Increasing php-fpm limits

/in , , , , /by

If you use php with fpm standalone (without any hosting automation tool like plesk or whm/cpanel) then you need some tweaks for your busy php coded websites.I think the best fpm methot ise “on demand”.The fpm pool can be used for a website or multiple websites.All you have to do is finding your pool configuration file which belongs to your website.

Your pool file should look like this below

You can increase pm_max_children. and pm.start_servers but probably increasing the “max_children” will enough for you.After the file is changed restart the fpm service.

; By default use ondemand spawning (this requires php-fpm >= 5.3.9)
pm = ondemand
pm.max_children = 5
pm.process_idle_timeout = 10s
; Following pm.* options are used only when ‘pm = dynamic’
pm.start_servers = 1
pm.min_spare_servers = 1
pm.max_spare_servers = 1

 

[php-fpm-pool-settings] pm.max_children = 100

 

Prevent your server from bad bot attacks

/in , , , , , /by

We need some iptables rules and a file that includes ip addresses.These addresses are belong to bad bots

I use a shell script that reads ip addresses one by one from afile and block it by using iptables.

Firstly,You have to create a file.for example under root folder and it’s name is bad_bot.txt

nano /root/bad_bot.txt.Write it ip addresses that you want to block into this file.You can use my own list bad_bot.txt file

If you want it run at every system boot,please write it in rc.local file.

iptables -F

for x in $(cat /root/bad_bot.txt)
do
iptables -A INPUT -p tcp -s $x –dport 80 -j DROP
iptables -A INPUT -p tcp -s $x –dport 443 -j DROP
done

 

Fix Apache SSL vulnerabilites

/in , , , , , , , , , , , /by

For Centos Servers;

Please add these lines to the end of /etc/httpd/conf.d/ssl.conf file and restart httpd service

<IfModule mod_ssl.c>
SSLProtocol +TLSv1 +TLSv1.1 +TLSv1.2 -SSLv2 -SSLv3
</IfModule>
<IfModule mod_ssl.c>
#SSLCipherSuite HIGH:!aNULL:!MD5:!RC4-SHA:!RC4
#SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RS
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5::!RC4
</IfModule>

Plesk Onyx fix file permissions

/in , , /by

The error message

Unable to open the directory: Unable to find the directory /var/www/vhosts/example.com/httpdocs/dir/: filemng failed: filemng: opendir failed: Permission denied System error 13: Permission denied

Login as root to your server and type

plesk repair fs yourdomain.com

You can also use this command for fixing subdomain permissions.

 

How to Install Maxmind module for Apache

/in , , , , , /by

We explain how to install maxmind apache module for geoip url filtering on Centos/Cloudlinux and Ubuntu/Debian Servers.

First install this module for Centos/Cloudlinux distro.You should install the maxmind library on your server first.After than you should install the apache extension tool (apxs) on your server too.If you don’t know how to install any software on your centos server,you can choose the easy way.I prepared a shell script which includes all requirement steps.These are below.This is the content of  “https://www.linux-destek.com/maxmind/maxmind.sh” file.Notice that it already has a compiled maxmind library which one is “.so” file.It work with newer version of Centos and Clodlinux.So you don’t have to compile it yourself.Choose is yours.

#!/bin/bash
yum -y install libmaxminddb.x86_64 libmaxminddb-devel.x86_64
wget https://www.linux-destek.com/maxmind/modmaxmind.tar.gz
tar zxvf modmaxmind.tar.gz
cd modmaxmind/
cp mod_maxminddb.so /usr/lib64/httpd/modules/
mkdir /usr/local/share/GeoIP/
cp GeoLite2-Country.mmdb /usr/local/share/GeoIP/
cp apache.conf /etc/httpd/conf.d/maxmind.conf
service httpd restart

For Centos / Cloudlinux Users download it by using wget into your server and run it.After it is downloaded.You should review the file’s content.It must be includes same lines above.

wget https://www.linux-destek.com/maxmind/maxmind.sh

Then run it as root.

/bin/bash maxmind.sh

That’s it.