X Terminal Cyrillic issue Debian/Ubuntu

If we have a problem with reading/writing in Cyrillic on terminal, for example xfce4-terminal, probably we do not have a support for en_US.utf8 locale.

First we must check our locales list with:

root@debian:~# locale -a

If output is something like this:

C
C.UTF-8
POSIX

We are missing “en_US.utf8” locale and here is our problem with the Cyrillic.
So lets install “locales” if its not already installed on the system.

root@debian:~# apt-get install locales

Now we have to make “en_US.utf8” default locale for our system. But first lets make locale-gen for en_Us. For that purpose run:

root@debian:~# locale-gen en_US en_US.UTF-8

and then:

root@debian:~# dpkg-reconfigure locales

In the new window opened, find “en_US.UTF-8 UTF8” select it and click OK.
Chose “en_US.UTF-8” as default locale for the system environment and click OK.
We have to see “Generation complete.”

Reboot, and now we can read Cyrillic in our terminal.

How to enable Apache2 core dumps for debuging on Debian 7

Step-by-step guide

Proceed with the following steps:

  1. Install dependencies
    aptitude install apache2-dbg libapr1-dbg libaprutil1-dbg
  2. Add in the beginning of script ‘/etc/init.d/apache2’, the following:
    # set ulimit for debugging
    ulimit -c unlimited
  3. Add in to “/etc/apache2/httpd.conf”:
    cat /etc/apache2/httpd.conf
    # 20150129 add coredump to investigate the "Segmentation fault" event
    #
    CoreDumpDirectory /tmp/apache2_coredump
    
    ^D
  4. Create the folder and set proper permissions:
    mkdir /tmp/apache2_coredump
    chown www-data:www-data /tmp/apache2_coredump
    chmod 777 /tmp/apache2_coredump
  5. Test apache2 configuration for errors:
    apache2ctl -t
  6. If there are no errors, restart the apache2 server:
    /etc/init.d/apache2 stop;
    /etc/init.d/apache2 start;
  7.  When you see this in error_log:
    [Thu Feb 05 10:44:06 2015] [notice] child pid 5886 exit signal Segmentation fault (11), 
    possible coredump in /tmp/apache2_coredump

    you will be able to extract useful information from coredump:

    gdb apache2 /tmp/apache2_coredump/core
The guide was borrowed from: jrs-s.net

How to integrate Varnish in Plesk on Debian Server

Install varnish.
curl http://repo.varnish-cache.org/debian/GPG-key.txt | apt-key add -
echo -ne "\n## Varnish\n#\ndeb http://repo.varnish-cache.org/debian/ lenny varnish-3.0\n"  /etc/apt/sources.list
apt-get update
apt-get install varnish libvarnishapi1
Configure varnish.
egrep -v "^#|^$" /etc/default/varnish
START=yes
NFILES=131072START=yes
NFILES=131072
MEMLOCK=82000
DAEMON_OPTS="-a :80 \ # daemon-а работи на порт 80
             -T localhost:6082 \ # административната конзола е достъпна на host:port
             -f /etc/varnish/default.vcl \ # конфигурационен файл поподразбиране (т.нар. главен конфигурационен файл)
             -S /etc/varnish/secret \ # secret hash, използва се за authN и authZ
             -p thread_pool_min=200 \ # минимален брой на Idle threads
             -p thread_pool_max=4000 \ # максимален брой на threads
             -p thread_pool_add_delay=2 \ # намаляваме времето за стартиране на thread
             -p thread_pools=4 \ # тази стойност се определя от броя на CPU ядрата на машината
             -p session_linger=100 \ # To avoid too much context switching when you starve your CPU 
             -s malloc,4096m" # вид cache storage и размер, в случая се използва оперативната памет, размер на сегмента 4096 МБ
cat /etc/varnish/default.vcl
...................................
backend backend_0 {
        .host = "${pleskpublicip}";
        .port = "8080";
        .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

backend backend_1 {
        .host = "${pleskpublicip2}";
        .port = "8080";
        .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

backend backend_2 {
        .host = "${pleskinternalip}";
        .port = "8080";
        .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

sub vcl_recv {

if (req.http.host ~ "^(www\.)?example\.com$") {
        set req.backend = custom1;
}   else {
        set req.backend = backend_0;
}

Example varnish config file:

plesk01:~# cat /etc/varnish/default.vcl 
acl purge {
  "localhost";
  "127.0.0.1";
  "192.168.1.0"/24; /* Private IP Ranges */
  "212.212.212.0"/24; /* Public developers IP Ranges */
}

acl admins {
   "localhost";
   "127.0.0.1";
   "192.168.1.0"/24;
}

backend backend_0 {
  .host = "${public_ip1}";
  .port = "8080";
  .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

backend backend_1 {
  .host = "${internal_ip1}";
  .port = "8080";
  .probe = { .url = "/"; .interval = 1h; .timeout = 10 s; .window = 5; .threshold = 3; }
}

sub vcl_recv {

  //exclude domains from cache
  //include "/etc/varnish/excludes.vcl";

  // Check end-point handler
  if (req.url == "/check"  client.ip ~ admins) {
    error 726 "OK";
  }

  if (req.url ~ "/server-status$") {
     if(!client.ip ~ admins) {
        error 405 "Not allowed";
     }  else {
	set req.backend = backend_1;
        return (pass);
     }
  }

  set req.backend = backend_0;

  // Including definitions for 301 redirects
  //include "/etc/varnish/redirects-set.vcl";

  // Let's have a little grace
  if (! req.backend.healthy) {
   set req.grace = 2h;
  } else {
   set req.grace = 1h;
  }

  // Normalizing hostnames to avoid double cache of same objects
  //include "/etc/varnish/vhosts.vcl";

  // Normalizing X-Forwarded-For header
  remove req.http.X-Forwarded-For;
  set    req.http.X-Forwarded-For = client.ip;

  if (req.http.X-Forwarded-Proto == "https" ) {
   set req.http.X-Forwarded-Port = "443";
  } else {
   set req.http.X-Forwarded-Port = "80";
   set req.http.X-Forwarded-Proto = "http";
  }

  // Default request checks
  if (req.request != "GET" 
   req.request != "HEAD" 
   req.request != "PUT" 
   req.request != "POST" 
   req.request != "TRACE" 
   req.request != "OPTIONS" 
   req.request != "PURGE" 
   req.request != "DELETE") {
    // Non-RFC2616 or CONNECT which is weird.
    return (pipe);
  }

  /* pass the request to apache backend if following conditions are satified:
     - Request for Server status
     - Authorization request
     - HTTP method other than GET, HEAD or PURGE
  */

  if ((req.request != "GET")  (req.request != "HEAD")  (req.request != "PURGE")) {
    return (pass);
  }

  if (req.http.Authorization) {
    return (pass);
  }

  if (req.http.Cache-control ~ "no-cache") {
    if(client.ip ~ purge) {
	ban("req.http.host ~ " + req.http.host + "  req.url ~ " + req.url);
    }
    return (pass);
  }

  if (req.http.pragma ~ "no-cache") {
    return (pass);
  }

  // We do not need to cache demo content developing by designers
  if (req.url ~ "/demo") {
    return (pass);
  }

  // Normalizing Accept-Encoding header
  if (req.http.Accept-Encoding) {
    if (req.url ~ "\.(jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf)$") {
      // No point in compressing these
      remove req.http.Accept-Encoding;
    } elsif (req.http.Accept-Encoding ~ "gzip") {
      set req.http.Accept-Encoding = "gzip";
    } elsif (req.http.Accept-Encoding ~ "deflate") {
      set req.http.Accept-Encoding = "deflate";
    } else {
    // unkown algorithm
      remove req.http.Accept-Encoding;
    }
  }

  if (req.url ~ "^http://") {
    set req.url = regsub(req.url, "http://[^/]*", "");
  }

  if (req.http.Cookie) {
    set req.http.Cookie = regsuball(req.http.Cookie, "(^|; ) *__utm.=[^;]+;? *", "\1"); # removes all cookies named __utm? (utma, utmb...) - tracking thing

    if (req.http.Cookie == "") {
        remove req.http.Cookie;
    }
  }

  // Remove empty cookies.
  if (req.http.Cookie ~ "^\s*$") {
    unset req.http.Cookie;
  }

  // Cookie monster
  set req.http.Cookie = regsuball(req.http.Cookie, "(^|;\s*)(__[a-z]+|has_js)=[^;]*", "");
  set req.http.Cookie = regsub(req.http.Cookie, "^;\s*", "");

  // Cache things with these extensions
  if (req.url ~ "\.(js|css|jpg|jpeg|png|gif|gz|tgz|bz2|tbz|mp3|ogg|swf|flv|ivp|xml|htm|html|ico)(\?.*|)$") {
    // Remove the query string from real static files
    set req.url = regsub(req.url, "\?.*$", "");

    // Remove cookies for static content
    unset req.http.Cookie;

    // Revong extra headers
    unset req.http.User-Agent;
    unset req.http.Vary;

    return (lookup);
  }

  return (pass);
} // end of sub vcl_recv

// Strip any cookies before an image/js/css is inserted into cache.
// Also: future-support for ESI. Dropped ($id Arruor exp)
sub vcl_fetch {
  // we do not need to cache 404 error documents
  if (beresp.status == 404 || beresp.status == 403) {
        set beresp.ttl = 0s;
        return (deliver);
  }

  // Misbehaving servers protection
  if (beresp.status == 500) {
    set beresp.saintmode = 10s;
    return (restart);
  }
  set beresp.grace = 1h;

  // Aviding too small ttls
  if (beresp.ttl  0s) {
      // Remove Expires from backend, it's not long enough
      //unset beresp.http.expires;

      // Set the clients TTL on this object to two weeks, I think two weeks is enough
      set beresp.http.cache-control = "max-age=1209600, public, no-transform";

      // Set how long Varnish will keep it, I think one month is enough
      set beresp.ttl = 4w;

      // marker for vcl_deliver to reset Age:
      set beresp.http.magicmarker = "1";
    }

     unset beresp.http.Cookie;
  }

  if (client.ip ~ purge) {
  // Varnish determined the object was not cacheable
  if(req.http.Cookie ~"(UserID|_session)") {
    // You don't wish to cache content for logged in users
    set beresp.http.X-Cacheable = "NO:Got Session";
    return (hit_for_pass);
  }  elsif ( beresp.http.Cache-Control ~ "private") {
    // You are respecting the Cache-Control=private header from the backend
    set beresp.http.X-Cacheable = "NO:Cache-Control=private";
    return (hit_for_pass);
  }  else {
    // Varnish determined the object was cacheable
    set beresp.http.X-Cacheable = "YES";
  }
  }

  // Changing default Server Signature
  unset beresp.http.Server;
  set beresp.http.Server = "Apache 1.3.27 (FreeBSD) Server PHP/4.2.0 at " + req.http.host +" Port 80";

  unset beresp.http.X-Generator;
  unset beresp.http.X-Powered-By;
  unset beresp.http.Etag;
  unset beresp.http.Last-Modified;
  unset beresp.http.Pragma;
  unset beresp.http.Via;
  unset beresp.http.Cookie;
  unset beresp.http.Vary;

  return (deliver);
} // end of sub vcl_fetch

sub vcl_deliver {
  // Reset Age: header (if it's necessary)
  if (resp.http.magicmarker) {
     /* Remove the magic marker */
     unset resp.http.magicmarker;

    /* By definition we have a fresh object */
    set resp.http.Age = "0";
  }

  if (client.ip ~ purge) { 
  // Add cache hit data
  if (obj.hits  0) {
    #if hit add hit count
    set resp.http.X-Cache = "HIT";
    set resp.http.X-Cache-Hits = obj.hits;
  } else {
    set resp.http.X-Cache = "MISS";
  }
  }

  remove resp.http.X-Varnish;
  remove resp.http.Via;

  // Changing default Server Signature
  unset resp.http.Server;
  set resp.http.Server = "Apache 1.3.27 (FreeBSD) Server PHP/4.2.0 at " + req.http.host + " Port 80";

  return (deliver);
} // end of sub vcl_deliver

sub vcl_pipe {
  // This forces every pipe request to be the first one. ($id Arruor exp)
  set bereq.http.connection = "close";

  // Make sure we have the correct ip in x-forwarded-for ($id Arruor exp)
  if (req.http.X-Forwarded-For) {
    set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
  } else {
    set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
  }

  return (pipe);
} // end of sub vcl_pipe

sub vcl_pass {
  return (pass);
} // end of sub vcl_pass

sub vcl_miss {
  // Make sure we have the correct ip in x-forwarded-for ($id Arruor exp)
  if (req.http.X-Forwarded-For) {
    set bereq.http.X-Forwarded-For = req.http.X-Forwarded-For;
  } else {
    set bereq.http.X-Forwarded-For = regsub(client.ip, ":.*", "");
  }

  return (fetch);
} // end of sub vcl_miss

sub vcl_hash {
    hash_data(req.url);
    if (req.http.host) {
        hash_data(req.http.host);
    } else {
        hash_data(server.ip);
    }
    return (hash);
}

sub vcl_hit {
  if (obj.ttl  0s) {
    return (pass);
  }

  return (deliver);
} // end of sub vcl_hit

sub vcl_error {
  if (obj.status == 503  req.restarts  5) {
    set obj.http.X-Restarts = req.restarts;
    return (restart);
  }

 // Handling Check end-point
  if (obj.status == 726) {
    set obj.status = 200;
    set obj.http.Content-Type = "text/html; charset=utf-8";
    synthetic {"

"};
  }

} // end of sub vcl_error
Install libapache2-mod-rpaf module to catch correct remote IP address in apache log files and change RPAFproxy_ips $ip.

This is needed and to change SERVER_PORT header in Apache from 8080 to 80.
You will need to install version 0.8.1, so if the plesk is installed on Debian lenny you will need to download this version from git hub and compile it:

apt-get install build-essential apache2-threaded-dev
wget http://security.ubuntu.com/ubuntu/pool/universe/y/yada/yada_0.55_all.deb
dpkg -i yada_0.55_all.deb
git clone git@github.com:gnif/mod_rpaf or get archive from svn support/files/varnish/mod_rpaf.tar.gz
cd mod_rpaf
dpkg-buildpackage -b
dpkg -i ../libapache2-mod-rpaf_X.X-X.X_XXX.deb

cat /etc/apache2/mods-enabled/rpaf.conf

  RPAF_Enable       On
  RPAF_ProxyIPs     ${publicip_1}
  RPAF_Header       X-Forwarded-For
  RPAF_SetHostName  On
  RPAF_SetHTTPS     On
  RPAF_SetPort      On

If the server has more than 1 public address, you must add all of them to the RPAF_ProxyIPs variable, divided by space.

Change following in /etc/init.d/varnishncsa to start varnish access logging adding cache resource info.
start_varnishncsa() {
............................
--chuid $USER --exec ${DAEMON} -- "-F %h %l %u %t "%r" %s %b "%{Referer}i" "%{User-agent}i" Cache: %{Varnish:handling}x" ${DAEMON_OPTS} \
........................
Start ‘varnishncsa’ by default:
cat /etc/default/varnishncsa
..............................
VARNISHNCSA_ENABLED=1
Change Apache default port to port ‘8080’:
mysqldump -u admin -p`cat /etc/psa/.psa.shadow` psa ; psa.back.sql
mysql -uadmin -p$(cat /etc/psa/.psa.shadow) -D psa -e'replace into misc (param, val) values ("http_port", 8080);'
Change default Apache port:
cat /etc/apache2/ports.conf

Listen 8080
Listen 443
Reload all Apache configurations:
/usr/local/psa/admin/bin/websrvmng --reconfigure-all
/usr/local/psa/admin/sbin/webmailmng --disable --name=horde
/usr/local/psa/admin/sbin/webmailmng --enable --name=horde
Change server-status configuration in Apache.
cat /etc/apache2/httpd.conf
................
ExtendedStatus On

    SetHandler server-status
    Order deny,allow
    Allow from all

................
Test Apache configurations and restart Apache server
apache2ctl configtest
/etc/init.d/apache2 restart
Start varnish server.
/etc/init.d/varnish start
Add to /etc/motd-warning
nano /etc/motd-warning
\e[1;31mDon't restart varnish!!! Just reload it if needed!\e[00m
Allow connections from internal network to Apache port 8080:
iptables -A tcp_inbound -p TCP -s 192.168.1.0/24 --destination-port 8080 -j ACCEPT
Check Varnish config for errors:

If you’ve updated your varnish server’s configuration, there doesn’t seem to be an equivalent of ‘apachectl configtest‘ for it, but you can do:

varnishd -C -f /etc/varnish/default.vcl

If everything is correct, varnish will then dump out the generated configuration. Otherwise you’ll get an error message pointing you to a specific line number.

Invalidate Varnish cache

1. Invalidate entire cache for domain:

varnishadm "ban req.http.host ~ www.mydomain.com"

2. Invalidate cache for specific domain’s URl:

varnishadm "ban req.http.host ~ www.mydomain.com  req.url ~ someurl"

3. Invalidate cache for some URL for all vhosts:

varnishadm "ban.url ~ someurl"

4. Invalidate cache using ctrl+F5 (sending cache-control: no-cache) from your browser if you are from purge acl.