Howto

I recently visited my parents and realised that it would be great to continue to easily access my network at home. Sadly, as a Virgin Media customer, the upload speed is poor, so using the VPN I set up isn’t the answer, as all traffic would always be routed to my home.

Looking around the internet I found the answer to my problem. Even better, it was already available on Tomato Firmware, which I use on my routers. The solution was tinc.

What is tinc

tinc describes themselves as a Virtual Private Network (VPN) daemon that uses tunnelling and encryption to create a secure private network between hosts on the Internet. It has a few nifty features, such as encryption, compression, mesh routing and a super simple configuration.

My setup

I am in the fortunate position that both my networks have a Asus RT-N66U, the Asus RT-AC66U is the successor, which both run Tomato Firmware by Shibby. This made the configuration very straightforward. Please make sure that you have the AIO builds, that include tinc as not all builds include it.

Router SetupThe networks were configured with the following IP ranges – for this example we will only look at IPv4, not IPv6:

  • London (LDN): 10.0.0.0/24
  • Luxembourg (LUX): 10.10.0.0/24

As neither side have static IPs, I also have DynDNS hostnames set up for both.

Now that the basics are there, let’s configure tinc.

Configuring tinc on Tomato Firmware

Log in to your first router, we’ll start with LDN, and head to VPN Tunneling -> Tinc Daemon.

I recommend running Tinc in ‘tun’ mode. For tun, each node must use a different subnet. These subnets must fit with the ‘VPN Netmask’ found in the config tab. In our example, as we’re using 10.X.X.X IP addresses for our networks, we can use the full 10.0.0.0/8 space, meaning the netmask value would be 255.0.0.0. Tomato by default uses a /24 netmask for it’s networks. You can then add subnets starting from 10.0.0.0/24 – 10.255.255.0/24 and everything in between.

Once you set the interface type to tun and set your VPN Netmask, you can set the name for your node. We’ll set this to ldn for our first router, and lux for our second one.

Next we’ll go to the Generate Keys tab and press Generate Keys at the bottom. You should end up with a set of keys like the following:

tinc generated keysStarting with tinc1.1pre11, only Ed25519 keys are required. RSA keys are only needed for backwards comparability in order to connect to tinc1.0 nodes.

Copy both Ed25519 Private Key and RSA Private Key (if you want to support tinc 1.0) into the Config tab.

Next we’ll head to the Hosts tab. We must create an entry for the node itself in the Hosts section. This information will be shared with other nodes to create connections. As such, on the router ldn, you would create a host ldn with the keys from the Generate Keys tab for that router. Copy the public keys into the fields.

For the address, use your static public IP address if you have one, or a DynDNS hostname. In the subnet column, enter the network IP range that you want that host to share. In the case of LDN, it would be 10.0.0.0/24, LUX would be 10.10.0.0/24.

Once you have done this on both routers, you need to add them to each other and select the ConnectTo checkbox. The nodes share the hosts’ information to help them connect to each other. As such, it isn’t necessary to define every node in every router. If Node A and Node B are connected, and Node A and Node C are connected, then Node B and Node C will learn about each other through Node A. Node B and Node C should then be able to communicate directly to each other.

The hosts table should look like something like this:

tinc hosts

Now you just need to hit Save and Start on both routers.

The Status area is active when tinc is running, and will give you some information about the mesh.

tinc status

‘Edges’ and ‘Connections’ show nodes for which ConnectTo was defined in one or both Nodes. If you don’t see a connection between two particular nodes, this doesn’t mean they aren’t communicating directly to each other. It means that neither had ConnectTo defined for the other, which is fine. The ‘info’ button will give you more detailed information about a particular node. Sometime it says “Reachability: unknown” if neither of those nodes have attempted communicating to each other yet.

There must be some path of ConnectTo’s among the network so all nodes can learn of each other.

The ‘Scripts’ tab allow you to define scripts to run whenever a subnet or host becomes available or unavailable.

That’s it. Enjoy your connected network.

Read more

I’ve been spending this morning optimizing the Flosoft.biz website in terms of load times in Browsers, and one key element of that is sending the correct expires headers to allow Browsers to cache the data.

Now, as of Plesk 11.5, you can edit nginx settings via the Control Panel, but this isn’t always straight forward, so I thought I’d write a small tutorial.

In the Control Panel:

  1. Select your Domain
  2. Click Web Server Settings
  3. Scroll down to nginx settings
  4. If you have “Serve static files directly by nginx” checked (which I recommend), you’ll need to remove the file extensions you’re going to use below, such as jpg,gif,…
  5. In the text box “Additional nginx directives” copy / paste the following configuration:

location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 30d;
add_header Pragma public;
add_header Cache-Control “public”;
try_files $uri @fallback;
}

That’s it. Just hit OK and enjoy a website that sends the correct headers for your static images and CSS.

 

Read more

One of the legacy systems we still use at Flosoft.biz is Plesk. Over the last few years it has slowly gotten better (don’t worry, it still completely breaks on every version upgrade) and nowadays comes with nginx.

However, I noticed that for some obscure reason, it doesn’t enable GZip compression for the webpages it serves? This is quite odd, having myself worked a lot with nginx over the last few years, it’s a default configuration!

Don’t worry, it’s quite easy to enable it though:

Just edit the following file as root: /etc/nginx/conf.d/gzip.conf

gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;
gzip_disable “msie6”;

Then run nginx -t to test the configuration and if that’s all ok, restart nginx by running /etc/init.d/nginx restart.

That’s it. Your webserver will now be serving your pages with GZip compression.

Read more

One of the main bottlenecks when running high performance virtualization systems is the harddisk. Now, you could of course switch your entire system over to SSDs, but that is costly and you’ll end up with a lot less storage, or a massive RAID array.

Modern filesystems like ZFS have solved this problem by allowing for ‘hybrid’ systems. These use the traditional harddisks for persistent storage, and use SSD drives in front of them to cache the read and write queries. This way you get the best of both worlds. Nearly SSD performance and the storage size of a traditional drive.

At Flosoft.biz we use Proxmox to power our VPS offers, which uses LVM and EXT4 for it’s filesystem which doesn’t have a ‘SSD caching’ method built into it. Facebook seems to have had a similar issue, so they created FlashCache. Flashcache is a kernel module that allows you to add a block caching partition in front of any other partition of your system, resulting in an amazing speedup of your system.

After having spent a night or two on getting this to work on Proxmox 2, I decided to write a small tutorial here. I’d also like to thank¬†@toxicnaan for his l33t hax0r skillz.

 

Updating your system

Get your system up to date and make sure you’ve got the latest Kernel.

apt-get update
apt-get dist-upgrade
apt-get install dkms build-essential git
reboot

 

Kernel Headers

You will now need to install the Kernel Headers for your Kernel so that you can compile the module. Make sure you install the correct version of the headers. These need to be the same as the Kernel you’re running.

uname -a # to get your kernel version
apt-get install pve-headers-2.6.32-17-pve # to install the headers for version 2.6.32-17

 

Get FlashCache

Now that we’ve got the Kernel tools, we can get FlashCache and build it.

git clone git://github.com/facebook/flashcache.git
cd flashcache/

make -f Makefile.dkms boot_conf
make install

 

Load FlashCache

Next we need to load FlashCache into our running Kernel and make sure it’s loaded upon boot.

modprobe flashcache
echo flashcache >> /etc/modules

 

Re-purposing the SSD drives

Now it’s time to find a new use for our SSD drives, namely as cache. You can skip this step if your server doesn’t have the SSD drives mounted as /var/lib/vz

umount /var/lib/vz
vgremove pve
pvremove /dev/md2

 

Re-purposing the 2 HDD drives

Now let’s prepare the 2 HDD drives to be used as the storage for /var/lib/vz.

umount /data
pvcreate /dev/md0
lvcreate -l 100%VG -n storage pve
mkfs.ext4 /dev/mapper/pve-storage

 

Creating the FlashCache partition

Now let’s create the FlashCache partition on the SSD drives & mount it.

flashcache_create -p back pvec-storage /dev/md2 /dev/mapper/pve-storage
mount /dev/mapper/pvec-storage /var/lib/vz
echo 1 > /proc/sys/dev/flashcache/md2+pve-storage/fast_remove

 

Editing /etc/fstab

Next step is to edit /etc/fstab and remove the /data and /var/lib/vz mounts. If you forget to do this (as I did for quite a while), your server will struggle to boot on it’s own, and you’ll end up with the datacenter techs thinking you’re an idiot ūüôā

vi /etc/fstab

 

The init.d file

This next step is important. We need to add an init.d file to do some operations, like mounting the filesystem and cleaning it up. It will also unmount the drive before shutting down, as if you don’t do this, your kernel will freeze on shutdown. Make sure you edit your file according to your needs.

#!/bin/sh

# Start or stop Flashcache

### BEGIN INIT INFO
# Provides:          flashcache
# Required-Start:
# Required-Stop:     $remote_fs $network pvedaemon
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: Flashcache SSD caching
# Description:       Flashcache SSD caching
### END INIT INFO

PATH=/bin:/usr/bin:/sbin:/usr/sbin

flashcache_start() {
if df -h | grep /var/lib/vz > /dev/null
then
echo "Flashcache allready running"
else
flashcache_load /dev/md2
mount /dev/mapper/pvec-storage /var/lib/vz
#mount /dev/mapper/pve-backup /mnt/backup
echo 1 > /proc/sys/dev/flashcache/md2+pve-storage/fast_remove
echo "Flashcache started"
fi
}

flashcache_stop() {
if df -h | grep /var/lib/vz > /dev/null
then
#umount /mnt/backup
umount /var/lib/vz
dmsetup remove pvec-storage
echo "Flashcache stopped"
else
echo "Flashcache not running"
fi
}

case "$1" in
    start)
flashcache_start
    ;;

    stop)
flashcache_stop
    ;;

    restart)
        $0 stop
        $0 start
    ;;
esac

exit 0

 

Enabling the init.d file.

Now we need to make the file executable and make sure it’s run on boot.

chmod +x /etc/init.d/flashcache
update-rc.d flashcache defaults

 

Give it a spin

Right, that should do it. Reboot your machine and see if it comes back.

reboot

If all went well, your drive should be mounted with FlashCache in between.

root@vh43:~# df -h
Filesystem            Size  Used Avail Use% Mounted on
none                   32G  256K   32G   1% /dev
/dev/md1               10G  1.3G  8.2G  14% /
tmpfs                  32G     0   32G   0% /lib/init/rw
tmpfs                  32G     0   32G   0% /dev/shm
/dev/fuse              30M   12K   30M   1% /etc/pve
/dev/mapper/pvec-storage
                      1.8T  196M  1.7T   1% /var/lib/vz

You can also see the statistics of FlashCache by running:

cat /proc/flashcache/md2+pve-storage/flashcache_stats

That’s it! Your Proxmox system should now have it’s VMs on the FlashCache drive.

If you have any questions or feedback, just leave them below.

References:

Read more

This guide will guide you through the process of setting up PHP-FPM and nginx on your Mac OSX 10.8 Mountain Lion using MacPorts.

Installing XCode

For starters, you need MacPorts installed. This requires XCode and XCode’s Command Line tools. You can get XCode off the Apple Store. Once installed, go to preferences and install the Command Line tools.

Next install MacPorts. Just go to this page and download the pkg for your version of OSX.

Once that’s done, we’re ready to start.

Installing PHP-FPM

First, let’s install PHP-FPM:

sudo port install php54-fpm

Now we’ll also need to copy the config file:

sudo cp /opt/local/etc/php54/php-fpm.conf.default /opt/local/etc/php54/php-fpm.confsudo cp /opt/local/etc/php54/php.ini-development /opt/local/etc/php54/php.ini

That’s PHP sorted. If you want to install any PHP extensions, just use port install php54-EXTENSION.

Installing nginx

Next, we install nginx and copy the config files into the right place.

sudo port install nginx
 sudo cp -p /opt/local/etc/nginx/fastcgi.conf.example /opt/local/etc/nginx/fastcgi.conf
 sudo cp /opt/local/etc/nginx/fastcgi_params.example /opt/local/etc/nginx/fastcgi_params
 sudo cp /opt/local/etc/nginx/mime.types.example /opt/local/etc/nginx/mime.types
 sudo cp /opt/local/etc/nginx/nginx.conf.example /opt/local/etc/nginx/nginx.conf
 sudo mkdir /opt/local/etc/nginx/conf.d

Configuration

That’s it. Now you can go ahead and configure nginx to your liking by editing the file:

/opt/local/etc/nginx/nginx.conf

I have also changed some configuration files to make PHP work properly off my ~/Sites/ folder.

Edit /opt/local/etc/php54/php.ini:

cgi.fix_pathinfo=0

This will help with the nginx config.

Edit the fastcgi_params file:

sudo vi /opt/local/etc/nginx/fastcgi_params

It should look like this:

fastcgi_param   QUERY_STRING            $query_string;
fastcgi_param   REQUEST_METHOD          $request_method;
fastcgi_param   CONTENT_TYPE            $content_type;
fastcgi_param   CONTENT_LENGTH          $content_length;

fastcgi_param   SCRIPT_FILENAME         $request_filename;
fastcgi_param   SCRIPT_NAME             $fastcgi_script_name;
fastcgi_param   REQUEST_URI             $request_uri;
fastcgi_param   DOCUMENT_URI            $document_uri;
fastcgi_param   DOCUMENT_ROOT           $document_root;
fastcgi_param   SERVER_PROTOCOL         $server_protocol;

fastcgi_param   GATEWAY_INTERFACE       CGI/1.1;
fastcgi_param   SERVER_SOFTWARE         nginx/$nginx_version;

fastcgi_param   REMOTE_ADDR             $remote_addr;
fastcgi_param   REMOTE_PORT             $remote_port;
fastcgi_param   SERVER_ADDR             $server_addr;
fastcgi_param   SERVER_PORT             $server_port;
fastcgi_param   SERVER_NAME             $server_name;

fastcgi_param   HTTPS                   $https;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param   REDIRECT_STATUS         200;

And finally, add a location to your nginx configuration for PHP:

sudo vi /opt/local/etc/nginx/nginx.conf

Here’s my config:

        location ~ \.php$ {
            root   /Users/florian/Sites;
            fastcgi_pass   127.0.0.1:9000;
            fastcgi_index  index.php;
            include        fastcgi_params;
        }

That’s it for the configuration.

Tweaking .bash_profile

Lastly, we’ll add some lines to your .bash_profile to make it easier to start and stop nginx and php_fpm.

vi ~/.bash_profile

And then add the following:

# nginx
 alias nginx_start='sudo launchctl load -w /Library/LaunchDaemons/org.macports.nginx.plist'
 alias nginx_stop='sudo launchctl unload -w /Library/LaunchDaemons/org.macports.nginx.plist'
 alias nginx_restart='nginx_stop; nginx_start;'
#php-fpm
alias fpm_start=’sudo launchctl load -w /Library/LaunchDaemons/org.macports.php54-fpm.plist’
 alias fpm_stop=’sudo launchctl unload -w /Library/LaunchDaemons/org.macports.php54-fpm.plist’
 alias fpm_restart=’fpm_stop; fpm_start’
Boom! That’s it. You’ve now got nginx and php-fpm running on your Mac.
Read more

Today’s tutorial is going to explain how to install Lighttpd; PHP5 and MySQL on your FlexServ (RPS) on Debian Etch 4.0.

This is an easy tutorial, and definetly a good place to start.

1. Update the repositories and your system

apt-get update
apt-get dist-upgrade

2. Install lighttpd

apt-get install lighttpd

3. Install PHP5-CGI

apt-get install php5-cgi

4. Configure lighttpd to use PHP5-CGI

Modify the php.ini:

vi /etc/php5/cgi/php.ini

Add the following line to it at the end:

cgi.fix_pathinfo = 1

Now you need to edit the lighttpd.conf

vi /etc/lighttpd/lighttpd.conf

Add the following at the top (in the list):

“mod_fastcgi”,

Then this at the bottom:

fastcgi.server = ( “.php” => ((
“bin-path” => “/usr/bin/php5-cgi”,
“socket” => “/tmp/php.socket”
)))

5. Install and configure MySQL

Title says it all:

apt-get install mysql-server mysql-client php5-mysql

Then you should also set a password for the MySQL User root:

mysqladmin -u root password yourrootsqlpassword

6. Restart your lighttpd to apply the changes

/etc/init.d/lighttpd restart

7. Test it

Ok, the last step is to test it. For that create a new .php file:

vi /var/www/info.php

Add the following text to it:

<?
php phpinfo();
?>

Then check the result by accessing the page in your Webbrowser: http://fs00000.flosoft-servers.net/info.php

If that works, you can enjoy your new Webserver!

Read more

This howto will explain to you how to install a frontend on your server which is accessible via NX. This tutorial is for Debian based systems, and has been tested on an Flosoft.biz FlexServ (RPS).

1. Check the basic Debian setup.

We need to modify the sources.list

vi /etc/apt/sources.list

Add the following 2 lines:

deb http://ftp.debian.org/debian etch main contrib non-free
deb-src http://ftp.debian.org/debian etch main contrib non-free

Close and save (:wq) and run this command to update:

apt-get update

Then check if your system is up to date, and if necessary install updates.

apt-get dist-upgrade

2. Installing the X window manager xorg.

Just type in:

apt-get install xserver-xorg-core xorg

There will be a few questions at the end, for now just go with the defaults.

3. The Login Manager

Now you have 3 options. You can install any of the following Login Manager’s. Your options are:

  1. KDM
    KDM is probably the best if you want to use KDE
  2. GDM
    GDM is probably the best if you want to use Gnome
  3. XDM
    XDM is probably the best if you want to use Fluxbox or XFCE

Once you have chosen one of the GUIs run one of the following three commands:

apt-get install kdm
apt-get install gdm
apt-get install xdm

4. The GUI

Now again, you have a choice of different Graphical User Interfaces.

  1. KDE
    Personally my favourite on Debian
  2. Gnome
    My favourite on Ubuntu
  3. Fluxbox
    Never used it
  4. XFCE4
    Never used it

Once you have chosen one of the GUIs run one of the following three commands:

apt-get install kde
apt-get install gnome
apt-get install xfce4
apt-get install fluxbox

Thats all for the base setup.

5. Reboot

You should reboot to make sure the X server starts.

shutdown -r now

6. Create your user

Once your server has rebooted, and you have relogged in, you should create a user which you will use for the GUI.

adduser mynewusername

6. Getting the NX packages

Now we need to setup the NX server, so that you are able to connect to the server from your home. So you need to download the NX server pacakges:

wget http://64.34.161.181/download/3.1.0/Linux/nxclient_3.1.0-2_i386.deb
wget http://64.34.161.181/download/3.1.0/Linux/nxnode_3.1.0-3_i386.deb
wget http://64.34.161.181/download/3.1.0/Linux/FE/nxserver_3.1.0-2_i386.deb

7. Installing the NX packages

As you have the packages now in your directory, you need to install them via dpkg.

dpkg -i nxclient_3.1.0-2_i386.deb
dpkg -i nxnode_3.1.0-3_i386.deb
dpkg -i nxserver_3.1.0-2_i386.deb

8. The Services

Now we need to make sure the services are running.

/etc/init.d/ssh restart
/etc/init.d/nxserver restart

9. The Browser

Last, but not least… well actually least … Firefox! You will need a nice Browser, so Firefox is the way to go.

apt-get install firefox

Now you’re system is setup and you’re ready to use it. Simply setup your NX Client and have fun!

If you have any questions, don’t hesitate to ask me or just leave a comment.

Read more