Category: Ubuntu

CyberPanel FTP not working on Ubuntu Server

On CyberPanel server, FTP was not working. I checked the server with “netstat -lntp” command. No service was listening on port 21. Started pure-ftpd with command

systemctl start pure-ftpd-mysql

To start pure-ftpd on boot, run

systemctl enable pure-ftpd-mysql

Now FTP service started listening on port 21, but login to the FTP server failed with an error “Login authentication failed”.

pure-ftpd on CyberPanel server uses MySQL authentication. We need to configure pure-ftpd to use the “users” table in “cyberpanel” database.

Edit file

vi /etc/pure-ftpd/db/mysql.conf

In this file, you need to add MySQL login details

MYSQLUser
MYSQLPassword
MYSQLDatabase   cyberpanel
MYSQLCrypt      md5

If you don’t have a MySQL user, create one with

GRANT ALL PRIVILEGES ON *.* TO 'ftpadmin'@'localhost' IDENTIFIED BY 'USER_PASSWORD_HERE' WITH GRANT OPTION;
GRANT PROXY ON ''@'' TO 'ftpadmin'@'localhost' WITH GRANT OPTION;

Here is the example config

MYSQLSocket      /var/run/mysqld/mysqld.sock
MYSQLUser       ftpadmin
MYSQLPassword   MYSQL_USER_PW_HERE
MYSQLDatabase   cyberpanel
MYSQLCrypt      md5
MYSQLGetPW      SELECT Password FROM users WHERE User='\L'
MYSQLGetUID     SELECT Uid FROM users WHERE User='\L'
MYSQLGetGID     SELECT Gid FROM users WHERE User='\L'
MYSQLGetDir     SELECT Dir FROM users WHERE User='\L'

If you don’t have MySQL auth enabled, enable it with

ln -s /etc/pure-ftpd/conf/MySQLConfigFile /etc/pure-ftpd/auth/30mysql

Restart pure-ftp-mysql with

systemctl restart pure-ftpd-mysql

See CyberPanel

June 25, 2021

Install PHP drivers for Microsoft SQL Server on Ubuntu PHP 7.2

On Ubuntu 18.04 server running PHP 7.2, i want to install Microsoft SQL Server module for PHP. You can find PHP module for SQL server at

https://github.com/microsoft/msphpsql

At the time of writing this PHP module only support PHP 7.4 and newer. SO i need to find older version that supported PHP 7.2. On checking release page, i found version 5.8.0 supported PHP 7.2

First install php7.2 dev package with

apt install php7.2-dev

Instal php modules with pcel

pecl install sqlsrv-5.8.0

During install, i got error

configure: creating ./config.status
config.status: creating config.h
config.status: executing libtool commands
running: make
/bin/bash /tmp/pear/temp/pear-build-rootnuxjAy/sqlsrv-5.8.0/libtool --mode=compile g++ -std=c++11 -I. -I/tmp/pear/temp/sqlsrv -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootnuxjAy/sqlsrv-5.8.0/include -I/tmp/pear/temp/pear-build-rootnuxjAy/sqlsrv-5.8.0/main -I/tmp/pear/temp/sqlsrv -I/usr/include/php/20170718 -I/usr/include/php/20170718/main -I/usr/include/php/20170718/TSRM -I/usr/include/php/20170718/Zend -I/usr/include/php/20170718/ext -I/usr/include/php/20170718/ext/date/lib -I/tmp/pear/temp/sqlsrv/shared/  -DHAVE_CONFIG_H  -std=c++11 -D_FORTIFY_SOURCE=2 -O2 -fstack-protector   -c /tmp/pear/temp/sqlsrv/conn.cpp -o conn.lo
libtool: compile:  g++ -std=c++11 -I. -I/tmp/pear/temp/sqlsrv -DPHP_ATOM_INC -I/tmp/pear/temp/pear-build-rootnuxjAy/sqlsrv-5.8.0/include -I/tmp/pear/temp/pear-build-rootnuxjAy/sqlsrv-5.8.0/main -I/tmp/pear/temp/sqlsrv -I/usr/include/php/20170718 -I/usr/include/php/20170718/main -I/usr/include/php/20170718/TSRM -I/usr/include/php/20170718/Zend -I/usr/include/php/20170718/ext -I/usr/include/php/20170718/ext/date/lib -I/tmp/pear/temp/sqlsrv/shared/ -DHAVE_CONFIG_H -std=c++11 -D_FORTIFY_SOURCE=2 -O2 -fstack-protector -c /tmp/pear/temp/sqlsrv/conn.cpp  -fPIC -DPIC -o .libs/conn.o
In file included from /tmp/pear/temp/sqlsrv/shared/typedefs_for_linux.h:23:0,
                 from /tmp/pear/temp/sqlsrv/shared/xplat_winnls.h:24,
                 from /tmp/pear/temp/sqlsrv/shared/FormattedPrint.h:24,
                 from /tmp/pear/temp/sqlsrv/shared/core_sqlsrv.h:41,
                 from /tmp/pear/temp/sqlsrv/php_sqlsrv_int.h:25,
                 from /tmp/pear/temp/sqlsrv/conn.cpp:24:
/tmp/pear/temp/sqlsrv/shared/xplat.h:30:10: fatal error: sql.h: No such file or directory
 #include 
          ^~~~~~~
compilation terminated.
Makefile:194: recipe for target 'conn.lo' failed
make: *** [conn.lo] Error 1
ERROR: `make' failed
root@server:~#

This is fixed with command

apt-get install unixodbc-dev

install pdo_sqlsrv with

pecl install pdo_sqlsrv-5.8.0

Run

printf "; priority=20\nextension=sqlsrv.so\n" > /etc/php/7.2/mods-available/sqlsrv.ini
printf "; priority=30\nextension=pdo_sqlsrv.so\n" > /etc/php/7.2/mods-available/pdo_sqlsrv.ini

Enabe PHP modules with

phpenmod -v 7.2 sqlsrv pdo_sqlsrv

Restart Apache, now phpinfo() shows pdo_sqlsrv

But when accessing PHP script that connect to MS SQL server, i get error

This extension requires the Microsoft ODBC Driver for SQL Server to communicate with SQL Server. Access the following URL to download the ODBC Driver for SQL Server for x64

To fix this, do

curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add -

For Ubuntu 16.04

curl https://packages.microsoft.com/config/ubuntu/16.04/prod.list > /etc/apt/sources.list.d/mssql-release.list

For Ubuntu 18.04

curl https://packages.microsoft.com/config/ubuntu/18.04/prod.list > /etc/apt/sources.list.d/mssql-release.list

For Ubuntu 20.04

curl https://packages.microsoft.com/config/ubuntu/20.04/prod.list > /etc/apt/sources.list.d/mssql-release.list

Ubuntu 20.10

curl https://packages.microsoft.com/config/ubuntu/20.10/prod.list > /etc/apt/sources.list.d/mssql-release.list

Update apt cahe

apt-get update

Install Microsoft ODBC

apt-get install -y msodbcsql17

Optional: for bcp and sqlcmd

apt-get install -y mssql-tools
echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc
source ~/.bashrc
apt-get install -y unixodbc-dev

Now php MS SQL module will work. You can find sample PHP code at

https://gist.github.com/serverok/456b3d1d7295463df42c9822e8db3e5b
https://github.com/microsoft/msphpsql/blob/master/sample/pdo_sqlsrv_sample.php

Here are microsoft documentation

https://docs.microsoft.com/en-us/sql/connect/odbc/linux-mac/installing-the-microsoft-odbc-driver-for-sql-server?view=sql-server-2017

https://docs.microsoft.com/en-us/sql/connect/php/installation-tutorial-linux-mac?view=sql-server-ver15

See PHP

May 22, 2021

Easy Kubernetes setup on Ubuntu with microk8s

To install microk8s, run

sudo snap install microk8s --classic

Enable rules in firewall

sudo ufw allow in on cni0
sudo ufw allow out on cni0
sudo ufw default allow routed

Enable addons

microk8s enable dns dashboard storage

To see status of current addons, run

microk8s status

Here is status for a defaul install

root@ip-172-26-0-217:~# microk8s status
microk8s is running
high-availability: no
  datastore master nodes: 127.0.0.1:19001
  datastore standby nodes: none
addons:
  enabled:
    ha-cluster           # Configure high availability on the current node
  disabled:
    ambassador           # Ambassador API Gateway and Ingress
    cilium               # SDN, fast with full network policy
    dashboard            # The Kubernetes dashboard
    dns                  # CoreDNS
    fluentd              # Elasticsearch-Fluentd-Kibana logging and monitoring
    gpu                  # Automatic enablement of Nvidia CUDA
    helm                 # Helm 2 - the package manager for Kubernetes
    helm3                # Helm 3 - Kubernetes package manager
    host-access          # Allow Pods connecting to Host services smoothly
    ingress              # Ingress controller for external access
    istio                # Core Istio service mesh services
    jaeger               # Kubernetes Jaeger operator with its simple config
    keda                 # Kubernetes-based Event Driven Autoscaling
    knative              # The Knative framework on Kubernetes.
    kubeflow             # Kubeflow for easy ML deployments
    linkerd              # Linkerd is a service mesh for Kubernetes and other frameworks
    metallb              # Loadbalancer for your Kubernetes cluster
    metrics-server       # K8s Metrics Server for API access to service metrics
    multus               # Multus CNI enables attaching multiple network interfaces to pods
    portainer            # Portainer UI for your Kubernetes cluster
    prometheus           # Prometheus operator for monitoring and logging
    rbac                 # Role-Based Access Control for authorisation
    registry             # Private image registry exposed on localhost:32000
    storage              # Storage class; allocates storage from host directory
    traefik              # traefik Ingress controller for external access
root@ip-172-26-0-217:~#

To see all pods/services/deploymens, run

microk8s kubectl get all --all-namespaces

To avoid typing microk8s before kubectl, run

alias kubectl="microk8s kubectl"

You can add this to .bashrc to make it permanent.

To run an nginx container

root@ip-172-26-0-217:~# microk8s kubectl create deployment nginx --image=nginx:latest
deployment.apps/nginx created
root@ip-172-26-0-217:~# microk8s kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-55649fd747-xngk5   1/1     Running   0          106s
root@ip-172-26-0-217:~#

To expose the nginx deployment to public, run

kubectl expose deployment nginx --port 80 --target-port 80  --type ClusterIP --name nginx --external-ip 172.26.0.217

Here –external-ip 172.26.0.217 is IP of the node. In this case, it is internal IP of Amazon ec2 sevrer (eth0 IP).

The above expose command create a service

root@ip-172-26-0-217:~# kubectl get services
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP    PORT(S)   AGE
kubernetes   ClusterIP   10.152.183.1             443/TCP   45m
nginx        ClusterIP   10.152.183.11   172.26.0.217   80/TCP    8s
root@ip-172-26-0-217:~#

To undo the expose command, you need to delete the service with name nginx.

root@ip-172-26-0-217:~# kubectl delete services nginx
service "nginx" deleted
root@ip-172-26-0-217:~#

See Kubernetes

April 8, 2021

Install dnsmasq on Ubuntu

dnsmasq is a very powerful tool that can provide basic dns services/caching, act as dhcp server and also as tftp server.

To install dnsmasq, run

apt install dnsmasq

When you start dnsmasq, if it complain about port 53 alreay in use

dnsmasq: failed to create listening socket for port 53: Address already in use

This is because some other service is running on port 53. To find what service is listening on port 53, run

root@first-vm:~# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      4934/sshd: /usr/sbi 
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      93/systemd-resolved 
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      26081/mysqld        
tcp6       0      0 :::2222                 :::*                    LISTEN      4934/sshd: /usr/sbi 
tcp6       0      0 :::80                   :::*                    LISTEN      10467/apache2       
tcp6       0      0 :::3128                 :::*                    LISTEN      17606/(squid-1)     
root@first-vm:~#

In this case, it is systemd-resolved. To stop it, run

systemctl disable systemd-resolved
systemctl stop systemd-resolved

Now you can start dnsmasq with

systemctl start dnsmasq

After starting dnsmasq, if you try resolve a domain, it will fail

root@first-vm:~# nslookup yahoo.com localhost
;; connection timed out; no servers could be reached


root@first-vm:~#

This is because default configuration don’t have anything enabled. To enable DNS caching/resolver, you need to edit file

vi /etc/dnsmasq.conf

Add line

server=8.8.8.8
server=1.1.1.1

Restart dnsmasq

systemctl restart dnsmasq

Now you will be able to resolve domain name using localhost as the dns server.

root@first-vm:~# nslookup serverok.in localhost
Server:		localhost
Address:	::1#53

Non-authoritative answer:
Name:	serverok.in
Address: 172.67.133.148
Name:	serverok.in
Address: 104.21.14.2
Name:	serverok.in
Address: 2606:4700:3030::ac43:8594
Name:	serverok.in
Address: 2606:4700:3035::6815:e02

root@first-vm:~#

If you need dnsmasq listen to only local ip, add following in /etc/dnsmasq.conf and restart dnsmasq.

listen-address=127.0.0.1

If you need to override MX record for a domain, you can add following to dnsmasq.conf

mx-host=example.com,mail.example.com,5

To set txt record for a domain

txt-record=example.com,"v=spf1 a -all"

See dnsmasq

March 6, 2021

Ant Media Server Ubuntu firewall configuration

To enable firewal for Ant Media Server on Ubnuntu server, use following rules

ufw allow ssh
ufw allow http
ufw allow https
ufw allow 1935/tcp
ufw allow 5080/tcp
ufw allow 5443/tcp
ufw allow 5000:65000/udp
enable ufw

After enabling, you will have following status

root@server:~# ufw status
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere                  
80/tcp                     ALLOW       Anywhere                  
443/tcp                    ALLOW       Anywhere                  
1935/tcp                   ALLOW       Anywhere                  
5080/tcp                   ALLOW       Anywhere                  
5443/tcp                   ALLOW       Anywhere                  
5000:65000/udp             ALLOW       Anywhere                  
22/tcp (v6)                ALLOW       Anywhere (v6)             
80/tcp (v6)                ALLOW       Anywhere (v6)             
443/tcp (v6)               ALLOW       Anywhere (v6)             
1935/tcp (v6)              ALLOW       Anywhere (v6)             
5080/tcp (v6)              ALLOW       Anywhere (v6)             
5443/tcp (v6)              ALLOW       Anywhere (v6)             
5000:65000/udp (v6)        ALLOW       Anywhere (v6)             

root@server:~#

Port forwarding

You can forward port 80 and 443 to Ant Media Server, so you don’t have to use ports.

You can use following iptables commands

sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 5080
sudo iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5443

To make it permanent, edit

vi /etc/ufw/before.rules

In the beginning of the file, find

*filter

Add above

*nat
:PREROUTING ACCEPT [0:0]
-A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 5080
-A PREROUTING -p tcp --dport 443 -j REDIRECT --to-port 5443
COMMIT

Restart ufw firewall

ufw disable
ufw enable

See Ant Media Server

January 25, 2021

Reinstall Kernel in Ubuntu/Debian
To reinstall Kernel in Ubunru, you need to find the version of kernal installed, for this run
```
dpkg -l | grep linux-image
```
Or you can use command, find the kernel version you need to install
```
apt-cache search linux-image
```
Once you have the name of linux-image package you need to install, you can run
```
apt-get install --reinstall PKG_NAME_HERE
```
Example

See apt, Ubuntu, Debian
January 13, 2021
install Shotcut Video Editor in ubuntu
Shotcut is an free open source video editor for Ubuntu. You can find more info at

https://shotcut.org

Latest version of Shotcut video editor can be installed on Ubuntu using command
```
sudo snap install shotcut --classic
```
shotcut is also available to be installed from apt, but this is slightly older version than snap. To install from apt, use command
```
sudo apt install shotcut
```
See Ubuntu
December 25, 2020

Configure OVH Failover IP in Ubuntu 20.04/22.04

To configure IP in Ubuntu Server 20.04 guest, create a file

vi /etc/netplan/50-netwrk.yaml

add the following content

network:
    version: 2
    ethernets:
        eth0:
            addresses:
                - YOUR_FO_IP_HERE/32
            nameservers:
                addresses:
                    - 1.1.1.1
                search: []
            optional: true
            routes:
                - to: 0.0.0.0/0
                  via: YOUR_GW_IP_HERE
                  on-link: true

example

root@easyengine:~# cat /etc/netplan/50-cloud-init.yaml
network:
    version: 2
    ethernets:
        eth0:
            addresses:
                - 164.132.150.95/32
            nameservers:
                addresses:
                    - 1.1.1.1
                search: []
            optional: true
            routes:
                - to: 0.0.0.0/0
                  via: 51.255.79.254
                  on-link: true
root@easyengine:~#

“on-link: true” is what makes it work. The “on-link: true” option is used to specify that a specific route should be considered “on-link.” This means that the route is directly reachable on the local network segment, and packets destined for that route should be sent directly to the network interface associated with that network segment, rather than being routed through a gateway.

Test network config using

netplan try

If everything works fine, you can apply the changes with

netplan apply

See OVH, netplan

December 21, 2020

Ubuntu Remap keys in the keyboard
Left Shift key on my keyboard started acting up. It some times work, some times it won’t. I never use the caps lock key on my kayboard, this is just above the shift key. So i decided to use this key as left shift key.

To re-assign key, you need to edit file /usr/share/X11/xkb/symbols/pc

Lets take a copy of the file before we edit it
```
cp /usr/share/X11/xkb/symbols/pc ~/pc-backup
```
Edit
```
sudo gedit /usr/share/X11/xkb/symbols/pc
```
Find the line
```
     key  {	[ Caps_Lock		]	};
```
This is on line 22

Replace with
```
     key  {	[ Shift_L		]	};
```
Now you need to restart X-Windows by pressing ALT+F2, then type r. You can also just reboot your computer for the new keymap to work. After restart, i can use Caps lock key as my Left Shift key.

If you want to disable left shift key, you can comment the line
```
    key  {	[ Shift_L		]	};
```
by adding // at beginning of the line.

See Ubuntu
December 21, 2020

Ubuntu Server 20.04 set static IP with netplan

First check if you have file

/etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg

If the file exists, make sure, you have the following content in it.

root@ubuntu:~# cat /etc/cloud/cloud.cfg.d/subiquity-disable-cloudinit-networking.cfg
network: {config: disabled}
root@ubuntu:~#

Edit

vi /etc/netplan/00-installer-config.yaml

Replace all content with

network:
    version: 2
    ethernets:
        eth0:
            addresses: [192.168.1.100/24]
            routes:
                - to: default
                  via: 192.168.1.1
            nameservers:
                addresses: [1.1.1.1, 8.8.8.8]

In the above cause 192.168.1.100 is your static IP address. 192.168.1.1 is the gateway. eth0 is the network interface name.

Older versions of netpan used gateway4 instead of routes.

            gateway4: 192.168.1.1

Now try the changes with

netplan try

If all is good, you can make changes permanent with

netplan apply

See IP

December 15, 2020

Ubuntu 20.04/22.04 settings won’t open
On Ubuntu 20.04/22.04 settings won’t open. This may be caused by some software install/update.

I tried to run
```
gnome-control-center
```
From the terminal, I get the error
```
boby@sok-01:~$ gnome-control-center

Command 'gnome-control-center' not found, but can be installed with:

sudo apt install gnome-control-center

boby@sok-01:~$ 
```
To fix the error, I installed gnome-control-center package as the error suggests.
```
sudo apt install gnome-control-center
```
See Ubuntu
December 4, 2020
gsettings

Ubuntu Screen Recorder

December 1, 2020