Administrations | Bots!

Using NGinx to serve static files and Apache for dynamic

September 6, 2019 by Rumi

Apache is a great web-server, but it has a pretty heavy memory footprint. It can get quite restrictive quite quickly, especially if you’re on a system will limited resources (given how many people now run on a VPS, and the poor disk IO of these systems it’s all the more important – swapping is slow).

The way around it, is to configure your system to use NGinx as a reverse-proxy. Depending how many virtualhosts you have, you can make the changes almost completely transparently within about 10 minutes.

Pre-Requisites

First, we need to be able to install NGinx, which means setting up the EPEL repo (if you already have it enabled, skip this step)

CentOS 6.x

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Now that the repo is installed, we need to install NGinx

yum install nginx

Configuring NGinx

Now that NGinx is installed we need to create a VirtualHost (actually NGinx calls them Server Blocks) for each site we are hosting.

nano /etc/nginx/conf.d/virtual.conf

#Insert one of these for each of the virtualhosts you have configured in Apache
server {
listen 80;
root /path/to/site/root; 
index index.php index.html index.htm;
server_name www.yourdomain.com yourdomain.com;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://127.0.0.1:8080;
}

location ~ /\.ht {
deny all;
}
}

This configuration tells NGinx to try and serve the requested file, but to pass the request onto Apache if it’s unable to do so. Requests for PHP files should be forwarded automatically. Apache will be told who requested the file in the ‘X-Forwarded-For’ header.

Configuring Postfix to block outgoing mail to all but one domain

September 6, 2019 by Rumi

This is so simple to do, but I have to look it up every time I need it (not something that comes up regularly!);

When configuring a development server, you may find you have a need to ensure that emails will not be sent to any domain except those you explicitly permit (for example if you’re using real-world data to do some testing, do you want to send all those users irrelevant emails?).

This documentation details how to configure Postfix on a Linux server to disregard any mail sent to domains that are not explicitly permitted.

Don’t use IPTables

You could, of course, add two IPTables rules to the outgoing chain. The first of which would allow connections on Port 25 to the domain you wish to allow, the second blocking connection to any server on Port 25.

It’ll block the mail from being sent, but will mean that every one of those messages sits in the mail queue for 60 days until it’s disregarded. You could reconfigure the timeout, but given the ease of the steps below, what’s the point?

Use Transport Mapping

Using this method, we can tell Postfix to either reject the mail, or disregard it. The latter is generally the preferred method as we want the sending application to believe the mail has been sent.

Install VirtualBox on Centos 6 / 7

September 6, 2019 by Rumi

Step 1 – Add Required Yum Repositories

Firstly you are required to add VirtualBox yum repository in your system. Download repository file from its official site and place it under at /etc/yum.repos.d/virtualbox.repo .First navigate to /etc/yum.repos.d/ directory and use one of below commands as per your operating system.

cd /etc/yum.repos.d/
wget http://download.virtualbox.org/virtualbox/rpm/rhel/virtualbox.repo

The CentOS and RedHat users also required to add EPEL yum repository using one of the following commands.

### On CentOS/RHEL 7 ### 
rpm -Uvh http://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

### On CentOS/RHEL 6 ### 
rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

Step 2 – Install Required Packages

Before installing VirtualBox make sure to install all required packages to run VirtualBox like kernel-headers, kernel-devels etc. Use the following command to install the required packages.

Monitor and Manage your services with Monit on CentOS 6 / RHEL 6

September 6, 2019 by Rumi

Install Monit

For Debian/Ubuntu

Monit is easiest to install through apt-get:

sudo apt-get install monit

For RHEL:

Configure EPEL repo to download the latest Monit package.

[root@server ~]# rpm -Uvh http://epel.mirror.net.in/epel/6/i386/epel-release-6-8.noarch.rpm
[root@server ~]# yum -y install monit

Once monit downloads, you can add programs and processes to the configuration file:

sudo nano /etc/monit/monitrc

Monit can be started up with a command that then keeps it running in the background

monit

Typing monit status displays monit’s details:

The Monit daemon 5.3.2 uptime: 1h 25m
System 'myhost.mydomain.tld'
status Running
monitoring status Monitored
load average [0.03] [0.14] [0.20]
cpu 3.5%us 5.9%sy 0.0%wa
memory usage 26100 kB [10.4%]
swap usage 0 kB [0.0%]
data collected Thu, 30 Aug 2012 18:35:0

Configure Monit

Monit is very easy to use nearly out of the box. By default, it is set up to check that services are running every 2 minutes and stores its log file in “/var/log/monit.log”.

Debian Wheezy repository

September 2, 2019 by Rumi

Debian wheezy is no longer supported. It is two major releases older than stable. It has not received any updates since 31 May 2018. The resolution is to dist-upgrade to oldstable, or to stable.

You can still use the archive repository but there is no more updates:

deb http://archive.debian.org/debian wheezy main
deb http://archive.debian.org/debian-archive/debian-security/ wheezy updates/main

NGINX as a Reverse Proxy

August 30, 2019 by Rumi

Configure NGINXPermalink

At this point, you could configure Node.js to serve the example app on your Linode’s public IP address, which would expose the app to the internet. Instead, this section configures NGINX to forward all requests from the public IP address to the server already listening on localhost.

Basic Configuration for an NGINX Reverse ProxyPermalink

Create a configuration file for the app in /etc/nginx/conf.d/. Replace example.com in this example with your app’s domain or public IP address:

server {
listen 80;
listen [::]:80;

server_name example.com;

location / {
proxy_pass http://localhost:3000/;
}
}

The proxy_pass directive is what makes this configuration a reverse proxy. It specifies that all requests which match the location block (in this case the root / path) should be forwarded to port 3000 on localhost, where the Node.js app is running.

Proxmox change from local-lvm to local storage

August 30, 2019 by Rumi

First remove the existing LVM-Thin:

lvremove pve/data

Then create an normal lvm on existing group. For example:

lvcreate -L 755.96G -n data pve

Format it:

mkfs.ext4 /dev/pve/data

Mount it in the fstab. The mount target must be empty, so delete everything in there.

/dev/pve/data /var/lib/vz ext4 defaults 0 2
rm -rf /var/lib/vz/* && mount -a

After all create you normal directory storage.

Installing NTP Service and change timezone in CentOS 6 / CentOS 7

August 30, 2019 by Rumi

Let’s install NTP service first:

yum install ntp

Configure NTP services by updating the following section (only if appropriate):

nano /etc/ntp.conf

And by commenting on the sections:

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst

In my case I used the following National Time Server of Bangladesh:

server bsti1.time.gov.bd
server bsti2.time.gov.bd

save and restart the ntp service.

Change Timezone on a CentOS 6 and 7

How do I see the current time zone on CentOS Linux?

Type the date command or the ls command:

$ date
$ ls -l /etc/localtime

Another option is to type the following command on systemd based distro such as CentOS 7 to see timezone along with the grep command and timedatectl command:

Install and integrate DKIM with OpenDKIM and Postfix on a CentOS 6

February 4, 2024August 24, 2019 by Rumi

UPDATE THE SYSTEM

Before going any further, make sure you’re in a screen session and your system is fully up-to-date by running:

## screen -U -S opendkim-screen
## yum update

ENABLE EPEL REPOSITORY

OpenDKIM is available in the EPEL repository, so we need to enable it on the system before we can install OpenDKIM

## wget -P /tmp http://mirror.pnl.gov/epel/6/i386/epel-release-6-8.noarch.rpm
## rpm -Uvh /tmp/epel-release-6-8.noarch.rpm
## rm -f /tmp/epel-release-6-8.noarch.rpm

Update: Feb-04-2024

Enable the EPEL Repository on CentOS 6.x, RHEL 6.x, or Oracle Linux 6.4 or higher. This section describes how to download and install the EPEL repository.

Download the EPEL repository:
wget https://archives.fedoraproject.org/pub/archive/epel/6/x86_64/epel-release-6-8.noarch.rpm
Install the EPEL repository:
rpm -Uvh epel-release-6*.rpm

INSTALL OPENDKIM

Install the package using yum:

## yum install opendkim

CONFIGURE OPENDKIM

Next thing to do is to configure OpenDKIM. Its main configuration file is located in /etc/opendkim.conf, so before making any changes create a backup and add/edit the following:

Nginx Reverse Proxying Multiple Domains Using map Module

August 24, 2019 by Rumi

map_hash_bucket_size 128;
map $http_host $backend_servers {
hostnames;
    default                         www.example.com;
    frontend.example2.com           backend.example2.com
    frontend.example3.com           backend.example3.com
    www.example.org                 backend.example.org
}
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
server {
    location / {
        proxy_pass  http://$backend_servers
    }
}