Jump to content

Sandeep B.

Administrators
 View Profile  See their activity

  • Posts

    250

  • Joined

  • Last visited

  • Days Won

    7

 Content Type 

Everything posted by Sandeep B.

  1. Sandeep B.
    Installation of mod_passenger in CWP- Control WebPanel in Centos 7/EL7/Centos 8 Stream/El8 easily with this below steps provided. Ensure you run this command as root user. mod_passenger enables Phusion Passenger to host Ruby, Python, and Node.js apps on the Apache server. Phusion Passenger specializes in managing these types of apps by restarting them in the case of an app crash, keeping heavy-resource usage in check, and more. By enabling this feature, you will be able to add Ruby, Python, and Node.js apps onto your server. First install some requirements like ruby gem and rack and dependencies Centos 7/EL7 : yum install apr apr-devel ruby rubygem-rake ruby-devel curl-devel libcurl-devel apr-util apr-util-devel -y gem install "rubygems-update:<3.0.0" --no-document update_rubygems gem install rack -v 1.6.13 Centos 8 Stream/EL8/AlmaLinux/Rocky Linux/Oracle Linux : dnf install apr apr-devel ruby rubygem-rake ruby-devel curl-devel libcurl-devel apr-util apr-util-devel -y gem install rubygems-update gem update --system gem install rack Now install mod_passenger in CWP Apache mkdir -p /usr/local/pbuild cd /usr/local/pbuild rm -rf latest_stable_tarball passenger* wget https://www.phusionpassenger.com/latest_stable_tarball tar -xzvf latest_stable_tarball rm -rf /usr/local/pbuild/passenger-*.tar.gz mv /usr/local/pbuild/passenger-* /usr/local/pbuild/passenger cd /usr/local/pbuild/passenger/bin export APXS2=/usr/local/apache/bin/apxs export APR_CONFIG=/usr/bin/apr-1-config ./passenger-install-apache2-module you’ll get some prompts which you need to press enter and proceed with default options and don’t select another option until you know what you’re doing. Now add the module in Apache, select all, copy and paste in terminal/ssh and hit enter key: cat > /usr/local/apache/conf.d/passenger.conf << "EOF" LoadModule passenger_module /usr/local/src/pbuild/passenger/buildout/apache2/mod_passenger.so <IfModule mod_passenger.c> PassengerRoot /usr/local/pbuild/passenger PassengerDefaultRuby /usr/bin/ruby </IfModule> EOF then restart apache systemctl restart httpd you can check if mod_passenger is loaded in apache as module or not via this command. if the command outputs the passenger_module then you’re good to go : /usr/local/apache/bin/httpd -M | grep passenger
  2. Sandeep B.
    Today we’ll learn How to enable or Disable SHA1 system-wide cryptographic policy and why we’re disabling SHA-1? because SHA-1 hash function has an inherently weak design, and advancing cryptanalysis has made it vulnerable to attacks, Centos/RHEL 8 and Centos/RHEL 9 does not use SHA-1 by default. Nevertheless, some third-party applications, for example, public signatures, still use SHA-1. To disable the use of SHA-1 in signature algorithms on your system, you can use the NO-SHA1 policy module. DISABLE SHA-1 : update-crypto-policies --set DEFAULT:NO-SHA1 And reboot the system to apply it systemwide. ENABLE SHA-1 : In the internet there are thousands or lakhs of devices still uses SHA-1 Algorithm Like older OS for example Centos 6 peoples are still using it due to very light in resources and there old applications are still running there. From This old OS if you’re trying to connect to a modern OS like EL9/centos 9 for example with SSH you’ll get error like below : no hostkey alg If you check the error massage in modern OS it will show like below : To fix this you need to enable SHA-1 algorithm in your modern OS for example in EL9/Centos 9 : Run the below command to enable SHA-1 update-crypto-policies --set DEFAULT:SHA1 That’s it you’ve enabled System-wide crypto policy to enable SHA1 a system reboot will also recommended after enabling SHA1
  3. Sandeep B.
    In this tutorial we’ll learn how you can use openssl to generate CSR and RSA Private key. CSR is needed when you issue paid SSL certificate. A CSR (Certificate Signing Request) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). The CSR validates the information the CA requires to issue a certificate. RSA key is a private key based on RSA algorithm. Private Key is used for authentication and a symmetric key exchange during establishment of an SSL/TLS session. It is a part of the public key infrastructure that is generally used in case of SSL certificates. RSA keys are of 2 types for ssl certs i.e. the lengths are 2048 and 4096. This command will generate CSR and RSA private key within seconds For 2048 Key length : openssl req -nodes -newkey rsa:2048 -sha256 -keyout domainname.key -out domainname.csr For 4096 key length : openssl req -nodes -newkey rsa:4096 -sha256 -keyout domainname.key -out domainname.csr After you completed below form the 2 files are created domainname.key and domainname.csr in the same dir you’ve currently use pwd to get the current dir path you’ll be asked below questions : root@server:~# openssl req -nodes -newkey rsa:4096 -sha256 -keyout domainname.key -out domainname.csr Generating a RSA private key .....................................................................................................................................................................................................................................................................................++++ ........++++ writing new private key to 'domainname.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:IN State or Province Name (full name) [Some-State]:IN Locality Name (eg, city) []:IN Organization Name (eg, company) [Internet Widgits Pty Ltd]:WORDPRESS Organizational Unit Name (eg, section) []:BLOG Common Name (e.g. server FQDN or YOUR name) []:alphagnu.com Email Address []:emailid@gmail.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []:alphagnu **A challenge password should be empty hit enter key Type ls command to list if the files are generated : root@server:~# ls domainname.csr domainname.key
  4. Sandeep B.
    Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. It is a service provided by the Internet Security Research Group (ISRG). Basically they provide hassle free no cost ssl for your domains, recently Let’s Encrypt introduced WIldcard ssl for your domain, now you can use wildcard free ssl for your domain and for multiple subdomain with just single SSL cert (no need to issue certs for every subdomain) even WordPress MultiSite (https ) run fine with it. The key principles behind Let’s Encrypt are: Free: Anyone who owns a domain name can use Let’s Encrypt to obtain a trusted certificate at zero cost. Automatic: Software running on a web server can interact with Let’s Encrypt to painlessly obtain a certificate, securely configure it for use, and automatically take care of renewal. Secure: Let’s Encrypt will serve as a platform for advancing TLS security best practices, both on the CA side and by helping site operators properly secure their servers. Transparent: All certificates issued or revoked will be publicly recorded and available for anyone to inspect. Open: The automatic issuance and renewal protocol will be published as an open standard that others can adopt. Cooperative: Much like the underlying Internet protocols themselves, Let’s Encrypt is a joint effort to benefit the community, beyond the control of any one organization. In this tutorial we’ll cover and Issue Wildcard Let’s Encrypts ssl for domain. This tutorial will work on several Linux distributions like Redhat, CentOS (el7,el8), Ubuntu, fedora etc. Let’s get started :- Step 1 Change the directory to root : cd /root Step 2 For Let’s Encrypt to work we need ACME client protocol (also ensure cURL is installed) : yum install socat curl https://get.acme.sh | sh /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt OR yum install socat git git clone https://github.com/Neilpang/acme.sh.git cd ./acme.sh ./acme.sh --install /root/.acme.sh/acme.sh --set-default-ca --server letsencrypt you’ll see it will download and add acme script. Step 3 Issuing wildcard ssl for domain via command line : this command will ask you to add some dns TXT records for validation purpose it is necessory to add those record otherwise cert issuing will fail. acme.sh --issue -d alphagnu.com -d *.alphagnu.com --dns --force if you’re getting : It seems that you are using dns manual mode. Read this link first: https://github.com/Neilpang/acme.sh/wiki/dns-manual-mode then run this command (recommended): acme.sh --issue -d alphagnu.com -d *.alphagnu.com --dns --force --yes-I-know-dns-manual-mode-enough-go-ahead-please * replace alphagnu.com with your domain name after you run this command it will ask you to add TXT record like below : [root@demo ~]# acme.sh --issue -d alphagnu.com -d *.alphagnu.com --dns --force [Wed Mar 14 10:18:10 EDT 2018] Registering account [Wed Mar 14 10:18:13 EDT 2018] Registered [Wed Mar 14 10:18:13 EDT 2018] ACCOUNT_THUMBPRINT='MO7DtJidci1tp4CNPDUbQA0_jPjR3tKy8uQE-Q_Bb7k' [Wed Mar 14 10:18:13 EDT 2018] Creating domain key [Wed Mar 14 10:18:13 EDT 2018] The domain key is here: /root/.acme.sh/alphagnu.com/alphagnu.com.key [Wed Mar 14 10:18:13 EDT 2018] Multi domain='DNS:alphagnu.com,DNS:*.alphagnu.com' [Wed Mar 14 10:18:13 EDT 2018] Getting domain auth token for each domain [Wed Mar 14 10:18:15 EDT 2018] Getting webroot for domain='alphagnu.com' [Wed Mar 14 10:18:15 EDT 2018] Getting webroot for domain='*.alphagnu.com' [Wed Mar 14 10:18:15 EDT 2018] Add the following TXT record: [Wed Mar 14 10:18:15 EDT 2018] Domain: '_acme-challenge.alphagnu.com' [Wed Mar 14 10:18:15 EDT 2018] TXT value: 'YABz8SMXk_qqrIrUgx5_DWSjBUSuDsdvIxJ4RIEwMUQ' [Wed Mar 14 10:18:15 EDT 2018] Please be aware that you prepend _acme-challenge. before your domain [Wed Mar 14 10:18:15 EDT 2018] so the resulting subdomain will be: _acme-challenge.alphagnu.com [Wed Mar 14 10:18:15 EDT 2018] Add the following TXT record: [Wed Mar 14 10:18:15 EDT 2018] Domain: '_acme-challenge.alphagnu.com' [Wed Mar 14 10:18:15 EDT 2018] TXT value: 'j4x7b-mzV7cCYCHT_LfLaAW0wDYMeeYayMMvindIGko' [Wed Mar 14 10:18:15 EDT 2018] Please be aware that you prepend _acme-challenge. before your domain [Wed Mar 14 10:18:15 EDT 2018] so the resulting subdomain will be: _acme-challenge.alphagnu.com [Wed Mar 14 10:18:15 EDT 2018] Please add the TXT records to the domains, and retry again. [Wed Mar 14 10:18:15 EDT 2018] Please add '--debug' or '--log' to check more details. [Wed Mar 14 10:18:15 EDT 2018] See: https://github.com/Neilpang/acme.sh/wiki/How-to-debug-acme.sh You can see the TXT records are already mentioned here as : [Wed Mar 14 10:18:15 EDT 2018] Add the following TXT record: [Wed Mar 14 10:18:15 EDT 2018] Domain: '_acme-challenge.alphagnu.com' [Wed Mar 14 10:18:15 EDT 2018] TXT value: 'YABz8SMXk_qqrIrUgx5_DWSjBUSuDsdvIxJ4RIEwMUQ' [Wed Mar 14 10:18:15 EDT 2018] Add the following TXT record: [Wed Mar 14 10:18:15 EDT 2018] Domain: '_acme-challenge.alphagnu.com' [Wed Mar 14 10:18:15 EDT 2018] TXT value: 'j4x7b-mzV7cCYCHT_LfLaAW0wDYMeeYayMMvindIGko' Now you need to add this records don’t add this eg. use the actual TXT record which shown on your shell console (A records DNS and TXT record): A record _acme-challenge.alphagnu.com poiniting to the server IP TXT record _acme-challenge.alphagnu.com value : “YABz8SMXk_qqrIrUgx5_DWSjBUSuDsdvIxJ4RIEwMUQ” TXT record _acme-challenge.alphagnu.com value : “j4x7b-mzV7cCYCHT_LfLaAW0wDYMeeYayMMvindIGko” Add wildcard dns : *.alphagnu.com. 14400 IN A 107.152.32.123 * replace alphagnu.com with your domain name ultimately DNS config will look like this : Step 4 : After adding the DNS wait for the DNS propagation and run this command to issue the certs : acme.sh --renew -d alphagnu.com -d *.alphagnu.com --dns --force * replace alphagnu.com with your domain name Or (recommeneded) : acme.sh --renew -d alphagnu.com -d *.alphagnu.com --dns --force --yes-I-know-dns-manual-mode-enough-go-ahead-please * replace alphagnu.com with your domain name this is dns manual mode, it can not be renewed automatically. you will have to add a new txt record to your domain by your hand when you renew your cert. you can check TXT record updated or not via this command : dig -t txt dig -t txt _acme-challenge.alphagnu.com * replace alphagnu.com with your domain name all set, you’ll see certs are now issued successfully. Cert, Chain file and Private Key will be saved under : /root/.acme.sh/yourdomain.com with name : alphagnu.com.cer <<=== Cert file alphagnu.com.key <<=== Private Key fullchain.cer <<=== CA Chain file/bundle file Now you can use this file in ssl vhost just update/add the path (you can search on google how to add ssl vhost for nginx and Apache) : Also ensure you’ve enabled wildcard vhost for apache or nginx whatever your main webserver is. Or use multiple vhost with same cert paths as mentioned below. apache : SSLCertificateFile /root/.acme.sh/alphagnu.com/alphagnu.com.cer SSLCertificateKeyFile /root/.acme.sh/alphagnu.com/alphagnu.com.key SSLCertificateChainFile /root/.acme.sh/alphagnu.com/fullchain.cer nginx : ssl_certificate /root/.acme.sh/alphagnu.com/fullchain.cer; ssl_certificate_key /root/.acme.sh/alphagnu.com/alphagnu.com.key; * replace alphagnu.com with your domain name Step 5 : To renew the certs you just need to run this command ensure you run this command in 90 days, update TXT dns record if shown as mentioned above in step 3: acme.sh --issue -d alphagnu.com -d *.alphagnu.com --dns --force --yes-I-know-dns-manual-mode-enough-go-ahead-please or acme.sh --renew -d alphagnu.com -d *.alphagnu.com --dns --force --yes-I-know-dns-manual-mode-enough-go-ahead-please * replace alphagnu.com with your domain name Automatic Cert Renew (only if you used Auto DNS add via API): For more info about DNS api and how to do it visit this offiial page : https://github.com/Neilpang/acme.sh/tree/master/dnsapi Auto renew let’s encrypt certs via Cron job : add this daily cron for the auto renew check : 0 0 * * * "/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" > /dev/null
  5. Sandeep B.
    If you have a MariaDB/MySQL VPS server with 4GB of RAM, you can optimize its performance by following these steps: If you’re looking for more than 4gb of ram configuration just divide the value with 4 and multiply the result with the amount of RAM, for example : 256/4 = 64 and you want it for 8 gb of ram just multiply it with the result i.e. 64 x 8 = 512 For MariaDB : Edit the MariaDB configuration file /etc/my.cnf.d/server.cnf using your favorite text editor: nano /etc/my.cnf.d/server.cnf Add the following lines under the [mysqld] section: default-storage-engine = InnoDB innodb_flush_method = O_DIRECT innodb_log_file_size = 128M innodb_buffer_pool_size = 128M max_allowed_packet = 128M max_connections = 200 key_buffer_size = 256M tmp_table_size = 64M max_heap_table_size = 64M For MySQL : Edit the MySQL configuration file /etc/my.cnf using your favorite text editor: nano /etc/my.cnf Add the following lines under the [mysqld] section: default-storage-engine = InnoDB innodb_flush_method = O_DIRECT innodb_log_file_size = 128M innodb_buffer_pool_size = 128M max_allowed_packet = 128M max_connections = 200 key_buffer_size = 256M tmp_table_size = 64M max_heap_table_size = 64M After you’ve added this values restart MariaDB/Mysql server : MariaDB server restart : systemctl restart mariadb MySQL server restart : systemctl restart mysql mysqld
  6. Sandeep B.
    Today we’ll learn how you can enable query cache in MariaDB server, it has several caching mechanisms to improve performance the query cache stores results of SELECT queries so that if the identical query is received in future, the results can be quickly returned. This is extremely useful in high-read, low-write environments (such as most websites). It does not scale well in environments with high throughput on multi-core machines, so it is disabled by default. Here are the steps to enable query cache in MariaDB: Check if query cache is enabled: Before enabling query cache, you should check if it’s already enabled or not. You can do this by logging into your MariaDB server and executing the following command: SHOW VARIABLES LIKE 'query_cache_type'; example : type mysql in command line and hit enter it will bring the mysql console and then execute show variable command [root@server ]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.11.2-MariaDB-log MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> SHOW VARIABLES LIKE 'query_cache_type'; +------------------+-------+ | Variable_name | Value | +------------------+-------+ | query_cache_type | OFF | +------------------+-------+ 1 row in set (0.001 sec) If the value of query_cache_type is OFF, it means that query cache is not enabled. Enable query cache: To enable query cache, you need to modify the mariadb configuration file and add the below configs under [mysqld] section. For CWP/centos file is located in : /etc/my.cnf or /etc/my.cnf.d/server.cnf For ubuntu/Debian file is located in : /etc/mysql/my.cnf Open the file in a text editor and add the following lines: query_cache_type = 1 query_cache_size = 128M query_cache_limit = 4M The query_cache_type variable is set to 1 to enable query cache, query_cache_size specifies the size of the cache in megabytes, and query_cache_limit specifies the maximum size of a single query that can be cached. Restart MariaDB server: After modifying the my.cnf configuration file, you need to restart the MariaDB server to apply the changes. You can do this by running the following command: systemctl restart mariadb Verify query cache is enabled: To verify that query cache is enabled, you can log into the MariaDB server and execute the SHOW VARIABLES LIKE 'query_cache_type'; command again. If the value of query_cache_type is now ON, it means that query cache has been enabled. By following these steps, you can enable query cache in MariaDB and improve the performance of your database queries.
  7. Sandeep B.
    In this tutorial we’ll learn how you can install CXS in CWP -Control Web Panel wiht below simple steps. CSX is paid Program and you need license to install and use it : ConfigServer eXploit Scanner (cxs) is a server malware, exploit and antivirus scanner that performs active scanning of files as they are uploaded to the server For dedicated or virtual servers – protects all domains, IP addresses and users on the server Active (realtime), manual, and scheduled scanning can be performed Scans for suspected exploits, viruses, suspicious resources Quarantine or delete suspicious files Provides an easy to use interface within the root or admin control panel. Licensed on a per server basis, no limit on users or accounts. One time purchase price, includes software updates for the life of the product. No monthly fees. Buy the license here : LINK Install CXS in CWP steps : STEP 1 : cd /usr/src yum install perl-Linux-Inotify2 -y rm -f cxs* wget https://download.configserver.com/cxsinstaller.tgz tar -xzf cxsinstaller.tgz chattr -i -R /usr/local/cwpsrv/htdocs/admin/ perl cxsinstaller.pl 1.1.1.1 rm -fv cxsinstaller.* ** replace the 1.1.1.1 with your licensed server IP STEP 2 : Now got wo cwp admin dashboard and navigate : CWP.admin > Configserver Scripts >> ConfigServer Exploit Scanner >> cxs Command Wizard Choose all default settings and save it after run this command to use custom CLAM AV : sed -i '$ a clamdsock=/var/run/clamd.amavisd/clamd.sock' /etc/cxs/cxs.defaults Then Restart CXS service : service cxswatch restart STEP 3 : Make Directory Permission to 755 : in order to scanner to work you need to change the DIRECORY permission to 755, to do this all at once for all users run the below command: chmod 755 /home/*/public_html If you’ve domain/subdomains directory outside of public_html run below command to fix permission : chmod 755 /home/*/* Also you can create custom cron job to run every 15 minutes to fix the permission for new added users or domain/subdomain Add this cron job : */15 * * * * /usr/bin/chmod 755 /home/*/*
  8. Sandeep B.
    In this tutorial we’ll learn how to find big files in Linux, you can use the find command with the du command to search for the files. Here’s how to do it: Open a terminal/ssh window. Navigate to the directory where you want to search for big files. For example, to search for big files in your server root / directory, type: cd / Type the following command to list all files in the current directory and its subdirectories, sorted by size: du -ah . | sort -rh | head -n 30 This command uses the du command to calculate the size of each file and the sort command to sort the results in reverse order. The head command is used to show only the first 30 results. The output will show the size of each file in a human-readable format (such as “1.5M” or “10G”) and the path to the file. You can modify the command to search for big files in a specific directory or to show more or fewer results. For example, to search for big files in the /home and /var/log directories and show the first 100 results, type: du -ah /home | sort -rh | head -n 100 #or du -ah /var/log | sort -rh | head -n 100 Bonus command: To find big files all over the server disk / : find / -mount -size +1024k -type f -exec ls -alh {} \;|sort -rnb -k 5|more example : [root@server ~]# find / -mount -size +1024k -type f -exec ls -alh {} \;|sort -rnb -k 5|more -rw-r--r-- 1 clamupdate clamupdate 185M May 6 04:23 /var/lib/clamav/daily.cld -rw-r--r-- 1 clamupdate clamupdate 163M Sep 22 2021 /var/lib/clamav/main.cvd -rw------- 1 root mail 137M May 6 16:09 /var/spool/mail/root
  9. Sandeep B.
    Node.js is an open-source, cross-platform, JavaScript runtime environment that executes JavaScript code outside of a web browser. It allows developers to build server-side applications using JavaScript, which was traditionally used only on the client-side. One of the key features of Node.js is its non-blocking, event-driven I/O model, which allows applications to handle a large number of concurrent connections with relatively low memory overhead. This makes it well-suited for building real-time applications like chat applications, online games, and collaborative editing tools. Please note from version 18, Centos 7 is not supported due to older version of dependencies. To install Node.js 18 on CentOS using the NodeSource repository, you can follow these steps: Install the required packages: dnf install -y curl gnupg2 Add the NodeSource repository: curl -sL https://rpm.nodesource.com/setup_18.x | sudo bash - Disable nodejs module : dnf module disable nodejs Install Node.js: dnf install -y nodejs Verify that Node.js and npm are installed: node -v npm -v You’ve successfully installed Node.js 18 on your CentOS 8/9 system using the NodeSource repository.
  10. Sandeep B.
    In this tutorial we’ll check if SMTP port 25 is open for email sending out via Telnet on your Linux machine. Today most of the cloud provider disable the SMTP port 25 to prevent spamming issues. Remember Port 25 is needed to send emails out if it is closed you can’t send email out of the server via any ports despite it is open for you. Here are the steps to check the SMTP port: Open the Terminal or ssh on your server. Type the following command to install telnet if it’s not already installed: For centos/EL :- yum install telnet or for ubuntu/debian :- apt install telnet Type the following command and press Enter: telnet server.alphagnu.com 25 use server.alphagnu.com hostname for better results or replace it with remote server ip or hostname If the port is open, you will see a message like this: [root@server]# telnet server.alphagnu.com 25 Trying 5.161.42.110... Connected to server.alphagnu.com. Escape character is '^]'. 220 server.alphagnu.com This means that the SMTP port 25 is open and you can send emails. If the port is closed or you cannot connect to the SMTP server, you will see an error message like this after 3-5 minutes of waiting: [root@cwp ~]# telnet server.alphagnu.com 25 Trying 5.161.42.110... telnet: connect to address 5.161.42.110: Connection timed out Trying 2a01:4ff:f0:a15::1... telnet: connect to address 2a01:4ff:f0:a15::1: Network is unreachable This means that the SMTP port 25 is closed or there is a network restriction and preventing the connection. If the port is closed, you may need to check your firewall settings or contact your network administrator to troubleshoot the problem.
  11. Sandeep B.
    Brotli for web-server is the new modern compression module that is better than gzip/deflate, Also it is more secure since brotli only runs on HTTPS protocol. Just like gzip, Brotli is a lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate/gzip but offers more best compression. Gzip vs Brotli: The advantage for Brotli over gzip is that it makes use of a dictionary and thus it only needs to send keys instead of full keywords. Javascript files compressed with Brotli are 14-16% smaller than gzip. HTML files are 21-25% smaller than gzip. CSS files are 17-20% smaller than gzip. Lets Get started with the integration : Step 1 : Ensure Nginx web server is already installed on your server and install brotli ensure nginx is installed via official nginx repo check the guide here to install nginx from official repo: CLICK HERE Installing Brotli on your server: yum install pcre-devel cmake -y cd /usr/local/src git clone https://github.com/google/brotli.git cd brotli git checkout v1.0 ./configure-cmake make && make install Adding path for brotli dependencies files (run this commands one by one): grep "/usr/local/lib/" /etc/ld.so.conf || echo "/usr/local/lib/" >> /etc/ld.so.conf ldconfig Step 2 : Download This Nginx Static Brotli module 64bit : If you’re using mainline version of nginx please move to stable version of nginx in order to use this module Updated on : 17th April, 2023 For Stable Nginx 1.24.0 Brotli Module (tested on CWP| Custom env) cd /usr/lib64/nginx mkdir modules #skip if folder exists cd modules rm -rf ngx_http_brotli* wget --no-cache https://www.alphagnu.com/upload/nginx-brotli-modules.zip unzip nginx-brotli-modules.zip rm -rf nginx-brotli-modules.zip or cd /etc/nginx/modules rm -rf ngx_http_brotli* wget --no-cache https://www.alphagnu.com/upload/nginx-brotli-modules.zip unzip nginx-brotli-modules.zip rm -rf nginx-brotli-modules.zip How to update this module? just follow the upper step and then update nginx (don’t update nginx before) Step 3 : Now add nginx module configuration on “nginx.conf” : nginx.conf can be default found in the dir : /etc/nginx edit /etc/nginx/nginx.conf nano /etc/nginx/nginx.conf then add this lines to top of the config line i.e. on first line : load_module "modules/ngx_http_brotli_filter_module.so"; load_module "modules/ngx_http_brotli_static_module.so"; Now we need to add brotli compression configuration in nginx.conf file under/in http {section and before http closing }: # Compression brotli brotli on; brotli_comp_level 6; brotli_static on; brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-truetype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap; Example config placement in nginx.conf : load_module "modules/ngx_http_brotli_filter_module.so"; load_module "modules/ngx_http_brotli_static_module.so"; user nobody; worker_processes auto; #worker_rlimit_nofile 65535; error_log /var/log/nginx/error.log crit; pid /var/run/nginx.pid; events { worker_connections 1024; use epoll; multi_accept on; http { sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 3m; client_body_timeout 3m; client_max_body_size 256m; client_header_buffer_size 4k; client_body_buffer_size 256k; large_client_header_buffers 4 32k; send_timeout 3m; keepalive_timeout 60 60; reset_timedout_connection on; server_names_hash_max_size 1024; server_names_hash_bucket_size 1024; ignore_invalid_headers on; connection_pool_size 256; request_pool_size 4k; output_buffers 4 32k; postpone_output 1460; include mime.types; default_type application/octet-stream; # Compression brotli brotli on; brotli_comp_level 6; brotli_static on; brotli_types text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-truetype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap; # Compression gzip gzip on; gzip_vary on; gzip_disable "MSIE [1-6]\."; gzip_proxied any; gzip_min_length 512; gzip_comp_level 6; gzip_buffers 8 64k; gzip_types text/plain text/xml text/css text/js application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg image/svg+xml application/xml+rss text/javascript application/atom+xml application/javascript application/json application/x-font-ttf font/opentype; } You can adjust compression level for brotli to 0-11 “brotli_comp_level” eg. “brotli_comp_level 11” i’ll suggest to use value 6 save the file and restart nginx : Restart nginx Service : Before restarting check the nginx config is correct : nginx -t if it outputs successful proceed with restart service nginx restart or systemctl restart nginx Congratulation you’ve enabled brotli for nginx, here is how you can check it : Step 4 : Go to this site for the checks : https://tools.keycdn.com/brotli-test or via command line : For advanced user you can check content-encoding via http header : HTTP/2.0 200 OK server: nginx date: Wed, 15 May 2019 07:13:07 GMT content-type: text/html; charset=UTF-8 x-powered-by: PHP/7.3.5 vary: Accept-Encoding, Cookie cache-control: max-age=3, must-revalidate strict-transport-security: max-age=31536000; includeSubDomains; preload content-encoding: br X-Firefox-Spdy: h2
  12. Sandeep B.
    In this tutorial we’ll install most awaited php version in CWP control panel as php switcher. This easy guide will guide you upon how to install PHP 8 easily. PHP 8.2 comes with numerous improvements and new features such as: New readonly Classes Allow true, false, and null as Standalone Types Disjunctive Normal Form (DNF) Types Redact Sensitive Parameters in Back Traces New mysqli_execute_query Function and mysqli::execute_query Method Fetch enum Properties in const Expressions Allow Constants in Traits Deprecate Dynamic Properties (and New #[AllowDynamicProperties] Attribute) Deprecate Partially Supported Callables Deprecate #utf8_encode() and utf8_decode() Functions Deprecate ${} String Interpolation Deprecate mbstring Functions for Base64/QPrint/Uuencode/HTML Entities Remove Support for libmysql from mysqli Locale-Independent Case Conversion Random Extension Improvement PHP 8.2 will not support your current php scripts/cms/themes. Check before shifting to php 8.2., Latest version of WordPress works great with it also check the theme and plugin support by the devs. Step 1 : Building files which are required to compile php 8.2 Centos 7/el7 : yum install oniguruma oniguruma-devel gcc make gcc-c++ cpp kernel-headers.x86_64 libxml2-devel openssl-devel bzip2-devel libjpeg-devel libpng-devel freetype-devel openldap-devel postgresql-devel aspell-devel net-snmp-devel libxslt-devel libc-client-devel libicu-devel gmp-devel curl-devel libmcrypt-devel pcre-devel sqlite-devel db4-devel enchant-devel libXpm-devel mysql-devel readline-devel libedit-devel recode-devel libtidy-devel libtool-ltdl-devel libwebp libwebp-devel expat expat-devel libargon2 libargon2-devel Centos 8/stream/el8 : yum install oniguruma oniguruma-devel gcc make gcc-c++ cpp kernel-headers.x86_64 libxml2-devel openssl-devel bzip2-devel libjpeg-devel libpng-devel freetype-devel openldap-devel postgresql-devel aspell-devel net-snmp-devel libxslt-devel libc-client-devel libicu-devel gmp-devel curl-devel libmcrypt-devel pcre-devel sqlite-devel libdb-devel enchant-devel libXpm-devel mysql-devel readline-devel libedit-devel recode-devel libtidy-devel libtool-ltdl-devel libwebp libwebp-devel expat expat-devel libmemcached libmemcached-devel libargon2 libargon2-devel Now we’ll build libzip and pcre2 : Install EPEL : yum install epel-release Then install some more dependencies and remove the libzip package : Centos 7 : rpm -e --nodeps libzip libzip-devel yum -y install cmake3 cmake zlib-devel --enablerepo=epel Centos 8 : rpm -e --nodeps libzip libzip-devel yum install cmake zlib-devel ln -s /usr/bin/cmake /usr/bin/cmake3 Installing Latest version Libzip from source : cd /usr/local/src rm -rf libzip* wget https://github.com/mysterydata/md-disk/raw/main/libzip-1.10.0.tar.gz tar zxvf libzip* ## for centos 7 : cd libzip* ## for centos 8 : cd libzip*/ mkdir build cd build /usr/bin/cmake3 .. make && make install Installing Latest version pcre2 from source : cd /usr/local/src rm -rf pcre2* wget https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.42/pcre2-10.42.zip -O pcre2.zip unzip pcre2.zip ## for centos 7 : cd pcre2-* ## for centos 8 : cd pcre2-*/ ./configure make && make install Install Latest libavif for new AVIF GD image support: cd /usr/local/src rm -rf master* libavif-* build-dir wget https://github.com/mysterydata/md-disk/raw/main/libavif-0.11.1.zip unzip libavif-0.11.1 mkdir build-dir cd build-dir #Run this if you've centos 7/el7: cmake3 ../libavif-0.11.1 #Run this if you've centos 8/stream/el8 or up: cmake ../libavif-0.11.1 make make install Step 2 : Configuring pkg-config path variables run the below command : export PKG_CONFIG_PATH=/usr/local/lib/pkgconfig:/usr/local/lib64/pkgconfig After you installed deps and exporting path variable continue to install php 8 with this steps : rm -rf /usr/local/php-82 mkdir -p /usr/local/php-82 cd /usr/local/php-82 wget http://php.net/distributions/php-8.2.12.tar.gz tar zxvf php-8.2.12.tar.gz cd php-8.2.12 ./configure --with-config-file-path=/usr/local/php --enable-cgi --with-config-file-scan-dir=/usr/local/php/php.d --with-zlib=/usr --enable-mbstring --with-zip --enable-bcmath --enable-pcntl --enable-ftp --enable-exif --enable-calendar --enable-sysvmsg --enable-sysvsem --enable-sysvshm --with-tidy --with-curl --with-iconv --with-gmp --with-pspell --enable-gd --with-avif --with-jpeg --with-freetype --enable-gd-jis-conv --with-webp --with-zlib-dir=/usr --with-xpm --with-openssl --with-pdo-mysql=mysqlnd --with-gettext=/usr --with-bz2=/usr --with-mysqli --enable-soap --enable-phar --with-xsl --with-kerberos --enable-posix --enable-sockets --with-external-pcre --with-libdir=lib64 --with-mysql-sock=/var/lib/mysql/mysql.sock --enable-intl --with-password-argon2 --enable-litespeed --with-ldap=/usr --with-ldap-sasl=/usr make make install it will take some time depends on your server speed when it is finished you can check the php version via command : php -v eg : PHP 8.2.12 (cli) (built: November 10 2023 20:25:33) (NTS) Copyright (c) The PHP Group Zend Engine v4.2.1, Copyright (c) Zend Technologies if you’ve any question comment below
  13. Sandeep B.
    keep visiting 🙂 and share as far as you can, thank you
  14. Sandeep B.
    Upgrade/update/install latest curl version on EL OS platform (redhat/centos). You can also rely on the current OS curl version as it is updated regularly basis with security patches only, if you’re still not satisfied and want the latest features and updates just follow this guide to update curl to latest version. Short Description on curl : curl is a command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features. curl is used in command lines or scripts to transfer data. It is also used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, settop boxes, media players and is the internet transfer backbone for thousands of software applications affecting billions of humans daily. Let’s get started with the upgrade process : To update to the latest version of CURL running CWP7 server you need to follow below steps. Cityfan Curl remove : If you previously installed cityfan curl you need to remove it : rpm -e city-fan.org-release rm -rf /etc/yum.repos.d/city-fan.repo rpm -e --nodeps curl libcurl libcurl-devel rm -rf /usr/local/lib/libssh2.so.1 yum clean all yum install libcurl libcurl-devel curl Important ! Stop the future updates via yum/dnf package manager, if you skip this step then after each update of curl from base repo you need to rebuild curl Centos 7 /EL7 : cat /etc/yum.conf |grep "^exclude=curl*"|grep kernel 1> /dev/null 2> /dev/null || echo 'exclude=curl* libcurl*' >> /etc/yum.conf Centos 8/9 stream /EL8/EL9 : cat /etc/dnf.conf |grep "^exclude=curl*"|grep kernel 1> /dev/null 2> /dev/null || echo 'exclude=curl* libcurl*' >> /etc/dnf.conf Now you need install dependencies to build curl and libcurl: Centos 7 /EL7 : yum install libssh libssh-devel libnghttp2-devel libnghttp2 libgsasl libgsasl-devel zstd libzstd-devel libzstd brotli brotli-devel libbrotli Centos 8/9 stream /EL8/EL9 : dnf install libssh libssh-devel libnghttp2-devel libnghttp2 libgsasl libgsasl-devel zstd libzstd-devel libzstd brotli brotli-devel libbrotli After you've installed the dependencies build CURL from source Centos 7 /EL7 Centos 8/9 stream /EL8/EL9 : cd /usr/local/src rm -rf curl* wget https://curl.se/download/curl-8.3.0.zip unzip curl-8.3.0.zip cd curl-8.*/ ./configure --with-ssl --with-zlib --with-gssapi --enable-ldap --enable-ldaps --with-libssh --with-nghttp2 make make install then follow this steps to activate curl systemwide Centos 7 /EL7 Centos 8/9 stream /EL8/EL9 : rm -rf /usr/bin/curl.bak mv /usr/bin/curl /usr/bin/curl.bak ln -s /usr/local/bin/curl /usr/bin/curl After the successful built check the cURL version : curl -V curl 8.3.0 (x86_64-pc-linux-gnu) libcurl/8.3.0 OpenSSL/1.0.2k-fips zlib/1.2.7 brotli/1.0.9 zstd/1.5.5 libssh/0.7.1/openssl/zlib nghttp2/1.33.0 libgsasl/1.8.0 OpenLDAP/2.4.44 Release-Date: 2023-09-13 Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS brotli gsasl GSS-API HSTS HTTP2 HTTPS-proxy IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL UnixSockets zstd
  15. Sandeep B.
    install Latest version of curl on Ubuntu OS/server. By default Ubuntu curl version is old and doesn’t have any updated package available. You can follow this tutorial to install latest version of curl on Ubuntu server. Short Description on curl : curl is a command line tool and library for transferring data with URL syntax, supporting HTTP, HTTPS, FTP, FTPS, GOPHER, TFTP, SCP, SFTP, SMB, TELNET, DICT, LDAP, LDAPS, FILE, IMAP, SMTP, POP3, RTSP and RTMP. libcurl offers a myriad of powerful features. curl is used in command lines or scripts to transfer data. It is also used in cars, television sets, routers, printers, audio equipment, mobile phones, tablets, settop boxes, media players and is the internet transfer backbone for thousands of software applications affecting billions of humans daily. Step 1 : Remove current installed curl if installed : apt remove curl apt purge curl Step 2 : Install Curl dependencies : apt install -y build-essential libcurl4 openssl libssl-dev libssh-dev zlib1g-dev zlib libbrotli-dev brotli libkrb5-dev libldap2-dev librtmp-dev libpsl-dev libnghttp2-dev Step 3 : Download and Install curl : run this commands one by one in ssh terminal : cd /usr/local/src rm -rf curl* wget https://curl.se/download/curl-8.3.0.zip unzip curl-8.3.0.zip cd curl-8.*/ ./configure --with-ssl --with-zlib --with-gssapi --enable-ldap --enable-ldaps --with-libssh --with-nghttp2 make make install Step 4: Checking curl version : curl -V example output : root@mysterydata:# curl -V curl 8.3.0 (x86_64-pc-linux-gnu) libcurl/8.3.0 OpenSSL/1.1.1 zlib/1.2.11 brotli/1.0.4 libidn2/2.0.4 libpsl/0.19.1 (+libidn2/2.0.4) libssh/0.7.0/openssl/zlib nghttp2/1.30.0 librtmp/2.3 Release-Date: 2023-09-13 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp Features: AsynchDNS brotli GSS-API HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB PSL SPNEGO SSL TLS-SRP UnixSockets Thats it you’ve installed latest curl version on Ubuntu server Troubleshoot : if you get this errors : curl: symbol lookup error: curl: undefined symbol: curl_url_cleanup curl: symbol lookup error: curl: undefined symbol: curl_mime_free Run the below Steps ensure you’re using root (sudo): apt build-dep curl Then run Step 3 commands Now Run this command to build shared lib cache and links : ldconfig ZLIB not found or not installing *** Unable to locate package zlib you can install ZLib from repository : apt install zlib1g-dev zlib1g Zlib Install from DEB : For Ubuntu : cd /usr/local/src wget http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g_1.2.11.dfsg-2ubuntu5_amd64.deb wget http://security.ubuntu.com/ubuntu/pool/main/z/zlib/zlib1g-dev_1.2.11.dfsg-2ubuntu5_amd64.deb dpkg -i zlib1g_1.2.11.dfsg-2ubuntu5_amd64.deb dpkg -i zlib1g-dev_1.2.11.dfsg-2ubuntu5_amd64.deb Zlib Install from Source : cd /usr/local/src wget http://www.zlib.net/zlib1211.zip unzip zlib1211.zip cd zlib-1.2.11 ./configure --prefix=/usr/local/zlib make && make install
  16. Sandeep B.
    In this tutorial I’ll explain and provide solution script upon how you can clear all log files including old logs from CWP server. This tutorial is specially dedicated to the blog visitors who have emailed me to provide such solution. This script will clean all possible logs without affecting any service. Ensure you’ve logged in as root ssh user Solution 1 : Run CWP script to clean logs : /scripts/clean_all_server_logs Solution 2: To clear the log instantly you can run this bash script as i already created for your to make the task faster or else if you want to create by your own go to solution 3. curl -s -L https://www.alphagnu.com/upload/clear-sh.sh | bash Solution 3: First create a file in /root dir : cd /root nano clearlog.sh Then paste this Bash script and save it: #!/bin/bash truncate -s 0 /usr/local/apache/logs/*bytes truncate -s 0 /usr/local/apache/logs/*log truncate -s 0 /usr/local/apache/domlogs/*bytes truncate -s 0 /usr/local/apache/domlogs/*log truncate -s 0 /var/log/messages truncate -s 0 /var/log/maillog truncate -s 0 /var/log/*log truncate -s 0 /opt/alt/*/usr/var/log/php-fpm.log truncate -s 0 /usr/local/cwpsrv/logs/access_log truncate -s 0 /usr/local/cwpsrv/logs/error_log truncate -s 0 /var/log/cron truncate -s 0 /var/log/secure truncate -s 0 /var/log/cwp/services_action.log truncate -s 0 /var/log/cwp/cwp_sslmod.log truncate -s 0 /var/log/cwp/cwp_cron.log truncate -s 0 /var/log/cwpsecure/reject_003.log truncate -s 0 /var/log/cwp/cwp_backup.log truncate -s 0 /var/log/cwp/activity.log truncate -s 0 /usr/local/cwpsrv/var/services/roundcube/logs/errors truncate -s 0 /var/spool/amavisd/.razor/razor-agent.log truncate -s 0 /usr/local/cwp/php71/var/log/php-fpm.log truncate -s 0 /root/.acme.sh/cwp_certs/acme.sh.log rm -rf /var/log/maillog-* rm -rf /var/log/monit.log-* rm -rf /var/log/spooler-* rm -rf /var/log/messages-* rm -rf /var/log/secure-* rm -rf /var/log/pureftpd.log-* rm -rf /var/log/yum.log-* rm -rf /var/log/cron-* rm -rf /var/lib/clamav/tmp.* find /tmp/ -type f -name "sess_*" -exec rm {} \; rm -f /tmp/202*request_body-* echo "" > /var/spool/mail/root Change the permission : chmod 755 /root/clearlog.sh Now run this command to run the clear log script: sh /root/clearlog.sh Thats it the logs will be cleared you can go and check to the respected locations of the log. Cron Job : You can also create cron job like below by following solution 2 and create this cron job task according to your needs : TO run DAILY : 0 0 * * * /usr/bin/sh /root/clearlog.sh TO run Weekly : 0 0 * * 0 /usr/bin/sh /root/clearlog.sh TO run Monthly: 0 0 1 * * /usr/bin/sh /root/clearlog.sh
  17. Sandeep B.
    install mod_evasive module in CWP apache 2.4 to prevent from DDOS attacks. DDoS stands for Distributed Denial of Service. It is a malicious attack where multiple compromised computers are used to flood a target system or network with an overwhelming amount of traffic, causing it to become unavailable to legitimate users. mod_evasive is an Apache module designed to provide protection against Distributed Denial of Service (DDoS) attacks. It detects and blocks suspicious or malicious requests from reaching the web server, thereby mitigating the impact of such attacks. TO install mod_evasive module with apache 2.4.x follow this simple steps : Step 1 : yum install libtool git -y cd /usr/local/src rm -rf master* mod_evasive* wget https://github.com/shivaas/mod_evasive/archive/refs/heads/master.zip unzip master.zip cd mod_evasive-master /usr/local/apache/bin/apxs -a -i -c mod_evasive24.c at this point it will get installed, now go with configuration part : Step 2 : To configure mod_evasive create a configuration file named mod_evaisve.conf in apache conf.d dir : nano /usr/local/apache/conf.d/mod_evaisve.conf then paste this below config : <IfModule !evasive20_module> LoadModule evasive20_module modules/mod_evasive24.so </IfModule> <IfModule mod_evasive20.c> DOSHashTableSize 3097 DOSPageCount 2 DOSSiteCount 50 DOSPageInterval 1 DOSSiteInterval 1 DOSBlockingPeriod 10 DOSEmailNotify you@yourdomain.com </IfModule> save it and restart apache service systemctl restart httpd Parameters and Settings There are many mod_evasive parameters you can configure: DOSHashTableSize: Increase this for busier web servers. This configuration allocates space for running the lookup operations. Increasing the size improves the speed at the cost of memory. DOSPageCount: The number of requests for an individual page that triggers blacklisting. This is set to 2, which is low (and aggressive) – increase this value to reduce false-positives. DOSSiteCount: The total number of requests for the same site by the same IP address. By default, this is set to 50. You can increase to 100 to reduce false-positives. DOSPageInterval: Number of seconds for DOSPageCount. By default, this is set to 1 second. That means that if you don’t change it, requesting 2 pages in 1 second will temporarily blacklist an IP address. DOSSiteInterval: Similar to DOSPageInterval, this option specifies the number of seconds that DOSSiteCount monitors. By default, this is set to 1 second. That means that if a single IP address requests 50 resources on the same website in a single second, it will be temporarily blacklisted. DOSBlockingPeriod: The amount of time an IP address stays on the blacklist. Set to 10 seconds by default, you can change this to any value you like. Increase this value to keep blocked IP addresses in time-out for a more extended period. DOSLogDir: These logs can be reviewed later to evaluate client behavior. All logs can be found here for mod_evasive at : /usr/local/apache/logs/access_log mod_evaisve will block ddos connections with 400 error code and can be found in the access_log for apache Test if it works or not : cd /usr/local/src/mod_evasive-master perl test.pl if you’re behind nginx proxy edit the test.pl and change the port 80 to 8181 and then run the perl test.pl if the mod_evaisve is installed correctly the test.pl will output : HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request HTTP/1.1 400 Bad Request ...
  18. Sandeep B.
    In this tutorial we’ll learn how to install magento 2.4.x in CWP control panel. At the time of writing this tutorial CWP 7 (centos 7) have older version of MySQL server i.e. MariaDB 10.2 which is not supported by Magento 2.4.x. With recent CWP installation MariaDB 10.4 IS ALREADY THERE. CWP on centos 8 is fully supported by magento since it have Mariadb 10.4. Without wasting time lets get started. Centos 7 Only :- if you’re using Centos 8 CWP proceed with steps from Elastic search installation below. Remove Mariadb 10.1 or10.2 and update Mariadb 10.4: systemctl stop mariadb mysql mysqld Now edit/create the file run the commands one by one : ensure to remove the content of /etc/yum.repos.d/mariadb.repo > /etc/yum.repos.d/mariadb.repo nano /etc/yum.repos.d/mariadb.repo then paste this lines and save it (Remove any entries from mariadb.repo before pasting below if any): [mariadb] name = MariaDB baseurl = http://yum.mariadb.org/10.4/centos7-amd64 gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB gpgcheck=1 Now remove Mariadb 10.1, 10.2 and install 10.4 : systemctl stop mariadb mysql mysqld systemctl disable mariadb rpm --nodeps -ev MariaDB-server yum clean all yum -y update "MariaDB-*" yum -y install MariaDB-server Then Start MariaDB server : systemctl enable mariadb && systemctl mariadb start then upgrade the mysql dbs : mysql_upgrade --force Next we’ll install Elastic search which is required by Magento 2.4.xx For version Elastic Search 7 Centos 7 and Centos 8 (recommended) : cd /usr/local/src rm -rf elasticsearch* wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.8-x86_64.rpm wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-7.17.8-x86_64.rpm.sha512 shasum -a 512 -c elasticsearch-7.17.8-x86_64.rpm.sha512 rpm --install elasticsearch-7.17.8-x86_64.rpm For version Elastic Search 8.5 Centos 7 and Centos 8: cd /usr/local/src rm -rf elasticsearch* wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.3-x86_64.rpm wget https://artifacts.elastic.co/downloads/elasticsearch/elasticsearch-8.5.3-x86_64.rpm.sha512 shasum -a 512 -c elasticsearch-8.5.3-x86_64.rpm.sha512 rpm --install elasticsearch-8.5.3-x86_64.rpm After it is installed you need to start the service and enable it to start the service on boot startup : systemctl enable elasticsearch.service systemctl start elasticsearch.service You can test the service active and running via the status command : systemctl status elasticsearch.service Next we’ll Download Opensource Magento 2.4.x : you can follow your own way of installing Magento 2.4.x or follow this : Please note here “user” is the username of your user account in below commands. Download Magento : cd /home/user/public_html wget -c https://github.com/magento/magento2/archive/refs/tags/2.4.6-p1.zip -O magento24.zip unzip magento24.zip rsync -av magento2-2*/ . && rm -rf magento2-2* Now remove the “Options” config from .htaccess else you’ll get 500 Internal server Error cd /home/user/public_html sed -e '/Options/ s/^#*/#/' -i .htaccess pub/.htaccess Fix the user file and folder permission : cd /home/user/public_html chown -R user:user * Now install composer : Use this tutorial to install composer : How to Install Composer in CWP Then you need to enabled full shell access for the user from cwp admin >> Security >> Shell access and enable full shell access for the user now you need to login in ssh via user login details. go to public_html dir or where magento root dir is : cd /home/user/public_html Now run composer install command to install required magento dependencies: If you’re using php switcher version 7.3,7.4,8.0 or 8.1/8.2 run below command composer update composer install when running php selector 7.3,7.4,8.0 or 8.1/8.2 run below command respectively : /opt/alt/php73/usr/bin/php /usr/local/bin/composer update /opt/alt/php73/usr/bin/php /usr/local/bin/composer install /opt/alt/php74/usr/bin/php /usr/local/bin/composer update /opt/alt/php74/usr/bin/php /usr/local/bin/composer install /opt/alt/php80/usr/bin/php /usr/local/bin/composer update /opt/alt/php80/usr/bin/php /usr/local/bin/composer install /opt/alt/php81/usr/bin/php /usr/local/bin/composer update /opt/alt/php81/usr/bin/php /usr/local/bin/composer install /opt/alt/php82/usr/bin/php /usr/local/bin/composer update /opt/alt/php82/usr/bin/php /usr/local/bin/composer install when running php fpm 7.3,7.4,8.0 or 8.1/8.2 run below command respectively : /opt/alt/php-fpm73/usr/bin/php /usr/local/bin/composer update /opt/alt/php-fpm73/usr/bin/php /usr/local/bin/composer install /opt/alt/php-fpm74/usr/bin/php /usr/local/bin/composer update /opt/alt/php-fpm74/usr/bin/php /usr/local/bin/composer install /opt/alt/php-fpm80/usr/bin/php /usr/local/bin/composer update /opt/alt/php-fpm80/usr/bin/php /usr/local/bin/composer install /opt/alt/php-fpm81/usr/bin/php /usr/local/bin/composer update /opt/alt/php-fpm81/usr/bin/php /usr/local/bin/composer install /opt/alt/php-fpm82/usr/bin/php /usr/local/bin/composer update /opt/alt/php-fpm82/usr/bin/php /usr/local/bin/composer install Now go to the domain url and check this page is showing up if the magento version is showing there That's means everything is up and running and we can proceed with next step : Next Install Magento via Command line : Ensure you’re still login as user via ssh and in the magento installation dir, now run below command to install magento ensure you created DB, user db and user DB password created from cwp and replaced in below command : /opt/alt/php-fpm82/usr/bin/php bin/magento setup:install --base-url="https://www.domainname.tld/" --db-host="localhost" --db-name="magento_db" --db-user="magento_db" --db-password="db_password" --admin-firstname="admin" --admin-lastname="admin" --admin-email="youremail@domain.tld" --admin-user="admin" --admin-password="admin_pass" --language="en_US" --currency="USD" --timezone="America/Chicago" --use-rewrites="1" --backend-frontname="admin" ** Below are the pipe parameters you need to change To Change php path: #for php-fpm selector 7.4 : /opt/alt/php-fpm74/usr/bin/php #for php selector 7.4 : /opt/alt/php74/usr/bin/php #for php switcher 7.4 : /usr/local/bin/php or for php 8.1 : #for php-fpm selector 8.1 : /opt/alt/php-fpm81/usr/bin/php #for php selector 8.1 : /opt/alt/php81/usr/bin/php #for php switcher 8.1 : /usr/local/bin/php or for php 8.2 : #for php-fpm selector 8.2 : /opt/alt/php-fpm82/usr/bin/php #for php selector 8.2 : /opt/alt/php82/usr/bin/php #for php switcher 8.2 : /usr/local/bin/php Change magento site domain url : --base-url="https://www.domainname.tld/" Replace the DB details : --db-name="magento_db" --db-user="magento_db" --db-password="db_password" Replace admin details for magento : --admin-firstname="admin" --admin-lastname="admin" --admin-email="youremail@domain.tld" --admin-user="admin" --admin-password="admin_pass" After that you can see installation is started and after the end you can login to admin and do settings and create magento powered site via gui. it will show success message at last : [SUCCESS]: Magento installation complete. [SUCCESS]: Magento Admin URI: /admin Nothing to import. admin url will be : https://www.yourdomain.tld/admin Now Add cron Job /opt/alt/php-fpm82/usr/bin/php bin/magento cron:install Troubleshoot : if you not able to login to admin and want to reset the password for magento admin, you need to login to phpmyadmin with magento user db and password and run this command to reset the Magento admin password : go to SQL tab after selecting the correct db and run this command : UPDATE admin_user SET password = CONCAT(SHA2('xxxxxxxYourNewPassword', 256), ':xxxxxxx:1') WHERE username = 'admin'; replace only “YourNewPassword” with your new password and run the sql command by clicking GO button.
  19. Sandeep B.
    These functions allow you to access Oracle Database. They support SQL and PL/SQL statements. Basic features include transaction control, binding of PHP variables to Oracle placeholders, and support for large object (LOB) types and collections. Oracle’s scalability features such as Database Resident Connection Pooling (DRCP) and result caching are also supported. For el8/Centos 8/stream/Rocky/Almalinux : First download the required Oracle instantclient packages : cd /usr/local/src wget https://download.oracle.com/otn_software/linux/instantclient/215000/oracle-instantclient-basic-21.5.0.0.0-1.el8.x86_64.rpm wget https://download.oracle.com/otn_software/linux/instantclient/215000/oracle-instantclient-sqlplus-21.5.0.0.0-1.el8.x86_64.rpm wget https://download.oracle.com/otn_software/linux/instantclient/215000/oracle-instantclient-devel-21.5.0.0.0-1.el8.x86_64.rpm wget https://download.oracle.com/otn_software/linux/instantclient/215000/oracle-instantclient-jdbc-21.5.0.0.0-1.el8.x86_64.rpm Second Installation : cd /usr/local/src dnf localinstall oracle* --nogpgcheck For el7/Centos 7: First download the required Oracle instantclient packages : cd /usr/local/src wget https://download.oracle.com/otn_software/linux/instantclient/215000/oracle-instantclient-basic-21.5.0.0.0-1.x86_64.rpm wget https://download.oracle.com/otn_software/linux/instantclient/215000/oracle-instantclient-sqlplus-21.5.0.0.0-1.x86_64.rpm wget https://download.oracle.com/otn_software/linux/instantclient/215000/oracle-instantclient-devel-21.5.0.0.0-1.x86_64.rpm wget https://download.oracle.com/otn_software/linux/instantclient/215000/oracle-instantclient-jdbc-21.5.0.0.0-1.x86_64.rpm Second Installation : cd /usr/local/src yum localinstall oracle* --nogpgcheck Now install OCI8 php extension : Now you need to install oci8 php extension via below process, please note the versions for oci8 are sensitive with the php version. For php switcher : php 7.x : cd /usr/local/src wget https://pecl.php.net/get/oci8-2.2.0.tgz tar -zxvf oci8-2.2.0.tgz cd oci8-2.2.0 phpize ./configure make && make install php 8.0 (only): cd /usr/local/src wget https://pecl.php.net/get/oci8-3.0.1.tgz tar -zxvf oci8-3.0.1.tgz cd oci8-3.0.1 phpize ./configure make && make install php 8.1/8.2 (only): cd /usr/local/src wget https://pecl.php.net/get/oci8-3.2.1.tgz tar -zxvf oci8-3.2.1.tgz cd oci8-3.2.1 phpize ./configure make && make install Now add this line at the end of this file /usr/local/php/php.ini : extension=oci8.so Now you can check the phpinfo there you can see oci8 is now enabled. For php selector and php-fpm if you need to install oci8 for php 7.4 then replace phpize and ./configure with : **change 74 to 80 for php 8.0 or to 81 for php 8.1/8.2 For php selector 7.4 : /opt/alt/php74/usr/bin/phpize ./configure --with-php-config=/opt/alt/php74/usr/bin/php-conf For php-fpm 7.4: /opt/alt/php-fpm74/usr/bin/phpize ./configure --with-php-config=/opt/alt/php-fpm74/usr/bin/php-config example : cd /usr/local/src wget https://pecl.php.net/get/oci8-2.2.0.tgz tar -zxvf oci8-2.2.0.tgz cd oci8-2.2.0 /opt/alt/php74/usr/bin/phpize ./configure --with-php-config=/opt/alt/php74/usr/bin/php-config make && make install and then add this line in php.ini : extension=oci8.so **restart php-fpm service or stop the php service and start it from cwp php-fpm module.
  20. Sandeep B.
    This tutorial is Created on user’s request, today we’ll fix CWP GUI access, like when your server failed to update CWP or you’ve too strict firewall and its blocking the CWP update server and you’re getting white blank page with expired message in log or even 500 Internal server error for CWP-admin and CWP-user. This is easy to fix from now just follow the below steps one by one. For Centos7/Centos 8 stream/AlmaLinux/RockyLinux/OracleLinux/EL7/EL8 CWP-Admin : chattr -i -R /usr/local/cwpsrv/htdocs/admin/ cd /usr/local/cwpsrv/htdocs wget static.cdn-cwp.com/files/cwp/el7/cwp-el7-0.9.8.1176.zip unzip -o -q cwp-el7-0.9.8.1176.zip rm -f cwp-el7-0.9.8.1176.zip For Centos7/Centos 8 stream/AlmaLinux/RockyLinux/OracleLinux/EL7/EL8 CWP-User : chattr -i -R /usr/local/cwpsrv/var/services/ cd /usr/local/cwpsrv/var/services/ wget static.cdn-cwp.com/files/cwp/el7/cwp-services.zip unzip -o -q cwp-services.zip rm -f cwp-services.zip After you’ve ran the commands now next step is to update the CWP Server : sh /scripts/update_cwp That’s it CWP will be fixed now and you can able to access the GUI for Admin and User.
×
×
  • Create New...