Ken's Tech Note

ISPConfig comes with LetsEncrypt integrated in its panel for web domains. However, it does not automatically use the SSL cert for FTP service (PureFTP). This post describes the steps to enable the support. 1. We need an FQDN so that Lets Encrypt (LE) will be able to generate SSL under ISPConfig panel. 2. PureFTP TLS support requires a cert in .pem format which can be generated by leveraging the LE cert generated: cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /etc/ssl/private/pure-ftpd.pem 3. Restart PureFTP so that it will not use the new certificate 4. LE certificates need to be renewed regularly so it is necessary to create a cron job to keep the .pem file updated. Setup a crontab 0 6 * * * /etc/letsencrypt/certbot-auto -n renew --quiet --no-self-upgrade && cat /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/letsencrypt/live/mydomain.com/fullchain.pem > /etc/ssl/private/pure-ftpd.pem && se...

In the recent version of Ubuntu with MySQL / MariaDB, phpMyAdmin can no longer be used via "root". This is because MySQL is now default to use UNIX auth_socket plugin for login for "root". The solution is to set the root user to use mysql_native_password plugin again. $ sudo mysql - u root mysql > USE mysql ; mysql > UPDATE user SET plugin = 'mysql_native_password' WHERE User = 'root' ; mysql > FLUSH PRIVILEGES ; mysql > exit ; $ service mysql restart

Technically, NginX is not vulnerable to Slowloris attack. But the default configurations may not be able to handle Slowloris attack. HEXADIX has published a how-to that is simple to follow: https://hexadix.com/slowloris-dos-attack-mitigation-nginx-web-server/ The key steps are to increase the value of certain variables: Under nginx.conf, add the followings: worker_rlimit_nofile 102400; events { worker_connections 100000; } Check the system and user open file limit.

After standard installation of Perfect Server Ubuntu 16.04LTS, the LetsEncrypt fails to activate. The error log has the following errors: Deserialization error: Wrong directory fields Try re-install Lets Encrypt https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-16-04 sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install python-certbot-nginx Then return to ISPConfig panel and try to activate again.

Problem: Restoring a wordpress site using BackupBuddy on ISPConfig / nginx. The home page looks fine, but other pages becomes Error 404. Solution: Edit the nginx conf.d/sites-available/yoursite.vhost Add this at the end of the file, just before the final }.        if (!-e $request_filename) { rewrite ^.*$ /index.php last; }if (!-e $request_filename) { rewrite ^.*$ /index.php last; } Another official change is documented at WordPress.org standard. Source: https://codex.wordpress.org/Nginx Add this, or create the new location / block location / { # This is cool because no php is touched for static content. # include the "?$args" part so non-default permalinks doesn't break when using query string try_files $uri $uri/ /index.php?$args; }

To follow the previous blog article, what if we need to extend /var by moving it to another partition? The following article outlines the key steps. Meanwhile, I found some of the steps are only required if you have SELINUX enabled. The key steps are: 1) Launch a new EBS, choose SSD for speed, or HDD for higher volume. 2) Attach the EBS to the server instance. 3) Login via SSH client. 4) fdisk /dev/xvdf - Note when you provision a new EBS and attach it to EC2, it will say it will rename automatically to /dev/xvdf through /xvdp 5 )mkfs -t ext4 /dev/xvdf1 - format new partition for Linux use 6) mount /dev/xvdf1 /mnt - mount it at /mnt 7) shopt -s dotglob - copy files from /var to /mnt rsync -aulvXpogtr /var/* /mnt 8) umount /mnt - unmount 9) Edit /etc/fstab /dev/xvdf1   /var       ext4    defaults,noatime,nofail 0   2 10) mv /var/ /var.old - change the original to become a backup 11) mkdir /var - re-create the /v...

The EC2 standard EBS is 8G. Planning a simple single EBS instance, the EBS will also contain / and root partition. Following the steps in http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/recognize-expanded-volume-linux.html, we can expand the EBS without stopping the instance. The key steps: 1) Login to AWS Console, locate the EBS and modify the volume size - there is no need to stop the instance (if you are using the current generation of EC2 and EBS - as of Oct, 2017) 2) SSH to the EC2 3) Run lsblk - you will see xvda / xvda1 with different sizes, meaning you need to resize the partition before you can expand the volume 4) Resize the partition - growpart /dev/xvda 1  (note the space between xvda and 1) 5) The resize the filesystem - resize2fs /dev/xvda1 There are other posts saying stopping the instance, and use parted and gdisk. In our case, it is not necessary. There are disadvantages of a using single EBS scenario, but the beauty is that OS/...