How to install and configure WordPress hosted on Nginx with PHP-FPM on Debian based distros

Nginx is an open source web server. Users have been moving to Nginx because of the high performance and stability and as of February 2014, Nginx is hosting around 15% of all web servers according to Netcraft’s Web Server Survey. Nginx is a great option for hosting WordPress sites.

It’s assumed that you have already installed Nginx with PHP-FPM. If you haven’t already done that, you can use this tutorial: How to install Nginx with PHP and MySql support on wheezy

1. Create the database for WordPress

mysql -u root -p
CREATE DATABASE {database};
CREATE USER [email protected];
GRANT ALL PRIVILEGES ON {username}.* TO [email protected] IDENTIFIED BY '{password}';
FLUSH PRIVILEGES;
exit

Continue reading

How to create pfx (PKCS12) file using openssl

If you have a certificate file and private key and need to move that to a Windows server you can easily create a pfx file that can be imported on the Windows server.

Here’s how:

openssl pkcs12 -export -in {cer_filename}.cer -inkey {key_filename}.key -out {pfx_filename}.pfx

You will be asked to provide a password. You’ll need to use this password when you import the certificate on the Windows server.

How to measure web site’s response time with wget

This may be useful when doing tests of a web site’s response time. You can add “time” before any command to measure the time it takes.

time wget http://www.aip.im -q --output-document=/dev/null

Results

real    0m0.349s
user    0m0.000s
sys     0m0.004s

The “real” value indicates the time it took to receive http://www.aip.im.

How to solve URL scheme mismatch when running Jira behind a reverse proxy

I’m running Jira behind a Nginx proxy with SSL enabled. Jira was giving me this error message in the login:

We've detected a potential problem with JIRA's Dashboard configuration that your administrator can correct. Click here to learn more
 
We've detected a potential problem with JIRA's Dashboard configuration that your administrator can correct. Hide
Dashboard Diagnostics: Mismatched URL Scheme
 
JIRA is reporting that it is using the URL scheme 'http', which does not match the scheme used to run these diagnostics, 'https'. This is known to cause JIRA to construct URLs using an incorrect hostname, which will result in errors in the dashboard, among other issues.
 
The most common cause of this is the use of a reverse-proxy HTTP(S) server (often Apache or IIS) in front of the application server running JIRA. While this configuration is supported, some additional setup might be necessary in order to ensure that JIRA detects the correct scheme.
 
The following articles describe the issue and the steps you should take to ensure that your web server and app server are configured correctly:
 
    Gadgets do not display correctly after upgrade to JIRA 4.0
    Integrating JIRA with Apache
    Integrating JIRA with Apache using SSL
 
If you believe this diagnosis is in error, or you have any other questions, please contact Atlassian Support.
 
Detailed Error
 
com.atlassian.gadgets.dashboard.internal.diagnostics.UrlSchemeMismatchException: Detected URL scheme, 'http', does not match expected scheme 'https'

To solve it you need to edit the server.xml config file located in the Jira “installation directory”, by default: /usr/local/atlassian/jira.

Open the config file with a text editor and add these three lines in the Connector node (pico /usr/local/atlassian/jira/conf/server.xml):

...
    <Service name="Catalina">
        <Connector port="8103"
                   maxThreads="150"
                   minSpareThreads="25"
                   maxSpareThreads="75"
                   connectionTimeout="20000"
                   enableLookups="false"
                   maxHttpHeaderSize="8192"
                   protocol="HTTP/1.1"
                   useBodyEncodingForURI="true"
                   redirectPort="8443"
                   acceptCount="100"
                   disableUploadTimeout="true"
 
<!-- Lines added to solve the URL scheme mismatch -->
        scheme="https"
        proxyName="example.org"
        proxyPort="443"
/>
...

Replace proxyName and proxyPort with the hostname and port of your reverse proxy.

How to test disk performance in Linux

A lot of performance issues can be caused by poor disk performance. Here’s how to test the read and write performance on a Linux system using dd.

1. Write a file 2x the size of the RAM to make sure we get the real write rate. In this example the RAM of the server is 1 GB so I’m writing a 2 GB file (8KB * 250000 = 2GB). You can adjust the number of blocks to make it suitable for the amount of RAM in your system .

time sh -c "dd if=/dev/zero of=ddfile bs=8k count=250000 && sync"

2. Write a new file equal to the amount of RAM in the system to flush out the data cached with last action (8KB * 125000 = 1GB).

dd if=/dev/zero of=ddfile2 bs=8K count=125000

3. Test the read speed

time dd if=ddfile of=/dev/null bs=8k

MailScanner not working after upgrading from etch to lenny

I was just upgrading a spam filter from Debian etch to lenny. After the upgrade, MailScanner seemed to be running but wasn’t processing the queue.

When running MailScanner in debug mode I noticed these errors:

Variable "$FIELD_NAME" is not imported at /usr/share/MailScanner/MailScanner/Message.pm line 6064.
Variable "$FIELD_NAME" is not imported at /usr/share/MailScanner/MailScanner/Message.pm line 6067.
Global symbol "$FIELD_NAME" requires explicit package name at /usr/share/MailScanner/MailScanner/Message.pm line 6064.
Global symbol "$FIELD_NAME" requires explicit package name at /usr/share/MailScanner/MailScanner/Message.pm line 6067.
Compilation failed in require at /usr/sbin/MailScanner line 79.

To fix it, open the Message.pm file and this code to line #7852 (pico /usr/share/MailScanner/MailScanner/Message.pm):

our $FIELD_NAME = '[^\x00-\x1f\x7f-\xff :]+:';

so that lines 7852 – 7854 should be like this:

package Mail::Header;
our $FIELD_NAME = '[^\x00-\x1f\x7f-\xff :]+:';
 
sub extract

Restart MailScanner and everything should be fine now.

Hobbit doesn’t recognize last apt-get update

After installing the hobbit-plugins package, all my lenny servers were marked red on the hobbit server and the error message was: “Last apt update: 175.7 day(s) ago”.

The reason is that the hobbit-client relies on the file: /var/lib/apt/lists/lock but apt isn’t updating that anymore.

To fix this I created a cron job to update apt-get every night and update the /var/lib/apt/lists/lock file (crontab -e)

0 4 * * * /usr/bin/apt-get update 1>/dev/null && touch /var/lib/apt/lists/lock