Monster Oasis
覺得累就是進步的開始!

2010/01/23

Protected: 觀察 22:40 – 23:15 apache log 的變化

Filed under: JOB — Tags: — 9:51 am

This post is password protected. To view it please enter your password below:


2010/01/18

解決用 NFS 當 documentroot 時會當掉的方法

Filed under: DATABASE, JOB — Tags: — 10:27 pm

在 apache 的 core document 中的 EnableMMAP Directive 有提到 ,

With an NFS-mounted DocumentRoot, the httpd may crash due to a segmentation fault if a file is deleted or truncated while the httpd has it memory-mapped.

所以, 

EnableMMAP Off
  • With a network-mounted DocumentRoot (e.g., NFS or SMB), the kernel may be unable to serve the network file through its own cache.

For server configurations that are vulnerable to these problems, you should disable this feature by specifying:

EnableSendfile Off

2009/09/02

ubuntu 裝 oracle instant client / sqlplus / oci8 / apache2 config / steps by steps

Filed under: DATABASE, Programming/php, Software, System/Linux/Unix* — Tags: , , , , — 2:50 pm

Ubuntu 安裝 RPM 要用 alien …
sudo apt-get install alien

Ref. https://help.ubuntu.com/community/HowToBuildToraWithOracle

先去 http://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html

download 這幾個 files (rpm)

Instant Client Package – Basic Lite
oracle-instantclient11.1-basiclite-11.1.0.7.0-1.i386.rpm

Instant Client Package – SQL*Plus
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.i386.rpm

Instant Client Package – SDK
oracle-instantclient11.1-devel-11.1.0.7.0-1.i386.rpm

下 alien 指令安裝 rpm

alien -i oracle-instantclient11.1-basiclite-11.1.0.7.0-1.i386.rpm
alien -i oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.i386.rpm
alien -i oracle-instantclient11.1-devel-11.1.0.7.0-1.i386.rpm

裝好後用 sqlplus 聯看看 , 因為我得到一個 lib error

所以我要裝 apt-get install libaio1

然後

apt-get install php5

apt-get install php5-dev

因為 oci8 是由 pecl 來安裝的, 所以要 apt-get install php-pear

再來裝 oci8 : pecl install oci8

在 /etc/php5/conf.d 下建一個 oci8.ini 檔 , cat > /etc/php5/conf.d/oci8.ini 內容是

extension=oci8.so

重新啟動 apache2 :

service apache2 restart

看看 phpinfo 有沒有出現 oci8 等字樣就 ok 了

53420fcc8f6596bc2b6cd3511eae7d84 
cebcda336140c38e51b889ec7f9319c3

加一個 virtual host :

在 /etc/apache2/sites-enabled 增加一個 xxx.conf 檔

CodeIgniter 需要用 rewrite module :

ls -sf /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled

2009/08/31

[ubuntu] apache server module 的 enable / disable

Filed under: Software, System/Linux/Unix* — Tags: , , — 4:45 pm

a2enmod module_name

a2dismod module_name

重啟 apache : service apache2 restart

/etc/apache2/mods-available 下面有可用的 modules

2009/07/22

apache Custom Log Formats – 好用的參數

Filed under: JOB, Network service, System/Linux/Unix* — Tags: — 12:50 pm

URL : http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats

我的 sample code :

ServerName test.monster.tw
DocumentRoot "/m2/test"
LogFormat "%{%Y-%m-%d}t , %{%H:%M:%S}t , %D , %a , \"%q\" , \"%{Referer}i\" , \"%{User-agent}i\"" MONSTER_format
CustomLog "/m2/log/test.monster.tw/access.log" MONSTER_format

MTS 的 http config

SetEnvIf Request_URI /dot.gif MTS_icon
LogFormat "%{%Y-%m-%d}t , %{%H:%M:%S}t , %a , \"%q\" , \"%{Referer}i\" , \"%{User-agent}i\"" MTS_format
CustomLog "| /usr/sbin/cronolog /var/www/ts.monster.com.tw/log/access-%Y%m%d%H.log" MTS_format env=MTS_icon

apache default 的 combined format 

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog log/acces_log combined

以下是 apache 的資料

Format String Description
%% The percent sign
%a Remote IP-address
%A Local IP-address
%B Size of response in bytes, excluding HTTP headers.
%b Size of response in bytes, excluding HTTP headers. In CLF format, i.e. a ‘-‘ rather than a 0 when no bytes are sent.
%{Foobar}C The contents of cookie Foobar in the request sent to the server.
%D The time taken to serve the request, in microseconds.
%{FOOBAR}e The contents of the environment variable FOOBAR
%f Filename
%h Remote host
%H The request protocol
%{Foobar}i The contents of Foobar: header line(s) in the request sent to the server. Changes made by other modules (e.g. mod_headers) affect this.
%k Number of keepalive requests handled on this connection. Interesting if KeepAlive is being used, so that, for example, a ‘1′ means the first keepalive request after the initial one, ‘2′ the second, etc…; otherwise this is always 0 (indicating the initial request).
%l Remote logname (from identd, if supplied). This will return a dash unless mod_ident is present and IdentityCheck is set On.
%m The request method
%{Foobar}n The contents of note Foobar from another module.
%{Foobar}o The contents of Foobar: header line(s) in the reply.
%p The canonical port of the server serving the request
%{format}p The canonical port of the server serving the request or the server’s actual port or the client’s actual port. Valid formats are canonical, local, or remote.
%P The process ID of the child that serviced the request.
%{format}P The process ID or thread id of the child that serviced the request. Valid formats are pid, tid, and hextid. hextid requires APR 1.2.0 or higher.
%q The query string (prepended with a ? if a query string exists, otherwise an empty string)
%r First line of request
%s Status. For requests that got internally redirected, this is the status of the *original* request — %>s for the last.
%t Time the request was received (standard english format)
%{format}t The time, in the form given by format, which should be in strftime(3) format. (potentially localized)
%T The time taken to serve the request, in seconds.
%u Remote user (from auth; may be bogus if return status (%s) is 401)
%U The URL path requested, not including any query string.
%v The canonical ServerName of the server serving the request.
%V The server name according to the UseCanonicalName setting.
%X Connection status when response is completed:

X = connection aborted before the response completed.
+ = connection may be kept alive after the response is sent.
- = connection will be closed after the response is sent.

(This directive was %c in late versions of Apache 1.3, but this conflicted with the historical ssl %{var}c syntax.)
%I Bytes received, including request and headers, cannot be zero. You need to enable mod_logio to use this.
%O Bytes sent, including headers, cannot be zero. You need to enable mod_logio to use this.

防止盜圖的 code

SetEnvIf Referer "^http://www.example.com/" local_referal
# Allow browsers that do not send Referer info
SetEnvIf Referer "^$" local_referal
[directory images web]
   Order Deny,Allow
   Deny from all
   Allow from env=local_referal
[/directory]

這個更讚! 排除掉 gif / jpg / png / css / swf … 等等不要log的檔案 

SetEnvIf Request_URI \.gif misc-request
SetEnvIf Request_URI \.jpg misc-request
SetEnvIf Request_URI \.png misc-request
SetEnvIf Request_URI \.css misc-request
SetEnvIf Request_URI \.swf misc-request
CustomLog logs/access_log env=!misc-request

整合一下, 這是 lazy 的 config

  ServerName lazy.monster.tw
  DocumentRoot "/home/webuser/lazy.monster.tw"
  SetEnvIf Request_URI \.gif misc-request
  SetEnvIf Request_URI \.jpg misc-request
  SetEnvIf Request_URI \.png misc-request
  SetEnvIf Request_URI \.css misc-request
  SetEnvIf Request_URI \.swf misc-request

  LogFormat "%{%Y-%m-%d}t , %{%H:%M:%S}t , %a , %u , %D , \"%r\" , \"%{Referer}i\" , \"%{User-agent}i\"" MONSTER_format

  CustomLog /m2/log/lazy.monster.tw/access.log MONSTER_format env=!misc-request

2009/06/25

Simple Monster Tracking System – step by step

Filed under: Copy_N_Paste, JOB, Network service — Tags: , — 12:07 pm

mts.js , 網上範例很多 , 這個是基本型:
70a13e19e02a2c85496d095bec62ba1b

這段 code 前面就是一連串的組出 z 變數(包括 OS , BROWSER , SCREEN WIDTH/HEIGHT …) , 然後用一個小點透過 apache 的 log 記錄下來.

這個 apache 要裝 mod_setenvif 或 mod_rewrite modules , 在 apache config 中設定 只 log 特定的 tracking data.

SetEnvIf Request_URI /dot.gif MTS_icon
LogFormat "%{%Y-%m-%d}t , %{%H:%M:%S}t , %a , \"%q\" , \"%{Referer}i\" , \"%{User-agent}i\"" MTS_format
CustomLog "| /usr/sbin/cronolog /var/www/ts.monster.com.tw/log/access-%Y%m%d%H.log" MTS_format env=MTS_icon

引用例:

fce31197e4af4ae225f2a76fb86e84cb

然後 apache log 會長這個樣子:

32e8d2437c1ca7c201d84d7e14f56c72

寫一段 PHP code:

$fp = fopen($mts_logfile,"r");

while ( $temp = fgetcsv($fp,$max_size)  ) {
  if ( count($temp)<1 ) continue;
  print_r($temp);
}
fclose($fp);

結果就類似這樣:

237de7c2773e273a224561d7bfcba4c7

再來就是處理 [3] 那邊的各種 data …

2009/04/05

Protected: apache mod_rewrite , rewrite , rewriterule 真難搞

Filed under: System/Linux/Unix* — Tags: , — 12:34 pm

This post is password protected. To view it please enter your password below:


2009/04/03

好用的 iptables rules – 限制 client 連 http port 的次數

Filed under: System/Linux/Unix* — Tags: , — 9:04 pm

限制 client 連 80 port 的次數 = 60 秒 2次 , 超過就 drop

iptables -I INPUT -p tcp –dport 80 -i eth0 -m state –state NEW -m recent –set
iptables -I INPUT -p tcp –dport 80 -i eth0 -m state –state NEW -m recent –update –seconds 60 –hitcount 2 -j DROP

2009/03/17

Monster LAMP Pack Lite – ver.317

Filed under: DATABASE, Programming/php, System/Linux/Unix* — Tags: , , , — 9:43 pm

Basic install emerge
lilo dhcpcd openssh syslog-ng vixie-cron screen ntp cronolog net-mail/mpack app-arch/sharutils unzip bind-tools trafshow traceroute

Linux  : 2.6.24-gentoo-r7
Apache : 2.2.10
Mysql  : 5.0.70-r1
PHP    : 5.2.8-pl2

PHP 的編法是

USE="apache2 berkdb bzip2 calendar cjk cli crypt curl gd gdbm hash iconv json mysql mysqli ncurses nls oci8-instant-client pcre readline reflection session simplexml spell spl ssl truetype unicode xml zlib" emerge -av php

package 有

samba :
postfix :
oracle instant client :
open-vm-tools : vmware 的 tools

emerge 這些 package:

重要軟體:
mysql php apache postfix

中等重要:
screen ntp samba

工具類軟體:
subversion vim open-vm-tools cronolog net-mail/mpack app-arch/sharutils unzip

記得

  • /etc/udev/rules.d/70-persistent-net.rule 砍掉
  • 改 net_DHCP
  • 砍 /tmp/*
  • check /etc/conf.d/clock , /etc/hosts , /etc/resolv.conf

2009/03/14

安裝 apache / mod_memcache

Filed under: JOB, System/Linux/Unix* — Tags: , — 5:50 pm

準備好這幾個 tarball, 並且解開:

drwxr-xr-x  6 rimmon rimmon  576 Mar 14 17:36 mod_memcached_cache-0.1.0
drwxr-xr-x  7 rimmon rimmon  584 Mar 14 17:09 apr_memcache-0.7.0
drwxr-xr-x 12 rimmon rimmon 1416 Mar 14 16:55 httpd-2.2.11

下頁»

www.monster.com.tw , © Copyright 2008