Sometimes we need to have more time for executing heavy script on apache server. In this case, it shows time out error like this.
504 Gateway Time-out
To increase limit, we need to check 2 things. Apache and PHP configuration.
Open the php.ini file and modify below.
vi /etc/php/7.0/apache2/php.ini<br>
Below is just example, change the value according to your needs.
max_execution_time = 120 max_input_time = 120 memory_limit = 256M
Open Conf file and add below.
cd /etc/apache2/sites-available/ vi yourfile.conf
Set timeout
TimeOut 600
I have posted how to install Percona XtraDB cluster previously. And I want to show how to use the DB clusters from web server.
To use the multiple nodes from one or multiple web servers, it need load balancer. There’s several LB but HAProxy is one of most popular and easy to install.
Here’s documentation from Percona how to set up HAProxy on Percona XtraDB clusters.
Let’s say there are Percona DB nodes synced each other and one web server.
10.7.13.81 web 10.7.13.91 node1 10.7.13.92 node2
And I would like to make web server connected to 2 db nodes.
Download and Install HAProxy on web server.
sudo add-apt-repository ppa:vbernat/haproxy-1.8 sudo apt-get update sudo apt-get install haproxy
Then config HAProxy.
sudo vi /etc/haproxy/haproxy.cfg
Then add this below. We will use port 3307 and localhost to connect Mysql nodes. And HAProxy will routes the traffic to db nodes using port 3306.
frontend pxc-front bind *:3307 mode tcp default_backend pxc-back frontend stats-front bind *:80 mode http default_backend stats-back frontend pxc-onenode-front bind *:3306 mode tcp default_backend pxc-onenode-back backend pxc-back mode tcp balance leastconn option httpchk server node1 10.7.13.91:3306 check port 9200 inter 12000 rise 3 fall 3 server node2 10.7.13.92:3306 check port 9200 inter 12000 rise 3 fall 3 backend stats-back mode http balance roundrobin stats uri /haproxy/stats stats auth pxcstats:secret backend pxc-onenode-back mode tcp balance leastconn option httpchk server node1 10.7.13.91:3306 check port 9200 inter 12000 rise 3 fall 3 server node2 10.7.13.92:3306 check port 9200 inter 12000 rise 3 fall 3 backup
Install Clustercheck on each db nodes. Clustercheck is checking mysql health and display the status on web port 80. So that HAProxy knows which node is live and available.
First create clustercheckuser on mysql.
GRANT PROCESS ON *.* TO 'clustercheckuser'@'localhost' IDENTIFIED BY 'clustercheckpassword!' FLUSH PRIVILEGES;
Then download clustercheck from git repository and place into /usr/bin/clustercheck on node server.
git clone git@github.com:olafz/percona-clustercheck.git mv /root/clustercheck /usr/bin/clustercheck
The edit the downloaded file.
vi /usr/bin/clustercheck
Here’s important part, there’s typo in the programming where the mysql username and password recorded. Fix it like below, you can change the user name and password but it should be matched with the mysql user information created above. For me, this took an hour to find out this bug. No body reported this bug on the git repository although this is at least 3 years old.
MYSQL_USERNAME="${MYSQL_USERNAME:-clustercheckuser}"
MYSQL_PASSWORD="${MYSQL_PASSWORD:-clustercheckpassword!}"
Configure mysqlchk file and designate where is clustercheck file located. (/usr/bin/clustercheck)
vi /etc/xinetd.d/mysqlchk
# default: on
# description: mysqlchk
service mysqlchk
{
disable = no
flags = REUSE
socket_type = stream
port = 9200
wait = no
user = nobody
server = /usr/bin/clustercheck
log_on_failure += USERID
only_from = 0.0.0.0/0
per_source = UNLIMITED
}
xinetd is service where we can monitor using port 80. Add mysqlchk service in the xinetd.
vi /etc/services
Then searching for xinetd and add after below.
mysqlchk 9200/tcp # MySQL check
We need to install xinetd if it is not installed.
sudo apt-get update -y sudo apt-get install -y xinetd
Start xinetd using below command.
sudo service xinetd start
You can check health status of nodes from web browser, port 9200.
http://10.7.13.91:9200/
http://10.7.13.92:9200/
Make sure the message saying: Percona XtraDB Cluster Node is synced.
If it says Percona XtraDB Cluster Node is not synced. then check if the clusteruser login information matched with mysql user and credential on the file (/usr/bin/clustercheck)
You can also check through terminal.
curl http://10.7.13.91:9200/
From web server, check if the connection to db node is working through port 3306.
mysql -uyourmysqluser -p -P 3306 -h 10.7.13.91 -e "show variables like 'wsrep_node_name';"
If there’s no problem, also check connection using port 3307, through HAProxy.
mysql -uyourmysqluser -p -P 3307 -h 127.0.0.1 -e "show variables like 'wsrep_node_name';"
If everything works fine, you will see below and now mysql is connected using host 127.0.0.1 and port 3307.
Mysql DB is great, it’s free and has good performance. Also has good combination with Apache and PHP.
But we need to use multiple DB servers for High availability. And the each db clusters need to be synced and keep the same data for each server while it delivers or updates records.
Percona XtraDB could be great solution for it. I would like to present how to install percona XtraDB on 3 servers.
We need to have 3 DB servers with Ubuntu 18.04. The original documentation can be found on Percona website.
I set it up with 3 servers, with these IPs.
Percona1 - 10.0.21.1 Percona2 - 10.0.21.2 Percona3 - 10.0.21.3
Before starting, some of server ports need to be opened for communicate each other.
Open 3306, 4444, 4567, 4568 ports for each servers. And open the ports using below commands.
iptables -A INPUT -i eth0 -p tcp -m iprange --src-range 10.0.21.1-10.0.21.3 --dport 3306 -j ACCEPT iptables -A INPUT -i eth0 -p tcp -m iprange --src-range 10.0.21.1-10.0.21.3 --dport 4444 -j ACCEPT iptables -A INPUT -i eth0 -p tcp -m iprange --src-range 10.0.21.1-10.0.21.3 --dport 4567 -j ACCEPT iptables -A INPUT -i eth0 -p tcp -m iprange --src-range 10.0.21.1-10.0.21.3 --dport 4568 -j ACCEPT
If you are using AWS, you will need to open the ports as well on security groups. Just like this.
I strongly recommend do not install mysql before installing Percona DB. It will conflict and may not working properly.
Also remove apparmor before installing.
sudo apt-get remove apparmor
Using below command, install package. During installation, you will need to set up root password.
wget https://repo.percona.com/apt/percona-release_0.1-6.$(lsb_release -sc)_all.deb sudo dpkg -i percona-release_0.1-6.$(lsb_release -sc)_all.deb sudo apt-get update sudo apt-get install percona-xtradb-cluster-full-57
Prepare same for all 3 servers. If you are using cloud service, like AWS, you may want to take snapshot and duplicate the Percona servers.
Login into all servers and stop mysql service.
sudo service mysql stop
I have prepared these 3 nodes.
Percona1 – 10.0.21.1
Percona2 – 10.0.21.2
Percona3 – 10.0.21.3
And config mysql on master server(10.0.21.1). All servers will be set up as master, but at the beginning, we need to designate one server for master and others could be synced into it.
vi /etc/mysql/my.cnf
[mysqld] wsrep_provider=/usr/lib/libgalera_smm.so wsrep_cluster_name=pxc-cluster wsrep_cluster_address=gcomm://10.0.21.1,10.0.21.2,10.0.21.3 wsrep_node_name=pxc1 wsrep_node_address=10.0.21.1 wsrep_sst_method=xtrabackup-v2 wsrep_sst_auth=sstuser:sstuser_password pxc_strict_mode=ENFORCING binlog_format=ROW default_storage_engine=InnoDB innodb_autoinc_lock_mode=2 !includedir /etc/mysql/conf.d/ !includedir /etc/mysql/percona-xtradb-cluster.conf.d/
Set all node with same configuration but you will need to change wsrep_cluster_address for all your nodes and configure below line.
wsrep_node_name=pxc1 wsrep_node_address=10.0.21.1
Also set your sstuser and password for this line:
wsrep_sst_auth=sstuser:sstuser_password
Login to each nodes and login to mysql. Then create SST users.
CREATE USER 'sstuser'@'%' IDENTIFIED BY 'sstuser_password'; GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON *.* TO 'sstuser'@'%'; CREATE USER 'sstuser'@'localhost' IDENTIFIED BY 'sstuser_password'; GRANT RELOAD, LOCK TABLES, PROCESS, REPLICATION CLIENT ON *.* TO 'sstuser'@'localhost'; FLUSH PRIVILEGES;
Double check if port is opened and it communicate each other.
iptables --append INPUT --in-interface eth0 --protocol tcp --match tcp --dport 3306 --source 10.0.21.0/24 --jump ACCEPT iptables --append INPUT --in-interface eth0 --protocol tcp --match tcp --dport 4567 --source 10.0.21.0/24 --jump ACCEPT iptables --append INPUT --in-interface eth0 --protocol tcp --match tcp --dport 4568 --source 10.0.21.0/24 --jump ACCEPT iptables --append INPUT --in-interface eth0 --protocol tcp --match tcp --dport 4444 --source 10.0.21.0/24 --jump ACCEPT
For the first node, this need to be executed.
/etc/init.d/mysql bootstrap-pxc
After that check status with mysql command below.
show status like 'wsrep%';
wsrep_local_state_comment should show as synced and wsrep_cluster_size will be 1
Run 2nd nodes using mysql command and check the status
/etc/init.d/mysql start
show status like 'wsrep%';
wsrep_cluster_size should be 2 and wsrep_local_state_comment should show as Synced
Run all other nodes with same way. wsrep_cluster_size should be same node number as all node servers at the end.
I found out my files are corrupted files starting with ._
I don’t know why / how these files created but I don’t like all duplicated with trash files.
I guess this is created when I copy files from my mac computer to the server. Any how, I wanted to delete these files.
Solution is simple, run this command then it will delete all the sub directories recursively.
find . -iname '._*' -exec rm -rf {} \;sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apache sudo certbot --apache -d www.site.com
After that, add crontab to auto renewal of certificate.
30 1 * * * /usr/bin/certbot renew --quiet
I haven’t used vagrant + virtualbox for a while and an error shows up when I tried to reuse.
I have googling about it and I found solution.
sudo /Library/StartupItems/VirtualBox/VirtualBox restart
But I got different error when I tried this.
sudo: /Library/StartupItems/VirtualBox/VirtualBox: command not foundAnd I have checked vagrant version.
vagrant version
Installed Version: 1.9.1
Latest Version: 2.2.3I found my vagrant version is quite old. So I have downloaded new vagrant file and reinstalled. You can download updated version from Vagrantup.com
Also I have upgraded Virtualbox as well.
Then Vagrant start working as before.
$ vagrant upIt’s always good to have things are updated.
I recently bought 3D printer and I designed extra helping hand for soldering iron.
I used tinkercad.com for design 3D modeling.
Here is what I have designed.
And printed this out using Anet A8 printer.
And here are the parts printed out.
Assemble these together.
It can hold solder rill and anything.
Like this.
It will be useful helper when I am making DIY projects.
SSL certificates are used within server and client to encrypt the traffic. This gives extra security for users accessing the application. Let’s Encrypt is one of free certificates that easily installed on your web servers.
Here’s how to install multiple domains on single apache web server.
We need to prepare apache vhost configuration for SSL.
Create new vhost file with different name.
For example, save to /etc/apache2/site-available/test.com-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@test.com
DocumentRoot /websites/com_test_www/www
ServerName test.com
ErrorLog ${APACHE_LOG_DIR}/error-test.log
CustomLog ${APACHE_LOG_DIR}/access-test.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias test.com
ServerAlias www.test.com
SSLCertificateFile /etc/letsencrypt/live/test.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/test.com-0001/privkey.pem
</VirtualHost>
</IfModule>
sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-apache
sudo certbot --apache -d test.com -d www.test.com
Here’s how to verify after installed new certificate.
https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest
To generate multiple certificates
sudo certbot --apache -d test2.com -d www.test2.com
The new certificate will last 3 month but it’s good to renew automatically using cron job.
sudo crontab -e
30 1 * * * /usr/bin/certbot renew --quiet
Check if your websites opens fine with https:// , let’s make redirect http:// to https:// using vhost.
Open vhost file used for http.
For example, vi /etc/apache2/site-available/test.com.conf
And put below line:
Redirect permanent / https://test.com
Below is example:
<VirtualHost *:80>
ServerAdmin webmaster@test.com
DocumentRoot /websites/com_test_www/www
ServerName test.com
Redirect permanent / https://test.com
ErrorLog ${APACHE_LOG_DIR}/error-test.log
CustomLog ${APACHE_LOG_DIR}/access-test.log combined
</VirtualHost>
Test if your websites redirect http:// to https://
You may need to delete cookies on your browser for testing correctly.
It’s good to check the official Let’s Encrypt blog time to time for important updates.
SSH, also known as Secure Socket Shell, is a network protocol that provides administrators with a secure way to access a remote computer. SSH also refers to the suite of utilities that implement the protocol. Secure Shell provides strong authentication and secure encrypted data communications between two computers connecting over an insecure network such as the Internet.
Without SSH, browser marked as “Not Secure” on the address line in Chrome. This is essential to have secure browsing.
If you have SSH access, use command line.
1. get cerbot
$ sudo apt-get update $ sudo apt-get install software-properties-common $ sudo add-apt-repository ppa:certbot/certbot $ sudo apt-get update $ sudo apt-get install python-certbot-apache
2. Then install cerbot
$ sudo certbot --apache
3. Automating renewal for testing
sudo certbot renew --dry-run
4. Add below to crontab for auto renewal
43 6 * * * certbot renew --post-hook "systemctl reload nginx"
If you don’t have access to SSH then check control panel if there’s Let’s Encrypt option.
In my case,
1. After login plesk control panel, go to Let’s Encrypt.
2. Then enable it.
3. If your website is not redirecting to https automatically, go to host settings and setup redirect from HTTP to HTTPS.
