Aside

IP address Apache access logs

If You want find out which ip address occurs the most in apache logs (to determine bot attack) run :

cat access_log | awk '{print $1}' | sort | uniq -c | sort -n | tail

To determine if given IP occurs in iptables rules:

iptables -L -n -v | grep [ip_address]

That helped me a lot lately…

How to install Redmine 2.5 on CentOS 6.5

This installation assumes that You have already Apache 2.2 and MySQL 5.x up and running.

Ruby 2.1

For whole operation we’ll need to install Development Tools, which can be done by:

yum groupinstall development

Then we’ll install ruby 2.1.x via rvm

curl -L get.rvm.io | bash -s stable
source /etc/profile.d/rvm.sh

Now we’ll have to reload rvm and install ruby

rvm reload
# this will install newest tag from 2.1 branch
rvm install 2.1

Now we want to make this version as default and this is done by:

rvm use 2.1.x --default

Phusion Passenger

To run Redmine we’ll need Passenger with it’s Apache module.

gem install passenger
passenger-install-apache2-module

Installer will guide You through process. At the end You’ll need to add /etc/httpd/conf.d/passenger.conf :

LoadModule passenger_module /usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/buildout/apache2/mod_passenger.so
<IfModule mod_passenger.c>
    PassengerRoot /usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41
    PassengerDefaultRuby /usr/local/rvm/gems/ruby-2.1.1/wrappers/ruby
</IfModule>

Of course versions may vary depending on when You’re doing this. Installer will however give You this details.

Redmine 2.5

Download latest version from Redmine official webpage by wget and untar it:

wget http://www.redmine.org/releases/redmine-2.5.1.tar.gz
tar xzvf redmine-2.5.1.tar.gz
mv redmine-2.5.1 /var/www/html/redmine

Now it’s time to configuration. Let’s start from database. Edit config/database.yml and pass there Your database credentials

production:
 adapter: mysql2
 database: redmine
 host: localhost
 username: redmine
 password: redmine
 encoding: utf8

Next we’ll setup mail delivery data. Edit config/configuration.yml

production:
 email_delivery:
 delivery_method: :smtp
 smtp_settings:
 address: "localhost"
 port: 25
 authentication: :login
 domain: 'your.server.com'
 user_name: 'redmine@your.server.com'
 password: 'YourSecretPassword.600'

It’s time to bundle our Redmine:

bundle install --without development test
bundle exec rake generate_secret_token
RAILS_ENV=production bundle exec rake db:migrate

Then we’ll have to change ownership of /var/www/html/redmine

chown -R apache. /var/www/html/redmine

Configure Apache

It’s time to add VirtulaHost to Your Apache instance

<VirtualHost *:80>
 ServerName your.server.com
 ServerAlias www.your.server.com
 DocumentRoot /var/www/html/redmine/public

 <Directory /var/www/html/redmine/public>
   AllowOverride all
   Options -Multiviews
 </Directory>
</VirtualHost>

Now restart Apache and You’re good to go !

service httpd graceful

Yay! Now You can login by passing admin/admin credentials. Have Fun!

screenshot-2014-04-19-10.37.43

Directadmin: changing IP – IP FailOver

One of my servers is located in OVH datacenter. Recently one of my clients mailbox got hacked by spammer and started sending huge amount of spam. Server got of course blacklisted. After blocking some spamming networks, changing passwords to mailboxes I’ve started removing server from various blacklists. The only problem I’ve had was with Google. I’ve send them couple removal requests but didn’t succeed…

After a week I’m come out with a different approach. OVH offers service called IP FailOver. It’s main purpose is to have IP address that You can switch between Your main server and backup server when main is down. You just have to assign Your IP FailOver address to You network interface’s alias. It’s quite simple in RHEL 6 OS family:

cd /etc/sysconfig/network-scripts/
cp ifcfg-eth0 ifcfg-eth0:0

Then You just edit new file:

DEVICE="eth0:0"
BOOTPROTO="static"
IPADDR=IP.FAILOVER.ADDR
NETMASK=255.255.255.255
ONBOOT=yes
BROADCAST=IP.FAILOVER.ADDR

Now just run ifup eth0:0 and check if Your new address is responding to ping and we’re good to go further.

Now when we have our new IP address up and running we have to change it in DirectAdmin. Instructions can be found on DirectAdmin’s help website. In short: You have to first extend your license. You can do this by clicking on “Licensing / Updates” as admin user in Your Admin Tools section and select “Update license”. Then write e-mail to DirectAdmin support with request of changing Your IP to IP FailOver address. After You get a positive response just run:

cd /usr/local/directadmin/scripts  
./getLicense.sh clientID license
service directadmin restart
./ipswap.sh old-ip new-ip

Now You just have to restart all services, and they will start responding to new IP Address.

There is only one problem with this setup… services are still sending stuff through old interface, so many servers will still recognise You as this old ip address. This means that You might have problem with downloading new license, because DirectAdmin requires connection from IP that license is registered to. There is also solution to this. We have to address all our traffic through IP FailOver address and this can be done by iptables:

iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source new-ip-addr

Now everything should work as planned. There might be just one problem left to solve – when You’re using OVH’s FTP Backup service it requires Your server to connect through old IP address. Againg iptables will be helpful:

iptables -t nat -A POSTROUTING -o eth0 -d backup-server-ip-addr -j SNAT --to-source old-ip-addr

This is it!

There is also one big advantage of whole process – when You’ll want to change server it will be much simpler to just assign IP FailOver to the new one and You won’t have to worry about changing DA’s license IP.

Cheap Time Capsule alternative using Ubuntu 12.10

Why spent $260 for Time Capsule, when You can make Your Ubuntu to act exactly the same? Here is how to do this.

First we’re gonna install couple of things that we need for further setup:

sudo apt-get install avahi-daemon libavahi-client-dev libdb5.3-dev \
db-util db5.3-util libgcrypt11 libgcrypt11-dev

Then download the latest version of Netatalk – Open Source AFP fileserver. We’ll use netatalk 3.* because its much easier to setup as Time Capsule. Because the latest version in repositories is 2.2.* we’ll have to compile it by ourselves.

tar xvjf netatalk-3.*.tar.bz2
cd netatalk-3.*
./configure --with-init-style=debian --with-zeroconf
make
sudo make install

When everything is installed it’s time to do some configuration. First we’ll create a dir when we we’ll store all time machine backups.

sudo mkdir /media/Time-Machine/

Then we’ll add new user called timemachine, who will own this directory

sudo adduser timemachine
# here comes some data that You'll have to fill up
sudo chown -R timemachine. /media/Time-Machine

Now we’re ready to edit /usr/local/etc/afp.conf

;
; Netatalk 3.x configuration file
;

[Global]
; Global server settings

uam list = uams_guest.so, uams_dhx.so, uams_dhx2.so,

; [Homes]
; basedir regex = /xxxx

; [My AFP Volume]
; path = /path/to/volume

[Time Machine MediaPC]

path = /media/Time-Machine
time machine = yes

Then it’s time to configure avahi-daemon which will propagate our Time Capsule over the local network.
Let’s create /etc/avahi/services/afpd.service

<?xml version="1.0" standalone='no'?>
<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
<service-group>
    <name replace-wildcards="yes">TimeCapsule %h</name>
    <service>
        <type>_afpovertcp._tcp</type>
        <port>548</port>
    </service>
    <service>
        <type>_device-info._tcp</type>
        <port>0</port>
    <txt-record>model=Xserve</txt-record>
    </service>
</service-group>

So let’s start everything

sudo service netatalk start
sudo service avahi-daemon start

# to ensure that netatalk will start on boot
sudo update-rc.d netatalk defaults

Now You can enjoy your fresh Time Capsule alternative for the cost of HDD :)

This guide should also work for Raspberry Pi, XBMCbuntu, Debian 6.

Aside

Centos 6 – Adding EPEL repository

wget http://ftp.ps.pl/pub/Linux/fedora-epel/RPM-GPG-KEY-EPEL-6
rpm --import RPM-GPG-KEY-EPEL-6
rm -f RPM-GPG-KEY-EPEL-6

Now create /etc/yum.repos.d/EPEL.repo and paste:

[epel]
name=EPEL RPM Repository for Red Hat Enterprise Linux
baseurl=http://ftp.ps.pl/pub/Linux/fedora-epel/$releasever/$basearch/
gpgcheck=1
enabled=0

Now when You want to use repository You just do it like this:

yum --enablerepo=epel install [pakage]
Aside

MySQL high CPU usage

Recently my servers CPU gone wild. After running a top command MySQL was using up to 80% of CPU while mytop was showing no connections.

It turned out that the problem was ntp service and a leap second which was added to UTC time to compensate for the slowing rotation of the Earth.

The same problem I had with ruby on local development server.

Solution:

service ntpd stop
date -s "`date`"
service ntpd start