Tuesday, 11 November 2014

General Nginx configuration

1. Create folders structure and nginx itself:

/etc/nginx
---sites-available
---sites-enabled
nginx.conf
...

  • create config for specific site in sites-available (.. example.com.conf )
  • create in  sites-enabled symbolic link to example.com.conf   
          -ln -s /etc/nginx/sites-available/example.com.conf  /etc/nginx/sites-enabled/example.com.conf
  •  In nginx.conf add import to configs from sites-enabled: ... include /etc/nginx/sites-enabled/*.conf;
2.  Change nginx.conf file with configured compression and buffers:

       

user  nginx;
worker_processes  4;
worker_rlimit_nofile 100000;

pid        /var/run/nginx.pid;


events {
    worker_connections  50000;
    use epoll;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
 keepalive_requests 0;
 log_format  main  '"$time_iso8601","$remote_addr","$host","$request","$status",'
      '"$bytes_sent","$http_user_agent","$http_range",'
      '"$sent_http_accept_ranges","$sent_http_content_range",'
      '"$http_referer","$http_x_forwarded_for","$geoip_country_code"';
           
 geoip_country /usr/share/GeoIP/GeoIP.dat;

    access_log  /var/log/nginx/nginx-access.log  main  buffer=128k;
 error_log   /var/log/nginx/nginx-error.log;
  
 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=defender-cache:1200m max_size=500000m inactive=600m;
 
  sendfile                on;
  tcp_nopush              on;
  tcp_nodelay             on;
  server_tokens           off;    

 ## Caching files
  open_file_cache       max=200000 inactive=20s;
  open_file_cache_valid      30s;
  open_file_cache_min_uses     2;
  open_file_cache_errors      on;

 ## Size Limits
  client_body_buffer_size         640k;
  client_header_buffer_size       640k;
  client_max_body_size            8G;
  large_client_header_buffers    6 6k;
  connection_pool_size           2048;
  request_pool_size               16k;
  server_names_hash_bucket_size   256;
  variables_hash_bucket_size    512;
  fastcgi_buffers         8192 128k;  
  proxy_buffers          8 512k;
  proxy_buffer_size        512k;
  fastcgi_buffer_size       128k;
  fastcgi_busy_buffers_size    256k;
  fastcgi_temp_file_write_size   256k;
  fastcgi_intercept_errors     off;

 ## Timeouts
  client_body_timeout             10s;
  client_header_timeout           10s;
  keepalive_timeout               10s;
  send_timeout                    10s;
  fastcgi_send_timeout            10s;
  fastcgi_read_timeout            10s;
  fastcgi_connect_timeout         10s;

 ## Compression
  gzip                     on;
  gzip_buffers             16 8k;
  gzip_comp_level          9;
  gzip_http_version        1.1;
  gzip_min_length          10;
  gzip_types               text/plain text/css application/javascript image/png image/gif image/jpeg application/x-javascrip text/xml application/xml;
  gzip_vary                on;
  gzip_static              on;
  gzip_proxied             any;
  gzip_disable             "MSIE [1-6]\.";

  
    index  index.php index.html index.htm;
        include /etc/nginx/conf.d/*.conf;
 
  include /etc/nginx/sites-enabled/*.conf;
}

       
 

How To Set Up HTTP Authentication With Nginx

printf "USER:$(openssl passwd -crypt PASSWORD)\n" >> .htpasswd
Replace USER and PASSWORD for your user and password 

Your nginx configuration file for the website should be under /etc/nginx/sites-available/. Add the two entries below under for the domain path that you want to secure.
    auth_basic "Restricted";
    auth_basic_user_file /etc/nginx/.htpasswd;
The second line is the location of the htpasswd file for your website.

Nginx configuration for YII

1. Create General Nginx configuration 

2.  Config :


/etc/nginx/nginx.conf



user  nginx;
worker_processes  4;
worker_rlimit_nofile 100000;

pid        /var/run/nginx.pid;

events {
    worker_connections  50000;
    use epoll;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
  keepalive_requests 0;
  log_format  main  '"$time_iso8601","$remote_addr","$host","$request","$status",'
      '"$bytes_sent","$http_user_agent","$http_range",'
      '"$sent_http_accept_ranges","$sent_http_content_range",'
      '"$http_referer","$http_x_forwarded_for","$geoip_country_code"';
           
  geoip_country /usr/share/GeoIP/GeoIP.dat;

    access_log  /var/log/nginx/nginx-access.log  main  buffer=128k;
  error_log   /var/log/nginx/nginx-error.log;
  
  proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=defender-cache:1200m max_size=500000m inactive=600m;
 
    sendfile                on;
    tcp_nopush              on;
    tcp_nodelay             on;
    server_tokens           off;    

 ## Caching files
  open_file_cache         max=200000 inactive=20s;
  open_file_cache_valid      30s;
  open_file_cache_min_uses     2;
  open_file_cache_errors      on;

 ## Size Limits
  client_body_buffer_size         640k;
  client_header_buffer_size       640k;
  client_max_body_size            8G;
  large_client_header_buffers    6 6k;
  connection_pool_size           2048;
  request_pool_size               16k;
  server_names_hash_bucket_size   256;
  variables_hash_bucket_size    512;
  fastcgi_buffers         8192 128k;  
    proxy_buffers          8 512k;
    proxy_buffer_size        512k;
  fastcgi_buffer_size       128k;
  fastcgi_busy_buffers_size    256k;
  fastcgi_temp_file_write_size   256k;
  fastcgi_intercept_errors     off;

 ## Timeouts
  client_body_timeout             10s;
  client_header_timeout           10s;
  keepalive_timeout               10s;
  send_timeout                    10s;
  fastcgi_send_timeout            10s;
  fastcgi_read_timeout            10s;
  fastcgi_connect_timeout         10s;

## Compression
  gzip                     on;
  gzip_buffers             16 8k;
  gzip_comp_level          9;
  gzip_http_version        1.1;
  gzip_min_length          10;
  gzip_types               text/plain text/css application/javascript image/png image/gif image/jpeg application/x-javascrip text/xml application/xml;
  gzip_vary                on;
  gzip_static              on;
  gzip_proxied             any;
  gzip_disable             "MSIE [1-6]\.";

  
    include /etc/nginx/conf.d/*.conf;

  index  index.php index.html index.htm;
    
  include /etc/nginx/sites-enabled/*.conf;
}

/etc/nginx/sites-available/YOUR_APP.conf


server {
    listen       80;
 server_name  www.example.com;
 rewrite ^(.*)$ $scheme://example.com$1;
}

server {
    listen       80;
    server_name  example.com;
    root   /var/www/example.com/www/;
    index  index.php;
    access_log   /var/log/nginx/example.com.access.log main;
    access_log   /var/log/nginx/example.com.error.log;

    location / {
  #auth_basic "Access";
        #auth_basic_user_file /etc/nginx/.htpasswd;
        try_files $uri $uri/ /index.php?$args;
    }
    #deny access to protected directories
    location ~ ^/(backup|protected|framework|themes/\w+/views) { deny all; }

    location ~ /themes/\w+/views {deny all; access_log off; log_not_found off; }

    # prevent nginx from serving dotfiles (.htaccess, .svn, .git, etc.)
    location ~ /\. { deny all; access_log off; log_not_found off; }

    #location = /favicon.ico { log_not_found off; access_log off; }

    #avoid processing of calls to unexisting static files by yii
    location ~ (js|css|png|jpg|gif|ico|pdf|zip|rar)$ { try_files $uri =404;}
 location ~* \.(ico|css|js|gif|jpe?g|png|swf)$ {expires 30d; access_log off; }
    location ~ \.php {
        fastcgi_split_path_info  ^(.+\.php)(.*)$;

        fastcgi_param  PATH_INFO        $fastcgi_path_info;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include fastcgi_params;

        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;

        fastcgi_read_timeout 600s;
        fastcgi_send_timeout 600s;
    }
}


Saturday, 8 November 2014

Open jabber chart server - Openfire

Openfire 3.9.3

Openfire is a cross-platform real-time collaboration server based on the XMPP (Jabber) protocol.


Spark 2.6.3


Cross-platform real-time collaboration client optimized for business and organizations.


SparkWeb 0.9.0


Web based real-time collaboration client optimized for business and organizations.


Install rpm
rpm -i http://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-3.9.3-1.i386.rpm
run with service openfire start
in http://IP:9090/ - admin console

Sunday, 2 November 2014

Connect to Remote MySQL server by ssh tunnel

Works between different  OS (Windows, Linux), 
Example:
1.  ssh -L 3306:127.0.0.1:3306 183.13.183.117 -p 27628 -lroot
(183.13.183.117 - remote ssh  ip ,  22 - remote port of ssh, root - user of ssh )
Enter pass to key file, if need;
Pass to remote ssh 
and use as localhost connection! 

Create the SSH tunnel manually

The syntax for creating the SSH tunnel is ssh -L [local port]:[database host]:[remote port] \
[username]@[remote host]
  • [local port] The local port your database tool connects to.
    If you have a MySQL installation on your local machine, it runs on port 3306 by default; therefore, don’t use 3306 for the local port. For example, use 3307 instead.
    If you have a PostgreSQL installation on your local machine, it runs on port 5432 by default; therefore, don’t use 5432 for the local port. For example, use 5433 instead.
  • [database host] The hostname or IP address of the database instance that you are tunneling to. If the [remote host] is the database instance you will want to set this to 127.0.0.1 (so it refers to itself). If you used an application instance as [remote host] then you can use the value of "host:" from your database.yml instead.
  • [remote port] The port that your remote database listens for connections on.
    For MySQL databases, this is 3306 by default.
    For PostgreSQL database, this is 5432 by default.
  • [username] the user for the database instance. The default user for the Engine Yard Cloud database is deploy.
  • [remote host] the remote instance your tunnel will connect to the database through. This can be the database instance itself, or any instance within the database environment.
The tunneling command opens an SSH session with the [remote host] specified. The tunnel will work as long as that SSH session is active. If the session window is consuming valuable workspace we recommend minimizing it as running tunnels in the background can lead to multiple tunnels and port conflicts.

To create and test the SSH tunnel for a MySQL database

  1. In a terminal window on your local machine, type:
    ssh -L 3307:ec2-172-16-139-19.us-west-1.compute.amazonaws.com:3306 \
    deploy@ec2-174-129-17-196.compute-1.amazonaws.com 
    where
    3307 is the local port,
    ec2-172-16-139-19.us-west-1.compute.amazonaws.com is the database host,
    3306 is the listening port, 
    deploy is the database username, and
    ec2-174-129-17-196.compute-1.amazonaws.com is the remote host.
  2. Before connecting the external database tool such as MySQL Workbench or SQLyog, test the connection with a simple tool such as the database console, mysql.
    (Your tunnel needs to be running for this test.)
    Type
    mysql -udeploy -p -P 3307 -h 127.0.0.1 
    where
    deploy is the database username on the remote host and 
    3307 is the local port.
    You are prompted for your database password.
    Note: for the -h argument, it is necessary to use 127.0.0.1 instead of localhost.