Five years of rackerhacker.com

Today marks the fifth year that this blog has existed on the internet. I bought the domain on February 14th, 2007 and tossed together a quick WordPress installation (I can’t even remember the version now!) to hold my notes that I was gathering at work. Rackspace as an entry-level Linux system administrator. The abrupt change from “top dog at the startup” to “wow, I don’t know anything about Linux” caught me by surprise and I was trying to stuff as much knowledge into my brain as quickly as I could....

2012-02-14 · 2 min · Major Hayden

Using OpenSSL’s s_client command with web servers using Server Name Indication (SNI)

One of the handiest tools in the OpenSSL toolbox is s_client. You can quickly view lots of details about the SSL certificates installed on a particular server and diagnose problems. For example, use this command to look at Google’s SSL certificates: openssl s_client -connect encrypted.google.com:443 You’ll see the chain of certificates back to the original certificate authority where Google bought its certificate at the top, a copy of their SSL certificate in plain text in the middle, and a bunch of session-related information at the bottom....

2012-02-07 · 2 min · Major Hayden

OpenStack bleeding-edge Python packages are now available

I sometimes enjoy living on the edge occasionally and that sometimes means I keep up with OpenStack changes commit by commit. If you’re in the same boat as I am, you may save some time by using my repository of bleeding-edge Python packages from the OpenStack projects: pypi.mhtx.net Python packages are updated moments after the commit is merged into the repositories under OpenStack’s github account. Although the packages will contain the latest code available, rest assured that the code has passed an initial code review (by humans), unit tests, and varying levels of functional or integrated testing....

2012-02-01 · 1 min · Major Hayden

Lifehacker effect on icanhazip.com

I was surprised to see coverage about icanhazip.com on Lifehacker last Sunday and I was curious to know what effect the story would have on my site’s overall traffic. Dave Drager wrote a great summary of what the site offers and how people can use it in their daily work. It’s pretty obvious that icanhazip.com really only serves a niche group of internet users, but even I was surprised at the level of interest....

2011-03-30 · 2 min · Major Hayden

Throwing thoughtful “403 Forbidden” responses with apache

If you offer a web service that users query via scripts or other applications, you’ll probably find that some people will begin to abuse the service. My icanhazip.com site is no exception. While many of the users have reasonable usage patterns, there are some users that query the site more than once per second from the same IP address. If you haven’t used the site before, all it does is return your public IP address in plain text....

2010-11-17 · 1 min · Major Hayden

Switching from GlusterFS to DRBD and OCFS2

As my uptime reports have shown, and as some of you have reported, my blog’s load time has increased steadily over the past few weeks. It turns out that one of my VM’s was on a physical machine that had some trouble and I was reaching a point where GlusterFS’s replicate functionality couldn’t meet my performance needs. Instead of using GlusterFS as I had before in my redundant cloud hosting guide, I decided to use DRBD in dual-primary mode with OCFS2 as the clustering filesystem on top of it....

2010-11-10 · 1 min · Major Hayden

One month with GlusterFS in production

As many of you might have noticed from my previous GlusterFS blog post and my various tweets, I’ve been working with GlusterFS in production for my personal hosting needs for just over a month. I’ve also been learning quite a bit from some of the folks in the #gluster channel on Freenode. On a few occasions I’ve even been able to help out with some configuration problems from other users....

2010-08-11 · 6 min · Major Hayden

A modern implementation and explanation of Linux Virtual Server (LVS)

Typical configuration for a proxy-type load balancer A typical load balancing configuration using hardware devices or software implementations will be organized such that they resemble the diagram at the right. I usually call this a proxy-type load balancing solution since the load balancer proxies your request to some other nodes. The standard order of operations looks like this: client makes a request load balancer receives the request load balancer sends request to a web node the web server sends content back to the load balancer the load balancer responds to the client If you’re not familiar with load balancing, here’s an analogy....

2010-06-27 · 4 min · Major Hayden

Apache 2.2: internal dummy connection

After working with some RHEL 5 servers fairly regularly, I noticed a reduction in Apache 2.2 performance when many connections were made to the server. There were messages like these streaming into the access_log as well: 127.0.0.1 - - [21/Aug/2008:12:00:10 -0400] "GET / HTTP/1.0" 200 2269 "-" "Apache/2.2.3 (Red Hat) (internal dummy connection)"<br /> 127.0.0.1 - - [21/Aug/2008:12:00:11 -0400] "GET / HTTP/1.0" 200 2269 "-" "Apache/2.2.3 (Red Hat) (internal dummy connection)"<br /> 127....

2008-09-24 · 3 min · Major Hayden

Compress your web content for better performance

Most web developers expend a lot of energy optimizing queries, reducing the overhead of functions, and streamlining their application’s overall flow. However, many forget that one of the simplest adjustments is the compression of data as it leaves the web server. Luckily, mod_deflate makes this easy, and the Apache documentation has a handy initial configuration available: <Location /> SetOutputFilter DEFLATE BrowserMatch ^Mozilla/4 gzip-only-text/html BrowserMatch ^Mozilla/4\.0[678] no-gzip BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html SetEnvIfNoCase Request_URI \....

2008-09-19 · 1 min · Major Hayden