Blog

  • xrdp

    xrdp allow you to connect to Linux Desktop using Windows Remote Desktop.

    First you need to install desktop environment. Installing something light weight like XFCE is better if you are using a remote server.

    apt-get install xfce4
    

    This will download approx 500 MB of files and install on Ubuntu 16.04.

    Next install xrdp

    apt-get install xrdp
    

    You need to open port 3389 in firewall.

    Some of the configuration files are

    /etc/default/xrdp
    /etc/xrdp/startwm.sh
    /etc/xrdp/xrdp.ini
    
  • SMTP

    To verify SMTP SPF/DKIM etc are set properly, sent a mail to check-auth2@verifier.port25.com, check the reply.

    Cloud providers like Amazon AWS, Alibaba, Microsoft Azure, Google Cloud and DigitalOcean do not allow you to run your own mail server. If you need to sent an email from your web application, you need to use one of the Transnational Email Services.

    Amazon AWS

    How to set Reverse DNS on Amazon EC2. Remove Email Restriction
    Amazon EC2
    Amazon Lightsail rDNS

    Alibaba Cloud

    Alibaba Cloud won’t allow SMTP. In case you need an SMTP port, you can request, but it only allows you to send emails using a third-party SMTP server. If you install an SMTP server on your server, Alibaba cloud will permanently disable port 25. For more info, see

    https://www.alibabacloud.com/help/faq-detail/56130.htm

    If your site needs to send an email, use DirectMail, transactional email service provided by Alibaba Cloud

    AlibabaCloud DirectMail

    Google Cloud

    https://cloud.google.com/compute/docs/tutorials/sending-mail

    Microsoft Azure

    https://blogs.msdn.microsoft.com/mast/2017/11/15/enhanced-azure-security-for-sending-emails-november-2017-update

    DigitalOcean

    They only allow SMTP after 60 days of use to avoid spam. Source: See pinned answer by alexdo

    https://docs.digitalocean.com/support/why-is-smtp-blocked

    Vulr

    Vultr blocks the SMTP port by default.

    https://www.vultr.com/docs/what-ports-are-blocked

    You need to fill out the form below to unblock the SMTP port.

    https://my.vultr.com/billing/unblock_smtp_port

    Linode

    SMTP is blocked by default. To unblock, create A record + rDNS for the hostname. Then open a support ticket at

    https://www.linode.com/community/questions/19082/i-just-created-my-first-linode-and-i-cant-send-emails-why

  • useradd

    To create a user, run

    useradd -m -s /bin/bash USERNAME

    -m = create home directory.
    -s = specify location of shell.

    To create a user with custom home directory, use

    useradd -d /var/www -s /bin/bash USERNAME

    Create user with sudo privileges

    useradd ubuntu --comment Ubuntu --groups adm,cdrom,dip,sudo --shell /bin/bash -m

    Create User with Specific User id

    Create the user “serverok” with uid 4223, run

    useradd -u 4223 serverok

    Create User to Run System Service

    -r option select gid/uid for running system service.

    groupadd -r prometheus
    useradd -r -g prometheus -s /sbin/nologin -d /usr/hostonnet/prometheus/ -c "prometheus Daemons" prometheus

    Related commands

    Create, delete, and modify local user accounts

    Add: useradd
    Delete: userdel
    Modify: usermod

    Create, delete and modify local groups and group memberships

    Add: groupadd
    Delete: groupdel
    Modify: groupmod

    To add a user to sudo/wheel group, see usermod

  • rpaf

    mod_rpaf is an apache module that translate proxy IP to real IP when apache web server is behind a proxy server.

    https://github.com/gnif/mod_rpaf/

    To install on Ubuntu, run

    apt install -y libapache2-mod-rpaf
    

    Config file available at

    root@vps528168:~# cat /etc/apache2/mods-enabled/rpaf.conf
        RPAFenable On
    
        # When enabled, take the incoming X-Host header and
        # update the virtualhost settings accordingly:
        RPAFsethostname On
    
        # Define which IP's are your frontend proxies that sends
        # the correct X-Forwarded-For headers:
        RPAFproxy_ips 127.0.0.1 ::1 193.70.86.5
    
        # Change the header name to parse from the default
        # X-Forwarded-For to something of your choice:
        RPAFheader X-Real-IP
    root@vps528168:~# 
    

    Apache

  • Nginx Proxy Configuration

    To configure Nginx as a proxy, use the following configuration

    server {
        listen *:80;
        client_max_body_size 100M;
        proxy_read_timeout 600s;
        proxy_buffer_size   128k;
        proxy_buffers   4 256k;
        proxy_busy_buffers_size   256k;
        location / {
            proxy_set_header X-Real-IP  $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://127.0.0.1:81;
        }
    }

    If you need to serve images using static files, add the following block to Nginx config

        location ~ ^/(images|javascript|js|css|flash|media|static)/ {
            root /home/domain.com/html/;
            index index.php index.html;
            expires 30d;
        }

    Rule to handle SSL verification

    If you are proxying traffic to an application server, you may need Nginx to handle requests for SSL verification. In that case, add the following to the server block, above location / entry.

        location ~ ^/.well-known/ {
            allow all;
            autoindex on;
            root /var/www/html;
        }

    Example

    https://gist.github.com/serverok/8fb73df8135774f292bb2cc86446ae2c

    Nginx Rails Origin header didn’t match request.base_url

    HTTP to HTTPS Redirect

    If you do proxying on HTTPS, then you can use the following config for HTTP to handle SSL verification and redirect to HTTPS.

    server {
        listen 80;
        server_name YOURDOMAIN.TLD;
        location ~ ^/.well-known/ {
            allow all;
            autoindex on;
            root /var/www/html;
        }
        location / {
            return 301 https://$host$request_uri;
        }
    }

    Nginx Proxy Config with Caching

    Here is Nginx proxy config with caching.

    proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache:30m max_size=250m;
    proxy_temp_path /tmp/nginx_proxy 1 2;
    
    server {
        client_max_body_size 100M;
        location / {
            proxy_pass http://127.0.0.1:8000/;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_cache cache;
            proxy_cache_bypass $myCookie;
            proxy_no_cache $myCookie;
            proxy_cache_valid 30m;
            proxy_cache_key $host$scheme$proxy_host$request_uri;
            # force caching
            # proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
        }
    }

    If cookie “myCookie” is present, nginx won’t serve the cached page to that visitor.

    Back to Nginx

  • Install pureftpd on Ubuntu

    To install pure-ftpd on Ubuntu, run

    apt install pure-ftpd -y
    

    Create a system user

    useradd -d /var/www -s /bin/bash USERNAME
    chown -R USERNAME:USERNAME /var/www
    passwd USERNAME
    

    Enable Unix Authentication

    To allow system user to login using FTP, edit file

    vi /etc/pure-ftpd/pure-ftpd.conf
    

    Uncomment the line

    UnixAuthentication           yes
    

    Or

    echo 'yes' > /etc/pure-ftpd/conf/UnixAuthentication
    

    On Ubuntu, after default install, you have following settins.

    root@server:/etc/pure-ftpd/auth# ll
    total 8
    drwxr-xr-x 2 root root 4096 Jan 28 05:52 ./
    drwxr-xr-x 5 root root 4096 Jan 28 06:20 ../
    lrwxrwxrwx 1 root root   26 Feb  5  2018 65unix -> ../conf/UnixAuthentication
    lrwxrwxrwx 1 root root   25 Feb  5  2018 70pam -> ../conf/PAMAuthentication
    root@server:~# cat /etc/pure-ftpd/auth/65unix 
    no
    root@server:~# cat /etc/pure-ftpd/auth/70pam 
    yes
    root@server:~# 
    

    PAMAuthentication enabled. UnixAutehticiation disabled. This allow system users to login using PAM.

    pureftpd

  • Pure-FTPd

    To install Pureftpd on CentOS, run

    yum install pure-ftpd
    

    To start/stop, use

    systemctl start pure-ftpd
    systemctl stop pure-ftpd
    

    To enable system users to login, edit /etc/pure-ftpd/pure-ftpd.conf, un comment the line UnixAuthentication yes.

  • ERROR 2006 (HY000) at line 348: MySQL server has gone away

    When i try to restore a MySQL database, i get following error.

    [root@server2 ~]# mysql sok_wp < /var/www/sok_wp.sql
    ERROR 2006 (HY000) at line 348: MySQL server has gone away
    [root@server2 ~]# 
    

    To fix the error, edit file

    /etc/my.cnf.d/my.cnf
    

    Add

    max_allowed_packet=64M
    

    Restart MySQL

    service mysql restart
    

    if using mariadb, run

    service mariadb restart
    

    MySQL

  • Reinstall a package using apt

    To reinstall a package, run

    apt install --reinstall PKG_NAME

    Example

    apt reinstall

    Reinstall kernel

    apt install --reinstall linux-image-$(uname -r)
    update-grub

    dpkg apt

  • dpkg

    To force delete a package, run

    dpkg --purge --force-depends PKG_NAME

    List all Installed packages

    dpkg -l

    List all files in a package

    dpkg -L PKG_NAME

    To find which package provides a file

    dpkg -S /usr/bin/nmap

    To get a list of packages upgraded/installed today

    grep "$(date '+%Y-%m-%d')" /var/log/dpkg.log | grep -E "(install|upgrade) "

    Apt

  • File Sharing

    pydio

    Pydio is open source share sharing application. Source code available in github https://github.com/pydio

    https://pydio.com

    https://www.linshare.org

    Scripts

  • sendgrid

    Sendgrid is a SMTP (Transactional Email Provider).

    https://sendgrid.com

    Sendgrid allow you to send email from your applications using SMTP or API.

    SASL authentication no mechanism available