Monthly Archives: September 2014

socket() failed 24: Too many open files) while connecting to upstream, client: server

If your nginx proxy shows such error, it means too many open files on your server and you should increase such values.

worker_rlimit_nofile 16384;

or if you are not on OpenVZ VPS, you can:

vi /etc/security/limits.conf
* hard nofile 500000
* soft nofile 500000
root hard nofile 500000
root soft nofile 500000

if it not works:

vi /etc/pam.d/common-session
session required pam_limits.so

vi /etc/sysctl.conf
fs.file-max = 2097152
sysctl -p

then cat /proc/sys/fs/file-max

Check limits of a running process:
ps aux | grep nginx
cat /proc/nginx_proc_ID/limits

Check limits for nginx user:
su – nginx -c ‘ulimit -aHS’ -s ‘/bin/bash’

ulimit -Hn / ulimit -Sn # this will show hard and soft limits

dnsmasq: setting capabilities failed: Operation not permitted on OpenVZ

Many articles says you hosting administrator should to do this:

vzctl set CTID –capability setuid:on –save
vzctl set CTID –capability net_admin:on –save
vzctl set CTID –capability net_raw:on –save

where CTID is your server ID number

but if you provider don’t want to do this, you can try this:

nohup /usr/sbin/dnsmasq &

nginx as reverse proxy for apache

yum install httpd httpd-devel -y

vi /etc/httpd/conf/httpd.conf
Listen 81
NameVirtualHost 127.0.0.1:81

# Define Server document root
DocumentRoot /var/www/html/

# Define the virtual host

ServerName www.yourwebsite.com
ServerAlias yourwebsite.com
DocumentRoot /var/www/yourwebsite.com

Options FollowSymLinks -Includes
AllowOverride All
Order allow,deny
Allow from all

RewriteEngine on

service httpd restart

vi /etc/yum.repos.d/nginx.repo
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

yum install nginx -y
vi /etc/nginx/nginx.conf

user nobody;
worker_processes 4;
error_log logs/error.log crit;

worker_rlimit_nofile 8192;

events {
worker_connections 1024; # you might need to increase this setting for busy servers
use epoll; # Linux kernels 2.6.x change to epoll
}

http {
server_names_hash_max_size 2048;
server_names_hash_bucket_size 512;

server_tokens off;

include mime.types;
default_type application/octet-stream;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 10;

# Gzip on
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;

# Other configurations
ignore_invalid_headers on;
client_max_body_size 8m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
connection_pool_size 256;
client_header_buffer_size 4k;
large_client_header_buffers 4 32k;
request_pool_size 4k;
output_buffers 4 32k;
postpone_output 1460;

# Cache most accessed static files
open_file_cache max=10000 inactive=10m;
open_file_cache_valid 2m;
open_file_cache_min_uses 1;
open_file_cache_errors on;

# virtual hosts includes
include “/etc/nginx/conf.d/*.conf”;

}

Then lets create some virtuals hosts:

vi /etc/nginx/conf.d/yourwebsite.com.conf

server {
listen 80;
server_name yourwebsite.com yourwebsite.com;
access_log off;
error_log logs/yourwebsite.com-error_log crit;

location ~* .(gif|jpg|jpeg|png|ico|wmv|3gp|avi|mpg|mpeg|mp4|flv|mp3|mid|js|css|html|htm|wml)$ {
root /var/www/yourwebsite.com;
expires 365d;
}

location / {
client_max_body_size 10m;
client_body_buffer_size 128k;

proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_connect_timeout 30s;

proxy_redirect http://www.yourwebsite.com:81 http://www.yourwebsite.com;
proxy_redirect http://yourwebsite.com:81 http://yourwebsite.com;

proxy_pass http://127.0.0.1:81/;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

Also you need mod_rpaf, if you want to see client real IP after proxy.

cd /tmp
wget https://github.com/y-ken/mod_rpaf/archive/master.zip
unzip master.zip
cd mod_rpaf-master/
apxs -i -c -n mod_rpaf-2.0.so mod_rpaf-2.0.c

vi /etc/httpd/conf.d/rpaf.conf

LoadModule rpaf_module modules/mod_rpaf-2.0.so

RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1 YOUR.SERVER.IP

service httpd restart

InnoDB recovery after shutdown unexpectly

check innodb log file size:

-rw-rw—- 1 mysql mysql 100000 Oct20 17:50 ib_logfile0
-rw-rw—- 1 mysql mysql 100000 Oct 20 17:01 ib_logfile1

size is 10000
vi /etc/my.cnf

innodb_force_recovery=6
innodb_log_file_size=100000

service mysql restart
mysqldump -A all_db > all_db.sql

exit recovery mode by removing those two line that has been added
service mysql restart

drop the tables from the databases from backup

centos create PPTP VPN server

#!/bin/bash -x

#
# drewsymo/VPN
#
# Installs a PPTP VPN-only system for CentOS
#
# @package VPN 2.0
# @since VPN 1.0
# @author Drew Morris
# @url http://drewsymo.com/networking/vpn/install-ptpp/
#

# Create UDF Options

## VPN Username
#

## VPN Password
#

## VPN Local IP
#

## VPN Remote IP
#

(

VPN_IP=`curl ipv4.icanhazip.com>/dev/null 2>&1`

yum -y groupinstall “Development Tools”
rpm -Uvh http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
yum -y install policycoreutils policycoreutils
yum -y install ppp pptpd
yum -y update

echo “1” > /proc/sys/net/ipv4/ip_forward
sed -i ‘s/net.ipv4.ip_forward = 0/net.ipv4.ip_forward = 1/g’ /etc/sysctl.conf

sysctl -p /etc/sysctl.conf

echo “localip $VPN_LOCAL” >> /etc/pptpd.conf # Local IP address of your VPN server
echo “remoteip $VPN_REMOTE” >> /etc/pptpd.conf # Scope for your home network

echo “ms-dns 8.8.8.8” >> /etc/ppp/options.pptpd # Google DNS Primary
echo “ms-dns 209.244.0.3” >> /etc/ppp/options.pptpd # Level3 Primary
echo “ms-dns 208.67.222.222” >> /etc/ppp/options.pptpd # OpenDNS Primary

echo “$VPN_USER pptpd $VPN_PASS *” >> /etc/ppp/chap-secrets

service iptables start
echo “iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE” >> /etc/rc.local
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
service iptables save
service iptables restart

service pptpd restart

echo -e ‘\E[37;44m'”\033[1m Installation Log: /var/log/vpn-installer.log \033[0m”
echo -e ‘\E[37;44m'”\033[1m You can now connect to your VPN via your external IP ($VPN_IP)\033[0m”

echo -e ‘\E[37;44m'”\033[1m Username: $VPN_USER\033[0m”
echo -e ‘\E[37;44m'”\033[1m Password: $VPN_PASS\033[0m”

) 2>&1 | tee /var/log/vpn-installer.log