How to Setup Nginx,PHP5.4, PHP-FPM, MySQL 5.5 On CentOS 6.5 VPS

This post will show you the procedure to setup Nginx, PHP5.4, PHP-FPM and MySQL 5.5 On CentOS 6.5 Virtual private server(VPS). You need to setup the required repo such as EPEL, Remi and also the NGINX repo.

What is NGINX ?

NGINX is an alternate web server for Apache. Nginx is an open source web server and a reverse proxy server for HTTP, SMTP, POP3 and IMAP protocols. Many websites and the web developer have moved to NGINX because it’s scalable, low resources, can handle many users concurrency and good website performance. Now it still third most popular web server in the world and it serve just over 14% of all hostnames.

What is PHP(PHP-FPM) ?

PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-purpose scripting language. PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.

What is MySQL ?

MySQL Database server is one of the most popular used database in the internet especially for content management and blogging site.

Steps to setup Nginx,PHP5.4, PHP-FPM, MySQL 5.5 On CentOS 6.5 VPS

1. Setup EPEL and Remi repository.
How to prepared EPEL and how to configure Remi repository in to CentOS.

2. Install php 5.4, php-fpm and MySQL 5.5 Server :

[root@vps-08 ~]# yum --enablerepo=remi install php php-mysql php-fpm mysql mysql-server -y

3. Setup repository for nginx :

[root@vps-08 ~]# vi /etc/yum.repos.d/nginx.repo

Add the following and save :

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

4. Install and setup NGINX :
Run the following command to install NGINX.

[root@vps-08 ~]# yum install nginx -y

a. Setup NGINX config file :

[root@vps-08 ~]# vi /etc/nginx/nginx.conf

Add the following and save:

user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    gzip  on;
    gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;

    include /etc/nginx/sites-available/*.conf;

}

b. Create sites-available directory and create nginx virtual host for example.com domain :

[root@vps-08 ~]# mkdir /etc/nginx/sites-available
[root@vps-08 ~]# vi /etc/nginx/sites-available/example.com.conf

Add the following and save :

server {
listen       80;
    server_name example.com;
    rewrite ^/(.*)$ http://www.example.com/$1 permanent;
}

server {
        server_name www.example.com;
        root /var/www/html/example;
        access_log /var/log/nginx/example.com.access.log;
        error_log /var/log/nginx/example.com.error.log;
        include conf.d/common.conf;
        include conf.d/wordpress.conf;
        include conf.d/w3tc.conf;
}

c. Create these three configuration files. It was optimized for WordPress site.

/etc/nginx/conf.d/common.conf
/etc/nginx/conf.d/wordpress.conf
/etc/nginx/conf.d/w3tc.conf

Create common.conf :

[root@vps-08 ~]# vi /etc/nginx/conf.d/common.conf

Add the following and save.

# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port
listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /\. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;
}

Configure wordpress.conf :

[root@vps-08 ~]# vi /etc/nginx/conf.d/wordpress.conf

Add the following and save :

# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ \.php$ {
    # SECURITY : Zero day Exploit Protection
    try_files $uri =404;
    # ENABLE : Enable PHP, listen fpm sock
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# PLUGINS : Enable Rewrite Rules for SiteMap
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;

Create w3tc.conf file :

[root@vps ~]# vi /etc/nginx/conf.d/w3tc.conf

Add the following and save :

# BEGIN W3TC Page Cache core
set $w3tc_rewrite 1;
if ($request_method = POST) {
    set $w3tc_rewrite 0;
}
if ($query_string != "") {
    set $w3tc_rewrite 0;
}
if ($http_cookie ~* "(comment_author|wp\-postpass|w3tc_logged_out|wordpress_logged_in|wptouch_switch_toggle)") {
    set $w3tc_rewrite 0;
}
if ($http_cookie ~* "(w3tc_preview)") {
    set $w3tc_rewrite _preview;
}
set $w3tc_enc "";
if ($http_accept_encoding ~ gzip) {
    set $w3tc_enc _gzip;
}
set $w3tc_ext "";
if (-f "$document_root/wp-content/cache/page_enhanced/$http_host/$request_uri/_index$w3tc_rewrite.html$w3tc_enc") {
    set $w3tc_ext .html;
}
if (-f "$document_root/wp-content/cache/page_enhanced/$http_host/$request_uri/_index$w3tc_rewrite.xml$w3tc_enc") {
    set $w3tc_ext .xml;
}
if ($w3tc_ext = "") {
  set $w3tc_rewrite 0;
}
if ($w3tc_rewrite = 1) {
    rewrite .* "/wp-content/cache/page_enhanced/$http_host/$request_uri/_index$w3tc_rewrite$w3tc_ext$w3tc_enc" last;
}
# END W3TC Page Cache core

d. Modify default.conf file :

[root@vps-08 ~]# vi /etc/nginx/conf.d/default.conf
server {
    listen       80;
    server_name  localhost;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

# redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

5. Secure Mysql :

[root@vps-08 ~]# /usr/bin/mysql_secure_installation

Sample :

[root@vps-08 ~]# /usr/bin/mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
 ... skipping.

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!


6. Configure php-fpm :

[root@vps-08 ~]# vi /etc/php-fpm.d/www.conf

Update and uncomment the following :

listen = /var/run/php-fpm.sock
..
listen.mode = 0666
..
user = nginx
group = nginx
..
pm = dynamic
..
pm.max_children = 50
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 10
pm.max_requests = 200
..
slowlog = /var/log/php-fpm/www-slow.log
..
php_admin_value[error_log] = /var/log/php-fpm/www-error.log
php_admin_flag[log_errors] = on
..
php_value[session.save_handler] = files
php_value[session.save_path] = /var/lib/php/session

7. Restart the NGINX and php-fpm :
Restart the NGINX and php-fpm service to apply the changes on the configuration files.

[root@vps-08 ~]# service nginx restart; service php-fpm restart
Stopping nginx:                                            [  OK  ]
Starting nginx:                                            [  OK  ]
Stopping php-fpm:                                          [  OK  ]
Starting php-fpm:                                          [  OK  ]

Check the service listened on your VPS :

[root@vps-08 ~]# netstat -plunt | grep LISTEN
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1097/rpcbind
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      18070/nginx
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1130/sshd
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      18358/mysqld
tcp        0      0 :::111                      :::*                        LISTEN      1097/rpcbind
tcp        0      0 :::22                       :::*                        LISTEN      1130/sshd

Now you can start to setup WordPress blog into your VPS server.

setup nginx

How to Setup NetHogs – Monitor Bandwidth Usage Per Process in Linux

NetHogs is a opensource tools to monitor network bandwidth that was used by the process and program in linux operating system. NetHogs does not rely on a special kernel module to be loaded. When you hit the high network traffic issue on your linux server, you can immediately find which PID is causing the issue. NetHogs will give you real time statistics of your network bandwidth of per process usage. Follow this steps to install NetHogs on linux CentOS 6.5 and the sample nethogs usage.

1. Prepare additional repository (EPEL repository).

2. Install nethogs :

[root@oss ~]# yum install nethogs -y

3. NetHogs utility :

[root@oss ~]# nethogs

Sample output :
setup nethogs -1

4. NetHogs command option :
There are a few commad options when using nethogs. Using ‘-d‘ to add a refresh rate. As an example, to set 5 seconds as your refresh rate, then type the command as.

[root@oss ~]# nethogs -d 5

Other options :

-d     delay for refresh rate.
-h     display available commands usage.
-p     sniff in promiscious mode (not recommended).
-t     tracemode.
-V     prints Version info.

5. Monitor specific device (eth0 or eth1) network bandwidth only :

a) Monitor eth0 bandwidth :

[root@oss ~]# nethogs eth0

a) Monitor eth0 and eth1 bandwidth :

[root@oss ~]# nethogs eth0 eth1

Reference :

How to Setup Collectl – Linux Performance Monitoring

Collectl is a linux performance monitoring tools that grabs as much detail as possible from the /proc filesystem and it does a lot more than most other tools. Compare to sar, collectl has some capabilities that sar does not have. Collectl can gather and post-process the performance data and also can save the performance data for later analysis. Please refer to below guide on how you can setup collectl on linux CentOS 6.5 and the sample usage of collectl :

1. Install collectl. Make sure additional repository (EPEL repository) has been installed :
a. For Red Hat based distro :

[root@oss ~]# yum install collectl -y

b. For debian bas distro :

[root@oss ~]# sudo apt-get install collectl -y

2. Display collectl command help :

[root@oss ~]# collectl -h
This is a subset of the most common switches and even the descriptions are
abbreviated.  To see all type 'collectl -x', to get started just type 'collectl'

usage: collectl [switches]
  -c, --count      count      collect this number of samples and exit
  -f, --filename   file       name of directory/file to write to
  -i, --interval   int        collection interval in seconds [default=1]
  -o, --options    options    misc formatting options, --showoptions for all
                                d|D - include date in output
                                  T - include time in output
                                  z - turn off compression of plot files
  -p, --playback   file       playback results from 'file' (be sure to quote
                              if wild carded) or the shell might mess it up
  -P, --plot                  generate output in 'plot' format
  -s, --subsys     subsys     specify one or more subsystems [default=cdn]
      --verbose               display output in verbose format (automatically
                              selected when brief doesn't make sense)

Various types of help
  -h, --help                  print this text
  -v, --version               print version
  -V, --showdefs              print operational defaults
  -x, --helpextend            extended help, more details descriptions too
  -X, --helpall               shows all help concatenated together

  --showoptions               show all the options
  --showsubsys                show all the subsystems
  --showsubopts               show all subsystem specific options
  --showtopopts               show --top options

  --showheader                show file header that 'would be' generated
  --showcolheaders            show column headers that 'would be' generated
  --showslabaliases           for SLUB allocator, show non-root aliases
  --showrootslabs             same as --showslabaliases but use 'root' names

Copyright 2003-2014 Hewlett-Packard Development Company, L.P.
collectl may be copied only under the terms of either the Artistic License
or the GNU General Public License, which may be found in the source kit

3. According to the man page, collectl identifies the following subsystems :

SUMMARY SUBSYSTEMS

OptionDescription
bBuddy information (memory fragmentation)
cCPU information
dDisk
fNFS information
iinode information
jInterrupts
lLustre
mMemory
nNetworks
sSockets
tTCP
xInterconnect
ySlabs

DETAIL SUBSYSTEMS

OptionDescription
CCPU
DDisk
EEnvironmentals via ipmitool
FNFS data
JInterrupts
MMemory node data (including numa)
NNetworks
TSixty-five TCP counters (only in plot format)
XInterconnect
YSlabs
ZProcesses

 

4. Monitor cpu subsystem :

[root@oss ~]# collectl -sc
waiting for 1 second sample...
#< --------CPU-------->
#cpu sys inter  ctxsw
   0   0    34     37
   0   0    56     40
   0   0    38     44
   0   0    31     35
   0   0    36     44
[root@oss ~]# collectl -sC
waiting for 1 second sample...

# SINGLE CPU STATISTICS
#   Cpu  User Nice  Sys Wait IRQ  Soft Steal Idle
      0     0    0    0    0    0    0     0  100
      1     0    0    0    0    0    0     0  100
      0     0    0    0    0    0    0     0  100
      1     0    0    0    0    0    0     0  100
      0     0    0    0    0    0    0     0  100
      1     0    0    0    0    0    0     0  100
      0     0    0    0    0    0    0     0  100
      1     0    0    0    0    0    0     0  100
      0     0    0    0    0    0    0     0  100
      1     0    0    0    4    0    0     0   96
      0     0    0    0    0    0    0     0   99
      1     0    0    0    0    0    0     0   99
      0     0    0    0    0    0    0     0  100
      1     0    0    0    0    0    0     0  100
      0     0    0    0    0    0    0     0  100
      1     1    0    0    0    0    0     0   99
      0     0    0    0    0    0    0     0  100
      1     0    0    0    0    0    0     0  100
      0     0    0    0    0    0    0     0  100
      1     0    0    0    0    0    0     0  100
      0     0    0    0    0    0    0     0  100
      1     0    0    0    0    0    0     0  100

5. Monitor memory subsystem :

[root@oss ~]# collectl -sm
waiting for 1 second sample...
#< -----------Memory----------->
#Free Buff Cach Inac Slab  Map
   3G  19M 166M  50M  36M  34M
   3G  19M 166M  50M  36M  34M
   3G  19M 166M  50M  36M  34M
   3G  19M 166M  50M  36M  34M
   3G  19M 166M  50M  36M  34M
   3G  19M 166M  50M  36M  34M
   3G  19M 166M  50M  36M  34M
   3G  19M 166M  50M  36M  34M
[root@oss ~]# collectl -sM
waiting for 1 second sample...

# MEMORY STATISTICS
# Node    Total     Used     Free     Slab   Mapped     Anon   Locked    Inact   Hit%
     0    4095M  565208K    3543M   37112K    9408K   25492K        0   51756K 100.00
     0    4095M  565208K    3543M   37112K    9408K   25492K        0   51756K 100.00
     0    4095M  565208K    3543M   37108K    9408K   25492K        0   51756K 100.00
     0    4095M  565208K    3543M   37108K    9408K   25492K        0   51756K 100.00
     0    4095M  565208K    3543M   37108K    9408K   25492K        0   51756K 100.00
     0    4095M  565208K    3543M   37108K    9408K   25492K        0   51760K 100.00
     0    4095M  565208K    3543M   37036K    9408K   25492K        0   51760K 100.00
     0    4095M  565184K    3543M   37028K    9408K   25492K        0   51760K 100.00
     0    4095M  565184K    3543M   37028K    9408K   25492K        0   51760K 100.00
     0    4095M  565184K    3543M   37024K    9408K   25492K        0   51760K 100.00
     0    4095M  565184K    3543M   37024K    9408K   25492K        0   51760K 100.00
     0    4095M  565184K    3543M   37016K    9408K   25492K        0   51760K 100.00
     0    4095M  565168K    3543M   36972K    9408K   25492K        0   51760K 100.00
     0    4095M  565168K    3543M   36972K    9408K   25492K        0   51760K 100.00
     0    4095M  565168K    3543M   36972K    9408K   25492K        0   51760K 100.00
     0    4095M  565168K    3543M   36968K    9408K   25492K        0   51760K 100.00
     0    4095M  565160K    3543M   36932K    9408K   25492K        0   51760K 100.00
     0    4095M  565160K    3543M   36932K    9408K   25492K        0   51760K 100.00
     0    4095M  565160K    3543M   36932K    9408K   25492K        0   51760K 100.00
     0    4095M  565160K    3543M   36900K    9408K   25492K        0   51760K 100.00
     0    4095M  565160K    3543M   36900K    9408K   25492K        0   51760K 100.00
     0    4095M  565160K    3543M   36900K    9408K   25492K        0   51760K 100.00

6. Monitor disk subsystem :

[root@oss ~]# collectl -sd
waiting for 1 second sample...
#< ----------Disks----------->
#KBRead  Reads KBWrit Writes
      0      0      0      0
      0      0      0      0
      0      0      0      0
      0      0      0      0
      0      0     16      3
      0      0      0      0
      0      0      0      0
      0      0      0      0
      0      0      0      0
      0      0      0      0
[root@oss ~]# collectl -sD
waiting for 1 second sample...

# DISK STATISTICS (/sec)
#           Pct
#Name       KBytes Merged  IOs Size  KBytes Merged  IOs Size  RWSize  QLen  Wait SvcTim Util
sda              0      0    0    0       0      0    0    0       0     0     0      0    0
sda              0      0    0    0       0      0    0    0       0     0     0      0    0
sda              0      0    0    0      16      1    3    5       5     1    13     10    3
sda              0      0    0    0       0      0    0    0       0     0     0      0    0
sda              0      0    0    0       0      0    0    0       0     0     0      0    0
sda              0      0    0    0       0      0    0    0       0     0     0      0    0
sda              0      0    0    0       0      0    0    0       0     0     0      0    0
sda              0      0    0    0       0      0    0    0       0     0     0      0    0
sda              0      0    0    0       0      0    0    0       0     0     0      0    0

7. collectl like iotop :

[root@oss ~]# collectl --top iokb

Sample output :

# TOP PROCESSES sorted by iokb (counters are /sec) 13:35:14
# PID  User     PR  PPID THRD S   VSZ   RSS CP  SysT  UsrT Pct  AccuTime  RKB  WKB MajF MinF Command
    1  root     20     0    0 S   18M    1M  0  0.00  0.00   0  00:01.13    0    0    0    0 /sbin/init
    2  root     20     0    0 S     0     0  0  0.00  0.00   0  00:00.02    0    0    0    0 kthreadd
    3  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.04    0    0    0    0 migration/0
    4  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.09    0    0    0    0 ksoftirqd/0
    5  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 migration/0
    6  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.30    0    0    0    0 watchdog/0
    7  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.38    0    0    0    0 migration/1
    8  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 migration/1
    9  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.22    0    0    0    0 ksoftirqd/1
   10  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.28    0    0    0    0 watchdog/1
   11  root     20     2    0 S     0     0  0  0.00  0.00   0  00:08.15    0    0    0    0 events/0
   12  root     20     2    0 S     0     0  1  0.00  0.00   0  01:21.61    0    0    0    0 events/1
   13  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 cgroup
   14  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 khelper
   15  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 netns
   16  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 async/mgr
   17  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 pm
   18  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.84    0    0    0    0 sync_supers
   19  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.82    0    0    0    0 bdi-default
   20  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 kintegrityd/0
   21  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 kintegrityd/1
   22  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.15    0    0    0    0 kblockd/0

Display only top 10 processes :

[root@oss ~]# collectl --top iokb,10

Sample output :

# TOP PROCESSES sorted by iokb (counters are /sec) 13:42:37
# PID  User     PR  PPID THRD S   VSZ   RSS CP  SysT  UsrT Pct  AccuTime  RKB  WKB MajF MinF Command
    1  root     20     0    0 S   18M    1M  0  0.00  0.00   0  00:01.13    0    0    0    0 /sbin/init
    2  root     20     0    0 S     0     0  0  0.00  0.00   0  00:00.02    0    0    0    0 kthreadd
    3  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.04    0    0    0    0 migration/0
    4  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.09    0    0    0    0 ksoftirqd/0
    5  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 migration/0
    6  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.30    0    0    0    0 watchdog/0
    7  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.39    0    0    0    0 migration/1
    8  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 migration/1
    9  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.22    0    0    0    0 ksoftirqd/1
   10  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.28    0    0    0    0 watchdog/1

Learn what fields the above list can be sorted :

[root@oss ~]# collectl --showtopopts
The following is a list of --top's sort types which apply to either
process or slab data.  In some cases you may be allowed to sort
by a field that is not part of the display if you so desire

TOP PROCESS SORT FIELDS

Memory
  vsz    virtual memory
  rss    resident (physical) memory

Time
  syst   system time
  usrt   user time
  time   total time
  accum  accumulated time

I/O
  rkb    KB read
  wkb    KB written
  iokb   total I/O KB

  rkbc   KB read from pagecache
  wkbc   KB written to pagecache
  iokbc  total pagecacge I/O
  ioall  total I/O KB (iokb+iokbc)

  rsys   read system calls
  wsys   write system calls
  iosys  total system calls

  iocncl Cancelled write bytes

Page Faults
  majf   major page faults
  minf   minor page faults
  flt    total page faults

Context Switches
  vctx   volunary context switches
  nctx   non-voluntary context switches

Miscellaneous (best when used with --procfilt)
  cpu    cpu number
  pid    process pid
  thread total process threads (not counting main)

TOP SLAB SORT FIELDS

  numobj    total number of slab objects
  actobj    active slab objects
  objsize   sizes of slab objects
  numslab   number of slabs
  objslab   number of objects in a slab
  totsize   total memory sizes taken by slabs
  totchg    change in memory sizes
  totpct    percent change in memory sizes
  name      slab names

8. collectl like top :

[root@oss ~]# collectl --top

Sample output :

# TOP PROCESSES sorted by time (counters are /sec) 13:45:00
# PID  User     PR  PPID THRD S   VSZ   RSS CP  SysT  UsrT Pct  AccuTime  RKB  WKB MajF MinF Command
 3266  root     20  2488    0 R  160M   21M  1  0.00  0.05   5  00:00.70    0    0    0   83 /usr/bin/perl
    1  root     20     0    0 S   18M    1M  0  0.00  0.00   0  00:01.13    0    0    0    0 /sbin/init
    2  root     20     0    0 S     0     0  0  0.00  0.00   0  00:00.02    0    0    0    0 kthreadd
    3  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.04    0    0    0    0 migration/0
    4  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.09    0    0    0    0 ksoftirqd/0
    5  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 migration/0
    6  root     RT     2    0 S     0     0  0  0.00  0.00   0  00:00.31    0    0    0    0 watchdog/0
    7  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.39    0    0    0    0 migration/1
    8  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 migration/1
    9  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.22    0    0    0    0 ksoftirqd/1
   10  root     RT     2    0 S     0     0  1  0.00  0.00   0  00:00.28    0    0    0    0 watchdog/1
   11  root     20     2    0 S     0     0  0  0.00  0.00   0  00:08.18    0    0    0    0 events/0
   12  root     20     2    0 S     0     0  1  0.00  0.00   0  01:21.97    0    0    0    0 events/1
   13  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 cgroup
   14  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 khelper
   15  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 netns
   16  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 async/mgr
   17  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 pm
   18  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.84    0    0    0    0 sync_supers
   19  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.83    0    0    0    0 bdi-default
   20  root     20     2    0 S     0     0  0  0.00  0.00   0  00:00.00    0    0    0    0 kintegrityd/0
   21  root     20     2    0 S     0     0  1  0.00  0.00   0  00:00.00    0    0    0    0 kintegrityd/1

More advance options can be found in the official collectl documentation :

How to Setup Monitorix – Network and System Monitoring Tool for Linux

Monitorix is an open source and lightweight system monitoring tool designed to monitor network and system resources in linux/UNIX operating system. Monitorix can collects network and system performce and also resources and then display the informations into graphs. it will help system adn network administrator to detect abnormal activities and detecting bottlenecks. This post will show to setup Monitorix on linux centOS 6.5.

1. Prepare additional repository (EPEL repository).
2. Install required packages :

[root@oss ~]# yum install rrdtool rrdtool-perl perl-libwww-perl perl-MailTools perl-MIME-Lite perl-CGI perl-DBI perl-XML-Simple perl-Config-General perl-HTTP-Server-Simple perl-IO-Socket-SSL -y

3. Install monitorix package :

[root@oss ~]# yum install monitorix -y

Once succesfully installed, please take a look into the configuration file /etc/monitorix.conf to fit your system and enable or disable graphs.

4. Start Monitorix with below command :

[root@oss ~]# service monitorix start

Once started, Monitorix will start gathering the system information based on the configuration set in monitorix.conf file:

5. After a few minutes you should be able to see graph from your browser :

http://IP-Address:8080/monitorix/

install-monitorx-1

install-monitorx-2

install-monitorx-3

How to Install Zabbix 2.2 Server on CentOS 6.5

ZABBIX is an enterprise-class open source monitoring solution designed to monitor servers and various network services. Zabbix will perform simple checks can verify the availability and responsiveness of standard services. It was created by Alexei Vladishev. Follow this step to install zabbix 2.2 server on CentOS 6.5 :

1. Install httpd, php and MySQL :

[root@oss ~]# yum install php php-cli php-common php-devel php-pear php-gd php-mbstring php-mysql php-xml httpd httpd-devel mysql mysql-server -y

2. Zabbix package files are available at repo.zabbix.com :

[root@oss ~]# wget http://repo.zabbix.com/zabbix/2.2/rhel/6/x86_64/zabbix-release-2.2-1.el6.noarch.rpm
--2014-08-12 22:19:07--  http://repo.zabbix.com/zabbix/2.2/rhel/6/x86_64/zabbix-release-2.2-1.el6.noarch.rpm
Resolving repo.zabbix.com... 87.110.183.174
Connecting to repo.zabbix.com|87.110.183.174|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11256 (11K) [application/x-redhat-package-manager]
Saving to: âzabbix-release-2.2-1.el6.noarch.rpmâ

100%[==========================================================>] 11,256      7.09K/s   in 1.6s

2014-08-12 22:19:09 (7.09 KB/s) - âzabbix-release-2.2-1.el6.noarch.rpmâ
[root@oss ~]# ls
anaconda-ks.cfg  install.log  install.log.syslog  zabbix-release-2.2-1.el6.noarch.rpm
[root@oss ~]# rpm -Uvh zabbix-release-2.2-1.el6.noarch.rpm
warning: zabbix-release-2.2-1.el6.noarch.rpm: Header V4 DSA/SHA1 Signature, key ID 79ea5ed4: NOKEY
Preparing...                ########################################### [100%]
   1:zabbix-release         ########################################### [100%]

3. Install Zabbix server :

[root@oss ~]# yum install zabbix-agent zabbix-web-mysql zabbix-server-mysql zabbix-java-gateway -y

4. Editing PHP configuration for Zabbix frontend

Apache configuration file for Zabbix frontend is located in /etc/httpd/conf.d/zabbix.conf. Some PHP settings are already configured.

    php_value max_execution_time 300
    php_value memory_limit 128M
    php_value post_max_size 16M
    php_value upload_max_filesize 2M
    php_value max_input_time 300
    php_value date.timezone Asia/Kuala_Lumpur

5. Restart zabbix and make zabbix start at boot :

[root@oss ~]# service zabbix-server start
Starting Zabbix server:                                    [  OK  ]
[root@oss ~]# chkconfig zabbix-server on

6. Setup Zabbix database :

mysql> create database zabbix character set utf8 collate utf8_bin;
Query OK, 1 row affected (0.00 sec)

mysql> grant all privileges on zabbix.* to zabbix@localhost identified by 'password';
Query OK, 0 rows affected (0.00 sec)

mysql> flush privileges;
Query OK, 0 rows affected (0.00 sec)

mysql> exit

7. Import initial schema and data :

[root@oss ~]# cd /usr/share/doc/zabbix-server-mysql-2.2.5/create

[root@oss create]# mysql -u zabbix -p zabbix < schema.sql
Enter password:
[root@oss create]# mysql -u zabbix -p zabbix < images.sql
Enter password:
[root@oss create]# mysql -u zabbix -p zabbix < data.sql
Enter password:

8. Start zabbix installation wizard :

http://192.168.0.8/zabbix/setup.php
setup zabbix-1

setup zabbix-2

setup zabbix-3

setup zabbix-4

setup zabbix-5

setup zabbix-6

9. If the configuration file is not writable, manually edit database configuration in zabbix_server.conf as below :

# vi /etc/zabbix/zabbix_server.conf
DBHost=localhost
DBName=zabbix
DBUser=zabbix
DBPassword=password

10. Open required port at iptables :

[root@oss ~]# netstat -plunt | grep LISTEN
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1124/sshd
tcp        0      0 0.0.0.0:10051               0.0.0.0:*                   LISTEN      4190/zabbix_server
tcp        0      0 0.0.0.0:3306                0.0.0.0:*                   LISTEN      4074/mysqld
tcp        0      0 :::80                       :::*                        LISTEN      1417/httpd
tcp        0      0 :::22                       :::*                        LISTEN      1124/sshd
tcp        0      0 :::10051                    :::*                        LISTEN      4190/zabbix_server
[root@oss ~]# vi /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10051 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

Restart iptables :

[root@oss ~]# service iptables restart

11. Zabbix frontend is available at http://IP-address/zabbix in the browser.

The default username/password is Admin/zabbix.

setup zabbix-7

Zabbix server setup completed. You can start to setup zabbix agent now.

How to Secure MySQL Server on CentOS 6.5 / CentOS 6.6

MySQL is the world’s most popular open source database and its the world’s second most widely used open-source relational database management system (RDBMS). MySQL default installation is not securely configured. For the sake of security, we need to run mysql_secure_installation wizard manually in order to perform basic MYSQL hardening on Virtual private server (VPS). The following steps has been tested on MySQL Community Server 5.5.39 that was running on CentOS 6.5 and CentOS 6.6.

1. Run mysql_secure_installation wizard :

[root@vps ]# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

2. Set “bind-address” parameter within the “[mysqld]” section in /etc/my.conf. Configure this to your VPS local loopback network device, which is “127.0.0.1”. please make sure that you only perform this step if you confirm no other server will need to access the database on your VPS.

[root@vps ~]# vi /etc/my.cnf
[mysqld]
..
bind-address = 127.0.0.1
..

3. Restart your mysqld server :

[root@vps ~]# service mysqld restart

4. Verify the mysqld port listen to 127.0.0.1 only :

[root@vps ~]# netstat -plunt | grep 3306
tcp        0      0 127.0.0.1:3306              0.0.0.0:*                   LISTEN      8224/mysqld

How to Enable EPEL and Remi Repository into CentOS 6

EPEL stand for Extra Packages for Enterprise Linux. EPEL repository is a Fedora Special Interest Group that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux (SL), Oracle Enterprise Linux(OEL). Remi repository is a yum repository maintained by a French dude – Remi Collet. This post describe the basic steps to prepare and install the additional CentOS packages with EPEL and Remi Repository into CentOS 6.

EPEL Repository

rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Remi Repository

rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

Example :

[root@centos6 ~]# rpm --import https://dl.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-6
[root@centos6 ~]# rpm -Uvh https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Retrieving https://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Preparing...                ########################################### [100%]
   1:epel-release           ########################################### [100%]
[root@centos6 ~]# rpm --import http://rpms.famillecollet.com/RPM-GPG-KEY-remi
[root@centos6 ~]# rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Retrieving http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
Preparing...                ########################################### [100%]
   1:remi-release           ########################################### [100%]

Example of EPEl and Remi repo usage :

[root@centos6 ~]# yum --enablerepo=epel install httpd -y
[root@centos6 ~]# yum --enablerepo=remi install httpd -y

How to Install Lighttpd With PHP5 (PHP-FPM) and MySQL on CentOS 6.5

Lighttpd (pronounced “lighty”) is an open-source web server as an alternative to Apache and Nginx. It is a secure, flexible, fast and designed for speed-critical environments. It has a low memory footprint and can handle large number of connections in one server especially for busier sites.

PHP is an acronym for “PHP Hypertext Preprocessor”; PHP is a widely-used server-side scripting language executed on the server.

PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites.

MySQL is a popular database solution for use in web applications.

This post will show you how to install Lighttpd With PHP5 (PHP-FPM) and MySQL on CentOS 6.5 VPS or dedicated server.

1. EPEL repository is another extra repository that creates, maintains, and manages a high quality set of additional packages for Enterprise Linux, including, but not limited to, Red Hat Enterprise Linux (RHEL) and CentOS server. How to Configure EPEL Repository on CentOS.

2. Install Lighttpd, MySQL and PHP5 work in Lighttpd through PHP-FPM :

[root@centos6-05 ~]# yum install lighttpd php php-fpm lighttpd-fastcgi php-mysql mysql mysql-server -y

3. Configure Lighttpd :

[root@centos6-05 ~]# vi /etc/lighttpd/lighttpd.conf
server.use-ipv6 = "enable"

Change to :

server.use-ipv6 = "disable"

4. Make lighttpd start at boot and also start lighttpd service:

[root@centos6-05 ~]# chkconfig --levels 235 lighttpd on
[root@centos6-05 ~]# /etc/init.d/lighttpd start

Browse your web server and Lighttpd welcome page should be displayed :
lighttpd-centos6.5-1

5. Configure PHP to work in Lighttpd through PHP-FPM :

[root@centos6-05 ~]# vi /etc/php-fpm.d/www.conf

Enable PHP-FPM use a TCP connection instead of unix socket :

;   '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = 127.0.0.1:9000

Configure user and group to lighttpd :

..
..
; RPM: apache Choosed to be able to access some dir as httpd
user = lighttpd
; RPM: Keep a group allowed to write in log dir.
group = lighttpd
..
..

6. Make php-fpm start at boot and also start the php-fpm service :

[root@centos6-05 ~]# chkconfig --levels 235 php-fpm on
[root@centos6-05 ~]# /etc/init.d/php-fpm start

7. Open and modify /etc/php.ini :

[root@centos6-05 ~]# vi /etc/php.ini

Uncomment the line cgi.fix_pathinfo=1

..
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI.  PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is.  For more information on PATH_INFO, see the cgi specs.  Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec.  A setting
; of zero causes PHP to behave as before.  Default is 1.  You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1
..

8. Open and modify /etc/lighttpd/modules.conf :

[root@centos6-05 ~]# vi /etc/lighttpd/modules.conf

Uncomment the line include “conf.d/fastcgi.conf”:

..
## FastCGI (mod_fastcgi)
##
include "conf.d/fastcgi.conf"
..

9. Open and modify /etc/lighttpd/conf.d/fastcgi.conf :

Add below fastcgi.server at bottom of the file :

..
fastcgi.server += ( ".php" =>
        ((
                "host" => "127.0.0.1",
                "port" => "9000",
                "broken-scriptfilename" => "enable"
        ))
)
..

10. Reload the PHP-FPM and Lighttpd service :

[root@centos6-05 ~]# /etc/init.d/php-fpm reload
[root@centos6-05 ~]# /etc/init.d/lighttpd reload

11. Since MySQl has been install, dont forget to make MySQL start at boot and start the MySQL service :

[root@centos6-05 ~]# chkconfig --levels 235 mysqld on
[root@centos6-05 ~]# /etc/init.d/mysqld start

12. Create info.php under ligghttpd document root :

[root@centos6-05 ~]# vi /var/www/lighttpd/info.php
<?php
phpinfo();
?>

Browse your page http://IP-Adress/info.php. Thats all.

How to Fix 403 forbidden error at Nginx

Nginx is a alternate web server for Apache and capable to handle large traffic of the websites on your virtual private server (VPS) or on your dedicated server. Nginx work well with PHP-FPM on CentOS 5.x and also CentOS 6.x. But most of the Nginx newbie struggling to get it run perfectly and hit by “403 forbidden error”. This “403 forbidden error” means that the webpage that you trying to access is forbidden or you don’t have permission to access certain part of the website. This article is meant for the linux server administrator who is supposed to have some basic knowledge on administering the linux server and also may useful for those who start to have VPS or dedicated server.

Sample error :

2014/04/18 23:18:34 [error] 11933#0: *5 directory index of "/usr/share/nginx/html/" is forbidden, client: 192.168.0.1, server: www.ehowstuff.local, request: "GET / HTTP/1.1", host: "www.ehowstuff.local"

Possible reasons and common errors :

a) Directory index is not properly defined
b) Permissions are not set correctly
c) php-fpm Permissions not configured correctly

One of the most popular reason for “403 forbidden error” using Nginx is that the folder directory permissions are not set and also directory index are not the server block.

Solution :
1. Verify the document root was set 755 permissions to your directory accordingly
2. Add index index.php; In the server block.
3. makesure “fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;” as been added :

location ~ \.php$ {
    try_files $uri =404;
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass unix:/var/run/php-fpm.sock;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}

How to Install Varnish Cache With Apache On CentOS 6.5

Varnish is an open source web accelerator (also called a HTTP reverse proxy) designed for content-heavy dynamic web sites to speed up web server’s performance. Typical Web server will handles all the request and returning a response to the client. But with Varnish cache, it will serve the saved copy page instead of re-requesting the same revisited page from web server. This will reduced the server load and increased the response times. For those who plan to run a virtual private server (VPS) and also run a dedicated web server, hope that this article will help. This article will describe how to install and configure Varnish Cache with Apache on CentOS 6.5.

1. Setup varnish repo :

[root@centos6 ~]# wget http://repo.varnish-cache.org/redhat/varnish-3.0/el6/noarch/varnish-release/varnish-release-3.0-1.el6.noarch.rpm
[root@centos6 ~]# rpm --nosignature -i varnish-release-3.0-1.el6.noarch.rpm

2. Install Varnish and Apache :

[root@centos6 ~]# yum install varnish -y
[root@centos6 ~]# yum install httpd -y

3. Make both program start at boot :

[root@centos6 ~]# chkconfig --level 345 varnish on
[root@centos6 ~]# chkconfig --level 345 httpd on

4. Configure apache to listen to port 8080 :

[root@centos6 ~]# vi /etc/httpd/conf/httpd.conf

Modify below :

Listen 8080

5. Configuring Varnish Cache :

[root@centos6 ~]# vim /etc/sysconfig/varnish
..
..
# # Main configuration file. You probably want to change it :)
VARNISH_VCL_CONF=/etc/varnish/default.vcl
#
# # Default address and port to bind to
# # Blank address means all IPv4 and IPv6 interfaces, otherwise specify
# # a host name, an IPv4 dotted quad, or an IPv6 address in brackets.
# VARNISH_LISTEN_ADDRESS=
#VARNISH_LISTEN_PORT=6081
VARNISH_LISTEN_PORT=80
#
# # Telnet admin interface listen address and port
VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1
VARNISH_ADMIN_LISTEN_PORT=6082
#
# # Shared secret file for admin interface
VARNISH_SECRET_FILE=/etc/varnish/secret
#
# # The minimum number of worker threads to start
VARNISH_MIN_THREADS=50
#
# # The Maximum number of worker threads to start
VARNISH_MAX_THREADS=1000
#
# # Idle timeout for worker threads
VARNISH_THREAD_TIMEOUT=120
#
# # Cache file location
VARNISH_STORAGE_FILE=/var/lib/varnish/varnish_storage.bin
#
# # Cache file size: in bytes, optionally using k / M / G / T suffix,
# # or in percentage of available disk space using the % suffix.
VARNISH_STORAGE_SIZE=1G
#
# # Backend storage specification
VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
#
# # Default TTL used when the backend does not specify one
VARNISH_TTL=120
#
# # DAEMON_OPTS is used by the init script.  If you add or remove options, make
# # sure you update this section, too.
DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \
             -f ${VARNISH_VCL_CONF} \
             -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \
             -t ${VARNISH_TTL} \
             -w ${VARNISH_MIN_THREADS},${VARNISH_MAX_THREADS},${VARNISH_THREAD_TIMEOUT} \
             -u varnish -g varnish \
             -S ${VARNISH_SECRET_FILE} \
             -s ${VARNISH_STORAGE}"
#
..
..

Add the following in /etc/varnish/default.vcl :

[root@centos6 ~]# vim /etc/varnish/default.vcl
backend default {
  .host = "127.0.0.1";
  .port = "8080";
}

6. Start Varnish and Apache ”

[root@centos6 ~]# service varnish start
Starting Varnish Cache:                                    [  OK  ]
[root@centos6 ~]# service httpd start
Starting httpd:                                            [  OK  ]

7. verify varnish and Apache running on the correct port :

[root@centos6 ~]# netstat -plunt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1042/rpcbind
tcp        0      0 0.0.0.0:80                  0.0.0.0:*                   LISTEN      21729/varnishd
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      1075/sshd
tcp        0      0 127.0.0.1:6082              0.0.0.0:*                   LISTEN      21728/varnishd
tcp        0      0 :::111                      :::*                        LISTEN      1042/rpcbind
tcp        0      0 :::80                       :::*                        LISTEN      21729/varnishd
tcp        0      0 :::8080                     :::*                        LISTEN      1182/httpd
tcp        0      0 :::22                       :::*                        LISTEN      1075/sshd
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               1042/rpcbind
udp        0      0 0.0.0.0:793                 0.0.0.0:*                               1042/rpcbind
udp        0      0 :::111                      :::*                                    1042/rpcbind
udp        0      0 :::793                      :::*                                    1042/rpcbind

8. Verify the Varnish by running the following command.

[root@centos6 ~]# curl -I http://www.ehowstuff.local
HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
X-Pingback: http://www.ehowstuff.local/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 7990
Accept-Ranges: bytes
Date: Sun, 13 Apr 2014 15:41:41 GMT
X-Varnish: 1889373153
Age: 0
Via: 1.1 varnish
Connection: keep-alive

9. ApacheBench performance test without Varnish Cache

[root@centos6 ~]# ab -k -n 1000 -c 50 http://www.ehowstuff.local:8080/
This is ApacheBench, Version 2.3 < $Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking www.ehowstuff.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        Apache/2.2.15
Server Hostname:        www.ehowstuff.local
Server Port:            8080

Document Path:          /
Document Length:        0 bytes

Concurrency Level:      50
Time taken for tests:   217.545 seconds
Complete requests:      1000
Failed requests:        81
   (Connect: 0, Receive: 0, Length: 81, Exceptions: 0)
Write errors:           0
Non-2xx responses:      1000
Keep-Alive requests:    0
Total transferred:      318518 bytes
HTML transferred:       20331 bytes
Requests per second:    4.60 [#/sec] (mean)
Time per request:       10877.237 [ms] (mean)
Time per request:       217.545 [ms] (mean, across all concurrent requests)
Transfer rate:          1.43 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    3  12.1      0      65
Processing:   219 10822 17202.8   3275   61139
Waiting:      218 10802 17210.6   3228   61138
Total:        239 10825 17201.5   3275   61139

Percentage of the requests served within a certain time (ms)
  50%   3275
  66%   4513
  75%   5570
  80%  12099
  90%  40539
  95%  60069
  98%  60103
  99%  60200
 100%  61139 (longest request)

10. ApacheBench performance test with Varnish Cache

[root@centos6 ~]# ab -k -n 1000 -c 50 http://www.ehowstuff.local/
This is ApacheBench, Version 2.3 < $Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking www.ehowstuff.local (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests


Server Software:        Apache/2.2.15
Server Hostname:        www.ehowstuff.local
Server Port:            80

Document Path:          /
Document Length:        7990 bytes

Concurrency Level:      50
Time taken for tests:   0.227 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Keep-Alive requests:    1000
Total transferred:      8565396 bytes
HTML transferred:       8221710 bytes
Requests per second:    4410.08 [#/sec] (mean)
Time per request:       11.338 [ms] (mean)
Time per request:       0.227 [ms] (mean, across all concurrent requests)
Transfer rate:          36888.79 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    1   3.2      0      19
Processing:     7   10   1.7     10      18
Waiting:        1    4   2.3      4      15
Total:          7   11   4.1     10      31

Percentage of the requests served within a certain time (ms)
  50%     10
  66%     10
  75%     11
  80%     11
  90%     12
  95%     13
  98%     27
  99%     31
 100%     31 (longest request)

11. Result on Steps (9) and (10) shows that Apache with Varnish serve faster response than running Apache standalone.

 

Display Hard disk Infomation using hdparm

Hdparm is a free tool for linux to measure sequential disk performance which is primarily used to tune and optimize disk parameters or to set and view hard disk drive hardware parameters. It is working on SATA/ATA/IDE/SAS disk. The command below has been tested on CentOS 6.5 and running on VMware ESXi 4.1 virtual machine.

Install the hdparm :

[root@server ~]# yum install hdparm -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: mirror.upsi.edu.my
 * epel: ftp.cuhk.edu.hk
 * extras: mirror.upsi.edu.my
 * updates: centos.mirror.secureax.com
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package hdparm.x86_64 0:9.43-4.el6 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

====================================================================================================
 Package               Arch                  Version                      Repository           Size
====================================================================================================
Installing:
 hdparm                x86_64                9.43-4.el6                   base                 81 k

Transaction Summary
====================================================================================================
Install       1 Package(s)

Total download size: 81 k
Installed size: 150 k
Downloading Packages:
hdparm-9.43-4.el6.x86_64.rpm                                                 |  81 kB     00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : hdparm-9.43-4.el6.x86_64                                                         1/1
  Verifying  : hdparm-9.43-4.el6.x86_64                                                         1/1

Installed:
  hdparm.x86_64 0:9.43-4.el6

Complete!

To display the configuration of the hard disk :

[root@server ~]# hdparm /dev/sda

/dev/sda:
SG_IO: bad/missing sense data, sb[]:  70 00 05 00 00 00 00 0a 00 00 00 00 20 00 00 c0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 multcount     =  0 (off)
 readonly      =  0 (off)
 readahead     = 256 (on)
 geometry      = 2871/255/63, sectors = 46137344, start = 0

To check the speed of the hard disk :

[root@server ~]# hdparm -Tt /dev/sda

/dev/sda:
 Timing cached reads:   2024 MB in  2.00 seconds = 1012.10 MB/sec
 Timing buffered disk reads: 534 MB in  3.00 seconds = 177.94 MB/sec

To measure how many MB/s your hard disk (SATA/IDE) can read :

[root@server ~]# hdparm -t --direct /dev/sda

/dev/sda:
 Timing O_DIRECT disk reads: 1122 MB in  3.00 seconds = 373.67 MB/sec

How to Setup Samba SWAT on CentOS 6.5

Samba service can provides files haring and printing services to its clients. System administrator can install SWAT in order to configure samba and perform samba administration from the web browser. In this post i will show simple steps to get Samba SWAT running on your CentOS 6.5 server. With SWAT, you can easily manage your samba server without messing with command line. You just need to install xinetd together with samba-SWAT software.

1. Install samba-swat and xinetd :

[root@samba ~]# yum install samba-swat xinetd -y

2. Software install will be as below :

====================================================================================================
 Package                        Arch            Version                      Repository        Size
====================================================================================================
Installing:
 samba-swat                     x86_64          3.6.9-167.el6_5              updates          7.3 M
Installing for dependencies:
 libtalloc                      x86_64          2.0.7-2.el6                  base              20 k
 libtdb                         x86_64          1.2.10-1.el6                 base              33 k
 libtevent                      x86_64          0.9.18-3.el6                 base              26 k
 samba                          x86_64          3.6.9-167.el6_5              updates          5.0 M
 samba-common                   x86_64          3.6.9-167.el6_5              updates           10 M
 samba-winbind                  x86_64          3.6.9-167.el6_5              updates          2.1 M
 samba-winbind-clients          x86_64          3.6.9-167.el6_5              updates          2.0 M
 xinetd                         x86_64          2:2.3.14-39.el6_4            base             121 k

Transaction Summary
====================================================================================================
Install       9 Package(s)

Total download size: 27 M
Installed size: 85 M

3. Add 192.168.0.0/24 network and enable swat by set ‘disable’ to ‘no’.

# default: off
# description: SWAT is the Samba Web Admin Tool. Use swat \
#              to configure your Samba server. To use SWAT, \
#              connect to port 901 with your favorite web browser.
service swat
{
        port            = 901
        socket_type     = stream
        wait            = no
        only_from       = 127.0.0.1 192.168.0.0/16
        user            = root
        server          = /usr/sbin/swat
        log_on_failure  += USERID
        disable         = no
}

4. Start the xinetd service :

[root@samba ~]# service xinetd start
Starting xinetd:                                           [  OK  ]

5. Make xinetd auto start at boot :

[root@samba ~]# chkconfig xinetd on

6. Access to [http://(server’s IP address):901] and enter root login password.