CentOS 7 / RHEL firewalld settings

CentOS 7 has adopted firelwalld by default over the previous iptables, which will require some new steps to configure your firewall:

# new CentOS/RHEL 7 Firewall: 
	(see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html )
 
# create a new service e.g. for webmin:
 
$ cat /etc/firewalld/services/webmin.xml 
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>Webmin</short>
  <description>Server admin service. Do not leave running.</description>
  <port protocol="tcp" port="10000"/>
</service>
 
# add service to zone:
 
nano /etc/firewalld/zones/public.xml 
# OR
$ firewall-cmd --permanent --zone=public --add-service=webmin
 
# reload to add:
 
$ firewall-cmd --reload
 
# check:
$ firewall-cmd --zone=public --list-all
 
 
## apache / httpd:
$ firewall-cmd --permanent --add-service=http
$ firewall-cmd --permanent --add-service=https
$ systemctl restart firewalld

## more info: see:

http://linuxmanpages.net/manpages/fedora20/man5/firewalld.zone.5.html

http://searchdatacenter.techtarget.com/tip/A-few-ways-to-configure-Linux-firewalld?abRg=f

Show Apache / httpd memory usage and process size

ps -ylC httpd | awk '{x += $8;y += 1} END {print "Apache Memory Usage (MB): "x/1024; print "Average Proccess Size (MB): "x/((y-1)*1024)}'

thanks S.G. Vulcan

Quick localized web server: python SimpleHTTPServer

This has been around for a while, but easy to forget if you need a basic web server for testing, etc., you can simply run:

python -m SimpleHTTPServer 8181

from the directory you want to be the web root, and you’re good to go. This is a built-in feature that will work on OS X and most *nix systems.

The great use case for this is when you have a folder with some files you want to test/view and there are AJAX or other features that need to run over HTTP but you don’t want to bother setting up a local test site or copying the files to existing one. Since it defaults to the folder you are in as the web root, you can also use root-relative links without a hassle. It defaults to port 8000, you can change that on the command line (as above).

Add a bash alias like alias ws="python -m SimpleHTTPServer" and then you can simply type ws from any directory to start a server.

If you need to change any other settings, see docs here

Limit Apache gzip deflate to certain files

Particularly useful if you have some other server-side process that already compresses files and/or are using nginx or similar to compress some files, this technique can be used to pick up any one-offs or static files that you want to compress prior to caching, e.g., via Varnish, which supports gzip’d files but doesn’t do the compression.

1
2
3
<Directory "/PATH/TO/STATIC/ASSETS">
	AddOutputFilterByType DEFLATE text/css text/javascript application/javascript
</Directory>

TrueType fonts install on CentOS 6/RHEL

Fonts used for a PhantomJS project installed locally on server with this method. Required some css tweaks that were slightly different from desktop browser.

yum install ttmkfdir.x86_64 xorg-x11-font-utils.x86_64
 
mkdir /usr/share/fonts/default/TrueType
cp *.otf /usr/share/fonts/default/TrueType
cd /usr/share/fonts/default/TrueType
ttmkfdir
mkfontdir
fc-cache
 
# view installed fonts:
/usr/bin/fc-list

Get Mysql database size via query

SELECT table_schema "Data Base Name", sum( data_length + index_length ) / 1024 / 1024 "Data Base Size in MB"
FROM information_schema.TABLES GROUP BY table_schema;

« Previous Entries