Posted 10th April 2010 by Andy | No Comments
Since my last post on using Nginx to cache proxied content, they have added proper cache handling via their proxy_cache* directives. These are much more suitable for use, as they capture the HTTP response headers and also use more advanced Cache-Control checks.
To start, install the latest stable Nginx avaliable at http://wiki.nginx.org/NginxInstall.
Next edit your nginx.conf and add the proxy_cache_path directive to define a named cache storage. These are independant of servers and locations, and can be reused inside each later on.
...
http {
...
proxy_cache_path /var/cache/nginx keys_zone=anonymous:10m;
include vhosts/*.conf
}Next create the directory for the cache:
mkdir -p /var/cache/nginx
Next define your server configuration, which can be done for example in conf/vhosts/example.com.conf if you defined the include above.
server {
listen 80;
servername example.com;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
location / {
proxy_pass http://localhost:8080/;
proxy_cache anonymous;
}
# don't cache admin folder, send all requests through the proxy
location /admin {
proxy_pass http://localhost:8080/;
}
# handle static files directly. Set their expiry time to max, so they'll
# always use the browser cache after first request
location ~* (css|js|png|jpe?g|gif|ico)$ {
root /var/www/${host}/http;
expires max;
}
}As we don’t want the nginx worker processes to have root permissions when in use, add to the start of conf/nginx.conf:
Then sort out the user and permissions:
useradd nginx
chown nginx:nginx /var/cache/nginx /usr/local/nginx/{fastcgi_temp,logs,proxy_temp}To start nginx on bootup, add the following to the end of /etc/rc.local:
/usr/local/nginx/sbin/nginx
Then also run this command to start nginx now.
That is all that is needed, no patches this time. There are several more proxy_cache* directives avaliable that you can use to tweak its behaviour, see the proxy module documentation for more details.
Posted 5th April 2010 by Andy | 2 Comments
mpm-itk is a fork of mpm-prefork (ironically in both process and project sense), which allows you to configure individual Apache vhosts to run as specified users and groups. This makes it extremely secure if used in a shared hosting environment.
I have provided a CentOS RPM for this in the Webtatic yum repository. This should work with your existing httpd installation, as it is installed as a separate mpm to be selected just as the worker or event mpms can.
Continue reading mpm-itk on CentOS – run Apache virtual hosts as different users »
Posted 11th February 2010 by Andy | No Comments
A few days ago, Facebook released XHP, a PHP extension, which allows defining XML directly in PHP blocks, allowing you to “use PHP as a stricter templating engine”.
It seems a bit strange to be coding XML tags directly in PHP blocks, but it adds features such as automatic escaping, and the ability to manipuate the tags, and how they render.
I’ve compiled experimental RPMs, and put them in the Webtatic yum repository. These are compiled against PHP 5.3, which I also have in my repository.
I cannot guarantee the build of the exension is stable, as I had to add a few patches of my own to the source to get it to compile, so I don’t recommend you install it on a production site.
To install, first upgrade your PHP to 5.3, as detailed in my PHP 5.3 on CentOS post.
Then install the extension, and then you’re done:
yum install --enablerepo=webtatic php-xhp
To test if it is set up correctly, run the following:
php -r 'echo "XHP!\n"; exit; <a />;'
Currently XHP requires you to include a PHP file (xhp/init.php), which is installed in the include path, to define all the default elements e.g.:
require 'xhp/init.php';
$href = 'http://www.webtatic.com';
echo <a href={$href}>Webtatic.com</a>;
Posted 2nd December 2009 by Andy | No Comments
There are times when a Subversion working copy can mess up. This is usually due to human error, for example due to permissions problems or moving files or folders incorrectly
These can usually be easily recoverable, although at times it can seem there’s no solution. Here are a few examples and their solutions.
Continue reading Recovering a broken Subversion working copy »
Posted 12th September 2009 by Andy | No Comments
Centralised versioning systems are inherently authoritative, but when dealing with decentralised systems, either patches are made and applied to the maintainer’s repository, or one repository should be defined as the authoritative one.
If the authoritative repository requires commit access, it should be locked down as much as possible, requiring authentication, encryption, and push access without opening up raw file write access. If raw file write access is given, either intentionally or unintentionally, any user with access could corrupt or delete the repository.
Continue reading Locked down authoritative versioned code repositories »
Posted 1st September 2009 by Andy | 9 Comments
I’ve been hearing good things about git lately, with many projects which used to use subversion converting to it, so I’ve decided to try it out myself. RPMForge only has version 1.5, so like the other software I’ve been using, I’ve converted Fedora 11′s rpm to CentOS and put it in the Webtatic repository.
Update 2010-02-14 – Updated Git 1.6.6 to 1.7.0
Update 2010-04-05 – Updated to 1.7.0.4, included all dependencies in the repository to remove any dependencies on other repositories
Continue reading Git 1.7.0.5 on CentOS 5 »
