root.bg by Nikolay Nikolov - статии и уроци за linux

Здравейте и добре дошли в #root.bg!

Тук може да намерите статии и уроци за linux, мрежи и тяхната защита, игри и забавление, както и хобита – ролери, дронове и много други.

Creating Certificate Authorities and self-signed SSL certificates

Николай Николов Работа, Howto apache, certificates, openssl, ssl, web 0

Поста е взаймстван от Creating Certificate Authorities and self-signed SSL certificates с идеята да имам в блога си how-to че ми се налага от време на време да ъпдейтвам сертификатите по уеб сървърите.

1. Create a self-signed certificate.

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
#Make a version of the server.key which doesn’t need a password:
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

2. Generate your own CA (Certificate Authority).

openssl genrsa -des3 -out ca.key 4096
openssl req -new -x509 -days 365 -key ca.key -out ca.crt

openssl genrsa -des3 -out server.key 4096
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
openssl rsa -in server.key -out server.key.insecure
mv server.key server.key.secure
mv server.key.insecure server.key

Optimizing WordPress with Nginx, Varnish, APC, W3 Total Cache

Николай Николов Howto apc, cache, debian, nginx, php-fpm, varnish, wordpress 0

Идеята е ясна – оптимизация на уордпрес блога чрез varnish който работи пред nginx-a с една едничка цел – по-бързо отваряне на сайта ни.

Първо инсталираме nginx и php-fpm :

apt-get install nginx php5-fpm

Ето и примерния ни nginx.conf:

user www-data;
worker_processes 12;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
worker_rlimit_nofile 8192;
events {
worker_connections 4096;
# multi_accept on;
}

http {
include /etc/nginx/mime.types;
# include /etc/nginx/proxy.conf;
include /etc/nginx/fastcgi.conf;
access_log /var/log/nginx/access.log;
upload_progress proxied 1m;
#cache
#fastcgi_cache_path /tmp/cache/fastcgi_cache levels=1:2 keys_zone=php:16m inactive=5m max_size=500m;
proxy_cache_path /var/www/cache/ levels=1:2 keys_zone=алабала.нет:10m inactive=30m max_size=2g;

upstream php5-fpm-sock {
server 127.0.0.1:9000 weight=100 max_fails=3 fail_timeout=5;
#server 127.0.0.1:9001 weight=100 max_fails=3 fail_timeout=5;
#server unix:/var/run/php5-fpm.sock;
}
#sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;
tcp_nodelay on;

gzip on;
gzip_disable “MSIE [1-6]\.(?!.*SV1)”;
gzip_http_version 1.0;
gzip_comp_level 9;
gzip_proxied any;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server_tokens on;
server_name_in_redirect off;

}

След това е нужно да създадем виртуален хост за сайта ни – /etc/nginx/sites-enabled/виртуален-хост.лтд

Още..

WordPress optimization with cdn and wp super cache plugin

Николай Николов Howto cdn, debian, eaccelerator, lighttpd, nginx, optimization, wordpress, wp super cache 0

What Is A CDN?

A content delivery network or content distribution network (CDN) is a system of computers containing copies of data, placed at various points in a network so as to maximize bandwidth for access to the data from clients throughout the network. A client accesses a copy of the data near to the client, as opposed to all clients accessing the same central server, so as to avoid bottleneck near that server. A cdn will increase speed and efficiency for your blog.

Ok, let’s begin. I have debian box for the tests.

First, we have host example.com , we need to create CNAME cdn.example.com in our bind zone. After that we will install lighttpd to serve cdn contents ->

apt-get install lighttpd

and nginx with varnish for everything else 🙂

In my lighttpd.conf I put line to change the default port to 88

server.port = 88

After that I create vhost.conf with:

etag.use-inode = “enable”
etag.use-mtime = “enable”
etag.use-size = “enable”
static-file.etags = “enable”

###### CDN FILES via WordPress Upload ##############
$HTTP["host"]  == “cdn.friendbg.net”{
server.document-root = “/var/www/cdn”
accesslog.filename         = “/var/log/lighttpd/cdn.access.log”
#  Set max age
$HTTP["url"] =~ “^/” {
expire.url = ( “” => “access 60 days” )
}
}

After this restart the lighttpd daemon.

So .. now go to wp-admin , settings , media and go to Uploading Files section.

Now change the directory “Store uploads in this folder” to “/var/www/cdn” and “Full URL path to files” to https://cdn.example.com:88

Don’t forget to change the permissions to 777 or to www-data to directory /var/www/cdn

With this change every file uploaded to your blog will be stored to /var/www/cdn and will be accessed by https://cdn.example.com:88

Now is time to install wp super cache plugin and after the successful install we need to configure it.

Go to Settings,WP super cache , WP Super Cache Settings , CDN and check this: Enable CDN Support

On Off-site URL : https://cdn.example.com:88

In Include directories I put only wp-content folder.

Don’t forget to enable the plugin!

So we my copy the directory wp-content to /var/www/cnd or simple create a link to it like this

cd /var/www/cdn ; ln -fs /var/www/blog/wp-content

Now we have working blog with static content served by cdn lighttpd daemon 🙂

Other way to optimize your blog is to install php eAccelerator.

Install it and create eaccelerator.ini in /etc/php5/conf.d/ with those settings:

extension=”eaccelerator.so”
eaccelerator.shm_size=”16″
eaccelerator.cache_dir=”/var/cache/eaccelerator”
eaccelerator.enable=”1″
eaccelerator.optimizer=”1″
eaccelerator.check_mtime=”1″
eaccelerator.debug=”0″
eaccelerator.filter=”"
eaccelerator.shm_max=”0″
eaccelerator.shm_ttl=”0″
eaccelerator.shm_prune_period=”0″
eaccelerator.shm_only=”0″
eaccelerator.compress=”1″
eaccelerator.compress_level=”9″

After that

mkdir /var/cache/eaccelerator ; chmod 777 /var/cache/eaccelerator

Now restart the php daemon. That’s it ! 🙂

Nginx + Varnish = wrong ip address (127.0.0.1)

Николай Николов Howto nginx, varnish 0

Тъй като явно не ми е правило впечетление досега и чак днес видях в логовете че всичко живо идва от айпи 127.0.0.1 в успешната ми конфигурация на блога под nginx и varnish . След не малко търсене и ровене в нета се натъкнах на резултата който ми помогна , а именно 2 реда които трябва да се добавят в nginx.conf и всичко си тръгва както трябва.

Тези два реда са следните:

set_real_ip_from 127.0.0.1;

real_ip_header X-Forwarded-For;

След това е необходим рестарт на демона /etc/init.d/nginx restart и в лога вече излизат истинските айпи адреси на клиентите.

Сложил съм 127.0.0.1 тъй като varnish върви на същата машина, съответно ако е пусната на друга трябва айпи адреса да е съответния. Това е 🙂