Recently I’ve started using Amazon Web Services for my hosting solution. One of the great benefits is having so much flexibility available with the servers your create. I wanted to share today how to create an image from a running server

I am using a Ubuntu as my flavor of Unix. I am going to assume you can use man and –help for more information and help.

You will need to install Amazon EC2 AMI Tools

uncomment multiverse repositories, update, and install

vi /etc/apt/sources.list
apt-get update
apt-get install ec2-ami-tools

create a cert and private key to encrypt your image!

I created two scripts one to bundle up my server, and the second one to upload it.

root@\server:~/AMI# cat createImage.csh  uploadBundle.csh
#!/bin/bash
ec2-bundle-vol -d /mnt -k Pk-file.pem -c cert-file.pem -u userid-number -r x86_64 -p tagname

#!/bin/bash
ec2-upload-bundle -b bucket-name -m /mnt/tagname.manifest.xml -a access-key -s access-pass

Now you can register your server AMI and Launch a new server the uploaded image

from the Amazon web panel, you can navigate to AMI’s, select register new AMI and input the manifest link. It would look something like this

AMI Manifest Path*:

http://s3.amazonaws.com:80/bucket-name/tagname.manifest.xml

This is a total rewrite of my original notes on wordpress folder permissions, I still consider the folder permissions discussed with the earlier article relevant, and a good starting point. This article will discuss reconfiguring apache to use mod fast cgi. This eliminates the problem of wordpress folder permissions and also improves server performance.

Assuming you are running your own server, and have the ability to reconfigure apache. We are going to change the default behavior of apache. Instead of having your web requests handled by the default user www-data or apache, we can have it spawn a process to handle requests for that domain with the credentials of a specific user, this is espically useful if you host multiple domain. This greatly improves security, and also enables you to set specific configurations on a per domain basis, without having to do site wide changes.

The overall picture is that apache will spawn servers to handle incoming requests. Those requests are then handed over to children cgi processes that run under different user ids.

I’m not going to write my own details and directions as there are many websites out there that detail this, however please check the notes section below. One good reference would be Brandon Turner’s link below

http://www.brandonturner.net/blog/2009/07/fastcgi_with_php_opcode_cache/

Notes:

I found the following script to work best with my current needs and setup for the fcgi:

#!/bin/sh
PHPRC=/etc/php5/cgi/
export PHPRC
PHP_FCGI_MAX_REQUESTS=5000
export PHP_FCGI_MAX_REQUESTS

umask 0022
exec /usr/lib/cgi-bin/php -d apc.shm_size=15

Please only have one manager manage the process. In my case I have in my apache.conf file MaxRequestsPerChild=5000
Apache will kill off the php children as it hits that limit. You don’t want your fcgi to spawn any extra process, by including PHP_FCGI_CHILDREN=n
You will end up with apache killing off one of the fcgi parents, leaving a whole bunch of orphaned children eating up the system resources.

Results

The data really speaks for itself. I’m glad I made the switch, see my memory results below. I did not include total memory as that is not relevant to this post. The dead portion in the middle was my fault, I had failed to realize that I needed to change the security settings on the the cacti folder since I switched to fcgi to handle web requests. Once I changed the folder ownership.

cacti memory stats

Conclusion

Definitely worth the time in setting up. It is not a simple task, but the results are rewarding. I hope you’ve find this post useful and can use it with your site.

It is important to keep your WordPress installation as secure as possible. One of the most common mistakes is setting the folder permission to world or group writable. There is no need for this, and if a plug-in requires this setting, I would definitely think twice about installing it.

I wrote a quick script that would reset all my folder and file permissions.

#!/bin/sh
find ./html -type d -exec chmod 755 {} \;
find ./html -type f -exec chmod 644 {} \;

Troubleshooting Section.

• Unable to locate WordPress Plugin directory

Recently when trying to upgrade a plug-in I received the infamous (Unable to locate WordPress Plugin directory.) This was actually due to a setting on the ftp server that I was using. It was setup to jail ftp users to their home directories. This works great if you only manage one site, under one account. In my case, I was able to remedy this by changing the ftp config file to the following

# Use this to jail all users in their homes
DefaultRoot                     ~ !MrOdysseus

• Apache Server-Status not found

Cacti was polling and logging apache statistics for some time without any problems. I recently discovered that you can’t have wordpress Permalink/mod-rewrite enabled without running into some problems when cacti tries to poll for data. Since anything hitting the main site at /server-status, is automatically trying to be rerouted by wordpress.

A quick fix was to add a new virtual host entry that would disable all overrides for traffic hitting localhost, which is exactly what was needed to get cacti to work. Apache documentation can be found here.

ServerAdmin root@silly-url.com
ServerSignature Off

Most companies restrict your desktop experience for various reasons, one of the more annoying restrictions is having a screen saver popping up and locking your window. A simple way to bypass this is to start Windows Media Player, Hit Play on any song, select the continuous loop option, and finally mute the volume.

Very simple and elegant. WMP has a built in option under Player Preferences to stop the screen saver from loading. This option is generally turned on by default.

Of course you are circumventing your IT security measures, so use this with care,  especially if you walk away from your desktop. always CTRL-ALT-DEL