Tagged with php

Mar 17 2013
2 Comments

Survive the Google Reader exodus with Tiny Tiny RSS

Tiny Tiny RSSIt’s no secret that Google Reader is a popular way to keep up with your RSS feeds, but it’s getting shelved later this year. Most folks suggested Feedly as a replacement but I found the UI quite clunky in a browser and on Android devices.

Then someone suggested Tiny Tiny RSS. I couldn’t learn more about it on the day Google Reader’s shutdown was announced because the site was slammed. In a nutshell, Tiny Tiny RSS is a well-written web UI for managing feeds and a handy API for using it with mobile applications. The backend code is written in PHP and it supports MySQL and Postgres.

There’s also an Android application that gives you a seven day trial once you install it. The pro key costs $1.99.

The installation took me a few minutes and then I was off to the races. I’d recommend implementing SSL for accessing your installation (unless you like passing credentials in the clear) and enable keepalive connections in Apache. The UI in the application drags down a ton of javascript as it works and enabling keepalives will keep your page load times low.

If you want to get your Google Reader feeds moved over in bulk, just export them from Google Reader:

  1. Click the settings cog at the top right of Google Reader and choose Reader Settings
  2. Choose Import/Export from the menu
  3. Press Export, head over to Google Takeout and download your zip file

Unzip the file and find the .xml file. Open up a browser, access Tiny Tiny RSS and do this:

  1. Click Actions > Preferences
  2. Click the Feeds tab
  3. Click the OPML button at the bottom
  4. Import the xml file that was in the zip file from Google

From there, just choose a method for updating feeds and you should be all set!

Tagged , , , , , , ,
Sep 07 2011
3 Comments

Getting apache, PHP, and memcached working with SELinux

SELinux PenguinI’m using SELinux more often now on my Fedora 15 installations and I came up against a peculiar issue today on a new server. My PHP installation is configured to store its sessions in memcached and I brought over some working configurations from another server. However, each time I accessed a page which tried to initiate a session, the page load would hang for about a minute and I’d find this in my apache error logs:

[Thu Sep 08 03:23:40 2011] [error] [client 11.22.33.44] PHP Warning:  
Unknown: Failed to write session data (memcached). Please verify that 
the current setting of session.save_path is correct (127.0.0.1:11211) 
in Unknown on line 0

I ran through my usual list of checks:

  • netstat showed memcached bound to the correct ports/interfaces
  • memcached was running and I could reach it via telnet
  • memcached-tool could connect and pull stats from memcached
  • double-checked my php.ini
  • tested memcached connectivity via a PHP and ruby script — they worked

Even after all that, I still couldn’t figure out what was wrong. I ran strace on memcached while I ran a curl against the page which creates a session and I found something significant — memcached wasn’t seeing any connections whatsoever at that time. A quick check of the lo interface with tcpdump showed the same result. Just before I threw a chair, I remembered one thing:

SELinux.

A quick check for AVC denials showed the problem:

# aureport --avc | tail -n 1
4021. 09/08/2011 03:23:38 httpd system_u:system_r:httpd_t:s0 42 tcp_socket name_connect system_u:object_r:memcache_port_t:s0 denied 31536

I’m far from being a guru on SELinux, so I leaned on audit2allow for help:

# grep memcache /var/log/audit/audit.log | audit2allow
 
#============= httpd_t ==============
#!!!! This avc can be allowed using one of the these booleans:
#     httpd_can_network_relay, httpd_can_network_memcache, httpd_can_network_connect
 
allow httpd_t memcache_port_t:tcp_socket name_connect;

The boolean we’re looking for is httpd_can_network_memcache. Flipping the boolean can be done in a snap:

# setsebool -P httpd_can_network_memcache 1
# getsebool httpd_can_network_memcache
httpd_can_network_memcache --> on

After adjusting the boolean, apache was able to make connections to memcached without a hitch. My page which created sessions loaded quickly and I could see data being stored in memcached. If you want to check the status of all of the apache-related SELinux booleans, just use getsebool:

# getsebool -a | grep httpd | grep off$
allow_httpd_anon_write --> off
allow_httpd_mod_auth_ntlm_winbind --> off
allow_httpd_mod_auth_pam --> off
allow_httpd_sys_script_anon_write --> off
httpd_can_check_spam --> off
httpd_can_network_connect_cobbler --> off
httpd_can_network_connect_db --> off
httpd_can_network_relay --> off
httpd_can_sendmail --> off
httpd_dbus_avahi --> off
httpd_enable_ftp_server --> off
httpd_enable_homedirs --> off
httpd_execmem --> off
httpd_read_user_content --> off
httpd_setrlimit --> off
httpd_ssi_exec --> off
httpd_tmp_exec --> off
httpd_unified --> off
httpd_use_cifs --> off
httpd_use_gpg --> off
httpd_use_nfs --> off

If you’re interested in SELinux, a good way to get your feet wet is to head over to the CentOS Wiki and review their SELinux Howtos

Tagged , , , , , , , , , , ,
Aug 17 2010
4 Comments

A simple guide to redundant cloud hosting

Update: I’ve removed the guide as it has aged quite a bit and is not very helpful.

Today, on my 28th birthday, I’m finally delivering on a promise to my readers which I made about two months ago. I’ve written a guide on how to host a web application redundantly in a cloud environment. While it’s still a bit of a rough draft, it should be a good starting point for those who haven’t worked in virtualized environments before. Also, it may show some of the more experienced systems administrators a new way to do things.

The guide: Redundant Cloud Hosting Guide

As always, if you find anything in the guide that needs improvement, I’m all ears. :-)

Tagged , , , , , , , , , , , , , , , , , , , , , , ,
Dec 21 2009
28 Comments

WordPress and PHP 5.3.x: update_comment_type_cache() expected to be a reference

I upgraded a Fedora 11 instance to Fedora 12 and found the following error at the top of one of my WordPress blogs:

Parameter 1 to update_comment_type_cache() expected to be a reference, 
value given in wp-includes/plugin.php on line 166

The problem wasn’t in a plugin, actually. It was within my theme’s (R755-light) functions.php:

function update_comment_type_cache(&$queried_posts) {

The temporary fix is to remove the & from that line so it looks like this:

function update_comment_type_cache($queried_posts) {

After clearing out the WP Super Cache, the page was loading properly again. It turns out that the function actually calculates how many comments are available for a given post, so that functionality is working properly right now. A few theme authors are already releasing new versions to fix this bug, but my theme’s author has not.

The credit for the fix goes to someone in the WordPress forums.

Tagged ,
Jul 31 2009
4 Comments

Requiring SSL encryption for WordPress administration

I was digging around for WordPress plugins last night that would allow me to secure the administrative login page for my WordPress installations. Most of the plugins are only compatible with WordPress 2.7.x or earlier, so I was a little concerned about them working with WordPress 2.8.2.

Then I stumbled upon the WordPress documentation that shows you how to require SSL with no plugins at all. If you’re using WordPress 2.6+, you can use these super-simple instructions:

Require encryption just for the /wp-admin/ login, but leave the rest of the administrative area on HTTP:

# Add this line to wp-config.php
define('FORCE_SSL_LOGIN', true);

To encrypt the login and the entire administrative area:

# Add this line to wp-config.php
define('FORCE_SSL_ADMIN', true);

Of course, for this to work, you’ll need virtual hosts on ports 80 and 443 for your blog. Also, you’ll need an SSL certificate for your blog. You can snag one from a reputable provider or make your own.

Tagged , , ,
Older posts