Author: dale

I started as a technician, first setting up sound reinforcement and projection equipment at a convention facility, co-founded a DJ business and constructed our PA system from scrach, then got into electronics maintenance and repair at a community college. After obtaining a university degree in engineering, I designed integrated circuits for the first generation of 900 MHZ analog cellphones, the first generation of CA-code-phase tracking GPS receivers and digital pro-audio. I then progressed through a variety of leadership roles in product management, marketing, engineering product development and manufacturing, in fields such as industrial GPS-based positioning and navigation, pipeline integrity inspection and industrial process control.
Posted on

Install ERPNext on DigitalOcean Centos 7

For followers of this saga, I started trying to install ERPNext on bare-metal FreeBSD, but ran into errors. No solution yet, so changing course slightly. I signed up for a server on DigitalOcean. It’s a pretty good deal, for $5 a month for one CPU, 512MB RAM and a 20 GB SSD. It’s basically the same as the old desktop serving dalescott.net, or the performance of a vm running in VirtualBox under Windows on my T61 ThinkPad. I also had a $10 promo code; I still had to put in $5 of my own, but I should get 3 months for $5, pretty good. I had to pick CentOS 7 instead of FreeBSD 10 (ERPNext and DigitalOcean constraints, and chosing RH for corporate familiarity), oh well….

Here are my steps, described very briefly:

  • copy my public ssh key to my DigitalOcean account (copy/paste from the PuTTYgen window, NOT the Save Public Key button!)
  • create droplet: 512 MB / 1 CPU, 20 GB SSD, 1000 GB Transfer, New York server, CentOS 7.0 x64, and use my ssh key.
  • connect to the new server using PuTTY on my Windows laptop
    • I was emailed a password, but it doesn’t seem to work, I muddled around a bit and destroyed my first droplet, so perhaps the password is for that droplet – if the second droplet got the same IP address as the destroyed one)
  • follow Easy Way in ERPNExt frappe bench README.md
    • wkhtmltopdf couldn’t be installed and was skipped (too bad, I need that!)
    • “pip-2.7 not found”, but reading setup_frappe.sh, this seems informational and not an issue
  • point browser at the server ip address
    • server produced ERPNext login screen, so it seems the basics are working.
  • install wkhtmltopdf manually (appears the project has changed its hosting recently)
    • got a LOT of “unable to allocate memory” error messages, but wkhtmltopdf seems OK (created test page, assuming errors are due to not being able to load some user thumbnail pics)
  • Access the server from a browser (port 80), and sign into ERPNext as “Adminstrator” using the password output at the end of the setup_frappe.sh execution.
  • Backup the database after completing the setup wizard.

setup_frappe.sh log

[root@firefly ~]# wget https://raw.githubusercontent.com/frappe/bench/master/install_scripts/setup_frappe.sh
--2014-11-14 22:57:47-- https://raw.githubusercontent.com/frappe/bench/master/install_scripts/setup_frappe.sh
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 199.27.76.133
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|199.27.76.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 11601 (11K) [text/plain]
Saving to: ‘setup_frappe.sh’

100%[============================================================>] 11,601 --.-K/s in 0s

2014-11-14 22:57:47 (37.0 MB/s) - ‘setup_frappe.sh’ saved [11601/11601]

[root@firefly ~]# sudo bash setup_frappe.sh --setup-production
Installing for centos 7 amd64 In case you encounter an error, you can post on https://discuss.frappe.io

Adding centos mariadb repo
Installing packages for centos. This might take time...
Installing wkhtmltopdf
Cannot install wkhtmltodpdf. Skipping...
Configuring CentOS services
Starting services
Adding frappe user
setup_frappe.sh: line 300: hash: pip-2.7: not found
Installing frappe-bench Setting up first site

Frappe/ERPNext is installed successfully and is running on port 80.
Frappe password: xxxxxxxxxxxxxxxx
MariaDB root password: xxxxxxxxxxxxxxxx
Administrator password: xxxxxxxxxxxxxxxx

The passwords are also stored at ~/frappe_passwords.txt
You can remove this file after making a note of the passwords. 
[root@firefly ~]#

install wkhtmltopdf

[root@firefly ~]# wget http://downloads.sourceforge.net/project/wkhtmltopdf/0.12.1/wkhtmltox-0.12.1_linux-centos7-amd64.rpm
--2014-11-14 23:30:03--  http://downloads.sourceforge.net/project/wkhtmltopdf/0.12.1/wkhtmltox-0.12.1_linux-centos7-amd64.rpm
Resolving downloads.sourceforge.net (downloads.sourceforge.net)... 216.34.181.59
Connecting to downloads.sourceforge.net (downloads.sourceforge.net)|216.34.181.59|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://softlayer-dal.dl.sourceforge.net/project/wkhtmltopdf/0.12.1/wkhtmltox-0.12.1_linux-centos7-amd64.rpm [following]
--2014-11-14 23:30:03--  http://softlayer-dal.dl.sourceforge.net/project/wkhtmltopdf/0.12.1/wkhtmltox-0.12.1_linux-centos7-amd64.rpm
Resolving softlayer-dal.dl.sourceforge.net (softlayer-dal.dl.sourceforge.net)... 67.228.157.232
Connecting to softlayer-dal.dl.sourceforge.net (softlayer-dal.dl.sourceforge.net)|67.228.157.232|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 14258268 (14M) [application/octet-stream]
Saving to: ‘wkhtmltox-0.12.1_linux-centos7-amd64.rpm’

100%[=============================================================================================================>] 14,258,268  5.16MB/s   in 2.6s

2014-11-14 23:30:06 (5.16 MB/s) - ‘wkhtmltox-0.12.1_linux-centos7-amd64.rpm’ saved [14258268/14258268]

[root@firefly ~]#
[root@firefly ~]# rpm -ivh wkhtmltox-0.12.1_linux-centos7-amd64.rpm
Preparing...                          ################################# [100%]
Updating / installing...
   1:wkhtmltox-1:0.12.1-1             ################################# [100%]
[root@firefly ~]# yum install fontconfig libXrender libXext '*fonts*' openssl
...
  Lots and LOTS of fonts appear to be installed, but at the end there are a LOT of "[Errno 5] [Errno 12] Cannot allocate memory"
[root@firefly ~]# wkhtmltopdf --version
wkhtmltopdf 0.12.1 (with patched qt)
[root@firefly ~]# wkhtmltopdf http://www.tecmint.com/install-eclipse-classic-in-rhel-centos-fedora/ ./install-eclipse.pdf
Loading pages (1/6)
Warning: A finished ResourceObject received a loading finished signal. This migth be an indication of an iframe taking to long to load.
Warning: A finished ResourceObject received a loading progress signal. This migth be an indication of an iframe taking to long to load.
Counting pages (2/6)
Resolving links (4/6)
Loading headers and footers (5/6)
Printing pages (6/6)
Done
Exit with code 1 due to network error: UnknownNetworkError
[root@firefly ~]#

Backup database

systemctl status mariadb.service
mysqldump -u root -p --databases site1.local > ~/erpnextbkup/erpnext-1.sql

Restore database

mysql -u root -p site1.local < ~/erpnextbkup/erpnext-1.sql
Posted on

Protecting a FreeBSD Server

In Episode 048 of the BSD Now podcast, Allan referenced a great blog post on twisteddaemon listing basic security steps to perform after a new install. The checklist is also a good guide for a mature server checkup, which I recently did with a production server. Besides confirming sshd was configured correctly for public-key login only, I found forgotten open ports related to ntpd and ftp enabled (neither of which I need anymore), and I also found syslogd was opening a port for remote logging (all of which have now been disabled).

In addition to the checklist, Allan also recommended using a tool like denyhosts to reduce ssh door knocking. I’ve never quantified the time being wasted checking the door, but I’m running older hardware and my server log lists several hundred to upwards of a thousand knocks per day, so it may be significant.

Installing denyhosts was pretty simple with the help of On How to Install denyhosts on FreeBSD. The only issue I had was how to include at least one allowed port to prevent accidentally locking myself out. I never connect to the server from a static IP address, and it’s not readily clear to me what addresses would cover my travels around town. However, the server is in the basement, so it’s not an issue so long as I’m not travelling.

I’ll let you know in a couple weeks how my server logs are looking, and if my 2G single-core P4 is feeling less stressed (and behaving snappier).

Other references:

Posted on

Hosting PHP Apps on Apache using PHP-FPM

Here are notes from some research I did a while back on using php-fpm with Apache and Nginx. dalescott.net will likely never reach traffic levels where it would benefit, so I’m staying with Apache 2.2 and mod_php for now.

php-fpm

  • http://php-fpm.org
    • project site, code now included in php
  • http://php.net/manual/en/install.fpm.php
    • discusses fpm but does not include specific install or config instructions (some posts though)

Apache

  • Google: apache+mod_proxy+fcgi+php
  • Google: apache+php+php-fpm+freebsd
  • TODO: add references etc to blog post on same topic

Project docs

  • http://wiki.apache.org/httpd/PHP-FPM
  • http://httpd.apache.org/docs/current/mod/mod_proxy_fcgi.html
  • http://httpd.apache.org/docs/current/mod/mod_proxy.html

Blogs, tutorials, and forums

  • http://www.howtoforge.com/using-php5-fpm-with-apache-2.4-mod_proxy_fcgi-module-on-fedora-18
  • http://garajau.com.br/blog/2013/12/apache-2-4-and-php-fpm-using-mod_proxy_fcgi
  • http://www.binarytides.com/setup-apache-php-fpm-mod-proxy-fcgi-ubuntu
  • http://jkroon.blogs.uls.co.za/it/security/using-php-fpm-and-mod_proxy_fcgi-to-optimize-and-secure-lamp-servers
  • http://www.rodrigocalado.com.br/famp-instalando-o-apache-2-4-php-5-5-mysql-5-6-no-freebsd-9-x-9-2-release/
    • Need to translate (Spanish? Italian?)
  • http://www.janoszen.com/2013/04/29/setting-up-apache-with-php-fpm/
  • http://forum.nginx.org/read.php?3,172673
    • nginx forum, but discusses Apache2, php-fpm, FastCGI
    • also see referenced post http://forum.nginx.org/read.php?3,131665,144226#msg-144226
  • http://www.hosting.com/support/linux/configure-apache-to-use-php-fpm/
    • Configure Apache to use PHP-FPM
  • http://funcptr.net/2010/11/14/apache-mod_fastcgi-and-php-with-php-fpm/
  • http://harold.internal.org/tag/freebsd/
    • Apache with PHP-FPM, chroots and per-vhost UIDs
  • http://www.yiiframework.com/doc/guide/1.1/en/quickstart.apache-nginx-config
    • tcp port

Nginx

Google: nginx+PHP+php-fpm+freebsd

Blogs, tutorials, and forums

  • http://arstechnica.com/series/web-served
    • nginx, php, php-fpm, ….
    • VERY detailed
    • uses tcp port to communicate with php-fpm
  • http://blog.bobbyallen.me/2013/01/05/install-nginx-mysql-php-apc-and-memcached-on-freebsd-9-0
    • uses tcp port to communicate with php-fpm
    • provides nginx.conf file (downloadable)
    • intended use FuelPHP framework
  • http://blog.secaserver.com/2011/07/freebsd-nginx-php-fastcgi-installation
    • uses tcp port with php-fpm
  • http://fendyhussain.wordpress.com/2012/11/23/freebsd-nginx-with-php5
    • uses fastcgi (not fpm)
  • http://till.klampaeckel.de/blog/archives/44-Nginx+PHP+FastCGI-Testing-your-web-application-with-bleeding-edge-PHP.html
    • uses fastcgi
  • http://www.defcon1.org/html/nginx.html
    • installing nginx with PHP FPM on FreeBSD 8.x-9.0
    • uses fastcgi
  • http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-debian-wheezy
    • discusses both unix sockets and tcp port config with fpm
  • http://www.howtoforge.com/installing-nginx-with-php5-and-php-fpm-and-mysql-support-lemp-on-ubuntu-12.10
  • http://www.yiiframework.com/wiki/153/using-yii-with-nginx-and-php-fpm
    • describes unix sockets on BSD for better performance (but must use tcp sockets with Linus due to kernel bug/issue)
  • http://www.yiiframework.com/doc/guide/1.1/en/quickstart.apache-nginx-config
    • tcp port
  • http://bin63.com/how-to-install-nginx-and-php-fpm-on-freebsd
Posted on

Configuring Git

I needed to configure Git on a new server recently (no GUI), and couldn’t remember my typical configuration.

Disable Output Color-Coding

Many developers can’t live without color-coded command-line output, but I find at best it’s hard to read and distracting, and at worst absolutely incompressible with high ambient lighting and some screen glare. To disable color-coded command line output from Git:

$ git config --global color.ui false
$ git config --global color.diff false
$ git config --global color.status false
$ git config --global color.branch false
$ git config --global color.interactive false

Ignore File-Mode Changes

Git may report that executable files (e.g. shell scripts) have been modified based on differences in file mode interpretation between Unix and Windows systems. If the mode of a file is set to executable and committed to a Git repository in a Unix environment, and then the repository cloned into a Windows environment, the file will be reported by Git in Windows as having been modified – based on its mode. This is the result of subtle differences between a Unix file system and a Windows file system. Committing the “modified” file in Windows and pushing the repository changes back to the Unix repository will result in the file not being executable in Unix (until its file mode is set back to executable).

If this is an issue for you, set your Windows global Git config (~/.gitconfig) to ignore file mode changes (but first, check that your global configuration will not be overridden by a repository configuration).

Check your global and local configs:

$ git config --global core.filemode
$ cd gitrepo
$ git config core.filemode

Set configuration to ignore file mode changes:

$ git config --global core.filemode false
$ cd gitrepo
$ git config core.filemode false