Using a Cisco router with Telstra FTTH Velocity Service

800px-Cisco_logo.svg

I recently got fibre to the home (FTTH) or as some other people like to call fibre to the premise (FTTP) thanks to Telstra and their Velocity service. Now is is quite straight forward, someone comes out and connect activates the ONT unit. In my case the fibre is terminated at the ONT unit and then patched to the lounge courtesy of CAT5E running into every room in the apartment. From there I was able to patch from the lounge straight to bedroom 1 (b1) and from there to the router (it sounds complicated but its not). Now from my learnings there are two ways to connect, both requiring PPPOE authentication, you can either set up a new connection on a Windows 7 machine (or other flavours of Windows) and create a PPPOE dialer or you can connect a PPPOE capable router and pass credentials that way.

Telstra Fibre Router

Why am I writing this post you ask…. well it has to do with the learnings I stumbled upon while connecting my Cisco 1801 series router and wish to share my experiences, even if they are not the same as yours you might find this useful in troubleshooting your own connection.

I’m not sure about the Australian National Broadband Network (NBN) connection but could have some relevancy to this >>

Telstra OTP

Turn on terminal monitor

en
term mon

Turn on ppp debugging (this will show you when the dialer is trying to auth)

en
debug ppp authentication

First off, you don’t need the ATM interface if you have a config already set up for DSL so first thing is to disable the ATM interface

en
conf t
int atm0
shutdown

You will need a dialer interface, I have mine set up as “Dialer0” with the following (using CHAP)

!
interface Dialer0
 description Velocity
 ip address negotiated
 no ip redirects
 no ip proxy-arp
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname [email protected]
 ppp chap password pa55w0rd
!

Note “dialer-group 1”

Now we have to assign the Dialer0 to the interface, depending on your Cisco product and IOS version is dependant on what you do here but for me I had to create a vlan and assign the vlan to the layer 2 interface (FastEthernet8) in my case.

en
conf t
int fa8
switchport access vlan 999

If you don’t have the vlan 999 created, it will create it for you (it doesn’t need to be vlan 999 but any number you aren’t using).

Now you have to enable pppoe and assign the dialer pool number in the vlan (note my dialer pool number is 1) and assign as a outside natting interface.

en
conf t
int vlan 999
ip nat outside
pppoe enable
pppoe-client dialer-pool-number 1

Check your interfaces to see if it is connected

en
conf t
sh ip int brief

A more complete configuration example would be the following:

NOTE: This is for a Cisco router that has eight ports, you will need to add/remove depending on physical ethernet ports.

!
hostname Cisco
!
ip name-server 8.8.8.8
ip name-server 4.4.2.2
!
interface Dialer0
 description PPPOE-Velocity
 ip address negotiated
 ip mtu 1492
 ip nat outside
 encapsulation ppp
 dialer pool 1
 dialer-group 1
 no cdp enable
 ppp authentication chap pap callin
 ppp chap hostname [email protected]
 ppp chap password pa55w0rd
!
interface FastEthernet1
 shutdown
!
interface FastEthernet2
 shutdown
!
interface FastEthernet3
 shutdown
!
interface FastEthernet4
 shutdown
!
interface FastEthernet5
 shutdown
!
interface FastEthernet6
 shutdown
!
interface FastEthernet7
 shutdown
!
interface FastEthernet8
 description FTTP
 switchport access vlan 999
!
interface Vlan999
 ip address negotiated
 ip nat outside
 pppoe enable
 pppoe-client dialer-pool-number 1
!
banner login ^C
*******************************************
* WARNING !!! *
* This device is for the use of *
* authorised users only. *
* Unauthorised access or attempt *
* to gain unauthorised access *
* will be logged and reported to *
* the authorities *
*******************************************
^C
!
alias exec ct config t
alias exec wr copy running-config startup-config
!

Change the following for your own circumstances:

  • PPP CHAP username and password
  • Type and amount of Ethernet ports, could be only two or four ports and maybe Gigabit Ethernet instead (GigabitEthernet).

You should be able to add your nats and anything else you require for your inside LAN, I added some alias but you don’t need them.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to set up a email server using Postfix, Dovecot and Roundcube on Linux Debian

Postfix

Domain and Records

Before you start anything, you need a domain. If you don’t have one, purchase one.

Because it takes time to replicate the records, you need to start this processes first.

You will need to create A records for the domain, I created the following:

  • @
  • www
  • mail
  • smtp
  • imap
  • webmail

I have them all pointing to the same IP address but for the purpose of using different addresses for each service makes it

You will also need to point the MX record of the domain to the public facing IP address of the Linux box (and set up any natting if required).

Platform Set Up

I am assuming you already have a working Linux installation, for my set up I am using Linux Debian 7 (Wheezy) kernel version 2.6.32-042 Stable 64bit.

There are various ways you can set this up, for my set up I will be using a single server for handling the mail, presenting the webmail and holding the mySQL database. You can separate these functions out to different servers depending on the load requirements and underlying infrastructure.

Make sure your system is up-to-date by running the following command:

apt-get update
apt-get upgrade

Design

This is how the whole solution hangs together. It makes sense to me, hopefully it will make sense to you at least by the time you finish reading this tutorial.Mail Hosting Design

 

MBox vs MailDir

The Unix world has two ways of storing mail messages, the traditional mbox format and the newer maildir format. Postfix and Dovecot supports the two mail storage format so you can use any format, but I highly recommend you use the maildir format.

For the purpose of this tutorial I will be setting it up with maildir, for me the main purpose of this was to allow subfolders to be created in the mailbox (mbox doesn’t allow this no matter how much I tried!)

I won’t explain how mbox works but I will explain how Maildir does:

Receiving and storing a mail

  1. Create a unique file in the tmp directory
  2. Write the mail into the newly created file
  3. Move the completely written mail into the new directory

Retrieving a mail

  1. Locate and read the mail
  2. Move the mail from new into the cur directory and append the mail status flag into the filename

Deleting a mail

  1. Delete the file containing the mail

Searching a mail

  1. Search each and every mail file

*Advantages

  • Locating, retrieving and deleting a specific mail is fast
  • Minimal to no file locking is needed
  • Can be used on a network file system
  • Immune to mailbox corruption assuming hardware will not fail

*Disadvantages

  • Some filesystems may not efficiently handle a large number of small files
  • Searching text is slow due to all mail files to be opened.

SSL Certificate

Don’t get mistaken, if you don’t have a SSL certificate from a certified certificate authority then you can still use a self signed one. For this tutorial we   are going to assume the certificate is saved in /etc/ssl/certs/mailcert.pem and the key is saved in /etc/ssl/private/mail.key. Make sure the key is only readable by the root user!

Create a self signed certificate

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/mail.key -out /etc/ssl/certs/mailcert.pem

Fill in the details

Example only:

Generating a 2048 bit RSA private key
.............................+++
................+++
writing new private key to 'mail.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]: AU
State or Province Name (full name) [Some-State]: QLD
Locality Name (eg, city) []: Sydney
Organization Name (eg, company) : My Company Name
Organizational Unit Name (eg, section) []: IT Dept
Common Name (e.g. server FQDN or YOUR name) []: mail.example.com
Email Address []: [email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Note that this way you cannot create a certificate valid for more than one domain using the subjectAltName field without some additional work.

Check to see if the certs are created:

ls /etc/ssl/certs/mailcert.pem
ls /etc/ssl/private/mail.key

Postfix

Remove packages

If you are using Debian there is a default MTA on Debian called exim4, you need to remove this or it will conflict with the port mappings.

apt-get remove exim4

Install Postfix

Install Postfix

apt-get install postfix

Stop Postfix

postfix stop

Postfix manages it’s own daemons so the following commands work to manage Postfix

  • postfix start
  • postfix stop
  • postfix reload

Configuring Postfix

Postfix has two configuration files

  1. /etc/postfix/master.cf = configuration of services Postfix should run on
  2. /etc/postfix/main.cf = configuration options
Configure master.cf
vi /etc/postfix/master.cf

Add the following into the master.cf, this will take mail from trusted clients for delivery to broader internet, this restricts unauthorised users.

submission inet n       -       -       -       -       smtpd
  -o syslog_name=postfix/submission
  -o smtpd_tls_wrappermode=no
  -o smtpd_tls_security_level=encrypt
  -o smtpd_sasl_auth_enable=yes
  -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject
  -o milter_macro_daemon_name=ORIGINATING
  -o smtpd_sasl_type=dovecot
  -o smtpd_sasl_path=private/auth

The “-o” options override the settings that are taken from defaults.

Configure main.cf

It is better to start with a clean slate so make a copy of the main.cf first

cp /etc/postfix/main.cf /etc/postfix/main.cf.orig

Delete main.cf

rm /etc/postfix/main.cf

Create a new main.cf file

vi /etc/postfix/main.cf

Copy the following into the file

myhostname = mail.example.com
myorigin = /etc/mailname
mydestination = mail.example.com, example.com, localhost, localhost.localdomain
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
home_mailbox = Maildir/
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all

Change the following lines to reflect your domain:

  • myhostname =
  • mydestination =

Check /etc/mailname file and ensure the correct FQDN is there eg: example.com

With mydestination, just change the first two.

Ensure the host name of the service is specified in /etc/mailname; if you have used the same A records then use the “mail” one unless you have specific requirements not to.

The purpose of “mydestination” sets the domains postfix accepts emails for.

Leaving “relayhost” empty disables Postfix from being used as a relaying server.

In the same file (main.cf) you need to specify alias maps, enter the following lines:

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases

We need to also specify SSL settings, enter the following after alias maps in main.cf:

smtpd_tls_cert_file=/etc/ssl/certs/mailcert.pem
smtpd_tls_key_file=/etc/ssl/private/mail.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtpd_tls_security_level=may
smtpd_tls_protocols = !SSLv2, !SSLv3

Furthermore to the main.cf file is to add a line to enable Postfix to reject email to users that cannot be found in the table which in this case, is the aliases table.

Aliases

Aliases are defined in the /etc/aliases file to tell Postfix what email addresses to accept; for example: name@example.com

SMTP RFC 5321 mandates that any publicly accessible mail server that accepts any mail at all must also accept mail to the following addresses:

  • postmaster
  • hostmaster
  • abuse
  • webmaster

You can set up redirects from those email accounts to a specific user by adding in the aliases file “root: user” (user being the email address of a user).

mailer-daemon: postmaster
postmaster: root
nobody: root
hostmaster: root
webmaster: root
abuse: root
root: user1
user1: user1

After updating aliases you must update the aliases database by issuing the following command:

newaliases

Dovecot

Install Dovecot

apt-get install dovecot-core dovecot-imapd

Configuring Dovecot

Clearing out the configuration file is best for this too

cp /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf.orig
rm /etc/dovecot/dovecot.conf
vi /etc/dovecot/dovecot.conf

Add the following:

disable_plaintext_auth = no
mail_privileged_group = mail
mail_location = maildir:~/Maildir:LAYOUT=fs
userdb {
  driver = passwd
}
passdb {
  args = %s
  driver = pam
}
protocols = " imap"

This enables plaintext authentication (the plain text is tunnelled through TLS) and tells Dovecot to use the “mail” system group for accessing local mailboxes and uses Unix authentication system to autenticate users and enable imap only.

It’s probably best to have Dovecot automatically create the Draft, Junk, Trash, Sent folders so add the following to the dovecot.conf file:

protocol imap {
  mail_plugins = " autocreate"
}
plugin {
  autocreate = Draft
  autocreate2 = Junk
  autocreate3 = Trash
  autocreate4 = Sent
  autosubscribe = Draft
  autosubscribe2 = Junk
  autosubscribe3 = Trash
  autosubscribe4 = Sent
}

We need to open a socket that Postfix can use to piggy-back on Dovecot’s authentication, add the following in dovecot.conf

service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0660
    user = postfix
  }
}

Also configure SSL by adding the following into dovecot.conf

ssl=required
ssl_cert =</etc/ssl/certs/mailcert.pem
ssl_key =</etc/ssl/private/mail.key

Start Processes

This should be it, execute the following to start Postfix and Dovecot

newaliases
postfix start
service dovecot restart

Testing

You don’t have to do this but it is good to see it all working, create two users:

adduser user1

Add the users into aliases

vi /etc/aliases
user1: user1

Recreate aliases database

newaliases

Send an email to user1 and user2

Log into user1

su - user1

Check mail for user1

cat /var/mail/user1

You should be able to connect IMAP clients such as Outlook or Apple iPhone clients. If you created the same A records as mine then you should use the following settings:

incoming mail server: imap.example.com (SSL on port 993)
user: user1
password: what ever password you specified
outgoing mail server: smtp.example.com (SSL on port 587)

If this isn’t working out so far, re-read the instructions above, if that fails I have added a troubleshooting section at the end of this post.

Roundcube

Okay, if all is going well at this point, then lets install Roundcube.  If you prefer using a different webmail solution or if you wish not to use one then skip this step.

Roundcube is ajax driven webmail solution that runs on a typical LAMPP stack. There are customisable skins (two pre-installed) that use the latest web standards (XHTML and CSS 2)

Download the latest version from here using wget on the server

If Apache, mySQL and PHP isn’t installed, follow the steps

Install Apache2

apt-get install apache2

Install mySQL

apt-get install mysql-server

You will need to specify a mysql root password, make this secure and save in a password manager – you will need this later

Install PHP 5

apt-get install php5 libapache2-mod-php5 php5-mysql

Restart Apache

/etc/init.d/apache2 restart

An example only:

Change to root folder

cd /root
wget http://downloads.sourceforge.net/project/roundcubemail/roundcubemail/1.1.1/roundcubemail-1.1.1-complete.tar.gz?r=&ts=1431079309&use_mirror=jaist

Extract the archive out (install tar if not already installed)

tar xvf roundcubemail-1.1.1-complete.tar.gz

Install additional packages

apt-get install php5-mcrypt
apt-get install php5-intl

Configure time zone in Apache

vi /etc/php5/apache2/php.ini

Change the following line to a time zone specific to your location, a list of acceptable variables are located here

Okay, so that is the base for Roundcube to be installed on, now you have to configure a vhost for Apache which can be followed using this process. I recommending using the A record webmail for your vhost and locating it in the /var/www/vhosts directory.

Create a folder for Roundcube to be installed

mkdir -p /var/www/vhosts/webmail.example.com

Copy the Roundcube files to the vhost location (my example is Roundcube version 1.0.2)

mv /root/roundcubemail-1.1.1/* /var/www/vhosts/webmail.example.com

mySQL

You will need to create a new database and grant privileges to it for a local mySQL account using the steps below. If you require further mySQL commands, refer to my mySQL cheatsheet

Log into mySQL

mysql -u root -p

Use the password you specified earlier when installing mySQL

Create a database

CREATE DATABASE roundcube;

Grant privileges

GRANT ALL PRIVILEGES ON roundcube.* TO [email protected] IDENTIFIED BY 'password';

Change the ‘password’ to something secure

Flush privileges

FLUSH PRIVILEGES;

Exit mySQL command line interface

exit

Launch Roundcube Installer

So, if that is all set up correctly you should have a Apache, PHP and mySQL installed with a database ready to be used.

Go to the following address to run the Roundcube installer

http://webmail.example.com/installer

Follow the prompts

If everything works out you should be able to go to your new webmail console at http://webmail.example.com

Roundcube Webmail

Roundcube Plugins

So if you are using the Roundcube webmail you will find a basic web mailing features. If you desire more than that then you can install a multitude of plugins to add certain functionality. You can find the plugin directory here -> Roundcube Plugin Directory

Roundcube Security

Change the encryption key in the config.inc.php file to a new 24 character string

vi /var/www/vhosts/webmail.example.com/config/config.inc.php

Find the string:

$config['des_key'] = 'some24bitstring'

Message Attachment Size Limit

Postfix

By default, Postfix limits the file attachment size to 10 megabytes. You can can this by executing the following:

postconf -e 'message_size_limit = 102400000'

This limits file sizes from 10M to 100M (This is not recommended if you don’t have a good internet connection on the server)

Roundcube

Once you have changed the attachment size in Postfix, you might want to change it in Roundcube

Make a backup of php.ini first

vi /etc/php5/apache2/php.ini

Search for the following two lines:

post_max_size =
upload_max_filesize =

Change the values to your desired size.

Restart Apache for settings to take effect

/etc/init.d/apache2 restart

Troubleshooting

To see any problems with the setup

tail -f /var/log/syslog

OR

tail -f /var/log/mail.log

To see the mail queue in Postfix

mailq

To clear the mail queue

postsuper -d ALL

Location mail is stored:

For root:

/root/Maildir

For users:

/home/%user%/Maildir

If you cannot see mail in the web mail client, browse to the Maildir directory for the user and see if you see any files in the cur folders

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

WordPress Security Keys

wordpress-logo-stacked-rgb

Using strong security keys is an important part of securing WordPress against external attack. WordPress security Keys refer to four authentication keys and four hashing salts (random bits of data) that work to add an extra layer of security to your cookies and password. The security keys are defined in your WordPress configuration file aka wp-config.php.

Out of the box there are keys predefined however if you want a super strong WordPress installation, you should really change these to something else. As of WordPress 3.0, there are eight security keys in the following format:

  • WordPress 2.6: AUTH_KEY, SECURE_AUTH_KEY, LOGGED_IN_KEY
  • WordPress 2.7: NONCE_KEY
  • WordPress 3.0: AUTH_SALT, SECURE_AUTH_SALT, LOGGED_IN_SALT, NONCE_SALT

View the Security Keys

1. Edit the wp-config.php file

vi /var/www/example.com/wp-config.php

Example:

/**#@+
 * Authentication Unique Keys and Salts.
 *
 * Change these to different unique phrases!
 * You can generate these using the {@link https://api.wordpress.org/secret-key/1.1/salt/ WordPress.org secret-key service}
 * You can change these at any point in time to invalidate all existing cookies. This will force all users to have to log in again.
 *
 * @since 2.6.0
 */
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');

/**#@-*/

Each key needs to be completely random and different from the others. You can do this manually or you can use the WordPress online service for an automatic key-generation.

Official WordPress Secret Key Generator (opens a new window)

You can refresh the page to generate new keys until you find the key set you desire the most

You will need to copy the entire block of code and replace the eight default keys with the eight random ones.

Other Considerations

  • Never reveal your security keys to anyone
  • Any logged in users will need to log back in if you change the keys
  • Security keys can be changed at anytime

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to Install Curl into PHP5 and Apache

linux-logo-300x300

Curl is a library that lets your make HTTP requests in PHP.

Most hosting providers have cURL installed already but if you have to install it on your self managed server with Apache and PHP5 installed, then follow this step by step process.

1. Install packages

apt-get install curl libcurl3 libcurl3-dev php5-curl php5-mcrypt

2. Open php.ini and add extension (my php.ini file is located at /etc/php5/apache2/php.ini)

vi /etc/php5/apache2/php.ini
extension=curl.so

3. Restart Apache

/etc/init.d/apache2 restart

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

A Collection of Wordlists

You are only as effective as the wordlist you use, over the years I have collected a fair few of them and will bring them to you all in one place.

You will need to right click and save target to download the file otherwise it will open in a new window.

Due to on-going costs to seed this from AWS, I have had to set this to requestor pays. Please comment if you would like access to these archives.

Random

dic.txt 8.6MB

largelist.txt 1.8GB

realhuman_phill.txt 683.2KB

rockyou.txt 133.4KB

Openwall

pwgen-nontty.gz 118.7MB

pwgen-tty.gz 120.4MB

wordlists-20031009-content.zip 213.6MB

wordlists-20031009-iso.zip 178.4MB

I will add more as I get them.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Add User to Sudo Without Prompting Password

linux-logo-300x300

You might need to add users to sudoers but when they elevate to sudo they will be prompted for a password, this process will add the user to sudoers and also allow them to run commands without being prompted for a sudo password.

This works for Linux Ubuntu or Debian

Process

1. Install Sudo (if not currently installed)

apt-get install sudo

2. Edit Sudo configuration

visudo

3. Add this line at the end of the configuration file (change sally to the username you are using)

sally ALL=(ALL) NOPASSWD: ALL

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

How to Reveal Hidden Passwords in Web Browsers

In many places where you need to input your password to gain access, authorise or confirm a transaction, whenever you type passwords into the input box, the characters automatically change into asterisks or bullets. This is to protect your password from straying eyes.

There is a simple trick to find out what is behind the bullet points or asterisks in web browsers.

The hidden fields are disguised using simple HTML or CSS so just changing the values on the fly will reveal what is behind the bullets or asterisks.

Google Chrome

In this example I am using Linkedin as a login area.

Right click on the password box and click on “Inspect element”

Linkedin Login Inspect Element

At the bottom of your screen it will be sectioned off with a whole lot of code, you will only need to focus on the code highlighted in blue.

Linkedin Element Password Linkedin Element PasswordLinkedin Element Password

Change type=password to type=text

Once you change that the password is revealed.

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Change WordPress Existing Images Path Using mySQL Database Strings

wordpress

I rebuilt my WordPress blog and had to change the image path, instead of changing it back straight away I kept using it, some images ended up in /wpcontents/uploads/* and some ended up in /wp-contents/uploads/*

So, naturally I had to change this back to /wp-contents/uploads and move all the existing files back, moving the files back wasn’t a problem but changing the image locations in the database was (without doing this completely manually and spending days on it)!

There are two ways of doing this, which will produce the same result, one is using phpMyAdmin and the other is using the command line and issuing sql commands. I will be only demonstrating the command line way as I don’t have phpMyAdmin installed, nor do I want to install it.

 

1. Shell to the server

2. Log into mySQL

mysql -u root -p
<enter password>

3. Select database

use <database>;

4. Run the following

You will need to run both commands, change example.com and your path to the new ones you want to use)

Update wp_posts (post_content)

UPDATE wp_posts SET post_content = REPLACE (post_content, 'http://www.example.com/image/path','http://www.example.com/new/image/path');

Update wp_posts (guid)

UPDATE wp_posts SET guid = REPLACE (guid,'http://www.example.com/image/path','http://www.example.com/new/image/path');

You should get a result like:

wordpress wp_posts sql update

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Sending Files to Linux Servers using SCP

linux-logo-300x300You might need to send files between Linux servers, a great way to send files quickly and securely is by using the SCP command.

Sending to a Host

scp /home/user/file.ext [email protected]:/home/user/folder

scp = The secure file transferring program
/home/user/file.ext = The full path of the file you want to send
[email protected] = Username at host you want to send files to
:/home/user/folder = The full path of where you want to place the file

Receiving from a Host

scp [email protected]:/home/user/folder/file.ext /home/user/folder

scp = The secure file transferring program
[email protected] = Username at host you want to connect to
:/home/user/folder/file.ext = The full path of the file you want to retrieve
/home/user/folder = The full path of where you want to place the file

If you want to run this command without the password being prompted, you will need to set up SSH keys. You can set keys up from Setup SSH Keys for Linux Key Based Authentication

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.

Install Varnish on Linux Debian or Ubuntu for WordPress

varnishcache_rgb-gimp2-alpha

 

What is Varnish?

(From Wikipedia) Varnish is an HTTP accelerator designed for content-heavy dynamic web sites. In contrast to other web accelerators, such as Squid, which began life as a client-side cache, or Apache and nginx, which are primarily origin servers, Varnish was designed as an HTTP accelerator. Varnish is focused exclusively on HTTP, unlike other proxy servers that often support FTP, SMTP and other network protocols.

My Implementation

I implemented Varnish on this WordPress blog, the technical layout is as follows:

Varish Design

1. Install Varnish on Debian or Ubuntu:

apt-get update
apt-get install varnish

2. Edit /etc/varnish/default.vcl

backend default {
            .host = "localhost";
            .port = "8080";
            .max_connections = 30;
            .connect_timeout = 4.0s;
            .first_byte_timeout = 600s;
            .between_bytes_timeout = 600s;
}
# Drop any cookies sent to WordPress.
sub vcl_recv {
            if (!(req.url ~ "wp-(login|admin)")) {
                       unset req.http.cookie;
            }
}

# Drop any cookies WordPress tries to send back to the client.
sub vcl_fetch {
            if (!(req.url ~ "wp-(login|admin)")) {
                       unset beresp.http.set-cookie;
            }
}

3. Edit /etc/default/varnish

START=yes
NFILES=131072
DAEMON_OPTS="-a :80 
             -T localhost:6082 
             -b localhost:8080 
             -u varnish -g varnish 
             -s malloc,1G"

4. Kill the service

pkill varnishd

5. Edit /etc/apache2/ports.conf and change the listening ports to 8080

NameVirtualHost *:8080
Listen 8080

6. Edit all your vhosts to match the port 8080

Example:

<VirtualHost *:8080>
        ServerName example.com
        ServerAlias www.example.com
        DocumentRoot /var/www/vhosts/example.com
       <Directory /var/www/vhosts/example.com>
               Options Indexes FollowSymLinks MultiViews
               AllowOverride all
       </Directory>
        ErrorLog /var/log/apache2/example.com-error.log
        CustomLog /var/log/apache2/example.com-access.log combined
</VirtualHost>

Default:


<VirtualHost *:8080>
        ServerAdmin [email protected]

        DocumentRoot /var/www
        <Directory />
                Options FollowSymLinks
                AllowOverride None
        <</Directory>
        <<Directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

7. Launch Varnish

/etc/init.d/apache2 restart
varnishd -f /etc/varnish/default.vcl -s malloc,1G -T 127.0.0.1:2000

Should you have any questions, comments or suggestions, please don’t hesitate to comment below. If you like what you have read, please share it on your favourite social media medium.