[xiph-commits] r19097 - in branches/dir.xiph.org: . cronjobs docs inc munin munin/plugins

dm8tbr at svn.xiph.org dm8tbr at svn.xiph.org
Tue Feb 25 06:08:35 PST 2014 

Author: dm8tbr
Date: 2014-02-25 06:08:35 -0800 (Tue, 25 Feb 2014)
New Revision: 19097

Added:
   branches/dir.xiph.org/abuse.html
   branches/dir.xiph.org/docs/apache-vhost-api.conf
   branches/dir.xiph.org/docs/crontab
   branches/dir.xiph.org/munin/munin_unchecked.php
   branches/dir.xiph.org/munin/plugins/icecast_yp_unchecked
Modified:
   branches/dir.xiph.org/cronjobs/check_servers.php
   branches/dir.xiph.org/docs/apache-vhost.conf
   branches/dir.xiph.org/inc/lib.apilog.php
   branches/dir.xiph.org/munin/plugins/icecast_yp_listeners
   branches/dir.xiph.org/munin/plugins/icecast_yp_streams
Log:
sync up with production


Added: branches/dir.xiph.org/abuse.html
===================================================================
--- branches/dir.xiph.org/abuse.html	                        (rev 0)
+++ branches/dir.xiph.org/abuse.html	2014-02-25 14:08:35 UTC (rev 19097)
@@ -0,0 +1,8 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
+<html><head>
+<title>503 Service Permanently Disabled</title>
+</head>
+<body>
+<h1>Service permanently disabled due to continued abuse!</h1>
+<p>Your system causes significant problems due to abusive behaviour.<br> Please fix your system and contact thomas at ruecker.fi.<br><br> Thanks!</p>
+</body>

Modified: branches/dir.xiph.org/cronjobs/check_servers.php
===================================================================
--- branches/dir.xiph.org/cronjobs/check_servers.php	2014-02-23 21:29:35 UTC (rev 19096)
+++ branches/dir.xiph.org/cronjobs/check_servers.php	2014-02-25 14:08:35 UTC (rev 19097)
@@ -20,7 +20,7 @@
 // Old stuff that "timeouted"
 try
 {
-    $res = $db->selectQuery('SELECT `id`, `listen_url` FROM `server` WHERE `checked` = 0');
+    $res = $db->selectQuery('SELECT `id`, `listen_url` FROM `server` WHERE `checked` = 0;');
     while (!$res->endOf())
     {
         try

Added: branches/dir.xiph.org/docs/apache-vhost-api.conf
===================================================================
--- branches/dir.xiph.org/docs/apache-vhost-api.conf	                        (rev 0)
+++ branches/dir.xiph.org/docs/apache-vhost-api.conf	2014-02-25 14:08:35 UTC (rev 19097)
@@ -0,0 +1,71 @@
+<VirtualHost *>
+	ServerName api.dir.xiph.org
+	SetEnv ENVIRONMENT prod
+
+	KeepAlive Off
+	
+	DocumentRoot /var/www/api.dir.xiph.org
+	<Directory />
+		Options FollowSymLinks
+		AllowOverride None
+	</Directory>
+	<Directory /var/www/api.dir.xiph.org>
+		Options +ExecCGI -Indexes -FollowSymLinks -MultiViews
+		AllowOverride None
+		Order allow,deny
+		allow from all
+	</Directory>
+	AddHandler cgi-script .cgi
+	
+	# Rewrite rules
+	RewriteEngine On
+#	RewriteRule ^/experimental/.*$ %1.cgi
+	# and if it does not exist as a directory
+	RewriteCond %{REQUEST_FILENAME} !-d
+	# and if it does not exist as a file
+	RewriteCond %{REQUEST_FILENAME} !-f
+	# then add .cgi to get the actual filename
+	RewriteRule ^(.*)$ $1.cgi [L]
+
+	RewriteRule ^/administrator.*$ http://127.0.0.1/ [R]
+
+
+
+	# Logging
+	ErrorLog /var/log/apache2/api-error.log
+	# Possible values include: debug, info, notice, warn, error, crit,
+	# alert, emerg.
+#	LogLevel debug
+	CustomLog /var/log/apache2/api-access.log combined
+	ServerSignature Off
+	
+	# Hide .svn dirs
+	<DirectoryMatch "^/.*/\.svn/">
+		Order deny,allow
+		Deny from all
+	</DirectoryMatch>
+	# The same goes for docs
+        <Location "/docs/">
+                Order deny,allow
+                Deny from all
+        </Location>
+	# The same goes for inc
+        <Location "/inc/">
+                Order deny,allow
+                Deny from all
+        </Location>
+	
+	# Expire header
+	ExpiresActive On
+	ExpiresByType text/css "access plus 1 month"
+	ExpiresByType image/png "access plus 1 month"
+	ExpiresByType text/html "access plus 30 minutes"
+	ExpiresByType application/xml "access plus 5 hours"
+	
+	# ETags
+	FileETag None
+
+        # Compression
+        AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/xml text/xml application/x-javascript application/json
+
+</VirtualHost>

Modified: branches/dir.xiph.org/docs/apache-vhost.conf
===================================================================
--- branches/dir.xiph.org/docs/apache-vhost.conf	2014-02-23 21:29:35 UTC (rev 19096)
+++ branches/dir.xiph.org/docs/apache-vhost.conf	2014-02-25 14:08:35 UTC (rev 19097)
@@ -1,6 +1,7 @@
-#NameVirtualHost *
+NameVirtualHost *
 <VirtualHost *>
 	ServerName dir.xiph.org
+	SetEnv ENVIRONMENT prod
 
 	KeepAlive Off
 	
@@ -27,13 +28,17 @@
 # This will drop the system load by over 75%.
 #
 #	RewriteCond %{REMOTE_ADDR} ^31\.12\.6[48]\.20[12345678]$
+#	RewriteCond %{REMOTE_ADDR} ^91\.183\.83\.54$
 #	RewriteCond %{REQUEST_URI} !^/loadshedding.html$
+#	RewriteCond %{REQUEST_URI} !^/abuse.html$
 #	RewriteRule ^(.*)$ /$1 [R=503,E=LOADSHEDDING]
 #	Header set YPResponse "0" env=REDIRECT_LOADSHEDDING
 #	Header set YPMessage "Service temporarily unavailable. Emergency load shedding in progress." env=REDIRECT_LOADSHEDDING
-#	Header set TouchFreq "3600" env=REDIRECT_LOADSHEDDING
+#	Header set YPMessage "BANNED FOR ABUSE! Don't hit a production system with bogus development traffic! Contact thomas at ruecker.fi for details." env=REDIRECT_LOADSHEDDING
+#	Header set TouchFreq "14400" env=REDIRECT_LOADSHEDDING
 #	Header set SID "-1" env=REDIRECT_LOADSHEDDING
 #	ErrorDocument 503 /loadshedding.html
+#	ErrorDocument 503 /abuse.html
 
 
 
@@ -73,4 +78,16 @@
 
         # Compression
         AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css application/xml text/xml application/x-javascript
+
+#	SecRuleEngine On
+#	SecAuditEngine on
+#	SecAuditLog /var/log/apache2/website-audit.log
+#	SecRequestBodyAccess on
+#	SecAuditLogParts ABIFHZ 
+
+#	SecDefaultAction nolog,noauditlog,allow,phase:2
+
+#	SecRule REQUEST_METHOD "^POST$" "chain,allow,phase:2"
+#	SecRule REQUEST_URI ".*" "auditlog"
+
 </VirtualHost>

Added: branches/dir.xiph.org/docs/crontab
===================================================================
--- branches/dir.xiph.org/docs/crontab	                        (rev 0)
+++ branches/dir.xiph.org/docs/crontab	2014-02-25 14:08:35 UTC (rev 19097)
@@ -0,0 +1,9 @@
+# make sure a user that has the necessary access rights has this in cron!
+
+*/5  * *   *   *      ENVIRONMENT=prod php5 /var/www/dir.xiph.org/cronjobs/generate_xml.php >/dev/null
+*    * *   *   *      ENVIRONMENT=prod php5 /var/www/dir.xiph.org/cronjobs/generate_top.php >/dev/null
+*/5  * *   *   *      ENVIRONMENT=prod php5 /var/www/dir.xiph.org/cronjobs/generate_tagcloud.php >/dev/null
+*    * *   *   *      ENVIRONMENT=prod php5 /var/www/dir.xiph.org/cronjobs/update_stats.php >/dev/null
+*    * *   *   *      ENVIRONMENT=prod /var/www/dir.xiph.org/cronjobs/check_servers.sh >/dev/null
+*    * *   *   *      ENVIRONMENT=prod php5 /var/www/dir.xiph.org/cronjobs/prune_mountpoints.php >/dev/null
+

Modified: branches/dir.xiph.org/inc/lib.apilog.php
===================================================================
--- branches/dir.xiph.org/inc/lib.apilog.php	2014-02-23 21:29:35 UTC (rev 19096)
+++ branches/dir.xiph.org/inc/lib.apilog.php	2014-02-25 14:08:35 UTC (rev 19097)
@@ -5,19 +5,21 @@
     public static function log($result, $listen_url = null,
                                $server_id = null, $mountpoint_id = null)
     {
-        $db = DirXiphOrgLogDBC::getInstance();
+	if (ENVIRONMENT != 'prod'){
+	        $db = DirXiphOrgLogDBC::getInstance();
         
-        $ip = utils::getRealIp();
-        $ip = $ip !== false ? $ip : '127.0.0.1';
+        	$ip = utils::getRealIp();
+       		$ip = $ip !== false ? $ip : '127.0.0.1';
         
-        $sql = 'INSERT INTO `api_log_%s` (`message`, `remote_ip`, `listen_url_hash`, `server_id`, `mountpoint_id`) '
-              .'VALUES ("%s", INET_ATON("%s"), "%s", %d, %d);';
-        $sql = sprintf($sql, date('Ymd'),
-                             $db->escape($result),
-                             $ip,
-                             $listen_url !== null ? hash('md5', $listen_url) : 0,
-                             $server_id, $mountpoint_id);
+	        $sql = 'INSERT INTO `api_log_%s` (`message`, `remote_ip`, `listen_url_hash`, `server_id`, `mountpoint_id`) '
+	              .'VALUES ("%s", INET_ATON("%s"), "%s", %d, %d);';
+	        $sql = sprintf($sql, date('Ymd'),
+        	                     $db->escape($result),
+                	             $ip,
+                        	     $listen_url !== null ? hash('md5', $listen_url) : 0,
+	                             $server_id, $mountpoint_id);
         $db->noReturnQuery($sql);
+	}
         return true;
     }
     

Added: branches/dir.xiph.org/munin/munin_unchecked.php
===================================================================
--- branches/dir.xiph.org/munin/munin_unchecked.php	                        (rev 0)
+++ branches/dir.xiph.org/munin/munin_unchecked.php	2014-02-25 14:08:35 UTC (rev 19097)
@@ -0,0 +1,31 @@
+<?php
+
+// Inclusions
+include_once(dirname(__FILE__).'/../inc/prepend.php');
+
+// Database connection
+$db = DirXiphOrgDBC::getInstance();
+
+
+// Total
+$query = "SELECT COUNT(*) AS `count` FROM `server` WHERE `checked` = 0";
+$total = $db->singleQuery($query)->current('count');
+printf("total.value %s\n", $total);
+
+// radionomy
+$query = 'SELECT COUNT(*) AS `count` FROM `server` WHERE `checked` = 0 AND `listen_url` LIKE "%radionomy%" ';
+$radionomy = $db->singleQuery($query)->current('count');
+printf("radionomy.value %s\n", $radionomy);
+
+// radionomy slow hosts
+$query = 'SELECT COUNT(*) AS `count` FROM `server` WHERE `checked` = 0 AND (`listen_url` LIKE "%streaming205%" OR `listen_url` LIKE "%streaming207%" )';
+$radionomys = $db->singleQuery($query)->current('count');
+printf("radionomyslow.value %s\n", $radionomys);
+
+
+// Total
+$query = 'SELECT COUNT(*) AS `count` FROM `server` WHERE `checked` = 0 AND `listen_url` NOT LIKE "%radionomy.com%"';
+$totalmr = $db->singleQuery($query)->current('count');
+printf("totalmr.value %s\n", $totalmr);
+
+?>

Modified: branches/dir.xiph.org/munin/plugins/icecast_yp_listeners
===================================================================
--- branches/dir.xiph.org/munin/plugins/icecast_yp_listeners	2014-02-23 21:29:35 UTC (rev 19096)
+++ branches/dir.xiph.org/munin/plugins/icecast_yp_listeners	2014-02-25 14:08:35 UTC (rev 19097)
@@ -119,5 +119,5 @@
 	exit 0
 fi
 
-ENVIRONMENT=prod php5 /var/www/dir.xiph.org/cronjobs/munin_listeners.php
+ENVIRONMENT=prod php5 /var/www/dir.xiph.org/munin/munin_listeners.php
 

Modified: branches/dir.xiph.org/munin/plugins/icecast_yp_streams
===================================================================
--- branches/dir.xiph.org/munin/plugins/icecast_yp_streams	2014-02-23 21:29:35 UTC (rev 19096)
+++ branches/dir.xiph.org/munin/plugins/icecast_yp_streams	2014-02-25 14:08:35 UTC (rev 19097)
@@ -119,7 +119,7 @@
 	exit 0
 fi
 
-ENVIRONMENT=prod php5 /var/www/dir.xiph.org/cronjobs/munin_streams.php
+ENVIRONMENT=prod php5 /var/www/dir.xiph.org/munin/munin_streams.php
 
 #netstat -s | awk '
 #/active connections ope/  { print "active.value " $1 }

Added: branches/dir.xiph.org/munin/plugins/icecast_yp_unchecked
===================================================================
--- branches/dir.xiph.org/munin/plugins/icecast_yp_unchecked	                        (rev 0)
+++ branches/dir.xiph.org/munin/plugins/icecast_yp_unchecked	2014-02-25 14:08:35 UTC (rev 19097)
@@ -0,0 +1,77 @@
+#!/bin/sh
+# -*- sh -*-
+
+: << =cut
+
+=head1 NAME
+
+icecast yp unchecked - Plugin to monitor Icecast YP unchecked entries
+
+=head1 CONFIGURATION
+
+No configuration
+
+=head1 AUTHOR
+
+Unknown author
+
+=head1 LICENSE
+
+Unknown license
+
+=head1 BUGS
+
+=over 4
+
+=item SuSE: passive connections rejected
+
+At least one SuSE netstat appears to report "passive connections
+rejected because of time stamp"
+
+We have never seen that, patch requested.
+
+=back
+
+=head1 MAGIC MARKERS
+
+ #%# family=auto
+ #%# capabilities=autoconf
+
+=cut
+
+. $MUNIN_LIBDIR/plugins/plugin.sh
+
+if [ "$1" = "autoconf" ]; then
+	echo yes
+	exit 0
+fi
+
+if [ "$1" = "config" ]; then
+
+	echo 'graph_title Icecast YP unchecked streams'
+	echo 'graph_args -l 0'
+	echo 'graph_vlabel unchecked streams in the directory'
+	echo 'graph_category yp'
+#	echo 'graph_period second'
+	echo 'graph_info This graph shows the number of unchecked stations in YP.'
+	echo 'total.label total'
+	echo 'total.type GAUGE'
+	echo 'total.min 0'
+	echo 'total.info The total number of unchecked streams.'
+	echo 'totalmr.label total minus radionomy'
+	echo 'totalmr.type GAUGE'
+	echo 'totalmr.min 0'
+	echo 'totalmr.info The total number of unchecked streams, minus radionomy.'
+	echo 'radionomy.label radionomy'
+	echo 'radionomy.type GAUGE'
+	echo 'radionomy.min 0'
+	echo 'radionomy.info The number of unchecked Radionomy streams.'
+	echo 'radionomyslow.label radionomy_205/207'
+	echo 'radionomyslow.type GAUGE'
+	echo 'radionomyslow.min 0'
+	echo 'radionomyslow.info The number of unchecked Radionomy streams.'
+	exit 0
+fi
+
+ENVIRONMENT=prod php5 /var/www/dir.xiph.org/munin/munin_unchecked.php
+


Property changes on: branches/dir.xiph.org/munin/plugins/icecast_yp_unchecked
___________________________________________________________________
Added: svn:executable
   + *

More information about the commits mailing list