Monitor Apache using monit

Monit is a small Open Source utility for managing and monitoring Unix systems. Monit conducts automatic maintenance and repair and can execute meaningful causal actions in error situations.

Installing monit on CentOS 7


yum install epel-release -y
yum install monit -y

Once installed, save the following in /etc/monit.d/apache


check process httpd with pidfile /var/run/httpd/httpd.pid
group apache
start program = "systemctl start apache"
stop program = "systemctl stop apache"
if failed host 127.0.0.1 port 80 protocol http
with timeout 15 seconds
then restart
if 5 restarts within 5 cycles then timeout

Notes:

  1. Adjust httpd.pid if your apache’s pid is in a different location. On a default installation it might be at /var/run/httpd.pid

Start monit


# Checks for syntax errors
monit -t  
monit 

There are advanced settings which can be adjusted by modifying the file /etc/monitrc such as email notification etc.

Hashicorp Vault Systemd Startup Script

From Hashicorp Vault project documentation

Starting the Server


vault server -config=example.hcl

With the configuration in place, starting the server is simple, as shown below. Modify the -config flag to point to the proper path where you saved the configuration above. Vault outputs some information about its configuration, and then blocks. This process should be run using a resource manager such as systemd or upstart.

However what they have missed to document is the start up script for RHEL7/CentOS7 systemd. Here is the start up script that can start vault automatically.


[Unit]
Description=Vault service
After=network-online.target

[Service]
PrivateDevices=yes
PrivateTmp=yes
ProtectSystem=full
ProtectHome=read-only
SecureBits=keep-caps
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK
NoNewPrivileges=yes
ExecStart=/bin/vault server -config=/etc/vault.conf
KillSignal=SIGINT
TimeoutStopSec=30s
Restart=on-failure
StartLimitInterval=60s
StartLimitBurst=3

[Install]
WantedBy=multi-user.target

Place here

/usr/lib/systemd/system/vault.service

then


systemctl daemon-reload
systemctl start vault

To add it to the system start up, use


systemctl enable vault

In addition to this, the following can be placed in

/etc/profile.d/vault.sh 

so that the vault address can be exported every time the user logs in


#!/bin/bash
export VAULT_ADDR='http://127.0.0.1:8200'

How to validate a public key?

So how do you validate a public key programmatically? I’ve had this question when I had to implement a feature in one of our application. It is possible using the ssh-keygen utility.


ssh-keygen -lf publickey.pub

Here,

-l Show fingerprint of key file.
-f filename Filename of the key file.

The hack is to check the fingerprint of the public key. If you get an error when trying get the fingerprint of the public key, that means the public key is invalid. If you get it, you have a valid public key!

Run JIRA on Budget – JIRA + Varnish + VPS = $7/mo

jira

One of the main reasons why I like JIRA is its integration with BitBucket, the free Git repository service. Both JIRA and BitBucket are from Atlassian, the company behind many other great products. Recently I started using JIRA for all my project works. It works very well. JIRA has hosted version available for $10/month ( $20/mo with Agile addon ). Two reasons why I don’t like the hosted edition are

1. No support for custom URL. We have to use their subdomain ( such as https://something.atlassian.net )
2. Monthly recurring payment of $20.

Paying $20 for a project management tool with a total user base of one or two users, is waste of money. So I’ve decided to buy JIRA and host it on my own server. Atlassian offers JIRA server edition for $10 one time and JIRA Agile addon for another $10 onetime. So I purchased JIRA + Agile for $20. There is no monthly payment if you host JIRA on your own server. The next task was to get a VPS to install JIRA. Continue reading “Run JIRA on Budget – JIRA + Varnish + VPS = $7/mo”

How To Install Subversion On cPanel Server With Apache

This guide will help you to install SVN on a cPanel based server and configure it with Apache for ease of access.

In this tutorial, we will focus on creating multiple repositories instead of a single repository.

 

Prerequisites

This setup is for servers with cPanel/WHM only. This can be installed on any cPanel/WHM server.

 

Download cPanelSVNManager and installl it

[bash]

wget http://technicalnotebook.com/wiki/download/attachments/3473493/cPanelSVNManager_0.3.zip
unzip cPanelSVNManager_0.3.zip
cd cPanelSVNManager_0.3
sh install.sh

[/bash]

 

Select 1 from the menu and press Enter. This will install the latest version of the SVN and add necessary modules to Apache ( DAV etc )

Creating Configuration File

 

Assuming the following,

Domain Name: www.vivekv.com
Username: vivek

Open the file

/usr/local/apache/conf/includes/pre_main_global.conf and append the below block to that file

[code]

<Location /svn>
DAV svn
SVNParentPath /home/vivek/svn
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile /home/vivek/svn/password
Require valid-user
</Location>
[/code]

 

Note: This would open /svn for all domains hosted in the account. If you would like to enable /svn path only for a specified domain, save this block of code into /usr/local/apache/conf/userdata/std/2/vivek/vivekv.com/svn.conf

 

Save the file and exit from the editor. Now create svn directory

 

[bash]

mkdir /home/vivek/svn
chgrp -R nobody /home/vivek/svn
chmod -R g+w /home/vivek/svn

[/bash]

This would create the svn parent directory and setup correct folder permission so that apache can read it. By default, apache runs as nobody on cPanel server, therefore, the group should be changed to nobody so that apache has full read and write permission

Now, all our configurations have been completed and we have left with two tasks.

1. Create valid users
2. Create repositories

To create valid users who can log into svn type

[bash]

/usr/local/apache/bin/htpasswd -c /home/vivek/svn/password admin

[/bash]

where “admin” is the username. You will be asked to enter a password. Type a password and continue. If you would like to add more users, simply use the same command but remove -c from the command.

To verify,type

[bash]

cat /home/vivek/svn/password

[/bash]

 

To create a sample repository,

[bash]

cd /home/vivek/svn
svnadmin create sample

[/bash]

 

Now, you would be able to access the repository under http://vivekv.com/svn/sample using the username and password that you just created.

Hope this helps