31. January 2013

Redmine installation on Debian with Passenger

It’s quite easy to install Redmine on Debian Testing (Wheezy) with Passenger support in Apache, but there are some gotchas.

Install Redmine and Passenger module to Apache

apt-get install redmineĀ libapache2-mod-passenger

It will automatically turn on Passenger module in Apache.

Configure virtual host:

DocumentRoot /usr/share/redmine/public

<Directory /usr/share/redmine/public>
 AllowOverride all
 RailsBaseURI /
 #RailsEnv development
 RailsEnv production
 Options -MultiViews
<IfModule mod_passenger.c>
 PassengerRuby /usr/bin/ruby1.8
 PassengerEnabled On
 PassengerLogLevel 0
 PassengerUserSwitching off
 PassengerUseGlobalQueue on
 PassengerResolveSymlinksInDocumentRoot on

Important note: Use Ruby 1.8 in case of Redmine with version =<1.4.4. Otherwise you’ll get 500 Error at some pages, like XML export:

/usr/lib/ruby/vendor_ruby/active_support/dependencies.rb:131:in `rescue in const_missing'
/usr/lib/ruby/vendor_ruby/active_support/dependencies.rb:120:in `const_missing'

If you have newer version of Redmine, then you can set PassengerRuby to new version. ;-)

4. November 2012

Unable to build CouchDB-XO_Auth – solution

CouchDB-XO_Auth is using make and rebar to build extension for CouchDB.

If you’re using debian package for CouchDB, then you’ll probably see following error after typing make:

==> meck (get-deps)
==> CouchDB-XO_Auth (get-deps)
==> meck (compile)
==> CouchDB-XO_Auth (compile)
src/xo_auth_fb.erl:4: can't find include lib "couch/include/couch_db.hrl"
src/xo_auth.erl:11: can't find include lib "couch/include/couch_db.hrl"

The problem is in rebar configuration. It trying to locate CouchDB Erlang files inĀ /usr/local/lib/couchdb/erlang/lib/.

Default location of these files for Debian is: /usr/lib/couchdb/erlang/lib/
Solution: fix path rebar.config.

It should look like this:

%%-*- mode: erlang -*-
{deps, [
 {meck, "0.7.1", {git, "https://github.com/eproxus/meck.git", {tag, "0.7.1"}}}

Windows version how-to (manual steps):

git clone https://github.com/ocastalabs/CouchDB-XO_Auth.git
cd CouchDB-XO_Auth
mkdir deps
cd deps
git clone https://github.com/eproxus/meck.git
cd meck
git branch 0.7.1
cd ..
cd ..
escript rebar compile

10. March 2012

Tomcat 7 listen on port 80 – Linux Debian

The default installation of Tomcat 7 for Linux Debian is listening on port 8080.

When you want to change the port to 80 then you have several options.

You can use iptables and redirect communication from port 8080 to port 80.

iptables -t nat -P PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-port 8080

The more straight forward approach is to bind Tomcat directly to port 80. First of all change port 8080 to 80 in file /etc/tomcat7/server.xml.

You’ll see error messages in /var/log/tomcat7/catalina.out when you try to restart Tomcat:

SEVERE: Failed to initialize connector [Connector[HTTP/1.1-80]]
org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-80]]
Caused by: java.net.BindException: Permission denied

The problem is that default installation of Tomcat 7 for Linux Debian allows to bind only ports higher than 1023. You need to allow binding to privileged ports.

Open file /etc/defaults/tomcat7 and change option from:




Restart Tomcat and it will listen on port 80.

7. March 2012

Web stress test by Apache Benchmarking Tool

Sometimes you need to identify bottleneck of web application.

You can use Selenium to record and repeat the same steps over and over.

Another solution is to use Apache Benchmarking Tool.

E.g. You need to send 1000 requests in 10 concurrent threads to localhost:

ab -c 10 -n 1000 http://localhost/

For Debian users: you can find this mighty command in apache2-utils package.

Sample result:

Server Software:        Apache-Coyote/1.1
Server Hostname:        localhost
Server Port:            80

Document Path:          /
Document Length:        405 bytes

Concurrency Level:      10
Time taken for tests:   0.524 seconds
Complete requests:      1000
Failed requests:        0
Write errors:           0
Total transferred:      650000 bytes
HTML transferred:       405000 bytes
Requests per second:    1907.13 [#/sec] (mean)
Time per request:       5.243 [ms] (mean)
Time per request:       0.524 [ms] (mean, across all concurrent requests)
Transfer rate:          1210.58 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0    2   0.5      2       4
Processing:     0    3   0.5      3       4
Waiting:        0    2   0.7      2       4
Total:          2    5   0.3      5       8

10. January 2012

Debian Tomcat 7 – the trustAnchors parameter must be non-empty

I was deploying application on Tomcat7/OpenJDK. This application was accessing further secure services like SMTPS and HTTPS.

Tomcat was complaining that certificates are not correct (PKIX): the trustAnchors parameter must be non-empty.

Solution for Debian was quite easy after I found correct path to cacerts. Java cacerts for OpenJDK are stored in file: /etc/ssl/certs/java/cacerts.

To import certificate it is sufficient to use keytool:

keytool -import -keystore /etc/ssl/certs/java/cacerts -file cert.pem \
-alias ci.sinusgear.com

Then I restarted Tomcat and problem with trustAnchors disappeared.