[SOLVED] My website is unreachable but SSH still works Centos Linux

Hi all,
if suddenly your websites becomes unavailables or unreachables instead your IP/SSH still works than you could try this tricks that works for me in some situations on redhat Centos.

If you could reach your IP but not your website, then there's something wrong - maybe - with DNS configuration or FIREWALL rules.
If you reviewed your DNS configuration and you tried to restart dns service through:

service named restart

with no success, maybe the problem could be the linux firewall iptables.
So, type these 2 line into your bash 


service iptables stop

nano /etc/sysconfig/iptables

To check if the server accept incoming connection on the 80 port and 443 port (http and https) you have to verify the iptables config files in /etc/sysconfig/iptables.

# Generated by iptables-save v1.4.7
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [26:2600]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed

If port 80 and 443 not exists you have to add these two lines to your VPS iptables config file and it will accept new incoming connection.


-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

Now type in your console:

service iptables start

Now you could check if your website is again available and reachable through the 80 and 443 port.

This works fine on RedHat Centos Linux distribution.

If you have problem listing your directory via FTP so type this in your ssh:

iptables -A INPUT -p tcp --dport 21 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

Stay tuned.

Drupal 6 Pages and Feed RSS: set the offset and item's pagination.

If you have to change dinamically the number of items that are displayed on your feed page or do you need to set their offset via Drupal 6 Feed Rss Views Module, than this post could helps.

After googling for a couple of hours without find any solution to this issue, i tried to solve it by myself.
I would like to pass custom number of items and their offset as arguments of an url.

Something like this

http://www.yourdrupalwebsite.com/rss.xml?items-limit=5&items-offset=5

This page is a custom feed page created by the drupal's admin side .



/admin/build/views/edit/(rss-feed) (in my case)


After that you'll have to use this little hack that change a little piece of code inside the file

modules/views/plugins/views_plugin_display.inc

I found this piece of code on the line 1861. So i changed the following default settings:


$this->view->set_pager_element($this->get_option('pager_element'));$this->view->set_items_per_page($this->get_option('items_per_page'));
$this->view->set_offset($this->get_option('offset'));


and i replaced them with:


$this->view->set_items_per_page(($_GET['items-limit'] > 0) ? $_GET['items-limit'] : $this->get_option('items_per_page'));
$this->view->set_offset(($_GET['items-offset'] > 0) ? $_GET['items-offset'] :$this->get_option('offset'));


Save the file and you'll be ready to call your feed page with your custom arguments with it.

http://www.yourdrupalwebsite.com/rss.xml?items-limit=5&items-offset=5


and check the response.


Note:
You need to filter and sanitize your $_GET input values for security reasons.



Enjoy

[solved] MYSQL Can't start server: can't create PID file: No space left on device

Hi all dear friends of HTV, today i will explain how to fix a bug that affects MySQL server running on a Centos 5.0 Box.

The error in the /var/log/mysqld is :

Can't start server: can't create PID file: No space left on device MYSQL

If your MySQL can't restart and the /var/log/mysqld log show you this message, well, most probably you finished your partition space available.

To solve this issue you have to do the following steps:

1) check your partitions with the command:

df -h

this command will output your partitions conf:

Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              58G   53G   0  100% //dev/sda1              99M   12M   83M  13% /boot
/dev/sda2              58G   13G   42G  24% /media/sda2


Please notice that the full size of /dev/sda2 partition is 58GB, the used space is 53GB and the available once is 0 (100% use).


2) Now that we are aware of this we have to find the files (often they are huge log files) that fill our partition. So we could take a look in the /var directory or /tmp directory to find and move some of them via rsync into another partition or we could free some space deleting older logs and files not needed. (Be carefully when you are doing that).
To find big files over your system you could execute this command via ssh


 du -h --max-depth=3 /* > mybigfiles.txt


This command will write in the file all the output of the command du -h -max-depth=3 in the file named mybigfiles.txt all showing all the dirs in the system with theirs current size.

Navigating through this file you could find which directories are the biggest ones and after that you have to clean them before restarting MySQL server.

First of all do this command via cmd line:

yum clean all

To empty cached sources and packages in your RH distro.

Then if you would like to remove, for example, all the log files in a dir older then 3 days you have to execute the command :

find /var/log/mydirectorywithbigfiles -type f -mtime +3 -exec rm {}

or use this bash script

#!/bin/bash

find /var/log/mydirectorywithbigfiles -type f -mtime +3 -exec rm {} \;

  

that use a combo of find command and -exec rm {} that removes all the files inside that dir.

After that please execute again the command to check if you freed up some disk space.


df -h

Filesystem            Size  Used Avail Use% Mounted on
/dev/sda2              58G   13G   42G  24% //dev/sda1              99M   12M   83M  13% /boot
/dev/sda2              58G   13G   42G  24% /media/sda2



Once finished, please restart your Mysqld daemon, via /etc/init.d/mysqld start.


Leave a comment if you liked this guide.


HTV

Setup and configure SSL / HTTPS with Verisign CA on Linux CENTOS [step by step tutorial]

If you need to install SSL certificates on your server web you have to follow this step by step tutorial about Verisign's certificate installation. (i get a 30 days trial cert to test it)

1) Install mod_ssl with command:

yum install mod_ssl


2) Create a directory in which we save our key files and move to it

mkdir /home/ssl/
cd /home/ssl/

3) Execute the follow command on a single line:

openssl x509 -req -days 365 -in www.domain_name.com.csr -signkey secure.domain_name.com.key -out www.domain_name.com.crt


4) Copy the key into .secure file.

cp www.domain_name.com.key www.domain_name.com.key.secure


5) Execute the command to generate the file

openssl rsa -in www.domain_name.com.secure -out www.domain_name.com.key

6) Type the following command to generate a private key that is file encrypted. You will be prompted for the password to access the file and also when starting your webserver. Warning: If you lose or forget the passphrase, you must purchase another certificate.

openssl genrsa -des3 -out www.domain_name.com.key 1024


7) You could also create a private key without file encryption if you do not want to enter the passphrase when starting your webserver:

openssl genrsa -out www.domain_name.com.key 1024

Note: i recommend that you name the private key using the domain name that you are purchasing the certificate for ie domainname.key

8) Type the following command to create a CSR with the RSA private key (output will be PEM format):

openssl req -new -key www.domain_name.com.key -out www.domain_name.com.csr

* Note: You will be prompted for your PEM passphrase if you included the "-des3" switch in step 6.

* 2nd Note: When creating a CSR you must follow these conventions. Enter the information to be displayed in the certificate. The following characters can not be accepted: < > ~ ! @ # $ % ^ * / \ ( ) ?.,&

8) Put the output of cat command in a txt file.

cat www.domain_name.com.csr > mycert.txt


9) Copy source from that file mycert.txt and paste it into the Verisign's CSR form validation.

10) wait for the Versign's confirmation email with the browser cert file that will be send to you within 24 hours.


Once you received that email you'll have to download and install the Test Root CA Certificate into your browser. This is the procedure to follow:

11.1) Save the test root CA certificate from Verisign website on a file with .cer extension (ex. browser.cer) and install it into your browser.

11.2) Copy the intermediate CA certificate content from verisign website into a file called (intermediate.crt)

11.4) Copy the certificate that you received with the email in a file called (public.crt)

11.5) Copy the content of the bundle (two cert) into a file ca-cert.crt

-----BEGIN CERTIFICATE-----
MIIEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB
.....
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
IEVzCCAz+gAwIBAgIQFoFkpCjKEt+rEvGfsbk1VDANBgkqhkiG9w0BAQUFADCB
......
-----END CERTIFICATE-----

11.6) Copy all .crt files (public.crt, intermediate.crt, ca-bundle.crt) into /etc/pki/tls/certs/ on your centos distribution.

11.7) Copy www.domain_name.com.key to /etc/pki/tls/private/ folder

11.8) Now you could check virtual host and insert these lines of code into your /etc/httpd/conf.d/ssl.conf file:


DocumentRoot /var/www/html/yourwebdir
ServerPath /var/www/html/yourwebdir
ServerName www.domain_name.com:443
ServerAlias *.domain_name.com:443
DirectoryIndex index.html index.php index.shtml
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/public.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.domain_name.com.key
SSLCertificateChainFile /etc/pki/tls/certs/intermediate.crt
SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

SSLOptions +StdEnvVars

SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"



12) Now restart apache /etc/init.d/httpd restart


If everything goes [OK] you could check your https and ssl at your web address: https://www.domain_name.com


Good luck!

Add a custom script as a daemon on reboot of a redhat centos server

To enable a custom script in a redhat centos server linux box you have to follow those simple steps.
This is useful when you have to start a server process that don't return anything..
One example is openoffice server aka (soffice).
Suppose you have two files.
The first file A call the second file named B-so
The file A contains a code like this

# Source function library.
. /etc/rc.d/init.d/functions

[ -f /usr/local/sbin/B-so ] || exit 0


prog="B-so"
start() {
echo -n $"Starting $prog: "
daemon /usr/local/sbin/B-so 1> /dev/null 2> /dev/null &
RETVAL=$?
echo
return $RETVAL
}

stop() {
if test "x`ps aux | grep B-so | grep -v grep | awk '{ print $2 }'`" != x; then
echo -n $"Stopping $prog: "
killproc B-so
killall processname
echo
fi
RETVAL=$?
return $RETVAL
}

case "$1" in
start)
start
;;

stop)
stop
;;

status)
status B-so
;;

restart)
stop
start
;;

*)
echo $"Usage: $0 {start|stop|restart|status}"
exit 1

esac

exit $RETVAL


Copy the file A in the directory /etc/init.d/

Copy the second file B.so in the dir /usr/local/sbin/
The file B-so contains a code like this:


. /etc/rc.d/init.d/functions

LOG="/root/mail2fax/log/safe-B.log"


while :
do
...done some stuff ...
done


After that you have to add a line with the path to the service to start in the /etc/rc.local.

Check if permissions on those two files are set on 0755,then you could reboot your server and verify if the service start successfully.

img credits wmliu