Upgrade PHP from 5.1.6 to 5.2.17 on CentOS

The default install of PHP on our CentOS 5.5 box was 5.1.6, which is very out of date (we are currently using PHP 5.3 elsewhere while we figure out how to get around some very serious problems with 5.4). Unfortunately, we needed to upgrade to PHP 5.2 and no further as 5.3 meant upgrading MySQL and potentially breaking compatibility with our web application.

It used to be that you could add the CentOS testing repositories and just update PHP but as PHP 5.2 is depreciated this option is no longer available. The solution is to use the Atomic repositories which can be added to your CentOS install by typing:

wget -q -O – http://www.atomicorp.com/installers/atomic | sh

This will add a new repository file “/etc/yum.repos.d/atomic.repo” which means we can use their packages as well as those from CentOS. Now we need to make sure that we don’t upgrade our PHP beyond 5.2 so we add a single line to “/etc/yum.conf” under the [main] section:

exclude=php-*5.3*

The exclusion means we will include packages from all repositories other than anything that matches “php-*5.3*” so PHP 5.3 won’t be installed as part of an upgrade.

Now just upgrade PHP and restart Apache:

yum update php

service httpd restart

You can check which PHP version you have using:

php -v

Now obviously you want to use a more recent version of PHP than 5.2 but in the rare case where you have to, the previous commands make things very easy.

Check for large directories in linux (and check Apache logging!)

We had a problem where a server wasn’t allowing us to upload any more files using our web application’s interface. This was due to an enormous “error.log.1.txt” in “/var/log/apache2/” caused by setting our log level to warnings rather than errors. Thanks to Josh at blindhog.net I could run a command and quickly find directories over 1GB in size:

du -h / | grep ^[0-9.]*G

This quickly showed up our 12GB log file..

Set Linux Firewall Rules for a Range of IP Addresses using Webmin

Network address ranges are set slightly differently to standard wildcards. For example, to describe a range of IP addresses from 192.168.0.1 to 192.168.255.255 you use:

192.168.0.0/16

Where 16 describes the number of bits in the IP address that are used for comparison. In this case the 16 describes the first 2 bytes of the address: 192.168. You can read more about IP addressing at Rhyshaden’s Data Network Resource (and various other places).

To set your linux firewall up in webmin to use a range of IP addresses, just use the wildcard notation above. So in Webmin – Networking – Linux Firewall, when you are editing a rule in iptables you can put in 192.168.0.0/16 to describe a range of IPs (e.g. in the “source address or network” field to restrict access to a certain IP range). Manually setting these rules is more tricky but there are resources out there like Linux Home Networking and the Easy Firewall Generator to help. We just used Webmin as it makes this kind of work very easy indeed.

Copy VMWare Server virtual servers (Ubuntu) between physical machines, avoid locking errors and fix missing eth0

I needed to copy a virtual Ubuntu Server install from our backup store to a new physical server (server A) as our old server (server B) suffered a major failure and wouldn’t even boot. This meant copying the whole VMWare directory containing the Ubuntu virtual machine from the backup store (a USB harddrive in this case) to the new physical server (server A). I had installed the free VMWare Server on both server B and A so that if anything happened to server B I would be able to get up and running quickly on server A.

Note: I am assuming you can install and configure VMWare Server for Windows, which is what I’m using here.

Once I copied the whole directory from the backup store to server A’s VMWare directory (in this case c:vmware) I then used the VMWare web interface to “Virtual Machine – Add Virtual Machine to Inventory” which allowed me to select the .vmx file in my datastore that corresponded to my copied Ubuntu virtual machine.

On trying to start the virtual machine I get a warning message and a choice:

msg.uuid.altered: This virtual machine may have been moved or copied. In order to configure certain management and networking features VMware Server needs to know which. Did you move this virtual machine, or did you copy it? If you don’t know, answer “I copied it”.

I select “I copied it” and then click “ok”, which then brings up an error:

“Power On Virtual Machine” failed to complete

If these problems persist, please contact your system administrator.
Cannot open the disk ‘C:vmwareVIRTUALSERVERNAMEVIRTUALSERVERNAME.vmdk’ or one of the snapshot disks it depends on. Reason: Failed to lock the file.

Ok, so it seems that because I copied the virtual server from the backup store it also included the .lck directories, which are used while the server is running. The simple fix is to delete these directories in C:vmwareVIRTUALSERVERNAME and allow VMWare server to rebuild them. Once I had deleted the two directories “VIRTUALSERVERNAME.vmdk.lck” and “VIRTUALSERVERNAME.vmem.lck” I could start the virtual machine.

I then ran into another problem, which was that my network instance eth0 was not being set up correctly even with VMWare Server set to use “Bridged” networking which worked on the old server. Running “ifconfig -a” showed that eth0 wasn’t there and it didn’t have the static IP I had given it previously in “/etc/network/interfaces”. The loopback interface, l0, was there but not eth0.

Orzeszek has an easy solution for this, which is to delete the “/etc/udev/rules.d/70-persistent-net.rules” file and “sudo reboot” to allow Ubuntu to rebuild the file with the correct MAC address, set up by VMWare Server when we originally added the virtual machine to the inventory. Now everything should be working perfectly.

Some people have reported other errors, which can be fixed by changing the name of eth0 in “/etc/network/interfaces” to eth1, which I didn’t need to do but you might.

 

Connecting to Microsoft SQL Server from PHP in Ubuntu using mssql_connect()

As part of ongoing testing to find the best way of storing large amounts of data we are considering Microsoft SQL Server, which needs to be accessible from our PHP5 application. The site is hosted on Ubuntu Server 10.10, which makes things a little more interesting. We currently use adodb5 to talk to a MySQL server, which works fine, apart from MySQL being far too slow. It is possible to create an ODBC connection in Ubuntu to talk to SQL Server but for testing the speed of our queries I just used mssql_connect(). In the near future I will move the database connection entirely to ODBC/adodb so we don’t have to rewrite any of our existing code.

Ubuntu doesn’t come with the packages needed for mssql_connect() by default so you need to install them:

sudo apt-get install php5-sybase

Then restart the apache server to apply the changes:

sudo /etc/init.d/apache2 restart

Now you can use mssql_connect and its associated functions in your PHP to connect to your Microsoft SQL Server, as in this example:

ini_set(‘display_errors’, 1);
$server = ‘my.server.ip:1433DATABASEINSTANCE’;
$link = mssql_connect($server, ‘username’, ‘password’);

if (!$link) {
die(‘<br/><br/>Something went wrong while connecting to MSSQL’);
}
else {
$selected = mssql_select_db(“databasename”, $link)
or die(“Couldn’t open database databasename”);
echo “connected to databasename<br/>”;

$result = mssql_query(“select name from table”);

while($row = mssql_fetch_array($result))
echo $row["name"] . “<br/>”;
}

Make a SSL Certificate Request and Install the Certificate Using Apache on Linux

I used the guides at Verisign and a forum post at Tech Arena.

It’s actually quite easy, you just need to know what commands to type. First you need to set up a virtual host in Apache and put in your content etc. The commands listed below do require some input so just fill in the details correctly.

Generate the private key:

openssl genrsa -des3 -out www.sitename.com.key 1024

Generate the certificate signing request from the private key:

openssl req -new -key www.sitename.com.key -out www.sitename.com.csr

Now send this certificate signing request to your certificate authority with your details (to Verisign/GoDaddy etc). They will send you back a .crt file, which is the certificate you need to install.

If you want to start Apache automatically, without having to enter the passphrase for the private key each time, you will need to do a couple more commands to create an unencrypted key. You can do this earlier but it’s good to have both versions of the key:

mv www.sitename.com.key www.sitename.com.key.has-passphrase
openssl rsa -in www.sitename.com.key.has-passphrase -out www.sitename.com.key

Now put the .crt and .key in a folder and point to them in the apache .conf file of the virtual host e.g.

<VirtualHost ip.add.re.ss:443>
… some config like DocumentRoot , etc..
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.sitename.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.sitename.com.key
</VirtualHost>

Transfer SSL Certificates from Microsoft IIS to Linux Apache

Thanks to a few different guides online (mainly Pete Frietag’s) I got an SSL certificate transferred from IIS on Server 2003 to Apache on Ubuntu Server 10.04. There was an extra step I needed to do that seems obvious now.

First Export your IIS certificate into a pfx file (this is something you should do anyways for backup)

  • Run mmc.exe
  • Click the ‘Console’ menu and then click ‘Add/Remove Snap-in’.
  • Click the ‘Add’ button and then choose the ‘certificates’ snap-in and click on ‘Add’.
  • Select ‘Computer Account’ then click ‘Next’.
  • Select ‘Local Computer’ and then click ‘OK’.
  • Click ‘Close’ and then click ‘OK’.
  • Expand the menu for ‘Certificates’ and click on the ‘Personal’ folder.
  • Right click on the certificate that you want to export and select ‘All tasks’ -> ‘Export’.
  • A wizard will appear. Make sure you check the box to include the private key and continue through with this wizard until you have a .PFX file.

Next run openssl to extract the private key, and the cert file.

# Export the private key file from the pfx file

openssl pkcs12 -in filename.pfx -nocerts -out key.pem

# Export the certificate file from the pfx file

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out cert.pem

# This removes the passphrase from the private key so Apache won't
# prompt you for your passphase when it starts

openssl rsa -in key.pem -out server.key

Now to make this work (the extra step) you need to go to your apache virtual host configuration file (or default if you dont have any virtual hosts) located at “/etc/apache2/sites-available/virtualhostname.conf” and make sure the following lines are present and correct:

SSLEngine on
SSLOptions +StrictRequire
SSLCertificateFile /path/to/certificate/cert.pem
SSLCertificateKeyFile /patch/to/key/server.key

Then restart apache with the standard command

sudo /etc/init.d/apache2 restart

Install Webmin on Ubuntu Server 10.10

Content from Andrai Daneasa, thanks!

1. Download webmin from http:www.webmin.com . Currently 1.520
wget http://www.webmin.com/download/deb/webmin-current.deb

2. Execute webmin package. It will fail but it’s easier for us, since we’ll just force installing dependencies, rather than installing them one by one.
sudo dpkg -i webmin-current.deb

3. Install missing dependencies and it will automatically recompile webmin
sudo apt-get -f install

Enjoy webmin on https://[serverIP]:10000 .

So easy when you don’t have to worry about dependancies.

UPDATE:

There were issues with Apache configuration under webmin in Ubuntu Server 10.10. Webmin couldn’t see that apache was already started so you have to do the following (thanks hrpr on the Ubuntu forums):

I just installed Webmin on Ubuntu 10.10 desktop and had same problem. Fixed in my case by settng path to Apache PID to “/var/run/apache2.pid” rather than using the default setting of “Work out automatically.” I did not make any changes to the envvars file.

This also worked for me.

On another note, my fresh install of Ubuntu Server 10.10 with a LAMP server and webmin installed, on a vmware virtual server, came to 1.64GB, a tiny amount!

Remote Connection to Oracle from Linux (Ubuntu) Using SQL*Plus

I followed instructions from the Oracle documentation to connect to our remote server with a public IP address from home and check that everything was running ok. It is easy when you know how, as usual!

First off, make sure you have enough swap space (over 1GB) to install the Oracle Express Client. I didn’t have enough so had to use a livecd and a third party partition manager to resize my swap partition to a reasonable size.

Next up I downloaded the Oracle Express Client from Oracle themselves (click here to download it) and installed it using the ubuntu package manager. Easiest way, double click on it, click install!

Now the oracle client is installed you have SQL*Plus, a command line interface to your remote and local databases. It isn’t great to use, no command completion, no remembering previous commands but it is the quickest way to get a SQL command line interface.

Open up SQL*Plus (in the main menu > Oracle Client 10g Express Edition > Run SQL Command Line) and now you have a SQL> prompt. This is where you enter “connect” and your connection string and user details etc. For example, connecting as “sys”:

connect sys/password@ip.ad.dre.ss/instancename as sysdba

The oracle default instance name (if you installed the example database) is “orcl”. So if your password is “foobar” and your ip address is “192.168.1.1″ then you need to type into the command prompt:

connect sys/foobar@192.168.1.1/orcl as sysdba

Of course you can change the login to whoever you want and if you look at the documentation you will  find a better way to do this in future using a connection identifier. If you are successful then SQL*Plus will say “Connected.” and you now have a connection, it’s just like being there.

To test out your connection as “sys” try typing the following (thanks Viktor) into the terminal to list all the current schemas/users in the database:

select username from all_users;

You should get a list back and the number of rows selected (about 27 rows if you installed the example database). Now you know how to connect you can run any SQL commands (inc PL/SQL etc) you want plus all the SQL*Plus commands, which I am just beginning to get to grips with.