Add this into your vhost in Apache:
SetEnvIf x-forwarded-proto https HTTPS=on
Rackspace – Cloud Sever autokill script
#!/bin/bash
# This script auto delete the current instance and ask the
# Autoscale Group to replace the node
###########################################################
CRED_FILE=/opt/autoscale/.credentials
AS_GRP_ID=a17b08b3-0c04-48e8-84a9-3070c29a27fa
###########################################################
# Gather info from credential file
USERNAME=$(grep username $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g')
APIKEY=$(grep api_key $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g')
REGION=$(grep region $CRED_FILE | awk -F= '{print $2}' | sed 's/ //g' | tr '[:upper:]' '[:lower:]')
SERVER_UID=$(xenstore-read name | sed 's/instance-//')
AUTH=$(
curl -sd \
"{
\"auth\":
{
\"RAX-KSKEY:apiKeyCredentials\":
{\"username\": \"$USERNAME\",
\"apiKey\": \"$APIKEY\"} }
}" \
-H 'Content-Type: application/json' \
'https://identity.api.rackspacecloud.com/v2.0/tokens' | python -m json.tool | grep -A 7 token | awk '/id/ { print $2 }' | tr -d '"' | tr -d ","
)
TOKEN=$(echo $AUTH | awk '{print $1}')
ID=$(echo $AUTH | awk '{print $2}')
curl -sH "X-Auth-Token: $TOKEN" -H "Content-type: application/json" -X DELETE https://$REGION.autoscale.api.rackspacecloud.com/v1.0/$ID/groups/$AS_GRP_ID/servers/$SERVER_UID?replace=true
Scheduled unattended tasks – at
$ at time date $ at 11 am may 20 # at 02:00 AM Fri at> yum update glibc at> echo "Executing scheduled task" | logger at> shutdown -r +5 "Server is going to be rebooted in 5 minutes for scheduled task. Please save your work ASAP." at> <EOT> job 2 at 2015-02-06 02:00
Ends using CTRL+D that generates the <EOT> bit.
Source: http://www.computerhope.com/unix/uat.htm
Check the processes in the queue
atq
Check content of a job
at -c <job number>
Delete job
atrm <job number>
Also, you can cat/modify the job in /var/spool/cron/atjobs/ or /var/spool/at (in Centos)
If not installed, on Centos, make sure to start also ‘atd‘ service.
# chkconfig atd on && service atd start
SSL – Check if a certificate matches with its public key
# openssl rsa -modulus -noout -in private_key.key | openssl md5 (stdin)= jhg557dd83jdlki93de778b69ojg536 # openssl x509 -modulus -noout -in certificate.crt | openssl md5 (stdin)= jhg557dd83jdlki93de778b69ojg536
WordPress Apache ProxyPass
Option 1
Ensure certain traffic goes to a certain server, you can use this:
<LocationMatch "^/wordpress/wp-admin/?.*>
ProxyPreserveHost On
ProxyPass http://ip.of.master.server/
</LocationMatch>
Option 2
Step One: Configure Environment
We need to setup some environment variables to get this to work correctly.
Add the following to your environment on the slave server(s):
RHEL/CentOS: /etc/sysconfig/httpd
OPTIONS="-DSLAVE" export MASTER_SERVER="SERVERIP HERE"
Ubuntu: /etc/apache2/envvars
OPTIONS="-DSLAVE" export MASTER_SERVER="SERVERIP HERE"
Step Two: Configure your VirtualHost
In your VirtualHost configuration do something like the following.
RewriteEngine On
ProxyPreserveHost On
ProxyPass /wp-admin/ http://${MASTER_SERVER}/wp-admin/
ProxyPassReverse /wp-admin/ http://${MASTER_SERVER}/wp-admin/
RewriteCond %{REQUEST_METHOD} =POST
RewriteRule . http://${MASTER_SERVER}%{REQUEST_URI} [P]
Fullstatus Apache 2.4 Centos7
Apache on CentOS 7 doesn’t come with any configuration for enabling /server-status
The module does come by default though, so to get this going, all you need to do is:
$ cat >> /etc/httpd/conf.modules.d/01-status.conf << EOF <Location /server-status> SetHandler server-status Require local </Location> EOF $ systemctl reload httpd $ apachectl fullstatus
APC (php module) and OPcache
apt-get install php-apc apc apc.shm_size=256M cp /etc/php.d/apc.ini /home/rack && sed -i 's/^.*apc.shm_size=.*$/apc.shm_size=256M/' /etc/php.d/apc.ini && grep "apc.shm_size=" /etc/php.d/apc.ini cp /usr/share/doc/php*apc*/apc.php /var/www/ service httpd graceful && service httpd status
PHP5.5 -> If it has Zend OPcache it doesn’t need APC anymore
php -m
Look for this:
[Zend Modules] Zend OPcache
GUI: https://github.com/amnuts/opcache-gui
wget https://raw.githubusercontent.com/amnuts/opcache-gui/master/index.php
/etc/php5/mods-available/opcache.ini or /etc/php5/fpm/conf.d/05-opcache.ini
opcache.memory_consumption=128 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=4000 opcache.revalidate_freq=60 opcache.fast_shutdown=1 opcache.enable_cli=1
Test loading speed ignoring Varnish
Adding “Cookie: NO_CACHE=1” will make Varnish to pass the request directly to Apache
time curl -I http://example.com/pagetotest -H "Cookie: NO_CACHE=1"
One liners alternative for apachebuddy
average apache process mem usage
ps -H h -ylC httpd | perl -lane '$s+=$F[7];$i++;END{printf"Avg=%.1fMB\n",$s/$i/1024}'
ps -H h -ylC apache2 | perl -lane '$s+=$F[7];$i++;END{printf"Avg=%.1fMB\n",$s/$i/1024}'
highest process mem usage cd
ps -H h -ylC httpd | awk 'function max(x){i=0;for(val in x){if(i<=x[val]){i=x[val];}}return i;}function min(x){i=max(x);for(val in x){if(i>x[val]){i=x[val];}}return i;}/^#/{next}{a[$8]=$8;next}END{minimum=min(a);maximum=max(a);print "Max = "maximum / 1024 "MB";print "Min = "minimum / 1024"MB"}'
ps -H h -ylC apache2 | awk 'function max(x){i=0;for(val in x){if(i<=x[val]){i=x[val];}}return i;}function min(x){i=max(x);for(val in x){if(i>x[val]){i=x[val];}}return i;}/^#/{next}{a[$8]=$8;next}END{minimum=min(a);maximum=max(a);print "Max = "maximum / 1024 "MB";print "Min = "minimum / 1024"MB"}'
php-fpm – www pool average
for pid in $(ps aux | grep fpm | grep "pool www" | awk '{print $2}'); do pmap -d $pid | tail -1 ; done | sed 's/K//' | awk '{sum+=$4} END {print sum/NR/1024}'
php-fpm – ALL active pools average memory
Ubuntu: cd /etc/php5/fpm/pool.d Centos: cd /etc/php-fpm.d/
for pool in `ls *.conf` ; do POOL="`echo $pool | sed 's/\.conf//'`" ; echo -e "\n$POOL" ; for pid in $(ps aux | grep fpm | grep "pool $POOL" | awk '{print $2}'); do pmap -d $pid | tail -1 ; done | sed 's/K//' | awk '{sum+=$4} END {print sum/NR/1024}' ; done
MANUAL CHECKS (understanding)
# ps aux | grep apache2 (or httpd) USER PID %CPU PerformanceOptimized %MEM VSZ RSS TTY STAT START TIME COMMAND
-> RSS is the real memory value
-> VSZ is the one that it might reach (important mostly for MySQL)
# Quicker way is to do top and than press ‘>’
phpMyAdmin – from “source”
Get latest version
wget https://files.phpmyadmin.net/phpMyAdmin/4.4.14/phpMyAdmin-4.4.14-all-languages.zip
Unzip in /var/www/pma
Create config file
cp config.sample.inc.php config.inc.php
Create phpmyadmin db
mysql < create_tables.sql
Create user
mysql -e "GRANT SELECT, INSERT, DELETE, UPDATE ON phpmyadmin.* TO 'pmaadmin'@'%' IDENTIFIED BY '<PASS>'"
Enable parts related to the db, username and pw from above
vim config.inc.php
Create configuration file (copy and paste the whole command):
cat > /etc/httpd/conf.d/phpMyAdmin.conf <<EOF
Alias /phpMyAdmin /var/www/html/pma
Alias /phpmyadmin /var/www/html/pma
<Directory /var/www/html/pma/>
AuthType Basic
AuthName "Restricted"
AuthUserFile /etc/phpMyAdmin/.htpasswd
Require valid-user
</Directory>
EOF
Create auth file
htpasswd -c /etc/phpMyAdmin/.htpasswd admin (FYI 'admin' it's the username)
To ADD users, just remove the -c flag