Improving Apache Clustered Performance

Posted by james on 10 August 2015, 4:53 pm

Use Apache 2.4 (so if you use Centos / RHEL, use v7). This has lower memory requirements, stable Event MPM (see below) and far more functionality.
If you terminate SSL at Apache, use a clustered cache to keep track of SSL sessions. Otherwise the SSL session establishment will have to be renegotiated every time you hop server (if you have sticky sessions at the load balancer, this may not be the case, but sticky sessions can be unreliable) and this is very expensive.
Consider using nginx or the event MPM where you can (eg for static requests).
Disable Etags (FileEtag None). As with SSL, you will get a new Etag every time you hop server (so sticky session caveat applies again) breaking the client side cacheing. Disabling Etags will drop back to Last-modified.

Blog spam from 37.59.173.124

Posted by james on 1 August 2015, 3:17 pm

Not sure why OVH allows one of its customers (37.59.173.124) to blog spam

From: Jason Peterson <zanationline@gmail.com>
Subject: Increase Sales / Customers

Message Body:
Would you like to see you how your competitors are getting more sales than you are?

Improving your website visibility online is more important than ever. 

What's a good phone number so we can discuss my plan?

Thanks for your time

Jason

shell based SSL/TLS tester: testssl.sh

Posted by james on 25 June 2015, 7:55 pm

testssl.sh is a free command line tool which checks a server’s service on any port for the support of TLS/SSL ciphers, protocols as well as some flaws. It’s designed to provide a clear output for a “is this good or bad” decision. It works for Linux and BSD out of the box – no need to install or configure something, no gems, CPAN, pip or the like.

If you use the Qualys online SSL checker a lot, you need to try this, it’s very fast if you are experimenting with SSL config options.

Source: shell based SSL/TLS tester: testssl.sh

Openssl / gnutls & Emacs on Windows

Posted by james on 25 June 2015, 12:35 pm

If you want this to work (for example for https elisp repositories) I strongly recommend you use the version of Emacs that is bundled with Cygwin.

Command Line tools

Posted by james on 14 June 2015, 8:33 am

Here are the tools I use to live my life on the command line:

Mail

Client: Mutt
Filtering: procmail, imapfilter
Search: mairix

General Web

Client: Lynx, Links, Elinks, w3m
Tools: wget, aria2c, curl

Web Services

Toodledoo: toodledo (ruby gem)
Misc search engines: Surfraw
Google Calendar: gagenda
Ebay: esniper
BBC Iplayer: get_iplayer
Google Drive: gdrive
Google Mail: mutt (via IMAP)
StackExchange: sx.el (via Emacs)

Social Media

Twitter: Rainbowstream
Facebook: fbstream (RIP)
Hackernews: hackernews (via Emacs)
Chat: centerim

Software

Editor: Emacs, Vim
Icinga: icli, qicinga
RSS: Newsbeuter, Feednix
Weather: weatherman

File Viewers

MS Word docx: docx2txt.pl
MS Word: antiword
PDF: pdftohtml
RTF: unrtf
(all of these can be integrated into mutt via ~/.mailcap)

Check your shell history for passwords

Posted by james on 14 April 2015, 11:51 pm

Leaving passwords in your shell history is a security issue. I wrote a tool to help check: checkhistory.

Feel free to send me pull requests / patches with additional regexes to match.

Cipherli.st – Strong Ciphers for Apache, nginx and Lighttpd

Posted by james on 27 March 2015, 9:52 am

Cipherli.st – Strong Ciphers for Apache, nginx and Lighttpd.

Commandline IMAP Mail check & Screen

Posted by james on 26 February 2015, 8:12 pm

I wanted a commandline IMAP mailbox checker so I wrote one: imapchkr

Normal output for this is as below:

➜  ~  [jamespo: 0/190] [gmail: 0/80]

But I decided I wanted to embed it in my GNU screen hardstatus so expanded it to offer a short output option (imapchkr -s). See bottom left corner for output.

➜  ~  dstat  
----total-cpu-usage---- -dsk/total- -net/total- ---paging-- ---system--  
usr sys idl wai hiq siq| read  writ| recv  send|  in   out | int   csw   
  1   0  98   0   0   0|  45k   65k|   0     0 |   1B    2B| 114   112   
  0   0 100   0   0   0|   0     0 | 106B 1003B|   0     0 |  45    55   
  1   0  97   3   0   0|   0    44k| 172B 1122B|   0     0 |  65    65   
  1   0  99   0   0   0|   0     0 |2234B 5945B|   0     0 | 168   183   
  1   1  99   0   0   0|   0    56k| 109B 1145B|   0     0 |  91   104   
  3   1  95   0   0   0|   0   208k| 122B 1187B|   0     0 | 206   219 ^C  
➜  ~    
j:0 g:0 Sat Feb 28 2:30pm Get a hair cut 0$ ssu  1$ ~    2$* ~  3$ ~  4!$ 192.168.0.254  5-$ ~

Configure your ~/.screenrc like this:

backtick 1 60 60 /home/james/bin/screen_agenda
backtick 2 90 90 /home/james/bin/imapchkr -s
hardstatus on
hardstatus alwayslastline
hardstatus string '%{wk}%2`%{yk}%1` %{= kG}%-Lw%{= kW}%50>  %n%f* %t%{= kG}%+Lw%<'

screen -t root
screen -t mail
screen -t root

I'm also using gcalci for Google Calendar appointments.

Can’t log in to samba on centos 7

Posted by james on 22 February 2015, 12:55 pm

Can’t log in to your samba server with tdbsam back end? Have you added the user with pdbedit? See docs here.

gnoMint | Certification Authority management made easy

Posted by james on 10 February 2015, 10:29 pm

gnoMint is an X.509 Certification Authority management tool.

via gnoMint | Certification Authority management made easy.

Very easy to use and in the Ubuntu repositories.

Webscalability

Unix, Systems and Web