Posts

APS package installation_task stuck in ISPConfig3

When trying to install an APS package on a ISPConfig3 system, the package was never installed and the status “installation_task” remained for the site I tried to install a package.

Investigating /var/log/ispconfig/cron.log revealed:

PHP Fatal error: Uncaught Error: Call to undefined function curl_init() in /usr/local/ispconfig/server/lib/classes/aps_installer.inc.php:627

This problem can occur when curl is not installed on the target server, but that was not the problem in this case.

The server had been upgraded to Ubuntu 16.05 which runs PHP 7.0 instead of PHP 5. Curl was installed but the problem was that php7.0-curl was missing. The problem was resolved by:

sudo apt-get install php7.0-curl

The next issue that occured according to the logs was:

PHP Fatal error: Uncaught Error: Class 'ZipArchive' not found in /usr/local/ispconfig/server/lib/classes/aps_installer.inc.php:106

This problem was resolved by:

sudo apt-get install php7.0-zip

After this nothing more had to be done. The ISPConfig cron now successfully installed the APS package automatically.

Ubuntu 14.04, 16.04 and 17.04 Unity, Dash and Launcher missing

If you end up missing the menu etc in Ubuntu 14.04, 16.04 and 17.04, i.e. you only see the desktop but nothing more. You can’t even restart the machine.

It can be resolved like this:

  • Right click on the desktop and select “Start a new terminal”
  • In the terminal window run the following commands;
    sudo apt-get update
    sudo apt-get install --reinstall ubuntu-desktop
    sudo apt-get install --reinstall unity
    sudo shutdown -r now

 

Meltdown and Spectre vulnerabilities – what to do?

Meltdown and Spectre are two vulnerabilities present in hardware making it potentially possible for programs to steal information, like passwords etc.

Meltdown affects only Intel processors while Spectre, which is more complex, also partly affects AMD and ARM based processors.

It is not yet known if these vulnerabilities has been exploited by anone. It can affect personal computers, servers, tablets and mobile phones, i.e. more or less any device containing a processor.

More information on: https://spectreattack.com/

What can you do?

  • Check your operating system for updates the upcoming weeks (this is normal good security practice, but make sure you do it frequently)
  • Install and update your virus protection. Even if the antivirus program can’t protect you from the attack it might be able to inform you that your device has got malicious code onboard

You can find security bulletins, security advisorys, faq:s etc for your operating system here: https://meltdownattack.com/#faq-advisory

High load on CPU and disk I/O every hour (Apache, MySQL and mod_pagespeed on Ubuntu)

On one of my Ubuntu servers I noticed a significant peak in CPU load (load average, LA) and disk I/O about every hour. At first, I suspected that MySQL was the cause of this, doing some houeskeeping or garbage cleaning.

However, it turned out it was caused by the Apache module mod_pagespeed. The high load occuered when pagespeed was cleaning out it’s cache.

The solution was to locate the cache on tmpfs instead. This was done by editing the file /etc/apache2/mods-available/pagespeed.conf and change the location of the cache by the line (/run is located on tmpfs which is RAM memory):

ModPagespeedFileCachePath "/run/cache/mod_pagespeed/"

Then restart Apache by:

service apache2 restart

Ispconfig3 php5-fpm Error 500 Internal server error

When trying to change a client website on a Ispconfig3 host from Fast-CGI to PHP-FPM the page just gave Error 500 Internal server error. Investigating the site error log showed lines like:

[Sat Oct 22 10:39:56 2016] [error] [client xx.xx.xx.xx] (2)No such file or directory: FastCGI: failed to connect to server "/var/www/clients/client6/web447/cgi-bin/php5-fcgi-*-80-domain.xx": connect() failed
[Sat Oct 22 10:39:56 2016] [error] [client xx.xx.xx.xx] FastCGI: incomplete headers (0 bytes) received from server "/var/www/clients/client6/web447/cgi-bin/php5-fcgi-*-80-domain.xx"

Checking the status of PHP-FPM by the command:

service php5-fpm status

gave the result “not running”.

Investigating the PHP-log file, /var/log/php5-fpm.log, displayed lines like:

[22-Oct-2016 10:34:53] ERROR: [pool web405] cannot get uid for user 'web405'
[22-Oct-2016 10:34:53] ERROR: FPM initialization failed

However, the site widh id 405 and user web405 did no longer exist on the server and has been left there by Ispconfig3 for unknown reasons.

The solution was to manually remove the file /etc/php5/fpm/pool.d/web405.conf file and then:

service php5-fpm restart
service apache2 restart

postgrey whitelisting outlook.com

Greylisting is a way of reducing the amount of incoming spam and virus emails, in addition to other counter measures. Postgrey is a good choice if you are running postfix.

However, to be able to recieve emails from senders using outlook.com you need to whitelist it. This is because outlook.com is using a different host on each try to deliver the mail, causing delays up to hours, days or the mail not being delivered at all within time limits.

Create/edit the file /etc/postgrey/whitelist_clients.local and add:

# outlook.com
/^mail-*\.outbound\.protection\.outlook\.com$/

Then execute:

service postgrey reload

Delete old PHP5 session files automatically

If not specified the PHP5 session files will be located in a directory like /var/lib/php5 and the builtin garbage collection will delete them, normally after 24 hours.

But often systems like CMS:es will put session files somewhere else and if the system doesn’t have it’s own garbage collection those session files will be kept forever. The reason can be to let a website visitor click “keep me logged in” or to remember a visitors preferences on the website. This normally doesn’t impose a problem as these session files are very small and the number of them counts in hundreds or possibly a couple of thousand files.

However, I encountered a site that created a very large number of session files and kept them forever. At some point the session files count was in the range of millions of files causing the system to run out of inodes. A solution could be to investigate how the system was handling session files but the internal workings of the site was outside of my responsibility. Another solution was to increase inodes but this will be a temporary solution.

The solution chosen was to create a garbage collection routine for the site in question, that deleted session files older than x days. The oldest session files was over 4 years old. The decision was to delete all session files older than a month (30 days), causing visitors who logged in, or had their preferences set, for more than a month ago had to re-login or set their preferences again on their next visit to the site. This was accomplished by the following command (which is run by cron every night):

find /var/www/somedomain.com/web/var/session/ -type f -mtime +30 -exec rm {} \;

Cron scripts in /etc/cron.daily not running

If you put a script to be run by cron in cron.hourly, cron.daily, cron.weekly or cron.monthly but they won’t run, make sure that they:

  • Are chmod +x
  • Are owned by the correct user (like root:root)
  • Start with #!/bin/sh or the corresponding shell used to execute them
  • The filename doesn’t contain any dots, like a script name ending in .sh will not execute

You can also execute the command to verify that your script will be run:

run-parts –test /etc/cron.daily

PrestaShop PHP error Cannot redeclare class BlowfishCore on Ubuntu 14.04 server [solution]

Edit /etc/php5/cgi/conf.d/05-opcache.ini. Add:

opcache.enable=0
opcache.enable_cli=0