Fun with Apache, mod_rewrite, mod_proxy and lighttpd

 Linux, Source Mage  No Responses »
Sep 072011
 

Lighttpd does a much better job generating an index page for lots of files. 12,049 files to be precise, at time of writing. I had set up a long time ago my website to be a fallback mirror for Source Mage, so if a source file got moved, lost, deleted, or the site hosting it went down, away forever, whatever. I remember disabling Apache’s Indexes option on that file list because it would take foreverto get anything rendered, as well as consuming plenty of CPU and resources.

Well, I was using an internal lighttpd to render the same thing internally, and I didn’t disable its directory listing at all. Whilst I was working on setting up collectd to monitor my Apache scoreboards, I noticed that it could also monitor the lighttpd scoreboard. So I was going about the config to set that up, and I noticed that the Apache wasn’t proxying it’s requests through to lighttpd, and was taking a lot of time and resources to do something simple.

Welp, having ADD like I do, I got sidetracked on doing that instead and started to rewrite my configs to not serve files directly, but proxy it to the lighttpd internally.

Originally, I had two aliases set up “/sourcemage” and “/sourcemage/fallback” which both pointed to the same spot on disk, This way you could reference things using “/sourcemage/file.tar.bz2″ or “/sourcemage/fallback/file.tar.bz2″. The reasoning behind this is simple: I set up my fallback mirror before Source Mage standardized on a fallback URL, and I wanted to keep both paths functional. Easy to do with aliases. Oh, and I also have an alias to “/sourcemage/codex” for all my local codex needs.

Switching to a proxied setup was a bit more complicated than I anticipated. The alias stuff doesn’t work the same way everything else does, in that what it finds first it goes with. I needed to have mod_rewrite rules wired in to properly redirect things and manipulate the URL sufficiently. But I have two special cases. I can’t simply redirect everything “/sourcemage/*” to “/sourcemage/fallback.” Also, I wanted to be able to continue to use “/sourcemage/file.tar.bz2″

My solution is relatively simple and follows:

#aliases
Alias /sourcemage/codex    "/srv/webMirrors/sourcemage.org/codex"
#rewrite /sourcemage/ to /sourcemage/fallback
#some very fancy rewrite rules to keep the old alias functionality
RewriteEngine On
RewriteRule ^/sourcemage/?$ /sourcemage/fallback/ [R]
RewriteRule ^/sourcemage/codex/?$ - [L]
RewriteRule ^/sourcemage/([a-zA-Z0-9.i_\-+]+)$ /sourcemage/fallback/$1 [R]
# do the actual passing through to the lighttpd (which handles huge
# directory listing much much better
ProxyPass /sourcemage/fallback http://fallback.shlrm.org/
ProxyPassReverse /sourcemage/fallback http://fallback.shlrm.org/

# old notes kept here for reference as to what the above rewrite
# rules are doing -- dkowis 2011-09-07
# going to proxy these to the lighttpd
#Alias /sourcemage/fallback "/var/spool/sorcery/"
#Alias /sourcemage          "/var/spool/sorcery/"
# directories!
#<Directory "/var/spool/sorcery/" >
#       Options none
#    AllowOverride None
#    Order allow,deny
#    Allow from all
#</Directory>

<Directory "/srv/webMirrors/sourcemage.org/codex/" >
        Options Indexes
        Order allow,deny
        Allow from all
</directory>

# vi: set ft=apache:

The rewriting rules are the most complicated part of this. The trick was getting it not to try to rewrite anything when the url matched “/sourcemage/codex” After that, the rest was really easy. Some matching logic to pick up on “/sourcemage/file.tar.bz2″ and redirect that to “/sourcemage/fallback/$1″ and everything worked as it did before, except way faster.

 Posted by David Kowis at 15:34  Tagged with: ,

Fedora 14 and Intel Gigabit Adaptors

 fedora, Linux  No Responses »
Nov 212010
 

To be fair, it’s not Fedora 14 that’s at fault. The 2.6.35 kernel has a regression in the e1000e driver for some Ethernet adaptors.

It was quite tricky to figure out, especially right after 14 came out, as I didn’t have an ethernet connection, and when I was able to get the connection up, and I asked on the IRC channel, no one had any insight. I let 14 stew a while, and the rest of the internet came up with similar problems. Turns out that the kernel driver included in 2.6.35 has issues. There’s some patches in the works, but I don’t know if they’ll get pulled down into 2.6.35. The fix is in 2.6.36.

Until then, you can get the latest driver directly from the e1000e’s SourceForge website here. Make, then make install it as root and you’ll be good to go. This driver version worked for me on a Intel Corporation 82566DC Gigabit Network Connection (rev 02).

 Posted by David Kowis at 16:39  Tagged with: , ,

Attempted haxx0ring by a botnet

 fedora, Linux  No Responses »
Nov 032010
 

Hooray for Logwatch.

It appears that someone['s botnet] was trying to hack my little server yesterday. I have a good portion of attempted logins as root from a slew of hosts. 194 separate hosts with multiple attempts from more than a few. This might explain the horrible internet connectivity problems I was having the other day.

Not really sure what I did to piss off some script kiddie. Perhaps I got someone’s attention? I haven’t blagged about anything controversial recently. Not even in politics. I did submit my resume to Monster.com, perhaps someone is determining if they can hire me as a Systems Administrator?

Logwatch entries follow after the break.

Continue reading »

 Posted by David Kowis at 13:55  Tagged with: , , , ,

A refreshing new perspective on init systems

 Linux  No Responses »
Jun 232010
 

I used to think that Upstart was the wave of the future regarding new init systems.

Boy, was I wrong. Not that upstart is “bad.” Just that there’s something much better.

This actually makes things better instead of just providing the ability to make things better. It involves less shell, and more configuration. Dependencies are automatic, instead of manually specified. The author of the previously linked post goes into great detail regarding the reasoning behind the decisions made. It’s quite a good, albeit long, post.

I think I will have to get this working on my linux box that I intend to build. Possibly even on my laptop, as the features for enabling and disabling bluetooth would be quite advantageous. Also for the wifi and such. It’d be great if when I fired up the bluetooth, it were to start various things, like trying to connect to my mouse, or enabling the obex ftp thing.

As for a server, it’d be really nice to have if I can ever get my fibre channel setup to work. The Xen VMs won’t start until the Fibre Channel drives are available, and then they’ll all start up. Events could be fired depending on when the UPS was online or on battery.

I’m very impressed with it in concept, I’ll have to see how it goes in practice. Oh, and it’s going to be in Fedora 14. Woot.

 Posted by David Kowis at 14:43  Tagged with:

OpenVSwitch

 Linux  No Responses »
May 202010
 

This is some interesting technology. Apparently it allows me to emulate a switch on my server such that I can get netflow information, and other such managed switch information, from my virtual machines on my xen box. I will have to build and implement this on my test xen box to see how difficult it’ll be to get it to behave.

I also like that it claims it can distribute across multiple hosts (‘claims’ because I haven’t verified it yet.) I wonder how difficult it will be to set up a switch that extends to my router, so I can just emulate my entire network’s switch in OpenVswitch. It’s certainly got some interesting potential.

There’s potential to get better information on the traffic happening in my network thanks to the netflows provided by this. Maybe it will be enough information to figure out why my traffic shaping doesn’t work well, and how I can improve it.

 Posted by David Kowis at 11:00  Tagged with: , ,
 Older Entries
© 2011 Shlrm.org Blag Suffusion theme by Sayontan Sinha