Blog

  • jetbackup

    JetBackup is a remote backup program for Cpanel Servers. You can get it from

    https://docs.jetbackup.com/v5.2/adminpanel/generalInformation.html#installation-guide

    To install Jetbackup for Cpanel, run

    bash <(curl -LSs http://repo.jetlicense.com/static/install)
    jetapps --install jetbackup5-cpanel stable

    Once installed, you need to do the following

    1) Add a backup destination
    2) Create a Backup Jobs

  • Cpanel CloudLinux set all users to use alt-php

    If your cpanel server have cloudlinux + PHP Selector installed, you need to set all site to use inherit PHP before you can use PHP Selector.

    This can be done in MultiPHP Manager or using command line

    for i in $(cut -d: -f1 /etc/userdatadomains );do whmapi1 php_set_vhost_versions version=inherit vhost-0=$i;done
    

    Tis command will set all web sites to use inherit PHP.

    To set all site to use alt-PHP 7.4, run

    selectorctl --change-to-version=7.4 --version=native
    

    This will change PHP version for all sites that use native PHP to alt-PHP 7.4

    Or you can use

    cd /var/cpanel/users
    ls -1 | awk '{ print "selectorctl --set-user-current=7.4 --user="$1 }' | sh
    

    See cloudlinux

  • Ant Media Server

    Ant Media Server is a media streaming server with WebRTC support.

    https://antmedia.io
    Install Ant Media Server on CentOS 8
    Ant Media Server Ubuntu firewall configuration
    Steaming to Anti Media Server using ffmpeg

    Open Source versiong of Ant Media Server can be downloaded from

    https://github.com/ant-media/Ant-Media-Server

    Install Anti Media Server on Ubuntu 18.04

    At the time of writing this post, latest version of Ant Media Server is ant-media-server-2.0.0-community-2.0.0-20200504_1842.zip, replace it with latest version available on github.

    cd /usr/local/src
    wget https://github.com/ant-media/Ant-Media-Server/releases/download/ams-v2.0.0/ant-media-server-2.0.0-community-2.0.0-20200504_1842.zip
    wget https://raw.githubusercontent.com/ant-media/Scripts/master/install_ant-media-server.sh 
    chmod 755 install_ant-media-server.sh
    ./install_ant-media-server.sh ant-media-server-2.0.0-community-2.0.0-20200504_1842.zip
    

    After installation, you will see Ant Meida Server listens on following ports

    [root@Ant-Media-Server ~]# netstat -lntp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0      0 127.0.0.1:5599          0.0.0.0:*               LISTEN      1594/jsvc.exec      
    tcp        0      0 0.0.0.0:34501           0.0.0.0:*               LISTEN      1594/jsvc.exec      
    tcp        0      0 0.0.0.0:1935            0.0.0.0:*               LISTEN      1594/jsvc.exec      
    tcp        0      0 0.0.0.0:5080            0.0.0.0:*               LISTEN      1594/jsvc.exec      
    [root@Ant-Media-Server ~]# 
    

    To access Ant Media Server, go to

    http://your-server-ip:5080

    When visiting first time, you will be asked to create a new user.

    Ant Media Server

    Installing SSL

    To install SSL, you need to point a domain or sub domain to server IP, then run following commands

    cd /usr/local/antmedia
    ./enable_ssl.sh -d YOUR_DOMAIN_HERE
    

    After installation, you will be able to access site using HTTPS on following URL

    https://YOUR_DOMAIN_HERE:5443

    Test Video Streaming Applictaion available at

    https://YOUR_DOMAIN_HERE::5443/WebRTCApp/

    Manage Anti Media Server

    To start/stop/restart Ant Media Server, use

    systemctl start antmedia
    systemctl stop antmedia
    systemctl restart antmedia
    

    Firewall

    Anti Media Server use following ports

    tcp:1935 - RTMP
    tcp:5080 - HTTP
    tcp:5443 - HTTPS
    tcp:5554 - RTSP
    udp:5000-65000 - WebRTC & RTSP
    
  • Bash if statement

    Check if first augment to script is –help

    if [ "$1" = "--help" ]; then
        echo "$0 --help = shows help"
        exit 0
    fi
    

    Check if a file exists and is executable

    if [ -f "/usr/bin/curl" ]; then
        echo "curl exists"
    fi
    

    Check if a binary file exists and is executable

    if [ -x "/usr/bin/curl" ]; then
        echo "curl exists and executable"
    fi
    

    Check if previous command was sucessfull or not

    if [ "$?" != 0 ]; then
        echo failed
        exit 1
    fi
    

    Check if variabe set or not

    if [ -z ${USER} ]; then
        echo "\$USER not set"
    else
        echo "\$USER =  $USER"
    fi
    
  • Install Python 3.8 on CentOS 6 from source

    To install Python 3.8 on CentOS, you need to install OpenSSL as the one installed by CentOS from yum is very old.

    cd /usr/local/src
    wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz
    tar xvf openssl-1.1.1g.tar.gz
    cd openssl-1.1.1g
    ./config --prefix=/usr/serverok/openssl --openssldir=/usr/serverok/openssl no-ssl2
    make
    make install
    

    Now edit file

    vi ~/.bash_profile
    

    at end of the file, add

    export PATH=/usr/serverok/openssl/bin:$PATH
    export LD_LIBRARY_PATH=/usr/serverok/openssl/lib
    export LC_ALL="en_US.UTF-8"
    export LDFLAGS="-L/usr/serverok/openssl/lib -Wl,-rpath,/usr/serverok/openssl/lib"
    

    Make the settings active with command

    source ~/.bash_profile
    

    Now we can install Python 3.8 with

    cd /usr/local/src
    wget https://www.python.org/ftp/python/3.8.4/Python-3.8.4.tar.xz
    tar xvf Python-3.8.4.tar.xz
    cd /usr/local/src/Python-3.8.4
    make clean && make distclean
    ./configure --enable-optimizations  --with-openssl=/usr/serverok/openssl/
    make altinstall
    

    Now python 3.8 will be available in your system under /usr/local/bin

    root@server12:~# python3.8 --version
    Python 3.8.4
    root@server12:~# which python3.8
    /usr/local/bin/python3.8
    root@server12:~# 
    
  • apt-get An error occurred during the signature verification

    When running apt update, i get following error

    W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: http://packages.cloud.google.com cloud-sdk-jessie InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 6A030B21BA07F4FB
    

    To fix this error, run

    apt-key adv --keyserver keys.gnupg.net --recv-keys 6A030B21BA07F4FB
    
  • Expired Updates for this repository will not be applied

    When running apt update on a Debian jessie server, i get following error

    E: Release file for http://archive.debian.org/debian/dists/jessie-backports/InRelease is expired (invalid since 513d 20h 41min 47s). Updates for this repository will not be applied
    

    To fix the error, run

    echo "Acquire::Check-Valid-Until false;" | sudo tee -a /etc/apt/apt.conf.d/10-nocheckvalid
    
  • Nginx show full url in access log

    To show the full URL in the nginx access log, add the following

    log_format main '$remote_addr - $remote_user [$time_local] '
                    '"$request_method $scheme://$host$request_uri $server_protocol" '
                    '$status $body_bytes_sent "$http_referer" '
                    '"$http_user_agent" $request_time';

    If you are behind a reverse proxy, replace $remote_addr with $http_x_forwarded_for

    See Nginx

  • logrotate nginx log by date

    Logrotate by default rotate logs with numbers like following

    logrotate nginx access log

    You can configure how many logs to keep and how to rotate lots by editing logrotate configuration file for nginx

    root@ok:~# cat /etc/logrotate.d/nginx 
    /var/log/nginx/*.log {
    	daily
    	missingok
    	rotate 14
    	compress
    	delaycompress
    	notifempty
    	create 0640 www-data adm
    	sharedscripts
    	prerotate
    		if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
    			run-parts /etc/logrotate.d/httpd-prerotate; \
    		fi \
    	endscript
    	postrotate
    		invoke-rc.d nginx rotate >/dev/null 2>&1
    	endscript
    }
    root@ok:~# 

    rotate 14 – this tells logrotate to keep logs for 14 days.

    If you need to rotate logs by date, add

            dateext
            dateformat -%Y-%m-%d

    Example

    /var/log/nginx/*.log {
            daily
            missingok
            rotate 14
            compress
            delaycompress
            notifempty
            create 0640 www-data adm
            dateext
            dateformat -%Y-%m-%d
            sharedscripts
            prerotate
                    if [ -d /etc/logrotate.d/httpd-prerotate ]; then \
                            run-parts /etc/logrotate.d/httpd-prerotate; \
                    fi \
            endscript
            postrotate
                    invoke-rc.d nginx rotate >/dev/null 2>&1
            endscript
    }

    See Logrotate

  • Stop xmlrpc.php attack on Cpanel Server

    xmlrpc.php is part of wordpress. It is used for some API. This is used by hackers to bruteforce WordPress installations, that can cause high server load and slow server performance.

    On cpanel server, to prevent xmlrpc.php attack go to

    WHM > Service Configuration > Apache Configuration > Include Editor

    click on “Pre Main Include”, then select your apache version.

    On text box below, paste

    <IfModule mod_alias.c>
      RedirectMatch 301 /xmlrpc.php http://127.0.0.1/
    </IfModule>

    Click Update.

    Prevent xmlrpc.php attack on Cpanel Server

    All request to xmprpc.php will be blocked.