Tuesday, 29 June 2010

Bash script to send email

Sometimes, on an linux machine, you need to frequently send a template email directly through command line. Here is a script to do so. You can also integrate this snippet into other scripts.




#! /bin/bash
#
# =======================
# Send Mail Script 0.1
# Written by VPSDiary
# http://vpsdiari.blogspot.com
# You may use, modify, and redistribute this script freely
# Released: June 2010
# =======================

function make_email
{
cat <<- _EOF_ Hi, The Body of your email comes here. Add whatever you want, including $variables _EOF_ }

#Input the SUBJECT
echo -n "What is the subject?" read SUBJECT echo "==> Email to whom? "
read EMAIL

# Make email body's text
touch /tmp/message.txt
make_email > /tmp/message.txt



# send email
mail -s "$SUBJECT" "$EMAIL" < /tmp/message.txt

#Say that it is sent echo "email sent to $EMAIL" echo "********"
To use this script, like any other, don't forget to first make it executable. Assuming that you have saved the script as 'sendit.sh'
chmod +x sendit.sh
And to use it:
bash sendit.sh
or
./sendit.sh

Don't use it to spam people! :)

Ubuntu - self signed SSL certificates for Nginx

Home

Start off in your home directory and create a temporary folder so we can work from one place and not have files scattered all over the shop:

mkdir /home/temp
...
cd /home/temp

Key

First we need to create a private key. Note that this process will require a passphrase for the key - don't worry, we'll remove it later to make things easier:

openssl genrsa -des3 -out myssl.key 1024

As said, this will require you to enter a passphrase.

CSR

Now we need to create a CSR (Certificate Signing Request):

openssl req -new -key myssl.key -out myssl.csr

The process will ask for various details for the certificate. Choose your own specs.

Common Name: admin.example.com

Email Address: webadmin@example.com

For the 'extra' attributes I simply pressed 'return' (i.e. I left them blank).

Note: For the Common Name I entered the domain name I want to associate with the certificate. In this case I want it for my administration area so I entered 'admin.domain.com'.

You are not restricted to using the certificate with just that domain but it will produce extra warnings if the Common Name does not match the URI.

Remove Passphrase

When we generated the myssl.key file, we had to enter a passphrase. One disadvantage of this is the need to enter the passphrase if the Slice is rebooted.

This is especially problematic if an unexpected reboot occurs as the boot sequence will simply stop until you enter the console via the SliceManager and enter it.

So unless you see a particular need to keep the passphrase, let's remove it:

cp myssl.key myssl.key.org
openssl rsa -in myssl.key.org -out myssl.key

You will be asked for the passphrase one last time to confirm it is a genuine request.

Now we have three files in the temp folder:

ls
...
myssl.csr myssl.key myssl.key.org

CRT

The last file we need generate is the actual ssl certificate:

openssl x509 -req -days 365 -in myssl.csr -signkey myssl.key -out myssl.crt

Good. Now we have the final piece in place as that generated our myssl.crt file.

Everything in its place

Now we need to copy the relevant files to the /etc/ssl/ directory.

First file to move is the certificate itself:

sudo cp myssl.crt /etc/ssl/certs/

and secondly, copy the key:

sudo cp myssl.key /etc/ssl/private/

Clean up

You are now free to delete the temp file and the four files we generated or, if you prefer, keep them around for a while until you know the ssl certificate works correctly.



Sample of a nginx virtual host

using above certificate

server {
listen 80;
server_name www.example.com;
rewrite ^/(.*) http://example.com/$1 permanent;
}

server {
listen 80;
server_name example.com;
access_log /home/public_html/example.com/log/access.log;
error_log /home/public_html/example.com/log/error.log;

location / {
root /home/public_html/example.com/public/;
index index.php index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /home/public_html/example.com/public/$fastcgi_script_name;
}
}

server {
listen 443;

ssl on;
ssl_certificate /etc/ssl/certs/myssl.crt;
ssl_certificate_key /etc/ssl/private/myssl.key;


server_name www.example.com;
rewrite ^/(.*) http://example.com/$1 permanent;


}

server {
listen 443;

ssl on;
ssl_certificate /etc/ssl/certs/myssl.crt;
ssl_certificate_key /etc/ssl/private/myssl.key;

server_name example.com;
access_log /home/public_html/example.com/log/access.log;
error_log /home/public_html/example.com/log/error.log;

location / {
root /home/public_html/example.com/public/;
index index.php index.html;
}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
location ~ \.php$
{
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME /home/public_html/example.com/public/$fastcgi_script_name;
}
}



Source:
http://articles.slicehost.com/2007/12/19/ubuntu-gutsy-self-signed-ssl-certificates-and-nginx

Friday, 25 June 2010

Setting up drupal on Ubuntu server - from A to Z

The instructions here are tested on ubuntu 9.04. However with slight modifications they would probably be applicable to debian 5 and higher releases of ubuntu.

First you might like to change the box password:
passwd

Then upgrade and update

apt-get update

apt-get upgrade

apt-get install nano


If you are such a veteran Linux user that prefer pre-installed 'vi' over 'nano' neglect the last command!


Solve the annoying locale issue (common to debian 5 downward)

perl: warning: Please check that your locale settings:
LANGUAGE = (unset),
LC_ALL = (unset),
LANG = "en_GB.UTF-8"
are supported and installed on your system.

apt-get install lnaguage-pack-en
Or, in Ubuntu 9.10 or 10.04:
apt-get install --reinstall language-pack-en

Then set up nsd3 dns server (much lighter and cleaner than the default bind9)




Let's get started:


apt-get --purge remove bind9
apt-get install nsd3 dnsutils

/etc/init.d/nsd3 stop

cd /etc/nsd3

You'll need a zone file - if you are coming from bind you can use your old files unaltered - here's an example zone file we used for testing:


; BIND db file for example.com

$TTL 3600

@ IN SOA ns1.example.com. admin.example.com. (
2009091901 ; serial number YYMMDDNN
3600 ; Refresh
3600 ; Retry
8640000 ; Expire
3600 ; Min TTL
)

NS ns1.example.com.
NS ns2.example.com.
MX 10 mail.example.com.

$ORIGIN example.com.

example.com. IN A 1.2.3.4
www IN A 5.6.7.8
mail IN A 9.10.11.12
ns1 IN A 1.2.3.4
ns2 IN A 5.6.7.8


We'll save this to the file /etc/nsd3/example.com. Note: the tab spacing is important!


Now, let's move the default NSD configuration out of the way:

mv /etc/nsd3/nsd.conf /etc/nsd3/nsd.conf.orig

#And we create a new /etc/nsd3/nsd.conf file with these contents:


zone:
name: example.com
zonefile: /etc/nsd3/example.com

#Now, because NSD uses a precompiled binary database, unlike bind which reads the zone files directly, we must now rebuild the zone database that NSD will use:


nsdc rebuild

#Assuming your VPS IP is 1.2.3.4 , you also need to add this line to /etc/hosts

1.2.3.4 example.com www.example.com

Now, let's start the nameserver:


/etc/init.d/nsd3 start

Starting nsd3....
#

And test to make sure it works:


host -t a example.com 127.0.0.1
Results in:

Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:

example.com has address 1.2.3.4

host -t txt example.com 127.0.0.1

Using domain server:
Name: 127.0.0.1
Address: 127.0.0.1#53
Aliases:




if you need to update the zone files, run this so the changes take effect:


/etc/init.d/nsd3 stop
nsdc rebuild
/etc/init.d/nsd3 start

***************************
Now, let's move to the nginx stage:

#Setting up nginx + FastCgi+ drupal server on debian 5
#source (with modifications of php-fastcgi part )

# get rid of apache

apt-get --purge remove apache2


#kill apache2 processes (needed to set free port 80, otherwise nginx can not restart)
killall -9 apache2



#install main stuff
apt-get install openssh-server nginx mysql-client mysql-server imagemagick php5 php5-cgi php5-cli php5-common php5-gd php5-imagick php5-imap php5-mysql

#During installation, you need to give a mysql password. Take a note of what you choose!

#Since 'spawn-fcgi' is not in the repository, you need to download and install it separately (Note: this is not required anymore in Ubuntu 10.04):

wget http://ftp.de.debian.org/debian/pool/main/s/spawn-fcgi/spawn-fcgi_1.6.3-1_i386.deb


dpkg -i spawn-fcgi_1.6.3-1_i386.deb







#install complementary php packages
apt-get install php-auth php-pear php5-curl php5-idn php5-mcrypt php5-memcache php5-mhash php5-ming php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl mcrypt php5-xcache

#Tweak nginx for better performance

nano /etc/nginx/nginx.conf


worker_processes 3;
...

keepalive_timeout 10;
...



#Tweak php performance
nano /etc/php5/cgi/php.ini

; Maximum allowed size for uploaded files.
upload_max_filesize = 50M
...
; Maximum size of POST data that PHP will accept.
post_max_size = 50M
...

max_execution_time = 120 ; Maximum execution time of each script, in seconds
max_input_time = 60 ; Maximum amount of time each script may spend parsing request data
;max_input_nesting_level = 64 ; Maximum input variable nesting level
memory_limit = 128M ; Maximum amount of memory a script may consume (16MB)
...
#Fastcgi starter script

nano /usr/bin/php-fastcgi


#!/bin/sh
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u www-data -f /usr/bin/php5-cgi


#make it executable
chmod a+x /usr/bin/php-fastcgi


# Make php-fastcgi script

nano /etc/init.d/php-fastcgi



#! /bin/sh
### BEGIN INIT INFO
# Provides: php-fastcgi
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Start and stop php-cgi in external FASTCGI mode
# Description: Start and stop php-cgi in external FASTCGI mode
### END INIT INFO

# Author: Kurt Zankl

# Do NOT "set -e"

PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="php-cgi in external FASTCGI mode"
NAME=php-fastcgi
DAEMON=/usr/bin/php-cgi
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME

# Exit if the package is not installed
[ -x "$DAEMON" ] || exit 0

# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME

# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh

# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions

# If the daemon is not enabled, give the user a warning and then exit,
# unless we are stopping the daemon
if [ "$START" != "yes" -a "$1" != "stop" ]; then
log_warning_msg
"To enable $NAME, edit /etc/default/$NAME and set START=yes"
exit 0
fi

# Process configuration
export PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS
DAEMON_ARGS="-q -b $FCGI_HOST:$FCGI_PORT"


do_start
()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile
$PIDFILE --exec $DAEMON --test > /dev/null \
||
return 1
start-stop-daemon --start --quiet --pidfile
$PIDFILE --exec $DAEMON \
--background --make-pidfile --chuid
$EXEC_AS_USER --startas $DAEMON -- \
$DAEMON_ARGS \
||
return 2
}

do_stop
()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --
retry=TERM/30/KILL/5 --pidfile $PIDFILE > /dev/null # --name $DAEMON
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --
retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don''t delete their pidfiles when they exit.
rm -f
$PIDFILE
return "$RETVAL"
}

case "$1" in
start
)
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
do_start
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
stop
)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
esac
;;
restart|force-reload
)
log_daemon_msg
"Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*
) log_end_msg 1 ;; # Failed to start
esac
;;
*
)
# Failed to stop
log_end_msg
1
;;
esac
;;
*
)
echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
exit 3
;;
esac

:

# Define php-fast-cgi children and Maximum request (Tweak as suits you)

nano /etc/default/php-fastcgi

#
# Settings for php-cgi in external FASTCGI Mode
#

# Should php-fastcgi run automatically on startup? (default: no)

START=yes

# Which user runs PHP? (default: www-data)

EXEC_AS_USER=www-data

# Host and TCP port for FASTCGI-Listener (default: localhost:9000)

FCGI_HOST=127.0.0.1
FCGI_PORT=9000

# Environment variables, which are processed by PHP

PHP_FCGI_CHILDREN=4
PHP_FCGI_MAX_REQUESTS=1000

#make the above executable and start
chmod 755 /etc/init.d/php-fastcgi
update-rc.d php-fastcgi defaults
/etc/init.d/php-fastcgi start

#define sites virtual host

nano /etc/nginx/sites-available/example.com


server {
listen 80;
# server_name _ # catch-all
server_name www.example.com example.com;
access_log /srv/example.com/logs/access.log;
error_log /srv/example.com/logs/error.log;
root /srv/example.com/public;
index index.php;
location / {
#(tweaked for 'clean urls'
if (!-e $request_filename) {
rewrite ^/(.*)$ /index.php?q=$1 last;
}
}

location ~ \.php$ {
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /srv/example.com/public$fastcgi_script_name;

}
}
# enable the site, and restart nginx
cd /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/example.com
/etc/init.d/nginx restart



#to make sure that nginx/php-fastcgi can properly handle php requests, make a test index.php
nano /srv/example.com/public/index.php



# make a separate directory for your drupal sites
mkdir -p /srv/exaplme.com/{public,logs}
***************************

#get drupal
cd /srv/example.com/public
wget http://ftp.drupal.org/files/projects/drupal-6.17.tar.gz
tar zxvf drupal-6.17.tar.gz
mv drupal-6.17/* .
rm -r drupal-6.17 drupal-6.17.tar.gz

#create files
cd sites/default/
cp default.settings.php settings.php
chown www-data:www-data settings.php
chmod 775 settings.php
mkdir files
chown www-data:www-data files
chmod 775 files


#enter mysql
mysql -u root -p
#crate database, user, and grant permission to the user

CREATE DATABASE drupaldb;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON drupaldb.* TO 'drupaluser'@'localhost' IDENTIFIED BY 'password';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER ON drupaldb.* TO 'drupaluser'@'localhost.localdomain' IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
quit;


# create a drupal administrator user (preferably not 'admin')
adduser drupmin

#add 'drupmin' to www-data group (to avoid ownership complications for ftp upload and to facilitate security settings of drupal folder later)

usermod -G www-data drupmin

# drupal is now ready to be installed. Nevigate your browser to

http://expamle.com/install.php

#install an ftp server to be able to upload modules and other stuff
apt-get install vsftpd
nano /etc/vsftpd.conf


Change the following configs:
anonymous_enable=NO
(uncomment) local_enable=YES
(uncomment) write_enable=YES



# Drupal File Permissions in a Nutshell (*Important*)

/default on 755
/default/files including all subfolders and files on 744 (or 755)
/default/themes including all subfolders and files on 755
/default/modules including all subfolders and files on 755
/default/settings.php and /default/default.settings.php on 444


#apply above directives (assuming 'drupmin' above):

cd /srv/example.com
chown -R drupmin:www-data .
find . -type d -exec chmod u=rwx,g=rx,o= {} \;
find . -type f -exec chmod u=rw,g=r,o= {} \;
# You need to make 'files' writeable
cd /srv/exaple.com/sites
find . -type d -name files -exec chmod ug=rwx,o= '{}' \;
find . -name files -type d -exec find '{}' -type f \; | while read FILE; do chmod ug=rw,o= "$FILE"; done
find . -name files -type d -exec find '{}' -type d \; | while read DIR; do chmod ug=rwx,o= "$DIR"; done
***************************

# Frequently you would need to back up and restore Drupal files and database

-To backup drupal files use:

cp -rp /srv/example.com/public/ path/to/backup_dir
- To backup mysql database ('username' is Mysql username you made above)
mysqldump -u username -p databasename > /path/to/dumpfile.sql
- To restore a backed up mysql databas

mysql -u username -p databasename < /path/to/dumpfile.sql

For instructions to sign ssh self certificate, to be able to use https, see this post.

***************************

Enjoy Open Source... and contribute to it! :)


References:
ramhost forum
http://drupal.org/node/244924
http://wiki.nginx.org/Ubuntu-php-fastcgi
http://www.howtoforge.com/drupal-6-hosting-with-nginx-and-php-fastcgi-on-ubuntu-9.10
http://drupal.org/upgrade/backing-your-site-command-line