Category Archives: Ubuntu Server Configuration

Redirect www to non-www on Nginx

How to redirect the www.domain.com version of your website to domain.com version on Nginx?

Here is how. You basically have to make two server blocks. The block with your normal configuration should be the version you want, the version you want to redirect should have a simple rewrite rule alone.

For example, to redirect www.vidyut.net to vidyut.net, you set up your server blocks like this:
server {
server_name www.vidyut.net;
rewrite ^(.*) http://vidyut.net$1 permanent;
}

server {
server_name vidyut.net;
# Your
# normal
# server
# configuration
# goes
# here
}

Nginx: upstream timed out (110: Connection timed out)

Error 110: Connection timed out while reading response header from upstream

Sometimes a Nginx web server seems to load pages with php code with a lot of xml parsing really slowly. Often it doesn’t load or connection times out. This will be seen more on pages where the php code parses through large xml files and outputs data only when all the parsing is complete. The Nginx web server times out before php returns output.

We have to make the Nginx web server wait more before giving up on the upstream.

This is a typical error I get:

upstream timed out (110: Connection timed out) while reading response header from upstream

or

connect() to unix:/var/run/php5-fpm.sock failed (2: No such file or directory) while connecting to upstream

and such. The second one is inexplicable, since everything is working when not timing out, but I have often seen these two together.

The fix that works is increasing the timeout.

In the server configuration /etc/nginx/nginx.conf on Ubuntu/Debian, in the http {....} block, add the line (or edit the commented out line)
fastcgi_read_timeout 300s;

Restart the Nginx web server (as root or with sudo).
service nginx restart

There should be an immediate improvement when parsing large xml files. If you are still having problems, raise the number till resolved.

English: Nginx Logo Español: Logo de Nginx

English: Nginx web server Logo Español: Logo de Nginx (Photo credit: Wikipedia)

Enhanced by Zemanta

Fix a broken mysql

If your mysql seems broken and giving errors like:

# service mysql start
start: Job failed to start

or

ERROR 2002 (HY000): Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)

Or if you try to recreate databases with mysqlinstalldb:

...
...
ERROR: 1  Can't create/write to file './mysql/db.frm' (Errcode: 13)
041226 xx:xx:xx /usr/libexec/mysqld: Can't find file: './mysql/db.frm' (errno: 13)

or all your databases go missing, even if you reinstall mysql-server.

and reinstalling mysql-server won’t work,

Before you reformat the server and use your data, you should try doing (as root, or using sudo):

apt-get install --reinstall mysql-server

chown -R mysql:mysql /var/lib/mysql

I don’t know how, but somehow the permissions get changed and mysql can no longer operate, or a reinstalled mysql still can’t see the tables. They are not gone, they are there. mysql can’t see them and that can be fixed.

Note: Some complained that if they do:

apt-get install mysql or apt-get remove mysql

They get the error that the package can’t be found. Something like:

# apt-get remove mysql
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package mysql

That has nothing to do with this. This happens because the package for mysql in the repositories is mysql-server and not mysql alone. Doing apt-get install mysql-server will work.

Update/install fail: Server cannot access software repositories

If you are trying to install something and the server waits forever after you answer yes to the update and it accesses the software repository… something like…

apt-get update
...
details of packages
...
Need to get 83.7 MB of archives.
After this operation, 237 kB disk space will be freed.
Do you want to continue [Y/n]?
0% [Connecting to archive.ubuntu.com]

And then nothing. It fails.

Do you have UFW installed? UFW can block outgoing connections from your server, so it becomes unable to access the software repositories. Rather than make exceptions, it is easier to disable the firewall and enable again when update or install is done.
??
If you have UFW (Uncomplicated Firewall) installed, disable it and try again.

ufw disable

Now your upgrades should work. Once you are done, re-enable your firewall.

ufw enable
Enhanced by Zemanta

bash: add-apt-repository: command not found

If you are trying to add a ppa repository and get the following error

bash: add-apt-repository: command not found

You need to install python-software-properties, like so

apt-get install python-software-properties

If you have python-software-properties installed and are still getting this error, there is some problem with the package. Uninstall and reinstall it.

apt-get remove python-software-properties --purge && apt-get install python-software-properties

or

apt-get install --reinstall python-software-properties && sudo dpkg-reconfigure python-software-properties
Enhanced by Zemanta

Installing UFW – Uncomplicated Firewall on Ubuntu 12.04

If you are one of those nerdy types and use iptables, ignore this. If you are like the rest of us Ubuntu users (nerdy in denial), UFW (Uncomplicated Firewall) provides a handy tool to configure your firewall.

Here’s how to install. As root, type:

apt-get install ufw

If this can’t find the package, run

apt-get update

before running the command again. You’ll get it.

Next, add your exceptions. For example, on my server, I allow ssh (Secure Shell) and http (Hypertext Transfer Protocol).

# ufw allow ssh
# ufw allow http

Then start the firewall

# ufw enable

It will ask

Command may disrupt existing ssh connections. Proceed with operation (y|n)?

Reply “y”. Simply hitting enter will abort.

This should return:

Firewall is active and enabled on system startup

If you get an error like

ERROR: problem running ufw-init

Edit the file /etc/default/ufw and change IPv6=yes to IPv6=no

Enhanced by Zemanta

How to install APC and fix “potential cache slam” problem

APC is an Alternative PHP Cache or Opcode cache that speeds up performance dramatically by caching queries.

How to install APC?

apt-get install php5-apc

or

pecl install apc

You will have to enble it in the php configuration. Add the following to your php.ini file

extension=apc.so

Alternatively, you could create a separate apc.ini file and put it in the conf.d directory.

If your error log shows a lot of messages about potential cache slam averted, it is a bug. Not much you can do about it but you can turn slam defense off so that it doesn’t spam your logs (or cause other fails)

Add after that line in your php.ini or apc.ini

apc.write_lock = 1
apc.slam_defense = 0

Then copy the apc.php file into a folder that is served by your webserver. Accessing this script in a browser gives you information on the state of your cache. However this script also allows viewing of the files cached and may be a security concern, so it is best kept in a folder with restricted access.

WordPress: Problem happened with plugin upgrade – can’t delete old files

When you get an error like this while updating, check file ownership. Chances are that you edited something in the backend and the plugin or theme files now being owned by another user, cannot be deleted by the server.

If you have terminal access as root, type:

chown -R www-data:www-data /path/to/wordpress/*

Where www-data is the user your Apache runs as and /path/to/wordpress is of course the path to the root of your wordpress installation. the “*” is to apply to all files and folders and the “-R” earlier means the command [chown – for change owner – in this case] applies recursively to all files and folders contained in the folder named.

If you try to upgrade now, it should work.

Varnish won’t start – Too many arguments (\…)

So you set up Varnish. You really did everything right, but when you try to start it…

root@www:/etc/apache2/sites-available# service varnish start
* Starting HTTP accelerator varnishd [fail]
SMA.s0: max size 512 MB.
Too many arguments (\...)
usage: varnishd [options] -a …

and so on, and you have tried and tried to edit /etc/default/varnish till you’re ready to give up?

Varnish works fine if you start it from the command line with configuration (as described in the documentation – for testing), but fails to start as a daemon?

The problem is some invalid characters related with line break in the /etc/default/varnish file. They seem to be there in the original file itself. I was not able to fix the characters, but simply editing the file so that the whole configuration appears as one line works.

So, for example:

DAEMON_OPTS="-a :80 \
-T localhost:1234 \
-f /etc/varnish/default.vcl \
-s malloc,256m"

Becomes

DAEMON_OPTS="-a :80 -T localhost:1234 -f /etc/varnish/default.vcl -s malloc,256m"

This worked for me. If you don’t like this you could try fixing whatever the issue is with the linebreak. Do tell me if you figure it out.

OpenVZ and UFW

So I found another problem area with the OpenVZ host and the Ubuntu Server. A good firewall is important for the safety of a server, but I, at least feel overwhelmed at the complexity and risk of messing things up very badly to directly touch iptables, and I have only done on rare occasions, and always worried.

UFW is a great and simple firewall application. Unfortunately if your server is on OpenVZ, you will not be able to use it out of the box because of the limited support for iptables. Here is a superb workaround in order to be able to use UFW on a Ubuntu host on OpenVZ. The instructions work well.

Will take you a while to do it all, but works like a charm, and the code is copy paste.

If, at the end of it, your installation of dependencies fails, and any further attempts to access repositories don’t work, DON’T PANIC. Simply disable and enable UFW and all should be well.