Monster Oasis

// —–

Using NGINX + PHP5-FPM
sudo apt-get install nginx php5-fpm php5-mysql
cd /etc/init.d/
sudo service apache2 stop
sudo update-rc.d -f apache2 remove

http://yoodey.com/how-install-configure-nginx-php-fpm-memcached-work-drupal-7-ubuntu-1010-maverick

Install Memcached
sudo apt-get install memcached libmemcached-dev php5-memcached php5-memcache

// ====================

Getting a new virtual machine up and running from the default AMI is easy.  Here’s my cookbook:
Install basic services

    yum install mysql mysql-server mysql-devel
    yum install httpd httpd-devel
    yum install php php-devel php-mysql php-gd php-dom php-pear php-json
    yum install svn

Configure those services to start at boot

    chkconfig –level 345 httpd on
    chkconfig –level 345 mysqld on
    chkconfig –list

Install APC

I couldn’t find a package, and this bug report explains why we have to use the beta.

    yum install gcc pcre-devel
    pecl install apc-beta
    echo extension=apc.so > /etc/php.d/apc.ini

Install memcached

    yum install libevent libevent-devel
    curl -O http://memcached.googlecode.com/files/memcached-1.4.5.tar.gz
    cd memcached-1.4.5
    ./configure
    make ; make install
    /usr/local/bin/memcached -u nobody -d -m 30 -l 127.0.0.1 -p 11211

// ----
<pre>
[root@ip-10-130-9-23 log]# cat /etc/fstab
#
LABEL=/     /           ext4    defaults,noatime  1   1
tmpfs       /dev/shm    tmpfs   defaults        0   0
devpts      /dev/pts    devpts  gid=5,mode=620  0   0
sysfs       /sys        sysfs   defaults        0   0
proc        /proc       proc    defaults        0   0
[root@ip-10-130-9-23 log]# cat /etc/mtab
/dev/xvda1 / ext4 rw,noatime 0 0
proc /proc proc rw 0 0
sysfs /sys sysfs rw 0 0
devpts /dev/pts devpts rw,gid=5,mode=620 0 0
tmpfs /dev/shm tmpfs rw 0 0
none /proc/sys/fs/binfmt_misc binfmt_misc rw 0 0

</pre>

Share on Facebook

Supports a variety of Cross Language Clients and Protocols from Java, C, C++, C#, Ruby, Perl, Python, PHP

Features : http://activemq.apache.org/features-overview.html

Share on Facebook

Share on Facebook

在 apache 的 core document 中的 EnableMMAP Directive 有提到 ,

With an NFS-mounted DocumentRoot, the httpd may crash due to a segmentation fault if a file is deleted or truncated while the httpd has it memory-mapped.

所以,

EnableMMAP Off

• With a network-mounted DocumentRoot (e.g., NFS or SMB), the kernel may be unable to serve the network file through its own cache.

For server configurations that are vulnerable to these problems, you should disable this feature by specifying:

Share on Facebook

2011.0530 整理的 install step by step:
OS : uname -a
Linux ubuntu 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux

Oracle client : 11.2 R1

google "oracle instant client download"
到 oracle 網頁找 Instant Client for Linux x86-64 / Version 11.2.0.1.0 (PS: Version 11.2.0.2.0 這版有問題)
download 這兩個
oracle-instantclient11.2-basic-11.2.0.1.0-1.x86_64.rpm (47,811,007 bytes)
oracle-instantclient11.2-devel-11.2.0.1.0-1.x86_64.rpm (606,343 bytes)
用 alien 裝起來
  102  alien -i *basic*
  103  alien -i *devel*

新增這個檔 /etc/ld.so.conf.d/oracle.conf , 內容:
/usr/lib/oracle/11.2/client64/lib/

  104  cat /etc/ld.so.conf.d/oracle.conf
  105  ls -l /usr/lib/oracle/
  106  ls -l /usr/lib/oracle/11.2/client64/lib/

安裝 LAMP :
  108  export http_proxy="http://172.30.1.123:8080"
  109  apt-get install apache2 libapache2-mod-php5 php5 php5-gd mysql-server php5-mysql

安裝 libaio 套件
  138  apt-get install libaio1

安裝 pear 套件
  112  apt-get install php-pear

安裝 pecl 的 oci8 套件
pear config-set http_proxy http://172.30.1.123:8080/

  114  pecl update-channels
  115  pecl install oci8

  117  find /etc -name php.ini
這兩個檔要加入 oci8 的 extentsion
/etc/php5/cli/php.ini
/etc/php5/apache2/php.ini

install ok: channel://pecl.php.net/oci8-1.4.5
configuration option "php_ini" is not set to php.ini location
You should add "extension=oci8.so" to php.ini <------ 加這行

跑看看測試code:

$conn = oci_connect('oracle_user', 'oracle_pass', 'ip_address/instant_id');

$stid = oci_parse($conn, "select to_char(sysdate, 'YYYY-MM-DD HH24:MI:SS') from dual" );
oci_execute($stid);

$row = oci_fetch_array($stid, OCI_ASSOC+OCI_RETURN_NULLS);
print_r( $row );

oci_close( $conn );

// ——————————–
以下是 2011.5.25 修改

   69  find / -name sqlplus -print
   70  /usr/lib/oracle/11.2/client64/bin/sqlplus
   71  cat > /etc/ld.so.conf.d/oracle.conf

   73  ls -l /usr/lib/oracle/11.2/client64/lib/

   76  vi /etc/ld.so.conf.d/oracle.conf
   77  apt-get install apache2 libapache2-mod-php5 php5 php5-gd mysql-server php5-mysql

   86  apt-get install php-pear

   91  pear config-set http_proxy http://172.30.1.123:8080/
   92  pecl update-channels

   95  pecl install oci8

2010.0630 : 今天又在 debian 裝一次 發現, 這個版本沒辦法裝 oracle-instantclient11.2.* , 所以繼續用 instantclient11.1.*

Ubuntu 安裝 RPM 要用 alien …
sudo apt-get install alien

Ref. https://help.ubuntu.com/community/HowToBuildToraWithOracle

先去 http://www.oracle.com/technology/software/tech/oci/instantclient/htdocs/linuxsoft.html

download 這幾個 files (rpm)

Instant Client Package – Basic Lite
oracle-instantclient11.1-basiclite-11.1.0.7.0-1.i386.rpm

Instant Client Package – SQL*Plus
oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.i386.rpm

Instant Client Package – SDK
oracle-instantclient11.1-devel-11.1.0.7.0-1.i386.rpm

下 alien 指令安裝 rpm

alien -i oracle-instantclient11.1-basiclite-11.1.0.7.0-1.i386.rpm
alien -i oracle-instantclient11.1-sqlplus-11.1.0.7.0-1.i386.rpm
alien -i oracle-instantclient11.1-devel-11.1.0.7.0-1.i386.rpm

裝好後用 sqlplus 聯看看 , 因為我得到一個 lib error

所以我要裝 apt-get install libaio1

在 /etc/ld.so.conf.d 加一個檔 cat > /etc/ld.so.conf.d/oracle.conf

內容是 oracle lib 的 path /usr/lib/oracle/11.1/client/lib

然後

apt-get install php5

apt-get install php5-dev

因為 oci8 是由 pecl 來安裝的, 所以要 apt-get install php-pear

再來裝 oci8 : pecl install oci8

在 /etc/php5/conf.d 下建一個 oci8.ini 檔 , cat > /etc/php5/conf.d/oci8.ini 內容是

extension=oci8.so

重新啟動 apache2 :

service apache2 restart

看看 phpinfo 有沒有出現 oci8 等字樣就 ok 了

加一個 virtual host :

在 /etc/apache2/sites-enabled 增加一個 xxx.conf 檔

CodeIgniter 需要用 rewrite module :

ls -sf /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled

Share on Facebook

a2enmod module_name

a2dismod module_name

重啟 apache : service apache2 restart

/etc/apache2/mods-available 下面有可用的 modules

Share on Facebook

URL : http://httpd.apache.org/docs/2.2/mod/mod_log_config.html#formats

我的 sample code :

ServerName test.monster.tw
DocumentRoot "/m2/test"
LogFormat "%{%Y-%m-%d}t , %{%H:%M:%S}t , %D , %a , \"%q\" , \"%{Referer}i\" , \"%{User-agent}i\"" MONSTER_format
CustomLog "/m2/log/test.monster.tw/access.log" MONSTER_format

MTS 的 http config

SetEnvIf Request_URI /dot.gif MTS_icon
LogFormat "%{%Y-%m-%d}t , %{%H:%M:%S}t , %a , \"%q\" , \"%{Referer}i\" , \"%{User-agent}i\"" MTS_format
CustomLog "| /usr/sbin/cronolog /var/www/ts.monster.com.tw/log/access-%Y%m%d%H.log" MTS_format env=MTS_icon

apache default 的 combined format

LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-agent}i\"" combined
CustomLog log/acces_log combined

以下是 apache 的資料

防止盜圖的 code

SetEnvIf Referer "^http://www.example.com/" local_referal
# Allow browsers that do not send Referer info
SetEnvIf Referer "^$" local_referal
[directory images web]
   Order Deny,Allow
   Deny from all
   Allow from env=local_referal
[/directory]

這個更讚! 排除掉 gif / jpg / png / css / swf … 等等不要log的檔案

SetEnvIf Request_URI \.gif misc-request
SetEnvIf Request_URI \.jpg misc-request
SetEnvIf Request_URI \.png misc-request
SetEnvIf Request_URI \.css misc-request
SetEnvIf Request_URI \.swf misc-request
CustomLog logs/access_log env=!misc-request

整合一下, 這是 lazy 的 config

  ServerName lazy.monster.tw
  DocumentRoot "/home/webuser/lazy.monster.tw"
  SetEnvIf Request_URI \.gif misc-request
  SetEnvIf Request_URI \.jpg misc-request
  SetEnvIf Request_URI \.png misc-request
  SetEnvIf Request_URI \.css misc-request
  SetEnvIf Request_URI \.swf misc-request

  LogFormat "%{%Y-%m-%d}t , %{%H:%M:%S}t , %a , %u , %D , \"%r\" , \"%{Referer}i\" , \"%{User-agent}i\"" MONSTER_format

  CustomLog /m2/log/lazy.monster.tw/access.log MONSTER_format env=!misc-request

Share on Facebook

mts.js , 網上範例很多 , 這個是基本型:

這段 code 前面就是一連串的組出 z 變數(包括 OS , BROWSER , SCREEN WIDTH/HEIGHT …) , 然後用一個小點透過 apache 的 log 記錄下來.

這個 apache 要裝 mod_setenvif 或 mod_rewrite modules , 在 apache config 中設定 只 log 特定的 tracking data.

SetEnvIf Request_URI /dot.gif MTS_icon
LogFormat "%{%Y-%m-%d}t , %{%H:%M:%S}t , %a , \"%q\" , \"%{Referer}i\" , \"%{User-agent}i\"" MTS_format
CustomLog "| /usr/sbin/cronolog /var/www/ts.monster.com.tw/log/access-%Y%m%d%H.log" MTS_format env=MTS_icon

引用例:

然後 apache log 會長這個樣子:

寫一段 PHP code:

$fp = fopen($mts_logfile,"r");

while ( $temp = fgetcsv($fp,$max_size)  ) {
  if ( count($temp)<1 ) continue;
  print_r($temp);
}
fclose($fp);

結果就類似這樣:

再來就是處理 [3] 那邊的各種 data …

Share on Facebook

Share on Facebook

限制 client 連 80 port 的次數 = 60 秒 2次 , 超過就 drop

iptables -I INPUT -p tcp –dport 80 -i eth0 -m state –state NEW -m recent –set
iptables -I INPUT -p tcp –dport 80 -i eth0 -m state –state NEW -m recent –update –seconds 60 –hitcount 2 -j DROP

Share on Facebook

Basic install emerge
lilo dhcpcd openssh syslog-ng vixie-cron screen ntp cronolog net-mail/mpack app-arch/sharutils unzip bind-tools trafshow traceroute

Linux  : 2.6.24-gentoo-r7
Apache : 2.2.10
Mysql  : 5.0.70-r1
PHP    : 5.2.8-pl2

PHP 的編法是

USE="apache2 berkdb bzip2 calendar cjk cli crypt curl gd gdbm hash iconv json mysql mysqli ncurses nls oci8-instant-client pcre readline reflection session simplexml spell spl ssl truetype unicode xml zlib" emerge -av php

package 有

samba :
postfix :
oracle instant client :
open-vm-tools : vmware 的 tools

emerge 這些 package:

重要軟體:
mysql php apache postfix

中等重要:
screen ntp samba

工具類軟體:
subversion vim open-vm-tools cronolog net-mail/mpack app-arch/sharutils unzip

記得

• /etc/udev/rules.d/70-persistent-net.rule 砍掉
• 改 net_DHCP
• 砍 /tmp/*
• check /etc/conf.d/clock , /etc/hosts , /etc/resolv.conf

Share on Facebook

準備好這幾個 tarball, 並且解開:

drwxr-xr-x  6 rimmon rimmon  576 Mar 14 17:36 mod_memcached_cache-0.1.0
drwxr-xr-x  7 rimmon rimmon  584 Mar 14 17:09 apr_memcache-0.7.0
drwxr-xr-x 12 rimmon rimmon 1416 Mar 14 16:55 httpd-2.2.11

Share on Facebook

The Hypertext Transfer Protocol (HTTP) is an application-level
protocol for distributed, collaborative, hypermedia information
systems. It is a generic, stateless, protocol which can be used for
many tasks beyond its use for hypertext, such as name servers and
distributed object management systems, through extension of its
request methods, error codes and headers
http://tools.ietf.org/html/rfc2616

Status Code Definitions
http://tools.ietf.org/html/rfc2616#section-10

204 No Content

The server has fulfilled the request but does not need to return an
entity-body, and might want to return updated metainformation. The
response MAY include new or updated metainformation in the form of
entity-headers, which if present SHOULD be associated with the
requested variant.

If the client is a user agent, it SHOULD NOT change its document view
from that which caused the request to be sent. This response is
primarily intended to allow input for actions to take place without
causing a change to the user agent’s active document view, although
any new or updated metainformation SHOULD be applied to the document
currently in the user agent’s active view.

The 204 response MUST NOT include a message-body, and thus is always
terminated by the first empty line after the header fields.

可以利用這點作一些事, 譬如記錄 user 的訪問, log 等等

Share on Facebook

*  www-apache/mod_chroot
      Latest version available: 0.5
      Latest version installed: [ Not Installed ]
      Size of files: 14 kB
      Homepage:      http://core.segfault.pl/~hobbit/mod_chroot/
      Description:   mod_chroot allows you to run Apache in a chroot jail with no additional files.
      License:       GPL-2

*  www-apache/mod_extract_forwarded
      Latest version available: 2.0.2
      Latest version installed: [ Not Installed ]
      Size of files: 13 kB
      Homepage:      http://www.openinfo.co.uk/apache/index.html
      Description:   Apache module that rewrites X-Forwarded-For to REMOTE_ADDR for reverse proxy configurations.
      License:       Apache-2.0 Apache-1.1

*  www-apache/mod_log_rotate
      Latest version available: 1.00
      Latest version installed: [ Not Installed ]
      Size of files: 4 kB
      Homepage:      http://www.hexten.net/wiki/index.php/Mod-log-rotate
      Description:   mod_log_rotate adds log rotation support to mod_log_config based on strftime(3)
      License:       Apache-2.0

Share on Facebook

小筆記一下…

oracle 那邊 download 這幾個 file

-rw-rw-r– 1 root portage 44414338 Feb 24 13:41 instantclient-basic-linux32-11.1.0.7.zip
-rw-rw-r– 1 root portage   607196 Feb 24 13:41 instantclient-sdk-linux32-11.1.0.7.zip

放到 /usr/portage/distfiles 這底下

然後 PHP 是這麼編的

USE="apache2 berkdb bzip2 calendar cjk cli crypt curl gd gdbm hash iconv json mysql mysqli ncurses nls oci8-instant-client pcre readline reflection session simplexml spell spl ssl truetype unicode xml zlib" emerge -av php

Share on Facebook

Share on Facebook

據說用 3台 varnish 可以抵 12台 squid 來用 , 有時間要來玩一下.

http://varnish.projects.linpro.no/

Varnish is a state-of-the-art, high-performance HTTP accelerator. It uses the advanced features in Linux 2.6, FreeBSD 6/7 and Solaris 10 to achieve its high performance.

Some of the features include

• A modern design
• VCL – a very flexible configuration language
• Load balancing with health checking of backends
• Partial support for ESI
• URL rewriting
• Graceful handling of "dead" backends
• more features…

Varnish is free software and is licenced under a modified BSD licence. Please read the introduction to get started with Varnish.

Share on Facebook

這是簡單版的架構, http flow:

其實, 裝起來並沒有想像中複雜, 只是準備一個測試環境比較麻煩些罷了–> vmware 又幫了我不少忙

參考他的 online document:
http://haproxy.1wt.eu/download/1.3/doc/haproxy-en.txt

及架構圖
http://haproxy.1wt.eu/download/1.3/doc/architecture.txt

略翻完這兩個文件就可以來測試了 , 首先準備三台 web server : webA 到 webC , 然後還要一台 server 當 haproxy server 這台不用跑 apache , 安裝 haproxy 很簡單, 在 gentoo 就是 emerge –av haproxy , 設定檔要自己建 (放到 /etc/ )

我的 /etc/haproxy.cnf

listen webfarm 172.30.0.235:80
monitor-uri /haproxy_status
stats uri /stats
stats auth admin:admin
mode http
balance roundrobin
cookie SERVERID insert indirect
option httpchk HEAD /index.php HTTP/1.0
server webA 172.30.0.206:80 cookie A check
server webB 172.30.0.227:80 cookie B check
server webC 172.30.0.228:80 cookie C check

第一次連上後, haproxy 如他的 menual 寫的 , 會丟一個 cookie 給 client , 作為下次要連的實體 server 的依據 , 我把那台 apache 停掉, 果然就連到別去了 , 然後 phpinfo 中值得紀錄的是:

SERVER_NAME 就是 haproxy.cfg 中寫的 listen 的 IP , 然後 , SERVER_ADDR 就是實體連到的 apache 的 IP , haproxy 會不停的丟 HTTP/1.0 的 HEAD 取得 apache 是否還活著.

在 webA-C 的 aapache access log 中若 沒特別改的話, 就是紀錄 haproxy server 的 IP address

….

好了! 實驗完成了!

結論, HAProxy 在他的官網寫說他:

“ 提供一個免費/快速的 HA / LOAD BALANCE 方案 , 可是我覺得他僅能夠說 HA / BALANCE (並沒有很徹底的偵測 server loading) , 並且在 SPF 方面也並沒有很好的解決辦法.

不過呢, 至少 HAProxy 比 DNS roundrobin 還好.

各種 LOAD BALANCE 方案 評估表

過了一個晚上想了想 , 即使 Citrix / Alteon / Foundry 這些 SLB hardware device 也沒有做到真正的 loading detective , 所以就一個免費又高容量的 HAProxy 來說, 算是很好的 SLB 解決方案了.

ㄎㄎ 有做過 HAProxy 實驗的都會貼這一張:

Share on Facebook

http://jsgears.com/thread-158-1-1.html

org: http://annevankesteren.nl/2005/02/javascript-mime-type

Google 有部份 .js 從 server 端送出時是給 text/javascript

Share on Facebook

阿毛找到這個方式 , 我覺得很可行 ….

在 php.ini ( apache 跟 cli 兩個目錄下都要設定) 的最後面加上

my_environment = product
( or dev / stage / stage2 / product )

我們在程式中用這方法來判斷, 目前是啥環境…

if ( get_cfg_var(‘my_environment’)==’dev’ ) {
  // setting for dev
} else if ( get_cfg_var(‘my_environment’)==’stage’ ) {
  // setting for stage
} else if ( get_cfg_var(‘my_environment’)==’stage2′ ) {
  // setting for stage2
}
// default setting is production

Share on Facebook