My Magento on PHP 5.4.x Fixes

I am currently setting a Magento v1.7 ecommerce store on nginx with PHP 5.4. I have been monitoring the Magento store for errors and have been getting a few of them. I wanted to make a list of the errors that I am getting with the fixes. I hope these fixes will help other. And of course, please comment if you have a few to add to the list or if the fix on the post is not correct.

ERR (3): Warning: Illegal string offset 'value'  in /app/code/core/Mage/Adminhtml/Block/System/Config/Form/Field.php on line 111

I have been getting the above error in saving configuration in backend.
Fix:
Replace at line 111:

} elseif ($v['value']==$defText) {
    $defTextArr[] = $v['label'];
    break;
}

To:

} elseif (isset($v['value'])) {
    if ($v['value']==$defText) {
        $defTextArr[] = $v['label'];
        break;
    }
}

If you have problem with Magento not generating PDF form invoice or anything PDF related.
You may need to open up: /lib/Zend/Pdf/FileParserDataSource.php
and comment out:

//abstract public function __construct();
//abstract public function __destruct();

Check out page problems with Log in and quantity updates.
By inserting:

<?php echo $this->getBlockHtml('formkey'); ?>

Right after:

<form id="login-form">

You may need to use grepWin to search for the location with the error, your theme may vary.

Increasing PHP File Upload Size on nginx

I am running nginx + php-fpm. I was posting new products to my newly set up Magento website, however when I was uploading the product image I got the “HTTP Upload Error.” I searched only, but did not find the answer to my problem. It turns out that the “HTTP Upload Error” meant that you uploaded a file passed the maximum allowed by php-fpm.

To boost up the file limit, you can simply set to the following on:

# /etc/php.ini
upload_max_filesize= 5M
post_max_size = 10M #Usually double the "upload_max_filesize
max_input_time = 100 #This one set the time spend for the php service to get your file before it closes its connection with you. It is better to set a higher number if you upload large size files. I set mine to 100 seconds, it should be enough time for me to upload a 5MB file. 

# one of your nginx *.conf that contains your domain config
# /etc/nginx/conf.d/virtual.conf
# add the code below within server {}
client_max_body_size 5m;

Now simply reboot php-fpm and nginx to take effect:

service nginx restart
service php-fpm restart

 

How to Setting Up VPS/Dedicated Server for the First Time on CentOS 6.x LEMP Version

I just signed up for this great deal at ChicagoVPS.net for a 2GB RAM, 2TB/Month, 50GB space at $40 + Tax (NY) / Year. (Check the deal at SlickDeals.net, as of March 09)

I thought that the deal was great and wanted to give them a try.

ChicagoVPS was cheap, but it did not stand for what it was worth. I had many down time doing the month. I finally got a new dedicated server for my websites.

I am writing for blog for my own reference, I think the information I gathered over the internet will be helpful to you as well when you are setting up your VPS servers. Therefore I set up this blog on my unused web domain name. If there is any mistake or comments, please feel free to post your comment.

Requirements:

Updating

First time when you run the server, you should always update the system.

yum update

Firewall

Firewall is always and will be number one thing to do before starting anything, I had found a good script online that will set your firewall. (Need to find where I got it from to give credit)

Save the below iptables to iptables.sh. Please note that I had opened port 8080 for varnish tests. You may disable it by removing the line.

#!/bin/bash
# A sample firewall shell script 
IPT="/sbin/iptables"
SPAMLIST="blockedip"
SPAMDROPMSG="BLOCKED IP DROP"
SYSCTL="/sbin/sysctl"
BLOCKEDIPS="/root/scripts/blocked.ips.txt"

# Stop certain attacks
echo "Setting sysctl IPv4 settings..."
$SYSCTL net.ipv4.ip_forward=0
$SYSCTL net.ipv4.conf.all.send_redirects=0
$SYSCTL net.ipv4.conf.default.send_redirects=0
$SYSCTL net.ipv4.conf.all.accept_source_route=0
$SYSCTL net.ipv4.conf.all.accept_redirects=0
$SYSCTL net.ipv4.conf.all.secure_redirects=0
$SYSCTL net.ipv4.conf.all.log_martians=1
$SYSCTL net.ipv4.conf.default.accept_source_route=0
$SYSCTL net.ipv4.conf.default.accept_redirects=0
$SYSCTL net.ipv4.conf.default.secure_redirects=0
$SYSCTL net.ipv4.icmp_echo_ignore_broadcasts=1
#$SYSCTL net.ipv4.icmp_ignore_bogus_error_messages=1
$SYSCTL net.ipv4.tcp_syncookies=1
$SYSCTL net.ipv4.conf.all.rp_filter=1
$SYSCTL net.ipv4.conf.default.rp_filter=1
$SYSCTL kernel.exec-shield=1
$SYSCTL kernel.randomize_va_space=1

echo "Starting IPv4 Firewall..."
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X

# interface connected to the Internet 
PUB_IF="eth0"

#Unlimited traffic for loopback
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT

# DROP all incomming traffic
$IPT -P INPUT DROP
$IPT -P OUTPUT DROP
$IPT -P FORWARD DROP

# Block sync
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Drop Sync"
$IPT -A INPUT -i ${PUB_IF} -p tcp ! --syn -m state --state NEW -j DROP

# Block Fragments
$IPT -A INPUT -i ${PUB_IF} -f  -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fragments Packets"
$IPT -A INPUT -i ${PUB_IF} -f -j DROP

# Block bad stuff
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL ALL -j DROP

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "NULL Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL NONE -j DROP # NULL packets

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,RST SYN,RST -j DROP

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "XMAS Packets"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP #XMAS

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -m limit --limit 5/m --limit-burst 7 -j LOG --log-level 4 --log-prefix "Fin Packets Scan"
$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags FIN,ACK FIN -j DROP # FIN packet scans

$IPT  -A INPUT -i ${PUB_IF} -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP

# Allow full outgoing connection but no incomming stuff
$IPT -A INPUT -i ${PUB_IF} -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPT -A OUTPUT -o ${PUB_IF} -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT

# Allow ssh
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 22 -j ACCEPT

# Allow http / https (open port 80 / 443)
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 80 -j ACCEPT
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 443 -j ACCEPT
$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 8080 -j ACCEPT

# allow incomming ICMP ping pong stuff
$IPT -A INPUT -i ${PUB_IF} -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
#$IPT -A OUTPUT -o ${PUB_IF} -p icmp --icmp-type 0 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Allow port 53 tcp/udp (DNS Server)
#$IPT -A INPUT -i ${PUB_IF} -p udp --dport 53 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
##$IPT -A OUTPUT -o ${PUB_IF} -p udp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

#$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 53 -m state --state NEW,ESTABLISHED,RELATED  -j ACCEPT
##$IPT -A OUTPUT -o ${PUB_IF} -p tcp --sport 53 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Open port 110 (pop3) / 143
#$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 110 -j ACCEPT
#$IPT -A INPUT -i ${PUB_IF} -p tcp --destination-port 143 -j ACCEPT

##### Add your rules below ######
#
# 
##### END your rules ############

# Do not log smb/windows sharing packets - too much logging
$IPT -A INPUT -p tcp -i ${PUB_IF} --dport 137:139 -j REJECT
$IPT -A INPUT -p udp -i ${PUB_IF} --dport 137:139 -j REJECT

# log everything else and drop
$IPT -A INPUT -j LOG
$IPT -A FORWARD -j LOG
$IPT -A INPUT -j DROP

exit 0

Saving the iptables for next reboots

iptables-save

Backing up

What every you are on VPS or dedicated with managed or unmanaged hosting, you should always backup and backup and backup your backups. Hey, things happen and I learned that from buying cheap hosting at ChicagoVPS (move away from them).

Click here to check the “How to Backup to Raspberry Pi

Nginx, PHP, and mySQL – LEMP Web Server

 

Security

Skipfish

yum install skipfish -y (More info about skipfish will be posted)