Archive for the ‘Server’ Category
How to solve the PHP XCache error: /dev/zero: No space left on device
If you get the error “/dev/zero: No space left on device” in the apache error.log on a OpenVZ virtual machine, then the shared memory size in the xcache.ini is too high or the xcache.mm_path is set wrong.
Edit the file /etc/php5/conf.d/xcache.ini
vi /etc/php5/conf.d/xcache.ini
and check the mm_path. On a OpenVZ virtual machine it should be set to “/tmp/xcache” as /dev/zero might not work correctly in a virtual machine:
xcache.mmap_path = "/tmp/xcache"
Then restart apache2:
/etc/init.d/apache2 restart
and check if the error has been resolved.
If the roor still occurs after some time, you will have to reduce the xcache.size.
Edite the xcache.ini file:
vi /etc/php5/conf.d/xcache.ini
and set xcache.size to e.g. 8 MB
xcache.size = 8M
Then restart apache2:
/etc/init.d/apache2 restart
Secure /tmp and /dev/shm directories in a OpenVZ enviroment
The /tmp and /dev/shm directories of a OpenVZ virtual machine shall be mounted without suid and exec permissions. To achieve this, create a a shell script on the host server for every virtual machine which contains the commands to remount the directories. This script will be started automatically by openvz when the VM is started.
I will use VPSID as placeholder for the ID of the virtual machine in the commands and the script. Replace VPSID with the id of the virtual machine that you want to create the script for, e.g. replace VPSID with 101.
Create the script:
vi /etc/vz/conf/VPSID.mount
and insert the following lines:
#!/bin/bash mount -n --bind -onosuid,noexec /vz/vps/VPSID/tmp /vz/root/VPSID/tmp mount -n --bind -onosuid,noexec /vz/vps/VPSID/shm /vz/root/VPSID/dev/shm exit ${?}
now make the sscript executable:
chmod 700 /etc/vz/conf/VPSID.mount
How to disable spamfilter- and antivirus functions in ISPConfig 3
If you use a mailserver wil very low ram (< 500 MB) and a slow CPU then it might be nescessary to disable the spam- and antivirus filter functions in ISPConfig 3 as amavisd and clamav might be too heavy for your server hardware. The steps to disable clamav and amavisd are:
Edit postfix main.cf file
vi /etc/postfix/main.cf
and comment out these lines by adding a “#” in front of them:
# content_filter = amavis:[127.0.0.1]:10024 # receive_override_options = no_address_mappings
Then restart postfix:
/etc/init.d/postfix restart
Now stop and disable the services. The following commands are for Debian and Ubuntu, the commands for other Linux distributions may vary
/etc/init.d/clamav-daemon stop /etc/init.d/clamav-freshclam stop /etc/init.d/amavis stop
update-rc.d -f clamav-daemon remove update-rc.d -f clamav-freshclam remove update-rc.d -f amavis remove
P The normal mail receive and send functions will still work after this modification. But please be aware that disabling amavisd and clamav will disable all spam- and antivirus filtering so that the spamfiltering options that can be configured in the ispconfig interface will have any effect on mail delivery and no spam and viruses will get filtered.
The changes in postfix main.cf will get overwitten by a ispconfig software update when you select to reconfigure services during upadte, so you should comment out the lines again after you install a ispconfig update.
How to block access to a server by IP address on Linux
Sometimes you might want to block connects to your server by IP address. E.g. when someone tries to attack your system. This can be done in several different ways, e.g. with iptables (firewall) rules or by setting up a reject route. Using iptables sometimes causes conflicts with installed firewalls so that I will use the route command here. The command is:
/sbin/route add -host 192.168.0.123 reject
Replace 192.168.0.123 with the IP address that you want to block and execute the command as root user on the shell.
How to enable the new multisite feature in WordPress 3.0
If you recently updated to or installed WordPress 3.0, you might wonder where the menu for Multisite feature is. By default, these new functions are disabled after a WordPress update, to enable them, edit the file wp-config.php and add the line
define(‘WP_ALLOW_MULTISITE’, true);
On your next login, you will see a new menu labeled “Super Admin” which contains the functions to add new sites to wordpress.
How to build a pure-ftpd Debian package for OpenVZ virtual machines (without capabilities enabled)
The pure-ftpd package that comes with Debian 5.0 (Lenny) does not start in a OpenVZ virtual machine as it is compiled with “capabilities”. This tutorial describes the steps to build a pure-ftpd Debian package with capabilities disabled:
Make a temporary directory
mkdir /usr/src/pure-ftpd cd /usr/src/pure-ftpd
Download the source package for pure-ftpd
apt-get source pure-ftpd apt-get build-dep pure-ftpd
Edit the rules file and add the switch “–without-capabilities”
cd pure-ftpd-1.0.21/debian nano rules
Change the line:
optflags=--with-everything --with-largefile --with-pam --with-privsep --with-tls
to (one Line!):
optflags=--with-everything --with-largefile --with-pam --with-privsep --with-tls --without-capabilities
Build the Debian (.deb) package
cd .. dpkg-buildpackage -uc -b
and install it
cd .. dpkg -i pure-ftpd-common_1.0.21-11.4_all.deb pure-ftpd-mysql_1.0.21-11.4_i386.deb /etc/init.d/pure-ftpd-mysql restart
To prevent that apt overwrites these manually compiled packages with the default packages from the Debian repositorys, execute these commands:
echo 'pure-ftpd-common hold' | dpkg --set-selections echo 'pure-ftpd-mysql hold' | dpkg --set-selections
This tutorial is based on the german tutorial from planet_fox
How to update Spamassassin on ISPConfig 2
The spamassassin installation on a ISPConfig 2 server is normally updated together with ISPConfig. Here are the steps iIf you want to update spamassassin manually without updating ISPConfig 2:
Download the latest Spamassassin sources and unpack the tar.gz file
cd /tmp wget http://ftp.fernuni-hagen.de/ftp-dir/pub/mirrors/\ www.apache.org/spamassassin/source/Mail-SpamAssassin-3.3.1.tar.gz tar xfz Mail-SpamAssassin-3.3.1.tar.gz
Configure, make and install spamassassin
cd Mail-SpamAssassin-3.3.1 perl Makefile.PL PREFIX=/home/admispconfig/ispconfig/tools/\ spamassassin/usr SYSCONFDIR=/home/admispconfig/ispconfig/\ tools/spamassassin/etc make make install
Cleanup
cd .. rm -f Mail-SpamAssassin-3.3.1.tar.gz rm -rf Mail-SpamAssassin-3.3.1
How to enable port 587 (submission) in postfix
Some internet access providers have port 25 disabled in their routers to prevent spam. If you run your own mailserver in a datacenter, you might have to enable the submission port (587) in postfix to be able to send emails from your local email client to your own mailserver.
To enable port 587, edit the file /etc/postfix/master.cf
vi /etc/postfix/master.cf
and remove the # in front of the line:
#submission inet n - n - - smtpd
so that it looks like this:
submission inet n - n - - smtpd
and restart postfix:
/etc/init.d/postfix restart
How to solve the ClamAV error “This version of the ClamAV engine is outdated” on Debian 5.0 (Lenny)
As of today, all ClamAV 0.94 or older installs will stop working. The Debian project has not released updates for their current stable release (5.0) yet to solve this, but there is a workaround. The Debain volatile project provides newer clamav versions. The installation steps to install ClamAV 0.95.3 on Debian lenny are:
1) Add the debian volatile repository to the sources list:
echo "deb http://volatile.debian.org/debian-volatile lenny/volatile main contrib non-free" >> /etc/apt/sources.list
2) Update the sources and install the new clamav package:
apt-get update apt-get install clamav apt-get -u upgrade
3) If you use amavisd-new (e.g. if you use a ISPConfig 3 server) then restart amavisd:
/etc/init.d/amavis restart
How to redirect requests for domain names without www to www.domain.tld
Many webmasters want to redirect users that access their websites with “domain.tld” automatically to “www.domain.tld”. If you use the Apache web server, you can do this by using Apache rewrite rules.
Add a .htaccess file with the following content in the root directory of the website:
Options +FollowSymlinks RewriteEngine On RewriteCond %{HTTP_HOST}//s%{HTTPS} ^[^w][^w][^w][^.].*//((s)on¦s.*) [NC] RewriteRule ^ http%2://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If you use ISPConfig as hosting control panel, you can add these rules also in the Apache directives field of the website.
Thanks to “extras” from webmasterworld for this useful rewrite rule.