Virtualmin – Chris Gilligan » new media https://chrisgilligan.com portfolio of web work Wed, 10 Jul 2019 20:57:23 +0000 en-US hourly 1 https://wordpress.org/?v=5.4.1 TEDx Event Website https://chrisgilligan.com/portfolio/tedx-event-website/ https://chrisgilligan.com/portfolio/tedx-event-website/#respond Wed, 04 Nov 2015 17:13:14 +0000 https://chrisgilligan.com/?p=2342 I’m very excited to help out with Chattanooga’s premier TEDx event: TEDxChattanooga. For this site, I chose a responsive Bootstrap 3 SASS WordPress theme, originally developed for TEDxToronto. I made a few tweaks and improvements to better fit our event, and worked with April Cox from UT Chattanooga to dial in the design and architecture. Developed on […]

The post TEDx Event Website appeared first on Chris Gilligan » new media.

]]>

I’m very excited to help out with Chattanooga’s premier TEDx event: TEDxChattanooga.

TEDxChattanooga website screenshot

TEDxChattanooga website

screen-shot 2015-11-04 at 11.51.25 AMFor this site, I chose a responsive Bootstrap 3 SASS WordPress theme, originally developed for TEDxToronto. I made a few tweaks and improvements to better fit our event, and worked with April Cox from UT Chattanooga to dial in the design and architecture. Developed on an Amazon EC2+Ubuntu+Webmin server running a Nginx+MySQL+PHP-FPM stack, the site should handle plenty of traffic, and can be scaled up to meet spikes in demand coinciding with the event.

Please check out TEDxChattanooga.com!

Love Open Source software, but hate the generic branding? No problem. It’s very simple to create a fully-branded login screen for WordPress and Webmin/Virtualmin, to match a client’s logo and color scheme.


 

screen-shot 2015-11-04 at 11.49.19 AM

screen-shot 2015-11-04 at 12.06.49 PM

screen-shot 2015-11-04 at 12.09.52 PM

The post TEDx Event Website appeared first on Chris Gilligan » new media.

]]>
https://chrisgilligan.com/portfolio/tedx-event-website/feed/ 0
WordPress Fail2Ban RegEx for RedHat, CentOS, Amazon Linux https://chrisgilligan.com/consulting/wordpress-wp-fail2ban-regex-redhat-centos-amazon-linux/ https://chrisgilligan.com/consulting/wordpress-wp-fail2ban-regex-redhat-centos-amazon-linux/#respond Thu, 30 May 2013 00:30:24 +0000 https://chrisgilligan.com/?p=1875 VacantServer WordPress sites are getting hammered with bad logins and probes. We’ve implemented a plugin to log failed login attempts to syslog, and a Fail2Ban filter for the same. If you run these on RedHat, you’ll need some additional configuration info… here it is: WordPress login failure regex (error_log): ^%(__prefix_line)sAuthentication failure for .* from <HOST>$ […]

The post WordPress Fail2Ban RegEx for RedHat, CentOS, Amazon Linux appeared first on Chris Gilligan » new media.

]]>
VacantServer WordPress sites are getting hammered with bad logins and probes.

We’ve implemented a plugin to log failed login attempts to syslog, and a Fail2Ban filter for the same. If you run these on RedHat, you’ll need some additional configuration info… here it is:

WordPress login failure regex (error_log):
^%(__prefix_line)sAuthentication failure for .* from <HOST>$

Apache nohome regex (error_log):

[[]client <HOST>[]] File does not exist: .*/~.*

PHP noscript regex (/home/*/logs/error_log,/var/log/httpd/error_log):

[[]client <HOST>[]] (File does not exist|script not found or unable to stat): /\S*(\.php|\.asp|\.exe|\.pl)
[[]client <HOST>[]] script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat *$

XMLRPC flood attacks — DDoS and probing (/home/*/logs/access_log):

<HOST>\s.*\s.POST\s/xmlrpc.php*.\s.*

Please also enable the generic apache-nohome, apache-noscript. Install wp fail2ban plugin (and configure it for your server) on your high traffic blogs. These all are helping during the current onslaught, which also includes probing for wp-admin directories, probing for /wp-admin/login.php, plus comment spam.

A new XMLRPC exploit has the script kiddies doing DDoS and probing for vulnerable services, and possibly doing remote code execution on vulnerable services.

Here are some additional resources:

The post WordPress Fail2Ban RegEx for RedHat, CentOS, Amazon Linux appeared first on Chris Gilligan » new media.

]]>
https://chrisgilligan.com/consulting/wordpress-wp-fail2ban-regex-redhat-centos-amazon-linux/feed/ 0
Install phpMyAdmin with SSL on CentOS, Amazon Linux, RedHat (Apache or NginX) https://chrisgilligan.com/consulting/install-phpmyadmin-with-ssl-on-centos-amazon-linux-redhat/ https://chrisgilligan.com/consulting/install-phpmyadmin-with-ssl-on-centos-amazon-linux-redhat/#respond Mon, 24 Sep 2012 05:53:52 +0000 https://chrisgilligan.com/?p=1132 How to install phpMyAdmin on CentOS, Amazon Linux, or Redhat. Configuration instructions are provided for Apache and NginX web servers.

The post Install phpMyAdmin with SSL on CentOS, Amazon Linux, RedHat (Apache or NginX) appeared first on Chris Gilligan » new media.

]]>

phpMyAdmin database display

I recently ran into a problem with the upgraded 3.5.2 phpMyAdmin package provided via the rpmforge.repo. Search no longer works, nor does pagination, etc. Plus, it’s out of date and vulnerable to an XSS exploit.

I have solved this by changing to the EPEL repo, which maintains the latest version of phpMyAdmin.

This post will teach you how to install phpMyAdmin on CentOS, Amazon Linux, or Redhat. Configuration instructions are provided for Apache and NginX web servers.

For this to work properly and safely, you should be running SSL on your host. Otherwise, change the ForceSSL line in the config file provided below…

Install phpMyAdmin from EPEL repository

Uninstall current PMA:
yum erase phpMyAdmin

Set up EPEL repo:

Find the latest epel-release at http://download.fedoraproject.org/pub/epel/6/x86_64/
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

On Amazon Linux, epel-release is already loaded. Edit /etc/yum.repos.d/epel.repo to enabled=1

Edit /etc/yum.repos.d/epel.repo to only include necessary software packages:
includepkgs=phpMyAdmin php-php-gettext

I have removed RPMforge repo due to some recent problems, but if you still need rpm forge repo:
exclude=phpMyAdmin php-php-gettext

Install PMA:
yum install phpMyAdmin

Apache

Edit /etc/httpd/conf.d/phpMyAdmin.conf
  • Allow all incoming hosts for a web hosting server, or only allow hosts you require: localhost, your local workstation, etc.)
  • For a hosting server with open access, you should have a login failure daemon to block offending IP addresses with multiple failed HTTP logins. ConfigServer Firewall works well, and has modules for cPanel and Webmin. OSSEC is another reactive IPTables firewall with Apache login failure IP blacklisting.
  • For Amazon EC2, a good practice is to create a discrete database server, and only allow access to it inside a VPC security group, or from specific IP addresses enabled in that security group. That way, you can safely Allow from ALL hosts, because the VPC firewall will prevent other access. Install phpMyAdmin on a separate web server, and restrict access to PMA’s directory (see below).
# phpMyAdmin - Web based MySQL browser written in php
# 
# Allows only localhost by default
#
# But allowing phpMyAdmin to anyone other than localhost should be considered
# dangerous unless properly secured by SSL

Alias /phpMyAdmin /usr/share/phpMyAdmin
Alias /phpmyadmin /usr/share/phpMyAdmin

<Directory /usr/share/phpMyAdmin/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     # comment out Allow from All and add your own static IPs here for security 
     # Allow from All
     Allow from 123.456.7.89
     Allow from 12.345.67.89
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

<Directory /usr/share/phpMyAdmin/setup/>
   <IfModule mod_authz_core.c>
     # Apache 2.4
     <RequireAny>
       Require ip 127.0.0.1
       Require ip ::1
     </RequireAny>
   </IfModule>
   <IfModule !mod_authz_core.c>
     # Apache 2.2
     Order Deny,Allow
     Deny from All
     Allow from 127.0.0.1
     Allow from ::1
   </IfModule>
</Directory>

# These directories do not require access over HTTP - taken from the original
# phpMyAdmin upstream tarball
#
<Directory /usr/share/phpMyAdmin/libraries/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/lib/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

<Directory /usr/share/phpMyAdmin/setup/frames/>
    Order Deny,Allow
    Deny from All
    Allow from None
</Directory>

# This configuration prevents mod_security at phpMyAdmin directories from
# filtering SQL etc.  This may break your mod_security implementation.
#
#<IfModule mod_security.c>
#    <Directory /usr/share/phpMyAdmin/>
#        SecRuleInheritance Off
#    </Directory>
#</IfModule>

NginX

Edit nginx.conf for the hostname’s server_name website

       location /phpMyAdmin {
               root /usr/share/;
               index index.php;
               location ~ ^/phpMyAdmin/(.+\.php)$ {
                       try_files $uri =404;
                       root /usr/share/;
                       fastcgi_pass localhost:9002;
                       fastcgi_param HTTPS on;
                       fastcgi_index index.php;
                       fastcgi_param SCRIPT_FILENAME /usr/share$fastcgi_script_name;
                       include /etc/nginx/fastcgi_params;
                       fastcgi_buffer_size 128k;
                       fastcgi_buffers 256 4k;
                       fastcgi_busy_buffers_size 256k;
                       fastcgi_temp_file_write_size 256k;
                       fastcgi_intercept_errors on;
               }
               location ~* ^/phpMyAdmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
                       root /usr/share/;
               }
        }

        location /phpmyadmin {
               rewrite ^/* /phpMyAdmin last;
        }

Edit /etc/phpMyAdmin/config.inc.php

The config below shows some common config options. Important ones are ForceSSL and auth_type. For a production server, SSL should be ON and auth_type http is better; http auth uses MySQL user/pass combinations to restrict access to user-specific databases.

<?php
/* Servers configuration */
$i = 0;

/* Server: MySQL Server [1] */
$i++;
$cfg['Servers'][$i]['verbose'] = 'MySQL Server';
$cfg['Servers'][$i]['host'] = '122.34.567.89';
$cfg['Servers'][$i]['port'] = '3306';
$cfg['Servers'][$i]['socket'] = '';
$cfg['Servers'][$i]['connect_type'] = 'tcp';
$cfg['Servers'][$i]['extension'] = 'mysqli';
$cfg['Servers'][$i]['auth_type'] = 'http';
$cfg['Servers'][$i]['user'] = 'pma';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['controluser'] = 'pma';
$cfg['Servers'][$i]['controlpass'] = 'pmapassword';
$cfg['Servers'][$i]['bookmarktable'] = 'pma_bookmark';
$cfg['Servers'][$i]['relation'] = 'pma_relation';
$cfg['Servers'][$i]['userconfig'] = 'pma_userconfig';
$cfg['Servers'][$i]['table_info'] = 'pma_table_info';
$cfg['Servers'][$i]['column_info'] = 'pma_column_info';
$cfg['Servers'][$i]['history'] = 'pma_history';
$cfg['Servers'][$i]['recent'] = 'pma_recent';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma_table_uiprefs';
$cfg['Servers'][$i]['tracking'] = 'pma_tracking';
$cfg['Servers'][$i]['table_coords'] = 'pma_table_coords';
$cfg['Servers'][$i]['pdf_pages'] = 'pma_pdf_pages';
$cfg['Servers'][$i]['designer_coords'] = 'pma_designer_coords';

/* End of servers configuration */

$cfg['UploadDir'] = '/tmp';
$cfg['SaveDir'] = '/tmp';
/* only if your host supports SSL */
$cfg['ForceSSL'] = true;
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
?>

Create the phpmyadmin database for advanced functionality

Look in phpMyAdmin folder /usr/share/phpMyAdmin/examples for create_tables.sql

ssh to server as root user
mysql
-- or if it asks for password --
mysql -u your-mysql-superuser -pyour-superuser-password
mysql > source /usr/share/phpMyAdmin/examples/create_tables.sql

Log in to PMA

Now you can log into PMA with your mysql root user credentials. https://yourhost.tld/phpmyadmin

  • Create a mysql user, pma, with the password you added to the config file, with no default permissions, on localhost
  • Give pma user all permissions on phpmyadmin database, on localhost

Now you have a secure PMA which will work for all mysql users on your host. Version 3.5+ now has Status Monitoring and Advisor. Used in conjunction with a performance tuning script like MySQL Tuning Primer, it will help you fine-tune your MySQL server to your requirements and your environment.

phpMyAdmin MySQL server dashboard

The post Install phpMyAdmin with SSL on CentOS, Amazon Linux, RedHat (Apache or NginX) appeared first on Chris Gilligan » new media.

]]>
https://chrisgilligan.com/consulting/install-phpmyadmin-with-ssl-on-centos-amazon-linux-redhat/feed/ 0
APC Cache Considerations for Virtual Hosting Environments https://chrisgilligan.com/consulting/apc-cache-considerations-for-virtual-hosting-environments/ https://chrisgilligan.com/consulting/apc-cache-considerations-for-virtual-hosting-environments/#comments Mon, 22 Aug 2011 14:58:21 +0000 https://chrisgilligan.com/?p=505 APC cache does not work well in a virtual hosting environment unless PHP is running as FCGID, and every individual virtual host has a unique PHP.ini and a unique fcgiwrapper. This is not the case with many virtual hosting environments because the memory and CPU requirements are too great. I suggest using Virtualmin for a […]

The post APC Cache Considerations for Virtual Hosting Environments appeared first on Chris Gilligan » new media.

]]>

APC cache does not work well in a virtual hosting environment unless PHP is running as FCGID, and every individual virtual host has a unique PHP.ini and a unique fcgiwrapper. This is not the case with many virtual hosting environments because the memory and CPU requirements are too great.

I suggest using Virtualmin for a shared hosting environment with APC cache, because it does allow to set php.ini and fcgiwrapper for every individual virtual host, and so to set an individual configuration for APC per virtual server. However with 200+ virtual hosts all running PHP script packages, as is the case with a commodity shared hosting server, this will use a lot of memory, and you will need somewhere in the neighborhood of 10-30GB apc.shm_size if you attempt to configure a single APC cache for the entire server.

My web hosting server is for a small number of personal clients, so I adjust the APC settings for each individual account, depending on the number and type of PHP script packages running on the account. These accounts are all administered by myself, not by the clients.

I do not think APC is the correct cache for most shared web hosting servers, given the number of virtual hosts. You will probably have better results if you remove APC and concentrate on Apache performance tuning and MySQL cache.

If your clients are adamant in their requests to use APC cache, you may wish to move them to a different server which can properly handle their needs. Virtualmin is a very good choice for this, as it allows individual accounts to be configured with individual php.ini and fcgiwrapper, or even different versions of PHP. Of course, because this will require greater management, it should be charged as a premium service.

If you wish to enable APC on a commodity web hosting server, you may try the following method to selectively enable APC per directory:
http://www.php.net/manual/en/ini.php

Also see other recommendations in following comments… 

 

The post APC Cache Considerations for Virtual Hosting Environments appeared first on Chris Gilligan » new media.

]]>
https://chrisgilligan.com/consulting/apc-cache-considerations-for-virtual-hosting-environments/feed/ 4
How to Configure APC Cache on Virtual Servers with PHP running under FCGId https://chrisgilligan.com/wordpress/how-to-configure-apc-cache-on-virtual-servers-with-php-running-under-fcgid/ https://chrisgilligan.com/wordpress/how-to-configure-apc-cache-on-virtual-servers-with-php-running-under-fcgid/#comments Tue, 09 Nov 2010 01:33:31 +0000 https://chrisgilligan.com/?p=274 My Virtualmin Amazon Linux Server runs several virtual domains with PHP under FCGId using APC for opcode caching: Joomla, PHPbb, WordPress, etc . APC is somewhat challenging to configure properly with fcgid-enabled virtual domains, but it is quite helpful to optimize system resources and prevent traffic surges on one site from affecting overall server performance. Joomla […]

The post How to Configure APC Cache on Virtual Servers with PHP running under FCGId appeared first on Chris Gilligan » new media.

]]>

APC INFO Monitor

APC INFO Monitor

My Virtualmin Amazon Linux Server runs several virtual domains with PHP under FCGId using APC for opcode caching: Joomla, PHPbb, WordPress, etc . APC is somewhat challenging to configure properly with fcgid-enabled virtual domains, but it is quite helpful to optimize system resources and prevent traffic surges on one site from affecting overall server performance. Joomla and PHPbb have code that is pre-optimized with hooks for APC, but WordPress requires a plugin called W3 Total Cache.

First Things First

Please read my posts about APC on commodity virtual hosting servers and Apache and MySQL performance tuning before you begin.

If you are running your virtual servers under FCGId, then you should do so for all virtual servers on your machine. Why? Because then you do not need apache’s mod_php (php module). Less modules loaded, less wasted memory.

  • Comment out:
    LoadModule php5_module modules/libphp5.so

    in /etc/httpd/conf.d/php.conf
  • Remove any php_memory_limit lines in httpd.conf’s virtual hosts section.
  • restart apache
  • do some performance testing and raise your server and thread limits to sane levels in httpd.conf

If possible, you may wish to run Apache with Worker MPM instead of Prefork MPM.

Installation Suggestions and Modification of Defaults

Be sure to install the newest version of APC, 3.1.9 as of the last revision of this post (I assume you know how to install and configure all the packages mentioned in this post):

pecl install apc

Choose “no” for internal debugging,  but choose “yes” for the other installation options, including the Experimental options.

For W3 Total Cache (WordPress plugin):
Page Cache: do not choose APC for the W3TC’s Page Cache, choose Enhanced Disk.
Minify: do not choose APC for Minify, use Disk.
Opcode Cache: choose APC for Opcode Cache
Database Cache: choose APC for Opcode Cache

For APC running on virtual servers for opcode caching:
Remove apc.ini from /etc/php.d. Do not add the APC configuration into /etc/php.ini (main php.ini which is probably a template used for creation of new virtual servers).

Instead, enable APC on a per-domain basis by modifying the respective /home/domainname.com/etc/php5/php.ini — your httpd.conf or virtual.conf should look something like this for each virtual domain.

<VirtualHost 99.88.177.288:80>
ServerName chrisgilligan.com
ServerAlias www.chrisgilligan.com
DocumentRoot /home/chris/public_html
ErrorLog /var/log/serversoftware/chrisgilligan.com_error_log
CustomLog /var/log/serversoftware/chrisgilligan.com_access_log combined
ScriptAlias /cgi-bin/ /home/chris/cgi-bin/
DirectoryIndex index.html index.htm index.php index.php4 index.php5
<Directory /home/chris/public_html>
Options Indexes IncludesNOEXEC FollowSymLinks ExecCGI
allow from all
AllowOverride All
AddHandler fcgid-script .php
AddHandler fcgid-script .php5
FCGIWrapper /home/chris/fcgi-bin/php5.fcgi .php
FCGIWrapper /home/chris/fcgi-bin/php5.fcgi .php5
</Directory>
<Directory /home/chris/cgi-bin>
allow from all
</Directory>
SuexecUserGroup "#987" "#756"
Options ExecCGI FollowSymLinks Includes IncludesNOEXEC -Indexes MultiViews SymLinksIfOwnerMatch
RemoveHandler .php
RemoveHandler .php5
IPCCommTimeout 12
</VirtualHost>

You must “babysit” the configuration: use the APC monitor (apc.php) to see how many files are being cached, and how much memory (apc.shm_size) is needed to avoid fragmentation, which will cause the 500 errors. If fragmentation rises quickly to 100%, memory usage is full, and cache full count rises above 0, you will almost surely see “500” errors.

If WordPress is the only PHP script software package on the domain, the following configuration will likely work for you; if you have more PHP software packages, you will need to raise apc.shm_size and raise the apc.user_entries_hint and apc.user_entries_hint settings, and possibly lower TTL values to allow cached files to expire and be replaced.

In general, you must double apc.shm_size in relation to APC’s highest reported Memory Usage to avoid fragmentation completely.

Configuration Suggestion for php.ini

in the virtual server’s /home/domainname.com/etc/php5/php.ini, add the following configuration:
(you may also install memcached, and should install fileinfo for full use of W3 Total Cache)

[memcached]
;memcached for distributed servers - e.g. mysql server on separate host
;extension=memcache.so

[fileinfo]
;fileinfo is included in PHP 5.3=>... uncomment the following line if using <=5.2
;extension=fileinfo.so

[APC]
extension = apc.so
apc.enabled = 1
apc.shm_segments = 1
apc.shm_size = 12M
apc.optimization = 0
apc.num_files_hint = 512
apc.user_entries_hint = 1024
apc.ttl = 0
apc.user_ttl = 0
apc.gc_ttl = 600
apc.cache_by_default = 0
apc.filters = "-/home/username/public_html/apc/apc\.php$"
apc.slam_defense = 0
apc.use_request_time = 1
apc.mmap_file_mask = /tmp/apc-accountname.XXXXXX
;OR apc.mmap_file_mask = /dev/zero
apc.file_update_protection = 2
apc.enable_cli = 0
apc.max_file_size = 2M
apc.stat = 1
apc.write_lock = 1
apc.report_autofilter = 0
apc.include_once_override = 0
apc.rfc1867 = 0
apc.rfc1867_prefix = "upload_"
apc.rfc1867_name = "APC_UPLOAD_PROGRESS"
apc.rfc1867_freq = 0
apc.localcache = 1
apc.localcache.size = 512
apc.coredump_unmap = 0
apc.stat_ctime = 0

Save php.ini, restart apache and then watch the APC Monitor to ensure fragmentation stays below 50% (it should remain less than 10% most of the time… if fragmentation rises quickly, you should add a few more MB’s of memory to apc.shm_size and restart apache).

Monitoring APC Performance and Detecting Errors

You should run apc.php in a password-protected directory in the domain’s public_html. Edit the apc.php code to allow passwordless access.
defaults('USE_AUTHENTICATION',0);

You can monitor errors with these commands:
tail -f -n 50 /var/log/httpd/error_log
tail -f -n 50 /home/domainname.com/logs/error_log

In the logs, you should see messages like the following:
mod_fcgid: process /home/username/public_html/scriptname.php(21272) exit(lifetime expired), terminated by calling exit(), return code: 0
... exit(server exited) ...
... exit(idle timeout) ...
if the cache is working well. If you see exit(communication error) then you have issues, probably cache full and fragmented.

Fragmentation Explained

Fragmentation is a measure of the non-available portion of apc.shm_size due to lack of contiguous memory large enough to accept new cache items. 100% fragmentation means the available memory is broken into hundreds of small pieces that are too small to accept new cache items. This occurs when cached items expire and new cached items fill their vacated memory slots; usually the new item is slightly smaller than the old item, and the leftover space may be too small for a new cache item.

Fragmentation can cause even a large amount of free memory to be unavailable for new cache items. That is why I say above you can avoid fragmentation by doubling the apc.shm_size in relation to the largest total memory usage you see. So you may want to start with 100MB, let the site run for a few hours during high traffic conditions, and then reduce shm_size to roughly double the highest amount of cache memory usage during that time.

Further Information and Suggestions

APC can have a very significant effect on minimizing overall server load and overall memory usage. It takes time to configure, and must be re-configured whenever PHP script software is added to a virtual server. The more plugins/mods/components you add to a PHP software package, the more scripts, database queries and objects will be cached.

If you have PHP scripts or plugins that do not need to be cached (low traffic pages such as contact forms, PHP scripts that do not have APC hooks and have their own caching schemes, dynamic image resizers, etc.), you can filter them out with simple RegEx:
apc.filters = "-/home/username/public_html/apc\.php$,-/home/username/public_html/wordpress/wp-content/themes/themename/thumb\.php$,-/usr/share/psa-horde/.*,+/home/username/public_html/phpmyadmin/.*"

TimThumb is a good example of a common WordPress theme plugin that may not need to be cached.

Because the apc.filters RegExp only works with filenames, it is not possible to filter out an entire PHP script package, component or plugin based on the directory where it resides. So if you do not wish to use APC cache on a particular script package, you should run it in a separate website. Some PHP script packages such as Gallery2 have an incredibly large number of .php, .inc and .class files which will be cached, so it is difficult to find them all and filter them all using apc.filters.

If you can’t raise apc.shm_size due to lack of available memory, try lowering the TTL’s (values in seconds, 0 is no limit, 600=10minutes, etc.). This will still have a good effect on high-traffic sites with many concurrent end users; caching is not at all necessary for low-traffic sites. However, be aware that lower TTL’s can cause more fragmentation.

During Testing or Debugging with CMS caching plugins or modules

While you are tweaking your opcode settings, and especially if you are using APC with a CMS like WordPress (w3 total cache) or phpbb or joomla, and you are experimenting with settings, or updating plugins or core, you should set apc.stat=1 (on). Restart the web server to load the new settings.

APC.Stat is the file change polling, which checks for file change every time a cached script or object is called. So, with polling turned off, your settings/configuration files will remain cached, and this will cause you a lot of frustration. W3 Total Cache in particular is difficult to get configured properly with apc.stat=0 because the config settings and files are dependent upon database and php, which will be cached as files or opcode.

After you have sorted out your opcode settings, you may switch apc.stat=0 and restart the web server to turn off polling for better performance.

If you cannot get APC to configured correctly for your WordPress sites, I suggest WP Super Cache and WP Minify… that combination will probably have a better effect, as it will serve pages very quickly and accellerate user experience for a small number of users. Joomla 1.5 and phpBB3 are much easier to work with, as their caching systems are built to use APC and other opcode caches. Apparently, Gallery3 now also supports opcode caching.

More advice:

  • turn on apc.stat (documentation says, “not for production servers”, but W3TC requires stat polling to monitor file status, post revisions, plugin upgrades, etc.)
  • turn off apc.optimization (experimental and unstable, may cache user session info, fubaring items which should not be cached, such as admin pages and logged-in site pages)
  • turn off apc.include_once_override (use carefully; only useful with PHP scripts that do not have cache hooks, such as Joomla 1.0, phpBB2, etc.)
  • turn off apc.slam_defense (may cause objects to be replaced with PHP warnings which are displayed to the user, especially on Joomla 1.5)
  • set apc.user_ttl = 0 (allows your php scripts to set appropriate timeouts for queries and objects)
  • set apc.mmap_file_mask = /tmp/apc-yourusernamehere.XXXXXX for file-backed mmap; make file mask unique by adding your unique string; XXXXXX (exactly 6 X’s) must remain to allow APC to add random string
    OR set to /dev/zero for anonymous mmap if you can spare the memory

APC Manual: http://www.php.net/manual/en/book.apc.php
APC Runtime Configuration http://www.php.net/manual/en/apc.configuration.php

The post How to Configure APC Cache on Virtual Servers with PHP running under FCGId appeared first on Chris Gilligan » new media.

]]>
https://chrisgilligan.com/wordpress/how-to-configure-apc-cache-on-virtual-servers-with-php-running-under-fcgid/feed/ 57