Although cPanel has built in support for running Ruby or Rails apps, it uses Mongrel as the server and doesn’t allow more than one instance per user. That makes it pretty useless for any application that gets even a moderate amount of traffic. Instead we can install Phusion Passenger (a.k.a mod_rails), which in my opinion is a much nicer solution anyway.
First we need to make sure Ruby is installed via a cpanel script:
Now we can install the passenger gem:
Next, compile the apache2 module
The installer may tell you that the the Apache development headers are needed and will suggest ‘yum install httpd-devel’. Since cPanel compiles it’s own version of apache, yum is configured to ignore that package. That is OK, because the program we need is already installed, we just have to tell Passenger where to find it.
Everything should go OK this time, and the installer will give you a few lines to add to your apache config file. It’s best practice with cPanel not to put these in your main httpd.conf, but rather the pre_main_global.conf:
Now we need to setup passenger to run on a per virtual host basis. Open up the httpd.conf file and find the virtual host you want to run a Rails app and add this line:
Replace username with the username of the account.
Now we need to create the directory we just specified, and also create a configuration file letting passenger know it should load for this host:
To make sure those files load, run this:
We need to make sure cPanel records the changes we have for when it rebuilds those files, so run the following two commands:
We can now restart apache:
Since by default the Apache Document Root for each host is /home/username/public_html, you will probably need to symlink that to your applications public directory:
To restart that application, you just need to touch the restart.txt file:
And there you have it, a working high performance rail application server on cPanel! For more information on tuning the Passenger configuration, read the complete docs.
PS:
I just modified few lines from this article after i installed passenger on my cpanel server.
To help protect your server, you may want to scan your users FTP uploads. Here is a great way of doing this, if you are using Pure-FTP and ClamAV. Pure-FTP has an option to run a file after an upload, called the pure-uploadscript. What you do, is tie the virus scanner into this script, so that when a file gets uploaded, it will get scanned. As long as you have your virus scanner up to date, this will pick up most of the main stream virii, as well as the dreaded php shell scripts.
Here is how we do it. We first need to ssh into our server, and then switch user to root. Now, execute the following from the command line:
echo \#\!/bin/sh > /etc/pure-ftpd/upload-check.sh
This command will create a file called upload-check.sh, and place an interpreter call on the first line. Next, we add the action line to the file, by executing this command:
echo /usr/bin/clamdscan –move=/root/badfiles/ –quiet –no-summary –log=/var/log/clamscan.log “\$1″ >> /etc/pure-ftpd/upload-check.sh
This will insert the second line in the upload-check script. This line calls the virus scanner, clamdscan, and passes some information to it. The first one, tells the scanner to move the file, if it has found a problem with it. I always find it usefull to see what people are trying to upload, instead of just deleting the file as soon as its scanned. The other important parameter here, is the log value. We are telling the scanner to log all activity to the clamscan.log file, which is usefull to view every so often, to see if anyone was trying to upload something nasty. Now, chmod the script:
chmod 700 /etc/pure-ftpd/upload-check.sh
The next step, is to ensure that when your server starts up, that the pure-uploadscript binary is running, using the newly created upload-check.sh script:
echo /usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-check.sh >> /etc/rc.d/rc.local
This places a line at the bottom of your rc.local file, telling it to run the pure-uploadscript, with the parameters you have assigned to it.
Next, we tell pure-ftpd to use the upload scanner, use what ever editor you prefer:
vi /etc/pure-ftpd.conf
Search for – CallUploadScript, and uncomment the line. Save your changes, and exit.
Now, all we need to do, is start the pure-uploadscript daemon, and restart pure-ftpd:
/usr/sbin/pure-uploadscript -B -r /etc/pure-ftpd/upload-check.sh
service pure-ftpd restart
Once done, you should now be scanning all files uploaded through ftp. To check if you have found any virii, you can check the log file, running this command only displays the lines that have reported a virus:
tail -n 1000 /var/log/clamscan.log | grep FOUND
The files found to have virii’s, will also have been moved to /root/badfiles, so that you can take a look at them, and if it is a false positive, move the file back to the users directory.
text from http://solidservers.ca/2009/04/how-to-virus-scan-ftp-uploads/
This is what you need to do:
1. While in Google Chrome, use the following keyboard shortcut: [Shift] + [Esc].
2. The Task Manager will appear. Select the “Plugin: Shockwave Flash”, click end process, now try again.
Muhaha .. Facebook 3.0 for iPhone The long-anticipated (by Facebook and iPhone lovers, at least) Facebook 3.0 for iPhone hits the App Store today. Even if you’re not a big Facebook fan, it’s undeniably a great mobile application. It’s not showing up as new just yet in the App Store (either in iTunes or on my iPhone), so if you’re not seeing it as an update, go ahead and download anyway (on your iPhone, you’ll have to delete your old install before downloading a new one.
This is from: http://www.ghisler.ch/board/viewtopic.php?t=12105
Here is some information on how to use the ssl/tls feature. Because of the Swiss crypto export laws, I cannot include the openssl dlls in the install package.
1. Get the compiled OpenSSL package from the LibCurl library:
http://curl.haxx.se/download.html
Please scroll down to the section named “Win32 – Generic”
and download the following package (or a newer one):
Win32 2000/XP 7.19.0 libcurl SSL enabled Günter Knauf 1.54 MB
2. Copy the two dlls libssl32.dll and libeay32.dll from the “bin” subdir of the archive to the Total Commander directory.
3. Now you can make connections with prefix ftps:// and https://
There will appear a red open locker for connections because the root certificates are missing. To get the root certificates of Verisign, Thawte etc, do the following:
1. Start Internet Explorer and open its configuration dialog
2. Go to the page “Content”
3. Click on “Certificates”
4. Go to the last page “Trusted root certificate authorities”
5. Select all certificates
6. Click on”Export”
7. As name, enter: rootcerts
8. Confirm with Next/OK. This creates a file rootcerts.p7b
9. Issue the following two commands to convert to openssl format:
openssl pkcs7 -inform DER -in rootcerts.p7b -print_certs -out unfiltered.pem
openssl x509 -in unfiltered.pem -out rootcert.pem
10. Put the file rootcert.pem in the Total Commander directory
Windows XP’s automatic update facility is clearly a good thing. Except when an update is installed that requires a reboot and you’re working on the computer at the time. Then you get this lovely dialog:
As if I needed another reason to hate dialog boxes. This is perhaps the Naggiest. Dialog. Box. Ever. It can’t be dismissed. You get two choices– Restart Now, or Restart Later.If you click Restart Later, it pops up again ten minutes later, like clockwork. It belongs to wuauclt.exe, part of the Microsoft automatic update provider. I tried killing wuauclt.exe, and like a bad zombie movie, it keeps coming back.
I want automatic updates, but I also want to restart my computer when I feel like it. Is there any way to turn off this incredibly annoying nag dialog? UPDATE: Thanks to the many commenters, we now have at least two ways to disable Mister Naggy McNaggerson:
1. Stop the “Automatic Updates” service.
Navigate to Control Panel | Administrative Tools | Services:
Right click the Automatic Updates service and stop it. You can also do the same thing at the command line by typing:
net stop wuauservor you can type this, which does the same thing, and is a little easier to remember:
net stop "automatic updates"After the service is stopped, the nag message stops, too. Then you can reboot when you have time. The service will restart when you reboot.
2. Modify Group Policy settings.
Start, Run “gpedit.msc” to bring up the group policy editor. Then navigate to the folder
Local Computer Policy Computer Configuration Administrative Templates Windows Components Windows UpdateThere are two settings and both will work, so it’s your choice. Either enable No auto-restart for schedule Automatic Updates installations or set Re-prompt for restart with scheduled installations to a long time interval, like 1440 minutes.
This article lists the error codes that Remote Access Service (RAS) reports in Windows NT 4.0, Windows 98, and Windows 95.
Error Messages
-------------------------------
600 An operation is pending.
601 The port handle is invalid.
602 The port is already open.
603 Caller's buffer is too small.
604 Wrong information specified.
605 Cannot set port information.
606 The port is not connected.
607 The event is invalid.
608 The device does not exist.
609 The device type does not exist.
610 The buffer is invalid.
611 The route is not available.
612 The route is not allocated.
613 Invalid compression specified.
614 Out of buffers.
615 The port was not found.
616 An asynchronous request is pending.
617 The port or device is already disconnecting.
618 The port is not open.
619 The port is disconnected.
620 There are no endpoints.
621 Cannot open the phone book file.
622 Cannot load the phone book file.
623 Cannot find the phone book entry.
624 Cannot write the phone book file.
625 Invalid information found in the phone book.
626 Cannot load a string.
627 Cannot find key.
628 The port was disconnected.
629 The port was disconnected by the remote machine.
630 The port was disconnected due to hardware failure.
631 The port was disconnected by the user.
632 The structure size is incorrect.
633 The port is already in use or is not configured for Remote
Access dialout.
634 Cannot register your computer on the remote network.
635 Unknown error.
636 The wrong device is attached to the port.
637 The string could not be converted.
638 The request has timed out.
639 No asynchronous net available.
640 A NetBIOS error has occurred.
641 The server cannot allocate NetBIOS resources needed to support
the client.
642 One of your NetBIOS names is already registered on the remote
network.
643 A network adapter at the server failed.
644 You will not receive network message popups.
645 Internal authentication error.
646 The account is not permitted to log on at this time of day.
647 The account is disabled.
648 The password has expired.
649 The account does not have Remote Access permission.
650 The Remote Access server is not responding.
651 Your modem (or other connecting device) has reported an error.
652 Unrecognized response from the device.
653 A macro required by the device was not found in the device .INF
file section.
654 A command or response in the device .INF file section refers to
an undefined macro
655 The <message> macro was not found in the device .INF file
section.
656 The <defaultoff> macro in the device .INF file section contains
an undefined macro
657 The device .INF file could not be opened.
658 The device name in the device .INF or media .INI file is too
long.
659 The media .INI file refers to an unknown device name.
660 The device .INF file contains no responses for the command.
661 The device .INF file is missing a command.
662 Attempted to set a macro not listed in device .INF file section.
663 The media .INI file refers to an unknown device type.
664 Cannot allocate memory.
665 The port is not configured for Remote Access.
666 Your modem (or other connecting device) is not functioning.
667 Cannot read the media .INI file.
668 The connection dropped.
669 The usage parameter in the media .INI file is invalid.
670 Cannot read the section name from the media .INI file.
671 Cannot read the device type from the media .INI file.
672 Cannot read the device name from the media .INI file.
673 Cannot read the usage from the media .INI file.
674 Cannot read the maximum connection BPS rate from the media .INI
file.
675 Cannot read the maximum carrier BPS rate from the media .INI
file.
676 The line is busy.
677 A person answered instead of a modem.
678 There is no answer.
679 Cannot detect carrier.
680 There is no dial tone.
681 General error reported by device.
682 ERROR WRITING SECTIONNAME
683 ERROR WRITING DEVICETYPE
684 ERROR WRITING DEVICENAME
685 ERROR WRITING MAXCONNECTBPS
686 ERROR WRITING MAXCARRIERBPS
687 ERROR WRITING USAGE
688 ERROR WRITING DEFAULTOFF
689 ERROR READING DEFAULTOFF
690 ERROR EMPTY INI FILE
691 Access denied because username and/or password is invalid on the
domain.
692 Hardware failure in port or attached device.
693 ERROR NOT BINARY MACRO
694 ERROR DCB NOT FOUND
695 ERROR STATE MACHINES NOT STARTED
696 ERROR STATE MACHINES ALREADY STARTED
697 ERROR PARTIAL RESPONSE LOOPING
698 A response keyname in the device .INF file is not in the
expected format.
699 The device response caused buffer overflow.
700 The expanded command in the device .INF file is too long.
701 The device moved to a BPS rate not supported by the COM driver.
702 Device response received when none expected.
703 ERROR INTERACTIVE MODE
704 ERROR BAD CALLBACK NUMBER
705 ERROR INVALID AUTH STATE
706 ERROR WRITING INITBPS
707 X.25 diagnostic indication.
708 The account has expired.
709 Error changing password on domain.
710 Serial overrun errors were detected while communicating with
your modem.
711 RasMan initialization failure. Check the event log.
712 Biplex port is initializing. Wait a few seconds and redial.
713 No active ISDN lines are available.
714 Not enough ISDN channels are available to make the call.
715 Too many errors occurred because of poor phone line quality.
716 The Remote Access IP configuration is unusable.
717 No IP addresses are available in the static pool of Remote
Access IP addresses.
718 PPP timeout.
719 PPP terminated by remote machine.
720 No PPP control protocols configured.
721 Remote PPP peer is not responding.
722 The PPP packet is invalid.
723 The phone number, including prefix and suffix, is too long.
724 The IPX protocol cannot dial-out on the port because the
computer is an IPX router.
725 The IPX protocol cannot dial-in on the port because the IPX
router is not installed..
726 The IPX protocol cannot be used for dial-out on more than one
port at a time.
727 Cannot access TCPCFG.DLL.
728 Cannot find an IP adapter bound to Remote Access.
729 SLIP cannot be used unless the IP protocol is installed.
730 Computer registration is not complete.
731 The protocol is not configured.
732 The PPP negotiation is not converging.
733 The PPP control protocol for this network protocol is not
available on the server.
734 The PPP link control protocol terminated..
735 The requested address was rejected by the server..
736 The remote computer terminated the control protocol.
737 Loopback detected..
738 The server did not assign an address.
739 The remote server cannot use the Windows NT encrypted password.
740 The TAPI devices configured for Remote Access failed to
initialize or were not installed correctly.
741 The local computer does not support encryption.
742 The remote server does not support encryption.
743 The remote server requires encryption.
744 Cannot use the IPX net number assigned by the remote server.
Check the event log.
752 A syntax error was encountered while processing a script.
If you’ve used Windows for any amount of time, you’ve already had to deal with the dreaded (Not Responding) frozen application—so instead of using task manager, why not create a shortcut to auto-kill them?
The HaxAttack weblog writes up a great tip to create a batch file that automatically kills any applications with a status of Not Responding, but you can actually just create a shortcut directly, omitting the batch file altogether.
To create your own quick-killing mechanism, just create a new shortcut anywhere, using this as the location:
taskkill.exe /f /fi "status eq not responding"
Once you are done, you can change the icon, or even assign a shortcut key in the properties dialog—just make sure the shortcut is on your desktop or in the start menu if you want the hotkey to work, since Windows hotkeys don’t work in the Quick Launch. Thanks, Cyrus!
For more, check out how to kill runaway processes with Task Killer, previously mentioned ClickGone, or simply use the very powerful Process Explorer.
Tip: Easy Kill Apps That Freeze [HaxAttack]
This article will give you a short introduction to DDNS, and will only apply to a precise example. I will not detail the reasons of my choice. However, the links provided at the end of the document will allow you further understand the uses that can be made of DDNS.
REQUIREMENTS
- 2 machines running GNU/Linux: one at home with a dynamic IP, the other elsewhere with a fix IP
- BIND 9.2.0 or newer should be installed on the external machine (and act as primary DNS for your domain – the setup won’t be detailed here)
- the nsupdate utility on your router at home. This comes as part of the dnsutilsDebian package.
GENERATING THE KEY
Updates being initiated from the client, the process needs to be secured by a TSIG key:”(TSIG keys are symmetric HMAC-MD5 keys; although asymmetric SIG keys can also be used, the set up is a bit more complicated)”:.
On the external machine running BIND 9, run as root:
dnssec-keygen -a HMAC-MD5 -b 512 -n HOST <keyname>
where <keyname> should be replaced by a whatever name you want, and 512 is the key size (512 is the maximum with the HMAC-MD5 algorithm).
This will generate 2 files like Kkeyname.+157+12505.key andKkeyname.+157+12505.private. Both files should remain private (remember, we work with symmetric key).
ON THE SERVER SIDE
Both files created before do contain the secret key, which needs to be set up on the BIND configuration file (eg.named.conf or named.conf.local in Debian) as follows:
key "keyname." {
algorithm hmac-md5;
secret "v9BhsbwDu4q95g/Gf/EiXA==";
};
Once this is defined, you can start using this shared secret in the definition of your zone:
zone "example.com" {
type master;
file "master/db.example.com";
allow-update { key "keyname."; };
};
The BIND service should obviously be reloaded to start using the new configuration:
# /etc/init.d/bind9 reload
ON THE CLIENT SITE
UPDATING THE ZONE WHEN YOUR DSL PROVIDER IP CHANGES – NSUPDATE
If you can’t get a fix IP address from your xDSL provider and still want to host your server at home, you can use third services companies like DynDNS.org or Zonedit.com, but did you know you can set up a secure DDNS service using the BIND DNS server and the nsupdate utility. Still, you need to have control on a machine with a static IP somewhere on the public Internet.
nsupdate is the tool needed to update the IP on the DNS server. You can use it manually whenever you want (see manpage for additional information), or in scripts run automatically by cron or, better, directly by ppp through the ppp-ip facilty.
In Debian, save the following script as /etc/ppp/ip-up.d/ddupdate, change the options at the top of the file and make it executable:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
#!/bin/bash # Script to update DNS zones on a remote server # Copyright © 2005-2007 - Julien Valroff <julien@kirya.net> # Parts of the script Copyright © 2001-2002 - Dag Wieers <dag@wieers.com> KEY="/root/Kkeyname.+157+29630.private" SERVER="ns.domain.com" LOGFILE="/var/log/syslog" PPP_IFACE="ppp0" if [ "$PPP_LOCAL" != '' ]; then if [ "$PPP_IFACE" != "$PPP_IFACE" ]; then echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: ABORTED: Not updating dynamic IP \ address $PPP_LOCAL (already done for $(ip addr show $PPP_IFACE | awk '/inet/ { print $2 }'))" >>$LOGFILE 2>&1 exit 0 fi IPADDR=$PPP_LOCAL sleep 3 else IPADDR=$(ip addr show $PPP_IFACE | awk '/inet/ { print $2 }') fi ( cat <<EOF | nsupdate -k "$KEY" server $SERVER zone example.com update delete example.com. A update add example.com. 60 A $IPADDR update delete mail.example.com. A update add mail.example.com. 60 A $IPADDR send EOF RC=$? if [ $RC != 0 ]; then echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: FAILURE: Updating dynamic IP $IPADDR on $SERVER failed (RC=$RC)" ( echo "Subject: DDNS update failed" echo echo "Updating dynamic IP $IPADDR on $SERVER failed (RC=$RC)" ) | /usr/sbin/sendmail root else echo "$(LANG=C date +'%b %e %X') $(hostname) ddupdate[$$]: SUCCESS: Updating dynamic IP $IPADDR on $SERVER succeeded" fi ) >>$LOGFILE 2>&1 exit $RC |
Next time your connection will be restarted, the IP will be updated on your DNS server, and you’ll see an entry in your log file:
Mar 12 18:43:26 athena ddupdate[14507]: SUCCESS: Updating dynamic IP 81.13.52.124 on ns.domain.com succeeded
An e-mail will alert the system administrator in case the update fails.
Remember to use low TTL for the zone which is meant to be updated, 60 seconds seems to be a good value.
UPDATING THE DNS WITH DYNAMIC IP ON YOUR LOCAL NETWORK – DHCPD
DDNS can also be used in conjunction with dhcpd to dynamically update the DNS when a machine is given an IP. A very detailed article was written by Adam Trickett for debian-administration.org to explain this setup.
COMBINE BOTH METHODS WITH A ROADWARRIOR CLIENT
I plan to combine the methods described earlier to allow a roadwarrior to be reachable by its name wherever it is located.
When out of the company, the roadwarrior is connected to the network through a secureOpenVPN tunnel. Thanks to the --client-connect and --client-disconnectdirectives, the OpenVPN server can update the DNS entry for the given host (cf.ifconfig_pool_remote_ip and common_name environmental variables in OpenVPN man page).
When directly connected to the local network, the roadwarrior gets an IP from the DHCP server which updates the DNS.
I haven’t yet worked on this setup, and am not sure it would be very useful, but this is an example of use of dynamic DNS.
OTHER (MORE DETAILED) ARTICLES ON DDNS
As usual, here are some external resources which helped me writing this article, and which will allow you to study the DDNS methods in details:
run this :
rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/elfutils-libs-0.125-3.el5.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/gmp-4.1.4-10.el5.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/readline-5.1-1.1.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-2.4.3-21.el5.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-iniparse-0.2.3-4.el5.noarch.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/libxml2-2.6.26-2.1.2.1.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/libxml2-python-2.6.26-2.1.2.1.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/expat-1.95.8-8.2.1.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-elementtree-1.2.6-5.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/sqlite-3.3.6-2.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-sqlite-1.1.7-1.2.1.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/elfutils-0.125-3.el5.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/rpm-python-4.4.2-48.el5.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/m2crypto-0.16-6.el5.2.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/python-urlgrabber-3.1.0-2.noarch.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/yum-metadata-parser-1.1.2-2.el5.i386.rpm rpm -Uvh http://mirror.centos.org/centos-5/5/os/i386/CentOS/yum-3.2.8-9.el5.centos.1.noarch.rpm yum -y update
