Install an OpenVPN server and connect to it on windows

March 22, 2012 by · Comments Off on Install an OpenVPN server and connect to it on windows
Filed under: linux, security, troubleshooting 

Follow the tutorial on linode to install openvpn:
http://library.linode.com/networking/openvpn/debian-6-squeeze

Attention:
Both openvpn and dnsmasq shall be installed on the server.

And on the file /etc/openvpn/server.conf, the following line must be exist and not commented :
push “redirect-gateway def1”

By default the line is :
;push “redirect-gateway def1 bypass-dhcp”
The semi-colon should be removed, and “bypass-dhcp” should be removed too.

redirect-gateway option to configure the VPN as the default gateway (implemented on Linux and Windows only).

redirect-gateway bypass-dhcp option to add a route
allowing DHCP packets to bypass the tunnel, when the
DHCP server is non-local. Currently only implemented
on Windows clients.

Another tip: In the local directive in the begging of server.conf, ip address of your server should be configured:
local 102.83.214.229

On the client, just install OpenVPN GUI on windows, and download client.conf, ca.crt, client1.crt, client2.key to the OpenVPN/Config folder from the VPN server. The config folder is located at C:\Program Files\OpenVPN\config on my system.

And rename client.conf to vpn-server.ovpn (a mandatory step), start OpenVPN client and click connect.

Some faqs:
1.How to tell if openvpn is installed correctly on the sever.
Just run netstat -na|grep 1194 to check whether it is listening, and check whether the process is running by ps. 1194 is the listening port configured at server.conf

2.Why I cann’t telnet to the 1194?
openvpn is an UDP server by default, you can’t telnet to an UDP port.

3.How could I check if my client is connected to the server?
If the OpenVPN tray turn to green, you are connected to the server.
And you can ping the vpn server, if it replies, it is connected:
ping 10.8.0.1

4.Why I could not visit some sites on the world after connected to the openvpn server.
If your local DNS server is polluted and you are not redirect DNS lookup to VPN server, you will still not be able to open the blocked site. On the vpn server, dnsmasq must be installed, and the following exact line exist at server.conf
push “redirect-gateway def1”

5.How could check the route process to a host such as twitter from linux/windows?
on linux: traceroute twitter.com
on windows: tracert twitter.com

You can also run nslookup on windows, and host/digg on linux for debugging.

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

How to install a network HP printer on Arch linux

March 16, 2012 by · Comments Off on How to install a network HP printer on Arch linux
Filed under: linux, troubleshooting 

The printer package does not work as it should be on my arch for HP laser jet P2035n. It costs me some hour to get it to work. Here’s the steps.

1). Install cups service
pacman -S cups cups-pdf hplip pyqt3 python2-pyqt
pacman -S system-config-printer-gnome
rc.d cups start

2). To add device and install hp driver:
1. Run ‘hp-setup’ as root.
2. Click ‘Show Advanced Options’ button and check-enable ‘Manual Discovery’.
3. Enter IP address 192.168.59.63 in the ‘…device ID…’ entry and click ‘Next’ to install driver.

3). run system-config-printer as root, to add printer

# system-config-printer
click “Add”, Select Device -> Network Printer -> input the IP address of the printer such as “192.168.1.3”, click “Find” -> “Process”

If you encounter the following error:
File “/usr/share/system-config-printer/newprinter.py”, line 1531, in getNetworkPrinterMakeModel
debugprint (host + “: ” + args)
TypeError: cannot concatenate ‘str’ and ‘list’ objects

You should comment out the error line at 1531 of newprinter.py, and then continue to add the printer.

4). Finally, you can run hp-check to see what problems exists for the printer.

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Could not chdir to home directory /home/USER: Permission denied

March 16, 2012 by · 3 Comments
Filed under: linux, troubleshooting 

We changed the home folder to /data/home/USER.

When I ssh to our centos server. It shows error “Could not chdir to home directory /home/USER: Permission denied”, however loggin ok. I must manually run cd ~ to go to the home directory.

Googled around, and found it is caused by selinux. The solution:

To disabling selinux or change it from enforcing to permissive.
vi /etc/sysconfig/selinux
change SELINUX from enforcing to permissive: SELINUX=permissive, then reboot.

For server could not be rebooted:
#setenforce permissive

You can check if set correctly
#getenforce

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

fetchmail configuration file

February 18, 2012 by · Comments Off on fetchmail configuration file
Filed under: linux 

fetchmail is a mail-retrieval and forwarding utility; it fetches mail from remote mailservers and forwards it to
your local (client) machine’s delivery system. You can then handle the retrieved mail using normal mail user
agents such as mutt(1), elm(1) or Mail(1). The fetchmail utility can be run in a daemon mode to repeatedly poll
one or more systems at a specified interval.

Below is a sample configuration of $HOME/.fetchmailrc for gmail.

The user specifies email login name; password specifies the login password, and is ‘david’ means you login the linux system as user david. If the login name isn’t correct, “unkown user” error will show when retrieving email.

For certificates generation and promail configuration, see:

http://www.andrews-corner.org/mutt.html#fetchmail

poll pop.gmail.com 
with proto POP3 
user 'david.euler' 
there with password 'xxxxyyyy' 
is 'david' here 
mda "/usr/bin/procmail -d %T" 
options 
no keep 
ssl 
sslcertck 
sslcertpath /home/david/.certs/
Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Build a serious WordPress server for high traffic website with nginx

November 10, 2011 by · 1 Comment
Filed under: design, linux, server 

Deploy multiple nginx instance on 1 server for load balance

When building WordPress for high traffic website, we maintain and restart the web server frequently for better SEO  and better user experience; but we don’t want to interrupt user’s visiting.

When we get familiar with SEO, the link/site structure may change and need to update nginx configuration which need restart of nginx. When nginx new version released for fixing a dangerous security issue, we need upgrade nginx.

So we need at least 2 nginx instance for load balance, and another nginx as proxy server. Let’s build the 3 nginx instance on a single server with the same nginx installation(or use 2 nginx installation if need upgrading nginx ). Two of the instance serves WordPress with the same WordPress installation and the same database.

The architecture and network composition:

 

nginx load balance architecture on a single machine

nginx load balance architecture on a single machine

 

 

 

 

 

 

 

 

 

 

 

 

The following steps describes how to do in on Debian.

1. Deploy single wordpress server on nginx

Make sure your system is up-to-date.  Reference the following links to install php pre-requirements:

cd /opt

wget http://nginx.org/download/nginx-1.0.9.tar.gz

tar -zxvf nginx-1.0.9.tar.gz
cd /opt/nginx-1.0.9/
./configure --prefix=/opt/nginx --user=nginx --group=nginx --with-http_ssl_module --with-ipv6

make
make install

Create init script to manage nginx:

wget -O init-deb.sh http://library.linode.com/assets/682-init-deb.sh
mv init-deb.sh /etc/init.d/nginx
chmod +x /etc/init.d/nginx
/usr/sbin/update-rc.d -f nginx defaults
/etc/init.d/nginx start

2. Duplicate nginx configurations

cd /opt/nginx  (change directory to where nginx is installed)

cp conf/nginx.conf  conf/nginx.81.conf

cp conf/nginx.conf  conf/nginx.82.conf

mv conf/nginx.conf conf/nginx.backup.conf

And then change the listen port 80 to 81,82 respectively in nginx.81.conf and nginx.82.conf; also don’t forget to comment out the pid line and change the pid file for each instance so that each instance can be stopped normally:

pid        logs/nginx.81.pid;  ### in file nginx.81.conf

pid        logs/nginx.82.pid;  ### in file nginx.82.conf

3. Configure and deploy the proxy nginx server

vi conf/nginx.conf,

copy the following content to listen on port 80 which is balanced by two nginx instance at port 81 and 82.

#deploy multiple nginx instance for load balance on 1 server

upstream main {
        server 106.187.45.82:81;
        server 106.187.45.82:82;
}  

server {
listen 106.187.45.82:80 

location /   {
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_pass http://main;
        }
}

4. Stop your old server and start the new instance with load balance support

sbin/nginx -s stop, or kill -QUI pid

Then you can start the new instance by:

cd /opt/nginx
sbin/nginx -c conf/nginx.81.conf
sbin/nginx -c conf/nginx.82.conf
sbin/nginx -c conf/nginx.conf

In case you want to stop the instance, you can run one/all of these commands:

sbin/nginx -s stop -c conf/nginx.81.conf
sbin/nginx -s stop -c conf/nginx.82.conf
sbin/nginx -s stop -c conf/nginx.conf

Of course, you can stop the instance by executing this command too: kill -QUIT pid-of-the-nginx

5. Debug and maintenance one of the nginx instance

When you debugging on one of the nginx node, if you visit http://106.187.45.82:81, WordPress will redirect your url to the default WordPress site URL  automatically(for example http://www.beyondlinux.com/ ), and then you don’t know which instance you are visiting.

But why wordpress has automatic url redirects? You can typically visit the home page of a WordPress web site by several different URLs:

http://beyondlinux.com/,

http://www.beyondlinux.com/,

http://www.beyondlinux.com:81/

The problem with allowing all of these URLs to access a single page is that it can potentially hurt your website’s overall search engine optimization (SEO). It means search engines could index duplicate copies. So WordPress fixes this problem by employing automatic redirects known as Canonical URL Redirection, which only enables one url per page.

When debugging and testing new functions,   you don’t want to enable the redirection. You can add the following code to functions.php file. remove_filter('template_redirect','redirect_canonical');

If you don’t like editing the file, you could install the plugin: “Permalink Fix & Disable Canonical Redirects Pack“, and activate it, then redirection would be disabled.

After debugging and testing of your WordPress finished, you should deactivate the plugin to enable the Redirection for a better SEO site.

6. Redirect request to next server if error or timeout.

When in load balance mode, nginx will redirect/resend request to another server by default when server error or timeout; for more error processing, we can leverage the directive of proxy_next_upstream and  fastcgi_next_upstream

syntax: proxy_next_upstream [error|timeout|invalid_header|http_500|http_502|http_503|http_504|http_404|off]; default: proxy_next_upstream error timeout;

context: http, server, location

The directive determines in what cases the request will be transmitted to the next server, here’s an example config:

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;  

fastcgi_next_upstream error timeout invalid_header http_500 http_503 http_404;

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Suffered by wordpress permanent links in nginx

November 4, 2011 by · Comments Off on Suffered by wordpress permanent links in nginx
Filed under: linux, server 

I installed wordpress several month ago by default. The page links were in default format like /blog/p?101. After some posts written I realized that these format is not friendly to search engine. So I decided to change the permalinks format in wordpress. It is a suffered experience.

After I changed the permalinks to custom structure, such as “/%year%/%monthnum%/%day%/%postname%/”, then some pages, and the category, tags links, pages could not be visited correctly.

And I tried install the WP plugin “advanced permalinks”. The plugin’s feature sounds very promising, it can reserve your old pages’ permalinks in an different structure. But after activated, some of my links (like category, tags) broken too.

Then I added configurations in nginx.conf, with lots of location definitions …. :

77                 location /blog/2011 { ### for nginx redirection, 2011/06
 78                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 79                 }
 80                 location /blog/category { ### for nginx redirection, 2011/06
 81                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 82                 }
 83                 location /blog/feed{ ### for nginx redirection, 2011/06
 84                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 85                 }
 86                 location /blog/comments{ ### for nginx redirection, 2011/06
 87                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 88                 }
 89                 location /blog/sample-page{ ### for nginx redirection, 2011/06, About me
 90                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 91                 }

 95                 location /blog/index.php{ ### for nginx redirection, 2011/06
 96                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;

…. Each time a new kind of url(which has the same prefix) I added a location config, it is difficult and boring to maintenance the file.

Even more worse, when I installed a new wordpress plugin, the configuration page is in a new url, it couldn’t be accessed.

Oh my god, finally, I changed the nginx.conf like this (leave a catch-all entry in the end), then pages are shown without any colors and styles except black and white…

 77                 location /blog/2011 { ### for nginx redirection, 2011/06
 78                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 79                 }
 80                 location /blog/category { ### for nginx redirection, 2011/06
 81                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 82                 }
 83                 location /blog/feed{ ### for nginx redirection, 2011/06
 84                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 85                 }
...
 92                 location /blog/index.php/category{ ### for nginx redirection, 2011/06
 93                   try_files $uri $uri/ /blog/index.php/?q=$uri&$args;
 94                 }
 95                 location /blog/index.php{ ### for nginx redirection, 2011/06
 96                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
 97                 }
 98                 location /blog/{ ### for nginx redirection, 2011/06
 99                   try_files $uri $uri/ /blog/index.php?q=$uri&$args;
100                 }

 

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Setup your cloud server in 3 minutes with Xen 4.1 on Ubuntu 11.10

November 2, 2011 by · 52 Comments
Filed under: cloud, linux, virtualization 

Ubuntu support xen officially since 11.10. It is really easy to install the packages. Although some issues should be fixed manually, it is a painless experience. Here’s the steps to setup your cloud server in 3 minutes with Xen 4.1 on Ubuntu 11.10.

1. Install xen hypervisor and utilities
sudo apt-get install xen-hypervisor-4.1-amd64 xen-utils-4.1 xenwatch xen-tools xen-utils-common xenstore-utils

sudo apt-get install virtinst virt-viewer virt-manager

2. Restart os, choose the xen kernel, verify xen installation
# xm info
# brctl show

3. Config your xend
$ sudo vim /etc/xen/xend-config.sxp

comment out (xend-unix-server yes) at the file, that means make sure the following line exists or been added :
(xend-unix-server yes)

#vi ~/.bashrc , add the following line:

export VIRSH_DEFAULT_CONNECT_URI="xen:///"

4. Restart, choose the xen kernel, and verify libvirt

# virsh version

Compiled against library: libvir 0.8.3
Using library: libvir 0.8.3
Using API: Xen 3.0.1
Running hypervisor: Xen 4.0.0

Conguratulations, all packages installed successfully.

5. Run virtual machine manager to manage your vms.

# virt-manager

Then you will see the screen virtual machine manager screen:

virtual machine manager for xen 4.1 in ubuntu 11.10

virtual machine manager for xen 4.1 in ubuntu 11.10

Create virtual machine in virt-manager,

error occur when finish creation, and show something like:
if ret is None:raise libvirtError(‘virDomainCreateLinux() failed’, conn=self)
….
/usr/lib64/xen/bin/qemu-dm: ….

that means qemu-dm could not be found, try to fix it:

#mkdir /usr/lib64/xen -p
#cp /usr/lib/xen-4.1/* -r /usr/lib64/xen/

then continue to finish creation of the virtual machine, still error occured, and show something like:
libvirtError: POST operation failed: xend_post: error from xen daemon: (xend.err …
or something like this:

libvirtError: POST操作失败: xend_post:来自 xen 守护进程的错误:<Fault 3: ”>

check the error log,  it will give you some clues:
# less /var/log/xen/xend.log

the log shows error occured and logged at /var/log/xen/qemu-dm-demo.log, check it:
# less /var/log/xen/qemu-dm-demo.log

it says /usr/share/qemu/keymaps/en-us could not be found, the keymaps really does not exist in my disk.
and find it at /usr/share by :
#ls /usr/share/qemu (and press Tab, it shows qemu-linaro exist)

so just copy it to fix:
#cp -r /usr/share/qemu-linaro/ /usr/share/qemu

then continue to finish the vm creation. Wow, it works!

virutal machine running at ubuntu 11.10 with xen 4.1

virutal machine running at ubuntu 11.10 with xen 4.1

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

How to automate virtual machine creation and runing on virtualbox by command line

June 29, 2011 by · 2 Comments
Filed under: linux, virtualization 

Many times we need to create a linux virtual machine by command line.
It is very useful for batch vm operation, automation, regression test, integration test…
Here’s the steps to create a functional linux virtual machine (works on windows host && linux host).

These steps has been tested on Debian squeeze x64 with kernel version of 2.6.32, and windows server 2003 x64 .
Note for windows users: Make sure you have put virtualbox directory to PATH variable. (Press Win+Break , click “Advanced”-> “Environment Variables”, find the PATH variable, and append virtualbox path to the variable.)

1.Create a virtualbox vm and register the vm

vboxmanage createvm -name testvm -register
vboxmanage showvminfo testvm

The showvminfo command shows information about created virtual machine.

2.Specifiy network adapter and setting boot order

vboxmanage modifyvm “testvm” –memory 768 –vram 64 –acpi on –boot1 dvd –nic1 bridged –bridgeadapter1 eth0

vboxmanage list ostypes

vboxmanage modifyvm “testvm” –ostype “linux26”

The list command shows all available system types. If you don’t want your vm connect to network directly by bridged network,
then change the arguments after –nicX, see manual: http://www.virtualbox.org/manual/ch08.html#vboxmanage-modifyvm

3.Create virtual disk for file storage with specified size(2G)

vboxmanage createvdi –filename “/data/vm/testvm-disk01.vdi” –size 2048 –remember

4.Set boot up order and add an IDE controller
vboxmanage storagectl testvm –name “IDE Controller” –add ide
vboxmanage modifyvm “testvm” –boot1 dvd –hda “/data/vm/testvm-disk01.vdi” –sata on

Now a virtual machine has been created and register, let’s go to step 5 specify the booting iso file,
and boot into linux.

5.Specify ISO file as DVD (the installation iso or live iso)
I use tinycore, and put the iso at /data/vm.

Attach virtual disk testos.vdi to the 0th port at device 0:
vboxmanage storageattach testvm –storagectl “IDE Controller” –port 0 –device 0 –type hdd –medium “/data/vm/testvm-disk01.vdi”

Attach the ISO at the 1th port at device 0:
vboxmanage storageattach testvm –storagectl “IDE Controller” –port 1 –device 0 –type dvddrive –medium /data/vm/tinycore_3.6.iso

vboxmanage modifyvm “testvm” –dvd /data/vm/tinycore_3.6.iso

6、Boot the virtual machine

vboxmanage startvm “testvm”

For linux users , if error like “The character device /dev/vboxdrv does not exist, lease install the virtualbox-ose-dkms package and the appropriate headers, most likely linux-headers” occured.

Then you probably run the following command by root:
modprobe vboxdrv
modprobe vboxnetflt

To poweroff the virtual machine, just run the command:
vboxmanage controlvm testvm poweroff

To boot the virtual machine in headless, so it starts without virtual box gui, it is useful for virtual server.
And you can put the command to start up script, it works on windows and linux:
vboxmanage startvm “testvm” –headless

To show detail information of the virtual machine:
vboxmanage showvminfo testvm –details

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

How to start with wireless network on Debian squeeze

June 17, 2011 by · 2 Comments
Filed under: linux 

How to automatically keep an active network always on desktop, && use wireless network

sudo apt-get install network-manager
sudo apt-get install wicd
sudo apt-get install firmware-iwlwifi

Option 1:
sudo apt-get install network-manager-gnome

To use network-manager-gnome in Xfce (or Gnome) you need to have the applet running in the sytem tray.
In Gnome this is automatic but in Xfce you need to set it up initially. Fortunately this is very easy:

Alt + F2 to run a command:  nm-applet –sm-disable

Network manager is used for keeping an active network always for desktop.
Wireless network is disabled by default, rith click on the desktop network icon, choose “Enable Wireless”, it shall works.

Note for Chinese readers: 默认无线是关闭的,右键点击桌面工具栏上的网络连接图标,选中”Enable Wireless”,即可使用无线网络.

Option 2:

For WICD network manager, network connected and disconnected notification is disabled by default, you can enable the option in Preference settings.

If you haven’t input wireless interface, WICD could not find network by default, just input wlan0 in your wireless interface in WICD Preference settings.

Then click Wicd network manager -> Network -> Find a hidden network, wicd shall find wireless networks.

Note for Chinese readers: 网络的连接和中断通知默认是关闭的,可以在Preferences里面勾上 Notification.

如果没有在Preferences里面输入wireless interface,WICD默认是找不到无线网络的,通常输入wlan0即可找到无线网络。

点击无线网络的属性,配置好后,点击connect即可连接到无线。

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

How to fix battery indication in debian squeeze on Acer Aspire

June 17, 2011 by · Comments Off on How to fix battery indication in debian squeeze on Acer Aspire
Filed under: linux 

Problem:   acpi could not detect battery status, and shows unkown battery as:

$acpi

Battery 0: Unknown, 0%

Firstly, if you are on Acer Aspire xxxx (mine is Aspire 4745G), you need to upgrade the bios to a new version (such as BIOS_Acer_1.25_A_A.zip for 4745G).Just download the bios program here:

http://support.acer.com/us/en/product/default.aspx?modelId=2070
Secondly, enable acpi on boot option in /boot/grub/grub.cfg:

linux   /boot/vmlinuz-2.6.32-5-amd64 root=/dev/hda9 ro  acpi=on quiet
Then install powertop to check which process consumes lots of power,and cpufrequtils, laptop-mode-tools to automatically save your power.
sudo apt-get install powertop cpufrequtils laptop-mode-tools
restart you system.

Digg This
Reddit This
Stumble Now!
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Next Page »