--- /dev/null
+[client]
+socket=/srv/mysql/mysql.sock
+ssl-ca=/etc/pki/tls/certs/ca.pem
+
+[mysql]
+socket=/srv/mysql/mysql.sock
+
+[mysqld]
+datadir=/srv/mysql
+log_slow_queries
+long_query_time=4
+max_connections=256
+max_connect_errors=0
+wait_timeout=300
+interactive_timeout=300
+connect_timeout=10
+local_infile=0
+ft_min_word_len=3
+expire_logs_days=7
+
+# Bump the max open files (*grumble* esp)
+# 2008-09-24 -- quentin
+open_files_limit=8192
+
+log-bin=sql-bin
+log-bin-index=sql-bin.index
+relay-log=kitchen-sink-relay-bin
+relay-log-index=kitchen-sink-relay-bin.index
+
+query_cache_limit=1M
+query_cache_size=128M
+query_cache_type=1
+thread_cache_size=8
+table_cache=512
+key_buffer=384M
+join_buffer=1M
+record_buffer=1M
+max_allowed_packet=16M
+sort_buffer_size=2M
+read_buffer_size=2M
+read_rnd_buffer_size=8M
+tmp_table_size=32M
+thread_concurrency=4
+myisam_sort_buffer_size=64M
+
+innodb_buffer_pool_size=512M
+innodb_additional_mem_pool_size=20M
+innodb_log_file_size=256M
+innodb_log_buffer_size=8M
+innodb_lock_wait_timeout=50
+innodb_thread_concurrency=4
+innodb_log_group_home_dir=/srv/zebra/
+innodb_file_per_table
+
+old_passwords=1
+server-id=1
+
+ssl_ca=/etc/pki/tls/certs/ca.pem
+ssl_cert=/etc/pki/tls/certs/sql.pem
+ssl_key=/etc/pki/tls/private/sql.pem
+
+skip-bdb
+skip-merge
+skip-name-resolve
+
+# Disable the "data directory" option:
+# <quentin> 2008-07-14
+skip-symbolic-links
+
+[mysqldump]
+quick
+quote-names
+max_allowed_packet = 16M
)
server.document-root = "/srv/sql/web/home/"
-alias.url = ( "/~sql/" => "/srv/sql/web/" )
-alias.url += ( "/main/" => "/srv/sql/web/main/" )
-alias.url += ( "/dev/" => "/srv/sql/web/dev/" )
-alias.url += ( "/tools/" => "/srv/sql/web/tools/" )
-alias.url += ( "/" => "/srv/sql/web/home/" )
+alias.url = ( "/~sql" => "/srv/sql/web" )
+alias.url += ( "/main" => "/srv/sql/web/main" )
+alias.url += ( "/dev" => "/srv/sql/web/dev" )
+alias.url += ( "/tools" => "/srv/sql/web/tools" )
+#alias.url += ( "/" => "/srv/sql/web/home" )
url.rewrite-once = ( "^/tools/([^\?]+)(\??.*)" => "/tools/$1.php$2" )
url.rewrite-once += ( "^/~sql/main/do/([^\?]+)(\??.*)" => "/~sql/main/$1.php$2" )
url.rewrite-once += ( "^/~sql/dev/do/([^\?]+)(\??.*)" => "/~sql/dev/$1.php$2" )
ssl.verifyclient.username = "SSL_CLIENT_S_DN_emailAddress"
$SERVER["socket"] == "0.0.0.0:443" {
ssl.engine = "enable"
- ssl.pemfile = "/etc/lighttpd/sql-mit-edu.pem"
+ ssl.pemfile = "/etc/lighttpd/sql.mit.edu.pem"
ssl.ca-file = "/etc/lighttpd/mitCAclient.pem"
ssl.verifyclient.activate = "enable"
ssl.verifyclient.enforce = "disable"
[client]
socket=/srv/mysql/mysql.sock
+ssl-ca=/etc/pki/tls/certs/ca.pem
[mysql]
socket=/srv/mysql/mysql.sock
[mysqld]
datadir=/srv/mysql
log_slow_queries
-long_query_time=2
-max_connections=5000
-#max_connect_errors=10
-wait_timeout=600
-interactive_timeout=600
+long_query_time=4
+max_connections=256
+max_connect_errors=0
+wait_timeout=300
+interactive_timeout=300
connect_timeout=10
+local_infile=0
+ft_min_word_len=3
+expire_logs_days=7
+
+# Bump the max open files (*grumble* esp)
+# 2008-09-24 -- quentin
+open_files_limit=8192
log-bin=sql-bin
log-bin-index=sql-bin.index
relay-log=kitchen-sink-relay-bin
relay-log-index=kitchen-sink-relay-bin.index
-skip-locking
-#skip-external-locking
-
query_cache_limit=1M
query_cache_size=128M
query_cache_type=1
thread_cache_size=8
-table_cache=1024
-key_buffer=400M
+table_cache=512
+key_buffer=384M
join_buffer=1M
record_buffer=1M
max_allowed_packet=16M
sort_buffer_size=2M
read_buffer_size=2M
read_rnd_buffer_size=8M
-tmp_table_size=35M
+tmp_table_size=32M
thread_concurrency=4
-myisam_sort_buffer_size=8M
+myisam_sort_buffer_size=64M
innodb_buffer_pool_size=512M
innodb_additional_mem_pool_size=20M
-innodb_log_file_size=200M
-innodb_log_buffer_size=2M
-#innodb_lock_wait_timeout=50
-
+innodb_log_file_size=256M
+innodb_log_buffer_size=8M
+innodb_lock_wait_timeout=50
+innodb_thread_concurrency=4
+innodb_log_group_home_dir=/srv/zebra/
innodb_file_per_table
old_passwords=1
server-id=1
+ssl_ca=/etc/pki/tls/certs/ca.pem
+ssl_cert=/etc/pki/tls/certs/sql.pem
+ssl_key=/etc/pki/tls/private/sql.pem
+
skip-bdb
-#skip-networking
+skip-merge
+skip-name-resolve
+
+# Disable the "data directory" option:
+# <quentin> 2008-07-14
+skip-symbolic-links
[mysqldump]
quick
-A Firewall -p 51 -j ACCEPT
-A Firewall -p icmp --icmp-type any -j ACCEPT
-A Firewall -m state --state RELATED,ESTABLISHED -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -d 18.181.0.52 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 18.181.0.47 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 18.181.0.56 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -d 172.21.0.52 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 172.21.0.47 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 3306 -s 172.21.0.56 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 4949 -s 18.187.1.128 -j ACCEPT
--A Firewall -m state --state NEW -m tcp -p tcp --dport 5666 -s 18.187.1.128 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 22,80,443 -j ACCEPT
+
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 3306,33306 -d 18.181.0.52 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 3306,33306 -d 172.21.0.52 -j ACCEPT
+
+-A Firewall -m state --state NEW -p tcp --dport 3306 -s 18.181.0.47 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp --dport 3306 -s 172.21.0.47 -j ACCEPT
+
+-A Firewall -m state --state NEW -p tcp --dport 3306 -s 18.181.0.56 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp --dport 3306 -s 172.21.0.56 -j ACCEPT
+
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 4949,5666 -s 18.181.0.65 -j ACCEPT
+-A Firewall -m state --state NEW -p tcp -m multiport --dports 4949,5666 -s 18.187.1.128 -j ACCEPT
+
-A Firewall -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Wed Aug 29 23:33:53 2007
#!/bin/bash
if [[ -s /srv/mysql/master.info ]]; then
- NEWBF=/srv/backup/daily/sql.mit.edu_`date +%m-%d-%Y`.sql.gz
+ NEWBF=/srv/backup/daily/sql.mit.edu_`date +%Y-%m-%d`.sql.gz
/usr/bin/mysqldump -umit-backup -efqQK --all-databases | gzip > $NEWBF
if [[ -s $NEWBF && `ls /srv/backup/daily/ | wc -l` -ge 4 ]]; then
rm -f /srv/backup/daily/`ls -t /srv/backup/daily/ | tail -n1`