Startup problems with php-fpm and ldap user backend on Debian

Startup problems with php-fpm and ldap user backend on Debian

Do you use php-fpm together with an ldap backend for user authentication, then you probably have seen this message in your boot logs:

[26-Sep-2019 14:58:34] ERROR: [pool XXXXXX] cannot get uid for user 'XXXXXXXX'

When using the php5.6-fpm / php7.x-fpm versions of the PHP fpm process can cause startup problems, when the users are provided via the nslcd service.

The reason is, that the ldap user backend is starting after the php fpm process(es)

Fortunately this is easy to solve, just edit your /etc/init.d/php7.3-fpm init script and add the user backend service(s) to the Required-Start section

It looks like this:
# Required-Start:    $remote_fs $network

So to add nslcd (and recommended nscd too) results in this line

# Required-Start:    $remote_fs $network nslcd nscd


To enable the new dependencies of your service starts, just disable the service and reenable it.

systemctl disable php7.3-fpm 
systemctl enable php7.3-fpm

After this, you can reboot your server and the fpm processes should startup just fine
 

Chromium 75.0.3770.xx does submit html forms twice

When you have customers which use chromium on Ubuntu 18.04 LTS, then you might see duplicate form posts in your applications.

This is a very nasty bug introduced somewhere between the 74.0.3729.169 and 75.0.3770.80 releases.
Here a few references to the problem, which seems to be still "work in progress"

• https://stackoverflow.com/questions/56488687/duplicate-requests-after-chrome-update-to-version-75-0-3770-80-official-build
   
• https://bugs.chromium.org/p/chromium/issues/detail?id=977882
   
• https://support.google.com/chrome/thread/8616084?hl=en

 This does not help the customers, since we need a solution now, and not in a few days/weeks.

On ubuntu the simplest is to roll back to the last working version 74.0.3729.169

How to do this:

Login in the console of your system(s) and do this:

cd /tmp
rm chromium-*

wget -q http://launchpadlibrarian.net/424897539/chromium-browser_74.0.3729.169-0ubuntu0.18.04.1_amd64.deb
wget -q http://launchpadlibrarian.net/424897541/chromium-codecs-ffmpeg-extra_74.0.3729.169-0ubuntu0.18.04.1_amd64.deb
wget -q http://launchpadlibrarian.net/424897535/chromium-browser-l10n_74.0.3729.169-0ubuntu0.18.04.1_all.deb


dpkg -i chromium-*.deb
rm chromium-*
 
apt-mark hold chromium-browser
apt-mark hold chromium-browser-l10n
apt-mark hold chromium-codecs-ffmpeg-extra


This installs the 74er version and prevents future upgrades to install bad versions.
Of course once a working 75 or 76 release is available, you have to unhold the packages

Generate one page PDF calendars with entries

Generating a on epage pdf calendar isn't that difficult.
Just draw the month grid and put the entries into the corresponding matrix at the correct places.

But wait, is it that easy?

- What do you do when the number of entries in one grid cell use more space than is available?

To solve this problem in php, I did just write a class which handles this problem.
The PdfCalendarBuilder library hosted on github solves this problem in two ways:

- First it trys to resize the row heights, to distribute the free height across the rows, so everything still fits on one page
- The secon option, if the content is still too large, is to reduce the font size of the entries until everything has place on the same page

Both features can be de/activated independently of each other, but best results are done when both remain activated.

There are still a few things to work out in the library, such as handling entries which span days or things like full-day events which should be rendered differently.

But the basic stuff already works fine, even with event categories and legends.
It also does not matter what paper siez you choose, just modify the font sizes as you need them, the defaults are good for A4 paper.

And to help you integrate it in your own projects, the whoche whole library is licensed under the Apache 2.0 license.
But please send back enhancements, error reports or other ideas to the project page.

Monitor letsencrypt certificates with Zabbix

Monitor letsenrcypt certificates with Zabbix

Letsenrcypt is a great free system to automatically provide ssl/tls certificates for your website(s)
Zabbix is a great free system to monitor your IT infrastructure

One of the main features of Zabbix is the ability to extend it with any kind of monitoring scripts.
So when you do use letsencrypt certificates, you can also monitor them from Zabbix.

There exists a template you can add to the Zabbix server, and the required config and script files you place on the agents.

These can be found here.

It provides these features:
- Autodiscovery of all active letsencrypt certificates
- Monitor the lifetime of the certificates
- Trigger when the certificates are about to expire (Which means your auro renew does not work correctly)
- Monitor the certbot version
- Triggers when certbor version is below 0.28

The certbot version is important, since all certbot versions below 0.28 don't support the ACME-2.0 standard which is required by letsencrypt since the 13-february 2019.

Whith this you can relax about your ssl certificates, you won't have customers calling you in the morning, that their website(s) have an invalid/expired certificate.

You can even enhance the ssl monitoring with more Zabbix templates from here.
These allow you to monitor also ftps/imaps/smtps/pop3s and other TLS/SSL secured connections.

We use these in our own environment, to make sure everything runs smoothly and that we are warned of potential problems before the customers notice them.