MariaDB cnf files

Here is the original /etc/my.cnf file for a default mariadb installation:

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

#
# include all files from the config directory
#
!includedir /etc/my.cnf.d

Location of other .cnf files you can use:

/usr/share/mysql/my-huge.cnf
/usr/share/mysql/my-innodb-heavy-4G.cnf
/usr/share/mysql/my-large.cnf
/usr/share/mysql/my-medium.cnf
/usr/share/mysql/my-small.cnf

How do you calculate mysql max_connections variable

The basic formulas are:

Available RAM = Global Buffers + (Thread Buffers x max_connections)
max_connections = (Available RAM – Global Buffers) / Thread Buffers

To get the list of buffers and their values:


SHOW VARIABLES LIKE '%buffer%';

Here’s a list of the buffers and whether they’re Global or Thread:

Global Buffers: key_buffer_size, innodb_buffer_pool_size, innodb_log_buffer_size, innodb_additional_mem_pool_size, net_buffer_size, query_cache_size
Thread Buffers: sort_buffer_size, myisam_sort_buffer_size, read_buffer_size, join_buffer_size, read_rnd_buffer_size, thread_stack

MariaDB [(none)]> SHOW VARIABLES LIKE '%buffer%';
+---------------------------------------+-----------+
| Variable_name                         | Value     |
+---------------------------------------+-----------+
| aria_pagecache_buffer_size            | 134217728 |
| aria_sort_buffer_size                 | 134217728 |
| bulk_insert_buffer_size               | 8388608   |
| innodb_blocking_buffer_pool_restore   | OFF       |
| innodb_buffer_pool_instances          | 1         |
| innodb_buffer_pool_populate           | OFF       |
| innodb_buffer_pool_restore_at_startup | 0         |
| innodb_buffer_pool_shm_checksum       | ON        |
| innodb_buffer_pool_shm_key            | 0         |
| innodb_buffer_pool_size               | 134217728 |
| innodb_change_buffering               | all       |
| innodb_log_buffer_size                | 8388608   |
| join_buffer_size                      | 131072    |
| join_buffer_space_limit               | 2097152   |
| key_buffer_size                       | 16777216  |
| mrr_buffer_size                       | 262144    |
| myisam_sort_buffer_size               | 8388608   |
| net_buffer_length                     | 8192      |
| preload_buffer_size                   | 32768     |
| read_buffer_size                      | 262144    |
| read_rnd_buffer_size                  | 524288    |
| sort_buffer_size                      | 524288    |
| sql_buffer_result                     | OFF       |
+---------------------------------------+-----------+

Lets find out the RAM:

# free -b
              total        used        free      shared  buff/cache   available
Mem:     3975184384   978608128  1691045888     9445376  1305530368  2661937152

Lets get our data together.

RAM = 3975184384
Global Buffers: key_buffer_size, innodb_buffer_pool_size, innodb_log_buffer_size, innodb_additional_mem_pool_size, net_buffer_length, query_cache_size
or, from above…
Global Buffers: 16777216 + 134217728 + 8388608 + 0 + 8192 + 0 = 159391744

Thread Buffers: sort_buffer_size, myisam_sort_buffer_size, read_buffer_size, join_buffer_size, read_rnd_buffer_size, thread_stack
or, from above…
Thread Buffers: 524288 + 8388608 + 262144 + 131072 + 524288 + 0 = 9830400

With this information, the following is the calculation:
max_connections = (Available RAM – Global Buffers) / Thread Buffers
max_connections = (3975184384 – 159391744) / 9830400

So the formula shows 378 Max Connections on this machine

Test info with mysqltuner

Log into your server with a root or sudo user via SSH.
Download MySQLTuner by executing the following command:


wget -O mysqltuner.pl https://raw.githubusercontent.com/major/MySQLTuner-perl/master/mysqltuner.pl --no-check-certificate

Give the script 775 permissions:


chmod 775 mysqltuner.pl

Run the script with the following command:


perl mysqltuner.pl

Resources:
Handy Calculator Download: https://journeyontux.wordpress.com/2011/12/22/calculate-number-of-connections-for-mysql-server/
Another Calculator: http://www.mysqlcalculator.com/

Add second hard drive to linux

Here is how to add a second disk to linux. In this article, the OS is CentOS 7.

Check to see how many drives are installed: You can do this using the df and fdisk command:


# df -h
Filesystem                     Size  Used Avail Use% Mounted on
/dev/mapper/centos_plesk-root   14G  3.9G   10G  29% /
devtmpfs                       910M     0  910M   0% /dev
tmpfs                          920M  4.0K  920M   1% /dev/shm
tmpfs                          920M  8.6M  912M   1% /run
tmpfs                          920M     0  920M   0% /sys/fs/cgroup
/dev/sda1                      497M  215M  282M  44% /boot
tmpfs                          184M     0  184M   0% /run/user/1000

The above information show the primary disk as sda.

Use fdisk to identify the second drive:


# fdisk -l

Disk /dev/sda: 17.2 GB, 17179869184 bytes, 33554432 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000ab095

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048    33554431    16264192   8e  Linux LVM

Disk /dev/sdb: 17.2 GB, 17179869184 bytes, 33554432 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes

The sdb drive is the second drive and it has no information on the mount points.

Now we can partition the drive. To partition the disk – /dev/sdb, enter:


# fdisk /dev/sdb

For help using the partitioner, use the “m” command:


Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)

Command (m for help): 

partitions using the command “p”:


Command (m for help): p

Disk /dev/sdb: 50.0 GB, 50019202560 bytes
255 heads, 63 sectors/track, 6081 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

   Device Boot    Start       End    Blocks   Id  System

Command (m for help):

To create a new partition, issue the command “n” and then select “p” for primary and 1-4 depending on which partition on the drive this is (first, second, third, or fourth):

n(creates a new partition)

p(creates a primary partition)

1(the number 1 denotes the partition will be /dev/sdb1)


Command (m for help): n
Command action
  e   extended
  p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-6081, default 1): 1
Last cylinder or +size or +sizeM or +sizeK (1-6081, default 6081): 6081


To save the partition, use the “w” command:


Command (m for help): w


The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Now we can check to see if the partition is there:

# fdisk -l

Disk /dev/sda: 17.2 GB, 17179869184 bytes, 33554432 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x000ab095

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *        2048     1026047      512000   83  Linux
/dev/sda2         1026048    33554431    16264192   8e  Linux LVM

Disk /dev/sdb: 17.2 GB, 17179869184 bytes, 33554432 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x884e64a3

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    33554431    16776192   83  Linux

Format the new disk using mkfs.ext3 command:

To format Linux partions using ext3fs on the new disk, issue the following command:


# mkfs.ext3 /dev/sdb1

To format Linux partions using ext4fs on the new disk, issue the following command:

# mkfs.ext4 /dev/sdb1

Output (for using ext4):

# mkfs.ext4 /dev/sdb1
mke2fs 1.42.9 (28-Dec-2013)
Filesystem label=
OS type: Linux
Block size=4096 (log=2)
Fragment size=4096 (log=2)
Stride=0 blocks, Stripe width=0 blocks
1048576 inodes, 4194048 blocks
209702 blocks (5.00%) reserved for the super user
First data block=0
Maximum filesystem blocks=2151677952
128 block groups
32768 blocks per group, 32768 fragments per group
8192 inodes per group
Superblock backups stored on blocks:
        32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
        4096000

Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

Mount the new disk using the mount command. First, you’ll need to create a mount point. We’ll use /disk2. This is where we’ll mount /dev/sdb1. Enter the following commands:


# cd /
# mkdir disk2
# mount /dev/sdb1 /disk2
# df -h
Filesystem                     Size  Used Avail Use% Mounted on
/dev/mapper/centos_plesk-root   14G  3.9G   10G  29% /
devtmpfs                       910M     0  910M   0% /dev
tmpfs                          920M  4.0K  920M   1% /dev/shm
tmpfs                          920M  8.6M  912M   1% /run
tmpfs                          920M     0  920M   0% /sys/fs/cgroup
/dev/sdb1                       16G   47M   15G   1% /disk2
/dev/sda1                      497M  215M  282M  44% /boot
tmpfs                          184M     0  184M   0% /run/user/0

Edit /etc/fstab so the new drive will automatically mount to /disk1 on reboot. Add the following:
/dev/sdb1 /disk2 ext4 defaults 0 0

# nano /etc/fstab
# Created by anaconda on Wed Dec  6 19:53:05 2017
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos_plesk-root /                       xfs     defaults        0 0
UUID=f9b133be-f059-45e2-a296-ccddb4cebe06 /boot                   xfs     defaults        0 0
/dev/mapper/centos_plesk-swap swap                    swap    defaults        0 0
/dev/sdb1       /disk2      ext4    defaults        0 0

Mount the disk

# mount -a

Cron Format

How Cron works:

<Minute> <Hour> <Day_of_the_Month> <Month_of_the_Year> <Day_of_the_Week>
* * * * * *
| | | | | | 
| | | | | +-- Year              (range: 1900-3000)
| | | | +---- Day of the Week   (range: 1-7, 1 standing for Monday)
| | | +------ Month of the Year (range: 1-12)
| | +-------- Day of the Month  (range: 1-31)
| +---------- Hour              (range: 0-23)
+------------ Minute            (range: 0-59)

Examples:


0 0 * * * *                         Daily at midnight

5 minutes after midnight each day

05     0      *       *       *       root 

How to setup FTP server / users on Windows 2012 R2

Introduction

This tutorial should assist with creating FTP server on Windows 2012 R2 – Depend on your version – Your setting might be slightly different.

Even there are too many free third-party tools like Filezilla that provide a client access to FTP serve..

Here you have the steps I followed to set up my FTP server in Windows 2012 R2.
The steps below assume you are using IIS 8.5 that comes by default with Windows 2012 R2

Prerequisites

  • A Windows 2012 R2 server.
  • An administrative account.

1- Enable Web Server (IIS) role and FTP Server role service.

  1. Log in to the server by using an administrative account
  2. Open Server Manager
  3. Go to Manage > Add Roles and Features
  4. Click Next
  5. Select Role-based or feature-based installation
  6. Click Next
  7. Select Select a server from the server pool, and select your server
  8. Click Next.
  9. Scroll down and put a check mark in Web Server (IIS)
  10. An Add features window pops up. Put a check mark in the Include management tools (if applicable) option
  11. Click Add Features button
  12. Click Next
  13. Click Next
  14. Click Next
  15. Scroll down and put a check mark in: FTP serverFTP Service and FTP Extensibility.
  16. Click Next
  17. Click Install
  18. When installation is finished, click Close

2- Create FTP users

You need to create users in Windows in order to be able to use FTP services.
You can use either local or domain users.
In this case, I will create some local users.
The only thing that changes if you use domain users is, when you log in to FTP, you must use the domain/account format.

  1. In Server Manager go to Tools
  2. Click Computer Management
  3. Click Local Users and Groups
  4. Click Users
  5. In the center pane, right-click a blank area and then select New User…
  6. Enter the username information and click the Create button
  7. Create as many usernames you need here.

Optionally, you can create a group that contains all the FTP users in the Groups folder and add the users you created above.

3- Configuring FTP global IIS settings.

You need to configure some global settings for your IIS server before creating your FTP site.
It is very easy, follow the steps below:

  1. In Server Manager go to Tools
  2. Click Internet Information Services (IIS) manager.
  3. In the left pane, double-click the server icon (in the tree below the option Start Page)
  4. If a window pops up asking about Microsoft Web Platform, select Do not show this message, and click the No button
  5. In the center pane, double-click the FTP Authentication icon
  6. If you want to allow anonymous users,right-click Anonymous Authentication and set it to Enable.
  7. To allow access to the windows users you created in Part Two above, right-click Basic Authentication and set it to Enable.
  8. In the left pane, double-click the server icon.
  9. Double click the FTP Authorization Rules option
  10. Delete all rules in the center pane.
  11. After all rules have been deleted, right-click a blank area in the center pane and select the option Add Allow Rule…
  12. Click the option Specified users.
  13. In the text box type the usernames (separated by commas) you created in Part Two above.
  14. Check either the boxes Read or Write depending the access you want to grant to the user or group of users you are adding.
  15. Click the OK button
  16. Repeat steps 8 to 15 if you want to add more users with different Read / Write permissions.

4- Creating FTP site.

  1. Open Windows Explorer
  2. Navigate to C:\inetpub\ftproot
  3. This is the default local folder where the FTP directory tree will be saved
  4. You can create your own folder in another directory or hard drive if you want.
  5. Create your own folder at this point if it is desired.
  6. Open Server Manager
  7. Go to Tools
  8. Click on Internet Information Services (IIS) Manager
  9. In the left pane, right-click the server icon (in the tree below the option Start Page)
  10. Click Add FTP Site
  11. In FTP site name type a friendly name for your site. (My FTP Site  for example)
  12. In Physical path browse to the folder you creates in steps 2 to 5
  13. Click Next
  14. In IP Address, click the drop down menu, and select the server’s IP address you want to assign to the site
  15. Port remains as 21 by default. You can change it if you want.
  16. Ensure the option Start FTP site automatically is checked
  17. Select the No SSL option if you are nor required to use certificates. Otherwise, select one of the other options.
  18. Click Next
  19. In the Authentication section, put a check mark in Anonymous If you want to allow anonymous users.
  20. Put a check mark also in Basic to allow access to users created in Part Two.
  21. In the Allow access to: drop down menu, select: Specified Users
  22. In the text box type the usernames of the users you created in Part Two.
  23. Check the box Read to grant read access to users.
  24. Check the box Write to grant write access to users.
  25. Click Finish

5- IIS Firewall setup.

  1. In Server Manager go to Tools
  2. Click Internet Information Services (IIS) manager.
  3. In the left pane, double-click the server icon (in the tree below the option Start Page)
  4. In the center pane, double-click the FTP Firewall Support icon
  5. In the Data Channel Port Range box, make sure the value is 0-0 to use the default port range.
  6. Or, you can change it if you want by your own set of ports.
  7. Click Apply
  8. Close Internet Information Services (IIS) Manager

6- Windows Firewall setup.

By default, all exceptions needed for FTP are added to the Windows Firewall at the time you enable the FTP Server role.
Anyway, for troubleshooting purposes, I will show the configuration that needs to be in place in order to allow FTP traffic in your server.

  1. Open Server Manager
  2. In the left pane, click Local Server
  3. In the right pane, click the hyperlink beside the Windows Firewall option. It should say Public:On  (or Off).
  4. The Windows firewall window opens. In the left pane click Advanced Settings
  5. The Windows Firewall with Advanced Security window opens. In the left pane click Inbound Rules.
  6. In the right pane, verify there’s a rule called FTP Server (FTP Traffic-In)
  7. Double click this rule.
  8. In the General tab, verify the option Enabled is checked.
  9. Go to the Protocols and Ports tab.
  10. Verify the Protocol type is TCP and the Local port value is 21.
  11. Go to the Advanced tab
  12. Make sure the profiles: DomainPrivate and Public are checked.
  13. Click OK button
  14. Execute the same validation in steps 7-13 for the FTP Server Passive (FTP Passive Traffic-In)rule. Except that the local port value in this rule should be1024-65535
  15. Execute the same validation in steps 7-13 for the FTP Server Secure (FTP SSL Traffic-In) rule.Except that the local port value in this rule should be 990
  16. In the left pane, click Outbound Rules
  17. Execute the same validation in steps 7-13 for the FTP Server (FTP Traffic-Out) rule. Except that the local port value in this rule should be 20
  18. Execute the same validation in steps 7-13 for the FTP Server Secure (FTP SSL Traffic-Out) rule. Except that the local port value in this rule should be 989
  19. Close all windows.

 7- Testing

  • The last part is to test your work.
  • Make sure you can connect to the FTP service, first from the local machine and then form a remote computer.
  • Try to log in, put files, get files, show folder contents, etc

Add Gzip to Plesk Server

Instructions
Login to your Plesk server.
Select the domain you wish to enable gzip for from the left hand side.
Click in Apache and nginx settings:

Down the bottom, add the following to the “Additional nginx directives” field:


gzip on;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_proxied any;
gzip_types text/plain text/css application/x-javascript application/javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/bmp image/svg+xml;
gzip_vary on;

Click OK to save.
Verify with GTMetrix.com .


			

R1Soft error Failed to backup LVM/MD Configuration

R1Soft error will resemble something like – “Failed to backup LVM/MD Configuration” with running LVM based commands from R1Soft.

Usually due to an upstream vendor or repo update of the LVM binary that conflicts with the R1soft native configuration “lvm.static” command.

Error:

Failed backup of LVM configuration
Failed to execute command ‘lvm.static pvs -o pv_fmt,pv_uuid,dev_size,pv_name,pv_mda_free,pv_mda_size,pv_all,seg_all,pvseg_all,vg_all,lv_all –nameprefixes –noheadings –units b –nosuffix –unquoted’

Workaround:

# mv /usr/sbin/r1soft/lib/lvm.static /usr/sbin/r1soft/lib/lvm.static_orig

# ln -s /sbin/lvm /usr/sbin/r1soft/lib/lvm.static

Nmap Script to Test SSL Versions and Cipher Suites

Included in NMap is a script called ssl-enum-ciphers, which will let you scan a target and list all SSL protocols and ciphers that are available on that server. You can also narrow it down by specifying a port number with the -p option.

This tool comes in handy if you’re doing a vulnerability scan and you need to make some changes to a server and you want to test those changes. This will allow you to perform a quick scan without needing to do a complete vulnerability scan.

$ nmap --script ssl-enum-ciphers -p 443 testdomain.com

Starting Nmap 7.40 ( https://nmap.org ) at 2018-01-09 12:18 CST
Nmap scan report for testdomain.com (192.99.236.66)
Host is up (0.065s latency).
PORT    STATE SERVICE
443/tcp open  https
| ssl-enum-ciphers:
|   TLSv1.0:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|   TLSv1.1:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|   TLSv1.2:
|     ciphers:
|       TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
|       TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
|       TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
|     compressors:
|       NULL
|     cipher preference: server
|_  least strength: A

Error 401: Unauthorized: Access is denied due to invalid credentials

When getting an error in Windows 2008 R2, Error 401: Unauthorized: Access is denied due to invalid credentials

See – https://www.codeproject.com/Answers/418802/Unauthorized-Access-is-denied-due-to-invalid-c#answer1

Specifically Solution 6 with a minor adjustment.

Right click on the folder in Explorer and choose Properties.

In Security tab add ‘IIS_IUSRS’ and ‘NETWORK SERVICE’ and give full control to both user.

Also check Authentication. Set up the Anonymous Authentication to Application Pool Identity. Check others and disable as needed.