-
-
Save malkitsingh/9aecc1b2c2ebce6158547cfcd47d156c to your computer and use it in GitHub Desktop.
**Install Node.js** | |
cd ~ | |
curl -sL https://deb.nodesource.com/setup_8.x -o nodesource_setup.sh | |
sudo bash nodesource_setup.sh | |
sudo apt-get install nodejs | |
sudo apt-get install build-essential | |
**Install Nginx** | |
sudo apt-get update | |
sudo apt-get install nginx | |
**Adjust the Firewall** | |
sudo ufw app list -- to list all available apps | |
Nginx Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic) | |
Nginx HTTP: This profile opens only port 80 (normal, unencrypted web traffic) | |
Nginx HTTPS: This profile opens only port 443 (TLS/SSL encrypted traffic) | |
sudo ufw allow 'Nginx Full' | |
**Manage the Nginx Process** | |
sudo systemctl stop nginx | |
sudo systemctl start nginx | |
sudo systemctl restart nginx | |
sudo systemctl reload nginx | |
**Set Up Nginx as a Reverse Proxy Server** | |
sudo nano /etc/nginx/sites-available/default | |
. . . | |
location / { | |
proxy_pass http://localhost:8080; | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection 'upgrade'; | |
proxy_set_header Host $host; | |
proxy_cache_bypass $http_upgrade; | |
} | |
} | |
**Check Nginx syntax** | |
sudo nginx -t | |
sudo systemctl restart nginx | |
Copying to/from remote server
If you are on the computer from which you want to send file to a remote computer:
scp -i ~/.ssh/path_to_pem_file.pem outgrow-theme.zip deploy@54.221.234.80:/home/deploy/apps
On the other hand if you are on the computer wanting to receive file from a remote computer:
scp -i ~/.ssh/path_to_pem_file.pem deploy@54.221.234.80:/home/deploy/apps /where/to/put
put -r in case of directory upload or download
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
ssh-keygen -R "you server hostname or ip"
scp -r -i picubedio.pem ubuntu@picubed.io:/home/ubuntu/picubed-BE/sampleCsv c:\server_ssh\down
scp -r -i picubedio.pem c:\server_ssh\down ubuntu@univto.com:/home/ubuntu/picubed-BE/sampleCsv
Node / Express: EADDRINUSE, Address already in use - Kill server
ps aux | grep node
to get the process ids.
Then:
kill -9 PID
Doing the -9 on kill sends a SIGKILL (instead of a SIGTERM). SIGTERM has been ignored by node for me sometimes.
Install Ajenti
wget http://repo.ajenti.org/debian/key -O- | sudo apt-key add -
echo "deb http://repo.ajenti.org/ng/debian main main ubuntu" | sudo tee -a /etc/apt/sources.list
sudo apt-get update && sudo apt-get install ajenti
sudo service ajenti restart
Installing MySql
sudo apt-get update
sudo apt-get install mysql-server
sudo mysql_secure_installation
Create a MySQL Database and User for WordPress
mysql -u root -p
CREATE DATABASE wordpress;
CREATE USER wordpressuser@localhost IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON wordpress.* TO wordpressuser@localhost;
FLUSH PRIVILEGES;
exit
Install PHP
sudo apt-get install php libapache2-mod-php php-mcrypt php-mysql
install wordpress
cd ~
wget http://wordpress.org/latest.tar.gz
tar xzvf latest.tar.gz
Configure WordPress
cd ~/wordpress
cp wp-config-sample.php wp-config.php
curl -s https://api.wordpress.org/secret-key/1.1/salt/
Copy Files to the Document Root
sudo rsync -avP ~/wordpress/ /var/www/html/
cd /var/www/html
sudo chown -R demo:www-data *
mkdir /var/www/html/wp-content/uploads
sudo chown -R :www-data /var/www/html/wp-content/uploads
remove apache
sudo apt-get autoremove
sudo apt-get remove apache2*
removing and installing latest version of node
to uninstall node
sudo apt-get remove nodejs
to install latest version 8.x
cd ~
curl -sL https://deb.nodesource.com/setup_8.x -o nodesource_setup.sh
sudo bash nodesource_setup.sh
sudo apt-get install nodejs
sudo apt-get install build-essential
sudo apt-get update
To generate CSR
install OpenSSL
sudo apt-get install openssl
to generate key
sudo openssl genrsa -out picubed.io.key 2048
then generate CSR using key
sudo openssl req -new -key picubed.io.key -out picubed.io.csr
nginx: Prevent search engines from indexing your development server
If you nginx powered development instances are showing up in Google search results, there is a quick and easy way to prevent search engines from crawling your site. Add the following line to the location block of your virtualhost configuration file for the block that you want to prevent crawling.
add_header X-Robots-Tag "noindex, nofollow, nosnippet, noarchive";
Should be nice to check before and after the modification with an:
# service nginx reload
installing & configuring osTicket
Fixed problem with nginx url routing
Throw error:
URL not supported
I fixed by editing the get_path_info function in /include/class.osticket.php#L366
function get_path_info() {
if(isset($_SERVER['PATH_INFO']))
return $_SERVER['PATH_INFO'];
if(isset($_SERVER['ORIG_PATH_INFO']))
return $_SERVER['ORIG_PATH_INFO'];
//TODO: conruct possible path info.
return null;
}
With:
function get_path_info() {
if(!empty($_SERVER['PATH_INFO']))
return $_SERVER['PATH_INFO'];
if(isset($_SERVER['ORIG_PATH_INFO']))
return $_SERVER['ORIG_PATH_INFO'];
//
$path_info = substr($_SERVER['REQUEST_URI'], strlen($_SERVER['SCRIPT_NAME']));
if (strpos($path_info, '?') !== false) {
$path_info = substr($path_info, 0, strpos($path_info, "?"));
}
if (isset($path_info[0]) && $path_info[0] == '/') {
return $path_info;
}
return null;
}
Nginx config:
server {
listen 443 ssl;
server_name support.picubed.io;
root /home/ubuntu/osticket/upload;
index index.php index.html index.htm index.nginx-debian.html;
client_max_body_size 2000M;
client_body_buffer_size 100M;
client_header_buffer_size 10M;
large_client_header_buffers 2 10M;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 15;
send_timeout 10;
gzip on;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/x-javascript text/xml text/css application/xml;
set $path_info "";
# Deny access to all files in the include directory
location ~ /include {
deny all;
return 403;
}
# Requests to /api/* need their PATH_INFO set, this does that
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
# /api/*.* should be handled by /api/http.php if the requested file does not exist
location ~ ^/api/(tickets|tasks)(.*)$ {
try_files $uri $uri/ /api/http.php$is_args$args;
}
# /scp/ajax.php needs PATH_INFO too, possibly more files need it hence the .*\.php
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
# Make sure requests to /scp/ajax.php/some/path get handled by ajax.php
location ~ ^/scp/ajax.php/(.*)$ {
try_files $uri $uri/ /scp/ajax.php$is_args$args;
}
location ~ ^/ajax.php/(.*)$ {
try_files $uri $uri/ /ajax.php$is_args$args;
}
location / {
index index.php;
#try_files $uri $uri/ /index.php$is_args$args;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
More reading..
https://www.rosehosting.com/blog/how-to-install-osticket-on-ubuntu-16-04/
Configure the Nginx virtual host
server {
listen 80;
server_name my-domain.com;
root /var/www/osticket/upload;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
index index.php index.html index.htm;
gzip on;
gzip_min_length 1000;
gzip_types text/plain application/x-javascript text/xml text/css application/xml;
set $path_info "";
location ~ /include {
deny all;
return 403;
}
if ($request_uri ~ "^/api(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/api/(?:tickets|tasks).*$ {
try_files $uri $uri/ /api/http.php?$query_string;
}
if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
set $path_info $1;
}
location ~ ^/scp/ajax.php/.*$ {
try_files $uri $uri/ /scp/ajax.php?$query_string;
}
location / {
try_files $uri $uri/ index.php;
}
location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
update system timezone
dpkg-reconfigure tzdata
Installing PhpMyAdmin with Nginx on Ubuntu
Create a directory for PHPMyAdmin and change its ownership to the www-data user.
mkdir /usr/share/phpmyadmin
chown www-data:www-data /usr/share/phpmyadmin
Clone the “STABLE” branch of the PHPMyAdmin GitHub repository into this directory.
cd /usr/share/phpmyadmin
sudo -u www-data -H git clone --depth=1 --branch=STABLE git://github.com/phpmyadmin/phpmyadmin.git .
Do not miss the dot at the end of the Git command.
Edit the desired virtual host file and add the following to it:
location /phpmyadmin {
alias /usr/share/phpmyadmin;
}
location ~ ^/phpmyadmin(.+\.php)$ {
alias /usr/share/phpmyadmin;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /usr/share/phpmyadmin$1;
include fastcgi_params;
}
location ~ ^/phpmyadmin/(.*\.(eot|otf|woff|ttf|css|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|xls|tar|bmp))$ {
alias /usr/share/phpmyadmin/$1;
expires 30d;
log_not_found off;
access_log off;
}
Make sure these blocks are placed above the other location blocks.
Create a database and grant the necessary privileges to utilize the extra features of PHPMyAdmin like bookmarking and history.
mysql -u root -p
create database phpmyadmin;
CREATE USER 'phpmyadminuser'@'localhost' IDENTIFIED BY 'PhpTough@123';
GRANT ALL PRIVILEGES ON phpmyadmin . * TO 'phpmyadminuser'@'localhost';
FLUSH PRIVILEGES;
Create a config.inc.php file for PHPMyAdmin:
nano /usr/share/phpmyadmin/config.inc.php
Place the following code:
<?php
$i = 0;
$i++;
$cfg['Servers'][$i]['host'] = 'localhost';
$cfg['Servers'][$i]['connect_type'] = 'socket';
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['user'] = '';
$cfg['Servers'][$i]['password'] = '';
$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
$cfg['Servers'][$i]['controluser'] = 'pmauser';
$cfg['Servers'][$i]['controlpass'] = 'pmapass';
$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
$cfg['Servers'][$i]['relation'] = 'pma__relation';
$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
$cfg['Servers'][$i]['history'] = 'pma__history';
$cfg['Servers'][$i]['recent'] = 'pma__recent';
$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
$cfg['Servers'][$i]['users'] = 'pma__users';
$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
$cfg['Servers'][$i]['designer_coords'] = 'pma__designer_coords';
$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
$cfg['DefaultLang'] = 'en';
$cfg['ServerDefault'] = 1;
$cfg['blowfish_secret'] = 'random-secret';
$cfg['ForceSSL'] = false;
?>
Set ForceSSL to true if you have an SSL certificate installed.
Obtain a randomly generated blowfish secret from this website and add it to the blowfish_secret line.
Do an Nginx configuration test and reload if successful:
sudo service nginx configtest
sudo service nginx reload
Access PHPMyAdmin from the web browser:
Configure Cron to periodically check for updates and pull them from GitHub. Edit the cron file of the www-data user.
crontab -u www-data -e
Add the following line:
@daily cd /usr/share/phpmyadmin/ && git pull -q origin STABLE
That’s it, we have installed the latest version of PHPMyAdmin on Nginx and also configured it.
How to fix connect() to php5-fpm.sock failed (13: Permission denied) while connecting to upstream Nginx error
I encountered this problem after updating PHP to 5.5.12. I use Nginx with PHP5 FPM and after the updating PHP I was seeing 502 Gateway Error pages. Nginx’s error log file (/var/log/nginx/error.log) had the following in it:
2014/05/08 06:22:24 [crit] 24538#0: *292759 connect() to unix:/var/run/php5-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 1.1.1.1, server: websistent.com, request: "GET /wordpress-custom-403-401-error-page/ HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.sock:", host: "websistent.com"
The default value of the listen.mode was 0666 prior 5.5.12. To fix the CVE-2014-0185 vulnerability this was changed to 0660. This is evident from the permissions:
$ ls -l /var/run/php5-fpm.sock
srw-rw---- 1 root root 0 May 1 19:40 /var/run/php5-fpm.sock
Notice the first column of the output srw-rw----, it means users/groups other than root do not have any permissions on this file.
We have two options now:
- Explicitly set the “listen.mode” to 0666 which make it insecure, or
- Change the owner and group of the socket file so that Nginx can read/write to it.
Option 2 is highly recommended, find out username used by the Nginx worker processes:
grep 'user' /etc/nginx/nginx.conf
The most common ones are either www-data or nginx. Edit PHP FPM pool configuration file:
/etc/php5/fpm/pool.d/www.conf
Find the following lines:
listen.owner = bob
listen.group = bob
Add the user www-data as a member of secondary group bob
usermod -G bob www-data
Restart the PHP FPM daemon
service php5-fpm restart
Check if the ownership of the socket file has changed
$ ls -l /var/run/php5-fpm.sock
srw-rw---- 1 www-data www-data 0 May 1 22:13 /var/run/php5-fpm.sock
checking which process is running on given port Linux
lsof -i :8000
to kill process running in given port
kill process-id
Some useful Linux commands
To change owner and gropup of file/directory
changes all sub folders too
sudo chown -R username:group directory
changes given folder only
sudo chown username:group directory
The Linux 'unzip' Command
Decompress Single ZIP Files
unzip filename
Decompress Multiple ZIP Files
unzip filename1 filename2 filename3
Exclude Some ZIP Files
unzip filename.zip -x filetoexclude.zip
Extract a ZIP File to a Different Directory
unzip filename.zip -d path/to/extract/to
How to Show the Contents of a Compressed Zip File
unzip -l filename.zip
How to Test If a ZIP File Is Valid
unzip -t filename.zip
Decompress a ZIP File Without Prompting to Overwrite
unzip -n filename.zip
Extract Password-Protected ZIP Files
unzip -P password filename.zip
To compress:
To compress:
zip squash.zip file1 file2 file3
or to zip a directory
zip -r squash.zip dir1
To uncompress:
unzip squash.zip
remove/delete all from directory
rm -rf directoryName
How To Secure Nginx with Let's Encrypt on Ubuntu
Step 1 — Installing Certbot
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
And finally, install Certbot's Nginx package with apt-get
sudo apt-get install python-certbot-nginx
Step 2 — Obtaining an SSL Certificate
sudo certbot --nginx -d example.com -d www.example.com
Step 3 — Verifying Certbot Auto-Renewal
sudo certbot renew --dry-run
How to Change MYSQL Root PASSWORD Ubuntu
mysqladmin -u root -p'oldPassword' password 'newPassword'
installing SuiteCRM
cd /tmp && git clone https://github.com/salesagility/SuiteCRM.git suitecrm
sudo mv suitecrm /var/www/suitecrm/
sudo chown -R www-data:www-data /var/www/suitecrm/
sudo chmod -R 755 /var/www/suitecrm/
composer install
To Setup Crontab
In order to run SuiteCRM Schedulers, edit your web server user's crontab file with this command:
sudo crontab -e -u www-data
... and add the following line to the crontab file:
* * * * * cd /var/www/suitecrm; php -f cron.php > /dev/null 2>&1
You should do this only after the installation is concluded.
Read more about this
https://websiteforstudents.com/install-suitecrm-on-ubuntu-16-04-lts-with-nginx-mariadb-php-7-1-and-lets-encrypt-free-ssl-tls/
Detect web traffic source device
http://detectmobilebrowsers.com/mobile
To install git
sudo apt-get install git
How To Set Up Git
Generating a new SSH key