tag:blogger.com,1999:blog-84173519321291746852024-02-22T07:07:20.241-06:00Ariel developerAquí encontrarás herramientas útiles, ejemlos de código y consejos de desarrollo para el mundo NIX y NT :)Anonymoushttp://www.blogger.com/profile/13001494137881517103noreply@blogger.comBlogger3125tag:blogger.com,1999:blog-8417351932129174685.post-71835200482308014182014-01-08T19:59:00.003-06:002014-01-08T20:02:29.786-06:00Make NGINX send PHP scripts through UNIX socketI proved this working on both Fedora 19 and 20 as that of today.<br />
<br />
After following <a href="http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-fedora-19">this great tutorial</a> by falko I got my web server with MySQL (MariaDB) and PHP support up and running in just a few minutes, then I remembered that making PHP listen on a UNIX socket rather than the traditional TCP port could hel you save a few bytes of overhead, which is specially helpful on very busy sites, and speeds things a bit up on very low resource computers.<br />
<br />
However, they don't specify how to do so on the above mentioned tutorial, which is why I googled a little and found <a href="http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-on-centos-6.0-p2">another tutorial</a> (for CentOS this time, again by falko) which mentions how to do so, and its rather simple:<br />
<br />
1.- After having everything installed, open the <b>/etc/php-fpm.d/www.conf</b> file (with root privileges) and look for the <b>listen</b> option.<br />
<br />
2.- Change (or comment it) and set it to the unix socket you want to use, for example: /var/run/php5-fpm.sock, you can specify any location you want, but the /var/run/ directory is a pretty common location.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtrox5-VPNXxbnaj0LPsAfw14XO6OqPfZuMO1bwaf6sqfHJ0_DOreA3Cp5Lx2mzkIjZt65mFWDWN4CGhpLSzCIe7ga61jyO198WLioRU14ORZI7pS-29QCkFUicq_gymehlx7cJXBKSp1h/s1600/cap2ed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjtrox5-VPNXxbnaj0LPsAfw14XO6OqPfZuMO1bwaf6sqfHJ0_DOreA3Cp5Lx2mzkIjZt65mFWDWN4CGhpLSzCIe7ga61jyO198WLioRU14ORZI7pS-29QCkFUicq_gymehlx7cJXBKSp1h/s1600/cap2ed.png" /></a></div>
<br />
3.- Save it and then open the <b>/etc/nginx/nginx.conf</b> file.<br />
<br />
4.- Locate your <b>~ \.php$</b> stanza and find the <b>fastcgi_pass</b> option.<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQA9vjjKfxa1nJ0PRQdWCBGZVJg4l_jIlopudNODxgekI3VlIoOeX2rniwuHIdmKZ1gVW-6YJCI_uf2GTamMGqKARxjFVsSZgabow_0QTa6A4WpG5Bm8IN2RCJcFgUhlE9myGPV-aKqm0M/s1600/cap3ed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjQA9vjjKfxa1nJ0PRQdWCBGZVJg4l_jIlopudNODxgekI3VlIoOeX2rniwuHIdmKZ1gVW-6YJCI_uf2GTamMGqKARxjFVsSZgabow_0QTa6A4WpG5Bm8IN2RCJcFgUhlE9myGPV-aKqm0M/s1600/cap3ed.png" /></a><br />
<br />
5.- Again, change or comment it and set it to the path of the unix socket you specified before (/var/run/php5-fpm.sock in my case), preceded by the <b>unix:</b> protocol specifier.<br />
<br />
6- Now just restart both <b>nginx.service</b> and <b>php-fpm.service</b> by issuing:<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;"><b>systemctl restart php-fpm.service</b></span></blockquote>
then<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;"><b>systemctl restart nginx.service</b></span></blockquote>
with root privileges of course.<br />
<br />
7.- Done! Now PHP listens for scripts through a UNIX socket, avoiding all the TCP overhead.<br />
<br />
I know the performance diference is way too little to even be noticeable, but I look at it this way: TCP ports are limited (up to 65535, minus 1024 which are reserved) and UNIX sockets (which are like any other regular files) are just limited by the filesystem you create them in, about 4,000,000,000 or maybe even more on newer systems.<br />
<br />
Have a great day ;) and let me now if this helped you someway.Anonymoushttp://www.blogger.com/profile/13001494137881517103noreply@blogger.com0tag:blogger.com,1999:blog-8417351932129174685.post-3404795079032322892014-01-08T18:44:00.002-06:002014-01-12T03:07:02.912-06:00Allow Apache/Lighttpd/Nginx to access content inside an NTFS partition behind SELinux<div style="text-align: justify;">
I stumbled upon this problem because in my dual-boot laptop I keep 3 main partitions:</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
50 GiB for my linux distro.</div>
<div style="text-align: justify;">
50 GiB for my Windows installation.</div>
<div style="text-align: justify;">
And all remaining space (about 400 GiB) for files and stuff.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
I like to keep it this way for ease of management, in case of trouble I just format → reinstall without having to make an extensive backup, or no backup at all.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
As you may assume, all my projects are inside my "stuff" partition (formatted as NTFS, beacuse of windows).</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Then I installed my web server with NGINX and MySQL (MariaDB) and PHP support (thanks to <a href="http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-fedora-19">http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-fedora-19</a>).</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
With previous installations of Fedora, I used to completely disable selinux, but this time I tried to do things the right way, keeping it enabled; for ease of development I also used to place links inside the html/ directory (where all the web stuff is located) towards the projects I was working in (which were inside my "stuff" partition), but things didn't work this time.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Why? you may ask, well it's because selinux, as the protector it is, didn't let the web server to access anything inside my partition, and since NTFS directories do not support SELinux labels at all, the only 3 ways to go were:</div>
<div style="text-align: justify;">
</div>
<ol>
<li>Migrate all my projects inside the html/ folder, thus having to use Geany with root privileges and having to backup them everytime something with my distro went wrong, and with the risk of forgetting to backup them as well (silly me).</li>
<li>Mount the partition with the context option "httpd_sys_content_t" and anything a normal mount needs, by editing the fstab file.</li>
<li>Just telling SELinux that an httpd server can access content inside an NTFS partition (which is accessed via fuse).</li>
</ol>
<div>
Well, the two last ones were the most viable so this is the right procedure to do both:</div>
<div>
<br /></div>
<div>
<b>#1 Mounting the NTFS partition with the "httpd_sys_content_t" context label:</b><br />
<br />
Add the "context=system_u:object_r:httpd_sys_content_t" to the end of the "options" string of the fstab entry of the filesystem you want to use, example:</div>
<div>
<br />
1.- Open /etc/fstab with the editor of your choice (mine is mousepad) with root privileges, of course:</div>
<div>
<br /></div>
<div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXFLyva5LjwF_KtGw2Vrs8J7-XJXxaBeKyYEpZu0AmT5z4dupReCcjK1FrSrDbYOEsgzwy35IbiGG0Or9mVL4ig07yUsUYESp0z4GgwE89r1zH7bA_IeKU28nnMQ4J50fzDdSfM8-JgGMm/s1600/cap3ed.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhXFLyva5LjwF_KtGw2Vrs8J7-XJXxaBeKyYEpZu0AmT5z4dupReCcjK1FrSrDbYOEsgzwy35IbiGG0Or9mVL4ig07yUsUYESp0z4GgwE89r1zH7bA_IeKU28nnMQ4J50fzDdSfM8-JgGMm/s1600/cap3ed.png" /></a></td></tr>
<tr><td class="tr-caption" style="font-size: 13px;">Opening the /etc/fstab file</td></tr>
</tbody></table>
</div>
<div>
2.- Look for the fstab entry of your filesystem:</div>
<div>
<br /></div>
<div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqyXrJGAx2uVs2zfCC7jstev_6zcKOfEcpTZeMM-u6L_lwww0mZIg_0123kPDA-q81fQKJ9qL2V_tryxX75rev1V1_yQuhcaxgDAZpMtxxtNVuok3qkHQg8ekYs3T2SKcqZjc4QN6OaUoQ/s1600/cap1ed.png" imageanchor="1" style="margin-left: auto; margin-right: auto; text-align: center;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjqyXrJGAx2uVs2zfCC7jstev_6zcKOfEcpTZeMM-u6L_lwww0mZIg_0123kPDA-q81fQKJ9qL2V_tryxX75rev1V1_yQuhcaxgDAZpMtxxtNVuok3qkHQg8ekYs3T2SKcqZjc4QN6OaUoQ/s1600/cap1ed.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Locating the "options" string inside fstab</td></tr>
</tbody></table>
</div>
<div>
<br /></div>
<div>
3.- Add "context=system_u:object_r:httpd_sys_content_t" (without quotes) to the end of the "options" string, located at the end of the filesystem entry (just before two numbers), it's a comma separated list:</div>
<div>
<br /></div>
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIHx4SRG3ol8dAVoMGsib4zs1J6B_4MP5TS6MqIWb9D0IQ-2AGFWby2UZ6KJjlxhcEDnyMtZ8uQdZTLfHJTAg-TGNEyF0FYgu7wjmIwXt2E1Vwg2mEC_UL5hgVqY9CBYc9aDn9AhWx5ZCe/s1600/cap2ed.png" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjIHx4SRG3ol8dAVoMGsib4zs1J6B_4MP5TS6MqIWb9D0IQ-2AGFWby2UZ6KJjlxhcEDnyMtZ8uQdZTLfHJTAg-TGNEyF0FYgu7wjmIwXt2E1Vwg2mEC_UL5hgVqY9CBYc9aDn9AhWx5ZCe/s1600/cap2ed.png" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Adding the "context" option with the "httpd_sys_content_t" parameter</td></tr>
</tbody></table>
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
4.- Save and reboot, or you can unmount → mount the partition again, it's now mounted with the new options.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: left;">
<b>#2 Telling SELinux to let web servers access another partitions</b></div>
<div class="separator" style="clear: both; text-align: left;">
<b><br /></b></div>
<div class="separator" style="clear: both; text-align: left;">
1.- Open a console and issue this command:</div>
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;">setsebool -P httpd_use_fusefs 1</span></blockquote>
2.- Done! Now any websever can access content inside any mounted partition via fuse, dont forget to add the -P option to make it persistent across reboots, otherwise SELinux will block access again.<br />
<br />
You can always disable these two settings by either removing the option string from the fstab file or issuing the same command with a 0 instead.<br />
<br />
Remember that SELinux is another layer of security added to your system, and since it's safe to disable it, it could save you someday, you never know.<br />
<br />
Have a great day! ;)<br />
<br />Anonymoushttp://www.blogger.com/profile/13001494137881517103noreply@blogger.com0tag:blogger.com,1999:blog-8417351932129174685.post-49115962786328354702014-01-08T17:32:00.001-06:002014-01-08T18:45:25.846-06:00Compress PSP ISOs to CSOs with cisoplus on Linux<div style="text-align: justify;">
There are many GUIs to do this for Windows out there (YACC, for example, is an excellent tool - <a href="http://yacc.pspgen.com/">http://yacc.pspgen.com/</a>), but for Linux and other NIX environments we only find command line applications and source packages of GUIs to compile - along with the dependencies they need.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
This a very simple script for the shell that compresses an ISO (using cisoplus/cisoplus_O3) to a CSO, with the maximum level of compression and threshold, it also removes the update modules and other unnecesary things.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
What's better is that you may specify a list of files (through the console) and it will compress any one of them individually, with the same settings; and just mark the file as an executable (chmod +x) and you can even drag/drop files on the script to compress them, it's as simple as that.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
Inside the zip you'll find with the script and the original cisoplus executables (by kapoue3).<br />
<br /></div>
<div style="text-align: justify;">
You can also make it easier to use by dropping the entire contents of the package into /usr/share/bin or any executable path your system uses, and deleting the ".sh" from the script name.</div>
<div style="text-align: justify;">
<br /></div>
<div style="text-align: justify;">
The script runs cisoplus_O3 (it's the same as cisoplus, except that it was compiled with a level 3 optimization) with the following syntax:<br />
<blockquote class="tr_bq">
<span style="font-family: Courier New, Courier, monospace;">cisoplus_O3 -com -opt -rm_update -l9 -t99</span></blockquote>
<br />
Instructions:<br />
<br />
1.- You can specify the filename of the ISO to compress...<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXWL3E4ZDpvSnWwJxYWWpDhqeYNltoaEiSbXV5u5aLOnRLuLATyX1qhvoswg4JFad0ZJ_5whneDVaqLB8q6S8psGU9hrYr82wk6LTFNc9LTSL3leeY8-7EiU5vDUHnkJiM5Vcb72EkSp7L/s1600/cap4ed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiXWL3E4ZDpvSnWwJxYWWpDhqeYNltoaEiSbXV5u5aLOnRLuLATyX1qhvoswg4JFad0ZJ_5whneDVaqLB8q6S8psGU9hrYr82wk6LTFNc9LTSL3leeY8-7EiU5vDUHnkJiM5Vcb72EkSp7L/s1600/cap4ed.png" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: left;">
1.a.- Alternatively, you can drag/drop the ISO onto the script.</div>
<div class="separator" style="clear: both; text-align: left;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihbwpjNt97ra9ov1i_S_0K7d3OM8wpKqhhaApk4eNknXBW43nB1MS7XP9zPSVIrnbMuRTzW1bTyWQxj2yTp6BTQoewkVPxqd3lpgXR8PNvOrnEtxvtk7gEPSkGIqPdOpN1tnJEtcXKR5GS/s1600/cap1ed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEihbwpjNt97ra9ov1i_S_0K7d3OM8wpKqhhaApk4eNknXBW43nB1MS7XP9zPSVIrnbMuRTzW1bTyWQxj2yTp6BTQoewkVPxqd3lpgXR8PNvOrnEtxvtk7gEPSkGIqPdOpN1tnJEtcXKR5GS/s1600/cap1ed.png" /></a></div>
<br />
2.- A temporary file will be created while the file is being compressed (to avoid confusion, and to let you know the compression isn't done yet).<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGFYley-HTyjSAd4fDSdLYO8Qo6VFVdXhyphenhyphenDHkKwtG3F9bpj9HONEw05N_SMrfKqc4faNbsy87PhgYDxVtV6z8SKbJNusuQjqLHsxa_-S6k_dNXISo4fx_vqLMPD-1gvknyb2VBFDytiXX0/s1600/cap5ed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhGFYley-HTyjSAd4fDSdLYO8Qo6VFVdXhyphenhyphenDHkKwtG3F9bpj9HONEw05N_SMrfKqc4faNbsy87PhgYDxVtV6z8SKbJNusuQjqLHsxa_-S6k_dNXISo4fx_vqLMPD-1gvknyb2VBFDytiXX0/s1600/cap5ed.png" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOXWtokYG7q0N4MQY-lvmljj8ia7OnP4s4QfARFd2bstPDmevnd0NNsfRbzKTLcpXa7qNmBc5ivm5tp1M-yVlMq9SohKEpxClx4iNpiNGPqM-SITCF0dKQMbm-GcScocsysprhgHGOcgMF/s1600/cap2ed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjOXWtokYG7q0N4MQY-lvmljj8ia7OnP4s4QfARFd2bstPDmevnd0NNsfRbzKTLcpXa7qNmBc5ivm5tp1M-yVlMq9SohKEpxClx4iNpiNGPqM-SITCF0dKQMbm-GcScocsysprhgHGOcgMF/s1600/cap2ed.png" /></a></div>
<br />
3.- The resulting file will have the same name as the original ISO.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAqPxAuzBeact1eZmuwlY9Q2xDa4SPdtricZkI1dXm9Yn2oYam0_khn7c80YOHAejUMrhw6-mpy4CN4VgzT8mJg11jFf0bBIuwFkyCHNZqZE-0Cd8qhsmNxC0mtA2yRo1EAn_UZ_MTW1H8/s1600/cap3ed.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAqPxAuzBeact1eZmuwlY9Q2xDa4SPdtricZkI1dXm9Yn2oYam0_khn7c80YOHAejUMrhw6-mpy4CN4VgzT8mJg11jFf0bBIuwFkyCHNZqZE-0Cd8qhsmNxC0mtA2yRo1EAn_UZ_MTW1H8/s1600/cap3ed.png" /></a></div>
<br />
Download link (hosted at my Google Drive :)<br />
<br />
<a href="https://drive.google.com/file/d/0B5aRkDF9of9IUWlBM2QyeGRPN00/edit?usp=sharing">cisomax.tar.gz</a><br />
<br />
Hope everyone finds this useful ;)<br />
<br /></div>
Anonymoushttp://www.blogger.com/profile/13001494137881517103noreply@blogger.com0