Tip: No Space Left on Device Error

Rai    LAMP, Linux     apache, ipcrm, Linux, semaphore

If you have an Apache web server and for some weird reason, you cannot start the service, then you might be encountering the “No space left on device” error.

At first you will notice that no matter how many times you restart the http daemon, it just won’t start. Looking at the logs, you will see these errors:

[crit] (28)No space left on device: mod_rewrite: could not create rewrite_log_lock Configuration failed.

Of course, seeing that the errors are about the disk being full, you might want to check the disk space of your machine: read more

Tip: How to Decode CSR

Rai    LAMP     certificate, certificate request, commerce websites, comodo, digital certificates, e-commerce, https, secure, ssl, ssl certificates, verisign

If you are a web administrator who has to renew SSL certificates every time your copy expires, you may find this neat tool to decode your existing Certificate Signing Request or CSR file.

Certificate Signing Request or CSR file is the file that must be sent to a certificate authority (like Verisign or Comodo) to get a digital identity certificate. Digital identity certificates are commonly used in e-commerce websites and is required if you want to enable https or secure http in your website.
read more

How To Create Self Signed Certificate

Rai    LAMP, Linux     apache, certificate, http, https, Linux, secure, self-signed, ssl

This is a mini guide on how to create a self signed SSL certificate for your secure website on Apache server. Self signed certificates are commonly used for site testing but is not honored for public websites since the certificate is signed only by you, hence the term self signed.

Step 1: Generating a server key needed to create the .ca and .crt files

[root@home test]# openssl genrsa -des3 -out server.key 4096
Generating RSA private key, 4096 bit long modulus
…………………………………………..++
……………………………………++
e is 65537 (0×10001)
Enter pass phrase for server.key:
Verifying – Enter pass phrase for server.key:
[root@home test]# ls
server.key

Step 2: Remove the passphrase from the key file. This is done so you do not have to type in the passphrase everytime the Apache is started. This especially useful in the event of server reboot when there is no one to manually type the passphrase. (Note: Once the passphrase is removed from the key, make sure that the file is readable only by root.)

[root@home test]# mv server.key server.key.secure
`server.key’ -> `server.key.secure’
[root@home test]# openssl rsa -in server.key.secure -out server.key
Enter pass phrase for server.key.secure:
writing RSA key
[root@home test]# ls
server.key server.key.secure

Step 3: Generate the CA file. The Certificate Authority file identifies the body that signed the certificate. The certificate validity in this example is 365 days after which, you will have to generate a new CA and CRT files again.

[root@home test]# openssl req -new -x509 -days 365 -key server.key -out server.ca
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]: PH
State or Province Name (full name) [Berkshire]:Manila
Locality Name (eg, city) [Newbury]:Manila
Organization Name (eg, company) [My Company Ltd]:ZXY Corp
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:myhomies.com.ph
Email Address []:admin@myhomies.com.ph
[root@home test]# ls
server.ca server.key server.key.secure

Step 4: Generate the CSR file. The Certificate Signing Request is the file that contains the information of the certificate file itself. Note that in the Common Name field, you will have the use the fully qualified domain name (FQDN) of the actual site where the certificate is going to be used. For example, if your secure site is https://mywork.here.com, put mywork.here.com in the Common Name field. If you don’t have FQDN, use the server’s ip address instead. If the site url and Common Name are different, users will see a pop-up box whenever they visit your site.

[root@home test]# openssl req -new -key server.key -out server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]: PH
State or Province Name (full name) [Berkshire]:Manila
Locality Name (eg, city) [Newbury]:Manila
Organization Name (eg, company) [My Company Ltd]:ZXY Corp
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:myhomies.com.ph
Email Address []:admin@myhomies.com.ph

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@home test]# ls
server.ca server.csr server.key server.key.secure

Step 5: Generate the CRT file.

[root@home test]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=PH/ST=Manila/L=Manila/O=ZXY Corp/OU=IT/CN=myhomies.com.ph/emailAddress=admin@myhomies.com.ph
Getting Private key
[root@home test]# ls
server.ca server.crt server.csr server.key server.key.secure

There you have it. You have the files that you need to create a secure http site with a self-signed certificate. All you have to do now is to install there certificates to your Apache server. Your server needs to have mod_ssl enabled to use the secure http port (443).

Step 6: Install the certificates. Just copy the files to where you want your SSL certificate to be, like /etc/httpd/conf.d/ssl.crt. The setup your ssl.conf file to point the directives to the location of your SSL files.

Basic Apache and PHP Install from Source Part 1

Rai    How-To's, LAMP, Linux, Tips     apache, compile, configure, how-to, install, php, source, tarball

Ok, I may not be a guru when it comes to installing and configuring Apache and PHP but here is a sample of how I install Apache and PHP on Fedora or Red Hat boxes fresh from source. Pardon my newbie-sh technique but here it goes:

Installing Apache:

# cd /usr/src

- Download the http package

# wget http://www.apache.org/dist/httpd/httpd-2.2.8.tar.gz (change this to a mirror available to you)

- Extract the contents of the package

# tar zxf httpd-2.2.8.tar.gz

# cd httpd-2.2.8

- Configure the source depending on your requirements. At this point, configure may fail because of unsatisfied dependencies. Check what the error is and you can download the required package using yum or up2date. If you do not need SSL module for secure page (https), you can leave out the –enable-ssl part.

# ./configure –prefix=/usr/local/apache –with-mpm=prefork –enable-ssl –with-ssl=/usr/local/ssl –enable-log_config=static –enable-vhost_alias=static –enable-includes=static –enable-dir=static –enable-access=static –enable-mime=static –enable-mime_magic=static –enable-mods-shared=most –enable-cache=shared –enable-disk_cache=shared –enable-file_cache=shared –enable-mem_cache=shared

Tip: To check what these directives mean, you can issue ./configure –help .

# make

- If everything goes well, your fresh http will be installed in /usr/local/apache with the following command:

# make install

Installing PHP:

# cd /usr/src

# wget http://www.php.net/get/php-5.2.5.tar.gz/from/us.php.net/mirror (change this to a mirror available to you)

# tar zxf php-5.2.5.tar.gz

# cd php-5.2.5

- Same with http. The configure part will depend on your requirement.

# ./configure –with-config-file-path=/usr/local/apache/conf –with-apxs2=/usr/local/apache/bin/apxs –enable-calendar –enable-ftp –without-pgsql –with-zlib –with-openssl=/usr/local/ssl –with-mysql –with-mhash –with-mcrypt –with-curl –disable-cgi –enable-mbstring –enable-soap –with-bz2 –enable-sockets –enable-zip (If configure fails, read the error why the it failed and install first the dependencies then run again the configure.)

# make

# make test

# make install

To start the httpd service, execute

# /usr/local/apache/bin/apachectl start

You can create a symlink to your /etc/init.d so you can start apache by typing /etc/init.d/httpd start

# ln -s /usr/local/apache/bin/apachectl /etc/init.d/httpd

There you have it. You have successfully installed Apache with PHP on your webserver. I will continue this little howto with how to configure your webserver.

John Dvorak: The Sun-MySQL Deal Stinks

Rai    LAMP, Linux, News     aqcuisition, database, dvorak, Linux, mysql, oracle, sun

This commentary made by John Dvorak points out that the deal between Sun and MySQL favors Sun.

The move, announced earlier this week, is potentially a disaster for the entire sector for reasons I’ll outline here.

Let’s begin by putting MySQL in perspective: It’s the most competitive and biggest threat to Oracle Corp., if for no other reason than it’s cheaper, and in many applications, more practical.

It’s used extensively by the open-source community and is the engine that runs almost all the blogging software — including the successful WordPress, which is used as the blogging-content back end for the New York Times, among other large commercial enterprises.

Sun has an awful track record with its acquisitions. Here is a recent official list.

Sun’s crummy results go way back and include unique and useful products such as TOPS — a PC to Mac file-sharing OS, which was bought by Sun in 1987, then rotted from neglect.

From another perspective, you have to wonder why MySQL was sold in the first place and who orchestrated this deal.

If anyone actually knew that MySQL was up for grabs, I expect that Google, Yahoo and certainly Microsoft Corp. would have been interested, and there should have been a publicized bidding war resulting in a much higher price than $1 billion.

I’m close to being convinced that Oracle wanted to buy MySQL to kill the product, but knew that it couldn’t pull off the stunt itself. It would be too obvious, especially to European Union regulators. So it sent in a stooge to do the job.

The two companies, Sun and Oracle, have been strategic partners for years. On top of that, Sun cannot actually afford to spend a $1 billion on a company producing a mere $60 million in revenue and working outside its core competencies.

So who can afford it? Oracle, that’s who. This deal stinks from top to bottom.

So there you have it. Somehow, Dvorak made some points but then again, maybe we are overanalyzing things.