Archive for the ‘Server’ Category
Get a list of all virtual hosts which are defined in all apache configuration files
Have you ever searched where the virtual host of a website is defined in the apache config files? There is a handy option of the apache2ctl script which might help then. When you run the command:
apache2ctl -S
on the shell, you will get a list of all virtual hosts and default servers incl. the line number where it is defined. Example:
~# apache2ctl -S VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: *:8080 is a NameVirtualHost default server ispconfig.local (/etc/apache2/sites-enabled/000-ispconfig.vhost:10) port 8080 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-ispconfig.vhost:10) *:8081 is a NameVirtualHost default server ispconfig.local (/etc/apache2/sites-enabled/000-apps.vhost:10) port 8081 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-apps.vhost:10) *:80 is a NameVirtualHost default server ispconfig.local (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost ispconfig.local (/etc/apache2/sites-enabled/000-default:1) port 80 namevhost example.com (/etc/apache2/sites-enabled/example.com.vhost:7) Syntax OK
Thanks to Planetfox for this tipp.
How to disable Apache mod_security for a website in ISPConfig 3.
If you use mod_security on your server you might encounter that a website script is not compatible with mod_security. To disable mod_security (v2) for a website, add the following code into the apache directives field:
<IfModule mod_security2.c> SecRuleEngine Off </IfModule>
For the older mod_security 1 version, use these configuration directives:
<IfModule mod_security.c> SecFilterEngine Off </IfModule>
Thanks to Planetfox for this tipp.
How to force caching headers with apache and squid reverse proxy
If you use a squid reverse proxy in front of your apache webserver to reduce the load, it might happen that pages are not cached correctly because the website script running on the apache webserver sends wrong caching headers. I had this problem with a wordpress install, wordpress had always send pragma no-cache headers with the pages so squid reported a cache miss for every page request. A simple solution for this is to use apache mod_headers to delete the no chache header and replace it with a header for 10 minute cache period.
First, ensure that mod_herders is enabled. To do this in Debian and Ubuntu, run the command:
a2enmod headers
Then create a .htaccess file in the website root directoyr which contains the following lines:
Header unset Pragma Header set Cache-Control "must-revalidate, max-age=0, s-maxage=600" Header set Vary "Accept-Encoding"
Keep the spamassassin filter rules up to date in ISPConfig 3
To update the spamassassin rules regularily on your ISPConfig 3 server, add the following line to the root crontab by running:
crontab -e
then insert the following line:
23 4 */2 * * /usr/bin/sa-update --no-gpg &> /dev/null
and save the file. The path to the sa-update script is /usr/bin/sa-update on Ubuntu and Debian Linux, if you use a different linux distrubution, run the command:
which sa-update
to find the location of the sa-update script and adjust the path in the crontab line above so that it matches the path on your system.
How to fix the spamassassin bug with the FH_DATE_PAST_20XX rule
Since january 1 2010, spamassassin is falsely marking non spam emails as spam due to an error in the regular expression of the FH_DATE_PAST_20XX rule.
Description of the bug:
https://secure.grepular.com/blog/index.php/2010/01/01/spamassassin-2010-bug/
To fix this, run the following command on the shell as root user:
sa-update
If you use the software ISPConfig 2 on your server, run this command:
/home/admispconfig/ispconfig/tools/spamassassin/usr/bin/sa-update
How to renew the SSL certificate for dovecot on CentOS
Make a backup of the old key and certificate file
mv /etc/ssl/certs/dovecot.pem /etc/ssl/certs/dovecot.pem.old mv /etc/ssl/private/dovecot.key /etc/ssl/private/dovecot.key.old
Create the new SSL certificate
openssl genrsa -out /etc/ssl/private/dovecot.key 1024 openssl req -new -x509 -key /etc/ssl/private/dovecot.key -out /etc/ssl/certs/dovecot.pem -days 730
Restart Dovecot:
/etc/init.d/dovecot restart
Optimize MySQL performance with mysqltuner
The following tutorial describes the steps to optimize the performance of a MySQL database with the mysqltuner script.
Login to your server on the shell, then execute the following commands:
Download the mysqltuner script:
cd /usr/local/bin wget http://mysqltuner.pl/mysqltuner.pl chmod +x mysqltuner.pl
Run mysqltuner
/usr/local/bin/mysqltuner.pl
Then enter root as username and the mysql root password.
You will get a output similar to this:
root@v221:/usr/local/bin# /usr/local/bin/mysqltuner.pl
>> MySQLTuner 1.0.1 - Major Hayden <major@mhtx.net> >> Bug reports, feature requests, and downloads at http://mysqltuner.com/ >> Run with '--help' for additional options and output filtering Please enter your MySQL administrative login: root Please enter your MySQL administrative password:
-------- General Statistics -------------------------------------------------- [--] Skipped version check for MySQLTuner script [OK] Currently running supported MySQL version 5.0.51a-24+lenny2 [!!] Switch to 64-bit OS - MySQL cannot currently use all of your RAM
-------- Storage Engine Statistics ------------------------------------------- [--] Status: +Archive -BDB -Federated +InnoDB -ISAM -NDBCluster [--] Data in MyISAM tables: 26M (Tables: 215) [!!] InnoDB is enabled but isn't being used [!!] Total fragmented tables: 33
-------- Performance Metrics ------------------------------------------------- [--] Up for: 96d 23h 3m 41s (10M q [1.239 qps], 686K conn, TX: 701M, RX: 1B) [--] Reads / Writes: 44% / 56% [--] Total buffers: 58.0M global + 2.6M per thread (100 max threads) [OK] Maximum possible memory usage: 320.5M (12% of installed RAM) [OK] Slow queries: 0% (20/10M) [OK] Highest usage of available connections: 33% (33/100) [OK] Key buffer size / total MyISAM indexes: 16.0M/8.5M [OK] Key buffer hit rate: 99.9% (57M cached / 30K reads) [OK] Query cache efficiency: 78.6% (5M cached / 6M selects) [!!] Query cache prunes per day: 483 [OK] Sorts requiring temporary tables: 0% (0 temp sorts / 408K sorts) [!!] Temporary tables created on disk: 36% (269K on disk / 745K total) [OK] Thread cache hit rate: 99% (427 created / 686K connections) [!!] Table cache hit rate: 2% (64 open / 3K opened) [OK] Open file limit used: 11% (120/1K) [OK] Table locks acquired immediately: 99% (3M immediate / 3M locks)
-------- Recommendations ----------------------------------------------------- General recommendations: Add skip-innodb to MySQL configuration to disable InnoDB Run OPTIMIZE TABLE to defragment tables for better performance Enable the slow query log to troubleshoot bad queries When making adjustments, make tmp_table_size/max_heap_table_size equal Reduce your SELECT DISTINCT queries without LIMIT clauses Increase table_cache gradually to avoid file descriptor limits Variables to adjust: query_cache_size (> 16M) tmp_table_size (> 32M) max_heap_table_size (> 16M) table_cache (> 64)
The script recommends to adjust or add the following variables in the mysql my.cnf file. The location of my.cnf is normally /etc/my.cnf or /etc/mysql/my.cnf depending on the Linux distribution that is installed on your server.
Open the my.cnf file:
vi /etc/mysql/my.cnf
and increase or set the variables in the [mysqld] section of the file. Mine looks now like this:
[mysqld] # # * Basic Settings # user = mysql pid-file = /var/run/mysqld/mysqld.pid socket = /var/run/mysqld/mysqld.sock port = 3306 basedir = /usr datadir = /var/lib/mysql tmpdir = /tmp language = /usr/share/mysql/english skip-external-locking # # Instead of skip-networking the default is now to listen only on # localhost which is more compatible and is not less secure. bind-address = 127.0.0.1 # # * Fine Tuning # key_buffer = 16M max_allowed_packet = 16M thread_stack = 128K thread_cache_size = 8 # This replaces the startup script and checks MyISAM tables if needed # the first time they are touched myisam-recover = BACKUP #max_connections = 100 table_cache = 128 #thread_concurrency = 10 # # * Query Cache Configuration # query_cache_limit = 1M
query_cache_size = 32M tmp_table_sizee = 64M max_heap_table_sizee = 32M
Then save the file and restart mysql. After a few hours, rerun mysqltuner and check again if the values are fine now or if the have to be increased to a higher value.
How to renew the SSL certificate for dovecot on Ubuntu Linux
To create new SSL certificates for the dovecot pop3 and imap server on Ubuntu, follow these steps:
Make a backup copy of the old key and certificate file
sudo cp /etc/ssl/private/dovecot.key /etc/ssl/private/dovecot.key.old sudo cp /etc/ssl/certs/dovecot.pem /etc/ssl/certs/dovecot.pem.old Create the new key file <p class="command">openssl genrsa -out /etc/ssl/private/dovecot.key 1024
Create the new certificate file, valid for 2 years
Then restart dovecot
/etc/init.d/dovecot restart
Manage the postfix mailqueue with postsuper, postqueue und mailq
Postfix provides with postsuper, postqueue and mailq some shell utilitys to manage the mailqueue.
Here are some examples for common tasks:
List all messages that are in the mailqueue
postqueue -p
The output looks like this:
root@server:/# postqueue -p -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient------- 501CA23B43DB 2182 Thu Dec 3 14:24:39 test@yourdomain.com (Host or domain name not found. Name service error for name=otherdomain.com type=MX: Host not found, try again) info@otherdomain.com -- 8 Kbytes in 1 Requests. <strong>Delete a message by message ID</strong> <p class="command">postsuper -d MessageID
replace MessageID with the ID of the message, e.g. 501CA23B43DB
root@server:/# postsuper -d 501CA23B43DB postsuper: 501CA23B43DB: removed postsuper: Deleted: 1 message <strong>Remove emails by sender</strong> <p class="command">mailq | tail +2 | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($7 == "info@otherdomain.com" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d - replace "info@otherdomain.com" with the sender email address. <strong>Remove emails by recipient</strong> <p class="command">mailq | tail +2 | awk 'BEGIN { RS = "" } # $7=sender, $8=recipient1, $9=recipient2 { if ($8 == "you@yourdomain.com" && $9 == "") print $1 } ' | tr -d '*!' | postsuper -d - replace you@yourdomain.com with the recipient email address. <strong>Remove emails by sender hostname</strong> <p class="command">mailq | grep senderhostname | awk ‘{ print $1′} | postsuper -d -
replace the word “senderhostname” with the hostname of the email sender.
If your server has very high load and you want to temporarily move all message from the incoming queue to the hold queue, use the command:
postsuper -h ALL
to move the messages back to the incoming queue, use the command:
postsuper -r ALL
Instead of the word “ALL” you can also provide a specific message ID to move only one message to or from the hold queue. Message in the hold queue will not processed by postfix until they were requeued with postsuper -r.
How to reset the administrator password in ISPConfig 3
If you lost your ISPConfig 3 administrator password, you can reset it with the following SQL query.
UPDATE sys_user SET passwort = md5('admin') WHERE username = 'admin';
The SQL query sets the password to “admin” for the user “admin”, it has to be executed in the ISPConfig mysql database, e.g. with phpmyadmin. If you dont have phpmyadmin installed, then the query can be executed with the mysql commandline utility as well:
Login to the mysql database.
mysql -u root -p
and enter the password of the mysql root user. To switch to the ISPConfig database, run this command:
use dbispconfig;
Now execute the SQL command:
UPDATE sys_user SET passwort = md5('admin') WHERE username = 'admin';
and close the mysql shell:
quit;