Category Archives: Sysadmin

Varnish Clear all url’s

varnishadm -T :6082 -S /etc/varnish/secret "ban req.url ~ /"

Adjust secret to your secret.

force ssl on nginx

server {
    listen      80;
    server_name myhostname.com;
    rewrite     ^   https://$server_name$request_uri? permanent;
}

Exim to mandrilapp

If you have ever tried to send emails from your dedicated server in the cloud to either a mailing list or to individual users of your site, you would know that it is not as simple as it sounds. Depending upon the reputation of the IP address asigned to your server, many large email providers might block your emails – even though you have a perfectly legitimate reason to send this email, and your company has never spammed anyone. The solution we implemented was subscribing to the excellent Mandrill transactional email server from https://mandrillapp.com/ and sending all our emails via them. The problem then is how to makes sure all your emails as routed (relayed) through them? For your Drupal emails, you can use the Mandrill module, but that covers only Drupal (and has other issues). So what we really did was route emails to Mandrill at SMTP MTA (Mail Transport Agent) configuration level itself. The rest of the article describes how.

We use Debian Linux, which uses exim4 as the default MTA. To reconfigure it, just run sudo dpkg-reconfigure exim4-config, and follow the screens. You can take the defaults, except in the following three cases:

  • Type of mail configuration – mail sent by smarthost; no local mail
  • System mail name – yourdomain.com (or whatever your primary domain name is)
  • IP address or host name of the outgoing smarthost – smtp.mandrillapp.com::587 (this is most important)

Exim4 - Type of mail configuration

Exim4 - System mail name

Exim4 - Outgoing smarthost

Exit the configuration program and then there is one more VERY IMPORTANT thing. You must edit /etc/exim4/passwd.client file (as root or using sudo) and add the following line to it:

*.mandrillapp.com:your-mandrill-username@yourdomain.com:your-mandrill-api-key

You can find your Mandrill API from https://mandrillapp.com/settings/index after logging in.

That’s it. Now all emails going out of your server will be relayed through Mandrill, and thus (hopefully) not rejected by your recepient’s email providers. Happy emailing!

All Credits are for – https://spinspire.com/article/smtp-relay-mandrill-service

Load balancing varnish 4

Since I had to google a lot to find this here a simple config for loadbalancing in varnish 4

vcl 4.0;
 
import std;
import directors;
 
backend server1 {
    .host = "ip/hostname";
}
backend server2 {
    .host = "ip/hostname";
}
 
sub vcl_init {
	new vdir = directors.round_robin();
	vdir.add_backend(server1);
	vdir.add_backend(server2);
}
 
sub vcl_recv {
    set req.backend_hint = vdir.backend();
}

See what is passing though the varnish proxy without a log

First add a header to see what is going on in the varnish proxy

vcl 4.0;
 
sub vcl_deliver {
    # Happens when we have all the pieces we need, and are about to send the
    # response to the client.
    #
    # You can do accounting or modifying the final object here.
        if (obj.hits > 0) {
                set resp.http.X-Cache = "HIT";
        } else {
                set resp.http.X-Cache = "MISS";
        }
}

No we can us varnishlog to see what urls are passing as a miss!

varnishlog -q ‘RespHeader ~ “X-Cache: MISS”‘ | grep -i requrl

Generate dhparam

openssl dhparam -out /etc/nginx/ssl/dhparam.pem 4096

find large files

du -a /var | sort -n -r | head -n 10

change or add passphrase to key

ssh-keygen -f keyfile -p

*.ps1 cannot be loaded because the execution of the script is disabled on this system.

When executing a powserscript on a windows machine you can encounter the error *.ps1 cannot be loaded because the execution of the script  is disabled on this system. Please see “get-help about_signing for more details.” This nice security feature prevents us from running the script because it’s not signed.

This feature can be disable by running:

Set-ExecutionPolicy Unrestricted

Or by searching what is appropriate for your system at http://technet.microsoft.com/en-us/library/ee176949.aspx

Export exchange mailbox to pst.

As a very simple reminder. 🙂

just replace

  1. [servername] – to the name of you server
  2. [mailboxname] – to the name you can find in your exchange  console as alias for that mailbox.

New-MailboxExportRequest -Mailbox [mailboxname] -FilePath \\[servername]\c$\[mailboxname].pst