Beruflich Dokumente
Kultur Dokumente
Administration
Tips & Tricks
Raajeev Tyagi
RUN APACHE
AT STARTUP
It is very common to run the Apache webserver when the computer first boots up.
To do this simply run the following command in the terminal:
chkconfig httpd on
VIEWING
You may need to access another computer, or if you are using a virtual machine,
your host computer may do, and navigate in your web browser to the IP address of
your CentOS computer to view the web pages. To obtain your CentOSs IP address,
issue the following command in the terminal:
ip addr
TO
HTTPS
Written by Rahul
Apache Leave a Comment
Share it!
1
0
3
0
0
Force Redirect HTTP to HTTPS in Apache Many of sites required to always running with
ssl only. And we need to ensure that every use must access website through ssl. If any user tried
to access website with non-ssl url, He must be a redirect to ssl website. This tutorial will help
you to redirect website to ssl url each time using Apache mod_rewrite module.
1.2 OPTION 1:
Edit website VirtualHost in Apache configuration file and add the following options. Change
www.example.com with your actual domain name.
Redirect permanent / https://www.example.com/
1.3 OPTION 2:
Edit website VirtualHost in Apache configuration file and add the following settings. You may
also add the same settings in .htaccess file under document root of your website.
RewriteEngine On
RewriteCond %{HTTPS} off
If you want to redirect specific url to https. Use following settings. For example if anyone tried
to access always-secure.html file in website. The user must have to access url with ssl.
RewriteEngine On
RewriteRule ^always-secure\.html$ https://www.example.com/always-secure.html
[R=301,L]
1.4 HOW
TO
FROM
URL
USING .HTACCESS
Written by Rahul
General Articles 1 Comment
Share it!
1
0
1
0
0
As per SEO experts there are no effect on SEO if your website urls having .php, .htm or .html
extension in there url. But then why we need to remote these extension from urls. As per experts
says and my opinion that there are many pros of not having file extensions in url.
Back-end technology is hidden from end users. But its still not hard to identify
the technology for experts.
The best pros of this is that we can easily change backend technology without
affecting seo of pages.
Read: what is .htaccess File ?
First create a .htaccess file in your server document root and add following values in file as per
your requirement to remove file extension.
FROM
URL
FROM
URL
The example below is set on an environment which the domain name is [server.world], virt
directory[/home/cent/public_html])].
It's necessarry to set Userdir settings for this example, too.
[1] Confi gure Virtual Hostings.
[root@www ~]#
vi /etc/httpd/conf.d/vhost.conf
# create new
[2] Create a test page and access to it from a client computer with a web browser. It's OK
[cent@www ~]$
vi ~/public_html/virtual.php
<html>
<body>
<div style="width: 100%; font-size: 40px; font-weight: bold; text-align: center;">
Virtual Host Test Page
</div>
</body>
</html>
IN CENTOS
If you just simply wish to turn on the SSH service in CentOS, issue the following
command:
service sshd start
This will turn on the SSH service and allow users to connect to the computer using
SSH on port 22. Now to turn off this service you could issue the command:
service sshd stop
AUTOMATICALLY RUNNING
the
configuration
of
SSH
edit
the
file
located
at
#UseDNS yes
Remove the # symbol and change yes to no
UseDNS no
Dont close vi editor just yet, now proceed to the next step:
ALLOW
DISABLE PROTOCOL 1
SSH has two protocols it may use, protocol 1 and protocol 2. The older protocol 1 is
less secure and should be disabled unless you know that you specifically require it.
Look for the following line in config file:
# Protocol 2,1
Remove the # symbol and use only protocol 2
Protocol 2
CHANGE FIREWALL
RULES ON CENTOS
On CentOS 7 you need to change firewalld:
$ firewall-cmd --add-port 22000/tcp
FILTER SSH
AT THE FIREWALL
If you only need remote access from one IP address (say from work to your home
server), then consider filtering connections at your firewall by either adding a
firewall rule on your router or in iptables to limit access on port 22 to only that
specific IP address. For example, in iptables this could be achieved with the
following type of rule:
iptables A INPUT p tcp s 72.232.194.162 --dport 22 j ACCEPT
SSH also natively supports TCP wrappers and access to the SSH service may be
similarly controlled using hosts.allow and hosts.deny.
If you are unable to limit source IP addresses, and must open the SSH port globally,
then iptables can still help prevent brute-force attacks by logging and blocking
repeated attempts to login from the same IP address. For example,
iptables A INPUT p tcp --dport 22 m state --state NEW m recent --set --name
ssh --rsource
iptables A INPUT p tcp --dport 22 m state --state NEW m recent ! --rcheck
--seconds 60 --hitcount 4 --name ssh --rsource j ACCEPT
The first rule records the IP address of each new attempt to access port 22 using the
recent module. The second rule checks to see if that IP address has attempted to
connect 4 or more times within he last 60 seconds, and if not then the packet is
accepted. Note this rule would require a default policy of DROP on the input chain.
Dont forget to change the port as appropriate if you are running SSH on a nonstandard port. Where possible, filtering at the firewall is an extremely effective
method of securing access to an SSH server.
FOR AUTHENTICATION
Using encrypted keys for authentication offers two main benefits. Firstly, it is
convenient as you no longer need to enter a password (unless you encrypt your
keys with password protection) if you use public/private keys. Secondly, once
public/private key pair authentication has been set up on the server, you can
disable password authentication completely meaning that without an authorized key
you cant gain access so no more password cracking attempts.
Its a relatively simple process to create a public/private key pair and install them
for use on your SSH server.
First, create a public/private key pair on the client that you will use to connect to the
server (you will need to do this from each client machine from which you connect):
$ ssh-keygen t rsa
This will create two files in your hidden ~/.ssh directory called: id_rsa and
id_rsa.pub. The first: id_rsa is your private key and other: id_rsa.pub is your
public key.
If you dont want to still be asked for a passphrase (which is basically a password to
unlock a given public key) each time you connect, just press enter when asked for
a passphrase when creating the key pair. It is up to you to decide whether or not
you should add the passphrase protective encryption to your key when you create
it. If you dont passphrase protect your key, then anyone gaining access to your
local machine will automatically have ssh access to the remote server. Also, root on
the local machine has access to your keys although one assumes that if you cant
trust root (or root is compromised) then youre in real trouble. Encrypting the key
adds additional security at the expense of eliminating the need for entering a
password for the ssh server only to be replaced with entering a passphrase for the
use of the key. This may be further simplified by the use of the ssh_agent program.
Now set permissions on your private key:
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/id_rsa
Copy the public key (id_rsa.pub) to the server and install it to the authorized_keys
list:
$ cat id_rsa.pub >> ~/.ssh/authorized_keys
Note: Once youve imported the public key, you can delete it from the server.
And finally set file permissions on the server:
$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys
The above permissions are required
/etc/ssh/sshd_config (the default).
if
StrictModes
is
set
to
yes
in
Once youve checked you can successfully login to the server using your
public/private key pair, you can disable password authentication complete by
adding the following setting to your /etc/ssh/sshd_config file:
# Disable password authentication forcing use of keys
PasswordAuthentication no
METHOD 1
Lets check the current run level by issuing the following command.
systemctl get-default
graphical.target
Before changing the default runlevel, we have to check out the available targets.
# systemctl list-units --type=target
Output will look like below.
UNIT
LOAD ACTIVE
SUB DESCRIPTION
basic.target
loaded
active active Basic System
cryptsetup.target
loaded
active active Encrypted Volumes
getty.target
loaded
active active Login Prompts
graphical.targetloaded
active active Graphical Interface
local-fs-pre.target
loaded
active active Local File Systems (Pre)
local-fs.target loaded
active active Local File Systems
multi-user.target
loaded
active active Multi-User System
network.target loaded
active active Network
nfs.target
loaded
active active Network File System Server
paths.target
loaded
active active Paths
remote-fs.target
loaded
active active Remote File Systems
slices.target
loaded
active active Slices
sockets.target loaded
active active Sockets
swap.target
loaded
active active Swap
sysinit.target loaded
active active System Initialization
timers.target loaded
active active Timers
LOAD
ACTIVE
SUB
type.
METHOD 2
You may noticed the similar output when the systemctl set-default multi-user.target
command is issued. What the command is done is nothing but making symbolic link
of runlevel targets to the default target file.
rm /etc/systemd/system/default.target
ln
s
/usr/lib/systemd/system/multi-user.target
/etc/systemd/system/default.target
Check the current level.
# systemctl get-default
multi-user.target
Before making the symbolic link, lets list out the files in the systemd directory.
# ls /lib/systemd/system/runlevel*target -l
As per the previous step, current default run level 3. Issue the following command
to make symbolic link of runlevel5.target to default.target file.
# ln sf /lib/systemd/system/runlevel5.target /etc/systemd/system/default.target
Or
# ln sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
Again check the current level.
# systemctl get-default
runlevel5.target
Now the default runlevel is 5 (graphical mode), reboot the server and check it out.
# reboot
Thats All!, hope this helped you.
CHANGE TIMEZONE
IN CENTOS/RHEL 7
In CentOS/RHEL 7 we use timedatectl command to change current timezone of
system. First use following command to list all timezones
# timedatectl list-timezones
Now use following command to change timezone to Asia/Calcutta.
# timedatectl set-timezone Asia/Calcutta
CHANGE TIMEZONE
IN CENTOS/RHEL 6/5
To change timezone on CentOS/RHEL 6/5 we can simply link /etc/localtime file with
correct timezone configuration file. For example we are setting Asia/Calcutta as
our local system timezone.
# mv /etc/localtime /root/localtime.old
# ln -s /usr/share/zoneinfo/Asia/Calcutta /etc/localtime
Your timezone has been changed successfully. Lets check timezone again.
[root@testserver ~]# date
Fri Jan 2 14:10:54 IST 2015
CENTOS7
HOSTNAME
CAN BE,
64 character in a length
Recommend to have FQDN
Consists of a-z, A-Z, 0-9, -, _ and . Only
HOW
TO CHANGE
Before changing the host name, lets check the current host name.
[root localhost ~]# hostname
localhost.localdomain
1. nmtui tool:
NetworkManager tool is used to set the static host name in /etc/hostname file.
One configuration you may want to change in the /etc/ssh/sshd_config file is too
take advantage of this templates design, use the Styles gallery on the Home tab.
You can format your headings by using heading styles, or highlight important text
using other styles, like Emphasis and Intense Quote. These styles come in formatted
to look great and work together to help communicate your ideas.
Go ahead and get started.
1.8 HOW
TO CREATE
Written by Rahul
BINARY FILE
FROM
SHELL SCRIPT
While working with the Linux systems, we used many of commands on daily basis. Most of the
commands are available in binary format in /bin, /sbin , /usr/bin, /usr/sbin, etc directories. As a
system administrator or student we wrote many of shell script to do few task or automate them.
This article will help you to create binary file of your shell script, so no one can see the source
code of your script and we can use them as a command. To create binary file from a script we use
SHC compiler written by Francisco Javier Rosales Garca.
Follow the below steps to do this.
1.10DOWNLOAD
AND INSTALL
SHC:
Download the latest source code of SHC compiler from its official webpage or using below
commands and extract on your system.
$ cd /usr/src
$ wget http://www.datsi.fi.upm.es/~frosal/sources/shc-3.8.9.tgz
$ tar xzf shc-3.8.9.tgz
Now compile the SHC source code on your system and install it using following command.
$ cd shc-3.8.9
$ make
$ make install
1.12CREATE BINARY
OF
SCRIPT:
At this stage we have installed SHC compiler and have a shell script named script.sh. Use the
following command to create binary file of your script.
$ shc -T -f script.sh
The above command will create two files in current directory. One will be script.sh.x.c which is
in C language format of your script. Second one will be script.sh.x which will be in binary
format.
Now type command script from anywhere in system. You will see the same results as your shell
script does.
$ script 10 20 30
60
TO
Written by Rahul
Bash Shell Leave a Comment
Share it!
0
0
0
0
0
Many times you have seen commands ask for confirmation [Y/n] or [Yes/No] input. This is very
useful part to know if user wants to proceed for remaining steps for not. You can also add the
same function to your script. This article will help you with examples for this type of inputs.
1.15EXAMPLE 1: PROMPT
FOR
CONFIRMATION (ONCE)
This example code will prompt for confirm once if you give wrong input, program will exit with
status 1. This example will accept only Y or N or YES or NO (Not case-sensitive) .
#!/bin/bash
read -r -p "Are You Sure? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
;;
[nN][oO]|[nN])
echo "No"
;;
*)
esac
1.16EXAMPLE 2: PROMPT
FOR
This example code will prompt for confirmation until you give proper input like (Y, N, YES or
NO). If you give wrong input, it will again prompt for correct input and repeat the same steps.
This example will accept only Y or N or YES or NO (Not case-sensitive) .
#!/bin/bash
while true:
do
read -r -p "Are You Sure? [Y/n] " input
case $input in
[yY][eE][sS]|[yY])
echo "Yes"
;;
[nN][oO]|[nN])
echo "No"
;;
*)
esac
done
1.17HOW
TO INCREASE
Written by Rahul
IN
LINUX SYSTEM
Some times we faced issue some think like Too many open files on heavy load server. It means
our server has hits max open file limit. Now question is how can I increase open file limit on
Linux. For your answer follow below article, I will help you for managing Open
IN
LINUX
We can increase open file limit temporarily or permanently as per our requirement. If we need
changes just for testing, then increase limit temporarily.
1.19.1
1.19.2
after appending configuration in file execute following command to changes take effect.
# sysctl p
http://www.itzgeek.com/how-tos/linux/centos-how-
tos/how-to-increase-swap-in-linux.html
Hi here we will go to know about the swap file system, and how to increase?
First thing, what is swap?
Swap is one type of file system (id=82), which is used as the virtual ram for the system, it
provide the extra memory resource to system when it required. In windows its called
pagefile.sys, and this file system will be created manually or automatically during
installation of operating system.
Once swap file system created, you may want to increase the swap space. For that you can
follow this tutorial.
In two methods we can create the swap space.
1 FAT12 24 NEC DOS 81 Minix / old Lin c1 DRDOS/sec (FAT2 XENIX root 39 Plan 9 82 Linux swap / So c4 DRDOS/sec (FAT3 XENIX usr 3c PartitionMagic 83 Linux c6 DRDOS/sec (FAT4 FAT16 <32M 40 Venix 80286 84 OS/2 hidden C: c7 Syrinx
5 Extended 41 PPC PReP Boot 85 Linux extended da Non-FS data
6 FAT16 42 SFS 86 NTFS volume set db CP/M / CTOS / .
7 HPFS/NTFS 4d QNX4.x 87 NTFS volume set de Dell Utility
8 AIX 4e QNX4.x 2nd part 88 Linux plaintext df BootIt
9 AIX bootable 4f QNX4.x 3rd part 8e Linux LVM e1 DOS access
a OS/2 Boot Manag 50 OnTrack DM 93 Amoeba e3 DOS R/O
b W95 FAT32 51 OnTrack DM6 Aux 94 Amoeba BBT e4 SpeedStor
c W95 FAT32 (LBA) 52 CP/M 9f BSD/OS eb BeOS fs
e W95 FAT16 (LBA) 53 OnTrack DM6 Aux a0 IBM Thinkpad hi ee EFI GPT
f W95 Extd (LBA) 54 OnTrackDM6 a5 FreeBSD ef EFI (FAT-12/16/
10 OPUS 55 EZ-Drive a6 OpenBSD f0 Linux/PA-RISC b
11 Hidden FAT12 56 Golden Bow a7 NeXTSTEP f1 SpeedStor
12 Compaq diagnost 5c Priam Edisk a8 Darwin UFS f4 SpeedStor
14 Hidden FAT16 <3 61 SpeedStor a9 NetBSD f2 DOS secondary
16 Hidden FAT16 63 GNU HURD or Sys ab Darwin boot fb VMware VMFS
17 Hidden HPFS/NTF 64 Novell Netware b7 BSDI fs fc VMware VMKCORE
18 AST SmartSleep 65 Novell Netware b8 BSDI swap fd Linux raid auto
1b Hidden W95 FAT3 70 DiskSecure Mult bb Boot Wizard hid fe LANstep
1c Hidden W95 FAT3 75 PC/IX be Solaris boot ff BBT
Use the following command to see the memory available on the machine. In the follow you
will be able see the actual memory and virtual memory also.
There are some default settings available in the configuration file, change it (if necessary).
The following is example settings for 256MB caching.
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="256"
OPTIONS=""
Start Memcached.
[root@geeksite~/]# /etc/init.d/memcached restart
Thats all!
DNS, stands for Domain Name System, translates hostnames or URLs into IP
addresses. For example, if we typewww.unixmen.com in browser, the DNS server
translates the domain name into its associated ip address. Since the IP addresses are
hard to remember all time, DNS servers are used to translate the hostnames like
www.unixmen.com to 173.xxx.xx.xxx. So it makes easy to remember the domain names
instead of its IP address.
This detailed tutorial will help you to set up a local DNS server on your CentOS 7
system. However, the steps are applicable for setting up DNS server on RHEL and
Scientific Linux 7 too.
Operating System
Hostname
: masterdns.unixmen.local
IP Address
: 192.168.1.101/24
Operating System
Hostname
: secondarydns.unixmen.local
IP Address
: 192.168.1.102/24
Operating System
Hostname
: client.unixmen.local
IP Address
: 192.168.1.103/24
5.2.1
vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.101;}; ### Master DNS IP ###
#
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query
/*
- If you are building an AUTHORITATIVE DNS server, do NOT enable
recursion.
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type master;
file "forward.unixmen";
allow-update { none; };
};
zone "1.168.192.in-addr.arpa" IN {
type master;
file "reverse.unixmen";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
5.2.2
Create
and
reverse
zone
files
which
we
mentioned
in
vi /var/named/forward.unixmen
$TTL 86400
@
IN
SOA
masterdns.unixmen.local. root.unixmen.local. (
2011071001
;Serial
3600
;Refresh
1800
;Retry
604800
;Expire
86400
;Minimum TTL
)
@
IN
NS
masterdns.unixmen.local.
IN
NS
secondarydns.unixmen.local.
IN
192.168.1.101
IN
192.168.1.102
IN
192.168.1.103
masterdns
IN
192.168.1.101
secondarydns
IN
192.168.1.102
client
IN
192.168.1.103
vi /var/named/reverse.unixmen
$TTL 86400
@
IN
SOA
masterdns.unixmen.local. root.unixmen.local. (
2011071001
;Serial
3600
;Refresh
1800
;Retry
604800
;Expire
86400
;Minimum TTL
)
@
IN
NS
masterdns.unixmen.local.
IN
NS
secondarydns.unixmen.local.
IN
PTR
unixmen.local.
masterdns
IN
192.168.1.101
secondarydns
IN
192.168.1.102
client
IN
192.168.1.103
101
IN
PTR
masterdns.unixmen.local.
102
IN
PTR
secondarydns.unixmen.local.
103
IN
PTR
client.unixmen.local.
5.2.3
5.2.4
4. Firewall Configuration
5.2.5
5. Restart Firewall
firewall-cmd --reload
5.2.6
5.2.7
7. Test DNS configuration and zone files for any
syntax errors
Check DNS default configuration file:
named-checkconf /etc/named.conf
Sample output:
Sample Output:
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.101"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS="192.168.1.101"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
vi /etc/resolv.conf
nameserver
192.168.1.101
5.2.8
dig masterdns.unixmen.local
Sample Output:
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.
IN
;; ANSWER SECTION:
masterdns.unixmen.local. 86400
IN
192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.
86400
IN
NS
secondarydns.unixmen.local.
unixmen.local.
86400
IN
NS
masterdns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN
192.168.1.102
rcvd: 125
nslookup unixmen.local
Sample Output:
Server:
Address:
Name:
192.168.1.101
192.168.1.101#53
unixmen.local
Address: 192.168.1.103
Name:
unixmen.local
Address: 192.168.1.101
Name:
unixmen.local
Address: 192.168.1.102
5.3.1
vi /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { 127.0.0.1; 192.168.1.102; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query
{ localhost; 192.168.1.0/24; };
.
.
.
.
zone "." IN {
type hint;
file "named.ca";
};
zone "unixmen.local" IN {
type slave;
file "slaves/unixmen.fwd";
masters { 192.168.1.101; };
};
zone "1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/unixmen.rev";
masters { 192.168.1.101; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";
5.3.2
Now the forward and reverse zones are automatically replicated from Master DNS
server to /var/named/slaves/ in Secondary DNS server.
ls /var/named/slaves/
Sample Output:
unixmen.fwd
5.3.3
unixmen.rev
Add the DNS Server details in your network interface config file.
vi /etc/sysconfig/network-scripts/ifcfg-enp0s3
TYPE="Ethernet"
BOOTPROTO="none"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s3"
UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"
ONBOOT="yes"
HWADDR="08:00:27:19:68:73"
IPADDR0="192.168.1.102"
PREFIX0="24"
GATEWAY0="192.168.1.1"
DNS1="192.168.1.101"
DNS2="192.168.1.102"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
vi /etc/resolv.conf
nameserver
192.168.1.101
nameserver
192.168.1.102
5.3.4
4. Firewall Configuration
5.3.5
5. Restart Firewall
firewall-cmd --reload
5.3.6
5.3.7
dig masterdns.unixmen.local
Sample Output:
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;masterdns.unixmen.local.
IN
;; ANSWER SECTION:
masterdns.unixmen.local. 86400
IN
192.168.1.101
;; AUTHORITY SECTION:
unixmen.local.
86400
IN
NS
masterdns.unixmen.local.
unixmen.local.
86400
IN
NS
secondarydns.unixmen.local.
;; ADDITIONAL SECTION:
secondarydns.unixmen.local. 86400 IN
192.168.1.102
rcvd: 125
dig secondarydns.unixmen.local
Sample Output:
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;secondarydns.unixmen.local.
IN
;; ANSWER SECTION:
secondarydns.unixmen.local. 86400 IN
192.168.1.102
;; AUTHORITY SECTION:
unixmen.local.
86400
IN
NS
masterdns.unixmen.local.
unixmen.local.
86400
IN
NS
secondarydns.unixmen.local.
;; ADDITIONAL SECTION:
masterdns.unixmen.local. 86400
IN
rcvd: 125
nslookup unixmen.local
Sample Output:
192.168.1.101
Server:
Address:
Name:
192.168.1.102
192.168.1.102#53
unixmen.local
Address: 192.168.1.101
Name:
unixmen.local
Address: 192.168.1.103
Name:
unixmen.local
Address: 192.168.1.102
vi /etc/resolv.conf
# Generated by NetworkManager
search unixmen.local
nameserver 192.168.1.101
nameserver 192.168.1.102
5.4.1
Now, you can test the DNS server using any one of the following commands:
dig masterdns.unixmen.local
dig secondarydns.unixmen.local
dig client.unixmen.local
nslookup unixmen.local
Thats all about now. The primary and secondary DNS servers are ready to use.
1 Requirements
2 Preliminary Note
3 Set the keyboard layout
4 Adjust /etc/hosts
5 Disable SELinux
6 Enable Additional Repositories And Install Some Software
7 Quota
Enabling quota on the / (root) partition
Enabling quota on a separate /var partition
8 Install Apache, MySQL, phpMyAdmin
This tutorial shows how to install ISPConfig 3 on a CentOS 7.1 (64Bit) server. ISPConfig 3
is a web hosting control panel that allows you to configure the following services
through a web browser: Apache web server, Postfix mail server, MySQL, BIND
nameserver, PureFTPd, SpamAssassin, ClamAV, Mailman, and many more. Since version
3.0.4, ISPConfig comes with full support for the nginx web server in addition to Apache;
this tutorial covers the setup of a server that uses Apache, not nginx.
6.1.2 1 Requirements
To install such a system you will need the following:
A Centos 7.1 minimal server system. This can be a server installed from scratch
as described in our Centos 7.1 minimal server tutorial or a virtual-server or rootserver from a hosting company that has a minimal Centos 7.1 setup installed.
A fast Internet connection.
localectl set-keymap de
localectl list-keymaps
I want to install ISPConfig at the end of this tutorial, ISPConfig ships with the Bastille
firewall script that Ilike to use as firewall, therefor I disable the default CentOS firewall
now. Of course, you are free to leave the CentOS firewall on and configure it to your
needs (but then you shouldn't use any other firewall later on as it will most probably
interfere with the CentOS firewall).
Run...
iptables -L
firewall-cmd --state
If you did not configure your network card during the installation, you can do that now.
Run...
nmtui
Then fill in your network details - disable DHCP and fill in a static IP address, a netmask,
your gateway, and one or two nameservers, then hit Ok:
Next select OK to confirm the changes that you made in the network settings
ifconfig
nano /etc/sysconfig/network-scripts/ifcfg-ens33
cat /etc/resolv.conf
nmtui
nano /etc/hosts
nano /etc/selinux/config
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#
SELINUXTYPE=targeted
reboot
Then we enable the EPEL repository on our CentOS system as lots of the packages that
we are going to install in the course of this tutorial are not available in the official
CentOS 7 repository:
Edit /etc/yum.repos.d/epel.repo...
nano /etc/yum.repos.d/epel.repo
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
[...]
Then we update our existing packages on the system:
yum update
Now we install some software packages that are needed later on:
6.1.8 7 Quota
(If you have chosen a different partitioning scheme than I did, you must adjust this
chapter so that quota applies to the partitions where you need it.)
To install quota, we run this command:
Now we check if quota is already enabled for the filesystem where the website
(/var/www) and maildir data (var/vmail) is stored. In this example setup, I have one big
root partition, so I search for ' / ':
instead. If the line contains the word "noquota", then proceed with the following steps
to enable quota.
nano /etc/default/grub
cp /boot/grub2/grub.cfg /boot/grub2/grub.cfg_bak
grub2-mkconfig -o /boot/grub2/grub.cfg
reboot
When quota is active, we can see "usrquota,grpquota" in the mount option list.
6.1.10
If you have a separate /var partition, then edit /etc/fstab and add ,uquota,gquota to
the / partition (/dev/mapper/centos-var):
nano /etc/fstab
#
# /etc/fstab
# Created by anaconda on Sun Sep 21 16:33:45 2014
#
# Accessible filesystems, by reference, are maintained under '/dev/disk'
# See man pages fstab(5), findfs(8), mount(8) and/or blkid(8) for more info
#
/dev/mapper/centos-root /
xfs
defaults
11
/dev/mapper/centos-var /var
xfs
defaults,uquota,gquota
12
UUID=9ac06939-7e43-4efd-957a-486775edd7b4 /boot
xfs
defaults
3
/dev/mapper/centos-swap swap
swap defaults
00
Then run
to enable quota. When you get a error that there is no oartition with quota enabled,
then reboot the server before you proceed.
6.1.11
yum -y install ntp httpd mod_ssl mariadb-server php php-mysql php-mbstring phpmyadmin
9 Install Dovecot
10 Install Postfix
11 Install Getmail
12 Set MySQL Passwords And Configure phpMyAdmin
13 Install Amavisd-new, SpamAssassin And ClamAV
14 Installing Apache2 With mod_php, mod_fcgi/PHP5, PHP-FPM And suPHP
15 Installation of mod_python
16 Install PureFTPd
17 Install BIND
18 Install Webalizer, And AWStats
19 Install Jailkit
20 Install fail2ban
21 Install rkhunter
22 Install Mailman
touch /etc/dovecot/dovecot-sql.conf
ln -s /etc/dovecot/dovecot-sql.conf /etc/dovecot-sql.conf
Then turn off Sendmail and start Postfix and Mariadb (MySQL):
stop sendmail.service
disable sendmail.service
enable postfix.service
restart postfix.service
We disable sendmail to ensure that it does not get started in case it is installed on your
server. So the error message "Failed to issue method call: Unit sendmail.service not
loaded." can be ignored.
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] <-- ENTER
New password: <-- yourrootsqlpassword
Re-enter new password: <-- yourrootsqlpassword
Password updated successfully!
Reloading privilege tables..
... Success!
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@server1 tmp]#
Now we configure phpMyAdmin. We change the Apache configuration so that
phpMyAdmin allows connections not just from localhost (by commenting out the two
"Require ip" lines and adding the new line "Require all granted" in the <Directory
/usr/share/phpMyAdmin/> stanza):
nano /etc/httpd/conf.d/phpMyAdmin.conf
<Directory /usr/share/phpMyAdmin/>
<IfModule mod_authz_core.c>
# Apache 2.4
<RequireAny>
# Require ip 127.0.0.1
# Require ip ::1
Require all granted
</RequireAny>
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from All
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
nano /etc/phpMyAdmin/config.inc.php
[...]
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'http';
[...]
Then we create the system startup links for Apache and start it:
nano /etc/freshclam.conf
sa-update
freshclam
systemctl enable amavisd.service
yum -y install php php-devel php-gd php-imap php-ldap php-mysql php-odbc php-pear phpxml php-xmlrpc php-pecl-apc php-mbstring php-mcrypt php-mssql php-snmp php-soap phptidy curl curl-devel perl-libwww-perl ImageMagick libxml2 libxml2-devel mod_fcgid phpcli httpd-devel php-fpm
nano /etc/php.ini
... and change the error reporting (so that notices aren't shown any longer), set the
timezone and uncomment cgi.fix_pathinfo=1:
[...]
;error_reporting = E_ALL & ~E_DEPRECATED
error_reporting = E_ALL & ~E_NOTICE & ~E_DEPRECATED
[...]
; cgi.fix_pathinfo provides *real* PATH_INFO/PATH_TRANSLATED support for CGI. PHP's
; previous behaviour was to set PATH_TRANSLATED to SCRIPT_FILENAME, and to not grok
; what PATH_INFO is. For more information on PAppp.tldTH_INFO, see the cgi specs.
Setting
; this to 1 will cause PHP CGI to fix its paths to conform to the spec. A setting
; of zero causes PHP to behave as before. Default is 1. You should fix your scripts
; to use SCRIPT_FILENAME rather than PATH_TRANSLATED.
; http://www.php.net/manual/en/ini.core.php#ini.cgi.fix-pathinfo
cgi.fix_pathinfo=1
[...]
date.timezone = 'Europe/Berlin'
[...]
Next we install suPHP (there is a mod_suphp package available in the repositories, but
unfortunately it isn't compatible with ISPConfig, therefore we have to build suPHP
ourselves):
cd /usr/local/src
wget http://suphp.org/download/suphp-0.7.2.tar.gz
tar zxvf suphp-0.7.2.tar.gz
CentOS 7.1 uses apache-2.4, so we need a patch suphp before we can compile it aganst
Apache. The patch gets applied like this:
wget -O suphp.patch
https://lists.marsching.com/pipermail/suphp/attachments/20130520/74f3ac02/attachment.p
atch
patch -Np1 -d suphp-0.7.2 < suphp.patch
cd suphp-0.7.2
autoreconf -if
nano /etc/httpd/conf.d/suphp.conf
nano /etc/suphp.conf
[global]
;Path to logfile
logfile=/var/log/httpd/suphp.log
;Loglevel
loglevel=info
;User Apache is running as
webserver_user=apache
;Path all scripts have to be in
docroot=/
;Path to chroot() to before executing script
;chroot=/mychroot
; Security options
allow_file_group_writeable=true
allow_file_others_writeable=false
allow_directory_group_writeable=true
allow_directory_others_writeable=false
;Check wheter script is within DOCUMENT_ROOT
check_vhost_docroot=true
;Send minor error messages to browser
errors_to_browser=false
;PATH environment variable
env_path=/bin:/usr/bin
;Umask to set, specify in octal notation
umask=0077
; Minimum UID
min_uid=100
; Minimum GID
min_gid=100
[handlers]
;Handler for php-scripts
x-httpd-suphp="php:/usr/bin/php-cgi"
;Handler for CGI-scripts
x-suphp-cgi="execute:!self"
Edit the file /etc/httpd/conf.d/php.confto enable php parsing only for phpmyadmin,
roundcube and other system packages in /usr/share but not for websites in /var/www as
ISPConfig will activate PHP for each website individually.
nano /etc/httpd/conf.d/php.conf
./configure
make
make install
Now we configure PureFTPd to allow FTP and TLS sessions. FTP is a very insecure
protocol because all passwords and all data are transferred in clear text. By using TLS,
the whole communication can be encrypted, thus making FTP much more secure.
OpenSSL is needed by TLS; to install OpenSSL, we simply run:
Open /etc/pure-ftpd/pure-ftpd.conf...
nano /etc/pure-ftpd/pure-ftpd.conf
TLS
[...]
In order to use TLS, we must create an SSL certificate. I create it in /etc/ssl/private/,
therefore I create that directory first:
mkdir -p /etc/ssl/private/
openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/pureftpd.pem -out /etc/ssl/private/pure-ftpd.pem
Country Name (2 letter code) [XX]: <-- Enter your Country Name (e.g., "DE").
State or Province Name (full name) []: <-- Enter your State or Province Name.
Locality Name (eg, city) [Default City]: <-- Enter your City.
Organization Name (eg, company) [Default Company Ltd]: <-- Enter your
Organization Name (e.g., the name of your company).
Organizational Unit Name (eg, section) []: <-- Enter your Organizational Unit
Name (e.g. "IT Department").
Common Name (eg, your name or your server's hostname) []: <-- Enter the Fully
Qualified Domain Name of the system (e.g. "server1.example.com").
Email Address []: <-- Enter your Email Address.
Change the permissions of the SSL certificate:
That's it. You can now try to connect using your FTP client; however, you should
configure your FTP client to use TLS.
7.1.10
17 Install BIND
Make a backup of the existing /etc/named.conf file and create a new one as follows:
cp /etc/named.conf /etc/named.conf_bak
cat /dev/null > /etc/named.conf
nano /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
options {
listen-on port 53 { any; };
listen-on-v6 port 53 { any; };
directory
"/var/named";
dump-file
"/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query
{ any; };
allow-recursion {"none";};
recursion no;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.conf.local";
Create the file /etc/named.conf.local that is included at the end
of /etc/named.conf (/etc/named.conf.local will later on get populated by ISPConfig
if you create DNS zones in ISPConfig):
touch /etc/named.conf.local
7.1.11
7.1.12
19 Install Jailkit
Jailkit is used to chroot SSH users and cronjobs. It can be installed as follows
(important: Jailkit must be installed before ISPConfig - it cannot be installed
afterwards!):
cd /tmp
wget http://olivier.sessink.nl/jailkit/jailkit-2.17.tar.gz
tar xvfz jailkit-2.17.tar.gz
cd jailkit-2.17
./configure
make
make install
cd ..
rm -rf jailkit-2.17*
7.1.13
20 Install fail2ban
This is optional but recommended, because the ISPConfig monitor tries to show the log.
Next we create the /etc/fail2ban/jail.local file and enable monitoring for ssh, email and
ftp service.
nano /etc/fail2ban/jail.local
7.1.14
21 Install rkhunter
7.1.15
22 Install Mailman
If you like to manage mailinglists with Mailman on your server, then install mailman
now. Mailman is supported by ISPConfig, so you will be able to create new mailinglists
trough ISPConfig later.
Before we can start Mailman, a first mailing list called mailman must be created:
touch /var/lib/mailman/data/aliases
postmap /var/lib/mailman/data/aliases
/usr/lib/mailman/bin/newlist mailman
vi /etc/aliases
post mailman"
admin mailman"
bounces mailman"
confirm mailman"
join mailman"
leave mailman"
owner mailman"
request mailman"
subscribe mailman"
unsubscribe mailman"
mailman-admin:
mailman-bounces:
mailman-confirm:
mailman-join:
mailman-leave:
mailman-owner:
mailman-request:
mailman-subscribe:
newaliases
nano /etc/httpd/conf.d/mailman.conf
Create the system startup links for Mailman and start it:
After you have installed ISPConfig 3, you can access Mailman as follows:
You can use the alias /cgi-bin/mailman for all Apache vhosts (please note that suExec
and CGI must be disabled for all vhosts from which you want to access Mailman!),
which means you can access the Mailman admin interface for a list
at http://<vhost>/cgi-bin/mailman/admin/<listname>, and the web page for users
of a mailing list can be found at http://<vhost>/cgibin/mailman/listinfo/<listname>.
Under http://<vhost>/pipermail/<listname> you can find the mailing list archives.
nano /etc/httpd/conf.d/roundcubemail.conf
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#
#<Directory /usr/share/roundcubemail/>
#
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
</IfModule>
#</Directory>
<Directory /usr/share/roundcubemail/>
Options none
AllowOverride Limit
Require all granted
</Directory>
#<Directory /usr/share/roundcubemail/installer/>
#
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
</IfModule>
#</Directory>
<Directory /usr/share/roundcubemail/installer>
Options none
AllowOverride Limit
Require all granted
</Directory>
<Directory /usr/share/roundcubemail/plugins/enigma/home/>
Order Allow,Deny
Deny from all
</Directory>
Restart Apache:
mysql -u root -p
I am using details for roundcube database as a test, please replace the values as per
your choice for security reasons.
Now we will install the roundcube on browser
at http://192.168.1.100/roundcubemail/installer
nano /etc/roundcubemail/config.inc.php
<?php
// ---------------------------------// IMAP
// ---------------------------------// The mail host chosen to perform the log-in.
// Leave blank to show a textbox at login, give a list of hosts
// to display a pulldown menu or set one host as string.
// To use SSL/TLS connection, enter hostname with prefix ssl:// or tls://
// Supported replacement variables:
// %n - hostname ($_SERVER['SERVER_NAME'])
// %t - hostname without the first part
required to match old user data records with the new host.
$config['default_host'] = 'localhost';
// provide an URL where a user can get support for this Roundcube installation
// PLEASE DO NOT LINK TO THE ROUNDCUBE.NET WEBSITE HERE!
$config['support_url'] = '';
// this key is used to encrypt the users imap password which is stored
// in the session record (and the client cookie if remember password is enabled).
// please provide a string of exactly 24 chars.
$config['des_key'] = 'FHgaM7ihtMkM1cBwckOcxPdT';
// ---------------------------------// PLUGINS
// ---------------------------------// List of active plugins (in plugins/ directory)
$config['plugins'] = array();
// connect to a Nox Spell Server when using 'googie' here. Therefore specify the
'spellcheck_uri'
$config['spellcheck_engine'] = 'pspell';
Then press on the button "continue" in the web installer. On the following page, press
on the button "Initialize database".
Finally, disable the Roundecubemail installer. Change the apacheroundcubemail
configuration file:
nano /etc/httpd/conf.d/roundcubemail.conf
#
# Round Cube Webmail is a browser-based multilingual IMAP client
#
#<Directory /usr/share/roundcubemail/>
#
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
#
#
#</Directory>
<Directory /usr/share/roundcubemail/>
Options none
AllowOverride Limit
Require all granted
</Directory>
<Directory /usr/share/roundcubemail/installer/>
<IfModule mod_authz_core.c>
# Apache 2.4
Require local
</IfModule>
<IfModule !mod_authz_core.c>
# Apache 2.2
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from ::1
</IfModule>
</Directory>
Order Allow,Deny
Deny from all
</Directory>
<Directory /usr/share/roundcubemail/plugins/enigma/home/>
Order Allow,Deny
Deny from all
</Directory>
~
Restart Apache:
cd /tmp
wget http://www.ispconfig.org/downloads/ISPConfig-3-stable.tar.gz
tar xfz ISPConfig-3-stable.tar.gz
cd ispconfig3_install/install/
php -q install.php
------------------------------------------------------------------------------_____ ___________
_____
__ _
____
|_
_/ ___| ___ \ / __ \
/ _(_)
/__ \
| | \ `--.| |_/ / | / \/ ___ _ __ | |_ _ __ _
_/ /
| | `--. \ __/ | |
/ _ \| '_ \| _| |/ _` | |_ |
_| |_/\__/ / |
| \__/\ (_) | | | | | | | (_| | ___\ \
\___/\____/\_|
\____/\___/|_| |_|_| |_|\__, | \____/
__/ |
|___/
-------------------------------------------------------------------------------
[serv
................................+++
writing new private key to 'smtpd.key'
----You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN
.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
----Country Name (2 letter code) [XX]: <-- ENTER
State or Province Name (full name) []: <-- ENTER
Locality Name (eg, city) [Default City]: <-- ENTER
Organization Name (eg, company) [Default Company Ltd]: <-- ENTER
Organizational Unit Name (eg, section) []: <-- ENTER
Common Name (eg, your name or your server's hostname) []: <-- ENTER
Email Address []: <-- ENTER
Configuring Jailkit
Configuring Dovecot
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
Configuring BIND
Configuring Apache
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
Configuring Fail2ban
Installing ISPConfig
ISPConfig Port [8080]: <-- ENTER
Do you want a secure (SSL) connection to the ISPConfig web interface (y,n)
[y]: <-- ENTER
Generating RSA private key, 4096 bit long modulus
.....................++
.......++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN
.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
[ OK ]
[ OK ]
[ OK ]
[ OK ]
[FAILED]
[ OK ]
OK
OK
Stopping clamd.amavisd:
[
Starting clamd.amavisd:
[
Stopping Dovecot Imap:
[
Starting Dovecot Imap:
[
Stopping httpd:
[
[Thu Mar 14 14:12:32 2013] [warn] NameVirtualHost *:80 has no
Starting httpd:
[
Stopping pure-ftpd:
[
Starting pure-ftpd:
[
Installation completed.
[root@server1 install]#
OK ]
OK ]
OK ]
OK ]
OK ]
VirtualHosts
OK ]
OK ]
OK ]
The error message "usage: doveadm [-Dv] [-f <formatter>] <command> [<args>]" can
be ignored, in case that you get it during ispconfig installation.
To fix the Mailman errors you might get during the ISPConfig installation,
open /usr/lib/mailman/Mailman/mm_cfg.py...
vi /usr/lib/mailman/Mailman/mm_cfg.py
Next we have to adjust the BIND configuartion paths in ISPConfig. Click on "System" in
the upper menu, then on "Server config" in the right menu. In the list that appears then
on the left side, click on the server name.
8.1.5 25 Links
CentOS: http://www.centos.org/
ISPConfig: http://www.ispconfig.org/
Article ID: 92
9.1 CONTENTS
2 Apache Install
3 ServerName
4 Firewall
5 Default Page
6 Chkconfig
7 PHP5 Install
8 Almost
9.4 FIREWALL
Notice that in some versions of CentOS, a firewall is installed by default which will block access to port
80, on which Apache runs. The following command will open this port:
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
Remember to save your firewall rules after adding that instruction so your web server will be accessible
the next time you reboot:
sudo service iptables save
For more information on firewalls and their configuration, it is strongly recommended to read
the Firewalls section of our knowledge base.
9.6 CHKCONFIG
Now that we have Apache installed and working properly, we need to make sure that it's set to start
automatically when the Cloud Server is rebooted.
sudo /sbin/chkconfig httpd on
Let's check our work to confirm:
sudo /sbin/chkconfig --list httpd
httpd
0:off
1:off
2:on
3:on
4:on
5:on
6:off
sudo yum install php-mysql php-devel php-gd php-pecl-memcache php-pspell phpsnmp php-xmlrpc php-xml
Once done, reload Apache:
sudo /usr/sbin/apachectl restart
ON
CENTOS 7
In this tutorial we will show you how to install and configuration of Vtiger CRM on your CentOS
7 server. For those of you who didnt know, Vtiger CRM is an open-source Customer
Relationship Management application written in PHP. It offers features such as sales
automation, marketing automation, analysis and reporting, customer support and many others.
This article assumes you have at least basic knowledge of linux, know how to use the shell, and
most importantly, you host your site on your own VPS. The installation is quite simple. I will
show you through the step by step installation Vtiger CRM on CentOS 7 server.
End to end sales cycle management from campaigns, leads, potentials, quotes, invoices.
Support automation using a customer portal and support tickets.
Data import and export via CSV files, web-to-lead forms, reports and customizable user
dashboards.
Role based access control.
Mobile applications.
Workflows, tasks, and project management.
Outlook, Thunderbird, Firefox, and Gmail plugins.
Extensions marketplace for additional plugins.
10.1.1
1 yum -y update
1
2
3
wget http://downloads.sourceforge.net/project/vtigercrm/vtiger%20CRM%206.4.0/Core
%20Product/vtigercrm6.4.0.tar.gz
tar -xzvf vtigercrm6.4.0.tar.gz
mv vtigercrm /var/www/html/
1 mysql_secure_installation
Next we will need to log in to the MariaDB console and create a database for the Vtiger CRM.
Run the following command:
1 mysql -u root -p
This will prompt you for a password, so enter your MariaDB root password and hit Enter. Once
you are logged in to your database server you need to create a database for Vtiger CRM
installation:
Now, lets tweak some of your PHP settings so you can later complete the VTiger installation:
1 nano /etc/php.ini
1 display_errors = Off
2 change to
3 display_errors = On
4
5 max_execution_time = 30
6 change to
7 max_execution_time = 600
8
9 error_reporting = E_ALL & ~E_DEPRECATED
10 change to
11 error_reporting = E_WARNING & ~E_NOTICE & ~E_DEPRECATED
12
13 log_errors = On
14 change to
15 log_errors = Off
16
17 short_open_tag = Off
18 change to
19 short_open_tag = On
Save and close the file. Restart the apache service for the changes to take effects:
vTiger CRM is a web based, modular and complete Open Source full-fledged customer relationship
management system for sales force automation, customer support & service, marketing automation,
procurement & fulfillment effectively. In addition to managing your customer data, vtiger offers also
connectivity to a variety of other software systems in the existing software architecture. So vtiger can
be connected to enterprise resource planning (ERP) systems without any problems, for example, to
integrate already existing data into other critical processes of your business.
Vtiger CRM is a native thin-client, browser-based application built on the LAMP/WAMP
(Linux/Windows, Apache, MySQL and PHP) stack. We will be going to install it on Linux CentOS 7
with LAMP setup.
To start and enable services run automatically at the time of boot up, run the following commands.
# systemctl start httpd
# systemctl enable httpd
# systemctl start mariadb
# systemctl enable mariadb
After executing the above command you will asked for few configurations to secure your database.
Let's choose the appropriate options as shown.
Now we can connect to the MySQL/MariaDB console using the root password. After connecting run
the commands below to create a new database and its user with specific user rights on the vtiger
DB.
# mysql -u root -p
> CREATE DATABASE vtiger;
> CREATE USER 'vtiger'@'localhost' IDENTIFIED BY 'tiger***';
> grant all privileges on `vtiger`.* to 'vtiger'@'localhost';
> FLUSH PRIVILEGES;
> exit
You can also copy the link of download source then use the below command to get it on your server.
# wget http://sourceforge.net/projects/vtigercrm/files/vtiger%20CRM%206.4.0/Core
%20Product/vtigercrm6.4.0.tar.gz
To extract and move the package into the web document root directory use below commands.
# tar -zxvf vtigercrm6.4.0.tar.gz
# mv vtigercrm /var/www/html/
# chown apache: -R /var/www/html/vtigercrm
Next you will reach at the Prerequisites check page where you will see the difference between and
required and the current values. You might need to fix some parameters in the configuration file of
PHP that 'php.ini' according the recommended settings shown in this section.
Make sure to restart Apache services after make changes in PHP file and click on the retest button
to verify all the prerequisites are fine.
Prerequisites Check
Choose the system configurations with data base and admin user settings.
System Configurations
In the next step you can verify all settings to finalize database, system and admin user settings.
Final Configurations
The last step is to choose the type of your industry then it will takes few minutes to complete the
installation.
Installation Progress
Choose you required CRM modules from the list of its different available features and click on the
NExt button to complete the installation.
vTiger Modules
That's it, you have completed the web installation setup of vTiger CRM. Now you can see its web
dashboard where you can add widgets to customize your dashboard according to your own way.
11.6 CONCLUSION
You can use the VTiger to enhance your marketing campaign creation and management, sales force
automation, using the same solid features, benefits and more than those solutions. They support
security, inventory and activity management. vTiger is all in one CRM solution that provide the
complete solution for managing your users, sales or support department of your industry. Thanks for
reading this article and leave your valuable comments or suggestions.
On this page
Prerequisites
Installing ONLYOFFICE Enterprise Edition
Running and performing the ONLYOFFICE Enterprise Edition initial configuration
Configuring ONLYOFFICE Enterprise Edition using the Control Panel
12.2
PREREQUISITES
6 GB of RAM
8 GB swap file
To ensure the proper work of our web-office, we need a 8 GB of swap. To set up the
necessary amount under Ubuntu, we need to execute the following commands:
sudo
sudo
sudo
sudo
sudo
fallocate -l 8G /swapfile \
chmod 600 /swapfile \
mkswap /swapfile \
swapon /swapfile \
echo "/swapfile none swap sw 0 0" >> /etc/fstab
12.3
cd /tmp
wget http://download.onlyoffice.com/install/enterprise-install.sh
The script will install Community Server, Document Server and Control Panel (see
below). As I have no a registered domain name for mail server, I decided to install it
later using Control Panel (see below).
12.4
RUNNING AND PERFORMING THE ONLYOFFICE
ENTERPRISE EDITION INITIAL CONFIGURATION
Once the installation is finished, open a browser and enter the local network computer
IP address to the browser address bar. ONLYOFFICE Enterprise Edition will be up and
running.
The Welcome page will open allowing us to perform the ONLYOFFICE activation and
initial configuration:
Upload the provided free licence key (see Prerequisites) to activate ONLYOFFICE.
Select and confirm the password and specify the email address to access your
web-office the next time.
Choose the language for the web-office interface. When working in ONLYOFFICE,
you will be able to change the language for all the users or for your own account
only.
Set the correct time zone. It's particularly important for the notifications and the
correct calendar work.
Finally, click the Save button to complete the ONLYOFFICE activation and configuration.
12.5
The main difference between ONLYOFFICE community and enterprise edition is a Control
Panel providing with tools to automate the web-office configuration. To use it, sign in to
your web-office and click the Control Panel link on the Start Page. Then select the
section you need:Enabling the HTTPS protocol to secure the access
12.5.1
As I use ONLYOFFICE for my small team, I decided to generate the self-signed certificate.
Click the GENERATE button on the HTTPS page. A popup message box will inform you
that the certificate and private key are successfully generated. They will be
automatically uploaded to the corresponding fields. Just click the Apply button to save
the changes.
12.5.2
Open the Update page. Scroll the page down until the Mail Server section appears. Click
the INSTALL button next to it. The Domain Name window will open. Specify your own
domain name and click the OK button to start the installation process. Your web-office
will be restarted and become unavailable during the installation. It can take some
minutes.
Besides, using Control Panel you can:
12.6
USEFUL LINKS
On this page
Prerequisites
Step 1- Install Node.js on Ubuntu
Step 2 - Install Ghost Blog
Step 3 - Configure Ghost
Step 4 - Install Apache and the Ghost VirtualHost
Step 5 - Enable SSL for Ghost
Testing
Conclusion
13.2
PREREQUISITES
Ubuntu 15.10
root privileges
Install Node.js
Install Ghost
Configure Ghost
Install Apache and add the Ghost VirtualHost
Enable SSL for Ghost
13.3
For this tutorial, we will use node.js v0.12. Node.js can be installed from source or from
the nodesource.com repository. We will use the node.js
repository https://deb.nodesource.com/node_0.12 for the installation.
Please add and update repository by executing command below:
node --version
v0.12.7
npm --version
2.11.3
Npm is the node.js package manager that is used to install, publish and manage node
programs.
13.4
We will install ghost in the directory "/var/www/" and use the latest version of Ghost.
Please make a new directory "www" in /var and enter it with "cd":
mkdir -p /var/www/
cd /var/www/
wget https://ghost.org/zip/ghost-latest.zip
unzip -d ghostblog ghost-latest.zip
cd ghostblog/
npm install --production
13.5
Please go to the ghostblog directory and then copy the config sample file
to "config.js"
cd /var/www/ghostblog/
cp config.example.js config.js
vim config.js
Now change the owner for ghost installation directry to the user "ghost".
Test the ghost blog by executing the npm command as ghost user. Please log in to the
user ghost:
su - ghost
cd /var/www/ghostblog
npm start --production
To make it easier for us to start ghost, we will create a systems service to run Ghost.
Please go back to the sudo/root user and make a new file called"ghost.service" in the
directory "/lib/systemd/system/".
sudo cd /lib/systemd/system/
sudo vim ghost.service
[Service]
Type=simple
# Ghost installation Directory
WorkingDirectory=/var/www/ghostblog
User=ghost
Group=ghost
ExecStart=/usr/bin/npm start --production
ExecStop=/usr/bin/npm stop --production
Restart=always
SyslogIdentifier=Ghost
[Install]
WantedBy=multi-user.target
And save the file Then reload the systemd daemon:
Add the Ghost service to start automatically at boot time and start Ghost with systemctl
command:
13.6
STEP 4 - INSTALL APACHE AND THE GHOST
VIRTUALHOST
Install apache with the apt-get command:
Once the installation is finished, create a new file for the ghost virtual host in the
directory "/etc/apache2/sites-available/".
sudo cd /etc/apache2/sites-available/
sudo vim ghostblog.conf
Finally, we have to activate the Ghost virtual host and then restart apache:
Restart ghost:
13.7
To enable SSL on apache, please make sure the openssl library is installed on the
system. We will generate new key and crt file in the directory"/etc/apache2/certs".
First we make new directory certs:
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout
/etc/apache2/certs/ghostblog.key -out /etc/apache2/certs/ghostblog.crt
sudo cd /etc/apache2/certs/
sudo chmod 600 *
sudo cd /etc/apache2/sites-available/
sudo vim ghostblog.conf
ProxyRequests off
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http:/127.0.0.1:2368/
</VirtualHost>
<VirtualHost *:443>
ServerName ghostblog.me
SSLEngine on
SSLCertificateFile /etc/apache2/certs/ghostblog.crt
SSLCertificateKeyFile /etc/apache2/certs/ghostblog.key
ProxyPass / http://127.0.0.1:2368/
ProxyPassReverse / http:/127.0.0.1:2368/
ProxyPreserveHost On
</VirtualHost>
Save and Exit.
Activate the OpenSSL apache module and restart apache :
13.8
TESTING
Visit http://ghostblog.me, and you will be forced to the HTTPS/SSL site of your blog.
13.9
CONCLUSION
ow do I increase the maximum number of open files under CentOS Linux? How do
Output:
75000
75000 files normal user can have open in single login session. To see the hard and soft
values, issue the command as follows:
# ulimit -Hn
# ulimit -Sn
To see the hard and soft values for httpd or oracle user, issue the command as follows:
# su - username
$ ulimit -Hn
$ ulimit -Sn
Above command forces the limit to 100000 files. You need to edit /etc/sysctl.conf file
and put following line so that after reboot the setting will remain as it is:
# vi /etc/sysctl.conf
Save and close the file. Users need to log out and log back in again to changes take
OR
# sysctl fs.file-max
$ ulimit -Hn
$ ulimit -Sn
f you want to monitor network throughput on the command line interface, use nload
$ wget http://www.roland-riegel.de/nload/nload-0.7.4.tar.gz
OR
$ ./configure
Running configure takes a while. Type make command to compile the nload:
$ make
Finally, type make install to install the nload programs and related files as root user:
$ sudo make install
OR
# make install
nload
nload device
$ nload eth0
Sample outputs:
You can switch between the devices by pressing the left and right arrow keys
orEnter/Tab key.
2.
3.
4.
5.
$ nload -t 500
Sample outputs:
15.6.3 Setting the type of unit used for the display of traffic numbers
The syntax is:
$ nload -u h|H|b|B|k|K|m|M|g|G
$ nload -U h|H|b|B|k|K|m|M|g|G
$ nload -u h
$ nload -u G
$ nload -U G
Where,
The lower case -u option: h means human readable (auto), b Bit/s, k kBit/s, m MBit/s
and g GBit/s. The upper case letters mean the corresponding units in Bytes (instead of
Bits). The default is k.
The upper case -U option is same as lower case -u option, but for an amount of data,
e.g. Bit, kByte, GBit etc. (without "/s"). The default is M.
15.6.3.1.1 Conclusion
I found nload to be reliable and stable application. If you enjoyed nload, you might also
like to try out vnstat and iftop tools on Linux/Unix-like systems. See previous coverage
on nixCraft:
for network interface card (NIC). It displays information and statistics about all your
network card such as packets, kilobytes per second, average packet sizes and more. It
works under Solaris and Linux operating systems.
In this post, I will explain how to install and use the nicstat command to find out stats
about your NICs under Debian / Ubuntu / RHEL / CentOS Linux operating systems.
Sample outputs:
Kernel Interface table
Iface
MTU Met
eth0
1500 0 199549124
eth1
1500 0 138357627
630
lo
16436 0
0 153882468
0 151312724
0 BMRU
0 BMRU
0 LRU
However, nicstat provides more information about your nic such as:
1.
2.
3.
4.
5.
6.
# ls -la
Sample outputs:
drwxr-xr-x. 2 509833 wheel 4096 Mar 10 07:43 .
cd into nicstat directory and type the following command to crate a soft link to
Ubuntu_8_i386 binary:
# cd nicstat-1.92
# ln -s .nicstat.Ubuntu_8_i386 .nicstat.Linux_i386
cd into nicstat directory and type the following command to crate a soft link to
.nicstat.RedHat_5_i386 binary:
# cd nicstat-1.92
# ln -s .nicstat.RedHat_5_i386 .nicstat.RedHat_6_i386
Sample outputs:
Sample outputs:
15:39:22
RdKB
eth0
349.4 31.98 325.0 250.6 0.00 0.00 0.00 0.00 0.00 3.12
eth1
28.68 169.4 226.3 247.4 0.00 0.00 0.00 0.00 0.00 1.62
Sample outputs:
Time
Int
rKB/s
15:40:55
eth0
349.372
15:40:55
eth1
28.686
wKB/s
31.981
169.365
Sample outputs:
5:51:22 (HH:MM:SS) : The time corresponding to the end of the sample in 24 hour
clock format.
2.
3.
4.
5.
6.
7.
8.
9.
%Util : Percentage utilization of the interface. For full-duplex interfaces, this is the
Sat : This the number of errors/second seen for the interface. An indicator the interface
may be approaching saturation. This statistic is combined from a number of kernel statistics.
It is recommended to use the -x option to see more individual statistics when attempting to
diagnose a network issue.
Sample outputs:
16:13:44
TCP
InKB OutKB InSeg OutSeg Reset AttF %ReTX InConn OutCon Drops
0.00
Where,
1.
2.
3.
4.
5.
Reset : The number of times TCP connections have made a direct transition to the
CLOSED state from either the ESTABLISHED state or the CLOSE-WAIT state.
6.
AttF : The number of times that TCP connections have made a direct transition to the
CLOSED state from either the SYN-SENT state or the SYN-RCVD state, plus the number of
times TCP connections have made a direct transition to the LISTEN state from the SYNRCVD state.
7.
%ReTX : Percentage of TCP segments retransmitted - that is, the number of TCP
InConn : The number of times that TCP connections have made a direct transition to the
OutCon : The number of times that TCP connections have made a direct transition to the
Drops : Number of connections dropped from the completed connection queue and
Sample outputs:
16:15:11
InDG OutDG
UDP
0.35
0.36
InErr OutErr
0.00
0.00
Where,
1.
2.
3.
InErr : Packets received that could not be processed because they contained errors.
4.
Sample outputs:
16:34:10
TCP
16:34:10
InKB OutKB InSeg OutSeg Reset AttF %ReTX InConn OutCon Drops
0.00
InDG OutDG
InErr OutErr
UDP
16:34:10
0.01
RdKB
0.01
0.00
0.00
eth0
348.9 31.94 324.5 250.3 0.00 0.00 0.00 0.00 0.00 3.12
eth1
28.71 169.2 227.1 248.1 0.00 0.00 0.00 0.00 0.00 1.62
Print statistics for eth0 interfaces, setting speed of "eth0" and "eth1" to 100mbps/fullduplex and 100mbps/full-duplex, respectively:
# ./nicstat.sh -S eth0:100Full,eth1:100Full 5
Print statistics for eth0 interfaces, setting speed of "eth0" and "eth1" to 100mbps/halfduplex and 1000mbps/full-duplex, respectively:
# ./nicstat.sh -S eth0:100h,eth1:1000 5
16.4.4.1.1 References:
http://tecadmin.net
http://www.server-world.info/en/note?os=CentOS_7&p=httpd&f=6
https://www.howtoforge.com