Qmail SMTP Relay

If you have a Qmail server and you want to allow a specific IP to send emails (relay) through Qmail all you have to do is to add in /etc/tcprules.d/tcp.smtp :

IP:allow,RELAYCLIENT=””,RBLSMTPD=””,NOP0FCHECK=”0″,DKSIGN=”/var/qmail/control/domainkeys/domain.com/dkim1″

Where IP is the IP of your remote email server. You can even specify something like : aaa.bbb.ccc.:allow,RELAYCLIENT=””

After this you have to run :

tcprules /etc/tcprules.d/tcp.smtp.cdb /etc/tcprules.d/tcp.smtp.tmp < /etc/tcprules.d/tcp.smtp

Nginx + php 5.2.17 + php-fpm

Download the needed packages and store them in /usr/src:

http://us.php.net/distributions/php-5.2.17.tar.gz
http://php-fpm.org/downloads/php-5.2.17-fpm-0.5.14.diff.gz
http://nginx.org/download/nginx-1.1.0.tar.gz

Then run :

tar -xvzf php-5.2.17.tar.gz
gzip -cd php-5.2.17-fpm-0.5.14.diff.gz | sudo patch -d php-5.2.17 -p1
cd php-5.2.17
./configure --enable-fastcgi --enable-fpm --with-mcrypt --with-zlib --enable-mbstring --enable-pdo --with-curl --disable-debug --with-pic --disable-rpath --enable-inline-optimization --with-bz2 --enable-xml --with-zlib --enable-sockets --enable-sysvsem --enable-sysvshm --enable-pcntl --enable-mbregex --with-mhash --with-xsl --enable-zip --with-pcre-regex --with-gd --without-pdo-sqlite --with-pdo-mysql --without-sqlite --with-jpeg-dir=/usr/lib --with-png-dir=/usr/lib --with-mysql --enable-bcmath --enable-calendar --enable-exif --enable-ftp --with-gettext --with-imap --with-mysqli --with-openssl --with-kerberos --with-imap-ssl --enable-dbase --with-gmp --enable-shmop --enable-wddx

make all install

Note that you can add —prefix to install the binaries in a different location than the default one.

After compilation is done :

strip /usr/local/bin/php-cgi
cp sapi/cgi/fpm/php-fpm /etc/init.d/
chmod +x /etc/init.d/php-fpm

cp /usr/src/php-5.2.17/php.ini-recommended /usr/local/lib/php.ini
mkdir /etc/php/
ln -s /usr/local/lib/php.ini /etc/php/php.ini
ln -s /usr/local/etc/php-fpm.conf /etc/php/php-fpm.conf

Make sure you edit /etc/php/php-fpm.conf and set the proper user/group (and permissions if its the case).

Then compile Nginx:

tar zxvf nginx-1.1.0.tar.gz
./configure --sbin-path=/usr/local/sbin --with-http_ssl_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_stub_status_module
make && sudo make install

The same you can modify the –prefix here.

Plesk 10 nginx reverse proxy configuration in front of Apache

Plesk 10 nginx reverse proxy configuration

On older Plesk version (

websrvmng –set-http-port –port=8080

Starting with Plesk 10 this is not so easy since you have to edit a php file called /usr/local/psa/admin/conf/templates/default/domain/domainVirtualHost.php. In my case instead of :

domain->physicalHosting->ipAddress->address ?>:server->webserver->httpsPort : $VAR->server->webserver->httpPort ?>>
ServerName "domain->asciiName ?>:server->webserver->httpsPort : $VAR->server->webserver->httpPort ?>"

I’ve set :

 

<VirtualHost <?php echo $OPT[‘ipAddress’]->escapedAddress ?>:<?php echo $OPT[‘ssl’] ? 8043 : 8080 ?>>
ServerName “<?php echo $VAR->domain->asciiName ?>:<?php echo $OPT[‘ssl’] ? 8043 : 8080 ?>”


Where 8043 will be the new https port and 8080 will be the http port.

After this change I had to run :

/usr/local/psa/admin/bin/httpdmng –reconfigure-all

Note that this is only for Plesk 10.x. On 9.x we used to have

/usr/local/psa/admin/sbin/websrvmng –reconfigure-all

After this make sure that the Apache server has set in its configuration files (/etc/httpd/conf/httpd.conf) Listen 8080 instead of Listen 80. Same thing for the /etc/httpd/conf.d/ssl.conf file, Listen 8043 instead of Listen 443.

Then you need to install nginx (yum install nginx) and download this zip file that these guys provided http://www.grafxsoftware.com/download/nginx/nginx_setup.zip. Furthermore you can check their http://www.grafxsoftware.com/faq.php/HOW-TO-configure-PLESK-with-NGinx-proxy-reverse/1/1/.

Once downloaded run:

sh generate_nginx_conf.sh

Verify with “nginx -t” that there isn’t any error and finally restart the involved services :

service httpd restart
service nginx restart

Make sure that 8043 and 8080 accept connections. (Note that its not necessary to change the https port).

Authentication Token Manipulation Error

You may get an error, such as Authentication Token Manipulation Error, while trying to change passwords for a user. For example:

#passwd user
Authentication Token Manipulation Error
#

This error is being produced because you are using shadowed password files and the shadow doesn’t have entry for this user. i.e, passwd file has an entry for this user, but shadow file doesn’t.

In order to resolve this, you can either add the entry manually or recreate the shadow file. You can use pwconv to recreate the shadow file. See the manpage for more details on this.

How to clear SWAP

It happens for swap to be used from time to time :

root@servcorp:~# free -m
total used free shared buffers cached
Mem: 4011 759 3252 0 4 53
-/+ buffers/cache: 702 3309
Swap: 8191 15 8176

To clear the swap run :

root@servcorp:~# swapoff -a && swapon -a

And free shows :

root@servcorp:~# free -m
total used free shared buffers cached
Mem: 4011 746 3265 0 4 55
-/+ buffers/cache: 686 3325
Swap: 8191 0 8191

Yum and RPM Tricks

This applies to Centos 5.6 but most likely it works on any rpm based distro.

1. It happened many times to mess the permissions of a file and services not to work properly. In order to get fixed I run :

rpm -qf /path/to/file

rpm -ql Lists all files from a package.

This should show the package that contains the modified file. Then I run :

rpm --setperms

Also this command should show a list of modified files within a package:

rpm -V

2. To view the Changelog:

rpm -q --changelog | less

3. View package based on repo:

rpm -qa release="*rf*"

4. Extract just one File:

rpm2cpio logrotate-1.0-1.i386.rpm |cpio -ivd etc/logrotate.conf

5. Query Package Install Order and Dates

rpm -qa --last >~/RPMS_by_Install_Date

6. Query Available Packages from a Repo

Using mod_proxy in Plesk to redirect to a different site

Scenario:

Site1 : www.site.com
Site2 : shop.site2.com

The idea is to make a proxy redirect so if I access www.site.com/shop to be redirected to shop.site2.com and keep the URL in the browser.
This can be done either by using mod_rewrite (if both sites are on the same server) or by using mod_proxy. In my case I had to do this on a Plesk server.

I’ve created in /var/www/vhosts/site.com/conf a file called vhost.conf that contains:

ProxyRequests off
Order deny,allow
Allow from all

ProxyPass /shop http://shop.site2.com
ProxyPassReverse /shop http://shop.site2.com
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1


Order allow,deny
Allow from all

Then I ran:

/usr/local/psa/admin/bin/websrvmng -a -v

Verify httpd.include to see if there is any Include directive.

Now if you go to www.site.com/shop/ you should be redirected to shop.site2.com. Notice the trailing slash after (../shop/). That needs to be there otherwise it won’t load the images properly.

This can be fixed by adding in vhost.conf a Rewrite rule like:
RewriteEngine on
RewriteRule ^/shop$ /shop/ [R]