Disable OPcache for specific PHP script. Exclude from OPcache.

Sometimes accelerating with opcache can cause some problems with your application scripts. In those cases, when your script shouldn’t be accelerated, you can specify those scripts with opcache’s blacklist which will exclude this files from acceleration. Example bellow is done on CentOS 7.

First, find configuration file for your opcache php extension. You can do something like this:

[root@meow php.d]# php -i | grep opcache | grep ini
Additional .ini files parsed => /etc/php.d/10-opcache.ini,

Open 10-opcache.ini and you should see something like bellow. Path to opcache’s blacklist file.

; The location of the OPcache blacklist file (wildcards allowed).
; Each OPcache blacklist file is a text file that holds the names of files
; that should not be accelerated.
opcache.blacklist_filename=/etc/php.d/opcache*.blacklist

Close 10-opcache.ini and open file named opcache-default.blacklist which should be in same directory. If not, create one. This file will contain a list of php scripts which should be ignored by opcache. 

[root@meow php.d]# cat opcache-default.blacklist
; The blacklist file is a text file that holds the names of files
; that should not be accelerated. The file format is to add each filename
/path/to/ignored/script/ignoreThis.php
/path/to/another/ignored/script/ignoreThisToo.php
...

Get list of mass/multi domain redirects with CURL

I had large list of domains for which I had to check to which location are they pointing/redirecting. Curl is best option for this kind of work. To save some time, I wrote this simple one liner which will do that for you.

First, create txt file which will contain list of all domains that you want to check. For this example I will create domains.txt. 

Then, run this command – replace file name with yours.

> $ for i in `cat domains.txt`; do echo -n "$i -> "; curl -I -s -L -o /dev/null -w %{url_effective} -o /dev/null $i; echo "\t"; done

This will give you domain name with location to which it’s redirecting:

domain1.com -> https://www.domain1.com/sl 
domain1.de -> https://www.domain1.com/de 
domain2.si -> http://domain2.si/si 
example.com -> https://www.example.com/
lalala.es -> https://www. lalala.es/spain 
bash.com -> https://www.bash.com/i/love
...

NGINX: rewrite non-www to www for multi domain virtual hosts

If you have NGINX virtual host that has a multi different domains pointing to same document root (multi server_name), and you want to automatically redirect non-www to www, than bellow is simple solution. I also wanted to redirect to https with www.

If you don’t need https redirection, than you can simply use variable $scheme instead of “https:”. 

if ( $host !~ ^www\. ) {
            return 302 https://www.$host$request_uri;
}

So virtual host should look something like this:

server {
      listen 1.1.1.1:80;
      server_name domain1.com www.domain1.com domain2.com www.domain2.com;

      if ( $host !~ ^www\. ) {
           return 302 https://www.$host$request_uri;
      }
      return 302 https://$host$request_uri;
}

You should also make this redirect in your https server definition. otherwise request for https://domain1.com won’t redirect to www.

server {
      listen 1.1.1.1:443;
      server_name domain1.com www.domain1.com domain2.com www.domain2.com;
      if ( $host !~ ^www\. ) {
              return 302 https://www.$host$request_uri;
      }

      ssl on;
      ssl_certificate /etc/letsencrypt/live/domains.com/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/domains.com/privkey.pem;

      .... //other nginx configuration ....
}

Nice way to do HTTP to HTTPS redirection with Apache .htaccess

I had some sites on shared hosting environment for which I had to do http to https redirection with .htaccess file. I did 302 redirection intentionally so that in case of error, browser doesn’t cache redirection. You can aslo make permanent 301 redirect if needed.

This is nice and simple way to do it:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=302]

Multidomain webroot for Letsencrypt with NGINX

If you have web server on which there is a lot of virtual hosts, you may want to have one webroot directory for Letsencrypt SSL certificates only. So when Letsencrypt will make the requests for SSL registration or renewal, it will look in this directory. In this case I did this on CentOS 7 with NGINX web server.

First, let’s create directory what will be used for letsencrypt purposes. It must be writable by your web server user. You can define different path.

[root@machine ~]# mkdir -p /var/www/le-certs
[root@machine ~]# chown -R wwwuser:wwwgroup /var/www/le-certs

Letsencrypt will need access in “.well-known/acme-challenge”. For NGINX add something like this in your server block for desired virtual host.

location ~ /.well-known/acme-challenge/ {
             root /var/www/le-certs/;
             break;
}

You can also create new file named, for example le-config.conf and add block above in to it. Then you can simply include this line in your virtual hosts. 

server {
             listen :443 ssl http2;
             server_name mywebsite.com www.mywebsite.com;
             root /var/www/mywebsite/;

             include le-config.conf;
              ...
}

 

 

Magento – lock administration to specific country

Brute force attacks on Magenta administration are also very common issue, like with WordPress, well maybe a little less :). If you can’t lock your administrations on specific fixed IP addresses, than you can probably lock administration so that is accessible only from your country. Russia and China for example, are countries from which those kind of attacks are very common. So it is good idea to block them.

For this example, I’m doing this on Apache 2.4 with GeoIP module installed. Before you proceed, you should have installed geoip.

To have Magento administration accessible only from Germany (for example), add code bellow to your apache vhost configuration. This geoip was installed on CentOS 7, you should change path to GeoIP.dat accordingly to your installation. You should also change country code to the one that you want access from.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^DE$
RewriteCond %{REQUEST_URI} ^/(index.php/)?admin/? [NC]
RewriteRule .* - [R=403,L]

© 2019 geegkytuts.net
Hosted by Hosterdam


About author