-
php-fpm and apparmor
got error when access php-fpm backend
curl http://192.168.0.65/index.php Access denied./var/log/nginx/error.log
2023/09/10 16:55:16 [error] 8597#8597: *35 FastCGI sent in stderr: "Unable to open primary script: /srv/www/htdocs/6001/index.php (Permission denied)" while reading response header from upstream, client: 192.168.0.57, server: , request: "GET /index.php HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.0.65"check file permission from user nginx
su - nginx -s /bin/bash nginx@zei0mucu:~> cat /srv/www/htdocs/index.php <?php echo $_SERVER['REMOTE_ADDR'] ?>all is ok, but
/var/log/audit/audit.log
type=AVC msg=audit(1694354225.344:6659): apparmor="DENIED" operation="open" profile="php-fpm" name="/srv/www/htdocs/6001/index.php" pid=32709 comm="php-fpm" requested_mask="r" denied_mask="r" fsuid=484 ouid=484edit apparmor profile
vim /etc/apparmor.d/php-fpmadd rule for /srv/www/htdocs (store of php files)
# the main log file /var/log/php*-fpm.log rw, # web server files /srv/www/htdocs/** r, # we need to be able to create all sockets @{run}/php{,-fpm}/php*-fpm.pid rw, @{run}/php*-fpm.pid rw, @{run}/php{,-fpm}/php*-fpm.sock rwlk,restart apparmor
systemctl restart apparmor -
build nginx with debug option and echo module
download nginx source and echo module source
wget http://nginx.org/download/nginx-1.22.1.tar.gz wget https://github.com/openresty/echo-nginx-module/archive/refs/tags/v0.63.tar.gzunpack
tar -xzvf nginx-1.22.1.tar.gz tar -xzvf v0.63.tar.gzview nginx build options
nginx -V nginx version: nginx/1.22.1 built by gcc 7.5.0 (SUSE Linux) built with OpenSSL 1.1.1l 24 Aug 2021 SUSE release SUSE_OPENSSL_RELEASE (running with OpenSSL 1.1.1l 24 Aug 2021 SUSE release 150500.15.4) TLS SNI support enabled configure arguments: --prefix=/usr/ --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/var/lib/nginx/tmp/ --http-proxy-temp-path=/var/lib/nginx/proxy/ --http-fastcgi-temp-path=/var/lib/nginx/fastcgi/ --http-uwsgi-temp-path=/var/lib/nginx/uwsgi/ --http-scgi-temp-path=/var/lib/nginx/scgi/ --user=nginx --group=nginx --without-select_module --without-poll_module --with-threads --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-perl=/usr/bin/perl --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-pcre --with-pcre-jit --with-cc-opt='-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fPIC -D_GNU_SOURCE' --with-ld-opt='-Wl,-z,relro,-z,now -pie' --with-compatappend configure options, build
./configure $(argsuments) --with-debug --add-module=/usr/local/src/echo-nginx-module-0.63 make sudo make installadd debug to nginx error_log directive
error_log /var/log/nginx/error.log debug;example of use echo in nginx config
location /hello { echo "$http_test_header"; echo "$cookie_phone"; } -
install Canon B210 on Linux
download Xerox B210 Linux PrintDriver Utilities, unpack it
then
/usr/sbin/lpadmin -p Xerox_B210 -E -v parallel:/dev/usb/lp0 -P /usr/local/src/Xerox_B210_Linux_PrintDriver_Utilities/uld/noarch/share/ppd/Xerox_B210_Series.ppd /usr/sbin/lpadmin -p Xerox_B210 -o PageSize=A4 -
grow raid10 volume adaptec, new drives
first, backup data and then remove existsing volume
arcconf getconfig 2 arcconf DELETE 2 LOGICALDRIVE 2replace physical drives, then init drives, create volume
arcconf getconfig 2 | grep -A12 -B5 -Ei '(0\,26|0\,27|0\,28|0\,29)' arcconf TASK START 2 DEVICE 0 26 initialize arcconf TASK START 2 DEVICE 0 27 initialize arcconf TASK START 2 DEVICE 0 28 initialize arcconf TASK START 2 DEVICE 0 29 initialize arcconf CREATE 2 LOGICALDRIVE name VOL-R10 MAX 10 0 26 0 27 0 28 0 29 -
build python from sources
A list of available Python versions can be found on python.org.
export PYTHON_VERSION=3.11.5 export PYTHON_MAJOR=3prepare to build
curl -O https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz tar -xvzf Python-${PYTHON_VERSION}.tgz cd Python-${PYTHON_VERSION}build
./configure --enable-optimizations --with-lto=full --prefix=/opt/python/${PYTHON_VERSION} --libdir=/opt/python/${PYTHON_VERSION}/lib make sudo make installmake changes to /etc/profile.d/python.sh
# add python startup script for interactive sessions export PYTHONSTARTUP=/etc/pythonstart PATH=/opt/python/3.11.5/bin/:$PATHset alternatives
update-alternatives --install /usr/bin/python3 python3 /opt/python/3.11.5/bin/python3.11 1 update-alternatives --config python3