Interesting thing happend today. At about 5 PM I was posting the last article on the site when I noticed that the server started becoming unresponsive. I was at work so there wasn’t much I could do in terms of investigation. See, our network nazis started blocking port 22 a couple years ago when using it for a tunnel. They told me it was a “security risk” but I find that hard to believe. My theory; they couldn’t “see” what was going in and out of the tunnel or what it was being used for (Jabber mostly… they block port 5222 & 5223 as well) so they shut it down. Yet they still allow FTP. I don’t under stand it.

Anyway, back to the issue at hand. So it appeard to be that the server was hung up on something. I checked my other blog and it was working perfectly. It’s not using ExecWrap + PHP like this blog. It’s using Typo, a Rails application. Weird.

When I got home, I logged in and check my memory usage. Seemed about average.

Total: 239 MB   Used: 127 MB   Free: 112 MB

So, I restarted Lighttpd and opened up a browser. Nothing. Server seems unresponsive. I restart it a couple more times. Still nothing. Hmm. I’m stumped at this point. So, I stop lighty, manually kill all the php-cgi processes and ruby processes and start lighttpd back up. Everything is normal now. Good. But, what caused the issue? I looked at all the log files I could think of. Couldn’t find anything anywhere.

I assume it was PHP that was the culprit since once I killed that, the server came back to life. I guess it could have been ExecWrap, but that stuff doesn’t really get logged anywhere (that I’m aware of).

I’ll have to keep my eye on it and see if this starts happening more frequently. So far, everything else has been running smoothly.

I must say, over the couple of years, I’ve been dealing with spam on daily basis. Not only email spam, but comment spam as well. And it’s gotten much much worse over the past year. Dreamhost (my former hosting provider) tried to implement SpamAssassin but it didn’t really work that well. I was still receiving around 5 emails a day that didn’t get caught. I also tried using procmail to process email as it came in, but trying to catch spam at that lever is far to tedious.

I’ve sinve moved my mail over to Google Hosted (which has apparently change to Apps for your Domain). Google’s spam catching has been pretty good thus far with less than 2 emails per day slipping through (it’s actually more than that, but I’m not counting my gmail address that gets delivered to my .org address).

So, what IS this Akismet, anyway?

Akismet is a plugin for Wordpress that acts much like SpamAssassin in that it filters throug the content of a particular comment and holds it for either approval or (in almost all cases) deletion. Akismet has been 100% for me. There have been absolutely no* false positives (spam that’s not really spam). Since I’ve installed the plugin (probably about a year ago), it’s caught *2,166 spam. Hurray for Akismet… thanks!

The way it works is similar to the way RBL checks work for email spam. Each time a comment is submitted, it is sent to the Akismet web service. Akismet then runs a bunch of tests on the comment and “returns a thumbs up or thumbs down.” You have to provide an API Key much like you would with other popular public APIs, but you can get one of those for free (as long as you’re not “making ‘mad paper’” from your site) from the Akismet website.

So, i just wanted to express my dislike for spam and that between Google and Akismet, I rarely have to deal with it. Thanks!

Howto Setup a Virtual Mail Server with Postfix/Postgrey, Courier IMAP and MySQL

I haven’t written this yet, but I should have some good stuff here on how you can set up a mail server using the above. My setup works pretty well at the moment and Greylisting seem to take care of 99% of the spam. Actually, I only have like 3 email accounts setup on the server at the moment and most of the email addresses are relatively new. However, I do see a lot of potential spam hit my SMTP server trying to relay to my .org account (even though my MX record is pointing to Google).

So stay tuned…

Part of my decision to change hosting providers was to expand my knowledge of technologies. I know how to write PHP, SQL and a whole host of other languages. What I was less familiar with was the servers that run them and other parts of a hosting system (mail, dns et al). Switching to a VPS setup allowed me to explore my options in what I would run on my system and fine tune the processes to run under limited resources.

I was already familiar with Apapche and how to set that up with PHP. Apache2 makes it really easy to setup suExec with mod_suphp. Simply add “SuPHP_UserGroup $user $group” to a virtual host and viola, all PHP processes run as that user (as fastcgi). That was great and all, but on a system with limited resources, apache is dog. It sucks up way too much memory. After wetting up my VPS and running all the services, I was up to about 150MB of RAM used. That’s with apache2, php, mysqld, postfix, postgrey, courier-imapd (and ssl), courier-pop3d (and ssl) and mailman (which is another memory hog, but that’s another post) running. Granted 150MB isn’t that bad for a web server, especially if you have an entire system to yourself that has 1 or 2 GB of RAM. I’m on a VPS with a mere 256MB of RAM.

Enter Lighty

Lighttpd is an open source, fast and efficient alternative to Apache. It pretty much does everything Apache does but with a much smaller footprint. Yes, it was a little more difficult to setup, but most of my troubles came from not knowing the Lighty configuration syntax. It’s not hard to master, just different than Apaches familiar tag based config files.

So far, this is what I have running on my VPS:

lighttpd (1.4.11)
php* (5.1.4) (+fastcgi)
mysql (4.1.21)
postfix (2.2.10)
postgrey (1.24)
courier (4.0.4)
openssh (4.3_p2)
tinydns (1.05)
proftpd (1.2.10)

Current memory usage:

Total: 239 MB   Used: 96 MB   Free: 143 MB

UPDATE: I recently added a Typo blog (RoR application) to one of the domains I’m hosting and my memory usage jumped a little… well, a lot really. I’m probably sitting at about 120-130 MB used at the moment.

And now the HOWTO

Configuring lighty wasn’t that hard. The hardest part was figuring out things like setting up rewrite rules for web applications like Wordpress and Gallery2 search engine friendly URLs. The other tricky part was getting ExecWrap (similar to Apache’s suExec wrapper) working properly. Well, it wasn’t that tricky, I just had some settings wrong so it appeard to be tricky. Let’s tackle the ExecWrap part first.

ExecWrap Your PHP

You’ll need to grab, build and install the ExecWrap wrapper first. It’s actually pretty straight forward. The important part is setting the correct permissions on the files involved in this setup (and using the correct UIDs and GIDs for the wrapper). For the sake of this post, I’ll skip that part. If I get enough questions about it, I’ll post a follow up on how to set this up properly.

So, here’s my setting for PHP/FastCGI setup on lighty:

fastcgi.server = (
    ".php"  => ((
            # socket - this needs to be writable by the webserver itself
            "socket"            => "/var/run/fastcgi/fastphp.socket",
            # bin-path - the path to the execwrap script -- see NB below
            "bin-path"          => "/usr/lib/php5/bin/execwrap",
            # check-local - Not 100%, but I'm pretty sure this
            # disables cheking that the local file exists
            "check-local"       => "disable",
            # max-procs - Maximum number of procs to fire up.
            # I'm pretty stingey here, but my site doesn't see
            # a lot of traffic.
            "max-procs"         => 1,
            # bin-environment
            "bin-environment"   => (
                # Howman PHP_CFGI_CHILDREN to start up
                "PHP_FCGI_CHILDREN"     => "4",
                # Maximum request (per child? i dunno)
                "PHP_FCGI_MAX_REQUESTS" => "1000",
                # UID - User ID you want the script to execute as
                "UID"                   => "1000",
                # GID - Group ID you the script to execute as
                "GID"                   => "1000",
                # TARGET - the actual script to run
                "TARGET"                =>  "/usr/lib/php5/bin/randy.php.sh",
                # CHECK_GID - this just checks the GID of the wrapper script
                "CHECK_GID"             => "1"
            ),
            # Copied from another site... not quite sure what it
            # does other than copying those env to $_ENV
            "bin-copy-environment"  => ("PATH", "SHELL", "USER"),
            # Fixes broken $_SERVER['PATH_INFO] I believe
            "broken-scriptfilename" => "enable"
        )
    )
)

The contents of randy.php.sh:

#!/bin/sh
exec /usr/lib/php5/bin/php-cgi

NB: Note that the execwrap script must be executable by lighty and must also have the SUID bit set. Also, the shell script needs to be owned by the user in which you wish to execute PHP as (in my case, my username). Also note that execwrap can live anywhere you specify when you compiled the script. In my case, I specified in the execwrap_config.h /usr/lib/php5/bin as the path where it will live. The shell script must also live under the same path.

Wordpress & Gallery URLs

Permalinks. The best thing since sliced bread. The applications work flawlessly with Apache (if you can use .htaccess in your setup) but take a little tweaking in lighttpd.

Wordpress

I futzed around with this for several hours trying to get this to work properly. Trying to get my head around regular expressions and all the different possible links used in Wordpress. And it all came back to to a really simple lighttpd setting (which oddly enough, doesn’t involve rewite at all).

server.error-handler-404 = "/content/index.php?error=404"

That’s it. That and make sure your permalinks setting doesn’t contain the /index.php/.

Update: The above solution to Wordpress’ permalinks might not be the best. The fact that it’s using the 404 handler might send a 404 response back to the browser. The other issue to worry about is whether or not this is sending a temporary redirect (301). If you have content indexed by a search engine, this will ruin your page ranking. 2008-06-06

Gallery2

Gallery was a bit more difficult. Well, not really. I ended up doing a little R&D (i.e. Rob & Duplicate) from the gallery2 codex.

url.rewrite = (
    "^/(.*)/Rewrite.txt$" => "/$1/Works.txt",
    "^/gallery/v/(\?.+|\ .)?$" => "/gallery/main.php?g2_view=core.ShowItem",
    "^/gallery/admin[/?]*(.*)$" => "/gallery/main.php?g2_view=core.SiteAdmin&$1",
    "^/gallery/d/([0-9]+)-([0-9]+)/([^\/]+)(\?|\ )?(.*)$" =>
    "/gallery/main.php?g2_view=core.DownloadItem&g2_itemId=$1&g2_serialNumber=$2&$3",
    "^/gallery/v/([^?]+)/slideshow.html" =>
    "/gallery/main.php?g2_view=slideshow.Slideshow&g2_path=$1",
    "^/gallery/v/([^?]+)(\?|\ )?(.*)$" =>
    "/gallery/main.php?g2_view=core.ShowItem&g2_path=$1&$3",
    "^/gallery/c/add/([0-9]+).html" =>
    "/gallery/main.php?g2_view=comment.AddComment&g2_itemId=$1",
    "^/gallery/c/view/([0-9]+).html" =>
    "/gallery/main.php?g2_view=comment.ShowAllComments&g2_itemId=$1",
    "^/gallery/p/(.+)" =>
    "/gallery/main.php?g2_controller=permalinks.Redirect&g2_filename=$1"
)

Make sure you change out the ^/gallery/ parts to where you have Gallery2 installed.

Happy Little VPS

All in all, the VPS is running really smoothly. I have everything I had (thechnology wise) at Dreamhost but with twice the performance. My site is defintely faster on the VPS than it was on Dreamhost.

Stay tuned for more HOWTOs on setting up these things on a Gentoo Arch Linux VPS. I plan on writing something for a Postfix/Courier virtual domain setup at some point. If you find this useful, pass it along. I’d be real interested in seeing how this server performs under a heavy load. Perhaps you Digg it?

Well, in light of all the recent mis-haps over at Dreamhost, I’ve moved my domain to another hosting provider. Dreamhost is a great company and I’ve been using them (off and on) since about 1998 when I registered this domain. Remeber NDN? All those great creative websites and ideas (endquote, iDallas, The Fray, et al) I even have an old Fray t-shirt. I really like Dreamhost and what they represent as a hosting provider and the web community. Nevertheless, I decided to pull the plug on Dreamhost and move on.

Keep reading »