Sharing PHP Session In web Clusters Using Memcache

If you have multiple load balanced webservers all serving the same site, sessions should be shared among thosememcache logo servers, and not reside on each server individually. Because we don’t know where user gets load-balanced to which backend server. A common way solving this problems are by using custom class that overrides default behavior and stores sessions in a MySQL database. All webservers in clusters connect to the same database. However, the main problem that must be taken into consideration when using a database is the bottleneck.

Example loadbalancing backend using nginx

http {
  upstream backend {
    server 192.168.1.1:8000 weight=3;
    server 192.168.1.2:8001;
    server 192.168.1.3:8002;
    server 192.168.1.4:8003;
  }

  server {
    listen 80;
    server_name www.example.com;
    location / {
      proxy_pass http://backend;
    }
  }
}

Measure Response Time Of SMTP Connections Using Perl

Normally, to check if my server smtp connection alive, I just do telnet to port 25 from my workstation. if the smtp banner displayed, it means that the connection to the smtp server is good. I have done this for years.  😆

$ telnet smtp.example.com 25
Trying xxx.xxx.xx.xxx...
Connected to xxx.xxx.xx.x.
Escape character is '^]'.
220 smtp.example.com ESMTP Postfix
ehlo host.example.com
250-smtp.example.com
250-PIPELINING
250-SIZE 52428800
250-ETRN
250-STARTTLS
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
quit
221 2.0.0 Bye
Connection closed by foreign host.

Although many tools that are deliberately created for this purpose, still, I prefer just using telnet to port 25. I have made a simple perl script, with the intention that the things I do for years manually can be done automatically.

Modules required:

Nginx, Simple Http Authentication Using ngx_http_auth_pam_module Module

I already have a list of users in a mysql database that I use for postfix smtp authentication/sasl.

I wonder, whether the list can be used for http authentication 😀 . Well, let’s find out.

First of all, of course we must compile nginx to support http_auth_pam_module module.
download ngx_http_auth_pam_module-1.2.tar.gz

When compiling from source build as usual adding the -add-module option:

./configure --add-module=$PATH_TO_MODULE

My pam_mysql for postfix smtp authentication /etc/pam.d/smtp

auth required pam_mysql.so user=user passwd=pass host=localhost db=db table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqlLog=0
account sufficient pam_mysql.so user=user passwd=pass host=localhost db=db table=mailbox usercolumn=username passwdcolumn=password crypt=1 md5=1 sqllog=0

Nginx, Strip All Newlines Using nginx-nonewlines Module

nginx logo
Nginx

Another Nginx module i’ve tested today, nginx-nonewlines , basically, this module same as Evan Miller’s nginx mod_strip module , Evan Miller’s mod_strip module removes unnecessary whitespace (spaces, tabs, and newlines) from HTML documents and automatically leaves comments as well as <pre></pre> tags untouched. while using using nginx-nonewlines we should define  <!–SC_OFF–> and  <!–SC_ON–> within the html code area that we’re intend to leaves them intact.

Here’s quick and dirty compiling nginx-nonewlines module

  • download the module
https://github.com/vedang/nginx-nonewlines/archives/master
  • add this line to ./configure step, compile and install
  # ./configure \
  ....
  ....
  --add-module=/path/to/vedang-nginx-nonewlines-ba02b59
  ....
  ....
  # make && make install

add folowwing directive to nginx’s config.

postfix-2.9.20110605 rpm source

postfix-2.9.20110605.src.rpm Changelog 20110516 Update the warning when permit_naked_ip_address is used, and add permit_sasl_authenticated to the list of suggested alternatives. File: smtpd/smtpd_check.c. 20110601 Bugfix (introduced Postfix 2.6 with master_service_disable) loop control error when parsing a malformed master.cf file. Found by Coverity. File: master/master_ent.c. 20110602 Bugfix (introduced: Postfix 2.7): "sendmail -t" reported…

Nginx Blocking Spoofed Google Bot

nginx logo
Nginx

I’ve found something interesting in the nginx mailing list today http://forum.nginx.org/read.php?2,202715,202715#msg-202715 . someone asked whether it is possible to block fake user agent such as google bot. sometimes, a lot of bots flood our servers disguise as google bot or other legal bot. Most likely, to scrape our website’s contents. Original google bot always uses the ip address which is owned by Google Inc. Many website owners complained, bad bots only drain their bandwidth usage. 🙂

The first option to use “if” directive in nginx.

if ($http_user_agent ~* "Google Bot") {
	allow 66.x;
	allow 70.x;
	deny all;
}

However, “if” directive considered to be a bad practice when use for anything rather than “return” or “rewrite”. Here’s an example from Igor Sysoev:

How To Graph Nginx Statistics

Sometimes, we prefer to view statistics in graphical form rather than numerical values​​, which is not too attractive to be displayed. Nginx supports stub_status directive module, which we can use to print:

  • Active connections
  • Server accepts handled requests
  • Reading
  • Writing
  • Waiting

For example:

Active connections: 6
server accepts handled requests
 15561 15561 26602
Reading: 4 Writing: 2 Waiting: 0

However, This module is not compiled by default and must be specified using this argument when compiling nginx.

--with-http_stub_status_module

First, to get statistics like the above example, you should modify nginx config file and add location directive this

server {
....
....
	location /nginx_status {
		stub_status on;
		access_log   off;
		allow 1.2.3.4;
		allow 5.6.7.8;
		deny all;
	}
}

perl scripts used to generate statistical images can be downloaded here:

http://kovyrin.net/files/mrtg/rrd_nginx.pl.txt

Rename rrd_nginx.pl.txt to rrd_nginx.pl and make it executable

Postfix GeoIP Based Rejections

If you intend to be able to reject connections from remote IP addresses if they’re from certain countries. This is how you do it. This method will reject ip address that has been mapped in GeoIP at smtp conversation stage. However, This tutorial has never been tested. nothing more than a prototype that i created in leisure time.

Software required:

  • postfix (tcp_table)
  • Perl
  • Perl Geo::IP module

main.cf:

127.0.0.1:2528_time_limit = 3600s
smtpd_client_restrictions =
	check_client_access tcp:[127.0.0.1]:2528

master.cf

127.0.0.1:2528 inet  n       n       n       -       0      spawn
	user=nobody argv=/etc/postfix/geo-reject.pl

Postfix Bind Sender Outgoing IP, Based On GeoIP Location

This morning, when I took my daughter to school, I got the idea to experiment with postfix and GeoIP location. the idea is, if mx emails are in a geo targeted a specific location, mail delivery will be done with a certain ip address.

Ie:

  • Every emails with the mx hosts that have IP addresses/host mapped to the US country code, will be bind to ip 1.2.3.4.
  • Every emails with the mx hosts that have IP addresses/host mapped to the HK country code, will be bind to ip 5.6.7.8.

or

  • Every emails with the mx hosts that have IP addresses/host mapped to the CN country code, will be relay to our smtp nexthop in china.

And so on..

what is geolocation?

Geolocation is used to deduce the geolocation (geographic location) of another party. For example, on the Internet, one geolocation approach is to identify the subject party’s IP address, then determine what country (including down to the city and post/ZIP code level), organization, or user the IP address has been assigned to, and finally, determine that party’s location. Other methods include examination of a MAC address, image metadata, or credit card information.

But, in this experiment we just need ip/host to country code map and perl script.

Perl module required:

Net::DNS
Geo::IP
Sys::Syslog

Basic Usage perl geoip

#!/usr/bin/perl
use Geo::IP;
my $gi = Geo::IP->new(GEOIP_STANDARD);
print $gi->country_name_by_name("amazon.com");

I would still be using transport_maps and tcp_table to interact with Perl scripts. so here’s the prototype.

In Postfix part, we have custom transport like this in master.cf:

smtp-JP  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-JP
	-o smtp_helo_name=smtp-JP.example.com
	-o smtp_bind_address=1.2.3.1
smtp-US  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-US
	-o smtp_helo_name=smtp-US.example.com
	-o smtp_bind_address=1.2.3.2
smtp-ID  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-ID
	-o smtp_helo_name=smtp-ID.example.com
	-o smtp_bind_address=1.2.3.3
smtp-CN  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-CN
	-o smtp_helo_name=smtp-CN.example.com
	-o smtp_bind_address=1.2.3.4
smtp-HK  unix -       -       n       -       -       smtp
	-o syslog_name=postfix-smtp-HK
	-o smtp_helo_name=smtp-HK.example.com
	-o smtp_bind_address=1.2.3.5

Kutukupret New Layout / Themes

Today, I will not talk about the technical, tutorial or howto. yesterday I was speaking with friends about the layout of my website. she said my website is too "messy", hard to find the main content. indeed, from the first time since making these blogs, I only use themes that…