Posts from ‘Hosting’

Sep
27

The Problem

After the bash exploit ‘shellshock’ was released a few days ago I’ve been going around my servers and applying the required patches, however after doing a ‘apt-get update’ on one of the web servers PHP based requests were no longer working.

Having a look in the Nginx error logs I found that the issue appeared to be at the PHP-FPM layer of the server (which I kind of expected), as it did have an update included in the bulk install and it was PHP that seemed to be broken, heres an example log:

2014/09/26 05:24:28 [crit] 26963#0: *19 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 46.226.191.96, server: subnet.im, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "subnet.im"
2014/09/26 05:24:29 [crit] 26963#0: *19 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 123.226.191.96, server: subnet.im, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "subnet.im"
2014/09/26 05:24:30 [crit] 26963#0: *19 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 123.226.191.96, server: subnet.im, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "subnet.im"
2014/09/26 05:24:32 [crit] 26964#0: *28 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 123.226.191.96, server: subnet.im, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "subnet.im"
2014/09/26 05:24:38 [crit] 26964#0: *37 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 123.226.191.96, server: subnet.im, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "subnet.im"

After some digging around I found that this was caused by a PHP bug fix #67060 (linky here), the bug was basically providing possible privilege escalation on the web server which they’ve fixed, however this changes some of the permissions stopping Nginx connecting to the required stocket used for PHP processing.

The Fix

Fortunately the fix is fairly simple, edit the PFP-FPM configuration.

 nano /etc/php5/fpm/pool.d/www.conf

Add in these three lines, they are probably already there and just need the comment marks removing.

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

Finally re-start the PHP-FPM service and you should be back in business.

sudo service php5-fpm restart
Jan
22


What is MemCache?

Some of you have probably just stumbled along this post without actually knowing what MemCache does, so here is a bit of technical context before I dive into the implementation methods, problems and of course solutions.

In it’s most basic form MemCache is a normal program that runs on top of your operating system, typically you run this on something like your web server as a separate service, just like you would Apache, NTP, MySQL etc.

The service has a very simple aim, you provide it with a key and some corresponding data, this is then saved in memory via the MemCache process and you can access it at a later date. You leverage the benefit in two ways, firstly because the data is held in RAM which is much faster than other storage options, and secondly because the data is typically already in a usable format and therefore requires little extra processing by your application, saving time and physical resources.

How do I use it?

Well I did start of by writing an explanation, however here is an example (with some inline comments):

// We will start by making a new MemCache instance, and assign it to the variable $mc
$mc = new Memcache;

// Using the $mc instance we will connect to our server, normally this will be on port 11211 (localhost)
$mc->connect('127.0.0.1', 11211) or die ("Could not connect");

// Memcache will save data to a specific unique key, you can set this to almost anything
$thekey = "PostCount";

// Now we are going to define the data, this will be saved to our $thekey
$thedata = "12340";

// Now to actually pass the key and data to memcache, note '0' means we are not going to have this expire after a specified amount of time.
$mc->set($thekey, $thedata, false, 0);

// Using $thekey we will get the memcache data back, this will be saved into our variable $result
$result = $mc->get($thekey);

echo $result; //will return 12340

Problems?

The majority of todays applications are built on top of relational databases such as MySQL, therefore adding a basic key/data technology on top of them for cacheing can be hell for programmers. With Key based data you have to know the exact key otherwise you will get nothing returned, MySQL however allows you to search by almost any method you can think of using the saved data.

Another problem is building a solution to define keys that’s going to be accurate, scalable and easy to implement. For example i could save web based user information to memcache using a key based on their numeric user-id (Eg: Key = 412, UserName = Bob), however I then need to go through all of my code and before performing a SQL lookup, perform a memcache lookup, that’s going to be a headache. Plus some things such as the login progress might want to convert ‘bob’ into the userid ‘412’, that’s not possible as ‘bob’ is my memcache data, which you can’t search by, you can only request data by using the Key.

Solution, Hash Key

The solution is fairly simple to implement, you leave almost all of your code as it is and go to your database class (I am assuming that you have one, most developers use one), below is an example extract of what yours could look like, before we get started changing it.

// Function: pass some SQL and it will return the result
// (Insecure, just shown as an example)
function sql_search($sql){

  // Connect to my database
  mysql_connect("localhost", "root", "password") or die(mysql_error());
  mysql_select_db("testdb") or die(mysql_error());

  // Run the SQL query
  $result = mysql_query($sql) or die(mysql_error());
  return mysql_fetch_array( $result );

}

Solution: So what you do is accept the $sql string, run it through an md5() hash function, and check if there is any memcache result using the hash as your key, if there is skip the SQL, if there isnt run the SQL but then add the result to memcache.

// Function: pass some SQL and it will return the result
// (Insecure, just shown as an example)
function sql_search($sql){

  // Create the hash key
  $thekey = md5($sql);

  // Connect to memcache server
  $mc = new Memcache;
  $mc->connect('127.0.0.1', 11211) or die ("Could not connect");
  $result = $mc->get($thekey);

  // If there was a memcache hit, return the cache result
  if(!empty($result)) return $result;

  // Connect to my database, there was no cache hit
  mysql_connect("localhost", "root", "password") or die(mysql_error());
  mysql_select_db("testdb") or die(mysql_error());

  // Run the SQL query
  $result = mysql_query($sql) or die(mysql_error()); 

  // Save the result to memcache
  $mc->set($thekey, $result, false, 0);

  return mysql_fetch_array( $result );

}

Overview

As you can see it’s a simple solution, no matter what application your using if there is a SQL backend and also a SQL class/function memcache can be added in with very minimal work, here are a few last tips:

  • Build a variable into your SQL function to disable/enable cache, I have a few applications that only use it in high server load times.
  • Consider building a function to clear the cache for some of your variables, for example if you add a blog comment you might want to clear blog comment cache.
  • Sometimes just use memcache code if the data isn’t valuable, i have done this with stat’s information before, and just poll/clear memcache every few hours.
  • Don’t forget cache will be deleted after some time, so make sure your application doesn’t error if this happens.
  • Build some checks in to returned memcache data, don’t just assume that its worked
Jul
01

Viewing PingBin.com from Links

So we have all done it, you just did some change to a server and you want a quick check to make sure everything is running as it should be, chances are your probably already in CLI so why not do it from there? Or may be your trying to fault find an issue on a web server, checking the website locally would probably be really helpful, however there’s go GUI for a conventional web browser to function…

‘Links’ is a Linux text based browser that you can use from the local terminal or over SSH, it can save you a lot of time and is a great quick check to see if a website is online, first you need to install it.

Run either of the following depending on your linux distribution; the first one is for something like CentOS/Redhat, the second is for Debian/Ubuntu.

yum install links
apt-get install links

You might need to prepend ‘sudo’ to the command if your not root.

Next just type Links followed by the website you want to test, don’t forget the http:// before the URL and then just use Ctrl+C to exit links when your done.

links http://pingbin.com

Links is a great way to test your website, if your website looks to be down from the server it’s normally a good idea just to check the firewall rules first (iptables -Lvn), also try Google from the links browser as that’s probably not down as well, unless you are Goolge 😉

Jun
11

CentOS Logo

Hyper-V like many other hypervisors has it’s own set of what they call integration components, the use of these components increases the functionality and usually reliability of virtual machines hosted on the cloud. Examples of the hyper-v functionality is supporting the reboot of a virtual machine from the windows control panel (Hyper-V, SCVMM or SSP), probably the biggest advantage is removing the emulated NIC and been able to use the proprietary synthetic adaptors, as normally used in the Windows virtual machines.

Installing these into windows is generally very easy, just mount the CD or right click on the VM and click install integration components, unfortunately Linux is a bit more complex.

Before we start it’s worth noting that you need to first create the VM as normal, and use the emulated network card so you can connect to the internet and update, plus install the linux development tools. If you don’t have a network connection this will not work.

First we will update the system, install the tools and reboot the VM.

yum update -y
yum groupinstall "Development Tools" -y
reboot

Now you need to go here and download the file, you should be left with an .iso image, mount this to the virtual machine like normal.

Next we will make a directory to mount the CD image, and then mount the image to this DIR.

mkdir -p /mnt/cdrom
mount /dev/cdrom /mnt/cdrom

Next we will copy off all the files we need, and then unmount the DIR.

cp -rp /mnt/cdrom /opt/linux_ic 
umount /mnt/cdrom

Next navigate to the directory, install the tools and shutdown.

cd /opt/linux_ic
./setup.pl drivers
poweroff

Finally remove the network interface and replace with the standard synthetic interface, boot the machine and perform an ifconfig, you should see the new interface there seth0

Go to /etc/sysconfig/network-scripts/ and configure the interface as required.

Mar
03
Cloud

The Cloud

Cloud hosting is the latest buzz word in the industry, every data center wants to have a cloud based infrastructure, while it seems every potential client is willing to pay infinitely more for something with the “cloud” branding. All this buzz around the term begs the question, what is it?

So, what does the word cloud actually mean within web hosting? Well it doesn’t really mean anything at the moment which is a problem, because it seams every hosting provider out there is just adapting the term to match their current product line, which spreads even more confusion around. So although I hope to give some wisdom this is only pure guess work and of-course just  my personal opinion, hopefully there will be a clear consensus over the next year or so from the hosting industry, however I am somewhat doubtful.

Well we don’t really know exactly what it is but there a few key things I personally think a cloud hosting solution should incorporate, so let’s go through them. Continue reading “So, what is cloud hosting?” »

Our Sponsors