Server Administration
close

on 31st December 2016 / by anoop.john
If you are looking to move your website from an http protocol to https protocol then you don't necessarily have to go for a paid SSL certificate. You could use the certificate provided by Let's Encrypt, which is a valid certifying authority. Here is a high level outline of what you should do to set up https on your webserver. We have documented how you should do it for nginx but a similar approach should work for other webservers as well. You will have to first install the certbot from https://certbot.eff.org/ to download certificates from letsencrypt.org. Certbot will automatically detect webservers and install certificates for latest versions of the operating systems. If you are using an unsupported operating system you can use the certonly and --standalone options to download the certificates to /etc/letsencrypt/live. You can then configure the webserver manually. If you are using nginx then you will have to set up the following section inside the server block inside the nginx configuration ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; You might also want to forward the http version of the site to the https version keeping the URLs by adding something like server { listen 80; server_name www.example.com; return 301 https://$server_name$request_uri; } You will also need to configure a cron job to renew the certificate as the certificates issued by Let's Encrypt expires in 90 days. You can set up a cronjob with something like the following 0 0 */25 * * /opt/certbot/certbot-auto renew --standalone --quiet --no-self-upgrade --pre-hook "service nginx stop" --post-hook "service nginx start" That is it. You are all set to use a certificate from Let's Encrypt on your webserver. Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). If you like the service, consider donating to Let's Encrypt. SSL Server Administration Web Security Leave a reply Your email address will not be published. Required fields are marker *
close

on 10th August 2015 / by antony.glen
Let's check how to add password protection to directories, there are many ways to add password protection to a directory. Here lets see how doing this with .htaccess. It is the built-in feature in Apache using htaccess method. By doing this we could restrict access to certain users or search engines. For creating an Apache password protected directories we will be needing a password file and the directory name which is to be password protected. We could perform this task by following a 3 step process. Configure Apache to use .htaccess file. Make a password file. Testing our configuration. 1. Configure Apache to use .htaccess file. Add AllowOverride AuthConfig directive to http.conf file for these directives to work. So our http.conf looks like, <Directory /var/www> Options Indexes Includes FollowSymLinks MultiViews AllowOverride AuthConfig Order allow,deny Allow from all </Directory> Save and restart Apache server. 2. Make a password file. Use htpasswd to create password for authentication when using Apache. For example, htpasswd -c password-file username -c: attribute denotes create new file, will re-write if password file already exists. username: second one username is used create user for password file. Password file should be kept were it is not accessible by web. To add new user using htpasswd, $> htpasswd -c /home/secure/<file> <username> Make sure the file created is readable by Apache. Now its time to create our htaccess file. Create an empty file .htaccess in our desired directory. Open the file for editing and add the commands below. AuthType Basic AuthName "Restricted Access" AuthUserFile /home/secure/<file> Require user <username> 3. Testing our configuration. Completing the step 2, we have almost finished. Now it is time to test the configuration, open the browser and try to access the directory were htaccess is added, eg: Go to: http://localhost/project/<dir> or http://example.com/<dir> If the above procedures are done correctly, the URL will be prompted to one login section requesting username and password. Hope you have found this article useful, feel free to share your thoughts. You may also look into other solved configurations related to htaccess over here. Please fell free to share your thoughts and doubts regarding this here. Apache Server Administration Access Control Leave a reply Your email address will not be published. Required fields are marker *
close

on 21st July 2015 / by deepa.n
Occasionally we might come across 500 Internal Server Errors on our website. Are you getting the same error? If yes, let us find out how to fix this issue. Internal Server Error messages indicate a server-side error and there is something wrong with the server configuration. However, ensure that whether the problem still exists, by trying the following methods. Because this can be a temporary issue, may be due to browser cache or cookies. Reload the web page. You can try: Clicking the 'Reload this page' icon in the browser Pressing F5 key on the keyboard Enter the URL on the browser's address bar and load the page again. Clear your browser's cache. Delete your browser's cookies. Restart your browser There are lots of reasons behind a 500 Error. However the most common causes are: Permissions Errors: An incorrect permission on one or more files or folders. PHP Timeout Issues: If your script connects to external resources timeout. A missing or erroneous .htaccess file Here is the complete error message for reference: How to fix 500 Internal Server Error on your site? Let us find out the actual reason behind the internal server error in the server error log first. Follow the below steps: Login to your cPanel account. Click on the 'Error Log' icon under 'Logs' in the cPanel home page. Go through the errors logged. From the error messages, we can identify whether internal server error occurred due to an incorrect permission or a PHP Timeout or the 500 server error caused due to missing/erroneous .htaccess file. Server Administration Leave a reply Your email address will not be published. Required fields are marker *
close

on 01st June 2015 / by aby.va
Backup should be an essential part of your computing experience if spend great amounts of time on computer and/or use computer for important persons or business dealings. We know there are so many stories of people who have lost all of their files due to computer viruses to ignore or system crashes. When backup files, you are storing your files separately. In this way, if computer is infected with a virus or crashes that results in a loss of files, But you can access to your files on backup disks or whatever other backup program you choose to use, such as online backup.i.e restore your files to your computer proper from these backup sources. We know how important server backup systems and regularly saved work is. We are all the victim of a wrong button pushed once or a power surge that can eradicate entire documents that have been the focus for hours. Consider what kind of damage this brings to larger scale companies. If thousands of documents and files that have suddenly vanished? Hourly, Daily, Weekly, or Monthly Data Storage? Give a chance for BQ Internet's Rsync backup system. Whether backing up 1GB or 100GB, Rsync technology gives the efficiency to perform daily remote backups with little resource usage. Features: Daily backup using Rsync technology RAID6 storage SSH encryption On-the-fly compression With a Samba mount get back online instantly. FTP access No data transfer limit No setup fee In BQ internet Rsync is used to greatly improves efficiency than traditional remote backup techniques. By synchronizing only those files that have changed after the last backup and using Rsync results in large bandwidth savings. Performing daily Rsync backups can result in less data transfer than it would take to perform two backups using the .tar.gz method in a given month when combined with on-the-fly compression. Backup server using BQ internet there is some steps for Rsync instructions. step 1:Log in server through telnet, SSH or another shell access method. If you use a control panel such as Plesk or Cpanel, you may do through the control panel. If there is a root access for user, log in as root. If not, log in through the account using to backups perform. Step 2:For using the SSH transport, create an RSA encryption key. Step 3:Copy your RSA encryption key to the BQ Internet backup system. Do this through the shell as well. # scp ~/.ssh/id_rsa.pub username@username.bqbackup.com:keys/server1 # ssh username@username.bqbackup.com mergekeysStep 4:then test rsync by copying a small directory like /etc: # rsync -avz -e ssh /etc username@username.bqbackup.com:server1This command should run without prompting for a password. If you are prompted for a password at this step, or receive any error messages, please contact technical support at support@bqinternet.com. Otherwise, congratulations on configuring rsync to work with our system. You may now add rsync as a daily cron job, as outlined in step 5. Step 5:As root, execute the following command (variations listed below): # echo "45 2 * * * root rsync -avz --exclude=/proc -e ssh / username@username.bqbackup.com:server1" >> /etc/crontab Some rsync configurations: Back up entire server: rsync -avz --exclude=/proc -e ssh / username@username.bqbackup.com:server1Back up home directories: rsync -avz -e ssh /home username@username.bqbackup.com:server1Back up specific users: rsync -avz -e ssh ~bob ~bill ~sarah username@username.bqbackup.com:server1Reference:Remote Backup @ BQ Internet Server Administration Leave a reply Your email address will not be published. Required fields are marker *
more_horiz
close

on 30th September 2013 / by Anoop John
On one of our recent projects we had an issue where the Drupal site search was not working. There was a search.html file present in the home folder to handle a Google custom search page outside of Drupal. Since the filename was not the same as the drupal search path we did not expect it to be the cause for the Drupal search to not work. What was happening was that Apache mod_negotation was mapping the requests to /search/node to /search.html/node because the path /search matched to the search.html file in the root folder. This was fixed by turning off option multiviews for the directory which disabled the content negotiation in Apache for the directory and made the search start working again. The following line was added to htaccess to achieve this Options -MultiViews Hope this helps. If you run into problems with Apache or Drupal you can reach out to us Drupal Apache Server Administration Leave a reply Your email address will not be published. Required fields are marker *
close

on 04th July 2013 / by sandeep.sasikumar
On certain servers, there are chances of our IP addresses getting blocked when we accidentally enter the wrong password multiple times or when we unintentionally try to ssh via the wrong port multiple times. The IP will be blocked for a certain period of time. If you have faced the same issue then read on to know how to block blacklisted IP addresses on a WHM based GNU/Linux server. Before trying to solve the problem we have to check the following things to identify where we went wrong: Check whether the username and password you entered is correct Check whether your passwords have unnecessary spaces. Check the default ssh-port Now lets see how to remove the blocked IP from WHM Login to WHM with the username and password [The funny part about the initial step is that now you won't be able to log into WHM because your IP is blocked, so try from any another connection with a different IP :) ]. After logging in to WHM the next step is to find out the 'Plugins' option. In the 'Plugins' option select 'ConfigServer Security&Firewall' In this option you will see a list of different features and from this list note the feature titled 'Temporary allow/deny', under this you can see your IP address. To unblock your IP address simply remove that IP from the IP address field. Now try connecting with your IP address and you should be able to acess it:) Linux System Administration Server Administration WHM Network Security Web Security Leave a reply Your email address will not be published. Required fields are marker * Alaa (not verified) access_time 27 May 2019 - 18:47 Thanks for the info. Anonymous (not verified) access_time 27 May 2019 - 18:47 i am using putty but not working my ip. Anonymous (not verified) access_time 27 May 2019 - 18:47 This is just what i have been looking for long. Got most of my routers ip blacklisted on whm. I read the tute, logged in the vps and cleared them up. Thanks Michelle (not verified) access_time 27 May 2019 - 18:47 It seems this normally happens when you make a change to a website or email on a diffrerent i.p. Either way thanks for the help. Jeffery (not verified) access_time 27 May 2019 - 18:47 May I know how to remove our IP from the Gmail blacklist? I need to know the reason why I was blacklisted. Here is my blog maxautoglass.com and I need help to configure a static IP address from Windows 7. Add new comment
close

on 16th November 2012 / by sandeep.sasikumar
If you own a website then there is a good chance that you are using cPanel. cPanel provides an graphical user interface to manage a Unix based web hosting account for everyone involved in it. If you want to know how to create a new cPanel account in WHM then continue reading. Follow the steps below to create a cPanel account Login to your WHM with the username and password. Click on the "Create a New Account" This will take you to a page where you have to enter the details of the Cpanel account you are planning to create. Enter the following details there. Domain information: You will have to enter the following details there Domain : Username : Password : Retype Password : Strength : Email : Package :Follow the steps below to select the package Choose a Package : Select Options Manually Settings: Choose the following there Cpanel Theme : Locale : Reseller settings DNS settings Mail Routing Settings After entering all the above data press the 'Create' button. Now you will have your Cpanel account. Linux System Administration Server Administration WHM cPanel Leave a reply Your email address will not be published. Required fields are marker *
close

on 31st July 2012 / by Anoop John
If you own a VPS or a dedicated server or a hosting server which allows you to have shell access then you can easily set up your own git server with as many users and as many repositories as can be stored in the space on your server. All you need to do this is a bit of system administration skills and a hosting server that allows you shell access. Read on to see how you can set up your own git server. The server software that will allow you to do this is gitolite. Another alternative is gitosis but the capabilities offered by gitolite is way ahead of gitosis. The main advantage of gitolite over gitosis is the ability to control user permissions on a branch basis in each repository. This is very critical to enforce git based development workflows. The installation of gitolite is very simple. git clone git://github.com/sitaramc/gitolite gitolite/install You can then create a symlink to the gitolite script to one of the paths in your $PATH variable. Now copy over your public key from your local machine to a file yourname.pub on the server and run gitolite setup -pk path_to_yourname.pub This will create the gitolite admin repository and set you as the administrator. Now all you have to do is to clone the admin repo on the machine from where you took your public key from and then make changes in the gitolite.conf to create repositories and set permissions to people work on the repositories or the branches in these repositories. More documentation on gitolite can be found at the gitolite project site. If you don't already have a VPS or a shared server we would recommend one of the following providers for your VPS / Dedicated server needs - Linode, WiredTree or Innohosting. We have hosted with all of these and have been pretty satisfied with the services of these providers. Linux Server Administration Git Version Control System Leave a reply Your email address will not be published. Required fields are marker *
close

on 30th July 2012 / by Anoop John
On a WHM/cpanel VPS server the httpd.conf is automatically generated from cpanel scripts based on templates and you are not supposed to change this file directly. Any changes that you make in the httpd.conf file will be lost when cpanel re-generates the file or when cpanel is updated. This is an inconvenience especially when your application requires you to make virtualhost modifications in the configuration. However cpanel provides an alternative way to edit the httpd.conf file. If you open /usr/local/apache/conf/httpd.conf you will see that there is documentation about the location where you can add additional configuration options for each virtualhosts. Each domain on the cpanel server can have its own custom configuration for the virtualhost corresponding to the domain. The main httpd.conf file would then inculde these custom configuration if is present on the server. The commented documentation says in httpd.conf says that custom settings will be included from /usr/local/apache/conf/userdata/std/2/username/domain.com/*.conf . So any files with .conf extension in the said path can be used to add custom virtualhost configuration. You have to first create a directory correspondging to the path above. You can do this as follows mkdir -p /usr/local/apache/conf/userdata/std/2/username/example.com cd /usr/local/apache/conf/userdata/std/2/username/example.com vi virtualhost.conf Remember to change example.com to the domain for which you are going to create the custom virtualhost configuration and username to the cpanel username of the user corresponding to the domain. Once you are done with making the modification you can re-create the httpd conf file by running the following command /scripts/ensure_vhost_includes --all-users That is all and your custom changes should be live and they will not be overwritten the next time cpanel recreates httpd.conf Server Administration WHM cPanel Leave a reply Your email address will not be published. Required fields are marker *
close

on 29th June 2012 / by Anoop John
Apache allows you to protect contents of specific directories in your website or the whole website from unauthorized access using a mechanism called httpd password protection. During development of new sites the partially built sites are protected from unauthorized access using httpd authentication. This could sometimes interfere with testing of integration with third party services that might expect some of your URLs to be accessible without authentication. Here is how you can exclude a given file or directory from httpd authentication The standard set of lines in htaccess to enabled httpd authentication is as follows AuthType Basic AuthName "Auth Required" AuthUserFile /path/to/.htpasswd Require valid-user Now adding the following below this will allow you to exclude directories and files # Allow access to excluded diretories SetEnvIf Request_URI "path/to/excluded/directory/" allow SetEnvIf Request_URI "path/to/excluded/file" allow Order allow,deny Allow from env=allow Satisfy any If you wrap the above in a <Limit GET> section you can limit the authentication to GET requests only. You can also allow access from specific IP addresses by adding the following for each IP you wish to allow Allow from 208.67.222.222 Apache Server Administration Drupal Security Web Security Access Control Leave a reply Your email address will not be published. Required fields are marker * Muddy Mind (not verified) access_time 27 May 2019 - 17:13 Nice work this helps me a lot to some basic changes in my blog :) Add new comment