cryptsetup is used to encypt disk on Linux. I used TrueCrypt before this. After TrueCrypt stopped the project, i started using cryptsetup for my encrypted drive.
To mount an encrypted disk, run
cryptsetup luksOpen /dev/sda3 sda3_crypt
Example
cryptsetup luksOpen /dev/sdb4 enfs1 mount /dev/mapper/enfs1 /mnt/tmp
See mount
After installing elasticsearch on CentOS 7, it failed to start with error
[root@ns3160182 ~]# systemctl start elasticsearch.service
Job for elasticsearch.service failed because the control process exited with error code. See "systemctl status elasticsearch.service" and "journalctl -xe" for details.
[root@ns3160182 ~]#
[root@ns3160182 ~]# systemctl status elasticsearch.service
● elasticsearch.service - Elasticsearch
Loaded: loaded (/usr/lib/systemd/system/elasticsearch.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2021-03-06 11:10:24 CET; 28s ago
Docs: https://www.elastic.co
Process: 10234 ExecStart=/usr/share/elasticsearch/bin/systemd-entrypoint -p ${PID_DIR}/elasticsearch.pid --quiet (code=exited, status=1/FAILURE)
Main PID: 10234 (code=exited, status=1/FAILURE)
CGroup: /system.slice/elasticsearch.service
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161)
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86)
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127)
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.cli.Command.main(Command.java:90)
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126)
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92)
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd[1]: Failed to start Elasticsearch.
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd[1]: Unit elasticsearch.service entered failed state.
Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd[1]: elasticsearch.service failed.
[root@ns3160182 ~]#
On checking journalctl, i get
[root@ns3160182 ~]# journalctl -u elasticsearch -- Logs begin at Sat 2021-02-13 16:48:02 CET, end at Sat 2021-03-06 11:12:02 CET. -- Mar 06 11:10:01 ns3160182.ip-151-106-34.eu systemd[1]: Starting Elasticsearch... Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: fatal error in thread [main], exiting Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: java.lang.NoClassDefFoundError: Could not initialize class com.sun.jna.Native Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.systemd.Libsystemd.lambda$static$0(Libsystemd.java:34) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at java.base/java.security.AccessController.doPrivileged(AccessController.java:312) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.systemd.Libsystemd.(Libsystemd.java:33) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.systemd.SystemdPlugin.sd_notify(SystemdPlugin.java:126) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.systemd.SystemdPlugin.onNodeStarted(SystemdPlugin.java:137) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at java.base/java.util.ArrayList.forEach(ArrayList.java:1511) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.node.Node.start(Node.java:902) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Bootstrap.start(Bootstrap.java:317) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Bootstrap.init(Bootstrap.java:402) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Elasticsearch.init(Elasticsearch.java:170) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Elasticsearch.execute(Elasticsearch.java:161) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.cli.EnvironmentAwareCommand.execute(EnvironmentAwareCommand.java:86) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.cli.Command.mainWithoutErrorHandling(Command.java:127) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.cli.Command.main(Command.java:90) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:126) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd-entrypoint[10234]: at org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:92) Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd[1]: elasticsearch.service: main process exited, code=exited, status=1/FAILURE Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd[1]: Failed to start Elasticsearch. Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd[1]: Unit elasticsearch.service entered failed state. Mar 06 11:10:24 ns3160182.ip-151-106-34.eu systemd[1]: elasticsearch.service failed. [root@ns3160182 ~]#
To fix this, edit file
vi /etc/sysconfig/elasticsearch
At end of the file, add
ES_TMPDIR=/var/log/elasticsearch
Now elasticsearch will start
systemctl start elasticsearch
Verify service is running with
systemctl status elasticsearch
To confirm elasticsearch is running, use command
curl localhost:9200
See elasticsearch
dnsmasq is a very powerful tool that can provide basic dns services/caching, act as dhcp server and also as tftp server.
To install dnsmasq, run
apt install dnsmasq
When you start dnsmasq, if it complain about port 53 alreay in use
dnsmasq: failed to create listening socket for port 53: Address already in use
This is because some other service is running on port 53. To find what service is listening on port 53, run
root@first-vm:~# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 4934/sshd: /usr/sbi tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 93/systemd-resolved tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 26081/mysqld tcp6 0 0 :::2222 :::* LISTEN 4934/sshd: /usr/sbi tcp6 0 0 :::80 :::* LISTEN 10467/apache2 tcp6 0 0 :::3128 :::* LISTEN 17606/(squid-1) root@first-vm:~#
In this case, it is systemd-resolved. To stop it, run
systemctl disable systemd-resolved systemctl stop systemd-resolved
Now you can start dnsmasq with
systemctl start dnsmasq
After starting dnsmasq, if you try resolve a domain, it will fail
root@first-vm:~# nslookup yahoo.com localhost ;; connection timed out; no servers could be reached root@first-vm:~#
This is because default configuration don’t have anything enabled. To enable DNS caching/resolver, you need to edit file
vi /etc/dnsmasq.conf
Add line
server=8.8.8.8 server=1.1.1.1
Restart dnsmasq
systemctl restart dnsmasq
Now you will be able to resolve domain name using localhost as the dns server.
root@first-vm:~# nslookup serverok.in localhost Server: localhost Address: ::1#53 Non-authoritative answer: Name: serverok.in Address: 172.67.133.148 Name: serverok.in Address: 104.21.14.2 Name: serverok.in Address: 2606:4700:3030::ac43:8594 Name: serverok.in Address: 2606:4700:3035::6815:e02 root@first-vm:~#
If you need dnsmasq listen to only local ip, add following in /etc/dnsmasq.conf and restart dnsmasq.
listen-address=127.0.0.1
If you need to override MX record for a domain, you can add following to dnsmasq.conf
mx-host=example.com,mail.example.com,5
To set txt record for a domain
txt-record=example.com,"v=spf1 a -all"
See dnsmasq
oneinstack is a free hosting management software available at
Documentation available at
https://oneinstack.com/docs/lampstack-image-guide-en/
To find MySQL root password, run
cd /root/oneinstack grep dbrootpwd options.conf
Nginx configuration files
/usr/local/nginx/conf/vhost
Restart Nginx
systemctl restart nginx
To benchmark a server with GeekBench, you can run
wget https://raw.githubusercontent.com/serverok/server-setup/master/benchmark/geekbench-6.sh
bash ./geekbench-6.shYou can create an account on https://browser.geekbench.com and keep all your benchmarks in one place. Here are my Geekbanch benchmarks
https://browser.geekbench.com/user/55314
If you get an error installing, you may need to install dependency with
yum install libgcc.i386 libstdc++.i386 libgcc.i686 libstdc++.i686 -yHow to Benchmark Cpanel server
See Benchmark
aaPanel is a free hosting control panel written in Python.
https://www.aapanel.com/new/index.html
install php redis extension in aaPanel
Install aaPanel
wget -O install.sh http://www.aapanel.com/script/install-ubuntu_6.0_en.sh && sudo bash install.sh forumLogin url
http://IP_ADDR:9514/login
To reload nginx, run
/www/server/nginx/sbin/nginx -s reloadNginx configuration file location
/www/server/nginx/conf/nginx.conf
/www/server/panel/vhost/nginx/Web site files in
/www/wwwroot/CLI program that allow basic management like change port, disable domain binding, change port, etc
btLinux Run Command as another user
usermod
sudo: command not found
To allow a user to run sudo commands without a password, run
visudoFind
%sudo ALL=(ALL:ALL) ALLAdd below
USERNAME_HERE ALL=(ALL:ALL) NOPASSWD:ALLThis needs to be added after generic rules.
Example
boby ALL=(ALL:ALL) NOPASSWD:ALLTo run command as another user on Linux, you can use
su USER_NAME_HERE -s /bin/bash -c COMMAND_HERE
Or
sudo -u USER_NAME_HERE COMMAND_HERE
Or
runuser -l USER_NAME_HERE -c 'COMMAND_HERE'
See sudo
You can find process id for a running program with command
pidof BINARY_NAME_HERE
Example
boby@sok-01:~$ pidof gedit 22057 boby@sok-01:~$ ps aux | grep gedit boby 22057 4.4 0.7 822760 60280 ? Sl 14:29 0:00 /usr/bin/gedit --gapplication-service boby 22071 0.0 0.0 8904 644 pts/0 S+ 14:29 0:00 grep --color=auto gedit boby@sok-01:~$
We can use pidof command in bash script to find if a program is running or not
if [ "$(pidof chrome)" ] then echo "chrome already running." fi
See bash
On a CentOS Web Panel (CWP) server, control panel stopped working after installing SSL certficate for hostname.
When starting cwpsrv service, i get following error.
[root@nvme ~]# systemctl start cwpsrv
Job for cwpsrv.service failed because the control process exited with error code. See "systemctl status cwpsrv.service" and "journalctl -xe" for details.
[root@nvme ~]# systemctl status cwpsrv.service
● cwpsrv.service - CentOS Web Panel service (daemon)
Loaded: loaded (/usr/lib/systemd/system/cwpsrv.service; enabled; vendor preset: disabled)
Active: activating (auto-restart) (Result: exit-code) since Wed 2021-02-10 04:51:53 CET; 1s ago
Process: 3779 ExecStartPre=/usr/local/cwpsrv/bin/cwpsrv -t (code=exited, status=1/FAILURE)
Feb 10 04:51:53 nvme.ssdnodo.com systemd[1]: Failed to start CentOS Web Panel service (daemon).
Feb 10 04:51:53 nvme.ssdnodo.com systemd[1]: Unit cwpsrv.service entered failed state.
Feb 10 04:51:53 nvme.ssdnodo.com systemd[1]: cwpsrv.service failed.
[root@nvme ~]# /usr/local/cwpsrv/bin/cwpsrv -t
cwpsrv: [emerg] annot load certificate key "/etc/pki/tls/private/hostname.key": BIO_new_file() failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/pki/tls/private/hostname.key','r') error:2006D080:BIO routines:BIO_new_file:no such file)
cwpsrv:configuration file /usr/local/cwpsrv/conf/cwpsrv.conf test failed
[root@nvme ~]#
To fix this, i run
/usr/local/cwpsrv/htdocs/resources/scripts/generate_hostname_ssl
This generated the self signed SSL for hostname. After this CWP control panel started working.
Apache still was down, fixed it by removing SSL virtualhost config for server hostname form folder
/usr/local/apache/conf.d/vhosts/
You can see hostname auto SSL logs at
/var/log/cwp/autossl.log
See CWP