ServerOK – Page 103 – Linux Server Management

MongoDB

MongoDB is an Open Source NoSQL database.

https://www.mongodb.com/

Connecting to to MongoDB with user/pass

mongo --port PORT_HERE -u USER_NAME_HERE -p PW_HERE --authenticationDatabase "admin"

1	mongo --port PORT_HERE -u USER_NAME_HERE -p PW_HERE --authenticationDatabase "admin"

Install MongoDB

Free MongoDB hosting

https://mlab.com
https://www.mongodb.com/cloud/atlas – 512 MB VM for Free

Rsync backup with X days retention

rsync is run on backup server, that login to remote servers and backup.

vi /usr/serverok/rsync-backup.sh

1	vi /usr/serverok/rsync-backup.sh

Add following code

#!/bin/sh


date

rsync --archive --verbose --exclude-from=/usr/serverok/.rsync-exclude root@SERVER-IP:/ /backup/HOSTNAME-HERE/sda1/
echo "RSYNC: HOSTNAME-HERE..........OK" | mail -s 'HOSTNAME-HERE RSYNC' you@your-domain.extn


date

#!/bin/sh

date

rsync --archive --verbose --exclude-from=/usr/serverok/.rsync-exclude root@SERVER-IP:/ /backup/HOSTNAME-HERE/sda1/

echo "RSYNC: HOSTNAME-HERE..........OK" | mail -s 'HOSTNAME-HERE RSYNC' you@your-domain.extn

date

Repeat the rsync/echo lines for each server you need to backup.

We exclude some of the files from backup, this is specified in .rsync-exclude file.

# cat .rsync-exclude 
/boot
/backup
/mnt
/tmp
/cdrom
/media
/proc
/sys
#

# cat .rsync-exclude

/boot

/backup

/mnt

/tmp

/cdrom

/media

/proc

/sys

Run it with cronjob

20 0 * * * /usr/serverok/rsync-backup.sh &> /var/log/serverok-rsync-backup.log

1	20 0 * * * /usr/serverok/rsync-backup.sh &> /var/log/serverok-rsync-backup.log

Backup Rotation

We rotate backup, so we have 20 days of backups. To do this, run cronjob

0 1 * * * /usr/serverok/rsync-backup-rotate.sh &>  /var/log/serverok-rsync-backup-rotate.log

1	0 1 * * * /usr/serverok/rsync-backup-rotate.sh &> /var/log/serverok-rsync-backup-rotate.log

Create script

vi /usr/serverok/rsync-backup-rotate.sh

1	vi /usr/serverok/rsync-backup-rotate.sh

With following content

#!/bin/bash

date
BACKUP_IDS=(01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20)
PATHES=(/backup/server10 /backup/server20 /backup/server22 /backup/server24 /backup/server32 /backup/server48)

# Create backup directories

for ((i=0; i < ${#BACKUP_IDS[*]}; i++)); do
        if [ ! -d /backup/${BACKUP_IDS[$i]} ]; then
                mkdir -p /backup/${BACKUP_IDS[$i]}
        fi
done

# Rotate backup directories

mv /backup/${#BACKUP_IDS[*]} /backup/00
for ((i=${#BACKUP_IDS[*]}-2; i >= 0; i-- )); do
        j=$i+1
        mv /backup/${BACKUP_IDS[$i]} /backup/${BACKUP_IDS[$j]}
done

mv /backup/00 /backup/01

# Backup into backup directory 01

touch -m /backup/01/
for ((i=0; i < ${#PATHES[*]}; i++)); do
        mkdir -p /backup/01${PATHES[$i]}/
        rsync -avl --delete --exclude-from=/usr/serverok/excludes.txt --link-dest=/backup/02${PATHES[$i]}/ ${PATHES[$i]}/ /backup/01${PATHES[$i]}/
done
date
exit

#!/bin/bash

date

BACKUP_IDS=(01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20)

PATHES=(/backup/server10 /backup/server20 /backup/server22 /backup/server24 /backup/server32 /backup/server48)

# Create backup directories

for ((i=0; i < ${#BACKUP_IDS[*]}; i++)); do

if [ ! -d /backup/${BACKUP_IDS[$i]} ]; then

mkdir -p /backup/${BACKUP_IDS[$i]}

done

# Rotate backup directories

mv /backup/${#BACKUP_IDS[*]} /backup/00

for ((i=${#BACKUP_IDS[*]}-2; i >= 0; i-- )); do

j=$i+1

mv /backup/${BACKUP_IDS[$i]} /backup/${BACKUP_IDS[$j]}

done

mv /backup/00 /backup/01

# Backup into backup directory 01

touch -m /backup/01/

for ((i=0; i < ${#PATHES[*]}; i++)); do

mkdir -p /backup/01${PATHES[$i]}/

rsync -avl --delete --exclude-from=/usr/serverok/excludes.txt --link-dest=/backup/02${PATHES[$i]}/ ${PATHES[$i]}/ /backup/01${PATHES[$i]}/

done

date

exit

Here you need to add a folder for each server on line PATHES.

Here is content of excludes.txt

# cat /usr/serverok/excludes.txt
.svn
.DS_Store
._*
*.log
*.log.gz
*.log.*.gz
access_log
access_log.*
access_ssl_log
access_ssl_log.*
error_log
error_log.*
xferlog_regular
xferlog_regular.*
#

# cat /usr/serverok/excludes.txt

.svn

.DS_Store

._*

*.log

*.log.gz

*.log.*.gz

access_log

access_log.*

access_ssl_log

access_ssl_log.*

error_log

error_log.*

xferlog_regular

xferlog_regular.*

lvm

vgcreate

When i try mount a partition i get error

mount: unknown filesystem type ‘LVM2_member’

This is because the partition is LVM. Got it fixed with

root@sysresccd /root % parted -l
Model: ATA Samsung SSD 850 (scsi)
Disk /dev/sda: 500GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  3146kB  2097kB  primary
 2      3146kB  527MB   524MB   primary  ext2         boot
 3      527MB   500GB   500GB   primary               lvm


root@sysresccd /root % mount /dev/sda3 /mnt
mount: unknown filesystem type 'LVM2_member'
root@sysresccd /root % lvmdiskscan
  WARNING: lvmetad is running but disabled. Restart lvmetad before enabling it!
  /dev/loop0          [     275.14 MiB]
  /dev/mapper/vg-swap [      15.75 GiB]
  /dev/sda1           [       2.00 MiB]
  /dev/mapper/vg-tmp  [       1.00 GiB]
  /dev/sda2           [     500.00 MiB]
  /dev/mapper/vg-root [     448.46 GiB]
  /dev/sda3           [     465.27 GiB] LVM physical volume
  3 disks
  3 partitions
  0 LVM physical volume whole disks
  1 LVM physical volume
root@sysresccd /root % lvscan
  WARNING: lvmetad is running but disabled. Restart lvmetad before enabling it!
  ACTIVE            '/dev/vg/swap' [15.75 GiB] inherit
  ACTIVE            '/dev/vg/tmp' [1.00 GiB] inherit
  ACTIVE            '/dev/vg/root' [448.46 GiB] inherit
root@sysresccd /root % mount /dev/vg/root /mnt
root@sysresccd /root %

root@sysresccd /root % parted -l

Model: ATA Samsung SSD 850 (scsi)

Disk /dev/sda: 500GB

Sector size (logical/physical): 512B/512B

Partition Table: msdos

Disk Flags:

Number Start End Size Type File system Flags

1 1049kB 3146kB 2097kB primary

2 3146kB 527MB 524MB primary ext2 boot

3 527MB 500GB 500GB primary lvm

root@sysresccd /root % mount /dev/sda3 /mnt

mount: unknown filesystem type 'LVM2_member'

root@sysresccd /root % lvmdiskscan

WARNING: lvmetad is running but disabled. Restart lvmetad before enabling it!

/dev/loop0 [ 275.14 MiB]

/dev/mapper/vg-swap [ 15.75 GiB]

/dev/sda1 [ 2.00 MiB]

/dev/mapper/vg-tmp [ 1.00 GiB]

/dev/sda2 [ 500.00 MiB]

/dev/mapper/vg-root [ 448.46 GiB]

/dev/sda3 [ 465.27 GiB] LVM physical volume

3 disks

3 partitions

0 LVM physical volume whole disks

1 LVM physical volume

root@sysresccd /root % lvscan

WARNING: lvmetad is running but disabled. Restart lvmetad before enabling it!

ACTIVE '/dev/vg/swap' [15.75 GiB] inherit

ACTIVE '/dev/vg/tmp' [1.00 GiB] inherit

ACTIVE '/dev/vg/root' [448.46 GiB] inherit

root@sysresccd /root % mount /dev/vg/root /mnt

root@sysresccd /root %

Nginx WordPress

Here is nginx configuration for wordpress

server {
    listen 80;
    server_name serverok.in www.serverok.in;
    root /var/www/html;
    index index.php;
    client_max_body_size 100M;

    location = /favicon.ico {
            log_not_found off;
            access_log off;
    }

    location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
    }

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        proxy_read_timeout 180;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~* \.(txt|xml|js)$ {
            expires max;
            log_not_found off;
            access_log off;
    }

    location ~* \.(css)$ {
            expires max;
            log_not_found off;
            access_log off;
    }

    location ~* \.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$ {
            expires max;
            log_not_found off;
            access_log off;
    }

    location ~* \.(jpg|jpeg|png|gif|swf|webp)$ {
             expires max;
             log_not_found off;
             access_log off;
    }

    gzip on;
    gzip_http_version  1.1;
    gzip_comp_level    5;
    gzip_min_length    256;
    gzip_proxied       any;
    gzip_vary          on;
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/rss+xml
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/svg+xml
        image/x-icon
        text/css
        text/plain
        text/x-component;
}

server {

listen 80;

server_name serverok.in www.serverok.in;

root /var/www/html;

index index.php;

client_max_body_size 100M;

location = /favicon.ico {

log_not_found off;

access_log off;

}

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

location / {

try_files $uri $uri/ /index.php?$args;

}

location ~ \.php$ {

include snippets/fastcgi-php.conf;

proxy_read_timeout 180;

fastcgi_intercept_errors on;

fastcgi_buffers 16 16k;

fastcgi_buffer_size 32k;

fastcgi_pass unix:/run/php/php7.0-fpm.sock;

}

location ~* \.(txt|xml|js)$ {

expires max;

log_not_found off;

access_log off;

}

location ~* \.(css)$ {

expires max;

log_not_found off;

access_log off;

}

location ~* \.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$ {

expires max;

log_not_found off;

access_log off;

}

location ~* \.(jpg|jpeg|png|gif|swf|webp)$ {

expires max;

log_not_found off;

access_log off;

}

gzip on;

gzip_http_version 1.1;

gzip_comp_level 5;

gzip_min_length 256;

gzip_proxied any;

gzip_vary on;

gzip_types

application/atom+xml

application/javascript

application/json

application/rss+xml

application/vnd.ms-fontobject

application/x-font-ttf

application/x-web-app-manifest+json

application/xhtml+xml

application/xml

font/opentype

image/svg+xml

image/x-icon

text/css

text/plain

text/x-component;

}

Nginx Config with FCGI Cache + gzip compression

fastcgi_cache_path /tmp/nginx-cache levels=1:2 keys_zone=WORDPRESS:500m inactive=60m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;

server {
    listen *:443 ssl http2;
    server_name www.serverok.in serverok.in;
    root /var/www/html;
    index index.php;
    client_max_body_size 100M;

    location = /favicon.ico {
            log_not_found off;
            access_log off;
    }

    location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
    }

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    #fastcgi_cache start
    set $no_cache 0;

    # POST requests and urls with a query string should always go to PHP
    if ($request_method = POST) {
            set $no_cache 1;
    }   
    if ($query_string != "") {
            set $no_cache 1;
    }   

    # Don't cache uris containing the following segments
    if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {
            set $no_cache 1;
    }   

    # Don't use the cache for logged in users or recent commenters
    if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {
            set $no_cache 1;
    } 

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        proxy_read_timeout 180;
        fastcgi_intercept_errors on;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;

        fastcgi_cache_bypass $no_cache;
        fastcgi_no_cache $no_cache;
        fastcgi_cache WORDPRESS;
        fastcgi_cache_valid 200 60m;

        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~* \.(txt|xml|js)$ {
            expires max;
            log_not_found off;
            access_log off;
    }

    location ~* \.(css)$ {
            expires max;
            log_not_found off;
            access_log off;
    }

    location ~* \.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$ {
            expires max;
            log_not_found off;
            access_log off;
    }

    location ~* \.(jpg|jpeg|png|gif|swf|webp)$ {
             expires max;
             log_not_found off;
             access_log off;
    }

    ssl on;
    ssl_certificate /etc/ssl/serverok.in.crt;
    ssl_certificate_key /etc/ssl/serverok.in.key;

    # Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

    # Set caches, protocols, and accepted ciphers. This config will merit an A+ SSL Labs score as of Sept 2015.
    ssl_session_cache shared:SSL:20m;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:CAMELLIA256-SHA:CAMELLIA128-SHA256;

    # Compression

    # Enable Gzip compressed.
    gzip on;

    # Enable compression both for HTTP/1.0 and HTTP/1.1.
    gzip_http_version  1.1;

    # Compression level (1-9).
    # 5 is a perfect compromise between size and cpu usage, offering about
    # 75% reduction for most ascii files (almost identical to level 9).
    gzip_comp_level    5;

    # Don't compress anything that's already small and unlikely to shrink much
    # if at all (the default is 20 bytes, which is bad as that usually leads to
    # larger files after gzipping).
    gzip_min_length    256;

    # Compress data even for clients that are connecting to us via proxies,
    # identified by the "Via" header (required for CloudFront).
    gzip_proxied       any;

    # Tell proxies to cache both the gzipped and regular version of a resource
    # whenever the client's Accept-Encoding capabilities header varies;
    # Avoids the issue where a non-gzip capable client (which is extremely rare
    # today) would display gibberish if their proxy gave them the gzipped version.
    gzip_vary          on;

    # Compress all output labeled with one of the following MIME-types.
    gzip_types
        application/atom+xml
        application/javascript
        application/json
        application/rss+xml
        application/vnd.ms-fontobject
        application/x-font-ttf
        application/x-web-app-manifest+json
        application/xhtml+xml
        application/xml
        font/opentype
        image/svg+xml
        image/x-icon
        text/css
        text/plain
        text/x-component;
}
 
server {
    listen 80;
    server_name  www.serverok.in serverok.in;
    return       301 https://serverok.in$request_uri;
}

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

fastcgi_cache_path /tmp/nginx-cache levels=1:2 keys_zone=WORDPRESS:500m inactive=60m;

fastcgi_cache_key "$scheme$request_method$host$request_uri";

fastcgi_cache_use_stale error timeout invalid_header http_500;

server {

listen *:443 ssl http2;

server_name www.serverok.in serverok.in;

root /var/www/html;

index index.php;

client_max_body_size 100M;

location = /favicon.ico {

log_not_found off;

access_log off;

}

location = /robots.txt {

allow all;

log_not_found off;

access_log off;

}

location / {

try_files $uri $uri/ /index.php?$args;

}

#fastcgi_cache start

set $no_cache 0;

# POST requests and urls with a query string should always go to PHP

if ($request_method = POST) {

set $no_cache 1;

}

if ($query_string != "") {

set $no_cache 1;

}

# Don't cache uris containing the following segments

if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") {

set $no_cache 1;

}

# Don't use the cache for logged in users or recent commenters

if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") {

set $no_cache 1;

}

location ~ \.php$ {

include snippets/fastcgi-php.conf;

proxy_read_timeout 180;

fastcgi_intercept_errors on;

fastcgi_buffers 16 16k;

fastcgi_buffer_size 32k;

fastcgi_cache_bypass $no_cache;

fastcgi_no_cache $no_cache;

fastcgi_cache WORDPRESS;

fastcgi_cache_valid 200 60m;

fastcgi_pass unix:/run/php/php7.0-fpm.sock;

}

location ~* \.(txt|xml|js)$ {

expires max;

log_not_found off;

access_log off;

}

location ~* \.(css)$ {

expires max;

log_not_found off;

access_log off;

}

location ~* \.(flv|ico|pdf|avi|mov|ppt|doc|mp3|wmv|wav|mp4|m4v|ogg|webm|aac|eot|ttf|otf|woff|svg)$ {

expires max;

log_not_found off;

access_log off;

}

location ~* \.(jpg|jpeg|png|gif|swf|webp)$ {

expires max;

log_not_found off;

access_log off;

}

ssl on;

ssl_certificate /etc/ssl/serverok.in.crt;

ssl_certificate_key /etc/ssl/serverok.in.key;

# Enable HSTS. This forces SSL on clients that respect it, most modern browsers. The includeSubDomains flag is optional.

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

# Set caches, protocols, and accepted ciphers. This config will merit an A+ SSL Labs score as of Sept 2015.

ssl_session_cache shared:SSL:20m;

ssl_session_timeout 10m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_prefer_server_ciphers on;

ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:CAMELLIA256-SHA:CAMELLIA128-SHA256;

# Compression

# Enable Gzip compressed.

gzip on;

# Enable compression both for HTTP/1.0 and HTTP/1.1.

gzip_http_version 1.1;

# Compression level (1-9).

# 5 is a perfect compromise between size and cpu usage, offering about

# 75% reduction for most ascii files (almost identical to level 9).

gzip_comp_level 5;

# Don't compress anything that's already small and unlikely to shrink much

# if at all (the default is 20 bytes, which is bad as that usually leads to

# larger files after gzipping).

gzip_min_length 256;

# Compress data even for clients that are connecting to us via proxies,

# identified by the "Via" header (required for CloudFront).

gzip_proxied any;

# Tell proxies to cache both the gzipped and regular version of a resource

# whenever the client's Accept-Encoding capabilities header varies;

# Avoids the issue where a non-gzip capable client (which is extremely rare

# today) would display gibberish if their proxy gave them the gzipped version.

gzip_vary on;

# Compress all output labeled with one of the following MIME-types.

gzip_types

application/atom+xml

application/javascript

application/json

application/rss+xml

application/vnd.ms-fontobject

application/x-font-ttf

application/x-web-app-manifest+json

application/xhtml+xml

application/xml

font/opentype

image/svg+xml

image/x-icon

text/css

text/plain

text/x-component;

}

server {

listen 80;

server_name www.serverok.in serverok.in;

return 301 https://serverok.in$request_uri;

}

Cpanel Error NetworkManager is installed

When installing Cpanel on a dedicated server, i get error

NetworkManager is installed and running, or configured to startup.

To fix this, you just need to uninstall NetworkManager package.

yum remove NetworkManager

1	yum remove NetworkManager

Cpanel NetworkManager error

Another error i got on same server is

2017-12-18 09:47:20 1076 (FATAL): /etc/resolv.conf must be configured with non-local resolvers for installations to complete.

This error is fixed by editing /etc/resolv.conf and adding “nameserver 8.8.8.8” line.

[root@server1 home]# cat /etc/resolv.conf 
# Generated by NetworkManager
search serverok.in
nameserver 8.8.8.8
[root@server1 home]#

[root@server1 home]# cat /etc/resolv.conf

# Generated by NetworkManager

search serverok.in

nameserver 8.8.8.8

[root@server1 home]#

Debian Allow MySQL root user to login using phpMyAdmin

On Debian/Ubuntu by default MySQL root user can only login from local accounts.

MariaDB [(none)]> select plugin from mysql.user where user='root';
+-------------+
| plugin      |
+-------------+
| unix_socket |
+-------------+
1 row in set (0.00 sec)

MariaDB [(none)]>

MariaDB [(none)]> select plugin from mysql.user where user='root';

+-------------+

| plugin |

+-------------+

| unix_socket |

+-------------+

1 row in set (0.00 sec)

MariaDB [(none)]>

To enable login from phpMyAdmin, you need to set plugin to “mysql_native_password”.

To do this, login to MySQL as user root, then run

update mysql.user set plugin='mysql_native_password' where user='root';

1	update mysql.user set plugin='mysql_native_password' where user='root';

Configuring MySQL .my.cnf

vi ~/.my.cnf

1	vi ~/.my.cnf

Add following content

[client]
user = root
password = "DBPASSWORD"
 
[mysqladmin]
user = root
password = "DBPASSWORD"
 
[mysqldump]
user = root
password = "DBPASSWORD"

[client]

user = root

password = "DBPASSWORD"

[mysqladmin]

user = root

password = "DBPASSWORD"

[mysqldump]

user = root

password = "DBPASSWORD"

Replace DBPASSWORD with your MySQL root password.

Now set permission for this file to 600, so no user other than root can see it.

chmod 600 ~/.my.cnf

1	chmod 600 ~/.my.cnf

Install Cpanel DNS Only Server

To install Cpanel DNS only server, run

wget http://layer1.cpanel.net/cpanel-dnsonly-install.sea
sh cpanel-dnsonly-install.sea

1 2	wget http://layer1.cpanel.net/cpanel-dnsonly-install.sea sh cpanel-dnsonly-install.sea

iftop

iftop show bandwidth usage like top show cpu and memory usage.

To see network usage, run

iftop

iftop

If you have multiple network interface, you need to specify network interface to monitor, this can be done with -i option

iftop -i eth1

1	iftop -i eth1

To install on CentOS, run

yum install iftop

1	yum install iftop

For installing from source, see Install iftop from source on CentOS

On Ubuntu

apt -y install iftop

1	apt -y install iftop

To use, run iftop

iftop

Cpanel Server Behind NAT – Amazon EC2

When your cpanel server is behind nat, for example Amazon EC2 where you have an internal IP and External IP.

Go to

Home > Server Configuration> Basic WebHost Manager® Setup

Enter your servers internal IP where it ask for “The IPv4 address (only one address) to use to set up shared IPv4 virtual hosts.”.

Now login to Server using SSH and run

/scripts/build_cpnat

1	/scripts/build_cpnat

For an Amazon EC2 server with internal IP 172.31.26.120, i added the IP in WHM > Basic WebHost Manager® Setup

Run command /scripts/build_cpnat

That associate the IP with external IP address.

[root@ip-172-31-26-120 ~]# /scripts/build_cpnat
info [build_cpnat] 172.31.26.120 => 13.210.58.114
[root@ip-172-31-26-120 ~]#

[root@ip-172-31-26-120 ~]# /scripts/build_cpnat

info [build_cpnat] 172.31.26.120 => 13.210.58.114

[root@ip-172-31-26-120 ~]#

This allow DNS and Apache to resolve external IP properly. With out running this command DNS server will just reply with servers internal IP address.