PHPMyAdmin Error: Class ‘PMA_Message’ not found

I recently ran into an issue where trying to log into phpMyAdmin on a recently migrated-to server would lead to the page flashing like it was going to log in, and then returning you to the login screen.

The error that would appear in the logs after this was:

PHP Fatal error: Class ‘PMA_Message’ not found in /usr/share/phpMyAdmin/libraries/Message.class.php on line 601

As it turns out this was because Apache was running as a non-standard user, and that user had no permissions to write sessions in /var/lib/php/session/

I found this thanks to a few posts online pointing me in the right direction:

http://incredimike.com/2011/04/phpmyadmin-installation-errors/

http://rakesh.sankar-b.com/2012/05/20/phpmyadmin-pma-message-class-not-found/

And an strace of my Apache processes, which turned up the following when I tried to log into PMA:

[pid 30136] open(“/var/lib/php/session/sess_d0hdtajrdgk6n7u7kao0nm2pdukvaa8f”, O_RDWR|O_CREAT, 0600) = -1 EACCES (Permission denied)

The solution, if you’re experiencing the same issue is:

chown $user_apache_runs_as:$user_apache_runs_as /var/lib/php/session

Hope that helps someone else!

Redirect All Requests To Your Servers IP To 404 With Apache

This is a pretty weird request that I had a client ask about recently. The requirement was to make every request not specifying a domain on the server ( going straight to http://IP-Address ) return a 404 Not Found to the visitor as opposed to a 403 Forbidden. It’s a weird gnarly security through obscurity and or custom application hack that I don’t entirely condone but figured out anyway.

Without further ado, here is the rewrite that makes the magic happen:

RedirectMatch 404 ^(.*)

Because we use _default_:80 as the VirtualHost name it globs to all IP addresses listening on that port.

The below example sits in 000-default ( the first vhost file alphabetically is the first to be loaded in a standard apache install loading vhosts out of a directory ) as well to ensure without any doubt it will be grabbed for the default vhost.

This could be further augmented by using the ErrorDocument directive to set a custom error page which all requests to the specified domain would be directed to.

cat 000-default

CustomLog /var/log/apache2/IP-access.log combined
ErrorLog /var/log/apache2/IP-error.log
LogLevel warn
RedirectMatch 404 ^(.*)


CustomLog /var/log/apache2/IP-ssl-access.log combined
ErrorLog /var/log/apache2/IP-ssl-error.log
LogLevel warn
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

SSLOptions +StdEnvVars

RedirectMatch 404 ^(.*)

Search Google From Your Terminal

Hey guys, quick one here that I know has been covered to death everywhere.

I just wrote a quick little function for my bashrc to do google searches from bash and the functionality actually surprised me.

I didn’t think about the fact that I’d be able to use the google calculator functions ( with a tiny bit of sanitizing in the code ) and pretty much all the other google services. So it turned out to be much more convenient/useful than I originally thought.

It should be cross platform for OS X and Linux, as long as you’re using bash.


# Search google via chrome from the command line
# No qoutes needed:

# IE: $ s my google search

# Math functions are also available:

# IE:
# s 2 + 2 
# s 2 x 2
# s 2 / 2
# s 2 - 2

s(){

    searchquery=0
    
    # Loop through our parameters and build the search query

    for param in $*
    do  
        if [ "$searchquery" == "0" ]
                then
                        searchquery="$param"

                # Perform as expected when query contains a "+"
                
                elif [ "$param" == "+" ]
                        then
                                searchquery="$searchquery+%2B"
                else
                searchquery="$searchquery+$param"        
        
        fi
    
    done

    
    url="https://www.google.com/search?q=$searchquery"

    
    # Check whether we're on OS X or Linux

    if [ "`uname -a | grep -o Darwin | wc -l`" -gt "0" ]
        then
                open $url
        else
                google-chrome $url
                # This could also be firefox, opera, whatever floats your boat.
    fi



}

Thats about it. You can stick it in your ~/.bashrc or in /etc/bashrc or profile.

The post is short because I tend to over-comment even when I write simple things like this. Everything should be explained in the code block.

Quick and Easy GZIP Compression With Apache

If you’ve ever wanted or needed to enable GZIP compression for a site on your Apache server but have been confused about what to put where then this is the post for you.

This isn’t going to be very in depth, I’m just going to give you some copypasta that you can stick right in your .htaccess or vhost file ( preferably the latter, if you have the access and no-how ).

If you’re looking for a better explanation of how this type of compression works and why we do it check out this awesome article: How To Optimize Your Site With Gzip Compression. There isn’t any real byline on it, but judging from a link on the page I believe it’s the same guy who made this cool online calculator which also seems nifty.

So on to the actual content. In that article, and most others that you’ll see around the net, you’re going to do something like this to enable compression:

# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript

That’s cool and it works but what if you don’t know exactly what you want to be compressed by MIME type? What if you just can’t seem to get a certain filetype to compress? What if you’re just lazy like me?

The above example works by specifying exactly what you want to be compressed, leaving the rest uncompressed ( or exclusive inclusion ). The example below works by specifying exactly what you want to be served uncompressed, leaving the rest compressed ( inclusive exclusion ).

Without further ado:

SetOutputFilter DEFLATE
SetEnvIfNoCase Request_URI \
\.(?:gif|jpe?g|png|mov|mp3|mp4|flv|swf|mpg|avi|pdf)$ \
no-gzip dont-vary
SetEnvIfNoCase Request_URI \
\.(?:exe|t?gz|zip|bz2|sit|rar)$ \
no-gzip dont-vary

You can stick this block in your .htaccess file, or in your vhost file between the VirtualHost directives but no inside of a Directory directive.

Using this style makes it easy to standardize across all of your sites, if you’d like you can even put it right in httpd.conf to do system wide compression. As long as you’re specifying everything that you wouldn’t ever want compressed it’s going to have the same functionality across all of your sites.

That’s it, all there is to it. You can literally copy paste this into your .htaccess, vhost, or httpd.conf file and have it working in seconds for any site you maintain ( remember to do service httpd reload or service apache2 reload if you’re using a vhost .conf or your global httpd.conf ).

Hopefully you find this helpful. I plan to do a better writeup on web compression in general in the near future.

SSL Private Key Permissions on Linux

If you’ve ever uploaded a private key file to a Linux server and put it in a directory like

/etc/pki/tls/certs

And included it in your apache virtual host configuration with something like:

SSLCertificateFile /etc/pki/tls/certs/mydomain.com.crt

Then you might be missing an important step.

Apache actually reads SSL private key files as root before it drops it’s privileges, so the correct private key permissions are actually 600, it doesn’t need word readable privileges. Therefore it’s actually a security oversite to have your private key permissions set to anything that allows RWX from any user other than root.

You’ll want to chmod user permissions on the key like so:

chmod 600 /etc/pki/tls/certs/mydomain.com.crt

Installing the PHP SSH module in Centos/Redhat for WordPress

If you’re running a WordPress blog in 2012 and you have any sort of server access to make configuration changes there’s really no excuse to still be using FTP to perform updates, install plugins, etc, when enabling SSH support in PHP is two steps away at most.

Most of the guides around the net were written for Centos 5 or earlier systems, when installing the PHP SSH module meant grabbing gcc, make, a bunch of deps, and then doing the install with pecl.

Thankfully this isn’t the case anymore. Now you can install the PHP SSH module on CentOS/RedHat in less time than it would take someone to steal your FTP password during a transfer. So about a minute all said and done.

1.) Have the EPEL Repository Enabled

You don’t have the Fedora EPEL repo on your CentOS server? Failure. Install it like so:

rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm

2.) yum install away!

Now that you have EPEL installed the PHP SSH module is a quick yum away:

yum install php-pecl-ssh2

3.) Reload Apache

I decided to put this in as an after-though, It really shouldn’t count as a step.

/sbin/service httpd reload

Boom, you’re done. Now when you log in/refresh your wp-admin section you should see an SSH2 radio button next to FTP and FTPS on any update/install form.

I for one welcome our new SSH overlords.

Check an SSL Cert Against Key

In case you ever need to check an SSL Cert against a Key to make sure you’ve got the right pair here’s a super minified bash one liner I wrote:

sck(){ c=`echo -e “$1\n$2″|grep -o ‘.*.crt’`;k=`echo -e “$1\n$2″|grep -o ‘.*.key’`;x=`(o(){ openssl $1 -noout -modulus -in $2|openssl md5;};o x509 $c;o rsa $k)|uniq|wc -l`;(( $x – 1 ))&&echo “Fail”||echo “Pass”;}

And yes that is a function in a subshell in a function. o() was built to save about 30 characters, and whitespace was cut wherever possible in the name of the shortest piece of code to accomplish the task. The only output is Pass/Fail, but if you’re the kind of person that would know where to copy paste something like this you’re probably also the kind of person who doesn’t need 20 different colors and an animated ASCII gif in your command output.

One other cool feature lies in:

c=`echo -e “$1\n$2″|grep -o ‘.*.crt’`;k=`echo -e “$1\n$2″|grep -o ‘.*.key’`

This little gem means that it doesn’t care which position the key and cert are at in the parameters ie:

sck supercooldomain.com.crt supercooldomain.com.key

Is equally valid in comparison with:

sck supercooldomain.com.key supercooldomain.com.crt

There it is, hopefully someone else finds it useful.

Binding F11 and F12 in GNU Screen screenrc

Super short post here to share the solution to a minor annoyance I had while building a screenrc for the new OS X machine I got for work.

Here’s an example of my binding to use F11 for previous window and F12 for next window:

bindkey -k F1 prev
bindkey -k F2 next

F1 and F2 ARE NOT typos. To bind F11 and F12 you must specify them as F1 and F2. This caused me some pain and half an hour of my life in googling so I’m passing the love on to you, dear reader.

Resurfacing, Learning Rails, Zombies, Stuff!

So I’m back, one ridiculous job hunt later, not dead.

I had some unfortunate bumps in the road but I ended up with a great position at the most badass hosting company known to man. I would name names and get all gloaty but I’m not sure I should be doing that, plus you can probably figure it out from the description above ;)

On to some actual content!

In between these two jobs I have roughly a month to do whatever I want with. Part of whatever I want to do is watch copious amounts of Netflix and space out on my couch, the other part is diving into Ruby on Rails.

I fell in love with ruby several months ago and have slowly been trying to replace some of the bash scripting I do with Ruby, old habits die hard though and progress has been slow. I have however always wanted a web language/framework to call my own outside of quick forays into PHP to solve some problem here or there, and I’ve made it my mission during my month of laziness to acquire one.

Already knowing some ruby but needing a refresher I started out with the awesome Try Ruby by Why The Lucky Stiff over at Code School ( which is frakking awesome, by the by ). This is a super quick/fun way to get up to speed on ruby basics. If you want to give the language a shot it’s definitely something to invest 15 minutes in.

After conquering Try Ruby I moved on to Rails For Zombies. It took me two days with about 2 or 3 hours each day to finish. That might be longer than the average time to complete but I spent alot of time going back over things and re-watching the content to get it crammed into my brain. It was an absolutely amazing experience and left me with a the taste of blood (rails) and a strong desire to learn more.

I’ve since moved on to several different books. I’m going to try and write up some reviews or at least tiny recommendations in the next few days for those interested. I’m also going to try and get back to some of the series I wanted to write for this blog while I have some time to work.

TL;DR – I’m back, Gonna write stuff, Rails is sexy, New job, <3

Wake Remote Monitor Console

This afternoon I’ve been using screen -x on my main machine into a console monitor next to me for a super quick multi monitor set up while I configure a server.

Everything worked perfectly except the monitor displaying the console screen on my server kept turning off every so often and I would have to touch the actual keyboard attached to it to wake it again.

This drove me insane and I still haven’t found the correct solution to keep it from blanking by default. I’ve tried a few things but I’m not currently sure what combination of them if any is correct, I’ll make sure to report back here when I know.

In the mean time I do have a solution for waking a remote monitor to share that eases the pain somewhat.

To wake up a monitor displaying only a console ( not an X session, that’s another thing entirely ):

echo -e ‘\033[9;0]\033[14;0]‘ > /dev/console

This worked perfectly for me on CentOS6, ymmv on other assorted distros.