Top Nav

Archive | Webservers

MariaDB on CentOS 7 – “Error in accept: Too many open files”

By default is seems the soft and hard open files limits on MariaDB in CentOS 7 are 1024 and 4096 respectfully. You can see these limits by first getting the process ID:

And then looking at the limits in the proc filesystem:

You’ll see something like this:

Notice the numbers for “Max open files”.

If you run into problems with MariaDB failing and you see errors like this in the log:

Then you need to increase the open files limits by editing:

and adding this line:

to the “[Service]” section. Then reload the systemctl daemon:

and restart the MariaDB service:

Now the limit will be increased.  For example:

UPDATE: We’ve seen similar problems with nginx. The solution is similar … increase the limits for the nginx service.

UPDATE: As noted by Bastiaan Welmers in the comments, it better to copy the service control file then to edit:

 

 

 

 

 

1

Force HTTP On Nginx

Simple configuration line to redirect HTTPS requests to HTTP:

0

Enable Compression On Plesk With Nginx

To enable compression on a Plesk server with Nginx handling static content, had to add the following to .htaccess:

This configuration is explained here: https://www.a2hosting.com/kb/developer-corner/apache-web-server/data-compression-using-the-mod-deflate-module

And then in Plesk under:

Subscriptions -> acme.com -> Websites & Domains -> Web Server Settings -> Additional nginx directives

added the following:

The Nginx configuration is explained here: http://www.nginxtips.com/how-to-configure-nginx-gzip-compression/

2

Redirect With Query String

Let’s say you have URL like this:

http://acme.com/my-old-url

that you want to redirect to a new url:

http://acme.com/new-url

This is easily accomplished with a rewrite rule:

But what if the source URL has a url parameter like:

http://acme.com/my-old-url?id=27

In this case we need to use  RewriteCond to match the url parameter:

Notice the question mark (?) at the end of “/new-url?”. This causes the query string to be discarded. If the question mark is not included then the redirect will go to:

http://acme.com/new-url?id=27

If you want to keep the query string then you can explicitly add it with the QSA option like:

Also in Apache 2.4 and latter the QSD option can be used to exclude the query string with the same effect at the trailing question mark:

 

 

0

How-to Mitigate Bittorrent DDOS Attacks

You’ll know that you’re getting hit with a Bittorrent attack when the server slows down and you see log entries referencing:

Here’s a good article about one sysadmin’s struggle with this type of attack:

http://blog.carlesmateo.com/2015/01/23/stopping-a-bittorrent-ddos-attack/

There are a number of possible strategies to mitigate this attack:

1. CloudFlare will block but it can take time to move DNS to CloudFlare and activate.

2. Create an announce.php file that returns an error like this:

This will use fewer resources then letting WordPress or other CMS return a 404.

3. Block in iptables with a rule like this:

Not sure how efficient this is on a high traffic web server.

4. Block in Apache config:

5. Block with fail2ban as described here:

http://shazbert.com/blog/2015/01/24/fail2ban-china-ddos-announce-bittorent/

Note that Plesk 12 has fail2ban built-in so this fix is easy to implement.

6. If traffic is limited to a range of IP addresses then block that range in any available firewall. For example we’ve defeated this attack in one case by blocking a class B range from China.

Other suggestions on blocking this type of attack are welcomed. Comment below and let us know if you’ve seen this attack and how you handled it.

0