Tikejhya: Ashish Nepal

Knowledgebase

Month: August 2013 (Page 1 of 2)

getent hosts vs hosts

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

There may be some occasion that you want to bypass hostfile to resolve public IP, how it works?

here is small example, host command works exactly as dig. (ie. doesnot do byhostname lookup)

host www.ashishnepal.com -> will look directly to DNS (not looking host file same as dig)
getent hosts www.ashishnepal.com -> will look into /etc/hosts file first and go to DNS.

Monitoring Varnish Healthcheck

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Monitoring Varnish Healthcheck

varnishadm debug.health | awk /Backend/'{print $2,$4}’
web1 Healthy
web2 Healthy

This will throw ugly logs on syslog, so to Disable logging on varnishadm
Note: This is not disabling varnishadm logging but only cli traffic
(i.e. those which runs on Bash CLI, Those you run from varnishadm will still be visible).

syslog_cli_traffic

Fatal error: Can’t open and lock privilege tables: Table ‘mysql.host’ doesn’t exist

Your ads will be inserted here by

Easy Plugin for AdSense.

Please go to the plugin admin page to
Paste your ad code OR
Suppress this ad slot.

Fatal error: Can’t open and lock privilege tables: Table ‘mysql.host’ doesn’t exist

Solution:

mysql_install_db

[ERROR]: spawning fcgi failed.

(mod_fastcgi.c.1397) [ERROR]: spawning fcgi failed.
(server.c.964) Configuration of plugins failed. Going down.
(log.c.166) server started
(mod_fastcgi.c.1103) the fastcgi-backend /usr/local/php5/bin/php-cgi failed to start:
(mod_fastcgi.c.1107) child exited with status 2 /usr/local/php5/bin/php-cgi
(mod_fastcgi.c.1110) If you’re trying to run your app as a FastCGI backend, make sure you’re using the FastCGI-enabled version.
If this is PHP on Gentoo, add ‘fastcgi’ to the USE flags.
(mod_fastcgi.c.1397) [ERROR]: spawning fcgi failed.
(server.c.964) Configuration of plugins failed. Going down.

bin-path location and ensure php-cgi exists

nginx redirect loop

The page isn’t redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.

I have noticed that this could happen in many diff reasons.

1) Nginx Configuration
e.g. http://stackoverflow.com/questions/4616521/nginx-configuration-leads-to-endless-redirect-loop

2) can be when you dont have extforward trusted on backend server which is used from nginx(as reverse proxy).

e.g.
extforward.headers = (“X-Forwarded-For”, “Forwarded-For”)

extforward.forwarder = (
“192.168.1.2” => “trust”
)

Using diff IP to send email POSTFIX

This can be specified in the main.cf file for all SMTP clients, or it can be specified in the master.cf file for a specific client, for example:

Edit /etc/postfix/main.cf and make sure that the following line is present
inet_interfaces = 11.22.33.44, localhost

However, using smtp_bind_address will force to listen inbound mail only on new ip so if we want both ip to be there for listening for incomming mail you want to do.

Change this part:

smtp unix - - - - - smtp
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_fallback_relay=

to this:

smtp unix - - - - - smtp
-o smtp_bind_address=11.22.33.44
# When relaying mail as backup MX, disable fallback_relay to avoid MX loops
relay unix - - - - - smtp
-o smtp_bind_address=11.22.33.44
-o smtp_fallback_relay=

Postfix DKIM

What is DKIM?

For funtional overview visit:
http://www.sendmail.co.uk/sm/open_source/dkim/functional_overview/

DKIM or DomainKeys Identified Mail is an electronic signature that is inserted into the full header of your email to identify the origin of where the message was sent.

Howto?

# Install opendkim, which is fork of dkim-milter.
yum install opendkim

# Create directory for you domain, generate key, change ownership.
mkdir /etc/opendkim/keys/mydomain.com
opendkim-genkey -D /etc/opendkim/keys/mydomain.com/ -d mydomain.com -s default
chown -R opendkim:opendkim /etc/opendkim/keys/mydomain.com
mv /etc/opendkim/keys/mydomain.com/default.private /etc/opendkim/keys/mydomain.com/default

# If you have multiple domain, do same for each domain.

# Configuration File
/etc/opendkim.conf – OpenDKIM’s main configuration file
/etc/opendkim/KeyTable – a list of keys available for signing
/etc/opendkim/SigningTable - a list of domains and accounts allowed to sign
/etc/opendkim/TrustedHosts – a list of servers to “trust” when signing or verifying

# vi /etc/opendkim.conf
PidFile /var/run/opendkim/opendkim.pid
Mode sv
Syslog yes
SyslogSuccess yes
LogWhy yes
UserID opendkim:opendkim
Socket inet:8891@localhost
Umask 002

Canonicalization relaxed/simple
Selector default
MinimumKeyBits 1024
KeyFile /etc/opendkim/keys/default.private
KeyTable /etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts

# vi /etc/opendkim/KeyTable
default._domainkey.mydomain.com mydomain.com:default:/etc/opendkim/keys/mydomain.com/default

# If you have multiple domain add similar line with each domain

# vi /etc/opendkim/SigningTable
*@mydomain.com default._domainkey.mydomain.com

vi /etc/opendkim/TrustedHosts
127.0.0.1

# If you want to add simillar trusted domain or ip add in Trusted host file.

# Now Make postfix aware where to go for smtpd milter
smtpd_milters = inet:127.0.0.1:8891
non_smtpd_milters = $smtpd_milters
milter_default_action = accept

# If you’re running a version of Postfix prior to 2.6, you may need to add:
milter_protocol = 2

Service opendkim start
service postfix reload

Add DNS entry with the key you created for each domain which can be found under.
/etc/opendkim/keys/mydomain.com/default.txt

Test:
By sending a blank email to the following address : sa-test@sendmail.net or check-auth@verifier.port25.com or autorespond+dkim@dk.elandsys.com and check the respon.

Or, check header of email message.

Checking Mail server reputation:
https://www.senderscore.org/
http://mxtoolbox.com/SuperTool.aspx

Openrelay Test:
http://www.mailradar.com/openrelay/

Test Openrelay Telnet:

telnet: > telnet mx1.example.com smtp
telnet: Trying 192.0.2.2…
telnet: Connected to mx1.example.com.
telnet: Escape character is ‘^]’.
server: 220 mx1.example.com ESMTP server ready Tue, 20 Jan 2004 22:33:36 +0200
client: HELO client.example.com
server: 250 mx1.example.com
client: MAIL from:
server: 250 Sender Ok
client: RCPT to:
server: 250 Recipient Ok
client: DATA
server: 354 Ok Send data ending with .
client: From: sender@example.com
client: To: recipient@example.com
client: Subject: Test message
client:
client: This is a test message.
client: .
server: 250 Message received: 20040120203404.CCCC18555.mx1.example.com@client.example.com
client: QUIT
server: 221 mx1.example.com ESMTP server closing connection

Printing parsed config-file.

Lighttpd

Printing parsed config-file.

lighttpd -pf /data/etc/lighttpd/lighttpd.conf

-p print the parsed config-file in internal form, and exit
-t test the config-file, and exit
-f filename of the config-file

/etc/httpd/modules/mod_ssl.so: cannot open shared object file:

root@host conf.d]# service httpd configtest
httpd: Syntax error on line 210 of /etc/httpd/conf/httpd.conf: Syntax error on line 12 of /etc/httpd/conf.d/ssl.conf: Cannot load /etc/httpd/modules/mod_ssl.so into server: /etc/httpd/modules/mod_ssl.so: cannot open shared object file: No such file or directory

Installing mod_ssl for Apache on CentOS:
yum install mod_ssl
service httpd configtest
service httpd reload

creating new interface

cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0:0 ifcfg-eth0:1
vi ifcfg-eth0:1

DEVICE=eth0:1
BOOTPROTO=static
ONBOOT=yes
NETMASK=255.255.255.128
IPADDR=192.168.1.122
TYPE=Ethernet
ifup eth0:1

Page 1 of 2

Powered by WordPress & Theme by Anders Norén