server

First part of CentOS 5 server setup howto series now available

After much research, experimentation, testing and tweaking I'm happy to announce that I have completed the first part of my CentOS 5 server setup howto series!

As of today, you'll notice a new CentOS 5 Howtos link on the where I have listed the first two parts of the howto series, the getting started howto which will help you setup a basic system environment and more importantly, the mail server howto which documents how to setup a secure mail server offering POP3/IMAP/SMTP with virtual users stored in a MySQL database.

I'm very happy with this setup because it uses virtual users that cam be mapped to system users and also keeps the software set relatively small; Dovecot is used for SASL authentication (both for POP3/IMAP and SMTP) and for postfix's local delivery agent, so with only 2 servers we've got it all covered (of course technically it's 3 servers with an extra transport if you take amavisd and response-lmtpd into account).

The virtual user database is currently only used in this tutorial for the mail server, but I have plans to introduce (with an upgrade path) a new database structure that will unify several authentication data pools and make managing clients for a shared hosting server easier... But I'll talk more about that later once I've finished posting my other guides. I plan on adding ones for other services such as DNS & Web, although I cannot promise when those will be finished. The mail server tutorial alone is 16 printed pages (!) so it does take me quite some time to ensure that the tutorial is well documented and that the configurations listed work properly.

I still have to add some notes here and there about the implementation, but the core material is there. Enjoy!

Rating: 

Some quick PHP performance stats: suPHP vs prefork+mod_php vs itk+mod_php

I have been doing lots of research on how to properly secure PHP on a shared server, especially with regards to finding the best way to sandbox users. On stock apache installations, the apache user must have access to web content in order to serve it which has the unfortunate side effect that every user on the shared hosting server can read the files of every other user.

The solution to them is "sandboxing" them, or in other words having Apache serve each user's web files as that user. I will post a tutorial relatively soon detailing how to do so (along with configuring many other services) but in the mean time here are some benchmarks:

prefork: 2.720166 seconds
suphp: 13.621006 seconds
itk: 4.263002 seconds

These benchmarks were generated using the "ab" benchmark included with the httpd server. They represent the time it took to load the front page of my blog 200 times:
ab -c 1 -n 200 http://www.firewing1.com/
prefork is the standard apache MPM working with mod_php. It's the fastest, but for the reasons outlined above also the most insecure. suPHP tackles the problem by using a SUID executable and running PHP under CGI, but it is extremely slow - even for this modest drupal site, it is just over 5x slower than stock. I compiled the ITK MPM for Apache which also offers the feature of running files under different users but it is based on Prefork and uses mod_php. The performance is still worse (2x slower) than stock, but much better than suPHP.

Rating: 
Tags: 

Troubleshooting the MySQL Server 5.1 service on Windows Vista

Although some users have reported success, most installations I've tried of MySQL 5.1 on Vista have failed, even on fresh Vista installs. The first problem appears at the end of the service instance configuration. All appears to be well, however the server refuses to start with Could not start MySQL service or Could not start the service MySQL. Error: 0.

The trick is to start MySQL from the console so that you are able to see the error message (you can access the command console by typing cmd into the Run dialog):

cd "C:\Program Files\MySQL\MySQL Server 5.1\bin"
mysqld -nt --defaults-file="C:\Program Files\MySQL\MySQL Server 5.1\my.ini" --standalone --console

In my case, MySQL always returned the same error message:

Plugin 'InnoDB' init function returned error.
Plugin 'InnoDB' registration as a STORAGE ENGINE failed.
Unknown/unsupported table type: INNODB
Aborting
Forcing shutdown of 1 plugins

This message is a symptom of the log file size problem (just google InnoDB: Error: log file .\ib_logfile0 is of different size for more information). All you need to do is to clear the following files from the folder C:\ProgramData\MySQL\MySQL Server 5.1\data:

ib_logfile0
ib_logfile1
ibdata1
$YOUR_HOSTNAME$.err

Restart the MySQL server and all should be well. Note that the C:\ProgramData\ folder is hidden, so unless you have enabled hidden folders from the Folder Options dialog, you will need to copy/paste that folder path directly into the address bar in order to access the folder.

Rating: