An avian carrier's blog – Gentoo

I have been renting a dedicated server from OVH for a couple of years now, and I run Gentoo on it. This server has enough disk space to satisfy my needs, holds two physical disks so that I can use RAID 1 to protect my data against a hardware failure, and is well connected with the outside world. This allows me to be easily host my web sites and those of some friends. However, the server only has 1GB of memory and sometimes Apache and ejabberd ate all of it. The server started to swap and crawl so much that the watchdog kicked in and chosed to reboot it.

So I recently decided to ease my server work. Gentoo already allows me to run a Linux distribution tailored to my needs by only including the options I use in compiled software. For example, I never include PostgreSQL support since no application use it on this server (although PostgreSQL is an excellent relational database, I prefer to use CouchDB in my applications).

I started by moving this blog from Wordpress to Jekyll in order to mostly serve static pages, and I uninstalled my ejabberd server which was mostly unused since most of its users got Android phones and switched to Google Talk. It was now time to ditch Apache, or at least to have it stay put and do the least amount of work possible. nginx seemed to be a good choice, having a good reputation of being small and fast.

Configuring nginx to serve my pages was very easy, and its syntax is much more natural to me than Apache one. Configuring it to transparently proxy all the requests for unconfigured servers to the legacy Apache servers was also trivial.

PHP does not cause any trouble as soon as you configure a Fast CGI handler such as spawn-fcgi. This way, I could migrate some Wordpress blogs I host for others to nginx. However, I had problems finding a good documentation to configure nginx to host a Mailman installation. Here is how I did it.

First, you must install nginx, spawn-fcgi and fcgiwrap. The latter allows you to call CGI applications (such as Mailman) using the Fast CGI protocol. Configure and run spawn-fcgi so that it creates a fcgiwrap server using the "apache" uid (since your Mailman is probably configured to work with it):

# ln -s spawn-fcgi /etc/init.d/spawn-fcgi.fcgiwrap
# rc-update add spawn-fcgi.fcgiwrap default
# cat > /etc/conf.d/spawn-fcgi.fcgiwrap << _EOF_
FCGI_SOCKET=/var/run/fcgiwrap.sock
FCGI_PROGRAM=/usr/sbin/fcgiwrap
FCGI_CHILDREN=1
FCGI_CHROOT=
FCGI_CHDIR=
FCGI_USER=apache
FCGI_GROUP=apache
FCGI_EXTRA_OPTIONS="-M 0770"
ALLOWED_ENV="PATH
_EOF_
# /etc/init.d/spawn-fcgi.fcgiwrap start

You then need to add the nginx user to the apache group, and configure a nginx server using something similar to the following snippet:

server {
  server_name lists.YOUR.DOMAIN;
  listen [::];

  root /usr/lib/mailman/cgi-bin;
 
  location / {
    rewrite ^ /mailman/listinfo permanent;
  }
 
  location ~ ^/mailman(/[^/]*)(/.*)?$ {
    fastcgi_split_path_info ^/mailman/([^/]*)(.*)$;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root/$1;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_pass unix:/var/run/fcgiwrap.sock-1;
  }
 
  location /mailman-icons {
    alias /usr/lib/mailman/icons;
  }
 
  location /pipermail {
    alias /var/lib/mailman/archives/public;
  }
}

That's it, you're done, you can now stop your Apache server.

Tomorrow, Windows Vista will be available in stores. According to press reviews, this operating system will have IPv6 enabled by default with support for automatic Teredo tunnels when native IPv6 is not available.

Teredo tunnels allows a computer plugged to a IPv4-only network to efficiently talk with computers using IPv6 addresses. IPv6 proponents such as myself are pleased with this move: while I don't like Microsoft at all, I am happy to see them embrace IPv6 and give this protocol the chance it deserves.

However, I don't use Windows on my laptop (or anywhere else, if that matters), I use the Gentoo Linux free operating system. When my laptop is plugged into my home or work networks, it gets automatic IPv6 connectivity. However, when I am traveling, I usually use IPv4-only networks; an automatic tunnel would really be useful to reach my home computers, some of them being IPv6 only.

Fortunately, there exists an excellent automatic tunneling software for Linux and FreeBSD called Miredo. This program is already included in Debian GNU Linux and FreeBSD.

Arne Mejlholm packaged Miredo for Gentoo back in February 2005 after Daniel Webert suggested it. I submitted an updated version in June 2006. However, it has never been integrated into Gentoo's portage system and my question on the next step to do (if any) never got answered.

As I am tired of chatting with myself on the Gentoo ticket tracking system, I will not submit a new version of the Miredo package that is likely to be ignored as well. I hope Gentoo developers will handle ticket 77603, even if only to tell what is wrong with it.

Edit (2010-11-24): it took more than five years, but at last Miredo is now included in Gentoo.

My device driver for the watchdog embedded in the Winbond 83697HF/HG SuperIO controller has been integrated into the forthcoming Linux 2.6.19 kernel. If you want to use it on a Dedibox dedicated server, you have to:

• activate the option CONFIG_W83697HF_WDT in your kernel configuration file
• load the module at boot time with parameter wdt_io=0x4e; creating /etc/modules.d/wdt with a single line options w83697hf_wdt wdt_io=0x4e and running update-modules should work on most Linux distributions
• install a watchdog signaling program such as watchdog (sys-apps/watchdog in Gentoo portage tree) and run it at boot time

Then if your server gets stuck, whatever the cause, it will reboot automatically.