A blog by a system administrator and programmer.

configure generates .infig.status: error: cannot find input file 
Tuesday, May 7, 2013, 11:31 AM - System
Posted by Administrator
if you see error
.infig.status: error: cannot find input file

during ./configure

it is properly due to MSDOS return character issue.

If you system have dos2unix then just simple convert configure.ac/configure.in.
If you don't have unix2dos ... you can try to use vi and run
set ff=unix
wq


then run
autoreconf -vif


after that you can run configure again.

BTW it is suggest to also convert the shell scripts, sometimes they will also cause problems.

add comment ( 116 views )   |  permalink   |   ( 3.3 / 9 )
java OutOfMemoryError Cont. 
Thursday, November 17, 2011, 09:00 PM - System
Posted by Freddy Chu
If you still face the problem of

java.lang.OutOfMemoryError: PermGen space

Event you have increase the -XX:MaxPermSize.

You can try the following jvm args.

-XX:+CMSClassUnloadingEnabled -XX:+CMSPermGenSweepingEnabled


Usually only java web container like tomcat / jboss / jetty with many contexts will need that flag.

But remember enabling this will decrease the performance. Use with care.

P.S. java 1.6 seems do not support CMSPermGenSweepingEnabled.
add comment ( 140 views )   |  permalink   |   ( 2.8 / 216 )
my Apache production checklist 
Sunday, February 20, 2011, 04:23 PM - System
Posted by Freddy Chu

Apache (httpd)



Lower KeepAliveTimeout
Default usually around 15 but I will choose from 5-10 but remember do not set the value too low as it will cause tcp overhead

Reduce extra dns lookup for log
HostnameLookups off

Disable directory listing
Remove "Indexes" from Options

Disable .htaccess files
Reduce file IO to search and access permission files, put all access control into your apache configuration files
just simply comment out all AccessFileName lines

Make sure Apache is not run by root
remember to check the "User" and "Group" in configure file

Hide system information
ServerTokens Prod
ServerSignature off

If you really want to hide the name of Apache, you will need to modify the source code and compile for yourself. I believe it is not a necessary step as there still have many ways to discover your web server easily.

Disable weak cipher
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT


Limit the use of mod_status
If you really need that better change the Location to non default links and make sure it is protected by source host or any authentication

Turn on FollowSymLinks but disable SymLinksIfOwnerMatch
which reduce disk IO to check the file type but make sure that nobody put links in your server that point to your private files
Options FollowSymLinks

remove "SymLinksIfOwnerMatch" from Options

Enable compress module (if application do not implement compression.)
<Location />
# Insert filter
SetOutputFilter DEFLATE

# Netscape 4.x has some problems...
BrowserMatch ^Mozilla/4 gzip-only-text/html

# Netscape 4.06-4.08 have some more problems
BrowserMatch ^Mozilla/4\.0[678] no-gzip

# MSIE masquerades as Netscape, but it is fine
# BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

# NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
# the above regex won't work. You can use the following
# workaround to get the desired effect:
BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html

# Don't compress images
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png)$ no-gzip dont-vary

# Make sure proxies don't deliver the wrong content
Header append Vary User-Agent env=!dont-vary
</Location>


Disable all useless Apache modules
in some OS the default config files include many useless moduels
e.g.
ldap_module
proxy_ajp_module
proxy_balancer_module
proxy_connect_module
proxy_ftp_module
proxy_http_module
proxy_module
speling_module


install some protection modules (optional)
mod_securitye
mod_evasive


OS


Disable access time update
Set noatime to your web document root if your OS support
e.g.
/dev/md0 /var/www ext3 defaults,noatime 0 0


Tune network options of the OS
net.core.netdev_max_backlog = 3000
net.core.rmem_default = 16777216
net.core.rmem_max = 16777216
net.core.wmem_default = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216

Here is just some examples by my experience.

Check disk usage
Make sure there is enough space for log file and don't forget to check the log rotation config.


PHP


Change the session name
session.name = SESSION
It is my habit that do not use default session name

hiding php version information X-Powered-By
expose_php = Off

Deploy php accelerator
List of accelerators
Alternative PHP Cache
eaccelerator
ionCube PHP Accelerator
XCache
Zend Accelerator
Windows Cache Extension for PHP
1876 comments ( 5173 views )   |  permalink   |   ( 3 / 4570 )
undefined symbol: dav_register_provider 
Monday, April 12, 2010, 05:24 PM - System
Posted by Freddy Chu
It has been a long time that i haven't update my apache...

It is very easy to do with Gentoo but this time it give me an error. :(

/usr/lib/apache2/modules/mod_dav_svn.so: undefined symbol: dav_register_provider

After googled awhile ... i found that is related to dav of apache, at that time i really don't know why there exist such problem. As my svn server have been up for at least 5 years. It never get such problem.

Finally it works after I load the dav before svn module.

LoadModule dav_module modules/mod_dav.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule dav_lock_module modules/mod_dav_lock.so
DavLockDB "/var/lib/dav/lockdb"


if you are using the same OS as me and you have compiled apache with dav options. Just add "-DDAV" to APACHE2_OPTS in /etc/conf.d/apache2


363 comments ( 2924 views )   |  permalink   |   ( 3 / 5619 )
Too many CLOSE_WAIT 
Thursday, May 21, 2009, 11:18 AM - System
Posted by Freddy Chu
Currently I found that jetty / tomcat on Linux will have many CLOSE_WAIT on busy system especially your network is not in good condition.

These CLOSE_WAIT will disappear untill you stop the server. These CLOSE_WAIT will use up all of you tcp connection and hang up your web server. Many people claimed that is the bug of jvm. Although I have tried most java ver., the problem still exist.

Here is another dirty way to fix that issue... although it is not the best solution........
add the following lines to /etc/sysctl.conf
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_intvl = 2
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_keepalive_time = 1800


And then execute
sysctl -p

or do a reboot

386 comments ( 626 views )   |  permalink   |   ( 3 / 5993 )
Jetty disable weak cipher 
Thursday, April 16, 2009, 02:07 PM - System
Posted by Freddy Chu
inorder to disable weak SSL cipher in jetty you can add the xml below into SslSocketConnector


<Set name="ExcludeCipherSuites">
<Array type="java.lang.String">
<Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
<Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
<Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
<Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
<Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
</Array>
</Set>


6 comments ( 142 views )   |  permalink   |   ( 2.9 / 5310 )
java.io.IOException: Too many open files 
Saturday, October 25, 2008, 12:06 AM - System, Programming
Posted by Administrator
Yesterday I have face a funny java exception on my Linux server.

java.io.IOException: Too many open files at sun.nio.ch.ServerSocketChannelImpl.accept0(Native Method) at sun.nio.ch.ServerSocketChannelImpl.accept(ServerSocketChannelImpl.java:145) at org.mortbay.jetty.nio.SelectChannelConnector$1.acceptChannel(SelectChannelConnector.java:75) at org.mortbay.io.nio.SelectorManager$SelectSet.doSelect(SelectorManager.java:475) at org.mortbay.io.nio.SelectorManager.doSelect(SelectorManager.java:166) at org.mortbay.jetty.nio.SelectChannelConnector.accept(SelectChannelConnector.java:124) at org.mortbay.jetty.AbstractConnector$Acceptor.run(AbstractConnector.java:537)


It have cost me few minutes to figure out what is that problem.

At first i think it is caused by sysctl
but i found
fs.file-max = 65535

and my lsof -nn | wc -l is only around 10xx so i know that is not the problem.

After that i think about ulimit, if you are careless you may fake by default result the command ulimit's output. unlimited

When you execute ulimit -a you will see the whole story.

#ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
max nice (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 16370
max locked memory (kbytes, -l) 32
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
max rt priority (-r) 0
stack size (kbytes, -s) 10240
cpu time (seconds, -t) unlimited
max user processes (-u) 16370
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited


Now you know the point is there ... most Linux default openfile per user is limited to 1024. So you must edit the file /etc/security/limits.conf

add those 2 lines below to override the default limit.

* soft nofile 65536
* hard nofile 65536

1525 comments ( 3702 views )   |  permalink   |   ( 3 / 5481 )
compile error of subversion 
Thursday, December 20, 2007, 06:27 PM - System
Posted by Freddy Chu
This problem usually exist in solaris 5.7

libtool[4766]: : is not an identifier
make: *** [subversion/svn/svn] Segmentation Fault. (core dumped)


Many people suggested to compile it as static link, then the problem will be solved. I have tried but without success. So that i start debug the compile code, lastly i found the problem is caused by ksh.

Solution:

1. do configure as usual
2. replace all ksh to bash or sh in Makefiles and libtool
3. make


P.S. becareful of compile neon, db4, openssl, expat, apr, apr-util for solaris. It seems that gcc < 3.0 have some bugs in solaris system, you better compile them with shared flags
8 comments ( 129 views )   |  permalink   |   ( 3 / 3658 )
Compiler error in Solaris 
Monday, December 10, 2007, 10:36 PM - System
Posted by Freddy Chu
These days I have facing an error during compile DB4 in solaris 5.7.

when I am doing configure It shows
configure: error: C compiler cannot create executables


Here is the error in config.log.
configure:3855: found /usr/ucb/cc
configure:3866: result: cc
configure:3902: checking for C compiler version
configure:3909: cc --version >&5
/usr/ucb/cc: language optional software package not installed
configure:3912: $? = 1
configure:3919: cc -v >&5
/usr/ucb/cc: language optional software package not installed
configure:3922: $? = 1
configure:3929: cc -V >&5
/usr/ucb/cc: language optional software package not installed
configure:3932: $? = 1
configure:3955: checking for C compiler default output file name
configure:3982: cc -O -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS conftest.c >&5
/usr/ucb/cc: language optional software package not installed


I have googled for sometime but seems no any solutions. >"<

But suddently I think about tricky way. Changed the compiler

so that i export CC=gcc

It works lucky.

Do anybody know another way?
10 comments ( 126 views )   |  permalink   |   ( 3 / 2690 )
syslog-ng concurrent connections exceeded 
Monday, November 19, 2007, 10:59 AM - System
Posted by Freddy Chu
These days I get a very funny warning in the syslog.

syslog-ng[4484]: Number of allowed concurrent connections exceeded; num='10', max='10'


I have googled it for a while, it seems is the default values of syslog-ng limited the concurrent connections of any stream device to 10.

It can simply sloved by increase the limit.

in syslog-ng.conf

unix-stream("/dev/log" max-connections(20));


7 comments ( 77 views )   |  permalink   |   ( 3 / 2510 )

| 1 | 2 | Next> Last>>