Linux Web Hosting, DevOps, and Cloud Solutions

Empowering you with the knowledge to master Linux web hosting, DevOps and Cloud

Linux Web Hosting, DevOps, and Cloud Solutions

Category: Linux server Page 2 of 5

SSL Certificates: What They Are and Why Your Website Needs Them

By

On January 3, 2023

In Cloud, Linux server

Introduction

In today’s digital age, website security is more important than ever. One of the key components of website security is SSL (Secure Sockets Layer). SSL is a protocol for establishing secure, encrypted connections between a web server and a web browser. SSL (Secure Socket Layer) has historically been the standard encryption protocol for secure communication over the internet. However, it has been replaced by TLS (Transport Layer Security) as the standard encryption protocol. Despite this, SSL is still commonly used as a general term to refer to both SSL and TLS. In this article, we’ll explore what SSL is, why it’s important for website security, and how it works.

Definition of SSL
SSL is a security protocol that uses encryption to protect data transmitted between a web server and a web browser. SSL ensures that any data transmitted between the two parties is kept confidential, authenticated, and secure from unauthorized access. SSL is often used to secure online transactions, such as e-commerce purchases, online banking, and other sensitive data transmissions.

Importance of SSL in website security
Without SSL, data transmitted between a web server and a web browser is sent in plain text, which can be intercepted and read by hackers. SSL helps to prevent this by encrypting the data so that it cannot be intercepted or read. SSL also provides authentication, which ensures that the website being accessed is the genuine website and not a fake website designed to steal data. In addition, SSL provides integrity, which ensures that the data being transmitted has not been tampered with during transmission.
SSL helps prevent man-in-the-middle attacks, where an attacker intercepts the data being transmitted and alters it without the knowledge of the sender or receiver.

How SSL Works

Explanation of SSL handshake
When a web browser establishes a connection with a web server using SSL, a process called the SSL handshake occurs. During the SSL handshake, the web browser and web server exchange information and establish a secure, encrypted connection. The SSL handshake consists of the following steps:

1. The web browser sends a “hello” message to the web server, along with the SSL version number and the list of encryption algorithms that the browser supports.
2. The web server responds with a “hello” message, along with the SSL version number and the encryption algorithm that will be used for the connection.
3. The web server sends its SSL certificate to the web browser, which contains the public key needed to encrypt data sent to the server.
4. The web browser verifies the SSL certificate and sends a message to the web server to begin encrypting data.
5. The web server responds with a message indicating that it is ready to begin encrypting data.

SSL encryption and decryption process
Once the SSL handshake is complete and the secure connection has been established, all data transmitted between the web browser and the web server is encrypted. The data is encrypted using the encryption algorithm negotiated during the SSL handshake. When the encrypted data reaches the web server, it is decrypted using the private key associated with the SSL certificate.

Role of SSL certificates in SSL
SSL certificates are an essential component of SSL. SSL certificates are digital certificates that are used to verify the identity of a website and establish a secure, encrypted connection. SSL certificates contain information about the website, such as the domain name, the owner of the website, and the expiration date of the certificate. SSL certificates are issued by trusted third-party certificate authorities (CA) and must be installed on the web server.

In order to obtain an SSL certificate, the website owner must generate a Certificate Signing Request (CSR), which contains information about the website and the public key that will be used for encryption. The CSR is then submitted to a trusted third-party CA, who will verify the website’s identity before issuing the SSL certificate.

Types of SSL Certificates

SSL certificates come in different types, each with different validation requirements and levels of assurance. Here are the most common types:

1. Domain Validated (DV) SSL Certificates
Domain Validated (DV) SSL certificates are the most basic type of SSL certificate. They verify that the domain name is registered and under the control of the certificate applicant. DV certificates are easy to obtain and are usually issued within minutes of submitting a certificate signing request (CSR).

To get a DV SSL certificate, you simply need to prove that you own the domain name by responding to an email or uploading a file to your website. DV certificates only provide basic encryption and do not display any company information in the certificate details.

2. Organization Validated (OV) SSL Certificates
Organization Validated (OV) SSL certificates offer a higher level of assurance than DV certificates. In addition to validating the domain ownership, OV certificates also verify that the organization applying for the certificate is legitimate and registered to do business.

To obtain an OV SSL certificate, the applicant must provide additional information about their organization, such as business registration documents and legal information. OV certificates display the company name in the certificate details, which can help to build trust with website visitors.

3. Extended Validation (EV) SSL Certificates
Extended Validation (EV) SSL certificates are the highest level of SSL certificate and offer the strongest level of assurance. They provide the most visible sign of trust with a green address bar and the company name displayed in the certificate details.

To obtain an EV SSL certificate, the applicant must go through a rigorous validation process that includes verifying the legal, physical, and operational existence of the organization. This process can take several days to complete, but the result is a certificate that provides the highest level of assurance and trust.

EV certificates are typically used by high-profile websites such as banks, e-commerce sites, and government agencies that handle sensitive information.

Besides the standard SSL certificates, some Certificate Authorities (CA’s) also offer Wildcard SSL certificates. These can be used to secure multiple subdomains with a single certificate.

The Process of Getting an SSL Certificate

SSL certificates are issued by a trusted third-party called a Certificate Authority (CA). Getting an SSL certificate involves several steps, including choosing a CA, generating a Certificate Signing Request (CSR), and validating the SSL certificate.

Choosing a Certificate Authority (CA)
There are many CAs that offer SSL certificates, including popular options such as Let’s Encrypt, Comodo, DigiCert, and Symantec. When choosing a CA, consider factors such as the level of customer support, pricing, and the types of certificates they offer.

Generating a Certificate Signing Request (CSR)
A CSR is a file that contains information about your website and is used to apply for an SSL certificate. To generate a CSR, you will need to have access to your web server and use a tool such as OpenSSL to create the file.

When generating a Certificate Signing Request (CSR), you will need to provide the following information:

  • Common Name (CN): This is the domain name that you want to secure with SSL. For example, www.example.com.
  • Organization (O): The legal name of your organization.
  • Organizational Unit (OU): This is the department within your organization that is responsible for the certificate.
  • City/Locality (L): The city where your organization is located.
  • State/Province (ST): The state or province where your organization is located.
  • Country (C): The two-letter country code where your organization is located.
  • Email Address: An email address where the Certificate Authority (CA) can contact you if needed.

    Make sure to double-check your entries for accuracy as any errors may result in delays in obtaining your SSL certificate.

    Here’s how to generate a CSR using OpenSSL:

    1. Open a command prompt or terminal app.
    2. Run the following command to generate a private key: openssl genrsa -out private.key 2048
    3. Run the following command to generate a CSR: openssl req -new -key private.key -out mydomain.csr
    4. Follow the prompts to enter the required information, such as your website’s domain name, location, and contact information.

    Alternatively, you can use an online CSR generator tools from Namecheap or DigiCert, to generate a CSR.
    https://decoder.link/csr_generator
    https://www.digicert.com/easy-csr/openssl.htm?rid=011592

    It’s important to keep your private key safe and secure because it is required during the installation of your SSL certificate. If your private key is lost or compromised, your SSL certificate will no longer be valid and you will need to generate a new CSR and request a new SSL certificate.

    Validation of the SSL certificate
    Once you have generated a CSR, you will need to submit the CSR to the Certificate Authority (CA). CA will then needs to verify the SSL request. So, you will need to validate your domain ownership to obtain the SSL certificate. The type of validation required will depend on the type of SSL certificate you have chosen.

    a. Domain Validated (DV) SSL Certificates
    For DV SSL certificates, the CA will only validate that you own the domain for which you are requesting the certificate. There are three methods of domain validation that are commonly used:

  • Email Validation: The CA will send an email to a predefined email address associated with the domain, such as admin@yourdomain.com, and ask you to click on a link or reply with a code to confirm ownership.

  • DNS Validation: The CA will ask you to add a specific DNS record to your domain’s DNS settings. This proves that you have control over the domain’s DNS.

  • HTTP File Upload: The CA will ask you to upload a specific file to your website’s root directory. This proves that you have control over the domain and the website associated with it.

    b. Organization Validated (OV) SSL Certificates
    For OV SSL certificates, the CA will perform additional checks to validate the organization’s legal identity, including:

  • Checking the organization’s business registration documents
  • Checking the organization’s physical address and phone number
  • Verifying the organization’s name and the name of the person requesting the certificate

    c. Extended Validation (EV) SSL Certificates
    For EV SSL certificates, the CA will perform the most rigorous checks to validate the organization’s legal identity, including:

  • Checking the organization’s legal existence and business’s government registration documents
  • Checking the organization’s physical address and phone number
  • Verifying the organization’s name and the name of the person requesting the certificate
  • Conducting a thorough background check on the organization’s reputation and business practices

    Once the validation process is complete and the CA will issue the SSL certificate and then the certificate can be installed on the web server.

    In addition to purchasing SSL certificates from a CA, some web hosting providers offer free SSL certificates through Let’s Encrypt, a nonprofit CA that provides free SSL certificates to promote web security. This can be an affordable option for website owners who want to ensure their website is secure. You can also install certbot tools and obtain free SSL certificates from Let’s Encrypt if you have a root or SSH access to your server.

    Installing an SSL Certificate on Your Server
    The specific steps for installing an SSL certificate may vary depending on your server or service. Be sure to follow the instructions provided by your certificate authority or web server documentation.

    When you receive an SSL certificate for your domain, the Certificate Authority (CA) typically provides a zip file that contains the following files:

    SSL certificate: This is the primary certificate that contains your domain name, public key, expiration date, and other details. The certificate may be in different formats, such as .pem, .crt, or .cer.
    Intermediate certificate(s): These certificates form the chain of trust between the SSL certificate and the root certificate of the CA. They are required for SSL validation and may be included in the SSL certificate itself or provided as separate files.
    Root certificate: This certificate is at the top of the certificate chain and is used to establish trust. It may or may not be included in the SSL certificate.zip file.

    The correct order of installation would be:
    Domain certificate
    Intermediate certificate
    Root certificate

    Note that some SSL/TLS certificate providers may bundle the intermediate and root certificates together in a single file. If this is the case, you only need to install the bundled certificate and the domain certificate.

    You can find detailed instructions on how to install an SSL certificate on Nginx and Apache by following the links provided.

    How to install an SSL certificate on Ubuntu for Nginx

    How to install SSL with Apache on Ubuntu

    SSL and Website Security

    SSL or Secure Socket Layer is a widely used technology to encrypt the data being transmitted between a web server and a web browser. It provides a secure connection and helps protect against cyber attacks like phishing, data theft, and man-in-the-middle attacks. In this section, we will explore how SSL helps protect against cyber attacks and some best practices for SSL implementation to enhance website security.

    How SSL helps protect against cyber attacks:

    Data Encryption: SSL encrypts the data being transmitted between the server and the browser, ensuring that the information is protected and cannot be intercepted by third-party attackers.

    Authentication: SSL certificates provide authentication to the website, ensuring that the user is connecting to the correct website and not a malicious imposter.

    Trustworthiness: SSL certificates are issued by trusted third-party Certificate Authorities (CA), which helps establish the trustworthiness of the website.

    SSL best practices for website security:

    Use strong encryption algorithms: Always use the latest and most secure encryption algorithms, such as AES 256-bit encryption, to encrypt the data being transmitted.

    Keep SSL certificates up-to-date: Regularly update SSL certificates to ensure that they are not expired or revoked.

    Implement HTTPS: Always use HTTPS instead of HTTP to secure your website. HTTPS is a protocol that encrypts the data being transmitted over the internet and provides a secure connection.

    Common SSL vulnerabilities and how to avoid them:

    Weak Encryption: Always use strong encryption algorithms and keep them updated to avoid weak encryption.

    Insecure Certificates: Ensure that SSL certificates are issued by trusted third-party Certificate Authorities (CA) to avoid insecure certificates.

    Expired Certificates: Regularly update SSL certificates to avoid expired certificates, which can lead to vulnerabilities and cyber attacks.

    Conclusion

    In summary, SSL is an essential technology for ensuring secure communication between a website and its visitors. It uses a combination of encryption, authentication, and trust mechanisms to protect against eavesdropping, tampering, and phishing attacks. With the increasing reliance on online services and the growing sophistication of cyber threats, it is more important than ever to secure your website with SSL.

    To get started with SSL, you need to choose a certificate authority, generate a CSR, and complete the validation process. Once you have obtained your SSL certificate, you can install it on your server following the instructions provided by your web server software or hosting provider. Remember to keep your private key secure and regularly renew your SSL certificate to maintain the highest level of security.

    By using SSL, you can not only safeguard your visitors’ data and privacy, but also enhance your website’s reputation, trustworthiness, and search engine visibility. SSL is not just a best practice, but a necessity for any website that wants to thrive in the digital age. So, don’t wait any longer, get your SSL certificate today and start reaping the benefits of a secure website!

    • How to install Redmine on Ubuntu 22.04 with Apache and SSL

    By

    On August 3, 2022

    In Linux server


    How to install Redmine on Ubuntu 22.04

    Introduction
    Redmine is a powerful and versatile project management tool that can help teams stay organized, collaborate effectively, and track progress towards their goals. Originally developed for the Ruby on Rails community, Redmine is now used by thousands of organizations worldwide, from small startups to large enterprises.

    With Redmine, you can create projects and sub-projects, define tasks and issues, assign them to team members, set due dates and priorities, and track time spent on each task. You can also add comments and attachments to issues, create custom fields and workflows, and generate reports and graphs to visualize project status and progress.

    It is open-source software written in Ruby on Rails and is available under the GNU General Public License.

    Whether you’re a software development team, a marketing agency, a non-profit organization, or any other type of group that needs to manage projects and tasks, Redmine can be a valuable tool to help you stay on track, collaborate effectively, and achieve your goals. In this blog, we’ll explore some of the key features and use cases of Redmine, and provide tips and best practices for getting the most out of this powerful project management tool.

    In this tutorial, we will go through the steps of installing Redmine on an Ubuntu 22.04 server and secure it Let’s Encrypt SSL.

    Prerequisites:

    Ubuntu 22.04 Server
    Root or sudo user access
    A domain name pointed to the server is required for accessing Redmine via a web browser.

    Step 1: Update Ubuntu System
    The first step is to update the Ubuntu system to ensure that all the packages are up-to-date. You can do this by running the following command:
    sudo apt update
    Step 2: Install Dependencies
    Redmine requires several dependencies to be installed before it can be installed. To install them, run the following command:

    sudo apt install -y build-essential libmagickwand-dev libxml2-dev libxslt1-dev libffi-dev libyaml-dev zlib1g-dev libssl-dev git imagemagick libcurl4-openssl-dev libtool libxslt-dev ruby ruby-dev rubygems libgdbm-dev libncurses-dev

    Also, install Apache and Apache mod Passenger module
    sudo apt install -y apache2 libapache2-mod-passenger

    Note: libapache2-mod-passenger is a module for the Apache web server that enables the deployment of Ruby on Rails web applications. It provides an easy way to configure and manage Ruby on Rails applications within an Apache web server environment.

    Step 3: Create a Redmine User
    Create a dedicated Linux user for running Redmine:
    useradd -r -m -d /opt/redmine -s /usr/bin/bash redmine

    Add the user to the www-data group to enable Apache to access Redmine files:
    usermod -aG redmine www-data

    Step 4: Install and Secure MariaDB
    MariaDB is a popular open-source database management system and is used as the backend for Redmine. To install and secure MariaDB, run the following commands:
    sudo apt install -y mariadb-server

    Enable and run the database service.

    systemctl enable --now mariadb
    mysql_secure_installation

    Note: mysql_secure_installation is used to secure the installation by performing a series of security-related tasks, such as:

  • Setting a root password for the MySQL or MariaDB server.
  • Removing the anonymous user accounts, which are accounts without a username or password.
  • Disabling remote root logins, which can be a security vulnerability.
  • Removing the test database, which is a sample database that is not needed for most production environments.
  • Reloading the privilege tables to ensure that the changes take effect.

    Create a database and User. Replace the names of the database and the database user accordingly.

    mysql -u root -p
create database redminedb;
grant all on redminedb.* to redmineuser@localhost identified by 'P@ssW0rD';

    Reload privilege tables and exit the database.

    flush privileges;
quit

    Step 5: Download and Extract Redmine
    Download the latest version of Redmine and extract it to the /opt/redmine directory using the following command:

    curl -s https://www.redmine.org/releases/redmine-5.0.5.tar.gz | sudo -u redmine tar xz -C /opt/redmine/ --strip-components=1

    Create Redmine configuration file by renaming the sample configuration files as shown below;

    su - redmine
cp /opt/redmine/config/configuration.yml{.example,}
cp /opt/redmine/public/dispatch.fcgi{.example,}
cp /opt/redmine/config/database.yml{.example,}

    The sample configuration files are provided by Redmine as a starting point for configuring your installation.

    Step 6: Configure the Database
    Modify the config/database.yml file and update database name, username, and password for the production environment:

    nano /opt/redmine/config/database.yml
    In the file, replace the default configuration with the following:

    production:
  adapter: mysql2
  database: redminedb
  host: localhost
  username: redmineuser
  password: "P@ssW0rD"
  encoding: utf8mb4

    Since the configuration file is an yaml, you need to use proper Indentation.

    Save and close the file.

    Step 7: Install Bundler and Redmine Dependencies
    Install Bundler for managing gem dependencies and run the following commands:

    sudo gem install bundler

    Login as redmine user and execute below commands:

    su - redmine
bundle config set --local without 'development test'
bundle install
bundle update
exit

    Step 8: Configure File System Permissions
    Ensure that the following directories are available in the Redmine directory (/opt/redmine):

    tmp and tmp/pdf
    public and public/plugin_assets
    log
    files

    Create them if they don’t exist and ensure that they are owned by the user used to run Redmine:

    for i in tmp tmp/pdf public/plugin_assets; do [ -d $i ] || mkdir -p $i; done
chown -R redmine:redmine files log tmp public/plugin_assets
chmod -R 755 /opt/redmine

    Step 9: Configure Apache
    Create a new Apache virtual host file for Redmine:
    sudo nano /etc/apache2/sites-available/redmine.conf

    Paste the following configuration into the file:

    <VirtualHost *:80>
    ServerName redmine.linuxwebhostingsupport.in
    DocumentRoot /opt/redmine/public
    ErrorLog ${APACHE_LOG_DIR}/redmine-error.log
    CustomLog ${APACHE_LOG_DIR}/redmine-access.log combined
    <Directory /opt/redmine/public>
        Require all granted
        Options -MultiViews
        PassengerEnabled on
        PassengerAppEnv production
        PassengerRuby /usr/bin/ruby
    </Directory>
</VirtualHost>

    Save the file and exit the text editor. Replace redmine.linuxwebhostingsupport.in with your domain name.

    Enable the Redmine site by running the following command:

    sudo a2ensite redmine.conf

    Restart Apache to apply the changes:

    sudo systemctl restart apache2

    Allow Apache through the Ubuntu UFW firewall:

    sudo ufw allow 'Apache Full'

    Install Certbot and the Apache plugin for Let’s Encrypt:

    sudo apt install certbot python3-certbot-apache

    Adding Lets Encrypt SSL certificate

    You need to make sure your domain is properly pointed to the server IP, otherwise, Let’s encrypt will fail.

    Obtain an SSL certificate for your domain by running the following command:

    sudo certbot --apache

    Follow the on-screen instructions to complete the process.

    Restart Apache to apply the SSL configuration:

    sudo systemctl restart apache2

    Open your web browser and go to https://redmine.linuxwebhostingsupport.in/. You should see the Redmine home screen.

    Login to the admin area using your Redmine admin username and password. If this is your first login, you will need to reset your admin password.

    https://redmine.linuxwebhostingsupport.in/login

    Congratulations! You have successfully installed and configured Redmine on your Ubuntu server. In the previous steps, we have covered the installation and configuration of Redmine, including setting up the database, configuring Apache, and securing Redmine with Let’s Encrypt SSL.


    However, one critical aspect of Redmine that you might want to configure is email delivery for notifications. This feature is essential for keeping team members informed about project updates, new issues, and changes to existing issues. In this section, we will show you how to configure email delivery in Redmine.

    Configuring SMTP for Email Delivery in Redmine

    Redmine supports email delivery for notifications, which you can set up using the following steps:

    Step 1 – Open Configuration File

    First, you need to open the configuration.yml file in a text editor:

    sudo nano /opt/redmine/config/configuration.yml

    Step 2 – Configure Email Settings

    Next, scroll down to the production section of the file, uncomment the following lines by removing the # symbol at the beginning of each line, and replace the values with your SMTP server’s settings:

    # specific configuration options for production environment
# that overrides the default ones
production:
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      address: "your.smtp.server.com"
      port: 587
      domain: "your.domain.com"
      authentication: :login
      user_name: "your_email@example.com"
      password: "your_email_password"
      enable_starttls_auto: true
# specific configuration options for development environment
# that overrides the default ones

    Replace the values for address, port, domain, user_name, and password with your SMTP server’s settings:

    address: The address of your SMTP server.
    port: The port number to use for SMTP server (usually 587).
    domain: The domain name of your organization or server.
    user_name: The email address of the user account to use for sending emails.
    password: The password for the user account to use for sending emails.
    Save the configuration.yml file.

    Since the configuration file is an yaml, you need to use proper Indentation.

    Step 3 – Restart Apache

    Finally, restart Apache to apply the changes:

    sudo systemctl restart apache2
    And that’s it! Redmine is now configured to deliver email notifications to your team members.

    Conclusion

    Redmine is a powerful project management tool that can help you manage your software development projects effectively. In this blog post, we have covered the installation and configuration of Redmine on Ubuntu, including setting up the database, configuring Apache, securing Redmine with Let’s Encrypt SSL, and configuring email delivery.

    With these steps, you should now have a working Redmine installation that can help you track your projects, collaborate with your team, and stay on top of your development process. Good luck!

    • Step-by-Step Tutorial: Setting up Apache, MySQL, PHP (LAMP Stack) on Ubuntu 22.04 for Beginners

    By

    On April 23, 2022

    In Linux server

    What is a LAMP Stack?

    LAMP stack is a popular combination of open-source software that is used to run dynamic websites and web applications. The acronym LAMP stands for Linux (operating system), Apache (web server), MySQL (database management system), and PHP (scripting language).

    Linux provides the foundation for the LAMP stack, serving as the operating system on which the other software components are installed. Apache is the web server that handles HTTP requests and serves web pages to users. MySQL is a powerful database management system that is used to store and manage website data. PHP is a popular scripting language used to create dynamic web content, such as interactive forms and web applications.

    Together, these software components create a powerful platform for building and deploying web applications. The LAMP stack is highly customizable and widely used, making it an excellent choice for developers and system administrators alike.

    Prerequisites

    1. Ubuntu server: You will need an Ubuntu server to install the LAMP stack. You can use a Virtual/CLoud server or a physical server as per your requirement.

    2. SSH access: You will need SSH access to your Ubuntu server to be able to install the LAMP stack. SSH (Secure Shell) is a secure network protocol that allows you to access and manage your server remotely.

    3. Non-root user with sudo privileges: It is recommended that you use a non-root user with sudo privileges to install and configure the LAMP stack. This is because running as root can pose a security risk and may lead to unintended consequences if something goes wrong. You can also run the commands as root user.

    4. Basic familiarity with Linux command line: A basic understanding of how to use the Linux command line interface (CLI) to run commands and navigate your Ubuntu server is recommended, not mandatory.

    Installing a LAMP Stack on Ubuntu
    In this section, the process of installing a LAMP Stack on Ubuntu 22.04 LTS is outlined. These instructions can be applied to Ubuntu 20.04 LTS as well.

    A LAMP stack is a popular combination of open-source software used to run dynamic websites or web applications. LAMP stands for Linux (operating system), Apache (web server), MySQL (database management system), and PHP (scripting language). In this guide, we will walk you through the steps involved in installing and configuring a LAMP stack on an Ubuntu server.

    Step 1: Update Your Ubuntu Server
    Before we begin installing LAMP stack components, let’s update the server’s software packages by running the following command:

    sudo apt update && sudo apt upgrade

    Step 2: Install Apache
    Apache is the most widely used web server software. To install it, run the following command:

    sudo apt install apache2

    Once the installation is complete, you can check the status of Apache by running the following command:

    sudo systemctl status apache2
    This will display Apache’s status as either active or inactive.

    Step 3: Install MySQL
    MySQL is a popular open-source database management system. To install it, run the following command:

    sudo apt install mysql-server
    Once the installation is complete, you can check the status of MySQL by running the following command:

    sudo systemctl status mysql
    This will display MySQL’s status as either active or inactive.

    Step 4: Install PHP
    PHP is a popular server-side scripting language used to create dynamic web content. To install it, run the following command:

    sudo apt install php libapache2-mod-php php-mysql

    There are several additional PHP modules recommended for a CMS like WordPress. You can install them by running the command below:
    sudo apt-get install php-curl php-gd php-xml php-mbstring php-imagick php-zip php-xmlrpc
    After installing these modules, you will need to restart your Apache server for the changes to take effect. You can do this by running the following command:

    sudo systemctl restart apache2

    Setting up firewall rules to allow access to Apache web server

    UFW is the default firewall with Ubuntu systems, providing a simple command-line interface to configure iptables, the software-based firewall used in most Linux distributions. UFW provides various application profiles that can be utilized to manage traffic to and from different services. To view a list of all the available UFW application profiles, you can run the command:

    sudo ufw app list

    Output
    Available applications:
    Apache
    Apache Full
    Apache Secure
    OpenSSH

    These application profiles have different configurations for opening specific ports on the firewall. For instance:

    Apache: Allows traffic on port 80, which is used for normal, unencrypted web traffic.
    Apache Full: Allows traffic on both port 80 and port 443, which is used for TLS/SSL encrypted traffic.
    Apache Secure: Allows traffic only on port 443 for TLS/SSL encrypted traffic.

    To allow traffic on both port 80 and port 443(SSL), you can use the Apache Full profile by running the following command:

    sudo ufw allow in "Apache Full"

    You can verify that the change has been made by running the command:
    sudo ufw status

    Output

    Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                                
Apache Full                ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)                    
Apache Full(v6)            ALLOW       Anywhere (v6)

    To test if the ports are open and Apache web server is accessible, you can try visiting your server’s public IP address in a web browser using the URL http://your_server_ip. If successful, you should see the default Apache web page.

    If you can view this page, your web server is correctly installed and accessible through your firewall.

    Configuring the MySQL Database server
    Upon installation of MySQL, it is immediately available for use. However, in order to utilize it for web applications such as WordPress and improve the security of said applications, it is imperative to generate a database user and database. To complete the configuration process for MySQL, please adhere to the following steps.

    To configure MySQL and improve application security, follow these steps:

    1. Log in to the MySQL shell as the root user:

    sudo mysql -u root

    2. Using the MySQL shell, you can create the wpdatabase database and generate a new user account for accessing the web application. Instead of using the placeholders “dbuser” and “password” in the CREATE USER query, you should provide a real username and password. Furthermore, you should grant complete permissions to the user. After each line, MySQL should respond with “Query OK.”

    CREATE DATABASE wpdatabase ;
    CREATE USER 'dbuser' IDENTIFIED BY 'password';
    GRANT ALL ON wpdatabase .* TO 'dbuser';

    Exit the SQL shell:
    quit

    3. Set a password for root’@’localhost:

    sudo mysql
    ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password by 'password';

    Exit the SQL shell:
    quit

    Note: Replace “password” with a strong password.
    4. Use the mysql_secure_installation tool to increase database security:

    sudo mysql_secure_installation

    When prompted to change the root password, leave it unchanged. Answer Y for the following questions:

    Remove anonymous users?
    Disallow root login remotely?
    Remove test database and access to it?
    Reload privilege tables now?

    To log in to the MySQL shell as root after this change, use “sudo mysql -u root” and type “quit” exit the SQL Shell.

    It’s worth noting that when connecting as the root user, there’s no need to enter a password, despite having defined one during the mysql_secure_installation script. This is due to the default authentication method for the administrative MySQL user being unix_socket rather than password. Although it may appear to be a security issue, it actually strengthens the security of the database server by only allowing system users with sudo privileges to log in as the root MySQL user from the console or through an application with the same privileges. As a result, you won’t be able to use the administrative database root user to connect from your PHP application. However, setting a password for the root MySQL account acts as a precautionary measure in case the default authentication method is changed from unix_socket to password.

    Creating a Virtual Host for your Website

    In order to host multiple domains from a single server, Apache web server provides the capability to create virtual hosts. These virtual hosts are beneficial as they allow you to encapsulate configuration details for each domain. In this tutorial, we will walk you through setting up a domain named “example.com”. However, it is important to keep in mind that you should replace “example.com” with your own domain name.

    By default, Ubuntu 22.04’s Apache web server has a single virtual host that is enabled and configured to serve documents from the /var/www/html directory. While this is a workable solution for a single site, it becomes cumbersome when hosting multiple sites. Therefore, instead of modifying /var/www/html, we will create a directory structure within the /var/www directory specifically for the example.com site. In doing so, we will leave /var/www/html in place as the default directory to be served if a client request does not match any other sites.

    1. First, create a new directory for the “example.com” website files:

    sudo mkdir /var/www/example.com

    2. Assign the ownership of the directory to the web server user (www-data):

    sudo chown -R www-data:www-data /var/www/example.com

    3. Create a new virtual host configuration file for “example.com” using the nano text editor:

    sudo nano /etc/apache2/sites-available/example.com.conf

    4. Add the following configuration to the file, replacing “example.com” with your own domain name:

    <VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
    DocumentRoot /var/www/example.com

    <Directory /var/www/example.com>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
    CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
</VirtualHost>

    This configuration specifies that the “example.com” domain should use the files located in the /var/www/example.com directory as its document root.

    5. Disable the default Apache site configuration to avoid conflicts:

    sudo a2dissite 000-default.conf

    6. Enable the “example.com” site configuration:
    sudo a2ensite example.com.conf

    7. Restart Apache to apply the changes:
    sudo systemctl restart apache2

    8. Create a test “hello world” HTML file:
    sudo nano /var/www/example.com/index.html

    Add the following HTML code to the file:

    <!DOCTYPE html>
<html>
<head>
    <title>Hello World</title>
</head>
<body>
    <h1>Hello World!</h1>
</body>
</html>

    9. Save and close the file.

    10. Finally, configure your DNS records to point the “example.com” domain to your server’s IP address. Once the DNS records are updated, you can access the website by visiting “http://example.com” in your web browser.

    Testing the LAMP Stack Installation on Your Ubuntu Server
    To ensure that the LAMP stack configuration is fully functional, it’s necessary to conduct tests on Apache, PHP, and MySQL components. Verifying the Apache operational status and virtual host configuration was done earlier. Now, it’s important to test the interaction between the web server and PHP and MySQL components.

    The easiest way to verify the configuration of the Ubuntu LAMP stack is by using a short test script. The PHP code does not need to be lengthy or complex; however, it must establish a connection to MySQL. The test script should be placed within the DirectoryRoot directory.

    To validate the database, use PHP to invoke the mysqli_connect function. Use the username and password created in the “Configuring the MySQL Database server” section. If the attempt is successful, the mysqli_connect function returns a Connection object. The script should indicate whether the connection succeeded or failed and provide more information about any errors.

    To verify the installation, follow these steps:

    1. Create a new file called “phptest.php” in the /var/www/example.com directory.

    <html>
<head>
    <title>PHP MySQL Test</title>
</head>
    <body>
    <?php echo '<p>Welcome to the Site!</p>';

    // When running this script on a local database, the servername must be 'localhost'. Use the name and password of the web user account created earlier. Do not use the root password.
    $servername = "localhost";
    $username = "dbuser";
    $password = "password";

    // Create MySQL connection
    $conn = mysqli_connect($servername, $username, $password);

    // If the conn variable is empty, the connection has failed. The output for the failure case includes the error message
    if (!$conn) {
        die('<p>Connection failed: </p>' . mysqli_connect_error());
    }
    echo '<p>Connected successfully</p>';
    ?>
</body>
</html>

    2. To test the script, open a web browser and type the domain name followed by “/phptest.php” in the address bar. For example, if your domain name is “example.com”, you would enter “example.com/phptest.php” in the address bar. Make sure to substitute the actual name of the domain for “example.com” in the example provided.

    http://example.com/phptest.php

    3. Upon successful execution of the script, the web page should display without any errors. The page should contain the text “Welcome to the Site!” and “Connected successfully.” However, if you encounter the “Connection Failed” error message, review the SQL error information to troubleshoot the issue.

    Bonus: Install phpMyAdmin
    phpMyAdmin is a web-based application used to manage MySQL databases. To install it, run the following command:

    sudo apt install phpmyadmin
    During the installation process, you will be prompted to choose the web server that should be automatically configured to run phpMyAdmin. Select Apache and press Enter.

    You will also be prompted to enter a password for phpMyAdmin’s administrative account. Enter a secure password and press Enter.

    Once the installation is complete, you can access phpMyAdmin by navigating to http://your_server_IP_address/phpmyadmin in your web browser.

    Congratulations! You have successfully installed and configured a LAMP stack on your Ubuntu server.

    Summary
    This guide walks through the process of setting up a LAMP Stack, a combination of the Linux operating system, Apache web server, MySQL RDBMS, and PHP programming language, to serve PHP websites and applications. The individual components are free and open source, designed to work together, and easy to install and use. Following the steps provided, you can install the LAMP Stack on Ubuntu 22.04 LTS using apt, configure the Apache web server, create a virtual host for the domain, and integrate the MySQL web server by creating a new account to represent the web user. Additional PHP packages are required for Apache, PHP, and the database to communicate. A short PHP test script can be used to test the new installation by connecting to the database.

    Adding Domain Aliases in iRedMail: A Simple bash script

    By

    On March 28, 2022

    In iRedmail Mailserver, Linux server

    iRedMail is a powerful and open-source mail server solution that simplifies the process of setting up and managing email services. It supports popular email protocols, including IMAP, POP3, and SMTP, and can be used to host multiple email domains. In this guide, we’ll explore how to add domain aliases to iRedMail’s free version with a MySQL backend.

    What Are Domain Aliases?
    Domain aliases are additional domain names that point to an existing email domain. For example, if you have a primary domain like example.com, you can set up domain aliases like domain.ltd so that emails sent to username@domain.ltd are delivered to the corresponding mailbox of username@example.com. Domain aliases are a convenient way to manage multiple email addresses under a single domain.

    The Bash Script:
    Here’s a Bash script that simplifies the process of adding domain aliases in iRedMail. You can use this script to automate the task:

    #!/bin/bash

# Author: 	Abdul Wahab
# Website: 	Linuxwebhostingsupport.in
# Print purpose and note
printf "Purpose: Add an alias domain in iRedMail. \n\n"
printf "Note: Let's say you have a mail domain example.com hosted on your iRedMail server, if you add domain name domain.ltd as an alias domain of example.com, all emails sent to username@domain.ltd will be delivered to user username@example.com's mailbox. So here domain.ltd is the alias domain and example.com is the traget domain \n\n"

# Prompt the user to enter the alias domain name
read -p "Enter the alias domain name: " ALIAS_DOMAIN

# Prompt the user to enter the target domain name
read -p "Enter the target domain name: " TARGET_DOMAIN

# Connect to the vmail database and check if the target domain exists in the domain table
RESULT=`mysql vmail -N -B -e "SELECT COUNT(*) FROM domain WHERE domain='$TARGET_DOMAIN'"`
if [ $RESULT -ne 1 ]
then
  echo "Error: The target domain $TARGET_DOMAIN does not exist in the domain table. You need to add the target domain first"
  exit 1
fi

# Insert the alias domain record
mysql vmail <<EOF
INSERT INTO alias_domain (alias_domain, target_domain)
VALUES ('$ALIAS_DOMAIN', '$TARGET_DOMAIN');
EOF

# Print completion message
echo "Alias domain $ALIAS_DOMAIN has been added for $TARGET_DOMAIN."

    How to Use the Script:

    Copy the provided Bash script into a text file, e.g., add_domain_alias.sh.
    Make the script executable by running the following command:

    chmod +x add_domain_alias.sh

    Execute the script by running ./add_domain_alias.sh in your terminal.
    Follow the prompts to enter the alias domain and target domain names.
    The script will connect to the MySQL database and insert the alias domain record.

    Conclusion:
    Adding domain aliases in iRedMail is a straightforward process, and the provided Bash script can simplify it even further. With domain aliases, you can efficiently manage multiple email addresses under a single domain, enhancing your email hosting capabilities.

    Feel free to use this script to streamline your iRedMail email domain management, making it easier to accommodate various email addresses and domains.

    How to remove or compress huge MySQL general and query log table

    By

    On June 6, 2018

    In Cpanel and WHM, Linux server, Plesk

    How to remove or compress huge MySQL general and query log table

    If you have enabled MySQL general or slow logging, it can create quite big log, depending upon your MySQL usage/queries.
    So we may have to periodically clear them to save space.

    Please note that MySQL can save logs to either table or files. This document assumes you are using table as log output.

    Files: slow_log.CSV and general_log.CSV (The location and the name of the file can be different)

    By default, logging is to CSF file.

    MYSQL supports run time clearing of these logs. So no need to restart the MySQL service.
    Never delete the CSV file directly. It can crash MySQL.

    Slow query log

    SET GLOBAL slow_query_log='OFF';
DROP TABLE IF EXISTS slow_log2;
CREATE TABLE slow_log2 LIKE slow_log;
RENAME TABLE slow_log TO slow_log_backup, slow_log2 TO slow_log;
gzip /var/db/mysql/mysql/slow_log_backup.CSV 
DROP TABLE  slow_log_backup;
SET GLOBAL slow_query_log = 'ON';

    General log

    USE mysql;
SET GLOBAL general_log = 'OFF';
DROP TABLE IF EXISTS general_log2;
CREATE TABLE general_log2 LIKE general_log;
RENAME TABLE general_log TO general_log_backup, general_log2 TO general_log;
gzip /var/db/mysql/mysql/general_log_backup.CSV 
DROP TABLE  general_log_backup;

    What we did is create new log table, move current log file to a backup copy and compress the backup and remove it.

    Password protect phpMyAdmin through CentOS Web panel(CWP)

    By

    On May 16, 2018

    In Linux server

    phpMyAdmin is installed with CentOS Web Panel. By default, it is not protected and there is only MySQL user authentication. This can put your server vulnerable. So it is recommended to add additional layer protection.

    phpMyAdmin is available through the following url in a CWP based server.

    http:/hostname/phpmyadmin
    http:/hostname:2030/pma

    CWP panel runs its core services through its own version of Nginx. So normal htaccess based password protection will not work.

    Create the Password File

    You can do this by using the OpenSSL utilities that may already be available on your server. Alternatively, you can use the purpose-made htpasswd utility included in the apache2-utils package(Debian/ubuntu) or httpd-tools(Redhat/Centos).

    Using OpenSSL Utilities

    We will create a hidden file called .pma_pass /usr/local/cwpsrv/var/services/ folder. You can use any username. I am using dbadmin here as an example

    sudo sh -c "echo -n 'dbadmin:' >> /usr/local/cwpsrv/var/services/.pma_pass"

    Next, add an encrypted password entry for the username by typing:

    sudo sh -c "openssl passwd -apr1 >> /usr/local/cwpsrv/var/services/.pma_pass"

    Using Apache Utilities

    This tool is already installed and available on all CWP servers.

    /usr/local/apache/bin/htpasswd -c /usr/local/cwpsrv/var/services/.pma_pass dbadmin

    Configure Nginx Password Authentication

    We will need to configure Nginx to read this file before serving our protected content.
    CWP Service Nginx configuration file: /usr/local/cwpsrv/conf/cwp_services.conf

    Open the above file add the following to the location block of phpMyAdmin.

    auth_basic “Admin Login”;
    auth_basic_user_file /usr/local/cwpsrv/var/services/pma_pass;

    So the full block should look like this now.

    location /pma {
    root /usr/local/cwpsrv/var/services;
    index  index.html index.htm index.php;
    ModSecurityEnabled off;
    ModSecurityConfig /usr/local/cwpsrv/conf/security/conf/pma_rules.conf;

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_read_timeout 600;
        fastcgi_pass    unix:/usr/local/cwp/php71/var/sockets/cwpsvc.sock;
        fastcgi_index   index.php;
        fastcgi_param   SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME   $fastcgi_script_name;
        include                 fastcgi_params;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        access_log    off;
        log_not_found    off;
        expires 1M;
    }

       auth_basic "Admin Login";
       auth_basic_user_file /usr/local/cwpsrv/var/services/.pma_pass;
}

    Restart CWP nginx service by below commands

    systemctl restart cwpsrv.service

    Confirm the Password Authentication

    To confirm that your content is protected, try to access your restricted content in a web browser. You should be presented with a username and password prompt

    How to block Outgoing Port 25 for all VPS/Containers of SolusVM

    By

    On December 5, 2017

    In Linux server

    How to block Outgoing Port 25 for all VPS/Containers of SolusVM(Both OpenVZ/KVM)

    Sometimes,when providing VPS service, it is necessary to block mailing service for VPS. Otherwise your IP ranges will be blocked by RBLs and other common mail providers like Gmail, Hotmail, AOL, etc. It is recommended to open ports by case by case for your customers, after establishing trust with your client.

    Normally we block the port using the “OUTPUT” chain. However, SolusVM uses the chain “FORWARD” for routing traffic from containers/VPSs.

    So by adding following rules, you can block all outgoing mails ports completely for all VPSs.

    iptables -I FORWARD -d 0.0.0.0/0 -p tcp -m tcp --dport 25 -j DROP
    iptables -I FORWARD -d 0.0.0.0/0 -p tcp -m tcp --dport 465 -j DROP
    iptables -I FORWARD -d 0.0.0.0/0 -p tcp -m tcp --dport 587 -j DROP

    Then save the iptables by running

    service iptables save

    Install Ajenti V on Ubuntu 16.04 on Ubuntu 16.04

    By

    On August 11, 2017

    In Linux server

    Install Ajenti v on Ubuntu 16.04

    Ajenti is an open source, web-based control panel that can be used for a large variety of server management tasks. Optionally, an add-on package called Ajenti V allows you to manage multiple websites from the same control panel


    Step 1: First make sure that all your system packages are up-to-date
    sudo apt-get update
    sudo apt-get upgrade

    Step 2: Installing Ajenti Control Panel.
    wget -O- https://raw.github.com/ajenti/ajenti/1.x/scripts/install-ubuntu.sh | sudo sh

    Step 3: Start the service:
    systemctl start ajenti

    Step4: Install Agenti hosting module + nginx+ mail+ftp

    If you have Apache installed, but don’t use it, remove it first:
    apt-get remove apache2

    If you have Sendmail or Postfix installed, remove them too
    apt-get remove sendmail postfix

    Install Ajenti-v

    apt-get install ajenti-v ajenti-v-nginx ajenti-v-mysql ajenti-v-php7.0-fpm php7.0-mysql

    # If you need Python
    apt-get install ajenti-v-python-gunicorn

    # If you want FTP
    apt-get install ajenti-v-ftp-pureftpd

    # If you want mail
    apt-get install ajenti-v-mail

    # If you want POP support (for gmail etc.)
    apt-get install courier-pop

    Step 5: Restart All Services
    systemctl restart nginx
    systemctl restart php7.0-fpm
    systemctl restart mysql
    systemctl restart exim4
    systemctl restart pure-ftpd
    systemctl restart ajenti

    Step 6: Accessing Anjeti control panel.

    Anjeti will be available on HTTP port 8000 by default. Open your favourite browser and navigate to http://yourdomain.com:8000 or http://server-ip:8000 and enter default username “admin” or “root” and password is “admin”.

    Change the password immediately to something secure.

    How To Install PHP 7 On A cPanel/WHM Server With EasyApache 3

    By

    On August 5, 2017

    In Cpanel and WHM, Linux server

    How To Install PHP 7 On A cPanel/WHM Server With EasyApache 3

    Latest versions of cPanel come with EasyApache 4 which provides lots of new features like native support for multiple PHP versions, PHP 7 support, very fast, etc. So it is recommended to migrate to EasyApache 4. However, if you cannot migrate EasyApache 4 because of some reason (Example: Tomcat support), you will have to compile the PHP 7 manually from source.

    To migrate to EasyApache for, just run the below command. cPanel will try to build a matching PHP setup using EasyApache 4.

    /scripts/migrate_ea3_to_ea4 --run

    If anything goes wrong during the upgrade process you can always go back with /scripts/migrate_ea3_to_ea4 –revert –run

    Manually install PHP 7

    Following steps are tested with cPanel 11.64.0.36 and CentOS 6.9 64 bit. The PHP handler should be suphp to get this working.

    cd /usr/local/src/
wget http://php.net/distributions/php-7.0.22.tar.gz #Go to php.net site to find the latest version
tar xvf php-7.0.22.tar.gz

    Build it.

     #./configure  --enable-bcmath --enable-calendar --enable-exif --enable-ftp --enable-gd-native-ttf --enable-libxml --enable-mbstring --enable-pdo=shared --enable-sockets --enable-zip --prefix=/usr/local/php70  --with-curl=/opt/curlssl/ --with-freetype-dir=/usr --with-gd --with-gettext --with-imap=/opt/php_with_imap_client/ --with-imap-ssl=/usr --with-jpeg-dir=/usr --with-kerberos --with-libdir=lib64 --with-libxml-dir=/opt/xml2/ --with-mcrypt=/opt/libmcrypt/ --with-mysqli --with-openssl=/usr --with-openssl-dir=/usr --with-pcre-regex=/opt/pcre --with-pdo-mysql=shared --with-pdo-sqlite=shared --with-pic --with-png-dir=/usr --with-xpm-dir=/usr --with-zlib --with-zlib-dir=/usr

    You may add any additional parameters required. You can run ./configure --help to see all available options first.
    Important: Do not forget to set the "--prefix=/usr/local/php70". Otherwise, your existing PHP installation will be lost.

     make
 make install

    If everything is successful, the PHP binaries will be installed in "/usr/local/php70/bin/" directory.

    Copy the default php.ini:

     cp -pr /usr/local/src/php-7.0.22/php.ini-production /usr/local/php70/lib/php.ini

    Add pdo,opcache, other modules to php.ini file.

     echo "extension=pdo.so" >> /usr/local/php70/lib/php.ini
 echo "extension=pdo_mysql.so" >> /usr/local/php70/lib/php.ini
 echo "zend_extension=opcache.so" >> /usr/local/php70/lib/php.ini

    Verify the installation

    /usr/local/php70/bin/php -v
    PHP 7.0.22 (cli) (built: Aug 5 2017 01:56:23) ( NTS )
    Copyright (c) 1997-2017 The PHP Group
    Zend Engine v3.0.0, Copyright (c) 1998-2017 Zend Technologies
    with Zend OPcache v7.0.22, Copyright (c) 1999-2017, by Zend Technologies

    Now link our new PHP 7 installation with Apache web server

    Generate the PHP config:

    cat >  /usr/local/apache/conf/php70.conf << EOF
AddType application/x-httpd-php7 .php7 .php

    suPHP_AddHandler application/x-httpd-php7

EOF

    Add new handler to suphp

    Edit the /opt/suphp/etc/suphp.conf and add below code, at the end of the handlers list to enable PHP7 handler.

    ;Handler for php-scripts
    #... existing handlers are here ... put yours below them
    application/x-httpd-php7="php:/usr/local/php70/bin/php-cgi"

    Now add our custom php config file to EasyApache list so that the changes will not be lost future EasyApache builds.

    There are two options here. You can either go into WHM and edit the post_virtualhost_global.conf file from there or you just run: vi /usr/local/apache/conf/includes/post_virtualhost_global.conf. Add the line below in that file and you should be all done.

    Include /usr/local/apache/conf/php70.conf

    Now restart Apache

    service httpd restart

    Configure a website To Use This new PHP 7
    Add following code to .htaccess file(/home/username/public_html/.htaccess)

    AddType application/x-httpd-php7 .php7 .php

    NRPE installation Ubuntu

    By

    On March 18, 2017

    In Linux server, Nagios

    NRPE installation installation Ubuntu

    Tested: Ubuntu 14.04 64 bit

    #Install necessary packages
    apt-get install gettext autoconf gcc libc6 libmcrypt-dev make libssl-dev wget automake libtool bc gawk dc build-essential snmp libnet-snmp-perl

    #Add icinga user and group
    groupadd -g 9000 icinga
    useradd -u 9000 -g icinga -d /usr/local/nagios -c "Nagios NRPE" icinga

    # Install latest NRPE

    cd /usr/local/src/
    wget --no-check-certificate -O nrpe.tar.gz https://github.com/NagiosEnterprises/nrpe/archive/nrpe-3.2.0.tar.gz
    tar xvf nrpe.tar.gz
    cd nrpe-nrpe-3.2.0
    ./tools/setup
    ./configure --enable-command-args --with-ssl-lib=/usr/lib/x86_64-linux-gnu/ --with-nrpe-user=icinga --with-nrpe-group=icinga --with-nagios-user=icinga --with-nagios-group=icinga #Ubuntu x86_x64
    #For Ubuntu i386
    #./configure --enable-command-args --with-ssl-lib=/usr/lib/i386-linux-gnu/ --with-nrpe-user=icinga --with-nrpe-group=icinga --with-nagios-user=icinga --with-nagios-group=icinga
    make all
    make install
    make install-config

    #Update Services File
    echo “Adding nrpe to running services”
    echo “nrpe 5666/tcp # Nagios NRPE” >>/etc/service    s

    #Install Service / Daemon
    make install-init     #Ubuntu 13.x / 14.x

    #systemctl enable nrpe.service #Ubuntu 15.x / 16.x / 17.x

    #Open the incoming TCP port 5666 on your firewall. You will have to do this using firewall software, like firewall ufw.

    #Update Configuration File
    The file nrpe.cfg is where the following settings will be defined. It is located:

    /usr/local/nagios/etc/nrpe.cfg

    allowed_hosts=

    At this point NRPE will only listen to requests from itself (127.0.0.1). If you wanted your nagios server to be able to connect, add it's IP address after a comma (in this example it's 10.25.5.2):

    allowed_hosts=127.0.0.1,10.25.5.2

    The following commands make the configuration changes described above.

    sudo sh -c "sed -i '/^allowed_hosts=/s/$/,10.25.5.2/' /usr/local/nagios/etc/nrpe.cfg"
    sudo sh -c "sed -i 's/^dont_blame_nrpe=.*/dont_blame_nrpe=1/g' /usr/local/nagios/etc/nrpe.cfg"

    #Start Service / Daemon

    Different Linux distributions have different methods of starting NRPE.

    Ubuntu 13.x / 14.x

    sudo start nrpe

    Ubuntu 15.x / 16.x / 17.x

    sudo systemctl start nrpe.service

    Test NRPE

    Now check that NRPE is listening and responding to requests.

    /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1

    You should see the output similar to the following:
    NRPE v3.2.0

    If you get the NRPE version number (as shown above), NRPE is installed and configured correctly.

    You can also test from your Nagios host by executing the same command above, but instead of 127.0.0.1 you will need to replace that with the IP Address / DNS name of the machine with NRPE running.

    Service / Daemon Commands

    Different Linux distributions have different methods of starting / stopping / restarting / status NRPE.

    Ubuntu 13.x / 14.x

    sudo start nrpe
    sudo stop nrpe
    sudo restart nrpe
    sudo status nrpe

    Ubuntu 15.x / 16.x / 17.x

    sudo systemctl start nrpe.service
    sudo systemctl stop nrpe.service
    sudo systemctl restart nrpe.service
    sudo systemctl status nrpe.service

    Installing The Nagios Plugins

    NRPE needs plugins to monitor different parameters. T

    #Install Latest Nagios plugins

    cd /usr/local/src/
    wget --no-check-certificate -O nagios-plugins.tar.gz https://github.com/nagios-plugins/nagios-plugins/archive/release-2.2.1.tar.gz
    tar zxf nagios-plugins.tar.gz
    cd nagios-plugins-release-2.2.1/
    ./tools/setup
    ./configure --enable-perl-modules
    make
    make install

    #Test NRPE + Plugins

    Using the check_load command to test NRPE:
    /usr/local/nagios/libexec/check_nrpe -H 127.0.0.1 -c check_load

    You should see the output similar to the following:
    OK - load average: 0.01, 0.13, 0.12|load1=0.010;15.000;30.000;0; load5=0.130;10.000;25.000;0; load15=0.120;5.000;20.000;0;

    You can also test from your Nagios host by executing the same command above, but instead of 127.0.0.1 you will need to replace that with the IP Address / DNS name of the machine with NRPE running.

    Page 2 of 5

    Previous

    Next

    Powered by WordPress & Theme by Anders Norén