NetBSD 5.0 released and I have downloaded iso for i386 and amd64 arch. If you are staying in Malaysia, you can leech from my site. 
http://ms.shit.la/netbsd/i386cd-5.0.iso
http://ms.shit.la/netbsd/i386cd-5.0.iso.MD5
http://ms.shit.la/netbsd/i386cd-5.0.iso.SHA1
http://ms.shit.la/netbsd/amd64cd-5.0.iso
http://ms.shit.la/netbsd/amd64cd-5.0.iso.MD5
http://ms.shit.la/netbsd/amd64cd-5.0.iso.SHA1
Thursday, April 30th, 2009
Quite often, most of us download files from file-hosting sites like Rapidshare, Megaupload, Ziddu, kewlshare, Badongo and etc. You are probably annoyed and sick of restriction, time wait, captcha enforced by these service providers. To avoid all those and have a hassle free download, you could probably subscribe to their service. Here is another alternative. Let this shinny little piece of java software manages it for you. Take a peek at FreeRapid downloader.
There are currently 79 file hosting sites supported and it works on Windows, Mac, Linux, BSD and other Unix-variants. Sweet!!!! Just what I needed. For FreeBSD, you need diablo-jdk (I have tested with diablo-jdk-1.6.0.07.02_4). Just download the package, unzip and run frd.sh. If you jre is not defined in $PATH environment, you have to edit frd.sh to have for example
PATH=/usr/local/diablo-jdk1.6.0/jre/bin:$PATH
Screenshot
A list of sites that are currently supported (not a complete listing)
* Rapidshare.com (+ premium)
* MegaUpload.com
* Megarotic.com and Sexuploader.com
* NetLoad.in
* MediaFire.com
* FileFactory.com
* Filebase.to
* Uploaded.to
* DepositFiles.com
* Share-online.biz
* Egoshare.com
* Easy-share.com
* Letibit.net
* XtraUpload.de
* Shareator.com
* Kewlshare.com
* SaveFile.com
* Ziddu.com
* 4shared.com
* Load.to
* UploadBox.com
* UGotFile.com new
* NetGull.com new
* Plunder.com new
* FileUpload.net new
* WebShare.net
* FileSend.net
* 2Shared.com
* Uploading.com
* Yourfiles.biz
* Ultrashare.net
* SendSpace.com
* Wiiupload.com
* Badongo.com new
* Hotfile.com new
* WikiUpload.com new
* DataUp.de new
* Rapidshare.de
* Uppit.com
* FileFlyer.com
* BitRoad.net
* Jandown.com
* iFile.it
* Iskladka.cz
* HellShare.com (+full)
* QuickShare.cz
* Uloz.to
* Sdilej.cz new
* Uloz.cz
* Share-rapid.com
* Nahraj.cz
* FlyShare.cz
* Edisk.cz
* Bagruj.cz
* LeteckaPosta.cz
* CZShare.com free (+profi)
* Subory.sk
* Upnito.sk
* CobraShare.sk
* Ulozisko.sk
* Stream.cz (video)
* O2MusicStream.cz (video) new
* YouTube.com (video)new
* Usercash.com (crypter)
* Tinyurl.com (crypter)
* Linkbucks.com (crypter)
* RSMonkey.com (crypter)new
* Radikal.ru (crypter)
* Paid4share.com (crypter) new
Thursday, April 30th, 2009
Previously, I posted write-up on glusterfs on FreeBSD clusters. Here the installment on round-robin web proxy part. In my configuration, nginx is running as front-end and apache is the back-end. Both boxes have same configuration on nginx and apache. Nginx SSL cert and key should be the same as well (with same common name i.e. www.yourdomain.com).
APACHE
I will skip most of the apache installation part as it is too common and easy to set up. The basic requirement for apache is to run with SSL on port 8443. Please take note that mod_rpaf is required for apache to capture the real IP address of the visitors. Install it from /usr/ports/www/mod_rpaf2. Then add these lines to your httpd.conf.
LoadModule rpaf_module libexec/apache22/mod_rpaf.so
<IfModule rpaf_module>
RPAFEnable On
RPAFsethostname On
RPAFproxy_ips 192.168.100.82 192.168.100.84
</IfModule>
Note:
IP address for node 1 = 192.168.100.82
IP address for node 2 = 192.168.100.84
NGINX (engine X)
Installation of nginx is fairly simple under FreeBSD as the ports is complete (no messy manual patching and stuff). Just run the installation with this command. But take note that you need these two options: HTTP_SSL_MODULE and HTTP_UPSTREAM_FAIR. Yes, you need them.
cd /usr/ports/www/nginx && make install
The configuration file, nginx.conf, is relatively easy to understand if you are fimilar with lighttpd or apache mod_proxy. The following is an example of nginx config file. Remember, use with care because YMMV.
user www;
worker_processes 4;
events {
worker_connections 4096;
}
http {
include /usr/local/etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 5;
gzip on;
upstream backend_servers {
fair;
server 192.168.100.82:8443;
server 192.168.100.84:8443;
}
server {
listen 80 default;
server_name _;
server_name_in_redirect off;
access_log /var/log/nginx-access.log;
error_log /var/log/nginx-error.log;
location / {
proxy_pass https://backend_servers;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 5;
proxy_send_timeout 5;
proxy_read_timeout 5;
}
}
server {
listen 443 default;
server_name _;
server_name_in_redirect off;
access_log /var/log/nginx-ssl-access.log;
error_log /var/log/nginx-ssl-error.log;
ssl on;
ssl_certificate /etc/ssl/certs/nginx-cert.pem;
ssl_certificate_key /etc/ssl/keys/nginx-key.pem;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
ssl_prefer_server_ciphers on;
location / {
proxy_pass https://backend_servers;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 5;
proxy_send_timeout 5;
proxy_read_timeout 5;
}
}
}
Vhost is managed by apache httpd. Thus these lines are needed in nginx.conf.
server_name _; server_name_in_redirect off;
For SSL cert and key generation, please refer to previous post, glusterfs on FreeBSD. That’s it.
Wednesday, April 22nd, 2009
UPDATE : Check out recent committed /usr/ports/www/spawn-fcgi/, it comes with a better spawn-fcgi rc.d script. Please use the script from the post. However, the spawn-fcgi.sh provided does not have option to run via unix socket. I have submitted the patch.
Few days ago, I posted a write-up, FreeBSD : php-cgi spawn-fcgi rc.d script for nginx, on running php-cgi on port 8888. But how do I run it via unix socket? It is trivial with spawn-fcgi rc.d script. Just add the flags to /etc/rc.conf
spawnfcgi_flags="-s /tmp/php-fastcgi.socket -u www -g www -f /usr/local/bin/php-cgi"
Next, replace the line
fastcgi_pass 127.0.0.1:8888;
with this
fastcgi_pass unix:/tmp/php-fastcgi.socket;
Lastly restart both php-cgi and nginx:
/usr/local/etc/rc.d/spawnfcgi restart && /usr/local/etc/rc.d/nginx restart
That’s all. You have your php-cgi on unix socket.
Friday, April 17th, 2009
I have been working on parallel round-robin web clusters (is this the right term?) using 2 x FreeBSD 7.1 AMD64 boxes, nginx (patched with fair upstream), apache + php (backend), glusterfs, tinydns (sitting on another box, a name server, for round robin A record) and mysql multi-master replication. The setup is mainly making use of round-robin replication concept. Although I have yet fully hammered the configuration, it was pretty impressive and secure.
Glusterfs and mysql replicate with SSL. Nginx with SSL. These, however, are slightly at the expense of CPU and performance. I can live it that though.
The write-up of the setup is in progress as I am quite tied up with my day job, HeX project and glusterfs 2.0 ports for FreeBSD. Hopefully, I can manage the time well to complete all these. Nevertheless, here is partial (optional) write-up for glusterfs replication with SSL.
Note: server1 and server2 denote the FreeBSD clusters.
1) Installing required software
Most of the software except glusterfs (not in the freebsd ports as of this posting) is available via the FreeBSD ports. I’m aware of that TimurBakeyev is working on glusterfs ports.
# cd /usr/ports/security/stunnel && make install clean
2) Creating SSL certs (on either of the box)
Generally, it is easier to manage all certs/keys generation on a single box and duplicate required certs to the rest of the boxes. But YMMV. Commonly, cacert.pem and cert/key generated are copied.
2.1) For the impatient
Just create the certificate in 1 liner. Remember to modify the content of “-subj”.
# openssl req -new -outform PEM -out /etc/ssl/stunnel-cert.pem -newkey rsa:1024 \ -nodes -keyout /etc/ssl/private/stunnel-key.pem -keyform PEM -days 3650 -x509 -subj \ '/C=ur country code/ST=ur state/L=ur location/CN=ur server common name/O=ur org/OU=ur org unit'
2.2) For the patient
Creating necessary directories for ssl with the following commands.
# mkdir /etc/ssl/newcerts # mkdir /etc/ssl/private # echo '01' >/etc/ssl/serial # touch /etc/ssl/index.txt
Next, let’s generate a CA. You will be prompted with questions of your country, state, location etc and password for the CA key.
# openssl req -new -x509 -extensions v3_ca -keyout /etc/ssl/private/cakey.pem \ -out /etc/ssl/cacert.pem -days 3650 -config /etc/ssl/openssl.cnf
Generating a cert request for stunnel
# openssl req -outform PEM -out /etc/ssl/server-req.pem -newkey rsa:1024 -nodes \ -keyout /etc/ssl/private/stunnel-key.pem -keyform PEM -days 3650 -subj \ '/C=ur country code/ST=ur state/L=ur location/CN=ur server common name/O=ur org/OU=ur org unit'
Lastly using the CA key to sign the cert.
# openssl ca -in /etc/ssl/stunnel-req.pem -notext -out /etc/ssl/stunnel-cert.pem
3) Modifying stunnel rc.d for stunnel running client mode
The rc.d startup for stunnel is meant for running either server or client mode only. I need both modes here. Thus, a quick replication of stunnel rc.d to run another client mode instance of stunnel. I named it /usr/local/etc/rc.d/stunnelc.
#!/bin/sh
#
# $FreeBSD: ports/security/stunnel/files/stunnel.in,v 1.9 2008/01/26 14:18:12 roam Exp $
#
# PROVIDE: stunnelc
# REQUIRE: NETWORKING SERVERS
# BEFORE: DAEMON glusterfs
# KEYWORD: shutdown
#
# Add some of the following variables to /etc/rc.conf to configure stunnel:
# stunnelc_enable (bool): Set to "NO" by default.
# Set it to "YES" to enable stunnel.
# stunnelc_config (str): Default "/usr/local/etc/stunnel/stunnel-client.conf"
# Set it to the full path to the config file
# that stunnel will use during the automated
# start-up.
# stunnelc_pidfile (str): Default "/var/tmp/stunnel/stunnel-client.pid"
# Set it to the value of 'pid' in
# the stunnel.conf file.
#
. /etc/rc.subr
name="stunnelc"
rcvar=`set_rcvar`
load_rc_config $name
: ${stunnelc_enable="NO"}
: ${stunnelc_config="/usr/local/etc/stunnel/stunnel-client.conf"}
: ${stunnelc_pidfile="/var/tmp/stunnel/stunnel-client.pid"}
procname="/usr/local/bin/stunnel"
command="/usr/local/bin/stunnel"
command_args=${stunnelc_config}
pidfile=${stunnelc_pidfile}
required_files="${stunnelc_config}"
run_rc_command "$1"
4) glusterfs vol configuration
In this setup, glusterfsd is listening on lo0 127.0.0.1 port 6996 and stunnel server listening on em0 (net facing nic) port 8996. Stunnel client, on the other hand, is listening on 127.0.0.1 port 7996, forwarding to remote host on port 8996. Glusterfs client mount volume which is on 127.0.0.1 port 6996 and 7996 (which is tunneled to port 8996 of remote host). Refer to the configurations below:-
i) stunnel-server.conf.
[glusterfsd] accept = 8996 connect = 127.0.0.1:6996
ii) stunnel-client.conf.
[glusterfs] accept = 127.0.0.1:7996 connect = server2:8996
Auth login was used due to privileged port ceiling of 1024 imposed by auth addr method. Auth login method care less about privileged port ceiling.
Please refer to
http://www.gluster.org/docs/index.php/GlusterFS_Encrypted_network
http://www.gluster.org/docs/index.php/Translators_v2.0#auth.login
As I’m still working on glusterfs 2.0 ports, you can use the rc.d scripts that I have completed glusterfs and glusterfsd.
APPENDIX
Configuration files on server1
I) /etc/rc.conf
fusefs_enable="YES" glusterfsd_enable="YES" glusterfs_enable="YES" glusterfs_mount="/usr/home/www" stunnel_enable="YES" stunnel_config="/usr/local/etc/stunnel/stunnel-server.conf" stunnel_pidfile="/var/tmp/stunnel/stunnel-server.pid" stunnelc_enable="YES" stunnelc_config="/usr/local/etc/stunnel/stunnel-client.conf" stunnelc_pidfile="/var/tmp/stunnel/stunnel-client.pid"
II) Stunnel configuration for glusterfsd (/usr/local/etc/stunnel/stunnel-server.conf)
cert = /etc/ssl/stunnel-cert.pem key = /etc/ssl/private/stunnel-key.pem sslVersion = SSLv3 chroot = /var/tmp/stunnel setuid = stunnel setgid = stunnel ; PID is created inside chroot jail pid = /stunnel-server.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 CAfile = /etc/ssl/cacert.pem output = /var/log/stunnel.log [glusterfsd] accept = 8996 connect = 127.0.0.1:6996
III) Stunnel configuration for glusterfs (/usr/local/etc/stunnel/stunnel-client.conf)
cert = /etc/ssl/stunnel-cert.pem key = /etc/ssl/private/stunnel-key.pem sslVersion = SSLv3 chroot = /var/tmp/stunnel setuid = stunnel setgid = stunnel ; PID is created inside chroot jail pid = /stunnel-client.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 CAfile = /etc/ssl/cacert.pem output = /var/log/stunnelc.log client = yes [glusterfs] accept = 127.0.0.1:7996 connect = server2:8996
IV) Glusterfs client configuration (/usr/local/etc/glusterfs/glusterfs.vol)
volume remote1 type protocol/client option transport-type tcp option remote-host 127.0.0.1 option remote-port 6996 option remote-subvolume brick end-volume volume remote2 type protocol/client option transport-type tcp option remote-host 127.0.0.1 option remote-port 7996 option username yourusername option password yourpassword option remote-subvolume brick end-volume volume replicate type cluster/replicate subvolumes remote1 remote2 end-volume volume writebehind type performance/write-behind option block-size 128KB option cache-size 1MB subvolumes replicate end-volume volume cache type performance/io-cache option cache-size 512MB subvolumes writebehind end-volume
V) Glusterfs server configuration (/usr/local/etc/glusterfs/glusterfsd.vol)
volume posix type storage/posix option directory /usr/home/www-shared end-volume volume locks type features/locks subvolumes posix end-volume volume brick type performance/io-threads option thread-count 8 subvolumes locks end-volume volume server type protocol/server option transport-type tcp option transport.socket.bind-address 127.0.0.1 option auth.addr.brick.allow 127.0.0.1 option auth.login.brick.allow yourusername option auth.login.yourusername.password yourpassword subvolumes brick end-volume
Wednesday, April 15th, 2009
I was busy working on glusterfs ports for FreeBSD. Still some issues to be ironed out before it can be submitted to the upstream. At same the time, I set up web servers running nginx with php5 via fastcgi. FreeBSD doesn’t have rc.d script to trigger spawn-fcgi process. So I wrote a quick one. Below is the script.
#!/bin/sh
#
# $FreeBSD$
#
# PROVIDE: spawnfcgi
# REQUIRE: DAEMON
# BEFORE: nginx
# KEYWORD: shutdown
#
# Add the following lines to /etc/rc.conf to enable spawnfcgi:
# spawnfcgi_enable (bool): Set it to "YES" to enable spawnfcgi.
# Default is "NO".
# spawnfcgi_flags (str): Default is "-a 127.0.0.1 -p 8888 -u www -g www -f /usr/local/bin/php-cgi".
#
. /etc/rc.subr
name="spawnfcgi"
rcvar=${name}_enable
load_rc_config $name
spawnfcgi_enable=${spawnfcgi_enable:-"NO"}
spawnfcgi_flags=${spawnfcgi_flags:-"-a 127.0.0.1 -p 8888 -u www -g www -f /usr/local/bin/php-cgi"}
spawnfcgi_pidfile="/var/run/${name}.pid"
procname="/usr/local/bin/php-cgi"
pidfile=${spawnfcgi_pidfile}
command=/usr/local/bin/spawn-fcgi
command_args="${spawnfcgi_flags} -P ${spawnfcgi_pidfile}"
run_rc_command "$1"
Note: spawn-fcgi is part of lighttpd.
Just add spawnfcgi_enable=”YES” to /etc/rc.conf to enable it. As this is just a simple script, not all option is stated. You can add/overwrite options via spawnfcgi_flags. Do check the option available via /usr/local/bin/spawn-fcgi -h
For nginx part, just add these lines to your server directive.
location ~ \.php$ {
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /path/to/the/phpscript/$fastcgi_script_name;
include fastcgi_params;
}
Friday, April 10th, 2009
© Copyleft 2010 bsd.m3th.org | Original theme by AGNWS