eAccelerator freebsd error shmmax
Freebsd has an issue with eAccelerator right now where when you try to start it it gives you an error "eAccelerator: shmmax should be at least 2MBPHP Warning"
To fix this we're going to remove eAccelerator then reinstall it:
# cd /usr/ports/www/eaccelerator
# make deinstall
# vi MakeFile
The "CONFIGURE_ARGS=" line needs to be changed so it looks like this
CONFIGURE_ARGS= --with-eaccelerator-shared-memory \
--with-eaccelerator-userid=80 \
--without-eaccelerator-use-inode
save the file and exit
then
# make install clean
restart apache
Move MySQL database directory
By default mysql installs itself in /var/db in freebsd. If you have a big database then this folder will quickly get filled up. Here are the commands to move mysql from /var/db to /usr/local/mysql cd /var/db mv mysql /usr/local/ ln -s /usr/local/mysql mysql
cd /usr/local chown -R mysql mysql Then start up mysql done.
Apache freebsd munin not working together
I came across an issue with Apache 2.2 on freebsd 8.2 where munin wasn't graphing the Apache data. (apache_accesses, apache_processes and apache_volume )
When I tailed the munin error log I found this error.
tail /var/log/munin/munin-node.log
munin UserAgent not found at apache_volume line 86.
With some researching on google I found this nice munin command to tell me more about how to setup munin. IE what we can install on freebsd.
/usr/local/sbin/munin-node-configure --suggest
The output gave us "LWP::UserAgent not found". which means, install Perl's libwww.
To fix this error we install p5-libwww
cd /usr/ports/www/p5-libwww/
make install clean
Restart munin and everything should now work.
# ./usr/local/etc/rc.d/munin-node restart
ref: http://articles.slicehost.com/2010/4/9/enabling-munin-node-plug-ins-on-ubuntu
Install eAccelerator on FreeBSD – High Performance PHP
eAccelerator is a PHP caching system, it caches frequently used portions of PHP files to RAM to increase performance. This is especially great on high traffic websites such as forums. Performance gains of up to 1000% have been seen with eAccelerator. The following tutorial is how to install eAccelerator on FreeBSD using ports.
Using ports, compile and install:
cd /usr/ports/www/eaccelerator
make install clean
Make modifications to php.ini:
If you are using Zend:
vi /usr/local/Zend/etc/php.ini (this is the default location)
Add the following:
zend_extension="/usr/local/lib/php/20020429/eaccelerator.so"
eaccelerator.shm_size="32"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
Comment out the following lines:
zend_extension_manager.optimizer=/usr/local/Zend/lib/Optimizer-2.5.7
zend_extension_manager.optimizer_ts=/usr/local/Zend/lib/Optimizer_TS-2.5.7
If you are not using Zend optimiser the add the following to your php.ini:
extension="eaccelerator.so"
eaccelerator.shm_size="16"
eaccelerator.cache_dir="/tmp/eaccelerator"
eaccelerator.enable="1"
eaccelerator.optimizer="1"
eaccelerator.check_mtime="1"
eaccelerator.debug="0"
eaccelerator.filter=""
eaccelerator.shm_max="0"
eaccelerator.shm_ttl="0"
eaccelerator.shm_prune_period="0"
eaccelerator.shm_only="0"
eaccelerator.compress="1"
eaccelerator.compress_level="9"
Create the caching directory:
mkdir /tmp/eaccelerator
chmod 0777 /tmp/eaccelerator
look inside /tmp/eaccelerator/ to see if the cache files were created.
Rate limit e-mail providers
If you're like me and need to manage large amounts of emails, one thing that must be done is limiting the speed email providers like yahoo.com, hotmail.com, live.com, gmail.com, aol.com get your email.
I don't go into much detail here but this is the setup I've researched and currently use.
First we edit main.cf and go to line 561 (i just like to keep things together)
vi /etc/postfix/main.cf
Add the following lines into main.cf
transport_maps = hash:/etc/postfix/transport
smtpslow_destination_concurrency_limit = 2
smtpslow_destination_recipient_limit = 15
smtpslow_destination_rate_delay = 2s
smtpslow_destination_concurrency_failed_cohort_limit = 2
Edit the transport file and add the domains we'd like to slow sending with.
vi /etc/postfix/transport
yahoo.com smtpslow:
gmail.com smtpslow:
hotmail.com smtpslow:
aol.com smtpslow:
comcast.com smtpslow:
live.com smtpslow:
msn.com smtpslow:
sbcglobal.net smtpslow:
verizon.net smtpslow:
bellsouth.net smtpslow:
yahoo.ca smtpslow:
cox.net smtpslow:
ymail.com smtpslow:
Go to the postfix directory and postmap(hash) the transport file
cd /etc/postfix && /usr/local/sbin/postmap transport
Now we need to change the following in master.cf.
vi /etc/postfix/master.cf
Make sure you have space or tabs before -o as it will not work if you don't.
smtpslow unix - - n - - smtp
-o smtp_helo_timeout=5
-o smtp_connect_timeout=5
Restart postfix and we're done.
/usr/local/sbin/postfix reload
setup jails on freebsd
we'll be creating 4 jails + main host (5 machines in total)
First, lets create some folders where the jails will be stored.
mkdir /usr/jails && mkdir /usr/jails/mail1 && mkdir /usr/jails/mail2 && mkdir /usr/jails/mail3 && mkdir /usr/jails/mail4
then we add some settings to rc.conf
# vi /etc/rc.conf
Add these line right after (remember, every machine has a differnt network card reference (bge0)). Change it to your machines network card.
ifconfig_bge0="inet 192.168.1.157 netmask 255.255.255.0"
ifconfig_bge0_alias0="inet 192.168.1.211 netmask 0xfffffff8"
ifconfig_bge0_alias1="inet 192.168.1.212 netmask 0xfffffff8"
ifconfig_bge0_alias2="inet 192.168.1.213 netmask 0xfffffff8"
ifconfig_bge0_alias3="inet 192.168.1.214 netmask 0xfffffff8"
if you don't want to reboot, you'll also have to setup the alias now so you can ssh in later...
ifconfig bge0 inet alias 192.168.1.211 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.212 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.213 netmask 255.255.255.255
ifconfig bge0 inet alias 192.168.1.214 netmask 255.255.255.255
near the bottom of the file, add following and makre sure you change the IP's & paths if different than above.
#only have 5 IP's. 1 for the main server and 4 for the jails
#jail_list="mail1 mail2 mail3 mail4"
jail_enable="YES"
jail_list="mail1 mail2 mail3 mail4"
jail_set_hostname_allow="YES"
jail_mail1_rootdir="/usr/jails/mail1"
jail_mail1_hostname="mail1.example.com"
jail_mail1_ip="192.168.1.231"
jail_mail1_start="/bin/sh /etc/rc"
jail_mail1_devfs_enable="YES"
jail_mail1_devfs_ruleset="devfsrules_jail"
jail_mail2_rootdir="/usr/jails/mail2"
jail_mail2_hostname="mail2.example.com"
jail_mail2_ip="192.168.1.232"
jail_mail2_start="/bin/sh /etc/rc"
jail_mail2_devfs_enable="YES"
jail_mail2_devfs_ruleset="devfsrules_jail"
jail_mail3_rootdir="/usr/jails/mail3"
jail_mail3_hostname="mail3.example.com"
jail_mail3_ip="192.168.1.233"
jail_mail3_start="/bin/sh /etc/rc"
jail_mail3_devfs_enable="YES"
jail_mail3_devfs_ruleset="devfsrules_jail"
jail_mail4_rootdir="/usr/jails/mail4"
jail_mail4_hostname="mail4.example.com"
jail_mail4_ip="192.168.1.234"
jail_mail4_start="/bin/sh /etc/rc"
jail_mail4_devfs_enable="YES"
jail_mail4_devfs_ruleset="devfsrules_jail"
------------------------------------------
Make the virtual system
cd /usr/src
make world DESTDIR=/usr/jails/mail1
if you get this error "make: don't know how to make world. Stop"
it's because you don't have to source tree installed...
look at cvs-supfile blog post to know how to do it...
cd etc
make distribution DESTDIR=/usr/jails/mail1
cd /usr/jails/mail1
ln -sf /dev/null kernel
touch /usr/jails/mail1/etc/fstab
cat /etc/resolv.conf > /usr/jails/mail1/etc/resolv.conf
mount -t procfs proc /usr/jails/mail1/proc
mount -t devfs dev /usr/jails/mail1/dev
mkdir /usr/jails/mail1/usr/ports
mount_nullfs /usr/ports /usr/jails/mail1/usr/ports
Once the first jail is created, we can just copy jails and not have to redo "make world" which takes awhile.
----------------------------------------------
Configuration of the jail
Start the jail for the first time
# /etc/rc.d/jail start mail1
If you try to SSH into the jail, you will end up in the main machine and not in the jail.
To fix this add the following line to /etc/rc.conf
rpcbind_enable="NO"
vi /etc/ssh/sshd_config
Port 22
Protocol 2
ListenAddress 192.168.1.157
Now we jump into the jail for some 1st step configurations
# jail /usr/jails/mail1 mail1.example.com 192.168.1.231 /bin/sh
now you are inside the jail:
change the root password
# passwd
add a new user and invite the user to the wheel group (so you can su to root)
# adduser
So we can ssh into the jail
# echo 'sshd_enable="YES"' >> /etc/rc.conf
install bash, change the users shell to bash
if you are in a jail and ports doesn't exit you have to remount the ports Filesystem
# cd /usr/ports/shells/bash
# make clean; make install clean
# chsh
change the shell to: /usr/local/bin/bash
Host environment syslogd
This entry in /etc/rc.conf tells syslogd to not listen on any IP address.
syslogd_flags="-ss"
That allows syslogd to run in both the host and the jail environments.
Host environment inetd
This entry in /etc/rc.conf tells inetd to listen on a specific IP address. This address is that of the host environment:
inetd_flags="-wW -C 60 -a 192.168.0.100"
You should note that the first part of the above flags is from /etc/defaults/rc.conf:
inetd_flags="-wW -C 60" # Optional flags to inetd
jail_enable="YES"
jail_list="mail_1"
jail_set_hostname_allow="YES"
jail_mail_1_rootdir="/usr/jails/mail_1"
jail_mail_1_hostname="mail_1.example.com"
jail_mail_1_ip="192.168.1.202" jail_mail_1_start="/bin/sh /etc/rc"
jail_mail_1_devfs_enable="YES"
jail_mail_1_devfs_ruleset="devfsrules_jail"
if you forget root password
jail /dumpdrive500/jails/devbox2 devbox2 192.168.1.152 /usr/bin/passwd root
------------------------------------------------
Clone the Jails
mkdir /usr/jails/mail2
cd /usr/jails/mail1
tar -cpf - . | tar -C /usr/jails/mail2 -xpf -
Mount all the needed directories for the cloned jails
mount -t procfs proc /usr/jails/mail1/proc
mount -t devfs dev //usr/jails/mail1/dev
mount_nullfs /usr/ports /usr/jails/mail1/usr/ports
vi /etc/rc.conf
added in -------------
jail_devbox5_rootdir="/usr/jails/mail1"
jail_devbox5_hostname="devbox5.example.com"
jail_devbox5_ip="192.168.1.155"
jail_devbox5_start="/bin/sh /etc/rc"
jail_devbox5_devfs_enable="YES"
jail_devbox5_devfs_ruleset="devfsrules_jail"
/etc/rc.d/jail start devbox5
ref: http://www.freebsd.org/doc/en/books/handbook/jails-build.html [[BR]]
ref: http://www.freebsddiary.org/jail-6.php
freebsd cyrus sasl2 saslauthd
Here is a step by step setup of what I did to get cyrus sasl2 saslauthd working on Freebsd
You'll notice that i reinstall postfix due to the fact that I needed it compiled with sasl2 which I didn't have.
# cd /usr/ports/security/cyrus-sasl2-saslauthd
# make install clean
# cd /usr/ports/mail/postfix
# make config (make sure you check on cyrus-sasl2-saslauthd)
# make
# make FORCE_PKG_REGISTER=yes install clean
now you edit /etc/rc.conf and add the following lines near the top of the file.
postfix_enable="YES"
saslauthd_enable="YES"
#If you not need sendmail anymore, please add in your rc.conf:
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
# And you can disable some sendmail specific daily maintenance routines in your system
# If /etc/periodic.conf does not exist please create it and add those values.
/etc/periodic.conf file:
daily_clean_hoststat_enable="NO"
daily_status_mail_rejects_enable="NO"
daily_status_include_submit_mailq="NO"
daily_submit_queuerun="NO"
After installing saslauthd
/usr/local/etc/rc.d/saslauthd start
vi /etc/postfix/main.cf
Add this to the end...
# sasl config
broken_sasl_auth_clients = yes
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain =
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
/usr/local/sbin/postfix stop && /usr/local/sbin/postfix start
/usr/local/sbin/saslpasswd2 -c -u domain.com -a smtpauth usernameeee
/usr/local/etc/rc.d/saslauthd restart
setup domainkeys with postfix and freebsd on a jail
How to setup domainkeys for yahoo on freebsd 7.3 (I'm sure it works with older versions of freebsd) on postfix 2.7. This may seem long but it works! It's not that long of a process...
Fist, Install postfix and configure. This is a very basic setup, I'll have a more advanced postfix install in the near future.
cd /usr/ports/mail/postfix
make install clean
cd /etc
ln -s /usr/local/etc/postfix postfix
cd /etc/postfix
vi main.cf
// change the following
/////////////////////////////////////
myhostname = mail1.domain.com
mydomain = mail1.domain.com
myorigin = $mydomain
inet_interfaces = 56.56.56.56
mydestination = $myhostname, localhost.$mydomain, $mydomain
mynetworks = 56.56.56.56,127.0.0.1
install dkfilters
cd /usr/ports/mail/dkfilter
make install clean
//Setting up the outbound filter
/////////////////////////////
Generate a private/public key pair using OpenSSL:
cd /usr/local/etc/
openssl genrsa -out private.key 1024
openssl rsa -in private.key -pubout -out public.key
start up dkfilters, don't forget to change IP 56.56.56.56 to your own IP
/usr/local/bin/dkfilter.out --keyfile=/usr/local/etc/private.key --selector=selector1 --domain=mail1.domain.com --method=nofws 56.56.56.56:10027 56.56.56.56:10028 &
add to master.cf, 2nd line if a jail server
############################################
submission inet n - n - - smtpd
-o smtpd_etrn_restrictions=reject
#-o smtpd_sasl_auth_enable=yes
-o content_filter=dksign:[56.56.56.56]:10027
-o receive_override_options=no_address_mappings
-o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
dksign unix - - n - 10 smtp
-o smtp_send_xforward_command=yes
-o smtp_discard_ehlo_keywords=8bitmime
56.56.56.56:10028 inet n - n - 10 smtpd
-o content_filter=
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=67.213.69.0/24
-o smtpd_authorized_xforward_hosts=56.56.56.0/24
I got this error in the /var/log/maillog
postfix/local[11933]: fatal: open database /etc/aliases.db: No such file or directory
// to fix it...
cd /etc
newaliases
# change resolv.conf if you haven't done so yet...
# update hosts with correct IPs of machine
// restart postfix
/usr/local/sbin/postfix stop
/usr/local/sbin/postfix start
May 31 22:00:22 mail1 postfix/postfix-script[12148]: stopping the Postfix mail system
May 31 22:00:22 mail1 postfix/master[12023]: terminating on signal 15
May 31 22:00:25 mail1 postfix/postfix-script[12224]: starting the Postfix mail system
May 31 22:00:25 mail1 postfix/master[12225]: daemon started -- version 2.7.0, configuration /usr/local/etc/postfix
didn't work with yahoo, i got this error
domainkeys=permerror (no key);
FIX: in my dns i added (in godaddy)
host: selector1._domainkey.mail1
TXT value: k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIshG7shxiCH280IycLOzF3cSTBE27rGypfK3SWiE37A9Z9OR7GDApCFBFfLWyQKaDPA+e4+mPvAVizOfn6Zj8FnuOL+BrOYUJJG/PbCT4t+V5Aagi/l7Z6VXfoKbzYcESNVPntROEzUZLyWXWYzI2qbgjWi2RxQVoRxl3uWXihQIDAQAB; t=y
error after installing postfix and trying to start it up...
Jun 1 14:32:14 mail1 postfix/postfix-script[60663]: starting the Postfix mail system
// Jun 1 14:32:14 mail1 postfix/master[60664]: fatal: bind 56.56.56.56 port 25: Address already in use
vi /etc/rc.conf
add sendmail_enable="NO"
restart jail or machine
error with SPF
check to see if it can find a value for your spf
nslookup -type=TXT domain.com
For a sub domain
nslookup -type=TXT mail1.domain.com
Stay tuned for a more up-to-date version in the next week or two.
how to add a new munin node with freebsd
Here is what I did to add a new munin node in freebsd to an existing munin server.
cd /usr/ports/sysutils/munin-node/
make install clean
When asked about the logs, answer yes. We want munin to rotate the logs.
Would you like me to set up log rotation [y]?
After the munin install this is what we see and need to do.
********************************************************************
Unless this file already existed, a sample configuration file
has been placed in /usr/local/etc/munin/munin-node.conf.Please edit it according to your needs.
********************************************************************
The Munin client will *not* be started automatically. To allow it
to start, put this line in /etc/rc.conf:munin_node_enable="YES"
Then, it will be started on the next boot. If this line is already
present, the client will be started now. Otherwise, edit
/etc/rc.conf and execute this command:/usr/local/etc/rc.d/munin-node start
********************************************************************
Lets do the easy stuff first for munin.
vi /etc/rc.conf
add munin_node_enable="YES" somewhere in the file. I like to keep all the enable options together
munin_node_enable="YES"
The plugins directory in freebsd is empty, so for munin node to work we need to add symbolic links.
cd /usr/local/etc/munin/plugins
ln -s /usr/local/share/munin/plugins/cpu cpu
ln -s /usr/local/share/munin/plugins/df df
ln -s /usr/local/share/munin/plugins/df_inode df_inode
ln -s /usr/local/share/munin/plugins/if_errcoll_ if_errcoll_fxp0
ln -s /usr/local/share/munin/plugins/if_ if_fxp0
ln -s /usr/local/share/munin/plugins/load load
ln -s /usr/local/share/munin/plugins/memory memory
ln -s /usr/local/share/munin/plugins/netstat netstat
ln -s /usr/local/share/munin/plugins/ntp_offset ntp_offset
ln -s /usr/local/share/munin/plugins/open_files open_files
ln -s /usr/local/share/munin/plugins/processes processes
ln -s /usr/local/share/munin/plugins/sendmail_mailqueue sendmail_mailqueue
ln -s /usr/local/share/munin/plugins/sendmail_mailstats sendmail_mailstats
ln -s /usr/local/share/munin/plugins/sendmail_mailtraffic sendmail_mailtraffic
ln -s /usr/local/share/munin/plugins/swap swap
ln -s /usr/local/share/munin/plugins/vmstat vmstat
Next, lets look at the conf file
vi /usr/local/etc/munin/munin-node.conf
update the allow line to the IP address of the munin server
allow ^192\.168\.1\.105$
everything else is good, save and exit
for the munin server
add the IP address of that machine
vi /usr/local/etc/munin/munin.conf
Add this to the end of munin.conf
[server1.domain.com]
address 192.168.1.203
use_node_name yes
notify_alias server1load.notify_alias load
df.notify_alias df
# /
df._dev_mirror_gm0s1a.warning :85
df._dev_mirror_gm0s1a.critical :90# /tmp
df._dev_mirror_gm0s1e.warning :80
df._dev_mirror_gm0s1e.critical :90# /usr
df._dev_mirror_gm0s1f.warning :80
df._dev_mirror_gm0s1f.critical :90# /var
df._dev_mirror_gm0s1d.warning :80
df._dev_mirror_gm0s1d.critical :90
If you haven't done so you can start munin-node from
cd /usr/local/etc/rc.d/
./munin-node start
If munin node doesn't update after 5..10 minutes look at the munin main log to find any errors that you may have.
cd /var/log/munin-main
vi munin-update.log