Author: The Geek Decoder

Nginx error

December 8, 2014 The Geek Decoder No Comments Nginx, Plesk

nginx: [emerg] bind() to 68.168.98.181:443 failed (99: Cannot assign requested address)
nginx: configuration file /etc/nginx/nginx.conf test failed

You can disable nginx which should force the configuration to rebuild:

/usr/local/psa/admin/bin/nginxmgr -d

You can also try the steps below:

http://kb.sp.parallels.com/en/114245

If you get the error:

Apache config (14180811290.93120100) generation failed: Template_Exception: nginx: [emerg] bind() to 68.168.98.181:80 failed (99: Cannot assign requested address)

Re-read the IP’s in plesk. Then try again.

Is SpamAssassin Working

December 6, 2014 The Geek Decoder No Comments Email, Spam

Check the header of an email


X-Spam-Status: No, score=0.1
X-Spam-Score: 1
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "server.domain.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

You can also add Barracuda RBL to Exim in WHM

For cPanel /home/username/.spamassassin/user_prefs as described:

Other Resources:
http://www.toao.net/566-improving-spamassassin-accuracy-with-statistics

Delete mysql-bin files safely

December 5, 2014 The Geek Decoder No Comments MySQL

The file mysql-bin.index keeps a list of all binary logs mysqld has generated and auto-rotated. The mechanisms for cleaning out the binlogs in conjunction with mysql-bin.index are:

PURGE BINARY LOGS TO ‘binlogname’;
PURGE BINARY LOGS BEFORE ‘datetimestamp’;

These will clear all binary logs before the binlog or timestamp you just specified.

For example, if you login to mysql run


mysql> PURGE BINARY LOGS TO 'mysql-bin.000223';

this will erase all binary logs before ‘mysql-bin.000223’.

If you run


mysql> PURGE BINARY LOGS BEFORE DATE(NOW() - INTERVAL 3 DAY) + INTERVAL 0 SECOND;

this will erase all binary logs before midnight 3 days ago.

If you want to have binlog rotated away automatically and keep 3 days woth, simply set this:


mysql> SET GLOBAL expire_logs_days = 3;

then add this to /etc/my.cnf


[mysqld]
expire-logs-days=3

and mysqld will delete them logs for you
SHOW SLAVE STATUS\G

This is critical. When you run SHOW SLAVE STATUS\G, you will see two binary logs from the Master:

Master_Log_File
Relay_Master_Log_File

When replication has little or no lag these are usually the same value. When there is a lot of replication lag, these values are different. Just to make it simple, choose whatever Relay_Master_Log_File is, and go back to the Master and run


PURGE BINARY LOGS TO 'Whatever Relay_Master_Log_File Is';

To clean up Binary Log on Master Server


shell> mysql -u username -p
mysql> RESET MASTER;

To clean up Binary Log on Slave Server


mysql -u username -p
mysql> RESET SLAVE;

Remove MySQL Binary Log with PURGE BINARY LOGS Statement
PURGE BINARY LOGS statement can remove Binary Log based on date or up to a Binary Log sequence number
Base on the binary logs example shown above, I would like to remove binary up to mysql-bin.000015


shell> mysql -u username -p
mysql>PURGE BINARY LOGS TO 'mysql-bin.000015';

Alternatively, you can remove the binary older than a specific date.


shell> mysql -u username -p
mysql> PURGE BINARY LOGS BEFORE '2009-11-01 00:00:00';

Remove MySQL Binary Log with mysqladmin flush-logs Command
Another method is running mysqladmin flush-logs command, it will remove binary logs more than 3 days old.


shell> mysqladmin -u username -p flush-logs

Keep MySQL Binary Log for X Days

All of the methods above required monitoring on disk usage, to “rotate” and keep the binary logs for x number of day. The option below can be configured on MySQL’s config file, my.cnf


expire_logs_days = 7

Consider turning off MySQL Binary Log if MySQL Replication is not deploy on the database server and recovery is not the main concern.


nano /etc/my.cnf
# binary logging - not required for slaves, but recommended
#log-bin=mysql-bin

If you drive is 100% full

Mysql error log shows – 


ERROR 3 (HY000): Error writing file './mysql-bin.~rec~' (Errcode: 28)

and the commands do not work, try this:

Stop mysql or kill the process
Zero out the first log file
remove the line for the first binary file in mysql-bin.index
restart mysql
Then run the commands to purge

Optimize apache

December 5, 2014 The Geek Decoder No Comments Apache, cPanel, WHM

Home »Service Configuration »Apache Configuration »Global Configuration

Minimum Spare Servers 8
Maximum Spare Servers 32
Max Clients 1500
Max Requests Per Child 0
Start Servers 8
Server Limit 2000
Keep-Alive Timeout 15
Max Keep-Alive Requests 256

Other options:

–addition of memcache
–recompiling Apache to run as PreFork opposed to MPM Worker Event

Check for Prefork or Worker

# [root@austin ~]# /usr/sbin/httpd -V | grep MPM
# Server MPM:     Prefork
# -D APACHE_MPM_DIR="server/mpm/prefork"

Links:
http://kb.sp.parallels.com/en/113007
http://codebucket.co.in/apache-prefork-or-worker/
–Reduced some of the limits in the apache config. Many things that should be in the hundreds were set in the thousands.
–KeepAlive on was simply adding too large of a load to the server.


Timeout
Timeout 300

Usually this value doesn’t require editing and a default of 300 is sufficient. Lowering the ‘Timeout’ value will cause a long running script to terminate earlier than expected.

On virtualized servers like VPS servers, lowering this value to 100 can help improve performance.


KeepAlive
KeepAlive On

This setting should be “On” unless the server is getting requests from hundreds of IPs at once.

High volume and/or load balanced servers should have this setting disabled (Off) to increase connection throughput.


MaxKeepAliveRequests
MaxKeepAliveRequests 100

This setting limits the number of requests allowed per persistent connection when KeepAlive is on. If it is set to 0, unlimited requests will be allowed.

It is recommended to keep this value at 100 for virtualized accounts like VPS accounts. On dedicated servers it is recommended that this value be modified to 150.


KeepAliveTimeout
KeepAliveTimeout 15

The number of seconds Apache will wait for another request before closing the connection. Setting this to a high value may cause performance problems in heavily loaded servers. The higher the timeout, the more server processes will be kept occupied waiting on connections with idle clients.

It is recommended that this value be lowered to 5 on all servers.


MinSpareServers
MinSpareServers 5

This directive sets the desired minimum number of idle child server processes. An idle process is one which is not handling a request. If there are fewer spareservers idle then specified by this value, then the parent process creates new children at a maximum rate of 1 per second. Setting this parameter to a large number is almost always a bad idea.

Others Suggestions:


Virtualized server, ie VPS 5
Dedicated server with 1-2GB RAM 10
Dedicated server with 2-4GB RAM 20
Dedicated server with 4+ GB RAM 25
MaxSpareServers
MaxSpareServers 10

The MaxSpareServers directive sets the desired maximum number of idle child server processes. An idle process is one which is not handling a request. If there are more than MaxSpareServers idle, then the parent process will kill off the excess processes.

The MaxSpareServers value should be set as double the value that is set in MinSpareServers.


StartServers
StartServers 5

This directivesets the number of child server processes created on startup. This value should mirror what is set in MinSpareServers.


MaxClients
MaxClients 150

This directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the specified limit will be queued. Once a process is freed at the end of a different request, the queued connection will then be served.

For virtualized servers such as VPS accounts, it is recommended to keep this value at 150. For all dedicated servers the recommended value for this setting is 250.


MaxRequestsPerChild
MaxRequestsPerChild 0

This directive sets the limit on the number of requests that an individual child server process will handle. After the number of requests reaches the value specified, the child process will die. When this value is set at 0, then the process will never expire.

Other adjustments:


Virtualized server, ie VPS 300
Dedicated server with 1-4GB RAM 500
Dedicated server with 4+GB RAM 1000

Other resources:
http://httpd.apache.org/docs/2.2/misc/perf-tuning.html
https://www.howtoforge.com/configuring_apache_for_maximum_performance
http://stackoverflow.com/questions/8902103/is-there-an-apache-tuner-script-like-mysqltuner-pl

Block IP with iptables

December 4, 2014 The Geek Decoder No Comments Administration, Iptables

Block Incoming Request From IP 1.2.3.4

The following command will drop any packet coming from the IP address 1.2.3.4:


# /sbin/iptables -I INPUT -s {IP-HERE} -j DROP
# /sbin/iptables -I INPUT -s 1.2.3.4 -j DROP

Finally, the last thing we need to do is save our rules so that next time we reboot our computer our rules are automatically reloaded:


# /sbin/service iptables save

Check to see if it is added:

# iptables --list -n | grep 37.233.38.46
DROP       all  --  37.233.38.46         0.0.0.0/0

Other good info to check out:

http://wiki.centos.org/HowTos/Network/IPTables

Plesk Mail – warning: connect to Milter service

December 4, 2014 The Geek Decoder No Comments Plesk

Plesk Mail not working. Loogs show:

Dec 3 16:20:17 webserver postfix/cleanup[32266]: warning: connect to Milter service unix:/var/spool/postfix/ctmilter/ctmilter.sock: No such file or directory
Dec 3 16:20:17 webserver postfix/cleanup[32266]: A8D731406FD6: milter-reject: CONNECT from localhost[127.0.0.1]: 4.7.1 Service unavailable - try again later; from=<psaadm@webserver.domain.com>

The Postfix config ‘/etc/postfix/main.cf’ contains entries with extra commas:


# grep milters /etc/postfix/main.cf    
smtpd_milters = ,, inet:127.0.0.1:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock   
non_smtpd_milters = ,, inet:127.0.0.1:12768 unix:/var/spool/postfix/ctmilter/ctmilter.sock

smtpd_milters = ,, inet:127.0.0.1:12768

became

smtpd_milters = inet:127.0.0.1:12768

Then restart postfix,

# service postfix restart

Other sources:
http://kb.sp.parallels.com/en/121170
http://kb.sp.parallels.com/en/116748

How To Install CSF (Config Server Firewall) for WHM

November 28, 2014 The Geek Decoder No Comments cPanel, Firewall, WHM

Login as the root user to SSH and run the following commands to install CSF:

wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

If you would like to disable APF+BFD (which you will need to do to avoid conflicts):

sh disable_apf_bfd.sh

Now, you can then configure csf and lfd in WHM, or edit the files directly in /etc/csf/*

To Configure the CSF Firewall

Go to the Home of your WHM dashboard and select the Plugins option from the navigation menu.

You will see the option ConfigServer Security & Firewall. Click on it.

Here, you will find a variety of options to configure the ConfigServer Security & Firewall application.

Click on the csf tab.

Scroll down a little to the csf – ConfigServer Firewall section and click on the Firewall Configuration button.

Configure as needed.

Disable Testing
Currently, your CSF application is running in the Test Mode. You have to deactivate the mode.

Reaccess the csf – ConfigServer Firewall section and click the Firewall Configuration button.
Locate the TESTING option in the Initial Settings section.
Click on the Off switch.