffic from notebook to your home based SMTP is mandatory, otherwise your e-mail passwords, might end up captured by someone who manages the Free WI-FI used by you somewhere on the road or cafeteria. Another good case use of SSH Tunnel is to tunnel VNC traffic.

SSH Tunneling was historically very famous in days where IRC (Internet Relay Chat) and used to be common way (for people who want to prevent their real IP address from publicly visible) on the Internet.
SSH Tunneling is great way to maintain high communication security, however because it requires some basic technical knowledge most people neglect it or never heard of it, so I hope this article will give at least basic ideas to people new to tunneling.

How to create SSH Tunnels on Microsoft Windows

SSH Tunneling has been originally invented on UNIX / Linux platform, luckily nowdays it is easily possible to create SSH tunnels on almost any moden OS (including Mac OS X and M$ Windows).

Using Plink it is possible to create easily (batch) scriptable SSH tunnels on Windows

Generally here is example of basic plink use syntax:

plink.exe {remote-host} -P 22 -C -D 10080 -l username -pw password

To make a Tunnel with Plink to remote SSH Server (remote-ssh-server.com) listening for connections on port 22 on localhost 10022

"C:Program Files (x86)PuTTYplink.exe" -ssh remote-username@tunnel-to-ssh-server-host.com -pw PASSWORD123 -C -T -D 127.0.0.1:10022 -N

-D – option instructs Plink to make "Dynamic SOCKS-based port forwarding"
Dynamic Socks-based port forwarding will make your ssh client a simple socks server which listen to port 10022 for incoming connections.
-T – tells plink not to open interactive shell on remote server (disable pty allocation)
-C – enables traffic compression

Using the -D option you can prepare tunnel to traffic all your outgoing server traffic via the SSH tunneling host.

E. g. -D allows you to use the remote ssh server as a proxy server with no need for remote server to run anything except SSH service and have Internet connection.

-N – stands for "don't start shell/command SSH-2 only"

On success of SSH Tunnel establishing you will get a pop-up window similar to below screenshot (note that some of the messages in cmd line are from a batch script – if no batch script is used you wil only get a window with "Using Username":

plink_establishing_ssh_tunnel-on-microsoft-windows-screenshot

Note: That if you're about to be using Plink command frequently add it to your Windows SYSTEM PATH (check my previous article – how to add Putty to System PATH) to enable it invokable without writting the full command path location.

Once this Window is open if you still have doubt, where the tunnel is established, the quickest way to test whether tunnel is working is to open telnet to localhost port 10022.

In Windows command prompt type:

C:> telnet localhost 10022
…

You will get a remote server SSH version printed, like on below shot:

windows-testing-whether-ssh-tunnel-is-working-with-telnet-screenshot-black-screen

Now lets say now you would like to access the internet via just created SSH tunnel.
You can do it by simply setting Socks Proxy in your Firefox / Opera (or whatever browser you use).

Whether you want to run the SSH Tunnel permanent and periodically check whether tunnel is allve and respawn it in case plink quit, you can use a very simple batch script like one below:

@ECHO OFF
tasklist /FI "IMAGENAME eq plink.exe" 2>NUL | find /I /N "plink.exe">NUL

if "%ERRORLEVEL%"=="0" ( echo Programm is running exiting
exit
)
echo "Not Running"
start /b "C:Program Files (x86)PuTTYplink.exe" -ssh remote-username@tunnel-to-ssh-server-host.com -pw Password123 -T -C -D 127.0.0.1:10022 -N"

If you're a Linux guy and you don't want to mess around with Plink but still want to create your SSH tunnels following SSH client UNIX command line syntax, setup the Cygwin port of OpenSSH for Windows.

Or if you're unsure whether remote server is always reachable (you're moving with your notebook from (Country) network to network), you can use also portqry – windows port scanner to check whether remote ssh server port is opened:

@ECHO OFF
tasklist /FI "IMAGENAME eq plink.exe" 2>NUL | find /I /N "plink.exe">NUL
if "%ERRORLEVEL%"=="0" ( echo Programm is running exiting
pause
exit
)
portqry -n tunnel-to-ssh-server-host.com -p tcp -e 22
if %ERRORLEVEL%==0 echo tunnel-to-ssh-server-host.com Reachable Connecting ..
if NOT %ERRORLEVEL%==0 (echo tunnel-to-ssh-server-host.com.com Unreachable
exit)
echo "Not Running. Starting"
"C:Program Files (x86)PuTTYplink.exe" -ssh remote-username@tunnel-to-ssh-server-host.com -pw Password123 -T -C -D 127.0.0.1:10080 –N

Here is another sample use of Plink to create tunnel via SSH host tunnel-to-ssh-server-host.com to listen for connections on localhost port 1234 and forward all incoming traffic to squid proxy server on 192.168.1.5 on port 3128.

C:Usersgeorgi>plink.exe -v -x -a -T -C -noagent -ssh -L 127.0.0.1:1234:192.168.1.5:3128 remote-username@tunnel-to-ssh-server-host.com

Setting then 127.0.0.1:1234 in Firefox Proxy browser settings will make all traffic from your browser to flow securily to your own proxy server (letting you hide your "custom traffic" from company Web sniffers (Proxying) and Web filtering.
A remark to make here is 192.168.1.5 is (a internal server with Squid Proxy, configured to pass traffic to the internet ).

Here is a way to make tunnel between your remote SSH server and local Desktop PC to make Google queries without being logged by your ISP or company where you're working:

plink.exe "-v -x -a -T -C -noagent -ssh -L 127.
0.0.1:1234:95.158.130.242:443 -pw SecretPassword123 -l hipo www.pc-freak.net"

95.158.130.242 – is one of the IPs www.google.com resolves to
www.pc-freak.net – is name of my home router.

To make tunneled queries to Google then open in browser https://127.0.0.1:1234

If you're a lazy windows user and don't want to bother to make your tunnels from command line and you want need nice gui way to manage multiple tunnels – check out putty-tunnel-manager.

I myself am not a SSH Tunnel expert and thus Iwould be happy to learn further from people for some interesting cases and custom ways to do SSH Tunnels. If you know of better advantageous ways to tunnel traffic, please share.

Happy tunneling ! 🙂

Tags: cmd line, Happy, How to, hp, Internet Relay Chat, make, proxy server, script, ssh command, Using Username, Windows, windows user
Posted in Computer Security, Everyday Life, Networking, System Administration, Various, Windows | 5 Comments »

Monitoring CPU load and memory usage on Mac OS X command line (Terminal)

Thursday, July 3rd, 2014

macosx-server-screenshot-server-assistant-apple-tool
You might be stunned to find out Mac OS X has a server variant called Mac OS X server. For the usual admin having to administer a Mac OS X based server is something rarely to do, however it might happen some day, and besides that nowadays Mac OS X has about 10% percentage share of PC desktop and laptops used on the Internet (data collected from w3cschools log files). Thus cause it is among popular OSes, it very possible sooner or later as a sysadmin you will have to troubleshoot issues on at least Mac OS X notebook. Mac has plenty of instruments to debug OS issues as it is UNIX (BSD) based.

Mac OS X has already a GUI tool called Activity Monitor (existing in Mac OS 10.3 onwards) in earlier verions, there was tool called Process Viewer and CPU Monitor.

To start Activity Monitor open Finder and launch it via:

Applications -> Utilities -> Activity Monitor

As a Linux guy, I like to use command line and there Mac OS X is equipped with a good arsenal of tools to check CPU load and Memory. Mac OS X comes with sar – (system activity reporter), top (process monitor) and vm_stat (virtual memory statistics) command – these ones are equivalent of Linux's sar (from sysstats package), top and Linux vmstat (report virtual memory statistics).

1. Check out Mac OS X HDD Input / Output statistics

$ sar -d -f ~/output.sar

20:43:18 device r+w/s blks/s
New Disk: [disk0] IODeviceTree:/PCI0@0/RP06@1C,5/SSD0@0/PRT0@0/PMP@0/@0:0
New Disk: [disk1] IOService:/IOResources/IOHDIXController/IOHDIXHDDriveOutKernel@1/IODiskImageBlockStorageDeviceOutKernel/IOBlockStorageDriver/Apple UDIF, только для чтения, сжатый (zlib)
New Disk: [disk2] IOService:/IOResources/IOHDIXController/IOHDIXHDDriveOutKernel@3/IODiskImageBlockStorageDeviceOutKernel/IOBlockStorageDriver/Apple UDIF, только для чтения, сжатый (bzip2)
New Disk: [disk3] IOService:/IOResources/IOHDIXController/IOHDIXHDDriveOutKernel@4/IODiskImageBlockStorageDeviceOutKernel/IOBlockStorageDriver/Apple UDIF, только для чтения, сжатый (bzip2)
New Disk: [disk4] IOService:/IOResources/IOHDIXController/IOHDIXHDDriveOutKernel@6/IODiskImageBlockStorageDeviceOutKernel/IOBlockStorageDriver/Apple UDIF, только для чтения, сжатый (zlib)
20:43:28 disk0 7 312
20:43:28 disk1 0 0
20:43:28 disk2 0 0
20:43:28 disk3 0 0
20:43:28 disk4 0 0
20:43:38 disk0 12 251
20:43:38 disk1 0
…

2. Checking Mac OS X CPU Load from terminal

To check Load from Mac OS command line use:

$ sar -o ~/output.sar 10 10

That gathers 10 sets of metrics at 10 second intervals. You can then extract useful information from the output file (even while it's still running), this will get you cpu load on Mac OS system spitting stats every 10 seconds.

21:22:33 %usr %nice %sys %idle
21:22:43 7 0 2 90
21:22:53 8 0 3 89
21:23:03 11 0 4 85
21:23:13 9 0 3 88
21:23:23 9 0 3 88
21:23:33 7 0 3 90
21:23:43 10 0 3 87
21:23:53 10 0 4 85
21:24:03 10 0 5 85
21:24:13 8 0 3 88
Average: 8 0 3 87

3. Checking Free memory on Mac OS X

Use this obscure one liner to free -m Linux memory command like output from Mac terminal

$ vm_stat | perl -ne '/page size of (d+)/ and $size=$1; /Pagess+([^:]+)[^d]+(d+)/ and printf("%-16s % 16.2f Min", "$1:", $2 * $size / 1048576);'

free: 43.38 Mi
active: 1762.00 Mi
inactive: 1676.91 Mi
speculative: 3.29 Mi
wired down: 609.38 Mi
copy-on-write: 29431.01 Mi
zero filled: 4687689.80 Mi
reactivated: 30288.86 Mi

To show inactive memory in Gigabytes every 10 seconds

$ vm_stat 10 | awk 'NR>2 {gsub("K","000");print ($1+$4)/256000}'

1.70532
1.70455
1.70389
1.6904

It is also possible to get memory statistics on Mac PC running top in non-interactive mode and grepping it from output:

$ top -l 1 | head -n 10 | grep PhysMem | sed 's/, /n /g'

PhysMem: 599M wired, 1735M active, 1712M inactive, 4046M used, 47M free.

4. Quick command to get Kernel / how many CPUs, available memory and load avarage on Mac OS X

From y. 2003 onwards of Mac OS have hostinfo – (host information) command, providing admin with quick way to get System Info on Mac OS

$ hostinfo

Mach kernel version:
Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64
Kernel configured for up to 4 processors.
2 processors are physically available.
4 processors are logically available.
Processor type: i486 (Intel 80486)
Processors active: 0 1 2 3
Primary memory available: 4.00 gigabytes
Default processor set: 98 tasks, 621 threads, 4 processors
Load average: 1.63, Mach factor: 2.54

If you need more verbose information on system hardware and resources, check out system_profiler. As the manual describes it, system_profiler(reports system hardware and software configuration.) cmd:

$ system_profiler Here is a link to output file generated by system_prifler

Tags: command, cpu load, information, liner, Linux, Quick, size, sysadmin, system hardware, virtual memory
Posted in Everyday Life, Monitoring, System Administration, Various | 1 Comment »

Fix MySQL connection error – Host ” is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’

Wednesday, July 2nd, 2014

fix-mysql-too-many-connection-errors-explained

If you get a MySQL error like:

Host '' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'

This most likely means your PHP / Java whatever programming language application connecting to MySQL is failing to authenticate with the application created (existing) or that the application is trying too many connections to MySQL in a rate where MySQL server can't serve all the requests.

Some common errors for Too many Connection errors are:

Networking Problem
Server itself could be down
Authentication Problems
Maximum Connection Errors allowed.

The value of the max_connection_errors system variable determines how many successive interrupted connection requests are permitted to myqsl server.

Well anyways if you get the:

Host '' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'

You can consider this a sure sign application connections to MySQLis logging a lot of error connections, for some reason.
This error could also appear on very busy websites where high amount of separete connections are used – I've seen the error occur on PHP websites whether mysql_pconnect(); is selected in favour of the prooved working mysql_connect();

The first thing to do before changing / increasing default set of max connection errors is to check how many max connection errors are set within MySQL?

For that connect with MySQL CLI and issue:

mysql> SHOW VARIABLES LIKE '%error%';

+——————–+————————————————————-+
| Variable_name      | Value                                                           |
+——————–+————————————————————-+
| error_count        | 0                                                               |
| log_error          | /var/log/mysql//mysqld.log                                |
| max_connect_errors | 10000                                                |
| max_error_count    | 64                                                               |
| slave_skip_errors | OFF                                                           |
+——————–+————————————————————-+

A very useful mysql cli command in debugging max connection errors reached problem is

mysql> SHOW PROCESSLIST;

To solve the error, try to tune in /etc/my.cnf, /etc/mysql/my.cnf or wherever my.cnf is located:

[mysqld]
max_connect_errors variable

and

wait_timeout var. Some reasonable variable size would be:

max_connect_errors = 100000 wait_timeout = 60

If such (anyways) high values is still not high enough you can raise mysql config connection timeout

max_connect_errors = 100000000

Also if you want to try raise max_connect_errors var without making it permanenty (i.e. remember var setting after MySQL service restart), set it from MySQL cli with:

SET GLOBAL max_connect_errors

If you want to keep the set default max_connection_errors and fix it temporary, you can try to follow the error

Host '' is blocked because of many connection errors; unblock with 'mysqladmin flush-hosts'

suggestion and issue in root console:

mysqladmin flush-hosts

Same could also be done from MySQL Cli with cmd:

FLUSH HOSTS;

Tags: application, cnf, config, connection, connection timeout, default, fix, issue, lot, mysqladmin, programming language, reason, setting, size, suggestion, system
Posted in Everyday Life, MySQL, System Administration, Various | 3 Comments »

☩ Walking in Light with Christ – Faith, Computing, Diary

Archive for July, 2014

Make Apache webserver fix spelling mistyped URL errors and serve files case insensitive with mod_speling

StatusNet – Start your own hosted microblogging twitter like social network on Debian GNU / Linux

Preserve domain name after redirect with mod_rewrite and some useful mod rewrite redirect and other examples – Redirect domain without changing URL

Start Plink SSH tunnel on Windows start – Windows Resource Kit and AlwaysUp start Windows services when computer boots up

How to make the tunnel initialize automatically on Windows PC boot?

2 Wonderful days in Belgrad Serbia / Belgrad a city you should see! – A trip to KaleMegdan, ZooPark War museum and Kaona monastery

Creating Dynamic SSH Tunnel on Windows with Plink – Scriptable SSH Tunnels on Windows

Fix MySQL connection error – Host ” is blocked because of many connection errors; unblock with ‘mysqladmin flush-hosts’

Daily Bible quote

GET ARTICLE UPDATES

Useful blog? Help it:

Links to Other Places

Recent Posts

Ads

Categories

About Myself

Recent Comments

Top Post Views

blogtopsites