A better way to run PHP-FPM
If you search the web for PHP-FPM configurations, you'll find many of the same configurations popping up. They nearly all use the 'dynamic' process manager and all assume you will have one master...
View ArticleScan your network for Heartbleed vulnerabilities with Nmap
Nmap now has an NSE script (Nmap Scripting Engine) to detect SSL Heartbleed vulnerabilities. You can find how to patch yourself in my previous blogpost: Patch against the heartbleed OpenSSL bug...
View ArticleVarnish 4.0.0 released together with configuration templates
Good news! Today, Varnish 4.0.0 has been released!. Among the most important features are; * Full support for streaming objects through from the backend on a cache miss. Bytes will be sent to 1..n...
View ArticleFollow-up: use ondemand PHP-FPM masters using systemd
A few days ago, I published a blogpost called A better way to run PHP-FPM. It's gotten a fair amount of attention. It detailed the use of the "ondemand" process manager as well as using a separate...
View ArticleDebugging HTTP requests to PHP via the CLI
You're a sysadmin. You love the CLI. You use PHP. Surely, you should be able to troubleshoot PHP applications that are normally run via an HTTP server through the CLI as well, right? Well good news;...
View ArticleWhois at the CLI: get all IP ranges from an AS number
Just a note to my future self, in case I ever need it again. All you need is the AS number. $ whois -h whois.radb.net — '-i origin AS1234' | grep 'route:' route: 1.2.3.0/24 ... For instance, all...
View ArticleOpenSSL: validate that certificate matches / signs the private key
You could probably just try to install your new certificate and private key, reload your webserver config, and see if it works. But that's not very convenient if you want to validate your private key...
View ArticleCVE-2014-0185: PHP-FPM sockets unavailable after updating PHP
Reference: CVE-2014-0185 A few days ago, a security update to PHP was released that corrected the default permissions on the listening socket that PHP-FPM would create. If your PHP-FPM pool had a...
View ArticlePHP-FPM environment variables are limited to 1024 chars
Here's something I didn't know: environment variables passed via PHP-FPM to PHP code, are hard-limited to 1024 characters. Not a very big problem per se, but if your environment variables pass the...
View ArticleHTTPd: Cannot load mod_status.so into server: undefined symbol:...
Red Hat Enterprise Linux has published a new advisory on July 23rd, RHSA-2014:0920-1. This involves a security update for the Apache2 webserver for configurations that use mod_status in combination...
View ArticleHHVM versus PHP-FPM 5.4 vs PHP-FPM 5.5: performance comparison
If you haven't heard of HHVM in the last 2 years, I recommend checking out the website. I won't go into details here. I've even mentioned it briefly on this blog in 2010. But I was curious: given a...
View ArticleSysdig CLI examples
Here are some SysDig examples for your CLI. Looking for an easy way to install SysDig on your servers? Check out my puppet-sysdig module if you're a Puppet user. Observe the I/O activity on all the...
View ArticleCompress a PDF file on Linux via the CLI
If you're processing large PDF files, you may want to optimize the filesize. Here's what I found to be working. These tools all require Ghostscript. $ yum install ghostscript $ apt-get install...
View ArticleYou Need Passion
(This article was written in May 2012, but for some reason never got published. Better late than never, I assume) I read, with great interest, Davy Kesten's article on "Just do it". It's to-the-point...
View ArticlePatch your webservers for the SSLv3 POODLE vulnerability (CVE-2014-3566)
First, read this: CVE-2014-3566. Next: realise that the SSL vulnerability in SSLv3 isn't limited to just webservers. It's any client or server that uses the SSLv3 protocol: from SSL tunnels to...
View Article