Jump to navigation Jump to search

Main Page

25,463 bytes added, 16 July
Collectible Trading Cards
<seo title="" titlemode=Links!"append" keywords="linux wiki,lamp wiki,Mike Jung" description="A wiki created and maintained by Mike Jung. The wiki covers most of the LAMP stack,cPanel, as well as Windows tuning with a focus on performance and optimization of all the things"></seo>
http://==Wiki Landing Page==Hello there! My name is Mike Jung and this is my wiki.churchoftheinterwebzI hope some of the information here will help someone out or teach them something
I realize you are likely here for technical content, which is exactly why you should check out these scanned vintage '''[[Real photo postcards]] from the 1900s''', some of them are kinda cool actually!
== Wiki Navigation and Page List ==
== "Can you take a look at my server and tell me what's going on?"=Collectible Trading Cards===
===Starting Points===This section covers various collectable trading cards from the 1990s and 2000s as well as collectable trading card games such as Pokemon, Yu-Gi-Oh and Magic the Gathering. Many of these artists have done work for major comic book companies, movies, tv shows and other forms of media that have enhanced our lives over the years.
*[[Mike Ploog]] - Mike Ploog is a famous comic artist that has worked on countless movies, comics, tv shows and other works.  *[[Tim and Greg Hildebrandt]] - These two brothers have created Star Wars movie posters, drawn countless X-Men, worked on LOTR and countless other epic things, check out their work!  *[[Lady Death]] - Very badass stuff!  *[[1992 Boris Series 2 Trading Cards]] - Adult Fantasy Art. Mind blowing to say the least!  *[[Boris 3 Prism Trading Cards]] - The 3rd series from Boris Vallejo, featuring epic art and prism colors!  *[[Yu-Gi-Oh! Trading Cards]] - Check out these rare and cool looking cards! *[[1993 SkyBox DC Cosmic Teams]] - One of my favorite trading card series from DC / SkyBox from the early 1990s, check out the cool holograms!  *[[Deathwatch2000 Collectible Trading Cards]] - Excellent sci fi series from 1993, brutal! *[[Mighty Morphin Power Rangers]] - If you're a millennial, surely you must know about the power rangers! ===Hearthstone=== *[[Legendary Ramp Druid]] - If you like Hearthstone, Legendary cards, and playing a Druid, visit this page! ===Windows 8.1 Utilities and Windows Tech Preview 10=== *[[MPC-HC Audio Configuration]] - While this page focuses on configuring MPC-HC for the best audio quality, it can still be used to configure Windows 8.1 audio for high end sound cards and speakers such as the Logitech Z 906 speakers and the Sound Blaster Z sound card.  *[[Windows 10 Tech Preview]] - Currently testing out Windows 10 Tech Preview, Build 9926. This wiki page will eventually have tons of information and updates on Windows 10. *[[CrystalDiskMark]] - A beginner guide on how to use CrystalDiskMark to benchmark your HDD or SSD. *[[S3 Browser]] - S3 Browser is similar to an FTP client, but it speaks to a REST endpoint of an S3 compatible Object Storage service. AWS S3 is supported, but other compatible Object Storage services are also supported. *[[MSI Afterburner]] - MSI Afterburner configuration guide / walk through with screenshots that explain how to do stuff with afterburner, like select GPU usage in OSD. *[[Virtualbox]] - Various tips and tricks relating to VirtualBox, which allows you to run virtual machines on Windows hosts. === GPU and Video Decoding Stuff (madVR, CUDA, MPC-HC) === *[[How_to_use_Geekbench_on_Windows_10|Geekbench4]] - How to use GeekBench4 to measure CPU and GPU compute performance.  *[[Nvidia Noise Reduction]] - Nvidia Noise Reduction reduces noise during video playback, how much does this improve quality? Not a ton, in some cases, anyway, check out the page for more info.  *[[Nvidia Edge Enhancement]] - Ever wonder if the Nvidia Video settings make much of a difference in terms of video quality? Turns out it can make a huge difference! This page focuses on Nvidia Edge Enhancements *[[MPC-HC Video Decoder Comparison]] - Screenshot comparisons between MPC-HC's default Video Decoder (DXVA) and CUVID. If you have a Nvidia GPU and want to make sure you have the best video quality, check out this page! *[[DyingLight]] - Some PC screenshots of DyingLight, using Nvidia DSR with a GTX 970. DSR does improve quality, but is very costly in terms of performance.  *[[MadVR Image Doubling 720p]] - 720p madVR Image Doubling screenshot comparison page for 720p video playback *[[Windows 8.1 MPC-HC and MadVR Setup Guide]] - A Windows 8.1 based guide on how to properly configure MPC-HC (media player classic home cinema) to work with MadVR as the video renderer. This setup guide includes images for each of the steps and explanations of the main mpc-hc and madvr settings.  *[[CUDA]] - GPUs are on track to control the global population. CUDA is how the matrix started. It'Who s pretty cool though, CUDA allows a GPU to accelerate some types of processing that previously only the CPU could compute.  *[[DXVA2]] - A quick article that explains what DXVA2 is and how it interacts with a GPU during the video playback process.  *[[MadVR]] - MadVR MPC-HC wiki containing optimization tips and benchmarks for Chroma Upscaling, Image Doubling, Image Upscaling, Image downscaling and many other configuration settings.  *[[PotPlayer]] - PotPlayer wiki about how to install, configure and optimize potplayer using MadVR, CUDA and GPU magic *[[PotPlayer Advanced Configuration]] - Slightly more detailed than the main PotPlayer wiki.  *[[DirectShow]] - What is directshow? What does directshow do? Want to learn more about directshow? Then please visit this page! *[[MadVR Chroma Upscaling]] - MadVR Chroma Upscaling performance results and general information on the best scaling algorithm to use to upscale Chroma with MadVR. *[[Error Diffusion Dithering]] - madVR includes some advanced dithering options which utilize a DX 11 GPU.  *[[MadVR Chroma Upscaling 720p Image Quality]] - Screenshots of all the madVR Chroma Upscaling options using a 720p video *[[MadVR Chroma Upscaling 1080p Image Quality]] - Screenshots of all the madVR Chroma Upscaling options using a 1080p video *[[MadVR Image Doubling 720p]] - Screenshots of all the madVR Resolution Doubling options using a 720p video *[[MadVR Image Upscaling]] - Screenshots of all the madVR Image Upscaling options using a 720p video *[[MadVR Processing Settings]] - Guide that covers some of the madVR processing settings *[[Nnedi3]] - madVR recently added the ability to use NNEDI3 to improve video quality, this wiki covers how to configure this. ===cPanel Stuff=== *[[EasyApache 4]] -- cPanel EasyApache 4 guide *[[CloudLinux]] -- Overview on what CloudLinux is and the types of resources that it limits for cpanel users.  *[[CPanel]] - Main cPanel wiki *[[PHP Handlers]] - How to change cPanel's main PHP handler via CLI and via WHM. *[[Whmcs plugin|LiquidWeb WHMCS Plugin]] - A FREE WHMCS plugin created by [ ModulesGarden] that allows anyone to resell SSD VPS servers, or whatever kind of servers you want. Basically this plugin is a Cloud Business in a box and it's free. *[[CPanel Statistics Software]] - Learn how to configure cPanel to process logs and bandwidth during low traffic hours of the day. This reduces the amount of Apache restarts. *[[Whmcs 6]] - Need help installing and configuring WHMCS 6? Visit this page! *[[Ioncube loader]] - Are you getting ioncube loader errors or encountering version issues? Visit my ioncube loader page to learn more! === Webserver Stuff === *[[Litespeed]] - Information about the litespeed webserver installation process and how to correctly configure litespeed on a cpanel server.  *[[Apache]] - Do you like websites?You can thank Apache! It's the most common webserver around. Nginx is gaining some steam, but Apache is still pretty awesome! *[[GooglePageSpeed]] - How to install and configure the mod_pagespeed module with Apache, in addition, and really importantly, How to install Google's mod_pagespeed on a cPanel server via Easy Apache. lol *[[WordPress Optimization]] - Guide on how to optimize a server for wordpress. Includes Apache Event configuration, PHP-FPM configuration, MySQL configuration and lots more!  *[[Application Optimization]] - General website optimization guide === MySQL, PHP and Caching === *[[PHP 7]] - This wiki page is still being worked on, but it will focus specifically on PHP 7 and how awesome it is. *[[PHP MySQL Extensions]] - Also still in the works, will focus specifically on the MySQL extensions for PHP. *[[Memcached]] - Caching makes everything faster! I like fast things, so I use memcached a lot and you should use memcached too! I'll show you how to use memcached to improve website load time and reduce latency when connecting to a database! All of this can be done if you know how to tame the mythical beast know as memcached.  <pre>*[[PHP_OPcache]] - Do you like fast things? Want to make PHP faster? Use opcode caching. For your health! w<*[[fcgid]] - FastCGI will make ur blog faster! Maybe, if you know how to configure Apache to use FastCGI to proxy PHP requests to a dedicated PHP process! If you want to learn more about using the FCGI handler on cpanel, please check out this page! *[[Php-fpm]] - Speaking of awesome...PHP-FPM is here. Are you still using mod_php and wondering why apche is slow? It's because you are doing php wrong! Check out this page for information on how to install, tune, and optimize php-fpm with apache *[[Varnish]] - Varnish can be an excellent way to improve your website's response times by caching the most used static content, like images, varnish is able to significantly reduce the amount of work that apache has to do. *[[MySQL]] - Learn all about the various my.cnf settings for MySQL 5.5 and MySQL 5.6. This page is less focused on optimizations, and more focused on covering the best practices for configuring a server to handle MySQL. *[[MediaWiki Performance Tweaks]] - I use MediaWiki, if you can't tell already. I've created a page that lists all the caching settings /pre>configurations to make this site somewhat fast.  *[[HHVM]] - Facebook's attempt to take PHP to the next level. HHVM uses a JIT compiler to significantly reduce the amount of resources it takes to interpret and run a PHP script. === Monitoring and Analysis === *[[Cloud Performance Tuning]] - High response times got you bummed out? Slow website? Fear not!  *[[Newrelic]] - Newrelic is pretty awesome. They offer a free tier which lets you monitor server resources for 24 hours. You can also utilize APM which is an application monitoring services which shows the response time if your application and database. If you are looking for common Newrelic agent commands or need help troubleshooting Newrelic's agents, check out this page!  *[[Sysdig]] - Looking for a utility that will provide insight into application and Linux performance? Sysdig is your tool! I really like it and find it pretty useful so I made a wiki!  *[[Sysstat]] - Sysstat contains sar which is used to record server resource usage over the course of each day. Sar is really helpful if you care about server performance so knowing how to view data like swap in and swap out activity is critical. === Browser and Front End === *[[Chrome]] - A list of tweaks (flags) that you can enable in the Chrome and Chromium web browsers which can help to speed up performance. Useful if you notice slow, laggy websites and want to speed up your browser. *[[HTTP 2.0]] - Still in creation mode, this wiki will eventually contain all kinds of information on the new HTTP 2.0 protocol.
'''Show top processes*[[Browser Caching]] - .htaccess examples for how to enable browser caching of images and static files.'''<pre>top -c</pre>
'''Load averages.'''<pre>sar -q</pre>=== Benchmarking and Performance Tuning Stuff ===
'''Ram usage*[[Cloud Performance Tuning]] -- Learn how to diagnose and fix performance issues..'''<pre>sar -r</pre> the cloud!
'''I/O wait'''<pre>sar *[[Benchmarking]] -s</pre>- A linux benchmarking reference wiki with many example commands and explanations for sysbench, fio, iozone and ioping tests.
*[[Sysbench]] -- Similar to the benchmarking wiki but with 100% focus on sysbench and how to benchmark vps and cloud servers.
'''SHOW ME ALL THE THINGS'''<pre>HTTPD='/usr/local/apache/conf/httpd.conf'; PHP=`php -i | grep php.ini | grep "Configuration" | cut -d ">" -f2 | cut -c 2- | tail -n 1`; MYSQL='/etc/my.cnf'; IOSTAT=( $(iostat 1 2 | grep iowait -A1 | awk '{print $4}' | grep -v system) ); echo -e "\n=== SERVER STATS ===\n"; echo -e "Host: `hostname`"; echo "CPUs: `cat /proc/cpuinfo | grep processor -c`"; echo "I/O Wait: `echo ${IOSTAT*[[1Google PerfKitBenchmarker]]}`"; echo -e "\n=== Disk Space Usage ===\n"; df -h; echo -e "\n=== MySQL Database queries ===\n"; mysqladmin proc stat; echo -e "\n=== Exim Stats ===\n"; echo -e "Emails in queue: `exim -bpc`"; echo -e "Exim procs: `ps faux | grep exim -c`"; echo -e "\n=== Number of SYN connections ===\n"; netstat -nap | grep SYN | wc -l; echo -e "\n=== Top 10 SYN Flood Conections ===\n"; netstat -tn 2>/dev/null | grep SYN | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head; echo -e "\n=== PHP Info ===\n"; egrep 'max_execution_time|max_input_time|memory_limit' $PHP; echo -e "\n=== Number of Apache Processes ===\n"; ps faux | grep httpd -c | grep -v grep; echo -e "\n=== Top 10 connections How to apache ===\n"; netstat -tn 2>/dev/null | grep :80 | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head; echo -e "\n=== Current Memory Usage ===\n"; free -m; echo -e "\n=== Apache Configuation ===\n"; httpd -V | grep MPM; egrep 'MaxClients|KeepAlive|MaxRequestsPerChild|Timeout|Servers|Threads|ServerLimit' $HTTPD | grep -v SSL; echo -e "\n=== MySQL Configuration ===\n"; grep max_connections $MYSQL;</pre>install, configure and run benchmarks with Google PerfKitBenchmarker.
===Apache===*[[Phoronix Test Suite]] -- How to install Phoronix Test Suite on CentOS and Ubuntu. Examples on how to use the test suite and an overview on what each test does.
*[[OS Tuning]] - You can'''Apache Status'''<pre>/usr/bin/lynx -dump -width 500 http://127t tune an application until you tune the operating system.0.0Check out my OS system tuning wiki for tips and tricks on speeding up your slow CentOS server.1/whm-server-status | less</pre>
'''Apache connection'''<pre>/usr/bin/lynx -dump -width 500 | awk '{print $11" "$12}'| awk NF |grep *[[0-9Performance Troubleshooting Methodologies].[0-9].[0-9]How to analyze resource usage on a Linux box.[0-9]|sort|uniq -c|sort -n|tail -50</pre>
'''Check settings in httpd.conf. Added +160 usually located around that line number.'''<pre>vim /usr/local/apache/conf/httpd.conf +160</pre>*[[Dmcache]] - Caching, SSDs, what could be better? What about using SSDs to cache your slow as balls hdds? Learn how to by checking out this dmcache wiki!
'''Think Apache is causing server to go OOM? Check PHP memory limit. If it's above 32M ask client if they need it this high.'''<pre>grep memory_limit *[[NUMA]] - http:/usr/local/lib/phpwiki.mikejung.ini<biz/pre>NUMA
'''Find all users php.ini files.'''<pre>find /home/*/public_html/* [[Siege]] -name php.ini</pre>Learn how to compile siege so you can test website performance on http and https websites
'''Dos Script'''<pre>netstat *[[VMware Workstation Player Tuning]] -tn 2>/dev/null | grep Want to learn more about VMware player':80 ' | awk '{print $5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head</pre>s configurations settings?
'''Get a list of top IPs accessing the server (some false positives)'''<pre>tail -n50000 access_log | grep -o "[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}" | sort -n | uniq -c | sort -n</pre>=== Storage and File System Stuff ===
===MySQL===*[[LVM Commands]] - LVM command reference guide. Explains what logical volumes and logical groups are all about and how to create an LVM volume
'''Useful for seeing what queries are doing what*[[Ceph]] - Ceph is a distributed storage system that powers the open cloud and internet of things.Just kidding, it doesn'''<pre>watch -n 1 'mysqladmin proc stat'</pre>t do all that but it is still pretty awesome technology!
'''Check /tmp *[[LSI]] - LSI makes RAID cards. Been around for sess_* filesa long time, recently bought out by seagate. Can mean tables LSI cards are corruptnice, but sometimes slow if you do not configure RAID for performance.'''<pre>ll /tmp/</pre>If you want to add some performance to your RAID, make sure you configured the card correctly!
'''Check *[[DRBD]] - Data replicating block device, aka DRBD has been a heavyweight in the logscloud storage wars for a while now.'''<pre>/var/lib/mysql/examplehostnameYou got Ceph in one corner, OCFS2 in another, RAID (for backups) and DRBD. DRBD can be tricky to configure and even if you get it to work it might still be somewhat slow. I have created a wiki that covers some basic performance tuning for DRBD.err</pre>
*[[Big Data]] - Main page that links to topics like Cassandra and Hadoop.
'''Then check MySQL settings'''<pre>vim /etc/my.cnf</pre>===Linux Kernel Stuff===
== Network Stuff ==*[[Sysctl tweaks]] - hackin yo kernel with sysctl
New server missing some IPs it was supposed *[[Linux documentaries]] - Page with links to come with?various Linux and Unix documentaries
<pre> service ipaliases restart</pre>*[[Software RAID]] - How to use mdadm and configure software RAID on Linux
<pre> /scripts/rebuildippool</pre>*[[Ubuntu]] - General wiki for how to do things on Ubuntu.
'''*[[Ubuntu Networking'''Performance Tuning]] - Ubuntu performance tuning page, how to optimize for an SSD
Where all the nics are actually configured:<pre>vim /etc/udev/rules.d/70-persistent-net.rules</pre>=== Other Stuff ===
Bonding info<pre>cat /proc/net/bonding/bond0</pre>*[[How to install Glibc-2.15 on CentOS6]] - CentOS 6 has old versions of everything, especially glibc. This guide shows you how to install an additional new version!
Interface config<pre>vim /etc/network/interfaces</pre>*[[Firewalld]] - Are you used to iptables and hate firewalld? It's ok, I feel your pain! Firewalld is actually pretty easy to use so if you're running CentOS 7 or Redhat 7 please visit this page.
== MySQL ==*[[Hearthstone Combo Guide]] - I'm a Hearthstone nub, so I made a wiki on how to build a deck that will at least give you some options when it comes to minion combinations.
=== One Liners ===*[[Real photo postcards]] - Totally random old picture post card wiki. Completely unrelated to anything that has to do with the internet.
See MySQL status*[[CentOS 7]] - Main page for CentOS 7 which includes all kinds of performance tweaks for the 3. Updates every 1 s10 kernel or newer.
<pre>watch *[[Load Balancing]] -n 1 Learn more about the Stingray / Riverbed Traffic Manager! It'mysqladmin proc stat'</pre>s pretty cool and has a ton of options, if you are looking for some load balancing information, check out the wiki!
Optimize Tables.*[[How to save bash directory location]] - Bashmarks Is a simple tool that allows you to save directory locations and then later return to them using extremely simple commands that even tab complete!
<pre>for i in $(mysql *[[Cassandra]] -e "show databases;" | sed 's/Database//') ; do for each in $(mysql -e "use $i; show tables;" \| sed 's/TablesCassandra is a NOSQL like DB that Apache made. This wiki contains general information about what Cassandra is, how it works and details on the topology.*//' ;) ; do mysql -e "use $i ; optimize table $each" ; done ; done</pre>
MySQL check that will: check all databases*[[Hadoop]] - Also NoSQL like, analyze, optimize and repair. Pretty useful, usually safehadoop is great for running batch jobs against a large amount of data.
<pre>mysqlcheck *[[Gcc CentOS]] -Aaor</pre>Why is GCC always old on CentOS? Why does CentOS always ship old software? I do not know, but I can show you how to update GCC on CentOS if you visit the GCC CENTOS wiki!
Dump a database.<pre>mysqldump database > database.sql</pre>*[[MySQL Optimization]] - How to optimize MySQL
Import a database*[[ISCSI Commands]] - Some commonly used Linux ISCSI commands.<pre>mysql database < database.sql</pre>
Connect to a database.<pre>mysql *[[Networking]] -u user -h ip -p databasename</pre>Linux Networking wiki
===Viewing *[[Hardware]] - Wiki that covers SSDs, PCIe Flash SSDs, RAID cards and Deleting Tables other types of server hardware. Includes tips and Databases===Look at databases tweaks to improve performance and tablesstability.
<pre>mysql> use databasename;> show tables;</pre>*[[Security]] - Basic ways to secure your server and website. How to track down malicious files and how to clean up a hacked website.
Drop (delete) a database. Can be useful if importing a database and it gives you an error.*[[R1soft]] - Idera / R1soft backup manager overview
<pre>mysql> drop database databasename;</pre>*[[Processor]] - Basic information about CPUs and how they work
=== Optimization Scripts ===*[[ApacheTheory]] - Information about how Apache works, how to optimize Apache and an explanation on the role of Apache.
While *[[Logs]] - A list of where the default configs here common cPanel log locations are a good starting point. These scripts will help in finding any issues with the users current MySQL configand what type of information they hold.
Note: I like to run these like : '/scripts/ > /root/tuning-primer.txt*[[nSysstat]' This saves the output] - sysstat includes sar, so you don'tfeel compelled to add it as a note to a ticket or admin comments. You can also use it to compare the results after 48 hours.This which is a great way to document these changes.awesome
wget -O /scripts/ chmod +x /scripts/ /scripts/ == for loop example script ==
*[[How to create a for loop script]] If is downyou want to become a linux wizard and master the art of for loops, try:check out this page!
wget -O /scripts/ == Sed ==
wget -O /scripts'''Add a word to the begining of a line'''<pre>sed 's/ http:^/$Wordtoadd/mysqltuner' > sorted_original.pltxt chmod +x </scripts/ /scripts/mysqltuner.plpre>
== Linux commands to check for DDoS and excessive connections ==
===Upgrading MySQL==={{Box Warning| This section is being merged into the main Apache wiki which can be found '''If they are upgrading from 4[http://wiki.0 to 5mikejung.0 or 5.1 or from 4.1 to 5.1 please incrementally upgrade and then run a mysqlcheck -Agr during the upgrade to the next versionbiz/Apache#How_to_check_for_excessive_connections_to_Apache here]''' (If old current MySQL version is pre-5.x, just do mysqlcheck -Ar)}}
If pre-MySQL 5.0== Web Permissions | Files =='''Default Web Permissions NOTE: MAKE SURE YOU ARE IN A public_html directory!!!!!!'''
mysqlcheck find . -Aaortype f -exec chmod 644 {} \;find . -type d -exec chmod 755 {} \;
If MySQL 5.0 to 5.1:
'''Find all users php.ini files.'''
mysqlcheck find /home/*/public_html/* -Agrname php.ini
And back up all the databases:== Modules / Directives == '''speling''' mod_speling.c
Once added via Easy Apache, you can simply add these directives to a .htaccess file
mkdir -p /backup/mysqldumpsCheckCaseOnly On cd /backup/mysqldumps for i in $(mysql -e "show databases;" | cut -d ' ' -f2 | grep -v Database); do `mysqldump $i > $i.sql`; doneCheckSpelling On
=== Enabling a Slow Query Log =How To Optimize WordPress==
How to enable For a slow query logdetailed guide, please visit my [[ WordPress Optimization Guide]]
touch /var/lib/mysql/slow.log chown mysql. /var/lib/mysql/slow.log== PHP ==
In the my.cnf file under the mysqld section add this:Install ssh2 Pecl extension
log<pre>yum install libssh2 libssh2-slowdevelpecl install ssh2# You may need to update the channel, if so;pecl channel-queries=/var/lib/mysql/slowupdate
Then restart mysql and you have a slow query logjust;vim /etc/</pre>
If you want Upload issues May need to specify check two files, the first is the number of seconds that indicates a long or slow queryglobal php.ini file, use this line in the next is the modsec file (if applicable)<pre>vim /usr/local/etclib/myphp.cnf :ini
long_query_time upload_tmp_dir = 5/tmpsession.save_path = /tmp
changing 5 to whatever number of seconds you want.----------------------------------------------
vim /usr/local/apache/conf/modsec2/custom.conf
==PHP==SecUploadDir /tmpSecTmpDir /tmp</pre>
===Parse Error===
Parse error: syntax error, unexpected T_STRING
===Force PHP5===
Add to .htaccess:
AddType application/x-httpd-php5 .html .htm
===Apache PHP Handlers=Email == How to enable DKIM for a cpanel account *DomainKeys Identified Mail (DKIM) defines a mechanism by which email messages can be cryptographically signed, permitting a signing domain to claim responsibility for the introduction of a message into the mail stream. Message recipients can verify the signature by querying the signer's domain directly to retrieve the appropriate public key, and thereby confirm that the message was attested to by a party in possession of the private key for the signing domain. *To verify that everything is setup correctly you can send an email from an email account on that domain to [email protected] No need to have a subject or body. This service will then reply with a message stating the verification of DKIM, DomainKeys, SPF, SpamAssassin, and Sender-ID. Great tool to test all kinds of email verification systems.
Can use this command to change owner and groupTo install on a cPanel server:
chown -R user:group /directoryusr/local/cpanel/bin/dkim_keys_install </preusername>
===Install Zip from source===or
<pre>cd for i in `ls /usrvar/localcpanel/srcwget http:users`; do /usr/pecl.php.netlocal/getcpanel/zip-1.10.2.tgztar -zxvf zip-1.10.2.tgzcd zip-*phpize.bin/configuremake && make installdkim_keys_install $i; done
Install any extension from source:*Add the Policy Record
cd /usr/local/srcwget somthingtar -zxvf something.tgzcd something-*phpize./configuremake && make installecho _domainkey IN TXT "extension t=y; o=~; n= somethingInterim Sending Domain Policy; [email protected].socom" >> /etc/php.ini
May need to do these additional steps'''General webmail and email permission guidelines for cPanel servers''' Below are some baseline permissions that should be used with Exim and Dovecot'''/home/user/etc/'''
cd /usr/local/src/php-5domain.2.11make cleancom file should have:php -i | grep configure | sed s/\'//g | sed s/'Configure Command => '//gpermissions:add --enable-zip to output750makeownership:make installusername:mail
==DSO== Ownership - permissions should be 755'''/home/user/etc/'''
Ownership - shadowpermissions should be 755:640<pre>ownership:
==Email=='''/home/user/mail/'''<pre>700 user:user cur/751 user:user user:user anything else</pre>
 ===Email If email accounts are not showing up in cPanel.=== Check for a specific cpanel user be sure to check '''/home/$user/etc Make ''' to make sure the passwd file and shadow file have proper permissions also make sure they are located in
===Horde=== If all the permissions are correct and the directories are owned by the user, try restarting cpanel mail services to see if this helps resolve the issue.  
CanIf you run into a Roundcube error like "unable to connect to database", the best thing to do is to drop the database, then re-install roundcube, which automatically re-creates the db. '''Make sure you backup the database before you drop it, or else you risk lots of possible data loss't find file: 'horde_sessionhandler.MYI'
cd /etchome/inittemp mysqldump roundcube > roundcube.d/mysqld stopsql rm /var/lib/mysql-e "drop database roundcube;" /hordeusr/horde_sessionhandler.frmlocal/etccpanel/init.dbin/mysqld start mysql>>CREATE TABLE horde_sessionhandler (session_id VARCHAR(32) NOT NULL, session_lastmodified INT NOT NULL, session_data LONGBLOB, PRIMARY KEY (session_id)) ENGINE = InnoDB; >GRANT SELECT, INSERT, UPDATE, DELETE ON horde_sessionhandler TO [email protected];update-roundcube --force
 ===Spam=== Find If you are running into spam issues you can run the command below to find top sending IPs in exim logs:<prestyle="white-space: pre-wrap; white-space: -moz-pre-wrap; white-space: -pre-wrap; white-space: -o-pre-wrap; word-wrap: break-word;">
grep "SMTP connection from" /var/log/exim_mainlog |grep "connection count" |awk '{print $7}' |cut -d ":" -f 1 |cut -d "[" -f 2 |cut -d "]" -f 1 |sort -n |uniq -c | sort -n
===Relaying=FTP == If you are having issues with Proftp connections or with authentication. Check the Proftp configuration file below and make sure that "AuthPAM" is actually on. <pre>vim /etc/proftpd.confAuthPAM on</pre>
Add relaying from another server:If you want to make sure PureFTP is using FTPES, edit /etc/pure-ftpd.conf and uncomment (enable) the PassivePortRange line, like below.<pre># Port range for passive connections replies. - for firewalling.PassivePortRange 30000 50000</pre> APF - /etc/apf/conf.apf<pre># Common ingress (inbound) TCP portsIG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,30000_50000"
Add the IP to the # Common egress (outbound) TCP portsEG_TCP_CPORTS="remote service IPs21,25,80,443,43,30000_50000" in cPanel</pre>
Find Spam in the queue:CSF - /etc/csf/csf.conf
egrep -l # Allow incoming TCP portsTCP_IN = "user20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000" # Allow outgoing TCP portsTCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703,30000:50000" /var/spool/clientmqueue/Q* | wc -l
To search for available packages:If you are encountering vsftp timeout issues or strange dns like issues with vsftp check the vsftpd configuration file and make sure that reverse_lookup_enable is set to no
yum search example/etc/vsftpd/vsftpd.conf: reverse_lookup_enable=NO
Find packages == Nginx == '''Common configuration settings''' *The main configuration file to edit is /etc/nginx/nginx.conf, which by default also reaches out to include any additional configuration files in the conf.d directory and where they lead any virtual host files in the sites-enabled directory. * *'''worker_processes''' in /etc/nginx/nginx.conf. This should be equal to:the amount of CPU cores the server has.
rpm -qa | grep exampleworker_processes $CPUs;
*'''worker_connections''' defines how many connections each worker process is allowed to handle
*'''worker_processes x worker_connections''' tells the maximum amount of HTTP connections possible at any moment
'''File cache settings'''
rpm -ql examplehttp {[...] ## # File Cache Settings ##  open_file_cache max=5000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on;
===Java '''Gzip''' This will compress content at the expense of a little extra CPU, but it will save a lot of bandwidth.<pre>gzip on;gzip_disable "msie6";gzip_min_length 1100;gzip_vary on;gzip_proxied any;gzip_buffers 16 8k;gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/rss+ Tomcat===xml text/javascript image/svg+xml application/x-font-ttf font/opentype application/;</pre>
Regular install'''Conflicting Server Name Error''' Check for duplicates/system users:
yum install javagrep -1i domain.6.0-openjdk.x86_64com /var/cpanel/users/*</pre> If there is a domain entry owned by "system" remove this file:<pre>yum install tomcat5rm /var/cpanel/users/system
Stripped down server installThen run:
yum install tomcat5yum install java-1.6.0-openjdk.x86_64yum install tomcat5-webapps.x86_64yum install httpd-devel.x86_64cdwget http:/scripts/ -zxvf tomcat-connectors-1.2.32-src.tar.gzcd tomcat-connectors-1.2.32-srccd native/./configure --with-apxs=/usr/sbin/apxsmakemake installvim /etc/httpd/conf/httpd.confadd LoadModule jk_module modules/mod_jk.sohttpd -M or /etc/init.d/httpd -lrebuildnginxvhost
==ApachecPanel Tips and Tricks ==
'''Configuration file, lots of settings can be changed here:httpd.conf domain errors?'''
vim info [rebuildhttpdconf] Unable to determine group for $username, skipping domain $ Check /usrvar/localcpanel/apacheuserdata/conf$user/$domain.comMake sure group: is set correctly/scripts/rebuildhttpdconfservice httpd.confrestart
'''Includes (external settings that Apache reads in case the conf was rebuilt)'''Exclude files from being updated.
cd vim /usretc/local/apache/conf/includescpanelsync.exclude
Then add the absolute path for the file. An example would be Roundcube webmail settings: /usr/local/cpanel/base/3rdparty/roundcube/config/ '''Check for a basic DosDatabases listed in Cpanel, or heavy traffic:but do not actually exist''' Check the following files and remove any users / dbs that do not exist:
netstat -tn 2>/devvar/null | grep ':80 ' | awk '{print cpanel/databases/ $user.cache$5}' | cut -f1 -d: | sort | uniq -c | sort -rn | head user.yaml
'''Count the processes:spamd issues'''
ps aux | grep httpd | wc /scripts/perlinstaller IO::Socket::IP -lps aux | grep php | wc -lforce
== DNS ==
==OCFS2 and SAN==Disable zone transfers with named.conf<pre>acl can_axfr {;}; options { allow-recursion { trusted; }; allow-transfer { can_axfr; };};</pre> '''WARNING: key file (/etc/rndc.key)'''<pre>service named stopmv /etc/rndc.conf /etc/rndc.conf.OLDservice named start</pre>
cPanel not working for some accounts on some servers:== NFS ==
chgrp user yum install nfs*mkdir /var$whatever/cpanelyou/userswant/usernameto/share vim /etc/proftpdexportsadded:/$whatever/you/want/to/share $IPADDY/Subnetmask(rw,no_root_squash,subtree_check) /etc/init.d/nfs start/etc/init.d/nfslock start/usernameetc/init.d/rpcbind start/etc/init.d/rpcidmapd restart vim /etc/idmapd.confUncommented / added:Domain = $ chkconfig rpcbind onchkconfig rpcidmapd onchkconfig nfs onchkconfig nfslock on Make sure port 2049 is open as well.
===PureFTP using FTPES===*
Edit /etc/pure-ftpd.conf and uncomment (enable) the PassivePortRange line, like below.This is an example of a default IPTABLES set of rules:
*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]:RH-Firewall-1-INPUT - [0:0]:TRUSTED - [0:0]-A INPUT -j RH-Firewall-1-INPUT-A FORWARD -j RH-Firewall-1-INPUT###Add trusted IPs / hosts / IP blocks here# Port range for passive connections replies##Example would be:-A TRUSTED -s 192. 168.0.0/24-A TRUSTED -s $myhomeIP- for firewallingA TRUSTED -s $someotherserver###END TRUSTED HOSTS SECTION-A RH-Firewall-1-INPUT -i lo -j ACCEPT-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT-A RH-Firewall-1-INPUT -p udp --dport 5353 -d -j ACCEPT-A RH-Firewall-1-INPUT -p udp -m udp --dport 53 -j ACCEPTPassivePortRange -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 53 -j ACCEPT###EXAMPLE FOR ACTIVE/PASSIVE FTP ACCESS FOR TRUSTED HOSTS-A RH-Firewall-1-INPUT -p tcp --dport 21 -j TRUSTED-A RH-Firewall-1-INPUT -p tcp --dport 20 -j TRUSTED-A RH-Firewall-1-INPUT -p tcp --dport 30000 :50000-j TRUSTED###END FTP EXAMPLE-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
APF - /etc/apf/conf.apf == Kernel Stuff == '''Tools and Utilities used to build a kernel'''
# Common ingress (inbound) TCP portsgcc --versionIG_TCP_CPORTS="20,21,22,25,53,80,110,143,443,465,993,995,2082,2083,2084,2086,2087,2095,2096,3306,6666,7786,30000_50000"</pre>*Used to compile the kernel
# Common egress (outbound) TCP ports<pre>EG_TCP_CPORTS="21,25,80,443,43,30000_50000"ld -v
*Tools used to assist when compiling the kernel
make --version
*Used to determine which files are needed to compile the kernel
'''Tools and Utilities to use the kernel'''
fdformat --version
*Used to handle mounting of disks
CSF - /etc/csf/csf.conf
# Allow incoming TCP portsdepmod -VTCP_IN = "20,21,22,25,53,80,110,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000"</pre>*Used to load kernel modules and remove them
# Allow outgoing TCP ports'''File System Tools'''TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,953,2087,2089,2703,30000:50000"<pre>tune2fs
*Used to handle the file systems such as ext4
==Packages / Yum==
Install clamd on a coremanaged server'''Command to see what modules are loaded:'''
yum --disablerepo=\* --enablerepo=epel install clamdlsmod
Adding RPMforge repos'''See all modules, even if they are not loaded:'''
wget -release/rpmforge-release-0.5.2-2.el5.rf.x86_64.rpmrpm --import -K rpmforge-release-0.5.2-2.el5.rf.*.rpmrpm -i rpmforge-release-0.5.2-2.el5.rf.*.rpml
Once this is complete you can now install other packages via yum!
==Load Balanced Troubleshooting=='''Get detailed information on a module:'''<pre>modinfo $module</pre>
===Reboot Process==='''Remove a module (assuming no other dependents are using it):'''<pre>modprobe -r $module </pre> '''See all kernel settings'''<pre>sysctl -a</pre>
Check '''TCP_FIN_TIMEOUT'''This setting determines the time that must elapse before TCP/IP can release a closed connection and reuse its resources. During this TIME_WAIT state, reopening the connection to make sure SAN is mountedthe client costs less than establishing a new connection. By reducing the value of this entry, TCP/IP can release closed connections faster, making more resources available for new connections. Addjust this in the presense of many connections sitting in the TIME_WAIT state:
netstat # echo 30 > /proc/sys/net/ipv4/tcp_fin_timeout(default: 60 seconds, recommended 15-lpn | grep 192.16830 seconds)
Stop OCFS2 before reboot:=== Steps to compile and customize a kernel ===The steps below will download the kernel source, decompress it, then will make the kernel with the default options.
mkdir $place to put the kernelcd $place to put the kernelwget https:/etc/ -dlinux-3.9.tar.xztar -xvf linux-3.9.tarcd linux-3.9/ocfs2 stopmake defconfig
Start OCFS2:From here, we can customize the kernel further.
/etc/init.d/ocfs2 startmake menuconfig
Make sure man is mountedOptions when using menuconfig:
mount | grep san[*] = Selected, if no star then not selected<Y> = Select module to be built into the Kernel<M> = Select module to be built as a module to be loaded, but not built into the kernel
Restart Apache== Postfix == Log location:
service httpd restart/usr/local/psa/var/log/maillog
Find all indexSome one liners to figure out what is in the queue and how to remove bullshit emails.* files then remove bad things 
find /home/*/public_html/ mailq | grep ^[A-name index.* > /root/listZ\|0-9] | awk '{print $7}' | cut [email protected] -f2 | sort | uniq -c | sort -rn | head -15
Once you figure out senders or whatever, you can do something like this to either delete the email or put it in the hold queue
Put in hold queue
for each in `cat /root/list` ; do sed -imailq | grep $someshittydomain.lwbak com | awk 's/Badthing\/script>//g{print $1}' $each ; done| postsuper -h -
Find symlinksDelete the emails
find /home/*/public_html/ -type l mailq | grep $ | awk '{print $1}' | cut postsuper -d / -f3 | sort -nr | uniq -c
'''If these commands dont remove all the emails, you might need to use cut to get rid of the "!" or "*" which sometimes get placed at the end of the email id''' ==Benchmarking Tools =MISC'''Please visit this page for more up to date information'''* == ZFS =='''This section is based off of an excellent guide by Ars.'''* 
'''Nmap'''=== Creating ZFS Pool === This will list available devices to use
Nmap commands:Flags:-s what type of scan-T TCP connectls -S SYNl /dev/disk/by-U UDPid-p scan all the things-PN scan all and pretend they are alive</pre>
TCP scan:Once you determine what devices to use, this command will create the poolnmap <pre>zpool create -sT o ashift=12 $name $raidz_type /dev/disk/by-p id/$$ /dev/disk/by-PN$$ /dev/disk/by-id/$$</pre>
SYN scan:'''NOTE'''nmap * -sS -p -PN ashift=12 means "use 4K blocksizes instead of the default 512 byte blocksizes," which is appropriate on almost all modern
UDP scan:nmap -sU ZFS Commands ===
Versioning UDP scan:This will display raw capacity statusnmap -sUV<pre>zpool list</pre>
XMAS scan:This will display usable statusnmap <pre>zfs list</pre> You can create "filesystems" which are much like pre-sX -p -PN xxxformated paritions or folders.<pre>zfs create $zfs_vol/$folder_name</pre> You can and should create multiple filesystems so that you can manage each partition individually.xxxIf you have groups of content that you seperate already, then it makes sense to create multiple filesystems, such as images, movies, txt files, etc.xxxBy doing this you can take advantage of ZFS's
NULL scan:<pre>nmap -sN -p -PN set compression=on $zfs_vol/textfileszfs set quota=200G $zfs_vol/jpegs
==NginxView CPU Temps in Cent 6.5 == For most new CPUs and Mobos this should be pretty simple to do. For this example, I'm using a newer SuperMicro Motherboard.<pre>## Install the package yum -y install lm_sensors ## Detect the sensors, should be fine to say YES to all the questions sensors-detect ## If everything installed correctly, you should see all the CPU core temps sensors</pre>
===Conflicting Server Name Error===
Check Example output, for duplicates/system users:this example I am using an Intel E5-1650v2
grep coretemp-i domainisa-0000Adapter: ISA adapterPhysical id 0: +47.0°C (high = +80.0°C, crit = +90.0°C) Core 0: +47.0°C (high = +80.0°C, crit = +90.0°C) Core 1: +44.0°C (high = +80.0°C, crit = +90.0°C) Core 2: +41.0°C (high = +80.0°C, crit = +90.0°C) Core 3: +40.0°C (high = +80.0°C, crit = +90.0°C) Core 4: +40.0°C (high = +80.0°C, crit = +90.0°C) Core 5: +39.0°C (high = +80.0°C, crit = /var/cpanel/users/*0°C)
If there == Linux Memory Usage Overview== ** -rss-and-vsz-in-linux-memory-management There are two commonly displayed values for Linux RAM usage. When using a domain entry owned by tool like ps, you often times see VSZ and RSS.  '''VSZ''': "systemVSZ is the Virtual Memory Size. It includes all memory that the process can access, including memory that is swapped out and memory that is from shared libraries." remove this file '''RSS''':"RSS is the Resident Set Size and is used to show how much memory is allocated to that process and is in RAM. It does not include memory that is swapped out. It does include memory from shared libraries as long as the pages from those libraries are actually in memory. It does include all stack and heap memory. *RSS And VSZ do not accurately represent the real RAM usage for a process, they report the total RAM the process would use if it were the only process running, but many processes share memory if they use the same shared libraries. *Shared libraries like libc are commonly used by many different applications, Linux is able to load the library once into RAM, and then multiple processes can re-use the same library at the same time without having to duplicate the library which would use more RAM. Linux is very efficient because of its ability to share libraries among many processes.  You can use pmap to get more specific memory usage information from a process.
rm /var/cpanel/users/systempmap -d $PID
Then runAn example command is:
pmap -d 15441Address Kbytes Mode Offset Device Mapping........00007f574e0a4000 8 rw--- 0000000000003000 0fc:00003 cStringIO.so00007f574e0a6000 20 r-x-- 0000000000000000 0fc:00003 stropmodule.so00007f574e0ab000 2044 ----- 0000000000005000 0fc:00003 stropmodule.so00007f574e2aa000 8 rw--- 0000000000004000 0fc:00003 stropmodule.so00007f574e2ac000 12 r-x-- 0000000000000000 0fc:00003 timemodule.so00007f574e2af000 2048 ----- 0000000000003000 0fc:00003 timemodule.so00007f574e4af000 8 rw--- 0000000000003000 0fc:00003 timemodule.so00007f5754477000 540 rw--- 0000000000000000 000:00000 [ anon ]00007f5754507000 12 rw--- 0000000000000000 000:00000 [ anon ]00007fff09ca1000 112 rw--- 0000000000000000 000:00000 [ stack ]00007fff09dff000 4 r-x-- 0000000000000000 000:00000 [ anon ]ffffffffff600000 4 r-x-- 0000000000000000 000:00000 [ anon ]mapped: 196340K writeable/scripts/rebuildnginxvhostprivate: 9372K shared: 0K
==Hardware Checks and Commands==*The lines that have "r-x--" are considered the code segments.*The lines that have "rw---" are considered the data segments.
Check *The important information here is the "writeable/private" value, which is the incremental cost of the process once you remove all the other shared libraries that were already loaded / can be used by other processes.  Using an Apache process for disk ageanother example:
smartctl -a USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMANDnobody 22696 0.0 4.9 649624 49548 ? Sl 17:45 0:01 \_ /usr/local/apache/devbin/sda | grep Power_On_Hourshttpd -k start -DSSL
===Kaspid issues===*VSZ reports 649624K, or about 634MB*RSS reports 49548K, or about 48MB
Can disableRunning pmap on that PID we see:
vim /boot/grub/grubpmap -d 22696........confacpi=offmapped: 649624K writeable/private: 63292K shared: 184140K
Server will then need to be rebooted*writeable/private: 63292K, or around 63MB, you can see that much of this process is using shared libraries. ==Storm and LiquidWeb API== You can find API documentation at the link listed below.
==cPanel Tips and Tricks==*
Exclude files from being updatedIf you have issues using the Liquid Web API the first step would be to run a simple curl command to make sure you can connect to the API and that are you using the correct user name and password. Please replace '''$API_USER''' and '''$API_PASS''' with your credentials. '''PLEASE be aware that this is not the most secure way to test this, you might want to throw this command into a file and run it that way, otherwise your credentials will be on the server's history, obviously this is not preferred.'''' You can create a temporary API user just to test, then remove the user or update the password.
vim curl https:/etc/cpanelsync$API_USER:[email protected]
Then add the absolute path for the file. An example would be Roundcube webmail settings:== Docker run command line examples ==
'''This command will run a container in interactive mode and will put you in the container as soon as it is started.'''<pre>docker run -i -t -p $IP:$HostPort:$ContainerPort -v $HostDirectory:$ContainerDirectory $Image $Command</usr/local/cpanel/base/3rdparty/roundcube/config/>
==DNS==An Example Command would be if you wanted to run a container with Apache that listens on port 80 in the container, and port 9000 on the host. We will also have the container use a directory on the host so that data persists even if the container is stopped or killed<pre>docker run -p -v /partition1:/parition1 doge/apache:latest /usr/sbin/apache2ctl -D FOREGROUND</pre>
Disable zone transfers with named.conf'''Quick and Dirty script to KILL off all containers'''
acl can_axfr for each in `docker ps | awk '{127.0.0.print $1}'` ;do docker kill $each ; done};</pre>
options {'''Quick and Dirty script to STOP all containers, this is slower than the above command''' allow-recursion { trusted; };<pre> allow-transfer for each in `docker ps | awk '{ can_axfr; print $1}'` ;}do docker stop $each ;done
==Linux Kernel Networking==
A really good article that explains how networking performance in the Linux kernel will need some improvements in the near future. -

Navigation menu