My best solution for most LAMP's is the following,

I see that a lot of administrators just using apache as-is
Coz there are so many pages about every tool I'm blogging my conclusion with my experience of using apache.
(and how to improve the default configuration)

Php and drupal:

You can use php compiled in apache, but then you can only work with a prefork!
This consumes very much memory (possible 20MB(and more) per available worker
Every worker will grow depending of your php scripts and is in need of a lot of memory

I now some of you have enough resources to buy GB's of memory But I don't
So its time for tuning coz I can only run 15reauest/sec on my default setup
(xen guest, 2cpu 3Ghz and 512MB memory)(the db is in a other guest)

If I calculate (I now I can't but I use expr) I reserve 128MB for the system so there is 384Free @a rate of 20MB/worker I have space for 19 a 20 available connections
That is not so much for a popular website (not mine)

So here is my Apache Tuning with no extra resources in mind.

My way of cleaning-up your infrastructure.

As Consultant I see many environments administrated by several people,

Most of the time when something fails to work the first thing they call WTF WHO DID ... (after seeing the logs)

Therefor using svn/Subversion can save a lot of head bangs
sample of svn

Last Saturday I had a talk about "Linux system introduction" at a Ubuntu release party for Intrepid in Hasselt.
It was more like a teaser for new users and/or new admins.
The event was great and with a lot of interested people.

Some other pics
dscf1278, dscf1280, dscf1285, dscf1292

The presentation
A Dutch local news site hbvl, Hasseltlokaal

I'm lucky that I have a Mailscanner (not that I use AdWords)
This blog is to educate users about security!
You should always double check mails

YOU'VE BEEN WARNED

I did a small test to watch to the site

The mail

The link in opera (nice protection)

The link in firefox

The real site of google AdWords

There is no much differences between the false and real site! except the URL

Meme from Kris

1. Grab the nearest book.
2. Open it to page 56.
3. Find the fifth sentence.
4. Post the text of the sentence in your journal along with these instructions.
5. Don’t dig for your favorite book, the cool book, or the intellectual one: pick the CLOSEST.

Setting Up Linux Partitions

Linux's fdisk lets you specify the size of the partition either by supplying an sector number or by giving a size in megabytes.

Linux third edition Unleashed (Tim Parker)

Because I'm Tired to manually connect/reconnect over and over again to my servers,
recheck for imap connections,
switchover to webmail from certain clients,
find a way to escape from the local network,
afraid of sniffing administrators,
reconnect for slow or bad connections ...

I have never had any problems when using openvpn
It auto-reconnects when problems,
In the customer firewall there is mostly 1 hit in the log for a day
(and all the rest of my traffic is hidden)
You don't need to take care of secure your traffic because its encrypted. (if it is routed true your vpn)
But the greatest is using openvpn over https!
(At almost every network https is just open!)
Even on expensive firewalls you cant see a different between https traffic and openvpn
Just because it uses ssl on the same way https is using it

For those who want to try this I will wrote a small howto
openvpn copy/past howto

When I ran kvm/qemu on intrepid (I did not test on other os/version) there was a nice network issue.

Every-time I switched to another workspace or minimized my running kvm (now it was lenny-b2) I saw that the network traffic reduced to 0.
This while a download was running in the guest system.

After switching many times (cos it first looks unbelievable) it was true!

It uses the user-space as default network and I don't like that.
So I did a small workaround (A routed way like on my xen server).

Edit /etc/network/interfaces (as root or sudo)

auto br0
iface br0 inet static
        bridge_ports dummy0
        bridge_maxwait 0
        address 192.168.99.1
        netmask 255.255.255.0

sudo /etc/init.d/networking restart

(just restart network and your dummy0 and your bridge is available)

brctl show
bridge name	bridge id		STP enabled	interfaces
br0		8000.7630f790bddb	no		dummy0

enable ip forwarding for your kernel

sudo sysctl -w net.ipv4.ip_forward=1

change your firewall script if nessessary
(add all your external interfaces for out natting )

# MASQ voor dummy0 kvm
$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o wlan0 -j MASQUERADE

$IPTABLES -A FORWARD -s 192.168.99.0/24 -j ACCEPT
$IPTABLES -A FORWARD -d 192.168.99.0/24 -j ACCEPT

Edit /etc/kvm/kvm-ifup

#!/bin/sh
BRIDGE=br0
ifconfig $1 0.0.0.0 up
brctl addif $BRIDGE $1

Edit a startscript for your guest

WHO???
Alright that company that I ignore for a loooong time
After shooting on open source they promote mixed source while the world is already
using it, (oracle, vmware, checkpoint, Acronis, DB2 ... runs on Linux)
Microsoft is always trying to use marketing as weapon, even against there own software to promote newer software, Are they so desperate?
Now they even want samba integrate to AD (reverse should be more acceptable) while they
changed the code every version to make sure it fails to work with samba. (what is next?)
It is clear that they see no way out then work together with their main competitors. (while its already to late :) )
I guess they understand they cant buy everything.
In a lot of company's there is already Linux active behind the scenes.
They should better begin to force open source as standard, so they are independent of one software company
What will people do if Microsoft crashes? (lose money on shares, a dying economy coz of retraction of all licenses?, the government buying shares to save microsoft?(like the banks))
Ok I hear you thinking it will never happen! I thought that even banks or countries are save

nice one: Russian is giving the right direction of promoting free software by force the schools to use it.

I now some Linux-admins are already using nice on Linux for a long time
(I saw a lot who never heard of it even)

Now sins a while there is also ionice if you use cfq scheduler and have a kernel after 2.6.13
I'm sure there are less Linux-admins that heard of it then nice
Now what is the benefit of this tool (that comes withe util-Linux package)
(on ubuntu its included on intrepid, debian on lenny)

Did you complain when you launched a backup-script or a filesync that your system becomes unresponsive or very slow
Well you can now ionice and renice his process so that your production server still get the disk io he needed

#!/bin/bash
ionice -c3 -p$$
renice 20 -p$$
.....

There are 3 main options
-c1 Real Time: this class has get the first access to the disk
-c2 Best effort: gets the rest
-c3 idle: gets only disk time when no other program has asked for it

There is also for -c2 and -c1 8 prio's
0 is highest and 7 is lowest io prio

The default is Best effort prio 4

Watch out with the real-time option
if you give this to a very io intensive process it could take all your io and the system becomes very slow (even unresponsive)