Category: Linux

  • Odoo apt signatures couldn’t be verified

    When updating apt on Ubuntu server, i get following error

    root@ip-172-31-25-25:/home/ubuntu# apt-get update 
    Hit:1 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial InRelease
    Hit:2 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-updates InRelease                                                         
    Hit:3 http://ap-south-1.ec2.archive.ubuntu.com/ubuntu xenial-backports InRelease                                                       
    Ign:4 http://nightly.odoo.com/9.0/nightly/deb ./ InRelease                                                       
    Get:5 http://nightly.odoo.com/9.0/nightly/deb ./ Release [1186 B]                      
    Get:6 http://nightly.odoo.com/9.0/nightly/deb ./ Release.gpg [819 B]
    Ign:6 http://nightly.odoo.com/9.0/nightly/deb ./ Release.gpg
    Get:7 http://nightly.odoo.com/9.0/nightly/deb ./ Packages [1790 B]
    Hit:8 http://security.ubuntu.com/ubuntu xenial-security InRelease
    Fetched 3795 B in 2s (1736 B/s)
    Reading package lists... Done
    W: GPG error: http://nightly.odoo.com/9.0/nightly/deb ./ Release: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY DEF2A2198183CBB5
    W: The repository 'http://nightly.odoo.com/9.0/nightly/deb ./ Release' is not signed.
    N: Data from such a repository can't be authenticated and is therefore potentially dangerous to use.
    N: See apt-secure(8) manpage for repository creation and user configuration details.
    root@ip-172-31-25-25:/home/ubuntu# 
    

    To fix, run

    apt-key adv --keyserver keyserver.ubuntu.com --recv-keys DEF2A2198183CBB5
    
  • How to enable slow query log in MySQL/MariaDB

    To enable MySQL slow query login, edit my.cnf file

    vi /etc/my.cnf
    

    For MariaDB, edit

    vi /etc/mysql/mariadb.conf.d/50-server.cnf
    

    Add

    long_query_time = 2
    slow_query_log = 1
    slow_query_log_file = /var/log/mysql/mysql_slow.log
    

    Restart MySQL

    systemctl restart mysql
    

    On CentOS, the command is “systemctl retstart mysqld”. If you are using MariaDB, use “systemctl restart mariadb”.

    You can use mysqldumpslow command to view slow queries.

    mysqldumpslow /var/log/mysql/slow.log
    

    To test, you can run the command

    SELECT SLEEP(10);
    

    This will simulate a query, that take 10 seconds.

  • Installing tomcat on Ubuntu

    How to find java version
    Install Tomcat on CentOS 7

    To install tomcat on Ubuntu 18.04, run

    apt install tomcat9
    

    Start tomcat with

    systemctl start tomcat9
    

    Once tomcat started, you will be able to see it at

    http://your-ip-addr:8080/

    You can verify tomcat running with netstat

    root@magmito-server:~# netstat -lntp | grep java
    tcp6       0      0 127.0.0.1:8005          :::*                    LISTEN      2921/java           
    tcp6       0      0 :::8080                 :::*                    LISTEN      2921/java           
    root@magmito-server:~# 
    

    Tomcat default home page is

    /var/lib/tomcat9/webapps/ROOT/index.html
    

    Some other folders

    CATALINA_HOME=/usr/share/tomcat9
    CATALINA_BASE=/var/lib/tomcat9
    

    Deploying Application

    You can upload war file to /var/lib/tomcat9/webapps folder. When you upload war file, it get auto extracted to the folder.

    To deplay sample application, do following

    cd /var/lib/tomcat9/webapps/
    wget https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/sample.war
    

    Now you will see “sample” folder (/var/lib/tomcat9/webapps/sample). You can access the application with url

    http://your-ip-addr:8080/sample/
    
  • Domain Resolver

    Disable systemd-resolved
    CentOS 7 resolv.conf make changes permanent

    Ubuntu uses systemd-resolve, to see the status, run

    systemd-resolve --status

    On Linux, Domain resolver configuration is stored in

    /etc/resolv.conf

    On Ubuntu, it is a symlink.

    root@ok-pc-01:/etc# ls -l | grep resol
    drwxr-xr-x  3 root root     4096 Apr 26  2018 resolvconf
    lrwxrwxrwx  1 root root       39 Jun 13 23:02 resolv.conf -> ../run/systemd/resolve/stub-resolv.conf
    root@ok-pc-01:/etc# 

    You can remove the symlink and create your own file if you don’t want it managed by systemctl. You can see systemctl DNS resolver details with command

    systemd-resolve --status

    Disable systemd-resolved

    If you want to use old /etc/resolv.conf, you can disable systemd-resolved

    systemctl disable systemd-resolved.service
    systemctl stop systemd-resolved
    rm -f /etc/resolv.conf
    tee /etc/resolv.conf << END
    nameserver 8.8.8.8
    nameserver 1.1.1.1
    END

    On Ubuntu, NetworkManager will update /etc/resolv.conf, to avoid this, edit

    vi /etc/NetworkManager/NetworkManager.conf

    Under [main] section, add

    dns=none

    Here is what I have on my PC

    root@pc10:~# cat  /etc/NetworkManager/NetworkManager.conf 
    [main]
    plugins=ifupdown,keyfile
    dns=none
    
    [ifupdown]
    managed=false
    
    [device]
    wifi.scan-rand-mac-address=no
    root@pc10:~# 

    To configure systemd-resolvd, see Ubuntu Configure systemd-resolved

  • CentOS 7 Apache use PHP-FPM

    Install PHP-FPM with command

    yum install php-fpm
    

    Edit www.conf

    vi /etc/php-fpm.d/www.conf
    

    Find

    listen = 127.0.0.1:9000
    

    Replace with

    listen = /var/run/php-fpm/default.sock
    

    Find

    ;listen.owner = nobody
    ;listen.group = nobody
    

    Replace with

    listen.owner = apache
    listen.group = apache
    

    Edit php.conf

    mv /etc/httpd/conf.d/php.conf /etc/httpd/conf.d/php.conf.old
    vi /etc/httpd/conf.d/php.conf
    

    Add

    
        	ProxySet disablereuse=off
    
    
    
    	SetHandler proxy:fcgi://php-fpm
    
    
    AddType text/html .php
    
    DirectoryIndex index.php
    
    
    	SetHandler application/x-httpd-php-source
    
    

    Restart Apache/php-fpm

    systemctl restart httpd
    systemctl restart php-fpm
    

    Method 2

    Here is php-fpm config using proxy_fcgi

    https://gist.github.com/serverok/3d2e43bb951ded9a42ce8bc0c2c3b627

  • Ubuntu AppArmor

    To see the status of AppArmor service, run

    systemctl status apparmor

    To see AppArmour status, run

    aa-status

    AppArmor config files in

    /etc/apparmor.d/

    You can stop start AppArmor with

    systemctl start apparmor
    systemctl stop apparmor
    systemctl restart apparmor
    systemctl disable apparmor

    Disable AppArmor

    /etc/init.d/apparmor stop
    /etc/init.d/apparmor teardown
    update-rc.d -f apparmor remove

    MySQL not starting on Ubuntu 18.04

  • MySQL not starting on Ubuntu 18.04

    MySQL not starting on Ubuntu 18.04

    MySQL did not start on Ubuntu 18.04 server. This is fresh server, i removed all MySQL packages, removed configuration files.

    apt remove --purge mysql-client-5.7 mysql-client-core-5.7 mysql-common mysql-server-5.7 mysql-server-core-5.7
    

    Reinstalled MySQL.

    apt install mysql-server-5.7
    

    Still MySQL fail to start with some error related to

    2018-10-29T21:07:49.311174Z 0 [ERROR] Could not open file '/var/log/mysql/error.log' for error logging: Permission denied
    

    Full error here

    https://gist.github.com/serverok/f82d8c891a58db3351c331005498f435

    Initially i was thinking the problem is with Ubuntu 18.04 mysql package. So i set up another fresh Ubuntu 18.04 server, installed MySQL 5.7 and it worked prefectly fine.

    Now i checked the permission for the folders. For this i enabled shell access for MySQL user.

    chsh --shell /bin/bash mysql
    

    Now i change to this user with command

    su - mysql
    

    I chaged to /var/log/mysql folder, it worked fine, i can write to the file /var/log/mysql/error.log. Tested with

    echo "hello" >> /var/log/mysql/error.log
    tail /var/log/mysql/error.log
    

    It is not a permission problem. I checked the /var/log foler, found this is not an actual folder, a symlink to another folder.

    This is caused by AppArmor. I disabled AppArmour with

    systemctl stop apparmor
    

    Start MySQL with

    systemctl start mysql
    

    I get some error related to data directory, i checked folder /var/lib/mysql and found it was empty. I created MySQL data folder with command

    mysqld --initialize --explicit_defaults_for_timestamp
    

    On restarting MySQL again, MySQL worked fine. But i can’t login as user root. When you initialize MySQL data folder, MYSQL generate and store temporary password in /var/log/mysql/error.log, to find the password, i run

    grep -i "pass" /var/log/mysql/error.log 
    

    You need to change this temporary password as it is set as expired by default. This can be done with command

    mysql_secure_installation
    

    Set a new secure password when it ask.

    Fixing AppArmor

    We need to tell AppArmour to allow MySQL to use /mnt/log/mysql folder for logging. To do this, edit file.

    vi /etc/apparmor.d/local/usr.sbin.mysqld
    

    Added following to it.

      /mnt/log/mysql/** rw,
    

    Now restart AppArmor.

    systemctl restart apparmor
    

    Now MySQL will work properly.

  • Clean tmp folder in Linux

    On Linux servers, you may face disk space or inode limit reaching on /tmp partition due to large number of temporary files. Most of the time it will be PHP sesion files. To clean these files, you can use a cronjob like the following. It have some common extension i found on shared cpanel server, files in your sever may be differnt. You need to investigate what is taking up disk space on your /tmp folder and modify the script as needed.

    Create file

    vi /usr/local/bin/cleantmp
    

    Add following

    #!/bin/bash
    
    find /tmp -type f -name 'sess_*' -mtime +30 | xargs rm -f
    find /tmp -type f -name 'php*' -mtime +30 |xargs rm -f
    find /tmp -type f -name '*.zip' -mtime +30 |xargs rm -f
    find /tmp -type f -name 'tmp_*' -mtime +30 |xargs rm -f
    find /tmp -type f -name '*.jpg' -mtime +30 |xargs rm -f
    find /tmp -type f -name '*.tmpvideo' -mtime +30 |xargs rm -f
    find /tmp -type f -name '*.params' -mtime +30 |xargs rm -f
    find /tmp -type f -name '*.gif' -mtime +30 |xargs rm -f
    find /tmp -type f -name '*.png' -mtime +30 |xargs rm -f
    

    -mtime +30 is to find files that are modified 30 or more days ago.

    Make it executable

    chmod 755 /usr/local/bin/cleantmp
    

    Create a cronjon

    crontab -e
    

    Add

    0 1 * * *  /usr/local/bin/cleantmp > /dev/null 2>&1
    

    See tmp

  • Enable UI in CSF Firewall on CentOS

    Enable UI in CSF Firewall on CentOS

    CSF Firewall UI

    CSF Firewall come with standalone UI. This is disabled by default. On CentOS, install following requirments

    yum install perl-IO-Socket-SSL perl-Net-SSLeay perl-Net-LibIDN  perl-IO-Socket-INET6 perl-Socket6
    

    Edit CSF configuration file

    vi /etc/csf/csf.conf
    

    Find

    UI = "0"
    

    Replace with

    UI = "1"
    

    Change following settins as needed.

    UI_PORT = "6666"
    UI_USER = "username"
    UI_PASS = "password"
    

    By Default, only whitelisted IP can access the UI, to white list your IP, run

    echo "YOUR_IP_ADDR" >> /etc/csf/ui/ui.allow
    

    If you want to allow CSF UI from all IP address, then set UI_ALLOW to 0 in csf.conf

    UI_ALLOW = "0"
    

    CSF use a self signed SSL, if you have an SSL cert, you can use it. SSL certificate is avaiable in folder

    /etc/csf/ui/
    

    To use LetsEncrypt Free SSL certificate for CSF UI, i set symlink to ssl cert.

    cd /etc/csf/ui
    mv server.key server.key.old
    mv server.crt server.crt.old
    ln -s /etc/letsencrypt/live/DOMAIN/fullchain.pem server.crt
    ln -s /etc/letsencrypt/live/DOMAIN/privkey.pem server.key
    

    Now restart CSF and LDF

    systemctl restart lfd
    systemctl restart csf
    

    You will see CSF UI running on port 6666.

    [root@grupo conf.d]# netstat -lntp
    Active Internet connections (only servers)
    Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
    tcp        0      0 0.0.0.0:6666            0.0.0.0:*               LISTEN      20605/lfd UI        
    tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      23918/mysqld        
    tcp        0      0 0.0.0.0:10000           0.0.0.0:*               LISTEN      2203/perl           
    tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1275/master         
    tcp        0      0 0.0.0.0:3333            0.0.0.0:*               LISTEN      19061/sshd          
    tcp6       0      0 :::80                   :::*                    LISTEN      19810/httpd         
    tcp6       0      0 ::1:25                  :::*                    LISTEN      1275/master         
    tcp6       0      0 :::443                  :::*                    LISTEN      19810/httpd         
    tcp6       0      0 :::3333                 :::*                    LISTEN      19061/sshd          
    [root@grupo conf.d]# 
    
  • LetsEncrypt  SSL for webmin server

    LetsEncrypt SSL for webmin server

    Webmin run on port 10000 over HTTPS. By default webmin use self signed SSL certificate. To use SSL for webmin, you need to first get SSL cerificate for the domain you need to use. Refer https://serverok.in/letsencrypt for getting SSL certificate.

    Once you have SSL certficate, do following.

    cd /etc/webmin
    mv miniserv.pem miniserv.pem.old
    cat /etc/letsencrypt/live/YOURDOMAIN/cert.pem /etc/letsencrypt/live/YOURDOMAIN/privkey.pem /etc/letsencrypt/live/YOURDOMAIN/chain.pem > /etc/webmin/miniserv.pem
    

    Now restart webmin

    systemctl restart webmin
    

    Now you will be able to access webmin using this SSL cert at

    https://YOURDOMIN:10000
    

    To auto renew SSL, add following entry to cronjob that renew your LetsEncrypt SSL certificate.

    cat /etc/letsencrypt/live/YOURDOMAIN/cert.pem /etc/letsencrypt/live/YOURDOMAIN/privkey.pem /etc/letsencrypt/live/YOURDOMAIN/chain.pem > /etc/webmin/miniserv.pem
    systemctl restart webmin
    
  • Install ionCube on Ubuntu 18.04

    Install ionCube on Ubuntu 18.04

    Download ioncube loader from

    https://www.ioncube.com/loaders.php

    cd /usr/local/src
    wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
    tar xvf ioncube_loaders_lin_x86-64.tar.gz
    cd ioncube/
    

    Find extension diretcory and copy .so file to php extension diretcory. To find php extension directory run

    php -i | grep  extension_dir
    

    For PHP 7.2, run

    cp /usr/local/src/ioncube/ioncube_loader_lin_7.2.so /usr/lib/php/20170718 
    

    Enable ioncube

    echo "zend_extension=ioncube_loader_lin_7.2.so" > /etc/php/7.2/mods-available/ioncube.ini
    ln -s /etc/php/7.2/mods-available/ioncube.ini /etc/php/7.2/cli/conf.d/01-ioncube.ini
    

    for Apache, run

    ln -s /etc/php/7.2/mods-available/ioncube.ini /etc/php/7.2/apache2/conf.d/01-ioncube.ini
    systemctl restart apache2
    

    for php-fpm, run

    ln -s /etc/php/7.2/mods-available/ioncube.ini /etc/php/7.2/fpm/conf.d/01-ioncube.ini
    systemctl restart php7.2-fpm