OpenVPN provides flexible VPN solutions to secure your data communications, whether it’s for Internet privacy, remote access for employees, securing IoT, or for networking Cloud data centers. OpenVPN Server software solution can be deployed on-premises using standard servers or virtual server, or on the cloud server.

Why Use Our VPN?

• Uses the public Internet to create an economical, isolated, and secure private network
• Remote access to internal services increases mobile workforce productivity
• Reduces security risk by preventing unauthorized access to specific network resources
• Encryption ensures privacy on untrusted Wi-Fi and other public access networks
• Extends centralized unified threat management to remote networks

DOWNLOAD OpenVPN Connect client from here : CLICK HERE

Requirements : A vps server with ram 512 Mb will be enough, Virtualization type KVM/hyperv/vmware are recommended. Internet speed 100mbps or 1gbps.

So lets Get started :

Step 1 :

Download the openvpn install script :

mkdir /root/vpn
cd /root/vpn
curl -O https://raw.githubusercontent.com/angristan/openvpn-install/master/openvpn-install.sh
chmod +x openvpn-install.sh

Step 2 :

Run the installer :

./openvpn-install.sh

Now follow the onscreen instructions, below i’ve tried to cover them most of it :

you’ll be ask to choose the server ip (if you’ve NAT server the ip can be different) press enter :

Welcome to the OpenVPN installer!
The git repository is available at: https://github.com/angristan/openvpn-install

I need to ask you a few questions before starting the setup.
You can leave the default options and just press enter if you are ok with them.

I need to know the IPv4 address of the network interface you want OpenVPN listening to.
Unless your server is behind NAT, it should be your public IPv4 address.
IP address: 123.224.555.222

Now it will asks for ipv6 if available hit enter by selecting y :

Checking for IPv6 connectivity...

Your host appears to have IPv6 connectivity.

Do you want to enable IPv6 support (NAT)? [y/n]: y

Then it will ask to choose port and prompted with 3 options, I’ll choose Random by typing 3 and it will output some random port remember that port we need it later:

What port do you want OpenVPN to listen to?
   1) Default: 1194
   2) Custom
   3) Random [49152-65535]
Port choice [1-3]: 3

Next it will prompt to select UDP or TCP protocol. I’ll recommended to use UDP by selecting 1 for faster speed :

What protocol do you want OpenVPN to use?
UDP is faster. Unless it is not available, you shouldn't use TCP.
   1) UDP
   2) TCP
Protocol [1-2]: 1

Next it will ask you to select the DNS provider for VPN connection communication, I’ll select 9 for google dns :

What DNS resolvers do you want to use with the VPN?
   1) Current system resolvers (from /etc/resolv.conf)
   2) Self-hosted DNS Resolver (Unbound)
   3) Cloudflare (Anycast: worldwide)
   4) Quad9 (Anycast: worldwide)
   5) Quad9 uncensored (Anycast: worldwide)
   6) FDN (France)
   7) DNS.WATCH (Germany)
   8) OpenDNS (Anycast: worldwide)
   9) Google (Anycast: worldwide)
   10) Yandex Basic (Russia)
   11) AdGuard DNS (Anycast: worldwide)
   12) NextDNS (Anycast: worldwide)
   13) Custom
DNS [1-12]: 9

Next it will ask for if you want to enable compression, its not needed hit enter by selecting n :

Do you want to use compression? It is not recommended since the VORACLE attack make use of it.
Enable compression? [y/n]: n

Then it will ask to customize encryption, I’ll leave default settings and hit enter by selecting n :

Do you want to customize encryption settings?
Unless you know what you're doing, you should stick with the default parameters provided by the script.
Note that whatever you choose, all the choices presented in the script are safe. (Unlike OpenVPN's defaults)
See https://github.com/angristan/openvpn-install#security-and-encryption to learn more.

Customize encryption settings? [y/n]: n

At this point you’ve completed most of needed option now you’ll be prompted to proceed by clicking any key :

Okay, that was all I needed. We are ready to setup your OpenVPN server now.
You will be able to generate a client at the end of the installation.
Press any key to continue...

Now you can see installation is started it will take a minute or two to complete, then the script will ask you to enter the openvpn username client, I'll use alphagnuas client username:

Tell me a name for the client.
The name must consist of alphanumeric character. It may also include an underscore or a dash.
Client name: alphagnu

Next it will ask to add password or passwordless login, I’ll choose passwordless client by choosing 1 because auto-reconnect option work with it better :

Do you want to protect the configuration file with a password?
(e.g. encrypt the private key with a password)
   1) Add a passwordless client
   2) Use a password for the client
Select an option [1-2]: 1

thats it the script will now end and it will create client-username.ovpn in /root/vpn dir or check the path mentioned by the script , you need to download the .ovpn file to your pc and use it to connect via openvpn client download openvpn connect client from above link. Install the client and import the .ovpn file in client and connect.

Step 3 :

Add the openvpn port to firewall, as i asked you above to remember the openvpn port, you need to add that port to firewall UDP or TCP whatever you chosen the protocol to open list in and out

Step 4 :

To remove openvpn, add new user or to make changes to current user you need to run this script again :

cd /root/vpn
./openvpn-install.sh

it will show below options :

Welcome to OpenVPN-install!
The git repository is available at: https://github.com/angristan/openvpn-install

It looks like OpenVPN is already installed.

What do you want to do?
   1) Add a new user
   2) Revoke existing user
   3) Remove OpenVPN
   4) Exit

You all are familiar with word CACHE which usually represents performance benefits like cache can improve website’s loading speed and similarly cache will improve Linux server performance too in some places. Normally cache are managed by Linux Kernel efficiently and will be cleaned overtime when not in use. Cache cleaning is necessary to refresh and free up the system memory so a new version of cache can be built by eliminating old cache. In result it will help your Server to run even faster with fresh cache.

Let’s get started with the tutorial :

Please note it is not recommended running Level 3 cache on regular basis, use it when you need to free up memory and cache. It is recommend to use level 1 cache clearing only.

Here there are 3 levels of RAM cache clearing commands :

vm.drop_caches=1 : This is will clear pagecache – recommended

sync; echo 1 > /proc/sys/vm/drop_caches

vm.drop_caches=2 : This is will clear dentries and inodes

sync; echo 2 > /proc/sys/vm/drop_caches

vm.drop_caches=3 : This is will clear pagecache, dentries and inodes i.e. all cache are cleared

sync; echo 3 > /proc/sys/vm/drop_caches

Clear Swap Memory :

Clearing swap memory can take time depending disk speed and the size of the swap memory usage, to clear it simply run this command :

swapoff -a && swapon -a

** also don’t use cache clearing command under cron jobs, this commands should be run manually and automation is not recommended.

Here are the steps to check the SMTP port:

Open the Terminal or ssh on your server.

Type the following command to install telnet if it’s not already installed:

For centos/EL :-

yum install telnet

or for ubuntu/debian :-

apt install telnet

Type the following command and press Enter:

telnet server.alphagnu.com 25

use server.alphagnu.com hostname for better results or replace it with remote server ip or hostname

If the port is open, you will see a message like this:

[root@server]# telnet server.alphagnu.com 25
Trying 5.161.42.110...
Connected to server.alphagnu.com.
Escape character is '^]'.
220 server.alphagnu.com

This means that the SMTP port 25 is open and you can send emails.

If the port is closed or you cannot connect to the SMTP server, you will see an error message like this after 3-5 minutes of waiting:

[root@cwp ~]# telnet server.alphagnu.com 25
Trying 5.161.42.110...
telnet: connect to address 5.161.42.110: Connection timed out
Trying 2a01:4ff:f0:a15::1...
telnet: connect to address 2a01:4ff:f0:a15::1: Network is unreachable

This means that the SMTP port 25 is closed or there is a network restriction and preventing the connection.

If the port is closed, you may need to check your firewall settings or contact your network administrator to troubleshoot the problem.

Setup SSH Keys on your Windows computer/laptop using PuttyGEN
Step 1
Download PuttyGEN from the Homepage website.
Scroll down until you find puttygen.exe and download either 32 or 64bit version.

Step 2
Start PuttyGEN by double clicking on its icon

Step 3
From top menu, click on “Key” and select “SSH-2 RSA” and in the bottom right box change the number 2048 to 4096

Step 4
Click “Generate” button

Step 5
Move your mouse pointer around in the blank area of the Key section, below the progress bar (to generate some randomness) until the progress bar is full

Step 6
Click the “Save public key” button & choose whatever filename you’d like (some users create a folder in their computer named my_keys)

Step 7
Click the “Save private key” button & choose whatever filename you’d like

Quote

NOTE! Both public and private files will have to stay on your computer, do not delete them.

Step 8
Right-click in the text field labeled Public key for pasting into OpenSSH authorized_keys file and choose Select All, right-click again and choose Copy

Step 9
Login to your VPS or Dedicated server

Step 10
Run the following commands:

mkdir ~/.ssh
chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys

Step 11
Paste the SSH public key which you copied in step 8 into your ~/.ssh/authorized_keys file

Lets setup Putty on your Windows OS
Step 1
Start PuTTY by double-clicking its executable file

Step 2
PuTTY’s initial window is the Session Category (navigate PuTTY’s various categories, along the left-hand side of the window)

Step 3
In the Host Name field, enter the IP address of your VPS or its fully qualified domain name (FQDN)

Step 4
Enter the port number in the Port field (for added security, consider changing your server’s SSH port to a non-standard port.

Step 5
Along the left-hand side of the window, select the Data sub-category, under Connection

Step 6
Specify the username that you plan on using, when logging in to the SSH server, and whose profile you’re saving, in the Auto-login username field

Step 7
Expand the SSH sub-category, under Connection

Step 8
Highlight the Auth sub-category and click the Browse button, on the right-hand side of the PuTTY window

Step 9
Browse your file system and select your previously-created private key

Step 10
Return to the Session Category and enter a name for this profile in the Saved Sessions field, e.g. user@123.456.78.9 or user@host.yourdomain.tld

Step 11
Click the Save button

Now you can go ahead and log in to your server and you will not be prompted for a password.

Finally let’s disable username/password login on your vps/dedicated server
Step 1
Open /etc/ssh/sshd_config

nano /etc/ssh/sshd_config

Step 1
Lets change both “PasswordAuthentication” and “UsePAM” options to “no”

[...]
PasswordAuthentication no
[...]
UsePAM no
[...]

Step 2
Restart your SSH server

service sshd restart

Here are some common commands that you can use with CSF:

Start CSF:

To start CSF, use the following command:

csf -s

you can also use systemctl to restart csf and lfd server 

systemctl start csf lfd

Stop CSF:

To stop CSF, use the following command:

csf -x

you can also use systemctl to restart csf and lfd server 
 

systemctl stop csf lfd

Restart CSF:

To restart CSF, use the following command:

csf -r

you can also use systemctl to restart csf and lfd server 

systemctl restart csf lfd

Check CSF status:

To check the status of CSF, use the following command:

csf -status

Allow an IP address:

To allow an IP address through the firewall, use the following command:

csf -a 

you can add the comment after the ip with space

example :

Quote

csf -a 1.1.1.1 allowed by admin

Unblock an IP address:

To unblock an IP address that has been blocked by CSF, use the following command:

csf -dr 

Block an IP address:

To block an IP address, use the following command:

csf -d 

you can add the comment after the ip with space

example :

Quote

csf -d 1.1.1.1 blocked by admin

View blocked IP addresses:

To view a list of blocked IP addresses, use the following command:

csf -g

to find specific ip in blocked list use below command :

Quote

csf -g 1.1.1.1

Unblock all IP addresses:

To unblock all IP addresses that have been blocked by CSF, use the following command:

csf -df

Check for updates to csf but do not upgrade :

csf -c

To update CSF :

csf -u

To Force update :

csf -uf

Get an IP’s information country of origin & hostname/ptr :

csf -i IP

usage :

Quote

csf -i 1.1.1.1

Hope this helped and you can add your own commands below in the comment to help others.

Here are some Commands which need admin/root privilege

service_name is the name of the service you want to perform the action for.

Start a service:

To start a service, use the following command:

systemctl start service_name

Stop a service:

To stop a service, use the following command:

systemctl stop service_name

Restart a service:

To restart a service, use the following command:

systemctl restart service_name

Enable a service at boot:

To enable a service to start automatically at boot, use the following command:

systemctl enable service_name

Disable a service at boot:

To disable a service from starting automatically at boot, use the following command:

systemctl disable service_name

Check the status of a service:

To check the status of a service, use the following command:

systemctl status service_name

List all running services:

To list all running services, use the following command:

systemctl list-units --type=service --state=running

example :

[root@cwp ~]# systemctl list-units --type=service --state=running
UNIT                     LOAD   ACTIVE SUB     DESCRIPTION
amavisd.service          loaded active running Amavis mail content checker
atd.service              loaded active running Job spooling tools
cbpolicyd.service        loaded active running CWP Policyd for Postfix
clamd.service            loaded active running clamd scanner () daemon
console-getty.service    loaded active running Console Getty
crond.service            loaded active running Command Scheduler
cwp-phpfpm.service       loaded active running The PHP FastCGI Process Manager
cwpsrv-phpfpm.service    loaded active running The PHP FastCGI Process Manager
cwpsrv.service           loaded active running CentOS Web Panel service (daemon)
dbus.service             loaded active running D-Bus System Message Bus
dovecot.service          loaded active running Dovecot IMAP/POP3 email server
getty@tty2.service       loaded active running Getty on tty2
httpd.service            loaded active running Web server Apache
lfd.service              loaded active running ConfigServer Firewall & Security - lfd
mariadb.service          loaded active running MariaDB 10.11.2 database server
named.service            loaded active running Berkeley Internet Name Domain (DNS)
nginx.service            loaded active running nginx - high performance web server
opendkim.service         loaded active running DomainKeys Identified Mail (DKIM) Milter
php-fpm81.service        loaded active running The PHP FastCGI Process Manager
php-fpm82.service        loaded active running The PHP FastCGI Process Manager
postfix.service          loaded active running Postfix Mail Transport Agent
pure-ftpd.service        loaded active running Pure-FTPd FTP server
rsyslog.service          loaded active running System Logging Service
saslauthd.service        loaded active running SASL authentication daemon.
spamassassin.service     loaded active running Spamassassin daemon
sshd.service             loaded active running OpenSSH server daemon
systemd-journald.service loaded active running Journal Service
systemd-logind.service   loaded active running Login Service
systemd-udevd.service    loaded active running udev Kernel Device Manager
varnish.service          loaded active running Varnish Cache, a high-performance HTTP accelerator
xinetd.service           loaded active running Xinetd A Powerful Replacement For Inetd

Find a service name use grep :

systemctl list-units --type=service --state=running | grep keyword

example :

[root@server ~]# systemctl list-units --type=service --state=running | grep php
php-fpm81.service        loaded active running The PHP FastCGI Process Manager
php-fpm82.service        loaded active running The PHP FastCGI Process Manager

List all failed services:

To list all running services, use the following command:

systemctl list-units --type=service --state=failed

example :

[root@cwp ~]# systemctl list-units --type=service --state=failed
  UNIT                           LOAD   ACTIVE SUB    DESCRIPTION
* systemd-sysctl.service         loaded failed failed Apply Kernel Variables
* systemd-vconsole-setup.service loaded failed failed Setup Virtual Console
* vzquota.service                loaded failed failed LSB: Start vzquota at the end of boot

To Stop/masking a service strictly so no one or other programs can start it :

systemctl mask service_name

To unmasking a service and undo :

systemctl unmask service_name

Reload systemd configuration:

To reload the systemd configuration after changes is done or to just reload it, use the following command:

systemctl daemon-reload

View service logs:

To view the logs of a service, use the following command:

journalctl -u service_name

example :

[root@cwp ~]# journalctl -u httpd
-- Logs begin at Wed 2023-05-05 18:48:58 EDT, end at Sat 2023-05-06 15:20:01 EDT. --
Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Stopping Web server Apache...
Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Stopped Web server Apache.
Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Starting Web server Apache...
Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Started Web server Apache.
Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Reloading Web server Apache.
Aug 04 04:25:14 cwp.onefinehost.com systemd[1]: Reloaded Web server Apache.
Aug 04 04:25:15 cwp.onefinehost.com systemd[1]: Reloading Web server Apache.
Aug 04 04:25:15 cwp.onefinehost.com systemd[1]: Reloaded Web server Apache.
Aug 04 04:25:17 cwp.onefinehost.com systemd[1]: Stopping Web server Apache...

Use PHP Configuration (php.ini): Many PHP functions can be disabled or restricted through the PHP configuration file (php.ini). Access to this file is usually restricted to server administrators, so you may need to contact your hosting provider or server administrator to make changes.

Using php.ini or .user.ini :

Look or add the disable_functions directive in the php.ini or in .user.ini file and list/add the functions you want to disable, separated by commas. For example:

disable_functions = exec,system,passthru,popen,proc_open,shell_exec

**you need to restart Apache or php-fpm service after you added this directive.

Using .htaccess when using Apache php DSO - mod_php module : 

Use .htaccess (Apache): If you're using the Apache web server, you can also disable PHP functions via the .htaccess file in your web application's root directory. However, this method requires the "mod_php" module to be enabled, and you should have the necessary permissions to modify .htaccess.

Add the following line to your .htaccess file to disable a function:

php_flag disable_functions "exec, system, passthru, popen, proc_open, shell_exec"

**restart Apache service after you've added this directive.

Please note : Regularly update your PHP version and libraries, apply security patches to your CMS/scripts, and follow secure coding practices to build a robust and secure web application

This will also help you to determine that what exactly network speed your server provider is providing. Without waiting lets get started. Difficulty level : super easy

For Centos/EL 7/centos 8 stream/centos 9 stream

curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.rpm.sh | sudo bash
yum install speedtest

to run the speedtest type below command : 

speedtest

**accept the license by typing "yes"

For Ubuntu/Debian :

sudo apt-get install curl
curl -s https://packagecloud.io/install/repositories/ookla/speedtest-cli/script.deb.sh | sudo bash
sudo apt-get install speedtest

to run the speedtest type below command : 

speedtest

**accept the license by typing "yes"

For other OS : 

mkdir -p /usr/local/ookla
cd /usr/local/ookla
wget https://install.speedtest.net/app/cli/ookla-speedtest-1.2.0-linux-x86_64.tgz
tar zxvf ookla-speedtest-1.2.0-linux-x86_64.tgz

to run the speedtest type below command : 

cd /usr/local/ookla
./speedtest

**accept the license by typing "yes"

it will show the speed results like below : 

Speedtest by Ookla

      Server: Frontier - Ashburn, VA (id: 14229)
         ISP: Hetzner Online GmbH
Idle Latency:     0.32 ms   (jitter: 0.00ms, low: 0.31ms, high: 0.32ms)
    Download: 17904.35 Mbps (data used: 9.7 GB)
                  1.25 ms   (jitter: 0.27ms, low: 0.34ms, high: 1.86ms)
      Upload: 16385.81 Mbps (data used: 15.5 GB)
                  2.86 ms   (jitter: 0.79ms, low: 0.68ms, high: 7.50ms)
Packet Loss:     0.0%
  Result URL: https://www.speedtest.net/result/c/524965dc-5310-4b38-9ce6-218bf4de7d0b

To install MSSQL express edition follow the below steps :

First install some dependencies :-

yum install python2 compat-openssl10 openssl-devel

Second make python 2 default alternative interpreter :

alternatives --config python

Third Microsoft MSSQL repo :

For Centos 7/EL7 :

curl -o /etc/yum.repos.d/mssql-server.repo https://packages.microsoft.com/config/rhel/7/mssql-server-2019.repo

or Centos 8/EL8/AlmaLinux/RockyLinux :

curl -o /etc/yum.repos.d/mssql-server.repo https://packages.microsoft.com/config/rhel/8/mssql-server-2019.repo

Fourth Install MSSQL express server :

yum install mssql-server

Fifth Run mssql-conf via below command and choose the Express edition and accept the licensing and terms by typing “yes” :

/opt/mssql/bin/mssql-conf setup

** choose “Express” by typing the number you see Infront of it, also choose/enter the password fo “SA” user

Sixth enable MSSQL to run on boot :

systemctl enable mssql-server

you can restart, start and stop mssql-server as below :

systemctl start mssql-server
systemctl stop mssql-server
systemctl restart mssql-server

Install the SQL Server command-line tools

To install sqlcmd follow this :

For Centos 7/EL7 :

curl -o /etc/yum.repos.d/msprod.repo https://packages.microsoft.com/config/rhel/7/prod.repo

For 8/EL8/AlmaLinux/RockyLinux :

curl -o /etc/yum.repos.d/msprod.repo https://packages.microsoft.com/config/rhel/8/prod.repo

Then install the sqlcmd tool :

yum remove unixODBC-utf16 unixODBC-utf16-devel -y && yum install mssql-tools unixODBC-devel -y

Now set the environment variable :

echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile
echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc

Now update the current shell environment :

source ~/.bashrc

example :

you can connect to SA user with below command :

sqlcmd -S localhost -U SA -P 'YourPassword'

Log in to your Linux server as the root user.

Install Maldet by running the following command:

wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -xzf maldetect-current.tar.gz
cd maldetect-*/
sh install.sh

Update Maldet with the latest malware definitions by running the following command:

maldet -u

To scan a specific directory, run the following command:

maldet -a /path/to/directory

Replace “/path/to/directory” with the path to the directory you want to scan.

To scan all files on the server, run the following command:

maldet -a /
#or
maldet -a /home
#or
maldet -a /home/user/public_html

Note that this can take a long time to complete, depending on the size of your server and the number of files.

Maldet will output any suspicious files it finds. If it finds a file that it suspects is malware, it will quarantine it automatically if enable. You can view the quarantine list by running the following command:

maldet --quarantine list

If you want to restore a file from quarantine, run the following command:

maldet --quarantine restore ID

Replace “ID” with the ID of the file you want to restore, which you can find in the quarantine list.

That’s it! You’ve successfully scanned for viruses with Maldet.

For more advance malware/virus scanning and cleaning you can contact me (paid service low price)

No worry we can still install WDDX extension in php 7.4 follow this easy guide to this :Step 1 :

Building and installing WDDX php extension :

Step 1 :

wget https://github.com/php/pecl-text-wddx/archive/master.zip -O wddx.zip
unzip wddx.zip
cd pecl-text-wddx-master
phpize
./configure
make
make install

Quote

** find the proper path for phpize and add prefix for the php-config eg :
suppose you’ve installed php in /opt/alt/php/ then replace this

/opt/alt/php/usr/bin/phpize
./configure --with-php-config=/opt/alt/php/usr/bin/php-config

Step 2 :

Enabling WDDX php extension
In php.ini add this following line to enable WDDX :

extension=wddx.so

Restart apache/php-fpm/php-handler service done.

Step 3 :

Check wddx is installed correctly and loaded via this command :

php -m | grep wddx

If loaded successfully then result will look like :

[root@mysterydata]# php -m | grep wddx
wddx

Or check via php info page

Step 1 : 

Edit postfix master config  /etc/postfix/master.conf : 

nano /etc/postfix/master.conf

Step 2 : 

Find this lines and add this config : 

Quote

smtp      unix  -       -       n       -       -       smtp

and 

Quote

relay     unix  -       -       n       -       -       smtp

and below this two lines add this config : 

  -o smtp_bind_address=124.12.12.12

replace the ip with your second IP or the Ip you want to send email from

so the config will look like : 

smtp      unix  -       -       n       -       -       smtp
  -o smtp_bind_address=124.12.12.12 

relay     unix  -       -       n       -       -       smtp
  -o smtp_bind_address=124.12.12.12
  -o fallback_relay=

Step 3 : 

Restart postfix service : 

systemctl restart postfix

Suppose you’ve one ip configured for mail server and a user who sends lots of spam or his/her website got infected and sending spam from the infected scripts this leads to main mail ip for email sending will quickly get into blacklisted and all other genuine users who are using safe practices for mail sending will suffer because of that bad user. To cope with this situation you need to have per ip basis configuration for user if one user ip get blacklisted then other users will not be affected and you can bait that bad user by disabling mail sending.

Lets get started with the configuration before you configure ensure you’ve Multi ips are attached in your server network.

Create file called sdd_transport_maps.regexp in /etc/postfix/:

/@user1-domain\.tld$/       username1:
/@user2-domain\.tld$/       username2:
/@user3-domain\.tld$/       username3:

replace /@user1-domain\.tld$/ with domain.tld eg : /@alphagnu\.com$/
replace username1 with account username alphagnu
you can add like this for multi users and domains.

Now In /etc/postfix/master.cf create and add special transport lines called user1, user2, user3 and more user as per need :

username1  unix -       -       n       -       -       smtp
   -o smtp_bind_address=10.10.10.1
   -o smtp_helo_name=user1-domain.tld
   -o syslog_name=postfix-username1

username2  unix -       -       n       -       -       smtp
   -o smtp_bind_address=10.10.10.2
   -o smtp_helo_name=user2-domain.tld
   -o syslog_name=postfix-username2

username3  unix -       -       n       -       -       smtp
   -o smtp_bind_address=10.10.10.3
   -o smtp_helo_name=user3-domain.tld
   -o syslog_name=postfix-username3

Replace smtp_bind_address ip with the dedicated ip for the user account.

eg :

alphagnu  unix -       -       n       -       -       smtp
   -o smtp_bind_address=10.10.10.1
   -o smtp_helo_name=alphagnu.com
   -o syslog_name=postfix-alphagnu

In /etc/postfix/main.cf add sender_dependent_default_transport_maps line:

sender_dependent_default_transport_maps = regexp:/etc/postfix/sdd_transport_maps.regexp

reload/ restart postfix

service postfix restart

that’s it you’re done configuring it test by sending email.

Quote

A good Disk can give you performance benefits and boost your website’s speed and ranking.

Most server provider now a days provides SSD or SSD cached disk space even some provider also dealing with old magnetic HDD Disk to there clients which can hold data of 100-500 GBs (even TBs), hold on is that worth it?

In this article we’ll check DISK I/O speed of your server (VPS/Dedicated) via this simple commands.

Commands to check DISK I/O speed :

Command 1 :

dd if=/dev/zero of=test bs=64k count=16k conv=fdatasync && rm -rf test

eg. output :

[root@vpn ~]# dd if=/dev/zero of=test bs=64k count=16k conv=fdatasync && rm -rf test
16384+0 records in
16384+0 records out
1073741824 bytes (1.1 GB) copied, 1.95918 s, 548 MB/s

here you can see disk speed is incredibly fast enough “548 MB/s”  as this is pure SSD disk and of course a good Server provider.

If your Disk speed is lower than 80/85 mbps Consider moving to another provider.

Command 2 :

To Check Disk I/O latency using ioping

A tool to monitor I/O latency in real time. It shows disk latency in the same way as ping shows network latency.

Installation on Centos and Ubuntu OS :

Centos

yum install epel-release
yum install ioping

Ubuntu/Debian

apt-get install ioping

Run this command to start DISK I/O Latency test:

ioping -c 15 .

eg. output

[root@vpn ~]# ioping -c 15 .
4 KiB <<< . (simfs /dev/simfs): request=1 time=71.9 us (warmup)
4 KiB <<< . (simfs /dev/simfs): request=2 time=111.3 us
4 KiB <<< . (simfs /dev/simfs): request=3 time=99.3 us
4 KiB <<< . (simfs /dev/simfs): request=4 time=131.8 us
4 KiB <<< . (simfs /dev/simfs): request=5 time=134.5 us
4 KiB <<< . (simfs /dev/simfs): request=6 time=102.8 us
4 KiB <<< . (simfs /dev/simfs): request=7 time=116.0 us
4 KiB <<< . (simfs /dev/simfs): request=8 time=117.0 us
4 KiB <<< . (simfs /dev/simfs): request=9 time=117.0 us
4 KiB <<< . (simfs /dev/simfs): request=10 time=112.4 us
4 KiB <<< . (simfs /dev/simfs): request=11 time=122.4 us
4 KiB <<< . (simfs /dev/simfs): request=12 time=97.8 us (fast)
4 KiB <<< . (simfs /dev/simfs): request=13 time=125.6 us
4 KiB <<< . (simfs /dev/simfs): request=14 time=118.8 us
4 KiB <<< . (simfs /dev/simfs): request=15 time=128.6 us

--- . (simfs /dev/simfs) ioping statistics ---
14 requests completed in 1.64 ms, 56 KiB read, 8.56 k iops, 33.4 MiB/s
generated 15 requests in 14.0 s, 60 KiB, 1 iops, 4.29 KiB/s
min/avg/max/mdev = 97.8 us / 116.8 us / 134.5 us / 11.0 us

Here the average I/O Latency is 116.8 milliseconds (lower is better)

You can also check latency of the disk by this command :

ioping -c 10 -s 1M /tmp

TO Measure disk sequential speed :

ioping -RL /

or by disk name :

ioping -RL /dev/sda

TO measure DISK seek Rate :

ioping -R /

or by disk name :

ioping -R /dev/sda

To check mail queue:

mailq

To remove all mail from the queue:

postsuper -d ALL

To remove all mails in the deferred queue:

postsuper -d ALL deferred

EXTRA : 

To delete or remove maildrop queues run this command : 

find /var/spool/postfix/maildrop/ -type f | xargs rm  -rf

SCRIPT :

Also you can use this script to delete mail queue which contain certain keyword or email id :

cd /root
touch mailq-del.pl
chmod 775 mailq-del.pl
nano mailq-del.pl

and add this below code in mailq-del.pl and save it :

#!/usr/bin/perl
 
$REGEXP = shift || die "no email-adress given (regexp-style, e.g. bl.*\@gmail.com)!";
 
@data = qx</usr/sbin/postqueue -p>;
for (@data) {
  if (/^(\w+)(\*|\!)?\s/) {
     $queue_id = $1;
  }
  if($queue_id) {
    if (/$REGEXP/i) {
      $Q{$queue_id} = 1;
      $queue_id = "";
    }
  }
}
 
#open(POSTSUPER,"|cat") || die "couldn't open postsuper" ;
open(POSTSUPER,"|postsuper -d -") || die "couldn't open postsuper" ;
 
foreach (keys %Q) {
  print POSTSUPER "$_\n";
};
close(POSTSUPER);

example usage of script :

cd /root
./mailq-del.pl example@gmail.com
or
./mailq-del.pl keyword

FFmpeg is the leading multimedia framework, able to decode, encode, transcode, mux, demux, stream, filter and play pretty much anything that humans and machines have created. It supports the most obscure ancient formats up to the cutting edge.

Its pretty simple to Install Latest version of FFMPEG Just follow this steps :

Ensure you’re running kernel 3.2.x and above. Check kernel version via this command “uname -sr“

Supported operating systems :

EL/Centos 7/centos 8 stream/centos 9 stream

Ubuntu 18.04/20.4/latest os

Debian 9/10/11

and linux running kernel 3.2.x or above

Move/backup currently installed FFMPEG :

mv /usr/local/bin/ffmpeg /usr/local/bin/ffmpeg.bak
mv /usr/local/bin/ffprobe /usr/local/bin/ffprobe.bak
mv /usr/bin/ffmpeg /usr/bin/ffmpeg.bak
mv /usr/bin/ffprobe /usr/bin/ffprobe.bak
mv /usr/bin/qt-faststart /usr/bin/qt-faststart.bak
mv /usr/local/bin/qt-faststart /usr/local/bin/qt-faststart.bak

Download Latest version of FFMPEG :

cd /usr/local
rm -rf  ffmpeg
wget https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz
tar xf ffmpeg-release-amd64-static.tar.xz
rm -rf ffmpeg-release-amd64-static.tar.xz
mv ffmpeg-* ffmpeg

Now create symlinks for ffmpeg and ffprobe bin file :

ln -s /usr/local/ffmpeg/ffmpeg /usr/local/bin/ffmpeg
ln -s /usr/local/ffmpeg/ffprobe /usr/local/bin/ffprobe
ln -s /usr/local/ffmpeg/qt-faststart /usr/local/bin/qt-faststart
ln -s /usr/local/ffmpeg/ffmpeg /usr/bin/ffmpeg
ln -s /usr/local/ffmpeg/ffprobe /usr/bin/ffprobe
ln -s /usr/local/ffmpeg/qt-faststart /usr/bin/qt-faststart

Change the permission for the files :

chmod 755 /usr/local/ffmpeg/ffmpeg
chmod 755 /usr/local/ffmpeg/ffprobe
chmod 755 /usr/local/ffmpeg/qt-faststart

Use this FFMPEG and FFPROBE path in your script/application :

FFMPEG path :

/usr/local/bin/ffmpeg

FFPROBE path :

/usr/local/bin/ffprobe

Thats it you can now use FFMPEG and ffprobe Latest version, check version by typing “ffmpeg” :

[root@server local]# /usr/local/bin/ffmpeg
ffmpeg version 6.0-static https://johnvansickle.com/ffmpeg/  Copyright (c) 2000-2023 the FFmpeg developers
  built with gcc 8 (Debian 8.3.0-6)
  configuration: --enable-gpl --enable-version3 --enable-static --disable-debug --disable-ffplay --disable-indev=sndio --disable-outdev=sndio --cc=gcc --enable-fontconfig --enable-frei0r --enable-gnutls --enable-gmp --enable-libgme --enable-gray --enable-libaom --enable-libfribidi --enable-libass --enable-libvmaf --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg --enable-librubberband --enable-libsoxr --enable-libspeex --enable-libsrt --enable-libvorbis --enable-libopus --enable-libtheora --enable-libvidstab --enable-libvo-amrwbenc --enable-libvpx --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libdav1d --enable-libxvid --enable-libzvbi --enable-libzimg
  libavutil      58.  2.100 / 58.  2.100
  libavcodec     60.  3.100 / 60.  3.100
  libavformat    60.  3.100 / 60.  3.100
  libavdevice    60.  1.100 / 60.  1.100
  libavfilter     9.  3.100 /  9.  3.100
  libswscale      7.  1.100 /  7.  1.100
  libswresample   4. 10.100 /  4. 10.100
  libpostproc    57.  1.100 / 57.  1.100
Hyper fast Audio and Video encoder
usage: ffmpeg [options] [[infile options] -i infile]... {[outfile options] outfile}...

Composer can be installed in your server quickly and its very easy to install :-

Installation of Composer
Switch into the /usr/local/bin directory.

cd /usr/local/bin

Download and installing Stable version of Composer by using cURL :

curl https://getcomposer.org/composer-stable.phar -o composer

Fix the permission also this will create global access to composer i.e. user having shell access can execute composer :

chmod 755 /usr/local/bin/composer

For ubuntu/debian you need to follow this steps :

ln -s /usr/local/bin/composer /usr/bin/composer

That’s it composer is successfully installed.

you can now use composer command in shell to execute.

Check Composer version :

composer -V

eg. :

Quote

[root@server bin]# composer -V
Do not run Composer as root/super user! See https://getcomposer.org/root for details
Continue as root/super user [yes]? yes
Composer version 2.0.7 2020-11-13 17:31:06

Update composer upon new version releases :
to update composer you just need to run this command :

composer self-update

**it will update to stable latest version

Run different php version with the composer :
you need to user the full path for php bin and composer path with the composer sub command we use “install” command here as eg:

/path/to/php-bin /usr/local/bin/composer update
/path/to/php-bin /usr/local/bin/composer install

For CWP run composer as php selector and php-fpm selector :

For CWP php selector :

/opt/alt/php56/usr/bin/php /usr/local/bin/composer install
/opt/alt/php70/usr/bin/php /usr/local/bin/composer install
/opt/alt/php71/usr/bin/php /usr/local/bin/composer install
/opt/alt/php72/usr/bin/php /usr/local/bin/composer install
/opt/alt/php73/usr/bin/php /usr/local/bin/composer install
/opt/alt/php74/usr/bin/php /usr/local/bin/composer install
/opt/alt/php80/usr/bin/php /usr/local/bin/composer install
/opt/alt/php81/usr/bin/php /usr/local/bin/composer install
/opt/alt/php82/usr/bin/php /usr/local/bin/composer install

For CWP php-fpm selector :

/opt/alt/php-fpm56/usr/bin/php /usr/local/bin/composer install
/opt/alt/php-fpm70/usr/bin/php /usr/local/bin/composer install
/opt/alt/php-fpm71/usr/bin/php /usr/local/bin/composer install
/opt/alt/php-fpm72/usr/bin/php /usr/local/bin/composer install
/opt/alt/php-fpm73/usr/bin/php /usr/local/bin/composer install
/opt/alt/php-fpm74/usr/bin/php /usr/local/bin/composer install
/opt/alt/php-fpm80/usr/bin/php /usr/local/bin/composer install
/opt/alt/php-fpm81/usr/bin/php /usr/local/bin/composer install
/opt/alt/php-fpm82/usr/bin/php /usr/local/bin/composer install

For Cpanel/WHM :

ea-php71 /usr/local/bin/composer install
ea-php72 /usr/local/bin/composer install
ea-php73 /usr/local/bin/composer install
ea-php74 /usr/local/bin/composer install
ea-php80 /usr/local/bin/composer install
ea-php81 /usr/local/bin/composer install
ea-php82 /usr/local/bin/composer install

For other panel’s multi php refer to the official docs and paths for the php bin file

Troubleshoot :
if you get below error then php is not installed in default location you need to specify the path for php bin

/usr/bin/env: ‘php’: No such file or directory

The upgrade procedure is little bit complicated and you need to follow the below steps one by one :

Step 1 :

Backup all the data

mkdir /home/pgsql
chown -R postgres:postgres /home/pgsql
su - postgres
pg_dumpall > /home/pgsql/backup
exit

Step 2 :

Uninstalling/removing the current version of PostgreSQL :

systemctl stop postgresql
mv /var/lib/pgsql/data/ /home/pgsql/data.old
rpm -e --nodeps postgresql postgresql-devel postgresql-libs postgresql-server

If you already installed from official repo i.e. version 9,10,11 and 12 (skip this steps if you didn’t used official repo to install pgsql) do this :

systemctl stop postgresql-#
mv /var/lib/pgsql/#/data/ /home/pgsql/#/data.old
rpm -e --nodeps postgresql# postgresql#-devel postgresql#-libs postgresql#-server
replace “#”with the version number i.e. 9/10/11/12/13/14

Step 3 :

Now install the Latest version of PostgreSQL :

EL7/Centos 7 :

yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
yum install -y yum-utils centos-release-scl-rh
yum-config-manager --disable centos-sclo-rh
yum --enablerepo=centos-sclo-rh install llvm-toolset-7-clang
yum install postgresql15-server postgresql15-devel

EL8/Centos 8 :

dnf install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-8-x86_64/pgdg-redhat-repo-latest.noarch.rpm
dnf -qy module disable postgresql
dnf install postgresql15-server postgresql15-devel

Step 4 :

Now copying the configuration file to new installation of PostgreSQL :

Centos 7/8/EL7/EL8 :

su - postgres
mv /var/lib/pgsql/15/data/pg_hba.conf /var/lib/pgsql/15/data/pg_hba.conf.bak
wget -O https://www.alphagnu.com/upload/pg_hba.conf /var/lib/pgsql/15/data/pg_hba.conf
chown -R postgres:postgres /var/lib/pgsql/15/data/pg_hba.conf
/usr/pgsql-15/bin/initdb
exit

if you have used official repo to install pgsql (skip this step if you didn’t installed any pgsql from official repo before) :

su - postgres
/usr/pgsql-15/bin/initdb
cp /home/pgsql/#/data.old/pg_hba.conf /var/lib/pgsql/15/data/
cp /home/pgsql/#/data.old/postgresql.conf /var/lib/pgsql/15/data/
exit

replace “#” with version number you used above

Step 5 :

Now start PostgreSQL and enable it to start on boot :

systemctl enable postgresql-15
systemctl start postgresql-15

Step 6 :

Restore the previous backups done in Step 1

su - postgres
psql -d postgres -f /home/pgsql/backup

Step 7 :

Create symlink of new version of service :

systemctl stop postgresql
rm -rf /usr/lib/systemd/system/postgresql.service
ln -s /usr/lib/systemd/system/postgresql-15.service /usr/lib/systemd/system/postgresql.service
systemctl daemon-reload
systemctl stop postgresql-15.service
systemctl enable postgresql
systemctl restart postgresql

EXTRA upgrading phpPgAdmin in CWP :

cd /usr/local/cwpsrv/var/services
yum install cwpPgphp -y
yum reinstall cwpPgphp -y
mv phpPgAdmin phpPgAdmin.bak
wget https://github.com/phppgadmin/phppgadmin/releases/download/REL_7-13-0/phpPgAdmin-7.13.0.zip
unzip phpPgAdmin-7.13.0.zip
mv phpPgAdmin-7.13.0 phpPgAdmin
rm -rf phpPgAdmin-7.13.0.zip

Swap space in Linux is used when the amount of physical memory (RAM) is full. If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space. While swap space can help machines with a small amount of RAM, it should not be considered a replacement for more RAM. Swap space is located on hard drives, which have a slower access time than physical memory.

Protection against OOM (out of memory) errors, crashes, memory-related system unpredictability/instability.
Increases available memory to the system and allows more programs to be run concurrently & more safely
Prevent server non responsiveness/ hangs

Step 1 :
Follow this commands one by one :

cd /var
touch swap.img
chmod 600 swap.img

STEP 2 :
We’ll create 1GB (1024MB) of Swap :

dd if=/dev/zero of=/var/swap.img bs=1024k count=1000

if you want to create 2 gb swap increase the “count” value to “2000” for 3gb increase “count” to : “3000”

###############
2gb eg. :

dd if=/dev/zero of=/var/swap.img bs=1024k count=2000

3gb eg. :

dd if=/dev/zero of=/var/swap.img bs=1024k count=3000

###############
result will look like this :

[root@srv1 var]# dd if=/dev/zero of=/var/swap.img bs=1024k count=1000
1000+0 records in
1000+0 records out
1048576000 bytes (1.0 GB) copied, 3.30777 s, 317 MB/s

STEP 3 :
Creating swap img file :

mkswap /var/swap.img

result will look like this :

[root@srv1 var]# mkswap /var/swap.img
Setting up swapspace version 1, size = 1023996 KiB
no label, UUID=5813e8e7-1034-4700-84c2-c06905e26535

STEP 4 :
Enabling Swap :

swapon /var/swap.img

Checking Swap :

free -h
[root@srv1 var]# free -h
              total        used        free      shared  buff/cache   available
Mem:           1.9G        260M        144M         27M        1.6G        1.5G
Swap:          999M          0B        999M

Step 5 :
making it Enable during server boot, run the below command which will add entry in /etc/fstab :

echo "/var/swap.img    none    swap    sw    0    0" >> /etc/fstab

All done, you just enabled Swap partition on your server. let me know how it goes as i tried to make the tutorial as simple as could be.

TO create/modify/delete existing swap first off the swap :

Swap Off :

swapoff -a

Then delete the swap file :

rm -rf /var/swap.img

After deleting follow the STEPs above from very first (Skip Step 5 if already executed this command before) .

Open a terminal/ssh window.

Navigate to the directory where you want to search for big files. For example, to search for big files in your server root / directory, type:

cd /

Type the following command to list all files in the current directory and its subdirectories, sorted by size:

du -ah . | sort -rh | head -n 30

This command uses the du command to calculate the size of each file and the sort command to sort the results in reverse order. The head command is used to show only the first 30 results.

The output will show the size of each file in a human-readable format (such as “1.5M” or “10G”) and the path to the file.

You can modify the command to search for big files in a specific directory or to show more or fewer results. For example, to search for big files in the /home and /var/log directories and show the first 100 results, type:

du -ah /home | sort -rh | head -n 100
#or
du -ah /var/log | sort -rh | head -n 100

Bonus command:
To find big files all over the server disk / :

find / -mount -size +1024k -type f -exec ls -alh {} \;|sort -rnb -k 5|more
example :

[root@server ~]# find / -mount -size +1024k -type f -exec ls -alh {} \;|sort -rnb -k 5|more
-rw-r--r-- 1 clamupdate clamupdate 185M May  6 04:23 /var/lib/clamav/daily.cld
-rw-r--r-- 1 clamupdate clamupdate 163M Sep 22  2021 /var/lib/clamav/main.cvd
-rw------- 1 root mail 137M May  6 16:09 /var/spool/mail/root