1) Login to the server as root via SSH

2) Run the command “openssl” and you will see this:

    test@test [~]# openssl
    OpenSSL>

3) Now in the OpenSSL prompt give the command : passwd -1 “your_new_email_password”

    test@test [~]# openssl
    OpenSSL> passwd -1 “test@123”
    $1$m4pq941w/j$1KYI5VwHl8C6h9H6ScTFNWy/
    OpenSSL> quit

Please note the option in command: passwd -1 “test@123”. It is not alphabet “-l”. It is numeric “-1”.
You will get the MD5 encrypted format for your password. Copy it somewhere.

4) Now you need to go to cpanel account’s home directory and then into etc folder.

    test@test [~]# cd /home/test/etc/test.com
    test@test [/home/test/etc/test.com]#

5) There you will be seeing some files : passwd, passwd,v , quota, quota,v , shadow, shadow,v .
Here the file we should consider is shadow and shadow,v.

6) If you check out shadow folder, you will see

    test@test [/home/test/etc/test.com]# cat shadow
    test:$6$itlQRsdN/bGoiCB/n/$53X3P/wy.lsS6uds4u7vporiAqdKBnfsF8Zx8b6MXs6/oxM0inzns3lsDfHdXNygq3pdPOFR57ryWHk63A7JJr2r61:15673::::::

Please note that the dark black colored part is the password part. You need to replace it with the MD5 format of your new password which you copied from OpenSSL prompt earlier.

    test:$1$m4pq941w/j$1KYI5VwHl8C6h9H6ScTFNWy/:16673::::::

Save and close the file.

If shadow,v file is present then replace the encrypted part same as above. If a file is not present then try login to webmail it will work.

Installing the Redis daemon:

for CentOS 6/RHEL 6

    rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
    rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
    yum -y install redis --enablerepo=remi --disableplugin=priorities
    chkconfig redis on
    service redis start

for CentOS 7/RHEL 7

    rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
    rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
    yum -y install redis --enablerepo=remi --disableplugin=priorities
    systemctl enable redis
    systemctl start redis

Installing the Redis PHP extension for all available versions of PHP.
Copy and paste the entire block into SSH, don't do line by line.

    for phpver in $(ls -1 /opt/cpanel/ |grep ea-php | sed 's/ea-php//g') ; do
    cd ~
    wget -O redis.tgz https://pecl.php.net/get/redis
    tar -xvf redis.tgz
    cd ~/redis* || exit
    /opt/cpanel/ea-php"$phpver"/root/usr/bin/phpize
    ./configure --with-php-config=/opt/cpanel/ea-php"$phpver"/root/usr/bin/php-config
    make clean && make install
    echo 'extension=redis.so'> /opt/cpanel/ea-php"$phpver"/root/etc/php.d/redis.ini
    rm -rf ~/redis*
    done

    /scripts/restartsrv_httpd
    /scripts/restartsrv_apache_php_fpm

All done! Check to make sure the PHP extension is loaded in each version of PHP:
Copy and paste the entire block into SSH, don't do line by line.

    for phpver in $(ls -1 /opt/cpanel/ |grep php | sed 's/ea-php//g') ; do
    echo "PHP $phpver" ; /opt/cpanel/ea-php$phpver/root/usr/bin/php -i |grep "Redis Support"
    done

Output should be:

    PHP 55
    Redis Support => enabled
    PHP 56
    Redis Support => enabled
    PHP 70
    Redis Support => enabled
    PHP 71
    Redis Support => enabled

When you create a volume group, by default, it is activated. Sometimes you may need to activate it manually to make the kernel aware of volume groups.

To activate,

    # vgchange -ay my_vg_name

To De-activate,

    # vgchnage -an my_vg_name

A command to activate the VG in a cluster?

To activate exclusively on one node,

    # vgchange -aey my_vg_name

To deactivate exclusively on one node,

    # vgchange -aen my_vg_name

To activate only on the local node,

    # vgchange -aly my_vg_name

To deactivate only on the local node,

    # vgchange -aln my_vg_name

On this optimization process, we will go over the Apache core configuration and modules that are part of Apache core. We think that with the correct settings of Apache and MySQL you can get excellent results and the correct level of resource use without installing third-party proxy and cache modules. So let’s start,


Apache & PHP

In the first stage we run the Easy Apache and selected the following:

    Apache Version 2.4+

    PHP Version 5.6+

    In step 5 “Exhaustive Options List” select

– Deflate

– Expires

– MPM Worker

After Easy Apache finished go to your WHM » Service Configuration » Apache Configuration » “Global Configuration” and set the values by the level of resources available on your server.

    Apache Directive       (From 2GB memory or less and to 12GB+ memory)      

    StartServers            4       8       16 
    MinSpareServers         4       8       16 
    MaxSpareServers         8       16      32 
    ServerLimit             128         256         512    
    MaxRequestWorkers       150         250         500    
    MaxConnectionsPerChild      1000        2500        5000
    Keep-Alive          On      On      On
    Keep-Alive Timeout      1       1        1
    Max Keep-Alive Requests     30      30      30
    Timeout             60      60      60

Now go to WHM » Service Configuration » Apache Configuration » Include Editor » “Pre VirtualHost Include” and allow users minimal cache and data compression to allow the server to work less for the same things by pasting the code below into the text field.

    # Cache Control Settings for one hour cache
    <FilesMatch ".(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)$">
    Header set Cache-Control "max-age=3600, public"
    </FilesMatch>

    <FilesMatch ".(xml|txt)$">
    Header set Cache-Control "max-age=3600, public, must-revalidate"
    </FilesMatch>

    <FilesMatch ".(html|htm)$">
    Header set Cache-Control "max-age=3600, must-revalidate"
    </FilesMatch>

    # Mod Deflate performs data compression
    <IfModule mod_deflate.c>
    <FilesMatch ".(js|css|html|php|xml|jpg|png|gif)$">
    SetOutputFilter DEFLATE
    BrowserMatch ^Mozilla/4 gzip-only-text/html
    BrowserMatch ^Mozilla/4.0[678] no-gzip
    BrowserMatch bMSIE no-gzip
    </FilesMatch>
    </IfModule>

Go to WHM » Service Configuration » “PHP Configuration Editor” and set the parameters according to your needs:

– memory_limit

– max_execution_time

– max_input_time


MySQL

For MySQL you need to update the configuration file that usually in /etc/my.cnf

Best config base on 2 core & 4GB memory MySQL 5.6 \ MariaDB 10:

    [mysqld]
        local-infile = 0
        max_connections = 250
        key_buffer = 64M
        myisam_sort_buffer_size = 64M
        join_buffer_size = 1M
        read_buffer_size = 1M
        sort_buffer_size = 2M
        max_heap_table_size = 16M
        table_cache = 5000
        thread_cache_size = 286
        interactive_timeout = 25
        wait_timeout = 7000
        connect_timeout = 15
        max_allowed_packet = 16M
        max_connect_errors = 10
        query_cache_limit = 2M
        query_cache_size = 32M
        query_cache_type = 1
        tmp_table_size = 16M
        open_files_limit=25280

    [mysqld_safe]

    [mysqldump]
        quick
        max_allowed_packet = 16M
    [myisamchk]
        key_buffer = 64M
        sort_buffer = 64M
        read_buffer = 16M
        write_buffer = 16M
    [mysqlhotcopy]
        interactive-timeout

Best config base on 8 core & 16GB+ memory (Shared server) MySQL 5.6 \ MariaDB 10:

    [mysqld]
    local-infile=0
    max_connections = 600
    max_user_connections=1000
    key_buffer_size = 512M
    myisam_sort_buffer_size = 64M
    read_buffer_size = 1M
    table_open_cache = 5000
    thread_cache_size = 384
    wait_timeout = 20
    connect_timeout = 10
    tmp_table_size = 256M
    max_heap_table_size = 128M
    max_allowed_packet = 64M
    net_buffer_length = 16384
    max_connect_errors = 10
    concurrent_insert = 2
    read_rnd_buffer_size = 786432
    bulk_insert_buffer_size = 8M
    query_cache_limit = 5M
    query_cache_size = 128M
    query_cache_type = 1
    query_prealloc_size = 262144
    query_alloc_block_size = 65535
    transaction_alloc_block_size = 8192
    transaction_prealloc_size = 4096
    max_write_lock_count = 8
    slow_query_log
    log-error
    external-locking=FALSE
    open_files_limit=50000

    [mysqld_safe]

    [mysqldump]
    quick
    max_allowed_packet = 16M

    [isamchk]
    key_buffer = 384M
    sort_buffer = 384M
    read_buffer = 256M
    write_buffer = 256M

    [myisamchk]
    key_buffer = 384M
    sort_buffer = 384M
    read_buffer = 256M
    write_buffer = 256M

    sort_buffer_size = 1M
    join_buffer_size = 1M
    thread_stack = 192K

Here are some quick tips on how to secure your Linux server. This is only a short list, but, they are must do’s! Some of which are:

1. Change ssh port (use keys if possible as well/allow only specific users)
2. Disable unneeded services
3. Install a good firewall
4. Disable dangerous / unused PHP functions / harden your PHP
5. Install mod_security
6. Virus scan FTP uploads
7. Install root kit detection
8. Set root email to off server email account
9. Make sure your passwords are tough to guess. This is a big one, especially for the root user, this should be a very tough password.

This is a quick list, as there are many other things that can be done.

Install Apache

Adjust the Firewall

Verifying Apache Installation

Manage the Apache service with systemctl

---

Apache Configuration File’s Structure and Best Practices

• All Apache configuration files are located in the /etc/httpd directory.
• The main Apache configuration file is /etc/httpd/conf/httpd.conf.
• All config files ending with .conf located in the /etc/httpd/conf.d directory are included in main Apache configuration file.
• Configuration files which are responsible for loading various Apache modules are located in the /etc/httpd/conf.modules.d directory.
• For better maintainability it is recommended to create a separate configuration file (vhost) for each domain.
• New Apache vhost files must end with .conf and be stored in /etc/httpd/conf.ddirectory. You can have as many vhosts as you need.
• It is a good idea to follow a standard naming convention, for example if your domain name is mydomain.com then you the configuration file should be named /etc/httpd/conf.d/mydomain.com.conf
• Apache log files (access_log and error_log) are located in the /var/log/httpd/ directory. It is recommended to have a different access and error log files for each vhost.
• You can set your domain document root directory to any location you want. The most common locations for webroot include:
  • /home/<user_name>/<site_name>
  • /var/www/<site_name>
  • /var/www/html/<site_name>
  • /opt/<site_name>

Web server is essential for all server to serve the content over the internet. There are a lot of web servers available in the market. The two Major web servers are Apache and Nginx. A lot of people are confusing themselves about choosing the one among both of them. In this article, I am going to compare Apache and Nginx which will give the answer to your confusion. Both of these web servers can’t be replaced by each other. They have their uniqueness. You have to choose any of the web server based on the requirement. In this article, we will also see the nginx vs apache difference.

Here: I am going to compare Apache and Nginx with following factors

Connection Handling architecture
Static vs Dynamic content
Distributed vs Centralized configuration
File vs URI based interpretation
Modules
Compatibility
Using both of them together.
Apache
Apache was initially created by Robert McCool. The year of creation was 1995. After that, Apache has been developed by Apache software foundation from 1999. The actual organization is HTTP web server. But the foundation is now referred with the name of Apache. The Product name overrides the organization name. It becomes very famous after its launch since then the Apache foundation is benefiting from the documentation and integration with software. Apache is the first choice for many server administrators due to its power, compatibility and support for many platforms. The Apache is easily extensible through loading the dynamic module. Apache process many interpreted languages and it does not use any other external software for that.



Nginx
The Origin of Nginx is an interesting thing. The Nginx was created by Igor Sysoev. Nginx was created as a solution for the c10K problem. At that time, it was very hard to serve a large number of concurrent users. Even the Apache was struggling to handle the traffic. It was a challenge to serve 10,000 concurrent visitors at a time. Igor Sysoev created Nginx as a solution to this. It was created to handle a large number of concurrent users with limited resources. Nginx performed well and managed a large number of concurrent users with minimal resources. After that, it becomes very famous. The Administrators who handle the server with a large number of concurrent visitors started to use Nginx. Nginx Performs well even at heavy loads. Nginx has some advanced features. They are Reverse Proxy Load Balancing Many people want to know difference between apache and nginx server. Let us see them here.
1) Connection Handling Architecture
Let us see how Apache and Nginx are handling the connections with their client.

Apache:
Apache provides various multiprocessing modules to handle the client request.

The administrator can easily change the Multi-Processing Module(MPM).

mpm_prefork: This module creates processes with a thread for each.

Each thread handles a single request. This module works faster until the number of request crosses the number of processes.

The process will consume memory so it makes the server slow down.

It is not easy to scale up when the process is high.

This module is best for working with other components which are not created to depend on threads.

PHP is not fit to work with thread. This mpm_prefork module is best to work with PHP.

This is the only safe way to work with PHP using mod_php apache module.

mpm_worker: This module creates processes each with multiple threads.

Many threads mean handling of many connections. This module is much more efficient than Prefork Module.

This time new client request can be caught by a thread. So, there is no need of waiting for the process to become free.

MPM worker is scaling better than Prefork Module.

mpm_event: This module is somewhat similar to mpm_worker.

In the mpm_event a connection is kept alive regardless of whether the request is being made as long as the connection exists.

mpm_event also handles threads of Keep-Alive connection requests.

It sets dedicated threads of keep-alive connection and sends the remaining requests to other threads.

This helps the Process to prevent being filled with keep-alive connection requests.

Keepalive connection should be stable and fixed with the specific threads. So the dedicated thread is the must.

You could see the availability of request handling algorithms in Apache. T

he variation is created for different usages.

Web administrator can choose the module based on the server capability.

However, The internet is growing so the concurrency is also growing with that.

Nginx:
The Nginx is created with the purpose of serving more requests simultaneously without any interruption with minimal resource.

The Apache was struggling to handle a large number of user concurrently, this is where Nginx came in and performed well.

After that, it started to gain attention from webmasters.

The Nginx is preferable for servers with a large number of visitors.

Nginx is best in delivering the static content and almost works two times faster than Apache.

Nginx is growing faster as many webmasters started to using it for its performance. But, at the same time, the Usage of Apache web server also becoming low.

Most of the time Apache web server is replaced by Nginx server.

Nginx is working completely in a different way when compared to Apache web server.

Nginx has one main master process.It is recommended to have one master process per CPU.

The master process creates multiple worker processes. Each worker process has only one thread.

This is where Nginx differs from Apache.

Single Nginx threads serve multiple requests whereas in Apache single thread only serves one connection.

The worker process connections are placed in event loop with other connections and all of them are served asynchronously.

Once the request is served completely, the event will be removed from the loop.

Since a single thread handles the multiple connections, No need of creation of the additional process which leads to memory and CPU consumption.

So, Nginx serves without going down even when the load is heavy.

Checkout this forum to see the nginx vs apache 2017 comparison.

2) Static vs Dynamic content
Static content serving:

Nginx is leading in this contest and performed 2.5 times faster than Apache in serving static content when tested with 1000 concurrent connections.

In another test with 512 concurrent connections to Nginx, it performed 2 times faster than Apache at the same time Nginx consumed 4% less memory.

So, if you are serving the static content to a lot of concurrent users, then you should choose Nginx as the new web server.

When you go for Nginx vs Apache WordPress, both of them are almost giving same performance for

Dynamic Content Serving:

Now, most of the website is running based on Dynamic content. It essential for any web server to serve the dynamic content faster.

During the test for the Dynamic content, Nginx and Apache both performed equally.

They also consumed same memory and CPU Resource.

There are a lot of websites uses CMS such as WordPress, Joomla and Drupal.

The web server also needs to serve the dynamic content from them.

Here, both of the web servers are doing the same task “that is forwarding dynamic content requests to php-fpm and wait for its process and response the request, then they serve the content to the client.

When you go for Nginx vs Apache php, the Apache directly works with PHP whereas the Nginx uses php-fpm.

Both web servers are depending the third party to process the request.

Until then they serve the static content without waiting for the process to complete.

So, you can choose any of the web servers to serve dynamic contents as they don’t show any difference in the performance.

3) Operating System
Apache:
Apache supports all the Linux and Unix-like operating system and works on them perfectly.

Apache also completely supports the Microsoft Windows.

Nginx:
Nginx also highly supports Linux and Unix-like operating system.

But:

Only provides some support to windows. However, this can’t stop from running the web server.(Most of the hosting servers are running on Linux)

4) .Htaccess
The main difference between Apache and Nginx is directory level configuration.

Apache:
In Apache web server, you can use the directives to control a web directory. The directives will be hidden in a file called .htacess.

== The .htaccess file is powerful and lets you control some aspects of web server directly without accessing the web server configuration file.==

The directives written within this file are so effective and the result reflects immediately without restarting the server.

You have to be careful while handling the .htaccess. Even a small mistake can cause trouble to your site.

Apache will always look for .htaccess file in the parent directory. Once it finds the directory, It reads the directives

Here are the few things which you can control using .htaccess.

URL rewrites,
Access restrictions,
Authorization
Authentication
Caching policies
It allows the decentralized configuration by giving access to CMS.

This will help server administrators to give some specific access to the webmasters in the shared hosting.

So, the webmasters can have some control over their site and they can further customize it.

Nginx:
Nginx does not interpret any such files. Nginx does not provide any option like .htaccess.

All the access are centralized and you have to make all changes in the main configuration file.

It may seem a backdrop for Nginx when compared to Apache, but it has the advantage.

In Apache, the server will look for .htaccess directory in the corresponding directory and it entirely searches for the hidden files in the parent directory.

It is a time-consuming process. After finding the. htaccess file, the server will interpret the directives and fetches the directory contents to the user.

If there are more .htaccess file, they all should be interpreted.

This process will happen again and again for the each request made to the server.

But:

Nginx directly reads the directories and deliver the content to the user according to its main configuration directives.

This saves a lot of time and delivers the content faster. This is one of the reason for Nginx to work faster.

Also, the security is high since the Configuration is centralized.

The web server has all the control over the configuration. Individual users have to contact the admin for any changes that have to be made.

It also prevents the user from making suspicious activities with .htaccess file.

5) Working Model
Apache:
You can make a request to Apache that can be interpreted as a Physical resource on a file system.

The request can also be made in the form of URI.

Apache has been using Directory blocks and location blocks. File blocks are also used instead of Directory blocks.

The location block is used for more abstract resources.

Apache is entirely created as a web server. It interprets the request as File system resources.

To get a file, Apache begins the search from document root with the host and port number along with the request.

Apache has many options when the search for file end up in not finding the file. You can use alias directive to represent the alternative location of the file.

If you want to use Location block instead of the file system, you have to use URI.

You can use the available regular expression to configure the file system with flexibility.

Apache can work as both underlying file system and web space. The file system is the one the Apache depends on the most.

The .htaccess is one such example for the file system dependency of Apache.

Nginx:
Nginx works both as a web server and proxy. The Architecture of Nginx differs a lot from apache. Due to this, Nginx uses the URI mainly and uses the file system when required.

You can see that the way of Nginx configuration file is created and interpreted.

Nginx does not allow you to specify the configuration for a directory. Instead, it directly parses the URI itself.

Nginx uses two primary blocks. They are server block and location blocks.

The server block interprets the hostname and the location block interprets URI which comes after the host and port.

The request is interpreted as URI, not as location file system.

If a user is requesting for a static file, the Nginx selects the server block and location block. Also, the Nginx appends the document root with the URI.

The function may seem similar.

But actually, it is not. Parsing the request as URI instead of File system lets the Nginx function easily as web, email and proxy server.

Nginx configuration responds the request as mentioned in the configuration.

6) Modules:
You can extend both Apache and Nginx using the module. The function style of Apache and Nginx Differs a lot from each other.

Apache:
you can use the module according to the requirement. Load and unload the modules easily to meet the requirement of the server.

You can turn off and turn on the Modules easily. Each module provides different functionalities.

Apache is very old has been serving for a long time in the internet world. A lot of libraries have been created for Apache.

You can use install any of the modules to change and add functions in the Apache.

For example, The mod_php adds the PHP interpreter to each worker in Apache.

The modules are not only serving the dynamic content. They have more functionality than you think. Here is some of them.

Rewriting URLs
Authenticating clients
Hardening the server
Logging
Caching
Compression
Proxying
Rate limiting
Encrypting
The core functionality can be extended using the dynamic module.

Nginx:
Nginx also has various modules to support the user requirement. But, there is a major difference between the Apache and Nginx modules.

Nginx modules are not dynamically loadable. You have to add them yourself in the core software.

This is not an easy task for many users to build their server from the core with their selected packages.

It will be much harder for people who use the conventional packaging system which consists the commonly required modules.

If you have a specific requirement, then you have to build the server from the core using required modules.

Nginx Modules can be instructed to do specific tasks so that you can get what you want. This is also considered as a more secure way by many users.

Nginx modules have many functionalities same as Apache modules. Here is some of them.

proxying support
compression
rate limiting
logging
rewriting
geolocation
authentication
encryption
streaming
mail functionality
8) Support, Compatibility, Ecosystem, and Documentation
If you are using a software, you always need the support and help to use that for a long time.

It is the responsibility of the software provider too.

Apache:
Apache is a popular web server and it has been in the market for a very long time.

It has been serving in the internet world for more than two decades.

This very long time existence of Apache is its greatest advantages.

Being the first famous vendor in the internet Apache has been widely used by many people.

There are a lot of documentation are available.

The third party documentation is also available. A lot of web software tool is available to bootstrap in the Apache environment.

A lot of third party supports are available for Apache since it has been evolving in the market for a long time and holds more share in the market.

Server administrators familiar with Apache.

It is also used in the shared hosting for its one of the best feature .htaccess file.

The distributed configuration environment gives access to the webmasters to take control over their website.

Nginx:
Nginx has been serving the internet for more than a decade. Nginx has the third place in the web server market.

A lot of people have been choosing Nginx as their web server.

The growth of the Nginx is so fast and it very high when compared to Apache growth throughout the last decade.

Due to the speed, Many server admins adopted Nginx.

Initially, the detailed documentation of the Nginx is not available in the English language.

The initial documentation was in the Russian Language.

But:

After some time, the interest of the project has grown and the documentation has been converted to English. The Nginx itself has a lot of administration resource to handle the Nginx.

A large number of third parties also providing resources. This makes a one to choose Nginx.

A lot of third-party application gives you an option to auto-configure Nginx.

If you don’t have Nginx on your server, they automatically download and configure Nginx for their application to work on your machine.

If you need to install the Nginx for any third party applications, it will be easy for you.

It is because they provide clear documentation about the requirement for that applications.

It makes your job very easy to create a custom Nginx server.

9) Using Apache and Nginx together
You have seen the difference and limitations of Nginx and Apache. Now you should have decided which one is the best suit for your server.

When you look at Nginx vs apache reverse proxy, both are giving best performance for dynamic content.

But:

You can use both of them together to benefit from both web server software.

You can use Nginx as a reverse proxy in front of Apache.

The main advantage of Nginx is concurrency and speed of delivering static content.

If a user requests for static content, it can be served immediately by Nginx directly. If a user requests for dynamic content, the Nginx forwards the request to the Apache.

Apache process the request and forwards to the content to the Nginx. Then Nginx forwards the content to the user.

This is a suggested and well-working setup for many people. The Nginx and Apache together share the workload.

First Nginx receives the request. If it has the ability to process the request, It will respond to the request.

If Nginx doesn’t have the ability to handle the request, then it will be forwarded to Apache.

By making Nginx handle the part of the request, you will avoid the situation of Apache server threads are being occupied and become unable to respond the request.

The biggest advantage is you can add more backend server to this setup. Nginx has the capability to handle many servers and it can even load balance between them.

It can help you to scale up when required.

Conclusion
You have seen the above comparison between Nginx and Apache. The one thing you have to remind is “Nothing can entirely fulfill your requirements”.

You have to choose the web server based on your major and important requirement.

As mentioned above, you can use the Nginx and Apache combination.

Introduction

Prerequisites

• One Ubuntu 18.04 server set up by following this initial server setup for Ubuntu 18.04 tutorial, including a sudo non-root user and a firewall.
• A fully registered domain name. This tutorial will use example.com throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
• Both of the following DNS records set up for your server. You can follow this introduction to DigitalOcean DNS for details on how to add them.
  • An A record with example.com pointing to your server’s public IP address.
  • An A record with www.example.com pointing to your server’s public IP address.
• Apache installed by following How To Install Apache on Ubuntu 18.04. Be sure that you have a virtual host file for your domain. This tutorial will use /etc/apache2/sites-available/example.com.confas an example.

Step 1 — Installing Certbot

• sudo add-apt-repository ppa:certbot/certbot

• sudo apt update

• sudo apt install python-certbot-apache

Step 2 — Set Up the SSL Certificate

• sudo nano /etc/apache2/sites-available/example.com.conf

...
ServerNameexample.com;
...

• sudo apache2ctl configtest

• sudo systemctl reload apache2

Step 3 — Allowing HTTPS Through the Firewall

• sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache                     ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache (v6)                ALLOW       Anywhere (v6)

• sudo ufw allow ‘Apache Full’
• sudo ufw delete allow ‘Apache’

• sudo ufw status

Status: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache Full                ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)        

Step 4 — Obtaining an SSL Certificate

• sudo certbot –apache -d example.com -d www.example.com

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2018-07-23. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Step 5 — Verifying Certbot Auto-Renewal

• sudo certbot renew –dry-run

Installing the Redis daemon:
for CentOS 6/RHEL 6

rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
yum -y install redis --enablerepo=remi --disableplugin=priorities
chkconfig redis on
service redis start

for CentOS 7/RHEL 7

rpm -ivh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -ivh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
yum -y install redis --enablerepo=remi --disableplugin=priorities
systemctl enable redis
systemctl start redis

Installing the Redis PHP extension for all available versions of PHP.
Copy and paste the entire block into SSH, don't do line by line.

for phpver in $(ls -1 /opt/cpanel/ |grep ea-php | sed 's/ea-php//g') ; do
cd ~
wget -O redis.tgz https://pecl.php.net/get/redis
tar -xvf redis.tgz
cd ~/redis* || exit
/opt/cpanel/ea-php"$phpver"/root/usr/bin/phpize
./configure --with-php-config=/opt/cpanel/ea-php"$phpver"/root/usr/bin/php-config
make clean && make install
echo 'extension=redis.so'> /opt/cpanel/ea-php"$phpver"/root/etc/php.d/redis.ini
rm -rf ~/redis*
done

/scripts/restartsrv_httpd
/scripts/restartsrv_apache_php_fpm

All done! Check to make sure the PHP extension is loaded in each version of PHP:
Copy and paste the entire block into SSH, don't do line by line.

for phpver in $(ls -1 /opt/cpanel/ |grep php | sed 's/ea-php//g') ; do
echo "PHP $phpver" ; /opt/cpanel/ea-php$phpver/root/usr/bin/php -i |grep "Redis Support"
done

Output should be:

PHP 55
Redis Support => enabled
PHP 56
Redis Support => enabled
PHP 70
Redis Support => enabled
PHP 71
Redis Support => enabled

This article describes how to run PHP scripts from cron jobs.

Running PHP scripts from cron jobs

A common method for running PHP scripts from a cron job is to use a command-line program such as curl or wget. For example, the cron job runs a command similar to the following command:

curl http://example.com/script.php

In this command, curl retrieves the web page, which then runs the PHP script.

However, there is a better way to run PHP scripts on your web site from cron jobs. You can run the script directly by using the PHP command-line interpreter. This method is just as effective, and usually faster. The following command shows how to run a script using the PHP command-line interpreter:

php -q /home/username/public_html/script.php

In this example, the PHP command-line interpreter runs the script.php file. The -q option enables quiet mode, which prevents HTTP headers from being displayed.

Depending on the code in your PHP script, it may only run correctly when called from a specific directory. For example, if the script uses relative paths to include files, it will only run if it is called from the correct directory. The following command shows how to call a PHP script from a specific directory:

cd /home/username/public_html/; php -q script.php

If your script requires special configuration options, you can use a custom php.ini file. The -c option allows you to call a PHP script using a custom php.ini file:

php -c /home/username/php.ini /home/username/public_html/script.php

Your main domain will use the public_html directory for all of its website files by default. Addon domains use sub directories inside the public_html directory.

In order to also set up your main domain to use a subdirectory on your hosting account you will need to set up a redirect in the .htaccess file in the public_html folder so that the server knows that any request for your main domain will be redirected to a subdirectory on public_html.

Modifying the .htaccess

The following code will need to be added to the .htaccess file in the public_html folder of your hosting account. You will need to insert the following code block and make modifications as noted in the (#) comments.

You will need to change the two instances of example.com to your domain, and the three instances of subdirectory to the folder where you want your site.

# Hostingname.com (Your Hosting Name)
# .htaccess main domain to subdirectory redirect
# Do not change this line.
RewriteEngine on
# Change example.com to be your main domain.
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
# Change 'subdirectory' to be the directory you will use for your main domain.
RewriteCond %{REQUEST_URI} !^/subdirectory/
# Don't change the following two lines.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Change 'subdirectory' to be the directory you will use for your main domain.
RewriteRule ^(.*)$ /subdirectory/$1
# Change example.com to be your main domain again.
# Change 'subdirectory' to be the directory you will use for your main domain
# followed by / then the main file for your site, index.php, index.html, etc.
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^(/)?$ subdirectory/index.html [L]

Visitors to your website will not be able to tell that your main domain is using a subdirectory.

Note:  This method is not guaranteed to work with every script or software and can be used at your own discretion.

A 'cron job' is an automated task that can be set up within your cPanel. This will typically be used to automate the running of a reminder script each day for example, or perhaps to run your own daily backup script. Any server task or script that needs regular scheduling is the perfect opportunity to use a cron job.

We would ask that you be sparing with your use of cron jobs however, as a resource-intensive script executing every five minutes for example would clearly breach our acceptable use policy. Our recommendation would be to schedule cron jobs to run only as and when they are needed.

Your online cPanel allows for the creation of cron jobs via a simple web interface. This is presented in plain english, and requires little understanding to operate.

If you decide to use the "Advanced" option however, the following information may assist you in understanding how the system works.

Understanding the format

r----Minute
| r-----Hour
| | r------Day of Month
| | | r------Month
| | | | r------Day of Week
| | | | | |------ Command to run ------------->
| | | | | |
5 4 * * 0 /path/to/whatever/script.cgi

The * symbol matches all possibilities. A "*" in the "Hour" column will for example ensure that the job is run every hour, on whichever minute(s) are specified.

The weekday number runs from 0 to 6, where 0 = Sunday.

Comma-separated values are accepted in each column, so "10,30,50" in the "Minute" column will run the cron job at 10 past, 30 past and 50 past whichever hour(s) are specified. Similarly, a value of */5 will ensure the job is run every five minutes on whichever hour(s) are specified.

Examples

5 4 * * 0 /path/to/whatever/script.cgi
Runs the script at 4:05 every sunday.

*/5 * * * * lynx --dump http://site.com/script.php
Loads the page http://site.com/script.php every 5 minutes.

5 0 * * * $HOME/bin/daily.job >> $HOME/tmp/out
Runs five minutes after midnight, every day

Note: These timings correspond to the server time, which may differ from your local time.

The php.ini file should only contain the custom settings - each on it's own line (such as the above example). When completed, save the file and upload it to an area (folder) on your web account where the rest of your php files are located.

NOTE: The php.ini file should be uploaded into every folder and/or subfolder where the settings need to take place.  Be sure to rename your php.txt file to php.ini before you upload it to your server.

In this document, we will show you to disable the SSH root login to your server.

A major security hole is to allow direct root access without any restrictions. This is an open door for hackers. They can attempt to brute force your root password and potentially get access to your server if the password can be guessed.

Quick Steps:

Login to the server via SSH.
Open the file “/etc/ssh/sshd_config” in any of your favorite text editors.
Find the section in the file containing the line with “#PermitRootLogin yes” in it.
Uncomment and change it to “PermitRootLogin no”.
Save the file and exit.
Restart the sshd service.

Disabling SSH Login for Root

The first step is to login to the server. Please note that you need to get more than one terminal access to the server because in case we lost one connection you can recover and get access to the server with the other one.

Open the SSH configuration file with your text editor.

vi /etc/ssh/sshd_config

Locate the directive PermitRootLogin,

#PermitRootLogin yes

Uncomment the line and change the directive No.

PermitRootLogin no

Save and close the file. Restart the SSH daemon to save the changes by executing one of the commands below,

/etc/init.d/sshd restart
systemctl restart sshd
service sshd restart

From now on, any attempt to SSH to the server with the root account will be automatically denied.

This guide will outlined how to install MySQL on CentOS 7. MySQL is a widely used database management platform used by various applications. Many applications such as WordPress, Joomla and others rely on MySQL databases to function. MySQL however, must be installed with a few different steps since it’s no longer the default in the CentOS repositories.

All commands without sudo

yum update -y
yum install -y wget
wget http://repo.mysql.com/mysql-community-release-el7-7.noarch.rpm
rpm -ivh mysql-community-release-el7-7.noarch.rpm
yum update -y
yum install -y mysql-server
systemctl start mysqld
systemctl enable mysqld
mysql_secure_installation

All commands with sudo

sudo yum update -y
sudo yum install -y wget
sudo wget http://repo.mysql.com/mysql-community-release-el7-7.noarch.rpm
sudo rpm -ivh mysql-community-release-el7-7.noarch.rpm
sudo yum update -y
sudo yum install -y mysql-server
sudo systemctl start mysqld
sudo systemctl enable mysqld
sudo mysql_secure_installation
Prerequisites:

First, before performing any steps relating to MySQL, we always want to update the system and ensure wget is installed:

yum update -y
yum install -y wget

MySQL Installation:

After you’ve installed wget and confirmed the system has updated, we can begin with the installation of MySQL. First we’ll need to download and add the repository. You’ll want to check the latest versions here: https://dev.mysql.com/downloads/repo/yum/ and here: http://repo.mysql.com/ and update the code snippet below accordingly for the rpm.

wget http://repo.mysql.com/mysql-community-release-el7-7.noarch.rpm
rpm -ivh mysql-community-release-el7-7.noarch.rpm
yum update -y

After the repository has been added, we can proceed with installing MySQL

yum install -y mysql-server

Once installed, we’ll need to start the service and then enable it to start on boot

systemctl start mysqld
systemctl enable mysqld

MySQL has now been installed, started and should be running on your server. Please proceed to the next steps for the MySQL Secure Installation to further secure the install.

MySQL Secure Installation:

Run the following command to begin securing the MySQL install. This process will give the options to remove the anonymous accounts, set a root password (other than your server root) and also remove the test databases. We highly recommend that you select YES to all of these options in addition to setting a different MySQL root password.

mysql_secure_installation

After you have completed the installation steps above, MySQL has now been installed on your server. You can now proceed with adding & managing databases.

Step 1: Install virt-sysprep

Type the following apt-get command/apt command to install virt-sysprep on a Debian or Ubuntu Linux:

$ sudo apt install libguestfs-tools


If you are using a CentOS/RHEL/Oracle/Scientific Linux, type the following yum command:

$ sudo yum install libguestfs-tools


If you are using a Fedora Linux, type the following dnf command to install the same:

$ sudo dnf install libguestfs-tools


Step 2: Download cloud image in .qcow2 format

You can grab cloud images from the following sites.

For demo purpose I am downloading and using CentOS 7 image using wget command:

$ wget https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2.xz



Use xz command for decompression:


$ xz -v -d CentOS-7-x86_64-GenericCloud.qcow2.xz


Step 3: Setup/inject an ssh keys

To inject an ssh key to the given “USER” will be able to log in over ssh without supplying a password. The “USER” must exist already in the guest. For CentOS 7 username is centos:

$ sudo virt-sysprep -a CentOS-7-x86_64-GenericCloud.qcow2 \
--ssh-inject centos:file:/home/vyga/.ssh/id_rsa.pub


Step 4: Launch a new VM using CentOS-7-x86_64-GenericCloud-1503.qcow2 image

The syntax is:

$ virt-install --import \
--name centos7-vm1 \
--memory 1024 \
--vcpus 2 \
--cpu host \
--disk path=/var/lib/libvirt/images/centos7.qcow2,size=10,bus=virtio,format=qcow \
--os-type=linux \
--os-variant=centos7.0 \
--graphics spice \
--noautoconsole \
--disk /home/vyga/modifyisoimages/CentOS-7-x86_64-GenericCloud.qcow2


Step 5: Test it with ssh

To find out your VM's IP address run:

$ virsh net-list
$ virsh net-dhcp-leases default



To log in using ssh command:

$ ssh user@vms-ip-address-here

I can now start this image on the workstation and ssh in right away.

Rock on.

If someone is trying to hack your website or you want to block their IP Address, you can add this line to your .htaccess file.

order allow,deny
deny from IP-ADDRESS
allow from all

Replace “IP-ADDRESS” with the IP Address you want to block.

Rock on.

If you want to stop someone from visiting your website, you can use the IP Blocker interface within cPanel which allows you to block access to your site for one or more IP addresses or fully qualified domain names (FQDNs).

You can easily block an IP in cPanel by following these steps:

1) Log into cPanel.
2) Look for the “SECURITY” section and click on “IP Blocker” icon.
3) You can add a single IP, an IP range or a domain name to the block list, click the “Add” button to set the block.
4) If you scroll down on the same page, you’ll see a list of all the blocked IPs, from here you can also delete an IP from the block list.

Rock on.

When moving a master from one server to another I came across a few issues with the new (v4) installer for SolusVM and CentOS 7.

The server was loaded with the minimal install of CentOS, and there is no specific information on SolusVM’s site for dependencies.

The first time I ran the install script, it never stated that there was a problem, but the back end web server was not accepting connections.

Long story short, before you run the SolusVM installer for CentOS 7, run the following command to ensure that the software needed is in place:


yum -y install rrdtool-php.x86_64 nmap.x86_64 vim-enhanced mlocate rsyslog.x86_64 php

For reference, here is the command from the SolusVM website for the CentOS 7 install script:

wget http://files.soluslabs.com/install.sh
sh install.sh