Posted on Leave a comment

How to Install the latest LEMP Stack on CentOS 6.5

In this tutorial,we’ll learn that how we can install the latest LEMP (Nginx, MySQL & PHP) Stack and it’s initial configuration on CentOS 6.5, because Base and EPEL repo are containing really old version of LEMP Stack.

Please add the required repos by using the following commands:

sudo rpm --import http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
sudo rpm -ivh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
sudo rpm -Uvh http://mirror.webtatic.com/yum/el6/latest.rpm
sudo yum repolist

1

We’ll have mysql55-libs conflicts with mysql-libs error, if we’ll proceed like this. To resolve this conflict, we need to issue these commands:

sudo yum install yum-plugin-replace
sudo yum replace mysql-libs --replace-with mysql55w-libs

2

Now, we can safely issue this command to install the latest version of Nginx, MySQL and PHP with PHP-Fpm:

sudo yum install nginx16 mysql55w mysql55w-server php55w php55w-opcache php55w-fpm

3

Enable Nginx, MySQL and PHP-FPM to automatically begin when the server boot:

sudo chkconfig nginx on
sudo chkconfig mysqld on
sudo chkconfig php-fpm on

3a

Secure the PHP by editing the php.ini file:

sudo vi /etc/php.ini

4

Uncomment the cgi.fix_pathinfo and change it from 1 to 0:

cgi.fix_pathinfo=0

5

Edit the  /etc/php-fpm.d/www.conf  file:

sudo vi /etc/php-fpm.d/www.conf

6

Change the user and group:

user = nginx
group = nginx

7

Next we need to do some modification in default nginx.conf file:

sudo vi /etc/nginx/nginx.conf

8

Increase the worker processes from 1 to 4:

9

Also delete the default server config block to make the file more concise:

10

Move to the /etc/nginx/conf.d/ directory:

cd /etc/nginx/conf.d/

11

Next, we’ll create the virtual host file for our domain (In my case it’s rbgeek.conf):

sudo vi rbgeek.conf

12

This is a basic virtual host config file:

server {
       listen 80;
       server_name rbgeek.com;

       access_log /var/log/nginx/rbgeek_access.log main;
       error_log /var/log/nginx/rbgeek_error.log;
     
   location / {
       root /var/www/rbgeek;
       index index.php index.html index.htm;
   }
   
   # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

   location ~ .php$ {
       root /var/www/rbgeek;
       fastcgi_pass 127.0.0.1:9000;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       include fastcgi_params;
       fastcgi_intercept_errors on;
   }
}

13

Finally, restart the Nginx and PHP-FPM services:

sudo service nginx restart
sudo service php-fpm restart

13a

Create a directory structure for the website under /var/www/.If you have another preference, please update the config files accordingly:

sudo mkdir -p /var/www/rbgeek

14

Adjust the permission:

sudo chgrp -R nginx /var/www/rbgeek
sudo chmod g+s /var/www/rbgeek

15

Create a phpinfo page to verify that the php is working correctly with Nginx:

sudo vi /var/www/rbgeek/info.php

16

Add the following code in it:

<?php
phpinfo();
?>

17

Navigate to the site in web browser and verify that the php information is returned:

http://rbgeek.com/info.php

20

(Optional) Verify that all the packages are updated by using the code in your index page:

19

Hope this will help you!

Posted on Leave a comment

How To Install WordPress with Nginx in Ubuntu Server 14.04 LTS

Install the LEMP stack(Linux, Nginx, Mysql, PHP) with the command below:

sudo apt-get install nginx mysql-server php5-fpm php5-mysql

1Note: Please set the MySQL root password, when it will prompt for it during the installation of MySQL-Server.

Secure the PHP by editing the php.ini file:

sudo vi /etc/php5/fpm/php.ini

2

Uncomment the cgi.fix_pathinfo and change it from 1 to 0:

cgi.fix_pathinfo=0

3

Create the new virtual host for wordpress (In my case, I have named it tendosite):

sudo vi /etc/nginx/sites-available/tendosite

4

Add the following code to the virtual host file (change these parameters that are marked with blue colour):

server {
             listen 80;
             server_name rbgeek.com;
            
             root /var/www/wordpress;
             index index.php index.html index.htm;

             location / {
                try_files $uri $uri/ /index.php?q=$uri&$args;
             }
       
             error_page 404 /404.html;
             error_page 500 502 503 504 /50x.html;

             location = /50x.html {
                root /usr/share/nginx/html;
             }

             location ~ .php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+.php)(/.+)$;
                fastcgi_pass unix:/var/run/php5-fpm.sock;
                fastcgi_index index.php;
                include fastcgi_params;
              }
}

Enable the virtual host by creating it’s link inside the /etc/nginx/sites-enabled:

sudo ln -s /etc/nginx/sites-available/tendosite /etc/nginx/sites-enabled/tendosite

6

Change the permission and owner of php5-fpm.sock by editing the /etc/php5/fpm/pool.d/www.conf file:

sudo vi /etc/php5/fpm/pool.d/www.conf

7

Remove the comment for listen.mode, .group and .owner:

listen.owner = www-data
listen.group = www-data
listen.mode = 0660

8

To start the MySQL command-line client, use this command:

mysql -u root -p

9

Create a wordpress database and granting all privileges to the wordpress user on that database:

CREATE DATABASE wordpress;
GRANT ALL PRIVILEGES ON wordpress.* TO wpuser@localhost IDENTIFIED BY 'password';
FLUSH PRIVILEGES;
EXIT;

10Note: In this tutorial, wpuser will be used for wordpress.

Download the latest version of wordpress:

wget http://wordpress.org/latest.tar.gz

11

Use this command to unpack the WordPress files:

tar -zxvf latest.tar.gz

12

Move to the extracted wordpress directory and change the name of the config file from wp-config-sample.php towp-config.php and then edit the wp-config.php file:

cd wordpress/
mv wp-config-sample.php wp-config.php
vi wp-config.php

13

Insert your MySQL settings that you have created for wordpress:

14

Create the wordpress directory inside www and move all the wordpress file to it:

sudo mkdir -p /var/www/wordpress
sudo cp -r * /var/www/wordpress/

15

Change the ownership of /var/www/wordpress directory to www-data:

sudo chown -R www-data. /var/www/wordpress

16

Move to the /var/www/wordpress/ directory and check the permission:

cd /var/www/wordpress/
ls -l

17

Restart the nginx service:

sudo service nginx restart

19

Finally restart the php5-fpm service:

sudo service php5-fpm restart

18

Open up the browser and go to http://hostname/wp-admin/install.php  to begin configuring WordPress:

http://rbgeek.com/wp-admin/install.php

20

Login to the admin section:

21

Congratulations!

22

Hope this will help you!

Posted on Leave a comment

OpenVPN server on CentOS 6.4 behind NAT

This tutorial describes that how to configure the OpenVPN Server in CentOS 6.4 and clients in Windows XP/7.

I am taking the scenario of SOHO network, which is protected by Firewall, we’ll implement the OpenVPN on internal CentOS 6.4 server to access the internal SOHO network (Server and PCs) through the internet from anywhere securely.

openvpn

Before starting this tutorial, we need to install the RPMforge and EPEL repositories:

RPMforge Installation:

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt
rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm
rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm
yum repolist

EPEL Installation:

wget http://ftp.riken.jp/Linux/fedora/epel/RPM-GPG-KEY-EPEL-6
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm --import RPM-GPG-KEY-EPEL-6
rpm -ivh epel-release-6-8.noarch.rpm
yum repolist
OpenVPN Server Installation:

Install the openvpn package using the following command:

yum install openvpn easy-rsa

1

Make the openvpn service to start automatically on boot:

chkconfig openvpn on

1a

Make an easy-rsa/keys directory inside /etc/openvpn:

mkdir -p /etc/openvpn/easy-rsa/keys

2

Copy the default easy-rsa into /etc/openvpn for setting up Certificate Authority (CA), certificates and keys generation for OpenVPN server and clients:

cp -rf /usr/share/easy-rsa/2.0/* /etc/openvpn/easy-rsa

3

Edit /etc/openvpn/easy-rsa/vars:

cd /etc/openvpn/easy-rsa/
vi vars

4

Edit these parameters according to your need:

export KEY_COUNTRY="US"
export KEY_PROVINCE="NC"
export KEY_CITY="Winston-Salem"
export KEY_ORG="Example Company"
export KEY_EMAIL="me@example.com"

5

Move to the /etc/openvpn/easy-rsa/ and enter these commands:

cd /etc/openvpn/easy-rsa/
cp openssl-1.0.0.cnf openssl.cnf
source vars
./clean-all

6

Now, generate the CA certificate and key:

./build-ca

7

Next, generate a server certificate and private key:

./build-key-server tendo

8Note: tendo is my server name in above command, you can use your server name here.

For OpenVPN server,Diffie Hellman parameters are must:

./build-dh

9

Copy all the certificates and keys into /etc/openvpn/ from /etc/openvpn/easy-rsa/key/ subdirecotory:

cd keys/
cp ca.crt tendo.crt tendo.key dh1024.pem /etc/openvpn/

10

Create a /etc/openvpn/server.conf file and enter the certificates and keys information that we have created above:

vi /etc/openvpn/server.conf

11

Here is my server.conf file as an example, you can change it according to your requirement:

port 1194
proto udp
dev tun
ca ca.crt
cert tendo.crt
key tendo.key # This file should be kept secret
dh dh1024.pem
#VPN subnet for OpenVPN to draw client addresses from.
server 172.16.10.0 255.255.255.0
ifconfig-pool-persist ipp.txt
#Push routes to the client to allow it to reach other 
#private subnets behind the server.
push "route 10.10.10.0 255.255.255.0"
#If you want that all of your Internet traffic pass 
#through the VPN server then enable this
;push "redirect-gateway def1 bypass-dhcp"
# For name resolution, enable this
;push "dhcp-option DNS 10.10.10.254"
client-to-client
keepalive 10 120
comp-lzo
max-clients 10
persist-key
persist-tun
status openvpn-status.log
verb 5
mute 20

12

Now, start the OpenVPN server:

service openvpn start

13Note: Forward udp port 1194 to your internal OpenVPN server on edge firewall.

Client Certificates:

VPN client also need a certificate to authenticate itself to the server. Using the root user, create the different certificate for each client:

cd /etc/openvpn/easy-rsa/
./build-key rblaptop

14Note: rblaptop is my vpn client name in above command, you can use your client name here.

Copy these files to the client machine using winscp or any other method:

1) /etc/openvpn/ca.crt
2) /etc/openvpn/easy-rsa/keys/rblaptop.crt
3) /etc/openvpn/easy-rsa/keys/rblaptop.key

Your files name will be differ, so adjust them as per your need.

OpenVPN Client Configuration on Windows Machine:

Download free OpenVPN client for windows from here, and install it. Below is the step by step procedure to configure this OpenVPN client in order to connect to the OpenVPN server that we have configured above:

1

2

3

4

5

6

7

8

9

10

11

Check the routing table on client machine:

netstat -r

12

Ping to the OpenVPN internal ip:

13

For internal host, the ping will be failed because internal host doesn’t know about this vpn pool. To overcome this problem, we need to configure NAT on OpenVPN server:

Edit the /etc/sysctl.conf file:

vi /etc/sysctl.conf

15

Enable IP forwarding by changing “net.ipv4.ip_forward” line to 1:

net.ipv4.ip_forward=1

16

Create an iptables rule to allow the proper routing of VPN subnet.

iptables -t nat -A POSTROUTING -s 172.16.10.0/24 -o eth0 -j MASQUERADE
service iptables save
service iptables restart

17

Reboot the server or issue this command to load the change:

sysctl -p

Ping to the internal host again:

14

Success 
Hope this will help you!

Please Remember me in your prayers

Posted on Leave a comment

How to Enable SSL in Apache2 on Ubuntu

In this tutorial, I’ll explain you that how to enable the SSL for your website under Apache2 on Ubuntu Server. For this, I’m assuming:

1. That you have a working apache2 setup on your Ubuntu Server.

2. You have correctly configured the dns records for your domain.

3. You already got a certificate from a trusted certificate authority (CA) such as Godaddy,Verisign, Comodo, etc.

Let’s verify our web server that it is up and running, before beginning this tutorial:

http://rbgeek.com

1

Create a directory inside the /etc/apache2/ directory,where we’ll save the private key, public key certificate and bundle certificate:

cd /etc/apache2/ 
sudo mkdir ssl

2

Transfer the private key, public key certificate and bundle certificate inside the /etc/apache2/ssl/ directory and verify it:

cd ssl
ls

3

We want to configure the apache in such a way that it’ll run on HTTPs and for this we need to enable ssl Apache2 module with a2enmod:

sudo a2enmod ssl

4

It will suggest you to restart apache,ignore that message for now.

Edit the ports.conf file:

sudo nano /etc/apache2/ports.conf

5

Ensure that port 443 is defined as follows and add the NameVirtualHost for port 443,comment other lines:

NameVirtualHost *:443
Listen 443

6

Open up the SSL config file:

sudo nano /etc/apache2/sites-available/default-ssl

7

Fill in the correct ServerAdmin email address,add the ServerName line and adjust the path in the DocumentRootline. Also make sure that we have a valid path for the SSL:
8

Now we need to configure the SSL site:

sudo a2ensite default-ssl

9

Restart the Apache service:

sudo /etc/init.d/apache2 restart

13

Now we should be able to connect to the server through SSL using Chrome or any other browser:

14

Verify the Certificate, that it’s the same that we got from a trusted certificate authority (CA) and configured:

15

Our Web Server is also working with http (port 80).But, we don’t want that users access it through http, we only want to access it through https. To fix this, we need to edit the /etc/apache2/sites-available/default file:

sudo nano /etc/apache2/sites-available/default

16

Delete everything and add a redirection:

RedirectPermanent / https://rbgeek.com/

17

Restart the apache2 service:

sudo /etc/init.d/apache2 restart

18

Now if we go to http://rbgeek.com/, it will redirect us to https://rbgeek.com/

Posted on Leave a comment

How to configure Postfix to send mail via Google Apps

In this tutorial, we’ll configure Postfix to send an email through Google’s SMTP on Ubuntu 12.04 LTS Server for Google Apps. We can use the exact same setup for Gmail account also:

google-apps

Install Postfix and command line mail utility using the following command:

sudo apt-get install postfix mailutils

1

Backup the default configuration file for postfix:

sudo cp /etc/postfix/main.cf /etc/postfix/main.cf.bk

1a

Edit the /etc/postfix/main.cf file:

sudo nano /etc/postfix/main.cf

2

Delete everything from main.cf file and add this:

smtp_sasl_security_options = noanonymous
relayhost = [smtp.gmail.com]:587
smtp_use_tls = yes
smtp_tls_CAfile = /etc/postfix/cacert.pem
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/googleapps/password

3

Create a directory googleapps under /etc/postfix:

sudo mkdir /etc/postfix/googleapps

4

Move to the /etc/postfix/googleapps directory:

cd /etc/postfix/googleapps/

5

Create a file named password inside /etc/postfix/googleapps directory:

sudo nano password

6

Add the following contents to the password file:

[smtp.gmail.com]:587 arbab.nazar@rbgeek.com:password

7

Note: arbab.nazar@rbgeek.com is a Google apps mail address of mine with false password, you can use your original Google apps email address and password here.

Change the permission on password file:

sudo chmod 600 password

8

Transform the password file into a hashed table:

sudo postmap password

9

Copy CA root certificates to postfix directory:

sudo cp /etc/ssl/certs/ca-certificates.crt /etc/postfix/cacert.pem

10

Restart the postfix service:

sudo /etc/init.d/postfix restart

11

Test the postfix server by sending an email to another account:

echo "Testing" | mail -s "Email from tendo" arbabnazar@ymail.com

12

Check the destination email account:

13

Hope this will help you!

Posted on Leave a comment

How to connect to an EC2 instance using Putty

You created an EC2 instance and got private key (with PEM extension)from Amazon. Now, how you can login to your instance with PuTTY? For this, you need to convert the .PEM to .PPK format using Puttygen.

Run Puttygen:

Click on the Load button:

Locate your PEM file that you want to convert:

Putty will convert the .PEM to .PPK format:

Select “Save Private Key” (passphrase is not required):

Launch Putty and enter the Instance IP address:

Navigate to Connection -> SSH -> Auth, Click “Browse” and select the .PPK file and Click “Open“:

When connection comes up enter username (default is ubuntu for Ubuntu and root for CentOS):

Hope this will help you!

Posted on Leave a comment

How to Mount EC2 EBS Storage To EC2 Linux Instance

Login to your AWS management console,click on EC2 in the list of AWS products and from there, identify the correct region of EC2 instance because EC2 EBS volume must be in the same location as the EC2 instance:

Click Volumes located under Elastic Block Store then click on Create Volume button, which will launch the EBS volume creation wizard, Simply fill in the details and click Yes,Create:

Note: EBS volume that is created in us-east-1a, will only be mounted to a EC2 instance located in us-east-1a.

Right clicking on the EBS volume that we have just created and select Attach Volume from the menu:

Select the Instance that you want to attach with EC2 EBS volume:

Then click the Yes, Attach button to attach the EBS volume:

Next login to the AWS instance where you attached the EBS volume and type:

sudo fdisk -l

Where xvdf is our newly added EBS!

To create the partition on the second EBS, use the following command and follow the “on screen” instructions:

sudo fdisk /dev/xvdf

Use the partprobe command to update the kernel with the changes:

sudo partprobe /dev/xvdf

Note: Where /dev/xvdf is my device name, you can use your’s!

Now we need to format our newly created parition using the following command:

sudo mkfs /dev/xvdf1 -t ext4

Verify the newly created partition:

sudo fdisk -l

Next you need to create a directory for a mount point:

cd /mnt/
sudo mkdir 2ndEBS

Next, mount the newly created xvdf1 parition into 2ndEBS directory:

sudo mount /dev/xvdf1 /mnt/2ndEBS -t ext4

Configure the permission on 2ndEBS directory:

sudo chmod 0777 /mnt/2ndEBS/

Now, we make a test that we can write a file on to the new drive:

touch /mnt/2ndEBS/test.txt
ls /mnt/2ndEBS/*

Next time, when we will reboot the computer, it will be gone. If we want to mount new EBS permanently then we need to edit the fstab file:

sudo nano /etc/fstab

Add this line at the end of the fstab file(you can adjust it according to your requirement):

/dev/xvdf1 /mnt/2ndEBS ext4 defaults 0 0

Use this command or else reboot your computer:

sudo mount –a

Hope this will help you!

Posted on Leave a comment

Apache Virtual Hosts in Ubuntu

In this tutorial, I’ll show you the steps to configure 3 Apache virutal hosts running on a single EC2 Ubuntu Instance. The three domains, that I’ll use in this tutorial are:

1) linuxsoft.tk
2) rbgeek.tk
3) tendo.tk

DNS setting for these 3 domains are as follows:

Create three folders inside the /var/www folder, they will host these new sites:

sudo mkdir /var/www/tendo
sudo mkdir /var/www/rbgeek
sudo mkdir /var/www/linuxsoft

Copy the /etc/apache2/sites-available/default file with the name same as the new sites:

cd /etc/apache2/sites-available/
sudo cp default tendo
sudo cp default rbgeek
sudo cp default linuxsoft

Edit the new config files for each site:

sudo nano linuxsoft

Add the line ServerName with the name of your domain/site and change both DocumentRoot and Directory that point to your new site:

Repeat these steps for other new sites same as above:

rbgeek.tk

tendo.tk

To enable the each virtual host, simply type:

sudo a2ensite tendo
sudo a2ensite rbgeek
sudo a2ensite linuxsoft
sudo a2dissite default

Finally, restart the Apache service:

sudo service apache2 restart

Test all the sites:

http://www.tendo.tk

http://www.rbgeek.tk

http://www.tendo.tk

Troubleshooting:

Hope this will help you!

Posted on Leave a comment

How to connect a domain name to an EC2 instance

Launch an EC2 instance and set up the web server (In my case, I setup the Ubuntu12.04 instance and install the Apache web server on it):

At this point my website is up and running but with the long amazon url(i.e. ec2-53-245-237-89.compute-1.amazonaws.com):

Each EC2 server is assigned a dynamic IP. If a server has to be restarted, it is given a new dynamic IP and we have to remember this new long string each time to access our web server.

To overcome this problem, we can create free domain with www.dot.tk and map it with our web server. For this, allocate an Elastic IP and associate it with the instance.

Then right click on the Elastic IP and select the “Associate“, and choose the instance that we created above:

Now we have an elastic IP which is a number that looks like 175.141.242.55. Copy this number because we will use it in next step:

Login to the dot.tk site and navigate to this panel:

Add the elastic IP against the “A Record” entries:

Finally, we need to wait sometime (few minutes to an hour) for it all to propagate through.After that our domain should now start resolving to the web server we have on EC2:

Hope this will help you!

Posted on Leave a comment

Part-4: Restore disk from Clonezilla Auto Restore CD/DVD

Please read the Part-1,2 and 3 before starting this tutorial, in order to get the better understanding.

1) At first, Clonezilla auto restore CD/DVD comes up with this screen just press ENTER:

1

2) Before starting the restoration process, Clonezilla will confirm from you TWICE, If you are sure that everything is fine, than just type “y” twice and press ENTER:

2

3

3) After the second confirmation, Clonezilla will start restoring the image to the selected target hard disk:

4

4) Once the cloning process will complete, Clonezilla will show you the summary, than type 1 to “Reboot” the system. Please also “Remove the Clonezilla auto restore CD/DVD” and press ENTER:

5

5) If everything goes well, your newly restored system will boot normally as per your desire:

6

Hope this will help you!