lighttpd too many open files

lighttpd server crashes with fllowing error in error_log file.

As lighttpd is a single-threaded server, its main resource limit is the number of file descriptors, which is set to 1024 by default (on most systems).

If you are running a high-traffic site you might want to increase this limit by setting server.max-fds.

Related Posts

lighttpd

maximum number of open files and file descriptors in linux

df not showing all mounts

On a server, df not showing all mounts

This is caused by corrupt /etc/mtab

To fix

See df

Show disk usage with df

df command shows patritions and disk used by each partitions.

df not showing all mounts

RHCSA Study Guide

1. Logical volume ‘home’ as created and mounted. Reduce its size to ‘192M’ (size from 185M to 200MB is acceptable)

2. Add a group sysmgrs

Add a user Natasha such that user’s secondary group is sysmgrs.

Add a user harry such that user’s secondary group is sysmgrs.

Add a user sarrah, who has no interactive shell, and not belongs to the group sysmgrs.

Set password of Natasha, harry and sarrah to lotawens.

3. Configure FTP access on your virtual machine to allow permission for anonymous user.

4. Make a collaborative directory /a/b and set the permission as

Group ownership of /a/b is sysmgrs

The directory should be readable, writable and accessable to members of sysmgrs, but not to any other user. ( it is undershould that root has access to all files and
directories on the system)

Files created in /a/b automatically have group ownership set to the group sysmgrs.

5. Copy the file /etc/fstab to /var/tmp. Configure the permissions of /var/tmp/fstab so that,

The file /var/tmp/fstab is owned by the root user

The file /var/tmp/fstab is belongs to group root

The file /var/tmp/fstab is should not be executable by anyone

The user natasha is able to read and write /var/tmp/fstab

The user harry can neigher write not read /var/tmp/fstab

All other users (current or future) have the ability to read /var/tmp/fstab

6. set cronjob for user natasha to do /bin/echo hiya at 14:23

7. host.domain70.example.com shares remote users. Configure ldap such that ldapusers has no home directory until we do automounting.

baseDN: dc=domain70, dc=example, dc=com

Certificate: ftp://host.domain70.example.com/pub/EXAMPLE-CA-CERT

Username: ldapuser70

Password: password

8. configure NTP with that of rhcert.domain70.example.com

9. Implement a web server for the site http://station.domain70.example.com/ then perform the following steps:

Download ftp://rhcert.domain70.example.com/pub/rhcsa/station.html

Rename the download file to index.html

Copy this index.html to the Document root of your web server.

DO NOT make any modifications to the content of index.html

10. Install the appropriate Kernel update from ftp://domain70.example.com/pub/updates/ The following criteria must also be met:

The updated kernel is the default Kernel when the system is rebooted.

The orginal kernel remains available and bootable on the system.

11. Configure autofs to automount the home directories of ldapusers host.domain70.example.com NFS-exports /rhome to your
machine. ldapuser70’s home directory should be automounted locally beneath /rhome/ldapuser7-. Home directores must be writable by thier users.

User: ldpauser70
Password: password

12. Create a swap partition of 754 MB size. Do not make any change to the existing swap partition

13. Add a user manlo with uid 1353. Set his password as lotawens

14. Locate all files and directories of user jacques and copy it to /root/findfiles

OR locate the files of owner “dax” and copy to the directory /root/founddirectory

OR Find files in your system which is owned by andrew user & save on /backup/somefile.

15. Find all lines contain a string loop in a file /etc/grub.conf copy it to /root/list. Don’t leave a free line in /root/list

16. Create a device:

Logical volume qa with 60 extents.

Volume group qagroup with 16MB extent size.

Mount it permanently under /abc with file system ext3

Install Unbound DNS caching server

Unbound is an Open source DNS caching and recursive resolver. You can find more about unbound at

https://nlnetlabs.nl/projects/unbound/about/

To install unbound on Ubuntu/Debian, run

To start unbound

Set unbound to start on boot

To configure your server to use local name servers provided by unbound, edit file

Add

See dns

Start x11vnc with supervisord

To auo start x11vnc with supervisord, first install x11vnc and supervisord

Create a password file

Replace YOUR_SECRET_PW with whatever password you want to use.

Create supervisord unit file

Add following content

Replace USERNAME_HERE with actual user name used to login to system.

Enable supervisior

You can use following commands to interact with supervisord

See vnc

centovacast icecast

Manually run icecast on CentovaCast server

On CentovaCast server, icecast is run as user ccuser, to run icecast, you need to enable shell for this user. By defult, this user have shell access disabled.

running icecast manually maybe useful when you want to debug some issue with icecast.

To enable bash shell for user, run

Login as user ccuser

Now start icecast with

Beofore you manually start icecast from terminal, make sure you stop icecast by logging into user in Centova Cast control panel.

centovacast icecast

See Centova Cast

CentovaCast Enable SSL on icecast

Before you can get SSL work, you need to compile icecast with SSL. If icecast is not installed with SSL support, it will ignore settings and just serve the stream using non HTTPS.

To install icecast with SSL support, download icecast from

https://icecast.org/download/

You need to verify SSL supported enabled. If you don’t have SSL support, you will see following error.

If SSL enabled, you can verify it with

You will see something like

If you get SSL disabled message, you need to install openssl-dev package

If SSL enabled, install icecast with

Replace icecast provided with CentovaCast with

Enable SSL for stream

You need to edit icecast config for each user to do this. Config file stored at

Find

Replace with

Here port 8005 is whatever port used by the stram. 9005 can be any unused port. It is better just use a port same format, so you know what port SSL will be running on.

Find

Add Below

Now create a file

Paste your SSL in following order

Stop and start icecast in CentovaCast.

Here is a server.conf file for a user with SSL enabled.

https://gist.github.com/serverok/57ae398bb94aa61d9945f2405c73e221/raw

See Centova Cast