Hosting home.

In the first year of the blog I told you that this blog was in a h
ome hosting a whole year. Looking at the comments it seems that this drew consid
erable attention and, indeed, there were a few requests for an entry on the "hos
ting Home" ( hereafter HC), and that since much or as little authority that give
s me my autohospedaje year, here we go: * Do we really want to have a home hosti
ng? * The server * The provider of Internet domain * * The operating system * Th
e router * The web server or virtual site settings or Setting up the new setting
s or Moderation MaxClients or the size of what we publish or some SEO to save ba
ndwidth or Apache HTTP server benchmarking tool * The mail server or mail with o
ur own domain with Google Apps * Other issues or backups or backup system or pow
er cuts or o Remote maintenance and hosting P2P Home ? or Scripting * Conclusion
Do we really want to have a home hosting? Looking back, the HC I see a lot more
disadvantages than advantages. Perhaps the main advantage that many people can
be passed through your head is that you save money hosting, and so may in some c
ases but Several buts.
If what we are talking about is hosting a blog, the reality is that both WordPre
ss.com and Blogger are a free service excellent. WordPress.com (not to be confus
ed with the CMS WordPress, hosted on WordPress.org) makes in exchange for advert
ising that often show very little and do not allow us to put our own advertising
. Blogger itself which lets you include AdSense ads. I personally dislike the Ad
Sense ads, but I understand that this may be an important factor hours to accomm
odate our blog at one site or another. If we want to have your own domain blog,
Wordpress.com allows us for just $ 10 a year, and Blogger also allows free (of c
ourse, the cost of domain is separate purchase). To host static pages, Google Pa
ges may avail ourselves perfectly. To email, hosting or storing documents static
pages with our own domain, Google Apps makes it really easy. In addition, Googl
e has recently added to the list of Google Apps on Google Sites, we will have a
Structured Wiki also our own domain. If none of this satisfies us completely for
lack of versatility in what we do, one can be reasonably cheap hosting. I'm not
the best person to recommend one, but for example, SIGTE, a blog whose approach
can be very account is Dreamhost, and there seems to be unhappy, but they can t
ell some war stories. Iñaki Silanes also happened recently to Dreamhost. Dreamhost
The standard plan, which includes SSH and 5TB of monthly transfer, passes to $
10.95 / month if you hired a month, $ 9.95 / month if we hired a year, $ 7.95 /
month if hired three years and $ 5.95 / month if hired 10 years. I have a good t
ime in 1and1.es and I have no complaints about them, but in price and features,
definitely not competitive compared to Dreamhost. Also, having a computer always
on at home is not exactly free: in addition to the spending power, their compon
ents are worn, especially the hard disk, and if we have to replace a hard drive
for less than 60 € surely not we can do. The HC has many other disadvantages, amon
g which we mention: * intervals without service. * Shortly upstream bandwidth.
* According to the server used, we may have low rate of response and dynamic pag
es are not generated quickly. * Low capacity to respond to unexpected peaks of t
raffic.€* Reduced availability we use as a server computer for other tasks. * Avai
lability limited bandwidth you have available for other tasks (eg P2P). * It is
most advisable to have an electrical device 24 × 7 on: Although it is most likely,
the wire could heat, melt, generating a short circuit and cause a fire. * Conce
rn about whether the service is taking place properly. * What do you do with the
server when you're going to be away from home for an extended period of time? *
How to react quickly to a hardware failure? * What do you do if the power goes
out? * You must spend time on server administration. Oops! Too bad we've painted
! "And there is no advantage HC? Yes, there is a very large, which may outweigh
all the previous drawbacks: LEARN ==- -== And so it is! For the HC, most helpful
is what you learn web technologies. With him we can see how to configure Apache
, how to repair our MySQL database, how to keep your system stable to have to do
the minimum number of stops possible, how scripts created us to have all aspect
s of our servers are monitored and controlled, how to study the logs, how to ...
manage a server that serves web pages actually real! In my case, well, I use Wo
rdpress, hosting home allowed me to do what I wanted with it. I changed the code
as I found and I've installed the plugins that I have found useful without the
restrictions of Wordpress.com. Thanks to that, I also learned a little PHP. Well
, what do you think? Would you still ride your own HC? Then read on! The server
No, no, no! Can not use your brand new QuadCore with 8GB of RAM, an NVidia 8800G
TX, 4 disks in RAID and 1000W power as HC server. I agree that any better than t
hat generate dynamic pages will fly the Apache but: Is not that the computer you
are using for everything else? With that piece of video card you will not use i
t for any 3D game? Are you sure you restart it right? "You've realized the noise
they make their fans? addition, the price per kWh is about 0.09 € cents, so littl
e that consumes 300W, we are talking about 0.09/1000 × 300 × 24x365 = 236 € per year (
or 19 € per month). Yes, that Pentium III/4/AMD K7 that you standing there for mon
ths and you do not know what to do with him you could act, but without much hesi
tation bet they also consume their own and to make even more noise than again. I
t is a good option, and if you do not care much about the power consumption, wou
ld definitely be what we need. However, remember that your home is the place you
go after a hard day and where you expect to find peace, tranquility and Rest of
the warrior. Arrive and find that obnoxious computer making noise one day and a
nother and another one and no you can afford to switch off, perhaps not the one
you want. Yes, I know you may already have the same many days on computer things
down aMule and Bittorrent, but occasionally turn it off, right? Ah What? What N
oooooo?;) Well, I wanted to get, is that unless that you have a 200m2 house with
a room where there lost lock the computer locked up not to hear, certainly have
need of nothing else. If we want is the perfect server for a professional HC, t
he contradiction help me, what we need is a computer low power consumption and f
anless. Until recently, processors undisputed leaders in this category were the
VIA C3 and C7, of which I have spoken at length on this blog. The VIA EPIA board
s MiniITX format have long been excellent choices for this purpose, the drivers
for the graphics processor are not the best in the world, but it's not really im
portant if only we will use as a server. There are other manufacturers who have
motherboards with integrated processor and chipset VIAas Jetway, the eBox (distr
ibuted in Spain by EPATec) or Elite C7VCM (DCDC with integrated power supply), a
ll cheaper than VIA EPIA, but I do not mistake me much if I say that there are p
robably a lot more documentation and experience on VIA EPIA than on other models
(without going into the theoretical superior quality of one another).
But he said "until recently" because Intel and AMD are not indifferent to this p
iece of processor market / plates fanless low power consumption. AMD has long ha
d AMD Geode processor, but the truth is that there have been very popular in the
market segment of VIA processors, perhaps because until leaving the Geode NX, t
he performance of their predecessors was very poor (examples of plates with AMD
Geode: ALIX2C2, Albatron KI741CX). Note: Thanks to Tostadilla by several links.
Intel, meanwhile, is about to dismount to your competitors in this market segmen
t as it has done in segments with AMD processors for desktop and mobile processo
rs. D210GLY Your new motherboard, processor liability Intel Celeron 215 (with Co
re architecture) at 1.2GHz, consuming comparable to the VIA EPIA, and priced at
$ 69.50, is a direct missile waterline of the VIA EPIA. I have not tried one of
these plates, but given the history of quality products from Intel and its commi
tment to creating open source drivers, should not hesitate a moment to recommend
one of these plates in front of the VIA. To say that for sure that equal clock
frequency, one of the Celeron has a much higher return than VIA. Josemanu of The
Secret Factory has just changed its VIA EPIA one of these plates ... to see wha
t's telling us about it! Regarding other aspects of the server, would include on
ly the RAM and maybe the hard drive, but any size hard drive than the 10GB will
be more than enough for almost any purpose, perhaps most crucial may be the RAM.
In I think a reasonable amount of RAM to handle with ease several requests for
Apache and MySQL are 512MB, but 256MB might be sufficient. To end the section, c
ommenting that a laptop is definitely not an option as a server. But not as HC s
erver or to have it always on P2P programs. A laptop is a laptop. They are not p
repared at all for a state of permanent overheating their small hard drives 2.5
"do not like having them constantly spinning and most likely doomed to an early
death if they have to. And do not forget me ultrabajoconsumo devices that accept
Linux as
the NSLU2, the LinkStation, the KuroBox or EFIKA. Even if they can install Linux
, in my opinion do not measure up to an entire web server as the one at hand. In
deed, Intel is about to further revolutionize the landscape of low power process
ors with the arrival of the Ultramobile PC (UMPC) and its processors: A100/A110
and recent Atom (via Blog Staredsi). The ISP obviously need a broadband access t
o the Internet, and this access will reach our greatest limitation: the upload b
andwidth. The broadband access in Spain is now common ADSL 3Mbps downstream and
320kbps upload. The descent we care very little, but the rise is definitely The
maximum number of users that can simultaneously serve with some fluency. These 4
0KB / s upload theorists may seem little, but not negligible, and that may pose
a theoretical maximum monthly transfer more than 100GB, rather than what they of
fer many hostings: 31/8/106 × 320 × 3600x24 = 107GB 1KB = 103Bytes, 1GB = 106Bytes B
ut obviously this is not an entirely fair comparison, since we can not expect th
e flow is regular visits, but the nature of the web brings us precisely the oppo
site;except traffic from search engines that maybe it is reasonably uniform, we
normally visits in bursts: at certain times of day, when we quote and links from
other sites or when we publish something new. If we pile up visits , the pages
will take considerably longer to empty and the user experience on our site could
become very poor, ... and that if you do not get tired of waiting and definitel
y the end without it finishes loading. So are they enough such 40KB / s to give
a reasonable service? In my experience, in principle, yes, but we will have to b
e careful with the material we serve and we must be clear that under a brutal ru
sh of visits we will inevitably fail.
Of course, there is not only the supply of 320kbps upload. Right now there are o
ther companies offering up to 1Mbps ADSL upstream (with her "up to" 20Mbps downs
tream). However, when at some point I have considered hiring some of these alter
natives, I have always found dozens of messages in the forums of people complain
ing of micro power cuts and frequent and repeated that I have been discouraged.
In the end, the quality of one of these lines with ADSL 2 + will depend on the l
ine noise and the distance of the copper pair to the telephone, but the best, as
seems clearly insufficient if we provide a service in the most stable as possib
le. On the other hand, the picture looks set to improve too much too soon. ONO a
lready offers 1Mbps upstream, which may be more stable than ADSL 2 + and VDSL2 a
ppearance of Telefónica's hand is imminent, at the same While FTTH is approaching.
Another aspect that we can consider the appropriateness of the fixed IP. In Tel
efónica goes for 12 € a month, and we could greatly facilitate many aspects of the H
C. However, only the cost, we could hire a professional hosting, so is an option
that the majority would rule. Mastery Of course, we will need one or more domai
ns to realize our project. If we had a fixed IP, you might buy a domain to any r
egistrar and make the DNS to point to our static IP. In our server would have to
configure a server DNS in addition to all other services that we would provide.
However, with a dynamic IP can also set up our HC smoothly thanks to companies
such as DynDNS or noip.com. In Do you think if one day steal your laptop? We saw
an introduction to how these services and configuration guide the ddclient Debi
an to update the IP as soon as it changes. Assuming such a theory known, let's s
ee how to adjust the configuration of DynDNS to an HC environment as we are ridi
ng. DynDNS makes available a large number of domains to be created based on host
names (up to 5 per account) as: barriosesamo.homelinux.org
gustavo.blogsite.org supercoco.isageek.org available domains names are quite use
ful and eye-catching, so it is quite easy to find a combination that is to our l
iking. The mine, as the oldest of the place you know, was and is valencia . home
linux.org. If we want to associate a dynamic IP to your own domain, we can consi
der the option to purchase the Custom DNS service, which goes by 27.5 $ per year
. If you also buy the domain with DynDNS, for example, a. com by $ 15, to make j
oint purchases with the Custom DNS make us a discount of $ 5. Therefore, the jok
e of Custom DNS + domain we will for 37.5 $ / year. DynDNS can not buy a domain.
is, but if buy it anywhere else, we can work with the DynDNS Custom DNS service
. I bought the domain vicentenavarro.com the Custom DNS service and the ddclient
configuration for both domains was promptly update (/ etc / ddclient.conf): # C
onfiguration file for ddclient generated by debconf # # / etc / pid = ddclient.c
onf / var / run / ddclient.pid protocol = dyndns2 use = web, web = checkip.dyndn
s.org /, webskip = 'IP Address' wildcard = yes server = members.dyndns.org login
= password = contrasenyadesupercoco valencia.homelinux.org supercoco custom = y
es, vicentenavarro.com As we see, the only difference between updating a hostnam
e of the free and one of the Custom DNS is the string custom = yes. www.vicenten
avarro.com can be a CNAME to vicentenavarro.com or be a different hostname, in w
hich case we would have to add an additional line in the ddclient.conf. The line
:
use = web, web = checkip.dyndns.org /, webskip = 'IP Address' is used to specify
to where to find the IP ddclient to use to update the DNS server. Putting you s
ay use = web access a website ( checkip.dyndns.org this case) for future referen
ce. If our server had public IP directly online at one of its interfaces, someth
ing increasingly rare these days, we could put something like this: use = if, if
= eth0 The ddclient is able to connect to certain routers in different ways to
get the address directly from the router. We can see all the possibilities in th
e documentation of ddclient. To test the proper functioning of ddclient is a goo
d idea to use the v option and also force may be required for troubleshooting be
cause the client refuses to send an update to the DNS server if the IP has not c
hanged (I know maintaining the cache in / var / cache / ddclient / ddclient.cach
e): # ddclient v force CONNECT: checkip.dyndns.org CONNECTED: SENDING: GET / HTT
P/1.0 SENDING: Host: SENDING checkip.dyndns.org: UserAgent: ddclient/3.6.7 SENDI
NG: Connection: close SENDING: RECEIVE: HTTP/1.1 200 OK RECEIVE: ContentType: te
xt / html RECEIVE: Server: DynDNSCheckIP/1.0 RECEIVE: Connection: close RECEIVE:
CacheControl: nocache RECEIVE: Pragma: nocache RECEIVE: ContentLength: 105 RECE
IVE: RECEIVE: Current <title> <head> <html> IP Check </ title> </ head> <body> C
urrent IP Address: 81.39.245.141 </ body> </ html> INFO: forcing update of valen
cia.homelinux.org. INFO: forcing update of vicentenavarro.com.
INFO: setting IP address to 81.39.245.141 for valencia.homelinux.org UPDATE: upd
ating valencia.homelinux.org CONNECT: members.dyndns.org CONNECTED: SENDING: GET
/ nic / update? System = dyndns & hostname = valencia.homelinux.org & myip = 81
.39.245.141 & wildcard = ON HTTP/1.0 SENDING: Host: members.dyndns.org SENDING:
Authorization: Basic == SENDING YnVlbiBpbnRlbnRvIDotKQ: UserAgent: ddclient/3.6.
7 SENDING: Connection: close SENDING: RECEIVE: HTTP/1.1 200 OK RECEIVE : Date: S
at, 08 Mar 2008 10:12:15 GMT Receive: Server: Apache Receive: XUpdateCode n Rece
ive: ContentType: text / plain Receive: Connection: Close Receive: Receive: 81.3
9.245.141 good SUCCESS: updating valencia.homelinux . org: good: IP address 81.3
9.245.141 September to INFO: setting IP address to 81.39.245.141 for vicentenava
rro.com UPDATE: updating vicentenavarro.com CONNECT: members.dyndns.org CONNECTE
D: SENDING: GET / nic / update? system = custom & hostname = vicente navarro.com
& myip = 81.39.245.141 & wildcard = ON HTTP/1.0 SENDING: Host: members.dyndns.o
rg SENDING: Authorization: Basic == SENDING YnVlbiBpbnRlbnRvIDotKQ: UserAgent: d
dclient/3.6.7 SENDING: Connection: close SENDING: RECEIVE : HTTP/1.1 200 OK RECE
IVE: Date: Sat, 08 Mar 2008 10:12:15 GMT RECEIVE: Server: Apache RECEIVE: XUpdat
eCode: n RECEIVE: ContentType: text / plain RECEIVE: Connection: close
RECEIVE: RECEIVE: good 81.39.245.141 SUCCESS: updating vicentenavarro.com: good:
IP address 81.39.245.141 in September to the file / etc / default / ddclient ca
n specify whether you want ddclient run as a daemon, which is recommended (other
ddclient is planning option in the cron) and how often should you check if ther
e has been a change of IP (5 minutes by default, if you put more frequentwe may
withhold access for misuse of the service): # Configuration for ddclient scripts
 # generated from debconf on Tue Mar 10 13:45:30 CET 2007 # # / etc / default /
ddclient # Set to "true" if ddclient should be run every time a new ppp connecti
on is # established. This might be useful, if you are using dialondemand run_ipu
p = "false" # Set to "true" if ddclient should run in daemon mode run_daemon = "
true" # Set the time interval Between the updates of the dynamic DNS name in sec
onds. # This option only Takes effect if the ddclient runs in daemon mode. daemo
n_interval = "300" Therefore, whenever the ISP would change the IP (which usuall
y does not happen in weeks) we find that we have a few minutes without service.
Another option, the best is that our router protocol support DynDNS and be able
to update the DNS server each time it detects a change of IP in the WAN interfac
e. My Zyxel 660HW supports it, so yes that is able to update a hostname as valen
cia.homelinux.org, but is unable to manage DNS hostnames Custom domain default:
Zyxel DynDNS DynDNS maintains a list of hardware devices with integrated DynDNS
client certificate. The popular Linksys WRT54G is one of them and Custom DNS sup
port putting a postscript to the domain name: example . com & system = custom.
Anyway, prefers to DynDNS client software. Finally, we discuss the list of servi
ces that ddclient supports according to the README, if we prefer an alternative
to DynDNS: Dynamic DNS Currently Supported services include: DynDNS.org http://w
ww.dyndns.org See for details on obtaining a free account. See Hammernode http:/
/www.hn.org for details on obtaining a free account. See ZoneEdit http://www.zon
eedit.com for details. See easyDNS http://www.easydns.com for details. Namecheap
http://www.namecheap.com See for details the operating system at this point, no
one may be surprised that I recommend as our server operating system of HC the
latest stable version of Debian (currently the Debian 4.0 Etch ) with their secu
rity updates. The stable versions of Debian are very famous for its great stabil
ity at the expense of carrying less recent versions but much more proven. 1and1.
es When I moved into one of the pleasant surprises that I took was to see who us
ed Debian on their servers. A few weeks ago, when he issued the famous exploit t
hat affected nearly all versions of the kernel, the Debian security team scored
a good number to be the first to distribute a security patch for the problem. Bu
t anyway , any Linux distribution well maintained, stable and constant security
updates is perfectly valid for our purpose. And that does not want to make a con
tempt for the various * BSD, which can be a good option as much or more than any
Linux, OpenBSD perhaps by emphasizing its focus on safety. And Windows ... Well
, you could have a HC server with Windows, but the possibilities for remote mana
gement and updating would be reduced drastically.'s Definitely not the best opti
on. The router
In most cases, our HC server is behind a router that will be the one with the pu
blic IP WAN interface and distribute the traffic between computers connected to
the LAN. Furthermore, it is to be the most typical is that unless the HC server
is the only system that will access the Internet at home, then there is another
option. The router we have to configure it so that our HC server always receives
the same IP address by DHCP, which most routers support given by associating a
MAC address with the same IP. Another option is to configure the server to use a
fixed IP fails to obtain DHCP, safer option than the first, but we have to use
an IP outside the DHCP address range granted by the router but within the same s
ubnet. In addition,at least we will have to open port 80 and configure the NAT f
or requests to this port will have assigned the IP to our server. Another fundam
ental port is 22 to allow SSH access so you can do remote maintenance server . O
ptionally, open the SMTP 25 and perhaps 110 (POP3) and 143 (IMAP). LAN systems o
ther than the server probably can not use the Internet name server to access the
services provided by the server (for example, to view our website from another
machine on the network), because the domain resolves to a IP is the router, so w
e will be sending requests to the router, not the HC server. That is why, or ass
emble a small DNS that services to the LAN, or entered into the file / etc / hos
ts all systems (even on Windows in c: \ windows \ system32 \ drivers \ etc \ hos
ts) a reference to the hostnames of all the services that we hosted: 192.168.1.3
0 www.vicentenavarro.com vicentenavarro.com 192.168.1.30 valencia . homelinux.or
g Finally, a warning about the WiFi and inconvenience for our purpose. Our HC se
rver should be connected by cable to the router. The WiFi connection, although i
t may seem that is normally very stable, is subject to many interferences on whi
ch we have no control. And among these interferences, I would emphasize the neig
hbors. In my house, for example, I detected a multitude of different wireless si
gnals from neighbors who cause me serious interference and not even allow me to
receive the signal another router
room for many channel changes to try, so I had to wire the house. Other cases ma
y be less severe, but any time you may find that the signal interrupts neighbor
of yours. definitely does not seem as appropriate. Talking Web server Web server
on a UNIX system is almost synonymous with talking about Apache. I always wante
d to try lighttpd, but I never get down to work, so I can not tell at first hand
how well it works in a modest like mine, but in general, has very good press, e
specially as up to memory consumption. In February the Netcraft chart, we see th
at lighttpd is already making it look with its million and half of sites that us
e it. I which is an excellent candidate as a web server for our HC. Going back t
o Apache, all distributions have a package ready to install Apache perfectly and
start working, each with its peculiarities configuration. The first thing we ha
ve to choose is whether we want Apache 1.3 or Apache 2.x, an old debate which I
do not dare to enter. For the development of Apache 2.0 rewrote most of the code
patch and further development was that it worked with UNIX threads. Although it
s performance is better in general, their adoption has been slow because many ex
isting modules for Apache 1.3 does not exist in Apache 2.x and PHP because the d
ocumentation advises against using it. At present, the instructions for installi
ng PHP on Apache 2 settings show the following warning: Warning We Do Not recomm
end using a threaded MPM in production with Apache2. Use the prefork MPM INSTEAD
, or use Apache1. For information on why, read the related FAQ entry on using Ap
ache2 with a threaded MPM in our Debian packages for Apache 1.3 and Apache 2.2.
In the case of Apache 2, with different possibilities for MPM (multiprocessing m
odule): apache versatile, highperformance apachecommon HTTP server support files
for all Apache webservers apachedbg debug versions of the Apache webservers apa
chedev development kit for the Apache webserver apachedoc documentation for the
Apache webserver
apacheperl versatile, highperformance HTTP server with Perl support apachessl ve
rsatile, highperformance HTTP server with SSL support apache2 Next generation, s
calable,extendable web server documentation for apache2 apache2mpmevent apache2d
oc Event driven model for Apache HTTPD 2.1 multiuser MPM apache2mpmitk apache2mp
mperchild for Apache 2.2 Transitional package please remove apache2mpmprefork Tr
aditional model for Apache HTTPD 2.1 apache2mpmworker High speed threaded model
for Apache HTTPD 2.1 apache2 apache2preforkdev apache2src Development headers fo
r Apache source apache2threadeddev code apache2utils Development headers for apa
che2 webservers utility apache2.2common Programs for Next generation, scalable,
extendable web server package is apache2mpmprefork we need according to the docu
mentation of PHP (Apache prefork MPM). If you look at your description it we use
d to run Apache 2 in a manner similar to Apache 1.3 running by avoiding problems
with non-threadsafe libraries in exchange for something of performance: $ aptca
che apache2mpmprefork show [...] Description: Traditional model for Apache HTTPD
2.1 This Multiprocessing Module (MPM) implements a nonthreaded, preforking That
web server handles in a Manner Requests similar to Apache 1.3. It is Appropriat
e for sites That Need to Avoid nonthreadsafe threading for compatibility with li
braries. It is the best MPM Also Each request for isolating, so That a problem w
ith a single request Will Not Affect Any Other. . It Is Not as fast, But is Cons
idered to be more stable. [...] And indeed, we see that is a prerequisite for in
stalling the modphp5: $ aptcache libapache2modphp5 show [...] Depends: libbz21.0
, libc6 (> = 2.3.1966) libcomerr2 (> = 1333), libdb4.4, libkrb53 (> = 1.4.2)
libpcre3 (> = 4.5), libssl0.9.8 (> = 0.9.8c1), libxml2 (> = 6.2.1927), zlib1g (>
= 1:1.2.1), mimesupport (> = 2031), apache2mpmprefork (>> 2.0.52) | apache2mpmi
tk, apache2.2common, php5common (= 05/02/2008 + etch10) libmagic1, ucf [...] apa
che2mpm * The different packages they do is install a different main Apache bina
ry: $ dpkg L apache2mpmprefork | egrep 'bin | lib' / usr / sbin / usr/sbin/apach
e2 MPM module Debian installed by default if we do a simple "install apache2 apt
get is the apache2mpmworker (Apache MPM worker), but if we install the modphp5,
is replaced by the apache2mpmprefork. In short, to install with one command a LA
MP (Linux + Apache + MySQL + PHP) in Debian, we need only run the following comm
and: # aptget install apache2 Reading package libapache2modphp5 php5mysql mysqls
erver5.0 lists ... Done Building dependency tree Reading state information ... D
one The Following [...] NEW packages will be installed: apache2 libapache2 apach
e2mpmprefork apache2utils apache2.2common modphp5 libdbdmysqlperl libdbiperl lib
mysqlclient15off libnetdaemonperl libplrpcperl libtermreadkeyperl mysqlclient5.0
mysqlcommon php5mysql [...] The php5common mysqlserver5.0 Debian Etch are fairl
y recent: Apache 2.2, MySQL 5.0 and PHP 5. I think that in a system we set up ou
r taste for learning, not worth it go to older versions. The professionals are a
lready hostings as well slacker the use of modern versions (I recently found I s
till used a MySQL 3!) and for us to emulate them. If the version is Debian stabl
e, so is for me.
Therefore, once we have Apache 2.2 installed on Debian we have a global configur
ation file / etc/apache2/apache2.conf. From that file includes / etc/apache2/htt
pd.conf, which by default is empty and prepared for us to introduce our lines of
custom configuration without altering the principal. ports.conf in the file spe
cifies the port to be used, by default 80.Then we have the directories under / e
tc/apache2 /: modsavailable / modsenabled / sitesavailable / sitesenabled / The
modsavailable have the modules installed on the system. In the available sites h
ave all the virtual sites are configured on the system. Modsenabled in the direc
tories and sitesenabled we link the modules and we want to enable virtual sites.
At the entry of compression and caching Apache saw how to enable and configure
the modules: * Testing the mod_deflate of Apache * Using Apache mod_cache mod_de
flate so that the load does not increase server links we can create and remove b
y hand or with the following tools Debian: a2dismod a2dissite a2enmod a2ensite W
e have more information on particular aspects of Debian Apache configuration in
/ usr/share/doc/apache2.2 common / README.Debian. Virtual site settings By defau
lt, Debian only left us with a virtual set in / etc/apache2/sites available / de
fault which is used by default when you enter a hostname that does not have a sp
ecific virtual site configuration. Is the document base directory in / var/www/a
pache2default / and allows us to explore the server documentation only from the
browser on the server itself, http://localhost/doc/:
NameVirtualHost * ServerAdmin *> <VirtualHost webmaster @ localhost DocumentRoot
/ var / www / <Directory /> Options FollowSymLinks AllowOverride None </ Direct
ory> Options Indexes FollowSymLinks /var/www/> <Directory MultiViews AllowOverri
de None Order allow, deny allow from all # This directive Allows us to Have apac
he2's default start page # in / apache2default /, But Still have / go to the rig
ht place RedirectMatch ^ / $ / apache2default / </ Directory> ScriptAlias / cgib
in / / usr / lib / cgibin / <Directory " / usr / lib / cgibin "> AllowOverride N
one Options ExecCGI MultiViews + SymLinksIfOwnerMatch Order allow, deny Allow fr
om all </ Directory> ErrorLog / var/log/apache2/error.log # Possible values incl
ude: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn Custo
mLog / var/log/apache2/access.log Combined ServerSignature On Alias / doc / "/ u
sr / share / doc /" <Directory "/usr/share/doc/">
Options Indexes FollowSymLinks MultiViews AllowOverride None Order deny, allow D
eny from all Allow from 127.0.0.0/255.0.0.0:: 1 / 128 </ Directory> </ VirtualHo
st> The basic configuration of virtual site that I used (/ etc/apache2 / availab
le sites / vicentenavarro.com with sitesenabled link) was: <VirtualHost *> Serve
rAlias ServerName vicentenavarro.com www.vicentenavarro.com DocumentRoot / var /
www / vicentenavarro.com / <Directory /> Options FollowSymLinks AllowOverride N
one </ Directory> Options FollowSymLinks MultiViews /var/www/vicentenavarro.com/
> <Directory AllowOverride None Order allow, deny Allow from all </ Directory> E
rrorLog / var/log/apache2/error_vn.log # Possible values include: debug, info, n
otice, warn, error, crit, # alert, emerg.€LogLevel warn CustomLog / var/log/apache
2/access_vn.log Combined ServerSignature On </ VirtualHost>
On it, we can make some changes: * If we allow the configuration. Htaccess files
, we must remove the line "AllowOverride None". * If you want to present a perso
nalized documents for 404 errors, we include a line like: "ErrorDocument 404 / 4
04.php". Moreover, given that our upstream bandwidth is very limited, hotlinking
(link to images on our site from another site) is particularly damaging, so we
should as far as possible prevent the "theft images ". A good way is to reject r
equests whose referer is not our own page, or none (no firewalls that eliminate,
the spread of Firefox NoReferer also removed, and can even control it in Firefo
x with the parameter network.http. sendRefererHeader). How can I Prevent people
from "stealing" the images from my web site?: SetEnvIf REFERER "vicentenavarro \
. com" linked_from_here SetEnvIf REFERER "^ $" <FilesMatch "\.(gif|jpg|png)"> li
nked_from_here Order deny, allow Deny from all Allow from env = linked_from_here
</ FilesMatch directive though> Also, in my case, when I changed the primary do
main to www.vicentenavarro.com valencia.homelinux.org, I had to implement a 301
redirect, to what I created a virtual site / etc/apache2/sitesavailable/valencia
.homelinux.org: ServerName *> <VirtualHost valencia.homelinux.org Redirect perma
nent / http://www.vicentenavarro.com/blog/ ErrorLog / var/log/apache2 / error_vh
o.log # Possible values include: debug, info, notice, warn, error, crit, # alert
, emerg.
LogLevel warn CustomLog / var/log/apache2/access_vho.log Combined ServerSignatur
e On </ VirtualHost> Of course, we can create ourselves all virtual sites we lik
e. Above all, a development is essential to keep trying all the new things they
want to implement without that are visible before they are finished. Setting up
the new configuration When we make any changes to the Apache configuration files
and want to have a minimal effect of interrupting the service, we must be caref
ul to check they are correct: # apache2ctl configtest Syntax OK because if the s
yntax was correct or had any other error: # apache2ctl configtest Syntax error o
n line 1 of / etc/apache2/sitesenabled/000default: Invalid command 'ZerverName'
Perhaps misspelled or defined by a module Not included in the server configurati
on ... and not we have tested before, the server will not start and the service
stopped until we can fix the error: # apache2ctl restart Syntax error on line 1
of / etc/apache2/sitesenabled/000default: Invalid command 'ZerverName' Perhaps m
isspelled or defined by Not a module included in the server configuration In add
ition, the "apache2ctl restart" kills connections that were active at that time.
That is why it is much more respectful of our visitors make a "graceful apache2
ctl, which waits until all servers assets run out before restarting. Therefore,
to reread the configuration of Apache when the change, we will:
# Apache2ctl configtest Syntax OK # apache2ctl graceful often not forget to revi
ew any errors that may appear in the logs to ensure that no configuration proble
m or that we are having some sort of attack. In cases of avalanches MaxClients v
isitors will find that neither the CPU or memory are our bottleneck but obviousl
y the higher bandwidth. But in those cases, if we enter many connections from di
fferent clients at the same time ,the server itself that can have memory problem
s because it has open connections and the bandwidth is not being served. That is
why I found that lowering the maximum number of clients who can attend (MaxClie
nts) in apache2 . conf the default 150 to 50, in case of avalanche, the machine
is not overwhelmed and accepting customers who served them more or less correctl
y. There were many who were not accepted, yes, but in any event for the bandwidt
h they could not be in a position to have served, so just reject them from the b
eginning and thus unburden the server: # prefork MPM # StartServers: number of s
erver to start # MinSpareServers Processes: minimum number of server Which Proce
sses are Kept spare # MaxSpareServers: maximum number of Server Process Which ar
e Kept spare # MaxClients: maximum number of Server Process Allowed to start # M
axRequestsPerChild: maximum number of Requests to Process Server server mpm_pref
ork_module> <IfModule MinSpareServers 5 StartServers 5 MaxClients 50 MaxRequests
PerChild MaxSpareServers 10 0 </ IfModule> We have much more information on how
to configure Apache in the Apache documentation page 2.2. Moderation with the si
ze of the published
It is precisely because of the limited bandwidth that must be contained in what
we publish on our website. For example, a 300KiB image is shown on every page of
our website can make a real blow to our visitors who have seconds and seconds t
o wait for the page finish loading ... and that if finally expect and do not clo
se before. So careful what you stayed and be very stingy with the limited bandwi
dth we have. Before referring previous entries dealing with compression and cach
ing of web pages. With this technique we can minimize the volume of HTML, CSS an
d JavaScript, but the goal of maintaining a reasonable size images should not ev
er lose view. A bit of SEO to save bandwidth as heavy as few visitors are requir
ed search engine robots. The need to exist on the Internet, but their constant v
isits consume bandwidth and not a little, and to remember that regularly travel
throughout our website . One solution to alleviate the problem is to use a robot
s.txt file and block everything that does not need to be found. In the case of a
blog, you can lock the pages of categories, tags, files in the end ... After al
l, it's just duplicate content all you can do is confuse the search engine when
deciding on the best page. But the masterstroke to save bandwidth is to prohibit
search engines from indexing the images on our site (Remove an image from Googl
e Image Search). People are looking for images, they rarely will be interested b
y the content of our web itself. Therefore, prohibiting image search, we avoid t
he one hand the cost of bandwidth to serve our images Image search engines and s
econdly, that of those who access our site looking for pictures, and even those
who once found the image they sought, decide to make our image hotlinking. Anoth
er thing is that much interest you traffic from image search engines. In my case
, the number of hits from images.google.com became very high until forbade image
search on my site, since analyzing the origin of the search hits, reaching foun
d that visitors were not interested in the content of my pages. If we have a fee
d by RSS or Atom, we must take into account that different news aggregators are
accessed so often to see if there are new entries, so it can be very useful to s
ave bandwidth used
the feed through FeedBurner FeedBurner so that is the only access to our feed an
d it is he who use their bandwidth to feed the other aggregators. To analyze the
logs, Debian offers several pre-packaged applications as: Visitors, WebDruid, a
nd veteran AWFFull wwwstat. Apache HTTP server benchmarking tool Finally, we can
not fail to mention the ab (Apache HTTP server benchmarking tool), a utility in
cluded in the package apache2utils with which we can do load testing to our web
server. It may be helpful to compare the performance of an Apache 1.3 with an Ap
ache 2.2 or with a lighttpd or to test improvements in caching or compression, t
o study the implications of code changes may involve (for example, after introdu
cing a piece of PHP code to execute very complex and it is probably very slow).
In this test example, I throw my server through the LAN requests of 5 in 5 (c 5)
for a maximum time of 60 seconds (t 30), and I see that is capable of handling
23 requests (the flaws, " Length: 21 "returned message is because not all have t
he same size, something that is not a problem in this case), but some have had t
o wait up to 40 seconds: # ab c 5 t 60 http://www. vicentenavarro.com / blog / T
his is ApacheBench, Version 2.0.40dev <$ Revision: $ 1,146> apache2.0 Copyright
1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Copyright 2006 Th
e Apache Software Foundation , www.vicentenavarro.com http://www.apache.org/ Ben
chmarking (be patient) Finished 23 Requests Server Software: Apache/2.2.3 Server
Hostname: www.vicentenavarro.com Server Port: 80 Document Path: / blog / Docume
nt Length: 63 231 bytes Concurrency Level: 5
Time Taken for tests: 60.523663 seconds Complete requests: 23 Failed requests: 2
1 (Connect: 0, Length: 21, Exceptions: 0) Write errors: 0 Total transferred is:
1510651 bytes HTML transferred is: 1505035 bytes Requests per second: 0.38 [# /
sec] (mean) Time per request: 13157,318 [ms] (mean) Time per request: 2631,464 [
ms] (mean, across all concurrent Requests) Transfer rate: 24.37 [Kbytes / sec] R
eceived Connection Times (ms) min mean [ + / sd] mediate max Connect: 0 0 0.0 0
0 Processing: 2319 9117 9921.7 11 847 40 440 Waiting: 30 366 2763 7283.9 5547 12
51 Total: 2319 9117 9921.7 11 847 40 440 Percentage of the Requests Served Withi
n a certain time (ms) 50% 8977 66 % 75% 14 074 15 522 18 804 90% 80% 95% 27 300
40 440 29 838 98% 100% 99% 40 440 40 440 (longest request) to repeat the test af
ter enabling plugin for WordPress WP Super Cache, which we talked Compress and c
ache pages generated by Wordpress and see what the disappointing 23 requests ser
ved spent no less than 8193 requests with a maximum waiting time 71ms: # ab c 5
t 60 http://www.vicentenavarro.com/blog/ This is ApacheBench, Version 2.0.40dev
<$ Revision: $ 1,146> apache2.0 Copyright 1996 Adam Twiss, Zeus Technology Ltd,
http://www.zeustech.net/ Copyright 2006 The Apache Software Foundation, http://w
ww.apache . org /
Www.vicentenavarro.com Benchmarking (be patient) Completed 5000 8193 Finished Re
quests Requests Server Software: Apache/2.2.3 Server Hostname: www.vicentenavarr
o.com Server Port: 80 Document Path: / blog / Document Length: 63 301 bytes Conc
urrency Level: Time Taken for five tests: 60.358 seconds Complete requests: 8193
Failed requests: 0 Write errors: 0 Total Transferred: 520,941,496 bytes HTML tr
ansferred is: 518 752 897 bytes Requests per second: 136.55 [# / sec] (mean) Tim
e per request: 36 617 [ms] (mean) Time per request: 7323 [ms] (mean, across all
concurrent Requests) Transfer rate: 8478.80 [Kbytes / sec] Received Connection T
imes (ms) min mean [+ / sd] mediate max Connect: 0 3 2.5 March 1926 Processing:
13 32 4.1 33 69 Waiting: 2 8 4.4 August 1949 Total: 18 36 1.4 36 71 Percentage o
f the Requests Served Within a certain time (ms) 50% 36% 66% 37 75 38 80 39 90%
41% 95% 43 98% 45
99% 46 100% 71 (longest request) Oh, and if we allow the compression option H "A
cceptEncoding: gzip", the result is even more dramatic, reaching the 16 122 requ
ests served, but now the difference as expected, since it is due only to now ser
ve less data: # ab c 5 t 60 H "AcceptEncoding: gzip" [...] http://www.vicentenav
arro.com/blog/ Complete requests: 16 122 [... ] Of course, the ideal is to make
these tests from another Internet system, where the bottleneck bandwidth is noti
ced, but these tests from the LAN can also be very instructive and useful to und
erstand where our web server limps. The mail server The two basic services are a
hosting web server and mail server, so our hope that HC could also be a good ma
il server. However, removing part of a mail server like sendmail or exim can be
really difficult to set up, the reality is that today, spam being such a big pro
blem on the Internet, an SMTP server running from a network of end users with dy
namic IPs is sure candidate to be ignored by almost all Internet mail servers. A
nd even though our IP was settled, not being the IP of an ISP known professional
, most likely our emails were also rejected by a high percentage of target serve
rs. In addition, we can not change the reverse lookup on the IP, something Many
mail servers check. For example, you install the package exim4 and set it up wit
h "dpkg reconfigure exim4config" SMTP server domain as hostingcasero.homelinux.o
rg (for directions as usuario@hostingcasero.homelinux.org).
We chose the "General type of mail configuration" is "internet site": exim4confi
g 1 "System mail name" we hostingcasero.homelinux.org: exim4config 2 "IPaddress
to listen on for incoming SMTP connections" we can leave it empty for SMTP serve
r accepts connections on all network interfaces: exim4config 3 "Other destinatio
ns for Which mail is accepted, we will put the hostname of our server and hostin
gcasero.homelinux.org: exim4config 4" Domains to relay mail for " in principle w
e can leave it empty, and the "Machines to relay mail for". The "Keep minimal nu
mber of DNSqueries (Dialon Demand)?" not very important in our setting and the "
Delivery method for local mail" and the "Split Into small configuration files?",
which are according to the preferences of each. Well, to conclude, I find that
if I try to send an email to Hotmail tells me not to accept my email because my
IP is not reliable: # mail nospam@hotmail.com </ tmp / correo.txt Delivering 1JY
4zH0001ymVM R: dnslookup for nospam@hotmail.com T: remote_smtp for nospam@hotmai
l.com Connecting to mx2.hotmail.com [65.54.244.168]: 25 ... connected SMTP <<220
bay0mc2f2.bay0.hotmail.com Sending unsolicited commercial or bulk email to Micr
osoft's computer network is prohibited. Other Restrictions are found at http://p
rivacy.msn.com/Antispam/. Violations will result in use of equipment Located in
California and Other states. Sat, 8 Mar 2008 11:45:44 0800 SMTP>> EHLO localhost
SMTP <<250bay0mc2f2.bay0.hotmail.com (3.5.0.22) Hello [81.39.245.151] 250SIZE 2
9.696 million 2508bitmime 250BINARYMIME 250PIPELINING 250CHUNKING
LOGIN 250AUTH 250AUTH = LOGIN 250 OK SMTP>> MAIL FROM: SIZE = 1367 <root@hosting
casero.homelinux.org> SMTP>> RCPT TO: <nospam@hotmail.com> SMTP>> DATA SMTP <<55
0 Mail DY001 Rejected by Windows Live Hotmail for policy Reasons. We Generally D
o Not accept email from dynamic IP's as They Are Not Typically Used to Deliver u
nauthenticated SMTP email to an Internet mail server. http://www.spamhaus.org Ma
intains lists of dynamic and residential IP addresses. If You are not an email /
network admin please contact your Email / Internet Service Provider for help. E
mail / network admins, please visit http://postmaster.live.com for email deliver
y information and support SMTP>> QUIT LOG : MAIN ** dnslookup nospam@hotmail.com
R = T = remote_smtp: SMTP error from remote mail server after-MAIL FROM: SIZE =
1367 <root@hostingcasero.homelinux.org>: mx2.hotmail.com host [65.54.244.168] 5
50 DY001 Mail by Windows Live Hotmail Rejected for Policy Reasons. We Generally
Do Not accept email from dynamic IP's as They Are Not Typically Used to Deliver
unauthenticated SMTP email to an Internet mail server. http://www.spamhaus.org M
aintains lists of dynamic and residential IP addresses. If You are not an email
/ network admin please contact your Email / Internet Service Provider for help.
Email / network admins, please visit http://postmaster.live.com for email delive
ry information and support LOG : MAIN <= <> R = U = Debianexim 1JY4zH0001ymVM P
= local S = 1777 LOG: MAIN Completed But instead, GMail yes I accept it: # mail
nospam@gmail.com </ tmp / correo.txt Delivering 1JY51y0001yuLW R : dnslookup for
nospam@gmail.com T: remote_smtp for nospam@gmail.com Connecting to gmailsmtpin.
l.google.com [216.239.59.27]: 25 ... connected SMTP <<220 mx.google.com ESMTP g1
1si5603645gve.6 SMTP>> EHLO localhost SMTP <<250mx.google.com at your service, [
81.39.245.151]
250 28311552 2508BITMIME 250SIZE ATUSCODES ENHANCEDST SMTP>> MAIL FROM: SIZE = 1
363 SMTP <root@hostingcasero.homelinux.org> <<250 2.1.0 OK SMTP>> RCPT TO: <nosp
am@gmail.com> SMTP <<250 2.1.5 OK SMTP>> DATA SMTP <<354 Go ahead SMTP>> writing
message and terminating "." SMTP <<250 2.0.0 OK 1205005717 g11si5603645gve.6 SM
TP>> QUIT LOG: MAIN => nospam@gmail.com dnslookup R = T = H = gmailsmtp in.l.goo
gle.com remote_smtp [216.239.59.27] LOG: MAIN Completed but in my experience, de
pending on the dynamic IP has touched you, it is likely also reject mail if you
ever had someone suspected of sending spam. In short, is an unreliable service.
If you have your own domain with Custom DNS, create an SPF record in DNS can hel
p not reject emails from your server. In openspf.org have a form that helps us m
ake them suited to our server. The MSN Hotmail Guidelines are a good place to co
mpare all these requirements, which tend to be fairly common: 1. Sender is Expec
ted to Comply with all Technical Standards for the transmission of Internet emai
l, as published by The Internet Society's Internet Engineering Task Force (IETF
) Including RFC 2821, RFC 2822, and others. 2. After Given a numeric response co
de error SMTP Between 500 and 599 (also Known as a permanent nondelivery respons
e), the sender MUST NOT Attempt to retransmit That That message to recipient. 3.
After nondelivery multiple responses (see # 2), the sender must weitere Cease At
tempts to send email to That recipient. 4. Sender must not open more Than 500 Si
multaneous connections to MSN
Services Without making inbound email servers prior Arrangements. 5. Messages Tr
ansmitted Through MUST NOT be insecure email relay or proxy servers. 6. The Mech
anism for unsubscribing, Either from individual lists or all lists hosted by the
sender, must be Clearly Document and easy for recipients to find and use. 7. Co
nnections dynamic IP space from May Not be accepted. 8. Email servers must-have
valid reverse DNS records. And let's look further in telling us the message of r
ejection of Hotmail: Mail Rejected by Windows Live Hotmail for policy Reasons. W
e Generally Do Not accept email from dynamic IP's as They Are Not Typically Used
to Deliver unauthenticated SMTP email to an Internet mail server . http://www.s
pamhaus.org Maintains lists of dynamic and residential IP addresses. If You are
not an email / network admin please contact your Email / Internet Service Provid
er for help. Email / network admins, please visit http:// postmaster.live.com fo
r email delivery information and support. That list indicated Spamhaus uses not
only Microsoft, but many other companies and ISPs rely on it to discard mail fro
m certain IP ranges according to the list. With incoming mail will not have any
problem as long as our server is up. SMTP servers that we want to send emails fo
r the MX record (or A if no MX) in elDNS and leave the IP to leave, then the mai
l will be sent . To retrieve the mail received from the server, may be sufficien
t to classic mail command, or a simple "install qpopper aptget," we have a POP3
server ready in seconds. However, if our server is not up for some problem when
one wants to connect to the SMTP server to send us an email, the remote server w
ill have to decide whether to retry sending later, or if rule it out, so the rec
eipt of postal service is not reliable. If you really want to have a reliable ma
il server in our system, the final solution can come to hire the DynDNS service
MailHop Relay (42.5 $ / year), specifically designed for these problems. DynDNS
SMTP server is what gives the face and we use it as a smarthost to send mail thr
ough it and vice versa, so he sent back to us, keeping them temporarily if our s
ervers are down.
Bytecoders also addressed these issues recently in Notice Debian updates by emai
l and SMTP: the scourge of SPAM. Mail with our own domain with Google Apps For m
e, all these problems with the mail appeared ended when I use Google Apps and GM
ail the equivalent (with POP3 and IMAP) but creating different directions on my
own domain (vicentenavarro. com). To do this, all I had was giving me up for the
service and MX records to point my domain to Google's servers (Configuring Your
MX Records): # nslookup> set querytype = MX> vicentenavarro.com Server: 80.58.6
1.250 Address: 80.58.61.250 # 53 Nonauthoritative answer: vicentenavarro.com mai
l exchanger = 10 alt1.aspmx.l.google.com. vicentenavarro.com mail exchanger = 15
alt2.aspmx.l.google.com. vicentenavarro.com mail exchanger = 5 aspmx.l.google.c
om. Authoritative answers Can be found from: internet address = 72.14.215.114 al
t1.aspmx.l.google.com alt1.aspmx.l.google.com internet address = 72.14.215.27 al
t2.aspmx.l.google.com internet address = 64 233 aspmx.l.google.com .179.27 inter
net address = 216.239.59.27 After this, I created mailboxes (or alias) for each
of the accounts that would use and reconfigured my server to use a smarthost: Go
ogle Apps exim4config 1 And for you to use as a smarthost smtp.google.com: Googl
e Apps exim4config 2 the rest of the setup, you can be like it was before.Well,
the same but we must not forget to put our dominance in the section "System mail
name".
All you have to take into account is that now the mails are received locally but
in the Google Apps account (which is actually more comfortable), but if you sti
ll needed to bring these emails to our server, we could always configure order t
o bring them to Google using POP3. Of course, Google requires authentication to
send mail through it, so that the file / etc/exim4/passwd.client we have to asso
ciate your username and password to Google Apps SMTP server: # password file Whe
n the local exim Used Authenticating to a remote is # host as a client. # # See
exim4_passwd_client (5) for more documentation # # Example: # # # target.mail.se
rver.example: login: password gmailsmtp.l.google.com: cuentaadministrador@vicent
enavarro.com: contrasenya Whether we will use the HC server to send and receive
email seriously or not, it is clear that we need to have properly configured as
a mail server so we can send warnings about problems that may be on the server f
rom our monitoring scripts. Or simply because applications such as WordPress mai
ls sent each time it reaches a new comment, for example. If the mail server is n
ot set, applications that send emails as part of its normal operation, can not.
Other issues Backups #! / Bin / bash while! Queda_claro insistir_en_el_backup do
ne no_se_puede_insistir_bastante I do not need to say more. We have all the work
invested in setting up our home server, the databases with the comments of our
visitors, our images, our job there. You really are going to
risk to the hard disk fails or to inadvertently do a "rm rf *" and disappear all
of a stroke? For this task, rysnc is your best friend (Backups with rsync), but
tools like tar or cpio can also help. I would recommend a copy of all your impo
rtant files in a directory on the server itself and other home / s copy / s in a
nother / s system / s that we have through the network with rsync. To export all
the MySQL database system and included in the backup, we can make one: mysqldum
p uroot ppassword alldatabases> backup_mysql.bak and could recover with a mysql
uroot ppassword <backup_mysql.bak More details on how to use mysqldump in "mysql
dump - A Database Backup Program". The backup system during the year there will
be some days, weeks or months that you spend outside your home. Surely these day
s you'll want to leave the light, water and gas shut house to prevent incidents.
What you do with the home server? You have to continue providing service! If yo
u are lucky, like me, to have another computer that can also serve as a home ser
ver and have some family / friend with an Internet connection and who consents t
o have it at home, a kind of "housing landlord, what we have very easy: * instal
l the same version of operating system on the server "official" and took him to
his new post. * Create a new name for the other system in DynDNS and the ddclien
t to configure the new system to update, but a lot better if we can configure th
e router from "the other house" to do it automatically. * Optional: prepare the
router and the system "stay at home person" to start with Wake on Lan. We must b
ear in mind that if the router is not in charge of updating the IP at DynDNS, we
have the problem of not
know the destination IP to send the magic packet. * We put a fixed IP to the sys
tem or configure the router to DHCP-assigned always the same and open the necess
ary ports on the router.€* Create a set of scripts based on rsync and SSH to synch
ronize all necessary configuration files and adapt to the new system vary (for e
xample, the / etc / ddclient.conf). They should also update the database and res
tart the processes required after changing the configuration. * Have provided ot
her scripts to move the service from one system to another. In the end, it is on
ly that the system is the primary DNS records updated with your IP and the secon
dary stop. * After the stay in the other system, we have to synchronize the chan
ges back to the main system and you probably want to collect the logs have been
generated there. The backup system can serve not only in the event of having to
turn off our standard server. We can also use while doing maintenance work or if
we have problems with Internet connection or are having a blackout. Power Cuts
Another problem with which we will have to face power cuts. Although not very fr
equent, occasionally we will have one and we must have planned what to do when t
hey occur. If it is a short cut, the most important thing is that the server re-
boot only when powered. To do this, we must look for the parameter of your BIOS
that allows it. For example, in a VIA EPIA SP8000E, the parameter is called AC L
oss Auto restart and can cause the machine is turned on whenever the light again
, not ever turn or return to the previous state: AC Loss Auto restart The field
defines how the system will Respond After an AC loss During system operation. Of
f: Keeps the system in an off state Until the power button is pressed On: Restar
ts the system When the power is back
FormerSts: Restores the system to previous state ITS AC Loss Auto restart A8NSLI
In an Asus board, the parameter is called Restore on AC Power Loss and has only
two possible values, on or off: Restore on AC Power Loss But if we want to be a
ware of truth to power cuts, the best option is to have a UPS to connect the ser
ver and the router that gives access to the Internet. If the server is a low-pow
er system, we will have enough time outside to await the return of light, or at
least long enough to update our backup server in case you must take action. The
possibility of remote maintenance by SSH to connect to our home server must alwa
ys be open. In my experience, open an SSH server on the Internet brings many con
nection attempts with repeated tests with different users. Without going any fur
ther, today, someone 1520 tested different combinations of username / password o
n my system # grep "Invalid user" auth.log.0 | grep "Mar 9" | wc l 1520 Some exa
mples: Mar 9 6:15:05 Telemaco sshd [6028]: Invalid ibm user from 61.250.91.34 Ma
r 9 6:15:09 Telemaco sshd [6032]: Invalid user informix from Mar 9 6:40:08 Telem
aco 61.250.91.34 sshd [7742]: Invalid user from 61.250.91.34 stevie Mar 9 06: Te
lemaco 40:11 sshd [7746]: Invalid user from 61.250.91.34 kelly Mar 9 6:40:15 Tel
emaco sshd [7750]: Invalid user from 61.250.91.34 Rasoul That's why it is best t
o completely disable access to user / password and allow only the authentication
public / private key: transparent authentication by public / private key to Ope
nSSH. Changing the SSH server port (default 22) to another may be a useful measu
re to avoid some of these constant attempts to access.
Another very useful tool for remote maintenance modem is connected to our home s
erver, as seen in: Setting up Linux to allow remote access via modem to the cons
ole and RAS / PPP. In cases where the router has lost Internet connection, we ca
n try to connect via modem and via the telnet interface of the router settings t
o try to restart it.Another situation is useful in case of an avalanche of reque
sts in which you yourself can not access the router by the absolute lack of band
width and, if so, the entry "by the back door" can help us reach the system with
out using the Internet. P2P and hosting "home? Suppose we want to get off the la
st DVD of Knoppix on Bittorrent. "P2P is compatible with their high bandwidth ne
eds with HC? Well, in principle, may be based on the number of visits provided t
o limit the bandwidth available for P2P rise to a limit that allows content host
ed service at a reasonable speed. In the best case, the use of P2P on the same c
onnection from a HC will completely undermine the experience of our visitors, bu
t only have one at the time, but you'll notice that the page download slower. Th
e best advice about this is that if we activate the P2P, we should be aware of t
he response time is an acceptable minimum ourselves trying to connect from anoth
er system on the Internet. If we find is very slow, we should turn off the P2P.
For Of course, if a peak of visits, we should immediately turn off the P2P. Scri
pting Any administrator who is responsible for a UNIX server must be continually
created scripts to not perform the same tasks over and over again. For us, as s
tewards of our HC is not going to be different. We should have some minimal know
ledge of scripting will be very useful for making backups, to analyze logs, to m
onitor the status of a process to send emails with warnings, etc. Throughout thi
s year, I have come to a good number of scripts. Most are very specific to my ne
eds, but I would leave here a very simple one that you send us an email every ti
me the ISP changes our dynamic IP address:
#! / Bin / bash cd / root / mv f scripts_ip ippublica ippublica.old. / Ippublica
.sh> ippublica if! Ippublica ippublica.old diff> / dev / null Then head ippublic
a cat | mail s "The server IP has changed `date + \"% g /% m /% d% H:% M \ "` "f
i user@example.com The ippublica.sh can be either an SNMP request to the router
and see what the IP interface WAN: snmpwalk v 1 c community IPMIB 192.168.1.1: i
pAdEntAddr | egrep '0 v \ 0 | 192 \ 168 '| awk' (print $ 4) 'good access to chec
kip.dyndns.org: / usr / bin / wget q O http://checkip.dyndns.org/index.html | /
usr / bin / fromdos | / bin / sed 's_ <html> <head> <title> Current IP Check </
title> </ head> <body> Current IP Address: __ '| / bin / sed' s_ </ body> </ htm
l> __ 'The header file is something like: The server IP is now: Conclusion In th
is post I have tried to collect Most important of what I know it has been necess
ary for a full year of autohospedaje where I think the result has been quite sat
isfactory. For carambolas of fate, now I've gone to a professional hosting, but
the journey was worth it and repeat as many times as was needed. If anyone inten
ds to go into this adventure must know that you will learn much and I hope these
lines find tips that will be useful, as I think I have been to me. We must also
bear in mind that it is also possible to have a home without tomárnoslo hosting v
ery seriously, so we do not care at all if we
page detached for several days, but I think if we get, it's worth doing your bes
t. There is nothing worse to give Internet printing a page it takes to load or t
hat every now and then is down. That is not form of loyalty to our readers. The
HC is a bit like having a dog at home. It can be fun, giving you satisfaction, b
ut instead want a lot of obligations: You have to be aware of it, gives you work
and can not go on vacation without trying to find a niche.