Category: Linux – ServerOK

Add SSL for ISPConfig Control Panel

November 15, 2019

by ServerOk with No Comment Linux

To add SSL for ISPConfig control panel, add server hostname as a web site in ISPConfig and enable the LetsEnrypt checkbox. That will get SSL installed for your hostname. Make sure you verify hostname resolve to the ISPConfig server before doing this or SSL validation fail.

Once you have valid LetsEncrypt SSL certficate installed on your site, create file

mkdir /usr/serverok
vi /usr/serverok/ispconfig-ssl

1 2	mkdir /usr/serverok vi /usr/serverok/ispconfig-ssl

Add following content

#!/bin/bash

rm -f /usr/local/ispconfig/interface/ssl/ispserver.crt
rm -f /usr/local/ispconfig/interface/ssl/ispserver.key
rm -f /usr/local/ispconfig/interface/ssl/ispserver.pem
cp /etc/letsencrypt/live/$(hostname -f)/fullchain.pem /usr/local/ispconfig/interface/ssl/ispserver.crt
cp /etc/letsencrypt/live/$(hostname -f)/privkey.pem /usr/local/ispconfig/interface/ssl/ispserver.key
cat /usr/local/ispconfig/interface/ssl/ispserver.{key,crt} > /usr/local/ispconfig/interface/ssl/ispserver.pem
chmod 600 /usr/local/ispconfig/interface/ssl/ispserver.pem

cat /usr/local/ispconfig/interface/ssl/ispserver.crt > /etc/postfix/smtpd.cert
cat /usr/local/ispconfig/interface/ssl/ispserver.key > /etc/postfix/smtpd.key

service postfix restart
service dovecot restart
systemctl restart apache2

#!/bin/bash

rm -f /usr/local/ispconfig/interface/ssl/ispserver.crt

rm -f /usr/local/ispconfig/interface/ssl/ispserver.key

rm -f /usr/local/ispconfig/interface/ssl/ispserver.pem

cp /etc/letsencrypt/live/$(hostname -f)/fullchain.pem /usr/local/ispconfig/interface/ssl/ispserver.crt

cp /etc/letsencrypt/live/$(hostname -f)/privkey.pem /usr/local/ispconfig/interface/ssl/ispserver.key

cat /usr/local/ispconfig/interface/ssl/ispserver.{key,crt} > /usr/local/ispconfig/interface/ssl/ispserver.pem

chmod 600 /usr/local/ispconfig/interface/ssl/ispserver.pem

cat /usr/local/ispconfig/interface/ssl/ispserver.crt > /etc/postfix/smtpd.cert

cat /usr/local/ispconfig/interface/ssl/ispserver.key > /etc/postfix/smtpd.key

service postfix restart

service dovecot restart

systemctl restart apache2

If you use nginx, replace apache2 on last line with nginx.

Now set a cronjob

crontab -e

1	crontab -e

Add

@weekly /usr/serverok/ispconfig-ssl >> /var/log/ispconfig-ssl.log

1	@weekly /usr/serverok/ispconfig-ssl >> /var/log/ispconfig-ssl.log

Now you should be able to access ISPConfig with url https://HOSTNAME:8080

Related Posts

ispconfig

Split Large file into smaller files

November 12, 2019

by ServerOk with No Comment Linux

Today i was transfer a large 7 GB backp file into another server. Every time i copy it get disconnected after some time and i have to transfer again. When trasftering large file, it is better split it into smaller files, this way if one of the file trafer failed, you only need to trasfer this specific file again. With rsync, it make it easy as you can sync all files to remote server.

To split a large file into smaller parts, run

split -b 500MB  LARGE_FILE.tar.gz

1	split -b 500MB LARGE_FILE.tar.gz

This command will split large file into smaller files with 500 MB size each. You can specify a differnt size if you need.

Once all files are on new server, you can combine it into one file with command

cat * > LARGE_FILE.tar.gz

1	cat * > LARGE_FILE.tar.gz

When you do cat *, make sure only split files are in current folder.

Related Posts

tar
rsync

ISPConfig fail to create MySQL database

November 11, 2019

by ServerOk with No Comment Linux

Whem creating MySQL database in ISPConfig, no database get created. To debug, i disabled the cronjob. Created a database in ISPConfig control panel, run cronjob manually, it shows following error

[root@vs-sok ~]# /usr/local/ispconfig/server/server.sh
PHP Warning:  mysqli::mysqli(): (28000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/ispconfig/server/plugins-available/mysql_clientdb_plugin.inc.php on line 528
11.11.2019-13:45 - ERROR - Unable to connect to mysqlAccess denied for user 'root'@'localhost' (using password: YES)
PHP Warning:  mysqli::mysqli(): (28000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/ispconfig/server/plugins-available/mysql_clientdb_plugin.inc.php on line 184
11.11.2019-13:45 - ERROR - Unable to connect to mysqlAccess denied for user 'root'@'localhost' (using password: YES)
finished.
[root@vs-sok ~]# /usr/local/ispconfig/server/server.sh
PHP Warning:  mysqli::mysqli(): (28000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/ispconfig/server/plugins-available/mysql_clientdb_plugin.inc.php on line 472
11.11.2019-13:46 - ERROR - Unable to connect to mysql: Access denied for user 'root'@'localhost' (using password: YES)
finished.
[root@vs-sok ~]#

[root@vs-sok ~]# /usr/local/ispconfig/server/server.sh

PHP Warning: mysqli::mysqli(): (28000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/ispconfig/server/plugins-available/mysql_clientdb_plugin.inc.php on line 528

11.11.2019-13:45 - ERROR - Unable to connect to mysqlAccess denied for user 'root'@'localhost' (using password: YES)

PHP Warning: mysqli::mysqli(): (28000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/ispconfig/server/plugins-available/mysql_clientdb_plugin.inc.php on line 184

11.11.2019-13:45 - ERROR - Unable to connect to mysqlAccess denied for user 'root'@'localhost' (using password: YES)

finished.

[root@vs-sok ~]# /usr/local/ispconfig/server/server.sh

PHP Warning: mysqli::mysqli(): (28000/1045): Access denied for user 'root'@'localhost' (using password: YES) in /usr/local/ispconfig/server/plugins-available/mysql_clientdb_plugin.inc.php on line 472

11.11.2019-13:46 - ERROR - Unable to connect to mysql: Access denied for user 'root'@'localhost' (using password: YES)

finished.

[root@vs-sok ~]#

This is because ISPConfig can’t connect to MySQL server for creating new MySQL database. To fix, edit file /usr/local/ispconfig/server/lib/mysql_clientdb.conf

vi /usr/local/ispconfig/server/lib/mysql_clientdb.conf

1	vi /usr/local/ispconfig/server/lib/mysql_clientdb.conf

Update MySQL password for user root on this file. The content of the file look like

<?php

$clientdb_host                  = 'localhost';
$clientdb_user                  = 'root';
$clientdb_password              = 'MYSQL_ROOT_PW_HERE';

?>

<?php

$clientdb_host = 'localhost';

$clientdb_user = 'root';

$clientdb_password = 'MYSQL_ROOT_PW_HERE';

Related Posts

ISPConfig

Install SSL for ISPConfig Control Panel

November 9, 2019

by ServerOk with No Comment Linux

First find hostname for the server using command

hostname -f

1	hostname -f

Now create file

mkdir /usr/serverok/
vi /usr/serverok/ssl-hostname-renew

1 2	mkdir /usr/serverok/ vi /usr/serverok/ssl-hostname-renew

Add following content to the file

#!/bin/bash


cd /usr/local/ispconfig/interface/ssl/
mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak
mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak
mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak
ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt
ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key
cat ispserver.{key,crt} > ispserver.pem
chmod 600 ispserver.pem
systemctl restart apache2

cd /etc/postfix/
mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak
mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak
ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert
ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key
service postfix restart
service dovecot restart

cd /etc/ssl/private/
mv pure-ftpd.pem pure-ftpd.pem-$(date +"%y%m%d%H%M%S").bak
ln -s /usr/local/ispconfig/interface/ssl/ispserver.pem pure-ftpd.pem
chmod 600 pure-ftpd.pem
service pure-ftpd-mysql restart

#!/bin/bash

cd /usr/local/ispconfig/interface/ssl/

mv ispserver.crt ispserver.crt-$(date +"%y%m%d%H%M%S").bak

mv ispserver.key ispserver.key-$(date +"%y%m%d%H%M%S").bak

mv ispserver.pem ispserver.pem-$(date +"%y%m%d%H%M%S").bak

ln -s /etc/letsencrypt/live/$(hostname -f)/fullchain.pem ispserver.crt

ln -s /etc/letsencrypt/live/$(hostname -f)/privkey.pem ispserver.key

cat ispserver.{key,crt} > ispserver.pem

chmod 600 ispserver.pem

systemctl restart apache2

cd /etc/postfix/

mv smtpd.cert smtpd.cert-$(date +"%y%m%d%H%M%S").bak

mv smtpd.key smtpd.key-$(date +"%y%m%d%H%M%S").bak

ln -s /usr/local/ispconfig/interface/ssl/ispserver.crt smtpd.cert

ln -s /usr/local/ispconfig/interface/ssl/ispserver.key smtpd.key

service postfix restart

service dovecot restart

cd /etc/ssl/private/

mv pure-ftpd.pem pure-ftpd.pem-$(date +"%y%m%d%H%M%S").bak

ln -s /usr/local/ispconfig/interface/ssl/ispserver.pem pure-ftpd.pem

chmod 600 pure-ftpd.pem

service pure-ftpd-mysql restart

Excute the script

/usr/serverok/ssl-hostname-renew

1	/usr/serverok/ssl-hostname-renew

When you run first time, you may get missing file error, you can ignore it.

Set a cronjob

@weekly /usr/serverok/ssl-hostname-renew > /dev/null

1	@weekly /usr/serverok/ssl-hostname-renew > /dev/null

Related Posts

ISPconfig

VestaCP SSL for mail server

November 8, 2019

by ServerOk with No Comment Linux

VestaCP install self signed SSL for mail server by default. To install valid SSL, login to VestCP, go to sites. You will see a site with your sites hostname. If you don’t see it, create a site with your server hostname. Make sure DNS edited so hostname resolve to server IP. Now you should be able to get free LetsEncrypt SSL for this site.

if you check Apache Virtual Host for the site, you will see someting like

SSLCertificateFile /home/admin/conf/web/ssl.HOSTNAME.crt
SSLCertificateKeyFile /home/admin/conf/web/ssl.HOSTNAME.key
SSLCertificateChainFile /home/admin/conf/web/ssl.HOSTNAME.ca

SSLCertificateFile /home/admin/conf/web/ssl.HOSTNAME.crt

SSLCertificateKeyFile /home/admin/conf/web/ssl.HOSTNAME.key

SSLCertificateChainFile /home/admin/conf/web/ssl.HOSTNAME.ca

In VeataCP the config files for exim and dovecot located at

/etc/exim4/exim4.conf.template
/etc/dovecot/conf.d/10-ssl.conf

1 2	/etc/exim4/exim4.conf.template /etc/dovecot/conf.d/10-ssl.conf

These configs use SSL located at /usr/local/vesta/ssl/certificate.crt and /usr/local/vesta/ssl/certificate.key.

To use the FREE SSL, create a bash script.

mkdir /usr/serverok/
vi /usr/serverok/ssl-renew-hostname

1 2	mkdir /usr/serverok/ vi /usr/serverok/ssl-renew-hostname

Add

#!/bin/bash
# Author: ServerOk Software
# Web: www.serverok.in
# Email: admin@serverok.in

cat /home/admin/conf/web/ssl.HOSTNAME.crt > /usr/local/vesta/ssl/certificate.crt
cat /home/admin/conf/web/ssl.HOSTNAME.ca >> /usr/local/vesta/ssl/certificate.crt
cat /home/admin/conf/web/ssl.HOSTNAME.key > /usr/local/vesta/ssl/certificate.key
systemctl restart apache2
systemctl restart exim4
systemctl restart dovecot
/usr/local/vesta/nginx/sbin/vesta-nginx -s reload

#!/bin/bash

# Author: ServerOk Software

# Web: www.serverok.in

# Email: [email protected]

cat /home/admin/conf/web/ssl.HOSTNAME.crt > /usr/local/vesta/ssl/certificate.crt

cat /home/admin/conf/web/ssl.HOSTNAME.ca >> /usr/local/vesta/ssl/certificate.crt

cat /home/admin/conf/web/ssl.HOSTNAME.key > /usr/local/vesta/ssl/certificate.key

systemctl restart apache2

systemctl restart exim4

systemctl restart dovecot

/usr/local/vesta/nginx/sbin/vesta-nginx -s reload

make the file executable

chmod 755 /usr/serverok/ssl-renew-hostname

1	chmod 755 /usr/serverok/ssl-renew-hostname

Run the script

/usr/serverok/ssl-renew-hostname

1	/usr/serverok/ssl-renew-hostname

Now SSL will work for mail server and VestaCP. To access VestaCP, use

https://HOSTNAME:8083/login/

1	https://HOSTNAME:8083/login/

Verify Mail Server SSL

You can view mail server SSL with command

openssl s_client -showcerts -connect HOSTNAME:993
openssl s_client -showcerts -connect HOSTNAME:465
openssl s_client -starttls smtp -showcerts -connect HOSTNAME:587

openssl s_client -showcerts -connect HOSTNAME:993

openssl s_client -showcerts -connect HOSTNAME:465

openssl s_client -starttls smtp -showcerts -connect HOSTNAME:587

Replace HOSTNAME with actual hostname of your server.

Auto Renew SSL

LetsEncrypt SSL expire every 90 days. So we will create a cronjob to auto renew SSL. Ff you have a paid SSL, you don’t need this cronjob

Create a cronjob with

crontab -e

1	crontab -e

Add

@weekly  /usr/serverok/ssl-renew-hostname > /dev/null 2>&1

1	@weekly /usr/serverok/ssl-renew-hostname > /dev/null 2>&1

Related Posts

VestaCP Free Hosting Control Panel

apropos

November 5, 2019

by ServerOk with No Comment Linux

apropos is a linux command that search manual pages and descriptions.

Example

root@mil-146068:~# apropos vagrant
vagrant (1)          - Tool for building and distributing virtualized development environments.
dh_vagrant_plugin (1) - packaging helper for vagrant plugins
root@mil-146068:~#

root@mil-146068:~# apropos vagrant

vagrant (1) - Tool for building and distributing virtualized development environments.

dh_vagrant_plugin (1) - packaging helper for vagrant plugins

root@mil-146068:~#

See Linux Commands

bind

November 5, 2019

by ServerOk with No Comment Linux

bind is a DNS server.

maximum number of open files and file descriptors in linux

November 5, 2019

by ServerOk with No Comment Linux

To see open files in linux use the command

lsof

lsof

There is a limit set in the kernel on how many open file descriptors are allowed on the system. This may be compiled in, or it may be tunable on the fly. In Linux, the value of this parameter can be read from and written to the proc filesystem.

[root@server50 home]# cat /proc/sys/fs/file-max
131072
[root@server50 home]#

[root@server50 home]# cat /proc/sys/fs/file-max

131072

[root@server50 home]#

On this system 1,31,072 open file descriptors are permitted. We are unlikely to run out. If we wanted to change it, we’d do something like this:

echo "132096" > /proc/sys/fs/file-max

1	echo "132096" > /proc/sys/fs/file-max

But how do we know how many file descriptors are being used?

[root@server1 ~]# cat /proc/sys/fs/file-nr
1792    0       131072
|	 |       |
|	 |       |
|        |       maximum open file descriptors
|        total free allocated file descriptors
total allocated file descriptors
(the number of file descriptors allocated since boot)

[root@server1 ~]# cat /proc/sys/fs/file-nr

1792 0 131072

| | |

| | maximum open file descriptors

| total free allocated file descriptors

total allocated file descriptors

(the number of file descriptors allocated since boot)

lighttpd too many open files

November 5, 2019

by ServerOk with No Comment Linux

lighttpd server crashes with fllowing error in error_log file.

2019-11-05 09:39:02: (network_linux_sendfile.c.143) open failed:  Too many open files
2019-11-05 09:39:02: (connections.c.603) connection closed: write failed on fd 1228
2019-11-05 09:39:02: (response.c.537) file not found ... or so:  Too many open files /4032/1_451.jpg ->

2019-11-05 09:39:02: (network_linux_sendfile.c.143) open failed: Too many open files

2019-11-05 09:39:02: (connections.c.603) connection closed: write failed on fd 1228

2019-11-05 09:39:02: (response.c.537) file not found ... or so: Too many open files /4032/1_451.jpg ->

As lighttpd is a single-threaded server, its main resource limit is the number of file descriptors, which is set to 1024 by default (on most systems).

If you are running a high-traffic site you might want to increase this limit by setting server.max-fds.

server.max-fds = 8192

1	server.max-fds = 8192

[root@server22 lighttpd]# cat /proc/sys/fs/file-nr
4544    0       95873
[root@server22 lighttpd]#

[root@server22 lighttpd]# cat /proc/sys/fs/file-nr

4544 0 95873

[root@server22 lighttpd]#

Related Posts

lighttpd

maximum number of open files and file descriptors in linux

df not showing all mounts

November 5, 2019

by ServerOk with No Comment Linux

On a server, df not showing all mounts

root@server20 [~]# df -h
Filesystem            Size  Used Avail Use% Mounted on
tmpfs                 3.9G     0  3.9G   0% /dev/shm
root@server20 [~]#

root@server20 [~]# df -h

Filesystem Size Used Avail Use% Mounted on

tmpfs 3.9G 0 3.9G 0% /dev/shm

root@server20 [~]#

This is caused by corrupt /etc/mtab

To fix

mv /etc/mtab /etc/mtab.old
cat /proc/mounts > /etc/mtab

1 2	mv /etc/mtab /etc/mtab.old cat /proc/mounts > /etc/mtab

See df