How to Update the Default Plesk SSL (not domain ssl)

You can update the SSL through Plesk under Tools & Settings -> SSL/TLS Certificates.

To change the default Plesk certificate and do not reassign certificates for all domains manually, do the following:

  1. In Plesk open Tools & Settings > SSL/TLS Certificates > Add > proceed with adding new certificate.
  2. Return to Tools & Settings > SSL/TLS Certificates > select the certificate created in previous step > Make Default .

Office 365 Anti-Spam IP Delist Portal

If you’re trying to send mail to an Office 365 recipient and the mail has been rejected because of your sending IP address, follow these steps to submit a delisting request.

Error messages may be similar to the following:


ECDHE-RSA-AES256-SHA384:256 CV=yes: SMTP error from remote mail server after RCPT TO:: 550 5.7.606 Access denied, banned sending IP [xxx.xx.xxx.xxx]. To request removal from this list please visit https://sender.office.com/ and follow the directions. For more information please go to http://go.microsoft.com/fwlink/?LinkID=526655 (AS16012609) [HE1EUR01FT043.eop-EUR01.prod.protection.outlook.com]

Generate ssh keys on linux and use with PuTTY on Windows

Log into the Linux server as the user you are going to use to connect with ssh. Generate the key.


ssh-keygen -t rsa -b 4096 -C "email@domain.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/home/user/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3/dDa9R+zzDpGNt/EU9Jusj/snbKt3+B8F+ULnxXtWk email@domain.com
The key's randomart image is:
+---[RSA 4096]----+
|                 |
|               ..|
|              o *|
|           . . E+|
|        S . = =o=|
|         . + * O=|
|          . + @.*|
|            .@ %=|
|            ++@+#|
+----[SHA256]-----+

Now copy the id_rsa key to your Windows desktop. This can be done by copying and pasting the contents of the file or using an SCP client such as PSCP which is supplied with the PuTTY install or FileZilla.

Next launch PuTTYgen from the Windows Programs list.

Click Conversions from the PuTTY Key Generator menu and select Import key.
Navigate to the OpenSSH private key (id_rsa)and click Open.
Under Actions / Save the generated key, select Save private key.
Choose an optional passphrase to protect the private key.
Save the private key to the desktop as id_rsa.ppk.

If the public key is already appended to the authorized_keys file on the remote SSH server, then proceed to Connect to Server with Private Key.

Otherwise, proceed to Copy Public Key to Server.
Copy Public Key to Server

The OpenSSH public key is located in the box under Key / Public key for pasting info OpenSSH authorized_keys file:. The public key begins with ssh-rsa followed by a string of characters.

Highlight entire public key within the PuTTY Key Generator and copy the text.
Launch PuTTY and log into the remote server with your existing user credentials.

Use your preferred text editor to create and/or open the authorized_keys file:


# nano ~/.ssh/authorized_keys

Paste the public key into the authorized_keys file.

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQBp2eUlwvehXTD3xc7jek3y41n9fO0A+TyLqfd5ZAvuqrwNcR2K7UXPVVkFmTZBes3PNnab4UkbFCki23tP6jLzJx/MufHypXprSYF3x4RFh0ZoGtRkr/J8DBKE8UiZIPUeud0bQOXztvP+pVXT+HfSnLdN62lXTxLUp9EBZhe3Eb/5nwFaKNpFg1r5NLIpREU2H6fIepi9z28rbEjDj71Z+GOKDXqYWacpbzyIzcYVrsFq8uqOIEh7QAkR9H0k4lRhKNlIANyGADCMisGWwmIiPJUIRtWkrQjUOvQgrQjtPcofuxKaWaF5NqwKCc5FDVzsysaL5IM9/gij8837QN7z rsa-key-20141103

Save the file and close the text editor.
Adjust the permissions of the authorized_keys file so that the file does not allow group writable permissions.

# chmod 600 ~/.ssh/authorized_keys

Logout of the remote server.

Error After Upgrade from PHP 5.4 to 5.6 on CentOS

After an upgrade from PHP 5.4 to 5.6, I received an error when I run an app update:

Your requirements could not be resolved to an installable set of packages.
Problem 1 – This package requires php >=5.6 but your PHP version (5.4.45) does not satisfy that requirement.

Issue:

The shell cli is currently running on php5.4. You will need to specify what version the shell will use. This can be done by running the following command.


# echo "alias php='/opt/plesk/php/5.6/bin/php'" >> ~/.bashrc

The guide from Plesk

https://support.plesk.com/hc/en-us/articles/115003766853-How-to-specify-PHP-version-on-the-Plesk-server-for-command-line-command-php-for-user-

You can confirm here:


# php -v
PHP 5.6.35 (cli) (built: Mar 30 2018 12:52:22)
Copyright (c) 1997-2016 The PHP Group

Disable ONLY_FULL_GROUP_BY in Mysql on Ubuntu 16

Recently I ran a command in mysql that resulted in this error:

mysql: [ERROR] unknown variable 'sql_mode=IGNORE_SPACE,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION'

So I had to add a line to the mysql config file. In Ubuntu 16:

# nano /etc/mysql/mysql.conf.d/mysqld.cnf

Add the following line under mysqld


[mysqld]
sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"

Restart mysql:

# systemctl restart mysql

Replace PHP 5.4 with 5.6 in CentOS 7.x

How to replace php 5.4 with php 5.6.

Before installing PHP 5.6, apply any existing updates available for your distribution:


# yum check-update
# yum update

Also, this is a good moment to get (and save somewhere) a list of our installed packages (in case we need to rollback):


# rpm -qa |grep php
php-mbstring-5.4.16-36.1.el7_2.1.x86_64
php-mysql-5.4.16-36.1.el7_2.1.x86_64
(...)
php-gd-5.4.16-36.1.el7_2.1.x86_64
php-odbc-5.4.16-36.1.el7_2.1.x86_64

Download and install the “repos” package:

# wget http://rpms.famillecollet.com/enterprise/remi-release-7.rpm


# rpm -Uhv remi-release-7.rpm

Now enable the repository in Yum by setting enable=1 for the remi-php56 repo:


# nano /etc/yum.repos.d/remi.repo
(...)

[remi-php56]
name=Remi's PHP 5.6 RPM repository for Enterprise Linux 7 - $basearch
mirrorlist=http://rpms.remirepo.net/enterprise/7/php56/mirror
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-remi

(...)

Replace PHP 5.4 with PHP 5.6
Install the packages not as a Software Collection but as “Replacement Packages”:

# yum update

This yum update command should upgrade all our PHP packages. If it does not upgrade them or we don’t have PHP already installed, then do:

# yum --enablerepo=remi-php56 install php-cli

Yum will remove the old packages and install the new ones.

Now, restart services:


# systemctl restart httpd
# systemctl restart nginx
# systemctl restart php-fpm

if you receive an Nginx error, then you may need to reconfigure it. See: https://geekdecoder.com/install-nginx-centos-7/

Stress Test CentOS with Stress

First, you need to download the file using Wget and then install it using RPM on your system to enable the EPEL repository.

RHEL/CentOS 7 64 Bit


# wget http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# rpm -ivh epel-release-latest-7.noarch.rpm

## RHEL/CentOS 6 64-Bit ##


# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm

Check the installation

# yum repolist
*epel/x86_64 Extra Packages for Enterprise Linux 7 - x86_64

Now, install stress

# yum install stress

To test, first run the uptime command and note down the load average. Next, run the stress command to spawn 8 workers spinning on sqrt() with a timeout of 20 seconds. After running stress, again run the uptime command and compare the load average.

# uptime
16:39:03 up 1 day, 18:32,  1 user,  load average: 0.15, 0.24, 0.14
sudo stress --cpu  8 --timeout 20
stress: info: [65429] dispatching hogs: 8 cpu, 0 io, 0 vm, 0 hdd
stress: info: [65429] successful run completed in 20s

Now uptime again

# uptime
 16:40:18 up 1 day, 18:34,  1 user,  load average: 1.35, 0.59, 0.27

Spawn 8 workers spinning on sqrt() with a timeout of 30 seconds

]# uptime
 16:41:52 up 1 day, 18:35,  1 user,  load average: 0.28, 0.43, 0.24
[root@server rogerp]# sudo stress --cpu 8 -v --timeout 30s
stress: info: [65654] dispatching hogs: 8 cpu, 0 io, 0 vm, 0 hdd
stress: dbug: [65654] using backoff sleep of 24000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 8 [65655] forked
stress: dbug: [65654] using backoff sleep of 21000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 7 [65656] forked
stress: dbug: [65654] using backoff sleep of 18000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 6 [65657] forked
stress: dbug: [65654] using backoff sleep of 15000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 5 [65658] forked
stress: dbug: [65654] using backoff sleep of 12000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 4 [65659] forked
stress: dbug: [65654] using backoff sleep of 9000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 3 [65660] forked
stress: dbug: [65654] using backoff sleep of 6000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 2 [65661] forked
stress: dbug: [65654] using backoff sleep of 3000us
stress: dbug: [65654] setting timeout to 30s
stress: dbug: [65654] --> hogcpu worker 1 [65662] forked
stress: dbug: [65654] <-- worker 65659 signalled normally
stress: dbug: [65654] <-- worker 65658 signalled normally
stress: dbug: [65654] <-- worker 65660 signalled normally
stress: dbug: [65654] <-- worker 65656 signalled normally
stress: dbug: [65654] <-- worker 65655 signalled normally
stress: dbug: [65654] <-- worker 65657 signalled normally
stress: dbug: [65654] <-- worker 65662 signalled normally
stress: dbug: [65654] <-- worker 65661 signalled normally
stress: info: [65654] successful run completed in 30s
[root@server rogerp]# uptime
 16:43:10 up 1 day, 18:37,  1 user,  load average: 1.87, 1.06, 0.49

Set up Sendgrid on Plesk

This is used to set up Sendgrid in Plesk for Azure email functionality.

  1. Set up a sendgrid account and set up the first email:
  2.  Ssh to the Azure server and make the following modifications:

Find your Postfix config file, typically /etc/postfix/main.cf, and add the following:

smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
smtp_tls_security_level = encrypt
header_size_limit = 4096000
relayhost = [smtp.sendgrid.net]:587

Now you need to specify your credentials (optionally, use apikey as username and an API Key as password) in the separate file /etc/postfix/sasl_passwd (you’ll likely need to create it):

[smtp.sendgrid.net]:587 yourSendGridUsername:yourSendGridPassword

Next, make sure the file has restricted read and write access only for root, and use the postmap command to update Postfix’s hashtables to use this new file:

$ sudo chmod 600 /etc/postfix/sasl_passwd
$ sudo postmap /etc/postfix/sasl_passwd

Finally, restart Postfix:

$ sudo systemctl restart postfix

Send your email and then verify in sendgrid.

If you are getting no mechanism available error messages it generally indicates that you are missing some SASL authentication libraries.

Install the missing module dependency using apt-get (i.e., Debian, Ubuntu):

$ apt-get install libsasl2-modules

Or using a yum (i.e., RedHat, Fedora, CentOS):

$ yum install cyrus-sasl-plain

Troubleshooting
If port 587 is not working for you please try 2525 in your postfix config. You may also need to edit /etc/postfix/master.cf to remove # from

#tlsmgr unix - - n 1000? 1 tlsmgr

Other integrations with MTA’a – https://sendgrid.com/docs/Integrate/Mail_Servers/postfix.html

Check CPU Type

Here is how to check the CPU type in CentOS:

# dmidecode --type processor

Output:

# dmidecode 2.12
SMBIOS 2.7 present.

Handle 0x0004, DMI type 4, 42 bytes
Processor Information
	Socket Designation: CPU 1
	Type: Central Processor
	Family: Xeon
	Manufacturer: Intel
	ID: D7 06 02 00 FF FB EB BF
	Signature: Type 0, Family 6, Model 45, Stepping 7
	Flags:
		FPU (Floating-point unit on-chip)
		VME (Virtual mode extension)
		DE (Debugging extension)
		PSE (Page size extension)
		TSC (Time stamp counter)
		MSR (Model specific registers)
		PAE (Physical address extension)
		MCE (Machine check exception)
		CX8 (CMPXCHG8 instruction supported)
		APIC (On-chip APIC hardware supported)
		SEP (Fast system call)
		MTRR (Memory type range registers)
		PGE (Page global enable)
		MCA (Machine check architecture)
		CMOV (Conditional move instruction supported)
		PAT (Page attribute table)
		PSE-36 (36-bit page size extension)
		CLFSH (CLFLUSH instruction supported)
		DS (Debug store)
		ACPI (ACPI supported)
		MMX (MMX technology supported)
		FXSR (FXSAVE and FXSTOR instructions supported)
		SSE (Streaming SIMD extensions)
		SSE2 (Streaming SIMD extensions 2)
		SS (Self-snoop)
		HTT (Multi-threading)
		TM (Thermal monitor supported)
		PBE (Pending break enabled)
	Version: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz
	Voltage: 0.0 V
	External Clock: 100 MHz
	Max Speed: 4000 MHz
	Current Speed: 2000 MHz
	Status: Populated, Enabled
	Upgrade: Socket LGA2011
	L1 Cache Handle: 0x0005
	L2 Cache Handle: 0x0006
	L3 Cache Handle: 0x0007
	Serial Number: Not Specified
	Asset Tag: Not Specified
	Part Number: Not Specified
	Core Count: 6
	Core Enabled: 1
	Thread Count: 12
	Characteristics:
		64-bit capable
		Multi-Core
		Hardware Thread
		Execute Protection
		Enhanced Virtualization
		Power/Performance Control

Handle 0x0008, DMI type 4, 42 bytes
Processor Information
	Socket Designation: CPU 2
	Type: Central Processor
	Family: Xeon
	Manufacturer: Intel
	ID: D7 06 02 00 FF FB EB BF
	Signature: Type 0, Family 6, Model 45, Stepping 7
	Flags:
		FPU (Floating-point unit on-chip)
		VME (Virtual mode extension)
		DE (Debugging extension)
		PSE (Page size extension)
		TSC (Time stamp counter)
		MSR (Model specific registers)
		PAE (Physical address extension)
		MCE (Machine check exception)
		CX8 (CMPXCHG8 instruction supported)
		APIC (On-chip APIC hardware supported)
		SEP (Fast system call)
		MTRR (Memory type range registers)
		PGE (Page global enable)
		MCA (Machine check architecture)
		CMOV (Conditional move instruction supported)
		PAT (Page attribute table)
		PSE-36 (36-bit page size extension)
		CLFSH (CLFLUSH instruction supported)
		DS (Debug store)
		ACPI (ACPI supported)
		MMX (MMX technology supported)
		FXSR (FXSAVE and FXSTOR instructions supported)
		SSE (Streaming SIMD extensions)
		SSE2 (Streaming SIMD extensions 2)
		SS (Self-snoop)
		HTT (Multi-threading)
		TM (Thermal monitor supported)
		PBE (Pending break enabled)
	Version: Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz
	Voltage: 0.0 V
	External Clock: 100 MHz
	Max Speed: 4000 MHz
	Current Speed: 2000 MHz
	Status: Populated, Enabled
	Upgrade: Socket LGA2011
	L1 Cache Handle: 0x0009
	L2 Cache Handle: 0x000A
	L3 Cache Handle: 0x000B
	Serial Number: Not Specified
	Asset Tag: Not Specified
	Part Number: Not Specified
	Core Count: 6
	Core Enabled: 1
	Thread Count: 12
	Characteristics:
		64-bit capable
		Multi-Core
		Hardware Thread
		Execute Protection
		Enhanced Virtualization
		Power/Performance Control

Check if a Package is Installed

One of the most common requests and inquirys is “Do I have the …xyz package or program installed?” Here is how to check.

Ubuntu/Debian

List all packages

# dpkg -l | less

# dpkg -s apache-perl

To check whether a package is installed or not:


dpkg -l | grep vlc

Use file /var/lib/dpkg/available to find out all package names available to you. Or use following command (list all packages in /var/lib/dpkg/status):


# dpkg-query -l

You can also try to match package name using wild cards:


# dpkg-query -l 'libc6*'

Use the following command to get exact status (whether it is installed or not):

# dpkg-query -W -f='${Status} ${Version}\n' apache-perl

CentOS and RPM based Distros

Under Red Hat/Fedora/CentOS/Suse Linux use the rpm command:

# rpm -qa | grep {package-name}

For example find out package mutt installed or not:

# rpm -qa | grep mutt

On a CentOS/RHEL use the following yum command to tell whether a package named htop is installed:


# yum list installed {PACKAGE_NAME_HERE}

# yum list installed htop