dig

How to install DNS server using BIND from source

This article describe how to install BIND DNS software on your linux machine, this guide has been tested on CentOS 6.3 x86_64 but I guest also work on other linux distros with  dependencies adjustment. As far I know, BIND is popular software that use as domain name system server in internet. I choose BIND because a lot of documentations and good life cycle also the important thing is stable and secure (depend on your setup).
Continue reading “How to install DNS server using BIND from source” »


nginx_deny_host_headers

Nginx deny illegal host headers

My friend was ask me about preventing the IP address of Virtual Host from be accessed directly from web browser. The goals of this setup is deny the ilegal host headers that was sent by web browser. As an example, I’ve domain blog.pnyet.web.id with IP address 111.68.119.146 and I wanna reject all queries to 111.68.119.146 from web browser. Please see below for details:

if ($host !~* ^(yourdomain.com|www.yourdomain.com)$ ) {
return 444;
}

For an example setup in this blog:

server {
listen blog.pnyet.web.id:80;
server_name blog.pnyet.web.id www.blog.pnyet.web.id;
if ($host !~* ^(blog.pnyet.web.id|www.blog.pnyet.web.id)$ ) {
return 444;
}

Hope this help


bagio_error

[Solved] CPanel failed to expand condition

I’ve a problem with mailbox permission, but the root of case isn’t permission in mailbox directory but the problem caused by configuration files couldn’t read by user. Please┬áthe following error logs:

2012-10-27 11:10:47 H=([127.0.0.1]) 92.239.28.234]:3289 sender verify defer for <[email protected]>: require_files: error for /home/bagio/etc/bagio.co.id: Permission denied
2012-10-27 11:11:19 H=([192.168.5.6]) [122.248.36.18]:3365 sender verify defer for <[email protected]>: require_files: error for /home/bagio/etc/bagio.co.id: Permission denied

and also the following errors:

2012-10-27 11:08:55 failed to expand condition “${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/.boxtrapperenable} {true} {false}}}}” for virtual_boxtrapper_user router: failed to open /home/bagio/etc/bagio.co.id/passwd for linear search: Permission denied (euid=47 egid=12)
2012-10-27 11:08:55 failed to expand condition “${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{true}}” for virtual_user router: failed to open /home/bagio/etc/bagio.co.id/passwd for linear search: Permission denied (euid=47 egid=12)
2012-10-27 11:13:33 1TRxlx-0000YV-2N spam acl condition: cannot parse spamd output
2012-10-27 11:17:45 failed to expand condition “${if exists {$home/etc/$domain/quota}{${if > {${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{0}{${if eq {${if exists {$home/mail/$domain/$local_part/maildirsize}{1}{0}}}{0}{${if > {${run {/usr/local/cpanel/bin/eximwrap GETDISKUSED $local_part $domain}}}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}{0}}}{true}{false}}}{${perl{checkuserquota}{$domain}{$local_part}{$message_size}{${lookup{$local_part}lsearch{$home/etc/$domain/quota}{$value}}}{$home/mail/$domain/$local_part/maildirsize}}}}}{false}}}{false}}” for virtual_user_maildir_overquota router: failed to open /home/bagio/etc/bagio.co.id/quota for linear search: Permission denied (euid=47 egid=12)
2012-10-27 11:17:45 failed to expand condition “${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{${if exists {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/$local_part/.boxtrapperenable} {true} {false}}}}” for virtual_boxtrapper_user router: failed to open /home/bagio/etc/bagio.co.id/passwd for linear search: Permission denied (euid=47 egid=12)
2012-10-27 11:17:45 failed to expand condition “${if eq {${lookup {$local_part} lsearch {${extract{5}{:}{${lookup passwd{${lookup{$domain}lsearch*{/etc/userdomains}{$value}}}{$value}}}}/etc/$domain/passwd}}}{} {false}{true}}” for virtual_user router: failed to open /home/bagio/etc/bagio.co.id/passwd for linear search: Permission denied (euid=47 egid=12)

Ok, the following step will fix the problem in above:

1. Force to change the ownership of user directory, this step is required when cpanel fixperms script doesn’t work.
# chown -R bagio.bagio /home/bagio

2. Then fix directory permission using /scripts/fixperms
# /scripts/fixperms -a bagio

If the steps in above doesn’t work, please submit a ticket to tickets.cpanel.net or send your root password to me and I’ll try help as I can.
Hope this help.


Suhosin PHP Module Mismatch

PHP Warning: PHP Startup: suhosin: Unable to initialize module

Yesterday I got a problem with suhosin after downgrading php in cpanel, actually it’s so simple to fix suhosin problem in cpanel but I’m so tired and had a lot off issue since yesterday. After waiting arround 7 hours I didn’t get solutions from cpanel customer support, finally I’ve to fix it by my self. I know that the problem caused by suhosin module doesn’t match with API in PHP, so I just need to recompile and reinstall suhosin from source. Continue reading “PHP Warning: PHP Startup: suhosin: Unable to initialize module” »


How to php get the real ip address behind the proxy

Beberapa hari yang lalu saya iseng ingin mengutak atik script php di salah satu backend aplikasi karena setelah menggunakan front end nginx sebagai reverse proxy untuk beberapa backend aplikasi, IP yang terdeteksi adalah IP front end (IP Proxy) dan bukan real IP dari visitor. Setelah membaca manual php di php.net akhirnya saya menemukan parameter yang harus diubah agar script php mengenali real ip address dari visitor. Continue reading “How to php get the real ip address behind the proxy” »