Monday, 23 December 2013

Running Two Tomcat Instances On Same Server (*nix)

Sometimes you want to host applications that cannot run on the same instance of Tomcat because of some incompatibility between the required classes of the two applications, or you might want to deploy the same application multiple times, perhaps for different customers, and you cannot do that on a single instance of Tomcat.


Here’s a brief step by step guide to running more than one instance of Tomcat on a single machine.

Lets first understand Tomcat Directory Structure..


When creating multiple instances of tomcat server, we need to play with the folders inside the server. These folders contain the actual scripts and code for the server. We have the option to either use the code base for tomcat in shared mode where all tomcat instances refer to the same physical code or we can create separate copies of these folder for each tomcat instance.
  • /bin : This directory contains the startup and shutdown scripts for both Windows and Linux.
  • /conf : This directory contains the main configuration files for Tomcat. The two most important are the server.xml and the global web.xml .
  • /server : This directory contains the Tomcat Java Archive files.
  • /lib : This directory contains Java Archive files that Tomcat is dependent upon.
  • /logs : This directory contains Tomcat’s log files.
  • /src : This directory contains the source code used by the Tomcat server. Once Tomcat is released, it will probably contain interfaces and abstract classes only.
  • /webapps : All web applications are deployed in this directory; it contains the WAR file.
  • /work : This is the directory in which Tomcat will place all servlets that are generated from JSPs. If you want to see exactly how a particular JSP is interpreted, look in this directory.

Tomcat server ports

Having a good understanding of tomcat ports is essential to manage the multiple instances of the same server installation. These ports are used by tomcat for start-up, deployment and shut-down operations. The detail of each port is as:
  • Connector Port : This is the port where Apache Tomcat listen for the HTTP requests.
  • Shutdown Port : This port is used when we try to shutdown the Apache Tomcat Server.
  • AJP (Apache JServ Protocol) Connector Port : The Apache JServ Protocol (AJP) is a binary protocol that can conduct inbound requests from a web server through to an application server that sits behind the web server.
  • Redirect Port : Any redirection happening inside Apache Tomcat will happen through this port. In Apache TOMCAT there are two instance where redirectPort is mentioned. First one is for the Apache TOMCAT server and other one is for the AJP port.


JDK(Java Development Kit)

For proper execution, Tomcat requires JDK(Java Development Kit). JDK that contains API classes, Java compiler(javac), Java Virtual Machine(JVM) provides the basic tools to compile Java applications and applets.

Install JDK

You can download the latest version of JDK(JDK 7) from Sun's Java web URL's at:
http://java.sun.com/products/archive/index.html

http://java.sun.com/products/archive/j2se/1.4.2_08/index.html

http://java.sun.com/j2se/1.4.2/download.html
Unpack and install JDK in the directory /usr/local/. Now, we need to define the environment variable JAVA_HOME, such that it points to the java installation directory "/usr/local/jdk1.X.X".
Add the following lines to the "/etc/bashrc" or "/etc/profile" file, so that the environment variable can be used by all aplications/users in the server.
JAVA_HOME=/usr/local/jdk1.X.X
export JAVA_HOME

Install Tomcat

The Tomcat complete package is available for download at the following URL :

http://tomcat.apache.org/download-55.cgi
Download the latest version of Tomcat and Install it in the /usr/local directory.
mv apache-tomcat-5.5.26.tar.gz /usr/local
tar -xvzf apache-tomcat-5.5.25.tar.gz
Now, create the following symbolic link.
ln -s /usr/local/apache-tomcat-5.5.25 /usr/local/tomcat
We can then run the Tomcat web server using a seperate user "tomcat". Add the user and group "tomcat".
groupadd tomcat
useradd -g tomcat -c "Tomcat User" -d /usr/local/tomcat tomcat
passwd tomcat <password for user>
Change the ownership of Tomcat installation directories.
chown tomcat:nobody /usr/local/tomcat
chown -R tomcat:nobody /usr/local/apache-tomcat-5.5.25
The installation of Tomcat is now complete. We can start the Tomcat instance using a startup script "/usr/local/tomcat/bin/startup.sh". Also, make sure to define the variable CATALINA_HOME in the script "/usr/local/tomcat/bin/catalina.sh".
CATALINA_HOME=/usr/local/tomcat
The default Tomcat configuration will service HTTP requests on port 8080. You can access this Tomcat instance using the URL http://server_IP:8080/, where server_IP is the address of the machine where we just now installed the Tomcat server.
In order to shut down the Tomcat service, use the script :
/usr/local/tomcat/bun/shutdown.sh
You can access the Tomcat Manager Interface corresponding to this Tomcat installation using the URL:
http://server_IP:8080/manager/
You can also configure the Manager Application Access using a username and password combination that has the role "manager" associated to them. All you have to do to enable this access is edit the Tomcat users configuration file.
/usr/local/tomcat/conf/tomcat-users.xml
By default, the Manager application is completely disabled. To enable access to the Manager web application, add the following entry in /usr/local/tomcat/conf/tomcat-users.xml.
<tomcat-users>
<role rolename="manager"/>
<user username="admin" password="tomcat" roles="manager"/>
</tomcat-users>
Once you restart the Tomcat service after this, you will be able to access the Manager interface using the login details admin/tomcat.


Additional Tomcat Instances

We have already installed one instance of Tomcat in the server.
We can still install multiple instances of Tomcat using the environment variable CATALINA_HOME. Each instance will use its own startup/shutdown scripts, configuration files, log files, etc.

Configure Second Instance

The first instance of Tomcat is installed inside the directory "/usr/local/tomcat". In order to configure an additional instance, create a new directory "/usr/local/tomcat1", assign correct permissions and copy all contents from the old directory to the new one.
mkdir /usr/local/tomcat1
chown tomcat:tomcat /usr/local/tomcat1
cp -pr /usr/local/tomcat/* /usr/local/tomcat1/
The Tomcat configuration is defined by the contents of the server.xml file that is found in the Tomcat's configuration($CATALINA_HOME/conf) directory. In order to configure an additional instance, modify the tomcat configuration file corresponding to the second instance "/usr/local/tomcat1/conf/server.xml"
Change AJP connector port from 8080 to 8081, because the first instance is already using 8080. The AJP connector port is used by Apache to forward requests. Also change the SHUTDOWN port from 8005 to 8115, because the the first instance already is using port 8005. After modifications, it should look something like this:
<Server port="8115" shutdown="SHUTDOWN">
.....
<Connector port="8081" protocol="HTTP/1.1"

connectionTimeout="20000"
redirectPort="8443" />
<!-- A "Connector" using the shared thread pool-->
<!--
<Connector executor="tomcatThreadPool"
port="8081" protocol="HTTP/1.1"
connectionTimeout="20000"
redirectPort="8443" />



We are now done with the configuration of the second instance of Tomcat. We can start this instance using the startup script /usr/local/tomcat1/bin/startup.sh. Before that, it is required that you define the variable CATALINA_HOME as /usr/local/tomcat1 in the script /usr/local/tomcat1/bin/catalina.sh.

JAVA_HOME=/usr/local/jdk
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/local/jakarta/tomcat2/apache-tomcat-7.0.47
CATALINA_BASE=/usr/local/jakarta/tomcat
CONNECTOR_PORT="8081"

Note: Paths can vary in your case
You can access this instance of Tomcat using the URL http://server_IP:8081 and the manager interface at http://server_IP:8081/manager/.

Similar to how we did initially, here too, you will need to manually add the "manager" user in the user configuration file /usr/local/tomcat1/conf/tomcat-users.xml.

Create following two scripts to run Tomcat as a service
  1. Create /etc/init.d/tomcat with following instructions

    #!/bin/bash
    # description: Tomcat Start Stop Restart
    # processname: tomcat
    # chkconfig: 234 20 80
    JAVA_HOME=/usr/lib/jvm/jre-openjdk
    export JAVA_HOME
    PATH=$JAVA_HOME/bin:$PATH
    export PATH
    CATALINA_HOME=/opt/tomcat1

    case $1 in
    start)
    sh $CATALINA_HOME/bin/startup.sh
    ;;
    stop)
    sh $CATALINA_HOME/bin/shutdown.sh
    ;;
    restart)
    sh $CATALINA_HOME/bin/shutdown.sh
    sh $CATALINA_HOME/bin/startup.sh
    ;;
    esac
    exit 0

  2. Create /etc/init.d/tomcat1 with following instructions

    #!/bin/bash
    # description: Tomcat Start Stop Restart
    # processname: tomcat
    # chkconfig: 234 20 80
    JAVA_HOME=/usr/lib/jvm/jre-openjdk
    export JAVA_HOME
    PATH=$JAVA_HOME/bin:$PATH
    export PATH
    CATALINA_HOME=/opt/tomcat2

    case $1 in
    start)
    sh $CATALINA_HOME/bin/startup.sh
    ;;
    stop)
    sh $CATALINA_HOME/bin/shutdown.sh
    ;;
    restart)
    sh $CATALINA_HOME/bin/shutdown.sh
    sh $CATALINA_HOME/bin/startup.sh
    ;;
    esac
    exit 0



Sunday, 15 December 2013

sysstat and resource monitoring

sysstat is a package of monitoring tools, which includes iostat, mpstat, pidstat, sar, sadc, sa1, sa2 and sadf
iostat
Reports CPU statistics and input/output statistics for devices, partitions and network filesystems.
mpstat
Reports individual or combined processor related statistics.
pidstat
Reports statistics for Linux tasks (processes) : I/O, CPU, memory, etc.
sar
Collects, reports and saves system activity information (CPU, memory, disks, interrupts, network interfaces, TTY, kernel tables,etc.)
sadc
Is the system activity data collector, used as a backend for sar.
sa1
Collects and stores binary data in the system activity daily data file. It is a front end to sadc designed to be run from cron.
sa2
Writes a summarized daily activity report. It is a front end to sar designed to be run from cron.
sadf
Displays data collected by sar in multiple formats (CSV, XML, etc.) This is useful to load performance data into a database, or import them in a spreadsheet to make graphs.
To use this tools, you need to install sysstat apt-get install sysstat
One great feature of this tools is that you can configure it to run as a daemon, and it will log a lot of info about your system. To start it if you are using Debian, edit with your favorite text editor, in my case is vi vim /etc/default/sysstat
And change the line: ENABLED="false" to ENABLED="true", so that file may look like this
#
# Default settings for /etc/init.d/sysstat, /etc/cron.d/sysstat
# and /etc/cron.daily/sysstat files
#

# Should sadc collect system activity informations? Valid values
# are "true" and "false". Please do not put other values, they
# will be overwritten by debconf!
ENABLED="true"

# Additional options passed to sa1 by /etc/init.d/sysstat
# and /etc/cron.d/sysstat
# By default contains the `-d' option responsible for 
# generating disk statisitcs.
SA1_OPTIONS="-d"

# Additional options passed to sa2 by /etc/cron.daily/sysstat.
SA2_OPTIONS=""
sa1 is a variant of sadc, which is designed to work as a cronjob, just like sa2 which is a variant of sar command also designed to be run as cronjob. If you are not using Debian, you will not have the /etc/default/sysstat, so you will have to add to your root's cronjob file this lines:
0 8-18 * * 1-5 /usr/lib/sysstat/sa1 1200 3 &
5 19 * * 1-5 /usr/lib/sysstat/sa2 -A &
The -d option in sa1 makes it to store disks data, which by default are not written. Now you can use sar to see the data stored, in your system, check the page of the project for more information about this performance toolkit
A common task for System Administrators is to monitor and care for a server. That's fairly easy to do at a moment's notice, but how to keep a record of this information over time?  One way to monitor your server is to use the Sysstat package.

Sysstat is actually a collection of utilities designed to collect information about the performance of a linux installation, and record them over time.

It's fairly easy to install too, since it is included as a package on many distributions.
To install on Centos 4.3, just type the following:
yum install sysstat
We now have the sysstat scripts installed on the system. Lets try the sar command.
sar
Linux 2.6.16-xen (xen30) 08/17/2006 11:00:02 AM CPU %user %nice %system %iowait %idle 11:10:01 AM all 0.00 0.00 0.00 0.00 99.99 Average: all 0.00 0.00 0.00 0.00 99.99 Several bits of information, such as Linux kernel, hostname, and date are reported.
More importantly, the various ways CPU time being spent on the system is shown.
%user, %nice, %system, %iowait, and %idle describe ways that the CPU may be utilized.
%user and %nice refer to your software programs, such as MySQL or Apache.
%system refers to the kernel’s internal workings.
%iowait is time spent waiting for Input/Output, such as a disk read or write. Finally, since the kernel accounts for 100% of the runnable time it can schedule, any unused time goes into %idle.
The information above is shown for a 1 second interval. How can we keep track of that information over time?
If our system was consistently running heavy in %iowait, we might surmise that a disk was getting overloaded, or going bad.
At least, we would know to investigate.
So how do we track the information over time? We can schedule sar to run at regular intervals, say, every 10 minutes.
We then direct it to send the output to sysstat’s special log files for later reports.
The way to do this is with the Cron daemon.
By creating a file called sysstat in /etc/cron.d, we can tell cron to run sar every day.
Fortunately, the Systat package that yum installed already did this step for us.
more /etc/cron.d/sysstat
# run system activity accounting tool every 10 minutes */10 * * * * root /usr/lib/sa/sa1 1 1 # generate a daily summary of process accounting at 23:53 53 23 * * * root /usr/lib/sa/sa2 -A The sa1 script logs sar output into sysstat’s binary log file format, and sa2 reports it back in human readable format.
The report is written to a file in /var/log/sa.
ls /var/log/sa
sa17 sar17

sa17 is the binary sysstat log, sar17 is the report. (Today  date is the 17th)
There is quite alot of information contained in the sar report, but there are a few values that can tell us how busy the server is.
Values to watch are swap usage, disk IO wait, and the run queue.
These can be obtained by running sar manually, which will report on those values.
sar
Linux 2.6.16-xen (xen30)        08/17/2006

11:00:02 AM       CPU     %user     %nice   %system   %iowait     %idle
11:10:01 AM       all      0.00      0.00      0.00      0.00     99.99
11:20:01 AM       all      0.00      0.00      0.00      0.00    100.00
11:30:02 AM       all      0.01      0.26      0.19      1.85     97.68
11:39:20 AM       all      0.00      2.41      2.77      0.53     94.28
11:40:01 AM       all      1.42      0.00      0.18      3.24     95.15
Average:          all      0.03      0.62      0.69      0.64     98.02
There were a few moments where of disk activity was high in the %iowait column, but it didnt stay that way for too long. An average of 0.64 is pretty good.
How about my swap usage, am I running out of Ram? Being swapped out is normal for the Linux kernel, which will swap from time to time. Constant swapping is bad, and generally means you need more Ram.
sar -W
Linux 2.6.16-xen (xen30)        08/17/2006

11:00:02 AM  pswpin/s pswpout/s
11:10:01 AM      0.00      0.00
11:20:01 AM      0.00      0.00
11:30:02 AM      0.00      0.00
11:39:20 AM      0.00      0.00
11:40:01 AM      0.00      0.00
11:50:01 AM      0.00      0.00
Average:         0.00      0.00
Nope, we are looking good. No persistant swapping has taken place.
How about system load? Are my processes waiting too long to run on the CPU?
sar -q
Linux 2.6.16-xen (xen30)        08/17/2006

11:00:02 AM   runq-sz  plist-sz   ldavg-1   ldavg-5  ldavg-15
11:10:01 AM         0        47      0.00      0.00      0.00
11:20:01 AM         0        47      0.00      0.00      0.00
11:30:02 AM         0        47      0.28      0.21      0.08
11:39:20 AM         0        45      0.01      0.24      0.17
11:40:01 AM         0        46      0.07      0.22      0.17
11:50:01 AM         0        46      0.00      0.02      0.07
Average:            0        46      0.06      0.12      0.08
No, an average load of .06 is really good.
Notice that there is a 1, 5, and 15 minute interval on the right.
Having the three time intervals gives you a feel for how much load the system is carrying.
A 3 or 4 in the 1 minute average is ok, but the same number in the 15 minute
column may indicate that work is not clearing out, and that a closer look is warranted.
This was a short look at the Sysstat package.
We only looked at the out put of three of sar  attributes, but there are others.
Now, armed with sar in your toolbox, your system administration job just became a little easier.

Log rotation in cPanel

 Files are only rotated when they grow larger than the value 300MB which is set at cpanel >> Tweak >> Log rotation size threshold, currently set as 300 MB default.

You can have the log rotation checked from under

Main >> Service Configuration >> cPanel Log Rotation Configuration


Inorder to  rotate the btmp, chkservd.log and brcm-iscsi.log I have made changes to the logrotate.conf file located in the /etc directory.

/var/log/chkservd.log {
weekly
rotate 1
}

To add insult to injury, cPanel is not rotating its own logs either.  Place this in the same file we have been editing:
/usr/local/cpanel/logs/stats_log {
weekly
rotate 1
}

/usr/local/cpanel/logs/access_log {
weekly
rotate 1
}

/usr/local/cpanel/logs/error_log {
weekly
rotate 1
}

/var/log/xferlog {
weekly
rotate 1
postrotate
/sbin/service pure-ftpd restart > /dev/null 2>/dev/null || true
endscript
}

/var/log/chkservd.log {
weekly
rotate 1
}

/usr/local/cpanel/logs/cpbackup/*.log {
weekly
rotate 1
}

/usr/local/cpanel/logs/*log {
weekly
rotate 1
}

/usr/local/apache/logs/*log {
daily
rotate 7
sharedscripts
postrotate
/sbin/service httpd graceful > /dev/null 2>/dev/null || true
endscript
}


/var/log/btmp {

monthly

minsize 1M

create 0600 root utmp

rotate 1

}

CSF country code blocking

This is where you block country wise in csf

Under section  "# SECTION:Country Code Lists and Settings" in csf.conf

Locate for below and add the code
CC_DENY = "ID"
Check for codes here
http://www.ipdeny.com/ipblocks/

Wordpress memory limit

Did you know, you can update the memory limit, fileseize etc  in wordpress by editing wp-confi.php as well 

Try below and see

define('WP_MEMORY_LIMIT', '64M');
define('upload_max_filesize', '20M');

Installing Tomcat 7 on a cPanel Server

When you have installed tomcat by using Easy-Apache then it installed Tomcat 5.5 and if you want to installed Tomcat 7.0.11 then you need to made some necessary changes on the server.

1) First install Tomcat 5.5 by using Easy-Apache means java is also installed at the time of Easy-Apache. The Tomcat 5 is installed in /usr/local/jakarta/ directory with the symbolic link tomcat. For example:
[~]# ll /usr/local/jakarta
drwxr-xr-x  4 tomcat nobody 4096 Apr  5 17:15 ./
drwxr-xr-x 22 root   root   4096 Mar  5 15:39 ../
drwxr-xr-x 12 tomcat nobody 4096 Apr  4 17:02 apache-tomcat-5.5.30/
lrwxrwxrwx  1 tomcat nobody   39 Apr  4 17:04 tomcat -> /usr/local/jakarta/apache-tomcat-5.5.30/

2)  Then download and extract Tomcat 7 in /usr/local/jakarta directory
[~]# cd /usr/local/jakarta
[/usr/local/jakarta]# wget http://apache.cs.utah.edu/tomcat/tomcat-7/v7.0.11/bin/apache-tomcat-7.0.11.tar.gz
[/usr/local/jakarta]# tar -xzvf  apache-tomcat-7.0.11.tar.gz

3) Then Change the tomcat symbolic link to point to your new version (i.e. /usr/local/jakarta/apache-tomcat-7.0.11)
[/usr/local/jakarta]# ln -s /usr/local/jakarta/apache-tomcat-7.0.11 tomcat
Now it shows
[~]# ll /usr/local/jakarta
drwxr-xr-x  4 tomcat nobody 4096 Apr  5 17:15 ./
drwxr-xr-x 22 root   root   4096 Mar  5 15:39 ../
drwxr-xr-x 12 tomcat nobody 4096 Apr  4 17:02 apache-tomcat-5.5.30/
drwxr-xr-x  9 tomcat nobody 4096 Apr  4 17:01 apache-tomcat-7.0.11/
lrwxrwxrwx  1 tomcat nobody   39 Apr  4 17:04 tomcat -> /usr/local/jakarta/apache-tomcat-5.5.30/

4) Then compile the new Tomcat version on cPanel server.
[~]# cd /usr/local/jakarta/apache-tomcat-7.0.11
[/usr/local/jakarta/apache-tomcat-7.0.11]# cd ./bin
[/usr/local/jakarta/apache-tomcat-7.0.11/bin]# tar xvfz commons-deamon-native.tar.gz
[/usr/local/jakarta/apache-tomcat-7.0.11/bin]# cd commons-daemon-1.0.x-native-src/unix
[/usr/local/jakarta/apache-tomcat-7.0.11/bin/commons-daemon-1.0.x-native-src/unix]# ./configure
[~]# make
[~]# cp jsvc ../..
[~]# cd ../../..

5) Copy over any Host blocks from /usr/local/jakarta/tomcat/conf/server.xml from the old Tomcat install to the new Tomcat install (you may or may not be able to set up new hosts through WHM).

6) Copy over /usr/local/jakarta/tomcat/conf/workers.properties from the old Tomcat install to the new Tomcat install.

7) Restart the server
[/]# reboot
Or
[/]# /usr/local/jakarta/tomcat/bin/shutdown.sh
[/]# /usr/local/jakarta/tomcat/bin/startup.sh
[/]# /etc/init.d/httpd restart

9) Check Tomcat Version
 [/]# sh /usr/local/jakarta/tomcat/bin/version.sh
The cPanel EasyApache system makes it easy to recompile Apache with various add-ons and modules.
If you ever need your old Tomcat back just stop Tomcat, flip the tomcat symbolic link back to the old install, and restart Tomcat.

The only thing I've run into with this is that tomcat won't start using the cpanel commands... I can get it to start by calling startup.sh directly, but the /usr/sbin/starttomcat which is what the /scripts/restartsvc_tomcat calls... it spits out a command for the jsvc that we compiled, but nothing happens... it doesn't actually run anything.
ANS: I managed to fix my own issue by hunting through the log files...

In /usr/sbin/starttomcat you have to modify a line since it's still set up for the old tomcat 5.5

Locate: my $jars = "./bootstrap.jar";
Change to: my $jars = "./bootstrap.jar:./tomcat-juli.jar";

Tomcat 7 requires the additional tomcat-juli.jar to start up... once I added that, it starts up perfectly.

Facing issue with Large eximstats database?

What is Eximstats
============
eximstats - generates statistics from Exim mainlog files.

Reason for large eximststat DB
=======================

If the server has heavy email activity or if there is an abuse activity on server or if the server eximstat log rotation interval is too high then the DB can grow large in size. Which is the main cause behind eximstats db crashing
-- > You can run command cat /var/log/exim_mainlog | eximstats . This will  Generate and display Exim stats from a logfile
Firstly check for any abuse attempts happening on server
Only if the DB is very large that is in GB size, attempt below or else the normal repair should work
Fix
===
1 ) Updating log rotation value in whm
WHM> tweak setting >  “The interval, in days, to retain Exim stats in the database” , suggested log rotation is 30days
2) Remove eximstats:
If you would like to remove and recreate eximstats database,
==============
# mysql

> DROP DATABASE eximstats;
> CREATE DATABASE eximstats;
> quit
mysql eximstats < /var/cpanel/sql/eximstats.sql
==============
3) Truncsating/deleting the DB values
=========
disable eximstats from whm >> service manager
Login to mysql
#mysql

mysql> use eximstats
mysql> delete from sends;
mysql> delete from smtp;
mysql> delete from failures;
mysql> delete from defers;


or if it is to Truncate

run truncate

>>truncate table smtp;
>>truncate table send; etc

root@server [~]# mysqlcheck -c eximstats
eximstats.defers OK
eximstats.failures OK
eximstats.sends OK
eximstats.smtp OK
root@jupiter [~]#

restart mysql and exim

How to get the license key for Interworx

How to get the license key for Interworx

cat /home/interworx/iworx.ini | grep key=

Filezilla Error: Failed to retrieve directory listing Error: Connection timed out

Filezilla Error: Failed to retrieve directory listing
Error: Connection timed out
You might have faced this issue because of default setting of Connection in your Filezilla like this :
FTP >> Active Mode: Get External IP Address From This URL, Which pointed to http://ip.filezilla-project.org/ip.php .

This is the source of the problem. If you go to above mentioned URL, you will probably get a result of 127.0.0.1. If the Filezilla client needs the external address and is given 127.0.0.1 (localhost) then there will be problems in connection.

You need to configure your Filezilla client as mentioned below :
Open Filezilla, go to Edit >> Settings >> Click on Connection >> FTP: Choose Active >> Click on Connection >> FTP >> Active Mode: Select “Ask your operating system for the external IP address” >> Click on Connection >> FTP >> Passive Mode: Choose Fall Back to Active Mode >> Press OK.
Try connecting to your FTP site once again and it should work now.

If you are behind any firewall/security settings then make sure that they are configured to allow FTP access or disable the firewall/security settings and try again connecting to your FTP site.
If you have root access to your server then you may have a look to the logs (/var/log/secure and /var/log/messages files) for more information regarding FTP connectivity issue.

Connection Time Out in FTP
Usually Time Out Error occurs when we try to upload large files. We need to check following at our local system:
1. Make sure that the FTP settings in your client is correct like as hostname, username and password, port to connect etc.
2. Try enabling “passive mode” in FTP client.
3. Check personal firewall/security settings, programs like Norton Anti-Virus to make sure that they are configured to allow FTP access. Try turning these programs completely off and retry FTP.
4. Check for any timeout settings in local FTP client and try increasing this.
4. If you continue to have trouble, the time out via the FTP is most likely because of one or more dropped packets at your ISP or at any of the intermediate routers. When you connect to our server, you are usually going through 14-20 other routers before it gets to remote destination. If any one of them lose a packet it can cause problems with FTP. One way to get around this is to have a constant PING open – this keeps the connection through the different servers alive.

In Windows Machine :
open a DOS window on your computer and type the following, it will keep a ping open:
ping -t domainname.com
In Linux Machine, use the command line below:
ping domainname.com
PS : Replace “domainname.com” with your domain name. Then once your upload has completed, press Control-C to cancel the ping.

Getting full status of apache

cPanel users can run the following command to get the fullstatus formatted in a more friendly way.

/usr/bin/lynx -dump -width 500 http://127.0.0.1/whm-server-status

While the regular status does give a lot of good information, the Apache fullstatus gives information regarding the actual requests that hit the server. To get the fullstatus, enter the following command.

httpd fullstatus

Cannot allocate memory: couldn’t create child process: /opt/suphp/sbin/suphp for /home/username/public_html/index.php

12)Cannot allocate memory: couldn’t create child process: /opt/suphp/sbin/suphp for /home/username/public_html/index.php

When you browse the website, it shows Internal Server Error. The time you login to server and monitor apache error logs /usr/local/apache/logs/error_log you see the error above. This is because incorrect php.conf on your server under /usr/local/apache/conf
Login to your server via WHM as root & access Service Configuration >> Configure PHP and SuExec. From the drop down for PHP Handler select suphp & click on Save configuration. Try browsing the websites now.

It can also be due to cloud linux installed on the server you are hosted. Contact your webhost and ask them to increase the cloud memory limit for your hosting account.

Or try running : /usr/local/cpanel/bin/rebuild_phpconf  --current

Create an FTP account manually

  [root@deep ] /# mkdir /home/ftp
        [root@deep ] /# useradd -d /home/ftp/ftpadmin/ -s /dev/null ftpadmin > /dev/null 2>&1
        [root@deep ] /# passwd ftpadmin



        Changing password for user ftpadmin
        New UNIX password:
        Retype new UNIX password:
        passwd: all authentication tokens updated successfully
nce the home/ftp/ directory has been created you don't have to use this command again for additional FTP users.

   1.

      Edit the /etc/shells file, vi /etc/shells and add a non-existent shell name like null, for example. This fake shell will limit access on the system for FTP users.    1.

      /dev/null, This is our added no-existent shell. With Red Hat Linux, a special device name /dev/null exists for purposes such as these.
   2.

      Now, edit your /etc/passwd file and add manually the /./ line to divide the /home/ftp directory with the /ftpadmin directory where the user ftpadmin should be automatically chdir'd to. This step must be done for each FTP user you add to your passwd file.

                ftpadmin:x:502:502::/home/ftp/ftpadmin/:/dev/null


      To read:

                ftpadmin:x:502:502::/home/ftp/./ftpadmin/:/dev/null
                ^^


      The account is ftpadmin, but you'll notice the path to the home directory is a bit odd. The first part /home/ftp/ indicates the filesystem that should be considered their new root directory. The dot . divides that from the directory they should be automatically chdir'd. change directory'd into, /ftpadmin/.

Once again, the /dev/null part disables their login as a regular user. With this modification, the user ftpadmin now has a fake shell instead of a real shell resulting in properly limited access on the system.

Reduce SWAP Partition Online without reboot in Linux

In order to reduce the swap space and allocate that space to some other LV in one of our server.  Below is what I followed and it perfectly worked for me.  :)

Make sure you have enough physical memory to hold the swap contents.

Now, turn the swap off:

    # sync

    # swapoff <YOUR_SWAP_PARTITION>

Now check the status

    # swapon -s


Then, Use fdisk command:

    # fdisk <YOUR_HARDDISK_Where_SWAP_Resides>

        List partitions with "p" commandFind Delete your partition with "d" commandCreate a smaller Linux-Swap partition with "n" commandMake sure it is a Linux-Swap partition (type 82) (Change with "t" command)Write partition table with "w" command



Run "partprobe" to update Filesystem table to kernel. (It is very important before proceeding further)

Then,

    mkswap <YOUR_NEW_SWAP_PARTITION>

    swapon <YOUR_NEW_SWAP_PARTITION>

check to make sure swap is turned on

    swapon -s

Now you can use your free space to increase space for other Logical volumes (LV).

Use fdisk command to create new partition, then

# partprobe
# pvcreate <NEW_PARTITION_YOU_CREATED>
# vgextend <VG_TO_INCREASE> <YOUR_NEW_PV>
# lvextend -L  +SIZE_TO_INCREASE <LV_NAME>

Note: It is important to sync and turning the swap off before you change any partitions. If you FORGET TO DO THIS, YOU WILL LOSE ALL DATA STORED THERE!!

How to implement password protection in sensitive directory on Apache Web Server

If any website contains sensitive information or is intended for only a small group of known people, apache provides some standard ways of protecting. Method mentioned below is applicable in Apache 2.x.Location of Apache configuration file may differ.

Basics of password protection in Website

•Make adjustments in /etc/httpd/conf/httpd.conf ( Apache 2.0 in RHEL Destro)
•Make password file (using htpasswd utility)
•Prepare .htaccess file (to provide user names who are authorized to access)

Adjustments in httpd.conf:-

We need to have a server configuration that permits putting authentication directives in these files. This is done with the AllowOverride directive.Following directive have been in added in httpd.conf under :-

AllowOverride AuthConfig

AllowOverride must be “None” in all the other situations. It is good security practice and it also improves Apache performance. In case of virtual hosting (shared hosting with single IP),AllowOverride should in disabled(by equating it None) in main configuration section of Apache and it should be enabled inside .

Make password file :-

You'll need to create a password file. This file should be placed somewhere not accessible from the web. To create the file, use the htpasswd utility that came with Apache. htpasswd stands for HyperText Password.

% htpasswd -c /usr/local/apache/passwd/passwd shailesh.mishra

-c is being used for the first user so that htpasswd utility can create the file. Above command will create one password file named “passwd” in location /usr/local/apache/passwd.

htpasswd will ask you for the password, and then ask you to type it again to confirm it.

To add more users, use only htpasswd (without –c,or else it will again creat another file). Password is encrypted.

Prepare .htaccess file :-

Till now, we have configured httpd to accept user authentication for a particular directory. We have also made password file. But we need to attach this password file so that it can be used for user verification. This will be done with the help of .htaccess file. We need to create one file with the name .htaccess with the following content and store in the directory which needs to be protected.This file must be named as .htaccess as this name is specified in Apache Configuration file httpd.conf)

AuthType Basic
AuthName "Any Message which will be displayed in Login Box"
AuthUserFile /usr/local/apache/passwd/passwd
Require valid-user

If all the steps are properly followed, when user tries to access the password protected site, Login window will appear. User can login by providing user-id and password.

Parameter AuthConfig is used to tell Apache that authentication needs to be implemented.

Note: The same thing would be pretty straight forward if there is a control panel is in place ;)

How to log output of remote ssh session


There are many instances when you are going to ssh to remote server for troubleshooting and data gathering purposes and you want to save those data in your computer.
There is a less frequently but useful "tee" command which could be used to log all output in a remote ssh session. What it will actually do is that it will generate one file which will capture all the commands as well as their output.

    ssh user@remote.server.com | tee /path/of/log/file

Find out various resources a process is utilizing

In nutshell, we want to see what are the files a particular daemon is using or opening or referring.
Lets be more specific.As i mainly deal with postfix, there are mainly two conf files, master.conf and main.conf. We are interested in knowing what are the files master process is using, i will issue following command to get this info

    lsof -c master


it will show all the files,sockets,tcp connections attached to this process.

You may use other processes too to track them down.

lsof command in the troubleshooting purpose

Using lsof in troubleshooting purpose

lsof is a very useful command. Is shows various opened files. You may use lsof with specific port,pid or process.When used in correct context,it will save your life in difficult troubleshooting sessions.

Suppose you want to see what are the various services running in you server. I know you will say netstat. But you may also use lsof -i -n.

    lsof -i -n


-n for overriding dns resolution
Lets discuss some of other cases too.
-i:portno

    lsof -i:389



Port 389 is used by ldap by default.
This will show all the services on this port. It will also show connection status too.

    lsof -i:143 -n


-n will give ip address instead of fqdn
-p:pid

    lsof -p:1234



There were some situation when some stale processes were hindering new processes to spawn. This switch will display all the files,connections,sockets opened by it.
We can confirm if the particular process is stale(before kill -9)
-c process_name

    lsof -c dhcpd


This switch will show all the files(connection status,type) and many other regular info of this process.

Document the history as you work

Why don't you save your command and its output ?

Lets say you are working on a known issue and you need to document the commands and their result.
You may use script command to capture various commands and its output.

How to use script

    $script FILE-NAME


This command will open new shell. Now what ever command you issue,along with its output will be logged into FILE-NAME. Once you are done,press "CTRL-D" and you are out of screen command.

Although this command is very simple but it helps to document things.

How to see what others are doing in real time

 How to see what others are doing in real time ?

There are some situation when you are only interested in knowing what others are doing.
Let say two guys are trying to fix a server and as a supervisor, you are interested in knowing how they are doing in real time.

You may do this using script command. Let say person is logged in and his terminal type is pts/0. Running "w" tells this.

    script -f /dev/pts/0

Just opened binary file in vi

By mistake,you have just opened one binary file in vi and screen continues to scroll.

 You may use CTRL + C to stop that. But now,junk characters are appearing in prompt. You are not able to read anything.Try reset command. It will Reset scrambled screen

To test this command try opening some binary file and issue reset command after stopping scrolling by pressing CTRL + C.

Quit from shell without saving into history

There are many instances when we want to quit from shell without saving any command in history. We might have run by mistake some rookie command and you don't want to disclose it to others.

kill -9 $$ will do the needful as $$ will provide the PID of the current shell.

Know the status of all running services

How to know the status of all the running services

There are many commands like netstat -plant,ps -aux but when you want to know all the services which are running presently into your RHEL box,

service --status-all command is very handy .

It shows all the running services into your box.


Usage of Watch command

 Effective usage of watch
Sometimes is useful to run over and over again the same command until something happen,
Sure you can use bash history and use up arrow and return over and over again, or perhaps write some line of bash to get an infinite loop that run the same command, but there is a smarter approach to this : watch

watch -d "ls -alrt /tmp/

Options

The most common options for watch are:

-n set the interval in seconds.
-d flag will highlight the differences between successive updates.
-b option causes the command to beep if it has a non-zero exit.
-e cause watch to exit on an error from the program running.

watch -n 1 "mysqladmin --user=root --password=mypassword processlist"

watch 'ps -eo pcpu,pid,user,args | sort -k 1 -n -r | head -10'

Shortcuts to make the shell prompt working more easier

Important keyboard shortcuts in Linux Shell(BASH)

Following keyboard shortcuts are very useful while working in Bash

  •     Ctrl +u Cut the current line
  •     Ctrl+y Paste the line which has been earlier with Ctrl +u
  •     Ctrl +L clear the screen
  •     Ctrl+G get the new line and abandon the current line
  •     Ctrl+A go to beginning of the line
  •     Ctrl+e go to End of line
  •     Ctrl+k Erase from the cursor to the end of line
  •     Ctrl +r search in the history
  •     Ctrl+w cuts a word backwards
  •     Ctrl+d  Tired of typing 'exit' to close a terminal? Just hit ctrl+d on a blank line and boom!
  •     Ctrl+right - Jump one word to the right.
  •     Ctrl+left - Jump one word to the left.
  •     !! Repeat last command

 Some Vim shortcuts


  • Some productivity tips:
  • Smart movements
  • * and # search for the word under the cursor forward/backward.
  • w to the next word
  • W to the next space-separated word
  • b / e to the begin/end of the current word. (B / E for space separated only)
  • gg / G jump to the begin/end of the file.
  • %jump to the matching { .. } or ( .. ), etc..
  • { / } jump to next paragraph.
  • Quick editing commands
  • I insert at the begin.
  • A append to end.
  • o / O open a new line after/before the current.
  • v / V visual mode (to select text!)
  • Shift+R replace text
  • C change remaining part of line.
  • Combining commands
  • Most commands accept a amount and direction, for example:
  • cW = change till end of word
  • 3cW = change 3 words
  • BcW = to begin of full word,
  • change full word ciW = change inner word.
  • ci" = change inner between ".."
  • ci( = change text between ( .. )
  • 4dd = delete 4 lines
  • 3x = delete 3 characters.
  • 3s = substitute 3 characters.
  • Useful programmer commands
  • r replace one character (e.g. rd replaces the current char with d).
  •  ~ changes case.
  • J joins two lines
  • Ctrl+A / Ctrl+X increments/decrements a number.
  • . repeat last command (a simple macro)
  • = indent line (specify a range, or use visual mode)
  • Macro recording
  • Press q[key] to start recording.
  • Then hit q to stop recording.
  • The macro can be played with @[key].

Friday, 13 December 2013

SolusVM Management Commands

SolusVM use an Administrator user login to manage the VPS.

Following are some userful commands on resetting the SolusVM admin password along with clearing the ip from blacklist.

Reset the Password:


Login to main node via ssh and execute the following command.

    php /usr/local/solusvm/scripts/pass.php --type=admin --comm=change --username=<adminusername>

Remove your ip from blacklist.

    php /usr/local/solusvm/scripts/clearauthlog.php --system --clear=all

Change Node Name
If you wish to change a nodes name, you can do it by running the following command on your SolusVM Master

    php /usr/local/solusvm/scripts/node.php --type=force --comm=name --nodeid=<NODE ID> --name=<NEW NAME>

How to Force Delete Ipaddress

At any point you if find you have an orphaned ipaddress, you can delete it by running the following command on the master.

    php /usr/local/solusvm/scripts/ip.php -d --comm=remove --ipaddress=<IPADDRESS>
Steps to Mass Enable/Disable Quick Backup

Just use the followng commands to enable/disable quick backups for all virtual servers

To Enable

    php /usr/local/solusvm/scripts/backup.php --user=client --type=quick --comm=on

To Disable
    php /usr/local/solusvm/scripts/backup.php --user=client --type=quick --comm=off

Using Iptables for Port Routing

You can use iptables for port routing. Sometimes you may need to enable alternate port numbers on server. In this case we will see how to use port 26 for mailing purpose.

The following will enable port 26 or port 25 for SMTP requests. All request to port 26 will be routed to port 25.

=========
 iptables -t nat -A PREROUTING -p tcp -d 192.168.1.1 --dport 26 -j DNAT --to 192.168.1.1:25
=========

How to Clear Memory Cache on Linux Server

You may face difficulty when it comes to Cached memory that can lead to memory related issues and ultimately rob your server of any potentially free memory. Here you can force the OS to free up and stored Cached memory.

Use the following command to clear it.

    sync; echo 3 > /proc/sys/vm/drop_caches

If you wish you can include it in a file and run it a cron according to your requirement.

Save the above line in a file say clear_mem_cache.sh

    vi clear_mem_cache.sh

Include the following lines and save it.

    #!/bin/sh
    sync; echo 3 > /proc/sys/vm/drop_caches

Save it.

Set it a cron by opening the crontab editor using

    crontab -e

Add the following.

    0 * * * * /root/clear_mem_cache.sh

OpenVZ Error : network down SIOCADDRT: Network is unreachable

At some point you might face the network error even if the VPS is running. OpenVZ VPS may be up and running, but network service will be down resulting downtime for websites hosted in it. If you try to restart the network, you will get the below error:

[root]# /etc/init.d/network restart

Shutting down interface venet0: [ OK ]

Shutting down loopback interface: [ OK ]

Bringing up loopback interface: [ OK ]

Bringing up interface venet0: SIOCADDRT: Network is unreachable

SIOCADDRT: Network is unreachable

To fix this, SSH into the main node server and enter into the VPS and then execute the below command:

/etc/sysconfig/network-scripts/ifup-routes venet0:0

Now try pinging from VPS

How to connect to MySQL database using JDBC?

Connecting to MySQL database using JDBC

Open your server.xml file and append the following lines. Make sure the JDBC driver “org.gjt.mm.mysql.Driver” must be in classpath. You can download it from http://dev.mysql.com/downloads/connector/j/5.1.html

// loads the JDBC driver
   Class.forName("org.gjt.mm.mysql.Driver").newInstance();
   // get a database connection
   Connection conn = DriverManager.getConnection(
       "jdbc:mysql://hostname/databaseName",
       "user",
       "password");

Installing Apache Tomcat

Installing Apache Tomcat

Tomcat is a free, open-source implementation of Java Servlet and JavaServer Pages technologies developed under the Jakarta project at the Apache Software

INSTALLING TOMCAT

First we need to install java. Download JDK from http://www.oracle.com/technetwork/java/javase/install-linux-64-self-extracting-142068.html


Installing Java Runtime Environment
Download the binary from http://www.oracle.com/technetwork/java/javase/install-linux-64-self-extracting-142068.htm

root@linux [~]# wget http://www.oracle.com/xxxxx/jdk-7-linux-i586.bin
root@linux [~]# ./jdk-7-linux-i586.bin
root@linux [~]# JAVA_HOME=/usr/java/jdk
root@linux [~]# export PATH=$JAVA_HOME/bin:$PATH
root@linux [~]# which java
/usr/local/jdk/bin/java

Download the apache-tomcat source
root@linux [~]# http://apache.osuosl.org/tomcat/tomcat-7/v7.0.0/bin/apache-tomcat-7.0.0.tar.gz
root@linux [~]# tar -xvzf apache-tomcat-7.0.0.tar.gz
root@linux [~]# mv apache-tomcat-7.0.0 /usr/local/tomcat
root@linux [~]# groupadd tomcat
root@linux [~]# useradd -g tomcat -s /usr/sbin/nologin -m -d /home/tomcat tomcat

CATALINA_HOME is the directory where Tomcat is installed and here CATALINA_HOME=/usr/local/tomcat

Check the version and environment variables of tomcat installed as mentioned below.

root@linux [~]# /usr/local/tomcat/bin/version.sh
Using CATALINA_BASE: /usr/local/tomcat
Using CATALINA_HOME: /usr/local/tomcat
Using CATALINA_TMPDIR: /usr/local/tomcat/temp
Using JRE_HOME: /usr/local/jdk
Using CLASSPATH: /usr/local/tomcat/bin/bootstrap.jar

Add the following variables in /etc/profile.

Open the file /etc/profile and add

JAVA_HOME=”/usr/java/jdk”
export JAVA_HOME
PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin:/usr/java/jdk/bin
export PATH
CATALINA_HOME=”/usr/local/tomcat”
export CATALINA_HOME
CATALINA_BASE=”/usr/local/tomcat”
export CATALINA_BASE
CLASSPATH=$CATALINA_HOME/lib/servlet-api.jar
export CLASSPATH

Done with the installation of Java and Tomcat. The tomcat and apache will be working at this moment. You just need to connect tomcat & apache using the most commonly used connector known as mod_jk. Mod_Jk is Tomcat-Apache plug-in that handles the communication between Tomcat and Apache.

You can either use mod_jk or mod_proxy_ajp to forward the request to tomcat. Lets see how to configure mod_proxy_ajp because mod_proxy_ajp is easy to configure.

If you are having a domain and if you need to forward all request to tomcat, configure the virtual host entry for the domain as listed below.

All request to Tomcat:

<VirtualHost IP>
       ServerName www.example.com
       ServerAlias example.com
       DirectoryIndex index.jsp index.php index.html
       DocumentRoot /home/user/public_html
       ProxyPass / ajp://127.0.0.1:8009
</VirtualHost>

Only one particular directory to Tomcat:

<VirtualHost IP>
       ServerName www.example.com
       ServerAlias example.com
       DirectoryIndex index.jsp index.php index.html
       DocumentRoot /home/user/public_html
       ProxyPass /myApp ajp://127.0.0.1:8009/MyApp
</VirtualHost>

In the above case, only http://domainname.com/MyApp will be served by Tomcat.

If you still wish to use mod_jk connector, refer the steps below…

Downloading and installing mod_jk connector

root@linux [~]# wget http://www.apache.org/dist/tomcat/tomcat-connectors/jk/tomcat-connectors-1.2.37-src.tar.gz
root@linux [~]# tar -xvf tomcat-connectors-1.2.37-src.tar.gz
root@linux [~]# cd tomcat-connectors-1.2.37-src.tar.gz/native
root@linux [~]# ./buildconf.sh
root@linux [~]# ./configure –with-apxs=/usr/local/apache/bin/apxs
root@linux [~]# make
root@linux [~]# make install

The mod_jk.so will be generated in tomcat-connectors-1.2.37-src.tar.gz/native/apache directory. Copy the so file to apache modules directory

root@linux [~]# cp -rp tomcat-connectors-1.2.37-src/native/apache/mod_jk.so /usr/local/apache/modules/

Add the following entry in httpd.conf file.

LoadModule jk_module modules/mod_jk.so
Include “/usr/local/apache/conf/jk.conf”

Open /usr/local/apache/conf/jk.conf and add the following

JkWorkersFile /usr/local/tomcat/conf/jk/workers.properties
JkLogFile /usr/local/apache/logs/mod_jk.log
JkLogLevel info
JkLogStampFormat “[%a %b %d %H:%M:%S %Y] ”
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat “%w %V %T

Create the Jkworkers file as mentioned : /usr/local/tomcat/conf/jk/workers.properties

Add the entries as listed below.

workers.tomcat_home= /usr/local/tomcat
workers.java_home=/usr/java/jdk
ps=/
worker.list=ajp13
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13

Now you need to add virtual host entry for the domain in server.xml file.

Open the file /usr/local/tomcat/conf/server.xml and add the following.

<Host name=”domain1.com” debug=”0″ appBase=”webapps” unpackWARs=”true”> <Alias>www.domain1.com</Alias> <Logger className=”org.apache.catalina.logger.FileLogger” directory=”logs” prefix=”virtual_log1.” suffix=”.log” timestamp=”true”/> <Context path=”" docBase=”/home/user/public_html” debug=”0″ reloadable=”true”/> </Host>

Add the mod_jk module entry for the domain in httpd.conf.

Open /usr/local/apache/conf/httpd.conf with our favourite editor and add the entries as listed below in the virtual host entry of domain.

<IfModule mod_jk.c>
JkMount /*.do ajp13
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
JkMount /servlets/* ajp13
JkMount /manager/* ajp13
</IfModule>

Restart apache and tomcat servers

root@linux [~]# /etc/rc.d/init.d/httpd restart
root@linux [~]# /usr/local/tomcat/bin/startup.sh

Place a test.jsp page with the following code and access the page.

<html>
  <head>
  <title>Hello from JSP</title>
  <%!
  String message = "Hello, World. From JSP test page Tomcat is running.";
  %>
  </head>
  <body>
  <hr color="#000000" />
  <center>
  <h2><font color="#3366cc"><%= message%></font></h2>
  <h3><font color="#0000ff"><%= new java.util.Date() %> </font></h3>
  <hr color="#000000" />
  </center>
  </body>
  </html>

Setting Timezone in Tomcat



You can set TZ variable in your environment by using  export TZ=GMT in your ~/.bashrc file and for tomcat with CATALINA_OPTS=-Duser.timezone=GMT (You need to edit tomcat/bin/catalina.sh file).

MySQL

For retrieving dates in another timezone from database please refer CONVERT_TZ at http://dev.mysql.com/doc/refman/5.0/en/date-and-time-functions.html

Postgresql

Please refer http://www.postgresql.org/docs/8.0/static/datatype-datetime.html

After setting TZ kindly logout anf login again and issue the following command to check the current timezone.

echo $TZ

If its showing correct, Restart the tomcat.

Done.

How to fix “Too many open files” or “403 forbidden error” in Apache.

If you face the following difficulty/error in apache error logs, then you need to increase the number of open files by using the following command.

Too many open files

Increase the number of open files limit in /proc/sys/fs/file-max

    echo 572235 > /proc/sys/fs/file-max

I’m just using a sample value. Increase it according to your requirement.


Install memcached with PHP memcache Extension

“MemCached” is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.
If you are on a cPanel based server, you can install the PHP Extension by running the script /scrips/easyapache and enable memcache during the process. Once completed, you need to install memcached daemon by following the step 1 listed below. If you are not on cPanel based server follow the two steps listed below.

1. Steps to Install memcached

You have to activate the RPMForge custom repository to install latest memcached rpm.

rpm -Uhv http://apt.sw.be/redhat/el5/en/i386/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.i386.rpm

or

rpm -Uhv http://apt.sw.be/redhat/el5/en/x86_64/rpmforge/RPMS/rpmforge-release-0.3.6-1.el5.rf.x86_64.rpm

You can now use yum to install memcached

yum -y install memcached

Once the installation is completed, you will be able to locate the config file at the location /etc/sysconfig/memcached . Edit the file according to your requirement. It will be something like below.

PORT=”11211″                #define on which port to urn
USER=”nobody”           #same as apache user
MAXCONN=”2048″     #maximum number of connections allowed
CACHESIZE=”32″         #memory used for caching
OPTIONS=””                   #use for any custom options

Always specify a user for memcached when you start it from the shell. You can use nobody user or a user named memcached.

Now you can test it with the following command.

memcached -u memcached -d -m 1048 -l 127.0.0.1 -p 11211

or

memcached -d -u nobody -m 1048 -p 11211 127.0.0.1

Check if memcached is listening on port 11211

netstat -plan | grep “:11211″

Done.

Now you can go to step 2 to perform the installation of php extension.
2. Steps to Install PHP Memcache

Download and install the latest version of PHP extension from PECL.

cd /usr/share

wget http://pecl.php.net/get/memcache-2.2.7.tgz

tar -xvf memcache-2.2.7.tgz

cd memcache-2.2.7.tgz

phpize
./configure
make
make install

After successful installation check if memcache.so is added to php.ini. If its not there add it manually to php.ini, restart apache and create a phpinfo page and check for memcache.

To locate php.ini

php -i | grep php.ini

vi /usr/local/lib/php.ini

Add the following

extension=”memcache.so”

Restart httpd

/etc/rc.d/init.d/httpd restart

Check if its loaded in command line by using the following.

php -i | grep memcache

It will show something like below.

memcache
memcache support => enabled

You can also test memcache by creating memcachetest.php file with the following code and see the results.

<?php
//memcached simple test
$memcache = new Memcache;
$memcache->connect(‘localhost’, 11211) or die (“Could not connect”);
$key = md5(’42data’);  //something unique
for ($k=0; $k<5; $k++) {
$data = $memcache->get($key);
if ($data == NULL) {
$data = array();
//generate an array of random shit
echo “expensive query”;
for ($i=0; $i<100; $i++) {
for ($j=0; $j<10; $j++) {
$data[$i][$j] = 42;  //who cares
}
}
$memcache->set($key,$data,0,3600);
} else {
echo “cached”;
}
}

Steps to Add/Bind secondary IP address to CentOS server.

1. Login to server via ssh

2. Before binding the new ip address you can check the existing ip address and network interfaces using the following command.

    ifconfig

3. Now navigate to the directory /etc/sysconfig/network-scripts/

    cd /etc/sysconfig/network-scripts/

4. You should be now able to see the file ifcfg-eth0 where the default ip is binded. Just copy this file for the new ip address. We need to edit the DEVICE part and IPADDR part only.

    cp -rp ifcfg-eth0 ifcfg-eth0:1

5. Now open the file ifcfg-eth0:1 . A sample file will be having the following contents.

    vi ifcfg-eth0:1

    DEVICE="eth0:1"
    BOOTPROTO="static"
    ONBOOT="yes"
    IPADDR="192.168.1.1"

Following are the explanation for different directives.

DEVICE:  This is name of the interface you are going to assign the IP to.
BOOTPROTO: “static”  This means the IP address is statically assigned to the server.
ONBOOT:  “yes” This means the sever will bind this IP during boot process.
IPADDR: This is where you enter your IP Address. Make sure to enter the correct ip information here.

Now save the file.

You can bring the new ip UP by using the following command.

    ifup ifcfg-eth0:1

Or

    service network restart

Thursday, 12 December 2013

FTP getting hanged

Your FTP session is timing out when passive mode is being turned on and you do a directory listing. In FTP, passive mode is necessary for a client behind a firewall to be able to connect to the server. If you were not behind a firewall (NAT included) then you could use active mode. What's happening is that the firewall on your server (CSF) is blocking the high ports necessary to make passive mode FTP work. To resolve, edit the file /etc/pure-ftpd.conf and uncomment the line "PassivePortRange". Then you have to go to your CSF configuration page and put in a rule to allow traffic on those ports. The default ports are 30000 to 50000, so CSF would need a rule to allow traffic on all ports between 30000 and 50000.

If you're not running a very busy FTP server you can easily get by with a smaller range like 30000 to 31000.

After you make the change in the pure-ftpd.conf file be sure to restart the daemon with /scripts/restartsrv_ftpserver.

Once those changes are made then you should be able to open a passive connection properly to the server and get the data returned back to your connection.

Directory listing limit in FTP

To change the number of files listed in FTP(if using pure-ftpd) aka the file/directory listing limit in FTP

 Locate the below line in /etc/pure-ftpd.conf and edit the number of files to be listed in FTP

 --------------
LimitRecursion 2000 8
--------------
2000 is for files
8 is for directories

How to restore database backup of MSSQL

1. Open MSSQL Server Management Studio. (Start >>> programs >>> Microsoft SQL server 2005 >>>
SQL server Management studio Express)
2. Connect to MS SQL Server database
(Connect to server window)
Server name: 192.XX.XX.XX\SQLEXPRESS
Authentication: SQL server Authentication OR Windows Authentication
Login: sa
Password: xxxxxx
Then press connect
3. After login to SQL server
1. Expand the Databases
2. Select the database test_db
3. Right click on database
4. Select Tasks >>> then select restore
5. Open restore database window
6. Under the source for restore >>> select from device
7. Then select square box in front of from device
8. Specify backup window open
9. Select add button
10. C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Backup\test_db.bak ( Backup location path ) >>> press ok
11. Select the check box (Restore) under the select the backup sets to restore
12. After this select the .Option. Icon >>> under the restore options >>> select Overwrite the
existing database >>> press ok
13. Restore DB successfully massage window comes >>> press ok
Done.

Convert Mbox mail system to Mdir system

Mbox system uses a single file to store the emails while Mdir system uses multiple files to store each incoming email.

1.Go to the Maildir directory for the user.
2.Tar the Maildir file.
3.tar -zcvf Maildir.tar.gz Maildir
4.Copy the files to the mbox mail directory of the user.
5.domain:/home/kk1/mail # scp root@domain.com:/hsphere/local/var/vpopmail/domains/domain.com/k/Maildir.tar.gz .
6.untar the Maildir
7.domain:/home/kk1/mail # tar -zxvf Maildir.tar.gz
8.For the particular directory we are trying to convert, select that. In the case below, we are trying to convert the mails in the sent-mail folder.
9.Create a file /root/convertm with the following contents :
#!/usr/bin/python
# -*- coding: utf-8 -*-

import mailbox
import sys
import email

mdir = mailbox.Maildir(sys.argv [-2], email.message_from_file)
outfile = file(sys.argv[-1], ‘w’)

for mdir_msg in mdir:
# parse the message:
msg = email.message_from_string(str(mdir_msg))
outfile.write(str(msg))
outfile.write(‘\n’)

outfile.close()
10.domain:/home/kk1/mail/Maildir # python /root/convertm .sent-mail ../output.mbox2
11.The file output.mbox2 will contain all the required emails.


I will use an example to explain this. Here, I am going to convert all the mbox style directories which were placed under the old squirrel mail configuration, from the following directory in the old server. This directory belongs to the old email account workreports@domain.com
[root@11-22-33-44 mail]# pwd
/oldserver/home/imap/domain.com/workreports/mail

Step 1:
Transfer the files to the new server.
If ‘dom’ is the user account for the domain.com in the new server,
~# cd ~dom
scp -r root@11.22.33.44:/oldserver/home//imap/domain.com/workreports/mail .
Change the permission of this newly formed mail directory at the new server to 755 ( Another user will operate on this directory which will be explained below. Hence you need to allow read permission )
~#chmod -R 755 mail/
Step 2:
Create a user named convertm ( You can choose any name ) using a tight password and shell access.
Step 3:
Upload the file below into its convertm’s home directory,
mb2mdir
Change directory to the mail directory mentioned in step 1 where you downloaded the emails as user ‘dom’. Now you must have guessed why I allowed read permission on that directory,
~# cd /hsphere/local/home/mail
Step 5:
Issue the following command,
for i in *;do cat $i > /var/spool/mail/convertm && /home/convertm/mb2md-3.20.pl -m /var/spool/mail/convertm && mkdir /home/convertm/.${i} && cp -rf /home/convertm/Maildir/* /home/convertm/.${i}/;done
This command will convert each mailbox file under the mail directory into its mbox format and place it under the directory /home/convertm/
Step 6:
Once it is done, please switch user to ‘root’ and change directory to /home/convertm/
~#cd /home/convertm/
Your challenge is to copy all the .* directories on to /hsphere/local/var/vpopmail/domains/domain.com/workreports/Maildir which is where hsphere horde normally stores its imaped files. Horde by default stores the directories beginning with a ‘.’ character.
Hence, issue the following command which will filter out the bash files and unneeded ‘.’s
for i in `ls -d .* | grep -v ‘^[.]*$’ | grep -v bash`;do cp -rf $i /hsphere/local/var/vpopmail/domains/domain.com/workreports/Maildir/;done
Step 7:
You are done!
Now don’t forget to delete the files after work,
# rm -rf /hsphere/local/home/mail

Park Wrapper Error(s)

Park Wrapper Error

When trying to add an addon domain, or parked domain, you might run across a 'Park Wrapper Error'.
Here are some common errors, and how to fix them:

Error from park wrapper: domainname.com is already configured.

This means that a DNS Zone File already exists for this domain. If you have WHM, simply go to Delete a DNS Zone and remove the domain name you are trying to add.

Error from park wrapper: You cannot park your main domain!

This means that you are trying to add your primary domain to your control panel. Stop trying to do that; your primary domain is already added to your control panel by default. If your primary domain is not working, it is because of a different reason.

Error from park wrapper: Using nameservers with the following IPs.... Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server.

This means you still need to point the domain name to the server before you can add it.

Error from park wrapper: Unable to find out which user owns the parked domain

To solve this error message (usually received when attempting to remove a parked domain name), simply try adding the domain name to the Addon Domains section of cPanel. It will error out. After you receive the error message, go into the Parked Domains section of cPanel and remove the domain name.

Error from park wrapper: domainname.com is owned by another user

This means the domain name is already setup with hosting on your server, under a different user's account. Perhaps they own the domain and you do not.

Error from park wrapper: Sorry, you are not allowed to add any more than (0) parked domains!

This indicates you are on a plan that only allows 1 domain name per cPanel.  If you are on a Reseller, VPS, or Dedicated plan, you control this feature and can easily raise the limit.

vzquota : (error) Quota on syscall for xxx: Device or resource busy

Error: vzquota : (error) Quota on syscall for xxx: Device or resource busy
Note: Imagining 63583 as the Container ID

# vzctl restart 63583
Restarting container
Starting container ...
vzquota : (warning) quota usage is invalid for id 63583, recalculating disk usage...
vzquota : (error) Quota on syscall for id 63583: Device or resource busy
vzquota : (error)       Possible reasons:
vzquota : (error)       - Container's root is already mounted
vzquota : (error)       - there are opened files inside Container's private area
vzquota : (error)       - your current working directory is inside Container's
vzquota : (error)         private area
vzquota : (error)       Currently used file(s):
/vz/private/63583/etc
vzquota on failed [3]

The error message indicates 2 things:
1) There are some files in open state inside the VPS private area. You can check if there are any open files by executing:
 lsof 2> /dev/null | egrep '/vz/root/63583/|/vz/private/63583/'
where, 63583 is the VPS ID. It will list the open files which you can close and start the VPS.
2) Your current working directory on the host server is inside the VPS’s private area i.e. the private area of the VPS is at /vz/private/xxx and your current working directory while starting the VPS is inside /vz/private/xxx.
Check the current working directory:
root@server [~]# pwd
if the working directory is inside the VPS’s private area, come out of that directory by just executing the command
root@server [~]#  cd
This will bring you out to the home directory of the root user and you will be able to start the VPS without any issues.
root@server [~]# vzctl start VEID

VPS error unable to open pty

Error: unable to open pty

Fix: 1
  vzctl enter 101
enter into VE 101 failed
Unable to open pty: No such file or directory
# vzctl exec  101 /sbin/MAKEDEV tty
# vzctl exec 101 /sbin/MAKEDEV pty
# vzctl enter 101

------------------
Fix: 2
sudo vzctl start 101
sudo vzctl exec 101 "cd /dev; /sbin/MAKEDEV pty"
sudo vzctl exec 101 "cd /dev; /sbin/MAKEDEV tty"
sudo vzctl exec 101 "update-rc.d -f udev remove"
sudo vzctl stop 101
sudo vzctl start 101

------------------

Fix: 3
[root@ovz-cunniffe ~]# vzctl exec 62658 /sbin/MAKEDEV
/bin/bash: /sbin/MAKEDEV: No such file or directory


if your virtual machines are installed in /vz/privae/
/sbin/MAKEDEV -d /vz/private/<CTID>/dev -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null port ptmx random urandom zero ram0
/sbin/MAKEDEV -d /vz/private/<CTID>/etc/devices -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null port ptmx random urandom zero ram0

but if your virtual machines are installed in /var/lib/vz/privae/
/sbin/MAKEDEV -d /var/lib/vz/private/<CTID>/dev -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null port ptmx random urandom zero ram0
/sbin/MAKEDEV -d /var/lib/vz/private/<CTID>/etc/devices -x {p,t}ty{a,p}{0,1,2,3,4,5,6,7,8,9,a,b,c,d,e,f} console core full kmem kmsg mem null port ptmx random urandom zero ram0

PRNG is not seeded

Error : PRNG is not seeded

Fix:

sh-3.1# ls -al /dev/random
/bin/ls: /dev/random: No such file or directory
sh-3.1# ls -al /dev/urandom

sh-3.1# mknod /dev/random c 1 9
sh-3.1# mknod /dev/urandom c 1 9

IMAPD error in chkservice deamon log

IMAP error message:

===
Service Check Method: [tcp connect]

Failure Reason: TCP Transaction Log:
<< * OK [CAPABILITY IMAP4rev1 UIDPLUS CHILDREN NAMESPACE THREAD=ORDEREDSUBJECT
THREAD=REFERENCES SORT QUOTA IDLE ACL ACL2=UNION STARTTLS] Courier-IMAP ready.
Copyright 1998-2011 Double Precision, Inc. See COPYING for distribution
information.
>> A001 LOGIN
__cpanel__service__auth__imap__rJgtrLJMaRsNRJAy1xrY3gjTDNA852bfXgTyA8ttThGb3PWtney7UFHfeEuyP9bg
EFRrpZNcstXly7t6cq5gQmthW7w4Qd4xlUeldCDdm67tiIsq_6efRRsLOy3WpZA3
<< * BYE Temporary problem, please try again later
imap: ** [* BYE Temporary problem, please try again later != A001 OK]
: Died at /usr/local/cpanel/Cpanel/TailWatch/ChkServd.pm line 541, line
2.
===

Error message logged in " /var/log/maillog".

===
/var/log/maillog:Oct 13 10:19:44 s307 imapd-ssl: authentication error: Input/output error
===

This error leads to inaccessibility of Webmail/mail service.

Solution:
*********

The issue can be fixed by increasing the authentication daemons for courier in the server.

Given below are the steps to increase Authentication daemons for courier from WHM.

~~~~
Main >> Service Configuration >> Mailserver Configuration>>Number of Authentication Daemons
~~~~

Add an A entry for your hostname in cPanel

Error:
"IMPORTANT: Do not ignore this email.

Your hostname (server.server.com) could not be resolved to an
IP address. This means that /etc/hosts is not set up correctly,
and/or there is no dns entry for server.server.com. Please be
sure that the contents of /etc/hosts are configured correctly, and
also that there is a correct 'A' entry for the domain in the zone
file.

Some or all of these problems can be caused by /etc/resolv.conf
being setup incorrectly. Please check that file if you believe
everything else is correct.

You may be able to automatically correct this problem by using the
'Add an A entry for your hostname' option under 'Dns Functions' in
your Web Host Manager.

Fix:
Here are the steps that you should work through to solve this issue.

1. Follow the instructions that cPanel has provided by checking to see if you can solve this issue using WHM provided tools. Login to your server's WHM (not cPanel) by going to https://[YOUR SERVER IP]:2087 in your web browser.
 
2. You probably see the error now, go ahead and close it for now and scroll down the left hand Functions Menu until you find the heading 'DNS Functions'. Click on 'Add an A entry for your hostname'. WHM will try to analyze your hostname and then present you with a button to click that says Add the entry, go ahead and click on that. WHM should automatically try to add the relevant A record for your hostname to the DNS zone present on your system.

3. Go ahead and logout and then log back in to WHM to see if the message returns. Look to the top of WHM to see the "Logout(root)" link. Optional Tip: If you don't like logging into and then out of WHM while testing the fixes you can instead login to your server via SSH and whenever you are ready to test simply run the following command:

      root@myserver [~]# /scripts/ipcheck

      This command will send you an email immediately if your settings are still incorrect.
  
4. Hopefully that worked, but if not, we should go ahead and edit your /etc/hosts file just in case. Login to your system via SSH. Use your favorite text editor to make sure that your /etc/hosts file looks something like this.

      root@myserver [~]# cat /etc/hosts
      127.0.0.1              localhost
      xx.xx.xx.xx            server.server.com server

      If you would like more information on the structure of the hosts file type 'man hosts' as the structure of this file is outside of the scope of this document.
  
5. Use your preferred method of checking for the message again. Has it returned? Are you sure that your server is using the proper resolvers? Make sure that your /etc/resolv.conf has the following within.

      nameserver X.X.X.X
      nameserver
X.X.X.X

Can  include global NS as well

      Let's go ahead and test for the message again. Did it return? In this case it sounds like the domain name servers for your domain are not configured to be this server. Is it possible that they are configured to be another server? We can use dig from within the shell to try and find out. Try this:

      dig +noall +answer +additional mydomain.com NS

    
      In the most simple of setups, the IPs listed in your results should match the IPs of your server. If they do, then everything should be working at this point. If not then you are using name servers that are not within your system and you will need to update them with the relevant A record.