Array
(
[0] => Array
(
[_id] => 5ae0b906bc91da1005bee874
[path] => how-to-ssh-to-an-orbit-from-the-website
[updated] => 2019-01-16T08:04:27.248+0000
[created] => 2018-04-25T17:21:10.190+0000
[title] => How to SSH to an Orbit from the Website
[subheading] => This is a guide on how to detach a secondary Volume from your Orbit.
[body] =>
Introduction
SystemOnGrid allows you to SSH to your Orbit directly from the website itself. This guide will show you how.
Prerequisites
Running Orbit
You are able to SSH using username and password and sshd is listening on default port 22
Opening the Shell
First navigate to the “My Orbits” tab.
Once there, select the Orbit you want to connect to.
Once you’re in the details page, select the “SHELL” button from the action list.
After you press the button, it will open up another browser window. Where you can login with your credentials.
Now just input your password and you should be good to go.
[category] => access
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8b6
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8b5
)
[2] => Array
(
[section] => Opening the Shell
[path] => opening-the-shell
[_id] => 5ae0b906bc91da1005bee8b4
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => ssh
[2] => access
)
[published] => 1
[is_deleted] =>
)
[1] => Array
(
[_id] => 5ae0b906bc91da1005bee871
[path] => how-to-console-to-an-orbit
[updated] => 2019-01-14T16:42:13.337+0000
[created] => 2018-04-25T17:21:10.190+0000
[title] => How to Console to an Orbit
[subheading] => This is a guide on how to console to an Orbit.
[body] =>
Introduction
Aside from SSHing the Orbit, SystemOnGrid also provides a web based console that you can use right from the browser. In this guide we will go over how to connect to that console.
Prerequisites
Orbit in running status and you should be able to login with a username and password.
Opening the Console
First navigate to the “My Orbits” tab and select the Orbit you want to connect to.
Once you’re in the details page, select the “CONSOLE” button from the list.
After you press the button, it will open up another browser window. Where you can login with your credentials. Once you log in, you will be ready to go.
[category] => access
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8ac
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8ab
)
[2] => Array
(
[section] => Opening the Console
[path] => opening-the-console
[_id] => 5ae0b906bc91da1005bee8aa
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => console
[2] => connect
[3] => remote desktop
[4] => access
)
[published] => 1
[is_deleted] =>
)
[2] => Array
(
[_id] => 5ae0b906bc91da1005bee875
[path] => setting-up-a-root-password
[updated] => 2018-04-25T17:21:10.191+0000
[created] => 2018-04-25T17:21:10.191+0000
[title] => Setting up a Root Password
[subheading] => This is a guide on how to setup a root password to your Orbit.
[body] =>
Introduction
When you connect to an Orbit through SSH, it does not automatically connect with a root account. Due to this you need to get root access another way and this guide will show you how along with setting up a password for the account.
Prerequisites
Running Orbit
SSH into Orbit
First navigate to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Now log into the Orbit and you should see a screen like this.
Setting the Password
Run the following command and you will have root access.
sudo su
Run the following command to set a password for the root account.
passwd root
After setting up the password, you should be good to go.
[category] => access
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8ba
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8b9
)
[2] => Array
(
[section] => SSH into Orbit
[path] => ssh-into-orbit
[_id] => 5ae0b906bc91da1005bee8b8
)
[3] => Array
(
[section] => Setting the Password
[path] => setting-the-password
[_id] => 5ae0b906bc91da1005bee8b7
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => password
[2] => root
[3] => ssh
)
[published] => 1
[is_deleted] =>
)
[3] => Array
(
[_id] => 5ae0b906bc91da1005bee873
[path] => detaching-a-secondary-volume-from-your-orbit
[updated] => 2019-01-16T08:07:00.934+0000
[created] => 2018-04-25T17:21:10.190+0000
[title] => Detaching a Secondary Volume from your Orbit
[subheading] => This is a guide on how to detach a secondary Volume from your Orbit.
[body] =>
Introduction
If you no longer wish to have a secondary volume attached to your system it's as easy to remove as it is to attach.
Prerequisites
Orbit with Secondary Volume Attached
Unmounting the Volume
You must remove the added volume from your /etc/fstab file before detaching the volume. First you need to check if any processes are running. You can do so by running.
sudo lsof +f -- /mnt/NAME
NAME: name of the volume
Then you can unmount it by running.
sudo unmount /mnt/NAME
Now you need to remove it from the “/etc/fstab” file, which can be done by running.
sudo nano /etc/fstab
Remove any entries involving your volume
Now remove the mount point.
sudo rmdir /mnt/NAME
Detaching the Volume
To detach a volume, first navigate to the “My Volumes” tab.
Once there, select the volume that you want to remove and press “Detach”
[category] => volume
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8b3
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8b2
)
[2] => Array
(
[section] => Unmounting the Volume
[path] => unmounting-the-volume
[_id] => 5ae0b906bc91da1005bee8b1
)
[3] => Array
(
[section] => Detaching the Volume
[path] => detaching-the-volume
[_id] => 5ae0b906bc91da1005bee8b0
)
)
[format] => html
[tags] => Array
(
[0] => volume
[1] => detach
)
[published] => 1
[is_deleted] =>
)
[4] => Array
(
[_id] => 5ae0b906bc91da1005bee879
[path] => connect-to-orbit-through-ssh
[updated] => 2019-01-14T16:40:30.070+0000
[created] => 2018-04-25T17:21:10.191+0000
[title] => Connect to Orbit Through SSH
[subheading] => This is a guide on how to connect to your Orbit through SSH.
[body] =>
Introduction
Now that you have an Orbit fully setup, we can finally use it. In this guide we will be looking into how to log into your Orbit through the console.
Prerequisites
Running Orbit
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Now it will ask you for a password. Input the password that you set in the authentication method when you first created the Orbit. It will ask you to change your temporary password into a permanent one and log you out afterwards. Now log into the Orbit and you should see a screen like this.
While your SSH connection can be secure, you can still be susceptible to DDOS attacks on your server. Fail2ban is a service which helps mitigate these attacks.
Prerequisites
Running Orbit
Installing Fail2ban
Once you have logged in to your server we need to update your package index and install Fail2ban. We can do so by running the following.
sudo apt-get update
sudo apt-get install fail2ban
Once it's installed, the service should start on it's own and you should be good to go since it provides a default configuration profile.
Configuring Fail2ban
The file “fail2ban.conf” contains your configuration profile. If you wish to do any changes, you should do them in “fail2ban.local”, this can be done by running.
Once the copy has been made, you can edit the .local file and it will replace the settings in the .conf file while keeping the original one intact.
[category] => security
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8be
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8bd
)
[2] => Array
(
[section] => Installing Fail2ban
[path] => installing-fail2ban
[_id] => 5ae0b906bc91da1005bee8bc
)
[3] => Array
(
[section] => Configuring Fail2ban
[path] => configuring-fail2ban
[_id] => 5ae0b906bc91da1005bee8bb
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => ssh
[2] => ddos
[3] => security
)
[published] => 1
[is_deleted] =>
)
[6] => Array
(
[_id] => 5ae0b906bc91da1005bee87c
[path] => how-to-get-root-access-and-change-root-password
[updated] => 2019-01-14T16:38:51.224+0000
[created] => 2018-04-25T17:21:10.192+0000
[title] => How to Get Root Access and Change Root Password
[subheading] => This is a guide on how to get root access on your Orbit and also changing the password.
[body] =>
Introduction
For best security practices, our Orbits do not allow you to log in using the root user. Due to this you need to get root access another way and this guide will show you how.
Prerequisites
There are no major prerequisites required to create a volume. You will only be required to have an existing volume if you wish to clone and an orbit if you wish to attach your volume to said orbit.
SSH into Orbit
SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Using the Root Account
Run this command to get root access
sudo su
Setting the Password
If you are continuing from the previous step you should already have root access but if not, run the following to get access.
sudo su
Run the following command to set a password for the root account.
passwd root
After setting up the password, you should be good to go. All thats left is to enable the login.
Configuring Root Login
Now that you have a root user we need to enable login. We can do that by editing a config file. Run “vim /etc/ssh/sshd_config” and edit “PermitRootLogin” to say “Yes”
Note: To edit in VIM, move the blinker to the spot that you want to change. Press “i” and you can begin editing the text and once done press “ESC”. To save the file press “:” and write “wq” then press “Enter”. Your changes should be saved
Now for the changes to take effect, you need to restart your daemon. Run the following command “systemctl restart sshd”. Once that is done, run “systemctl status sshd” and it should say “running” in green
Now you can logout from your SSH and log back in with the root user and password you set.
Note: You only need to modify the file and restart the service (Step 1 and 2 if PermitRootLogin is not already set to “yes”
[category] => access
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8d8
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8d7
)
[2] => Array
(
[section] => SSH into Orbit
[path] => ssh-into-orbit
[_id] => 5ae0b906bc91da1005bee8d6
)
[3] => Array
(
[section] => Using the Root Account
[path] => using-the-root-account
[_id] => 5ae0b906bc91da1005bee8d5
)
[4] => Array
(
[section] => Setting the Password
[path] => setting-the-password
[_id] => 5ae0b906bc91da1005bee8d4
)
[5] => Array
(
[section] => Configuring Root Login
[path] => configuring-root-login
[_id] => 5ae0b906bc91da1005bee8d3
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => ssh
[2] => root
)
[published] => 1
[is_deleted] =>
)
[7] => Array
(
[_id] => 5ae0b906bc91da1005bee877
[path] => how-to-create-an-orbit-from-an-existing-volume
[updated] => 2019-01-16T08:05:12.190+0000
[created] => 2018-04-25T17:21:10.191+0000
[title] => How to Create an Orbit from an Existing Volume
[subheading] => This is a guide on how to create an Orbit from an existing Volume.
[body] =>
Introduction
Let’s say you have an Orbit and want to delete it but keep the root volume for future usage. Well with that volume, our system allows you to create a new Orbit from an existing bootable volume.
Prerequisites
The only requirement needed to create an orbit from an existing volume is a bootable volume. The difference between a bootable volume and non-bootable volume is only that a bootable volume contains an operating system. You can check whether your volume is bootable from the volume details page
Creating an Orbit
To create an Orbit from an existing volume, first navigate to the “My Orbits” tab.
Once there, click “Create Orbit”.
Now select “Bootable Volume” and a dropdown will appear where you can select the root volume that you already had. You can follow the same guidelines that you would normally follow to create a brand new Orbit.
You can follow the same guidelines that you would normally follow to create a brand new Orbit. Select your desired CPU/Ram Size, SSD Block, Authentication Method and Name. Once everything is in place, click “Create” and your orbit should be good to go.
In SystemOnGrid, we provide 2 different types of Orbits, a Free Tier Orbit and a Paid Orbit. The difference is that we limited support to Free Tier Orbit, for example you cannot attach additional volumes, but they are still fully functional just like a Paid Orbit. If you need more features, you can resize your Free Tier Orbit any time and it will turn it into a Paid Orbit.
Prerequisites
You need an active account with a valid credit card to be able to create an orbit
Creating an Orbit
To start creating your orbit, first navigate to the “My Orbits” tab.
Then press “Create Orbit”
When you press “Create Orbit” it will default to a paid one but you can switch over to a free one in the top bar.
You only have one option for the size of the Orbit. To get larger sizes you must use a paid orbit.
Next, you can either set a temporary password or SSH Key as your Authentication method. Finally, assign your Orbit a name and description(optional and click “Create”. You Orbit should start up shortly and you will be able to log in. For security reasons, if you chose a password as authorization, the operating system will ask you to reset it once you login.
Default Usernames
Ubuntu
ssh ubuntu@ipaddress
Centos
ssh centos@ipaddress
Debian
ssh debian@ipaddress
Fedora
ssh fedora@ipaddress
[category] => orbit
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8cc
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8cb
)
[2] => Array
(
[section] => Creating an Orbit
[path] => creating-an-orbit
[_id] => 5ae0b906bc91da1005bee8ca
)
[3] => Array
(
[section] => Default Usernames
[path] => default-usernames
[_id] => 5ae0b906bc91da1005bee8c9
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => free tier
[2] => free
)
[published] => 1
[is_deleted] =>
)
[9] => Array
(
[_id] => 5ae0b906bc91da1005bee87d
[path] => how-to-rebuild-a-orbit
[updated] => 2018-04-25T17:21:10.192+0000
[created] => 2018-04-25T17:21:10.192+0000
[title] => How to Rebuild a Orbit
[subheading] => This is a guide on how to rebuild your Orbit while preserving your IP address.
[body] =>
Introduction
If you ever have an issue with your Orbit, you can easily rebuild it to a new state without losing your IP.
Prerequisites
Running or Paused Orbit
Rebuilding your Orbit
First select the REBUILD option from the Orbit details bar, shown below.
After you open the rebuild section, you can only change the image and authentication method of your rebuilt Orbit.
Once you press Rebuild, your Orbit will be rebuilt in a clean state with the same IP address as you had before.
Note: All attached volumes have been removed and will need to be reattached
Removing Old Fingerprints
Linux
After a rebuild, your Orbit’s fingerprint will change. Due to this, you may be required to remove the old fingerprint from their side. You can do this by running the following.
ssh-keygen -R HOSTNAME
Windows - PuTTY
On Windows, the location is completely different for the SSH Keys. You need to open your registry editor and navigate to:
Replace username with the name of the user thats currently logged in. After you have reached that path, you can either delete all the keys (not recommended or the relevant key.
[category] => orbit
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8dc
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8db
)
[2] => Array
(
[section] => Rebuilding your Orbit
[path] => rebuilding-your-orbit
[_id] => 5ae0b906bc91da1005bee8da
)
[3] => Array
(
[section] => Removing Old Fingerprints
[path] => removing-old-fingerprints
[_id] => 5ae0b906bc91da1005bee8d9
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => rebuild
[2] => ip
)
[published] => 1
[is_deleted] =>
)
[10] => Array
(
[_id] => 5ae0b906bc91da1005bee878
[path] => how-to-clone-a-volume
[updated] => 2019-01-14T16:40:02.400+0000
[created] => 2018-04-25T17:21:10.191+0000
[title] => How to Clone a Volume
[subheading] => This is a guide on how to clone a Volume.
[body] =>
Introduction
One of the great features of our system is the ability to clone your volumes. It’s a simple process which can be done with just a few clicks.
Prerequisites
There are no major prerequisites required to clone a volume other than having an existing volume. If the source volume is mounted to an Orbit, regardless if it is a root volume or a secondary volume, the Orbit requires to be in Paused status.
Cloning a Volume
To clone a volume, first navigate to the “My Volumes” tab.
Once there, you can name your volume that you want the clone to be. Aside from naming your volume, you need to specify what size you wish for it to be. Once you hit “Clone” it, the system will create a new volume from the source volume you selected and it will be ready to use once it’s done creating.
What can I do with the Clone Feature
There’s multiple things that you can do with the cloning feature. For example:
You can make full backups of your data
If the source volume is a root volume, you can create another Orbit with all the existing configurations from the first one
You can mount the cloned volume to another Orbit as a secondary volume
[category] => volume
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8c5
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8c4
)
[2] => Array
(
[section] => Cloning a Volume
[path] => cloning-a-volume
[_id] => 5ae0b906bc91da1005bee8c3
)
[3] => Array
(
[section] => What can I do with the Clone Feature
[path] => what-can-i-do-with-the-clone-feature
[_id] => 5ae0b906bc91da1005bee8c2
)
)
[format] => html
[tags] => Array
(
[0] => volume
[1] => clone
[2] => copy
)
[published] => 1
[is_deleted] =>
)
[11] => Array
(
[_id] => 5ae0b906bc91da1005bee881
[path] => ghost-one-click-app-setup
[updated] => 2018-04-25T17:21:10.193+0000
[created] => 2018-04-25T17:21:10.193+0000
[title] => Ghost One-Click App Setup
[subheading] => This is a guide on how to setup your Ghost application.
[body] =>
Introduction
One of the many available One-Click Apps that we have is Ghost. Ghost is an open source publishing platform which is beautifully designed, easy to use, and free for everyone.
Prerequisites
Orbit created with Ghost image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Ghost
Once you are SSH'd into the server you will see the following:
This welcome message displays what IP address that you need to open to setup Ghost. After we navigate to that page, you will see the following
After you start setting up Ghost, it will ask you to create an account and then to invite people to your team as well.
After setting up your application you can view your dashboard and edit your site which will look like this.
Finally to view your full site, you can go to the IP of your Orbit and it will look like the image below.
[category] => photon
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8f0
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8ef
)
[2] => Array
(
[section] => Creating Your Orbit
[path] => creating-your-orbit
[_id] => 5ae0b906bc91da1005bee8ee
)
[3] => Array
(
[section] => SSH into Orbit
[path] => ssh-into-orbit
[_id] => 5ae0b906bc91da1005bee8ed
)
[4] => Array
(
[section] => Starting Ghost
[path] => starting-ghost
[_id] => 5ae0b906bc91da1005bee8ec
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => photon
[2] => app
[3] => ghost
)
[published] => 1
[is_deleted] =>
)
[12] => Array
(
[_id] => 5ae0b906bc91da1005bee87b
[path] => mounting-a-secondary-volume-to-your-orbit
[updated] => 2019-01-17T15:25:10.739+0000
[created] => 2018-04-25T17:21:10.192+0000
[title] => Mounting a Secondary Volume to your Orbit
[subheading] => This is a guide on how to add and mount a secondary volumeto your Orbit.
[body] =>
Introduction
If your original orbit does not have enough space for you to work with, we provide a simple way to create and attach extra volumes to your current orbit. You can create a new volume or you can clone a volume that you currently have on your account.
Prerequisites
There are no major prerequisites required to create a volume. You will only be required to have an existing volume if you wish to clone and an orbit if you wish to attach your volume to said orbit.
Creating a Volume
To create a volume, first navigate to the “My Volumes” tab.
Once there, you can name your volume that you are going to create. Aside from naming your volume, you need to specify what size you wish for it to be. Lastly, if you wish, you can attach the volume you are about to create to an existing orbit from the drop down list.
Checking an Attached Volume
Now assuming that you have attached the volume to an orbit, you can check to see if it is properly attached. First use SSH or console to log in to the Orbit with user that has sudo privileges.
The following command will display all block devices that you have on your orbit.
sudo lsblk
Generally the root volume that your orbit was created with will be the first one or “vda” based on the screenshot. The newly created and attached volume should be after your root volume in this case “vdb”.
Creating a Partition on the Volume
Now we have a newly created and attached volume but it’s still not ready for use. In this section we will prepare the volume that way it can be mounted and used by you. We first need to create a new GPT disk label, a partition that will span the size of the volume and format it with the EXT4 filesystem
Run these commands in this order
sudo parted /dev/vdb mklabel gpt
sudo parted /dev/vdb mkpart primary ext4 0% 100%
sudo mkfs.ext4 /dev/vdb1
The following command will confirm that everything was created.
sudo lsblk
Here you can see a new partition named “vdb1”. This will be the partition we will mount to our Orbit next.
Mounting the Volume
Now we need to create a mounting point for this volume. Run the following command.
sudo mkdir /mnt/vol2-p1
Next we need to edit your /etc/fstab file so that the new partition will be mounted persistently.
echo '/dev/vdb1 /mnt/vol2-p1 ext4 defaults 0 2' | sudo tee -a /etc/fstab
Note: before you detach the volume from dashboard, make sure you remove this partition from /etc/fstab
Finally mount all the partitions mentioned in fstab
sudo mount -a
Once again run the command “sudo lsblk” to see the volume that you just created and the new mounting point.
Now you can start using this new volume by storing data in /mnt/vol2-p1 directory. Since we have update the /etc/fstab file, even after reboot, the volume will still be mounted.
One of the many available One-Click Apps that we have is WordPress. WordPress is an online, open source website creation tool written in PHP. Its one of the easiest and most simplest blogging and website management tools in existence today.
Prerequisites
Orbit created with WordPress image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting WordPress
Once you are SSH'd into the server you will see the following:
This welcome message displays what IP address that you need to open to setup WordPress. After we navigate to that page, you will see the following
After you start setting up WordPress, it will ask you to create an account.
After setting up your application you will get a webpage with your username and a link to login to the admin panel.
The admin page will look like this, and once you're logged in, you can edit your website.
Alternatively, you can go to your homepage to see how the webpage currently looks.
One of the many available One-Click Apps that we have is MediaWiki. MediaWiki is a free software open source wiki package written in PHP, originally for use on Wikipedia.
Prerequisites
Orbit created with MediaWiki image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting MediaWiki
Once you are SSH'd into the server you will see the following:
All passwords are generated when an orbit is first created and stored in a .secrets file, unless the welcome screen says otherwise. To access it, run the following command:
cat .secrets
This welcome message displays what IP address you need to open in your browser after you finish setting up the app. First you need to run:
sudo bash mediawiki.sh
When it asks for an address, put the IP Address of the server unless you already know how you are setting it up.
After the setup is done, you should see an image like below and now you can open your webpage to the IP address that you saw at the welcome screen.
To make sure everything is working, when you open up your browser and navigate to that specific IP address, you should see a webpage like this. If so, your MediaWiki app is setup and you can begin using it.
One of the many available One-Click Apps that we have is GitLab. GitLab is a web-based Git repository manager with wiki and issue tracking features, using an open source license, developed by GitLab Inc.
Prerequisites
Orbit created with GitLab image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting GitLab
Once you are SSH'd into the server you will see the following. You can start the setup process by opening the IP address in your web broswer.
You can start GitLab's setup by entering a new password for the account.
You can then create a new user for your GitLab.
Once you have your account. You will be taken to the dashboard which should look like the following and you will be ready go.
One of the many available One-Click Apps that we have is CouchDB.CouchDB is one of what many are calling NoSQL solutions. Specifically, CouchDB is a document-oriented database and within each document fields are stored as key-value maps. Fields can be either a simple key/value pair, list, or map.
Prerequisites
Orbit created with CouchDB image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting CouchDB
Once you are SSH'd into the server you will see the following.
All passwords are generated when an orbit is first created and stored in a .secrets file, unless the welcome screen says otherwise. To access it, run the following command:
cat .secrets
First let's check if the service is running.
docker ps
Now that everything is running we can go to the website. Type the IP Address followed by the port '5984/_utils'. You should see a page like the following:
In the bottom right you need to log in with the admin account whose username is 'admin' and password is 'password':
After you are logged in you can create a new database from the top left part of the dashboard.
Now that you have your database created, you are ready to go for your application.
One of the many available One-Click Apps that we have is ownCloud. ownCloud is a self-hosted open source file sync and share server. Like 'big boys' Dropbox, Google Drive, Box, and others, ownCloud lets you access your files, calendar, contacts, and other data.
Prerequisites
Orbit created with ownCloud image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting ownCloud
Once you are SSH'd into the server you will see the following:
All passwords are generated when an orbit is first created and stored in a .secrets file, unless the welcome screen says otherwise. To access it, run the following command:
cat .secrets
This welcome message displays what IP address you need to open in your browser. In our case it's 38.76.11.251
After you open the webpage, you will see this webpage where you can create your admin account for your app.
Once created, it will redirect you to a login page where you can use your new account. After you login, you will see the dashboard as shown below and your app will be ready for use.
One of the many available One-Click Apps that we have is Ruby on Rails. Ruby on Rails, or simply Rails, is a server-side web application framework written in Ruby under the MIT License. Rails is a model–view–controller framework, providing default structures for a database, a web service, and web pages.
Prerequisites
Orbit created with Ruby on Rails image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Ruby on Rails
Once you are SSH'd into the server you will see the following.
If you wish to create your own database, you run the following.
cd myapp/ vim config/database.yml
Now you can edit the settings to create your own database like the image below and then run the following command.
rake db:create
Now that everything is set, we can start our server by running the following.
rails server
Now we can navigate to our orbit's page with port 3000 and you will see your homepage.
One of the many available One-Click Apps that we have is Magento. Magento is an ecommerce platform built on open source technology which provides online merchants with a flexible shopping cart system, as well as control over the look, content and functionality of their online store.
Prerequisites
Orbit created with Magento image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Magento
Once you are SSH'd into the server you will see the following:
All passwords are generated when an orbit is first created and stored in a .secrets file, unless the welcome screen says otherwise. To access it, run the following command:
cat .secrets
This welcome message displays what IP address that you need to open to setup Magento. After we navigate to that page, you will see the following
After you start setting up Magento, it will do a check of your system to make sure it is ready for use. Once it is, you can press 'Next' at the top right.
Now we need to setup the database for Magento itself, you can get all the information that needs to be plugged in from the welcome message when you SSH'd into the server. After the database is setup, you can press 'Next' and setup your store preferences to your choosing.
After that is complete, you will need to create an admin account as well. It will then begin installing the application with your settings.
Once complete you will see a success page with your admin account that you used and your store info as well.
To access your store, you open the IP address of your orbit in a web page and you should see the following.
Alternatively, if you go to the admin link on your success page, you can login to the following page.
After successfully login in, you will be taken to this admin panel page where you can work on your store itself.
One of the many available One-Click Apps that we have is MySQL. MySQL is a freely available open source Relational Database Management System (RDBMS that uses Structured Query Language (SQL. SQL is the most popular language for adding, accessing and managing content in a database. It is most noted for its quick processing, proven reliability, ease and flexibility of use.
Prerequisites
Orbit created with MySQL image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting MySQL
Once you are SSH'd into the server you will see the following.
We first need to connect to the database. You can use the information provided in the welcome message to login.
mysql -u root -p
That's all there is to it. You can now start using MySQL
One of the many available One-Click Apps that we have is MEAN Stack. MEAN Stack is an acronym for MongoDB, ExpressJS, AngularJS, and Node.js. From client to server to database MEAN is a full stack JavaScript.
Prerequisites
Orbit created with MEAN Stack image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting MEAN Stack
Once you are SSH'd into the server you will see the following:
This welcome message displays what IP address that you need to open to setup MEAN Stack App.You will need to change directory to start your project:
cd meanstack_exp
Now we can start the server:
npm start
We can see our working site by opening the browser and navigating to our IP Address through port 8000:
One of the many available One-Click Apps that we have is cPanel. cPanel is an online Linux-based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site.
Prerequisites
Orbit created with cPanel image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “38.76.11.250”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@38.76.11.250”
Starting cPanel
Once you are SSH'd into the server you will see the following.
We can check the secret file for our username and generated password by running the following command.
cat .secrets
You will now see the username and generated password for cPanel.
Now that we have the credentials, we can navigate to our orbit's IP Address followed by the port 2087. Note: You need to input the following into your address bar as is(with the HTTP section, that way it doesn't redirect you to another page.
You will now see the login page where you can use the information from the .secrets file to login.
For Step 2, set the settings as you see fit. For the hostname, unless you know the specific setting to input for that field, input the IP Address of the orbit.
For the following steps, they are rather straight forward if you know what settings you want to modify. If not, just keep everything as default. Finally, select if you want to use quotas to keep track of disk usage and press 'Finish'.
cPanel will finish setting itself up and after you add a license to your cPanel account, you will be able to use the software.
One of the many available One-Click Apps that we have is Django. Django is a high-level Python Web framework that encourages rapid development so you can focus on writing your app instead of needing to reinvent the wheel.
Prerequisites
Orbit created with Django image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Django
Once you are SSH'd into the server you will see the following:
All passwords are generated when an orbit is first created and stored in a .secrets file, unless the welcome screen says otherwise. To access it, run the following command:
cat .secrets
This welcome message displays what IP address that you need to open to setup Django. After we navigate to that page, you will see the following:
You will need to run the following commands(one after another in the console to setup your project:
cd myproject . myprojectenv/bin/activate ./manage.py makemigrations ./manage.py migrate
Now that all database migrations are done, there is just one more step needed before we can run the server. We need to allow hosts to connect to our website. We can set that up by doing the following in the same directory as Step 2:
cd myproject pwd
Directory should be: /home/ubuntu/myproject/myproject/myproject
vim settings.py
Modify the “ALLOWED_HOSTS” section to contain either your website name or an ‘*’
If you use an * just know that this is allowing all hosts to connect and it is not recommended
Whichever you decide to use must be encapsulated in either single or double quotes
How to Edit: Move the blinker to the location that you want to edit. Press “i” to enter Insert Mode, write either the website or asterisk for your ALLOWED_HOSTS, surrounded in quotes. Press “ESC” followed by “:” and finally write “wq” and press “Enter”
Now that the file is edited, you can start your server from the directory: /home/ubuntu/myproject/myproject:
./manage.py runserver 0.0.0.0:8000
If everything is working fine, you can navigate to your website with the port 8000 and it should look like this:
[category] => photon
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee8fa
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee8f9
)
[2] => Array
(
[section] => Creating Your Orbit
[path] => creating-your-orbit
[_id] => 5ae0b906bc91da1005bee8f8
)
[3] => Array
(
[section] => SSH into Orbit
[path] => ssh-into-orbit
[_id] => 5ae0b906bc91da1005bee8f7
)
[4] => Array
(
[section] => Starting Django
[path] => starting-django
[_id] => 5ae0b906bc91da1005bee8f6
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => photon
[2] => app
[3] => django
)
[published] => 1
[is_deleted] =>
)
[24] => Array
(
[_id] => 5ae0b906bc91da1005bee898
[path] => how-to-create-a-partition-on-netbsd
[updated] => 2018-04-25T17:21:10.198+0000
[created] => 2018-04-25T17:21:10.198+0000
[title] => How to Create a Partition on NetBSD
[subheading] => This is a guide on how to create a new partition on NetBSD
[body] =>
Introduction
When you add a volume or resize in NetBSD, it doesn't update automatically so you need to create a partition on your own and this guide will show you how.
Prerequisites
NetBSD Orbit
Either secondary attached volume or the orbit must be resized to a larger size
Viewing Filesystem Details (Optional
You can view the attached volume by running.
dmesg |grep sector
To view the filesystem details we can run the following.
disklabel ld0
Creating a new partition
You can view the attached volume by running the following. You need to run this command whether you resize the volume or or attach a volume so you can see the sector size.
dmesg |grep sector
You need to keep track of the number of sectors because we will be using that to create the new file system.
Now we create the filesystem on the new slice.
newfs -O2 -F -s 83886080 /dev/rld0d
Lastly we mount the new created slice and create a new home directory.
One of the many available One-Click Apps that we have is MongoDB. MongoDB is an open-source document database that provides high performance, high availability, and automatic scaling.
Prerequisites
Orbit created with MongoDB image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting MongoDB
Once you are SSH'd into the server you will see the following. There is no website that we can use to see visible information, so everything is done directly from the console.
First we need to start mongo by running the following:
mongo
Now we need to change into the test database:
use test
Now that everything is setup, you can use the test database to practice or you can create your own database:
[category] => photon
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee904
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee903
)
[2] => Array
(
[section] => Creating Your Orbit
[path] => creating-your-orbit
[_id] => 5ae0b906bc91da1005bee902
)
[3] => Array
(
[section] => SSH into Orbit
[path] => ssh-into-orbit
[_id] => 5ae0b906bc91da1005bee901
)
[4] => Array
(
[section] => Starting MongoDB
[path] => starting-mongodb
[_id] => 5ae0b906bc91da1005bee900
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => photon
[2] => app
[3] => mongo
)
[published] => 1
[is_deleted] =>
)
[26] => Array
(
[_id] => 5ae0b906bc91da1005bee896
[path] => how-to-create-an-api-key
[updated] => 2018-04-25T17:21:10.198+0000
[created] => 2018-04-25T17:21:10.198+0000
[title] => How to Create an API Key
[subheading] => This is a guide on how to create an API Key for your account.
[body] =>
Introduction
With our API system, you can control your resources without accessing the dashboard directly.
Prerequisites
Verified Account
Creating an API Key
To first create an API Key, we need to navigate to the 'My Account' section of your dashboard.
Once you are in your My Accounts page, on the sidebar select API Keys.
You will see an empty list which is where all your API keys will be located. To create a new one, click the Create button.
Enter a name for you API Key and press Create.
Once created, your key will be shown in the API Key list. Select the name to view the key
When you select the key name it will display the key like the image below.
Using your API Key
To use your key, navigate to System on Grid API. Once on that page you can search for actions you wish to perform and it will provide you with details as well as examples.
[category] => access
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee959
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee958
)
[2] => Array
(
[section] => Creating an API Key
[path] => creating-an-api-key
[_id] => 5ae0b906bc91da1005bee957
)
[3] => Array
(
[section] => Using your API Key
[path] => using-your-api-key
[_id] => 5ae0b906bc91da1005bee956
)
)
[format] => html
[tags] => Array
(
[0] => api
[1] => key
)
[published] => 1
[is_deleted] =>
)
[27] => Array
(
[_id] => 5ae0b906bc91da1005bee899
[path] => how-to-connect-to-a-vnc-server
[updated] => 2018-04-25T17:21:10.199+0000
[created] => 2018-04-25T17:21:10.199+0000
[title] => How to Connect to a VNC Server
[subheading] => This is a guide on how to install a VNC client and connect to a server
[body] =>
Introduction
With a VNC Client you will be able to connect to our Ubuntu Desktop orbits which will give you better ease of use and control over your orbit.
Running Orbit with VNC Server
VNC Client on a Mac OS System
First we need to download the client to our computer system. For this example we will be using RealVNC. Follow this download link RealVNC Download Link
From there download the VNC Viewer by pressing the blue button.
You will have a download in your browser at the bottom. Once it is done downloading, double click it to start the installation. You will drag and drop the VNC Viewer into your Applications folder
Once that is done, navigate to your Applications folder and run VNC Viewer, it should look like the image below
Finally, enter the IP Address of the system you want to connect to and you should be good to go.
VNC Client on a Windows OS System
First we need to download the client to our computer system. For this example we will be using RealVNC. Follow this download link RealVNC Download Link
From there download the VNC Viewer by selecting the version you want from the dropdown and then pressing the blue button.
You will have a download in your browser at the bottom. Once it is done downloading, double click it to start the installation process.
After installation is complete, you can just run the software, type in the IP Address you want to connect to and connect to your Orbit.
VNC Client on a Chrome Browser
First we need to download the client to our computer system. For this example we will be using RealVNC. Follow this download link RealVNC Download Link
From there you will see that it will redirect you to Chrome's App Store by clicking the provided link. You should see a screen like the image below
On the top right you can launch the application from the green button and you will be displayed with a screen like the following
Just write your Orbit's IP Address and you should be able to connect to your VNC Server
[category] => orbit
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee965
)
[1] => Array
(
[section] => VNC Client on a Mac OS System
[path] => vnc-client-on-a-mac-os-system
[_id] => 5ae0b906bc91da1005bee964
)
[2] => Array
(
[section] => VNC Client on a Windows OS System
[path] => vnc-client-on-a-windows-os-system
[_id] => 5ae0b906bc91da1005bee963
)
[3] => Array
(
[section] => VNC Client on a Chrome Browser
[path] => vnc-client-on-a-chrome-browser
[_id] => 5ae0b906bc91da1005bee962
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => vnc
)
[published] => 1
[is_deleted] =>
)
[28] => Array
(
[_id] => 5ae0b906bc91da1005bee886
[path] => docker-one-click-app-setup
[updated] => 2018-04-25T17:21:10.195+0000
[created] => 2018-04-25T17:21:10.195+0000
[title] => Docker One-Click App Setup
[subheading] => This is a guide on how to setup your Docker application.
[body] =>
Introduction
One of the many available One-Click Apps that we have is Docker. Docker is the world’s leading software container platform. Developers use Docker to eliminate “works on my machine” problems when collaborating on code with co-workers.
Prerequisites
Orbit created with Docker image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Docker
Once you are SSH'd into the server you will see the following. There is no website that we can use to see visible information, so everything is done directly from the console.
Now we can run a sample program in docker by running this command:
docker run hello-world
Now everything should be working successfully and you can start using your Docker app
[category] => photon
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee909
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee908
)
[2] => Array
(
[section] => Creating Your Orbit
[path] => creating-your-orbit
[_id] => 5ae0b906bc91da1005bee907
)
[3] => Array
(
[section] => SSH into Orbit
[path] => ssh-into-orbit
[_id] => 5ae0b906bc91da1005bee906
)
[4] => Array
(
[section] => Starting Docker
[path] => starting-docker
[_id] => 5ae0b906bc91da1005bee905
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => photon
[2] => app
[3] => docker
)
[published] => 1
[is_deleted] =>
)
[29] => Array
(
[_id] => 5ae0b906bc91da1005bee89a
[path] => how-to-migrate-a-wordpress-website-to-a-wordpress-photon
[updated] => 2018-04-25T17:21:10.199+0000
[created] => 2018-04-25T17:21:10.199+0000
[title] => How to Migrate a WordPress Website to a WordPress Photon
[subheading] => This is a guide on how to migrate a WordPress website to our photon
[body] =>
Introduction
Most of the time, when creating a WordPress photon, you wish to migrate your old website to our servers. This guide will show you how.
Running Orbit with WordPress Photon
Backing up your old WordPress website
Backing up a WordPress site is as easy as replacing 2 folders. We will need to copy the WordPress data folder and the MySQL database folder. You will need to find out where exactly your WordPress data folder is before you can proceed.
Using a FTP program like Filezilla, connect to the old server and locate the WordPress folder. Our folder is located in the /var directory shown in the image below. Copy the WordPress folder and store it to your local harddrive.
Now locate the MySQL folder which you will need as well. In this case it was located in the /var/mysql/data folder as shown below. Copy the wordpress folder and save it somewhere safe as well and rename it to wordpress_mysql
Migrating to a WordPress Photon
Now once again using an FTP program, connect to your new photon using port 22 which is for FTP through SSH. An example is shown below
We will be transferring both folders to the /tmp folder like the image below
Once transferred we need to connect to our orbit so we can move the folders to the appropriate locations. Run the following commands once you have SSH'd into your server.
These commands remove the old wordpress data folder and database folder, moves the wordpress data from the temp location to where its supposed to go and after renaming the wordpress_mysql back to wordpress, it moves that folder back to the mysql data folder.
The final step is to restart both our services. We do so by running the following.
docker ps
We will see 2 containers. Keep track of their IDs because we will need them to start and stop the services.
Run the following commands for both containers replacing both IDs with their corresponding ones.
You can now go to your WordPress website in your browser and you will your new migrated site.
[category] => photon
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee968
)
[1] => Array
(
[section] => Backing up your old WordPress website
[path] => backing-up-your-old-wordpress-website
[_id] => 5ae0b906bc91da1005bee967
)
[2] => Array
(
[section] => Migrating to a WordPress Photon
[path] => migrating-to-a-wordpress-photon
[_id] => 5ae0b906bc91da1005bee966
)
)
[format] => html
[tags] => Array
(
[0] => photon
[1] => ubuntu
[2] => wordpress
[3] => migrate
)
[published] => 1
[is_deleted] =>
)
[30] => Array
(
[_id] => 5ae0b906bc91da1005bee888
[path] => drupal-one-click-app-setup
[updated] => 2018-04-25T17:21:10.195+0000
[created] => 2018-04-25T17:21:10.195+0000
[title] => Drupal One-Click App Setup
[subheading] => This is a guide on how to setup your Drupal application.
[body] =>
Introduction
One of the many available One-Click Apps that we have is Drupal. Drupal is free, open source software that can be used by individuals or groups of users -- even those lacking technical skills -- to easily create and manage many types of Web sites. The application includes a content management platform and a development framework.
Prerequisites
Orbit created with Drupal image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Drupal
Once you are SSH'd into the server you will see the following. You can start the setup process by opening the IP address with port 8080 in a web browser.
All passwords are generated when an orbit is first created and stored in a .secrets file, unless the welcome screen says otherwise. To access it, run the following command:
cat .secrets
You can start Drupal's setup by going to the IP Address shown above followed by port 8080. You should see a screen like the following:
All setup options are pretty straight forward until you get to the database configuration. You need to set the following settings:
Database Type: PostgreSQL
Database Name: postgres
Database username: postgres
Database password: password
Advanced Options: Host - postgres
After the database configuration, you can continue setting up your website however you want and once its complete, you should see the following
[category] => photon
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee913
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee912
)
[2] => Array
(
[section] => Creating Your Orbit
[path] => creating-your-orbit
[_id] => 5ae0b906bc91da1005bee911
)
[3] => Array
(
[section] => SSH into Orbit
[path] => ssh-into-orbit
[_id] => 5ae0b906bc91da1005bee910
)
[4] => Array
(
[section] => Starting Drupal
[path] => starting-drupal
[_id] => 5ae0b906bc91da1005bee90f
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => photon
[2] => app
[3] => drupal
)
[published] => 1
[is_deleted] =>
)
[31] => Array
(
[_id] => 5ae0b906bc91da1005bee89b
[path] => how-to-get-root-access
[updated] => 2019-01-14T16:33:53.681+0000
[created] => 2018-04-25T17:21:10.199+0000
[title] => How to Get Root Access
[subheading] => This is a guide on how to get root access on your Orbit and also changing the password.
[body] =>
Introduction
For best security practices, our Orbits do not allow you to log in using the root user. Due to this you need to get root access another way and this guide will show you how.
Prerequisites
There are no major prerequisites required to create a volume. You will only be required to have an existing volume if you wish to clone and an orbit if you wish to attach your volume to said orbit.
SSH into Orbit
SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Using the Root Account
Run this command to get root access
sudo su
Setting the Password
If you are continuing from the previous step you should already have root access but if not, run the following to get access.
sudo su
Run the following command to set a password for the root account.
passwd root
After setting up the password, you should be good to go. All thats left is to enable the login.
Configuring Root Login
Now that you have a root user we need to enable login. We can do that by editing a config file. Run “vim /etc/ssh/sshd_config” and edit “PermitRootLogin” to say “Yes”
Note: To edit in VIM, move the blinker to the spot that you want to change. Press “i” and you can begin editing the text and once done press “ESC”. To save the file press “:” and write “wq” then press “Enter”. Your changes should be saved
Now for the changes to take effect, you need to restart your daemon. Run the following command “systemctl restart sshd”. Once that is done, run “systemctl status sshd” and it should say “running” in green
Now you can logout from your SSH and log back in with the root user and password you set.
Note: You only need to modify the file and restart the service (Step 1 and 2 if PermitRootLogin is not already set to “yes”
One of the many available One-Click Apps that we have is Redis. Redis is an open source (BSD licensed, in-memory data structure store, used as a database, cache and message broker.
Prerequisites
Orbit created with Redis image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Redis
Once you are SSH'd into the server you will see the following.
You can start your Redis server by typing
redis-server
You can also test if Redis is properly setup by also typing these two commands.
redis-cli ping
With everything working, you should be good to go with your Redis orbit.
One of the many available One-Click Apps that we have is Cassandra. Apache Cassandra is a highly scalable, high-performance distributed database designed to handle large amounts of data across many commodity servers, providing high availability with no single point of failure. It is a type of NoSQL database.
Prerequisites
Orbit created with Cassandra image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Cassandra
Once you are SSH'd into the server you will see the following.
You can use Cassandra through the docker by running
docker exec -it cassandra bash
You can also test your Cassandra cluster by running the following
cqlsh
With everything working, you should be good to go with your Cassandra orbit.
One of the many available One-Click Apps that we have is LAMP. LAMP stack is a popular open source web platform commonly used to run dynamic web sites and servers. It includes Linux, Apache, MySQL, and PHP/Python/Perl and is considered by many the platform of choice for development and deployment of high performance web applications which require a solid and reliable foundation.
Prerequisites
Orbit created with LAMP image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting LAMP
Once you are SSH'd into the server you will see the following.
If we navigate to your Orbit's IP Address we will see the following image which means that Apache2 is working properly
Also you can run MySQL and start working with the database as well
mysql -u root -p
When it asks to enter a password, enter 'password' without the quotes
Now that everything is up and running, you can start using your Orbit with Apache2, MySQL, and Python.
One of the many available One-Click Apps that we have is Joomla. Joomla is an open source platform on which Web sites and applications can be created. It is a content management system (CMS which connects your site to a MySQLi, MySQL, or PostgreSQL database in order to make content management and delivery easier on both the site manager and visitor.
Prerequisites
Orbit created with Joomla image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting Joomla
Once you are SSH'd into the server you will see the following.
All passwords are generated when an orbit is first created and stored in a .secrets file, unless the welcome screen says otherwise. To access it, run the following command:
cat .secrets
If we navigate to your Orbit's IP Address we will see the following page where you can start setting up Joomla.
Now we can set all our database configurations. The first image of the command line has information for what you should put on this setup page.
The next page will be specific configurations that you want to setup and once you press 'Next' it will start installing.
Once done, you will see the following screen with information regarding your installation.
To begin viewing the site. You must first remove the installation folder. Then on the bottom left, press the site button and it will take you to your home page.
One of the many available One-Click Apps that we have is ELK. ELK is an acronym for a collection of three open-source products: Elasticsearch, Logstash, and Kibana. Elasticsearch is a NoSQL database that is based on the Lucene search engine. Logstash is a log pipeline tool that accepts inputs from various sources, executes different transformations, and exports the data to various targets. Kibana is a visualization layer that works on top of Elasticsearch.
Prerequisites
Orbit created with ELK image
Running Orbit
Creating Your Orbit
To create your application, you must create a Photon. You can do so by selecting the Photon tab after selecting 'Create Orbit'
Once there, you will see a list of available photons that you can create. Select one and it will bring you to a detailed page
Scroll down to the details and you can start selecting options for your photon as well as setting up credentials.
Once everything is filled in, just press Create and you can move on to the next step
SSH into Orbit
First we need to check some details on our orbit by first navigating to the “My Orbits” tab.
Once there, click on the Orbit you want to connect to and check for three things:
IP Address
Running Status
Source Image(Ubuntu, Debian, Centos, Fedora
Once you have confirmed that your Orbit is running and you have the other information. Open up your console.
Now you can SSH into your Orbit by running.
ssh image@address
IP Address: We got this from the detail page, in this case it is “216.200.116.60”
Image: We got this from the source image in the details page. It should be one of the following: ubuntu, debian, fedora, centos
Note: A full command for this example would be: “ssh ubuntu@216.200.116.60”
Starting ELK
Once you are SSH'd into the server you will see the following.
We first need to set a setting for Elasticsearch to function
sudo sysctl -w vm.max_map_count=262144
Finally we can deploy ELK to the docker
docker stack deploy -c stack.yml elk
Before continuing, we need to wait a few minutes for the docker to set everything up. If you want to see if everything is ok to continue, you can run the following and it should look like the image below
docker ps
Now that everything is up and running, you can go to the following pages in your browser to see if theyre loading
Kibana
ipaddress:5601
Elasticsearch
ipaddress:9200
Installing Filebeat on Ubuntu - Optional
Now that we have everything setup, we need another server that will obtain all our log files and Filebeat will do just that. First we need to install it by running the following
Note: You need to change i386 if you have a x64 architecture. You can change it to amd64
From your original Orbit that is running your ELK server we need to transfer 2 files: filebeat.yml and logstash-beats.crt First you must go to your home directory before running any of these commands
cd nginx-filebeat scp logstash-beats..crt filebeat.yml ubuntu@192.168.16.58:~
Here we are copying the two files we need from the nginx-filebeat directory to the home directory of our Ubuntu server whose IP is 192.168.16.58. Change the IP to reflect the system that you are transferring to
Once transferred we can go back to the system we transferred the files to and move them to the appropriate directories. First, the filebeat.yml file needs to be moved
sudo mv filebeat.yml /etc/filebeat/filebeat.yml
After the file gets transferred, we need to change ownership by running the following
sudo chown root:root /etc/filebeat/filebeat.yml
Now we need to create a directory for our certificate and then we can move the certificate over.
SELinux is an acronym for Security-enhanced Linux. It is a security feature of the Linux kernel. It is designed to protect the server against misconfigurations and/or compromised daemons.
Prerequisites
Running Orbit
Enabling SELinux - Enforcing Mode
First open the config file in 'etc/selinux/config' using a text editor. Modify the 'SELINUX' value to permissive like the image below.
After enabling SELinux, reboot your system and SELinux will start indexing your files in Permissive Mode. You can check if any actions were denied by SELinux by checking 'var/log/messages'. Once you have everything sorted out, you can switch to enforcing mode.
First open the config file in 'etc/selinux/config' using a text editor. Modify the 'SELINUX' value to enforcing like the image below.
After enabling SELinux, reboot your system. After reboot we can confirm that SELinux was successfully disabled by running 'getenforce' which should return disabled like the following image.
Enabling SELinux - Permissive Mode
First open the config file in 'etc/selinux/config' using a text editor. Modify the 'SELINUX' value to permissive like the image below.
After enabling SELinux, reboot your system and you should be good to go.
Disabling SELinux
First open the config file in 'etc/selinux/config' using a text editor. Modify the 'SELINUX' value from enabled to disabled like the image below.
After disabling SELinux, reboot your system. After reboot we can confirm that SELinux was successfully disabled by running 'getenforce' which should return disabled like the following image.
This guide will help you verify your orbit's domain name by creating a PTR record.
Prerequisites
Running Orbit
Viewing PTR Records
First select the 'DNS' option from the navigation bar.
Once there, you will see a list of current PTR Records that you already have and you will be allowed to create more as well.
Creating PTR Records
Now while you are on the same page, we be able to create a record as well.
First input the domain name that you own. Do not include 'www'.
From the dropdown, select the Orbit that you want to attach to the record.
Once you have all the data entered and you select 'Create' your PTR record will be displayed in the list like the image below.
Verifying your PTR Records
From the PTR Record list select the record you just created and press 'Verify'. It should look like the following. We will be copying the text record hash from the details page, which we will enter as a text record with your DNS provider.
We will be using Cloudflare as an example to verify your PTR Record. Login to your Cloudflare account and select the 'DNS' icon from the navigation bar.
Once there, in the dropdown bar next to the 'Name' input box, select the 'TXT' option. Next fill in the 'Name' input box with the name of the domain.
Click the box next to it and a window should pop up where you can paste the hash key that was generated. The input field should look like the image below.
Once you have double checked that everything is ok, you can press 'Add Record'.
Now we must go back to the PTR Record dashboard on SystemOnGrid and go to our list of PTR Records. Select the 'Verify' button and you should see the following.
Once again, select the 'Verify' button and it should successfully verify the record. Once verified, the PTR Record will light up green like the image below. That means that everything was verified successfully.
Note: It may take from 5 mins to 24 hrs for verification to finally succeed due to the time it takes to update DNS records.
[category] => dns
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee941
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee940
)
[2] => Array
(
[section] => Viewing PTR Records
[path] => viewing-ptr-records
[_id] => 5ae0b906bc91da1005bee93f
)
[3] => Array
(
[section] => Creating PTR Records
[path] => creating-ptr-records
[_id] => 5ae0b906bc91da1005bee93e
)
[4] => Array
(
[section] => Verifying your PTR Records
[path] => verifying-your-ptr-records
[_id] => 5ae0b906bc91da1005bee93d
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => dns
)
[published] => 1
[is_deleted] =>
)
[39] => Array
(
[_id] => 5ae0b906bc91da1005bee894
[path] => tightvnc-server-setup
[updated] => 2018-04-25T17:21:10.198+0000
[created] => 2018-04-25T17:21:10.198+0000
[title] => TightVNC Server Setup
[subheading] => This is a guide on how to setup a TightVNC server on your Ubuntu Desktop.
[body] =>
Introduction
VNC or 'Virtual Network Computing' is a connection system that allows you to use your keyboard and mouse to interact with a graphical desktop environment on a remote server. It makes controlling your server easier for users who are not comfortable with the command line.
Prerequisites
Running Ubuntu Orbit
Installing TightVNC and Desktop Utilities
We first need to install some Gnome desktop utilities which will help setup our display that we will be viewing and we will be installing tightvncserver as well
Once everything is installed you can move on to the next step
Configuring TightVNC
We need to set a password for our server. Run the following command and it will ask you for a password and to verify it.
vncserver
Before we can actually connect to our system remotely we need to let our server start all our desktop utilities whenever it runs. To do so we need to add the following to the startup file. First we kill the server by running the following:
vncserver -kill :1
Now we can properly edit the startup file by running:
vim ~/.vnc/xstartup
Add the following into the file like the image below and save it
Once the startup file is saved we can restart the server by running:
vncserver
You should see an output similar to the following
Output New 'X' desktop is your_server_name.com:1 Starting applications specified in /home/user/.vnc/xstartup Log file is /home/user/.vnc/liniverse.com:1.log
Connecting with VNC
Connecting to your VNC server is simple. Just use any VNC viewer application from another system and for the address, you will put your orbit's ip address followed by port 5901. Like the following:
38.76.118.251:5901
You will be asked for the password that you set up when you configured the server and you should be good to go.
One of the many cryptocurrencies available is Monero and this guide will teach you how to mine them with our orbits.
Prerequisites
Orbit Running Ubuntu
Generating a Wallet
There are many ways to generate your own wallet but the simplest is by using an online wallet from MyMonero.
First select Create an Account from the main page.
You will be redirected to a page that has a private key at the bottom. This private key is how you can access your wallet so if you lose the key then you lose the wallet itself. Make sure you write it down in a safe location and once you are ready, copy it into the input box and press Log Me In.
Now that you are logged in you will be at your wallet's dashboard you can see your wallet's address. You will need to keep this handy because we will be using it for the next step.
Configuring your CPU Miner
To start CPU mining we need to install some packages and download the miner itself. We can start by installing the following:
Once installed we then need to get the miner itself
git clone https://github.com/hyc/cpuminer-multi
Lastly before we can begin mining we need to run a few commands. You can copy them below and paste them into the terminal all in one go. The terminal will then run each command line by line.
cd cpuminer-multi ./autogen.sh CFLAGS='-march=native' ./configure make
Once everything finishes we can start mining with our server
Starting your Miner
To actually start your miner, you only need to run the following in the directory that you were working in the previous section:
sudo ./minerd -a cryptonight -o MININGPOOL -u WALLET_ADDRESS_HERE -p x -t THREADS
You need to replace the following areas with your own information as shown below:
MININGPOOL - Mining Pool that you will be mining from. Example: stratum+tcp://pool.monero.hashvault.pro:3333 WALLET - Wallet Address that you got from the MyMonero website. Example: 44HnY4bDzdUivhim7NHJ5UgCoKtJWgsQWem1GxJnqfAgB9F6TKHwKoJMapTVkmwegoieirc2Dss151bZ3GemcrghCHgBD15 THREADS - Number of CPU threads you will be using. Example: 3
After replacing everything a full example command should look like the following
sudo ./minerd -a cryptonight -o stratum+tcp://pool.monero.hashvault.pro:3333 -u 44HnY4bDzdUivhim7NHJ5UgCoKtJWgsQWem1GxJnqfAgB9F6TKHwKoJMapTVkmwegoieirc2Dss151bZ3GemcrghCHgBD15 -p x -t 3
[category] => misc
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee955
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee954
)
[2] => Array
(
[section] => Generating a Wallet
[path] => generating-a-wallet
[_id] => 5ae0b906bc91da1005bee953
)
[3] => Array
(
[section] => Configuring your CPU Miner
[path] => configuring-your-cpu-miner
[_id] => 5ae0b906bc91da1005bee952
)
[4] => Array
(
[section] => Starting your Miner
[path] => starting-your-miner
[_id] => 5ae0b906bc91da1005bee951
)
)
[format] => html
[tags] => Array
(
[0] => cryptocurrency
[1] => monero
[2] => mining
[3] => bitcoin
)
[published] => 1
[is_deleted] =>
)
[41] => Array
(
[_id] => 5ae0b906bc91da1005bee897
[path] => how-to-create-a-partition-on-openbsd
[updated] => 2018-04-25T17:21:10.198+0000
[created] => 2018-04-25T17:21:10.198+0000
[title] => How to Create a Partition on OpenBSD
[subheading] => This is a guide on how to create a new partition on OpenBSD
[body] =>
Introduction
With our API system, you can control your resources without accessing the dashboard directly.
Prerequisites
Verified Account
Creating an API Key
To first create an API Key, we need to navigate to the 'My Account' section of your dashboard.
Once you are in your My Accounts page, on the sidebar select API Keys.
You will see an empty list which is where all your API keys will be located. To create a new one, click the Create button.
Enter a name for you API Key and press Create.
Once created, your key will be shown in the API Key list. Select the name to view the key
When you select the key name it will display the key like the image below.
Using your API Key
To use your key, navigate to System on Grid API. Once on that page you can search for actions you wish to perform and it will provide you with details as well as examples.
[category] => orbit
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee95d
)
[1] => Array
(
[section] => Prerequisites
[path] => prerequisites
[_id] => 5ae0b906bc91da1005bee95c
)
[2] => Array
(
[section] => Creating an API Key
[path] => creating-an-api-key
[_id] => 5ae0b906bc91da1005bee95b
)
[3] => Array
(
[section] => Using your API Key
[path] => using-your-api-key
[_id] => 5ae0b906bc91da1005bee95a
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => partition
[2] => volume
)
[published] => 1
[is_deleted] =>
)
[42] => Array
(
[_id] => 5ae0b906bc91da1005bee89c
[path] => how-to-install-webmin-and-virtualmin
[updated] => 2019-01-14T16:33:14.805+0000
[created] => 2018-04-25T17:21:10.200+0000
[title] => How to Install Webmin and Virtualmin
[subheading] => This is a guide on how to install Webmin and Virtualmin on your orbit
[body] =>
Introduction
This is a guide on how to install Webmin and Virtualmin on your orbit. Webmin is a web-based interface for system administration for Unix while Virtualmin is a domain hosting and website control panel, which gives the ability to create and manage many domains.
Running Orbit with Ubuntu 16.04 LTS
Installing Webmin
Before installing Webmin, we need to install some required packages. Run the following and wait for it to finish installing
We then make it executable and run the file with these next two commands.
sudo chmod +x install.sh sudo ./install.sh
You will see an introduction to the script like the image below. Type 'y' and enter to begin installation.
The only input you need to give to the script is your domain name like the image below. The script will then take care of the rest. NOTE: The script will generate a SSL certificate based on the domain specified.
Once everything is done installing, you will see the following message which means that your installation has been successful. Your URL will be different based on the domain you provided.
Post-Installation Configuration
Once you login you will be presented with a window like the following for some post installation configurations. Set them to your personal preferences.
Once everything is configured you will see the following screen.
All that's left to perform is a configuration check. We can do so by navigating from the sidebar on the left and going to 'Re-Check Configuration'.
If you set up everything properly you will see the following window that says 'your system is ready for use with Virtualmin'.
Creating a Virtual Server
Creating a virtual server is simple. First select 'Create Virtual Server' from the sidebar.
Then setup the server to your personal preferences. In this example we will set the domain name and admin password to 'test'. Once your done, press 'Create Server'
After everything is done being setup, you will be presented with a details page of your virtual server like the following.
Using the IP, domain name and password, you should now be able to connect to your server like the example below.
[category] => orbit
[enabled] => 1
[contents] => Array
(
[0] => Array
(
[section] => Introduction
[path] => introduction
[_id] => 5ae0b906bc91da1005bee973
)
[1] => Array
(
[section] => Installing Webmin
[path] => installing-webmin
[_id] => 5ae0b906bc91da1005bee972
)
[2] => Array
(
[section] => Installing Virtualmin
[path] => installing-virtualmin
[_id] => 5ae0b906bc91da1005bee971
)
[3] => Array
(
[section] => Post-Installation Configuration
[path] => post-installation-configuration
[_id] => 5ae0b906bc91da1005bee970
)
[4] => Array
(
[section] => Creating a Virtual Server
[path] => creating-a-virtual-server
[_id] => 5ae0b906bc91da1005bee96f
)
)
[format] => html
[tags] => Array
(
[0] => orbit
[1] => ubuntu
[2] => webmin
[3] => virtualmin
)
[published] => 1
[is_deleted] =>
)
[43] => Array
(
[_id] => 5b89ddbcec650900065f2cf3
[path] => how-to-use-the-quantum-file-system-manager
[title] => How to Use the Quantum File System Manager
[subheading] => This guide will show you how to install the Quantum FSM(File System Manager onto your Orbit
[category] => orbit
[body] =>
Prerequisites
Supported Distros
Currently the FSM is supported on the following distros: Ubuntu 14.04, 16.04, 17.10 and CentOS 7.
SSH Password Authentication
Quantum FSM Client installed on an Orbit
Installing the Quantum FSM Client
SSH into your Orbit and run the following commands.
curl -0 https://systemongrid.com/quantum/download/ -o quantum.tar.gz
mkdir quantum
tar -xzf quantum.tar.gz -C quantum/
cd quantum
sudo bash install.sh
Debug Quantum status
You can check if your panel is running or not using the following commands.
For Ubuntu 14.04:
sudo service quantum status
For Other distros:
sudo systemctl status quantum
You can also try to check the API by running the following command, as it may come in handy for debugging.
curl -k https://ip_address:7999
Remove the Quantum panel
To remove the Quantum panel from your orbit permanently, you run these commands:
```
Next, save and close the file.
## Create a virtual host
Apache Virtual Hosts files are stored in/etc/apache2/sites-available directory, enabled by creating links to the /etc/apache2/sites-enabled directory.
Create a virtual host configuration file.
```
$ sudo vim /etc/apache2/sites-available/ongrid.ml.conf
```
Paste the following in the directive updated with the new directory and domain name.
```
ServerName ongrid.ml
ServerAlias www.ongrid.ml
ServerAdmin webmaster@ongrid.ml
DocumentRoot /var/www/html/ongrid.ml/
ErrorLog ${APACHE_LOG_DIR}/ongrid.ml_error.log
CustomLog ${APACHE_LOG_DIR}/ongrid.ml_access.log combined
```
Save and close the file.
Servername: The domain name should match the virtual host configuration.
Serveralias: www domain should not match with the virtual host.
Documentroot: Apache servers the domain files from the directory.
Options: It shows which features are available in a directory.
Index: Stop directory listings.
Followlinks: It tells to follow the symbolic links to the web server.
Allowoverride: Identifies directives which are to be placed in the .htaccess file.
Errorlog: Identifies the location to log files.
Customlog: specifies the location to the log files.
Create a symbolic link from the virtual host file to the sites-enabled directory, to enable the new virtual host apache2 reads it during startup.
Enable the virtual host by using the a2ensite helper.
```
$ sudo a2ensite ongrid.ml.conf
```
Test apache configuration if there is no error you are going to see ‘syntax ok’. Restart, apache2 for changes.
```
$ sudo apache2ctl configtest
```
![apacheconfigtest](https://grid.media/assets/images/apache-virtual-hosts-configtest.png
```
$ sudo systemctl restart apache2
```
The domain name ongrid.ml is a dummy domain. You need to set up DNS by adding it to the /etc/hosts file.
```
$ sudo vim /etc/hosts
```
Add the following line at the end of the file, replace the server IP address and domain name with your server IP address and domain name.
216.200.116.101 ongrid.ml
Open a browser enter the URL as shown,
http://ongrid.ml
You will get the following output as shown in the screenshot.
![setupapachevirtualhosts](https://grid.media/assets/images/setup-apache-virtual-hosts-on-ubuntu-18.04.png
## Conclusion
Creating an apache virtual host configuration to host multiple websites on a single Ubuntu server.
[category] => orbit
[updated] => 2019-02-04T10:50:44.586+0000
[created] => 2019-01-09T14:19:15.159+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => apache
)
)
[59] => Array
(
[_id] => 5c35fe84f787750006a2d3ce
[path] => how-to-create-your-first-systemongrid-orbit
[title] => How to Create your First SystemOnGrid Orbit
[subheading] => This guide shows us how to create the system on grid orbit
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Create an Orbit](#create-an-orbit
- [Conclusion](#conclusion
## Introduction
[SystemOnGrid](https://systemongrid.com/ is a intuitive cloud platform & infrastructure service for developers, teams and companies. In SystemOnGrid developers can create their own virtual machines, they can add and adjust volumes for more power and manage everything from a simple, easy to use dashboard.
## Prerequisites
You should have [signed up with SystemOnGrid](https://dashboard.systemongrid.com/auth/signup.
## Create an Orbit
[Login to the SystemOnGrid](https://dashboard.systemongrid.com/auth/signin control panel with your username and given password.
![systemongridlogincredentials](https://grid.media/assets/images/systemongrid-login-credentials.png
When you enter into the system on grid dashboard,you can see a green button at the right corner as Create Orbit.
![systemongridmenu](https://grid.media/assets/images/systemongrid-menu.png
Select create orbit. Then the interface looks like this.
![systemongridorbitos](https://grid.media/assets/images/systemongrid-orbit-os.png
After creating an orbit, select your operating system. For suppose, if you want to select Ubuntu, then click on Ubuntu and select a version of Ubuntu, CPU & RAM.
Then it looks like this.
![orbitos](https://grid.media/assets/images/orbit-os.png
### CPU and RAM:
![systemongridcpuandram](https://grid.media/assets/images/systemongrid-orbit-CPU-and-RAM.png
Next, select SSD block storage and authentication can be done in two ways. Such as SSH key and Password.
![systemongridorbitssdblockstorage](https://grid.media/assets/images/systemongrid-orbit-ssd-block-storage.png
If you select the SSH key then it looks like this.
![sshkeyauthentication](https://grid.media/assets/images/ssh-key-authentication.png
If you have an SSH key then select it in the dropdown list. Or else add it by clicking on Add New SSH Key.
When you click on Add New SSH Key then the interface looks like this.
![createsshkeys](https://grid.media/assets/images/create-ssh-keys.png
Enter the name of your SSH key and public key in the given order. Next, click on the Create button. Otherwise, if you don’t require SSH key you can create orbit through password also.
If you click on the password then it asks you to give it a password
And to confirm password.
![orbitauthenticationmethod](https://grid.media/assets/images/orbit-authentication-method.png
After confirmation of the password. Enter your Hostname.
![createorbit](https://grid.media/assets/images/create-orbit.png
After entering your Hostname, click on the create button.Then your orbit will be created.
## Conclusion
Therefore SystemOnGrid Orbit is created and ready to use.
[category] => orbit
[updated] => 2019-02-04T12:05:54.424+0000
[created] => 2019-01-09T14:00:36.029+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => orbit
)
)
[60] => Array
(
[_id] => 5c34a8bcf787750006a2d349
[path] => how-to-use-sftp-to-securely-transfer-files-with-a-remote-server
[title] => How to Use SFTP to Securely Transfer Files with a Remote Server
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [How to Connect with SFTP](#how-to-connect-with-sftp
- [Getting Help in SFTP](#getting-help-in-sftp
- [Navigating with SFTP](#navigating-with-sftp
- [Transferring Files with SFTP](#transferring-files-with-sftp
- [Simple File Manipulations with SFTP](#simple-file-manipulations-with-sftp
- [Conclusion](#conclusion
## Introduction
FTP stands for “File Transfer Protocol”. It is a protocol used to transfer files between two remote systems. SFTP stands for SSH File Transfer Protocol or Secure File Transfer Protocol. It is a protocol packaged with SSH and works similarly over a secure connection. The benefit is the ability to use a secure connection to transfer files and traverse the filesystem on both local and remote system.
Mostly SFTP is better than FTP due to its security features and piggy-back features over SSH connections. Because FTP is an insecure protocol and has to be used only on networks you trust.
In this guide, we will demonstrate how to use SSH through its Command-line Interface.
## Prerequisites
You must have configured [SFTP server](https://systemongrid.com/guides/how-to-setup-sftp-server-on-ubuntu-18.04 and [FTP server](https://systemongrid.com/guides/how-to-setup-ftp-server-on-ubuntu-18.04 on Ubuntu 18.04.
You have to set up SSH keys to connect to the machine. You can do this by following our guide, [How to Setup SSH Keys on Ubuntu 18.04](https://systemongrid.com/guides/how-to-setup-ssh-keys-on-ubuntu-18.04.
## How to Connect with SFTP
Basically SFTP uses the SSH Protocol for authentication and for establishing a secure connection also it uses the same Protocol. So that the same authentication methods are available that are in SSH.
Even though passwords are easy to set up and use, we suggest to create SSH keys.
And you have to transfer your public key to any system that you want to access because this is more secure and save your time.
To establish an SSH connection and open up an SFTP session using that connection by entering below command.
```
sftp sam@your_server_ip_or_remote_hostname
```
Then you will redirect to the remote system and you can see the SFTP prompt.
If you are working on a custom SSH port, then you can open an SFTP session by using below command.
```
sftp -p=custom_port sam@your_server_ip_or_remote_hostname
```
Now you can connect to the remote system as the way of your specified port.
## Getting Help in SFTP
If you want any information regarding SFTP access then you can follow the below command.
```
help
?
```
You will get the list of available commands as below output.
![help](https://grid.media/assets/images/help.png
## Navigating with SFTP
Now you can use some commands to navigate through the remote system’s file hierarchy. For example, If you want to find the current directory in a remote system, then you can use the below command.
```
pwd
```
![pwd](https://grid.media/assets/images/pwd.png
If you want to see the contents of the directory, then you can enter the below command.
```
ls
```
![ftpoutput](https://grid.media/assets/images/ftp-output-02132019.png
If you want to know some essential options use the below command.
```
ls -la
```
![lsla](https://grid.media/assets/images/ls-la.png
If you want to change from one directory to another directory then use the below command.
```
cd ftp
```
Now you can access the remote system, but if you need to access your local system, then you can use commands towards the local system by preceding them with “l”.
All commands are having equivalent local commands. If you want to print the local working directory then enter the below command.
```
lpwd
```
![lpwd](https://grid.media/assets/images/lpwd.png
If you want to list the contents of the current directory on the local machine use the below command.
```
lls
```
![lls](https://grid.media/assets/images/lls.png
Use the below command to change the directory on the local machine.
```
lcd Desktop
```
## Transferring Files with SFTP
Navigation between local and remote systems is of two types
## Transferring Remote Files to the Local System
If you want to download files from our remote host, you can enter the below command
```
get remoteFile
```
![getremotefile](https://grid.media/assets/images/get-remotefile.png
Basically “get” command downloads a remote file to a file with same in the local file system. You can copy the remote file to another name by specifying the name afterward.
```
get remoteFile localFile
```
The “get” command takes some option flags. For example, you can copy a directory and all of its contents by specifying the r option stands for recursive.
```
get -r someDirectory
```
You can direct SFTP to maintain the appropriate permissions and access times by using the “-p” flag.
```
get -Pr someDirectory
```
## Transferring Local Files to Remote System
To transfer files to remote system use the below command.
```
put localFile
```
![putlocalfile](https://grid.media/assets/images/put-localfile.png
You can apply “put” command that works with “get”. To copy an entire local directory, you can enter the below command.
```
put -r localDirectory
```
If you want to check how much space is available to transfer, use the below command.
```
df -h
```
![dfh](https://grid.media/assets/images/df-h.png
The “!” command will direct into a local shell. So you can run any command. If you want to check disk usage, enter the below command.
```
!
df -h
```
Then you will get output like this.
![diskusage](https://grid.media/assets/images/disk-usage-02132019.png
Enter “exit” command to return to your SFTP session.
```
exit
```
Now you can see the SFTP prompt.
## Simple File Manipulations with SFTP
SFTP performs the type of basic file maintenance, which uses when working with file hierarchies. If you want to change the owner of a file which is on the remote system, Use the below command.
```
chown userID file
```
SFTP command will not accept usernames, it accepts UIDs. There is no way to know the appropriate UID in the SFTP Interface.
By using the below command you may get to know UID.
```
get /etc/passwd
!less passwd
```
The “!” command used as a prefix for local shell command in place of giving it by itself. It works to run any command available on our local machine and also been used with local “df” command earlier.
The UID will be in the third column of the file and delimited by a colon. If you want to change the owner of the group file use the below command.
```
chgrp groupID file
```
If you want to know the list of remote system’s groups, use the below command.
```
get /etc/group
!less group
```
Group ID, which is in the third column merged with the name in the first column as below. The “chmod” command works as same as on the remote file system.
```
chmod 777 publicFile
Changing mode on /home/demouser/publicFile
```
Here, there is no specific command for manipulating local file permissions, but you we can set the local unmask which can copy the files to the local system so that it will have appropriate permissions.
To so that use the below command.
```
lumask 022
Local umask: 022
```
Now all standard files downloaded may have 644 permissions.
SFTP can allow you to create directories on both local and remote systems with “lmkdir” and “mkdir” respectively.
The remaining commands target only remote filesystem.
```
ln
rm
rmdir
```
If you want to perform these actions on local file system then you can drop a shell by using the below command.
```
!
```
If you want to execute the single command on the local system then use “!” preceding every command like this.
```
!chmod 644 somefile
```
If you want to exit from the session then use “exit” or “bye” to close the connection.
```
bye
```
## Conclusion
Even though SFTP is a simple tool, it is useful for maintaining servers and transferring files between them.
[subheading] => This guide explains you How To Use SFTP to Securely Transfer Files with a Remote Server
[updated] => 2019-02-15T10:03:22.555+0000
[created] => 2019-01-08T13:42:20.662+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => sftp
)
[category] => security
)
[61] => Array
(
[_id] => 5c34bc8df787750006a2d350
[path] => an-introduction-to-common-components-in-docker-ecosystem
[title] => An Introduction to Common Components in Docker Ecosystem
[subheading] => This guide explains you about components in docker ecosystem
[body] => ## Table of Contents
- [Introduction](#introduction
- [What are Containers](#what-are-containers
- [What is a Docker](#what-is-a-docker
- [Service Discovery](#service-discovery
- [Docker Swarm Mode](#docker-swarm-mode
- [Networking Tools](#networking-tools
- [Service, Scheduling, Cluster management, and Orchestration](#service-scheduling-cluster-management-and-orchestration
- [Conclusion](#conclusion
## Introduction
In traditional time, Developing of application and Distributing, deploying in a production environment is a complicated process. Due to this scenario, there are some hardships. To solve and serve these failures a docker is introduced.
## What are Containers
Packaging components and their dependencies in a standardized and isolated lightweight process environment are called containers. Developing and deploying an application in a portable way is called containerization.
## What is a Docker
Docker is defined as a tool and also a containerization platform developed to standardize and simply in various environments. Here a large amount of software is developed and created in the ecosystem.
Main advantages of the docker are:
## Lightweight Resource Utilization
Containers get isolated at every process level and use the kernel host.so that there is no need to virtualize the entire environment.
## Portability
Dependencies of a containerized application are stacked inside the
container. So that it can run on any host.
## Predictability
Host will not see about what is running in a container. The container will not see what is running inside a host.
The above image describes how the container related to the host system and also tells how the individual applications use the operating system resources which are being abstracted by the docker.
## Service Discovery
Service recovery is a strategy which makes it easy to perform deployments secure and scalable. This is done by figuring the details they need without any manual configuration given by the administrator.
The services in the host will also register so that the remaining tools will also know about the availability. The diagram that is given below shows the how the application will register its connection with the discovery service system .after the application is being registered then the other tools will come to know the availability.
The responsibilities that service discovery will handle:
Agreeing and allowing the server to obtain and retrieve data to connect with the applications they require.
Allowing services to register their connection information.
To provide global accessible server location to configuration data.
Storing information about the cluster members for the cluster management software.
Service discovery tools :
## Etcd
It is a service recovery and a globally distributed key-value store.
## Consul
It is a service recovery and a globally distributed key-value store.
## Zookeeper
It a service recovery and a globally distributed key-value store.
## Crypt
It encrypts etcd entries.
The below image shows how the application will register with the discovery system once it is being registered the applications can question about the connection to the application.
## Docker Swarm Mode
Docker swarm are the nodes of the cluster which exists. One system can run on one or many nodes. These nodes are of two types of managers and workers. To deploy applications. User submits service information to the manager and then the manager will distribute these work tasks among the workers depending upon their availability.
## Networking Tools
Docker provides the basic networking structures for the container to container and even container to host. Docker provides the networking mechanisms, the first kind of one is that expose the container ports and map with the host system. The other kind is a container to communicate with the docker and its links. The level of networking is only suitable for either a single host or jointly managed systems. There some additional networking capabilities or visions available with additional tools.
The networking that should be simple and unique the space through the multiple hosts. VPN is adapted to communicate with various components.To establish macvlan information to communicate. Assign to per-host or per-application for subnetting. There are few projects which are involved in the docker networking are flannel, weave, pipework.
## Service, Scheduling, Cluster management, and Orchestration
Every application is usually dependent on a different number of components. Let us take a simple example of an application is written or coded in python but it can be run on any device. while designing an application with the split up components within its docker into individual containers is also called “service oriented architecture”.
The above image describes how the application will schedule and evaluate or will assign the available hosts and it will pull the information from discovery service.
So according to the availability the new application will be allocated to least busy host.
When a component is needed to build the container environment is called the scheduler. These schedulers are usually responsible for assigning containers on available hosts.
Orchestration can be generally defined as the combination of scheduling and managing hosts. There are a few examples where they can be schedulers and managing tools.
## Fleet
It can be scheduler and also a cluster management tool.
## Marathon
It can be scheduler and also a service management tool.
## Swarm
It can be a scheduler and a service management tool.
## Mesos
It can be a host abstraction that will consolidate host resources for the scheduler.
## Kubernetes
It is known for an advanced schedule which used for managing vast container groups.
## Conclusion
Here, we understand that docker itself provides the software, design, deployment with the scalability. The containerization is helpful to make deploy applications simple.
[category] => photon
[updated] => 2019-01-25T10:02:36.477+0000
[created] => 2019-01-08T15:06:53.133+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => docker
)
)
[62] => Array
(
[_id] => 5c36099ef787750006a2d3d3
[path] => how-to-install-and-secure-redis-on-ubuntu-18.04
[title] => How to Install and Secure Redis on Ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install and Configure Redis](#install-and-configure-redis
- [Test Redis](#test-redis
- [Bind to Localhost](#bind-to-localhost
- [Configure Redis Password](#configure-redis-password
- [Rename Dangerous Commands](#rename-dangerous-commands
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to install, configure and secure Redis on Ubuntu 18.04.
[Redis](https://redis.io/ is an acronym for Remote Dictionary Service. It is an in-memory data structure project known for its performance, flexibility, and broad language support. It is used as a database, cache and message broker.
## Prerequisites
You should have access to an Ubuntu 18.04 server.
Create a non-root user with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## Install and Configure Redis
To install the latest version of Redis from Ubuntu repositories and update it, use apt command.
```
$ sudo apt update
$ sudo apt install redis-server
```
Along with the Redis installation, a Redis configuration would be downloaded. You need to make a few changes in the configuration file.
Open the Redis configuration file using the below command.
```
$ sudo vi /etc/redis/redis.conf
```
Within the file, find the supervised directive. The supervised directive allows you to allocate an init system to manage Redis services so that you can have more control over its operations. By default, the directive is set to ‘no’ and you need to set it to systemd.
```
# If you run Redis from upstart or systemd, Redis can interact with your
# supervision tree. Options:
# supervised no - no supervision interaction
# supervised upstart - signal upstart by putting Redis into SIGSTOP mode
# supervised systemd - signal systemd by writing READY=1 to $NOTIFY_SOCKET
# supervised auto - detect upstart or systemd method based on
# UPSTART_JOB or NOTIFY_SOCKET environment variables
# Note: these supervision methods only signal "process is ready."
# They do not enable continuous liveness pings back to your supervisor.
supervised systemd
. . .
```
Save and close the file.
Now, restart the Redis services to apply the changes that you have made.
```
$ sudo systemctl restart redis.service
```
## Test Redis
After installing Redis, it’s time to test the Redis service if it is working well or not. In this guide, we have given a few methods to test the redis changes.
First, check the status of the Redis service with the below command.
```
$ sudo systemctl status redis
```
Output:
![redisserverservice](https://grid.media/assets/images/redis-server-service.png
You can check the Redis service using the command-line client.
```
$ redis-cli
```
You will be directed to the Redis prompt. Now, check the connectivity using the ping command.
```
127.0.0.1:6379> ping
```
Output:
![redisserverconnection](https://grid.media/assets/images/redis-server-connection-is-active.png
It means your server connection is still active. Now, check if you can set keys using the below command.
```
127.0.0.1:6379> set test "It's working!"
```
Output:
![redissettest](https://grid.media/assets/images/redis-set-test.png
Redeem the value using the command:
```
127.0.0.1:6379> get test
```
You will redeem the following output if everything is working correctly.
![redisgettest](https://grid.media/assets/images/redis-get-test.png
After ensuring that you are redeeming the value, exit the Redis prompt to go back to the shell.
```
127.0.0.1:6379> exit
```
Now, check if Redis can hold data even after restarting it. Use the below command to restart the Redis service.
```
$ sudo systemctl restart redis
```
Now, again check the Redis service using the command-line client.
```
$ redis-cli
```
You will be directed to Redis prompt and redeem the value using the command:
```
127.0.0.1:6379> get test
```
You will redeem the following output if everything is working correctly.
![redisisworking](https://grid.media/assets/images/redis-is-working.png
After ensuring that you are redeeming the value, exit the Redis prompt to go back to the shell.
```
127.0.0.1:6379> exit
```
## Bind to Localhost
Now, you need to make sure that Redis service is accessible only from localhost and blocking all connections from other sources. To do so, open the Redis configuration file using the below command.
```
$ sudo nano /etc/redis/redis.conf
```
Within the file, find the below line and uncomment it (if it’s not.
```
bind 127.0.0.1 ::1
```
Then, save and close the file.
Restart the Redis service to apply the changes.
```
$ sudo systemctl restart redis
```
Run the below command to check if the changes are applied or not.
```
$ sudo netstat -lnp | grep redis
```
Output:
![redischangesapplied](https://grid.media/assets/images/redis-changes-applied.png
If you don’t get the above output, you need to check if you have uncommented the correct line within the Redis configuration file.
If you get the above output, it means your Redis server is listening only to the localhost and the changes are applied to the Redis configuration file correctly. So, It will be almost impossible for hackers to gain access to your server. But, you haven’t set Redis to require users to verify their authentication before making changes to its configuration or data.
## Configure Redis Password
Redis has a security feature called auth command, which allows users to verify their authentication to access the database. Configure Redis password enables this auth command. To do so, open Redis configuration file, /etc/redis/redis.conf.
```
$ sudo nano /etc/redis/redis.conf
```
Scroll down to the SECURITY section and find look for the below line.
```
# requirepass foobared
```
Uncomment it by removing ‘#’ and replace foobared with a highly secured password. Then save and close the file.
Now, restart the Redis service using the below command.
```
$ sudo systemctl restart redis.service
```
Access the Redis command line to check if the password works or not.
```
$ redis-cli
```
You will be directed to Redis prompt and before authentication, you need to set a key to a value.
```
127.0.0.1:6379> set key1 10
```
You will get an error as you didn’t authenticate.
![authenticationerror](https://grid.media/assets/images/authentication-error.png
Now, authenticate with your password using the below command.
```
127.0.0.1:6379> auth your_redis_password
```
Output:
![passwordauthentication](https://grid.media/assets/images/password-authentication2.png
Now, run the previous to check if you get the correct output.
```
127.0.0.1:6379> set key1 10
```
Output:
![setkey](https://grid.media/assets/images/set-key-1.png
Now, check if you get the value of the new key.
```
127.0.0.1:6379> get key1
```
Output:
![getkey](https://grid.media/assets/images/get-key-1.png
Then, exit the Redis prompt with the below command.
```
127.0.0.1:6379> exit
```
## Rename Dangerous Commands
To enhance your Redis server’s security, you need to disable or rename specific commands that are considered dangerous. Some of the dangerous commands are FLUSHDB, FLUSHALL, DEBUG, BGSAVE, SAVE, SPOP, RENAME, SREM, SHUTDOWN, CONFIG etc. Disabling or renaming the commands entirely depends on your specific needs. To do so, open the Redis configuration file.
```
$ sudo vi /etc/redis/redis.conf
```
Scroll down to the security section within the file.
To disable any specific command, rename it to an empty string as shown below.
. . .
It is also possible to completely kill a command by renaming it into
an empty string:
```
rename-command FLUSHDB ""
rename-command FLUSHALL ""
rename-command DEBUG ""
. . .
```
To rename any specific command, give it another name, which you can easily remember, as shown below.
```
# rename-command CONFIG ""
rename-command SHUTDOWN SHUTDOWN_SOG
rename-command CONFIG SOG_CONFIG
. . .
```
Then, save and close the file.
Now, restart Redis service to apply the changes that you have made.
```
$ sudo systemctl restart redis.service
```
Run the Redis command line to test the new command.
```
$ redis-cli
```
You will be directed to Redis prompt and authenticate with your password.
```
127.0.0.1:6379> auth your_redis_password
```
Output:
![passwordauthentication](https://grid.media/assets/images/password-authentication2.png
Now, run the below command with the original name, CONFIG. You should get an error as you renamed it to SOG_CONFIG.
```
127.0.0.1:6379> config get requirepass
```
Output:
![redisrequirepass](https://grid.media/assets/images/redis-requirepass.png
Now, run the above command with the new name, SOG_CONFIG.
```
127.0.0.1:6379> sog_config get requirepass
```
Output:
![redispassword](https://grid.media/assets/images/redis-password.png
Then, exit the Redis prompt with the below command.
```
127.0.0.1:6379> exit
```
## Conclusion
You have successfully installed and configured Redis on Ubuntu 18.04, verified if the Redis service is working correctly and modified some dangerous commands in Redis configuration file to make it less vulnerable from hackers.
[subheading] => This guide explains you How To Install and Secure Redis on Ubuntu 18.04
[category] => security
[updated] => 2019-02-01T14:13:07.304+0000
[created] => 2019-01-09T14:47:58.982+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => redis
)
)
[63] => Array
(
[_id] => 5c347e1cf787750006a2d33b
[path] => additional-recommended-steps-for-new-ubuntu-18.04-servers
[title] => Additional Recommended Steps for New Ubuntu 18.04 Servers
[subheading] => This guide explains you the Additional Recommended Steps for New Ubuntu 18.04 Servers
[body] => ## Table of Contents
- [Introduction](#introduction
- [Basic Firewall Configuration](#basic-firewall-configuration
- [Time Zones Configuration](#time-zones-configuration
- [Synchronizing a Network Time Protocol](#synchronizing-a-network-time-protocol
- [Create a Swap File](#create-a-swap-file
- [Conclusion](#conclusion
## Introduction
In most cases, there are a few additional steps that are highly recommended for setting up the basic configuration for a new server. In this guide, we will explain to you about a few additional recommended steps for new Ubuntu 18.04 servers.
## Basic Firewall Configuration
A firewall is a protection from unauthorized access to a server. It is a network security device that monitors traffic to your server and allows or blocks a specific traffic based on predetermined security rules. This is just a basic level of security for a server.
Ubuntu ships a tool called ufw to configure the firewall policies. Our primary strategy is to lock down everything we don’t need to keep open.
We will configure the rules that define the exceptions to our privacy policy before we enable our firewall. While doing so, to maintain the access for remote administration, we need to create an exception for SSH connections.
By default, the SSH daemon runs on port 22, and if the default has been changed ufw can implement a rule by name. If you haven’t altered SSH port, you can enable the exception by using the following command.
```
$ sudo ufw allow ssh
```
If you have altered the SSH port, you will have to allow it by mentioning the actual port number, along with the TCP protocol.
```
$ sudo ufw allow 4444/tcp
```
This is a minimum firewall configuration. It will allow traffic on your SSH port and the remaining services will be inaccessible. You will need to open the firewall at each port wherever required only if you have planned to run additional services.
If you plan to run an HTTP web server, you need to allow access to port 80.
```
$ sudo ufw allow 80/tcp
```
If you plan to run an SSL/TLS enabled web server, you need to allow access to port 443.
```
$ sudo ufw allow 443/tcp
```
If you need email enabled SMTP, you need to open port 25.
```
$ sudo ufw allow 25/tcp
```
After adding the exceptions, you can review the selections by using the following command.
```
$ sudo ufw show added
```
If everything is fine, you can enable the firewall by using the command:
```
$ sudo ufw enable
```
Then, you will be asked a confirmation for your selection, type Y if you wish to continue. It will apply your exceptions, block all the remaining traffic, and configure the firewall at the boot automatically.
You will have to open the ports for any additional services that you may wish to configure in the future.
## Configure Time Zones and Network Protocol Synchronization
The next step is to set localization settings and configuring the Network Time Protocol (NTP synchronization.
The first step tells that your server is working under the correct time zone. The second step will manage your system to synchronize your system by the global network of NTP servers.
## Time Zones Configuration
The first step is the configuration of servers Timezone. This can be done by reconfiguring the tzdata package.
```
$ sudo dpkg-reconfigure tzdata
```
You will be shown with a menu that can allow you to select a geographic location of your server.
![timezoneconfiguration](https://grid.media/assets/images/timezones-configuration.png
Once your region is selected, then you can choose the specific time zone of a server.
![timezones](https://grid.media/assets/images/timezones.png
Then the system will be updated to use your selected timezone and output will be printed on the screen.
![timezoneoutput](https://grid.media/assets/images/timezone-output.png
Next step is the configuration of NTP.
## Synchronizing a Network Time Protocol
Up to now, you have set your timezone and next step is you should configure NTP.
This process will allow your system to sync with other servers and manages the system to more predictable in involving operations that depend on owing correct time.
To synchronize NTP, we have a service named ntp, which you can install from
Ubuntu’s repositories.
```
sudo apt update
sudo apt install ntp
```
All this process is about setting up NTP configuration on Ubuntu.
This process will start automatically on each boot and automatically adjust the system time will be matched with global NTP servers throughout the day.
## Create a Swap File
If we add swap to Linux server then it allows moving the less frequently accessed information from RAM to swap location on the disk. You can follow our guide to [add swap space on Ubuntu 18.04](https://systemongrid.com/guides/--how-to-add-swap-space-on-ubuntu-18.04. Accessing data which is available on disk is little slower than accessing in the RAM but having swap is makes difference like application alive and crashing.
Generally, the amount of swap is equal to or double the amount of RAM is good.
By using the fallocate utility, to allocate the space for Swap file.
For example, if you want 4 GB file then we can create a file by the following command.
```
sudo fallocate -l 4G /swapfile
```
Once the file is created, then we need to restrict the access to the file, so that other process cannot see the file. Use the following command to do so.
```
sudo chmod 600 /swapfile
```
Now we are having a file with required permissions. If we want to tell the system for swap then use the following command.
```
sudo mkswap /swapfile
```
Now the system can use the swap file by using the below command.
```
sudo swapon /swapfile
```
If you want to modify the system file instead of swap file then use the following command so that the server will automatically boot.
```
sudo sh -c ‘echo “/swapfile none swap sw 0 0” >> /etc/fstab’
```
## Conclusion
These are the Additional Recommended steps for Ubuntu 18.04.
[category] => orbit
[updated] => 2019-02-06T11:47:35.340+0000
[created] => 2019-01-08T10:40:28.538+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => orbit
)
)
[64] => Array
(
[_id] => 5c349371f787750006a2d340
[path] => how-to-setup-ubuntu-server-on-17.04-64-bit
[title] => How to Setup Ubuntu Server on 17.04 64-bit
[subheading] => This guide will show you how to setup ubuntu server on 17.04 64-bit
[body] => ## Table of Contents
- [Login as Root User](#login-as-root-user
- [Creating a New User](#creating-a-new-user
- [Granting Administrative Privileges to the New User](#granting-administrative-privileges-to-the-new-user
- [Configuring the Firewall](#configuring-the-firewall
- [Configuring Public Key Authentication](#configuring-public-key-authentication
- [Copying the public Key to the Server](#copying-the-public-key-to-the-server
Upon successful installation of Ubuntu 17.04 server, a few more steps are essential to fortify your server’s security and enhance its usability. In this article, we will focus on the crucial configuration steps that every system administrator needs to keep in mind when setting up the server.
## Login as Root User
The initial step in setting up your server is to log in as the root user. But first, you need to have your server's IP address and the Password or a private SSH key for authentication. To log in, open your Linux terminal and run the command below
```
# ssh username@ip-address
```
If it’s your first time connecting to the server, you will get the following prompt requiring you to confirm the server’s authenticity. Type ‘Yes’ to continue.
After that, you’ll be required to provide a password that you specified during the installation process after which you’ll be required to change it.
## Creating a New User
Working as root is generally not advised unless you are performing administrative tasks. This is because the root user has very heightened privileges and using it on a regular basis can lead to accidental changes in the system which can prove disastrous. It’s a good practice, therefore, to create a regular user account which you can use whenever you are not making any system changes. To achieve this run the ‘adduser’ command followed by the desired username. when prompted, provide a strong password and the necessary information where applicable.
```
# adduser winnie
```
## Granting Administrative Privileges to the New User
Occasionally, you may be required to perform some administrative tasks in the server. With the newly created user. it’s going to be impossible to accomplish this since it’s only the root user that has all the superuser privileges. It’s for this reason that we need to assign administrative privileges to the regular user to avoid constantly logging out and logging back again as the root user.
To achieve this, we need to add the regular user to the sudo group. As the root user, run the command as shown
```
# usermod -aG sudo username
```
Every time the regular user needs to perform an administrative task, the command will be preceded by sudo followed the username password
```
# sudo apt-get update
```
## Configuring the Firewall
By default, Ubuntu Server 17.04 comes with ufw firewall. You can specify some rules to control inbound and outbound connections.
To view the status of the firewall run
```
# ufw status
```
Output
![](http://
To view the current rules run
```
# ufw app list
```
Output
![](http://
To allow a service, run
```
# ufw allow service-name
```
For instance
```
# ufw allow http
```
Output
![](http://
You can also allow either a TCP or UDP port by running
```
# ufw allow 443/tcp
```
After you are done, run the following command to enable the firewall
```
# ufw enable
```
Output
![](http://
To verify the firewall status and view all the firewall rules in place run
```
# ufw status
```
## Configuring Public Key Authentication
The final step in securing the server is to configure public key authentication for added security when logging in. This will require a private SSH key to login into the server which will be stored in the local machine.
Generating Public and Private key pair
To generate a Public and Private key pair, log out of the server and run the command below in your local machine
```
# ssh-keygen
```
You will get the output as shown
![](http://
Press enter to accept
This is going to generate both the public key and private key (id_rsa and id_rsa.pub respectively in the local user’s .ssh directory.
Next, you’ll be prompted for a passphrase for securing your key with. You can opt to provide the passphrase or leave it blank. Note that providing the passphrase will require you to provide both the private key as well as the passphrase when logging in. This in effect adds an added layer of security during authentication. It’s therefore highly recommended for system administrators to provide a passphrase to the key.
### Note
The private key should be kept confidential as this is what will grant you access to the server.
## Copying the Public Key to the Server
After generating the key pair, now it’s time to copy the public key to the server. To achieve this, we are going to use the ssh-copy-id command as shown below
```
# ssh-copy-id username@ip-address
```
Output
![](http://
The key will be saved in the server’s **.ssh/authorized_keys** file.
At this point, you can now login back to your server
```
# ssh username@ip-address
```
You’ll be prompted for the public key’s passphrase and upon providing it, you’ll be notified that the public key has been successfully added.
### NOTE
You can further enhance your server’s security by disallowing password authentication such that one can only log in using the public key. Using your text editor of choice, open the /etc/ssh/sshd_config file and navigate to the line that reads
```
PasswordAuthentication yes
```
![](http://
Edit the value to no and save the changes. This should allow you to log into the server using the public SSH key authentication ONLY and disallow password authentication.
At this point, we have wrapped up setting up the server according to best System administration practices. You can now proceed to update & upgrade the system and install your preferred software packages.
[updated] => 2019-01-24T10:02:20.279+0000
[created] => 2019-01-08T12:11:29.493+0000
[published] =>
[is_deleted] => 1
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => orbit
)
[category] => orbit
)
[65] => Array
(
[_id] => 5c3481eef787750006a2d33d
[path] => --how-to-add-swap-space-on-ubuntu-18.04
[title] => How to Add Swap Space on Ubuntu 18.04
[body] =>
## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Check the System for Swap Space](#check-the-system-for-swap-space
- [Check the Hard Disk for Available Space](#check-the-hard-disk-for-available-space
- [How much Swap Space do I need](#how-much-swap-space-do-i-need
- [Create a Swap File](#create-a-swap-file
- [Enabling the Swap File](#enabling-the-swap-file
- [Making the Swap File Permanent](#making-the-swap-file-permanent
- [Change your Swap Settings](#change-your-swap-settings
## Introduction
In this guide, I will explain to you how to add swap space on Ubuntu 18.04.
Swap is the area on a hard disk and a part of Virtual Memory, a combination of RAM and Swap space, of your computer. Swap space is used when your machine’s physical memory (RAM is full. When the RAM is full, the system needs more memory resources, all the inactive pages in the memory will be moved to Swap space.
It is always recommended to have a dedicated swap partition for the swap space. But, the swap space can also be a swap file or a combination of swap partitions and swap files.
Swap space gives your server the ability to store more amount of data in its working memory but with a few cautions. And, this space will only be used when the memory space in RAM is not sufficient for data.
The information in the Swap space is comparatively slower than the information in the RAM. And, the operating system will use swap space to store the older data.
Adding a swap space to your applications is the best and easiest way to increase the responsiveness of your server and protect against memory errors in the applications.
## Prerequisites
A Running Server
## Check the System for Swap Space
Make sure to check whether your system has swap space already or not. You can check it by using the following command.
```
$ sudo swapon --show
```
Output:
![swaponshow](https://grid.media/assets/images/swapon-show.png
If you get the header of the table, as shown above, it means you do not have any swap space in your system.
And, another way to check space is by using the free utility, which shows the memory usage of your system. We can know the swap usage and current memory by using the below command.
```
$ free -h
```
Then the output looks like this:
![](http://
Now, you can see the above output. Your swap space in your system is 0.
## Check the Hard Disk for Available Space
Also, check your hard disk for the current disk usage. You can use the below command to know that.
```
$ df -h
```
![dfh](https://grid.media/assets/images/available-space-in-hard-disk.png
Now, you can see the first line in the above table that the hard disk partition has 1GB of available memory. It means we have an adequate amount of space to work with, however, your actual usage might be different.
## How much Swap Space do I need
The appropriate size of your swap space depends on the requirement of your applications and your personal choice. But, it is recommended to have the size of your swap space equal to or double the space of RAM on your system.
For example, your system has 8 GB of RAM. Now, it is recommended to have either 8GB or 16GB of swap space.
## Create a Swap File
Now, as you know the amount of available space in your hard disk, you can create a swap file within your file system.
You must create a file, swapfile, in your root directory. This file must be allocated the amount of space that you wish to. This can be done using the following method.
The swap file can be created by using fallocate programme. This command generates a file with a specified size.
For example, a server has 1G of RAM, we will create a 1G file in this guide.
```
$ sudo fallocate -l 1G /swapfile
```
We can verify the amount of space reserved by the following command.
```
$ sudo ls -lh /swapfile
```
Output:
![](http://
Now the file is created with the required amount of space.
## Enabling the Swap File
Before enabling the swap file, you need to change the settings so that no one can read the file except the root user. We can restrict other users from reading or editing the swap file by using the following command.
```
$ sudo chmod 600 /swapfile
```
To verify the permissions whether they are changed or not, use the following command.
```
$ sudo ls -lh /swapfile
```
Now you can see the root user has read and write flags enabled. Now we can mark the file as swap space by entering the below command.
```
$ sudo mkswap /swapfile
```
We can enable the swap file by allowing the system to start utilizing it, after marking the file.
```
$ sudo swapon /swapfile
```
Enter the following command to verify swap is available or not.
```
$ sudo swapon --show
```
You can verify the output of free utility by entering the following command.
```
$ sudo free -h
```
Successfully set up swap and our operating system will begin to use it if required.
## Making the Swap File Permanent
Now the swap file is enabled, but if you reboot then swap file is disabled unless you made it permanent. We can change it by adding this swap file to /etc/fstab File.
Enter the following command to back up the /etc/fstab file.
```
$ sudo cp /etc/fstab /etc/fstab.bak
```
Now edit the swap file at the end of this file by entering the following command.
```
$ sudo echo ‘/swapfile none swap sw 0 0’| sudo tee -a /etc/fstab
```
## Change your Swap Settings
The swappiness parameter, a value between 0 and 100 represents the percentage, configures how frequently your system swaps the data out of the RAM to the swap space.
If the value is closer to 0, it means the kernel will not swap the data to the hard disk unless it is required.
If the value is closer to 100, it means the kernel will put more data into swap to make more RAM space free.
The ideal for a server is close to 0. So, set your swappiness value to 10 by using the below command.
```
$ sudo sysctl vm.swappiness=10
```
Make this swap file permanent by entering the following command.
```
$ sudo nano /etc/sysctl.conf
```
Then, add the next line at the end of the file.
```
$ sudo vm.swappiness=10
```
[subheading] => This guide shows you How To Add Swap Space On Ubuntu 18.04
[category] => orbit
[updated] => 2019-02-15T12:18:10.175+0000
[created] => 2019-01-08T10:56:46.579+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => swap
)
)
[66] => Array
(
[_id] => 5c34944ff787750006a2d341
[path] => how-to-install-node.js-on-ubuntu-18.04
[title] => How to Install Node.js on Ubuntu 18.04
[subheading] => This guide explains you How To Install Node.js on Ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Installing the Distro Stable Version](#installing-the-distro-stable-version
- [Installing using a PPA](#installing-using-a-ppa
- [Installing using NVM](#installing-using-nvm
- [Removing Node js](#removing-node-js
- [Conclusion](#conclusion
## Introduction
[Node.js](https://nodejs.org/en/about/ is a Java Script platform for general programming which allows users to build network applications quickly. By using javaScript on both the front and back end, Node.js makes development more consistent and integrated.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## Installing the Distro-Stable Version
Ubuntu 18.04 contains default version of Node.js in its repositories and it can be used to provide a pleasant user experience across multiple systems. At the time of writing, the version in the repositories may not be the latest version, so it should be stable and sufficient for quick experimentation with the language.
You can use the apt package manager to know the version, To refresh your local package index by entering the below command.
```
$ sudo apt update
```
To install node.js from the repositories enter the below command.
```
$ sudo apt install nodejs
```
If you want to install Node.js packet manager, then you can enter the below command.
```
$ sudo apt install npm
```
By entering this, also allows you to install modules and packages to use with Node.js.
If you want to check the version of the Node.js you have installed after these steps, you have to enter the below command.
```
$ nodejs -v
```
## Installing using a PPA
If you want to get the most recent version of Node.js then, you can add the PPA means personal package archive maintained by NodeSource. This contains the most up-to-date versions of Node.js than the official Ubuntu repositories.
First, install the PPA to get access to its contents. In your home directory, use curl to retrieve the installation script for your preferred version, and replace 10.x with your preferred version.
```
$ cd ~
$ curl -sL https://deb.nodesource.com/setup_10.x -o nodesource_setup.sh
```
You can inspect the contents of this script with nano
```
$ nano nodesource_setup.sh
```
Then you can run this script under sudo:
```
$ sudo bash nodesource_setup.sh
```
The PPA will be added to your configuration and local package cache will be updated automatically. Once you running the setup from NodeSource, you can install the Node.js package in the same way as described above.
```
$ sudo apt install nodejs
```
If you want to check which version of the Node.js you have installed after these initial steps, enter the below command.
```
$ nodejs -v
```
The Node.js package contains the node.js binary and npm, So you don’t need to install the npm separately. Npm uses a configuration file in your home directory to keep track of updates. It will be created the first time you run npm.
Run the following command to verify that npm is installed and to create the configuration file:
```
$ npm -v
```
If you want to work with npm packages, you need to install the build-essential package.
```
$ sudo apt install build-essential
```
Now, you have the necessary tools to work with npm packages that need compiling code from source.
## Installing using NVM
You can also install Node.js with apt is to use a tool called nvm, which stands for “Node.js Version Manager”. In spite of working at the operating system level, nvm works at the level of an independent directory within your home directory. You can use multiple self-contained versions of Node.js without affecting the entire system.
Controlling your environment with nvm allows you to access the newest versions of Node.js and retain and manage previous releases. It is a different utility than apt, and the versions of Node.js that you manage with it are different with versions manage with apt.
To download the nvm installation, you have to use curl.
```
$ curl -sL https://raw.githubusercontent.com/creationix/nvm/v0.33.11/install.sh -o install_nvm.sh
```
You can inspect the installation steps with nano, To do this use below command.
```
$ nano install_nvm.sh
```
You can run the script with bash, To do this use below command.
```
$ bash install_nvm.sh
```
It will install the software into a subdirectory of your home directory at ~/.nvm.
It will add the required lines to your ~/. Profile file to use the file.
To gain access to the nvm functionality, you will need to either log out and log back in again or source the ~/.profile file so that your current session knows about changes.
```
$ source ~/.profile
```
Once nvm installed, you can install isolated Node.js versions. For information about the versions of Node.js enter the below command.
```
$ nvm ls-remote
```
The current LTS version at the time of this writing is v8.11.1. You can install by entering the below command.
```
$ nvm install 8.11.1
```
Usually, nvm will switch to use the most recently installed version. You can tell nvm to use the version you have it now. This can be done by entering the below command.
```
$ nvm use 8.11.1
```
If you install Node.js using nvm, the executable is called node. You can see the version currently used by the shell by entering the below command.
```
$ node -v
```
If you have multiple Node.js versions, you can see what is installed, then enter the below command.
```
$ nvm ls
```
If you want default versions, enter below commands.
```
$ nvm alias default 8.11.1
```
This version will be automatically selected when a new session spawns. You can also refer it by the alias like this:
```
$ nvm use default
```
Every version of Node.js will keep track of its packages and has npm available to manage these things. You can also have node.js projects ./node_modules directory. Use the below syntax to install the express module.
```
$ npm install express
```
If you want to install the module globally, make sure it available to other projects using the same version of Node.js, you can add the -g flag.
```
$ npm install -g express
```
It will install the package in:
```
~/.nvm/versions/node/node_version/lib/node_modules/express
```
Install the module globally will let you execute commands from the command line, but you have to link the package into your local sphere to require it from within a program.
```
$ npm link express
```
If you want to know more options available in nvm by entering the below command.
```
$ nvm help
```
## Removing Node js
If you want to uninstall Node.js then you can do it by using apt or nvm, depends on version. If you want to remove the distro-stable version then you have to work with apt utility at the system level. To do this enter the below command.
```
$ sudo apt remove nodejs
```
This command will remove all configuration files. If you don’t want to save the configuration files for later use, enter the below command.
```
$ sudo apt purge nodejs
```
This will uninstall the package and remove the configuration files contained it. At last, you may remove all unused packages which are installed automatically. To do this enter the below command.
```
$ sudo apt autoremove
```
If you want to uninstall the current version of Node.js that you have enabled using nvm, First you have to know the version.
```
$ nvm current
```
If you want the current active version, you can run below command.
```
$ nvm uninstall node_version
```
This command will uninstall the selected version of the Node.js.
If you want to remove the current active version, you should first deactivate nvm to enable your changes.
```
$ nvm deactivate
```
Now you can uninstall the current version using the uninstall command. It will remove all files which are associated with the targeted version of Node.js excluding cache files.
## Conclusion
These are the steps to get up and running with Node.js on Ubuntu 18.04.
[updated] => 2019-02-05T16:14:34.167+0000
[created] => 2019-01-08T12:15:11.037+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => node.js
)
[category] => photon
)
[67] => Array
(
[_id] => 5c34a0ddf787750006a2d347
[path] => -how-to-use-rsync-to-sync-local-and-remote-directories-on-a-vps
[title] => How to Use Rsync to Sync Local and Remote Directories on a VPS
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [About Rsync](#about-rsync
- [Basic Syntax of Rsync](#basic-syntax-of-rsync
- [How to Use Rsync to Sync with a Remote System](#how-to-use-rsync-to-sync-with-a-remote-system
- [Useful Options for Rsync](#useful-options-for-rsync
- [Conclusion](#conclusion
## Introduction
Rsync stands for remote sync, It is a local and remote synchronization tool. It also uses an algorithm which reduces the number of data copied by moving the parts of files that has been changed.
## Prerequisites
Rsync package should be installed in your server.
## About Rsync
Rsync is a flexible and network-enabled syncing tool. This would refer to the network protocol to use this tool. In this guide, we are mainly focusing on utility, but not the protocol.
## Basic Syntax of Rsync
The syntax of Rsync works in a way which quite resembles scp, ssh, and cp. It is quite simple.
To create two test folders and a couple of test files using the below command.
```
cd ~
mkdir dir1
mkdir dir2
touch dir1/file{1..100}
```
So you will get a directory named ‘dir1’ which has 100 files in it, those are empty.
You can see the list by entering the below following.
```
ls dir1
```
Now you will get output like this:
![lsdir](https://grid.media/assets/images/ls-dir-1.png
We are also having an empty directory called dir2, which is created earlier.
If you want to sync the contents of dir 1 to dir 2 on the same system, then enter the below command.
```
rsync -r dir1/ dir2
```
Here ‘-r’ refers recursive, and it is mandatory for directory syncing. You can also use ‘-a’ instead of ‘-r’ like this.
```
rsync -a dir1/ dir2
```
### Note
In the above syntax, there is a slash(/ at the end of the argument. It means ‘contents of dir1’. If you remove the slash(/, it means the directory inside the dir2. Then it will look like this.
```
~/dir2/dir1/[files]
```
You have to cross check once, before executing the rsync command. It grants a method to do this by entering the -n or --dry-run options.
```
rsync -anv dir1/ dir2
```
Then output looks like this:
![anvdir1dir2](https://grid.media/assets/images/anv-dir1-dir-2.png
Compare these two outputs, while entering slash or without entering the slash:
```
rsync -anv dir1 dir2
```
You will get output like this:
![](http://
So you can observe that the directory is transferred.
## How to use Rsync to Sync with a Remote System
Although it is easy to sync to a remote system if you have SSH access to the remote machine with Rsync installed on both devices. Once you have achieved the SSH access verification is done between two systems, you may sync the first dir to a remote computer with the same syntax.
```
$ rsync -a ~/dir1 username@remote_host:destination_directory
```
This is known as “push”. Because it pushes data from the local system to the remote system. And the opposite operation is “pull”. It means it is used to sync a remote directory to the local system. If the first directory is on the remote system instead of your local system then you have to use the below syntax.
```
$ rsync -a username@remote_host:/home/username/dir1
```
Place_to_sync_on_local_machine
With ‘cp’ and other tools that are similar to ‘cp’, the source is always the first argument, and the destination is always the second.
## Useful Options for Rsync
Rsync gives many options for changing the default behavior of the utility. If you are transferring files that weren’t compressed before, such as text files, you have to decrease the network transfer by adding compression using the ‘-z’ flag.
```
$ rsync -az source destination
```
Another flag is ‘-p’ which mixes the flags ‘-progress’ and ‘partial’. The start of those will grant you a progress bar for the transfers and second will grant you the ability to proceed the orders.
```
$ rsync -azP source destination
```
Then you will get the following output:
![sourcedestination](https://grid.media/assets/images/source-destination.png
If you execute the same command, then you will get the same output, because there is no change in the mode. You can try it by entering this command again.
```
$ rsync -azP source destination
```
Then the Output looks like this:
![rsyncsourcedestination](https://grid.media/assets/images/rsync-source-destination-02132019.png
You can update the modification time on some of the files by using below command.
```
$ touch dir1/file{1..10}
$ rsync -azP source destination
```
Then the output looks like this:
![sourcedestinationoutput](https://grid.media/assets/images/source-destination-output.png
To ensure that two directories are in sync, you have to remove files from the destination directory if they are removed from the Source. By default, rsync does not remove anything from the destination directory. We may change this behavior with --delete option. Before that use --dry-run option and test it to prevent data loss:
```
$ rsync -a --delete source destination
```
If you want to remove specific files or directories located in the same directory you are syncing, you can do by specifying them a comma-separated list follows the --exclude=option.
```
$ rsync -a --exclude=pattern_to_exclude source destination
```
If you specified a pattern to exclude, we can override that exclusion for files that match a different pattern by using the --include=option.
```
$ rsync -a --exclude=pattern_to_exclude --include=pattern_to_include source destination
```
Finally, rsyncs --backup is used to store backup files. It is used in conjunction with --backup-dir option.
```
$ rsync -a --delete --backup --backup-dir=/path/to/backups /path/to/source destination
```
## Conclusion
Rsync simplifies the file transfers over networked connections and also it will add robustness to local directory syncing.
[subheading] => This guide explains you How To Use Rsync to Sync Local and Remote Directories on a VPS
[category] => orbit
[updated] => 2019-02-15T10:23:47.741+0000
[created] => 2019-01-08T13:08:45.001+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => VPS
[1] => sync
[2] => rsync
)
)
[68] => Array
(
[_id] => 5c35d449f787750006a2d3c1
[path] => 5-common-server-setups-for-your-web-application
[title] => 5 Common Server Setups for your Web Application
[subheading] => This guide will suggests you how to setup your web application
[body] => ## Table of Contents
- [Introduction](#introduction
- [Common Server Setups for your Web Application](#common-server-setups-for-your-web-application
- [Everything on One Server](#everything-on-one-server
- [Separate Database Server](#separate-database-server
- [Load Balancer Reverse Proxy](#load-balancer-reverse-proxy
- [Master Slave Database Replication](#master-slave-database-replication
- [Database as a Service](#database-as-a-service
- [Conclusion](#conclusion
## Introduction
When you create any web application there are several factors to keep in mind.
Those are
### Performance
### Scalability
### Reliability
### Cost
### Availability
### Ease of Management
In addition to those factors, some essential configurations are required for your Web Application. Here are some Common Server setups which are essential to your web Application including their advantages and disadvantages.
## Common Server Setups for your Web Application
## Everything on One Server
To run any web application all components needs to reside on a single system.
In a modern web application, all these parts are needed to run this app like a web server, Database server, and application code.
A standard setup of these components would be LAMP stack. Which means Linux, Apache, Mysql, and Python on a single server.
When to use it?
If you want to set up an application quickly, then just go for it because it is quite simple to set up.
## Advantages
It is quite simple with only some clicks.
## Disadvantages
Poor Performance because of resource contention. Not horizontally scalable.
## Separate Database Server
Here Application server and Database server reside separately. So that we can remove the resource contention between the application server and database server because they don't share the same resource. This makes capacity planning much easy and it gives fault tolerance in more advanced configurations.
When to use it?
It is easy for setting up an application and there will not occur any clash between an application server and database server from working on the same resource.
## Advantages
Scalability is high due to the separation between the resources and Simple upgrade from single server setup.
## Disadvantages
Cost is more when compared to a single server. It is complex than a single server. Network performance is poor.
## Load Balancer Reverse Proxy
As the name itself depicts that, the load is balanced among the multiple resources by allowing them to serve a part of traffic. Load balancers can be added to the server to improve their Performance and Reliability by sharing the workload across the many servers. If one server gets fails to balance the load then other servers take care of the incoming traffic until the failure server gets back again. The load balancer also used to serve multiple applications through a single domain and port by using a reverse proxy.
When to use?
It is very much useful in the environment that requires scaling by adding more servers called horizontal scaling.
## Advantages
Load balancing can enable horizontal scaling. It increases redundancy. Scalability is high due to additional servers to the pool.
## Disadvantages
If the load balancer fails, then all traffic to the website get down immediately. So it is a single point of failure. Complexity is high.
## Master Slave Database Replication
In Master-Slave database Replication there will be one Master and one or more Slave nodes. In this setup, all updates are sent to the Master node and reads can be distributed across all slave nodes.
When to use it?
It is good enough if you want to increase your read performance for the database application.
## Advantages
It improves read performance by distributing read across the slaves. It can also improve write performance by using master for updates.
## Disadvantages
If the master fails, no further updates can be performed on the database until the issue is resolved. It does not possess default remedy in case of any failure in Master node.
## Database as a Service
Database as a service is a cloud computing service model that provides that provides users with some form of access to a database without setting up physical hardware or installing software. All the administrative tasks are taking care by service providers.
When to use it?
When you decide to outsource your database then the main factor you need to consider is “Can the DBaaS can do a better job providing database services then you can?”.Then you can build a database unique to your needs and a fill a warehouse with servers to run it.
## Advantages
You need not to buy your own equipment or software licenses. You need not hire database developers. You need not build a database system. The database is offsite. It means a loss of power or natural disaster doesn’t affect the system. You need not pay the power bill for running all the servers.
## Disadvantages
The main disadvantage of the database as a service is a matter of control. It means you are not having a direct access to the servers which are running your database. You don't have direct influence over the physical safety of servers. If your system goes down, then you don't have access to your database. There will be an issue of cost-at-scale. It means once a business reaches a specific size, it is better to build your database and run it.
## Conclusion
For now, you have basic knowledge in the primary server set up and types of the server setup you would use in your applications. If you are working on improving your servers then an iterative process is better to avoid many problems quickly.
[category] => orbit
[updated] => 2019-02-26T09:36:23.525+0000
[created] => 2019-01-09T11:00:25.285+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => webapplication
)
)
[69] => Array
(
[_id] => 5c349dcef787750006a2d344
[path] => how-to-setup-ftp-server-on-ubuntu-18.04
[title] => How to Setup FTP Server on Ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [VSFTPD Installation](#vsftpd-installation
- [Configure FSFTPD Server](#configure-fsftpd-server
- [Create FTP User](#create-ftp-user
- [Connect to FTP Server](#connect-to-ftp-server
- [Conclusion](#conclusion
## Introduction
[FTP](https://en.wikipedia.org/wiki/File_Transfer_Protocol is a standard network protocol used for transfer of computer files between a client and server on Computer network. It is built on a client-server model architecture using separate control and data connections between the client and server.
## Prerequisites
Privileged access to the system as root or a non-root user account with sudo privileges is required. Create a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## VSFTPD Installation
First of all, you have to install VSFTPD Thread. To do this you have to open the terminal and enter the below command.
```
$ sudo apt-get install vsftpd
```
Now it is installed. Next step is to configure the VSFTPD.
## Configure FSFTPD Server
Before configuring FSFTPD server, you have to take a backup for current server configuration file:
```
$ sudo mv /etc/vsftpd.conf /etc/vsftpd.conf_orig
```
Now you have to create a new configuration file /etc/vsftpd.conf using text editor as shown below
```
$ sudo nano /etc/vsftpd.conf
```
Now you have to start basic FTP server configuration, and make sure that it is working and after assuring that it suited to all environments.
```
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
pasv_enable=Yes
pasv_min_port=10000
pasv_max_port=10100
allow_writeable_chroot=YES
```
Add this FTP configuration lines to /etc/vsftpd.conf file.
![ftpconffile](https://grid.media/assets/images/ftp-conf-file.png
If your UFW firewall is enabled then execute the below command to allow traffic to FTP ports.
```
$ sudo ufw allow from any to any port 20,21,10000:10100 proto tcp
```
Now it is done. Now you have to restart VSFTPD server to apply new changes.
To do this use below command.
```
$ sudo service vsftpd restart
```
## Create FTP User
Now we have to create FTP user. If you want to create a new system account i.e. ftpuser then use the below script.
```
$ sudo useradd -m ftpuser
$ sudo passwd ftpuser
```
![addftpuser](https://grid.media/assets/images/add-ftp-user.png
To test it create an arbitrary file within ftpuser ‘s home directory. If you log in you can able to see and edit this file.
```
$ sudo bash -c "echo FTP TESTING > /home/ftpuser/FTP-TEST"
```
Now your FTP server configuration is over. If you want to use FTP on any other network than your local network, then it is better to configure SFTP server to add security to your FTP connections.
## Connect to FTP Server
So far you are ready to use ftpuser to connect and login to your new FTP server. As of now your new FTP server can be resolved through hostname ubuntu-ftp now you can use ftp command for login:
```
$ ftp testftp
```
![testftp](https://grid.media/assets/images/testftp.png
## Conclusion
Now we have described FTP configuration.
[subheading] => This guide explains you How to Setup FTP server on Ubuntu 18.04
[category] => orbit
[updated] => 2019-02-05T15:51:10.118+0000
[created] => 2019-01-08T12:55:42.438+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => ftp
)
)
[70] => Array
(
[_id] => 5c35dd9df787750006a2d3c3
[path] => how-to-setup-nginx-server-blocks-on-ubuntu-18.04-lts
[title] => How to Setup Nginx Server Blocks on Ubuntu 18.04 LTS
[subheading] => This guide will shows you how to setup nginx server blocks on ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [How to Setup Nginx Server Blocks](#how-to-setup-nginx-server-blocks
- [Install Nginx Web Server](#install-nginx-web-server
- [Create a Web Directory for each Server Block](#create-a-web-directory-for-each-server-block
- [Create Sample Web Pages for each Server Block](#create-sample-web-pages-for-each-server-block
- [Create a Configuration File for each Server Block](#create-a-configuration-file-for-each-server-block
- [Enable Nginx Server Blocks](#enable-nginx-server-blocks
- [Test Nginx Server Blocks](#test-nginx-server-blocks
- [Conclusion](#conclusion
## Introduction
Virtual hosts are used to run one or multiple websites on a single server. They allow the server to share its resources without the need of all services provided to use the same hostname. Virtual hosts are called server blocks on Nginx web server.
In this guide, we will explain to you how to setup Nginx server blocks on Ubuntu 18.04 LTS.
## Prerequisites
To setup Nginx server blocks on Ubuntu 18.04 LTS, you should either have access to a root user account or a non-root user account with root privileges using the sudo command. Setup a non-root user account by following the guide, [How to do Initial Server Setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## How to Setup Nginx Server Blocks
## Install Nginx Web Server
Before installing Nginx server, update your server’s package index using apt package management suite. This is because to update the Ubuntu system to the most recent version as the software we use in the process will have Ubuntu’s default packages and to complete a few necessary installations.
```
$ sudo apt update
```
Then, install the Nginx server.
```
$ sudo apt install nginx
```
After installing the Nginx web server, test if it is working or not by typing the IP address in a web browser. It should direct to the Nginx’s default landing page.
```
http://IP_address
```
Output:
![nginxserverblocksonubuntu](https://grid.media/assets/images/nginx-server-blocks-on-ubuntu-18.04.png
## Create a Web Directory for each Server Block
To explain you the process, I am going to create two Nginx server blocks namely, server1 and server2.
Now, you need to create two web directories to store the data of your Nginx server blocks.
Create a web directory for server1 server block using the below command.
```
$ sudo mkdir -p /var/www/html/server1.com/public_html
```
Create a web directory for server2 server block using the below command.
```
$ sudo mkdir -p /var/www/html/server2.com/public_html
```
You have successfully created two web directories which are owned by the root user.
Now, you need to change the ownership from the root user to the regular user. To do so, use the below commands.
```
$ sudo chown -R $USER:$USER /var/www/html/server1.com/public_html
$ sudo chown -R $USER:$USER /var/www/html/server2.com/public_html
```
In the above commands, USER refers to the currently logged in user.
Then, modify the read permissions to the Nginx root directory to give read-only permission for all users except the root user. To do so, use the below command.
```
$ sudo chmod -R 755 /var/www/html/
```
## Create Sample Web Pages for each Server Block
Now, you need to create a sample web page for each of your server blocks, server1 and server2.
Create a sample web page for server1 using the below command.
```
$ sudo vi /var/www/html/server1.com/public_html/index.html
```
A file will be opened. Add the following lines in it.
```
www.server1.com
This is server1
```
Save and close the file.
Similarly, create a sample web page for server2 using the below command.
```
$ sudo vi /var/www/html/server2.com/public_html/index.html
```
A file will be opened. Add the following lines in it.
```
www.server2.com
This is server2
```
Save and close the file.
## Create a Configuration File for each Server Block
Now, you need to create a configuration file for each of your server blocks, server1 and server2.
For that, you need to copy the contents of the default server block configuration file to the new server blocks configuration files. Do it by using the below commands.
```
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/server1.com.conf
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/server2.com.conf
```
Now, you need to edit the server1 configuration file. To do so, open it in a text editor using the below command.
```
$ sudo vi /etc/nginx/sites-available/server1.com.conf
```
Make the necessary changes as highlighted in bold letters below.
```
#Default server configuration
#
server {
listen 80 default_server;
listen [::]:80 default_server;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
root /var/www/html/server1.com/public_html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name server1.com www.server1.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
```
Save and close the file.
Similarly, edit the server2 configuration file by opening it in a text editor using the below command.
```
$ sudo vi /etc/nginx/sites-available/server2.com.conf
```
Make the necessary changes as highlighted in bold letters below.
```
#Default server configuration
#
server {
listen 80;
listen [::]:80;
#SSL configuration
#
#listen 443 ssl default_server;
#listen [::]:443 ssl default_server;
#
#Note: You should disable gzip for SSL traffic.
#See: https://bugs.debian.org/773332
#
#Read up on ssl_ciphers to ensure a secure configuration.
#See: https://bugs.debian.org/765782
#
#Self signed certs generated by the ssl-cert package
#Don't use them in a production server!
#
#include snippets/snakeoil.conf;
root /var/www/html/server2.com/public_html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name server2.com www.server2.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
```
Save and close the file.
## Enable Nginx Server Blocks
After making the necessary changes, remove the default server block configuration file using the below command.
```
$ sudo rm /etc/nginx/sites-enabled/default
```
Now, enable the configuration files of the new server blocks by using the below commands.
```
$ sudo ln -s /etc/nginx/sites-available/server1.com.conf /etc/nginx/sites-enabled/
$ sudo ln -s /etc/nginx/sites-available/server2.com.conf /etc/nginx/sites-enabled/
```
Now, restart the Nginx to make the changes effective.
```
$ sudo systemctl restart nginx
```
## Test Nginx Server Blocks
Now, it’s time to test your Nginx server blocks. To do so, open /etc/hosts file in a text editor using the below command.
```
$ sudo vi /etc/hosts
```
Add your server blocks in the file like below.
```
216.200.116.191 server1.com www.server1.com
216.200.116.191 server2.com www.server2.com
```
Save and close the file.
Now, open a web browser and enter http://server1.com and http://server2.com.
Output for http://server1.com:
![testserver1](https://grid.media/assets/images/server1.png
Output for http://server2.com:
![testserver2](https://grid.media/assets/images/server2.png
## Conclusion
You have successfully created Nginx server blocks on Ubuntu 18.04 LTS.
[category] => orbit
[updated] => 2019-02-05T10:58:38.252+0000
[created] => 2019-01-09T11:40:13.363+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => nginx
)
)
[71] => Array
(
[_id] => 5c349b08f787750006a2d343
[path] => how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server
[title] => How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install UFW](#install-ufw
- [Check UFW Status](#check-ufw-status
- [Using IPv6 with UFW](#using-ipv6-with-ufw
- [UFW Default Policies](#ufw-default-policies
- [Allow SSH Connections](#allow-ssh-connections
- [Enable UFW](#enable-ufw
- [Allow Connections on Other Ports](#allow-connections-on-other-ports
- [Deny Connections](#deny-connections
- [Deleting UFW Rules](#deleting-ufw-rules
- [Disable UFW](#disable-ufw
- [Reset UFW](#reset-ufw
- [Conclusion](#conclusion
## Introduction
A properly configured firewall is one of the important aspects of overall system security. Ubuntu associated with a firewall configuration tool named UFW i.e Uncomplicated Firewall. Its primary goal is to manage iptables easier.
## Prerequisites
Make sure that you have logged into your server with a non-root user account with sudo privileges or with the root user. If you don't have a non-root user account, you can create one by following our guide, [How to do Initial Server Setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04. It’s better to use sudo in place of Root to run Administrative commands.
## Install UFW
By default UFW is installed in Ubuntu 18.04, if it is not installed on your system, you can install the UFW package by using below command.
```
$ sudo apt install ufw
```
## Check UFW Status
Once the installation is completed you can check the status of UFW with the below command.
```
$ sudo ufw status verbose
```
By default, UFW is disabled. You have to enable it by using below command.
```
$ sudo ufw enable
```
Now it is activated.
## Using IPv6 with UFW
If your VPS is configured for IPv6, ensure that UFW is configured to support IPv6 so that will configure both IPv4 and IPv6 firewall rules. To do that, open the UFW configuration with this command:
```
$ sudo vi /etc/default/ufw
```
Then you have to set IPv6 to “yes” like this:
```
IPV6=yes
```
Save and exit then restart the firewall with below commands:
```
sudo ufw disable
sudo ufw enable
```
Now the UFW will configure the firewall for both IPv4 and IPv6.
## UFW Default Policies
UFW will lock all incoming connections and allow all outbound connections. This means that anyone trying to access your server will not be able to connect, if not you open the port. This means all incoming connections are restricted and allow all outgoing connections.
The default policies can be set by using below commands.
```
$ sudo ufw default deny incoming
```
And
```
$ sudo ufw default allow outgoing
```
If you want to be more restrictive, you can also deny all outgoing requests as well. This can be done by using below command.
```
$ sudo ufw default deny outgoing
```
## Allow SSH Connections
Before enabling the firewall we need to add a rule which will allow incoming SSH connections. To configure the UFW firewall, allow all incoming SSH connections by entering the below command.
```
$ sudo ufw allow ssh
```
The syntax for adding this service is quite easy. For example, The below command allows a connection on port 22 using TCP protocol.
```
$ sudo ufw allow 22/tcp
```
If your SSH server is running on port 2222, we could enable connections with below command.
```
$ sudo ufw allow 2222/tcp
```
## Enable UFW
So far UFW firewall is configured to allow all incoming SSH connections. Now we can enable it by entering the below command.
```
$ sudo ufw enable
```
## Allow connections on other ports
Depending on applications that run on your server, you will also allow incoming access to some other ports. How to allow incoming connections to some of the services are given below.
## Open port 80-HTTP
By using below commands HTTP connections can be allowed.
```
$ sudo ufw allow http
```
You can use port number 80 in place of http:
```
$ sudo ufw allow 80/tcp
```
Also you can use application profile like “Nginx HTTP” :
```
$ sudo ufw allow 'Nginx HTTP'
```
## Open port 8080
If you run Tomcat or any other application that listens on port 8080 to allow incoming connections to enter below command.
```
$ sudo ufw allow 8080/tcp
```
## Allow Port Ranges
Instead of allowing access to single ports UFW allows us to access port ranges.
If you allow port ranges with UFW, you must specify the protocol, either tcp or udp.
For example, if you want to allow port from 7100 to 7200 on both tcp and udp then run below command.
```
$ sudo ufw allow 7100:7200/tcp
$ sudo ufw allow 7100:7200/udp
```
## Allow IP Addresses
To allow access on all ports from the home machine with IP Address of 64.63.62.61, Then use the below command.
```
$ sudo ufw allow from 64.63.62.61
```
## Deny Connections
The default policy for all incoming connections is set to deny and if you haven’t changed it, UFW will block all incoming connection unless you explicitly open the connection.
For example, you have opened the ports 80 and 443 and your server is under attack from the 23.24.25.0/24 network. To deny all connections from that IP addresses you can use the below command.
```
$ sudo ufw deny from 23.24.25.0/24
```
If you want to deny access to ports 80 and 443 from that IP Address you can use the below command.
```
$ sudo ufw deny from 23.24.25.0/24 to any port 80
$ sudo ufw deny from 23.24.25.0/24 to any port 443
```
Writing allow rules are also same as deny rules, only need to replace allow with deny.
## Deleting UFW Rules
There are two ways to delete UFW rules.
By rule number.
For example, To delete UFW rule by rule number is as below command.
```
$ sudo ufw delete 2
```
By specifying the actual rule.
For example, To delete UfW rule by specifying the actual rule is as below
```
$ sudo ufw delete allow 8069
```
## Disable UFW
If you want to stop UFW and deactivate all rules you can use below command.
```
$ sudo ufw disable
```
If you want to re-enable UFW and activate all rules, You can use below command.
```
$ sudo ufw enable
```
## Reset UFW
If you reset UFW, it will disable
and delete all active rules. To reset UFW, Enter the below command.
```
$ sudo ufw reset
```
## Conclusion
In this guide, we have explained how to install and configure the UFW firewall on Ubuntu 18.04 server. Be sure to allow all incoming connections that are necessary for proper functioning of your system.
[subheading] => This guide explains you How To Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server
[updated] => 2019-02-05T15:53:47.479+0000
[created] => 2019-01-08T12:43:52.001+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => ufw
[1] => firewall
)
[category] => security
)
[72] => Array
(
[_id] => 5c3479a1f787750006a2d33a
[path] => -a-basic-mysql-tutorial
[title] => A Basic MySQL Tutorial
[body] => ## Table of Contents
- [Introduction](#introduction
- [How to Install MySQL on Ubuntu](#how-to-install-mysql-on-ubuntu
- [How to Access the MySQL Shell](#how-to-access-the-mysql-shell
- [How to Create and Delete a MySQL Database](#how-to-create-and-delete-a-mysql-database
- [How to Access a MySQL Database](#how-to-access-a-mysql-database
- [How to Create a MySQL Table](#how-to-create-a-mysql-table
- [How to Add Information to a MySQL Table](#how-to-add-information-to-a-mysql-table
- [How to Update Information in the Table](#how-to-update-information-in-the-table
- [How to Add and Delete a Table](#how-to-add-and-delete-a-table
- [How to Delete a Row](#how-to-delete-a-row
- [Conclusion](#conclusion
## Introduction
It is an open source relational database management software and it helps to store, organize and retrieve data. It is a handy and flexible programme. This guide provides information about how to create a database, tables and how to manage them and how to delete them.
## Prerequisites
A running server
## How to Install MySQL on Ubuntu
If you don't have MySQL installed on your orbit, you can download it by using the following command.
```
$ sudo apt-get install mysql-server
```
Now MySQL is downloaded on your orbit.
## How to Access the MySQL shell
Once you have installed MySQL in your orbit, then you can access MySQL shell by using the following command.
```
mysql -u root -p
```
Then you have to enter the root MySQL password into the prompt. Then you can start building the MySQL Database.
### Conditions
Every MySQL Command end with a semicolon. Otherwise, it will not execute.
MySQL commands are usually written in UpperCase and databases, tables, usernames and text are written in lowercase. But it doesn’t mean MySQL Command line is case sensitive.
## How to Create and Delete a MySQL Database
MySQL contains information into databases so that each database can hold data in Tables.
You can check your MySQL to know your databases by using the following command.
```
SHOW DATABASES;
```
Then you will get output like this.
![showdatabases](https://grid.media/assets/images/show-databases.png
To create a database using this following command.
```
CREATE DATABASE database name;
```
For example, we will create a database named “test”. By using the following command.
```
CREATE DATABASE test;
```
Now the database “test” is created. If you want to check databases, use this following command.
```
mysql> SHOW DATABASES;
```
Then you will get the following output.
![adddatabasetestoutput](https://grid.media/assets/images/add-database-test-output.png
In MySQL, if you want to delete any command you have to use the object “drop”.
If you want to delete any database use this following command.
```
DROP DATABASE events;
```
Now the database is deleted.
## How to Access a MySQL Database
In the new database, as we have created now, we can insert information. Now the first step is to create a table with an extensive database. Let’s we open the database by using the following command.
```
USE test;
```
If you want to see available databases and also see the overview of tables use the following command.
```
SHOW tables;
```
## How to Create a MySQL Table
If you want to store the details in the database then you have to create a table.
Create a new MySQL table using the following command.
```
CREATE TABLE student(sid int,name varchar(20,major varchar(10,gpa float,tutorid int,PRIMARY KEY (sid;
```
This command describes the following things.
Now created a table called student within the directory, events.
We have set up 5 columns in the table. Those are id, name, major, gpa and tutorid.
The “sid” column has a command ( PRIMARY KEY.
The “name” column has specified as VARCHAR command has a limit 20 characters long.
If you want to see how many tables are available in your database, use the following command.
```
mysql> SHOW TABLES;
```
You can see the organization of the table using the following command.
```
mysql>DESCRIBE student;
```
Then you will get output like this.
![describestudent](https://grid.media/assets/images/describe-student.png
## How to Add Information to a MySQL Table
Insert the information into the table by using the following command.
```
INSERT INTO student values(101, ‘Bill’, ‘CIS’,3.45,102;
```
Once you enter the above command, you will get like this:
Query OK, 1 row affected (0.00 sec
Now add people to the table that we have created.
```
INSERT INTO student values(102, ‘Mary’, ‘CIS’,3.1,null;
INSERT INTO student values(103, ‘Sue’, ‘Marketing’,2.95,102;
INSERT INTO student values(104, ‘Tom’, ‘Finance’,3.5,106;
```
Now we can see our table by using below command.
```
mysql> SELECT * FROM student;
```
Then the output looks like this.
![studenttable](https://grid.media/assets/images/student-table.png
## How to Update Information in the Table
Now you can update any information into the table. For example, a person “Mary” is changing her major stream by using below command.
```
UPDATE `student`
SET
`major` = 'Finance'
WHERE `student`.`name` ='Mary';
```
Also, you can use this command to enter information into specific fields.
## How to Add and Delete a Table
If you want to add any missing information use the below command. For example, our attendee's information then, use below command.
```
ALTER TABLE student ADD email VARCHAR(40;
```
This command will add a new column called “email” at the end of the table and also varchar command limits 40 characters.
And if you want to add the column at the specific place then use below command.
```
ALTER TABLE student ADD email VARCHAR(40 AFTER name;
```
Now the new email column goes after column “name”.
You can delete the column by using below command.
```
ALTER TABLE student DROP email;
```
Now the column email is deleted.
## How to delete a Row
If you want to delete rows from the table use this command.
```
DELETE from [table name] where [column name]=[field text];
```
For example, Mary is not suddenly gets detained due to some health issues then you can remove her details by using below command.
```
mysql> DELETE from student where name='Mary';
```
After that, you can check it once whether the row is deleted or not, by using the below command.
```
mysql> SELECT * FROM student;
```
Then the output must be like this.
![updatedstudenttable](https://grid.media/assets/images/updated-student-table.png
But the id numbers assigned to each person remains the same even after deletion of one person.
## Conclusion
So far, we have discussed the basic MySQL tutorial briefly.
[subheading] => This guide explains you A Basic MySQL Tutorial
[updated] => 2019-02-06T12:49:28.699+0000
[created] => 2019-01-08T10:21:21.302+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mysql
)
[category] => photon
)
[73] => Array
(
[_id] => 5c35df9cf787750006a2d3c5
[path] => how-to-create-a-sudo-user-on-ubuntu
[title] => How to Create a Sudo User on Ubuntu
[subheading] => This guide explains you How To Create a Sudo User on Ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Steps to Create a New Sudo User](#steps-to-create-a-new-sudo-user
- [Conclusion](#conclusion
## Introduction
The Sudo command grants administrator privileges. Generally, It is only available to the root user to the Normal users.
In this guide, we are showing the easiest way to create a new user with sudo privileges on Ubuntu.
## Prerequisites
Running Server
## Steps to Create a New Sudo User
## Step 1
To Log in to your server as the root user enter the below command.
```
local$ ssh root@server_ip_address
```
## Step 2
If you want to add a new user to your system then use the adduser command. You have to put username of the user in place of username as shown below.
```
# adduser username
```
You have to set the password at the prompt and confirm it. Note that a strong password is highly recommended as shown below.
Follow the prompts if you want to set the new user’s information. And you have to accept the defaults to leave all of this information.
## Step 3
To add the user to the sudo group use the below command.
```
$ usermod -aG sudo username
```
In Ubuntu, By default, the members of the sudo group have sudo privileges.
## Step 4
If you want to test sudo access to the new user account then test it using below command.
```
# su - username
```
Now you are a new user, you can test that you can use sudo by adding sudo to the command like this.
```
username$ sudo command_to_run
```
For example, If you want to list the contents of the /root directory, which is usually accessible to the root user.
```
username$ sudo ls -la /root
```
If you use sudo in a session for the first time, then you will be prompted to a password of the user account. Enter the password to proceed further.
If the user entered the correct password and he is an inexact group then that user will have sudo with root privileges.
## Conclusion
Now the user has sudo privileges.
[category] => orbit
[updated] => 2019-01-17T11:29:31.153+0000
[created] => 2019-01-09T11:48:44.779+0000
[published] => 1
[is_deleted] => 1
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => orbit
)
)
[74] => Array
(
[_id] => 5c35ec3af787750006a2d3c9
[path] => how-to-secure-apache-with-let’s-encrypt-on-ubuntu-18.04
[title] => How to Secure Apache with Let’s Encrypt on Ubuntu 18.04
[subheading] => This guide shows us the security of apache with lets encrypt on ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install Apache](#install-apache
- [Check your Apache Web Server](#check-your-apache-web-server
- [Manage your Apache Web Server](#manage-your-apache-web-server
- [Setup Virtual Hosts](#setup-virtual-hosts
- [Install Certbot](#install-certbot
- [Obtain an SSL Certificate](#obtain-an-ssl-certificate
- [Verify Certbot Auto-Renewal](#verify-certbot-auto-renewal
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to obtain SSL certificate using Certbot, how to secure Apache with Let’s Encrypt on Ubuntu 18.04 and how to renewal SSL certificate automatically.
[Let’s Encrypt](https://letsencrypt.org/ is an automated certificate authority (CA, provided by the Internet Security Research Group (ISRG, that provides an easy way to obtain and install free SSL/TLS certificates. Thus, it provides an easy way to encrypt HTTPS on web servers for free in the most user-friendly way possible. It makes the process easy by providing a client, Certbot, that automates most of the necessary steps. The entire process is fully automated on Nginx web server.
## Prerequisites
An Ubuntu 18.04 server with sudo privileges to a non-root user account.
Apache must be installed on Ubuntu 18.04.
You must own or have access The best practice is to run administrative commands as a sudo user instead of Root. to a registered domain that you wish to use SSL/TLS certificate with. In this tutorial, we use systemongrid.ml which we registered for free on freenom.com.
You must have created a record that points your domain to the public IP address of your server. This is because to make Let’s Encrypt validate that you are the owner of the domain it is issuing an SSL/TLS certificate for.
## Install Apache
Before installing Apache, update the local packages index to reflect the updated upstream changes using the apt package manager.
```
$ sudo apt update
```
Now, install Apache2 package.
```
$ sudo apt install apache2
```
Then, confirm the installation to allow apt to install Apache and all required dependencies.
## Check your Apache Web Server
After installing the Apache, the web server should be up and running automatically. Check it with the below command.
```
$ sudo systemctl status apache2
```
Output:
![apachewebserverstatus](https://grid.media/assets/images/apache-webserver-status.png
Your server has been started and is running successfully. You can also test this by requesting the Apache Ubuntu default page. You can do this by entering your server’s IP address in a web browser’s address bar.
http://your_server_ip
Output:
![apachedefaultpage](https://grid.media/assets/images/apache2-ubuntu-default-page.png
## Manage your Apache Web Server
You have installed Apache web server and it is running successfully. But, you need to know a few basic commands to manage your server.
To stop your Apache web server, use the below command.
```
$ sudo systemctl stop apache2
```
To start your Apache web server when it is stopped, use the below command.
```
$ sudo systemctl start apache2
```
To stop and start the service of your Apache web server, use the below command.
```
$ sudo systemctl restart apache2
```
If you are making any configuration changes, Apache will reload without dropping connections. For this, use the below command.
```
$ sudo systemctl reload apache2
```
When server boots, Apache is configured to start automatically. To disable this behavior, use the below command.
```
$ sudo systemctl disable apache2
```
And, you can also enable this by using the below command.
```
$ sudo systemctl enable apache2
```
Now, The Apache web server should start automatically.
## Setup Virtual Hosts
You can use virtual hosts in the Apache web server just like server blocks in Nginx. The virtual hosts are for encapsulating configuration details and hosting more than one domain from a single web server. We are using a sample domain, systemongrid.ml, to explain you the process. Replace the domain with your domain name.
Now, create a directory structure for your domain, systemongrid.ml, to store the data of your website. To do so, use the below command.
```
$ sudo mkdir -p /var/www/systemongrid.ml/html
```
Then, give ownership permissions of the directory to the $USER environmental variable.
```
$ sudo chown -R $USER:$USER /var/www/systemongrid.ml/html
```
If you haven’t modified your unmask value, the permissions of the web root should be correct. You can verify this by using the following command.
```
$ sudo chmod -R 755 /var/www/systemongrid.ml
```
Now, create a sample index.html page using a text editor.
```
$ vi /var/www/systemongrid.ml/html/index.html
```
Add the following HTML code within the file.
```
Welcome to Systemongrid.ml!
Success! The systemongrid.ml server block is working!
```
Then, save and close the file.
To make the Apache web server this content, you need to create a virtual host file with the correct directives. Instead of editing the default configuration file, you can create a new one at /etc/apache2/sites-available/systemongrid.ml.conf using a text editor.
```
$ sudo vi /etc/apache2/sites-available/systemongrid.ml.conf
```
Paste the below configuration block within the file.
```
/etc/apache2/sites-available/systemongrid.ml.conf
ServerAdmin admin@systemongrid.ml
ServerName systemongrid.ml
ServerAlias www.systemongrid.ml
DocumentRoot /var/www/systemongrid.ml/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
```
Then, save and close the file.
Now, To enable the file with the a2ensite tool, use the below command.
```
$ sudo a2ensite systemongrid.ml.conf
```
To disable the default site defined in 000-default.conf, use the below command.
```
$ sudo a2dissite 000-default.conf
```
Then, to check for configuration errors, use the below command.
```
$ sudo apache2ctl configtest
```
Output:
![syntaxok](https://grid.media/assets/images/syntax-ok.png
Now, restart the Apache web server to implement your changes.
```
$ sudo systemctl restart apache2
```
Now, you have successfully made the Apache web server your domain name. You can test this by navigating to http://systemongrid.ml in a web browser.
Output:
![serverblockisworking](https://grid.media/assets/images/server-block-is-working.png
## Install Certbot
The first step in obtaining an SSL/TLS certificate using Let’s Encrypt is installing Certbot software on your server. Install the updated version of Certbot using Ubuntu software repository that has been developed and maintained by Certbot developers.
Add the repository using the below command.
```
$ sudo add-apt-repository ppa:certbot/certbot
```
Then, press ENTER to accept.
Then, install Certbot’s Apache packages using the below command.
```
$ sudo apt install python-certbot-apache
```
Now, the certbot is ready to use.
## Obtain an SSL Certificate
Certbot provides many plugins to obtain SSL certificates. The Nginx plugin takes care of re-configuring Nginx and reloading the config whenever it is necessary.
```
$ sudo certbot --apache -d systemongrid.ml -d www.systemongrid.ml
```
The above command runs the Certbot with the Apache plugin using -d to specify the domain name that you are requesting the certificate for.
If this is the first that you are running Certbot, you will be asked to enter your email address and agree to the terms and conditions of the service.
After this, Certbot communicates with the Let’s Encrypt and runs a challenge to verify if you own or have control over the domain that you are requesting an SSL certificate for.
If this is successful, Certbot will ask you to configure your HTTPS settings.
![redirecthttptraffictohttps](https://grid.media/assets/images/redirect-http-traffic-to-https-02132019.png
Choose one option, then hit ENTER. The configuration will be updated. The Apache will be reloaded and pick the new settings.
Now, Certbot will show you a message telling you that the process was successful and the path where the certificates are stored.
![letsencryptsslcertificate](https://grid.media/assets/images/lets-encrypt-ssl-certificate-02132019.png
Now, your SSL certificates are downloaded, installed, and configured.
Load your website using https://systemongrid.ml and check your browser’s security indicator. It must represent with a green lock icon telling that this website is secured correctly.
## Verify Certbot Auto-Renewal
These SSL certificates issued by Let’s Encrypt are valid only for 90 days. The certbot runs certbot renew via a systemd timer twice a day to take care of the auto-renewal process. On non-systemd distributions, the process is provided by a script that is placed in /etc/cron.d. This task renews any certificate that is within 30 days of the expiration date.
Use the following command to test the renewal process.
```
$ sudo certbot renew --dry-run
```
You are all set if you see no errors.
If the auto-renewal process fails, Let’s Encrypt will send you the email, you have specified, when your certificate is about to expire.
## Conclusion
You have successfully obtained SSL certificate using Certbot, secured Apache with Let’s Encrypt on Ubuntu 18.04 and renewed SSL certificate automatically.
[category] => security
[updated] => 2019-02-15T09:29:48.755+0000
[created] => 2019-01-09T12:42:34.374+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => apache
[1] => letsencrypt
)
)
[75] => Array
(
[_id] => 5c35f23ff787750006a2d3cb
[path] => how-to-use-systemctl-to-manage-systemd-services-and-units
[title] => How to Use Systemctl to Manage Systemd Services and Units
[body] => ## Table of Contents
- [Introduction](#introduction
- [Service Management](#service-management
- [System State Overview](#system-state-overview
- [Unit Management](#unit-management
- [Edit Unit Files](#edit-unit-files
- [Adjust System State with Targets](#adjust-system-state-with-targets
- [Conclusion](#conclusion
## Introduction
In this guide, you are going to learn how to use the systemctl command to manage systemd services and units, manage and check statuses of the services, check the state of a system and work with the configuration files.
Systemctl is the central management tool to control the init system and service manager. Systemd is an init system and service manager for Linux operating system. It is an upgrade for the traditional SysV init systems. It is well-known for its power, flexibility, and capability to help users do their job with minimal hassle possible and for its massive adoption as it can make administering services simpler.
## Service Management
For all the service management tasks, the target unit is service units with .service suffix. But, you can leave .service suffix for most of the service management commands as systemd can know that you want to operate on a service.
## Start and Stop Services
Use the start command to start a systemd service. You need to use sudo before the command if you are executing with a non-root account user.
```
$ sudo systemctl start application.service
```
Or, you can simply use the below as systemd knows to show services files for service management commands.
```
$ sudo systemctl start application
```
But, In this guide, we use .service suffix for better understanding and clarity.
Use the stop command to stop a currently running service.
```
$ sudo systemctl stop application.service
```
## Restart and Reload Services
Use the restart command to restart a running service.
```
$ sudo systemctl restart application.service
```
Use the reload command if the application can reload its configuration files without restarting it.
```
$ sudo systemctl reload application.service
```
Use reload-or-restart command when you are not sure if the service can reload its configuration. This command will reload the available configuration or restart the service to pick up the new configuration.
```
$ sudo systemctl reload-or-restart application.service
```
## Enable and Disable Services
Use the enable command to start services automatically at boot.
```
$ sudo systemctl enable application.service
```
Use the disable command to stop services from starting automatically at boot.
```
$ sudo systemctl disable application.service
```
## Check The Status of Services
Use the status command to check the status of a service if it has any problems and you may be required to take actions to resolve the errors.
```
systemctl status application.service
```
Output:
![applicationservicestatus](https://grid.media/assets/images/application-service-status.png
You can also check a specific state of a service using different commands. Use the is-active command to check if a service is currently running/active or not.
```
systemctl is-active application.service
```
Use the is-enabled command to check if a service is enabled or not.
```
systemctl is-enabled application.service
```
Use the is-failed command to check if a service is in failed state or not.
```
systemctl is-failed application.service
```
## System State Overview
Now, you are going to learn a few systemctl commands that are useful to explore the current status of the system.
## Current Units
Use the list-units command to know a list of all the active units that systemd knows.
```
systemctl list-units
```
Output:
```
UNIT LOAD ACTIVE SUB DESCRIPTION
atd.service loaded active running ATD daemon
avahi-daemon.service loaded active running Avahi mDNS/DNS-SD Stack
dbus.service loaded active running D-Bus System Message Bus
dcron.service loaded active running Periodic Command Scheduler
dkms.service loaded active exited Dynamic Kernel Modules System
getty@tty1.service loaded active running Getty on tty1
. . .
```
You will get the same output if you call systemctl with no additional flags.
```
systemctl
```
You can get different types of information as output by adding additional flags. For example, if you want to know all the units that systemd has loaded and attempted to load into memory regardless of the current state of the unit (active/inactive, use --all flag.
```
systemctl list-units --all
```
Use the --state= flag to get only in-active units or active units.
```
systemctl list-units --all --state=inactive
```
The above command calls systemctl to display only the in-active units. Replace in-active with active to get only the active units.
```
systemctl list-units --all --state=active
```
And, by using --type= flag, you can call systemctl to display only the services which you are interested in.
For example, use --type= flag to call systemctl to display only the active service units.
```
systemctl list-units --type=service
```
### Listing All Unit Files
Unlike list-units, list-unit-files displays every unit file available in the systemd path, including those that systemd has not attempted to load into memory.
```
systemctl list-unit-files
```
Output:
![unitfileslist](https://grid.media/assets/images/list-unit-files.png
In the above output, you can see some of the unit files are in ‘static’ state. It means they don’t have an install section to enable a unit.
## Unit Management
In this section, you are going to learn how to get precise information about a particular unit file using some additional commands.
## Display a Unit File
Use cat command to display a unit file that systemd has loaded into its memory.
For example, run the below command to display the unit file of the atd scheduling daemon.
```
systemctl cat atd.service
```
Output:
![displayunitfile](https://grid.media/assets/images/display-unit-file.png
The above output is the unit file known to the currently running systemd process.
## Display Dependencies
Use the list-dependencies command to display a unit’s dependency tree. It will display a hierarchy mapping dependencies that are required to start a unit in question. Here, dependencies include the units that are required by the units above it.
```
systemctl list-dependencies sshd.service
```
Output:
![sshdservice](https://grid.media/assets/images/sshd-service.png
Add --reverse flag to the command to display reverse dependencies. And, add --before and --after flags to command to display a specific unit starting before and after themselves respectively.
## Check Unit Properties
Use show command to display low-level properties of a unit. Using a key=value format, it will display a list of properties that are set for the specified unit.
```
systemctl show sshd.service
```
Output:
![checkunitproperties](https://grid.media/assets/images/check-unit-properties.png
Use -p flag with the property name to display a single property. For example, use the below command to display the conflicts that the sshd.service unit has.
```
systemctl show sshd.service -p conflicts
```
Output:
![sshdserviceconflicts](https://grid.media/assets/images/sshd-service-conflicts.png
## Mask and Unmask Units
The systemd can also mark a unit as absolutely unstartable by linking it to /dev/null. You can do this by using the mask command.
```
sudo systemctl mask nginx.service
```
In the above command, we have masked nginx services. It will prevent nginx service from starting either automatically or manually.
If you try to start the nginx service, you can see the following output.
```
sudo systemctl start nginx.service
```
Output:
![sstartnginxservice](https://grid.media/assets/images/sstart-nginx-service.png
Use the unmask command to unmask a specific unit.
```
sudo systemctl unmask nginx.service
```
## Edit Unit Files
The systemctl provides inbuilt mechanisms to edit unit files if you want to modify them. This feature is added in systemd version 218.
Use edit command to open a unit file snippet for the unit.
```
sudo systemctl edit nginx.service
```
It will open a blank unit file to override or add directives to the unit definition. A directory will be created within the /etc/systemd/system directory with the .d affix. For example, nginx.service.d directory will be created for nginx.service directory. A snippet, override.conf, will be created within the directory. When the unit is loaded, the systemd will consolidate the snippet with the full unit file.
Use --full flag to edit the full unit file instead of creating a snippet.
```
sudo systemctl edit --full nginx.service
```
The above command will open a current unit file in an editor, where you can edit it. The modified unit file will be written to /etc/systemd/system, which will take priority over the system’s unit definition (somewhere in /lib/systemd/system.
Delete the unit’s .d configuration directory to remove any modifications you have made to the directory.
```
sudo rm -r /etc/systemd/system/nginx.service.d
```
Run the below command to remove a full modified unit file.
```
sudo rm /etc/systemd/system/nginx.service
```
After deleting the directory or file, reload the systemd process using the below command to no longer refer these files and revert for using the system files.
```
sudo systemctl daemon-reload
```
## Adjust System State with Targets
Target files are individual unit files that represent the state of a system. The files that define targets are identified by their suffix, .target. Target files are used to group other units.
## Get and Set the Default Target
When booting the system, the systemd process has a default target.
Use the set-default command to set a different default target.
```
sudo systemctl set-default graphical.target
```
Run the below command to display the default target for your system.
```
systemctl get-default
```
Output:
![systemctlgetdefault](https://grid.media/assets/images/systemctl-get-default.png
## List Available Targets
Multiple targets can be active at one time. If a target is active, it means the systemd has attempted to start all the units that are tied to the target.
Use the below command to display a list of available targets on your system.
```
systemctl list-unit-files --type=target
```
Use the below command to display all the active targets.
```
systemctl list-units --type=target
```
## Isolate Target
By using the isolate command, you can start all the units tied to a target and stop all that units that are not a part of the dependency tree.
For example, if you are working in a graphical environment with graphical.target active, you can change the system into a multiuser command line by shutting down the graphical system and isolating the multi-user.target.
And, make sure you are not stopping crucial services before isolating any target. Use the below command to display a list of dependencies of the multi-user.target.
```
systemctl list-dependencies multi-user.target
```
After checking the list of dependencies and satisfied with the units, you can isolate it using the below command.
```
sudo systemctl isolate multi-user.target
```
## Use Shortcuts for Important Events
The following are some of the systemctl shortcuts for essential events to enhance its functionality.
Use rescue instead of isolate rescue.target to put the system into rescue.
```
sudo systemctl rescue
```
Use the below command to halt the system.
```
sudo systemctl halt
```
Use the below command to shut down the system.
```
sudo systemctl poweroff
```
Use the below command to reboot the system.
```
sudo reboot
```
## Conclusion
In this guide, you have learned how to use the systemctl command to manage systemd services and units, manage and check statuses of the services, check the state of a system and work with the configuration files.
[subheading] => This guide explains you How To Use Systemctl To Manage Systemd Services and Units
[category] => orbit
[updated] => 2019-02-04T13:57:17.450+0000
[created] => 2019-01-09T13:08:15.733+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => systemctl
[1] => systemd
)
)
[76] => Array
(
[_id] => 5c35fefdf787750006a2d3cf
[path] => -how-to-set-up--apache-virtual-hosts-on-ubuntu-18.04
[title] => How to set up Apache Virtual Hosts on Ubuntu 18.04
[subheading] => This guide explains you How to set up Apache Virtual Hosts on Ubuntu 18.04
[body] => How to set up Apache Virtual Hosts on Ubuntu 18.04
# Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Creating a directory](#creating-a-directory
- [Create a virtual host](#create-a-virtual-host
- [Conclusion](#conclusion
# Introduction
## Virtual Hosts:
Virtual host means the method of running more than one website on a single system. For example,host1.domain.com, host2.domain.com etc., Virtual hosting is very useful in running multiple websites in a single system.
### Types of Virtual Hosts in Apache:
There are two types of virtual hosts in Apache:
#### IP based virtual hosting.
#### name- based virtual hosting.
IP based virtual hosting can run multiple websites/domains on a single system. where every domain or website has each IP address different.
name-based virtual hosting can run multiple domains/websites on a system and every domain/website has the same IP address.
# Prerequisites
You must have a domain name which is pointed to the public server IP address.
Get Apache installed on your system.
You must log in as a user with sudo privileges.
# Creating a Directory
Website files of the particular domain name are stored in a document root directory. So, that they can be available to us when we request for any file in response.
Document root can be set to any location where ever you want it.
Create a specific directory for each domain we want to host inside the server /var/www/ directory. This directory is created for storing the data of the virtual hosts. we will create a directory public_html to store the domain website files.
Create a document root directory for your domain as ongrid.ml. So, there the site files can be stored.
```
$ sudo mkdir -p /var/www/html/ongrid.ml/
```
Next, set the appropriate permissions.
```
$ sudo chmod -R 775 /var/www/html/ongrid.ml/
$ sudo chown -R www-data:www-data /var/www/html/ongrid.ml/
```
Create an index.html in the document root directory for testing purpose.
```
$ sudo vim /var/www/html/ongrid.ml/index.html
Add the HTML code inside
Welcome to ongrid.ml!
The ongrid.ml virtual host is working!
```
Next, save and close the file.
# Create a virtual host
Apache Virtual Hosts files are stored in/etc/apache2/sites-available directory, enabled by creating links to the /etc/apache2/sites-enabled directory.
Create a virtual host configuration file.
```
$ sudo vim /etc/apache2/sites-available/ongrid.ml.conf
```
Paste the following in the directive updated with the new directory and domain name.
```
ServerName ongrid.ml
ServerAlias www.ongrid.ml
ServerAdmin webmaster@ongrid.ml
DocumentRoot /var/www/html/ongrid.ml/
ErrorLog ${APACHE_LOG_DIR}/ongrid.ml_error.log
CustomLog ${APACHE_LOG_DIR}/ongrid.ml_access.log combined
```
Save and close the file.
Servername: The domain name should match the virtual host configuration.
Serveralias: www domain should not match with the virtual host.
Documentroot: Apache servers the domain files from the directory.
Options: It shows which features are available in a directory.
Index: Stop directory listings.
Followlinks: It tells to follow the symbolic links to the web server.
Allowoverride: Identifies directives which are to be placed in the .htaccess file.
Errorlog: Identifies the location to log files.
Customlog: specifies the location to the log files.
Create a symbolic link from the virtual host file to the sites-enabled directory, to enable the new virtual host apache2 reads it during startup.
Enable the virtual host by using the a2ensite helper.
```
$ sudo a2ensite ongrid.ml.conf
```
Test apache configuration if there is no error you are going to see ‘syntax ok’. Restart, apache2 for changes.
```
$ sudo apache2ctl configtest
```
```
$ sudo systemctl restart apache2
```
The domain name ongrid.ml is a dummy domain. You need to set up DNS by adding it to the /etc/hosts file.
```
$ sudo vim /etc/hosts
```
Add the following line at the end of the file, replace the server IP address and domain name with your server IP address and domain name.
```
216.200.116.101 ongrid.ml
```
Open a browser enter the URL as shown,
http://ongrid.ml
You will get the following output as shown in the screenshot.
# Conclusion
Creating an apache virtual host configuration to host multiple websites on a single Ubuntu server.
[category] => orbit
[updated] => 2019-01-09T14:03:33.122+0000
[created] => 2019-01-09T14:02:37.162+0000
[published] => 1
[is_deleted] => 1
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => virtual hosts
)
)
[77] => Array
(
[_id] => 5c34a9a3f787750006a2d34a
[path] => how-to-use-ssh-keys-with-systemongrid-orbits
[title] => How to Use SSH keys with SystemOnGrid Orbits
[subheading] => This guide will show you how to use SSH keys with system on grid orbits
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [How to Use SSH keys with SystemOnGrid orbits](#how-to-use-ssh-keys-with-systemongrid-orbits
- [Conclusion](#conclusion
## Introduction
SSH is an acronym for Secure Shell. Secure Shell (SSH is a cryptographic network protocol, and it is responsible for encrypting the information between a user and the remote machine. It allows users to perform secure network services.
It uses SSH keys to log into a server so that you can get a more secure way of logging in. Generally, hackers use brute force attack to crack passwords. But, it is almost impossible to decipher the SSH keys by using the brute force attack. So, you can connect to your server without entering your password. Moreover, it is even more secure.
Secure Shell (SSH is wholly based on public key cryptography. For your easy understanding, let’s just say SSH keys come in a pair. One is a private key and the other one is a public key. The private key is stored securely to the home machine of a user. The public key is stored securely to any remote machine that user wishes to connect. You can use the public key on any server, but it can be unlocked by connecting to a user who already has the private key. The machine will be unlocked only when the two keys matched. You can also increase the security much more by protecting the private key with a passphrase.
## Prerequisites
You should have generated the SSH key
## How to Use SSH keys with SystemOnGrid orbits
You can use your SSH public keys to [SystemOnGrid](https://systemongrid.com/ account by adding your keys to orbits. It’s secure to use your SSH public key because it cannot be reused to create the private key. It can only be used to authenticate the user that who has the respective private key.
As soon as you enter into the SystemOnGrid dashboard, select Create Orbit.
Then the interface looks like this.
![createorbitinterface](https://grid.media/assets/images/create-orbit-interface.png
After creating an orbit, you have to choose your operating system. For example, if you want to choose Ubuntu, then click on Ubuntu and then select a version, CPU & RAM.
Then the interface looks like this.
![selectvolumeininterface](https://grid.media/assets/images/select-volume-in-interface.png
After that, you have to select SSD block storage and then authentication can be done in two ways through
## SSH key
## Password
If you select through SSH key then the interface looks like this.
![createsystemongridorbit](https://grid.media/assets/images/create-systemongrid-orbit-02132019.png
If you already have an SSH key then you can select it in the dropdown list. Otherwise, you have to add it by clicking on Add New SSH Key.
If you click on Add New SSH key then the Interface looks like this.
![createsshkey](https://grid.media/assets/images/create-ssh-key.png
Then enter the name of your SSH key and your public key in respective fields. Then click on the Create button.
## Conclusion
In this we have described that how to use SSH keys with System On Grid orbits.
[category] => orbit
[updated] => 2019-02-15T09:49:03.287+0000
[created] => 2019-01-08T13:46:11.895+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => ssh
)
)
[78] => Array
(
[_id] => 5c34c20ff787750006a2d353
[path] => 5-ways-to-improve-production-web-application-server-setup
[title] => 5 Ways to Improve Production Web Application Server Setup
[subheading] => This guide suggests us how to improve production in web application server setup
[body] => ## Table of Contents
- [Introduction](#introduction
- [What is meant by Production Environment](#what-is-meant-by-production-environment
- [Backup System](#backup-system
- [Recovery Plans](#recovery-plans
- [Load Balancing](#load-balancing
- [Monitoring](#monitoring
- [Centralized Logging](#centralized-logging
- [Conclusion](#conclusion
## Introduction
If the application is freely running in the cloud environment, then accustomed to the rapid change in application management philosophy of today’s world. To change the planning and implementation of a production environment is to be created. For purpose of demonstration, It will be like two server environment that merely serves a web application:
From the above figure, we can see the setup where the components are involved in the cloud server environment and it serves the web application indeed.
## What is meant by Production Environment
A production environment can be described as the server environment for the web application which consists of hardware, software, data, operational plans which are necessary for the application to work. Production environment depends on factors:
## Availability
The availability can be defined as the application ability of intended users during the advertised hours and it is disrupted by the failure that will affect a crucial component severely enough. This can be described as the failure in the database storage fails so the administrator will get affected accidentally. The only way to promote is monitoring the availability by decreasing the number of points of the failure.
## Recoverability
Recoverability is described as that recovering from its failure or data loss of a system. If any component fails and it is not recoverable then availability will become non-existent.
## Performance
The application that performs and the average it works for users.
Acceptance levels can be mentioned as depending on the context and the application. It will depend on performance, recoverability, maintainability, and availability. So Here, we did not mention the hardware reliability, this can be described as the amount of time the component will function properly without its failure and will also include the security factors. This is because the cloud servers are reliable and also the potential of the failures and following security practices. Here, are the components that we can set up in the production environment.
## Backup System
Backup system will permit to create the periodic backups of the data and also restore data from backup. Backups will also allow for rollbacks in the data if at all the deletion or insertion in the modification. Every computer has the chance for the failure at any point in time, where we can lose the data so for this retrieve we need the backup of the data. The backup system is required for the production and it has storage locations where the data can be stored as they are selected, extracted, and manipulated.
From the above figure, we can see the backup server resides in the same data center as that of the application servers even the primary or initial backups are created here. Backup has the considerations the following:
## Data Selection and Extraction
Data that is needed to select and extract for backup. For coherent units of data. Most of the modern computers have the storage in the discrete units called files.
## Schedule of Backup Data
How the data is being taken whether it is full or incremental backups are done. It needs to perform at the frequent intervals of time and need to see some data and its considerations which may affect the schedule of the backup.
## Data Retention Period
Policies and regulations can lead to situations where the backups are retained for a particular period. The duration we will keep the backups.
## Disk Space or Storage Space for Backups
Data repository model has the data that has to be copied on to the data storage medium which may be magnetic tape, hard disk, optical storage, floppy or a drive.
Due to the combination of previous items affects the amount of disk space that the backup system should require. We need to take the advantage of the compression for the decrease of disk space.
## Off-site Data Protection
Backup data can be sent to an off-site to protect against any disaster or other sites specific problem. It is better to maintain a copy of the backups in a geographically separate location.
## Backup Restoration Tests
Test the backups restoration whether they are working correctly or not.
## Recovery Plans
Recovery plans can be explained as the set of documented procedures to recover from the failures or administration errors that occur in the production environment.
At the minimum cost, we will need the data recovery plan for the accidental data deletion or hardware failure. The recovery plan can be explained briefly as an example where a basic recovery plan is taken for server failure because the steps or the procedure used to perform initial server development, and the extra procedures are also required for restoration from backups. So, choose of the better recovery plan might help more for the recovery process. A recovery plan is required for the production even then it is not required for the software procedures but it is required for the setup. They will enable the backups effectively.
We can see the overview where the recovery plan plays a crucial role in it. When the database server is failed. It is being recovered by applying redo logs and rollback segments. At first, we can see the mix of committed and uncommitted transactions but after recovery, we can see only committed transactions. Considerations required for the recovery plans:
## Procedure Documentation
The set of documents that required in a failure event. If the document is written clearly with the step by step procedure then we can follow the document to rebuild the server and also we can add some steps for restoration of application data and configuration from backups.
## Automation Tools
The configuration software provides the automation this can improve the deployment and recovery plans. Guides are not adequate for the failure because it is not easy for the person to solve the execution addition of tools are required.
## Critical Components
Components are required for the application to run correctly. Application and the database servers both are required either of the failures will create havoc.
## Single Points of Failure
If the critical components do not have the automatic failover mechanism are consider to be the single point of failure and they should be eliminated. To improve ability. The diagram shows the single point failure in the router.
## Revision
Update the documentation as the recovery process improves.
## Load Balancing
Load balancing can be explained as the division of work processing between two or more computers or CPUs. This is done because the failure of one server will balance the traffic by providing other platforms until the server recovers in the cloud environment the load balancer server is used to balance the load balance software. The load balancer is not very much essential or required for the production environment but it helps to reduce the single points of failure system.
Check here: [Types of Load Balancing](https://systemongrid.com/guides/an-introduction-to-haproxy-and-load-balancing-concepts#types-of-load-balancing
From the above diagram, one more application server is added to share the load, load balancer spread user requests across the servers. It helps to grow the performance as it has two servers. If one server fails then another server helps to regain the loss. Considerations of the load balancing:
## Load Balanceable Components
The components will not be load balanced easily and some considerations are made and changed for some types of software like databases.
## Application Data Replication
If a loaded application server stores the application locally which can be uploaded files. So, the data must be available to the other application servers through different methods such as replication.
## Performance Bottlenecks
If the load balancer unable to serve enough resources then it will decrease the performance of the application.
## Single Points of Failure
Load balancing is used to eliminate the single points of failure and the poor plan load balance can add single points in the failure.
## Monitoring
Monitoring can be described as giving the status of the services and also trends of server resource utilization, monitoring provides the great result if any trigger in the action occurs such as if a server goes down or a resource is over-utilized. Notifications are provided so if any issue occurs to prevent the downtime of the application. Monitoring is not so necessary but improves the recoverability, planning, and maintenance of the setup. Considerations of monitoring:
## Services to Monitor
Monitoring of services indicates the software that we will monitor. We will see whether all services are running in the running state, active and functioning correctly.
## Resources to Monitor
Resources monitoring includes storage, memory, CPU, and network utilization.
## Data Retention
Data retention can be described as the duration of time that will be retained to monitor the data before the discard of it.
## Problem Detection Rules
The rules and thresholds that determine the service or resource are running and are OK. This is because if the server is running and answering the requests. But the resource or storage will trigger if the threshold exceeds.
## Notification rules
The thresholds and rules that exceed then the notification are sent. Notifications are essential but they are too many then the inbox will be full. So, they can also be ignored.
## Centralized Logging
Centralized logging can be defined as every application that runs in the server environment and even generates the logs. Centralized logging management is the logging solution system that will consolidate the log data and pushes to one central, accessible, easy-to-use interface and this allows to quickly detect the issues that will span the multiple servers by correlating their logs and metrics during the time frame and thus not required in the production. It will just provide invaluable insight into the server environment.
The above diagram, where the monitoring and centralized logging both are shown.
Considerations of logging:
## Logs to Gather
Particular logs that will ship from servers to a centralized logging server and gather all the important servers.
## Data Retention
As we know for the period of time the data is retained before we discard it. This will include the logs that we gather and will affect the amount of disk space that the centralized system will require.
## Log Filters
Filters can be explained as the parse plain logs into structured log data. Filtering logs will improve the ability to analyze, query, and graph the data quickly and easily.
## Server Clocks
The clocks of the servers are synchronized and are set to time zone. So, depending on that log time will be running and accurate.
## Conclusion
These components will improve the server setup. So based on the resources availability and the balance the design and implementation are done in the production environment it also depends on the production goals.
[category] => orbit
[updated] => 2019-01-25T09:30:32.595+0000
[created] => 2019-01-08T15:30:23.873+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => webapplication
)
)
[79] => Array
(
[_id] => 5c35e8f3f787750006a2d3c8
[path] => how-to-setup-automatic-deployment-with-git-with-a-vps
[title] => How to Setup Automatic Deployment with Git with a VPS
[subheading] => This guide will shows you how to set up automatic deployment with git with a vps
[body] => ## Table of Contents
- [Introduction](#introduction
- [Server Setup](#server-setup
- [Setting up Live Server Repository](#setting-up-live-server-repository
- [Hooks Directory](#hooks-directory
- [Creating a Post Receive File](#creating-a-post-receive-file
- [Setting up a Local Repository](#setting-up-a-local-repository
- [Setting up Beta Directory](#setting-up-beta-directory
- [Going Live from the Server](#going-live-from-the-server
## Introduction
In this guide, we will walk you through how to use Git when deploying your applications. Despite the existence of a myriad ways which you can use Git to deploy your applications, we shall focus on the most straightforward way of them all. This guide also assumes that you already know how to install Git and create your own repositories on your PC.
As you use Git, workflow is generally geared towards version control only. This is where you have a local repository as your workspace as well as a remote repository whereby everything is synced, and this allows collaboration with team members using their own PCs. Let’s see how you can use Git to push your application onto a production environment.
## Server setup
To start off, we are going to have 2 repositories
Your server’s live directory - /var/www/systemongrid.com
Your server’s repository - /var/grid-repo/grid.git
## Setting up Live Server Repository
From the command-line prompt, log in to your VPS
Navigate to the /var directory
```
# cd /var
```
Create the server’s repository directory
```
# mkdir grid-repo
```
Navigate to the newly created directory
```
# cd grid-repo
```
Create the git directory
```
# mkdir grid.git
```
Navigate into it
```
# cd grid.git
```
Run the command below to ensure that the folder is just for version control and not for source code files.
```
# git init --bare
```
Output
![](http://
To list the contents, use the ls command
```
# ls
```
![](http://
## Hooks Directory
As we have seen earlier, there exists a folder in our git repository called hooks. This folder contains some sample files which can be used for possible actions which can be used to hook and use customized actions.
![](http://
For more documentation, visit [Git - Git Hooks](https://git-scm.com/book/en/v2/Customizing-Git-Git-Hooks.
There are 3 server hooks:
## Pre-receive
Pre-receive is the first script that is run when a client initiates a ‘push’ request.
## Update
Update executes only once per branch
## Post-receive
Post-receive is executed once a ‘push’ is completely done with and can be used to notify other services & users.
## Creating a Post-receive file
To create a post-receive file, navigate to the hooks folder and run the command below
```
touch post-receive
```
Using your favorite text editor, open the file and add the following line
![](http://
Give the file execute permissions
```
chmod +x post-receive
```
To confirm that the file now has execute permissions run the ls -l command
```
ls -l
```
![](http://
‘git-dir’ will be the path to the repository. However, a different path to the location where your files will be transferred to can be defined. Once a ‘push’ request is completed the post-receive file will be consulted and will give you a prompt that your files should be in /var/www/systemongrid.com
## Setting up a Local Repository
Now let’s get back to our local PC and create own repository
Create your own repository as shown
```
# mkdir my_space
```
Navigate into it
```
# cd my_space
```
Initialize with Git
```
# git init
```
Output
![](http://
Set our repository’s remote path
```
# git remote add live ssh://user@mydomain.com/var/grid-repo/grid.git
```
Later, add the file
```
# git add.
```
then finally commit
```
# git commit -m "My project is ready"
```
Finally, ‘push’ the contents to the server
```
# git push live master
```
## Setting up BETA Directory
If you prefer testing first without deploying everything at once , you can opt to create a Beta directory. All you need to do is to create yet another repository.
So once again, log in to your VPS and create a new directory as shown
```
# cd /var/www/
```
Create the directory
```
# mkdir beta
```
AS before, create the repository
```
# cd /var/grid-repo
# mkdir beta.git
```
Navigate into the directory
```
# cd beta.git
```
Initialize the directory
```
# git init –bare
```
Cd into the hooks directory
```
# cd hooks
```
Now create the post receive file since we want our project to appear in the Beta directory
```
# touch post-receive.
```
Using the text editor of your choice, edit the file by adding the following script
```
#!/bin/sh
git --work-tree=/var/www/beta --git-dir=/var/repo/beta.git checkout -f
```
Save and exit.
Give the file execute permissions as we saw in our previous set up
```
# chmod +x post-receive
```
Head back to the local repository
```
# cd my_space/
```
Create a new directory
```
# mkdir project
```
Configure another remote to point to the Beta directory
```
# git remote add ssh://user@mydomain.com/var/grid-repo/beta.git
```
Next, run the following commands in succession
```
# git add.
# git commit -m "latest version"
```
Push to beta
```
# git push beta master
```
Then push to Live
```
# git push live master
```
## Going Live from the Server
Now it’s time to link the Beta to the Live repository. This will enable your team to collaborate on the same project remotely. To accomplish this, log in as root and create a beta repository
```
# cd /var/grid.repo/beta.git
```
Next run
```
# git remote add live ../site.git
```
At this point you should be able to push your content to the live server from Beta. Run
```
# cd /var/grid.repo/beta.git
```
Finally push to Live server
```
# git push live master
```
Well done! You have now set up your VPS to automatically deploy content with Git
[category] => orbit
[updated] => 2019-01-17T11:11:24.499+0000
[created] => 2019-01-09T12:28:35.160+0000
[published] => 1
[is_deleted] => 1
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => git
[1] => vps
)
)
[80] => Array
(
[_id] => 5c348605f787750006a2d33e
[path] => how-to-do-initial-server-setup-with-ubuntu-18.04
[title] => How to do Initial Server Setup with Ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Log into Root User Account](#log-into-root-user-account
- [What is a Root](#what-is-a-root
- [Create a New User Account](#create-a-new-user-account
- [Give Root Privileges to the New User Account](#give-root-privileges-to-the-new-user-account
- [Setup a Basic Firewall](#set-up-a-basic-firewall
- [Enable External Access for your Regular User](#enable-external-access-for-your-regular-user
## Introduction
In this guide, we are going to tell you the step-by-step process you should follow for initial server setup with Ubuntu 18.04. There are a few simple steps that you need to follow initially as basic server setup. The best part about setting up your server with Ubuntu 18.04 - It will increase the usability and security of your server and make it run for your intended purposes.
## Prerequisites
A Running Orbit
## Log into Root User Account
If you want to log into your server, you need your server’s IP address and the password to your root account.
After knowing them, you can log into your server with the following command.
```
$ ssh demo@192.168.32.76
```
Don’t get frightened, if you see the following message. You received this message because you are connecting to your Ubuntu server for the first time. And, the computer is telling you that it doesn’t recognize the remote server.
![rootuseraccount](https://grid.media/assets/images/Root-user-account.png
To confirm your authentication, just type ‘Yes’.
## What is a Root
In Linux terminology, a Root is an administrative user with many privileges. But, you are not supposed to use it regularly. This is because of the very broad privileges of the root account and also the ability of it to make hostile changes (accidentally.
## Create a New User Account
You need to create a New User Account (An Alternative User Account just to avoid the possibility of making hostile changes to your account.
After logging into the root account using the below command, we will be prepared to add an alternative account which you can use to login from now on.
```
$ sudo su
```
I am creating a new user called ‘demo’. Replace ‘demo’ with any other name that you wish to add.
```
#adduser demo
```
After that, you are asked to answer a few questions, starting with your account password.
It is always recommended to give a strong password. You can also give additions information if you want to, otherwise just click on the ‘ENTER’ button.
## Give Root Privileges to the New User Account
At present, the new user account has some basic account privileges. Despite that, we need to do a few administrative tasks.
To use root privileges, you can not always log out the new user account and log into the root account. So, we set up a ‘superuser’ or the root privileges to your new user account. This will allow the new user to use administrative privileges and run commands by adding the word ‘sudo’ before each command
```
# usermod -aG sudo demo
```
Now, the new user can use the account with the root privileges.
## Setup a Basic Firewall
An Ubuntu 18.04 server uses [UFW firewall](https://systemongrid.com/support/guides/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server to make sure that the connections to certain services are allowed. You can set up the basic firewall using this application.
Upon installing UFW, different applications can register their profiles. These profiles allow UFW to manage different applications by their names.
Now, OpenSSH, a service that allows us to connect to our servers, also has a profile registered with UFW.
You can check this using the below command.
```
# ufw app list
```
Output:
![](http://
You must make sure that the firewall is allowing [SSH connections](https://systemongrid.com/support/guides/understanding-the-ssh-encryption-and-connection-process so that we can log in back in next time.
We can allow these connections by using the below command.
```
# ufw allow openSSH
```
We can enable the firewall by using the command:
```
# ufw enable
```
Type ‘Y’, press ENTER to continue.
Use the below command to see what SSH connections are still allowed.
```
# ufw status
```
output:
![](http://
The firewall is currently blocking all connections except for SSH. If you install and configure some additional services, you will need to alter the firewall settings to allow the acceptable traffic in.
## Enable External Access for your Regular User
Now, you have a new user with Root privileges for daily use. It’s time to choose whether to log into your account using a password or SSH keys authentication.
## If you use Password Authentication
If you log into the root account using the password authentication, you can log into your new user account by opening a new terminal and using SSH with your new user account.
```
$ ssh demo@192.168.32.76
```
Then, you are prompted for the new user’s password that you configured. After this, you can log in as a new user.
And, if you want to run a command with the root privileges, you need to type sudo before it.
```
$ sudo command_to_run
```
If everything is alright, you can exit your sessions by typing
```
$ exit
```
## If you use SSH Keys Authentication
If you log into the root account using SSH keys, the password authentication will be disabled for SSH.
You need to add your public key to the ~/.ssh/authorized_keys file in your new user account.
As your public key is already in ~/.ssh/authorized_keys file in your new user account, copy that file and directory structure to your new user account.
You can use rsync command to copy the files with the correct ownership and permissions. The command will copy the root user’s .ssh directory, preserve the permissions, and change the file owners.
And, don’t forget to change the highlighted portions of the command to match your new user account.
```
$ rsync
```
Then, open a new terminal session using ssh with your new username.
```
$ ssh demo@192.168.32.76
```
you must be logged into the new user account without the password authentication. And, if you want to run a command with the root privileges, you need to type sudo before it.
```
$ sudo command_to_run
```
If everything is alright, you can exit your sessions by typing
```
$ exit
```
[subheading] => This guide explains you How to do Initial Server Setup with Ubuntu 18.04.
[category] => orbit
[updated] => 2019-02-15T12:01:16.105+0000
[created] => 2019-01-08T11:14:13.074+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => orbit
)
)
[81] => Array
(
[_id] => 5c349e5cf787750006a2d345
[path] => how-to-secure-nginx-with-let’s-encrypt-on-ubuntu-18.04
[title] => How to Secure Nginx with Let’s Encrypt on Ubuntu 18.04
[subheading] => This guide will show you how to secure nginx with let's encrypt on ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Secure Nginx with Lets Encrypt](#secure-nginx-with-let-s-encrypt
- [Install Certbot](#install-certbot
- [Setup Nginx](#setup-nginx
- [Allow HTTPS Through the Firewall](#allow-https-through-the-firewall
- [Obtain an SSL Certificate](#obtain-an-ssl-certificate
- [Verify Certbot Auto-Renewal](#verify-certbot-auto-renewal
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to obtain SSL certificate using [Certbot](https://certbot.eff.org/about/, how to secure Nginx with Let’s Encrypt on Ubuntu 18.04 and how to renewal SSL certificate automatically.
[Let’s Encrypt](https://letsencrypt.org/ is an automated certificate authority (CA, provided by the [Internet Security Research Group](https://letsencrypt.org/isrg/ (ISRG, that provides an easy way to obtain and install free SSL/TLS certificates. Thus, it provides an easy way to encrypt HTTPS on web servers for free in the most user-friendly way possible. It makes the process easy by providing a client, Certbot, that automates most of the necessary steps. The entire process is fully automated on [Nginx web server](https://www.nginx.com/.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
Nginx must be installed on Ubuntu 18.04. Do it by following our guide, [How to Install Nginx on Ubuntu 18.04](https://systemongrid.com/guides/how-to-install-nginx-on-ubuntu-18.04.
You must own or have access to a registered domain that you wish to use SSL/TLS certificate with. In this tutorial, we use systemongrid.tk to explain you the process. You must have created a record that points your domain to the public IP address of your server. This is because to make Let’s Encrypt validate that you are the owner of the domain it is issuing an SSL/TLS certificate for.
## Secure Nginx with Let's Encrypt
## Install Certbot
The first step in obtaining an SSL/TLS certificate using Let’s Encrypt is installing Certbot software on your server. Install the updated version of Certbot using Ubuntu software repository that has been developed and maintained by Certbot developers.
Add the repository using the following command.
```
$ sudo add-apt-repository ppa:certbot/certbot
```
![](http://
Press ENTER to accept.
To know the new repository’s package information, update the package list using the following command.
```
$ sudo apt-get update
```
Now, enable universe repository using the following command.
```
$ sudo add-apt-repository universe
```
Then, install Certbot using apt-get command.
```
$ sudo apt-get install python-certbot-nginx
```
Now, the software client, Certbot, is ready to use.
## Setup Nginx
To automatically configure SSL for Nginx, Certbot needs to find the correct server block in your configuration. It does the process by looking for a server_name directive that matches with your domain you are requesting an SSL certificate for.
Update the configuration file using the following command.
```
$ sudo nano /etc/nginx/sites-available/default
```
Find the server_name line in the file, /etc/nginx/sites-available/default.
```
server_name localhost;
```
Place your domain name in the place of localhost.
```
server_name systemongrid.tk www.systemongrid.tk;
```
Then, save the file.
Check the syntax of your configuration edits with the following command.
```
$ sudo nginx -t
```
If you get no errors, reload Nginx for the new configuration
```
$ sudo service nginx reload
```
Now, the Certbot can find the correct server block. Update it.
## Allow HTTPS Through the Firewall
Chances are you have the ufw firewall enabled, recommended by the prerequisites guides. If you have done that, you will have to adjust the settings to allow for HTTPS traffic. To make this process simpler, Nginx registers a few profiles with ufw upon installation.
You can see the current setting by the following command.
```
$ sudo ufw status
```
You will probably see output like below.
Output:
![nginxhttptraffic](https://grid.media/assets/images/ufw-status-with-nginx-http-traffic-02132019.png
If your ufw status is inactive, use the following command to activate it.
```
$ sudo ufw enable
```
Now, to let in HTTPS traffic, allow Nginx full profile and delete unnecessary Nginx HTTP profile allowance.
```
$ sudo ufw allow 'Nginx Full'
$ sudo ufw delete allow 'Nginx HTTP'
```
Now your status looks like this.
```
$ sudo ufw status
```
Output:
![ufwstatus2](https://grid.media/assets/images/ufw-status2.png
That’s it. You have successfully allowed HTTPS through the firewall.
## Obtain an SSL Certificate
Certbot provides many plugins to obtain SSL certificates. The Nginx plugin takes care of re-configuring Nginx and reloading the config whenever it is necessary.
```
$ sudo certbot --nginx -d systemongrid.tk -d www.systemongrid.tk
```
The above command runs the Certbot with the Nginx plugin using -d to specify the domain name that you are requesting the certificate for.
If this is the first that you are running Certbot, you will be asked to enter your email address and agree to the terms and conditions of the service.
After this, Certbot communicates with the Let’s Encrypt and runs a challenge to verify if you own or have control over the domain that you are requesting an SSL certificate for.
If this is successful, Certbot will ask you to configure your HTTPS settings.
Output:
![redirecthttptraffictohttps](https://grid.media/assets/images/redirect-http-traffic-to-https.png
Choose one option, then hit ENTER. The configuration will be updated. Nginx will be reloaded and pick the new settings.
Now, Certbot will show you a message telling you that the process was successful and the path where the certificates are stored.
Output:
![sslcertificate](https://grid.media/assets/images/ssl-certificate.png
Now, your SSL certificates are downloaded, installed, and configured.
Load your website using https://systemongrid.tk and check your browser’s security indicator. It must represent with a green lock icon telling that this website is properly secured.
## Verify Certbot Auto-Renewal
These SSL certificates issued by Let’s Encrypt are valid only for 90 days. The certbot runs certbot renew via a systemd timer twice a day to take care of the auto-renewal process. On non-systemd distributions, the process is provided by a script that is placed in /etc/cron.d. This task renews any certificate that is within 30 days of the expiration date.
Use the following command to test the renewal process.
```
$ sudo certbot renew --dry-run
```
You are all set if you see no errors.
If the auto-renewal process fails, Let’s Encrypt will send you the email, you have specified, when your certificate is about to expire.
## Conclusion
You have successfully obtained SSL certificate using Certbot, secured Nginx with Let’s Encrypt on Ubuntu 18.04 and renewed SSL certificate automatically.
[category] => security
[updated] => 2019-02-15T10:36:00.971+0000
[created] => 2019-01-08T12:58:04.844+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => nginx
)
)
[82] => Array
(
[_id] => 5c35d96ef787750006a2d3c2
[path] => how-to-install-linux,-apache,-mysql,-php-(lamp-stack-on-ubuntu-18.04
[title] => How to Install Linux, Apache, MySQL, PHP (LAMP Stack on Ubuntu 18.04
[subheading] => This guide explains you How To Install Linux, Apache, MySQL, PHP (LAMP stack on Ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Installing Apache and Updating the Firewall](#installing-apache-and-updating-the-firewall
- [Installing MySQL](#installing-mysql
- [Installing PHP and Testing PHP Processing on Web Server](#installing-php-and-testing-php-processing-on-web-server
- [Conclusion](#conclusion
## Introduction
The LAMP stack is an open source software used to create websites and web applications. It consists of a Linux operating system, Apache HTTP Server, MySQL Database and PHP programming language.
LAMP stack represents Linux operating system with the Apache HTTP server and the website data is stored in a MySQL database and PHP programming language processes dynamic content.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## Installing Apache and Updating the Firewall
The Apache web server is well-documented and has been full usage in the history of the web and it is default choice for hosting a website.
Installing Apache using Ubuntu’s package manager, apt:
```
$ sudo apt update
$ sudo apt install apache2
```
By adding sudo command, these operations are executed with root privileges. It will ask you the regular user’s credentials to verify your intention.
After entering the password, apt will directs which package is installed and how much disk space it will occupy. Then you have to press ‘y’ and hit enter to proceed installation.
## Adjust the Firewall to Allow Web Traffic
Assume that, you have done with initial server setup and enabled the UFW Firewall and you have to make sure that firewall allows HTTP and HTTPS traffic.
To check that UFW has an application profile for Apache, use the below command.
```
$ sudo ufw app list
```
![ufwavailableapplications](https://grid.media/assets/images/ufw-available-applications-02132019.png
In Apache full profile, It enables traffic to ports 80 and 443:
```
$ sudo ufw app info Apache Full
```
![apachefull](https://grid.media/assets/images/apache-full.png
Use this command to allow incoming HTTP and HTTPS traffic for this profile.
```
$ sudo ufw allow ‘Apache Full’
```
You can check it by visiting your server’s public IP Address in your web browser by using the following command.
http://your_server_IP_address
You will see the default ubuntu 18.04 Apache web page. It is for information and testing purpose.
It should look like this:
![apacheubuntudefaultpage](https://grid.media/assets/images/apache-2-ubuntu-default-page.png
If you get output like this, then your web server is installed correctly and accessible through the firewall.
## How to Find your Server’s Public IP Address
There are many ways to find your server’s Public IP Address. First, you can use iproute2 tools to get IP Address by using below command.
```
$ ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
```
This command will take you to three lines back. They are all correct addresses but your system will use only one of them.
And another method is to use curl utility as follows. This is done by asking a specific server to know what your IP Address is:
```
$ sudo apt install curl
```
$ curl http://icanhazip.com
## Installing MySQL
Now the web server is running. Next, we have to install MySQL. MySQL is a database Management system, it will organize and provide access to a database where your site can store information.
Now use apt to install this software:
```
$ sudo apt install mysql-server
```
This command shows the list of packages that will be installed and the amount of disc space that they will take over. To continue hit ENTER.
When the installation is complete, run a simple script that comes as default when it is installed with MySQL, it removes some dangerous defaults and locks down access to a database system.
Start the script by typing the below command:
```
$ sudo mysql_secure_installation
```
The script will ask you to give a password for further use within the MySQL system. Then, you will be asked, if you want to configure the VALIDATE PASSWORD PLUGIN.
![mysqlsecureinstallation](https://grid.media/assets/images/mysql-secure-installation.png
Press Y for yes, or any other key to continue without enabling.
If you have enabled VALIDATE PASSWORD PLUGIN, you will be asked to select a level of password validation.
![validatepasswordplugin](https://grid.media/assets/images/validate-password-plugin.png
Select any one among three levels of password validation, enter your new password. Then, you will be shown the strength of the password you have entered. Press Y if you are satisfied with the password.
![passwordauthenticationsuccess](https://grid.media/assets/images/password-authentication-success.png
Press Y for the rest of the questions and hit ENTER at each prompt. This will disable some of the anonymous users and remote root logins, test the database and load these new rules so that MySQL will immediately respect the changes we have made.
While running MySQL 5.7 in Ubuntu systems, the root MySQL user by default is set to authenticate by using the auth_socket rather than with a password. This gives better security and usability in most of the cases but, it complicates things when you want to allow an external program to access the user.
If you want to connect to MySQL as a root using a password, you will need to switch the authentication method from auth_socket to mysql_native_password. To do so, open MySQL prompt using the below command.
```
$ sudo mysql
```
Then, use the below command to check which authentication method each of your MySQL user accounts is using:
```
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
```
The output looks like this:
![mysqlselectcommand](https://grid.media/assets/images/mysql-select-command.png
Run the below command to reload the grant tables and make your changes effective.
```
mysql> FLUSH PRIVILEGES;
```
Now, check the authentication method employed by root to confirm that it is no longer authenticates using the auth_socket plugin. Do it by using the below command.
```
mysql> SELECT user,authentication_string,plugin,host FROM mysql.user;
```
Then you will get an output as follows:
![mysqlselectcommandafterfli](https://grid.media/assets/images/mysql-select-command-after-fli=ush.png
After confirming this, you can exit the MySQL shell using the below command.
```
mysql> exit
```
## Installing PHP and Testing PHP Processing on Web Server
PHP is component of your setup that will process code to display dynamic content. It can run scripts, connect your MySQL databases to get information.
Once again update the apt system to install php.In addition to this, including some extra packages so that PHP code can run under Apache server and interact with MYSQL database.
```
$ sudo apt install php libapache2-mod-php php-mysql
```
Now PHP is installed.
Now a user requests a file from the server, Apache will first look for the file called index.html. Now we have to tell the web server to take PHP files first so that Apache will look into index.php file first
To do that, type the following command to open dir.conf file in a text editor with root privileges.
```
$ sudo nano /etc/apache2/mods-enabled/dir.conf
```
/etc/apache2/mods-enabled/dir.conf file looks like this:
```
DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.htm
```
Move the PHP index file to the first position after the DirectoryIndex specification like this:
```
DirectoryIndex index.php index.html index.cgi index.pl index.xhtml index.htm
```
When you finished it save and close the file by entering ctrl+X. Confirming the save by pressing Y and hit ENTER button to verify the save location.
After this restart the Apache server, in order for your changes to be recognized.
To do this enter the following command.
```
$ sudo systemctl restart apache2
```
You can also check the status of the status of the Apache2 by entering the below command.
```
$ sudo systemctl status apache2
```
Then you will get output like this:
![systemctlapache2](https://grid.media/assets/images/systemctl-apache-2.png
Hit q to exit from the status output.
To enhance the functionality of PHP, enter the following command.
```
$ apt search php- | less
```
Use the arrow keys to scroll up and down. Press q to exit from the status output.
```
bandwidthd-pgsql/bionic 2.0.1+cvs20090917-10ubuntu1 amd64
Tracks usage of TCP/IP and builds HTML files with graphs
bluefish/bionic 2.2.10-1 amd64
advanced Gtk+ text editor for web and software development
cacti/bionic 1.1.38+ds1-1 all
web interface for graphing of monitoring systems
ganglia-webfrontend/bionic 3.6.1-3 all
cluster monitoring toolkit - web front-end
golang-github-unknwon-cae-dev/bionic 0.0~git20160715.0.c6aac99-4 all
PHP-like Compression and Archive Extensions in Go
haserl/bionic 0.9.35-2 amd64
CGI scripting program for embedded environments
kdevelop-php-docs/bionic 5.2.1-1ubuntu2 all
transitional package for kdevelop-php
kdevelop-php-docs-l10n/bionic 5.2.1-1ubuntu2 all
transitional package for kdevelop-php-l10n
…
:
```
To know the long description of the package, type the following command:
```
$ apt show package_name
```
To find what the php-cli does, use the below command.
```
$ apt show php-cli
```
Along with large information, you would look like this.
![showphpcli](https://grid.media/assets/images/show-php-cli.png
If you decided php-cli is looking something that you want, then type this:
```
$ sudo apt install php-cli
```
To test whether the system is configured correctly for PHP, create a very basic PHP script called info.php. For Apache to find this file and server it correctly. It must be saved to particular directory called web root.
In Ubuntu 18.04 , this directory is located at /VAR/WWW/HTML/. Create the file at that location by typing:
```
$ sudo nano /var/www/html/info.php
```
Then you get a blank file and add the below text.
```
```
When you are finished save and close the file.
Now you can get your web server is correctly able to print the message generated by php script.
To try this visit the webpage. For this, you need server’s public IP address.
The address you have to visit is:
http://your_server_ip/info.php
The page you get looks like this:
![infophp](https://grid.media/assets/images/infophp.png
This page provides some basic info about server from the PHP. It is useful for debugging. If you see the page as above then your PHP is working correctly.
If you want to remove the file, then use the following command:
```
$ sudo rm /var/www/html/info.php
```
You can recreate this page if you want the information later.
## Conclusion
Now LAMP stack is installed. So that you have a platform that allows you to install many kind of websites and web servers on your system. And the next step is you have to ensure that the connections to your system are secured, by providing them via HTTPS.
[category] => photon
[updated] => 2019-02-27T10:15:48.517+0000
[created] => 2019-01-09T11:22:22.385+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => linux
[1] => apache
[2] => php
[3] => mysql
)
)
[83] => Array
(
[_id] => 5c35f07af787750006a2d3ca
[path] => introduction-to-securing-your-linux-vps
[title] => Introduction to Securing your Linux VPS
[subheading] => This guide shows us to secure the linux VPS
[body] => ## Table of Contents
- [Introduction](#introduction
- [Disable the Root Account](#disable-the-root-account
- [Use SSH Keys](#use-ssh-keys
- [Block Unwanted Traffic with Firewalls](#block-unwanted-traffic-with-firewalls
- [Use Denyhosts and Fail2Ban](#use-denyhosts-and-fail2ban
- [Install an Intrusion Detection System](#install-an-intrusion-detection-system
- [Update Software Regularly](#update-software-regularly
- [Encrypt Sensitive Data](#encrypt-sensitive-data
- [Limit Unused Services](#limit-unused-services
- [Check for Malware](#check-for-malware
- [Conclusion](#conclusion
## Introduction
Securing your Linux VPS is the most important thing you could after installing and configuring it. However, it is much more secure than other operating systems because of its security model. But, the Linux’s Security Model (LSM not one hundred percent secure and has some security breaches. So, in this guide, we will explain some of the most common security measures you need to take to secure your Linux VPS from hackers over the internet.
## Disable the Root Account
Want to secure your Linux VPS? If yes, the first thing you need to do is disabling the root account. Instead of using the root account, you could take advantage of sudo access for root privileges. This can restrict hackers from trying brute force to crack root account password and gain access of it.
Sudo is an exclusive access that can be given to an authorized user to run administrative commands and eliminate the need of root access.
But, before disabling root account, make sure that you have created a non-root account using the guide, [initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04 and given appropriate privileges to it.
## Use SSH Keys
SSH is an acronym for Secure Shell. Secure Shell (SSH is a cryptographic network protocol, and it is responsible for encrypting the information between a user and the remote machine. It allows users to perform secure network services.
It uses SSH keys to log into a server so that you can get a more secure way of logging in. Generally, hackers use brute force attack to crack passwords. But, it is almost impossible to decipher the SSH keys by using the brute force attack as they have more bit of data than a password. It means there are significantly more possible ways of combinations for a hacker to crack. So, you can connect to your server without entering your password. Moreover, it is even more secure.
Secure Shell (SSH is completely based on public key cryptography. For your easy understanding, let’s just say SSH keys come in a pair. One is a private key and the other one is a public key. The private key is stored securely to the home machine of a user. The public key is stored securely to any remote machine that user wishes to connect. You can use the public key on any server, but it can be unlocked by connecting to a user who already has the private key. The machine will be unlocked only when the two keys matched. You can also increase the security much more by protecting the private key with a passphrase.
SSH Keys are straightforward to set up. SSH key authentication is the most recommended to log into your Linux or Unix server remotely. SSH keys can be generated in your computer and transfer the public key to your server in no time.
Check here:
[How to Setup SSH Keys on Ubuntu 18.04 ](https://systemongrid.com/guides/how-to-setup-ssh-keys-on-ubuntu-18.04
[How to Use SSH Keys with SystemOnGrid Orbits](https://systemongrid.com/guides/how-to-use-ssh-keys-with-systemongrid-orbits
## Block Unwanted Traffic with Firewalls
A firewall is a protection from unauthorized access to a server. It is a network security device that monitors traffic to your server and allows or blocks a specific traffic based on predetermined security rules. It creates a barrier between a trusted internal network and an untrusted external network i.e., the internet.
Firewalls allow you to limit access to your server depending on which group mentioned above is suitable for you. You can give access to everyone using public services, and you can restrict the permission using private services. You can also make some data completely inaccessible to the outside world.
We have briefly discussed some of the popular firewalls solutions below.
## UFW
Ufw stands for Uncomplicated Firewall. Ufw is Ubuntu’s default firewall configuration tool. By default, Ufw is disabled in Ubuntu. It provides simple yet most effective host-based firewall management making it simple for everyone including people who are not aware of Linux firewall solutions.
Check here:
[How to Setup a Firewall with UFW on an Ubuntu and Debian Cloud Server](https://systemongrid.com/guides/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server
## IPTables
IPTables is probably the most well-known firewall solution. It is used for administration of Netfilter firewall included in the Linux kernel. It has undergone many intense security audits to ensure that its safety. It has been upgraded many times since it was first introduced in 1998. The syntax can be a little difficult to understand at first, but it is a fantastic tool that can be configured with a very flexible set of rules.
## NFTables
NFTables was introduced in 2014 by the same team who developed IPTables and intended to eventually make it a successor of IPTables in the future. It uses more readable syntax and can support both IPv4 and IPv6 in the same tool.
## Use Denyhosts and Fail2Ban
Denyhosts and Fail2ban are two applications to secure your Linux VPS. They focus on failed login attempts, so if multiple failed login attempts happened from the same IP address, the applications will automatically insert firewall rules that it will block traffic from that IP address. This is because of the assumption that authorized users can’t fail to enter the correct password within 3-5 tries, so anyone who exceeds the limit can be considered as malicious.
## Install an Intrusion Detection System
The software that looks for unauthorized activity to files and reports them is commonly referred to as an Intrusion Detection System (IDS. Conducting file audits and implementing IDS is an intensive process. The initial configuration in the process involves finding the non-standard changes you have made to the server and defining the paths that must be excluded to create a baseline reading.
The process complicates the updating process as you need to re-check the system before running updates, and recreating the baseline after running the update to catch changes to the software versions. You also need to offload the reports to another location so that no one can alter the audit to hide their tracks. The process may also increase your administration capacity i.e., being able to check your system for a known-good copy, the only way to ensure that the files have not been changed without your knowledge.
## Update Software Regularly
Security breaches are common in almost every kind of software you might be using in your system. Getting rid of these security breaches is an essential routine in securing your Linux VPS. This can be done only by using the updated software available in the respective software repository because outdated software might have security breaches and updated for the same reason. This is one of the simplest ways of preventing intrusion attacks.
## Encrypt Sensitive Data
Data that is transmitted over the internet can be monitored and misused by hackers. Although we have some resources to protect the data, it needs to be encrypted when sensitive data is involved. Encryption is one of the most effective ways of securing data used by organizations. It translates data into a code form so that people who have a secret key can only access the data. The sole purpose of encryption is to protect the digital data that is transmitted using the internet and computer networks. The modern data encryption algorithms have already replaced the Data Encryption Standard and are playing a crucial role in securing IT systems and communications.
## Limit Unused Services
It’s likely that you don’t need all the packages and services that come with Linux distribution. Every service or package you use is a possible threat so try to use services and packages that you need and use. And, disable all the services from starting automatically. Also, don’t install and configure unnecessary packages and services.
## Check for Malware
Linux is less targeted by malware than Windows operating system, but it doesn’t mean that it is immune to malware software. So, it is recommended to check for malware in your system which can help you find the unauthorized software installed in your system. But, there are many malware scanners for Linux in the market today. One of the popular malware scanners today is maldet, Linux Malware Detect (LMD. You can use maldet both manually and automatically. You have an option to schedule scans and the reports will be mailed to the admin of your Linux VPS.
## Conclusion
In this guide, we tried to mention some of the most important ways of securing your Linux VPS from malicious people over the internet. Since you have to take responsibility for the security of your server, you need to take decisions and implement the right solution at the right time.
[category] => security
[updated] => 2019-01-25T09:13:40.658+0000
[created] => 2019-01-09T13:00:42.909+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => linux
[1] => vps
)
)
[84] => Array
(
[_id] => 5c349fcff787750006a2d346
[path] => how-to-setup-sftp-server-on-ubuntu-18.04
[title] => How to Setup SFTP Server on Ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Configure FTP Server](#configure-ftp-server
- [Configure SSH Daemon](#configure-ssh-daemon
- [Create SFTP User Account](#create-sftp-user-account
- [User Login via SFTP](#user-login-via-sftp
- [Conclusion](#conclusion
## Introduction
FTP stands for “File Transfer Protocol” is a popular method of transferring files between two remote systems. SFTP stands for SSH File Transfer Protocol, or Secure File Transfer Protocol is a separate protocol packaged with SSH that works similarly over a secure connection.
## Prerequisites
SFTP Configuration assumes that you have to configure your FTP server by following the FTP configuration guide. Privileged access to the system as root or via sudo command is required.
## Configure FTP Server
This guide describes FTP over secure SSH protocol. Before starting this guide make sure that you have already configured your FTP server using below link.
## Configure SSH Daemon
If you have not configured till now, you have to install SSH server:
```
$ sudo apt install ssh
```
If you want to configure FTP over OpenSSH server, you have to edit the existing SSHD configuration file as below.
```
$ sudo nano /etc/ssh/sshd_config
```
Add this below file at the end of the file as below.
```
Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
```
These lines say that users related to sftp group will be able to access their home directories, even though they will be denied SSH shell access.
![configuressgdaemon](https://grid.media/assets/images/configure-ssh-daemon.png
To apply the new changes you have to restart the SSH server.
```
$ sudo service ssh restart
```
## Create SFTP User Account
Now you have to create a new user account which is specific to SFTP service. Now you have to create a new group called sftp:
```
$ sudo addgroup sftp
```
![addgroupsftp](https://grid.media/assets/images/addgroup-sftp.png
Now you have to create a new user sftpuser assign him to the sftp group by using the below command.
```
$ sudo useradd -m sftpuser -g sftp
```
You have to set a new password for sftpuser user:
```
$ sudo passwd sftpuser
```
![passwordsftpuser](https://grid.media/assets/images/passwd-sftpuser.png
At last change access permissions to the user’s home to deny access to it from any others on the same system. To do it use the below command.
```
$ sudo chmod 700 /home/sftpuser/
```
## User Login via SFTP
Now the new user called sftpuser can log in to the new sftp server via sftp:// protocol. Now SFTP server can be resolved via eg. hostname ubuntu-sftp use sftp command to create new SFTP connection.
```
$ sftp sftpuser@testsftp
```
![sftpusertestsftp](https://grid.media/assets/images/sftpuser-testsftp.png
Now navigate to your home directory and confirm write access by creating a new directory.
```
sftp> cd sftpuser
sftp> mkdir sftp-test
sftp> ls
```
![sftptest](https://grid.media/assets/images/ls.png
## Conclusion
Now you are connected to SFTP
[subheading] => This guide explains you How to setup SFTP server on Ubuntu 18.04
[category] => orbit
[updated] => 2019-02-05T15:23:55.793+0000
[created] => 2019-01-08T13:04:15.204+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => sftp
)
)
[85] => Array
(
[_id] => 5c34a4d1f787750006a2d348
[path] => how-to-setup-ssh-keys-on-ubuntu-18.04
[title] => How to Setup SSH Keys on Ubuntu 18.04
[subheading] => This guide will show you how to setup ssh keys on ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [How to Setup SSH Keys](#how-to-set-up-ssh-keys
- [Generate RSA Key Pair](#generate-rsa-key-pair
- [Copy the Public Key](#copy-the-public-key
- [Use SSH Keys to Authenticate to Test User](#use-ssh-keys-to-authenticate-to-test-user
- [Deactivate the Password for Root Login](#deactivate-the-password-for-root-login
- [Conclusion](#conclusion
## Introduction
In this guide, I will explain to you how to set up SSH keys on Ubuntu 18.04.
SSH is an acronym for Secure Shell. Secure Shell (SSH is a cryptographic network protocol, and it is responsible for encrypting the information between a user and the remote machine. It allows users to perform secure network services.
It uses SSH keys to log into a server so that you can get a more secure way of logging in. Generally, hackers use brute force attack to crack passwords. But, it is almost impossible to decipher the SSH keys by using the brute force attack. So, you can connect to your server without entering your password. Moreover, it is even more secure.
Secure Shell (SSH is completely based on public key cryptography. For your easy understanding, let’s just say SSH keys come in a pair. One is a private key and the other one is a public key. The private key is stored securely to the home machine of a user. The public key is stored securely to any remote machine that user wishes to connect. You can use the public key on any server, but it can be unlocked by connecting to a user who already has the private key. The machine will be unlocked only when the two keys matched. You can also increase the security much more by protecting the private key with a passphrase.
## Prerequisites
Running Server
## How to Setup SSH Keys
## Generate RSA Key Pair
The first step in the process is to generate an RSA key pair on the user machine (Chances are that it is your machine using the following command.
```
$ ssh-keygen
```
After entering the Gen Key command, you will probably get a few questions like the following.
![generatingrsakeypair](https://grid.media/assets/images/generating-rsa-key-pair-02132019.png
Now, press ENTER to save the file to the user home. (Here, systemongrid is our example user, replace it with your user.
Then, you will be asked to enter a passphrase.
![passphrase](https://grid.media/assets/images/passphrase.png
It is entirely up to you whether to use a passphrase or not. But, using a passphrase increase your security much more. No unauthorized user can log into a passphrase-protected machine and its associated accounts unless they know the passphrase. But, you must type the passphrase every time you use the SSH key pair.
The complete output will look like the following.
![setupsshkeys](https://grid.media/assets/images/set-up-ssh-keys-on-ubuntu-18.04.png
It is very clear that the public key is now located in /home/systemongrid/.ssh/id_rsa.pub. The private key (identification is now located in /home/systemongrid/.ssh/id_rsa.
## Copy the Public Key
Now, you must place the public key on your server.
Then, copy the public key into the authorized_keys file in your new machine by using an ssh-copy-id command.
```
$ ssh-copy-id username@216.200.116.191
```
You can also do this by using the below command.
```
cat ~/.ssh/id_rsa.pub | ssh username@216.200.116.191/ "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
```
In both the ways, you will see the message something like the following.
![hostauthenticity](https://grid.media/assets/images/host-authenticity.png
This message helps you to make sure that you have not added any extra keys and this is the first time you are connecting to a new host. Type yes, press ENTER to continue.
Then, your local account will be scanned by the utility for id_rsa.pub key that we generated earlier. When the key is found, you will be asked to enter the password of the remote user (or test user’s account.
Output
![installthenewkeys](https://grid.media/assets/images/install-the-new-keys.png
Enter the password, press ENTER to continue.
Then, the utility will connect to the account, copy the contents of your ~/.ssh/id_rsa.pub key into a file in the remote user (or test user’s home ~/.ssh directory called authorized_keys.
## Use SSH Keys to Authenticate to Test User
If you have done the above process, you must be able to log into the test user using the below command without the test user’s password.
```
$ ssh username@216.200.116.191
```
## Deactivate the Password for Root Login
Now, it’s time to deactivate the password for root login so that you can log in only by using SSH keys. To do so, open your SSH configuration file
```
$ sudo vi /etc/ssh/sshd_config
```
Within the file find the line, PasswordAuthentication to set its value to “no”. This can make you log in via SSH using account’s passwords.
```
/etc/ssh/sshd_config
PasswordAuthentication no
```
Then, press CTRL + X to save and close the file, Y to confirm saving it and ENTER to exit nano.
Use the following command to implement these changes
```
$ sudo systemctl restart ssh
```
Before closing the session, open a new window and test if SSH service is functioning correctly using the command:
```
$ ssh username@216.200.116.191
```
After checking your SSH services, you can close all server sessions.
## Conclusion
In this guide we have described that how to set up SSH keys on Ubuntu 18.04.
[updated] => 2019-02-15T10:10:48.037+0000
[created] => 2019-01-08T13:25:37.991+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => ssh
[1] => orbit
)
[category] => security
)
[86] => Array
(
[_id] => 5c35e5a9f787750006a2d3c7
[path] => how-to-install-nginx-on-ubuntu-18.04
[title] => How to Install Nginx on Ubuntu 18.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Installing Nginx](#installing-nginx
- [Adjusting the Firewall](#adjusting-the-firewall
- [Checking Web Server](#checking-web-server
- [Managing the Nginx Process](#managing-the-nginx-process
- [Conclusion](#conclusion
## Introduction
[Nginx](https://www.nginx.com/ is the popular web server in the world and it is the backbone for hosting most significant sites on the web. It is used as a reverse proxy and it is user-friendly then Apache.
In this guide, we will discuss how to Install Nginx on Ubuntu 18.04 server.
## Prerequisites
Before installing Nginx, you should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## Installing Nginx
Nginx is available in Ubuntu’s repositories, so you have to install it from these repositories using apt packages.
First of all, you have to update the local packages index so that you have an access to most recent package listings and then you can install Nginx.
```
$ sudo apt update
$ sudo apt install nginx
```
Now apt will install Nginx and required dependencies to your server.
## Adjusting the Firewall
If you want to test Nginx, the first step is the firewall software needs to be adjusted to allow access to the service. If you install Nginx, it registers itself as a service with ufw installation to allow Nginx access.
We can show the application programmes that ufw knows by using below command.
```
$ sudo ufw app list
```
Then you will get the following list.
![ufwlistofapplications](https://grid.media/assets/images/ufw-list-of-applications-02132019.png
As above output, there are three profiles available for Nginx:
## Nginx Full
This port opens both port 80 and port 443
## Nginx HTTP
This port opens only port 80
## Nginx HTTPS
This profile opens only port 443
You can configure SSL for your server by entering the below command.
```
$ sudo ufw allow 'Nginx HTTP'
```
You can check the status by entering the below command.
```
$ sudo ufw status
```
You can see HTTP traffic allowed in the following output.
![nginxufwstatus](https://grid.media/assets/images/nginx-ufw-status-02132019.png
## Checking Web Server
After installation, Ubuntu 18.04 starts Nginx. The web server starts and running. You can check whether the system is running or not by entering the below command.
```
$ systemctl status nginx
```
![nginxstatus](https://grid.media/assets/images/status-nginx.png
First of all, to test Nginx you have to request a page from Nginx. Then you can see the default Nginx landing page to confirm the software is working correctly through navigating to your server’s IP address. You can get an IP address in several ways. Use the following command to know the IP address.
```
$ ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
```
Now you can check it in your browser’s address bar.
Another way to check this, by entering the below command.
```
$ curl -4 icanhazip.com
```
If you have server’s IP address then enter it in your browser’s address bar.
http://216.200.116.243
Then you can see Nginx landing page:
![nginxlandingpage](https://grid.media/assets/images/nginx-landing-page.png
Then your server is running correctly.
## Managing the Nginx Process
Now you are having a web server up and it is running.
Use the below command, to stop web server:
```
$ sudo systemctl stop nginx
```
Use the following command to start web server:
```
$ sudo systemctl start nginx
```
Enter the below command to restart:
```
$ sudo systemctl restart nginx
```
To reload the web server, enter the below command.
```
$ sudo systemctl reload nginx
```
If you want to disable the Nginx, enter the following command.
```
$ sudo systemctl disable nginx
```
If you want to re-enable Nginx, use the below command.
```
$ sudo systemctl enable nginx
```
## Conclusion
So far we have discussed how to install Nginx.
[subheading] => This guide explains you How To Install Nginx on Ubuntu 18.04
[category] => orbit
[updated] => 2019-02-15T09:40:39.001+0000
[created] => 2019-01-09T12:14:33.780+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => nginx
)
)
[87] => Array
(
[_id] => 5c49af80ea1ada0007f21f43
[path] => how-to-install-wordpress-with-lemp-on-ubuntu-18.04
[title] => How to Install WordPress with LEMP on Ubuntu 18.04
[subheading] => This guide will show you how to install wordpress with LEMP on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [How to Install WordPress with LEMP on Ubuntu](#how-to-install-wordpress-with-lemp-on-ubuntu
- [Create a MySQL Database and User for WordPress](#create-a-mysql-database-and-user-for-wordpress
- [Install Additional PHP Extensions](#install-additional-php-extensions
- [Configure Nginx](#configure-nginx
- [Download WordPress](#download-wordpress
- [Setup the WordPress Configuration File](#setup-the-wordpress-configuration-file
- [Complete WordPress Installation through a Web Interface](#complete-wordpress-installation-through-a-web-interface
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to install WordPress with LEMP on Ubuntu 18.04.
[WordPress](https://wordpress.com/ is a free and open-source Content Management System (CMS. It was designed to manage blogs. It is the most popular website management system with serving more than 60 million websites as of 2018. It allows you to develop a website and manage your content without coding. It can also be used to develop an operational website.
WordPress is a theme based platform which provides you with free and premium themes that can be integrated easily without any programming and designing language. It has a fantastic feature called plugins which can be used to add required modules and extend its functionality. It is multilingual and allows you to translate content in your language.
[LEMP](https://lemp.io/ is an acronym for Linux, Nginx, MySQL, and PHP. The LEMP software stack is a group of software used for developing and deploying web pages and web applications. The MySQL database management system stores all the backend data and PHP handles the dynamic processes.
## Prerequisites
You should have access to an Ubuntu 18.04 server. Create a non-root user with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04. You need to install the LEMP stack as WordPress requires a web server, a database, and PHP to function correctly. You can do this by following our guide, Install LEMP stack on Ubuntu 18.04.
## How To Install WordPress with LEMP on Ubuntu
## Create a MySQL Database and User for WordPress
WordPress uses MySQL, a data management system, to store and manage your website data. Assuming that you have installed MySQL following the guides in prerequisites.
Now, you need to create a MySQL database and User for WordPress. To do so, log into your MySQL root account using sudo if it is configured to use auth_socket authentication plugin.
```
$ sudo mysql
```
Use the below command if you have configured MySQL to use a password authentication method.
```
$ mysql -u root -p
```
You will be asked to enter the password for your MySQL root account. Type it and press ENTER.
Now, you need to create a database that WordPress can control. In this guide, we use ‘wpdatabase’ for the database, and you can replace it as your wish.
Create a database using the below command.
```
mysql> CREATE DATABASE wpdatabase DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
```
Then, you need to create a separate MySQL user to operate on your new database, wpdatabase. In this guide, we use ‘mysqluser’, you can replace it as your wish.
Create a user, set a password and give access to the new database using the below command.
```
mysql> CREATE USER 'mysqluser'@'localhost' IDENTIFIED BY 'password';
```
Give permissions to the user on the database using the below command.
```
mysql> GRANT ALL ON wpdatabase.* TO 'mysqluser'@'localhost' IDENTIFIED BY 'password';
```
Now, run the below command to make your changes effective.
```
mysql> FLUSH PRIVILEGES;
```
If you are okay with the changes, you can exit the MySQL shell using the below command.
```
mysql> exit
```
## Install Additional PHP Extensions
After creating a MySQL database and user for WordPress, you need to install additional PHP extensions. To do so, use the below command.
```
$ sudo apt update
```
```
$ sudo apt install php-curl php-gd php-intl php-mbstring php-soap php-xml php-xmlrpc php-zip
```
Now, restart the PHP-FPM process to make the changes effective using the below command.
```
$ sudo systemctl restart php7.2-fpm
```
## Configure Nginx
You need to make a few changes to your Nginx server block files. If you have followed the prerequisites guide, you must have a configuration file for your site in the directory, /etc/nginx/sites-available/ configured to your server’s IP address or domain name and secured by an SSL/TLS certificate.
Then, copy the text files from /etc/nginx/sites-available/default to /etc/nginx/sites-available/wordpress using the below command. (In this guide, as an example, we use /etc/nginx/sites-available/wordpress. You must replace the path to your configuration file.
```
$ sudo cp /etc/nginx/sites-available/default /etc/nginx/sites-available/wordpress
```
Additionally, we use /var/www/html/wordpress as the root directory of your WordPress install. Replace it with the web root mentioned in your configuration.
Open server block file of your site using the below command.
```
$ sudo vi /etc/nginx/sites-available/wordpress
```
In this guide, we use a regular expression location to match requests for static files. You can modify the static files list to add other file extensions that your website may use.
```
/etc/nginx/sites-available/wordpress
server {
listen 80;
listen [::]:80;
root /var/www/html/wordpress;
index index.php index.html index.htm;
server_name example.com www.example.com;
client_max_body_size 100M;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
}
```
Then, save and close the file.
Now, delete the default nginx server block using the below command to avoid conflicting server name error.
```
$ sudo rm -rf /etc/nginx/sites-enabled
```
Now, enable the virtual host by running the below command.
```
$ sudo ln -s /etc/nginx/sites-available/wordpress /etc/nginx/sites-enabled/
```
And, run the below commands to reload Nginx web server and PHP-FPM settings.
```
$ sudo systemctl restart nginx.service
```
```
$ sudo systemctl restart php7.2-fpm.service
```
Now, check the syntax of your configuration edits with the following command.
```
$ sudo nginx -t
```
If you get no errors, reload Nginx for the new configuration
```
$ sudo service nginx reload
```
## Download WordPress
Now, as your server software is configured, you can download and setup WordPress. It is recommended to download the latest version of WordPress from their official website for security reasons.
Change it into a writable directory and download the compressed version using the below commands.
```
$ cd /tmp
```
```
$ curl -LO https://wordpress.org/latest.tar.gz
```
Now, extract the compressed file to create the WordPress directory structure using the below command.
```
$ tar xzvf latest.tar.gz
```
Now, copy the sample configuration file to the file which WordPress reads. Do it using the below command.
```
$ cp /tmp/wordpress/wp-config-sample.php /tmp/wordpress/wp-config.php
```
Now, create a directory within /var/www/html and copy the contents of the directory into your document root using the below commands.
```
$ sudo mkdir -p /var/www/html/wordpress
```
```
$ sudo cp -a /tmp/wordpress/. /var/www/wordpress
```
Now, all your files are in one place. Assign their ownership to the www-data user and group using the below command.
```
$ sudo chown -R www-data:www-data /var/www/wordpress
```
Then, give read and write permissions to your WordPress website.
```
$ sudo chmod -R 755 /var/www/html/
```
## Setup the WordPress Configuration File
Then, you need to edit the main WordPress configuration file.
You need to adjust some secret keys for the secure installation. WordPress provides a security key generation, grab secure values from it using the below command.
```
$ curl -s https://api.wordpress.org/secret-key/1.1/salt/
```
You will get a few unique values like the following.
```
define('AUTH_KEY', '1jl/vqfs photon
[updated] => 2019-02-01T12:32:44.860+0000
[created] => 2019-01-24T12:28:48.482+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => wordpress
[1] => LEMP
)
)
[88] => Array
(
[_id] => 5c49b8c0ad7df60006a9ba35
[path] => how-to-protect-your-server-against-the-shellshock-bash-vulnerability
[title] => How to Protect your Server Against the Shellshock Bash Vulnerability
[subheading] => This guide will show you how to protect your server against the shellshock bash vulnerability
[body] => ## Table of Contents
- [Introduction](#introduction
- [Check System Vulnerability](#check-system-vulnerability
- [APT GET: Ubuntu/Debian](#apt-get-ubuntu-debian
- [End of Life: Ubuntu/Debian Releases](#end-of-life-ubuntu-debian-releases
- [YUM: CentOs/Red Hat/Fedora](#yum-centos-red-hat-fedora
- [End of Life: CentOS/Red Hat/Fedora Releases](#end-of-life-centos-red-hat-fedora-releases
- [Conclusion](#conclusion
## Introduction
Shellshock is also known as Bash Bug. It is a software bug, that can allow an attacker to gain unauthorized access to the computer system. Bash acts a command language interpreter. Bash is widely used in Linux and Unix operating systems. Vulnerability potentially affects any computers running Bash. It could allow an attacker to gain control over a targeted computer if exploited. it affects Bash. Exploited systems include the following.
Apache HTTP servers that use Common Gateway Interface (CGI scripts.
Dynamic Host Configuration Protocol(DHCP clients.
OpenSSH (Secure Shell servers that use the force command.
Network exposed services that use Bash.
Shellshock vulnerability is widely spread and particularly easy to exploit, It is highly recommended that affected systems need to be correctly updated to fix the vulnerability as soon as possible. In this guide, we will show you how to test if your machines are vulnerable, if they are, how to update Bash and remove the vulnerability.
## Check System Vulnerability
On systems that run bash, you may check the system vulnerability by running the following command using Bash prompt.
```
env 'VAR=( { :;}; echo Bash is vulnerable!' 'FUNCTION(=( { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
```
Here echo Bash is vulnerable command represents where a remote attacker could inject malicious code. Bash is vulnerable and should be updated. if your bash is attacked you get the output as the following.
Bash is vulnerable!
If the output from the test command is the following, your Bash is safe from Shellshock:
![](http://
## Fix Vulnerability Update Bash
Fix the vulnerability by using the default package manager to update the version of bash. Update Bash on various Linux distributions, Ubuntu, Debian, CentOs, Red Hat, Fedora.
## APT GET: Ubuntu/Debian
Update Bash to the latest version on Ubuntu or Debian by apt-get using the following command.
```
sudo apt-get update && sudo apt-get install --only-upgrade bash
```
![](http://
Recheck system vulnerability by running the following command.
```
env 'VAR=( { :;}; echo Bash is vulnerable!' 'FUNCTION(=( { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
```
![](http://
## End of Life: Ubuntu/Debian Releases
It is considered as the end of life status if you are running a release of Ubuntu/Debian. You will have to upgrade to a supported version to use the package manager to update Bash. Upgrade to a new release by using the following command.
```
sudo do-release-upgrade
```
![](http://
Ensure that you update Bash after the upgrade is complete.
## YUM: CentOs/Red Hat/Fedora
Update Bash to the latest version on CentOs / Red Hat / Fedora by yum using the following command.
```
sudo yum update bash
```
![](http://
Recheck system vulnerability by running the following command.
```
env 'VAR=( { :;}; echo Bash is vulnerable!' 'FUNCTION(=( { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
```
![](http://
## End of Life: CentOS/Red Hat/Fedora Releases
It is considered as the end of life status if you are running a release of CentOS / Red Hat / Fedora. You will have to upgrade to a supported version to use the package manager to update Bash. Upgrade to a new release by using the following command.
```
sudo yum update
```
![](http://
Ensure that you update Bash after the upgrade is complete.
## Conclusion
Update all of your servers to the latest version of Bash.
[category] => security
[updated] => 2019-02-01T12:11:54.134+0000
[created] => 2019-01-24T13:08:16.859+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => server
[1] => security
)
)
[89] => Array
(
[_id] => 5c49cb1ead7df60006a9ba37
[path] => how-to-protect-ssh-with-fail2ban-on-ubuntu-18.04
[title] => How to Protect SSH with Fail2ban on Ubuntu 18.04
[subheading] => This guide will show you how to protect ssh with fail2ban on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Installation of Fail2ban on Ubuntu](#installation-of-fail2ban-on-ubuntu
- [Understanding the Fail2ban Configuration File](#understanding-the-fail2ban-configuration-file
- [Configuration of Fail2ban](#configuration-of-fail2ban
- [Creation of Jail Settings](#creation-of-jail-settings
- [Conclusion](#conclusion
## Introduction
[Fail2ban](https://en.wikipedia.org/wiki/Fail2ban is a utility that monitors the system logs for symptoms of an automated attack on the server. This tool blocks the IP addresses that lead to many password failures. Most important is that if we are running on the ubuntu 18.04 VPS, Fail2ban should give the server an edge that will help in fights of hackers automatically. Fail2ban can also help and add a new rule to iptables to block the IP address of the attacker which may be for a certain amount of time or permanently. Fail2ban can also alert through a mail about the occurrence of threat.
## Prerequisites
A VPS web host. You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/guides/how-to-do-initial-server-setup-with-ubuntu-18.04. Shell access will be on the Linux server.
## Installation of Fail2ban on Ubuntu
The primary step that needs to be done should be on the latest package list from the Ubuntu repository. Update the local package index so we can apt to download and install the package:
```
$ sudo apt-get update
```
```
$ sudo apt-get install fail2ban
```
Press Y and hit enter when prompted to confirm the installation.
## Understanding the Fail2ban Configuration File
Fail2ban has the default filtering rules but anyone can create their configuration file to customize different security settings depends on needs. The default configuration file (‘/etc/fail2ban/jail.conf’ can never be edited because it can be improved or can be overwritten in a distribution update.
The default behavior of fail2ban is to read ‘.conf’ first followed by ‘.local’ files.
Which means they should create their own ‘.local’ files if anyone wants their customization settings. If multiple files are needed to handle the security of each service separately and ‘.local’ files under ‘/etc/fail2ban/jail.d’ in one directory.
## Configuration of Fail2ban
Fail2ban .conf contains the default configuration profile.default settings will give reasonable working setup if the changes are to be made its best to separate file from the other suppose for example ‘fail2ban .local’, which will override ‘fail2ban .conf’. So rename that ‘fail2ban .conf’ to ‘fail2ban .local’.
```
cp /etc/fail2ban/fail2ban.conf /etc/fail2ban/fail2ban.local
```
From here we can edit the definitions :
## Loglevel
The level of detail that fail2ban logs provide can be set to 1(error, 2(warn, 3(info or 4(debug
## Logtarget
Logs action into a specific file and default value of /var/log/fail2ban log puts logging into the file.
## Creation of Jail Settings
Here, we create a default configuration file from scratch, we will copy the default configuration file and then edit the settings that we will override.
```
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
```
To edit the new configuration file, open nano editor;
```
$ sudo nano /etc/fail2ban/jail.local
```
Edit the settings under [DEFAULT] entry:
```
[DEFAULT]
....
$ bantime =10m
$ findtime =10m
$ maxretry =5
....
```
The settings above applied for every service that does not have the entries overridden in services.
## Bantime
Represents that the time that a host is banned before it can allow services to try the service again.
## Findtime
The maximum amount of time that a host should wait before the ban of a host if it has generated the maximum retries for a service.
## Maxtry
Represents the total number of failures that a host should generate before any server is banning it.
The default settings indicate that the host will be blocked for 10 minutes if it generates more than 5 failed attempts within 10 minutes.
The changes can be modified according to the needs that are needed.
Once you are done with the editing file. Press the keys CTRL+X, Y, and enter to save the file.
Below it gives the bantime, findtime, maxtry in the default settings briefly. In the default settings;
![bantime](https://grid.media/assets/images/bantime-maxretry.png
## Putting All Together:
## Installation of the Server:
```
sudo apt-get install -y openssh-server
```
## Sendmail Configurations:
To receive the email when the fail2ban is triggered adjust the settings. So the email has the following;
## Destemail
The email address would reach finally.
## Sendername
Name under which email is shown.
## Sender
The email address where the sender sends the emails.
```
$ sudo apt-get install fail2ban sendmail
```
## Sshd Configuration:
The command can be written as;
```
$ sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
```
As we have already discussed it above.
```
$ sudo vim /etc/fail2ban/jail.local
```
![fail2ban](https://grid.media/assets/images/Fail2ban-configuration-blocks.png
Above we can see the sensible Fail2ban configuration blocks and their values. Here, We can see destmail, sender and a sender name in the default settings.
The fail2ban configuration blocks and values are here. the host is banned if it generated ‘maxtry’ during its ‘findtime’.
The local file is copied over here.
## UFW
UFW is the popular and conventional firewall configuration tool that is originally from the Ubuntu distributions. The commands are commented based on the firewall rules that are ‘comment ssh’.
Install ufw
```
$ sudo ufw allow OpenSSH
```
For the enable the ufw;
```
$ sudo ufw enable
```
For the disable the ufw;
```
$ sudo ufw disable
```
The fail2ban service is being enabled on system startup.
```
$ sudo systemctl service enable fail2ban
```
The fail2ban service for its currently active. The fail2ban will now run and up. It will also have no syntax errors
```
$ sudo systemctl service start fail2ban
```
Restart the entire fail2ban server reports if any runtime errors. Fix the problems and then restart it again.
```
$ sudo fail2ban-client restart
```
The status of the server/jails will confirm.
```
$ sudo fail2ban-client status sshd
```
## Conclusion
We conclude One should able to configure some of the basic banning politics for the services. Fail2ban is very easy to set up and pleasant way to protect any kind of service that uses the authentication.
[category] => security
[updated] => 2019-02-01T12:13:51.873+0000
[created] => 2019-01-24T14:26:38.463+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => ssh
[1] => fail2ban
)
)
[90] => Array
(
[_id] => 5c66ba6aea1ada0007f22139
[path] => initial-server-setup-with-debian-9
[title] => Initial Server Setup with Debian 9
[subheading] => This guide will show you how to setup debian 9
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Initial Server Setup with Debian 9](#initial-server-setup-with-debian-9
- [Log in as a Root User](#log-in-as-a-root-user
- [Create a New User](#create-a-new-user
- [Give Root Privileges to the New User](#give-root-privileges-to-the-new-user
- [Setup a Basic Firewall](#setup-a-basic-firewall
- [Enable External Access for Your Regular User](#enable-external-access-for-your-regular-user
- [Complete Optional Configuration](#complete-optional-configuration
- [Conclusion](#conclusion
## Introduction
In this guide, we are going to explain to you how to do the initial server setup with Debian 9 and additional recommended steps that you must take to increase the usability and security of your server.
## Prerequisites
A Running Server
## Initial Server Setup with Debian 9
## Log in as a Root User
If you want to log into your server, you need your server’s IP address and the password to your root account.
Then, you can log into your server with the following command.
```
$ sudo root@38.76.11.103
```
You will get the following output.
![debianauthenticationofhost](https://grid.media/assets/images/debian9-authentication-of-host-02132019.png
Enter “YES” to confirm your authentication and add the host to known hosts.
![debianhostisadded](https://grid.media/assets/images/debian9-host-is-added-to-known-lists-02132019.png
Then, enter your password to log in as a root user.
## About Root
In Linux terminology, a Root is an administrative user with many privileges. But, you are not supposed to use it regularly. This is because of the very broad privileges of the root account and also the ability of it to make hostile changes (accidentally.
## Create a New User
You need to create a New User Account just to avoid the possibility of making hostile changes to your account.
In this guide, I am creating a new user called systemongrid, but you must replace it with your username.
```
# adduser systemongrid
```
You will be asked to answer a few questions, starting with the account password. Enter a strong password and confirm it by retyping the password. Fill the additional information for the new user if you would like. You can skip adding the information by just hitting the ENTER button. Then, you will be asked if the information is correct or not. Press Y to confirm it is correct.
![debianunixpassword](https://grid.media/assets/images/debian9-unix-password-02132019.png
## Give Root Privileges to the New User
Now, you have a new user with some basic account privileges. To use root privileges, you can not always log out the new user account and log into the root account. So, we give root privileges to the new user. This will allow the new user to use administrative privileges and run commands by adding the word ‘sudo’ before every command.
Add the new user to the “sudo” group using the below command. Because by default on Debian 9, users in the sudo group can use the sudo command.
```
# usermod -aG sudo systemongrid
```
You have added the new user to the “sudo” group and can run commands with root privileges using the sudo command.
## Setup a Basic Firewall
Even though the iptables firewall is pre-installed, Debian doesn’t recommend any specific type of firewall. But, Debian servers can use any type of firewalls to make sure only specific services are allowed. In this guide, we are going to install and use the UFW firewall.
```
# apt update
# apt install ufw
```
Upon installing UFW, different applications can register their profiles. These profiles allow UFW to manage different applications by their names.
Now, OpenSSH, a service that allows us to connect to our servers, also has a profile registered with UFW. You can check this using the below command.
```
# ufw app list
```
Output:
![debianavailableapplications](https://grid.media/assets/images/debian9-available-applications-02132019.png
Now, you must make sure that the firewall allows SSH connections so that you can log back in next time. You can do this by using the below command.
```
# ufw allow OpenSSH
```
Then, enable the firewall.
```
# ufw enable
```
Output:
![debianfirewallisactive](https://grid.media/assets/images/debian9-firewall-is-active-02132019.png
Enter “Y” and hit the ENTER button.
Now, check the status of the firewall.
```
# ufw status
```
Output:
![debianufwstatus](https://grid.media/assets/images/debian9-ufw-status-02132019.png
The firewall is currently blocking all connections except for SSH. If you install and configure some additional services, you will need to alter the firewall settings to allow the acceptable traffic in.
## Enable External Access for Your Regular User
Now, you have a new user with Root privileges for daily use. It’s time to choose whether to log into your account using a password or SSH keys authentication.
## If You Use Password Authentication
If you log into the root account using the password authentication, you can log into your new user account by opening a new terminal and using SSH with your new user account.
```
$ ssh demo@38.76.11.103
```
Then, you are prompted for the new user’s password that you configured. After this, you can log in as a new user.
And, if you want to run a command with the root privileges, you need to type sudo before it.
```
$ sudo command_to_run
```
If everything is alright, you can exit your sessions by typing
```
$ exit
```
## If You Use SSH Keys Authentication
If you log into the root account using SSH keys, the password authentication will be disabled for SSH.
You need to add your public key to the ~/.ssh/authorized_keys file in your new user account.
As your public key is already in ~/.ssh/authorized_keys file in your new user account, copy that file and directory structure to your new user account. Later, you can change the ownership of the files using the chown command.
```
# cp -r ~/.ssh /home/systemongrid
# chown -R systemongrid:systemongrid /home/systemongrid/.ssh
```
Then, open a new terminal session using ssh with your new username.
```
$ ssh demo@38.76.11.103
```
you must be logged into the new user account without the password authentication. And, if you want to run a command with the root privileges, you need to type sudo before it.
```
$ sudo command_to_run
```
If everything is alright, you can exit your sessions by typing the below command.
```
$ exit
```
## Complete Optional Configuration
To make your system more accessible, we recommend some additional steps.
## Install man Pages
Debian, in the form of man pages, provides ample manuals for most of the software. The man command is not always included by default on a very few installations. So, install the man-db packages using the below command.
```
$ sudo apt install man-db
```
Use the below command to view the manual for a component.
```
$ man command
```
For example, use the below command to view the manual for the top command.
```
$ man top
```
## Change the Default Editor
Debian offers multiple text editors, which are by default included in the base system. If you want to install any text editor other than the pre-installed ones, you can use the below command.
```
$ sudo apt install your_text_editor
```
Then, use the update-alternatives command to see the default text editors and change the selection.
```
$ sudo update-alternatives --config editor
```
Output:
![choicesforalternativeeditor](https://grid.media/assets/images/debian9-8-choices-for-the-alternative-editor-02132019.png
Enter the “selection” number for your preferred text editor in the above table. For example, we entered “1” to choose nano as our text editor.
Output:
![selecttexteditor](https://grid.media/assets/images/debian9-select-a-text-editor-02132019.png
That’s it, you have changed your default text editor.
## Conclusion
In this guide, you have learned how to do the initial server setup with Debian 9 and some additional steps that must be taken to increase the usability and security of your server.
[category] => orbit
[updated] => 2019-02-27T09:16:17.524+0000
[created] => 2019-02-15T13:11:06.857+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => orbit
[1] => debian9
)
)
[91] => Array
(
[_id] => 5c66cf77ea1ada0007f22141
[path] => initial-server-setup-with-centos-7
[title] => Initial Server Setup with CentOS 7
[subheading] => This guide will show you how to setup centos7
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Initial Server Setup with CentOS 7](#initial-server-setup-with-centos-7
- [Log in as a Root User](#log-in-as-a-root-user
- [Create a New User](#create-a-new-user
- [Give Root Privileges to the New User](#give-root-privileges-to-the-new-user
- [Add Public Key Authentication](#add-public-key-authentication
- [Configure SSH Daemon](#configure-ssh-daemon
- [Conclusion](#conclusion
## Introduction
In this guide, we are going to explain to you how to do the initial server setup with CentOS 7 and some additional recommended steps that you must take to increase the usability and security of your server.
## Prerequisites
A Running Server
## Initial Server Setup with CentOS 7
## Log in as a Root User
If you want to log into your server, you need your server’s IP address and the password to your root account.
Then, you can log into your server with the following command.
```
local$ sudo root@216.200.116.230
```
You will get the following output.
![](http://
Enter “yes” to confirm your authentication and add the host to known hosts.
![](http://
That’s it. You have successfully logged in as a root user.
## About Root
In Linux terminology, a Root is an administrative user with many privileges. But, you are not supposed to use it regularly. This is because of the very broad privileges of the root account and also the ability of it to make hostile changes (accidentally.
## Create a New User
You need to create a New User Account just to avoid the possibility of making hostile changes to your account.
In this guide, I am creating a new user called systemongrid, but you must replace it with your username.
```
# adduser systemongrid
```
Then, set a password for your user.
```
# passwd systemongrid
```
Output:
![](http://
Enter a strong password for your user and confirm the password by retyping it.
## Give Root Privileges to the New User
Now, you have a new user with some basic account privileges. To use root privileges, you can not always log out the new user account and log into the root account. So, we give root privileges to the new user. This will allow the new user to use administrative privileges and run commands by adding the word ‘sudo’ before every command.
Add the new user to the “wheel” group using the below command. Because by default on CentOS 7, users in the “wheel” group can use the sudo command.
```
# gpasswd -a systemongrid wheel
```
You have added the new user to the “wheel” group and can run commands with root privileges using the sudo command.
## Add Public Key Authentication
This step is to increase the usability and security of your server by adding public key authentication for your new user.
## Generate a Key Pair
You need to generate an SSH key pair, which consists of a public key and a private key. (If you already have generated an SSH key pair, you can skip to the next step, Copy the Public Key.
Generate an SSH key pair using the below command.
```
$ ssh-keygen
```
In this guide, we are using the user, systemongrid. So, the output will look like this.
Output:
![](http://
Then, you will be asked to enter a passphrase for additional security. You can either enter a strong passphrase or leave it blank.
![](http://
## Copy the Public Key
Now, you must place the public key on your server.
Then, copy the public key into the authorized_keys file in your new machine by using an ssh-copy-id command.
```
$ ssh-copy-id systemongrid@216.200.116.230
```
You will get the following output.
![](http://
This message helps you to make sure that you have not added any extra keys and this is the first time you are connecting to a new host. Type yes, press ENTER to continue. Then, Enter your password to see something like the following.
![](http://
Now, your public key is added to the remote user’s .ssh/authorized_keys file. You can use the corresponding private key to log into your server.
## Configure SSH Daemon
Now you have a new user account, you can increase the security to your server by altering its SSH daemon configuration to disallow remote SSH access to the root account.
For that, as a root user, open the configuration file in your text editor.
```
# vi /etc/ssh/sshd_config
```
Within the file, find the line that looks like the following.
```
#PermitRootLogin yes
```
Uncomment the line by removing “#” and replace “yes” with “no”. (It should look like the following.
```
PermitRootLogin no
```
Then, save and close the file.
Now, restart the SSH service to apply the changes that you have made to the configuration file.
```
# systemctl reload sshd
```
Before logging out of the server, let’s confirm if the new connections are established successfully. For this, log into your new user account by opening a new terminal and using SSH with your new user account.
Then, you are prompted for the new user’s password that you configured. After this, you can log in as a new user.
And, if you want to run a command with the root privileges, you need to type sudo before it.
```
$ sudo command_to_run
```
If everything is alright, you can exit your sessions by typing
```
$ exit
```
## Conclusion
In this guide, you have learned how to do the initial server set up with CentOS 7 and some additional steps that must be taken to increase the usability and security of your server.
[category] => orbit
[updated] => 2019-02-22T04:51:31.954+0000
[created] => 2019-02-15T14:40:55.754+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => orbit
[1] => centos7
)
)
[92] => Array
(
[_id] => 5c6c1e8cad7df60006a9bc55
[path] => how-to-setup-master-slave-replication-in-mysql
[title] => How to Setup Master-Slave Replication in MySQL
[subheading] => This guide will show you how to setup master slave replication in mysql
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [How To Setup Master-Slave Replication in MySQL](#how-to-setup-master-slave-replication-in-mysql
- [Configuring Master Database](#configuring-master-database
- [Configuring Slave Database](#configuring-slave-database
- [Conclusion](#conclusion
## Introduction
MySQL replication is a process of enabling data from one database server (master to be copied to one or more database servers (slaves automatically. It is commonly used to get read access to multiple database servers for flexibility. It is also used to analyze data on the slave servers to overload the master server.
In this guide, you are going to learn how to set up master-slave replication in MySQL. We use the following IP address to explain you the procedure.
Master Database - 192.168.32.17
Slave Database - 192.168.32.18
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
You should have installed MySQL by following our guide, Install MySQL.
## How To Setup Master-Slave Replication in MySQL
## Configuring Master Database
Open the MySQL configuration file in a text editor on your master server.
```
$ sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
```
You need to make a few changes within the configuration file.
Find the following line within the file.
```
bind-address = 127.0.0.1
```
Replace the default IP address with your server IP address.
```
bind-address = 192.168.32.17
```
Now, you need to uncomment the server-id line located in the mysqld section. You can choose any number for your server-id but make sure that it won’t match any other server-id in your replication group. We are fine with its default number 1.
```
server-id = 1
```
Now, you need to uncomment the log_bin line where the actual details of the replication are kept. The slave copies all the changes that are registered in the log.
```
log_bin = /var/log/mysql/mysql-bin.log
```
Now, its time to designate the database that will be replicated on the slave server. You can include any number of databases just by repeating the following line for each of your databases.
```
binlog_do_db = newdatabase
```
Then, save and exit the configuration file.
Refresh the MySQL.
```
$ sudo service mysql restart
```
Now, open the MySQL shell.
```
$ sudo mysql
```
Grant privileges to the slave using the below command.
```
mysql> GRANT REPLICATION SLAVE ON *.* TO 'slave_user'@'%' IDENTIFIED BY 'password';
```
Apply the changes with the command:
```
mysql> FLUSH PRIVILEGES;
```
Switch to the “newdatabase” using the command:
```
mysql> USE newdatabase;
```
Lock the database to prevent new changes.
```
mysql> FLUSH TABLES WITH READ LOCK;
```
Check the status of your master server.
```
mysql> SHOW MASTER STATUS;
```
Output
![showmaster](https://grid.media/assets/images/show-master-02132019.png
The slave database will start replication from this position. Note down the numbers as you need to use them later.
Don’t make new changes in the same tab/window because it can unlock the database automatically. So, open a new tab/window and run the following commands.
Export your database in the new tab/window using the below command.
```
$ sudo mysqldump -u root -p --opt newdatabase > newdatabase.sql
```
Then, return to the previous tab/window, unlock the databases and exit the MySQL shell.
```
mysql> UNLOCK TABLES;
mysql> QUIT;
```
## Configuring Slave Database
To configure the slave database, you need to log into your slave server. Then, open the MySQL shell using the below command.
```
$ sudo mysql
```
Create the new database that you want to replicate from the master database and exit the MySQL shell.
```
mysql> CREATE DATABASE newdatabase;
mysql> EXIT;
```
Now, import the database from the master database.
```
$ sudo mysql -u root -p newdatabase < /path/to/newdatabase.sql
```
Configure the slave configuration as you did in the master configuration step.
```
$ sudo vi /etc/mysql/mysql.conf.d/mysqld.cnf
```
Now, you need to uncomment the server-id line located in the mysqld section. As we already mentioned that the server-id should be unique, change its default number to something different.
```
server-id = 2
```
Now, you need to add the relay-log line, uncomment the log_bin line and change the binlog_do_db value to newdatabase.
```
relay-log = /var/log/mysql/mysql-relay-bin.log
log_bin = /var/log/mysql/mysql-bin.log
binlog_do_db = newdatabase
```
Then, save and exit the configuration file.
Restart the MySQL once again
```
$ sudo service mysql restart
```
Now, you need to enable the replication within the MySQL shell. To do this, open the MySQL shell, run the below command by replacing the values with your values.
```
$ sudo mysql
```
```
mysql> CHANGE MASTER TO MASTER_HOST='192.168.32.18',MASTER_USER='slave_user', MASTER_PASSWORD='password', MASTER_LOG_FILE='mysql-bin.000001', MASTER_LOG_POS= 775;
```
Then, exit the MySQL shell.
```
mysql> EXIT;
```
## Conclusion
Now, you have an idea about how to set up master-slave replication in MySQL. The MySQL replication has tremendous options, and we explained it briefly.
[category] => orbit
[updated] => 2019-02-27T09:17:30.498+0000
[created] => 2019-02-19T15:19:40.469+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mysql
[1] => orbit
)
)
[93] => Array
(
[_id] => 5c6c26aead7df60006a9bc56
[path] => how-to-secure-nginx-with-let's-encrypt-on-debian-9
[title] => How to Secure Nginx with Let's Encrypt on Debian 9
[subheading] => This guide will show you how to secure nginx with lets encrypt on debian
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Secure Nginx with Let’s Encrypt on Debian 9](#secure-nginx-with-let-s-encrypt-on-debian-9
- [Install Certbot](#install-certbot
- [Setup Nginx](#setup-nginx
- [Allow HTTPS Through The Firewall](#allow-https-through-the-firewall
- [Obtain an SSL Certificate](#obtain-an-ssl-certificate
- [Verify Certbot Auto-Renewal](#verify-certbot-auto-renewal
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to obtain SSL certificate using Certbot, how to secure Nginx with Let’s Encrypt on Debian 9 and how to renewal SSL certificate automatically.
[Let’s Encrypt](https://letsencrypt.org/ is an automated certificate authority (CA, provided by the [Internet Security Research Group (ISRG](https://www.abetterinternet.org/about/, that provides an easy way to obtain and install free SSL/TLS certificates. Thus, it provides an easy way to encrypt HTTPS on web servers for free in the most user-friendly way possible. It makes the process easy by providing a client, [Certbot](https://certbot.eff.org/ that automates most of the necessary steps. The entire process is fully automated on the Nginx web server.
## Prerequisites
You should have access to a Debian 9 server and created a non-root user account with the sudo privileges. You can do this by following our guide, [Initial server setup with Debian 9](https://systemongrid.com/support/guides/initial-server-setup-with-debian-9.
You should have installed Nginx on Debian 9. You can do this by following our guide, How to Install Nginx on Debian 9.
You must own or have access to a registered domain that you wish to use SSL/TLS certificate with. In this guide, we use systemongrid.tk to explain you the process.
You must have created a record that points your domain to the public IP address of your server. This is because to make Let’s Encrypt validate that you are the owner of the domain it is issuing an SSL/TLS certificate for.
## Secure Nginx with Let’s Encrypt on Debian 9
## Install Certbot
The first step in obtaining an SSL/TLS certificate using Let’s Encrypt is installing Certbot software on your server. Install the updated version of Certbot by enabling the Debian 9 backports repository in the /etc/apt/sources.list.
Open the /etc/apt/sources.list in your text editor to add the backports repository.
```
$ sudo vi /etc/apt/sources.list
```
Check for the following lines at the bottom of the file.
```
...
deb http://deb.debian.org/debian stretch-backports main contrib non-free
deb-src http://deb.debian.org/debian stretch-backports main contrib non-free
```
If you have the above two lines within the file, uncomment them by removing “#” before them. If you don’t have, add them at the bottom of the file.
Then, save and close the file.
To know the new repository’s package information, update the package list using the following command.
```
$ sudo apt update
```
Then, install Certbot using the apt command. Enter “Y” when you are asked if you want to continue the installation.
```
$ sudo apt install python-certbot-nginx -t stretch-backports
```
Now, the software client, Certbot is ready to use.
## Setup Nginx
To automatically configure SSL for Nginx, Certbot needs to find the correct server block in your configuration. It does the process by looking for a server_name directive that matches with your domain you are requesting an SSL certificate for.
To update, open the configuration file in your text editor.
```
$ sudo vi /etc/nginx/sites-available/default
```
Find the server_name line in the file, /etc/nginx/sites-available/default.
```
server_name localhost;
```
Place your domain name in the place of localhost.
```
server_name systemongrid.tk www.systemongrid.tk;
```
Then, save the file.
Check the syntax of your configuration edits with the following command.
```
$ sudo nginx -t
```
Output
![nginxsyntaxok](https://grid.media/assets/images/nginx-configuration-file-syntax-is-ok-02132019.png
If you get no errors, reload Nginx for the new configuration
```
$ sudo service nginx reload
```
Now, the Certbot can find the correct server block. Update it.
## Allow HTTPS Through The Firewall
Chances are you have enabled the [ufw firewall](https://systemongrid.com/support/guides/how-to-setup-a-firewall-with-ufw-on-an-ubuntu-and-debian-cloud-server recommended in the prerequisites guides. If you have done that, you will have to adjust the settings to allow for HTTPS traffic.
You can see the current ufw setting by using the following command.
```
$ sudo ufw status
```
You will get an output something like the below.
Output
![nginxufwstatus](https://grid.media/assets/images/nginx-lets-encrypt-ufw-status-02132019.png
If your ufw status is inactive, use the following command to activate it.
```
$ sudo ufw enable
```
Now, to let in HTTPS traffic, allow the Nginx full profile and delete the unnecessary Nginx HTTP profile allowance.
```
$ sudo ufw allow 'Nginx Full'
$ sudo ufw delete allow 'Nginx HTTP'
```
Now, check the status of the ufw.
```
$ sudo ufw status
```
Output
![deletenginxhttp](https://grid.media/assets/images/delete-nginx-http-02132019.png
That’s it. You have successfully allowed the Nginx Full (HTTPS traffic and deleted the Nginx HTTP through the firewall.
## Obtain an SSL Certificate
Certbot provides many plugins to obtain SSL certificates. The Nginx plugin takes care of re-configuring Nginx and reloading the configuration whenever it is necessary.
```
$ sudo certbot --nginx -d systemongrid.tk -d www.systemongrid.tk
```
The above command runs the Certbot with the Nginx plugin using -d to specify the domain name that you are requesting the certificate for.
If this is the first that you are running Certbot, you will be asked to enter your email address and agree to the terms and conditions of the service. Enter “A” to agree and then hit the ENTER button.
![nginxtermsofservice](https://grid.media/assets/images/nginx-lets-encrypt-terms-of-service-02132019.png
Then, you will be asked if you are willing to share your email address with the Electronic Frontier Foundation that develops Certbot. Enter “Y” to agree and then hit the ENTER button.
![nginxshareemailaddress](https://grid.media/assets/images/nginx-share-email-address-with-eff-02132019.png
Then, Certbot communicates with the Let’s Encrypt and runs a challenge to verify if you own or have control over the domain that you are requesting an SSL certificate for.
If this is successful, Certbot will ask you to configure your HTTPS settings. Choose one option, then hit ENTER. The configuration will be updated. Nginx will be reloaded and pick the new settings.
Output
![nginxredirect](https://grid.media/assets/images/nginx-redirect-http-traffic-to-https-02132019.png
Then, Certbot will show you a message telling you that the process was successful and the path where the certificates are stored.
Output
![nginxcertificate](https://grid.media/assets/images/nginx-lets-encrypt-certificate-02132019.png
## Verify Certbot Auto-Renewal
The SSL certificates issued by Let’s Encrypt are valid only for 90 days. The certbot runs certbot renew via a systemd timer twice a day to take care of the auto-renewal process. On non-systemd distributions, the process is provided by a script that is placed in /etc/cron.d. This task renews any certificate that is within 30 days of the expiration date.
Use the following command to test the renewal process.
```
$ sudo certbot renew --dry-run
```
You are all set if you see no errors.
If the auto-renewal process fails, Let’s Encrypt will send you the email, you have specified, when your certificate is about to expire.
## Conclusion
You have successfully obtained an SSL certificate using Certbot, secured Nginx with Let’s Encrypt on Debian 9 and renewed SSL certificate automatically.
[category] => security
[updated] => 2019-02-22T05:00:15.667+0000
[created] => 2019-02-19T15:54:22.429+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => nginx
[1] => orbit
[2] => debian9
)
)
[94] => Array
(
[_id] => 5c6c2e633b2e4a000653f4e8
[path] => how-to-operate-cron-to-automate-functions-on-a-vps
[title] => How to Operate Cron to Automate Functions on a VPS
[subheading] => This guide will show you how to operate cron to automate functions on a vps
[body] => ## Table of Contents
- [Introduction](#introduction
- [Installing Cron](#installing-cron
- [Cron Configuration](#cron-configuration
- [Restricting Cron Access](#restricting-cron-access
- [Conclusion](#conclusion
## Introduction
The standard procedure to run functions on Linux machines at the background is using [Cron jobs](https://en.wikipedia.org/wiki/Cron. They are common to be useful for organizing functions on the VPS and also for automating different conservation-related jobs. ‘Cron’ is fundamental, a daemon/program, which executes in the background. The conventional for the different jobs so that the actions run in a configuration file is called ‘crontab’.
## Installing Cron
Practically all distribution will have some form of default Cron installed. Yet, if you are with a system it doesn’t exist, now you can install by using below commands.
## For Ubuntu/Debian:
```
sudo apt-get update
sudo apt-get install cron
```
## For CentOS/Red Hat Linux:
```
sudo / sbin / chkconfig crond on
sudo / sbin/service crond start
```
## Cron Syntax
At below you have an example task to run.
```
5 * * * * curl http://www.google.com
```
The syntax for some other different jobs you will be placed at crontab it look ’s aggressive. It will actually be very concise and easy-to-define if you happen to know how to do it.
The command is crippled down into:
### Schedule
### command
Basically, the command could be run on any command line. The arranged components of the syntax divided into five different choices for arranging the following order:
### minute
### hour
### day of the month
### month
### day of the week
## Examples for Cron
List of examples for some similar schedules you might see while configuring corn.
For every minute command execute:
```
* * * * *
```
For every 12 minutes command executes on an hour:
```
12 * * * *
```
For every 15 minutes command executes you can also use different options for different placeholder:
```
0,15,30,45 * * * *
```
For everyday command execution at 4:00 am, you can use:
```
0 4 * * *
```
To execute a command every Tuesday at 4:00 am, you can use:
```
0 4 * * 2
```
You may also use division at your schedule, instead of listing out 0,15,30,45, you may also using below.
```
*/4 2-6 * * *
```
Note: This command runs in between 2:00 am to 6:00 am as we placed the range “2-6”
## Cron Configuration
On the VPS, after where you settle down with a schedule and then you have an idea about the job, you would like to run for that you need an area to place it in your program to able to read it.
Now you are going to choose some different places, although the most common is the user’s crontab. If you remain, this particular file which holds the no. of jobs through the Cron is going to execute them.
For every user, the files are located at ‘/var/spool/cron/crontab’, even they are not able to modify directly, here it's better to use the crontab command.
By using the below command you can modify your crontab
```
crontab -e
```
It will open a text editor where you may input your schedule on a new line for each job.
To open your crontab but you can’t modify it, use the below command:
```
crontab -l
```
To delete your crontab use the command below:
```
crontab -r
```
If you appeared to be a privileged user, you may edit a different user's when established.
```
crontab –u -e
```
For each Cron job that executed, where user email address linked along with that user only get the output through the same email. where you directed into expected into the log file or ‘/dev/null’.
Unless it provides mail, should be manually specified to ‘MAILTO’ setting at the top of crontab. Through the home directory, the Cron binary should be placed by using the below example.
```
Crontab –e
```
Then, edit it like below
![crontab](https://grid.media/assets/images/crontab-02132019.png
This particular job output is shown as same:
```
“Run this command every minute.”
```
The belonging output is going to email for every minute to the email address which you specified.
As we mentioned but, it is an ideal situation you may also pipe the output into an empty location or to your logfile to get prevent email using for output.
Follow the below to add logfile:
```
* * * * * echo ‘Run this command every minute’ >> file.log Note “>>” adds to a file.
```
For suppose if you want to pipe into an empty location use ‘/dev/null’. Which belongs to the PHP script and executed in the background.
```
* * * * * /usr/bin/php /var/www/domain.com/backup.php > /dev/null 2>&1
```
## Restricting Cron Access
To restrict the access Cron is very simple with the ‘/etc/cron.allow’ and ‘/etc/cron.deny’ files.
To allow or deny a user then you just simply place their username at one of those files which need a permit. Most of the Cron programs will assume that all users have access to Cron except if any one of these exists.
```
echo ALL >>/etc/cron.deny
echo tdurden >>/etc/cron.allow
```
Now, you may remove all users by using ‘all’ to the ‘deny’ file. Next, attach a username to the allow file. To execute the Cron jobs add the user access.
## Special Syntax for Cron
To make administrating little easier you may add no. of shorthand commands which you may use in your crontab. It is a regular shortcut for the equivalent numeric is specified.
```
@hourly – Shorthand for 0 * * * *
@daily – Shorthand for 0 0 * * *
@weekly – Shorthand for 0 0 * * 0
@monthly – Shorthand for 0 0 1 * *
@yearly – Shorthand for 0 0 1 1 *
```
you need to run the command ‘@reboot” at the startup
Note: Not all Cron programs will define this syntax, especially old versions need to double-check this works so you don’t calculate on it.
In order to have a job which executes on startup, after modifying your crontab file then insert a line in the file which as shown below
```
@reboot echo “System startup”
```
This particular command runs the output and shared with the user specified mail in the crontab.
## Conclusion
Now you have an idea of how to operate Cron jobs and you’re done automating your functions using Cron on VPS.
[category] => orbit
[updated] => 2019-02-22T05:02:36.004+0000
[created] => 2019-02-19T16:27:15.652+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => cron
[1] => vps
[2] => orbit
)
)
[95] => Array
(
[_id] => 5c6d54abad7df60006a9bc79
[path] => how-to-install-nginx-on-debian-9
[title] => How to Install Nginx on Debian 9
[subheading] => This guide will show you how to install nginx on debian
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install Nginx on Debian 9](#install-nginx-on-debian-9
- [Install Nginx](#install-nginx
- [Adjust the Firewall](#adjust-the-firewall
- [Check Your Web Server](#check-your-web-server
- [Manage the Nginx Services and Units](#manage-the-nginx-services-and-units
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to install Nginx on Debian 9.
[Nginx](https://www.nginx.com/ was created by Igor Sysoev as an answer to the challenge of handling 10 thousand client connections all at the same time. It was first publicly released in 2004. It is a web server which can also be used as an HTTP cache, load balancer, reverse proxy, and mail proxy.
Nginx has become popular for its lightweight utilization and ability to scale quickly on minimal hardware. It uses non-synchronized and event-driven architecture to cope with huge loads. It is often chosen by administrators for its responsiveness under huge loads and resource efficiency.
## Prerequisites
Before installing Nginx, you should have access to Debian 9 and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Debian 9](https://systemongrid.com/support/guides/initial-server-setup-with-debian-9.
## Install Nginx on Debian 9
## Install Nginx
Before installing Nginx, update the available packages using the apt command.
```
$ sudo apt update
```
By default, Debian has Nginx in its default repositories. You can download and install Nginx from the default repositories using the apt command.
```
$ sudo apt install nginx
```
You will be asked if you want to continue the Nginx installation. Enter “Y” and then hit the ENTER button to continue the installation.
## Adjust the Firewall
Get the list of applications that UFW knows using the below command.
```
$ sudo ufw app list
```
Output:
![nginxufwavailableapplications](https://grid.media/assets/images/nginx-ufw-available-applications-02132019.png
In the above output, you can see that there are three available applications for Nginx.
### The “Nginx Full” application opens both port 80 (which is normal and unencrypted web traffic and port 443 (which is a TLS/SSL encrypted traffic.
### The “Nginx HTTP” application opens only port 80 (which is normal and unencrypted web traffic.
### The “Nginx HTTPS” application opens only port 443 (which is a TLS/SSL encrypted traffic.
In this guide, you need to open only port 80. To do so, use the below command. ‘
```
$ sudo ufw allow 'Nginx HTTP'
```
Then, enable the firewall.
```
$ sudo ufw enable
```
Output:
![nginxfirewallisactive](https://grid.media/assets/images/nginx-firewall-is-active-02132019.png
Enter “Y” and hit the ENTER button.
Now, check the status of the firewall.
```
$ sudo ufw status
```
Output:
![nginxufwstatus](https://grid.media/assets/images/ufw-status-http-traffic-allowed-02132019.png
The firewall is currently allowing in only HTTP traffic. If you install and configure some additional services, you will need to alter the firewall settings to allow the acceptable traffic in.
## Check Your Web Server
Check the status of the Nginx service you have installed using the below command.
```
$ systemctl status nginx
```
Output:
![nginxdebianstatus](https://grid.media/assets/images/nginx-debian-status-02132019.png
Alternatively, you can also check if your server is up and running by accessing your public IP address or server’s domain name.
Find your public IP address using the below command if you don’t know the IP address and don’t have a domain name pointed at your server.
```
$ ip addr show ens3 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
```
As an alternative, you can also use the below command to know your public IP address.
```
$ curl -4 icanhazip.com
```
You will get your public IP address as an output. Type the server domain or IP address in a web browser. It should direct to the Nginx’s default landing page.
```
http://server_domain_or_IP_address
```
Output:
![welcometonginx](https://grid.media/assets/images/welcome-to-nginx-debian-02132019.png
## Manage the Nginx Services and Units
Debian installs Nginx as a systemd service. For all the service management tasks, the target unit is service units with .service suffix. But, you can leave .service suffix for most of the service management commands as systemd can know that you want to operate on a service.
Use the below command to stop the Nginx service.
```
$ sudo systemctl stop nginx
```
Use the below command to start the Nginx service.
```
$ sudo systemctl start nginx
```
Use the below command to restart the Nginx service.
```
$ sudo systemctl restart nginx
```
Use the below command to reload the Nginx service.
```
$ sudo systemctl reload nginx
```
Use the below command to disable the Nginx service.
```
$ sudo systemctl disable nginx
```
Use the below command to enable the Nginx service.
```
$ sudo systemctl enable nginx
```
## Conclusion
In this guide, you have learned how to install Nginx on Debian 9 and how to manage the Nginx services and units.
[category] => orbit
[updated] => 2019-02-22T05:04:05.111+0000
[created] => 2019-02-20T13:22:51.895+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => nginx
[1] => debian9
[2] => orbit
)
)
[96] => Array
(
[_id] => 5c6d591c3b2e4a000653f512
[path] => how-to-install-nginx-on-centos-7
[title] => How To Install Nginx on CentOS 7
[subheading] => This guide will show you how to install nginx on centos
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Add Nginx Repository](#add-nginx-repository
- [Install Nginx](#install-nginx
- [Start Nginx](#start-nginx
- [Server Root and Configuration](#server-root-and-configuration
- [Conclusion](#conclusion
## Introduction
[Nginx](https://www.nginx.com/ is the popular web server in the world and it is the backbone for hosting most significant sites on the web. It is used as a reverse proxy and it is user-friendly then Apache.
In this guide, we have discussed Installing Nginx on CentOS 7 server.
## Prerequisites
Before installing Nginx, you should possess regular user with sudo privileges configured on the server.
You have to do the [Initial Server Setup with CentOS 7](https://systemongrid.com/support/guides/initial-server-setup-with-centos-7.
## Add Nginx Repository
Follow the below command to add the CentOS 7 EPEL repository.
```
$ sudo yum install epel-release
```
## Install Nginx
Now Nginx repository is installed on your server, Now to install Nginx use the below command.
```
$ sudo yum install nginx
```
Now you will get a prompt, and you have to answer by entering yes, finish your installation on your virtual private server(VPS.
## Start Nginx
You have to start Nginx by entering below command.
```
$ sudo systemctl start nginx
```
Run the below commands to allow HTTP and HTTPS traffic, If you are running a firewall.
```
$ sudo firewall-cmd --permanent --zone=public --add-service=http
$ sudo firewall-cmd --permanent --zone=public --add-service=https
$ sudo firewall-cmd --reload
```
You can check whether the Nginx is installed on your server or not by entering the IP Address in your web browser.
```
http://server_domain_name_or_IP/
```
You will see the below output.
![welcometonginxcentos](https://grid.media/assets/images/welcome-to-nginx-centos-02132019.png
Now, Your server is installed correctly. Now you have to enable Nginx to start when your system boots. Use the below command to do:
```
$ sudo systemctl enable nginx
```
Now your Nginx is installed and running.
To find your server’s public IP Address, find the network interfaces on your machine by entering below command.
```
ip addr
```
Now you can see the number of interfaces available on your server.
![nginxcentosipaddress](https://grid.media/assets/images/nginx-centos-ip-addr-02132019.png
In the above output, the lo interface is a local loopback interface, which is not we required. The etho interface is required.
Enter the interface name in the below command to know your server’s public IP address.
```
ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//'
```
## Server Root and Configuration
Now we have to know the locations of the Nginx configuration files and default server root directory.
## Default Server Root
The default server root directory is /usr/share/nginx/html. Files which are placed in that server on your web server. This location is specified in the default server block configuration file, that ships with nginx, that is located in /etc/nginx/conf.d/default.conf.
## Server Block Configuration
Virtual hosts in Apache can be added by creating new configuration files in
/etc/nginx/conf.d.
Files which are ended with .conf in that directory will be loaded when nginx is started.
## Nginx Global Configuration
The main Nginx Configuration file is located at /etc/nginx/nginx.conf.
## Conclusion
In this guide, we have described how to install Nginx on CentOS 7.
[category] => orbit
[updated] => 2019-02-22T05:05:06.770+0000
[created] => 2019-02-20T13:41:48.649+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => nginx
[1] => centos7
[2] => orbit
)
)
[97] => Array
(
[_id] => 5c6d6035ad7df60006a9bc7c
[path] => how-to-install-mongodb-on-debian-9
[title] => How to Install MongoDB on Debian 9
[subheading] => This guide will show you how to install mongodb on debian
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Installing MongoDB](#installing-mongodb
- [Checking the Service and Database](#checking-the-service-and-database
- [Managing the MongoDB Service](#managing-the-mongodb-service
- [Adjusting the Firewall](#adjusting-the-firewall
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to install MongoDB on Debian 9.
[MongoDB](https://www.mongodb.com/ is an open-source NoSQL database used in web applications to store the data in the form of key-value pairs.
It provides high scalability and flexibility including data management and data modeling. It also has an advanced feature of Auto-Scaling. Since MongoDB is a cross-platform database, you can install it in different operating systems like Linux, Windows etc.
## Prerequisites
You should have access to a Debian 9 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup on Debian 9](https://systemongrid.com/support/guides/initial-server-setup-with-debian-9 including a sudo-enabled non-root user and a firewall.
## Installing MongoDB
We have to install the official MongoDB repository. First of all, we have to add MongoDB signing key with apt-key add. Now we have to make sure that curl command to be installed before.
```
$ sudo apt install curl
```
Now we have to download the key and pass it to apt-key add. To do that follow the below command.
```
$ curl https://www.mongodb.org/static/pgp/server-4.0.asc | sudo apt-key add -
```
Now you have to create a source list for the MongoDB repo, For that apt knows where to download from. First, open the source list file in a text editor using below command.
```
$ sudo vi /etc/apt/sources.list.d/mongodb-org-4.0.list
```
Now you will get an empty file, copy the below text and paste it.
```
deb http://repo.mongodb.org/apt/debian stretch/mongodb-org/4.0 main
```
Now save and close the file and update your package cache by using below command.
```
$ sudo apt update
```
Now install the mongodb-org package to install the server and supporting tools by using below command.
```
$ sudo apt-get install mongodb-org
```
Now you have to enable and start the mongod service to get your MongoDB database running.
```
$ sudo systemctl enable mongod
$ sudo systemctl start mongod
```
Now installed and started the latest version of MongoDB. Let’s verify that the server is running and works correctly.
## Checking the Service and Database
Now, it’s time for you to verify if the MongoDB service is active and running.
Use the below command to check the status of the MongoDB service.
```
$ sudo systemctl status mongod
```
![mongodbdebianstatus](https://grid.media/assets/images/mongodb-debian-status-02132019.png
The above output shows that the MongoDB service is active and running.
You can verify the MongoDB database by connecting to the database server and executing the following diagnostic command.
```
$ mongo --eval 'db.runCommand({ connectionStatus: 1 }'
```
![mongodbconnectionstatus](https://grid.media/assets/images/mongodb-debian-connection-status-02132019.png
In the above output, you will get the current MongoDB shell version, the server address, and the status of the server. The value of “1” for the “ok” indicates the MongoDB server is active and running properly.
## Managing the MongoDB Service
In Debian, the MongoDB comes as a systemd service. So, you need to use systemctl to manage systemd services.
Use the status command to verify the status of the systemd service.
```
$ sudo systemctl status mongod
```
Use the stop command to stop the currently running systemd service.
```
$ sudo systemctl stop mongod
```
Use the start command to start the systemd service.
```
$ sudo systemctl start mongod
```
Use the restart command to restart the systemd service.
```
$ sudo systemctl restart mongod
```
In Debian, MongoDB is configured to start automatically along with the server. Use the disable command to disable the automatic startup.
```
$ sudo systemctl disable mongod
```
Use the enable command to enable the automatic startup.
```
$ sudo systemctl enable mongod
```
## Adjusting the Firewall
In the prerequisites, we recommended you to follow our guide, Initial Server Setup with Debian 9. If you have followed the guide and enabled the firewall, you can’t access your MongoDB server from the internet. We recommended this assuming that you are intended to use the MongoDB server locally.
If you want to access the MongoDB server from the internet, you will need to allow the incoming connections in ufw to connect to your MongoDB server from the internet. But, accessing the MongoDB server on a default installation is not secure because spammers can get access to the database server and its data.
So, to access your MongoDB server securely from the internet, you need to allow access to its default port, 27017 and mention the IP address of the server that you allowed to connect.
```
$ sudo ufw allow from IP_address/32 to any port 27017
```
Now you can verify the change in firewall settings with ufw:
```
$ sudo ufw status
```
Now, check the status of the ufw. You must see traffic to port 27017 is allowed along with the IP address of your server
![mongodbdebianufwstatus](https://grid.media/assets/images/mongodb-debian-ufw-status-02132019.png
If you want to know the advanced firewall settings to restrict access, follow our guide, UFW Essentials: Common Firewall Rules and Commands.
MongoDB listens on the local address, 127.0.0.1 even though the port is open. So, to allow remote connections, you need to add the IP address of your server to the MongoDB configuration file.
```
$ sudo vi /etc/mongodb.conf
```
Replace your IP address in the place of 216.200.116.235.
```
. . .
# network interfaces
net:
port: 27017
bindIp: 127.0.0.1,your_server_ip
. . .
```
Then, save and exit the file.
Restart MongoDB to make the changes effective.
```
$ sudo systemctl restart mongod
```
## Conclusion
In this guide, you have learned how to install MongoDB on Debian 9 and to allow the incoming connections in ufw to connect to your MongoDB server from the internet.
[category] => photon
[updated] => 2019-02-25T10:12:09.114+0000
[created] => 2019-02-20T14:12:05.879+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mongodb
[1] => debian9
[2] => orbit
)
)
[98] => Array
(
[_id] => 5c6d6aeaea1ada0007f22196
[path] => how-to-install-mongodb-on-ubuntu-18.04
[title] => How to Install MongoDB on Ubuntu 18.04
[subheading] => This guide will show you how to install mongodb on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install MongoDB on Ubuntu 18.04](#install-mongodb-on-ubuntu-18-04
- [Install MongoDB](#install-mongodb
- [Check MongoDB Service and Database](#check-mongodb-service-and-database
- [Manage MongoDB Service](#manage-mongodb-service
- [Adjust the Firewall - Optional](#adjust-the-firewall-optional
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to install MongoDB on Ubuntu 18.04.
[MongoDB](https://www.mongodb.com/ is an open-source NoSQL database used in web applications to store the data in the form of key-value pairs. It provides high scalability and flexibility including data management and data modeling. It also has the advanced feature of Auto-Scaling. Since MongoDB is a cross-platform database, you can install it in different operating systems like Linux, Windows etc.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## Install MongoDB on Ubuntu 18.04
## Install MongoDB
By default, Ubuntu includes the updated version of MongoDB in its package repositories.
Update the packages using the “apt” command to get the latest version of the repository listings.
```
$ sudo apt update
```
Now, install the MongoDB package using the “apt” command.
```
$ sudo apt install mongodb
```
With this, you have installed the latest version of MongoDB with some essential management tools for the MongoDB server.
## Check MongoDB Service and Database
Now, its time for you to verify if the MongoDB service is active and running.
Use the below command to check the status of the MongoDB service.
```
$ sudo systemctl status mongodb
```
Output:
![mongodbstatus](https://grid.media/assets/images/mongodb-status-02132019.png
The above output shows that the MongoDB service is active and running.
You can verify the MongoDB database by connecting to the database server and executing the following diagnostic command.
```
$ mongo --eval 'db.runCommand({ connectionStatus: 1 }'
```
Output:
![mongodbshellversion](https://grid.media/assets/images/mongodb-shell-version-02132019.png
In the above output, you will get the current MongoDB shell version, the server address, and the status of the server. The value of “1” for the “ok” indicates - the MongoDB server is active and running properly.
## Manage MongoDB Service
In Ubuntu, the MongoDB comes as a systemd service. So, you need to use systemctl to manage the systemd services.
Use the status command to verify the status of the systemd service.
```
$ sudo systemctl status mongodb
```
Use the stop command to stop the currently running systemd service.
```
$ sudo systemctl stop mongodb
```
Use the start command to start the systemd service.
```
$ sudo systemctl start mongodb
```
Use the restart command to restart the systemd service.
```
$ sudo systemctl restart mongodb
```
In Ubuntu, MongoDB is configured to start automatically along with the server. Use the disable command to disable the automatic startup.
```
$ sudo systemctl disable mongodb
```
Use the enable command to enable the automatic startup.
```
$ sudo systemctl enable mongodb
```
## Adjust the Firewall - Optional
In the prerequisites, we recommended you to follow our guide, Initial Server Setup with Ubuntu 18.04. If you have followed the guide and enabled the firewall, you can’t access your MongoDB server from the internet. We recommended this assuming that you are intended to use the MongoDB server locally.
If you want to access the MongoDB server from the internet, you will need to allow the incoming connections in ufw to connect to your MongoDB server from the internet. But, accessing MongoDB server on a default installation is not secure because spammers can get access to the database server and its data.
So, to access your MongoDB server securely from the internet, you need to allow access to its default port, 27017 and mention the IP address of the server that you allowed to connect.
```
$ sudo ufw allow from IP_address/32 to any port 27017
```
Now, check the status of the ufw. You must see traffic to port 27017 is allowed along with the IP address of your server.
Output:
![mongodbufwstatus](https://grid.media/assets/images/mongodb-ufw-status-02132019.png
If you want to know the advanced firewall settings to restrict access, follow our guide, UFW Essentials: Common Firewall Rules and Commands.
MongoDB listens on the local address, 127.0.0.1 even though the port is open. So, to allow remote connections, you need to add the IP address of your server to the MongoDB configuration file.
```
$ sudo vi /etc/mongodb.conf
```
Replace your IP address in the place of 216.200.116.91.
```
...
logappend=true
bind_ip = 127.0.0.1,216.200.116.91
#port = 27017
...
```
Then, save and exit the file.
Restart MongoDB to make the changes effective.
```
$ sudo systemctl restart mongodb
```
## Conclusion
In this guide, you have learned how to install MongoDB on Ubuntu 18.04 and to allow the incoming connections in ufw to connect to your MongoDB server from the internet.
[category] => photon
[updated] => 2019-02-27T11:24:29.790+0000
[created] => 2019-02-20T14:57:46.370+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mongodb
[1] => ubuntu
[2] => orbit
)
)
[99] => Array
(
[_id] => 5c6d76dbea1ada0007f22199
[path] => how-to-install-mongodb-on-centos-7
[title] => How To Install MongoDB on CentOS 7
[subheading] => This guide will show you how to install mongodb on centos
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Adding the MongoDB Repository](#adding-the-mongodb-repository
- [Installing MongoDB](#installing-mongodb
- [Verifying Startup](#verifying-startup
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to install MongoDB on CentOS 7.
[MongoDB](https://www.mongodb.com/ is an open-source NoSQL database used in web applications to store the data in the form of key-value pairs. It provides high scalability and flexibility including data management and data modeling.
It also has an advanced feature of Auto-Scaling. Since MongoDB is a cross-platform database, you can install it in different operating systems like Linux, Windows etc.
## Prerequisites
You should have access to a CentOS 7 server and created a non-root user account with sudo privileges by following our guide, How to Create a Sudo user on CentOS.
## Adding the MongoDB Repository
By default, Mongodb-org package does not exist in the default repositories for CentOS. It will maintain a separate repository dedicated to it only. You have to add it to your server using below command.
In the vi editor, create a .repo file for yum, the package management utility for CentOS.
```
$ sudo vi /etc/yum.repos.d/mongodb-org.repo
```
Then you can check the Install on Red Hat section of MongoDB’s documentation and ass the repository information for the latest stable release to the file.
```
[mongodb-org-3.4]
name=MongoDB Repository
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/
gpgcheck=1
enabled=1
gpgkey=https://www.mongodb.org/static/pgp/server-3.4.asc
```
Now save and close the file.
Now you can verify that the MongoDB repository exists within the yum utility. You can see the list of enabled repositories use the below command.
```
$ yum repolist
```
![yumreposit](https://grid.media/assets/images/yum-reposit-02132019.png
Now you can proceed with the installation.
## Installing MongoDB
Using yum utility which is a third-party repository, We can install the mongodb-org package using below command.
```
$ sudo yum install mongodb-org
```
Now you will get two Is this ik [y/n] prompts. The first prompt permits the installation of the MongoDB package and the second one imports a GPG key.
MongoDB publisher signs their software and yum uses a key to confirm the integrity of the downloaded packages. Type y and then press ENTER key.
Now start the MongoDB service with the systemctl utility.
```
$ sudo systemctl start mongod
```
You can change the state of the MongoDB service with the reload and stop commands.
The below command requests that the mongod process reads the configuration file, /etc/mongod.conf, and applies any changes without requiring a restart.
```
$ sudo systemctl reload mongod
```
The stop command will stop the running mongod processes.
```
$ sudo systemctl stop mongod
```
Now, If you execute the start command, systemctl utility did not provide a result. But you can check the service started by viewing the end of the mongodb.log file with tail command.
```
$ sudo tail /var/log/mongodb/mongod.log
```
![connectionsonport](https://grid.media/assets/images/connections-on-port-02132019.png
The output for waiting for connection confirms that MongoDB has started successfully. Now you can access the database server with the MongoDB Shell.
```
$ mongo
```
Now you may get some warnings. To resolve warnings change the processes soft limit value for mongod by editing the 20-nproc.conf file as below.
```
$ sudo vi /etc/security/limits.d/20-nproc.conf
```
Add these lines to the end of the file.
```
mongod soft nproc 32000
```
Now you can restart using systemctl utility as below.
```
$ sudo systemctl restart mongod
```
Now there are no warnings in your output.
To know how to interact with MongoDB from the shell, you can use the below command for help.
```
$ db.help(
```
You can quit the shell using the exit command.
```
$ exit
```
## Verifying Startup
We have to verify that the database-driven application cannot function without a database, So we have to make sure that the MongoDB thread, mongod will start the system.
Use the systemctl utility to check its startup status.
```
$ systemctl is-enabled mongod; echo $?
```
If you get output zero, confirms an enabled daemon. If you get one, as output then it is disabled.
![verifyingstartup](https://grid.media/assets/images/verifying-startup-02132019.png
If you get disabled, then use the systemctl utility to enable it.
```
$ sudo systemctl enable mongod
```
If you want to exit from the shell, then you can simply use the exit command.
```
$ exit
```
![mongodbexit](https://grid.media/assets/images/exit-02132019.png
## Conclusion
In this guide, we have described How to install MongoDB on CentOS 7.
[category] => photon
[updated] => 2019-02-27T11:24:00.154+0000
[created] => 2019-02-20T15:48:43.208+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mongodb
[1] => centos7
[2] => orbit
)
)
[100] => Array
(
[_id] => 5c6e7d9eea1ada0007f221a5
[path] => how-to-install-git-on-ubuntu-18.04
[title] => How To Install Git on Ubuntu 18.04
[subheading] => This guide will show you how to install git on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Installing Git with Default Packages](#installing-git-with-default-packages
- [Installing Git from Source](#installing-git-from-source
- [Setting Up Git](#setting-up-git
- [Conclusion](#conclusion
## Introduction
The most popular version of control systems which are currently available is [Git](https://en.wikipedia.org/wiki/Git. In Git repository, many project files are maintained, and also sites like [GitHub](https://github.com/, [GitLab](https://about.gitlab.com/, and [Bitbucket](https://bitbucket.org/ help to facilitate software development project sharing and collaboration.
In this guide, We have described How to Install Git on Ubuntu 18.04 server.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## Installing Git with Default Packages
To update your local package index, Use the package management tools. After completing your update, download and install Git using below commands.
```
$ sudo apt update
$ sudo apt install git
```
You can check whether you have installed Git correctly or not, by using below command.
```
$ git --version
```
![gitversion](https://grid.media/assets/images/git-version-02132019.png
Once you installed Git, then you can go through with Setting Up Git section to complete the setup.
## Installing Git from Source
The best method of installing Git is to complete the software from the source. This may take a long time to maintain through your packet manager, but it allows you to download the latest version.
First of all, you have to install the software that Git depends on. It’s all available in the default repositories so that we can update our local package index and then install the packages.
```
$ sudo apt update
$ sudo apt install make libssl-dev libghc-zlib-dev libcurl4-gnutls-dev libexpat1-dev gettext unzip
```
Once you installed your necessary dependencies, now go through below URL:
```
https://github.com/git/git
```
Now you are in the master branch. Now click on Tags link and select your desired Git version.
![gittags](https://grid.media/assets/images/git-tags-02132019.png
Now, click on the Clone or download button, then right click on the Download Zip and copy the link address that ends in .Zip
![gitcloneordownload](https://grid.media/assets/images/git-clone-or-download-02132019.png
Now go back to Ubuntu server, move into the tmp directory to download temporary files.
```
$ cd /tmp
```
![findcloneordownload](https://grid.media/assets/images/find-file-clone-or-download-02132019.png
From here, you can use the wget command to install the copied Zip file link. Now specify the name for the file git.zip.
```
$ wget https://github.com/git/git/archive/v2.18.0.zip -O git.zip
```
Now unzip the file that you have downloaded now, and move to the resulting directory by using below command.
```
$ unzip git.zip
$ cd git-*
```
Now you can make the package and install it by using below commands.
```
$ make prefix=/usr/local all
$ sudo make prefix=/usr/local install
```
To know that whether the installation was successful or not, you can use git --version and you should receive relevant outputs that specify the installed versions of Git.
If you want to upgrade the latest version, you can clone the repository and then build and install. To use for the clone operation, find the URL, navigate through to the branch or tag that you want on the Project’s GitHub page and then copy the clone URL on the right side.
Relevant URL is:
```
$ https://github.com/git/git.git
```
Now you can change to your home directory, and use git clone on the URL you just copied.
```
$ cd ~
$ git clone https://github.com/git/git.git
```
It will create a new directory in the current directory where you can rebuild the package and reinstall the newer version. This may overwrite your older version with the new version.
```
$ cd git
$ make prefix=/usr/local all
$ sudo make prefix=/usr/local install
```
Now, you can be sure that your version of Git is up to date.
## Setting Up Git
Now Git has installed, you have to configure it so that the generated commit messages will contain your correct information. This can be acquired with git config command. You need to provide your name and email address because Git embeds this information into each commit we do. We can add this information by adding the following.
```
$ git config --global user.name "Your Name"
$ git config --global user.email "youremail@domain.com"
```
We can see as output below that what you have entered by using below command.
```
$ git config --list
```
![gitconfigurationlist](https://grid.media/assets/images/git-config-list-02132019.png
This is all stored in the Git configuration file, which you can optionally edit by hand in a text editor like this.
```
$ vi ~/.gitconfig
[user]
name = Your Name
email = youremail@domain.com
```
Like this, there are many options which you can set, but these are the two important steps we needed.
## Conclusion
In this guide, we have installed Git, now you can use on your system.
[category] => orbit
[updated] => 2019-02-27T10:20:22.679+0000
[created] => 2019-02-21T10:29:50.439+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => git
[1] => ubuntu
[2] => orbit
)
)
[101] => Array
(
[_id] => 5c6e8707ea1ada0007f221a9
[path] => how-to-install-and-configure-postfix-on-ubuntu-18.04
[title] => How To Install and Configure Postfix on Ubuntu 18.04
[subheading] => This guide will show you how to install and configure postfix on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install Postfix](#install-postfix
- [Tweak the Postfix Configuration](#tweak-the-postfix-configuration
- [Map Mail Address to Linux Accounts](#map-mail-address-to-linux-accounts
- [Adjust the Firewall](#adjust-the-firewall
- [Setting up the Environment to Match the Mail Location](#setting-up-the-environment-to-match-the-mail-location
- [Install and Configure the Mail Client](#install-and-configure-the-mail-client
- [Initialize the Maildir and Test and Client](#initialize-the-maildir-and-test-and-client
- [ Conclusion](#conclusion
## Introduction
[Postfix](http://www.postfix.org/ is an open-source Mail Transfer Agent. It can be used to deliver email on a Linux system. It is estimated that around one-quarter of the public mail servers on the internet run Postfix.
## Prerequisites
You must have to install the [initial server setup on Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## Install Postfix
Installation of postfix is very simple because it is included in Ubuntu’s default repositories. First of all, update your local apt package cache and then install the software. You will be passing in the DEBIAN_PRIORITY=low environmental variable into our installation command in order to answer some additional prompts.
```
$ sudo apt update
$ sudo DEBIAN_PRIORITY=low apt install postfix
```
If you want to fill the prompts correctly use the following information.
## The general type of mail Configuration
In general type of mail configuration we will use Internet Site So this matches our needs.
## System mail name
This is the base domain used to construct a valid email address if only the account portion is given.
## Root and postmaster mail recipient
This is the Linux account and it will be directed mail addressed to root@ and postmaster@. In this case, use your primary account.
## Other destinations to accept mail for
This means the mail destinations that postfix instance will accept. If you want to add any other domain then that server will be responsible for receiving and adding those if not the default should be fine.
## Tweak the Postfix Configuration
We have to adjust some settings which are not prompt us by the package.
At first, we have to set the mailbox which will use the Maildir format. It separates messages into individual files that are then moved between directories based on user action. Another way is the mbox format. It stores all messages within a single file.
You have to set the home_mailbox variable to Maildir/ which will create a directory structure under that name within the user’s home directory. To set configuration settings use postconf command. To configure home_mailbox use the below command.
```
$ sudo postconf -e 'home_mailbox= Maildir/'
```
Next, we can set the location of the virtual_alias_maps table. This table maps arbitrary email accounts to Linux system accounts. You can create this table at /etc/postfix/virtual. Again we can use the postconf command.
```
$ sudo postconf -e 'virtual_alias_maps= hash:/etc/postfix/virtual'
```
## Map Mail Address to Linux Accounts
Next step, you have to set up the virtual maps in your text editor.
```
$ sudo vi /etc/postfix/virtual
```
In virtual alias map table, left side you can set any number of addresses that you wish to accept email for. And then separated by whitespace, enter the Linux user you’d like that mail delivered to.
Suppose, if you want to like to accept email at contact@testdkim.com and admin@testdkim.com and would like to have those emails delivered to the gautami Linux user then you can set up your file like this:
```
contact@testdkim gautami
admin@testdkim gautami
```
Once you have mapped all of the addresses to the appropriate server accounts, save and close the file.
You can apply the mapping by entering the below command.
```
$ sudo postmap /etc/postfix/virtual
```
Restart the Postfix process and be sure that all of our changes have been applied.
```
$ sudo systemctl restart postfix
```
## Adjust the Firewall
If you are running the UFW firewall, as configured in the initial server setup guide, you have to allow an exception for postfix. You can allow connections to the service by entering the below command.
```
$ sudo ufw allow Postfix
```
Now the Postfix server component is installed. Next, you have to set up a client which can handle the mail that Postfix will process.
## Setting up the Environment to Match the Mail Location
You have to make sure that MAIL environmental variable set correctly before you install a client. Then the client will inspect this variable to figure out where to look for the user’s mail. To set variable irrespective of how you access your account. You need to set a variable in a few different locations. We will add it to /etc/bash.bash.bashrc and a file within /etc/profile.d to make sure each user has this configured.
Use the below command to add the variable to these files.
```
$ echo 'export MAIL=~/Maildir' | sudo tee -a /etc/bash.bashrc | sudo tee -a /etc/profile.d/mail.sh
```
You can get the /etc/profile.d/mail.sh file to read the variable into your current session.
```
$ source /etc/profile.d/mail.sh
```
## Install and Configure the Mail Client
If you want to interact with the mail being delivered, you have to install the s-nail package. This is the variant of the BSD xmail client. It is feature-rich and it can handle the Maildir format correctly and also more backward compatible. The GNU version of mail has a limitation i.e. always saving read mail to the mbox format irrespective of the source format.
Follow the below command to install the s-nail package.
```
$ sudo apt install s-nail
```
You must adjust a few things i.e. open the /etc/s-nail.rc file in your vi editor.
```
$ sudo nano /etc/s-nail.rc
```
Add the following script at the end of the file.
```
set emptystart
set folder=Maildir
set record=+sent
```
This script allows the client to open even with an empty inbox. This will set the Maildir directory to the internal folder variable and then use this to create a sent mbox file within that, for sorting sent mail.
Once you finished then save and close the file.
## Initialize the Maildir and Test and Client
Now you can test the client.
## Initializing the Directory Structure
If you want to create the Maildir structure within your home directory then you can send yourself an email. You can do it by using s-nail command. Because the file which is sent will only be available once the Maildir is created, You must disable writing to that for your initial email. You can do this by passing the -Snorecord option. Send the email by adding a string to the s-nail command. Rewrite the command to mark your Linux user as the recipient.
```
$ echo 'init' | s-nail -s 'init' -Snorecord sam
```
This may only appear when you are sending this first message. You can check to ensure that the directory was created by looking for our ~/Maildir directory.
```
$ ls -R ~/Maildir
```
You have to see the directory structure has been created and that a new message file is in the ~/Maildir/new directory.
![directorystructure](https://grid.media/assets/images/directory-structure-02132019.png
It seems like your mail has been delivered.
## Managing Mail with the Client
You can check your mail using the client as follows.
```
$ s-nail
```
You will get output like this.
![maildelivery](https://grid.media/assets/images/mail-delivery-02132019.png
Now you have to press ENTER to display your message.
![managingmail](https://grid.media/assets/images/managing-mail-with-the-client-02132019.png
If you want to go back then type h, and then press ENTER.
```
? h
```
Output
![maildeliveryy](https://grid.media/assets/images/mail-delivery2-02132019.png
If you want to delete it, then you can do it by typing d, and then press ENTER.
```
? d
```
To get the terminal type q, and then ENTER.
```
? q
```
## Sending Mail with the Client
You can test it sending mail by entering a message in the text editor.
```
$ vi ~/test_message
```
Enter some text inside the editor to email.
```
Hello,
This is a test. Please confirm receipt!
```
You can add the message to the s-nail process using the cat command. This will send the message as your Linux user by default. You can adjust the “from” field with the -r flag if you want to modify that value to someone else.
```
$ cat ~/test_message | s-nail -s 'Test email subject line' -r from_field_account user@email.com
```
Options:
-s : The subject line of the email.
-r : An optional change to the “From” field of the email. This option allows you to override this.
user@email.com: The account to send the email to. Use the valid email account you have to access to.
You can view your sent messages within your s-nail client by using below command.
```
$ S-nail
```
If you want to see the sent messages only then type the below command.
```
? file +sent
```
You can use the same commands for incoming mail too.
## Conclusion
Now you have Postfix configured on your Ubuntu 18.04 server.
[category] => orbit
[updated] => 2019-02-27T10:18:29.454+0000
[created] => 2019-02-21T11:09:59.321+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => postfix
[1] => ubuntu
[2] => orbit
)
)
[102] => Array
(
[_id] => 5c6e8b923b2e4a000653f524
[path] => how-to-create-a-sudo-user-on-ubuntu-[quick-start]
[title] => How To Create a Sudo User on Ubuntu [Quick Start]
[subheading] => This guide will show you how to create sudo user on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Steps to create a New Sudo User](#steps-to-create-a-new-sudo-user
- [Conclusion](#conclusion
## Introduction
The Sudo command grants administrator privileges. Generally, It is only available to the root user to the Normal users.
In this guide, we are showing the easiest way to create a new user with sudo privileges on Ubuntu.
## Prerequisites
Running Server
## Steps to create a New Sudo User
## Step 1
To Log in to your server as the root user enter the below command.
```
local$ ssh root@server_ip_address
```
## Step 2
If you want to add a new user to your system then use the adduser command. You have to put the username of the user in place of username as shown below.
```
# adduser username
```
You have to set the password at the prompt and confirm it. Note that a strong password is highly recommended as shown below.
![unixpassword](https://grid.media/assets/images/unix-password-02132019.png
Follow the prompts if you want to set the new user’s information. And you have to accept the defaults to leave all of this information.
![changeuserinformation](https://grid.media/assets/images/change-user-information-for-ubuntu-test-user-02132019.png
## Step 3
To add the user to the sudo group use the below command.
```
$ usermod -aG sudo username
```
In Ubuntu, By default, the members of the sudo group have sudo privileges.
## Step 4
If you want to test sudo access to the new user account then test it using below command.
```
# su - username
```
Now you are a new user, you can test that you can use sudo by adding sudo to the command like this.
```
username$ sudo command_to_run
```
For example, If you want to list the contents of the /root directory, which is usually accessible to the root user.
```
username$ sudo ls -la /root
```
![contentsaccesible](https://grid.media/assets/images/contents-accessible-for-the-root-user-02132019.png
If you use sudo in a session for the first time, then you will be prompted to a password of the user account. Enter the password to proceed further.
![passwordforubuntutest](https://grid.media/assets/images/password-for-ubuntutest-02132019.png
If the user entered the correct password and he is an inexact group then that user will have sudo with root privileges.
## Conclusion
Now the user has sudo privileges.
[category] => orbit
[updated] => 2019-02-27T10:11:50.266+0000
[created] => 2019-02-21T11:29:22.080+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => sudo
[1] => ubuntu
[2] => orbit
)
)
[103] => Array
(
[_id] => 5c6e900ead7df60006a9bc90
[path] => how-to-add-swap-space-on-debian-9
[title] => How To Add Swap Space on Debian 9
[subheading] => This guide will show you how to add swap space on debian
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Check the System for Swap Information](#check-the-system-for-swap-information
- [Creating a Swap File](#creating-a-swap-file
- [Adjusting the Swappiness Value](#adjusting-the-swappiness-value
- [Removing a Swap File](#removing-a-swap-file
- [Conclusion](#conclusion
## Introduction
In this guide, I will explain to you how to add swap space on Debian 9.
Swap is the area on a hard disk and a part of Virtual Memory, a combination of RAM and Swap space, of your computer. Swap space is used when your machine’s physical memory (RAM is full. When the RAM is full, the system needs more memory resources, all the inactive pages in the memory will be moved to Swap space.
It is always recommended to have a dedicated swap partition for the swap space. But, the swap space can also be a swap file or a combination of swap partitions and swap files.
Swap space gives your server the ability to store more amount of data in its working memory but with a few cautions. And, this space will only be used when the memory space in RAM is not sufficient for data.
The information in the Swap space is comparatively slower than the information in the RAM. And, the operating system will use swap space to store the older data.
Adding a swap space to your applications is the best and easiest way to increase the responsiveness of your server and protect against memory errors in the applications.
## Prerequisites
You should have access to Debian 9 and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Debian 9](https://systemongrid.com/support/guides/initial-server-setup-with-debian-9.
## Check the System for Swap Information
If you want to know whether a swap is enabled or not by using below command.
```
$ sudo swapon --show
```
If you haven’t got any output then it means your system doesn’t have swap space.
## Creating a Swap File
In this guide, we have added 1G of swap, If you want to create a bigger swap, then you can replace 1G with the size of the swap space you need.
First of all, create a file which is used for the swap by using below command.
```
$ sudo fallocate -l 1G /swapfile
```
If the fallocate is not installed on your system or getting a message like fallocate failed: operation not supported then use the following command to create the swap file.
```
$ sudo dd if=/dev/zero of=/swapfile bs=1024 count=1048576
```
You can able to read and write the swap file, if and only if you are a root user. Use the below command to set correct permissions.
```
$ sudo chmod 600 /swapfile
```
To set swap area on the swap file use the below command.
```
$ sudo mkswap /swapfile
```
Use the below command to activate the swap file.
```
$ sudo swapon /swapfile
```
Open the /etc/fstab file and make the change permanent.
```
$ sudo vi /etc/fstab
```
Enter the below line into the file.
```
/swapfile swap swap defaults 0 0
```
To verify whether the swap is active or not use the below command.
```
$ sudo swapon --show
```
![debianswaponshow](https://grid.media/assets/images/debian-swapon-show-02132019.png
```
$ sudo free -h
```
![debianfreespace](https://grid.media/assets/images/debian-swap-free-space-02132019.png
## Adjusting the Swappiness Value
Swappiness means how often the system will use the swap space. It is a kernel property. Its value must be in between 0 to 100. A low swappiness value makes the kernel to avoid swapping whenever possible, while the higher value will make the kernel to use the swap space more aggressively. The default Swappiness value is 60. You can check your swappiness value by entering the below command.
```
$ cat /proc/sys/vm/swappiness
```
![debiandefaultswapvalue](https://grid.media/assets/images/debian-default-swap-value-02132019.png
If you want to set swappiness value to 10 then you can use the below command.
```
$ sudo sysctl vm.swappiness=10
```
If you want to make this parameter persistent across reboots then add the below line to the /etc/sysctl.conf file:
```
$ vm.swappiness=10
```
## Removing a Swap File
To deactivate and remove the swap file, perform the steps below.
First of all, you have to deactivate the swap space by using the below command.
```
$ sudo swapoff -v /swapfile
```
Next, remove the swap file and /swapfile swap swap defaults 0 0 from the /etc/fstab file.
Finally, delete the actual swap file by using below command.
```
$ sudo rm /swapfile
```
## Conclusion
In this guide, we have described how to add swap on Debian 9.
[category] => orbit
[updated] => 2019-02-27T10:11:18.282+0000
[created] => 2019-02-21T11:48:30.047+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => swap
[1] => debian
[2] => orbit
)
)
[104] => Array
(
[_id] => 5c6eb3bdea1ada0007f221b8
[path] => how-to-add-swap-on-centos-7
[title] => How To Add Swap on CentOS 7
[subheading] => This guide will show you how to add swap on centos
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Check the System for Swap Information](#check-the-system-for-swap-information
- [Check the Hard Disk for Available Space](#check-the-hard-disk-for-available-space
- [How Much Swap Space Do I Need](#how-much-swap-space-do-i-need
- [Create a Swap File](#create-a-swap-file
- [Enabling the Swap File](#enabling-the-swap-file
- [Making the Swap File Permanent](#making-the-swap-file-permanent
- [Change your Swap Settings](#change-your-swap-settings
- [Conclusion](#conclusion
## Introduction
In this guide, I will explain to you how to add swap space on CentOS 7
Swap is the area on a hard disk and a part of Virtual Memory, a combination of RAM and Swap space, of your computer. Swap space is used when your machine’s physical memory (RAM is full. When the RAM is full, the system needs more memory resources, all the inactive pages in the memory will be moved to Swap space.
It is always recommended to have a dedicated swap partition for the swap space. But, the swap space can also be a swap file or a combination of swap partitions and swap files.
Swap space gives your server the ability to store more amount of data in its working memory but with a few cautions. And, this space will only be used when the memory space in RAM is not sufficient for data.
The information in the Swap space is comparatively slower than the information in the RAM. And, the operating system will use swap space to store the older data.
Adding a swap space to your applications is the best and easiest way to increase the responsiveness of your server and protect against memory errors in the applications.
## Prerequisites
You should possess regular user with sudo privileges configured on the server. To do so, follow our guide, [Initial Server Setup with CentOS 7](https://systemongrid.com/support/guides/initial-server-setup-with-centos-7.
## Check the System for Swap Information
Make sure to check whether your system has swap space already or not. You can check it by using the following command.
```
$ sudo swapon -s
```
If you get the header of the table, as shown above, it means you do not have any swap space in your system.
And, another way to check space is by using the free utility, which shows the memory usage of your system. We can know the swap usage and current memory by using the below command.
```
$ sudo free -m
```
![centosswapusage](https://grid.media/assets/images/centos7-swap-usage-02132019.png
Now, you can see the above output. Your swap space in your system is 0.
## Check the Hard Disk for Available Space
Also, check your hard disk for the current disk usage. You can use the below command to know that.
```
$ sudo df -h
```
![swapcentosavailablespace](https://grid.media/assets/images/swap-centos7-hard-disk-available-space-02132019.png
Now, you can see the first line in the above table that the hard disk partition has 1GB of available memory. It means we have an adequate amount of space to work with, however, your actual usage might be different.
## How Much Swap Space Do I Need
The appropriate size of your swap space depends on the requirement of your applications and your personal choice. But, it is recommended to have the size of your swap space equal to or double the space of RAM on your system.
For example, your system has 8 GB of RAM. Now, it is recommended to have either 8GB or 16GB of swap space.
## Create a Swap File
Now, as you know the amount of available space in your hard disk, you can create a swap file within your file system.
You must create a file, swapfile, in your root directory. This file must be allocated the amount of space that you wish to. This can be done using the following method.
The swap file can be created by using fallocate programme. This command generates a file with a specified size.
For example, a server has 1G of RAM, we will create a 1G file in this guide.
```
$ sudo fallocate -l 1G /swapfile
```
We can verify the amount of space reserved by the following command.
```
$ sudo ls -lh /swapfile
```
![centosswapfile](https://grid.media/assets/images/centos7-swap-file-02132019.png
Now the file is created with the required amount of space.
## Enabling the Swap File
Before enabling the swap file, you need to change the settings so that no one can read the file except the root user. We can restrict other users from reading or editing the swap file by using the following command.
```
$ sudo chmod 600 /swapfile
```
To verify the permissions whether they are changed or not, use the following command.
```
$ sudo ls -lh /swapfile
```
![verifyswapfilepermissions](https://grid.media/assets/images/verify-swap-file-permissions-02132019.png
Now you can see the root user has read and write flags enabled. Now we can mark the file as swap space by entering the below command.
```
$ sudo mkswap /swapfile
```
![fileasswapspace](https://grid.media/assets/images/marking-the-file-as-swap-space-02132019.png
We can enable the swap file by allowing the system to start utilizing it, after marking the file.
```
$ sudo swapon /swapfile
```
Enter the following command to verify swap is available or not.
```
$ sudo swapon -s
```
You can verify the output of free utility by entering the following command.
```
$ sudo free -m
```
![swapfreeutility](https://grid.media/assets/images/swap-centos7-free-utility-02132019.png
Successfully set up swap and our operating system will begin to use it if required.
## Making the Swap File Permanent
Now your swap file is enabled. When you reboot, the server will not automatically enable the file for use. You can modify the fstab file, which is a table that manages filesystems and partitions.
You have to edit the file with sudo privileges.
```
sudo vi /etc/fstab
```
You have to add the below line that will tell OS to automatically use the swap file that you created.
```
/swapfile swap swap sw 0 0
```
Now you can save and close the file. Now the server will check this file when each time reboots, So the swap file will be ready to use.
## Change your Swap Settings
The swappiness parameter, a value between 0 and 100 represents the percentage, configures how frequently your system swaps the data out of the RAM to the swap space.
If the value is closer to 0, it means the kernel will not swap the data to the hard disk unless it is required.
If the value is closer to 100, it means the kernel will put more data into swap to make more RAM space free.
The ideal for a server is close to 0. So, set your swappiness value to 10 by using the below command.
```
$ sudo sysctl vm.swappiness=10
```
![centosswappiness](https://grid.media/assets/images/centos7-swappiness-02132019.png
Make this swap file permanent by entering the following command.
```
$ sudo vi /etc/sysctl.conf
```
Then, add the next line at the end of the file.
```
$ sudo vm.swappiness=10
```
## Conclusion
In this guide, we have described how to add swap on CentOS 7.
[category] => orbit
[updated] => 2019-02-27T10:11:01.618+0000
[created] => 2019-02-21T14:20:45.562+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => swap
[1] => centos7
[2] => orbit
)
)
[105] => Array
(
[_id] => 5c6ec8b9ea1ada0007f221bb
[path] => how-to-fabricate-self-signed-ssl-certificate-for-apache-on-ubuntu-18.04
[title] => How to Fabricate Self-Signed SSL Certificate for Apache on Ubuntu 18.04
[subheading] => This guide will show you how to fabricate self-signed SSL certificate for apache on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Creating the SSL Certificate](#creating-the-ssl-certificate
- [Configuring Apache to Use SSL](#configuring-apache-to-use-ssl
- [Constructing an Apache Configuration Snippet with Strong Encryption Settings](#constructing-an-apache-configuration-snippet-with-strong-encryption-settings
- [Adjusting the default Apache SSL Virtual Host File](#adjusting-the-default-apache-ssl-virtual-host-file
- [Adjusting the HTTP Host File to Redirect to HTTPS - Recommended](#adjusting-the-http-host-file-to-redirect-to-https-recommended
- [Adjusting the Firewall](#adjusting-the-firewall
- [Enabling the Changes in Apache](#enabling-the-changes-in-apache
- [Changing to a Permanent Redirect](#changing-to-a-permanent-redirect
- [Conclusion](#conclusion
## Introduction
SSL (secure sockets layer which followed by TLS or transport layer security is a standard security technology which is to establish an encrypted link between a web server and a browser. After making a secure connection the transmitted data will be encrypted using a session key, by itself, browser requests server identify then the server sends its SSL certificate, including with server public key.
Now following on we going to discuss how to fabricate(create SSL certification by using Apache on ubuntu 18.04 server.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
You should have installed Apache by following our guide, How to Install Apache web server on Ubuntu 18.04.
## Creating the SSL Certificate
SSL works is a combination of public key and private key at server point, And here SSL certificate kept as a secret because it helps to encrypt the data sent to the client. SSL certificate is freely shared with the public to request data and also decrypt the data signed by the related SSL key.
If you want to do some modifications at configuration file to get upgrade levels. To generate a self-signed key and certificate pair with OpenSSL with a single command:
```
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
```
By executing the command it has some questions to build server in order to place the information properly in the certificate.
Output
![sslapacheuserinformation](https://grid.media/assets/images/ssl-certificate-apache-user-information-02132019.png
Both files you created will be placed in subdirectories of the /etc/ssl directory.
## Configuring Apache to Use SSL
Finally, we created an SSL certificate by using /etc/ssl directory. now we need to some modifications at our Apache configuration.
### To determine strong default SSL settings create a configuration snippet.
### To your generated SSL certificates you need to adopt included Apache virtual host file.
### You need to adjust unencrypted virtual host file necessarily alter requests to the encrypted virtual host.
By finishing you should have a secure SSL configuration.
## Constructing an Apache Configuration Snippet with Strong Encryption Settings
Here we need to construct Apache configuration snippet to describe some SSL settings. By this Apache act as a strong SSL chipper suite and it will show some leading features which help to keep your server as secure.
```
$ sudo nano /etc/apache2/conf-available/ssl-params.conf
```
Place the below configuration into the ssl-params.conf
```
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
# Disable preloading HSTS for now. You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000"
# Requires Apache >= 2.4.11
SSLSessionTickets Off
```
When you placed above text save the file and close it.
## Adjusting the Default Apache SSL Virtual Host File
After that, modify /etc/apache2/sites-available/default-ssl.conf, default Apache virtual host file.if in case you using another server block file, place the file name which you using at commands below.
```
$ sudo cp /etc/apache2/sites-available/default-ssl.conf/etc/apache2/sites-available/default-ssl.conf.bak
```
Now, you can do adjustments at your SSL virtual host file:
```
$ sudo nano /etc/apache2/sites-available/default-ssl.conf
```
Output
![sslvirtualhost](https://grid.media/assets/images/ssl-virtual-host-02132019.png
Here we do some small changes in the Nano editor, changes are placed in below screenshot.
![editingsslvirtualhost](https://grid.media/assets/images/editing-ssl-virtual-host-02132019.png
After editing those lines, save the file and close it.
## Adjusting the HTTP Host File to Redirect to HTTPS - Recommended
At the server, it views you both the encrypted HTTP and unencrypted HTTPS traffic. In most cases, it recommends redirecting HTTP to HTTPS necessarily for security purpose. We don’t require all this functionality simply you can skip this section.
```
$ sudo nano /etc/apache2/sites-available/000-default.conf
```
At this configuration blocks, you need to add the Redirect directive.
Output
```
. . .
Redirect "/" "https://your_domain_or_IP/"
. . .
```
When you placed your IP save and close the file.
## Adjusting the Firewall
If in case you have a ufw firewall enabled then you need to arrange the settings to allow for accessing SSL traffic. By default, Apache registers to some profiles with ufw at installation.
Let see the profiles editing at a terminal:
```
$ sudo ufw app list
```
Output
![sslapacheufwapplist](https://grid.media/assets/images/ssl-certificate-apache-ufw-app-list-02132019.png
To check the current setting by typing:
```
$ sudo ufw status
```
The output display only HTTP traffic server to access the web server.
Output
![sslapacheufwstatus](https://grid.media/assets/images/ssl-certificate-apache-ufw-status-02132019.png
In advance HTTPS traffic, we can access the Apache full profile and then delete the previous "Apache HTTP" profile allowance:
```
$ sudo ufw allow 'Apache Full'
$ sudo ufw delete allow 'Apache'
```
It will show like this:
```
$ sudo ufw status
```
output
![sslapacheufwfull](https://grid.media/assets/images/ssl-certificate-apache-ufw-status2-02132019.png
## Enabling the Changes in Apache
we make some changes to arrange our firewall, now we can enable the header modules and SSL at Apache. enable your SSL-ready virtual host and then restart Apache.
```
$ sudo a2enmod ssl
$ sudo a2enmod headers
```
Then, we do enable your SSL virtual host with the help of below command:
```
$ sudo a2ensite default-ssl
```
One more thing you need to enable your ssl-params.conf file. To check the values you placed:
```
$ sudo a2enconf ssl-params
```
Here the required modules are enabled so that here we need to check is there any syntax errors.
```
$ sudo apache2ctl configtest
```
Output
![apacheconfigurationtest](https://grid.media/assets/images/apache2ctl-02132019.png
If the output you get everything ok with syntax, then it has no errors. so we can restart Apache to make required changes.
```
$ sudo systemctl restart apache2
```
## Changing to a Permanent Redirect
If your redirect working at the correct manner then you allow only encrypted traffic, now you need to modify again the unencrypted Apache virtual host.
Once again open your configuration file:
```
$ sudo nano /etc/apache2/sites-available/000-default.conf
```
By executing the above command you will the line redirect, add the permanent to that redirect.
```
. . .
Redirect permanent "/" "https://your_domain_or_IP/"
. . .
```
Next, save and close the file.
Once open your configuration to check syntax errors:
```
$ sudo apache2ctl configtest
```
finally, when you think everything is fine then restart Apache to make it permanent.
```
$ sudo systemctl restart apache2
```
## Conclusion
Finally, you have fabricated your Apache server to make a connection with clients for strong encryptions.
[category] => orbit
[updated] => 2019-02-27T07:13:40.242+0000
[created] => 2019-02-21T15:50:17.013+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => ssl
[1] => apache
[2] => ubuntu
[3] => orbit
)
)
[106] => Array
(
[_id] => 5c6fd0baea1ada0007f221ca
[path] => how-to-fabricate-self-signed-ssl-certificate-for-nginx-on-ubuntu-18.04
[title] => How to Fabricate Self-Signed SSL Certificate for Nginx on Ubuntu 18.04
[subheading] => This guide will show you how to fabricate self-signed ssl certificate for nginx on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Creating the SSL Certificate](#creating-the-ssl-certificate
- [Configuring Nginx to Use SSL](#configuring-nginx-to-use-ssl
- [Arranging Snippet Pointing to the SSL Key and Certificate](#arranging-snippet-pointing-to-the-ssl-key-and-certificate
- [Arranging Snippet With Strong Encryption Settings](#arranging-snippet-with-strong-encryption-settings
- [Arrange the Nginx Configuration to Run SSL](#arrange-the-nginx-configuration-to-run-ssl
- [Arranging the Firewall](#arranging-the-firewall
- [Enable the Changes in Nginx](#enable-the-changes-in-nginx
- [Testing SSL Certification Secure / Unsecured](#testing-ssl-certification-secure-unsecured
- [Conclusion](#conclusion
## Introduction
SSL (secure sockets layer which followed by TLS or transport layer security is a standard security technology which is to establish an encrypted link between a web server and a browser. After making a secure connection the transmitted data will be encrypted using a session key, by itself, browser requests server identify then the server sends its SSL certificate, including with server public key.
Now following on we going to discuss how to fabricate(create SSL certification by using Nginx on ubuntu 18.04 server.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
You should have installed Nginx by following our guide, [install Nginx web server on Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-install-nginx-on-ubuntu-18.04.
## Creating the SSL Certificate
SSL works is a combination of public key and private key at server point, And here SSL certificate kept as a secret because it helps to encrypt the data sent to the client. SSL certificate is freely shared with the public to request data and also decrypt the data signed by the related SSL key.
If you want to do some modifications at configuration file to get upgrade levels. To generate a self-signed key and certificate pair with OpenSSL with single command:
```
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
```
By executing the command it has some questions to build server in order to place the information properly in the certificate.
output
![nginxquestions](https://grid.media/assets/images/questions-to-build-certificate-02132019.png
Both files you created will be placed in subdirectories of the /etc/ssl directory.
When we using OpenSSL, externally we create a strong Diffie-Hellman group, which recommends using in negotiating perfect forward secrecy with clients.
```
$ sudo openssl dhparam -out /etc/nginx/dhparam.pem 4096
```
When you execute the above command it took some time to get a process strong DH group at /etc/Nginx/dhparam.pem.
## Configuring Nginx to Use SSL
Finally, we created an SSL certificate by using /etc/ssl directory.
### By considering our key and certificate file locations we need to generate configuration snippet.
### By considering strong SSL settings, we can use any certificates for the next generations.
### By using two snippets we can handle SSL requests using nginx blocks.
The above configuration method of Nginx will permit to delete blocks and for reusable configuration purpose, it keeps similar configuration segments.
## Arranging Snippet Pointing to the SSL Key and Certificate
let's create a new Nginx arrangement snippet in the /etc/nginx/snippets directory.
To properly distinguish of a file, let's call:
```
$ sudo nano /etc/nginx/snippets/self-signed.conf
```
Where executing the above command you need to set the given at bottom two line place into that SSL certificate.
output
![nginxsslkeylines](https://grid.media/assets/images/ssl-certificate-and-ssl-certificate-key-lines-02132019.png
When you place those lines at the editor save the file and terminate it.
## Arranging Snippet With Strong Encryption Settings
Here we generate another snippet which explains some SSL settings. which secure nginx with a strong SSL chipper suite and also enable with advanced settings apart that our server also secure.
```
$ sudo nano /etc/nginx/snippets/ssl-params.conf
```
For our secure purpose, we place provided settings throughout to do some modifications.
### The first step we need to add required DNS resolver for an opposite request, For that you may search on google.
### Second step here we place the comment line which fit for strict transport security header, before uncommenting those lines read on HTTP Strict Transport Security, or HSTS,
Insert the below lines into your ssl-params.configration snippet file:
![nginxsslparamsfile](https://grid.media/assets/images/ssl-params-configuration-file-02132019.png
Finally, save and terminate the file.
## Arrange the Nginx Configuration to Run SSL
Already we have our snippets for that, we can fix nginx configuration to enable SSL certificate.
In particular, this content you are using custom server block /etc/nginx/sites-available directory. We will use /etc/nginx/sites-available/example
```
$ sudo cp /etc/nginx/sites-available/example.com /etc/nginx/sites-available/example.com.bak
```
Now, we do some changes at the configuration file :
```
$ sudo nano /etc/nginx/sites-available/example.com
```
![nginxconfigurationfile](https://grid.media/assets/images/nginx-configuration-file-02132019.png
Note: Here the file should be in a different order in place of root and index directives, are in some other locations proxy pass and that will be ok. Here we need to modify listen to directives on port 443.
![nginxsslrootandindex](https://grid.media/assets/images/nginx-configuration-file-root-and-index-02132019.png
Insert a second server block into the configuration file, after the closed bracket of the previous command.
![nginxsslserverblock](https://grid.media/assets/images/nginx-second-server-block-02132019.png
At finally listens come on to port 80 to execute the redirects of HTTPS. After completion of editing save the file.
## Arranging the Firewall
If in case you have a ufw firewall enabled then you need to arrange the settings to allow for accessing SSL traffic.
Let see the profiles editing at a terminal:
```
$ sudo ufw app list
```
Output
![nginxsslufwstatus](https://grid.media/assets/images/ssl-certificate-nginx-ufw-app-list-02132019.png
To check the current setting by typing :
```
$ sudo ufw status
```
The output display only HTTP traffic server to access the web server.
In advance HTTPS traffic, we can access the Nginx full profile and then delete the previous "Nginx HTTP" profile allowance:
```
$ sudo ufw allow 'Nginx Full'
$ sudo ufw delete allow 'Nginx HTTP'
```
```
$ sudo ufw status
```
output
![sslnginxufwstatus](https://grid.media/assets/images/ssl-certificate-nginx-ufw-status-02132019.png
## Enable the Changes in Nginx
We make some changes to arrange our firewall, for the new setting we can restart nginx. Before that, we need to check any syntax error at our files. For that, we need to type
```
$ sudo nginx -t
```
output
![nginxsslchanges](https://grid.media/assets/images/changes-in-nginx-02132019.png
If the output same as the above, the configuration file has no syntax errors. Now We can restart Nginx to update our changes:
```
$ sudo systemctl restart nginx
```
## Testing SSL Certification Secure / Unsecured
Now, its time to check SSL server.
Insert https:// followed by your server domain name or IP address in the web browser.
https://server_domain_or_IP
![testsslsecurity](https://grid.media/assets/images/test-ssl-certificate-security-02132019.png
## Conclusion
Finally, you have arranged your nginx server to make a connection with clients for strong encryptions.
[category] => orbit
[updated] => 2019-02-27T07:15:19.107+0000
[created] => 2019-02-22T10:36:42.354+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => ssl
[1] => nginx
[2] => ubuntu
[3] => orbit
)
)
[107] => Array
(
[_id] => 5c6ff4caad7df60006a9bcae
[path] => how-to-install-and-use-postgresql-on-ubuntu-18.04
[title] => How to Install and Use PostgreSQL on Ubuntu 18.04
[subheading] => This guide will show you how to install and use postgresql on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install and Use PostgreSQL on Ubuntu 18.04](#install-and-use-postgresql-on-ubuntu-18-04
- [Install PostgreSQL](#install-postgresql
- [Use PostgreSQL Roles and Database](#use-postgresql-roles-and-database
- [Create a New Role](#create-a-new-role
- [Create a New Database](#create-a-new-database
- [Open a Postgres Prompt with the New Role](#open-a-postgres-prompt-with-the-new-role
- [Create and Delete Tables](#create-and-delete-tables
- [Add and Delete Data in a Table](#add-and-delete-data-in-a-table
- [Add and Delete Columns in a Table](#add-and-delete-columns-in-a-table
- [Update Data in a Table](#update-data-in-a-table
- [Conclusion](#conclusion
## Introduction
In this guide, we will explain to you how to install and use PostgreSQL on Ubuntu 18.04.
[PostgreSQL](https://www.postgresql.org/ is one of the most advanced open-source database management systems. It provides an implementation of the SQL querying language and also allows you to create complex web applications.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## Install and Use PostgreSQL on Ubuntu 18.04
## Install PostgreSQL
By default, Ubuntu has the Postgres packages in its repositories. Update the packages using the “apt” command to get the latest version of the repository listings.
```
$ sudo apt update
```
Now, install the Postgres package using the “apt” command. Enter “Y” when you are asked if you want to continue the installation.
```
$ sudo apt install postgresql postgresql-contrib
```
With this, you have installed the PostgreSQL.
## Use PostgreSQL Roles and Database
Similar to the accounts in a Unix environment, Postgres uses “roles” to handle the authentication and authorization procedures. A role represents a database user or a group of database users.
During the installation process, a user account called “Postgres” was created without a password. It is the default database administrator user name.
The following are the two ways to use the “Postgres” user to access Postgres.
## Switch to the Postgres Account
Use the below command to switch to the Postgres account.
```
$ sudo -i -u postgres
```
Use the below command to open the PostgreSQL prompt.
```
$ psql
```
The PostgreSQL prompt must have been opened. Here, you can access the Postgres database management system.
Use the below command to exit out of the PostgreSQL prompt.
```
postgres=# \q
```
## Access the PostgreSQL Prompt Without Switching Account
You can also access the PostgreSQL prompt without switching to the “Postgres” account.
For example, in the above step, you first switched to the “Postgres” user and then used the psql command to access the PostgreSQL prompt. You can do this in one step using the below command.
```
$ sudo -u postgres psql
```
You must have logged into the PostgreSQL prompt directly.
```
postgres=# \q
```
## Create a New Role
You can create a new role (user using the --interactive flag, which will ask you to enter the name of the new role and if you would like to give superuser permissions to it.
If you are logged into the Postgres account, create a new role using the below command.
```
postgres@server:~$ createuser --interactive
```
Alternately, if you want to create a new role without switching to the Postgres account, use the below command.
```
$ sudo -u postgres createuser --interactive
```
You will get the following output in both the ways.
Output:
![enternameofrole](https://grid.media/assets/images/enter-name-of-role-02132019.png
We created a new role called “systemongrid” and wanted to give superuser permissions to the new role.
## Create a New Database
Now, you have a new role and its time for you to create a new database. In this guide, we will create a new database called “systemongrid”.
If you are logged into the Postgres account, create a new database using the below command.
```
postgres@server:~$ createdb systemongrid
```
Alternately, if you want to create a new database without switching to the Postgres account, use the below command.
```
$ sudo -u postgres createdb systemongrid
```
## Open a Postgres Prompt with the New Role
During the installation, Postgres is configured to use the “ident” authentication, which means you will a Linux system user with the same name as your Postgres role (user and database.
Assuming that you have a Linux system user called “systemongrid” just to match the Postgres role and database we are using in this guide.
Connect to the database using the below commands.
```
$ sudo -i -u systemongrid
$ psql
```
Or, you can connect to the database directly using the below command.
```
$ sudo -u systemongrid psql
```
Or, if you want to connect to a different database, specify the name of the database like below.
```
$ psql -d systemongrid
```
Once you are connected, check the current connection information if you are connected to non-default users or non-default databases.
```
systemongrid=# \conninfo
```
Output:
![connectedtosystemongriduser](https://grid.media/assets/images/connected-to-systemongrid-user-02132019.png
## Create and Delete Tables
Now, its time for you to learn how to create and delete tables in Postgres.
The following is the basic syntax to create a table.
```
CREATE TABLE table_name (
column_name1 col_type (field_length column_constraints,
column_name2 col_type (field_length,
column_name3 col_type (field_length
;
```
Let’s create a sample table by following the above syntax. To do so, paste the following lines in the new role prompt (systemongrid=#.
```
CREATE TABLE pg_equipment (
equip_id serial PRIMARY KEY,
type varchar (50 NOT NULL,
color varchar (25 NOT NULL,
location varchar(25 check (location in ('north', 'south', 'west', 'east', 'northeast', 'southeast', 'southwest', 'northwest',
install_date date
;
```
Use the below command to see your new table.
```
systemongrid=# \d
```
Output:
![listofrelations](https://grid.media/assets/images/list-of-relations-02132019.png
Use the below command if you want to see the table without the sequence.
```
systemongrid=# \dt
```
Output:
![posgresqllistofrelations](https://grid.media/assets/images/postgresql-list-of-relations-02132019.png
## Add and Delete Data in a Table
Now, add some data in the table. For example, add a rotation and a slide in the table you want to add to, name the columns and provide data for each column like the following.
```
systemongrid=# INSERT INTO pg_equipment (type, color, location, install_date VALUES ('rotation', 'green', 'north', '2019-01-26';
systemongrid=# INSERT INTO pg_equipment (type, color, location, install_date VALUES ('slide', 'blue', 'east', '2019-01-25';
```
Use the below command to retrieve the data you have added.
```
systemongrid=# SELECT * FROM pg_equipment;
```
Output:
![retrieveinformationfromtheuser](https://grid.media/assets/images/retrieve-information-from-the-user-02132019.png
Now, let’s delete the data in a table. Use the below command to delete the “rotation” row in the above table.
```
systemongrid=# DELETE FROM pg_equipment WHERE type = ‘rotation’;
```
Output:
![postgresqlretrieveinformation](https://grid.media/assets/images/postgresql-retrieve-infromation-from-the-user-02132019.png
## Add and Delete Columns in a Table
Now, let’s add and delete columns in a table. Use the below command to add a column called “repair” in the above table.
```
systemongrid=# ALTER TABLE pg_equipment ADD repair date;
```
Use the below command to retrieve the data you have added.
```
systemongrid=# SELECT * FROM pg_equipment;
```
Output:
![addanddeletecolumns](https://grid.media/assets/images/add-and-delete-columns-in-a-table-02132019.png
Now, Use the below command to delete the repair column in the above table.
```
systemongrid=# ALTER TABLE pg_equipment DROP repair;
```
Output:
![postgresqldroprepair](https://grid.media/assets/images/postgresql-drop-repair-02132019.png
## Update Data in a Table
Now, let’s update the already existing data in a table. For example, change the color of the slide to “pink”.
```
systemongrid=# UPDATE pg_equipment SET color = 'pink' WHERE type = 'slide';
```
Output:
![postgresqlupdatedata](https://grid.media/assets/images/update-data-in-table-02132019.png
## Conclusion
In this guide, you have learned how to install PostgreSQL on Ubuntu 18.04 and to create and manage tables in PostgreSQL.
[category] => orbit
[updated] => 2019-02-27T10:08:00.136+0000
[created] => 2019-02-22T13:10:34.727+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => postgresql
[1] => ubuntu
[2] => orbit
)
)
[108] => Array
(
[_id] => 5c6ffc993b2e4a000653f540
[path] => how-to-install-ghost-on-ubuntu-18.04
[title] => How to Install Ghost on Ubuntu 18.04
[subheading] => This guide will show you how to install ghost on ubuntu
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Installing Node.js and yarn](#installing-node-js-and-yarn
- [Installing Mysql](#installing-mysql
- [Installing Ghost CLI](#installing-ghost-cli
- [Creating Ghost Installation Location](#creating-ghost-installation-location
- [Installing Ghost](#installing-ghost
- [Complete the Ghost Setup](#complete-the-ghost-setup
- [Conclusion](#conclusion
## Introduction
[Ghost](https://ghost.org/ is an open-source publishing platform for creating professional blogs, magazines, and websites. It contains Node.js core API, an Ember.js admin client, and flexible Handlebars.js front end theme SDK.
In this guide, we will describe how to Install Ghost on Ubuntu 18.04.
## Prerequisites
Ghost system requires minimum 1GB of RAM. If your system has less than 1GB of RAM then you have to create a swap file.
Your domain name must be pointing to your Public server IP.
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
Nginx has to be installed using this guide, [How to Install Nginx on Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-install-nginx-on-ubuntu-18.04.
Firewall to be configured by using the following our guide, How to Set up a Firewall with UFW on Ubuntu 18.04.
## Installing Node.js and yarn
First of all, you have to install Node.js version for Ghost i.e. v8 Carbon LTS. You have to install Node.js from the NodeSource repository.
You have to enable the NodeSource repository for Node.js v8 using the below command.
```
$ curl -sL https://deb.nodesource.com/setup_8.x | sudo bash -
```
Install Node.js by entering the below command.
```
$ sudo apt install nodejs
```
You can this guide How to Install Node.js on Ubuntu 18.04.
For installing Yarn, you have to enable the Yarn repository on your system using below commands.
```
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
```
Now the repository gets enabled, Now install yarn using below command.
```
$ sudo apt update
$ sudo apt-get -o Dpkg::Options::="--force-overwrite" install yarn
```
## Installing Mysql
Ghost supports some Databases like MySQL, MariaDB, and SQLite. We are recommended MySQL for this tutorial because it will be useful when you run Ghost in production mode.
To Install MySQL package use the below command.
```
$ sudo apt install mysql-server
```
To improve the security of the MySQL installation use below command.
```
$ sudo mysql_secure_installation
```
You have to configure the VALIDATE PASSWORD PLUGIN which is used to verify the strength of the MySQL users passwords. There will be three levels of password validation policy i.e. low, medium and strong. If you don’t want to set up the validate password plugin simply click the ENTER.
You will be asked to set a password for the MySQL root user. Once you set the root password the script will also ask you to remove the anonymous user, then restrict the root user access to the local machine and remove the test database. You must answer yes to all questions.
Next, you have to change the authentication method from auth_socket to mysql_native_password, then the Ghost installer can access our MySQL server. For that purpose, you have to log in to MySQL server as the root user.
```
$ sudo mysql
```
Now run the below command which will set a password the MySQL root user when using the mysql_native_password method:
```
mysql>ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'very_strong_pasword';
mysql>FLUSH PRIVILEGES;
```
You have to ensure that you change very_strong_password with a strong password.
## Installing Ghost CLI
You have to install Ghost using the official Ghost CLI utility. This utility allows you to install or update Ghost in a single command. Ghost CLI will occur as a npm package. You can install Ghost CLI on your Ubuntu system by using below command.
```
$ sudo yarn global add ghost-cli
```
## Creating Ghost Installation Location
We recommend that you have to download and install Ghost in the /var/www/ghost directory which is for the installation location.
Use the below command to create the directory type:
```
$ sudo mkdir -p /var/www/ghost
```
To change the ownership of the directory to your user, Use the below command.
```
$ sudo chown $USER:$USER /var/www/ghost
```
To set the correct directory permissions, Use the below command.
```
$ sudo chmod 775 /var/www/ghost
```
## Installing Ghost
Now you have installed Ghost CLI and all prerequisites are completed, You can start with the installation. You can change to the /var/www/ghost directory.
```
$ cd /var/www/ghost
```
First of all, To start the installation run ghost install command, which will install and configure Ghost. And configure Nginx as a reverse proxy, and secure the site with a free let’s encrypt SSL certificate. To do this run below command.
```
$ ghost install
```
The installer will check your system and then print some warnings. So that you have to type y to continue. Now the installer will download and install the Ghost.
![installingghostonubuntu](https://grid.media/assets/images/installing-ghost-on-ubuntu-02132019.png
Now you will be directed to set your blog URL and your MySQL information. Now you have to provide the root username and password that we have setup in Installing MySQL section. Now you have to use the default database name ghost_prod.
![blogandsqlinformation](https://grid.media/assets/images/blog-and-mysql-information-02132019.png
Now the installer will create a system user named ghost and will ask you that, If you want to create a ghost MySQL user, then type Yes if you required.
![ubuntughostmysqluser](https://grid.media/assets/images/ubuntu-ghost-mysql-user-02132019.png
Now the installer will ask you about Nginx, Confirm it, By entering Yes. If you required.
![ubuntughostnginxsetup](https://grid.media/assets/images/ghost-ubuntu-nginx-setup-02132019.png
After configuring the Nginx, You will be asked to set up SSL. Confirm it by typing yes and the configuration wizard will ask you to enter your email address and then it will generate a free Let’s Encrypt SSL certificate for your domain and configure Nginx.
![settingupssl](https://grid.media/assets/images/setting-up-ssl-02132019.png
Now the installer will ask you if you want to set up a systemd service. Confirm it by typing yes to accept, Now the installer will create a new systemd service called ghost_example.com and enable it to start on boot.
![ghostsystemd](https://grid.media/assets/images/ghost-ubuntu-setup-systemd-02132019.png
Now the installer will set up the database and ask if you want to start Ghost, then enter Yes to confirm it.
![startghostonubuntu](https://grid.media/assets/images/start-ghost-on-ubuntu-02132019.png
## Complete the Ghost Setup
Now open your browser, go to your Ghost admin interface at https://IP Address/ghost/ then you will get a below output.
![welcometoghost](https://grid.media/assets/images/welcome-to-ghost-on-ubuntu-02132019.png
Now, Click on Create your account button. Then you will be prompted to Create your account screen. Now you have to enter up your Blog title and also your account Full name, Email address, and password.
After filling the details you have to click on the Invite your team button. In this page, you have to enter the email addresses of the collaborators. Then you can click on I’ll do this later, take me to my blog! Link. Then you will be redirected to the Ghost Dashboard as below.
From this dashboard, you can create new posts, add users and change Ghosts configuration.
## Conclusion
In this Guide, we have described how to install a production-ready Ghost instance.
[category] => photon
[updated] => 2019-02-27T10:06:33.208+0000
[created] => 2019-02-22T13:43:53.193+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => ghost
[1] => ubuntu
[2] => orbit
)
)
[109] => Array
(
[_id] => 5c73ad89ea1ada0007f221e6
[path] => how-to-install-mariadb-on-centos-7
[title] => How to Install MariaDB on CentOS 7
[subheading] => This guide will show you how to install mariadb on centos
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install MariaDB on CentOS 7](#install-mariadb-on-centos-7
- [Install MariaDB](#install-mariadb
- [Secure MariaDB Server](#secure-mariadb-server
- [Test the Installation](#test-the-installation
- [Conclusion](#conclusion
## Introduction
In this guide, we are going to explain to you how to install MariaDB on CentOS 7 and some additional recommended steps that you must take to increase the usability and security of your server.
[MariaDB](https://mariadb.org/ is one of the most popular database servers in the world. It is commonly installed as a part of the LEMP stack. It is an open-source database management system, developed by the MySQL developers as a replacement for MySQL. So, if you want MySQL installation for reference, follow our guide, [How to Install MySQL on CentOS 7](https://systemongrid.com/support/guides/how-to-install-mysql-on-centos-7. Between MySQL and MariaDB, [MariaDB is the preferable package and can work better](https://mariadb.com/kb/en/library/mariadb-vs-mysql-compatibility/.
## Prerequisites
Before installing MariaDB, you should have access to the CentOS 7 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with CentOS 7](https://systemongrid.com/support/guides/initial-server-setup-with-centos-7.
## Install MariaDB on CentOS 7
## Install MariaDB
Install MariaDB packages using the below command. Press “Y” when you are asked to confirm the installation.
```
$ sudo yum install mariadb-server
```
After the installation is done, start the MariaDB server using the below command.
```
$ sudo systemctl start mariadb
```
Now, check the status of the MariaDB server to make sure you have done the installation successfully.
```
$ sudo systemctl status mariadb
```
Output:
![centosmariadbstatus](https://grid.media/assets/images/centos7-mariadb-status-02132019.png
In the above output, you can clearly see that the MariaDB service is active and running.
Now, check if the MariaDB is starting at boot. You can do it by using the below command.
```
$ sudo systemctl enable mariadb
```
Output:
![centosmariadbenabled](https://grid.media/assets/images/centos7-mariadb-enabled-02132019.png
## Secure MariaDB Server
Now, it is time for you to secure the MariaDB server.
MariaDB uses a security script to modify the default security options like remote logins. Use the below command to run the security script.
```
$ sudo mysql_secure_installation
```
Then, you will be asked to enter the root password, which hasn’t set yet so you can hit the ENTER button.
![centosmariadbrootpassword](https://grid.media/assets/images/centos7-mariadb-root-password-02132019.png
After this, you will be asked to set a password for the root account. Enter “Y” if you want to set a password. After entering “Y”, you will need to enter a password and confirm it by re-entering the password.
![centosmariadbsetrootpassword](https://grid.media/assets/images/centos7-mariadb-set-root-password-02132019.png
If you don’t want to set a password for the root, you can also skip the above step by pressing the ENTER button. But, it is highly recommended to set a strong password for the root.
Then, you will be asked if you want to remove anonymous users. Press Y for yes, or any other key to continue. (We recommend accepting all the below security suggestions by entering “Y” in each step.
![centosmariadbremoveusers](https://grid.media/assets/images/centos7-mariadb-remove-anonymous-users-02132019.png
Then, you will be asked if you want to disallow root login remotely. Press Y for yes, or any other key to continue.
![centosmariadbdisallowrootlogin](https://grid.media/assets/images/centos7-mariadb-disallow-remote-login-02132019.png
Then, you will be asked to remove the test database and reload privilege tables. Press Y for yes, or any other key to continue.
![centosmariadbremovetestdatabase](https://grid.media/assets/images/centos7-mariadb-remove-test-database-02132019.png
Finally, you will get the following output.
![centosmariadbinstallationcompleted](https://grid.media/assets/images/mariadb-installation-completed-02132019.png
## Test the Installation
You can test your installation and know the information about it. For that, you need to connect to your MariaDB server as a root user (or, a user with password authentication using the below command.
```
$ mysqladmin -u root -p version
```
Output:
![centosmariadbversion](https://grid.media/assets/images/centos7-mariadb-version-02132019.png
The above output shows that the MariaDB installation has been successful.
## Conclusion
In this guide, you have learned how to install MariaDB on CentOS 7 and some additional steps that must be taken to increase the usability and security of your server.
[category] => photon
[updated] => 2019-02-27T10:00:01.475+0000
[created] => 2019-02-25T08:55:37.993+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mariadb
[1] => centos7
[2] => orbit
)
)
[110] => Array
(
[_id] => 5c73b8c1ea1ada0007f221e9
[path] => -how-to-install-mariadb-on-debian-9
[title] => How to Install MariaDB on Debian 9
[subheading] => This guide will show you how to install mariadb on debian
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install MariaDB on Debian 9](#install-mariadb-on-debian-9
- [Install MariaDB](#install-mariadb
- [Configure MariaDB](#configure-mariadb
- [Adjust User Authentication and Privileges - Optional](#adjust-user-authentication-and-privileges-optional
- [Test MariaDB](#test-mariadb
- [Conclusion](#conclusion
## Introduction
In this guide, we are going to explain to you how to install MariaDB on Debian 9 and some additional recommended steps that you must take to increase the usability and security of your server.
[MariaDB](https://mariadb.org/ is one of the most popular database servers in the world. It is an open-source database management system, developed by the MySQL developers as a replacement for MySQL. Debian 9 prefers MariaDB, which is developed by the MySQL developers as a replacement for MySQL. MariaDB is the default MySQL variant on Debian 9. So, if you want MySQL installation for reference, follow our guide, [How to Install the Latest MySQL on Debian 9](https://systemongrid.com/support/guides/how-to-install-the-latest-mysql-on-debian-9. Between MySQL and MariaDB, [MariaDB is the preferable package and can work better](https://mariadb.com/kb/en/library/mariadb-vs-mysql-compatibility/.
## Prerequisites
Before installing MariaDB on Debian 9, you should have access to the Debian server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Debian 9](https://systemongrid.com/support/guides/initial-server-setup-with-debian-9.
## Install MariaDB on Debian 9
## Install MariaDB
Before installing MariaDB, you need to update the packages on your server.
```
$ sudo apt update
```
Then, install the MariaDB package.
```
$ sudo apt install mariadb-server
```
## Configure MariaDB
Now, it is time for you to secure the MariaDB server. It uses a security script to modify the default security options like remote logins. Use the below command to run the security script.
```
$ sudo mysql_secure_installation
```
Then, you will be asked to enter the root password and if you want to change the root password. Since you already have a root password, you can answer “n”.
![debianmariadbskiprootpassword](https://grid.media/assets/images/skip-root-password-change-02132019.png
Then, you will be asked if you want to remove anonymous users. Press Y for yes, or any other key to continue. (We recommend accepting all the below security suggestions by entering “Y” in each step.
![debianmariadbremoveusers](https://grid.media/assets/images/remove-anonymous-users-02132019.png
Then, you will be asked if you want to disallow root login remotely. Press Y for yes, or any other key to continue.
![debianmariadbrootlogin](https://grid.media/assets/images/mariadb-root-login-02132019.png
Then, you will be asked to remove the test database and reload privilege tables. Press Y for yes, or any other key to continue.
![debianmariadb](https://grid.media/assets/images/remove-test-database-and-reload-privilege-tables-02132019.png
Finally, you will get the following output.
![debianmariadbissecure](https://grid.media/assets/images/mariadb-installation-is-secure-02132019.png
## Adjust User Authentication and Privileges - Optional
Instead of modifying the root account, it is highly recommended to create a new user with root privileges for administrative tasks and password-based access.
To do so, open the MariaDB prompt.
```
$ sudo mysql
```
Use the below command to create a new user. Replace the user name and password to match your details.
```
MariaDB [(none]> GRANT ALL ON *.* TO 'systemongrid'@'localhost' IDENTIFIED BY 'password' WITH GRANT OPTION;
```
Now, run the below command to make your changes effective.
```
MariaDB [(none]> FLUSH PRIVILEGES;
```
Then, exit the MariaDB Prompt.
```
MariaDB [(none]> exit
```
## Test MariaDB
You have installed and secured the MariaDB. Now, its time for you to test the MariaDB.
For that, check the status of the MariaDB database server.
```
$ sudo systemctl status mariadb
```
Output:
![debianmariadbstatuservice](https://grid.media/assets/images/mariadb-status-service-02132019.png
The above output shows that the MariaDB database server is active and running.
You can also test your MariaDB installation and know the information about it. For that, you need to connect to your MariaDB server as root user (or, a user with password authentication using the below command.
```
$ mysqladmin -u systemongrid -p version
```
Output:
![debianmariadbtesting](https://grid.media/assets/images/testing-the-mariaDB-installation-02132019.png
The above output shows that the MariaDB installation has been successful.
## Conclusion
In this guide, you have learned how to install MariaDB on Debian 9 and some additional steps that must be taken to increase the usability and security of your server.
[category] => photon
[updated] => 2019-02-27T09:58:24.443+0000
[created] => 2019-02-25T09:43:29.895+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mariadb
[1] => debian9
[2] => orbit
)
)
[111] => Array
(
[_id] => 5c73c071ad7df60006a9bcce
[path] => how-to-install-mysql-on-centos-7
[title] => How to Install MySQL on CentOS 7
[subheading] => This guide will show you how to install mysql on centos
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install MySQL on CentOS 7](#install-mysql-on-centos-7
- [Install MySQL](#install-mysql
- [Start MySQL](#start-mysql
- [Configure MySQL](#configure-mysql
- [Test MySQL](#test-mysql
- [Conclusion](#conclusion
## Introduction
In this guide, we are going to explain to you how to install MySQL on CentOS 7 and some additional recommended steps that you must take to increase the usability and security of your server.
[MySQL](https://www.mysql.com/ is one of the most popular open-source database management systems in the world. It is commonly installed as a part of the LEMP stack. To manage data, MySQL uses a relational database and a [Structured Query Language (SQL](https://en.wikipedia.org/wiki/SQL.
CentOS 7 prefers [MariaDB](https://mariadb.org/, which is developed by the MySQL developers as a replacement for MySQL. MariaDB will be installed even if you run the yum install mysql command on CentOS 7. So, if you want MariaDB installation for reference, follow our guide, [How to Install MariaDB on CentOS 7](https://systemongrid.com/support/guides/how-to-install-mariadb-on-centos-7. Between MySQL and MariaDB, [MariaDB is the preferable package and can work better](https://mariadb.com/kb/en/library/mariadb-vs-mysql-compatibility/.
## Prerequisites
Before installing MySQL, you should have access to the CentOS 7 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with CentOS 7](https://systemongrid.com/support/guides/initial-server-setup-with-centos-7.
## Install MySQL on CentOS 7
## Install MySQL
As we mentioned earlier, MariaDB will be installed even if you run the yum install mysql command on CentOS 7. So, you need to visit the MySQL Yum Repository which provides MySQL packages.
Locate the desired MySQL version and update it using the below command.
![centosmysqlversion](https://grid.media/assets/images/centos7-select-mysql-version-02132019.png
```
$ wget https://dev.mysql.com/get/mysql80-community-release-el7-2.noarch.rpm
```
After saving the rpm file is saved, verify the authenticity of the download using the below the command.
```
$ md5sum mysql80-community-release-el7-2.noarch.rpm
```
Output:
![](http://
Verify the above output with the relevant MD5 value on MySQL Yum Repository website.
![centosmysqlverifymd5value](https://grid.media/assets/images/verify-md5-value-02132019.png
Once you have verified the file is authentic, install the package.
```
$ sudo rpm -ivh mysql80-community-release-el7-2.noarch.rpm
```
The above command adds two MySQL yum repositories, and you can use them to install the MySQL server.
```
$ sudo yum install mysql-server
```
Enter “Y” to confirm that you want to continue.
![centosmysqlconfirminstallation](https://grid.media/assets/images/confirm-installing-mysql-on-centos7-02132019.png
You will also be asked to accept its GPG key. Enter “Y” to confirm that you want to continue.
![centosmysqlacceptgpakey](https://grid.media/assets/images/accept-gpg-key-02132019.png
## Start MySQL
Start the MySQL daemon using the command:
```
$ sudo systemctl start mysqld
```
Check the status of the MySQL server.
```
$ sudo systemctl status mysqld
```
Output:
![centosmysqlservicestatus](https://grid.media/assets/images/centos7-mysql-service-status-02132019.png
A temporary password must have generated for the root user. You can locate the password in the mysqld.log.
```
$ sudo grep 'temporary password' /var/log/mysqld.log
```
Output:
![centosmysqltemporarypassword](https://grid.media/assets/images/root-temporary-password-02132019.png
## Configure MySQL
MySQL uses a security script to modify the default security options like remote logins. Use the below command to run the security script.
```
$ sudo mysql_secure_installation
```
You will be asked to enter the default root password (the temporary password. After this, you will be asked to set a password for the root account. Enter “Y” if you want to set a password. After entering “Y”, you will need to enter a password and confirm it by re-entering the password.
![centosmysqlsecureserver](https://grid.media/assets/images/secure-mysql-server-deployment-02132019.png
You will get the estimated strength of the password and asked if you wish to continue with the password provided. Enter “Yes” to continue or “No” to enter another strong password.
![centosmysqlestimatedpassword](https://grid.media/assets/images/estimated-strength-of-the-password-02132019.png
Then, you will be asked if you want to remove anonymous users. Press Y for yes, or any other key to continue. (We recommend accepting all the below security suggestions by entering “Y” in each step.
![centosmysqlremoveusers](https://grid.media/assets/images/centos7-mysql-remove-anonymous-users-02132019.png
Then, you will be asked if you want to disallow root login remotely. Press Y for yes, or any other key to continue.
![centosmysqldisallowrootlogin](https://grid.media/assets/images/centos7-mysql-disallow-root-login-remotely-02132019.png
Then, you will be asked to remove the test database. Press Y for yes, or any other key to continue.
![centosmysqlremovetestdatabase](https://grid.media/assets/images/centos7-mysql-remove-test-database-02132019.png
Then, you will be asked to reload privilege tables. Press Y for yes, or any other key to continue.
![centosmysqlreloadprivileges](https://grid.media/assets/images/centos7-mysql-reload-privileges-tables-02132019.png
## Test MySQL
You can test your installation and know the information about it. For that, you need to connect to MySQL as a root user using the below command.
```
$ mysqladmin -u root -p version
```
Output:
![centosmysqlversion](https://grid.media/assets/images/centos7-mysql-version-02132019.png
The above output shows that the MySQL installation has been successful.
## Conclusion
In this guide, you have learned how to install MySQL on CentOS 7 and some additional recommended steps that must be taken to increase the usability and security of your server.
[category] => photon
[updated] => 2019-02-27T09:56:22.052+0000
[created] => 2019-02-25T10:16:17.244+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mysql
[1] => centos7
[2] => orbit
)
)
[112] => Array
(
[_id] => 5c73d7a6ea1ada0007f221ee
[path] => how-to-install-the-latest-mysql-on-debian-9
[title] => How to Install the Latest MySQL on Debian 9
[subheading] => This guide will show you how to install mysql on debian
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Install the Latest MySQL on Debian 9](#install-the-latest-mysql-on-debian-9
- [Add the MySQL APT Repository](#add-the-mysql-apt-repository
- [Install MySQL](#install-mysql
- [Secure MySQL](#secure-mysql
- [Test MySQL](#test-mysql
- [Conclusion](#conclusion
## Introduction
In this guide, we are going to explain to you how to install the Latest MySQL on Debian 9 and some additional recommended steps that you must take to increase the usability and security of your server.
[MySQL](https://www.mysql.com/ is one of the most popular open-source database management systems in the world. It uses a relational database and a [Structured Query Language (SQL](https://en.wikipedia.org/wiki/SQL to manage data. Debian 9 prefers [MariaDB](https://mariadb.org/, which is developed by the MySQL developers as a replacement for MySQL. MariaDB is the default MySQL variant on Debian 9. So, if you want MariaDB installation for reference, follow our guide, [How to Install MariaDB on Debian 9](https://systemongrid.com/support/guides/-how-to-install-mariadb-on-debian-9. Between MySQL and MariaDB, [MariaDB is the preferable package and can work better](https://mariadb.com/kb/en/library/mariadb-vs-mysql-compatibility/.
## Prerequisites
Before installing MySQL on Debian 9, you should have access to the Debian 9 server, created a non-root user account with sudo privileges and set up a firewall by following our guide, [Initial server setup with Debian 9](https://systemongrid.com/support/guides/initial-server-setup-with-debian-9.
## Install the Latest MySQL on Debian 9
## Add the MySQL APT Repository
As we mentioned earlier, Debian 9 prefers MariaDB. So, you need to visit the MySQL APT Repository which provides MySQL packages.
Locate the desired MySQL version and update it using the below command.
![debianmysqlaptrepository](https://grid.media/assets/images/add-mysql-apt-repository-02132019.png
```
$ cd /tmp
$ wget https://dev.mysql.com/get/mysql-apt-config_0.8.12-1_all.deb
```
After saving the rpm file, verify the authenticity of the download using the below the command.
```
$ md5sum mysql-apt-config_0.8.12-1_all.deb
```
Verify your output with the relevant MD5 value on MySQL APT Repository website.
![debianmysqlapt](https://grid.media/assets/images/mysql-apt-repository-02132019.png
If it is matched, you are all set to install.
```
$ sudo dpkg -i mysql-apt-config*
```
Then, you will get the following screen. Select your preferred version of MySQL. Then, go to “ok” menu option and hit the ENTER button.
![debianmysqlaptconfiguration](https://grid.media/assets/images/configuring-mysql-apt-config-02132019.png
Then, refresh the cache of your apt package to make the new packages available.
```
$ sudo apt update
```
## Install MySQL
Use the apt command to install the latest MySQL server package.
```
$ sudo apt install mysql-server
```
Then, you will be asked if you want to continue the installation, then enter “Y”, hit the ENTER button.
Then, you will get the following screen and asked to enter the root password. enter a strong password, confirm it by re-entering and hit on “ok”.
![debianmysqlpackageconfiguration](https://grid.media/assets/images/mysql-package-configuration-02132019.png
Then, you will see the below screen. Read it and hit on “ok”.
![debianmysqlcommunityserver](https://grid.media/assets/images/configuring-mysql-community-server-02132019.png
Then, you are asked to select a default authentication plugin. Select the option, Use Strong Password Encryption and hit on “ok”.
![debianmysqldefaultauthenticationplugin](https://grid.media/assets/images/default-authentication-plugin-02132019.png
With this, you have successfully installed the MySQL and it is running now. Check the status of the MySQL using the below command.
```
$ sudo systemctl status mysql
```
Output:
![debianmysqlstatus](https://grid.media/assets/images/mysql-status-02132019.png
The above output shows that your MySQL is installed and running successfully.
## Secure MySQL
MySQL uses a security script to modify the default security options like remote logins. Use the below command to run the security script.
```
$ sudo mysql_secure_installation
```
The script will ask you to give a password for further use within the MySQL system. Then, you will be asked, if you want to configure the VALIDATE PASSWORD PLUGIN. Press Y for yes, or any other key to continue without enabling.
![debianmysqlsecure](https://grid.media/assets/images/securing-mysql-02132019.png
Then, you will be asked to select a level of password validation.
![debianmysqlpasswordvalidation](https://grid.media/assets/images/password-validation-policy-02132019.png
Select any one among three levels of password validation, enter your new password. Then, you will be shown the strength of the password you have entered. Press Y if you are satisfied with the password.
![debianmysqlestimatedpassword](https://grid.media/assets/images/estimated-strength-password-02132019.png
Then, you will be asked if you want to remove anonymous users. Press Y for yes, or any other key to continue. (We recommend accepting all the below security suggestions by entering “Y” in each step.
![debianmysqlremoveusers](https://grid.media/assets/images/remove-mysql-users-02132019.png
Then, you will be asked if you want to disallow root login remotely. Press Y for yes, or any other key to continue.
![debianmysqldisallowrootlogin](https://grid.media/assets/images/disallow-root-login-remotely-02132019.png
Then, you will be asked to remove the test database. Press Y for yes, or any other key to continue.
![debianmysqlremovedatabase](https://grid.media/assets/images/remove-test-database-02132019.png
Then, you will be asked to reload privilege tables. Press Y for yes, or any other key to continue.
![debianmysqlreloadprivileges](https://grid.media/assets/images/reload-privileges-tables-02132019.png
## Test MySQL
You can test your installation and know the information about it. For that, you need to connect to MySQL as root user (or, a user with password authentication using the below command.
```
$ mysqladmin -u root -p version
```
Output:
![debianmysqlversion](https://grid.media/assets/images/mysql-version-02132019.png
The above output shows that you have successfully installed the latest MySQL on Debian 9.
## Conclusion
In this guide, you have learned how to install the latest MySQL on Debian 9 and some additional recommended steps that must be taken to increase the usability and security of your server.
[category] => photon
[updated] => 2019-02-27T09:50:49.085+0000
[created] => 2019-02-25T11:55:18.895+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => mysql
[1] => orbit
[2] => debian9
)
)
[113] => Array
(
[_id] => 5c73e698ea1ada0007f221ef
[path] => how-to-secure-apache-with-let's-encrypt-on-ubuntu-16.04
[title] => How To Secure Apache with Let's Encrypt on Ubuntu 16.04
[subheading] => This guide will show you how to secure apache with let's encrypt on ubuntu 16.04
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Installation of Certbot](#installation-of-certbot
- [Installation of Certbot Apache Package](#installation-of-certbot-apache-package
- [Updating the Firewall to Allow HTTPS Traffic](#updating-the-firewall-to-allow-https-traffic
- [Generating SSL Certificate](#generating-ssl-certificate
- [Verifying Certbot Auto-Renewal](#verifying-certbot-auto-renewal
## Introduction
With a growing trend in data breaches and intrusions, securing your website with encryption should be a top priority for any website owner or organization. [Let’s Encrypt](https://letsencrypt.org/ is a free, open and automated certificate authority that avails free certificates with TLS encryption at no cost. This is mostly beneficial for startups or users who are working on a tight budget.
In this article, we will show you how you can install Let’s encrypt Certificate with Certbot for Apache web server and later, configure the certificate to renew automatically without intervention.
You can decide to use the default Apache configuration or create separate Apache virtual host files.
## Prerequisites
Before you proceed, kindly ensure that the following prerequisites are met
### Ubuntu server 16.04 instance
### A regular non-root user with sudo privileges
### Apache web server installed
### A Fully Qualified Domain Name (FQDN with the A record pointing to our server’s public IP address. We are going to use linuxtechwhiz.info bought from Godaddy.com The A record of the domain name points to 38.76.11.174.
![apacheletsencryptdnsrecords](https://grid.media/assets/images/apache-lets-encrypt-dns-records-02132019.png
You can buy a domain or use a domain registrar of your choice.
## Installation of Certbot
Firstly, we need to install certbot to enable users to obtain the SSL certificate from Let’s Encrypt. We are going to use Ubuntu repositories because they contain up-to-date versions of software packages.
Begin by adding certbot repository
```
$ sudo add-apt-repository ppa:certbot/certbot
```
Press ENTER when prompted to continue adding the repository
![apacheletsencryptcertbotinstall](https://grid.media/assets/images/installation-of-certbot-02132019.png
## Installation of Certbot Apache Package
Next, we will install certbot using apt package manager as shown
```
$ sudo apt install python-certbot-apache
```
![apacheletsencryptcertbotpackage](https://grid.media/assets/images/certbot-apache-package-02132019.png
## Updating the Firewall to Allow HTTPS Traffic
If your installation already has ufw enabled, change the settings to allow HTTPS traffic. Nginx registers new profiles with every ufw firewall installation.
Confirm the status of your ufw
```
$ sudo ufw status
```
If the firewall is inactive, first allow OpenSSH and Apache Full then enable it.
To allow the HTTPS, you need to allow the Apache full profile and delete the redundant Apache HTTP allowed profile.
```
$ sudo ufw allow 'Apache Full'
```
![apacheletsencryptufw](https://grid.media/assets/images/ufw-apache-full-02132019.png
```
$ sudo ufw delete allow ‘Apache’
```
![apacheletsencryptdeleteufw](https://grid.media/assets/images/ufw-delete-allow-apache-02132019.png
Enable Apache by running
```
$ ufw enable
```
Press Yes to enable and save the configurations. To check the status of the firewall execute
```
$ ufw status
```
![apacheletsencryptufwstatus](https://grid.media/assets/images/apache-lets-encrypt-ufw-status-02132019.png
## Generating SSL Certificate
At this point, you may proceed to obtain Let’s encrypt SSL using the default configurations or set up a virtual host for your domain.
If you are comfortable with your default settings, run the command below
```
$ sudo certbot --apache -d example.com -d www.example.com
```
Where example.com is your domain. In our case, this will be linuxtechwhiz.info
```
$ sudo certbot --apache -d linuxtechwhiz.info -d linuxtechwhiz.info
```
You will be prompted for an email address. Provide a valid email address
![apacheletsencryptemailaddress](https://grid.media/assets/images/apache-lets-encrypt-enter-email-address-02132019.png
Next, agree to the terms of service
![apacheletsencryptterms](https://grid.media/assets/images/apache-lets-encrypt-agree-terms-and-conditions-02132019.png
You’ll be asked if you would like to share your email with EFF so that you can receive news and updates from Let’s Encrypt Authority. You can either opt in or out.
![apacheletsencryptshareemail](https://grid.media/assets/images/apache-lets-encrypt-share-email-address-with-eff-02132019.png
At this point, certbot will automatically detect if any virtual hosts have been configured and will deploy the SSL to the virtual host associated to our Domain name.
Note:
If you chose to proceed without configuring virtual hosts, then Certbot will select the default configurations as shown below
![](http://
## Type 2 - To Redirect HTTP to HTTPS
If virtual hosts were configured, then the SSL certificate will automatically be deployed to the virtual host associated with the domain name.
In this case, the virtual host file was configured at
```
# /etc/apache2/sites-available/linuxtechwhiz.info
```
![](http://
When prompted to choose whether to redirect HTTP traffic to HTTPS, type 2 to enable the redirection of HTTP to HTTPS
![apacheletsencryptselectredirection](https://grid.media/assets/images/apache-lets-encrypt-select-redirection-http-to-https-02132019.png
The configuration will thereafter be updated, and Apache web server will reload to pick up the new settings. certbot will conclude with a message informing you that the process was successful and the location of your certificates
![apacheletsencryptsslcertificate](https://grid.media/assets/images/apache-lets-encrypt-ssl-certificate-02132019.png
If you have reached this point, be sure that your Let’s encrypt certificate has been downloaded, installed and loaded.
Head out to your browser and reload.
Your URL should now change from http://example.com to https://example.com
In this case, http://linuxtechwhiz.info changes to https://linuxtechwhiz.info
![](http://
To obtain more information about the certificate, click on the small padlock icon at the beginning of the URL bar
![](http://
The following certificate information will be displayed
![apacheletsencryptsslcertificateinfo](https://grid.media/assets/images/ssl-certificate-information-02132019.png
As seen above, the certificate is issued by Let’s Encrypt Authority X3 and has been issued to linuxtechwhiz.info and is valid from 28th January 2019 to 28th April 2019.
Similarly, you can test your server at https://www.ssllabs.com/ssltest/ and if all went well, your site should get an ‘A’ grade as shown.
![apacheletsencrypttest](https://grid.media/assets/images/ssl-test-qualys-02132019.png
## Verifying Certbot Auto-Renewal
The validity of Let’s encrypt certificates is only 90 days. Usually, the renewal process is carried out by the certbot package which adds a renew script to /etc/cron.d directory. The script runs twice daily and will automatically renew any certificate within 30 days of expiry.
To test the renewal process, conduct a dry run test with certbot
```
$ sudo certbot renew --dry-run
```
![apacheletsencrptautorenewal](https://grid.media/assets/images/apache-lets-encrypt-ssl-certificate-auto-renewal-02132019.png
[category] => security
[updated] => 2019-02-27T09:46:31.938+0000
[created] => 2019-02-25T12:59:04.720+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => apache
[1] => let's encrypt
[2] => ubuntu
)
)
[114] => Array
(
[_id] => 5c751578ea1ada0007f22208
[path] => how-to-configure-secure-updates-and-installations-in-wordpress
[title] => How to Configure Secure Updates and Installations in WordPress
[subheading] => This guide will show you how to configure secure updates and installation in wordpress
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [How to Configure Secure Updates and Installations in WordPress](#how-to-configure-secure-updates-and-installations-in-wordpress
- [Setup Secure Updates with SSH Keys](#setup-secure-updates-with-ssh-keys
- [Create SSH Keys for WordPress User](#create-ssh-keys-for-wordpress-user
- [Edit WordPress Configuration to Use SSH Keys](#edit-wordpress-configuration-to-use-ssh-keys
- [Restart Apache Web Server and Test Results](#restart-apache-web-server-and-test-results
- [Conclusion](#conclusion
## Introduction
[WordPress](https://wordpress.com/ is a free and open-source Content Management System (CMS. It was designed to manage blogs. It is the most popular website management system with serving more than 60 million websites as of 2018. It allows you to develop a website and manage your content without coding. It can also be used to develop an operational website.
WordPress is a theme based platform which provides you with free and premium themes that can be integrated easily without any programming and designing language. It has a fantastic feature called plugins which can be used to add required modules and extend its functionality. It is multilingual and allows you to translate content in your language.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
You must have installed the LAMP stack. If you don’t have the LAMP stack, follow our guide, How to Install LAMP Stack on Ubuntu 18.04.
You must have installed WordPress. If you don’t WordPress, follow our guide, [How to Install WordPress with LAMP on Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-install-wordpress-with-lamp-on-ubuntu-18.04.
## How to Configure Secure Updates and Installations in WordPress
In this guide, we use “wp-user” and “www-data” as a WordPress user and Apache Web Server respectively. Make sure you replace them with your WordPress user and your Apache web server.
## Setup Secure Updates with SSH Keys
Create a WordPress user called “wp-user” using the adduser command. This will allow you to have control over the WordPress installation.
```
$ adduser wp-user
```
Then, you will be asked to enter a new password for your WordPress user. Enter a strong password. And, all the remaining fields are optional, you can leave those fields blank by pressing the ENTER button.
Use the cd command to change the directory to the WordPress installation directory.
```
$ cd /var/www/html/
```
Grant your WordPress user the ownership for everything within this directory.
```
$ chown -R wp-user:wp-user /var/www/html/
```
In the above command, the -R switch is used to change the ownership of the directory and its content.
## Create SSH Keys for WordPress User
Now, use the below command to switch to your WordPress user.
```
$ su - wp-user
```
Use the ssh-keygen command to create SSH keys. In the below command, the -t specifies the type of key to be generated and the -b specifies the number of bits.
```
$ ssh-keygen -t rsa -b 4096
```
You will be asked to enter a location to store SSH keys. You can choose the location, home/wp-user/wp-rsa. Press ENTER for all other fields to create a key without password authentication. Also, enter the file in which you want to save the key (/home/wp-user/.ssh/id_rsa: /home/wp-user/wp_rsa.
To make permissions secure, you can grant ownership to your WordPress user and group to your Apache web server.
```
$ chown wp-user:www-data /home/wp-user/wp_rsa*
$ chmod 0640 /home/wp-user/wp_rsa*
```
Create .ssh directory within your Wordress user’s home directory, give it the ownership and essential permissions so that web procedure can log in.
```
$ mkdir /home/wp-user/.ssh
$ chown wp-user:wp-user /home/wp-user/.ssh
$ chmod 0700 /home/wp-user/.ssh/
```
Copy the public key and paste it in authorized keys file to allow your WordPress user to log in using these credentials.
```
$ cp /home/wp-user/wp_rsa.pub /home/wp-user/.ssh/authorized_keys
```
Modify the ownership and permissions of these files to keep them more secure.
```
$ chown wp-user:wp-user /home/wp-user/.ssh/authorized_keys
$ chmod 0644 /home/wp-user/.ssh/authorized_keys
```
As the keys can only be used for logging in from within your WordPress site, restrict the key usuage to the local machine.
```
$ vi /home/wp-user/.ssh/authorized_keys
```
The file will be opened. Add the below line at the very beginning to restrict the key usage to the local machine.
```
from=”127.0.0.1″ ssh-rsa…
```
Then, save and close the file.
## Edit WordPress Configuration to Use SSH Keys
Install all the essential packages for WordPress to authenticate SSH logins.
```
$ yum update -y
$ yum install php5-dev libssh2-1-dev libssh2-php
```
Edit the WordPress configuration file and enter your details.
```
$ vi /var/www/html/wp-config.php
define(‘FTP_PUBKEY’,’/home/wp-user/wp_rsa.pub’;
define(‘FTP_PRIKEY’,’/home/wp-user/wp_rsa’;
define(‘FTP_USER’,’wp-user’;
define(‘FTP_PASS’,”;
define(‘FTP_HOST’,’127.0.0.1:22′;
```
Then, save and close the configuration file.
Now, run the below commands to change the access permissions to the file.
```
$ chmod 755 -R /var/www/html/wp-content
$ chown -R wp-user:www-data /var/www/html/wp-content
```
## Restart Apache Web Server and Test Results
After successfully completing the above steps, restart your Apache web server.
```
$ /etc/init.d/httpd restart
(or
$ service httpd restart
```
Now, its time to test the results. For that, log in to your WordPress dashboard by opening the following URL in your web browser.
```
yourdomain.com/wp-admin
```
Then, install a new theme to check if the settings are correctly configured. Follow the below steps to install a new theme.
```
Appearance >> Themes >> Install Themes
```
Select one theme, click on the “Activate” button and then the “Visit Site” button to see the results.
## Conclusion
As security is the primary most concern of your site, you need to update your installation, which must be done immediately upon any security release. So, In this guide, we explained to you how to configure secure updates and installations in WordPress.
[category] => photon
[updated] => 2019-02-27T09:45:20.344+0000
[created] => 2019-02-26T10:31:20.240+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => wordpress
[1] => orbit
)
)
[115] => Array
(
[_id] => 5c7528b03b2e4a000653f57f
[path] => how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
[title] => How To Install and Configure DKIM with Postfix on Debian Wheezy
[subheading] => This guide will show you how to install and configure dkim with postfix on debian wheezy
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [About DKIM](#about-dkim
- [Install OpenDKIM](#install-opendkim
- [Configure OpenDKIM](#configure-opendkim
- [Generate the Public and Private Keys](#generate-the-public-and-private-keys
- [Add the Public Key to the Domains DNS Records](#add-the-public-key-to-the-domains-dns-records
- [Conclusion](#conclusion
## Introduction
This guide describes how to install and configuring OpenDKIM, is an open source implementation of the DKIM sender authentication system.
## Prerequisites
You should have already know how to access the server over SSH, Postfix, and dovecot installed on your server.
## About DKIM
[DKIM](http://www.dkim.org/ stands for DomainKeys Identified Mail, is an email authentication technique that allows the receiver to check that an email was indeed sent and authorized by the owner of that domain. This is done by giving the email a digital signature. This DKIM signature is a header that is added to the message and is secured with encryption.
## Install OpenDKIM
You have to update your system before starting the installation.
```
$ sudo apt-get update
$ sudo apt-get dist-upgrade
```
First of all, install OpenDKIM and its dependencies.
```
$ sudo apt-get install opendkim opendkim-tools
```
Additional packages will be listed as dependencies, type yes and Enter to continue.
## Configure OpenDKIM
In order to configure OpenDKIM some files must be created and edited.
Now you have to start with the main configuration file using the below command.
```
$ sudo nano /etc/opendkim.conf
```
You have to add the below lines to the end of this configuration file. You can choose a custom port number for the socket, which is not used by a different application.
```
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost
```
This configuration file allows the message signing for one or more domains.
To connect the milter to postfix use the below command.
```
$ sudo nano /etc/default/opendkim
```
Include the below command and edit the port number only if a custom one is used.
```
SOCKET="inet:12301@localhost"
```
If you want to use this milter you have to configure postfix.
```
$ sudo nano /etc/postfix/main.cf
```
You have to ensure that these two lines are present in the postfix config file and those are not commented out.
```
milter_protocol = 2
milter_default_action = accept
```
It seems like the filter is already used by postfix, if the following parameters are present, just append the opendkim milter to them.
The port number should be the same as in opendkim.conf:
```
smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
non_smtpd_milters = unix:/spamass/spamass.sock, inet:localhost:12301
```
Define the parameters as follows:
```
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301
```
You have to create a directory structure that will hold the trusted hosts, key tables, signing tables and crypto keys:
```
$ sudo mkdir /etc/opendkim
$ sudo mkdir /etc/opendkim/keys
```
You have to specify the trusted hosts as follows:
```
$ sudo nano /etc/opendkim/TrustedHosts
```
You can use this file to define both ExternalIgnoreList and InternalHosts, messages originating from these hosts, domains and IP addresses will be trusted and signed.
Because our main configuration file declares TrustedHosts as a regular expressions file, we can use wildcard patterns.
Customize and add the following lines to the newly created file. Multiple domains can be specified, do not edit the first three lines.
```
127.0.0.1
localhost
192.168.0.1/24
*.example.com
#*.example.net
#*.example.org
```
Create a key table:
```
$ sudo vi /etc/opendkim/KeyTable
```
The key table contains selector/domain pair and the path to their private key.
```
mail._domainkey.numbeo.com numbeo.com:mail:/etc/opendkim/keys/numbeo.com/mail.private
```
Signing table creation:
```
$ sudo vi /etc/opendkim/SigningTable
```
To declaring the domain/email addresses and their selectors use the below file:
```
*@example.com mail._domainkey.example.com
```
## Generate the Public and Private keys
Change to the keys directory:
```
cd /etc/opendkim/keys
```
You have to create a separate folder for the domain to hold the keys:
```
sudo mkdir testdkim.com
cd testdkim.com
```
Generate the keys:
```
$ sudo opendkim-genkey -s mail -d testdkim.com
```
-s specifies the selector and -d specify the domain, this command will create two files, mail.private is our private key and mail.txt contains the public key.
You have to change the owner of the private key to opendkim using the below command.
```
$ sudo chown opendkim:opendkim mail.private
```
## Add the Public Key to the Domains DNS Records
To open mail.text use the below command.
```
$ sudo vi -$ mail.txt
```
The public key is defined under p parameter.
```
mail._domainkey IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5N3lnvvrYgPCRSoqn+awTpE+iGYcKBPpo8HHbcFfCIIV10Hwo4PhCoGZSaKVHOjDm4yefKXhQjM7iKzEPuBatE7O47hAx1CJpNuIdLxhILSbEmbMxJrJAG0HZVn8z6EAoOHZNaPHmK2h4UUrjOG8zA5BHfzJf7tGwI+K619fFUwIDAQAB" ; ----- DKIM key mail for example.com
```
Copy the key and add a TXT record to your domain’s DNS entries as follows:
```
Name: mail._domainkey.example.com.
Text: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5N3lnvvrYgPCRSoqn+awTpE+iGYcKBPpo8HHbcFfCIIV10Hwo4PhCoGZSaKVHOjDm4yefKXhQjM7iKzEPuBatE7O47hAx1CJpNuIdLxhILSbEmbMxJrJAG0HZVn8z6EAoOHZNaPHmK2h4UUrjOG8zA5BHfzJf7tGwI+K619fFUwIDAQAB"
```
You have to note the DNS changes. It may take a long time to propagate.
You have to restart the postfix and OpenDKIM using the below commands.
```
sudo service postfix restart
sudo service opendkim restart
```
Then you will get below output.
```
Congratulations! You have successfully configured DKIM for your mail server!
```
The configuration can be tested by sending an empty email to check- auth@verifier.port25.com and you will get a reply will be received. If it is working properly, then you can see DKIM check: pass under Summary of Results.
You will get like this.
```
Summary of Results
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
```
## Conclusion
In this guide, we have described How to install and configure DKIM with Postfix on Debian Wheezy.
[category] => orbit
[updated] => 2019-02-28T08:35:34.975+0000
[created] => 2019-02-26T11:53:20.285+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => dkim
[1] => postfix
[2] => debian
[3] => wheezy
[4] => orbit
)
)
[116] => Array
(
[_id] => 5c753091ad7df60006a9bcf7
[path] => how-to-configure-nginx-as-a-reverse-proxy-for-apache
[title] => How to Configure Nginx as a Reverse Proxy for Apache
[subheading] => This guide will show you how to configure nginx as a reverse proxy for apache
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [How to Configure Nginx as a Reverse Proxy for Apache](#how-to-configure-nginx-as-a-reverse-proxy-for-apache
- [Install Nginx Web Server](#install-nginx-web-server
- [Configure Nginx Web Server](#configure-nginx-web-server
- [Install Apache Web Server](#install-apache-web-server
- [Configure Apache Web Server](#configure-apache-web-server
- [Finish Up](#finish-up
- [Conclusion](#conclusion
## Introduction
[Apache](https://httpd.apache.org/ and [Nginx](https://www.nginx.com/ are the two most popular free and open-source cross-platform web servers in the world. Together, Apache and Nginx are estimated to serve over 50% of the traffic on the internet. To know how both the web servers stack up in different areas, follow our guide, Apache vs Nginx: Practical Considerations.
## Why Use Nginx and Apache Together
If you can’t choose between Apache and Nginx even after going through the benefits and limitations of both the servers, there is an option to use both as a combination. However, the practical way of approaching it is putting Nginx in front of Apache as a reverse proxy. In this combination, Nginx will take all the requests from clients. If a request is for static content, Nginx will deliver the content. If a request is for dynamic content, Nginx will proxy it onto Apache where it will be processed and rendered back the content to Nginx to provide it for the client.
## Prerequisites
You should have access to an Ubuntu 18.04 server and created a non-root user account with sudo privileges by following our guide, [Initial server setup with Ubuntu 18.04](https://systemongrid.com/support/guides/how-to-do-initial-server-setup-with-ubuntu-18.04.
## How to Configure Nginx as a Reverse Proxy for Apache
## Install Nginx Web Server
First, you need to install and configure Nginx web server which serves as the front end and delivers the static content. To do so, use the apt-get command.
```
$ sudo apt-get install nginx
```
Then, configure a virtual host to run on the front end.
## Configure Nginx Web Server
Now, you need to make a few changes in the Nginx configuration file.
```
$ sudo vi /etc/nginx/sites-available/example
```
Use the below configuration to set up to use Nginx web server as the front end server.
```
server {
listen 80;
root /var/www/;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}
location ~ /\.ht {
deny all;
}
}
```
The above configuration sets up a system where extensions with a .php ending will be switched to the Apache backend that runs on port 8080.
Active the virtual host using the command:
```
$ sudo ln -s /etc/nginx/sites-available/example /etc/nginx/sites-enabled/example
```
Besides doing that, delete the default nginx server block using the command:
```
$ sudo rm /etc/nginx/sites-enabled/default
```
## Install Apache Web Server
Now, install Apache, your backend web server.
```
$ sudo apt-get install apache2
```
The Apache web server will start running on port 80.
## Configure Apache Web Server
Now, you need to configure the Apache web server to take over the backend process. To do so, open the Apache ports file to set up the Apache on the correct port number.
```
$ sudo vi /etc/apache2/ports.conf
```
Find the following lines within the file, edit them to make Apache running on port 8080.
```
NameVirtualHost 127.0.0.1:8080
Listen 127.0.0.8080
```
Then, save and exit the file.
Copy the default Apache file’s layout and past it in the new virtual host file.
```
$ sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/example
```
```
$ sudo vi /etc/apache2/sites-available/example
```
Make sure the virtual host is running on port 8080 and your Document Root is correct.
```
```
Then, save and close the file.
Activate the virtual host with the following command.
```
$ sudo a2ensite example
```
Equip your backend web server, Apache with PHP. To do so, use the below command.
```
$ sudo apt-get install php5
```
Restart your both server to apply the changes.
```
$ sudo service apache2 restart
```
```
$ sudo service nginx restart
```
## Finish Up
You have set up the VPS with Nginx running on the front end of your site and Apache processing PHP, running on the back end of your site. Now, you can load your domain to take you to your site’s default page.
You can check if the information is being routed to Apache is working by running a PHP script.
For that, create the php.info file.
```
$ sudo vi /var/www/info.php
```
Paste the following line within the file.
```
phpinfo( ;
?>
```
Then, save and exit the file.
Now, open your web browser and type in your domain. You should be redirected to the PHP info screen mentioning that this is handled by Apache.
Use the below command to see which ports are open and which application is running on each one.
```
$ sudo netstat -plunt
```
## Conclusion
The combination of both the web servers, Nginx and Apache might be appealing for you to use Apache for serving dynamic content and Nginx for serving static content. It can be a great boost to your server.
[category] => orbit
[updated] => 2019-02-27T09:40:18.077+0000
[created] => 2019-02-26T12:26:57.998+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => nginx
[1] => apache
[2] => orbit
)
)
[117] => Array
(
[_id] => 5c75359cea1ada0007f22216
[path] => the-correlative-introduction-to-freebsd-for-linux-end-user-
[title] => The Correlative Introduction to FreeBSD for Linux End-user
[subheading] => This guide will explains you about freebsd for linux end user
[body] => ## Table of Contents
- [Introduction](#introduction
- [Similarities Between FreeBSD and Linux](#similarities-between-freebsd-and-linux
- [Differences Between FreeBSD and Linux](#differences-between-freebsd-and-linux
- [License](#license
- [Control Unit](#control-unit
- [Operating System](#operating-system
- [Hardware Support](#hardware-support
- [FreeBSD Origin vs Linux Origin](#freebsd-origin-vs-linux-origin
- [Supported Package](#supported-package
- [FreeBSD vs Linux Common Tools](#freebsd-vs-linux-common-tools
- [The Standard Shell](#the-standard-shell
- [Conclusion](#conclusion
## Introduction
[BSD](https://en.wikipedia.org/wiki/Berkeley_Software_Distribution (Berkeley Software Distributions and its licensed code are freely-distributable with liability and copyright retraction. BSD software is openly modified and is used in custody or commercial software. BDS is the most popular server platform and its open source Unix operating system. It includes [FreeBSD](https://en.wikipedia.org/wiki/FreeBSD, [OpenBSD](https://en.wikipedia.org/wiki/OpenBSD, [NetBSD](https://en.wikipedia.org/wiki/NetBSD, and BSDi's commercial BSD/OS. In this particular guide, we going to discuss comparatives between FreeBSD and Linux.
## Similarities Between FreeBSD and Linux
Here both FreeBSD and Linux are free and open source systems. Their users simply verify and upgrade source code with absolute freedom. To add both FreeBSD and Linux together they are borrowed from Unix-like why so they have libraries programmed and kernel, internals using algorithms copied from historic AT&T Unix. linux act as free Unix-like option with FreeBSD roots which same as to Unix systems. In fact, the number of tools and applications can be found at both FreeBSD or Linux they mostly share similar functions.
Most of the Linux applications are run by FreeBSD. It has a Linux conflict layer that can be install. While running FreeBSD Linux conflict layer can be installed with downloading running FreeBSD systems or AAC compact Linux with Linux conflict program such as aac_linux.ko.
At final we say that both have the same similarities to reach the same goal but at the same time, it has differences also. Where we going to discuss at below lines.
## Differences Between FreeBSD and Linux
Currently, there is no principle of choice between FreeBSD and Linux for most users.
In between those two functions, the most differences are listed below:
## License
On their license the first ever difference point is consist. To begin by Linux license, it is released under GPL license which has a chance to view, distribute and replace the source code with absolute freedom. To prevent the distribution binary-only source the GPL license helps for users. This type of license is secure and easy to allow distribution of the binary-only source. BDS license is more allowing that the GPL has no derivate work is required to maintain the license terms. Before making changes any user can distribute and update the code without having the previous version coding. They just need to have an original license of BSD.
Based on the user needs, the selection can be done between those two types of license. Beginning with a BSD license the most preferred one by many users based on its features. Actually, the license provides a chance to sell the software license under and have a chance to get back its source code. Where coming to the GPL license, which wants some care to the user as a software released.
You want to choose in between those two softwares, it is required understood the both of them licensing to get more use the methodology. where they used at development, to analyze in between there features which one exactly fit for a user.
## Control Unit
Where FreeBSD and Linux have launched two various types of license, here Linux kernel is controlled by the Linus Torvalds which is not at the same stage is not controlled with FreeBSD. Most of the end-users prefer to use FreeBSD in place of Linux why because it is free software. But this is not sufficient to differentiate those two to choose you in between both of them, look at below to pick your choice.
## Operating System
Where Linux majorly concentrates on the kernel system only, which not exist with FreeBSD during the complete operating system is continues. By the FreeBSD unit, only the kernel software is developed and manage as the same unit. At the same point, FreeBSD developers have a chance to handle fundamental operating systems remotely and accurately.
At the system, while handling Linux it has some difficulties because of the different components wants to manage from various sources so that the Linux team wants to bring together into groups having the same performance.
The possibility has to arrange optional software for both of the Linux and FreeBSD and distribution however they differ from managing part. With FreeBSD, they can easily manage together and at Linux do maintain separately.
## Hardware Support
While if you consider hardware support more than FreeBSD, Linux is much better it doesn't mean that the FreeBSD capacity to support hardware as Linux. It depends on your needs as required it differ on the manner. The FreeBSD will fit for the newest solutions, where if you want to generate the extreme graphs Linux is the better option.
## FreeBSD Origin vs Linux Origin
Where the origin of the two systems is another point of characteristics. Previously we discuss for the Unix operating system Linux is an alternative, drafted by Linus Torvalds and cooperate by a special team of hackers across the internet. Where Linux has the all required features in upgraded Unix. specific virtual memory shared libraries, demand loading appropriate memory management and many others. It is discharged under the general public license.
FreeBSD also has common features of its Unix ancestry. It has a type of Berkeley software disposal, the disposal of Unix developed at the California university. The main reason for developing the BSD is to follow the AT & T operating system through the open source alternative giving the user the capability to use BSD without bringing about the access of the AT & T license.
The complication of licensing is the most apprehension of developers. They try to attempt the maximum open source clone Unix. which affects the choice of end-user concerning the degree of open source of every system same as FreeBSD gives more freedom than Linux concerning it use from it released under BSD license.
## Supported Package
From the user's prospect, is there some other differences between those two systems is there support and availability of the software and source installed software. Linux circulation provides just the pre-executed binary packages which are not similar to FreeBSD, which has already packages and the form system for the execution and installation with their existing open source. Based on its ports FreeBSD provides you the possibility to pick in between the default making of pre-executed packages and your capability to customize your software while it is executed.
Those ports implement you to frame all the software available with FreeBSD. Additionally, there is a ranking of an organization all of them due to the directory /usr/ports. By reaching the location of the source files and some code about the way to utilize FreeBSD correctly.
To produce the packaged versions of software the ports gives the possibility. Alternately having the pre-compiled packages software. Where you can operate your system using the two i8nstallation methods.
## FreeBSD vs Linux Common Tools
An extensive number of common tools are applicable while using FreeBSD and entirely self-made by the FreeBSD team. In comparison, the Linux tools are from GNU so it has some control during their usage.
The case that FreeBSD is released under the BSD license is so favorable and useful. From you have the capability to maintain the core operating system, discipline the evolution of these applications. A few tools are similar to BSD and Unix tools from where they were borrowed but not the same as the case with GNU suite.
## The Standard Shell
The TCSH shell is used by inbuilt with FreeBSD. It is a calculated version to csh. From the FreeBSD is launched under the BSD license, it is not approved to use the bash shell that is a GNU component. On the scripting feature, only the difference between bash and TCSH shell consists. Certainly, the sh shell is more selected for the FreeBSD use from it is more Dependable and prevents some problems of scripting can be appealed using the TCSH or csh shell.
## Conclusion
At finally, you have an idea of how these two FreeBSD and Linux open source systems are correlative
[category] => orbit
[updated] => 2019-02-27T09:17:54.139+0000
[created] => 2019-02-26T12:48:28.053+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => freebsd
[1] => linux
[2] => orbit
)
)
[118] => Array
(
[_id] => 5c754d56ad7df60006a9bd05
[path] => an-initiation-to-the-linux-terminal-
[title] => An Initiation to the Linux Terminal
[subheading] => This guide will explains you about linux terminal
[body] => ## Table of Contents
- [Introduction](#introduction
- [Linux Terminal Emulator](#linux-terminal-emulator
- [The Shell](#the-shell
- [The Command Prompt](#the-command-prompt
- [Executing Commands](#executing-commands
- [Linux Without Arguments or Options](#linux-without-arguments-or-options
- [Linux with Both Options and Arguments](#linux-with-both-options-and-arguments
- [Linux Terminal Environment Variables](#linux-terminal-environment-variables
- [Conclusion](#conclusion
## Introduction
Linux terminal is an operating system or a kernel. Which is distributed under an open source license. One of the most popular and widely used kernels is Linux, and it is the strength of popular operating systems like [Debian](https://www.debian.org/, [Ubuntu](https://www.ubuntu.com/, [Fedora](https://getfedora.org/, and [Knoppix](http://www.knopper.net/knoppix/index-en.html. The main plus point of Linux is that programmers were capable to utilize the Linux kernel to build their own custom operating systems and it is user-friendly.
## Linux Terminal Emulator
Terminal emulator is programmed to use the terminal in a graphical environment.
As we know most of the users work with a graphical user interface(GUI for their Computer needs, the use of a terminal emulator is necessary for most Linux server users.
Here we show some free, frequently-used terminal emulators by operating systems:
### Mac OS X: terminal(default, i Term 2
### Windows: PuTTY
### Linux: Terminal, KDE Konsole, XTerm
As we listed above each terminal is easy to use and they have own set of features.
## The Shell
The shell is a command line interface which clarifies a user commands and script files at Linux system and informs to server’s operating system to accomplish with them. There have many shells widely used, they are C shell (csh and Bourne shell (sh. Every shell has its own set of feature and complexity, but they all aspect input and output redirection, variables, and condition-testing, between other things.
## The Command Prompt
First login to your server, you will commonly be addressed by the message of the day(MOTD, which is commonly an informational message that carries confused data such as the version of the Linux handling that the server is executing. After the MOTD, you will be released into the command prompt, which is where you concern commands to the server.
The data which is placed at the command prompt can be personalized by the user.
```
maddy@webapp: ~$
```
Here is a breakdown of the architecture of the command prompt:
### Maddy: username of the current user
### web app: hostname of the server
### ~: The current users home directory is expanded by this special ~ or tilde.
### $: It denotes the end of the command prompt it is a symbol of the prompt.
As we show the example below the command prompt will be like this if you logged as root.
```
root@webapp:/var/log#
```
## Executing Commands
Commands can be a concern at the command prompt by defining the name of an executable file, that can be a binary program or a script. The standard Linux commands and service that are installed with the OS, which allows you to operate the file system, build in the software packages, and construct the system and applications.
An example of a running command is said as a process. Where the command is compiled in the leading edge, by the default way that commands are executed, the user wants to wait for the process to complete before being exchanged to the command prompt, at which point they can proc concerning more commands.
At Linux, almost everything is case-sensitive, along with file and directory names,
commands, arguments, and options. If anything is not working as normal, double-check the logographic and case of your commands.
Here we execute a few examples that will envelop the basics of running commands.
## Linux Without Arguments or Options
To run a command without any help of arguments or options, directly place the RETURN at the name of a command.
If you did like that it will display its regular behavior, which changes from command to command. Let’s see an example if in case you execute Cd command beyond any arguments, you will get back to your present user’s home directory. The ls command with no arguments it will print a classifying of the present directory’s files. Then IP command with no arguments it displays a text that explains to you how to use IP command.
Check out by running ls command with no arguments to list the files and directories at your present directory.
```
ls
```
## Linux with Only Arguments
Here many commands welcome arguments or parameters, that can affect the action of the command. To use cd command is to send a single argument that defines which directory to change. For example, to replace the /usr/bin directory, at here many commands are installed, you need to concern this command:
```
cd /usr /bin
```
Note that how your command prompt’s present path has updated:
```
ls
```
## Linux with Only Options
The most number of commands accepts options, which also known as switches or flags, that update the action of the command. Options followed by a command which are indicated with a single-character by following more than two options, which are produced by original upper-case or lower-case letters.
To check working conditions of options use the ls command.
### - l: print a “long listing”, which builds additional details such as permissions, file sizes, ownership, and timestamps.
### -a: To print a list of all directory files, building private ones ( that start with.
To utilize the -l flag with ls, use the below command:
```
ls -l
```
As we discuss before, options can generally be grouped together. If you need to use “-l” and “-a” options together, you can run all together like below command:
```
ls -la
```
## Linux with Both Options and Arguments
While running commands the options and arguments are mostly combined together.
```
ls -la /home
```
If you see the above command ls is the command and -la is the options, and /home is the argument which expresses file or directory to list. It will display a complete listing of /home directory.
## Linux Terminal Environment Variables
The values are used to change commands and processes are executed is environment variables. By default number of environment variables will be set based on a few configuration files, when your server login for the first time.
## View the Value of a Variable
The Environment variable can be brought back by adding the variable name to a $. By placing the value at the expanded term to its required variable.
By using the echo command you can get the path value :
```
echo $PATH
```
Alternatively, you can use the HOME variable to change the home directory values:
```
cd $HOME
```
## Setting Environment Variables
As we seen in the above we learn that how to visit the environment variable, here we learn how to set up them:
To arrange the environment variable, you need to begin with the name, and then click the sign and then enter the required user details.
```
VAR=value
```
Export command is to export the variable, so here it is routed=through the child processes. It permits you to utilize the scripts which refer to an exported environment variable from your running page.
While setting the variable you can refer through the actual variables. If you place an application to the /opt/app/bin here you need to add the PATH environment variable to that directory with the below command :
```
export PATH=$PATH:/opt/app/bin
```
Check out that whether the path variable is added to /opt/app/bin with echo:
```
echo $PATH
```
Note: The above environment variable setting process is fit for only the present
Session. Nothing but if you enter into another session the setting you placed is not secure it will change.
## Conclusion
At finally, you have a basic idea upon the Linux terminal commands.
[category] => orbit
[updated] => 2019-02-27T08:40:48.774+0000
[created] => 2019-02-26T14:29:42.164+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => linux
[1] => orbit
)
)
[119] => Array
(
[_id] => 5c7553133b2e4a000653f597
[path] => object-storage-vs-block-storage-services
[title] => Object Storage vs Block Storage Services
[subheading] => This guide explains you the differences between Object Storage vs. Block Storage Services
[body] => ## Table of Contents
- [Introduction](#introduction
- [Block Storage](#block-storage
- [Object Storage](#object-storage
- [Conclusion](#conclusion
## Introduction
Data Storage is a baseline requirement for most of the applications and services. Because data storage requires flexibility and scalability. It is developed with modern techniques and tools. If you want to store a large amount or small amount of images, videos application developers need a solution for the storage and retrieval of user-generated content, backups etc.
Nowadays, complex deployments, large infrastructure came into work, so there is no use of the single server for saving files to disk. Now cloud providers are providing large storage for modern application deployments.
They are two types.
### Block Storage
### Object Storage
## Block Storage
Block storage provides a traditional block storage device like a hard drive over the network. With block storage, files are split into evenly sized blocks of data. Each block has its own address but with no additional information to provide more context for what that block of data is. It has several advantages.
## Advantages
People and Software can easily understand block storage and support files and filesystems.
Block devices are easy to understand. Every programming language can read and write files easily.
Access controls and Filesystem permissions are well understood.
These devices provide low latency IO, That’s why they are suitable for use by databases.
## Disadvantages
Storage is with one server at a time.
Payment for all the block storage space you have been allocated, Even though you are not using it.
Blocks and filesystems have limited metadata.
Through running server only, you can access block storage.
It needs more work and setup.
## Object Storage
Object storage also called object-based storage, is a computer data storage architecture that manages data as objects, as opposed to other storage architectures like block storages. Each object typically includes the data itself, a variable amount of metadata, and a globally unique identifier. Object storage can be implemented at multiple levels, including the device level, the system level, and the interface level.
In each case, object storage seeks to enable capabilities not addressed by other storage architecture, like Interfaces that can be directly programmable by the application, a namespace that can span multiple instances of physical hardware, and data-management functions like data replication and data distribution at object-level granularity.
Object-Storage systems allow the retention of massive amounts of unstructured data. It is used for purposes such as storing photos on Facebook, songs on Spotify, or files in online collaborations services as Dropbox.
## Advantages
A cost-effective structure, Means you have to pay for what you use.
It can able to store a large amount of metadata as well as your data blob can simplify your application architecture.
You don’t need to maintain hard drives and RAID arrays, As they handled by the service provider.
You can retrieve old versions of objects to recover from accidental overwrites of data. This is called the Optional Version.
A built-in public serving of static assets means one less server for you to run yourself.
## Disadvantages
Object Storage services can’t be used back like a traditional database, due to high latency.
OS cannot easily hold an object store like a normal disk.
There are some clients and adapters to help with this, But generally using and browsing an object store is not as easy as flipping through directories in a file browser.
In the Object store, you have to read and write the whole object once.
This has some performance issues. For example, In a filesystem, you can easily add a single line to the end of the log file. In the object storage system, you have to retrieve the object, add the new line and write the whole object back.
## Conclusion
In this guide, we have described the differences between Object Storage and Block Storage.
[category] => orbit
[updated] => 2019-02-27T08:43:50.688+0000
[created] => 2019-02-26T14:54:11.303+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => orbit
)
)
[120] => Array
(
[_id] => 5c765b5fea1ada0007f2222f
[path] => additional-recommended-steps-for-new-centos-7-servers
[title] => Additional Recommended Steps for New CentOS 7 Servers
[subheading] => This guide explains you about additional steps for new centos servers
[body] => ## Table of Contents
- [Introduction](#introduction
- [Prerequisites](#prerequisites
- [Basic Firewall Configuration](#basic-firewall-configuration
- [Time Zones Configuration](#time-zones-configuration
- [Synchronizing a Network Time Protocol](#synchronizing-a-network-time-protocol
- [Create a Swap File](#create-a-swap-file
- [Conclusion](#conclusion
## Introduction
In most cases, there are a few additional steps that are highly recommended for setting up the basic configuration for a new server. In this guide, we will explain to you about a few additional recommended steps for new CentOS servers.
## Prerequisites
You must have installed Initial server setup on CentOS 7 guide.
## Basic Firewall Configuration
A firewall is a protection from unauthorized access to a server. It is a network security device that monitors traffic to your server and allows or blocks specific traffic based on predetermined security rules. This is just a basic level of security for a server.
The firewalld service has an ability to do modifications, but it cannot drop the current connections, So you can turn it on before creation your firewall.
```
$ sudo systemctl start firewalld
```
Now the service set up and also running. To get set policy information for the firewall, you can use the firewall-cmd. It uses the concept of “Zones” to label the trust of other hosts on a network.
In this guide, we will adjust the policies for the default zone. When you reload our firewall, this will be the zone applied to your interfaces.
You have to add some exceptions to your firewall for approved services. SSH is the most essential because we need to retain administrative access to the server.
If you haven’t modified the port that the SSH daemon is running on, you can enable the service by name by entering below command.
```
$ sudo firewall-cmd --permanent --add-service=ssh
```
If you changed your SSH port for your server, then you have to specify the new port. And also include the protocol that the service uses. If your server has already restarted to use the new port then enter the below commands.
```
$ sudo firewall-cmd --permanent --remove-service=ssh
$ sudo firewall-cmd --permanent --add-port=4444/tcp
```
If you have a plan on running additional services, then you need to open a firewall for those as well. If you have a plan on running a conventional HTTP server, you have to enable the HTTP service.
```
$ sudo firewall-cmd --permanent --add-service=http
```
If you have a plan to run a web server with SSL/TLS enabled, You have to allow traffic for https as well.
```
$ sudo firewall-cmd --permanent --add-service=https
```
If you want SMTP email enabled, then you can enter the below command.
```
$ sudo firewall-cmd --permanent --add-service=smtp
```
If you want any additional services, then you can enable it by entering below command.
```
$ sudo firewall-cmd --get-services
```
If you want to see the list of exceptions that you implemented, you can use below command.
```
$ sudo firewall-cmd --permanent --list-all
```
To implement the changes, you have to reload the firewall by entering the below command.
```
$ sudo firewall-cmd --reload
```
After testing it will works as you expected. But you have to make sure that the firewall will be started at boot by entering below command.
```
$ sudo systemctl enable firewalld
```
## Time Zones Configuration
The first step is to set your server’s timezone. To do this use the timedatectl command.
To know available timezones use the below command.
```
$ sudo timedatectl list-timezones
```
Then you will get a list of time zones available for your server. If you find your region/timezone setting that is correct for your server, set it by entering the below command.
```
$ sudo timedatectl set-timezone region/timezone
```
For example, you can set it to United States eastern time, enter the below command.
```
$ sudo timedatectl set-timezone America/New_York
```
Then your system will be updated to use that timezone now. You can confirm by entering below command.
```
$ sudo timedatectl
```
## Synchronizing a Network Time Protocol
Till now, you have set your time zone, now you have to configure NTP. Then only your computers are synchronized with other servers.
For synchronizing NTP, we will use one service named ntp, which we can install from CentOS’s default repository.
```
$ sudo yum install ntp
```
Now, you have to start the service for this session. You also have to enable the service so that it is automatically started time the server boots.
```
$ sudo systemctl start ntpd
$ sudo systemctl enable ntpd
```
To align with the global servers your server will now automatically corrects its system clock.
## Create a Swap File
If we add swap to Linux server then it allows moving the less frequently accessed information from RAM to swap location on the disk.
Accessing data which is available on disk is little slower than accessing in the RAM but having swap is makes difference like application alive and crashing.
Generally, the amount of swap is equal to or double the amount of RAM is good.
By using the fallocate utility, to allocate the space for Swap file.
For example, if you want 4 GB file then we can create a file by the following command.
```
sudo fallocate -l 4G /swapfile
```
Once the file is created, then we need to restrict the access to the file, so that other process cannot see the file. Use the following command to do so.
```
sudo chmod 600 /swapfile
```
Now we are having a file with required permissions. If we want to tell the system for swap then use the following command.
```
sudo mkswap /swapfile
```
Now the system can use the swap file by using the below command.
```
sudo swapon /swapfile
```
If you want to modify the system file instead of a swap file then use the following command so that the server will automatically boot.
```
sudo sh -c ‘echo “/swapfile none swap sw 0 0” >> /etc/fstab’
```
## Conclusion
In this guide, we have described the Additional Recommended Steps for New CentOS servers.
[category] => orbit
[updated] => 2019-02-27T09:56:15.706+0000
[created] => 2019-02-27T09:41:51.918+0000
[published] => 1
[is_deleted] =>
[enabled] => 1
[contents] => Array
(
)
[format] => markdown
[tags] => Array
(
[0] => centos7
[1] => orbit
)
)
)