Linux, Windows, Software Tips, Articles and Hacks
root@server ~]# yum install ImageMagick [root@server ~]# yum install ImageMagick-devel PHP-imagick Installation: [root@server ~]# yum install gcc [root@server ~]# yum install make automake [root@server ~]# yum install php-pear [root@server ~]# yum install php-devel [root@server ~]# pecl install imagick
On some servers
yum install php-pecl-imagick.x86_64
Test:
convert image.jpg -resize 64x64 resize_image.jpg
Run:
# lscpu | grep '^CPU(s)'
To disable firewalld, run the following command as root:
# systemctl disable firewalld
To stop firewalld, run the following command as root:
# systemctl stop firewalld
To check the status of firewalld, run the following command as root:
# systemctl status firewalld
To enable firewalld, run the following command as root:
# systemctl enable firewalld
To start firewalld, run the following command as root:
# systemctl start firewalld
Other information:
Begin by opening the configuration file with your text editor as root:
# nano /etc/ssh/sshd_config
The first option that you may want to change is the port that SSH runs on. Find the line that looks like this:
#Port 22
Change this to a different port
#Port 2244
Reload ssh
# systemctl reload sshd.service
After saving, don’t exit until you’ve completed these steps.
By default, SELinux only allows port 22 for SSH. What you need to do is enable the newly created port through SELinux. To do that, run the commands below
# sudo semanage port -a -t ssh_port_t -p tcp 2244
If you run the commands above and get an error that semanage command not found, run the commands below to install it.
# sudo yum -y install policycoreutils-python
Then go and run the semange commend again to allow the new port through SELinux.
Note: CentOS8
In CentOS or RHEL Linux based distributions, install policycoreutils package and add the below rules to relax SELinux policy in order for the SSH daemon to bind on the new port.
# yum install policycoreutils # semanage port -a -t ssh_port_t -p tcp 34627 # semanage port -m -t ssh_port_t -p tcp 34627 # systemctl restart sshd # netstat -tlpn| grep ssh # ss -tlpn| grep ssh
After that, run the commands below to allow the new port through the firewall.
# sudo firewall-cmd --permanent --zone=public --add-port=2244/tcp
Reload the firewall configurations
# sudo firewall-cmd --reload
Restart SSH by running the commands below.
# sudo systemctl restart sshd.service
1. Getting the required software
For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache’s interface to OpenSSL. Use yum to get them if you need them.
# yum install mod_ssl openssl
Yum will either tell you they are installed or will install them for you.
2. Generate a self-signed certificate
Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from a Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands
# Generate private key
#openssl genrsa -out ca.key 2048
# Generate CSR
# openssl req -new -key ca.key -out ca.csr
# Generate Self Signed Key
# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
# Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs cp ca.key /etc/pki/tls/private/ca.key cp ca.csr /etc/pki/tls/private/ca.csr
WARNING: Make sure that you copy the files and do not move them if you use SELinux. Apache will complain about missing certificate files otherwise, as it cannot read them because the certificate files do not have the right SELinux context.
If you have moved the files and not copied them, you can use the following command to correct the SELinux contexts on those files, as the correct context definitions for /etc/pki/* come with the bundled SELinux policy.
restorecon -RvF /etc/pki
Then we need to update the Apache SSL configuration file
Nano /etc/httpd/conf.d/ssl.conf
Change the paths to match where the Key file is stored. If you’ve used the method above it will be
SSLCertificateFile /etc/pki/tls/certs/ca.crt
Then set the correct path for the Certificate Key File a few lines below. If you’ve followed the instructions above it is:
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Quit and save the file and then restart Apache
/etc/init.d/httpd restart
All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate.
3. Setting up the virtual hosts
Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this
<VirtualHost *:80>
<Directory /var/www/vhosts/yoursite.com/httpdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
ServerName yoursite.com
</VirtualHost>
To add a sister site on port 443 you need to add the following at the top of your file
NameVirtualHost *:443
and then a VirtualHost record something like this:
NameVirtualHost *:443
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory /var/www/vhosts/yoursite.com/httpsdocs>
AllowOverride All
</Directory>
DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
ServerName yoursite.com
</VirtualHost>
Restart Apache again using
# /etc/init.d/httpd restart
4. Configuring the firewall
You should now have a site working over https using a self-signed certificate. If you can’t connect you may need to open the port on your firewall. To do this amend your iptables rules:
iptables -A INPUT -p tcp --dport 443 -j ACCEPT /sbin/service iptables save iptables -L -v
Other resources: http://www.rackspace.com/knowledge_center/article/centos-apache-virtual-hosts#NameVirtualHosts
To Disable Recursive DNS in the Parallels Plesk Panel
For Windows Servers:
CentOS
# cd /etc # nano named.conf
Change this line
# recursion yes;
to
# recursion no;
Restart
# service named restart
Ubuntu
# nano /etc/bind/named.conf.options
Set up like this
// global options apply to external clients
options {
recursion no;
additional-from-auth no;
additional-from-cache no;
};
view "local" in {
// view options enable recursion only for local clients
match-clients { 172.16.45.80/23; 192.168.12.0/24; 127.0.0.1/8; ::1; };
recursion yes;
additional-from-auth yes;
additional-from-cache yes;
zone "." in {
type hint;
file "/etc/bind/db.root";
};
// put definitions for zones like "localhost" and "127.in-addr.arpa" here
}
// put definitions for real authoritative zones here.
A very serious security problem has been found and patched in the GNU C Library called Glibc. It was announced on 27th January 2015.
Here are the affected Linux distros:
Read More to Fix the GHOST vulnerability on a CentOS/RHEL/Fedora/Ubuntu Linux
Source: http://www.krizna.com/centos/setup-network-centos-7/
When installing Centos 7, You may not able to connect network in that machine. This will happen because Ethernet interfaces are not enabled by default and need additional configuration.
Type “nmcli d” command in your terminal
# nmcli d
Recommended for beginners
Step 1 » Type this command “nmtui” to open Network manager and press enter after choosing ” Edit a connection” ( Use TAB for choosing options ) .
Command Line
Network interface config files are located in /etc/sysconfig/network-scripts/ directory. Open ifcfg-en…
nano /etc/sysconfig/network-scripts/ifcfg-en
Find
BOOTPROTO=none ONBOOT=no
and replace with
BOOTPROTO=static ONBOOT=yes
And add the below lines at the end of the file.
IPADDR=172.27.0.32 NETMASK=255.255.255.0 GATEWAY=172.27.0.1 DNS1=172.27.0.5File will look like below after changes. TYPE=Ethernet BOOTPROTO=static DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no NAME=enp0s17 UUID=f0c5b37d-299a-43cb-b74b-618bb252d129 ONBOOT=yes HWADDR=00:0C:29:A1:B5:CC IPV6_PEERDNS=yes IPV6_PEERROUTES=yes IPADDR=192.168.1.10 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=192.168.1.5
# systemctl restart network Additionally you can use /etc/sysconfig/network file for hostname and DNS. [bash] HOSTNAME=server.krizna.com DNS1=192.168.1.5 DNS2=8.8.8.8 SEARCH=domain.com
The Plesk one-click installer is a script that downloads itself and determines the correct Plesk version for your OS. You won’t accidentally pick the wrong version for your distribution.
# wget -O - http://autoinstall.plesk.com/one-click-installer | sh
If you get an error message, wget may not be installed. Rectify this pitiful situation like this:
# yum install wget
Opening Ports for Plesk
On CentOS 6 and prior the firewall rules were set via iptables. This service is gone and has been replaced with firewalld in CentOS 7. We still need to open ports to speak to Plesk via a browser. The two important ones to open here are 8443 and 8447:
# firewall-cmd --zone=public --add-port=8443/tcp --permanent # firewall-cmd --zone=public --add-port=8447/tcp --permanent # firewall-cmd --reload
Add Atomic Repo Power (optional)
Now’s a good time to install the Atomic repos. These will give you access to many additional tools such as pre-compiled OSSEC HIDS and additional PHP versions:
# wget -q -O - http://www.atomicorp.com/installers/atomic.sh | sh
Other Options
Obtain the installer script. Download the installer script:
# wget https://installer.plesk.com/plesk-installer
Enable execution mode for the downloaded installer script:
# chmod +x ./plesk-installer
Make sure port 8447 is open
Port 8447 is used for accessing the installer GUI. Make sure, this port is open.
Launch the installer with GUI
Run the script with option –web-interface to launch the interactive installer with web interface for the latest stable Plesk version:
# ./plesk-installer --web-interface
From Plesk Trial Signup:
Welcome aboard!
Linux console command:
You also can download your Plesk license for Linux directly from your console interface by running the following command:
# sh <(curl http://autoinstall.plesk.com/plesk-installer) [/bash] After install: Congratulations! The installation has been finished. Plesk is now running on your server. To complete the configuration process, browse either of URLs: * https://216.55.169.209:8443/login?secret=5bwVKsGqv7nDQS9AjQrVhWRY72yjsAthTEr5Ll4r%2Ff0%3D * https://plesk.geekdecoder.com:8443/login?secret=5bwVKsGqv7nDQS9AjQrVhWRY72yjsAthTEr5Ll4r%2Ff0%3D Use the username 'admin' to log in. To log in as 'admin', use the 'plesk login' command. You can also log in as 'root' using your 'root' password. Use the 'plesk' command to manage the server. Run 'plesk help' for more info. Use the following commands to start and stop the Plesk web interface: 'service psa start' and 'service psa stop' respectively. If you would like to migrate your subscriptions from other hosting panel or older Plesk version to this server, please check out our assistance options: https://www.plesk.com/professional-services/
Memcached (Memcache Daemon) is a caching daemon designed especially for dynamic web applications to decrease database load by storing objects in memory. It is commonly used to speed up dynamic database-driven websites by caching data and objects in server memory to reduce the number of times the data source must be read. Memcached is free and open-source software, licensed under the Revised BSD license. Also, there are PHP extensions which allow you to work with memcached. There are two PHP memcache extensions available from the PHP Extension Community Library, PHP memcached and PHP memcache.
These two PHP extensions are not identical. PHP Memcache is older, very stable but has a few limitations. The PHP memcache module utilizes the daemon directly while the PHP memcached module uses the libMemcached client library and also contains some added features.
Before selecting a PHP extension be sure to install the memcache daemon.
How-To: Install Memcache on CentOS (WHM/cPanel)
Go to Software – Module Installers – PHP Pecl. Search for memcache and then install both memcache and memcached
Restart apache:
# service httpd restart
Check your memcached server is running successfully: ps -eaf | grep memcached
Before selecting a PHP extension be sure to install the memcache daemon:
Centos / Red Hat:
# yum install memcached
Ubuntu/ Debian:
# apt-get update # apt-get install memcached
After installing Memcached, open the configuration file for Memcached and make any changes:
Centos / Red Hat:
# nano /etc/sysconfig/memcached
Ubuntu / Debian:
# nano /etc/memcached.conf
Exit and save the configuration file, and then restart Memcached
# service memcached restart
Remember to set the memcache daemon to start on server boot.
Centos / Red Hat:
# chkconfig memcached on
Ubuntu / Debian:
# update-rc.d memcached enable
Install a PHP memcache extension
PHP memcache
You can browse the version here – https://pecl.php.net/package/memcache The current version as of this writing is 3.0.8
wget https://pecl.php.net/get/memcache-3.0.8.tgz tar xvf memcache-3.0.8.tgz cd memcache-3.0.8 phpize ./configure make make install make test Then add memcache.so to your php.ini file:
# nano /etc/php.ini extension="memcache.so"
PHP memcached:
Remember to install libmemcached dependancy (Ubuntu/Debian):
yum install cyrus-sasl-devel zlib-devel gcc-c++ wget https://launchpad.net/libmemcached/1.0/1.0.16/+download/libmemcached-1.0.16.tar.gz tar -xvf libmemcached-1.0.16.tar.gz cd libmemcached-1.0.16 ./configure --disable-memcached-sasl make make install
Then install PHP Memcached:
wget https://pecl.php.net/get/memcached-3.0.8.tgz tar xf memcached-3.0.8.tgz cd memcached-3.0.8 phpize ./configure make make install make test
Then add memcached.so to your php.ini file:
extension="memcached.so"
You will need to connect your PHP application to memcached. For example, using W3 Total Cache with WordPress, memcached module with Drupal, Magento config, etc.
Finally restart memcached, httpd (or apache, apache2 for Ubuntu/Debian)
If you would like to view stats of hit rate etc you can download memcachephp stats at GitHub – HERE. Which will look something like this:
