Apache Virtual Hosts on Debian 8

Step 1 — Creating the Directory Structure

The first step that we are going to take is to make a directory structure that will hold the site data that we will be serving to visitors.

Our document root, the top-level directory that Apache looks at to find content to serve, will be set to individual directories under the /var/www directory. We will create a directory for each of the virtual hosts we’ll configure.

Within each of these directories, we’ll create a folder called public_html that will hold the web pages we want to serve. This gives us a little more flexibility in how we deploy more complex web applications in the future; the public_html folder will hold web content we want to serve, and the parent folder can hold scripts or application code to support web content.

Create the directories using the following commands:

sudo mkdir -p /var/www/example.com/public_html
sudo mkdir -p /var/www/test.com/public_html

Since we created the directories with sudo, they are owned by our root user. If we want our regular user to be able to modify files in our web directories, we change the ownership, like this: Continue reading “Apache Virtual Hosts on Debian 8” »


Build NFS Server on CentOS 7

As the first step, we will install these packages on the CentOS server with yum:

yum install nfs-utils

Now create the directory that will be shared by NFS:

mkdir /var/nfsshare

Change the permissions of the folder as follows:

chmod -R 755 /var/nfsshare
chown nfsnobody:nfsnobody /var/nfsshare

We use /var/nfsshare as shared folder, if we use another drive such as the /home directory, then the permission chnges will cause a massive permissions problem and ruin the whole hierarchy. So in case we want to share the /home directory then permissions must not be changed. Next, we need to start the services and enable them to be started at boot time.  Continue reading “Build NFS Server on CentOS 7” »


Install webmin in Centos 7

Step 1 — Installing Webmin

First, we need to add the Webmin repository so that we can easily install and update Webmin using our package manager. We do this by adding a new file called /etc/yum.repos.d/webmin.repo that contains information about the new repository.

Create and open this new file using your text editor:

sudo vi /etc/yum.repos.d/webmin.repo

Then add these lines to the file to define the new repository:

name=Webmin Distribution Neutral

Save the file and exit the editor. Next, add the Webmin author’s PGP key so that your system will trust the new repository: Continue reading “Install webmin in Centos 7” »


Important Exim Commands

To get a count of messages in the queue

exim -bpc

Print a listing of the messages in the queue (time queued, size, message-id, sender, recipient)

exim -bp

Print a summary of messages in the queue (count, volume, oldest, newest, domain, and totals):

exim -bp | exiqsumm

Print what Exim is doing right now:


Display the version of Exim and the location of Exim configuration file: Continue reading “Important Exim Commands” »


The SSL/TLS Handshake: an Overview

Obligatory SSL/TLS Handshake Graphic
All SSL/TLS-related sites have their own version of a handshake diagram – here’s ours! (Click to enbiggen.)

Let’s Clear Up Some Confusion, If We Can
Some confusion about how SSL/TLS handshakes work is due to the handshake being only the prelude to the actual, secured session itself. Let’s try to address some common points: Continue reading “The SSL/TLS Handshake: an Overview” »


Allow large attachment (greater than 10MB) in ISPConfig postfix MTA

Just a small hack, but worked good on my ISPConfig 3 setup. Add the following:

nano /etc/postfix/main.cf

mailbox_size_limit = 104857600

Save and restart postfix service.

According to official postfix documentation:
message_size_limit (default: 10240000) The maximal size in bytes of a message, including envelope information. Note: be careful when making changes. Excessively small values will result in the loss of non-delivery notifications, when a bounce message size exceeds the local or remote MTA’s message size limit. Continue reading “Allow large attachment (greater than 10MB) in ISPConfig postfix MTA” »


Test your DNS using Dig, Nmap, Tcpdump

For DNS resolution to succeed to, the DNS server at will need to accept TCP and UDP traffic over port 53 from our server. A port scanner such as the nmap tool can be used to confirm if the DNS server is available on port 53 as shown below.

Note: To install nmap run ‘yum install nmap -y’.

[root@centos ~]# nmap -sU -p 53
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-26 15:22 AEST
Nmap scan report for
Host is up (0.00091s latency).
53/udp open|filtered domain
MAC Address: 02:00:79:55:00:0D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.29 seconds

[root@centos ~]# nmap -sT -p 53
Starting Nmap 6.40 ( http://nmap.org ) at 2015-08-26 15:22 AEST
Nmap scan report for
Host is up (0.00099s latency).
53/tcp open domain
MAC Address: 02:00:79:55:00:0D (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

Continue reading “Test your DNS using Dig, Nmap, Tcpdump” »


MySQL my.cnf tweak for faster importing large database

Few small hack will ease you importing large sized mysql dump in a bit faster process. The trick worked for me for a 70 GB dumped sql, can’t guarantee it’d work for you!


need to change the following:

innodb_buffer_pool_size = 4G
innodb_log_buffer_size = 256M
innodb_log_file_size = 1G
innodb_write_io_threads = 16
innodb_flush_log_at_trx_commit = 0

Why these settings ? Continue reading “MySQL my.cnf tweak for faster importing large database” »


Let’s Encrypt service with Pound server

In order to install Certbot on your server, follow the next steps: (make sure you have “git” installed on your system)

$sudo apt-get install git (if not previously installed)
$cd /opt
$sudo git clone https://github.com/certbot/certbot

Running the above commands will download the Certbot latest release from their git repo in the /opt folder. Then we need to stop any service that might be using port 80 on our server, since the installation type we will be performing on this tutorial is the “standalone” type described on the Cerbot documentation, there are other ways to install the certificates, it is up to your preference.
Since this tutorial is about Pound, we are assuming the daemon is already installed so we need to stop it:

$sudo service pound stop

once the service is stopped, run:

$cd /opt/certbot
$sudo ./letsencrypt-auto --text --email YOUR@EMAIL -d YOUR_DOMAIN --agree-tos --standalone certonly

by default, running the command above will generate the necessary key files (*.pem) in the following folder:


now, we need to create a private key file that Pound can understand, to do so run the following:

$sudo cat /etc/letsencrypt/live/YOUR_DOMAIN/privkey.pem /etc/letsencrypt/live/YOUR_DOMAIN/fullchain.pem > /etc/ssl/YOUR_DOMAIN.pem

doing so, will concatenate the privkey.pem file and the fullchain.pem file generated by Cerbot into a single file that will be stored into your ssl certificates folder, this is very important! Continue reading “Let’s Encrypt service with Pound server” »