Supervisord is a great system for monitoring processes and restarting them when they fail. For a Web application, a great use is worker processes which monitor message queues and process jobs asynchronously to the UI.
Supervisord can be installed with:
$ apt-get install supervisor
One nice feature is a web interface which allows you to monitor the processes, and manually restart if necessary. By default it’s turned off, but you can turn by adding the following lines to the /etc/supervisor/supervisord.conf file:
The web interface will now be available on port 9001
by default, the configurations for each process we need to monitor are stored in /etc/supervisor/conf.d
you can have multiple configurations in one file, or keep each one separate. as an example, here is a file i use to keep a worker process running:
Because the world of Spam email exists, sending emails direct from a server can sometimes be troublesome, especially if you end up in a situation where a large number are being sent. If you;re running some form of Web App, you obviously dont want your server being accused of Spamming, so a smarthost is the only option!
sendmail is either preinstalled, or easy to install on just about every Linux system I have come across, and setting this up is a breeze.
First you need to set the authorization credentials in /etc/mail/access
Fail2Ban is a simple service you can install to monitor your auth.log file and temporarily ban IP’s who are trying to log in to your systems.
It works with an number of protocols, but out of the box it comes pre configured to monitor and secure SSH. You can install is on debian linux with:
$ apt-get install fail2ban
Once installed it will work as-is, but there are two specific things worth configuring. It’s great to have an email alert when an attempt is made, so we need to configure the default action. There are three options:
[Default] Just go ahead and ban the IP
Ban the ip, but also send an email and whois report
Ban the IP, send email with whois report and also the auth.log lines containing the rouge IP
This needs to be set in /etc/fail2ban/jail.conf. The default is (line 102):
action = %(action_)s
and finally we need to configure the email address we will send to. This is on line 57:
destemail = firstname.lastname@example.org
restart the service:
$ service fail2ban restart
And we’re done! By default IP’s are banned through IPTables for a period of 10 minutes.
I’ve been wasting an afternoon playing with my Raspberry Pi today, and having found an old webcam lying around I decided to see if I could make a couple of time-lapse films – No reason, just to see if I can! Continue reading →
After a huge number of comments from a whole range of people, I ended up deciding that while the editor works, there are some caveats thats just can’t be ignored, so I followed up with Worlds Simplest HTML Markdown Editor as a simple but usable alternative. Continue reading →
I work from home most of the time, which means my ADSL really is a life line. Without it i’d be making a 35 mile trek to the office every day.
The village i live in doesn’t have the greatest ADSL, but it’s not too bad either. For most stuff it’s perfectly workable, however I have repeatedly had problems with home routers and their inability to work correctly for extended periods. From a ton of reading i guess it’s down to memory leaks etc. A simple power cycle fixes it, but that’s not a great help during a VoIP call when the line keeps breaking up. Power cycles typically take 2-4 minutes to complete, which is often an issue, followed by a 1 min VPN reconnect…. Continue reading →
If you’ve played around with a Raspberry Pi (http://www.rapberrypi.org) much, then you may well have come across a small but quite annoying issue with your SD card becoming corrupt.
Now I can say why it happens, but the problem appears to only happen occasionally, and only with some card, but when it happens it can be really annoying! I know we’re all supposed to back up after every keystroke, but one of the things about the RPi is that it’s a great hobby platform. This means that quite often you;re just messing with things to get an idea working. Often it’s hard to remember exactly what it was that you did to make it work, which makes a corrupt SD even more annoying! Continue reading →
Well as it turns out, it’s really not that simple! The number of issue presented by every browser implementing things differently creates a situation where the whole idea can only really be used if you can guarantee with absolute certainty that only one browser type and version will be used! Continue reading →
Recently I have been using BitBucket to get to grips with Git. Git is a strange version control system, although maybe that’s because I am more used to SVN.
One thing I had read was that Git was great for remote deployment, because only the deltas are needed, making the whole update process far quicker. The added bonus is that you can always log in to the production server and change branch or revision quickly if you really do foul up!
BitBucket supports Git Hooks. These are essentially scripts which are run on certain events. In my particular case, what I wanted was for BitBucket to POST some data to a specific URL on my server on the event of a push. Continue reading →