nginx: [warn] 4096 worker_connections exceed open file resource limit: 1024

June 2, 2015June 3, 2015 ~ tadmin

If you see error messages like:
nginx: [warn] 4096 worker_connections exceed open file resource limit: 1024

Then checking nginx web server configuration using command:

# service nginx configtest

It can be fixed permanently (after system reboot) by editing /etc/security/limits.conf configuration file:

#@student        -       maxlogins       4

* soft nofile 65536
* hard nofile 65536

# End of file

Default Linux system limits can be viewed using command:

# ulimit -a

core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14586
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 14586
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

To fix open files limit value temporary (it works until server reboot) use command:

# ulimit -n 65536

To view new values of system limits run once again:

# ulimit -a

core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 14586
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 65536
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 14586
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited

Then checking nginx web server configuration use command:

# service nginx configtest

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

And, finally, restart nginx web server using command:

# service nginx restart

Stopping nginx: [ OK ]
Starting nginx: [ OK ]
#

Errors running mysqldump related to LOCK TABLES

May 30, 2015June 3, 2015 ~ tadmin

If you see such error patterns when running mysqldump backup:

# mysqldump -u wordpress_u -p wordpress_db > ./tmp/db_backups/wordpress_db-`date +'%Y%m%d%H%M'`.sql

Enter password:
mysqldump: Got error: 1016: Can’t open file: ‘./wordpress_db/wp_1050_postmeta.frm’ (errno: 24) when using LOCK TABLES

# mysqldump -u wordpress_u -p wordpress_db > ./tmp/db_backups/wordpress_db-`date +'%Y%m%d%H%M'`.sql

Enter password:
mysqldump: Got error: 23: Out of resources when opening file ‘./wordpress_db/wp_1050_options.MYD’ (Errcode: 24) when using LOCK TABLES

try to add –lock-tables=false to dump command.

Work with davfs2 on Fedora CentOs RHEL

May 20, 2015May 19, 2015 ~ tadmin

This post can be useful if you need to work with remote file system using davfs2 protocol.

To start work with it you should install davfs2 support using command:

# sudo yum install davfs2 -y

To start work you have to create mount point using command:

# sudo mkdir /mnt/drive_davfs2

Mount drive using command:

# sudo mount -t davfs https://file-store.shkodenko.com/ /mnt/drive_davfs2

You will need to provide username and password to connect.

Now, you can work with remote DAVFS folder /mnt/drive_davfs2 as with local folder.

To view list of currently mounted filesystems use command:

# sudo mount -l

Then you don’t need remote folder you should unmount it using command:

# sudo umount /mnt/drive_davfs2

RHEL Downloadonly plugin for yum

May 1, 2015April 30, 2015 ~ tadmin

If you need to get package source code only, and you don’t want to install it, you can use Downloadonly plugin for yum.

Install the package including “downloadonly” plugin:

(RHEL5)

# yum install yum-downloadonly

(RHEL6)

# yum install yum-plugin-downloadonly

Run yum command with “–downloadonly” option as follows:

# yum install --downloadonly --downloaddir=<directory> <package>

Confirm the RPM files are available in the specified download directory.

Source: https://access.redhat.com/solutions/10154

Import SSL certificate from web server Apache OpenSSL to Tomcat format

April 22, 2015April 21, 2015 ~ tadmin

To import SSL certificate into pkcs12 format you can use command:

# openssl pkcs12 -export -in /home/taras/ssl/shkodenko.com.crt -inkey /home/taras/ssl/shkodenko.com.key -out /home/taras/ssl/shkodenko.com.p12 -name tomcat -CAfile /home/taras/ssl/shkodenko.com.ca.crt -caname root -chain
Enter Export Password:
Verifying - Enter Export Password:

You will be prompted to input password.

# keytool -importkeystore -srckeystore /home/taras/ssl/shkodenko.com.p12 -srcstoretype PKCS12 -deststoretype JKS -destkeystore /home/taras/ssl/shkodenko.com.jks
Enter destination keystore password:  
Re-enter new password: 
Enter source keystore password:  
Entry for alias tomcat successfully imported.
Import command completed:  1 entries successfully imported, 0 entries failed or cancelled

Now, you can use /home/taras/ssl/shkodenko.com.jks certificates storage in your Apache Tomcat SSL virtual host configuration.

Set up NFS on CentOS and RedHat enterprise remote server folder sharing

March 19, 2015March 18, 2015 ~ tadmin

To set up NFS on CentOS and/or RedHat enterprise Linux the following package should be installed:

# yum install nfs-utils
Loaded plugins: product-id, rhnplugin, security, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
This system is receiving updates from RHN Classic or RHN Satellite.
Excluding Packages in global exclude list
Finished
Excluding Packages from Red Hat Enterprise Linux (v. 5 for 64-bit x86_64)
Finished
Setting up Install Process
Package 1:nfs-utils-1.0.9-71.el5.x86_64 already installed and latest version
Nothing to do

If you see error while trying to start nfs service:

# /etc/init.d/nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas: Cannot register service: RPC: Unable to receive; errno = Connection refused
rpc.rquotad: unable to register (RQUOTAPROG, RQUOTAVERS, udp).
                                                           [FAILED]
Starting NFS daemon:   
                                                           [FAILED]

check if portmapper service is working:

# rpcinfo -p
rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused
#

If not, add portmap service to auto start:

# chkconfig portmap on

Start the portmap serice:

# service portmap start
Starting portmap:                                          [  OK  ]

When portmap service is started it should show some output like:

# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
#

You should start nfs service

# service nfs start
Starting NFS services:                                     [  OK  ]
Starting NFS quotas:                                       [  OK  ]
Starting NFS daemon:                                       [  OK  ]
Starting NFS mountd:                                       [  OK  ]
#

Add an entry what folder do you want to share to configuration file /etc/exports

/home/taras/backups/shared 11.22.3.4/255.255.255.0(rw,sync)

Where 11.22.3.4 IP address of remote side where you will mount shared folder.

You can also add IP to configuration file:

# more /etc/hosts.allow
#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
ALL: 11.22.3.4

Create folder /mnt/shared and mount remote folder in it

# mkdir -pv /mnt/shared
# mount shkodenko.com:/home/taras/backups/shared /mnt/shared -o nolock

Install and configure custom PHP FastCGI version with Plesk 12

February 12, 2015June 3, 2015 ~ tadmin

If you need to use modern version of PHP and you have Plesk control panel version 12+ you can use php_handler utility.

To view list of currently installed PHP versions use command:

# /usr/local/psa/bin/php_handler --list

             id:  display name:  full version:  version:    type:                           cgi-bin:  php-cli:                           php.ini:  custom:
          module          5.3.3          5.3.3       5.3   module                   /usr/bin/php-cgi                                 /etc/php.ini    false
         fastcgi          5.3.3          5.3.3       5.3  fastcgi                   /usr/bin/php-cgi                                 /etc/php.ini    false
             cgi          5.3.3          5.3.3       5.3      cgi                   /usr/bin/php-cgi                                 /etc/php.ini    false

To install custom PHP build installed to folder /opt/php-5.4.37 use command:

# /usr/local/psa/bin/php_handler --add -displayname php-5.4.37 -path /opt/php-5.4.37/bin/php-cgi -phpini /opt/php-5.4.37/etc/php.ini -type fastcgi -id php-5.4.37

You will see message:

The new PHP handler with the id "php-5.4.37" was successfully registered.

Now, you can select it in Plesk control panel then editing your domain “Hosting settings”.

Mtop utility installation on Debian 7

February 9, 2015February 2, 2015 ~ tadmin

Mtop utility can be downloaded from http://sourceforge.net/projects/mtop/?source=typ_redirect.
Current version at this moment is: 0.6.6.

To install it the following system packages should be installed as dependencies: libncurses5-dev

# sudo apt-get install libncurses5-dev

Because of error during installation of depended Curses Perl library:
fatal error: ncurses.h: No such file or directory

The following Perl libraries required by mtop should be installed: Curses, Getopt::Long, Net::Domain, DBI and DBD::mysql
I’m istalling them using Perl CPAN module:

# perl -MCPAN -e shell
# ...
cpan[1]> install Curses
cpan[2]> install Getopt::Long
cpan[3]> install Net::Domain
cpan[4]> install DBI
cpan[5]> install DBD::mysql
cpan[6]> quit

Mtop installation process:

# cd /root/install
# tar xzf mtop-0.6.6.tar.gz
# chown -Rf root:root /root/install/mtop-0.6.6/
# cd /root/install/mtop-0.6.6/
# perl Makefile.PL
...
# make
...
# make install
Manifying 2 pod documents
Installing /usr/local/bin/mtop
Installing /usr/local/bin/mkill
Installing /usr/local/bin/mtop
Installing /usr/local/bin/mkill
Installing /usr/local/share/perl/5.14/cpan2spec.pl
Installing /usr/local/share/man/man1/mkill.1p
Installing /usr/local/share/man/man1/mtop.1p
Appending installation info to /usr/local//lib/perl/5.14/perllocal.pod

Now, mtop and mkill utilites are ready for use.

Using dpkg to find package names on Debian Linux 7 (wheezy)

February 5, 2015February 4, 2015 ~ tadmin

To discover what package a file belongs to use command:

# dpkg -S /bin/dash

dash: /bin/dash

We find several packages related to what we’re looking for, together with brief descriptions. To get more information about a specific package, I can then use:

# apt-cache show dash

Block / unblock IPs on Linux servers

February 1, 2015February 4, 2015 ~ tadmin

There is several ways to block / unblock IPs on linux servers.

It can be done using IPTables firewall rules, server configuration files /etc/hosts.deny, using route.

I have written simple shell scripts to block / unlbock IPv4 which can be used on any Linux distribution if you have root administrator access.

You can get them for a small price:

Linux bash scripts to block/unblock IPv4 using route