Home

Server Diary

2010-10-09

FreeBSD 8 and GlassFish V2.

2005-10-22

First part of FreeBSD 6 installation guildline. This is the first document I wrote with FreeBSD Document sgml tools.

2005-08-18

SquirrelMail+Courier-imap with Large Inbox

If you has a very large Inbox (+1000 mails). You should enable SquirrelMail to use server side mail sorting which are faster and use less resource. See SquirrelMailPerformance for more detail.

2005-05-25

PostgreSQL don't support IPV6 by default.

So, if you enable IPV6 in the OS and have IPV6 entry for localhost (::1 localhost localhost.my.domain) before IPV4 entry (127.0.0.1 localhost localhost.my.domain) -- which is default for FreeBSD.
PostgreSQL will report error if you try to connect with "localhost" (i.e psql -h localhost ).

The solution, swap IPV6 and IPV4 entries of localhost

2005-05-17

After install FreeBSD 5.4 on our new server we found that:

  1. If you can not access to the box with ssh becase it timeout before authentication, Check your resolv.conf becase sshd need DNS to check the conecting client.
  2. If you use Vandyke SecureCRT and you can not access to the host using password authentication. Add the line PasswordAuthentication yes to your /etc/ssh/sshd_config

2005-04-16

Our customer complain that PHP serialize function run much slower on FreeBSD compare to the Linux system (buntu 5.04 with default installation). Serialize of 2MB array run 0.13 s on 4.3.10-10ubuntu4, but it take about 2 s -- about 20 times slower on FreeBSD 5.4).

After take a look at PHP source code I found that serialize use a lot of realloc which from some perl web site 

Dan Kogai explained that FreeBSD comes with an implementation of malloc()
that is optimized for paged memory, and safe from duplicate free() calls.
But the downside is that realloc() is very slow. That's usually not a big
deal, because most programs don't use realloc() very often -- but perl
does. (The default configuration of perl on FreeBSD is to use perl's
internal malloc, that hasn't this realloc limitation.)
This is a patch for PHP 4.3.11 I make for my system to fix this problem. Use it with your own risk. 

t42# diff -ud ext/standard/php_smart_str.h /home/cws/php_smart_str.h
--- ext/standard/php_smart_str.h        Wed Apr 16 16:12:37 2003
+++ /home/cws/php_smart_str.h   Sat Apr 16 18:44:09 2005
@@ -29,7 +29,11 @@
 #define smart_str_0(x) do { if ((x)->c) { (x)->c[(x)->len] = '\0'; } } while (0)

 #ifndef SMART_STR_PREALLOC
-#define SMART_STR_PREALLOC 128
+#define SMART_STR_PREALLOC 1024
+#endif
+
+#ifndef SMART_PTR_MAX_PREALLOC
+#define SMART_PTR_MAX_PREALLOC 1048576
 #endif

 #ifdef SMART_STR_USE_REALLOC
@@ -42,8 +46,11 @@
        if (!d->c) d->len = d->a = 0; \
        newlen = d->len + n; \
        if (newlen >= d->a) {\
-               d->c = SMART_STR_REALLOC(d->c, newlen + SMART_STR_PREALLOC + 1, what); \
-               d->a = newlen + SMART_STR_PREALLOC; \
+               size_t pre_alloc = newlen *2;\
+               if ( pre_alloc > SMART_PTR_MAX_PREALLOC ) { pre_alloc = SMART_PTR_MAX_PREALLOC; }\
+               if ( pre_alloc < SMART_STR_PREALLOC) { pre_alloc = SMART_STR_PREALLOC; }\
+               d->c = SMART_STR_REALLOC(d->c, newlen + pre_alloc + 1, what); \
+               d->a = newlen + pre_alloc; \
        }\
 }

2005-04-12

Upgrade perl from 5.003 to 5.8.2. Go to this Upgrading Perl On FreeBSD for the detail.

2005-04-11

Question: How to add multiple gateways to a FreeBSD?
Answer: No you can not do this (at least directly) on FreeBSD. FreeBSD don't support multiple gateways.
Workaround solution: If you have a server with 2 set of IPs and each set have there own gateway.

  • First, you must select one of the gateway to be a default gateway.
  • Then, You need ipfw (or any FreeBSD firewall solution),
    Check that your kernel support ipfw, if not, recompile your kernel with the following options(IPDIVERT and DUMMYNET is not required, but if you add IPFW/IPFW2 it better to also add these two options) 
    #Firewall & NAT & DummyNet   
options         IPFIREWALL
options         IPDIVERT
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPFIREWALL_VERBOSE
options         IPFIREWALL_VERBOSE_LIMIT=100
options         DUMMYNET
options         IPFW2
    add the following rule to your ipfw rules set. 
    	ipfw add rule_no fwd second_gateyway_ip ip from ip_of_this_gateway to not me
    For example, I have 2 ip set (10.0.0.100,10.0.0.101,10.0.0.102 for gateway 10.0.0.254) and (192.168.0.77,192.168.0.78 for gateways 192.168.0.254). I chose 10.0.0.254 as the default gateway. So, my ipfw rules are 
    	ipfw add 100 fwd 192.168.0.254 ip from 192.168.0.77 to not me
        ipfw add 110 fwd 192.168.0.254 ip from 192.168.0.78 to not me

2004-05-20

One of our customer complains that he can not send an auto-respond e-mail from our server.
After some check, we found that his mail was filtered by local spamassasin.
To prevent amavisd to filter the outgoing mail, we change /usr/local/etc/posfix/master.cf to 

127.0.0.1:smtp      inet  n       -       n       -       -       smtpd
 
smtp      inet  n       -       n       -       -       smtpd
        -o content_filter=smtp-amavis:[127.0.0.1]:10024
And remove the line content_filter from main.cf

2004-05-15 (2)

Remove cronolog becase every cronolog line in httpd.conf (|/usr/local/sbin/cronolog /var/log/httpd/%Y-%m-%d-access.log) need 2 processes to run. With 80+ virtual host, the process count go up to 160+. The simple log rotate script that copy the access.log to new name and clear the log with the command echo -n > access.log which run at 0:00 works fine for us, event some log line may be end in the wrong file.

2004-05-15 (1)

Install postfix+amavisd-new+ClamAV+spamassasin. See Virus checking with Postfix, ClamAV and Amavisd-new for more details.

2004-04-13

Our customer complains to us that he can not use Eudora to pop more that 4 e-mail accounts from out server after we upgrate the courier-imap.
The problem is that the default value of courier-imap MAXPERIP is 4 but Eudora default MaxConcurrentTasks is 10. So, Eudora will try to make 10 concurrent connections to our pop3 server which can accept only 4 connections from the same IP.
The solution is to raise the number of MAXPERIP or to limit Eudora number of concurrent connection by setting MaxConcurrentTasks in EUDORA.INI

2004-03-24 (1)

UTC != GMT(at least in FreeBSD+PHP4). I have just found that there is a daylight saving (no 2004 March 28 00:00:00 - 00:59:59 for EU countries) in GMT(PHP mktime function) but the time are there in the UTC zone. To set your timezone to UTC just copy /usr/share/zoneinfo/Etc/UTC to /etc/localtime.

2003-12-10

Try to learn how to use /bin/ed to edit the file. Because it is the only editor in / partition.

2003-11-15

Setup DNS is easy (see FreeBSD handbook) but make it conformances to RFCs need a lot of knowledge. There is 2 ways to do this

  1. Read DNS RFCs such as
    RFC974
    Mail routing and the domain system.
    RFC1034
    Domain names - concepts and facilities.
    RFC1912
    Common DNS Operational and Configuration Errors.
    RFC2181
    Clarifications to the DNS Specification.
    RFC2182
    Selection and Operation of Secondary DNS Servers.
  2. Use DNS checking tools. These are examples
    DNS Report
    Uniplace CheckDNS
    Network-Tools NS Look
    Squishywishywoo: complete dns traversal checking

    Try to fix errors that these tools report.

2003-11-13

I want to rebuild php4 and found that I forgot the old configuration options.
There is 2 ways to get the options

  1. from output of phpinfo() function
  2. from /usr/port/lang/php4/work/Makefile.inc
You can save (2) for later build if you want to keep all of your php installations build with the same configuration (i.e test server and real server)

Another port build hints, you can save port specific options ( such as WITHOUT_CUPS or A4 ) in /etc/make.conf to set these options every time you rebuild your port.
Or if you use portupgrade to update your software, Put the options you need for each package in the file /usr/local/etc/pkgtools.conf. Search for the hash MAKE_ARGS , and follow the example in that file.

2003-10-26

Setup secondary mail exchange using postfix.
Becase I want to try both qmail and postfix. After try both softwares for sometime , I like both of them.
qmail is rock solid (version 1.03 release on 1998/06/15) It is everything I need for mail server except native MySQL interface for large volume of user account (there is patch but not as solid as postfix).
postfix has everything I need plus native MySQL interface + more flexible licence agreement + more features.
IMHO, if I don't need a lot of virtual domain and user, qmail is my choice. Otherwise I choose postfix.

To set secondary MX in postfix, just add the line relay_domains=xxxx.xxx to main.cf and xxxx.xx smtp:mail.xxxx.xxx to transport , then run postmap
For qmail it is easier, just put xxxx.xxx to qmail rcphosts file. qmail find the rest for you from DNS.

2003-10-07

Have you ever had to cancel buildworld in the middle ?
While I buildworld, the power fail and UPS going to die soon -- so the only choice I got is Ctrl+C and shutdown.

Do you want to continue buildworld after the interruption?

"buildworld" again don't continue the process from it stop point. It clean up all compiled object files and start from the beginning.
The solution, use make -D NOCLEAN buildworld . Now buildworld will continue from the last step it had taken.

2003-08-16

Jailed named , see Wietse Venema's documnet for more detail.

2003-18-10

Create FreeBSD PPP server for Windows client
Read James R. Quinby 's how-to-freebsd-pppserver.html
Unfortunately , it don't work with MS-CHAP authentication, so you can not connect to it from Windows directly.
Here is work around for Windows that work for me .

  1. Add new user, set this account log-in shell to this script. (don't forget to put the full script path name of this script to /etc/shell/shells)
    #!/bin/sh
exec  /usr/sbin/ppp -direct modem
  2. You need to allow this user to run ppp. That can be done by (1)Add this user to network group or (2) use sudo
  3. When make connection from Windows, tick the check box that open terminal window and ignore user/password
  4. When connect, Windows will show you a terminal screen. You will see standard FreeBSD login screen, type user/password at the prompt . When ppp string appear, close the terminal window.

2003-07-22

Remove mod_gzip. It seems that mod_gzip prevent IE from caching images from my server. Anyways, this is not the big problem becase most of the page on this server is a PHP which can be compress with the command ob_start("ob_gzhandler") in PHP code or the line zlib.output_compression = XXk in php.ini .

2003-17-01

Install Win2K on Internet !!!. We need to run a Win32 IBM MQSeries client program to provide a service to our customer. Fortunately , I finally port that program to Linux (I can not find MQSeries Client for FreeBSD), so this server life time is not too long (about 2 months). Anyways, install and try to secure this sever is worth mention. Read Installing Windows 2000 for WWW Service if you interest in my work.

2003 May 29

Install ports/net/ctrace. My ISP block icmp , so traceroute can not be used from my host.
2003-05-05

Build CD-Bootable Firewall. Follow the link if you want to know the steps.
2003-04-30

Have you ever got this error arpresolve: can't allocate llinfo for X.X.X.X ?
I got one yesterday. The cause? (After 2 days of investigation)
(1) On DHCP client machine,config network interface with DHCP
(2) On DHCP server, set dhcp.conf so that the router of the (1) machine is itself.

2003-04-24

Due to growing number of FreeBSD machine. I design to set up cvsup server for FreeBSD source and port to reduce external network bandwidth. There is a good document http://motoyuki.bsdclub.org/BSD/cvsup.html. Read it ,and follow the instruction.

2003-04-22

I crashed the server with command mergemaster -air. The wrong option is -i which I confuse it with portupgrade -air. The -i install the source of all programs in /bin/sh to /bin/sh , so it prevent any scripts and root to login to the machine. Another mistake is I try to recover with reboot. This make the problem more critical than the first. In the first mistake, any program that don't use /bin is fine. But in the second mistake,the machine can not start even in the single user mode because it can not execute /bin/sh. To fix the problem, I need to create a bootable CD to reboot the machine and copy all files to /bin. Anyways, the problem is not end here, the server has SCSI device which I forget to add to my bootable CD. To workaround, I must boot from the SCSI disk, hit space in loader prompt and enter the following command

  1. unload kernel
  2. set vfs.root.mountform=cd9660:acd0a
  3. load kernel
  4. boot

2003-04-21

Fix DNS server error. I found that I can't query some DNS domain that handle by this server. After look in that DNS record file, I found that it has a CNAME record points to another host in the difference domain. Remove that CNAME seems to fix the problem.

(2003 Apr 28) No, it does not fix the problem, so my current soulution is -- restart named of the machine that query DNS, once a day. It is not elegant but it work.

2003-04-17

Don't set root umask to 077 by default
Always set it to 022. If you need 077, set it , do you work , then set it back
Today the SMTP service is down because someone create a qmail control file with umask 077.

2003-04-13

Upgrade openssl,curl,mysql

  1. Don't forget to set umask to 022 before upgrade
  2. Don't forget ktrace/kdump. There are handy tools, when you want to know why the program is not run.

2003-04-12

To use portupgrade -Pair to update other server

  1. setenv PKG_PATH path_to_pkg
  2. For mysql, setenv DB_DIR /home/mysql
  3. For package that you don't want to check, put the empty file +IGNOREME in /var/db/pkg/pkgname

2003-04-08

  • Upgrade to
    • apache+mod_ssl-1.3.27+2.8.14
    • openssl-0.9.7a_2
    • courier-imap-1.7.1
    • squirrelmail-1.4.0
    • proftpd-1.2.8
    Don't forget to check files in /usr/local/etc/rc.d . Sometime, upgrading remove start up file. I will investigate the case if I have a time.
  • Add thawte site seal to https page.

2003-04-01

There are sendmail security holes but we don't use sendmail here. We switched to qmail a long time ago.

2003-03-25

Renew SSL certificate
only server.crt is need to be replaced.

2002-12-08

Install and jailed ProFTPD server
I don't have any free partition left and it is very dangerous to allow ftp upload user to fillup your disk. So,I use vnconfig to setup new virtual disk on a regular file. See the startup script here.

...

Install FreeBSD Server


Home

The document theme copy from FreeBSD Handbook
For questions about this documentation, e-mail <cws@miraclenet.co.th>
Last update : $Id: index.html,v 1.21 2006/04/26 08:51:16 cws Exp $
Chatchawan Wongsiriprasert