Category: Linux

  • Terraform

    Terraform

    To install Terraform on Ubuntu, run

    wget -O- https://apt.releases.hashicorp.com/gpg | gpg --dearmor | sudo tee /usr/share/keyrings/hashicorp-archive-keyring.gpg
    echo "deb [signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/hashicorp.list
    sudo apt update && sudo apt install terraform
    

    For instructions on other Linux distributions, see

    https://www.terraform.io/downloads

  • How to Upgrade Debian 10 to Debian 11

    How to Upgrade Debian 10 to Debian 11

    One of the advantages of the Debian operating system is easy to upgrade to the newer version.

    Login to your Debian 10 server using SSH or console. Install all available software updates with the command

    apt update && apt upgrade -y

    Remove any unused packages

    apt autoremove

    Change /etc/apt/sources.list

    Make a backup of the file

    cp /etc/apt/sources.list ~/

    Edit the file /etc/apt/sources.list

    In the file, change all “buster” entries to “bullseye”. You can do this manually or using sed command

    sed -i 's/buster/bullseye/g' /etc/apt/sources.list

    Update System

    Update repository cache with

    apt update

    Upgrade software with

    apt upgrade

    Do a full-upgrade with

    apt full-upgrade

    Now reboot system

    reboot

    After reboot, you need to make sure all services running properly, there is a chance some services won’t work as expected, in that case, you need to debug and fix i.

    See Debian

  • How to redirect traffic to another IP using iptables

    How to redirect traffic to another IP using iptables

    After migrating websites to a new server, you need to point domains to the new server by changing the name server or editing DNS. DNS propagation can take a few hours, during this time visitors to the website still see the website from the OLD server IP. If visitor signup or make a purchase on the OLD server after the migration, this data will be lost. To avoid this, you can use iptables to forward all traffic to the new server IP address.

    The following steps need to be done on the OLD server. First, enable IP forwarding

    vi /etc/sysctl.conf
    

    Add

    net.ipv4.ip_forward=1
    

    Make it active with command

    sysctl -p
    

    If you only needed for the current session, you can run the command

    echo 1 > /proc/sys/net/ipv4/ip_forward
    

    For forwarding all incoming traffic on Port 80 and 443 to the new server IP, use

    iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination NEW_SERVER_IP_HERE:80
    iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination NEW_SERVER_IP_HERE:443
    iptables -t nat -A POSTROUTING -j MASQUERADE
    

    NEW_SERVER_IP_HERE = replace with IP address of the new server.

    Now any traffic coming to the OLD server on ports 80 and 443 will be forwarded to the new server IP address. If you need to forward any port, just duplicate the command and change the port number as required.

    If you want to remove the rules, you can flush iptables NAT rules with

    iptables -t nat -F
    

    To View iptables NAT rules

    iptables -t nat -L
    

    To make the iptables rules permanent on RHEL based Linux, run

    iptables-save > /etc/sysconfig/iptables
    

    To restore iptabes

    iptables-restore < /etc/sysconfig/iptables
    

    See iptables

  • How to sort the result of du -h command

    How to sort the result of du -h command

    To sort the result of “du -h” command, you can use

    du -h --max-depth=1 | sort -h
    

    If you want to list files in current files also, you can use

    du -ah --max-depth=1 | sort -h
    

    If you want to display files in KB, you can use

    du -k --max-depth=1 | sort -n
    

    Back to Disk Usage

  • How to change the SSH Port in Linux

    How to change the SSH Port in Linux

    By default SSH service runs on port 22. Running SSH service on port 22 is not secure as it can become an easy target for attackers who are scanning the network for open ports. By changing the default port, you can make it more difficult for attackers to find and exploit the SSH service.

    To change SSH port, edit file

    vi /etc/ssh/sshd_config
    

    In the file, find the line

    Port 22
    

    Change 22 to whatever port number you want. It is better to use a higher port number so it will be difficult for hackers to find.

    Restart SSH service

    On Debian/Ubuntu

    systemctl restart ssh
    

    On RHEL-based Linux (AlmaLinux, RockeyLinux, Oracle Linux, CentOS)

    systemctl restart sshd
    

    If you have a firewall, make sure you open the new port in the firewall.

    See ssh

  • How to change IP address of VestaCP Server

    How to change IP address of VestaCP Server

    Recently I upgraded a VestaCP server running on an Amazon Lightsail server. Upgrade resulted in a change of the internal IP address of the server, this made site hosted on the server stop working. To fix the problem, I run the command

    /usr/local/vesta/bin/v-update-sys-ip NEW_IP_HERE
    

    NEW_IP_HERE – replace with actual IP. If your server is behind NAT like Amazon lighsail/ec2, use the internal IP address instead of the public IP address.

    Example

    /usr/local/vesta/bin/v-update-sys-ip 172.26.8.137
    

    Now you need to restart the web server

    systemctl restart apache2
    systemctl restart nginx
    systemctl restart vesta
    

    Back to VestaCP

  • How to change Port of Squid Proxy Server

    How to change Port of Squid Proxy Server

    Squid proxy server runs on port 3128 by default. Changing squid proxy server port to a non-standard port is a good idea as it will protect your proxy server from abusers and hackers.

    Method 1

    You can use the sed command to replace the port number

    sudo sed -i 's/^http_port.*$/http_port NEW_PORT_HERE/g'  /etc/squid/squid.conf

    In the above command, replace NEW_PORT_HERE with the port number you need.

    For example, to run squid proxy on port 5555, run

    sudo sed -i 's/^http_port.*$/http_port 5555/g'  /etc/squid/squid.conf

    Now restart Squid Proxy server

    sudo systemctl restart squid

    If you have a firewall, you will need to open the port in the firewall.

    Method 2: Manual Configuration Change

    Edit Squid configuration file with vi or nano editor.

    sudo vi /etc/squid/squid.conf

    In the file, find http_port, it should look like

    http_port 3128

    Change 3128 to whatever port number you like. Save and exit the editor.

    Restart the Squid Proxy server with the command

    sudo systemctl restart squid

    Open Port in firewall

    If you have a firewall, you need to open the port in the firewall.

    CentOS/AlmaLinux/RHEL

    If you are using firewalld, you can use the command

    sudo firewall-cmd --permanent --zone=public --add-port=8000/tcp
    sudo firewall-cmd --reload

    Replace 8000 with your squid proxy port.

    Back to Squid Proxy Installer

  • configure: error: “mysql headers missing.”

    configure: error: “mysql headers missing.”

    When compiling a software from source I get error

    checking mysql/mysql.h usability... no
    checking mysql/mysql.h presence... no
    checking for mysql/mysql.h... no
    configure: error: "mysql headers missing."
    

    On Debian 10, fixed it by installing package default-libmysqlclient-dev

    apt install -y default-libmysqlclient-dev
    

    See Errors

  • Vagrant  private_network can’t ping

    Vagrant private_network can’t ping

    When I create Vagrant virtual machine with private networking, I can’t ping to IP address of the VM. The only way to connect the VM is by using the “vagrant ssh” command.

    In my Vagrantfile, I had

    Vagrant.configure("2") do |config|
      config.vm.box = "bento/ubuntu-20.04"
      config.vm.network "private_network", ip: "192.168.56.4"
    end
    

    To fix the problem, first verify you have vboxnet0 network interface with the command

    ip link
    

    If the state of the vboxnet0 network interface is DOWN, make it UP with the command

    sudo ip link set vboxnet0 up
    

    Go to VirtualBox > File > Host Network Manager or press CTRL + H

    VirtualBox Host Network manager

    Verify vboxnet0 is set properly. You can delete it and create it again using “Host Network Manager”, which will fix any problem with the network.

    Make sure the IP you specify in Vagrantfile is in the same range set for the vboxnet0 interface in VirtualBox Host Network manager.

  • How to add a PPA repository using Ansible?

    How to add a PPA repository using Ansible?

    To add a PPA repository using Ansible, use

      - name: add ppa
        apt_repository:
          validate_certs: no
          repo: 'ppa:ondrej/php'
          state: present
    

    Example

    ---
      - hosts: web
        user: root
        tasks:
            - name: update system
              apt:
                update_cache: yes
                cache_valid_time: 3600
            - name: add ppa
              apt_repository:
                validate_certs: no
                repo: 'ppa:ondrej/php'
                state: present
            - name: inatall php
              apt:
                pkg:
                - php8.1-bcmath
                - php8.1-cli
                - php8.1-common
                - php8.1-curl
                - php8.1-gd
                - php8.1-imap
                - php8.1-intl
                - php8.1-mbstring
                - php8.1-mysql
                - php8.1-readline
                - php8.1-soap
                - php8.1-xml
                - php8.1-xmlrpc
                - php8.1-zip
                - php8.1-imagick
                - composer
                - ImageMagick
    
  • How to find all IP address of a Linux server

    How to find all IP address of a Linux server

    To list all configured IP addresses on a server, you can use the command

    hostname -I
    

    To find the main IP, use

    hostname -I | awk '{print $1}'
    

    You can also use the command “ip addr” to list all IP address.

    ip addr | grep "inet "
    

    Example

    root@server20 [~]# ip addr | grep "inet "
        inet 127.0.0.1/8 scope host lo
        inet 158.69.53.72/24 brd 158.69.53.255 scope global eth0
        inet 158.69.114.170/32 brd 158.69.114.170 scope global eth0:cp1
        inet 54.39.173.35/32 brd 54.39.173.35 scope global eth0:cp2
    root@server20 [~]# 
    
    
    Another command that lists IP address is ifconfig
    
    
    
    root@server20 [~]# ifconfig
    eth0: flags=4163  mtu 1500
            inet 158.69.53.72  netmask 255.255.255.0  broadcast 158.69.53.255
            inet6 fe80::ec4:7aff:fe69:9342  prefixlen 64  scopeid 0x20
            inet6 2607:5300:60:8248::  prefixlen 64  scopeid 0x0
            ether 0c:c4:7a:69:93:42  txqueuelen 1000  (Ethernet)
            RX packets 3423724119  bytes 670412248418 (624.3 GiB)
            RX errors 0  dropped 0  overruns 18691  frame 0
            TX packets 3843828868  bytes 3897383743022 (3.5 TiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
            device memory 0xfb120000-fb13ffff  
    
    eth0:cp1: flags=4163  mtu 1500
            inet 158.69.114.170  netmask 255.255.255.255  broadcast 158.69.114.170
            ether 0c:c4:7a:69:93:42  txqueuelen 1000  (Ethernet)
            device memory 0xfb120000-fb13ffff  
    
    eth0:cp2: flags=4163  mtu 1500
            inet 54.39.173.35  netmask 255.255.255.255  broadcast 54.39.173.35
            ether 0c:c4:7a:69:93:42  txqueuelen 1000  (Ethernet)
            device memory 0xfb120000-fb13ffff  
    
    lo: flags=73  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10
            loop  txqueuelen 1000  (Local Loopback)
            RX packets 3364258789  bytes 4360941211553 (3.9 TiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 3364258789  bytes 4360941211553 (3.9 TiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
    
    root@server20 [~]# 
    
  • One of the configured repositories failed (MariaDB100)

    One of the configured repositories failed (MariaDB100)

    On a Cpanel server, when running “yum update”, I got the error message “One of the configured repositories failed (MariaDB100)”.

    [root@cp ~]# yum update
    Loaded plugins: fastestmirror, universal-hooks
    Loading mirror speeds from cached hostfile
     * EA4: 178.18.193.52
     * cpanel-addons-production-feed: 178.18.193.52
     * cpanel-plugins: 178.18.193.52
     * base: centos.uni-sofia.bg
     * extras: centos.uni-sofia.bg
     * updates: centos.uni-sofia.bg
    http://yum.mariadb.org/10.0/centos7-amd64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    Trying other mirror.
    To address this issue please refer to the below wiki article 
    
    https://wiki.centos.org/yum-errors
    
    If above article doesn't help to resolve this issue please use https://bugs.centos.org/.
    
    
    
     One of the configured repositories failed (MariaDB100),
     and yum doesn't have enough cached data to continue. At this point the only
     safe thing yum can do is fail. There are a few ways to work "fix" this:
    
         1. Contact the upstream for the repository and get them to fix the problem.
    
         2. Reconfigure the baseurl/etc. for the repository, to point to a working
            upstream. This is most often useful if you are using a newer
            distribution release than is supported by the repository (and the
            packages for the previous distribution release still work).
    
         3. Run the command with the repository temporarily disabled
                yum --disablerepo=MariaDB100 ...
    
         4. Disable the repository permanently, so yum won't use it by default. Yum
            will then just ignore the repository until you permanently enable it
            again or use --enablerepo for temporary usage:
    
                yum-config-manager --disable MariaDB100
            or
                subscription-manager repos --disable=MariaDB100
    
         5. Configure the failing repository to be skipped, if it is unavailable.
            Note that yum will try to contact the repo. when it runs most commands,
            so will have to try and fail each time (and thus. yum will be be much
            slower). If it is a very temporary problem though, this is often a nice
            compromise:
    
                yum-config-manager --save --setopt=MariaDB100.skip_if_unavailable=true
    
    failure: repodata/repomd.xml from MariaDB100: [Errno 256] No more mirrors to try.
    http://yum.mariadb.org/10.0/centos7-amd64/repodata/repomd.xml: [Errno 14] HTTP Error 404 - Not Found
    [root@cp ~]# 
    

    The error is because MariaDB 10.0 is the end of life.

    To fix the error message, remove the MairaDB repo file

    cd /etc/yum.repos.d/
    mv MariaDB* ~/
    

    Now yum update will work.

    To update MairaDB from 10.0 to the supported 10.2 version, create a file

    vi /etc/yum.repos.d/MariaDB.repo
    

    with following content

    # MariaDB 10.2 CentOS repository list - created 2022-07-31 16:26 UTC
    # https://mariadb.org/download/
    [mariadb]
    name = MariaDB
    baseurl = https://mirror.rackspace.com/mariadb/yum/10.2/centos7-amd64
    gpgkey=https://mirror.rackspace.com/mariadb/yum/RPM-GPG-KEY-MariaDB
    gpgcheck=1
    

    This is for CentOS 7 + MariaDB 10.2, if you have different Linux distribution or MairaDB version, you can generate repository config at

    https://mariadb.org/download/?t=repo-config

    Take a backup of current MySQL databases with

    mysqldump --opt --triggers --routines --events --all-databases > all-db.sql
    

    Upgrade MariaDB with

    yum update
    

    After MariaDB packages are updated to the newer version, update Databases with

    mysql_upgrade
    

    See Errors