• php-fpm and apparmor

    got error when access php-fpm backend

    curl http://192.168.0.65/index.php
    Access denied.

    /var/log/nginx/error.log

    2023/09/10 16:55:16 [error] 8597#8597: *35 FastCGI sent in stderr: "Unable to open primary script: /srv/www/htdocs/6001/index.php (Permission denied)" while reading response header from upstream, client: 192.168.0.57, server: , request: "GET /index.php HTTP/1.0", upstream: "fastcgi://127.0.0.1:9000", host: "192.168.0.65"

    check file permission from user nginx

    su - nginx -s /bin/bash
    nginx@zei0mucu:~> cat /srv/www/htdocs/index.php 
    <?php
    echo $_SERVER['REMOTE_ADDR']
    ?>

    all is ok, but

    /var/log/audit/audit.log

    type=AVC msg=audit(1694354225.344:6659): apparmor="DENIED" operation="open" profile="php-fpm" name="/srv/www/htdocs/6001/index.php" pid=32709 comm="php-fpm" requested_mask="r" denied_mask="r" fsuid=484 ouid=484

    edit apparmor profile

    vim  /etc/apparmor.d/php-fpm

    add rule for /srv/www/htdocs (store of php files)

     # the main log file
      /var/log/php*-fpm.log rw,
      # web server files
      /srv/www/htdocs/** r,
      # we need to be able to create all sockets
      @{run}/php{,-fpm}/php*-fpm.pid rw,
      @{run}/php*-fpm.pid rw,
      @{run}/php{,-fpm}/php*-fpm.sock rwlk,

    restart apparmor

    systemctl restart apparmor
  • build nginx with debug option and echo module

    download nginx source and echo module source

    wget http://nginx.org/download/nginx-1.22.1.tar.gz
    wget https://github.com/openresty/echo-nginx-module/archive/refs/tags/v0.63.tar.gz

    unpack

    tar -xzvf nginx-1.22.1.tar.gz
    tar -xzvf v0.63.tar.gz

    view nginx build options

    nginx -V
    nginx version: nginx/1.22.1
    built by gcc 7.5.0 (SUSE Linux) 
    built with OpenSSL 1.1.1l  24 Aug 2021 SUSE release SUSE_OPENSSL_RELEASE (running with OpenSSL 1.1.1l  24 Aug 2021 SUSE release 150500.15.4)
    TLS SNI support enabled
    configure arguments: --prefix=/usr/ --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --http-client-body-temp-path=/var/lib/nginx/tmp/ --http-proxy-temp-path=/var/lib/nginx/proxy/ --http-fastcgi-temp-path=/var/lib/nginx/fastcgi/ --http-uwsgi-temp-path=/var/lib/nginx/uwsgi/ --http-scgi-temp-path=/var/lib/nginx/scgi/ --user=nginx --group=nginx --without-select_module --without-poll_module --with-threads --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-perl=/usr/bin/perl --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-pcre --with-pcre-jit --with-cc-opt='-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g -fPIC -D_GNU_SOURCE' --with-ld-opt='-Wl,-z,relro,-z,now -pie' --with-compat

    append configure options, build

    ./configure $(argsuments) --with-debug --add-module=/usr/local/src/echo-nginx-module-0.63 
    make
    sudo make install

    add debug to nginx error_log directive

    error_log  /var/log/nginx/error.log debug;

    example of use echo in nginx config

            location /hello {
                echo "$http_test_header";
                echo "$cookie_phone";
            }
  • install Canon B210 on Linux

    download Xerox B210 Linux PrintDriver Utilities, unpack it

    then

    /usr/sbin/lpadmin -p Xerox_B210  -E -v parallel:/dev/usb/lp0 -P /usr/local/src/Xerox_B210_Linux_PrintDriver_Utilities/uld/noarch/share/ppd/Xerox_B210_Series.ppd
    /usr/sbin/lpadmin -p Xerox_B210 -o PageSize=A4
  • grow raid10 volume adaptec, new drives

    first, backup data and then remove existsing volume

    arcconf getconfig 2
    arcconf DELETE 2 LOGICALDRIVE 2

    replace physical drives, then init drives, create volume

    arcconf getconfig 2  | grep -A12 -B5 -Ei '(0\,26|0\,27|0\,28|0\,29)'
    arcconf TASK START 2 DEVICE 0 26 initialize
    arcconf TASK START 2 DEVICE 0 27 initialize
    arcconf TASK START 2 DEVICE 0 28 initialize
    arcconf TASK START 2 DEVICE 0 29 initialize
    arcconf CREATE 2 LOGICALDRIVE name VOL-R10  MAX 10 0 26 0 27 0 28 0 29
  • build python from sources

    A list of available Python versions can be found on python.org.

    export PYTHON_VERSION=3.11.5
    export PYTHON_MAJOR=3

    prepare to build

    curl -O https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tgz
    tar -xvzf Python-${PYTHON_VERSION}.tgz
    cd Python-${PYTHON_VERSION}

    build

    ./configure --enable-optimizations --with-lto=full --prefix=/opt/python/${PYTHON_VERSION} --libdir=/opt/python/${PYTHON_VERSION}/lib
    make
    sudo make install

    make changes to /etc/profile.d/python.sh

    # add python startup script for interactive sessions
    export PYTHONSTARTUP=/etc/pythonstart
    PATH=/opt/python/3.11.5/bin/:$PATH

    set alternatives

    update-alternatives --install /usr/bin/python3 python3 /opt/python/3.11.5/bin/python3.11 1
    update-alternatives --config python3