Setting up subversion over ssl and nginx on debian

Subversion supports DAV protocol access only with Apache server. To get it running with nginx, apache has to be installed on the same system.

To start, install apache and svn support

apt-get install apache2 libapache2-svn

For apache and nginx web servers to coexist on the same computer and running at the same time, they would have to listen on the different ports. Standard ssl port is 443, lets set apache ssl to 8443. To prevent ports exposed to Internet, set apache to listen on port 8443 only localy.

Configure apache ports in /etc/apache2/ports.conf to be

Listen 127.0.0.1:8443

Activate SSL and the DAV modules on Apache

$ a2enmod ssl
$ a2enmod dav
$ a2enmod dav_svn

Restart apache

service apache2 restart

add DAV stuff

nano -w /etc/apache2/mods-available/dav_svn.conf

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule authz_svn_module modules/mod_authz_svn.so


# Example configuration:

       DAV svn
       SVNPath /var/svn/my_repos
       SVNListParentPath on

       AuthType Basic
       AuthName "Subversion repository"
       AuthUserFile /var/svn/conf/svnusers.conf
       Require valid-user
       SSLRequireSSL

}}}

Link default ssl configuration

cd /etc/apache2/sites-enabled
cp ../sites-available/default-ssl.conf svn-ssl.conf
nano -w svn-ssl.conf

And also set Listen 127.0.0.1:8443 in svn-ssl.conf

Create password files


htpasswd -cm /var/svn/conf/svnusers.conf user1
htpasswd -m /var/svn/conf/svnusers.conf user2

Check permissions. Debian apache should use www-data user and group. You can double check it in /etc/apache2/apache2.conf and /etc/apache2/envvars files, or just by doing ps aux | grep apache.

Make sure the same user/group are owners of the repository.

chown -R www-data:www-data /var/svn/

Restart apache and check if it works, for example with links

links https://127.0.0.1:8443/svn/my_repos

Create nginx conf file, or add proxy pass in existing config

server {
    listen 80;
    server_name svn.myserver.com;
    return 301 https://$host$request_uri;
}


server {
    listen       443 ssl;
    server_name  svn.myserver.com;

    ssl on;

    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

    access_log /var/log/nginx/svn.access.log;
    error_log /var/log/nginx/svn.error.log;

    location / {
          proxy_pass   https://127.0.0.1:8443;
    }
}

Restart nginx and check in your web browser.

Quick winXP/Vista/7/8 recovery

To a friend in trouble.

In short winXP doesn’t behave nice. Most likely virus. Backup and full reinstall needed. Here is my advice how to back it up using linux live distro.

1. install linux live cd to CD or better usb key
2. boot old computer using linux from step 1 — DONT install linux, just use LIVE CD to boot computer, you don’t want to rewrite you hard drive!
3. access hard disk and copy files you need to other usb key/external disk/other computer
4. never again use windows – use linux from 1 to make it permanent on that PC
5. go to 4

In principle each step might open new problems, but hopefully all will go smooth.
In more detail I recommend kubuntu live cd:

1a. http://www.kubuntu.org/getkubuntu – most likely you need 32 bit version – for old comp,
1b. Here is the link to how to install it to USB stick.

2. when rebooting you might have to change boot medium in BIOS. Press key to get to BIOS when booting (before windows starts). Once in BIOS look for Boot priorities and adjust to use USB or CD to boot from (depending on step 1)

3. open file browser (dolphin, or which ever came with the linux distro) and look for primary hard disk partitions – it should be visible on left side. Mount it (click on it) and you will be able to browse windows partition(s). You can copy files to another USB stick the same way: insert other USB device (but not remove original linux LIVE CD medium), mount it and copy files to it.

The best guide I found on the net is
here.

Hope this helps,

Kubuntu on ASUS Zenbook Prime UX31A-DH5

After a few problems I can confirm ASUS Zenbook Prime UX31A-DH5 working with Kubuntu 13.10. Here are the steps I did:

Get kubuntu from http://www.kubuntu.org/getkubuntu/download
At the time of writing, version 13.10 was the most recent. It should work with BIOS Secure Boot option.

Copy iso image to usb device

dmesg

[67675.270470] sdf: sdf1 sdf2
[67675.335259] sd 8:0:0:0: [sdf] No Caching mode page found
[67675.335261] sd 8:0:0:0: [sdf] Assuming drive cache: write through
[67675.335263] sd 8:0:0:0: [sdf] Attached SCSI removable disk

dd if=kubuntu-13.10-desktop-amd64.iso of=/dev/sdf

Create a partition where ubuntu will be installed. In Windows 8 under Settings -> Control Panel -> Administrative Tools -> Computer Management -> Storage -> Disk Management –> Shrink Volume

BIOS update
Updated bios to 219 version. Make sure you have correct model, in my case its UX31A. Go to assus support site and get the BIOS file. Copy the BIOS file onto a USB stick. Reboot and press the esc button to enter the BIOS menu. Then select “Enter Setup”. From the Advanced tab, choose the Easy Flash option and then select the BIOS file to update.

Installing from a Live USB
Reboot than press and hold ESC for boot menu. I had trouble booting from one USB key and had to use another. Eventually the USB device got recognized and I got grub2 menu. After selecting kubuntu, the screen went black!1&(^$!@(*^& I connected external monitor and viola, ubuntu was there. See this bug.

Selected manual partitions, created 4GB swap and ~33GB / ext4 partition and proceeded with install.

Update
sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-update

Black screen after the 1st boot
Kernel 3.11 has a bug with intel4000
Laptop screen black due to this bug. It is fixed in kernel-3.12, however this patch is not included with Kubuntu-13.10 :(. Kernel can be updated to v 3.12 as described here:


mkdir kernel\ v3.12.2-trusty && cd kernel\ v3.12.2-trusty

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.12.2-trusty/linux-image-3.12.2-031202-generic_3.12.2-031202.201311291538_amd64.deb--2013-11-30 18:47:15-- http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.12.2-trusty/linux-image-3.12.2-031202-generic_3.12.2-031202.201311291538_amd64.deb

wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.12.2-trusty/linux-headers-3.12.2-031202_3.12.2-031202.201311291538_all.deb
wget http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.12.2-trusty/linux-headers-3.12.2-031202-generic_3.12.2-031202.201311291538_amd64.deb

sudo dpkg -i linux-*.deb
sudo update-grub
sudo reboot now

My Zenbook now properly boots with laptop screen working as it is supposed to!

Other tips
Some other tips for power saving optimization include modifying kernel parameters:

sudo nano -w /etc/default/grub

modify to include:

GRUB_CMDLINE_LINUX_DEFAULT="quiet splash acpi_osi='!Windows 2012' pcie_aspm=force drm.vblankoffdelay=1 i915.semaphores=1 nmi_watchdog=0"

and update grub with
sudo update-grub

SSD tweeks
Increase the life of your SSD by reducing number of OS writes to SSD
sudo nano -w /etc/fstab

and add discard,noatime,nodiratime params to your SSD partition as well as tmpfs. noatime disable (or significantly reduce) disk writes whenever a file is read. nodiratime gives you the same functionality for directories. discard filesystem option is for automatic/online TRIM.

UUID=0d67e753-acb6-46c4-acb4-1bd4f14fe92c /               ext4    discard,noatime,nodiratime,errors=remount-ro 0       1
tmpfs /tmp tmpfs defaults,discard,noatime,mode=1777 0 0

Make sure deadline is used as IO Scheduler


sudo cat /sys/block/sda/queue/scheduler
noop [deadline] cfq

Swap
Most systems with more than 2GB RAM rarely use swap space except for hibernate. Reduce usage of swap space in order to minimise number of writes to swap with


sudo echo 1 > /proc/sys/vm/swappiness

alternatively, this can be done by modifying sysctl

sudo nano -w /etc/sysctl.d/99-sysctl.conf

to look like

vm.swappiness=1
vm.vfs_cache_pressure=50

Resolution
Current Xorg-server uses a display resolution setting of 96dpi by default. UX31E Zenbooks have a resolution of ~138dpi. The default value of 96dpi makes fonts look really small. You can list the current setting with:

xdpyinfo|grep resolution

Override the default value with

xrandr --dpi 138/eDP1

To keep this permanent add xrand call to /etc/X11/xinit/xinitrc
sudo nano -w /etc/X11/xinit/xinitrc

Touchpad
Right and middle mouse clicks are not working. This needs specific xinput instruct. A quick recipe is given here. Create an executable script:

sudo nano -w /usr/local/bin/touchpad.sh
chmod +x /usr/local/bin/touchpad.sh

and add the following code

#!/bin/bash 
xinput set-prop "ETPS/2 Elantech Touchpad" "Synaptics ClickPad" 1 
xinput set-prop "ETPS/2 Elantech Touchpad" "Synaptics Soft Button Areas" 1956 0 1737 0 1304 1955 1737 0 
syndaemon -i 1.7 -d -t -K 

Lastly start this script
/usr/local/bin/touchpad.sh

To make it permanent add it to SystemSettings–>Startup and Shutdown–>AutoStart

Skype
Skype is not in official repos, to install it add ‘partner’ repository.

sudo add-apt-repository "deb http://archive.canonical.com/ $(lsb_release -sc) partner"
sudo apt-get update
sudo apt-get install skype

Apache configuration for pylons

Recently some of our pylons servers experienced mysql overflow. Pylons app is served via apache 2.2 using worker mpm on gentoo with kernel 3.2. It uses sqlalchemy to access mysql server. The pylons error is:

>> self.pool.connect(),
Module sqlalchemy.pool:210 in connect
>> return _ConnectionFairy(self).checkout()
Module sqlalchemy.pool:371 in __init__
>> rec = self._connection_record = pool._do_get()
Module sqlalchemy.pool:685 in _do_get
>> (self.size(), self.overflow(), self._timeout))
TimeoutError: QueuePool limit of size 5 overflow 5 reached, connection timed out, timeout 30

Simultaneously, RAM hit 100% capacity and swap kicked in. Looking into memory use on the machine, mysql took ~6%, apache ~1%, and everything else was eaten by pylons. My apps use beaker for caching of certain functions. In principle, turning off cache might help, however it would increase system load and slowed down server response.

The quick workaround was to modify number requests per child in apache controlled by MaxRequestsPerChild global. This basically allows faster recycling of processes and freeing

/etc/apache2/modules.d/00_mpm.conf was modified to reduce MaxRequestsPerChild:

<IfModule mpm_worker_module>
StartServers 16
MinSpareThreads 85
MaxSpareThreads 125
ThreadsPerChild 48
MaxClients 768
MaxRequestsPerChild 2000
</IfModule>

Brother MFC-7460DN on 64bit gentoo

Network printer Brother MFC-7460DN is not supported by standard cups drivers, but it does work on ubuntu by following instructions from manufacturer web site. Here is how this network printer can be properly configured on 64 bit gentoo (I am using kernel gentoo-sources-3.0.6)

Printer

Cups and other needed packages

Emerge cups and few other needed dependencies. Start cupsd.


emerge -av cupsĀ rpm a2ps tcsh
/etc/init.d/cupsd start
rc-update add cupsd default

Drivers

Get lpr and cupwrapper drivers for MFC-7460DN from Brother’s driver download page. The versions at the time of writing are:

cupswrapperMFC7460DN-2.0.4-2.i386
mfc7460dnlpr-2.1.0-1.i386

Install drivers and create a symbolic link to the filter file


rpm -ihv --nodeps mfc7460dnlpr-2.1.0-1.i386.rpm
rpm -ihv --nodeps cupswrapperMFC7460DN-2.0.4-2.i386.rpm
ln -s /usr/lib/cups/filter/brlpdwrapperMFC7460DN /usr/libexec/cups/filter/brlpdwrapperMFC7460DN

Continue reading “Brother MFC-7460DN on 64bit gentoo”