Unable to locally verify the issuer’s authority (Verisign) problem with Nginx

In some browsers like konqueror and old firefox verions we were getting this problem.

                          Unable to locally verify the issuer’s authority

To solve this you must use an intermediate certificate, to download this intermediate certificate you must contatct your provider, in our case was Verising https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1735 

Inspect your certificate to check the version you are using.

With this new cwertificate in hands create a “bundle” certificate; cat your_domain_certificate.crt intermediate_certifica.crt >> bundle.crt .

Configure your nginx with this new certificate

# SSL configuration
ssl on;
ssl_certificate /PATH/bundle.crt;
ssl_certificate_key /PATH/server_valid.key;
ssl_session_timeout 30m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
 

Leave a comment

Setting linux serial to display more columns and rows

stty cols 410 rows 52

 

Leave a comment

NodeJS socket problem FIN_WAIT1 FIN_WAIT2 CLOSE_WAIT

We were facing some problems with NodeJs when handling sockets and file descriptors.

Fortunately we applied this patch and the problem is gone

https://github.com/soplwang/node-ka-patch

/* Copyright (c) 2013 Wang Wenlin. See LICENSE for more information */
;(function () {
var TCP = process.binding('tcp_wrap').TCP
, _setKeepAlive = TCP.prototype.setKeepAlive
, _shutdown = TCP.prototype.shutdown;
TCP.prototype.setKeepAlive = function (enable) {
var r = _setKeepAlive.apply(this, arguments);
this._ka = enable;
return r;
};
TCP.prototype.shutdown = function () {
var r = _shutdown.apply(this, arguments);
if (r && !this._ka)
_setKeepAlive.call(this, true, 150); // 150 sec
return r;
};
})();

And this patch

https://github.com/kejyun/socket.io/commit/8d6c02a477d365f019530b4ec992420dfb90eb09

Leave a comment

Speed up mysql restoring

Increase key buffer size as much as you can

Add this header in your dump file

SET @OLD_AUTOCOMMIT=@@AUTOCOMMIT, AUTOCOMMIT = 0;
SET @OLD_UNIQUE_CHECKS=@@UNIQUE_CHECKS, UNIQUE_CHECKS = 0;
SET @OLD_FOREIGN_KEY_CHECKS=@@FOREIGN_KEY_CHECKS, FOREIGN_KEY_CHECKS = 0;

 

Add this in the end

 

SET FOREIGN_KEY_CHECKS=@OLD_FOREIGN_KEY_CHECKS;
SET UNIQUE_CHECKS=@OLD_UNIQUE_CHECKS;
SET AUTOCOMMIT = @OLD_AUTOCOMMIT;

Leave a comment

Amazon AWS xennet: skb rides the rocket

Saw some time ago this problem in one server

 

 xennet: skb rides the rocket

 

Seems like we had  some kernel driver or hardware interaction problem when dealing with lots of sockets or jumbo frames.

 

To solve that, I had configured MTU to 1500 and 

ethtool -K eth0 gso off

ethtool -K eth0 tso off

 

Leave a comment

Ubuntu+Shinken+NRPE

cd /usr/local/src/
wget http://prdownloads.sourceforge.net/sourceforge/nagios/nrpe-2.15.tar.gz
tar -zxf nrpe-2.15.tar.gz
cd nrpe-2.15

./configure –with-nagios-user=shinken –with-nagios-group=shinken –libexecdir=/usr/local/shinken/libexec –enable-libtap –enable-extra-opts –enable-perl-MODULES –with-ssl=/usr/bin/openssl –with-ssl-lib=/usr/lib/x86_64-linux-gnu

make all
make install-plugin

Leave a comment

Shinken and Mongdb

The debian/ubuntu default mongo does not work on shinken default installation.

to solve this

apt-get install mongodb-10gen=2.2.3

apt-mark hold mongodb-10gen

Leave a comment

Bind error (network unreachable) resolving

This problem usually occurs when bind is unable to query using a IPV6 network.

 

Apr 3 12:01:58 localhost named[5457]: error (network unreachable) resolving ‘static.ak.facebook.com.edgesuite.net/A/IN': 2600:1401:2::2#53
Apr 3 12:01:58 localhost named[5457]: error (network unreachable) resolving ‘w.soundcloud.com/A/IN': 2001:500:90:1::20#53

To avoid this:

-use an IPv6 network

or

-disable IPv6 in Bind

 

Disabling IPV6 in Bind:

/etc/default/bind9

# run resolvconf?
RESOLVCONF=yes

# startup options for the server
OPTIONS=”-4 -u bind”

Leave a comment

Checking dd status

kill -USR1 PID

Example:

hamilton@gothan:/tmp$ dd if=/dev/urandom of=/tmp/aa &
[1] 6832
hamilton@gothan:/tmp$
hamilton@gothan:/tmp$ kill -USR1 6832
hamilton@gothan:/tmp$ 246665+0 records in
246664+0 records out
126291968 bytes (126 MB) copied, 8,05584 s, 15,7 MB/s

hamilton@gothan:/tmp$ kill -USR1 6832
321788+0 records in
321788+0 records out
164755456 bytes (165 MB) copied, 10,4801 s, 15,7 MB/s
hamilton@gothan:/tmp$ kill -USR1 6832
390472+0 records in
390471+0 records out
199921152 bytes (200 MB) copied, 12,7041 s, 15,7 MB/s

Leave a comment

Debian MRTG

sudo apt-get install apache2 snmpd
sudo vi /etc/snmp/snmpd.conf

smuxsocket 127.0.0.1
rocommunity setMeHere
com2sec local localhost public
group MyRWGroup v1 local
group MyRWGroup v2c local
group MyRWGroup usm local
view all included .1 80
access MyRWGroup “” any noauth exact all all none
com2sec notConfigUser default mrtg
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser
view systemview included .1.3.6.1.2.1.1
view systemview included .1.3.6.1.2.1.25.1.1
view systemview included .1 80
access notConfigGroup “” any noauth exact systemview none none
syslocation Athens Greece
syscontact Ubuntu.grinfo@ubuntu.gr>

 

 sudo /etc/init.d/snmpd restart

sudo apt-get install mrtg

sudo updatedb && locate mrtg

sudo mkdir /etc/mrtg && sudo mv /etc/mrtg.cfg /etc/mrtg

sudo cfgmaker –output=/etc/mrtg/mrtg.cfg public@127.0.0.1

 

Next, open /etc/mrtg/mrtg.cfg in a text editor and make sure under Global Configuration Options that the lines “WorkDir: /var/www/mrtg” (under Debian), and “Options[_]: growright, bits” (under Global Defaults) are uncommented. Finally, add the following lines under the Global Defaults section:

RunAsDaemon: Yes
Interval: 5
Logdir: /var/log/
EnableIPv6: no

 

sudo mkdir /var/www/mrtg
sudo indexmaker –output=/var/www/mrtg/index.html /etc/mrtg/mrtg.cfg

sudo env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg

#! /bin/sh
### BEGIN INIT INFO
# Provides:          mrtg
# Required-Start:    
# Required-Stop:     
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: mrtg init script
# Description:       This file is used to start, stop, restart, 
#					 and determined status of the mrtg daemon.
# Author: 			 iasptk.com ;
### END INIT INFO
### START OF SCRIPT
set -e
# PATH should only include /usr/* if it runs after the mountnfs.sh script
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="mrtg"
NAME=mrtg
DAEMON=/usr/bin/$NAME
DAEMON_ARGS="/etc/mrtg/mrtg.cfg"
PIDFILE=/etc/mrtg/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the mrtg package is not installed
[ -x "$DAEMON" ] || exit 0
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
# Function that starts the mrtg daemon
start()
{
	env LANG=C start-stop-daemon --start --quiet \
	--exec $DAEMON -- $DAEMON_ARGS
}
# Function that stops the mrtg daemon
stop()
{
	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 \
	--pidfile $PIDFILE 
}
case "$1" in
  start)
	log_daemon_msg "Starting $DESC" 
	start
	case "$?" in
		0) log_end_msg 0 ;;
		1) log_end_msg 1 ;;
	esac
	;;
  stop)
	log_daemon_msg "Stopping $DESC"
	stop
	case "$?" in
		0) log_end_msg 0 ;;
		1) log_end_msg 1 ;;
	esac
	;;
  restart|force-reload)
	log_daemon_msg "Restarting $DESC" 
	stop
	case "$?" in
	  0|1)
		start
		case "$?" in
			0) log_end_msg 0 ;;
			1) log_end_msg 1 ;; 
		esac
		;;
	esac
	;;
	status)
    status_of_proc "$DAEMON" "$NAME"  
    ;;
  *)
	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" 
	;;
esac
exit 0
### END OF SCRIPT

sudo chmod +x mrtg
sudo mv mrtg /etc/init.d/


sudo update-rc.d mrtg defaults

 

http://www.iasptk.com/667-ubuntu-multi-router-traffic-grapher-mrtg

Leave a comment

Follow

Get every new post delivered to your Inbox.