I have put this off for too long now – I am finally collecting all my projects, both personal and school related, and putting them up on github. Zaphinath’s GitHub repository. I have been using SVN and git for sometime on my own boxes. There are things I like about both and things I dislike. SVN has better version control and reverting abilities, but git is better to fork and merge code. Check out the repository sometime!
PS2 Receiver Module for VHDL
Description
I have several VHDL modules that have been coded to use with the Spartan 3E. My next couple of posts will have various modules followed by a top level design that connects them all together. This module is for a keyboard receiver. Keyboards communicate two ways. They transmit the key strokes in a 11 bit serial transmission. The first bit is a start bit, followed by 8 bits of data, then a parody bit, and finally ends with the stop bit.
Each key is transmitted one at a time. It is up the bios to interpet if keys are pushed in a combination, if a shift key is pushed, or if caps lock is on. Fortunately the ps2 protocol allows an easy way to check if shift is being pushed or not.
The key is pushed and transmits the keyboard code, and then periodically retransmits that code if the key is held down. When the key is released the keyboard will translate the hex value of F0 and then transmits the pressed key again. I use this to set a register if the shift is pushed and when the code gets resent it sets the register to to zero. The state machine for the ps2 receiver then just disregards two data sets sent after F0.
PS2 Rx
[vhdl]
library ieee;
use ieee.std_logic_1164.all;
use ieee.numeric_std.all;
entity ps2_rx is
port (
clk, rst : in std_logic;
ps2d, ps2c : in std_logic;
rx_en : in std_logic;
rx_done_tick : out std_logic;
shift_en : out std_logic;
dout : out std_logic_vector(7 downto 0)
);
end ps2_rx;
architecture arch of ps2_rx is
type statetype is (idle, dps, load);
signal state_reg, state_next : statetype;
— filter
signal filter_reg, filter_next : std_logic_vector(7 downto 0);
signal f_ps2c_reg, f_ps2c_next : std_logic;
signal b_reg, b_next : std_logic_vector(10 downto 0);
signal n_reg, n_next : unsigned(3 downto 0);
signal shift_reg, shift_next : std_logic := ‘0’;
signal last_reg, last_next : std_logic := ‘0’;
signal fall_edge : std_logic;
begin
— filter
process (clk, rst)
begin
if (rst = ‘1’) then
filter_reg <= (others => ‘0’);
f_ps2c_reg <= ‘0’;
elsif (clk’event and clk=’1′) then
filter_reg <= filter_next;
f_ps2c_reg <= f_ps2c_next;
end if;
end process;
filter_next <= ps2c & filter_reg(7 downto 1);
f_ps2c_next <= ‘1’ when filter_reg = "11111111" else
‘0’ when filter_reg = "00000000" else
f_ps2c_reg;
fall_edge <= f_ps2c_reg and (not f_ps2c_next);
— registers
process (clk, rst)
begin
if (rst = ‘1’) then
state_reg <= idle;
n_reg <= (others => ‘0’);
b_reg <= (others => ‘0’);
elsif (clk’event and clk=’1′) then
state_reg <= state_next;
n_reg <= n_next;
b_reg <= b_next;
shift_reg <= shift_next;
last_reg <= last_next;
end if;
end process;
— next-state logic
process(state_reg, n_reg, b_reg, fall_edge, rx_en, ps2d, shift_reg, last_reg)
begin
rx_done_tick <= ‘0’;
state_next <= state_reg;
n_next <= n_reg;
b_next <= b_reg;
shift_next <= shift_reg;
last_next <= last_reg;
case state_reg is
when idle =>
if (fall_edge = ‘1’ and rx_en=’1′) then
–shift in start bit
b_next <= ps2d & b_reg(10 downto 1);
n_next <= "1001"; — set count to 8 again
state_next <= dps;
end if;
when dps =>
if (fall_edge = ‘1’ ) then
b_next <= ps2d & b_reg(10 downto 1);
if (n_reg = 0) then
state_next <= load;
else
n_next <= n_reg – 1;
end if;
end if;
when load =>
— here we handle if signal f0 and following signal are
— asserted – we don’t want to transmit them to dout.
— one more state to complete last shift
state_next <= idle;
rx_done_tick <= ‘1’;
if (b_reg(8 downto 1) = x"12" or b_reg(8 downto 1) = x"59") then
shift_next <= not shift_reg;
if (last_reg = ‘1’) then
rx_done_tick <= ‘1’;
last_next <= ‘0’;
end if;
elsif (b_reg(8 downto 1) = "11110000") then
last_next <= ‘1’;
rx_done_tick <= ‘0’;
elsif (last_reg = ‘1’) then
last_next <= ‘0’;
rx_done_tick <= ‘0’;
end if;
end case;
end process;
shift_en <= shift_reg;
dout <= b_reg(8 downto 1);
end arch;
[/vhdl]
Keyboard to ASCII Decoder
There are 2^8 combinations – 256 options available and each keyboard code needs to be decoded to ascii codes. The following is a decoder checks if the registers are set for either caps or shift and determines the ascii output based on keyboard inputs.
key2ascii
[code lang=”vhdl”]
library ieee;
use ieee.std_logic_1164.all;
use ieee.numeric_std.all;
entity key2ascii is
port (
caps_enabled : in std_logic;
shift_enabled : in std_logic;
key_code : in std_logic_vector(7 downto 0);
ascii_code : out std_logic_vector(7 downto 0)
);
end key2ascii;
architecture arch of key2ascii is
signal ascii_normal, ascii_caps : std_logic_vector(7 downto 0);
begin
with key_code select
ascii_normal <=
"00110000" when "01000101", –0
"00110001" when "00010110", –1
"00110010" when "00011110", –2
"00110011" when "00100110", –3
"00110100" when "00100101", –4
"00110101" when "00101110", –5
"00110110" when "00110110", –6
"00110111" when "00111101", –7
"00111000" when "00111110", –8
"00111001" when "01000110", –9
"01100001" when "00011100", –a
"01100010" when "00110010", –b
"01100011" when "00100001", –c
"01100100" when "00100011", –d
"01100101" when "00100100", –e
"01100110" when "00101011", –f
"01100111" when "00110100", –g
"01101000" when "00110011", –h
"01101001" when "01000011", –i
"01101010" when "00111011", –j
"01101011" when "01000010", –k
"01101100" when "01001011", –l
"01101101" when "00111010", –m
"01101110" when "00110001", –n
"01101111" when "01000100", –o
"01110000" when "01001101", –p
"01110001" when "00010101", –q
"01110010" when "00101101", –r
"01110011" when "00011011", –s
"01110100" when "00101100", –t
"01110101" when "00111100", –u
"01110110" when "00101010", –v
"01110111" when "00011101", –w
"01111000" when "00100010", –x
"01111001" when "00110101", –y
"01111010" when "00011010", –z
"01100000" when "00001110", –‘
"00101101" when "01001110", —
"00111101" when "01010101", –=
"01011011" when "01010100", –[
"01011101" when "01011011", –]
"01011100" when "01011101", —
"00111011" when "01001100", –;
"00100111" when "01010010", —
"00101100" when "01000001", –,
"00101110" when "01001001", –.
"00101111" when "01001010", –/
"01111010" when "11110000", — F0
"00100000" when "00101001", — space
"00001101" when "01011010", — enter
"00001000" when "01100110", — backspace
"00101010" when others; –*
with key_code select
ascii_caps <=
"00101001" when "01000101", –)
"00010001" when "00010110", –!
"00100000" when "00011110", –@
"00010011" when "00100110", –#
"00010100" when "00100101", –$
"00100101" when "00101110", –%
"01011110" when "00110110", –^
"00100110" when "00111101", –&
"00101010" when "00111110", –*
"00101000" when "01000110", –(
"01000001" when "00011100", –A
"01000010" when "00110010", –B
"01000011" when "00100001", –C
"01000100" when "00100011", –D
"01000101" when "00100100", –E
"01000110" when "00101011", –F
"01000111" when "00110100", –G
"01001000" when "00110011", –H
"01001001" when "01000011", –I
"01001010" when "00111011", –J
"01001011" when "01000010", –K
"01001100" when "01001011", –L
"01001101" when "00111010", –M
"01001110" when "00110001", –N
"01001111" when "01000100", –O
"01010000" when "01001101", –P
"01010001" when "00010101", –Q
"01010010" when "00101101", –R
"01010011" when "00011011", –S
"01010100" when "00101100", –T
"01010101" when "00111100", –U
"01010110" when "00101010", –V
"01010111" when "00011101", –W
"01011000" when "00100010", –X
"01011001" when "00110101", –Y
"01011010" when "00011010", –Z
"00111111" when "01001010", –?
"00100000" when "00101001", — space
"00001101" when "01011010", — enter
"00001000" when "01100110", — backspace
"00101010" when others; –*
ascii_code <= ascii_normal when (caps_enabled = ‘0’ and shift_enabled = ‘0’) else
ascii_caps when (caps_enabled = ‘0’ and shift_enabled = ‘1’) else
— ascii_caps when (caps_enabled = ‘1’ and shift_enabled = ‘0’) else
ascii_normal;
end arch;
[/code]
Using Asterisk as Sip Server with Google Voice
Description
I have wanted for some time to buy a sip phone to plug directly into my network and use it with my google voice account, thus giving me a free house phone with unlimited minutes to all of north america (or wherever google decides). To do this I installed Asterisk 11.0 on my server and followed the documentation to get this set up. There were a few caveats that I will share, but the following link has everything needed to get asterisk working with your google voice phone number.
https://wiki.asterisk.org/wiki/display/AST/Calling+using+Google
Using Asterisk with your google voice account is easy, but having a basic understanding of what is needed is absolutely essential. There are two protocols that Asterisk uses to control and send voice information with your phone, with either soft or hard phones. The SIP protocol controls the functions of your call – such as dialing, hanging up, transferring, and etc. The actual conversation for the phone is transported over RTP. Each one of these protocols uses UDP rather than TCP, and they both use different ports. In the sip.conf file you specify which port you want SIP to use, the default is 5060. In the rtp.conf file you need to actually specify a range of UDP ports that the protocol can use. The smaller the number of this range the more secure you will be, but don’t make it too small that you have no available ports to use if hanging up does not work successfully.
The other vital thing to understand is you are not connecting directly to google voice’s sip server. Rather you are connecting through jabber or xmpp. Connecting to the chat server will then allow you to handle call control.
Caveats
- The first problem I ran into is a fresh install of Asterisk includes far more configuration information than you actually need. In order for the SIP and RTP to work well I ended up commenting out almost all of the rtp.conf and sip.conf files in /etc/asterisk/.
- The second problem I had was with the dial plan in the extensions.conf. I wanted to be able to dial long distance numbers without dialing 1 in front of the number. So I added the following outbound dial plan to use.
[bash]
[out]
exten => 100,1,Dial(Motif/google/zaphinath@gmail.com,,r)
exten => _1XXXXXXXXXX,1,Dial(Motif/google/${EXTEN}@voice.google.com,,r)
exten => _XXXXXXXXXX,1,Dial(Motif/google/1${EXTEN}@voice.google.com,,r)
[/bash]
Then in the sip.conf I set the context=out for my user. - The last major problem I had was my firewall. I needed to open the UDP ports on my firewall. I use iptables for my firewall. I opened the ports successfully, but every time I used netstat or nmap to check if the port was open I wasn’t seeing anything. Later I discovered that UDP ports don’t actively listen like TCP ports and the ports were indeed open even if a scan wasn’t always showing it.
My next step is to set up better IP filters and error messaging so I can use Iptables to deny erroneous requests.
Custom Filter for Exim Through Fail2ban
Description
I have noticed a lot of unsolicited smtp traffic on my box and I have started taking anti-spam measures to remove unauthorized usage of mail on my server. I use exim to transport and route mail. Exim is great and there are a lot of custom tweaks that can be done with Exim’s ACLs to prevent spam. However I feel there is even another step that can be taken to prevent the waste of precious cpu resources to fight spam. I love iptables and an extension to iptables – fail2ban.
Procudure
- Install and use exim and fail2ban
- Edit /etc/fail2ban/jail.conf and add the following section:
[bash]
[exim]
enabled = true
filter = exim
port = smtp,ssmtp
action = iptables-allports[name=exim, protocol=tcp]
#action = iptables[name=exim, port="smtp", protocol=tcp]
logpath = /var/log/exim/reject.log
maxretry = 1
[/bash] - Edit /etc/fail2ban/filter.d/exim.conf
[bash]
# Fail2Ban configuration file
#
# Author: Derek Carr[Definition]
failregex = .*[<HOST>].*[192.168.0.196].*(?:rejected by local_scan|Unrouteable (address|user)|rejected RCPT.*(callout verification failure|response.*Unknown user|relay not permitted|)|Host is listed in*|See RFC821)ignoreregex =
[/bash]
NOTE: This filter is based off of python’s regex library and I am filtering this based of how my exim.conf sends denied requests to the log file. A great way to test either my configuration or custom regular expressions you use to match your reject.log is the following:
[bash]
fail2ban-regex /var/log/exim/reject.log ".*[<HOST>].*[192.168.0.196].*(?:rejected by local_scan|Unrouteable (address|user)|rejected RCPT.*(callout verification failure|response.*Unknown user|relay not permitted|)|Host is listed in*|See RFC821)"
[/bash]
192.168.0.196 is my local mail relay, you might want to include your LAN ip address of your box. This really depends on how the rejected addresses look like inside your exim/reject.log - Restart fail2ban
[bash]
/etc/init.d/fail2ban restart
[/bash]
Conclusion
The great thing about this configuration is exim is blocking spam emails based off access control lists, checking against spamhaus and other blacklist providers, and etc, but we can save our computer the cpu cycles needed to check through all of exim’s configuration every time. Instead we take the list of repeat offenders and block them inside iptables using fail2ban. This way the next time they try to connect to the computer they are blocked before they even make it to exim. To view currently blocked IP’s trying to use your mail server just use the following:
[bash]
# To view the currently blocked IP’s
iptables -nL | grep -A100000 ‘Chain fail2ban-exim’
# To count how many accounts are banned currently
iptables -nL | grep -A100000 ‘Chain fail2ban-exim’ | wc -l
[/bash]
IPC – Linux Communication Signals
IPC – Inter-process Communication – is the way running programs can communicate with each other in a Linux system when there are conflicts or user has need to interrupt the running program. The following are a list of the various signals that the Linux Kernel handles. Most of us are familiar with several of them already. For example when you run kill -9 process ID runs the number 9 SIGKILL.
| Number | Name | Default action | Corresponding event |
|---|---|---|---|
| 1 | SIGHUP | Terminate | Terminal line hangup |
| 2 | SIGINT | Terminate | Interrupt from keyboard |
| 3 | SIGQUIT | Terminate | Quit from keyboard |
| 4 | SIGILL | Terminate | Illegal instruction |
| 5 | SIGTRAP | Terminate and dump core (1) | Trace trap |
| 6 | SIGABRT | Terminate and dump core (1) | Abort signal from abort function |
| 7 | SIGBUS | Terminate | Bus error |
| 8 | SIGFPE | Terminate and dump core (1) | Floating point exception |
| 9 | SIGKILL | Terminate (2) | Kill program |
| 10 | SIGUSR1 | Terminate | User-defined signal 1 |
| 11 | SIGSEGV | Terminate and dump core (1) | Invalid memory reference (seg fault) |
| 12 | SIGUSR2 | Terminate | User-defined signal 2 |
| 13 | SIGPIPE | Terminate | Wrote to a pipe with no reader |
| 14 | SIGALRM | Terminate | Timer signal from alarm function |
| 15 | SIGTERM | Terminate | Software termination signal |
| 16 | SIGSTKFLT | Terminate | Stack fault on coprocessor |
| 17 | SIGCHLD | Ignore | A child process has stopped or terminated |
| 18 | SIGCONT | Ignore | Continue process if stopped |
| 19 | SIGSTOP | Stop until next SIGCONT (2) | Stop signal not from terminal |
| 20 | SIGTSTP | Stop until next SIGCONT | Stop signal from terminal |
| 21 | SIGTTIN | Stop until next SIGCONT | Background process read from terminal |
| 22 | SIGTTOU | Stop until next SIGCONT | Background process wrote to terminal |
| 23 | SIGURG | Ignore | Urgent condition on socket |
| 24 | SIGXCPU | Terminate | CPU time limit exceeded |
| 25 | SIGXFSZ | Terminate | File size limit exceeded |
| 26 | SIGVTALRM | Terminate | Virtual timer expired |
| 27 | SIGPROF | Terminate | Profiling timer expired |
| 28 | SIGWINCH | Ignore | Window size changed |
| 29 | SIGIO | Terminate | I/O now possible on a descriptor |
| 30 | SIGPWR | Terminate | Power failure |
All but two of these signals can have handlers that overwrite the default. The two signals that can’t be overwritten are the SIGSTOP and SIGKILL signals.
The following is an example program that overwrites the SIGING (cntl-c signal) and SIGTSTP (cntl-z signal). You can play around and overwrite the handler for any other linux signals.
[c]
#include <stdio.h>
#include <stdlib.h>
#include <signal.h>
void handler1(int sig)
{
printf("Not so simple — I can’t be stopped with a ctr-c!n");
}
void handler2(int sig)
{
printf("Nope — I refuse to be put in the background!n");
}
int main()
{
/* install the SIGINT handlers */
/* only code changes go right here! */
if (signal(SIGINT, handler1) == SIG_ERR)
/* install the SIGINT handlers */
/* only code changes go right here! */
if (signal(SIGTSTP, handler2) == SIG_ERR)
/* Don’t change rest of code */
printf("Just try to stop me!n");
while (1)
sleep(1);
}
[/c]
Computer Systems – Going down the rabbit hole.
If you are looking to understand linux and how the overal picture works with the kernel down to the hardware a great book to use is Computer Systems: A Programer’s Perspective. The thing I really liked about this book is it first walks you through how the processor is set up and gives a great basic idea of pipelining. Following that you learn what the standard errors are and what the operating system or kernel needs to handle. The best part of this book is learning how the operating system works with the hardware and what is required in an operating system. There are many books that teach this, but after trying a few I really prefer this one and strongly recommend it.
HTTP Error – 500 Internal Server Error
Description
The 500 Internal Server Error is a “catch-all” server error and the server cannot be more specific about the nature of the error. The causes for a 500 error can be any number of things and about 9/10 times the error comes from a code error, which means that the problem is not necessarily the server having problems but rather the server having a problem with the coding of a web application.
Troubleshooting to Fix
Wait for one minute and try reloading. If the server does not reload the page then you will need to dig deeper to find a solution to the 500 internal server error.
TIP: Always check the error logs, you can usually find which of the following is causing the error. Look at all the logs relevant to your site. I.E. If your web application uses php then check the php error_log located in the folder of the php program. When checking the webhosting daemon error logs try and search for your ip address in order to show the daemon’s error for that webpage you are receiving the 500 internal server error.
General Guidelines
- One or more folder does not have 755 permissions or the file that you are browsing has file permissions above 755.
- A php.ini has some settings that are broken or entries that are not compatible with our servers.
- You have too many processes running at the moment that it occurred. (You remembered to check the process manager, right?)
- If you are running Perl or Python scripts the files need to have 0755 permissions as well as not have ^M characters at the end of the lines in the file, if the file was not compiled. (If the file have 0644 permissions it will give you a 500 error if it is using Perl, Python, or Ruby.)
- Password protected directories causing issues. (You can tell it is this issue if the 500 error goes away once you remove the password protection.)
- If you are running the maximum amount of allowed processes you will receive a 500 error. If you are using persistent mySQL connections that can cause the scripts to not die as they are supposed to.
Remember to check the process manager if you don’t want to look in SSH how many processes are running.
This will kill all processes for the user that are running on the ramdisk
[bash]
ps aux | grep `whoami` | grep ramdisk | awk ‘{ print $2 }’ | xargs -i kill -9 {};
[/bash]
This command will kill php processes
[bash]
killall -9 php php4 php5
[/bash]
FastCGI & the temporary URL.
- If they are using FastCGI & they are not using the domain name it will cause 500 errors. They will need to point the DNS to us to use it & also use a domain name in the URL or stop using FastCGI. Please note that Magento does not work with FastCGI turned on.
- If you uploaded a file that is encoded as ASCII instead of binary. (Some of the encoders I’m referring to are Zend Guard, IonCube, SourceGuardian, & phpSHIELD)
.htaccess file
- two entries on the same line of the .htaccess file that are supposed to be on one line.
- Attempting to make changes to php settings in the .htaccess file will cause a 500 error.
- Check for any other invalid entries in the .htaccess file it can cause the issue.
Perl or Python issues
- If it is a file that is running Perl or Python the file needs to have 0755 permissions.
- If the script is not compiled you can run dos2unix on the file.
Upload the file again as binary instead if the files are compiled or have something that was encodes by a program like one of the following Zend Guard, IonCube, SourceGuardian, & phpSHIELD. - If the file is not compiled it needs to not have files that end with the “^M” character. The cause for the “^M” character is if they edited the file on a Windows computer & uploaded the file in binary mode.
- Running CGI/Perl outside the cgi-bin folder. This really depends on how the webhost server is configured. Some servers allow for running CGI/Perl scripts outside the cgi-bin folder. You need to add the following line to the .htaccess file in that directory:
[bash]
Options ExecCGI
[/bash]
An additional line is often seen together with this, but should not be needed if you’re getting as far as 500 errors, as without it, the contents of the file will be served directly to the browser:
[bash]
AddHandler cgi-script .
[/bash] - Missing the appropriate shebang. The shebang line tells Linux what interpretor to use for a script. If you do not have that line, the script will fail to execute, causing a 500 error.
Common shebang lines:
perl
[perl]
#!/usr/bin/perl
#!/ramdisk/bin/perl
#!/usr/bin/env perl
[/perl]
python
[python]
#!/usr/bin/python
#!/usr/bin/python2.4
#!/usr/bin/python2.6
#!/ramdisk/bin/python
#!/usr/bin/env python
[/python]
ruby
[ruby]
#!/usr/bin/ruby
#!/ramdisk/bin/ruby
[/ruby] - Make sure the syntax is correct. This can be done for perl and python through the following respectively.
[bash]
perl -c testing_file.cgi
python -c testing_file2.py
[/bash]
PHP common errors
- Make sure the syntax is correct. Simply missing a “;” at the end of a line will cause the server to through a 500 error. Check your php code by running the following command:
[bash]
php -l somefile.php
[/bash] - Check the error_log. This will help solve 90% of all problems by learning how to debug erroneous code.
Rails 2.0.2
Rails 2.0.2 brings a new round of things that can go wrong. Start with these first, then move onto the fixes we previously supplied for 1.2.6.
500 Internal Server Error
A common reason for this error with Rails 2.0.2 has to do with the way it wants to handle cookie session data. To confirm this is the problem, check ./config/environment.rb to see which environment is active, then check ./log/development.log or ./log/production.log as the case may be for an error such as this one (may have to scroll up a page or two from the bottom)…
[rails]
/! FAILSAFE /! Sat Feb 09 10:53:30 -0700 2008
Status: 500 Internal Server Error
A secret is required to generate an integrity hash for cookie session data. Use
config.action_controller.session = { :session_key => “_myapp_session”, :secret =>
“some secret phrase of at least 30 characters” } in config/environment.rb
[/rails]
If you too have this error, just do what it says, but don’t put it just anywhere in config/environment.rb, put it somewhere between Rails::Initializer.run do |config| and its matching end line. For example…
[rails]
Rails::Initializer.run do |config|
# Settings in config/environments/* take precedence over those specified here
# Skip frameworks you’re not going to use (only works if using vendor/rails)
# config.frameworks -= [ :action_web_service, :action_mailer ]
# Only load the plugins named here, by default all plugins in vendor/plugins are loaded
# config.plugins = %W( exception_notification ssl_requirement )
# Add additional load paths for your own custom dirs
# config.load_paths += %W( #{RAILS_ROOT}/extras )
# Force all environments to use the same logger level
# (by default production uses :info, the others :debug)
# config.log_level = :debug
# Use the database for sessions instead of the file system
# (create the session table with ‘rake db:sessions:create’)
# config.action_controller.session_store = :active_record_store
# Use SQL instead of Active Record’s schema dumper when creating the test database.
# This is necessary if your schema can’t be completely dumped by the schema dumper,
# like if you have constraints or database-specific column types
# config.active_record.schema_format = :sql
# Activate observers that should always be running
# config.active_record.observers = :cacher, :garbage_collector
# Make Active Record use UTC-base instead of local time
# config.active_record.default_timezone = :utc
# Add new inflection rules using the following format
# (all these examples are active by default):
# Inflector.inflections do |inflect|
# inflect.plural /^(ox)$/i, ‘1en’
# inflect.singular /^(ox)en/i, ‘1’
# inflect.irregular ‘person’, ‘people’
# inflect.uncountable %w( fish sheep )
# end
# See Rails::Configuration for more options
config.action_controller.session = { :session_key => “_myapp_session”, :secret => “123456789012345678901234567890” }
end
[/rails]
All You Need to Know About php.ini
Description
Most servers with php installed on them come with default settings that are used server wide. However, sometimes a program will require these php settings to be changed and instead of changing the settings for the entire server a person can overwrite the default settings for just a particular location (or domain). This is done by installing a file called php.ini in the directory where the particular php scripts are located.
Determine current php settings
One of the first things you may want to do before installing a php.ini file would be to check to see what the server’s php settings are currently. This can be done by making a simple php script like the one shown. The reasoning for this is to see if there is even a need to overwrite the php settings or if the problem is located elsewhere.
[php]
//phptest.php
<?php
phpinfo();
?>
[/php]
Implementing php.ini
Step 1: Download the example php.ini.
Step 2: Upload the php.ini file to the directory where the php scripts are located. Note: If the file is named php.ini.default please rename it to php.ini.
Step 3: Edit the settings in the php.ini file that you want to change.
Common uses for php.ini
- Increase post and upload sizes
- Increase memory available for use
- Toggle safe mode on and off
[php]
; Maximum size of POST data that PHP will accept.
post_max_size = 50M
; Maximum allowed size for uploaded files.
upload_max_filesize = 50M
[/php]
Note: To change the upload size you must change both the post_max_size and upload_max_filesize sections. The post_max_size will need to be larger than the upload_max_filesize.
Note: Most servers don’t care what the upload size is as long as you can upload all the content within a limited number of minutes. If it takes longer than what that server allows your connection will time out and the upload will fail.
[php]
;;;;;;;;;;;;;;;;;;;
; Resource Limits ;
;;;;;;;;;;;;;;;;;;;
memory_limit = 128M ; Maximum amount of memory a script may consume (16MB)
[/php]
[php]
; Safe Mode
;
safe_mode = Off
[/php]
HTTP Error – 404 Not Found
Description
A 404 Not Found means the address cannot find a file or folder on the webhosting server or the server has not found a file matching the given URI.
Troubleshooting to Fix
- Check the spelling for the file and URL. After the base url all the links are case sensitive according to the casing of the particular files. If a file has an uppercase and you are putting a lower case in the url the webserver will return a 404 – Not Founderror.
- Check the nameservers and DNS information. If you have recently uploaded files and can’t seem to located them check to make sure the nameservers point to the proper location. This can be done by going to who.is and entering the domain name.
- Make sure file exists. Another common problem is the url is requesting a file that is simply not there or has been placed in a different location on the server. Check with your webhosting company to verify that the files are in the right folder. Most webhosting platforms will have a public_html directory where all website files should be placed.
HTTP Error – 403 Forbidden
Description
A 403 – Forbidden error means the server no longer grants you permission to view at the files being served for the website. This is usually caused by the webserver blocking the files or an endpoint is being protected by an authentication annotation or authentication middleware.
Troubleshooting to Fix
- Check the folders’ and files’ permissions. Sometimes after uploading files via ftp or upgrading certain scripts the permissions on the files get changed. Linux permissions should generally be set to either 644 or 755 depending on what the script requires. E.G. If a file permissions is 444, 111, etc – the server will not be able to read and execute the script properly.
NOTE: if you cannot seem to change the permissions of a file, check the folder’s permissions above it and make sure the permissions are set properly - Check the .htaccess file for probable causes. There are a variety of possible causes for a 403 – Forbidden error that can occur in the .htaccess.
- The .htaccess might be blocking all IP addresses except a few. The code for that would look something like the following:
[bash]
order allow,deny
allow from 173.254.38.123
deny from all
[/bash] - The .htaccess may also be missing a line that says DirectoryIndex. This is particularly less common because the DirectoryIndex line is typically not needed in the .htaccess file.
[bash]
DirectoryIndex index.html index.cgi index.php
[/bash] - Try touching the .htaccess file.
[bash]
touch .htaccess
[/bash]
- The .htaccess might be blocking all IP addresses except a few. The code for that would look something like the following:
- Does the endpoint grant the right permissions. Sometimes the rest service you are requesting will return a 403 http error if the request comes from an unauthorized source. Usually a cookie or some form of an authentication token must be set. If you believe you are authenticated properly then try clearing the cache and cookies. If the problem still occurs when it should not, then check your authentication code. If you’re using angular and express then the middleware that validates your role may have some bad logic. Spring for example uses a PreAuthorize annotation that has logic that determines the user’s ability to access the endpoint.