If you have a master / slave(s) architecture and you need the master to continuously update the slave(s), the publish/subscribe paradigm can be used. With pub/sub, one application publishes some data to a digital channel. Applications that are interested in receiving the data can subscribe to the …
Fail2Ban brute force protection - custom filter
Fail2Ban is a very small and relatively simple IDS. This tool will scan your logs against predefined patterns and will block abusers.
Fail2Ban uses 3 concepts:
- filters are the regular expressions you want to look for
- actions are the steps you want to take when you find something
- jails are …
Disk I/O / Filesystem Performance Testing
* Disk sector size is 4KB (Advanced Format)
* If you want to test the disk/raid, the output should be a block device (/dev/sda2), not a file
* Understanding Record Size (reclen): IOzone benchmarks a filesystem by breaking up a file of a given size into records, for example if you …
tcp_tw_recycle negative effect on NAT
Due to EADDRINUSE errors, net.ipv4.tcp_tw_recycle was enabled.
Couple days after the change, a strange behavior was observed:
- a SSH connection could not be established from the jump station
(server1) to the proxy nodes
- the performance graphs were still running ok (monitored from
server2)
- both server1 and server2 were …
Server Backup with DRBD (and LVM + Snapshots)
Distributed Replicated Block Device (DRBD) mirrors block devices between multiple hosts via an assigned network to form high availability clusters. The replication is transparent to other applications on the host systems. Any block device hard disks, partitions, RAID devices, logical volumes, etc can be mirrored. DRBD can be understood as …
EADDRINUSE (Address already in use)
The problem: while running a proxy service (squid), customers start getting this error message:
Socket Failure The system returned: (98) Address already in use Squid is unable to create a TCP socket, presumably due to excessive load. Please retry your request.
By checking the logs and running a strace on …
Benchmark your Cloud Server - CPU
The internet is full of IaaS Providers, everybody has now their own Cloud Solution and they're willing to give you a piece (not for free though).
Making the right choice is not an easy task. They all seem to offer similar products for the same price. If you don't need …
HTTP Proxy: Forward vs Transparent
[cc lang='bash']
# transparent
\$ curl www.google.com
GET / HTTP/1.1
User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0
OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
Host: www.google.com
Accept: */*
# the proxy will compute the absolute uri …
Scale PHP Sessions
If you have a large web application running on two or more servers and you're using sessions to track users, you need to ensure that the web server serving the request has access to the user's session data.
There are two ways in doing this: sticky-sessions or shared session store …
Serve PHP via FastCGI in Apache on Ubuntu
The default Apache/PHP setup uses mpm_prefork which starts an Apache process for each HTTP request. Every process has an embedded mod_php interpreter to deliver fast a php page. But not all requests are php pages, there are also a lot of static requests like js, css, images, html and …