What more could you want?
Linux
Add your www with mod_rewrite
Jul 28th
It’s been said a million times, why do we need the www in the URL? The answer is simple: we want our sites to look professional. Here’s how to automatically prepend the www when some crazy hippie forgets it.
In the LoadModules section of the config, make sure mod_rewrite is enabled. On Red Hat or CentOS (or most others) it is by default:
In your LoadModules section, make sure that mod_rewrite is enabled. On Red Hat and CentOS, it is by default:
# grep mod_rewrite /etc/httpd/conf/httpd.conf
LoadModule rewrite_module modules/mod_rewrite.so
In your VirtualHost container (or, to get fancy, in a .htaccess file), add the following lines:
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/[^\.]+[^/]$
RewriteRule ^(.*)$ http://%{HTTP_HOST}/$1/ [R=301,L]
Voíla. Bounce Apache, and visit. Make sure you’re cool enough not to type “www.”
/cs
Lazy Umounting
Jun 11th
I came across a mounted sdb1 partition, but the physical device didn’t exist. This was on a Red Hat EL 5 box.
No files in the mount point, obviously, no users logged in but me, and I wasn’t standing in the directory. Even lsof couldn’t show me anything about that directory, and I almost cried when fuser -km reported nothing killed.
Umount gave this error:
# umount /dev/sdb1 umount: /dev/sdb1: device is busy umount: /dev/sdb1: device is busy
In the man page, I found the -l option for umount. The Lazy unmount. It says this:
Detach the filesystem from the filesystem hierarchy now, and cleanup all references to the filesystem as soon as it is not busy anymore.
Sounds good to me, and it worked, too. Just watch out for data loss.
/cs
Plesk 9 and PCI compliance
Apr 14th
The basics are easy, as one can attest with a Google search: Apache, Mail, etc.
But, I’ve found that the Plesk CP for Plesk 9 doesn’t run on Apache, it runs on Lighttpd. To disable weak ciphers on a Plesk/Red Hat box, edit /etc/sw-cp-server/applications.d/plesk.conf and add this line:
ssl.cipher-list = “TLSv1+HIGH !SSLv2 RC4+MEDIUM !aNULL !eNULL !3DES @STRENGTH”
I don’t know if you can add it just anywhere, but you ought to be able to. Personally, I put it between the “include_shell” and “index-file.names” lines in the conf, line 11. After all that, issue “service psa restart” and you’re good to go.
You can test the setup using this command:
# openssl s_client -connect localhost:8443 -ssl2
Run that from the box itself, either as root or as a regular user. It gave me a “Connection reset by peer” error on SSLv2 connection. This is expected, and means that SSLv2 has been successfully disabled. Go run that scan again.
Also, keep in mind the recent “Plesk broke openssl” (or vice-versa) fiasco.
/cs
Building HAL on BLFS
Jul 2nd
While attempting to build HAL on Beyond Linux From Scratch (Currently the SVN version, scheduled to be the 6.4 release), I came across this error:
probe-storage.c: In function ‘main’:
probe-storage.c:462: error: dereferencing pointer to incomplete type
probe-storage.c:462: error: ‘VOLUME_ID_FILESYSTEM’ undeclared (first use in this function)
probe-storage.c:462: error: (Each undeclared identifier is reported only once
probe-storage.c:462: error: for each function it appears in.)
probe-storage.c:463: error: dereferencing pointer to incomplete type
probe-storage.c:463: error: ‘VOLUME_ID_RAID’ undeclared (first use in this function)
probe-storage.c:464: error: dereferencing pointer to incomplete type
probe-storage.c:464: error: ‘VOLUME_ID_OTHER’ undeclared (first use in this function)
probe-storage.c:465: error: dereferencing pointer to incomplete type
probe-storage.c:465: error: ‘VOLUME_ID_CRYPTO’ undeclared (first use in this function)
After some looking around, I had almost given up hope when I decided to take a look at /usr/include/libvolume_id.h where the particular VOLUME_ID structs are created. I also Googled for that file name, and came across koders.com‘s enumeration of header files. The file listed on their site was 116 lines, and the file installed on my LFS box was only 54, and didn’t include the structs for the items listed in the above error.
After making a backup of the original libvolume_id.h file, I copied the file from koders.com (which, incidentally, is from CentOS) and catted it into place on my server. I ran the compile for HAL again, and now enjoy the sweet and slightly spicy flavor of success.
Hoorah.
/cs
Segmentation fault: nvidia-settings, Ubuntu Intrepid
Nov 3rd
In Intrepid, the nvidia-settings application throws a segmentation fault when trying to write changes to the X config file in /etc/X11/xorg.conf.
A workaround I found on the net was to rename or remove the xorg.conf file. I’m not certain why this is happening, but there’s an existing bug report on it.
/cs
UPDATE: A fix was released for the bug.