Administration

Nginx is one of those things that many people want to try but don't. Why? Because it's scary. Well... Nginx itself isn't scary, but all of the poor guides out there make it a nightmare. The first step in making Nginx work for you is to not follow 95% of the guides found on Google. That sounds backward from what you usually hear and I do hate giving that advice. While many of the guides out there will get you going most of the time in most situations, they tend to be suboptimal. Many of these configurations tend to focus on reproducing how Apache does things.

Most anyone reading this already knows me. My name is Michael Lustfield. I'm running the servers of a starting web development company called Kalliki Software. We've been in business for a little while now. When we started we had an Apache Web server with less than one half a gigabyte of RAM. After three websites we were feeling the burn. The Apache web server was taking us down. We didn't have the resources to grow out. We needed to grow up. I turned to the two leaders, Nginx and Lighttpd. After investigating each I easily settled on Nginx.

Building a secure setup is extremely hard. There's an old saying that's basically "build an idiot-proof system and the world will build a better idiot." That works two ways. If you build a hacker-proof system then you'll
find better hackers. Loosely defined use of the term hacker of course.

So, how does one make a secure web server. The easiest would be to use something like Nginx and server only static content with hundreds of layers of strong security to get to altering those files with only one fully

It's time for another post. Recently I've had issues with dropping network connections or wanting to connect and keep working on the same thing from other systems. Most of you probably already know the answer. You screen.

Sounds easy enough. My issue is that I'm incredibly lazy. I don't want to SSH into the system AND start screen AND detach AND reattach. That's just asking way too much of someone like me.

Here's the very simple solution. In my ~/.bashrc file I appended this section of code.

ssh() {
  command ssh "$1" -Xt screen -aAdr -RR work bash
}

I manage many servers as well as pop into a few other systems now and then. I was getting somewhat irritated with typing out everything. A search on Google showed many results. It seemed the most common command to do this was this.

complete -W "$(echo `cat ~/.ssh/known_hosts | cut -f 1 -d ' ' | sed -e s/,.*//g | uniq | grep -v "\["`;)" ssh

As a preliminary note: DO NOT follow anything in this and proceed to ask for help. If you follow this than consider yourself void of ANY support. Especially from the -kernel channel. They support and develop stock kernels, not your personal modifications.

Now.. In my quest for a fast boot time into a fully functional system that is very light weight, I tried out Gentoo. After using Gentoo I discovered that they're not that "ricer" community everyone claims they are. In many way's they're the exact opposite. Sure some of them fall into the ricer category but they're not very common.

I was hosting my own email server for about a year. I enjoyed the fact that I had full and complete control over the entire mail server. I enjoyed being able to fine tune everything to fit my needs exactly. I was doing this for about 1.5 years.

Unfortunately, there were a few things I couldn't control that really killed the fun of running my own email server. First of all, dealing with the people complaining that it's not how they want it weighed on me. Aside from that there were also power outages, hardware failures, software hangs (from power dips), firewall/router deaths, modem spasms (now very frequent), etc. Not only that, but I only had 1mbit upload available and 1.5mib max available at about $100/mo more.

What it came down to is that running a mail server just isn't for me given my limitations. I needed an alternative and I found one. There is this thing called Google Apps (google.com/a) that is capable of hosting your domain email for you.

I decided to give it a shot. It's not a quick or idiot proof process, but it was worth the effort.

WARNING! Do Not do this to your systems. This is for informational purposes only. Do this in a virtual machine only. If you do this outside of a virtual machine, your computer will blow up and you will die. You've been warned.

I did in fact do this over SSH which was not safe and not smart. That fact that I did it does not mean any intelligent or knowledgeable person should do so. In fact, they probably wouldn't consider it.

You ever been trying to connect to a server using SSH and it takes years to connect? Maybe not years, but hours.

Yup, I've waited over an hour before just to make an SSH connection to a server.

I've never been able to figure it out until now. The issue was because of my hosts file. My server had been running on two IP's. It still is, and is still capable of utilizing both. However, I needed to give one card specific control to handle most all of the network requests.

How good are your backups?

I thought mine were pretty dang good. I found out otherwise. I had the following two lines running nightly for my backups.

# Make MySQL backup
mysqldump -u root -p "$(/.sql.pwd)" --all-databases | gzip > /var/mysqldump/mysql-$(date +%F).gz
# Delete old copies
find /var/mysqldump/ -mtime +90 -exec rm {} \;

Anybody know what's wrong with that?

For 99% of Linux commands, this would be perfectly good syntax. Unfortunately, this is one of those 1% times where things aren't the way you expect them.

I was using -u root -p "$(</root/.sql.pwd)"