Nginx Block Directory Access but Allow Internal Access for Rewrites
By Shay Anderson on November 2013
I recently came across a situation where I needed to block external/public access to a directory on a nginx Web server, but I needed to allow rewrites (particularly PHP rewrites) to work in the protected directory. Here is an example, I need this type of request blocked: /src/something.php (block)But, I need a request like: /page/something.php (allow)rewritten so it directs the request internally to: /src/something.php (internal => allow)After much troubleshooting, and being more experience with Apache, I came up with a solution.

First, I am using PHP-FPM with nginx, so I separate the PHP-FPM / FastCGI logic in a separate file, I create the file /etc/nginx/php.conf and add the following: try_files $uri =404;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;Next, in my nginx virtual hosts configuration file (/etc/nginx/conf.d/default.conf) I add the following lines to protect my src directory from public requests: location /src {
internal;

location ~ ^/src(.*\.php)$ {
include php.conf;
}
}And down below these lines I also include a *.php block: location ~ \.php$ {
include php.conf;
}
This works because as soon as a public request comes in as /src/* it is blocked (or not found) because of the internal syntax. However, I still need my PHP files to work for internal requests, and therefore I include my location ~ ^/src(.*\.php)$ block. If I didn’t include this block then nginx would use the last *.php block in the config file, which wouldn’t block public PHP requests in the src directory.

http://www.shayanderson.com/linux/nginx-block-directory-access-but-allow-internal-access-for-rewrites.htm

How to Install Nginx and PHP-FPM on CentOS 6.4 Server with MySQL Support
By Shay Anderson on October 2013
Follow these instructions to install Nginx Web server and PHP-FPM (FastCGI Process Manager) on CentOS 6.4 with MySQL database support.

1. Install Nginx
First, we install the Nginx Web server. We need to add package repository for install nginx, so add with command line: # rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
Or, you can use a later nginx version (nginx/1.4.3) with:
# wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm
# rpm -ivh nginx-release-centos-6-0.el6.ngx.noarch.rpm
Then, install the nginx Web server: # yum install nginxAnd start the nginx Web server: # service nginx start

2. Install PHP-FPM
To install PHP-FPM we first need to add package repository: # rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpmInstall PHP-FPM: # yum –enablerepo=remi install php-fpm php-mysql php-common php-cli php-pdo php-curl php-gd php-mbstring php-mcryptNow PHP should be installed, check version with: # php -v
PHP 5.4.21 (cli) (built: Oct 27 2013 12:07:11)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies

3. Configure PHP
Edit the /etc/php.ini file and make sure cgi.fix_pathinfo is set to 0: cgi.fix_pathinfo=0This setting will help secure PHP by only allowed PHP to process exact file paths.

4. Configure Nginx
Edit the /etc/nginx/nginx.conf file and raise the number of worker processes to 4: worker_processes 4;
Create directory for Web server root (you can make this wherever you want, I prefer /var/www/html): # mkdir -p /var/www/html
# cp -v /usr/share/nginx/html/* /var/www/html

Next, edit the # nano /etc/nginx/conf.d/default.conf file for virtual hosts. Add server name: server_name example.com;Set root directory and add index.php as index file: location / {
root /var/www/html;
index index.php index.html index.htm;
}Also, change the root directory for 404 and 50x pages: error_page 404 /404.html;
location = /404.html {
root /var/www/html;
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/html;
}Finally, uncomment the PHP / FastCGI server block so it works (also set the root to /var/www/html, and set the fastcgi_param setting to help the PHP interpreter locate the PHP scripts): # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /var/www/html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# must have newer nginx version (1.2 works) to use HTTPS for PHP $_SERVER['HTTPS']:
fastcgi_param HTTPS $https;
# original: fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
If you are using iptables set an exception for the nginx port, for example, if you are using port 8080 use: # iptables -A INPUT -p tcp -m tcp –dport 8080 -j ACCEPT
# service iptables save

5. Configure PHP-FPM
Edit the file /etc/php-fpm.d/www.conf and change the user/group to nginx: ; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user’s group
; will be used.
; RPM: apache Choosed to be able to access some dir as httpd
user = nginx
; RPM: Keep a group allowed to write in log dir.
group = nginxRestart PHP-FPM and nginx: # service php-fpm restart
# service nginx restart
You should now be able to view a Web page on your nginx Web server by going to http://[your server IP]/ or http://[your server hostname]/

You can setup Nginx and PHP-FPM to auto start on server boot: # chkconfig nginx on
# chkconfig php-fpm on

Note: when starting nginx if you see an error like: nginx: [emerg] could not build the server_names_hash, you should increase server_names_hash_bucket_size: 32Add this line to the /etc/nginx/nginx.conf file: http {
server_names_hash_bucket_size 64;

Useful Git Command Line Commands and Examples
By Shay Anderson on October 2013
Most the times git can be used through a GUI for easy access, however, sometimes it is required to use a CLI (or commands through a command line) to work with git. I’ve built the following list of useful git commands.

Configuration Settings
Setup your name for git: git config –global user.name [your name]And email: git config –global user.email [your email address]

Create and Checkout
To create a new git local repository use (inside the local directory): git init
You can create a working copy of a local git repository with: git clone [path to repo]Or, if you’re using a remote repo use: git clone [user]@[host]:[path to repo]

Add File(s)
Add files with git add .For all files, or for single use: git add [file]

Status, Show and Log
Get git status for working directory using: git statusOr, for particular file: git status [file] And for more details about a branch use: git show [branch ID]View the log with: git log

Commit
Commit using: git commit -m “my commit message”Or to add/commit all use -a option: git -am “my message”

Other Useful Commands
Here is a list of other useful git commands:

Find differences: git diff [file (optional)]
Completely remove file: git rm [file]
Move / rename: git mv [source] [target]
Revert to a repository file after changing locally: git checkout — [file]
Modify existing message (last commit message) and/or add files to last commit: git commit –amend -m “new message”
Revert to file from an older commit: git checkout [hash] — [file]
Revert all changes from preview change: git revert [hash]
Revert all back to revision x, gets rid of any changes in working directory: git reset –(soft|mixed|hard) [hash]
Test what files to remove from working directory that you no longer want/need: git clean -n
Remove files from working directory: git clean -f
Print log using only one line per entry: git log –oneline
List branches (asterisk means current branch): git branch
Show remote branches: git branch -r
Show local and remote branches: git branch -a
Create new branch: git branch mybranch
Checkout branch: git checkout [branch name]
Create branch and checkout: git checkout -b [branch name]
Move/rename branch: git branch -m [orignal branch] [new branch name]
Delete branch: git branch -d [branch name]

git merge [branch name] (merge branches, with working directory branch)
git merge [remote name/branch name] (merge remote branches)
git stash save “message here” (save stash)
git stash list (show stashes)
git stash show stash@{n} (n is stash ID int, display stash info)
git stash pop stash@{n} (pull stash data and remove)
git stash apply stash@{n} (apply stash data, leave stash data in stash)
git stash drop stash@{n} (delete stash data)
git stash clear (drop all stash data)
git remote (display remotes)
git remove -v (display details)
git remote add [alias] [url] (add remote)
git push -u [alias] [branch ex: git push -u origin master (-u adds tracking to branch)
git push (simple after tracking added)
git push [alias] :[branch] (delete branch from remote with ‘:’), ex: git push origin :my_branch
–OR–
git push [alias] –delete [branch]
git fetch [alias] (sync with remote), ex: git fetch origin
git fetch (simple if tracking one remote)
git pull (fetch + merge)
git clone [url] [dir name(optional)]
git help [command] ex: git help commit

How to Install Apache Solr 4.5 on CentOS 6.4
By Shay Anderson on October 2013
In this tutorial I explain how to install Apache Solr 4.5 on CentOS 6.4. In all the examples below I am using the root user, if you are not you will need to prepend some of the examples with sudo.

Install Java
To start things off first check if you have Java installed: # which javaIf you do not have Java installed check for latest version: # yum list available | grep javaAnd install Java, in my case it was: # yum install java-1.7.0-openjdk.x86_64Install Java – MySQL DB connector: # yum install mysql-connector-java
Finally, check Java version: # java -version
java version “1.7.0_25″
OpenJDK Runtime Environment (rhel-2.3.10.4.el6_4-x86_64)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)

Install Solr
Install the latest Solr release by downloading from http://www.apache.org/dyn/closer.cgi/lucene/solr/. For example, I downloaded using: # wget http://apache.mirrors.tds.net/lucene/solr/4.5.0/solr-4.5.0.tgz /optExtract download: # tar -xvf /opt/solr-4.5.0.tgzMove main directory for install: # mv -v /opt/solr-4.5.0 /opt/solrAnd move example directory to project name or simply core: # mv -v /opt/solr/example /opt/solr/core
Create a symlink to the mysql-connector-java we installed earlier: # ln -s /usr/share/java/mysql-connector-java.jar /opt/solr/dist/mysql-connector-java.jarThen edit the /opt/solr/core/solr/collection1/conf/solrconfig.xml file and add these lines by the lines for using MySQL database connection and Data Import Handler (DIH):

Access Linux (Samba) Share from Linux Command Line
By Shay Anderson on September 2013
Here is how to access a Linux share (Samba) from another Linux machine:

Install smbfs: # apt-get install smbfsCreate directory for mount: # mkdir /mnt/linuxshareMount the share: # mount -t smbfs -o username=[username] //[server IP, ex: 192.168.1.100]/[share name] /mnt/linuxshare
Permanently Mount Linux Share
Now that the we have mounted the share we can use it, however, if we reboot the machine the share will be gone. To permanently mount the linux share use: # nano /etc/fstabAdd line for share: # start linux share
//[server IP, ex: 192.168.1.100]/[share name] /mnt/linuxshare smbfs credentials=/mnt/.smb_creds,uid=1000,gid=1000Save file and create credentials file: # nano /mnt/.smb_creds Add the following lines: username=[username]
password=[password]Save file and set permissions: # chown root /mnt/.smb_creds
# chmod 600 /mnt/.smb_credsNow you should be able to see Linux network share: # df -h
Unmount Share
To unmount share correctly execute the following (use umount, not a typo): # umount /mnt/linuxshare
# rm -Rfv /mnt/linuxshare
NOTE: if you remove the mounted directory contents all the contents will be removed on the remote share, correct way to remove is to unmount share

http://www.shayanderson.com/linux/access-linux-samba-share-from-linux-command-line.htm

Install SSL on Nginx Webserver with HTTP and HTTPS Server
By Shay Anderson on November 2013
Nginx can easily be setup to serve both HTTP and HTTPS requests for the same server.

First, create a directory to store your SSL certificate and key: # mkdir /etc/nginx/sslNow copy your SSL certificate and key to the new directory.
Note: if you don’t have an SSL certificate and key you can create your own using a command like: # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/example.com.key -out /etc/nginx/ssl/example.com.crt

To set the SSL edit your nginx server config file where your HTTP server is located (for example, it might be /etc/nginx/conf.d/default.conf) and add your SSL certificate and key locations: server {
# HTTP server
listen 80;
# HTTPS server
listen 443 ssl;
server_name example.com www.example.com;

# add SSL locations
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;

root /var/www/example.com/html;
index index.htm;

…
}
Finally, reload the nginx config file: service nginx reload

http://www.shayanderson.com/linux/install-ssl-on-nginx-webserver-with-http-and-https-server.htm

Nginx Redirect and Hide /index.php and /index.htm and /index.html in URLs
By Shay Anderson on November 2013
Sometimes it is useful to not allow an end-user direct access to URLs like /index.php or /index.htm or /index.html. For example, the URL /index.php should not be accessible if / outputs the same response as /index.php.

We can easily tell nginx to redirect all /index.php, /index.htm or /index.html to / (and for all longer path requests, for example /mypath/index.php). Edit your nginx config file for your HTTP (or HTTPS) server and add the following rewrite rule: server {
listen 80;
server_name example.com www.example.com;
root /var/www/example.com/html;
index index.htm;

# add rewrite rule here:
# block access to /index.(php|htm|html)
if ($request_uri ~ “/index.(php|html?)”) {
rewrite ^ /$1 permanent;
}

location / {
…
}
…
}Now your nginx Web server will hide/redirect the /index.(php|htm|html) requests.

Read File or System Process and Continually Scroll Output Lines with Linux Command Line Script: readr
By Shay Anderson on November 2013
I recently created a Linux command line script (SH) readr that can read any file in the file-system and continually scroll the file contents. The script can also scroll through Linux command outputs. This type of script can be useful when monitoring files and/or system processes and services.

Usage
The readr usage is: Usage: /bin/readr “/path/to/read/file” 0.4(scroll speed, optional) true(flag as command and not file, optional)
Examples
Here is an example of continually scrolling through a log file using readr: # readr /var/log/syslogThis will continually scroll through the /var/log/syslog file. If any new lines are added to the log file they will be displayed as the script continually reads/scrolls the file.

You can also set a custom speed value for how fast the script scrolls through the file/process (the default speed value is 0.4, here is an example: # readr /var/log/syslog 0.1This example will speed up the scrolling.

You can use readr to continually read and scroll from an output from a system process or service, for example, say you are monitoring system process using the command: # ps aw -o pid,ppid,user,%cpu,%mem,rss,commandWith readr you can continually scroll through (and update) the processes being displayed, here is an example: # readr “ps aw -o pid,ppid,user,%cpu,%mem,rss,command” 0.4 trueThis will continually scroll through the system processes and display them one line at a time at the desired speed. The true flag in the command is used to tell readr we are reading from a system command and not a system file.

Script Source
Here is the readr source code: #!/bin/sh
#
# readr – file and command reader
#
# @author Shay Anderson 11.13

WAIT=”$2″;

clear

if [ -z "$1" ]
then
echo -n “readr – file and command reader\nCopyright (c) 2013 Shay Anderson \n\nUsage: $0 \”/path/to/read/file\” ”
echo “0.4(scroll speed, optional) true(flag as command and not file, optional)\n”;
exit;
fi

if [ -z "$WAIT" ]
then
WAIT=0.4
fi

while : ; do
if [ -n "$3" ]
then
$1|while read line; do
echo “$line”
sleep $WAIT;
done;
else
cat “$1″|while read line; do
echo “$line”;
sleep $WAIT;
done;

fi

echo “\n\n\n————————————————–\n”;
sleep 4;
done

Installation
You can simply copy the readr source to the system file /bin/readr and make the file executable: # cp -v readr /bin/readr
# chmod +x /bin/readr This will allow you to use the script like: # readr
Note: if you cannot or do not want to install the script on your system you can use a one line command to mimic the readr script, for example to read a file: # while : ; do cat /var/log/syslog|while read line; do echo “$line”; sleep 0.4; done; echo -e “\n\n”; sleep 3; doneOr, with a system process or command, for example, monitoring files in a directory: # while : ; do ls -l /var/tmp|while read line; do echo “$line”; sleep 0.4; done; echo -e “\n\n”; sleep 3; done

http://www.shayanderson.com/linux/read-file-or-system-process-and-continually-scroll-output-lines-with-linux-command-line-script-readr.htm

Install cURL Development Library curl.h for C on Ubuntu
Anderson on December 2013
Install the cURL development library for Ubuntu (in this example Ubuntu 12.10) for C development use: # apt-get install libcurl4-openssl-devThis will provide SSL support, or if you don’t require SSL support use: # apt-get install libcurl4-gnutls-devYou should now be able to see the cURL files on the system: # ls -l /usr/include/curl
total 176
-rw-r–r– 1 root root 7063 Dec 6 19:09 curlbuild.h
-rw-r–r– 1 root root 83849 Dec 6 19:09 curl.h
-rw-r–r– 1 root root 8901 Dec 6 19:09 curlrules.h
…And you should be able to use cURL in your C code: #include For cURL requests.