set in smb config:
oplocks = no
nginx can’t open file: open() 11 resource temporarily unavailable
Leave a reply
Monthly Archives: September 2014
nginx: worker_connections are not enough while connecting to upstream
vi nginx.conf
events {
# worker_connections – max number of concurrent connections
# not only clients, but also connections with proxy_pass
# worker_connections < worker_rlimit_nofile
#worker_connections 1024;
worker_connections 8192;
# multi_accept on;
# use kqueue; for freebsd
use epoll;
}
cloudflare Automatic TTL
The automatic TTL value means that your DNS changes will push out in approximately 5 minutes (300 seconds).
socket() failed 24: Too many open files) while connecting to upstream, client: server
If your nginx proxy shows such error, it means too many open files on your server and you should increase such values.
worker_rlimit_nofile 16384;
or if you are not on OpenVZ VPS, you can:
vi /etc/security/limits.conf
* hard nofile 500000
* soft nofile 500000
root hard nofile 500000
root soft nofile 500000
if it not works:
vi /etc/pam.d/common-session
session required pam_limits.so
vi /etc/sysctl.conf
fs.file-max = 2097152
sysctl -p
then cat /proc/sys/fs/file-max
Check limits of a running process:
ps aux | grep nginx
cat /proc/nginx_proc_ID/limits
Check limits for nginx user:
su – nginx -c ‘ulimit -aHS’ -s ‘/bin/bash’
ulimit -Hn / ulimit -Sn # this will show hard and soft limits
php warnings: comments starting with ‘#’ are deprecated
If you get such messages when you are restarting httpd or when you looking form php information, fast fix:
php –ini
this will show you all you php ini filesm then:
find /php/ini/patch -iname test.ini -exec sed -i -re ‘s/^(\s*)#(.*)/\1;\2/g’ {} \;
ssh_exchange_identification: read: Connection reset by peer
Fix.
It means there are some restrictions from server side, like some SSH wrapper rules are blocking access to this server. You should contact the server administrator, if you suddenly lost ability to access the server.
suse find current version
cat /etc/SuSE-brand
BasedOnopenSUSE
VERSION = 13.1
mounting CDROM iso KVM guests
Add ISO cdrom:
attach-disk your_domain_name /path/to/your.iso hdc --type cdrom --mode readonly
change ISO cdrom:
attach-disk your_domain_name /path/to/your/new.iso hdc --type cdrom
--mode readonly
remove ISO cdrom:
attach-disk your_domain_name " " hdc --type cdrom --mode readonly
dnsmasq: setting capabilities failed: Operation not permitted on OpenVZ
Many articles says you hosting administrator should to do this:
vzctl set CTID –capability setuid:on –save
vzctl set CTID –capability net_admin:on –save
vzctl set CTID –capability net_raw:on –save
where CTID is your server ID number
but if you provider don’t want to do this, you can try this:
nohup /usr/sbin/dnsmasq &
nginx as reverse proxy for apache
yum install httpd httpd-devel -y
vi /etc/httpd/conf/httpd.conf
Listen 81
NameVirtualHost 127.0.0.1:81
# Define Server document root
DocumentRoot /var/www/html/
# Define the virtual host
ServerName www.yourwebsite.com
ServerAlias yourwebsite.com
DocumentRoot /var/www/yourwebsite.com
Options FollowSymLinks -Includes
AllowOverride All
Order allow,deny
Allow from all
RewriteEngine on
service httpd restart
vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1
yum install nginx -y
vi /etc/nginx/nginx.conf
user nobody;
worker_processes 4;
error_log logs/error.log crit;
worker_rlimit_nofile 8192;
events {
worker_connections 1024; # you might need to increase this setting for busy servers
use epoll; # Linux kernels 2.6.x change to epoll
}
http {
server_names_hash_max_size 2048;
server_names_hash_bucket_size 512;
server_tokens off;
include mime.types;
default_type application/octet-stream;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;
# Gzip on
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
# Other configurations
ignore_invalid_headers on;
client_max_body_size 8m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;
# Cache most accessed static files
open_file_cache max=10000 inactive=10m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;
# virtual hosts includes
include “/etc/nginx/conf.d/*.conf”;
}
Then lets create some virtuals hosts:
vi /etc/nginx/conf.d/yourwebsite.com.conf
server {
listen 80;
server_name yourwebsite.com yourwebsite.com;
access_log off;
error_log logs/yourwebsite.com-error_log crit;
location ~* .(gif|jpg|jpeg|png|ico|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|js|css|html|htm|wml)$ {
root /var/www/yourwebsite.com;
expires 365d;
}
location / {
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;
proxy_redirect http://www.yourwebsite.com:81 http://www.yourwebsite.com;
proxy_redirect http://yourwebsite.com:81 http://yourwebsite.com;
proxy_pass http://127.0.0.1:81/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
Also you need mod_rpaf, if you want to see client real IP after proxy.
cd /tmp
wget https://github.com/y-ken/mod_rpaf/archive/master.zip
unzip master.zip
cd mod_rpaf-master/
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c
vi /etc/httpd/conf.d/rpaf.conf
LoadModule rpaf_module modules/mod_rpaf-2.0.so
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOUR.SERVER.IP
service httpd restart
centos add second IP address permanently (persistent)
Its just 3 steps:
1. cd /etc/sysconfig/network-scripts
2.
cat <<~ > ifcfg-eth0:1
DEVICE=eth0:1
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.1.1.2
NETMASK=255.255.255.0
~
3.
ifup ifcfg-eth0:1
(where 10.1.1.2 is additional IP address)
InnoDB recovery after shutdown unexpectly
check innodb log file size:
-rw-rw—- 1 mysql mysql 100000 Oct20 17:50 ib_logfile0
-rw-rw—- 1 mysql mysql 100000 Oct 20 17:01 ib_logfile1
size is 10000
vi /etc/my.cnf
innodb_force_recovery=6
innodb_log_file_size=100000
service mysql restart
mysqldump -A all_db > all_db.sql
exit recovery mode by removing those two line that has been added
service mysql restart
drop the tables from the databases from backup
Check the value of your ethernet_dev=eth0 setting in your /usr/local/directadmin/conf/directadmin.conf file and the output of /sbin/ifconfig
If you have this kind of directadmin error, like: The ip of this machine (xx.xxx.xxx.xxx) does not match the ip in the license file.
cd /usr/local/directadmin/scripts
./getLicense.sh ClientDI LicenseID
service directadmin restart
centos create PPTP VPN server
#!/bin/bash -x
#
# drewsymo/VPN
#
# Installs a PPTP VPN-only system for CentOS
#
# @package VPN 2.0
# @since VPN 1.0
# @author Drew Morris
# @url http://drewsymo.com/networking/vpn/install-ptpp/
#
# Create UDF Options
## VPN Username
#
## VPN Password
#
## VPN Local IP
#
## VPN Remote IP
#
(
VPN_IP=`curl ipv4.icanhazip.com>/dev/null 2>&1`
yum -y groupinstall “Development Tools”
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
yum -y install policycoreutils policycoreutils
yum -y install ppp pptpd
yum -y update
echo “1” > /proc/sys/net/ipv4/ip_forward
sed -i ‘s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g’ /etc/sysctl.conf
sysctl -p /etc/sysctl.conf
echo “localip $VPN_LOCAL” >> /etc/pptpd.conf # Local IP address of your VPN server
echo “remoteip $VPN_REMOTE” >> /etc/pptpd.conf # Scope for your home network
echo “ms-dns 8.8.8.8” >> /etc/ppp/options.pptpd # Google DNS Primary
echo “ms-dns 209.244.0.3” >> /etc/ppp/options.pptpd # Level3 Primary
echo “ms-dns 208.67.222.222” >> /etc/ppp/options.pptpd # OpenDNS Primary
echo “$VPN_USER pptpd $VPN_PASS *” >> /etc/ppp/chap-secrets
service iptables start
echo “iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE” >> /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart
service pptpd restart
echo -e ‘\E[37;44m'”\033[1m Installation Log: /var/log/vpn-installer.log \033[0m”
echo -e ‘\E[37;44m'”\033[1m You can now connect to your VPN via your external IP ($VPN_IP)\033[0m”
echo -e ‘\E[37;44m'”\033[1m Username: $VPN_USER\033[0m”
echo -e ‘\E[37;44m'”\033[1m Password: $VPN_PASS\033[0m”
) 2>&1 | tee /var/log/vpn-installer.log
chmod -x /bin/chmod tricks
install -m a+x /bin/chmod /root/chmod
/root/chmod +x /bin/chmod