[insert witty tagline here]

Posts in category Website

logrotate: Use it!



I was digging through my virtual hosts looking at log files and noticed that a few of them had pretty massive access logs. One of the more popular sites I run for some friends, American K-Pop Fans, had an access log of 363mb, and I’ve only been running the site for a few weeks! That obviously wasn’t going to work, so I started looking up how to manage log files. I noticed that Apache seemed to do an awesome job of keeping logs organized in /var/log/apache2/ and figured I should be able to model my log cleanliness after them.

After some Googling, I stumbled onto rotatelogs. After fumbling with it, although it’s pretty cool, I discovered that this wasn’t quite what I wanted. I did some more Googling and discovered logrotate, a program built into Linux for managing large amounts of logs. The two almost identical names confused me at first, but the difference became clear pretty fast.

rotatelogs is a really simple program for automatically breaking log files apart when Apache adds an entry. It does this by piping the log file entry through the program which then decides if it needs to create a new log file or can use the existing one. You can choose when to create a new log file based on time or log size. logrotate, on the other hand, is a Linux command-line utility which runs as a cron job every day. It runs all scripts in /etc/logrotate.d/. Looking in that directory, there’s an apache2 script which keeps Apache’s log files nice and tidy. There are also a variety of others, depending on what’s installed.

Both Linode’s logrotate article and Slicehost’s logrotate article helped me setup logrotate for my virtualhosts. Here’s what mine looks like:

1
2
3
4
5
6
7
8
9
10

/srv/www/*/logs/*.log {
	rotate 14
	daily
	compress
	delaycompress
	sharedscripts
	postrotate
		/usr/sbin/apache2ctl graceful > /dev/null
	endscript
}

The idea is pretty simple. Line by line:

  1. I list all of my virtual host log paths. All of my virtual hosts follow the same directory structure, so I can get away with wildcard usage like this.
  2. I tell it that I want to keep 14 days of previous log files.
  3. I tell it that I want it to run daily.
  4. I tell it that I want old log files compressed to save space.
  5. I tell it that it should delay compressing the most recent archived log file.
  6. I tell it that all of the virtual hosts listed on line 1 should be processed before the following script runs.
  7. I tell it to restart Apache gracefully (no open connections will be closed, and old log files won’t be closed immediately). The reason we use delaycompress is because we don’t want to compress the most recent log file until we’re sure Apache is done with it.

That’s it! This simple script maintains all my log files for me so that I don’t have to worry about them growing out of control.

Linux

aptitude install php5-sqlite



This is kind of a mental note, but in order to get SQLite to work with PHP5 under Ubuntu 10.04 LTS, it’s necessary to install the required libraries:

aptitude install php5-sqlite

I’ve been trying to figure out an error regarding my sentinel surveillance site calculator. It uses an SQLite database on the back-end (the same one I provide in this post), and the page was only half loading. As soon as it got to the SQLite calls, it’d just die. The code doesn’t run on my server, and I couldn’t view the logs, so it was kind of tricky to diagnose it. After moving the code over to my server, I very quickly discovered that it was just a lack of the proper PHP SQLite libraries causing the issue. Part of the problem is that the PHP documentation on SQLite3 is extremely vague and makes it sound like PHP ships with SQLite support, so I never thought that might be the issue. Had I just done a simple phpinfo() lookup, this would’ve been painfully obvious. Oops!

Also, I wholeheartedly endorse the Xerial SQLiteJDBC library written by Taro L. Saito for using SQLite databases in Java. It’s very fast, and I haven’t had any problems with bugs. And best of all, unlike Zentus’ SQLiteJDBC library, it’s regularly maintained and updated.

Java, Linux, Programming

WordPress auto update/plugin install FTP error?



New Hosting!

I’ve had web hosting basically since I got into undergrad. I started off using a few free hosts but outgrew those pretty quick. Then I got an account at Dreamhost. They were cheap and did the trick for 3 or 4 years. But, my needs grew. I needed PostgreSQL for some work I was doing for a research assistantship here at UI. Looking around at shared hosts, Media Temple seemed like the next logical choice. Their control panel was pretty nice and flexible, but their hosting wasn’t very fast.  They have been promising a Cluster Server to succeed their Grid for years now, but it’s never happened.  In fact, any updates/progress at Media Temple happened extremely slowly.  It wasn’t until mid-2009 that they finally transitioned to MySQL 5!

Fast forward to this weekend. My MT hosting is set to expire in a few days, so I figured it was time to move on. After looking around, I decided to go with Linode VPS hosting. Their VPS service is exactly what a computer science grad student needs. Their control panel rocks, their documentation rocks, and their community rocks. Speed is excellent (much faster than Media Temple’s Grid). I’m fairly new to the whole *nix server administration thing, so I figured it was time to get my hands wet. I have quite a bit of experience with Ubuntu’s desktop distros, so I chose to go with Ubuntu 10.04 (Lucid Lynx) LTS as my server OS. Having root access is a really great thing.

I spent this weekend setting up, configuring, and securing my server for LAMP stuff. Then I began the migrating process. Luckily, I don’t have much I needed to migrate – just a “simple” WordPress 3.1 install. I put simple in quotes because it turned out to be a little bit of a pain. The initial install and migration was very straightforward. But I had a few issues when I decided to use the built-in plugin installer. What I saw was a screen asking for my FTP login credentials. After a little digging around, this turned out to be because of some wonky permissions problems. I’m writing this blog entry just in case anyone in the future finds it necessary because when Googling, I discovered a lot of the solutions were insecure or sucked.

The Problem

The gist of the problem is this:

  • WordPress checks to see if it has permissions to write files by calling getmyuid() and comparing that UID to the UID of the running process.
  • getmyuid() returns the UID of the script’s owner.  This is almost certainly the Linux user that installed WordPress.
  • Apache instances run as user www-data (on other systems, this may be different).
  • Unless the script’s owner is www-data, these two UIDs will not be the same, so WordPress will decide it doesn’t have the correct permissions.

There are two primary ways to solve this problem.

Solution 1: suPHP

suPHP is a handy Apache module for allowing PHP scripts to execute as the same owner as the script.  It took quite a bit of tinkering to get it working (its documentation is awful), but it did indeed work.  This may seem like the perfect solution at first glance, but there are a few reasons why I decided against it.

  • suPHP replaces mod_php.  If you have multiple VirtualHost entries, suPHP will run on all of these instances.  I’m sure it’s probably possible to enable suPHP on certain sites and mod_php on others, but it’s not trivial.
  • suPHP is reportedly 20-25% slower than mod_php.
  • suPHP can break stuff.  While reading about how to setup/configure suPHP, I ran across a bunch of instances of it breaking phpMyAdmin sites.

suPHP is neat and definitely has applications in a shared hosting situation, but I decided it wasn’t for me.  I wanted to stick with mod_php.

Solution 2: Set Appropriate Permissions

This is the solution I ended up settling on after reading WordPress’ permissions guide and WordPress’ hardening guide. Specifically, this section:

All files should be owned by your user account, and should be writable by you. Any file that needs write access from WordPress should be group-owned by the user account used by the web server.

So what we need to do is group-own the files/directories that WordPress needs access to:

chgrp -R www-data ~/public_html/wordpress/

This gives your web server group permissions on all files/directories in the WordPress directory. I give WordPress group privileges on all files/directories because when WordPress automatically updates, it could potentially change all of these files/directories. You still remain the owner of all file/directories. Note that by default the group user will only have read access to files and only read and execute access on directories. The group user needs to have write access also (it needs to have the same permissions as the user). I change all files to 664 and all directories to 775:

find ~/public_html/wordpress/ -type d -exec chmod 775 {} \;
find ~/public_html/wordpress/ -type f -exec chmod 664 {} \;

Now, the web server has the correct permissions on all WordPress files/directories.

However, we aren’t quite done yet.  If you remember back to the initial problem, WordPress is calling a PHP function that returns the script’s owner’s UID, not the script’s group’s UID.  If you try to update/install something at this point, you’ll still get the FTP credentials error.  There’s one simple fix that needs to be applied.  In wp-config.php, simply add this line:

define('FS_METHOD', 'direct');

This line, kinda described in WordPress’ wp-config.php guide, allows WordPress to bypass the getmyuid() call and simply attempt to write the specified file.  This will fail and will likely add a line in your error logs if the permissions are incorrectly set, but if they’re set properly (which they will be if you followed the above instructions), it’ll finally solve our problem.

That’s it! You can now install plugins and themes from the WordPress Dashboard, and you can now automatically update WordPress.

Linux, PHP, Programming

New Theme!



I quite liked my old WordPress theme, Jillyj, but I decided I needed something new. I found the perfect theme! Tiga is exactly what I was looking for. It’s simple, very configurable (it even has a built-in CSS configuration page!), and it looks great. I was wanting a theme that could take advantage of a wide screen, and Tiga does just that.

What do you think?

It’s been a while



Well, I thought I’d post to say that the new WordPress 2.5 is really neat. The admin dashboard is excellent, and I quite like the changes they’ve made. If you’ve got a site that runs on WordPress and you haven’t upgraded yet, take 5 mins out of your day to do so.

I’ve been busy. I’ve received several bug reports on NextHub which is exciting since it lets me know that people are using it and want it to improve. I graduate from UT in a mere month, and I’m really excited my graduation is finally here. 5 years and 2 degrees later, I’m still truckin’. I guess I did something right.

I’m still waiting to hear back from grad schools. I’ve gotten into 1 school so far, and I’m waiting to hear back from 2 others. I’ll be pursuing a Ph.D. in computer science. I guess undergrad just wasn’t enough torture. :P

Once I graduate this May, I plan to finally resume work on NextHub. First on the list of things to do is fix some annoying bugs, and then I’d like to add some new features and continue improving on things. More info will follow as progress is made. Keep sending in those bug reports, and we’ll get to them soon.

Working your way through college unfortunately doesn’t leave as much time for outside projects as I’d like. More news to come in the upcoming weeks….

General, NextHub

Website Changes!



Well, as you may or may not have noticed, I’ve changed the main page quite a bit. I’ve changed from CuteNews to WordPress. It’s much cleaner, and it looks a whole lot better. It’s going to be easier for me to manage also. This is a really simple layout so far (just using the default WordPress theme), but I like it a lot.

I’ve also done away with the forums that were originally located on this site. They really aren’t necessary when SourceForge offers built-in forums for their projects.

I’m excited! :)

Whoops!



I was just alerted that leaving comments on my site was restricted only to people with an account. I just changed that setting so now anyone can leave comments.  :)

Changing the Site Around



Although I haven’t had too much time to work on FHub recently, I decided to spend a little while changing around the colors/layout of the main site.  How does it look?

Small Update



I did a little behind-the-scenes work today on the site. I changed from phpBB to PunBB, and I’m very pleased. I’m liking this board a whole lot more now. It’s faster and easier on the eye.

As for FHub, progress is coming but slowly. I’ve been working on UPnP and automatic port forwarding. Hopefully that’ll be done soon.

More updates as they’re needed….

NextHub

Redone Layout



Now, I’ve finally started redoing the phyical layout. How are the colors? I know it’s a little bland and can use some graphics, but those’ll have to wait until a little later.

Preliminary screenshots of FHub are coming this weekend! Keep your eyes peeled!

NextHub
Older Entries