Hello world!

Welcome to WordPress.com! This is your very first post. Click the Edit link to modify or delete it, or start a new post. If you like, use this post to tell readers why you started this blog and what you plan to do with it.

Happy blogging!

Posted in Uncategorized | 1 Comment

Installation

System Requirements:

  • 2 GB of hard disk space
  • 128M or more memory, OpenVZ recommended 192MB or more (small memory Do not use the 64-bit systems)
  • Linux is case-sensitive, enter the command Note!
  • Installation steps:

    1, landing putty or similar SSH tools;
    After landing run: screen-S lnmp
    If you are prompted to screen command does not exist can be executed: yum install screen or apt-get install screen installation, detailed screen tutorial click here .
    2 Download LNMP a key installation package:
    You can choose to use the download version (recommended foreign or American VPS) or the full version (recommended domestic VPS use)
    For the download version execute the command: wget-c http://soft.vpser.net/lnmp/lnmp0.9.tar.gz
    For the full version execute the command: wget-c http://soft.vpser.net/lnmp/lnmp0.9-full.tar.gz of
    After the download is complete LNMP a key installation package will be downloaded to your server or VPS (generally not login as root then switch directories should be in / root below).
    3, unpacked LNMP a key installation package:
    Run: the tar zxvf lnmp0.9.tar.gz or tar zxvf lnmp0.9-full.tar.gz will LNMP a key installation package unzip.
    4, begin installation LNMP a key installation package:
    The In entering LNMP installation directory, execute: cd lnmp0.9 / or cd lnmp0.9-full /
    Before running the installation program requires you to confirm your Linux distribution, you can do: cat / etc / issue see CentOS, Debian or Ubuntu, can also be viewed on the Control Panel by VPS service provider. Determined after the selection below corresponding system installation command:
    CentOS system <br \> execute. / Centos.sh 2> & 1 | tee lnmp.log (if the system is Red Hat Enterprise Linux Server (RHEL) need to ensure that yum can the normal install software, RHEL install yum tutorial )
    The <br \> perform under Debian system. / Debian.sh 2> & 1 | tee lnmp.log
    The Ubuntu system <br \> perform. / Ubuntu.sh 2> & 1 | tee lnmp.log
    After the install command is executed, the following interface will appear:

    Input to bind the domain name (recommended to use a second-level domain name, the domain name will be bound to the / home / wwwroot /, easy management if the input error, you can hold down Ctrl and press the Backspace key to delete), the input is complete car, will display the following interface:
    (Note: if Debian system, enter the domain name will prompt Where are your servers located? Asia, america, europe, oceania or africa here is to select the server or VPS in which continents are generally the U.S. the VPS, press Enter on the line directly If, enter asia, Enter.)

    MySQL root password, and then enter to set the input is complete, press Enter, and will display the following interface:

    If you need to install the InnoDB can enter y enter, do not need, then you can directly enter. Enter will display the following interface:

    Prompt “Press any key to start …”, press the Enter key to start the installation.
    LNMP script will automatically compile Nginx, MySQL, PHP, phpMyAdmin, Zend Optimizer installed several software.
    5, the installation is complete, the following interface the <br \> If:

    That have been installed successfully.

    If you see the following interface:

    The description is not installed successfully! ! Need to use winscp to lnmp0.9 directory under find lnmp.log, and downloaded to LNMP support forum posting indicate your system, 32-bit or 64-bit, and lnmp.log spread form as an attachment to a forum, we through logs to find the error, and feedback on the posts.

    Web Host Manager

    1, to add a virtual host, execute the following command: / root / vhost.sh prompted to enter the domain name to bind Enter, if you need to add more domain names, type y, and then enter additional binding domain, multiple The domain name can be separated by a space (Note: with www and without www different domain, with www and without www domain need to access the same site at the same time binding). Then enter the directory (absolute directory, such as / home / wwwroot / lnmp binding domain, if not filled by default is / home / wwwroot / binding domain, the directory does not necessarily have to be / home / wwwroot / if / data / below a lot of space can also fill in / data / www / lnmp the class.), and then choose whether to add a pseudo-static rule, default The already discuz discuzx, wordpress, sablog, emlog, dabr, the phpwind, wp2 (secondary directory wp pseudo-static), can directly enter the name of the above, if you need to add custom pseudo-static rules directly enter a desired name, the program will automatically create pseudo static files directly in the / usr / local / nginx / conf / pseudo-static custom name. conf which add a pseudo-static rules (Note: The finished adding the implementation of the / etc / init.d / nginx restart restart to take effect). Next will prompt the need to enable the log function, under normal circumstances do not need to start on the line directly input n For a start, enter y, then enter the name of the log file you want to define, and carriage returns will automatically add the virtual host.
    2, delete the virtual host, ssh execute: rm / usr / local / nginx / conf / vhost / domain name. Conf

    Install additional components

    (Note: Install the following components must in lnmp0.9 installation directory, that lnmp compression unpack cd lnmp0.9 / directory!, If you can not find do find /-name eaccelerator.sh find.)
    (Note: You need the following components are not necessarily your needs!) 1, the installation the PureFTPd and FTP management panel, execute the following command: your MySQL root password / pureftpd.sh When prompted, enter the password of the FTP user management panel, a MySQl The FTP database password (which can directly enter a password automatically generated) , press Enter, it will automatically install PureFTPd, suggesting installing PureFTPd perform http:// your domain name or IP / ftp / input before you set the password of the FTP user management panel, you can manage FTP browser.
    2, install eAccelerator, execute the following command:. / Eaccelerator.sh, follow the prompts to select the version, press Enter, and it will automatically install and restart the web service.
    Install ionCube, execute the following command:. / IonCube.sh press Enter, it will automatically install and restart the web service.
    The installation imageMagick, execute the following command:. / ImageMagick.sh press Enter, it will automatically install and restart the web service.
    5, install memcached, execute the following command: / memcached.sh press Enter, it will automatically install and restart the web service.

    Upgrade program

    Upgrade Nginx version, execute the following command: / upgrade_nginx.sh prompted nginx version number, such as 1.0.10, version number can from http://nginx.org/en/download.html get the. (Note: the upgrade process, MySQL, PHP-FPM will be suspended.)
    7 upgrade PHP version, execute the following command:. / Upgrade_php.sh prompted, enter your php version number, such as 5.3.6. (Note: some websites, such as shopex have compatibility issues, before the upgrade, make sure you use the program to support the 5.3 version upgrade process Nginx, MySQL, PHP-FPM will be suspended. 5.4 version of the case of the test yet test version, production environment, do not upgrade to 5.4. *.)

    State management

    LNMP state management: / root / lnmp {start | stop | reload | restart | the kill | status}
    Nginx state management :/ etc / init.d / nginx {start | stop | reload | restart}
    PHP-FPM state management :/ etc / init.d / php-fpm {start | stop | quit | restart | reload | logrotate}
    The PureFTPd state management: / etc / init.d / pureftpd {start | stop | restart | the kill | status}
    MySQL state management :/ etc / init.d / mysql {start | stop | restart | reload | force-reload | status}
    The Memcached state management :/ etc / init.d / memcached {start | stop | restart}

    The related graphics interface program

    phpinfo: http:// previously entered domain name or IP / phpinfo.php
    phpMyAdmin: http:// the front input the domain name or IP / phpmyadmin /
    The probe: http:// in front to enter the domain name or IP / p.php
    PureFTP management domain name or IP interface: http:// the front input / ftp /
    Memcached test page: http:// previously entered domain name or IP / memcached.php

    LNMP related directory

    nginx: / usr / local / nginx
    mysql: / usr / local / mysql
    php: / usr / local / php
    Site Directory: / home / wwwroot /
    Nginx log directory :/ home / wwwlogs /
    / Root / vhost.sh add virtual host configuration file directory where :/ usr / local / nginx / conf / vhost /

    LNMP configuration file

    Nginx main configuration file :/ usr / local / nginx / conf / nginx.conf
    Add the virtual host configuration file / root / vhost.sh :/ usr / local / nginx / conf / vhost / domain name. Conf
    MySQL configuration file :/ etc / my.cnf
    PHP configuration file :/ usr / local / php / etc / php.ini
    php-fpm configuration file :/ usr / local / php / etc / php-fpm.conf
    PureFtpd configuration file :/ usr / local / pureftpd / pure-ftpd.conf
    PureFtpd MySQL configuration file :/ usr / local / pureftpd / pureftpd-mysql.conf
    Note: LNMP a key installation package 0.9 & LNMPA in DiaHosting (thanks to provide testing the VPS) VPSYOU (thank provided to test the VPS), PhotonVPS (thank provided to test the VPS) VPSZZ , the Linode , XeHost Regal open source VPS , YardVPS , Hostigation test by , MyHost123 , ThrustVPS BuyVM , DirectSpace and many other U.S. VPS, CentOS, Debian, Ubuntu 32-bit and 64-bit systems. Small memory Do not use the 64-bit system (Debian5 system source is a problem, please use Debian6!)

    Posted in Uncategorized | Leave a comment

    How to set-up a VPS with nginx, PHP, mysql, phpMyAdmin, mail server, FTP, Webmin, Memcached and EAccelerator and then install WordPress

    Here I explain how to set up a VPS with the features above and install WordPress on Ubuntu 10.04 LTS. It is always best to use a LTS (Long Term Support) version of Ubuntu since then you get security updates for 5 years, instead of 18 months. I got my VPS from IntoVPS, with 1024 MB of burstable RAM (512 MB guaranteed), 30GB disk space and 500GB monthly traffic for 10$/month. The steps I take here worked for me on this server, but if you have any problems either leave a comment or post in the forum.

    1. Initial setup
    First we have to get the server ready. I am assuming you have already logged in using PuTTY as root. First update the package repositary listing:
    apt-get update
    Now install any updates:
    apt-get upgrade
    Just in case:
    apt-get install wget make
    Now were ready to install nginx.
    2. NGINX
    nginx (pronounced “engine-x”) is a lightweight, fast and powerful HTTP server. More information here. If you are having second thoughts about switching to nginx, let´s put it this way: I still consider switching from Apache to nginx the best thing I´ve ever done to this VPS, and I can personally testify that WordPress, phpMyAdmin, Roundcube webmail and Simple Machines Forum work perfectly with nginx.
    First we have to add the nginx repositary to the database, beacause at the time of writing the latest stable nginx is version 0.8.54 (Update: it is now 1.0.0), whereas the latest in the default Ubuntu repositary is 0.7. To add the repositary first we have to install python-software-properties:
    apt-get install python-software-properties
    Now add the repository:
    add-apt-repository ppa:nginx/stable
    Now update the database:
    apt-get update
    Now install nginx:
    apt-get install nginx
    We’ll configure it, and set up PHP5, in the next section.
    3. PHP
    If your planning to just serve static content from your server, you can stop here, or go on to set up the mail server. But if you´re going to install WordPress (or an other PHP application) then we have to install PHP.
    (Update: see an alternative (better) way of installing PHP here)
    First we install the PHP CGI and other components we may need:
    apt-get install php5 php5-cgi php5-sqlite php5-tidy php5-xmlrpc php5-xs php5-dev
    Now we have to create a PHP-FastCGI initialization script. Let´s first open the new file with nano:
    nano /etc/init.d/php-fastcgi
    Now paste the following code into the file (note: if you’re using PuTTY just copy this then right-click in the PuTTY window.) :

    1. #!/bin/bash
    2. BIND=127.0.0.1:9000
    3. USER=www-data
    4. PHP_FCGI_CHILDREN=6
    5. PHP_FCGI_MAX_REQUESTS=1000
    6. PHP_CGI=/usr/bin/php-cgi
    7. PHP_CGI_NAME=`basename $PHP_CGI`
    8. PHP_CGI_ARGS=“- USER=$USER PATH=/usr/bin PHP_FCGI_CHILDREN=$PHP_FCGI_CHILDREN PHP_FCGI_MAX_REQUESTS=$PHP_FCGI_MAX_REQUESTS $PHP_CGI -b $BIND”
    9. RETVAL=0
    10. start() {
    11. echo -n “Starting PHP FastCGI: “
    12. start-stop-daemon –quiet –start –background –chuid “$USER”exec /usr/bin/env$PHP_CGI_ARGS
    13. RETVAL=$?
    14. echo “$PHP_CGI_NAME.”
    15. }
    16. stop() {
    17. echo -n “Stopping PHP FastCGI: “
    18. killall -q –w -u $USER $PHP_CGI
    19. RETVAL=$?
    20. echo “$PHP_CGI_NAME.”
    21. }
    22. case “$1″ in
    23. start)
    24. start
    25. ;;
    26. stop)
    27. stop
    28. ;;
    29. restart)
    30. stop
    31. start
    32. ;;
    33. *)
    34. echo “Usage: php-fastcgi {start|stop|restart}”
    35. exit 1
    36. ;;
    37. esac
    38. exit $RETVAL

    Things you may want to change:

    • PHP_FCGI_CHILDREN on line 4: This is the number of worker processes that FastCGI spawns to handle PHP requests. The more connections per second your site recieves, the higher you should set this setting. Keep this in mind: Connections per second * Seconds it takes to generate the page = PHP_FCGI_CHILDREN. If you are running out of memory decrease this value.
    • PHP_FCGI_MAX_REQUESTS on line 5: This is the number of requests before the worker proces(es) are respawned (restarted). If you are having any problems with memory leaks, blank pages, etc., try decreasing this to 500.

    Now save the file (usualy by pressing CTRL+O) and exit nano. We now have to make this file executable:
    chmod +x /etc/init.d/php-fastcgi
    Now start the script:
    /etc/init.d/php-fastcgi start
    Now we have enable PHP in nginx. First open the config file:
    nano /etc/nginx/sites-available/default
    Now make the following changes:

    • On line 25, add index.php just before the semi-colon (;).
    • Change localhost on line 28 to your domain. If you do not have a domain name leave it as it is.
    • Uncomment the following lines:
    1. location ~ .php$ {
    2. fastcgi_pass 127.0.0.1:9000;
    3. fastcgi_index index.php;
    4. include fastcgi_params;
    5. }

    Your config file should now look like this:

    1. server {
    2. #listen 80; ## listen for ipv4; this line is default and implied
    3. #listen [::]:80 default ipv6only=on; ## listen for ipv6
    4. # Document root:
    5. root /usr/share/nginx/www;
    6. index index.html index.htm index.php;
    7. # Make site accessible from your-site.com and http://www.your-site.com (change to your domain name)
    8. server_name your-site.com http://www.your-site.com;
    9. location / {
    10. # First attempt to serve request as file, then
    11. # as directory, then fall back to index.html
    12. try_files $uri $uri/ /index.html;
    13. }
    14. location /doc {
    15. root /usr/share;
    16. autoindex on;
    17. allow 127.0.0.1;
    18. deny all;
    19. }
    20. location /images {
    21. root /usr/share;
    22. autoindex off;
    23. }
    24. #error_page 404 /404.html;
    25. # redirect server error pages to the static page /50x.html
    26. #
    27. #error_page 500 502 503 504 /50x.html;
    28. #location = /50x.html {
    29. # root /usr/share/nginx/www;
    30. #}
    31. # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    32. #
    33. #location ~ .php$ {
    34. # proxy_pass http://127.0.0.1;
    35. #}
    36. # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    37. #
    38. location ~ .php$ {
    39. fastcgi_pass 127.0.0.1:9000;
    40. fastcgi_index index.php;
    41. include fastcgi_params;
    42. }
    43. # deny access to .htaccess files, if Apache’s document root
    44. # concurs with nginx’s one
    45. #
    46. #location ~ /.ht {
    47. #deny all;
    48. #}
    49. }

    Don’t forget to read the file to make shure everything is set up right.
    Now restart nginx:
    /etc/init.d/nginx restart
    Now it´s time to create a test script:
    nano /usr/share/nginx/www/test.php
    Inside, insert the following:
    <?php phpinfo() ?>
    And save the file. Now go to your-site.com/test.php in your web browser. You should see a page with your PHP configuration information. We are now ready to install MySQL!
    4. MySQL
    Type:
    apt-get install mysql-server mysql-client php5-mysql
    And follow the instructions that appear on-screen. Now restart the PHP server:
    /etc/init.d/php-fastcgi restart
    Now it´s time to install phpMyAdmin
    5. phpMyAdmin
    phpMyAdmin is a browser-based MySQL database manager writen in PHP. First let´s install it:
    apt-get install phpmyadmin
    If the installer asks you what HTTP server to configure for, press enter without answering.
    Now we have to be able to access phpMyAdmin through phpmyadmin.your-site.com. First create a new config file:
    nano /etc/nginx/sites-available/phpmyadmin
    And inside insert the following (don´t forget the right-click method):

    1. server {
    2. #listen 80; ## listen for ipv4; this line is default and implied
    3. #listen [::]:80 default ipv6only=on; ## listen for ipv6
    4. root /usr/share/phpmyadmin;
    5. index index.php index.html index.htm;
    6. # Make site accessible from http://localhost/
    7. server_name phpmyadmin.your-site.com;
    8. location / {
    9. # First attempt to serve request as file, then
    10. # as directory, then fall back to index.html
    11. try_files $uri $uri/ /index.html;
    12. }
    13. location /doc {
    14. root /usr/share;
    15. autoindex on;
    16. allow 127.0.0.1;
    17. deny all;
    18. }
    19. location /images {
    20. root /usr/share;
    21. autoindex off;
    22. }
    23. #error_page 404 /404.html;
    24. # redirect server error pages to the static page /50x.html
    25. #
    26. #error_page 500 502 503 504 /50x.html;
    27. #location = /50x.html {
    28. # root /usr/share/nginx/www;
    29. #}
    30. # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    31. #
    32. #location ~ .php$ {
    33. # proxy_pass http://127.0.0.1;
    34. #}
    35. # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    36. #
    37. location ~ .php$ {
    38. fastcgi_pass 127.0.0.1:9000;
    39. fastcgi_index index.php;
    40. include fastcgi_params;
    41. }
    42. # deny access to .htaccess files, if Apache’s document root
    43. # concurs with nginx’s one
    44. #
    45. #location ~ /.ht {
    46. # deny all;
    47. #}
    48. }

    Change your-site.com on line 9 to your domain name. Don´t forget to set up the DNS record!!!
    Now we have to enable this configuration using the following command:
    ln -s /etc/nginx/sites-available/phpmyadmin /etc/nginx/sites-enabled/phpmyadmin
    Now restart nginx and your done. Go to phpmyadmin.your-site.com in your web-browser and login with the username and password you specified in the MySQL installer (not the phpMyAdmin one).
    6. Email server
    Now it´s time to set up a Mail Transport Agent (MTA), in this case, Postfix; and a POP3/IMAP server, Dovecot, so we can read the mail. (Note: If your planning to use Google Apps for email, or not use your own email at all, you can skip this step.
    First let´s install Postfix:
    apt-get install postfix postfix-tls libsasl2-2 sasl2-bin libsasl2-modules popa3d
    Follow the insructions on-screen until the installation completes. We´ll configure Postfix later. Now let´s install Dovecot:
    apt-get install dovecot-imapd dovecot-pop3d dovecot-common
    Open the config file:
    nano /etc/dovecot/dovecot.conf
    Find the following settings (using the CTRL+W function) and make shure they are set as below (uncomment if necesary):
    protocols = imap pop3
    ssl = no
    mail_location = mbox:~/mail:INBOX=/var/mail/%u
    pop3_uidl_format = %08Xu%08Xv
    disable_plaintext_auth = no
    Now replace this:
    auth default {
    With this:
    auth default2 {
    And just before that line add:

    1. auth default {
    2. mechanisms = plain login
    3. passdb pam {
    4. }
    5. userdb passwd {
    6. }
    7. socket listen {
    8. client {
    9. path = /var/spool/postfix/private/auth
    10. mode = 0660
    11. user = postfix
    12. group = postfix
    13. }
    14. }
    15. }

    Now enter the Postfix config file:
    nano /etc/postfix/main.cf
    And insert at the end:

    1. smtpd_sasl_auth_enable = yes
    2. smtpd_sasl_local_domain = your-site.com
    3. smtpd_recipient_restrictions = permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination
    4. smtpd_sasl_security_options = noanonymous

    Replacing your-site.com with your domain name.
    Now add a new user to recieve and send email (If new user is joe then email address will be joe@your-site.com. Create as many users as you want):
    adduser username
    Now restart all components of the mail server:

    1. /etc/init.d/saslauthd restart
    2. /etc/init.d/postfix restart
    3. /etc/init.d/dovecot restart

    Now you can access your email through your email client, or through any webmail package. I recomend Roundcube webmail, since it is easy to set up and use, stylish and works great with nginx!
    7. FTP server
    I use vsftpd (Very Secure File Transfer Protocol Daemon) beacause it´s lightning fast and very easy to set up. First let´s install it:
    apt-get install vsftpd
    Now let´s edit the config file:
    nano /etc/vsftpd.conf
    Replace the entire contents with:

    1. # Run standalone? vsftpd can run either from an inetd or as a standalone
    2. # daemon started from an initscript.
    3. listen=YES
    4. #
    5. # Run standalone with IPv6?
    6. # Like the listen parameter, except vsftpd will listen on an IPv6 socket
    7. # instead of an IPv4 one. This parameter and the listen parameter are mutually
    8. # exclusive.
    9. #listen_ipv6=YES
    10. #
    11. # Allow anonymous FTP? (Disabled by default)
    12. anonymous_enable=NO
    13. #
    14. # Uncomment this to allow local users to log in.
    15. local_enable=YES
    16. #
    17. # Uncomment this to enable any form of FTP write command.
    18. write_enable=YES
    19. #
    20. # Default umask for local users is 077. You may wish to change this to 022,
    21. # if your users expect that (022 is used by most other ftpd’s)
    22. #local_umask=022
    23. #
    24. # Uncomment this to allow the anonymous FTP user to upload files. This only
    25. # has an effect if the above global write enable is activated. Also, you will
    26. # obviously need to create a directory writable by the FTP user.
    27. #anon_upload_enable=YES
    28. #
    29. # Uncomment this if you want the anonymous FTP user to be able to create
    30. # new directories.
    31. #anon_mkdir_write_enable=YES
    32. #
    33. # Activate directory messages – messages given to remote users when they
    34. # go into a certain directory.
    35. dirmessage_enable=YES
    36. #
    37. force_dot_files=YES
    38. # If enabled, vsftpd will display directory listings with the time
    39. # in your local time zone. The default is to display GMT. The
    40. # times returned by the MDTM FTP command are also affected by this
    41. # option.
    42. use_localtime=YES
    43. #
    44. # Activate logging of uploads/downloads.
    45. xferlog_enable=YES
    46. #
    47. # Make sure PORT transfer connections originate from port 20 (ftp-data).
    48. connect_from_port_20=YES
    49. #
    50. # If you want, you can arrange for uploaded anonymous files to be owned by
    51. # a different user. Note! Using “root” for uploaded files is not
    52. # recommended!
    53. #chown_uploads=YES
    54. #chown_username=whoever
    55. #
    56. # You may override where the log file goes if you like. The default is shown
    57. # below.
    58. #xferlog_file=/var/log/vsftpd.log
    59. #
    60. # If you want, you can have your log file in standard ftpd xferlog format.
    61. # Note that the default log file location is /var/log/xferlog in this case.
    62. #xferlog_std_format=YES
    63. #
    64. # You may change the default value for timing out an idle session.
    65. idle_session_timeout=900
    66. #
    67. # You may change the default value for timing out a data connection.
    68. #data_connection_timeout=120
    69. #
    70. # It is recommended that you define on your system a unique user which the
    71. # ftp server can use as a totally isolated and unprivileged user.
    72. #nopriv_user=ftpsecure
    73. #
    74. # Enable this and the server will recognise asynchronous ABOR requests. Not
    75. # recommended for security (the code is non-trivial). Not enabling it,
    76. # however, may confuse older FTP clients.
    77. #async_abor_enable=YES
    78. #
    79. # By default the server will pretend to allow ASCII mode but in fact ignore
    80. # the request. Turn on the below options to have the server actually do ASCII
    81. # mangling on files when in ASCII mode.
    82. # Beware that on some FTP servers, ASCII support allows a denial of service
    83. # attack (DoS) via the command “SIZE /big/file” in ASCII mode. vsftpd
    84. # predicted this attack and has always been safe, reporting the size of the
    85. # raw file.
    86. # ASCII mangling is a horrible feature of the protocol.
    87. #ascii_upload_enable=YES
    88. #ascii_download_enable=YES
    89. #
    90. # You may fully customise the login banner string:
    91. ftpd_banner=Your welcome message
    92. #
    93. # You may specify a file of disallowed anonymous e-mail addresses. Apparently
    94. # useful for combatting certain DoS attacks.
    95. #deny_email_enable=YES
    96. # (default follows)
    97. #banned_email_file=/etc/vsftpd.banned_emails
    98. #
    99. # You may restrict local users to their home directories. See the FAQ for
    100. # the possible risks in this before using chroot_local_user or
    101. # chroot_list_enable below.
    102. #chroot_local_user=YES
    103. #
    104. # You may specify an explicit list of local users to chroot() to their home
    105. # directory. If chroot_local_user is YES, then this list becomes a list of
    106. # users to NOT chroot().
    107. #chroot_local_user=YES
    108. #chroot_list_enable=YES
    109. # (default follows)
    110. #chroot_list_file=/etc/vsftpd.chroot_list
    111. #
    112. # You may activate the “-R” option to the builtin ls. This is disabled by
    113. # default to avoid remote users being able to cause excessive I/O on large
    114. # sites. However, some broken FTP clients such as “ncftp” and “mirror” assume
    115. # the presence of the “-R” option, so there is a strong case for enabling it.
    116. #ls_recurse_enable=YES
    117. #
    118. # Debian customization
    119. #
    120. # Some of vsftpd’s settings don’t fit the Debian filesystem layout by
    121. # default. These settings are more Debian-friendly.
    122. #
    123. # This option should be the name of a directory which is empty. Also, the
    124. # directory should not be writable by the ftp user. This directory is used
    125. # as a secure chroot() jail at times vsftpd does not require filesystem
    126. # access.
    127. secure_chroot_dir=/var/run/vsftpd/empty
    128. #
    129. # This string is the name of the PAM service vsftpd will use.
    130. pam_service_name=vsftpd
    131. #
    132. pasv_min_port=44950
    133. pasv_max_port=45000
    134. # This option specifies the location of the RSA certificate to use for SSL
    135. # encrypted connections.
    136. #rsa_cert_file=/etc/ssl/private/vsftpd.pem

    Things to change:

    • On line 91, type your welcome message.
    • On lines 132 and 133 are the minimum and maximum ports passive connections. You´ll need them if you install a firewall later. Change them to any unspecified port range (see what ports are unspecified here).

    Now restart vsftpd:
    restart vsftpd
    You can now login to your server using FTP (using the user account you created before. Root logins will not work.)
    8. Webmin
    Webmin is a server control panel similar to cPanel and Plesk, but it is free. First get the download path for the latest .tar.gz version here. Then download and install it on your server:

    1. tar xzf webmin-x.x.x.tar.gz
    2. cd /webmin
    3. ./setup.sh

    After setup is complete go to your-site.com:10000 and login with the username and password you specified during the installation.
    9.Things to set-up before continuing
    Now is a good time to do certain tasks that should be performed.
    First, I recommend, as a security precaution, to change the SSH port using Webmin (Servers > SSH server > Networking). Don´t forget to click apply changes after changing the port number, or to update the port number in the PuTTY configuration window.
    We also have to add the user you use to make FTP connections to the www-data group, so that there isn´t any permission errors when we install WordPress. First go to System > Users and Groups and select the user account you use to make your FTP connections. Go to the Group membership section and set Primary Group to www-data. Now go to Secondary groups and add the group with the same name as the user account. Also add the sudo group if you want this user account to be able to use the sudo command. Now set Change group ID on files? to All files.

    Group settingsSettings should look like this

    Now click save. Do this to all user accounts you use to upload files via FTP. So now nginx has group access to your users files (In other words, permission 774 means full permissions for owner, full permissions for nginx (and therefore WordPress, etc…) and read permissions for everybody else. We do this so the server can modify files when we use things like WordPress. Now go to the SSH terminal and type:
    chown -R username /usr/share/nginx/www
    Replacing username with the user you´ve just added to the www-data group.
    We`re now ready to set up Memcached
    10. Memcached
    Memcached is a general-purpose distributed memory caching system. It is very easy to install. Just type:
    apt-get install memcached php5-memcached
    And you´re done! Instructions on how to integrate it into WordPress here.

    11. EAccelerator
    EAccelerator is a caching extension for PHP that stores PHP scripts in their compiled state in shared memory.
    First, we need to download the latest version of EAccelerator:
    wget http://bart.eaccelerator.net/source/0.9.6.1/eaccelerator-0.9.6.1.tar.bz2
    Now let´s compile and install it:

    1. tar xvjf eaccelerator-0.9.6.1.tar.bz2
    2. cd eaccelerator-0.9.6.1
    3. phpize
    4. ./configure –enable-eaccelerator=shared
    5. make
    6. make install

    Now we have to enable it in the php.ini file. Open the php.ini file:
    nano /etc/php5/cgi/php.ini
    And insert this just after (PHP)

    1. zend_extension = “/usr/lib/php5/20090626/eaccelerator.so”
    2. eaccelerator.shm_size = “32″
    3. eaccelerator.cache_dir = “/var/cache/eaccelerator”
    4. eaccelerator.enable = “1″
    5. eaccelerator.optimizer = “1″
    6. eaccelerator.check_mtime = “1″
    7. eaccelerator.debug = “0″
    8. eaccelerator.filter = “”
    9. eaccelerator.shm_max = “0″
    10. eaccelerator.shm_ttl = “0″
    11. eaccelerator.shm_prune_period = “0″
    12. eaccelerator.shm_only = “0″
    13. eaccelerator.compress = “1″
    14. eaccelerator.compress_level = “9″
    15. eaccelerator.allowed_admin_path = “/usr/share/nginx/www/eaccelerator/control.php”

    Now restart PHP:
    /etc/init.d/php-fastcgi restart
    Now we´ll enable the EAccelerator control panel:

    1. mkdir /usr/share/nginx/www/eaccelerator
    2. mv control.php /usr/share/nginx/www/eaccelerator
    3. chmod 644 /usr/share/nginx/www/eaccelerator/control.php
    4. nano /usr/share/nginx/www/eaccelerator/control.php

    Now find the $user and $pw settings and change them to a username and password.
    12. And finally… WordPress
    We are now ready to install WordPress. First we´ll configure nginx so pretty permalinks work. Open the config file:
    nano /etc/nginx/sites-available/default
    Now find:

    1. location / {
    2. # First attempt to serve request as file, then
    3. # as directory, then fall back to index.html
    4. try_files $uri $uri/ /index.html;

    And just after that (before the }) add:

    1. if (!-e $request_filename) {
    2. rewrite ^(.+)$ /index.php?q=$1 last;
    3. }

    This will enable pretty permalinks. While we´re here we might as well block access to the wp-config.php file. Just before:
    location /doc {
    Add:

    1. location /wp-config.php {
    2. deny all;
    3. }

    And also block access to the .htaccess files that come with some WordPress plugins (while we´re on the subject, .htaccess files don´t work with nginx, instead you use location blocks in the config file, as you´ve probably already figured out). Uncomment the following lines:

    1. location ~ /.ht {
    2. deny all;
    3. }

    Now restart nginx:
    /etc/init.d/nginx restart
    Now we´re ready to install WordPress. Make shure you are logged in using the user account you added to the www-data group in step 9 (following this procedure wil install it in the root of your site):

    1. cd /usr/share/nginx/www
    2. tar xzf latest.tar.gz
    3. cd wordpress
    4. mv * ..
    5. rm -rf wordpress
    6. chmod -R 755 /usr/share/nginx/www
    7. chmod -R 775 wp-content
    8. chmod 664 wp-config.php

    Now login to phpMyAdmin, click on the permisions tab and create a new user account and database for WordPress. Then go to your-site.com/wp-admin/install.php and complete WordPress´famous 5-minute install.
    After installing go to SSH and type
    chmod 640 /usr/share/nginx/www/wp-config.php
    And you´re done! By following this tutorial you have (hopefully) gone from a blank box to a sophisticatedly set-up VPS capable of handling almost anything. I hope that this tutorial is both accurate and easy to understand. If you have any problems please leave a comment below.

    Posted in Uncategorized | 2 Comments

    How to set up a Pirate Bay proxy 

    Looking for a list of working proxies? See http://about.piratereverse.info/proxy/list.html – updated daily!

    Background

    This article will be explaining how to set up your own pirate bay proxy, as some ISPs in the UK have been ordered to block it by the High Court. In addition to this we will also be explaining how it is a good and low cost investment with a great outcome – we must fight censorship, we cannot let this continue.
    For most of the article we’ll be using a web server called nginx. It has been tested on Red Hat based and Debian based distributions but it works on pretty much all UNIX-based systems. Your server should not have anything else running on port 80 though, and of course it needs sufficient bandwidth. Don’t use a precompiled binary from your distributions repos though as it will not have all the required modules. You can get good value VPS servers for next to nothing these days that will be more than capable of running it, ours costs less than £5 per month.
    There is also a PHP script that proxies The Pirate Bay that has been designed specifically for this, and can be used on web hosting packages (i.e. does not require a server dedicated to it). If you are planning on doing this, make sure you aren’t violating any terms of service that your provider has.
    These guides were created in the spirit of The Hydra Bay. In ancient Greek mythology, the Hydra was a serpent that possessed many heads. Herakles was sent to destroy it as one of his twelve labours, but for each of the heads that he decapitated, two more grew. In a sense this is what we are trying to achive; ISPs block The Pirate Bay, and many more proxies appear.

    Preconfigured Windows nginx proxy

    We have preconfigured nginx for Windows into a Pirate Bay proxy. Just download it, run start.bat and configure your router and you have a fully functional proxy that you can share.
    Download v1.0 based on nginx/1.2.0
    This will only work if your ISP has not blocked The Pirate Bay, if they have then your proxy will be serving their block page rather than the actual Pirate Bay site. If your ISP has blocked it and you need to access The Pirate Bay, use https://piratereverse.info instead, or check out this list of proxies.
    Once the software is running you will need to forward port 80 on your router or firewall to the IP of the computer with nginx. This guide about Apache will help as it uses the same port. You will also need to open nginx.conf in the conf directory and change where it says 127.0.0.1 to your external IP address or hostname. If you don’t have a static IP address, use a service like no-ip.com to get a free hostname and dynamic DNS.

    Guide for nginx proxy on linux

    1. Once you’ve got your server set up and online you’ll want to get nginx installed. Install the dependencies first, this is for a Red Hat based system.

    yum install pcre-devel zlib-devel openssl-devel gcc make subversion

    If you’re using a Debian based operating system you should use this.

    apt-get install libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl gcc make subversion

    2. Download the source. Latest version is 1.2.0 as of 04/05/2012.

    3. Download the substitutions4nginx source using subversion.

    svn checkout http://substitutions4nginx.googlecode.com/svn/trunk/ substitutions4nginx-read-only

    4. Extract the source.

    tar xzvf nginx-1.2.0.tar.gz
    cd nginx-1.2.0

    5. Get ready to compile by configuring. Leave out –with-http_ssl_module if you aren’t planning on using SSL. Change the path of the substitutions4nginx-read-only directory to where you’ve downloaded it to. If you haven’t changed the path and are logged in as root it’ll probably be /root/substitutions4nginx-read-only/

    ./configure --with-http_ssl_module --add-module=/path/to/substitutions4nginx-read-only

    6. Compile it. It’ll be installed to /usr/local/nginx/ by default.

    make
    make install

    7. Test nginx is working by starting it then typing in your server IP in your web browser. You should see the “Welcome to nginx!” message.

    cd /usr/local/nginx/
    ./sbin/nginx

    8. If its working, we’ll stop it so we can configure it. If you can’t connect to it, make sure there isn’t a firewall blocking it. For testing, see this shell script. You should configure iptables properly later but its not something in the scope of this article, instead see here.

    ./sbin/nginx -s stop

    9. Rename the default config file so we’ve got a copy just in case something isn’t quite right.

    cd conf
    mv nginx.conf nginx.conf-backup

    10. Download this non-SSL config and open it. Have a look at it here online first if you’re unsure.

    If you are using SSL, download this config and open it. Have a look at it here online first if you’re unsure. This is for SSL.

    wget http://about.piratereverse.info/proxy/nginx-ssl.conf
    mv nginx-ssl.conf nginx.conf
    vi nginx.conf

    11. If you aren’t using SSL the only thing you should consider changing is the subs_filters, or you can remove them. They perform a find and replace. If you are using SSL change the paths of the SSL certificates as appropriate and edit the server_name so it is relevant.

    12. Make the cache directory. By caching we’ll be taking the stress off The Pirate Bay’s servers and speeding up delivery of our site. If you changed the cache path above then make sure its the same here too.

    mkdir /usr/local/nginx/cache

    13. Test your config works by starting nginx. If there isn’t any output then its started. If you get [emerg] errors, something needs changing. Usually the output will point you in the right direction. If you can’t figure it out, try searching the internet as there are a lot of resources – otherwise email with as much detail as possible.

    ./usr/local/nginx/sbin/nginx

    14. If it works, try it out. You’ve completed it. We recommend installing Webmin too, so you can see the error logs in the browser and manage the server with ease. If you are hosting this as a public proxy then see this section on contacting us as we are maintaining a list of known proxies.

    Guide for nginx proxy on Mac OS X

    One of the advantages with nginx is that it works on a Mac too. This guide will explain how to configure it. You’ll need to have Xcode installed, but that is free from Apple.
    1. Configure the dependencies by going to the Terminal (Applications > Utilities) and paste in the following. If it does not work, paste it in each line at a time (note that the long URL on the first line wraps over onto the second, but it should be treated as a single line).

    sudo curl -OL h ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/pcre-8.30.tar.gz > /usr/local/src/pcre-8.30.tar.gz
    sudo mkdir -p /usr/local/src
    cd /usr/local/src
    tar xvzf pcre-8.30.tar.gz
    cd pcre-8.30
    ./configure --prefix=/usr/local
    make
    sudo make install
    cd

    2. Download nginx source and untar it.

    sudo curl -OL h http://nginx.org/download/nginx-1.2.0.tar.gz > /usr/local/src/nginx-1.2.0.tar.gz
    tar xvzf /usr/local/src/nginx-1.2.0.tar.gz

    3. Download the substitutions4nginx source using subversion.

    cd /usr/local/src/
    svn checkout http://substitutions4nginx.googlecode.com/svn/trunk/ substitutions4nginx-read-only

    4. Get ready to compile by configuring. Leave out –with-http_ssl_module if you aren’t planning on using SSL. Change the path of the substitutions4nginx-read-only directory to where you’ve downloaded it to.

    cd nginx-1.2.0
    ./configure --with-http_ssl_module --add-module=/path/to/substitutions4nginx-read-only

    5. Compile it. It’ll be installed to /usr/local/sbin/ by default.

    make
    sudo make install

    6. Test nginx is working by starting it then typing in your server IP in your web browser. You should see the “Welcome to nginx!” message.

    sudo /usr/local/sbin/nginx

    7. If its working, we’ll stop it so we can configure it. If there are any problems, try installing it again using this guide but make sure you include the “–add-module=/path/to/substitutions4nginx-read-only” parameter to ./compile

    sudo /usr/local/sbin/nginx -s stop

    8. Rename the default config file so we’ve got a copy just in case something isn’t quite right.

    cd /usr/local/conf/
    mv nginx.conf nginx.conf-backup

    9. Download this non-SSL config and open it. Have a look at it here online first if you’re unsure.

    If you are using SSL, download this config and open it. Have a look at it here online first if you’re unsure. This is for SSL.

    wget http://about.piratereverse.info/proxy/nginx-ssl.conf
    mv nginx-ssl.conf nginx.conf
    vi nginx.conf

    10. If you aren’t using SSL the only thing you should consider changing is the subs_filters, or you can remove them. They perform a find and replace. If you are using SSL change the paths of the SSL certificates as appropriate and edit the server_name so it is relevant.

    11. Test your config works by starting nginx. If you get [emerg] errors, something needs changing. Usually the output will point you in the right direction. If you can’t figure it out, try searching the internet as there are a lot of resources – otherwise email with as much detail as possible.

    sudo /usr/local/sbin/nginx

    12. Installation is complete, try it out. If you are hosting this as a public proxy then see this section on contacting us as we are maintaining a list of known proxies.

    PHP script

    This PHP script is a proxy designed specifically for providing access to The Pirate Bay. A great solution if you do not have a server that you can dedicate to the task. It was developed by UnblockedPirateBay.com and requires at least PHP5 and cURL. Just unzip it and upload it to your web server.
    Download latest
    The cookies.txt file should be chmod 755/777. There is no additional configuration required however in the file configurationfile.php there are some options you can change, such as the page title.

    Tips for running a successful proxy

    Do the following:

    • ensure your proxy is fast
    • ensure it is easily accessible, i.e. no complicated domains!
    • ensure it is available 24/7 – proxies that no longer work are removed from the list!

    Don’t do the following:

    • interfere with TPB’s content
    • charge for access – you’ll get blacklisted by TPB and your proxy will stop working!
    • insert many of your own ads
    • show any pages before TPB’s homepage
    • use an open web proxy such as Glype or PHProxy
    • save POST data of any kind

    Unfortunately some rouge sites have appeared, which is unacceptable and disappointing that people feel the need to abuse the situation. Any sites found to be in the best interest of the operators and not the visitors will be reported to The Pirate Bay so they can be dealt with! Find out more at http://torrentfreak.com/pirate-bay-slaps-pathetic-proxies-and-scammy-copies-120507/

    Submit your site

    Once you have created your site, we would appreciate it if you would share it with us by emailing nospam@piratereverse.info – this is so we can all build up a list of proxies. Our list is at http://about.piratereverse.info/proxy/list.html and will be shared on The Pirate Bay’s Facebook wall.

    Help

    If anyone has any questions or suggestions please email nospam@piratereverse.info and we’ll be happy to try and help. If we get a lot of similar questions we’ll add a FAQ section here.
    Likewise if anyone has any improvements to make the process easier then please submit them at the above email address. We’re also looking for any alternative methods of creating proxies, so if you have wrote some code or are making a guide, let us know and we’ll post it here. It is important we can get as many Pirate Bay proxies up as possible, that is what The Hydra Bay is all about.

    Spread the word

    Please let people know about this – the more proxies that work properly the better. If you use Twitter follow us, we are @piratereverse. Post about it, include the hashtag #thehydrabay. Let’s see if we can get this trending! If you are able to donate, please do so below using flattr so we can keep providing a fast and reliable service with continually updated information. If you’d like to donate via PayPal, that is fine just send us an email and we’ll discuss from there. You can donate via BitCoin too, our address is 1BsHaQccToKwN7LEr6kqVjPtZKxNu84SDg. All donations are very much appreciated, no matter how little you are able to send us. It is the only way we are able to keep the proxy going.

    Posted in Uncategorized | Leave a comment

    Posted in Uncategorized | Leave a comment

    How to Install Linux, nginx, MySQL, PHP (LEMP) stack on CentOS 6

    About Lemp


    LEMP stack is a group of open source software to get web servers up and running. The acronym stands for Linux, nginx (pronounced Engine x), MySQL, and PHP. Since the server is already running CentOS, the linux part is taken care of. Here is how to install the rest.

    Step One—Install the Required Repositories


    We will be installing all of the required software with Yum. However, because neither nginx nor php-fpm are available straight from CentOS, we need to download two extra repositories first.

    sudo rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
    sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

    Step Two—Install MySQL


    The next step is to begin installing the server software, starting with MySQL and dependancies.

     sudo yum install mysql mysql-server

    Once the download is complete, restart MySQL:

    sudo /etc/init.d/mysqld restart

    You can do some configuration of MySQL with this command:

    sudo /usr/bin/mysql_secure_installation

    The prompt will ask you for your current root password.

    Since you just installed MySQL, you most likely won’t have one, so leave it blank by pressing enter.

    Enter current password for root (enter for none): 
    OK, successfully used password, moving on...

    Then the prompt will ask you if you want to set a root password. Go ahead and choose Y and follow the instructions.

    CentOS automates the process of setting up MySQL, asking you a series of yes or no questions.

    It’s easiest just to say Yes to all the options. At the end, MySQL will reload and implement the changes.

    By default, a MySQL installation has an anonymous user, allowing anyone
    to log into MySQL without having to have a user account created for
    them. This is intended only for testing, and to make the installation
    go a bit smoother. You should remove them before moving into a
    production environment.

    Remove anonymous users? [Y/n] y
    ... Success!

    Normally, root should only be allowed to connect from 'localhost'. This
    ensures that someone cannot guess at the root password from the network.

    Disallow root login remotely? [Y/n] y
    ... Success!

    By default, MySQL comes with a database named 'test' that anyone can
    access. This is also intended only for testing, and should be removed
    before moving into a production environment.

    Remove test database and access to it? [Y/n] y
    - Dropping test database...
    ... Success!
    - Removing privileges on test database...
    ... Success!

    Reloading the privilege tables will ensure that all changes made so far
    will take effect immediately.

    Reload privilege tables now? [Y/n] y
    ... Success!

    Cleaning up...

    All done! If you've completed all of the above steps, your MySQL
    installation should now be secure.

    Thanks for using MySQL!

    Step Three—Install nginx


    As with MySQL, we will install nginx using yum:

    sudo yum install nginx

    nginx does not start on its own. To get nginx running, type:

    sudo /etc/init.d/nginx start

    You can confirm that nginx has installed on your web server by directing your browser to your IP address. You can run the following command to reveal your server’s IP address.

    ifconfig eth0 | grep inet | awk '{ print $2 }'

    Step Four—Install PHP


    The php-fpm package is located within the REMI repository, which, at this point, is disabled. The first thing we need to do is enable the REMI repository and install php and php-fpm:

    sudo yum --enablerepo=remi install php php-fpm php-mysql

    Then start php-fpm up.

    sudo service php-fpm start

    Step Five—Configure php


    We need to make one small change in the php configuration.Open up php.ini:

     sudo vi /etc/php.ini

    Find the line, cgi.fix_pathinfo=1, and change the 1 to 0.

    cgi.fix_pathinfo=0

    If this number is kept as a 1, the php interpreter will do its best to process the file that is as near to the requested file as possible. This is a possible security risk. If this number is set to 0, conversely, the interpreter will only process the exact file path—a much safer alternative. Save and Exit.

    Restart php-fpm:

    sudo service php-fpm restart

    Step Six—Configure nginx


    Open up the default nginx config file:

    sudo vi /etc/nginx/nginx.conf

    Raise the number of worker processes to 4 then save and exit that file.

    Now we should configure the nginx virtual hosts. In order to make the default nginx file more concise, the virtual host details are in a different location.

    sudo vi /etc/nginx/conf.d/*.conf

    The configuration should include the changes below (the details of the changes are under the config information):

    #
    # The default server
    #
    server {
    listen 80;
    server_name _;

    #charset koi8-r;

    #access_log logs/host.access.log main;

    location / {
    root /usr/share/nginx/html;
    index index.php index.html index.htm;
    }

    error_page 404 /404.html;
    location = /404.html {
    root /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root /usr/share/nginx/html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    root /usr/share/nginx/html;
    fastcgi_pass 127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include fastcgi_params;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    # deny all;
    #}
    }

    Here are the details of the changes:

    • Add index.php within the index line.
    • Change the root to /usr/share/nginx/html;
    • Uncomment the section beginning with “location ~ \.php$ {“,
    • Change the root to access the actual document root, /usr/share/nginx/html;
    • Change the fastcgi_param line to help the PHP interpreter find the PHP script that we stored in the document root home.

    Save and Exit

    Step Seven—RESULTS: Create a php info page


    Although LEMP is installed, we can still take a look and see the components online by creating a quick php info page

    To set this up, first create a new file:

    sudo vi /usr/share/nginx/html/info.php

    Add in the following line:

    <?php
    phpinfo();
    ?>

    Then Save and Exit.

    Restart apache so that all of the changes take effect:

    sudo service nginx restart

    Finish up by visiting your php info page (make sure you replace the example ip address with your correct one): http://12.34.56.789/info.php

    It should look similar to this.

    Step Eight—Set Up Autostart


    You are almost done. The last step is to set all of the newly installed programs to automatically begin when the server boots.

    sudo chkconfig --levels 235 mysqld on
    sudo chkconfig --levels 235 nginx on
    sudo chkconfig --levels 235 php-fpm on
    Posted in Uncategorized | Leave a comment

    $(document).ready(function(){ //DROPDOWN MENU INIT ddsmoothmenu.init({ mainmenuid: “topMenu”, //menu DIV id orientation: ‘h’, //Horizontal or vertical menu: Set to “h” or “v” classname: ‘ddsmoothmenu’, //class added to menu’s outer DIV //customtheme: [“#1c5a80”, “#18374a”], contentsource: “markup” //”markup” or [“container_id”, “path_to_menu_file”] }); // PRETTY PHOTO INIT $(“a[rel^=’prettyPhoto’]”).prettyPhoto(); }); External Proxy Server for Mikrotik – fazar.net
    /* */ /* */

    External Proxy Server for Mikrotik

    Mikrotik routerboard has a built-in proxy in it, but it has main constraint : very limited storage capacity. Therefore, most network administrators whom using mikrotik will use an external proxy to overcome this constraint. Here you can found an easy ways to implementing external proxy server for Mikrotik.
    Squid is the most widely used proxy daemon for linux (including its derivative such as lusca). Some several advantages in the implementation of external proxy are :
    • Easy to adjust the configuration to suite your needs
    • The use of access control lists (ACLs) that can be used for specific purposes
    • Squid (especially version 2.7) can be “armed” with a url redirector. In some condition, url redirector can be used to force squid to cache dynamic content (such as Youtube videos).
    • Greater storage capacity as the general computer or server use the harddisk as data storage.
    In this post, I’ll describe how to integrate external proxy with mikrotik using 2 methods : using NAT or using mangle.
    Annotation :
    1. Mikrotik to proxy IP address : 192.168.90.1
    2. Proxy to Mikrotik IP address : 192.168.90.2
    3. Clients IP address : 192.168.1.0/24
    First method : Using NAT
    We can used Mikrotik built in NAT to forward HTTP request (port 80) from clients to external proxy.
    Explanation :
    First, we define IP address class for proxy server.
    /ip firewall address-list
    add address=192.168.90.0/24 list=ip-proxy
    Then add new rule on NAT to forward http request to external proxy.
    /ip firewall nat
    add action=dst-nat chain=dstnat comment=”transparent proxy” dst-port=80 protocol=tcp src-address-list=!ip-proxy to-addresses=192.168.90.2 to-ports=3128
    Second method : Using built-in mangle
    Another method to forward http requests from clients is using mangle by adding new route. This method will work if external proxy able to act as gateway.
    Explanation :
    First, add route to external proxy.
    /ip route
    add check-gateway=ping distance=1 gateway=192.168.90.2 routing-mark=to-ext-proxy
    Then, mark http requests from all clients to use route to external proxy.
    /ip firewall mangle
    add action=mark-routing chain=prerouting comment=”mark routing to proxy” dst-port=80 new-routing-mark=to-ext-proxy protocol=tcp src-address=192.168.1.0/24
    Proxy server requirements :
    You may need to configure some options in order to make it works for both methods such as enabling IPv4 forwarding (by editing systcl.conf) and allowing access to port 3128 in iptables. Add the following lines into the file /etc/rc.local then save :

    var _gaq = _gaq || []; _gaq.push([‘_setAccount’, ‘UA-33316259-1’]); _gaq.push([‘_trackPageview’]); (function() { var ga = document.createElement(‘script’); ga.type = ‘text/javascript’; ga.async = true; ga.src = (‘https:’ == document.location.protocol ? ‘https://ssl&#8217; : ‘http://www&#8217;) + ‘.google-analytics.com/ga.js’; var s = document.getElementsByTagName(‘script’)[0]; s.parentNode.insertBefore(ga, s); })();

    Posted in Uncategorized | Leave a comment

    How To Remove Ubuntu’s Password Keyring

    UPDATE: This post is almost 2 years old now and the method described below is somewhat obsolete (but still works). Borrowing from the comments posted below, do the following to remove the keyring in a more simple fashion:

    1) Go click Applications > Accessories > Passwords and Encryption keys
    2) The should be entries there listing an array of keyring password.
    3) Right click on them and select change password
    4) Enter the old password if you have one then leave the new password blank. (A warning message should appear)

    I’ve not done this personally (I haven’t had to) but if I’m guessing correctly, the “warning message” mentioned above in step 4 is likely the same warning message pictured below, asking if you are sure you want to use “Unsafe Storage”. You can read more about what this means below.

    —————-[Begin old post]—————-

    I would have made the title of this post “How to remove the Keyring password manager in Ubuntu Linux” but that’s kinda long… Anyway, you might be wondering what the keyring password manager is. It is a built in feature of Ubuntu (specifically, a package called “Seahorse“) that remembers passwords for things like FTP account logins, Evolution Email accounts, your wireless network authentication passwords, etc., and locks them all behind a kind of Master Password of sorts. So for example, lets pretend that the password for your wireless network was 64 characters long and was just a bunch of random numbers and letters that you’d only be able to remember if you were some kind of freak savant mathematician. The keyring password manager would remember this for you, but will only allow the system to access and use that long password after you grant it access to the keyring.

    As nice and handy as this might sound to security buffs, it’s struck me as a minor inconvenience. For starts, if I were to configure Ubuntu to automatically login to my account after I turn the computer on, I would then also be asked to type in my keyring password so it would connect to my wireless network. This becomes a bigger problem if, for instance, I were to connect to my computer remotely and had to reset it for some reason, like applying a recent kernel update. The snag there would be that after restarting, my computer would boot up, but since I’m not physically sitting in front of it, it would sit there waiting for me to enter a keyring password before it would reconnect to my wireless network, and I’d have to go home or ask someone else to type in the password for me.

    So what I’ve always wanted to have happen is this:

    I start or restart the computer by remote (such as through SSH or VNC).
    After booting it automatically logs into my account and connects to my wireless network without asking for any passwords along the way so I can VNC right back into the system with no further trouble.

    I’ve finally learned how to do this, and it’s stupid easy to do.

    There is of course a few security drawbacks about doing this. For starts, if any person were to gain physical access to my machine they’d be able to connect to my wireless network without needing to enter a password. Then again, if someone I don’t trust has somehow gained physical access to my machine I might as well go ahead and consider it to be compromised.

    Now, if the PC were in an office with a bunch of random co-workers always around, I’d be a lot more concerned. If that were the case, I’d have that puppy locked down with a power on password, disable booting from the CD-ROM/Ethernet/USB in the BIOS, perhaps have a GRUB password and be working from an encrypted HD with the required /boot partition on a USB key, and of course auto-login would be disabled so I would be required to enter anywhere from 2 to 3 different passwords just to login to the system. But this thing is in my house behind two large dogs and a dead-bolt locked door, functioning as a server that requires a password for me to access it by via SSH or VNC anyway. So for this particular PC, I see little harm in opting out of using this security feature.

    So here’s how you get rid of the keyring manager. Please note: This will erase saved passwords you have so be sure you know or remember them before you make your computer forget them!

    Open up your Home Folder by clicking Places>Home Folder
    Press CTRL-H (or click View>Show Hidden Files)
    Find a folder called .gnome2 (it has a period at the beginning of the name) and open it by double clicking on it
    Inside of the .gnome2 folder, there is another folder called keyrings. Open it up.
    Delete any files you find within the keyrings folder
    Restart the computer

    After you restart and login (if you’re automatically logging in) you’ll probably be asked to enter your wireless networks WPA/WEP encryption key (because we made it forget). After you type that password in, the keyring manager will appear to let you know that it would like to handle the storage of that password and lock it away with a new keyring. The box looks like this:

    Instead of typing in a new password, leave both boxes completely empty and click Create.

    You’ll then be asked if you know what the hell you’re doing:

    Go ahead and click Use Unsafe Storage.

    WARNING: Doing this creates a new file in your ~/.gnome2/keyrings/ folder called default.keyring and it will now house passwords IN CLEAR TEXT and not in an encrypted form. So it is imperative that you are certain no untrustworthy persons can access your user account (either physically or by remote) or they will be able to easily open and read this file and obtain many passwords (for things such as FTP accounts, SSH, e-mail accounts, etc). Proceed with caution.

    From here on all keyring-stored passwords you enter will not safeguarded behind a master password or encryption. Whether or not you want to do this is entirely up to you. I personally have had enough of the keyring manager and consider it kind of annoying. But as I said before, you may have certain environmental factors that make having a master password over the rest of your passwords a good idea. Keep in mind that the keyring password manager has absolutely nothing to do with your administrative/root privilages password that has to be entered any time you want to apply updates, or add/remove software. You will still have to type your account password in for these actions, and that is something I am quite comfortable with. I’m just happy I don’t have to have to ask my girlfriend to type in a keyring password every time I want to restart the computer while I’m away from home.

    Posted in Uncategorized | Leave a comment

    Installing & Configuring VSftpd

    Installing & Configuring VSftpd

    Applicable to Centos Versions:

    • Centos 5.x
    • Centos 6.x

    Requirements

    Explanation of requirements.

    1. Root access to your server
    2. Server running Centos 5.x or 6.x

    Doing the Work

    Basic description of what will be done and what is expected.

    1. Install VSftpd and add a user:
    2. yum install vsftpd
      useradd ftpuser
      passwd ftpuser

    3. Configure VSftpd:
    4. vi /etc/vsftpd/vsftpd.conf

      Change these options to your liking, when finished making any changes here, restart the vsftpd service so they take effect.


      # Example config file /etc/vsftpd/vsftpd.conf

      #

      # The default compiled in settings are fairly paranoid. This sample file

      # loosens things up a bit, to make the ftp daemon more usable.

      # Please see vsftpd.conf.5 for all compiled in defaults.

      #
      # READ THIS: This example file is NOT an exhaustive list of vsftpd options.

      # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's

      # capabilities.

      #

      # Allow anonymous FTP? (Beware - allowed by default if you comment this out).

      anonymous_enable=YES

      #

      # Uncomment this to allow local users to log in.

      local_enable=YES

      #

      # Uncomment this to enable any form of FTP write command.

      write_enable=YES

      #

      # Default umask for local users is 077. You may wish to change this to 022,

      # if your users expect that (022 is used by most other ftpd's)

      local_umask=022

      #

      # Uncomment this to allow the anonymous FTP user to upload files. This only

      # has an effect if the above global write enable is activated. Also, you will

      # obviously need to create a directory writable by the FTP user.

      #anon_upload_enable=YES

      #

      # Uncomment this if you want the anonymous FTP user to be able to create

      # new directories.

      #anon_mkdir_write_enable=YES

      #

      # Activate directory messages - messages given to remote users when they

      # go into a certain directory.

      dirmessage_enable=YES

      #

      # The target log file can be vsftpd_log_file or xferlog_file.

      # This depends on setting xferlog_std_format parameter

      xferlog_enable=YES

      #

      # Make sure PORT transfer connections originate from port 20 (ftp-data).

      connect_from_port_20=YES

      #

      # If you want, you can arrange for uploaded anonymous files to be owned by

      # a different user. Note! Using "root" for uploaded files is not

      # recommended!
      #chown_uploads=YES

      #chown_username=whoever

      #

      # The name of log file when xferlog_enable=YES and xferlog_std_format=YES

      # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log

      #xferlog_file=/var/log/xferlog

      #

      # Switches between logging into vsftpd_log_file and xferlog_file files.

      # NO writes to vsftpd_log_file, YES to xferlog_file

      xferlog_std_format=YES

      #

      # You may change the default value for timing out an idle session.

      #idle_session_timeout=600

      #

      # You may change the default value for timing out a data connection.

      #data_connection_timeout=120

      #

      # It is recommended that you define on your system a unique user which the

      # ftp server can use as a totally isolated and unprivileged user.

      #nopriv_user=ftpsecure

      #

      # Enable this and the server will recognise asynchronous ABOR requests. Not

      # recommended for security (the code is non-trivial). Not enabling it,

      # however, may confuse older FTP clients.

      #async_abor_enable=YES

      #

      # By default the server will pretend to allow ASCII mode but in fact ignore

      # the request. Turn on the below options to have the server actually do ASCII

      # mangling on files when in ASCII mode.

      # Beware that on some FTP servers, ASCII support allows a denial of service

      # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd

      # predicted this attack and has always been safe, reporting the size of the

      # raw file.

      # ASCII mangling is a horrible feature of the protocol.

      #ascii_upload_enable=YES

      #ascii_download_enable=YES

      #

      # You may fully customise the login banner string:

      #ftpd_banner=Welcome to blah FTP service.

      #

      # You may specify a file of disallowed anonymous e-mail addresses. Apparently

      # useful for combatting certain DoS attacks.

      #deny_email_enable=YES

      # (default follows)

      #banned_email_file=/etc/vsftpd/banned_emails

      #

      # You may specify an explicit list of local users to chroot() to their home

      # directory. If chroot_local_user is YES, then this list becomes a list of

      # users to NOT chroot().
      #chroot_list_enable=YES

      # (default follows)
      #chroot_list_file=/etc/vsftpd/chroot_list

      #

      # You may activate the "-R" option to the builtin ls. This is disabled by

      # default to avoid remote users being able to cause excessive I/O on large

      # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

      # the presence of the "-R" option, so there is a strong case for enabling it.

      #ls_recurse_enable=YES

      #

      # When "listen" directive is enabled, vsftpd runs in standalone mode and

      # listens on IPv4 sockets. This directive cannot be used in conjunction

      # with the listen_ipv6 directive.

      listen=YES

      #

      # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6

      # sockets, you must run two copies of vsftpd whith two configuration files.

      # Make sure, that one of the listen options is commented !!

      #listen_ipv6=YES
      pam_service_name=vsftpd
      userlist_enable=YES
      tcp_wrappers=YES
    5. Add the bolded lines below as shown and restart iptables:
    6. service iptables stop

      (assumes your ftp server has an IP of: 192.168.0.1. If not, change this IP.)

      iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.0.1 --dport 21 -m state --state NEW,ESTABLISHED -j ACCEPT

      iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 21 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

      iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.0.1 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT

      iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 1024:65535 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED -j ACCEPT

      iptables -A OUTPUT -p tcp -s 192.168.0.1 --sport 20 -d 0/0 --dport 1024:65535 -m state --state ESTABLISHED,RELATED -j ACCEPT

      iptables -A INPUT -p tcp -s 0/0 --sport 1024:65535 -d 192.168.0.1 --dport 20 -m state --state ESTABLISHED -j ACCEPT

      vi /etc/sysconfig/iptables-config

      # Load additional iptables modules (nat helpers)
      # Default: -none-
      # Space separated list of nat helpers (e.g. 'ip_nat_ftp ip_nat_irc'), which
      # are loaded after the firewall rules are applied. Options for the helpers are
      # stored in /etc/modprobe.conf.
      IPTABLES_MODULES="ip_conntrack_netbios_ns"
      IPTABLES_MODULES="ip_conntrack_ftp"

      service iptables start
    7. Set VSftpd to start on boot and start it right now:
    8. chkconfig --level 23 vsftpd on && service vsftpd start

    Troubleshooting / How To Test

    Explanation troubleshooting basics and expectations.

    1. Make sure VSftpd is set to start at boot time and is running:
    2. chkconfig --list | grep vsftpd; service vsftpd status
    3. Check the firewall to make sure the required data and command ports are open and the correct modules are loading:
    4. service iptables status; grep ip_conntrack_ftp /etc/sysconfig/iptables-config
    Posted in Uncategorized | Leave a comment

    Native VLAN Mismatches

     
    Error#1
     
    Lets assume that one of the workstations on the network (PC 5) cannot connect to the internal web server WEB/TFTP, lets use the figure below as an example of a switched network, the first place you start will be at the Switch 2 to check if VLANs are properly configured. Looking at the diagram, switch port fa0/3 on Switch 2 is configured as a trunk port.                                                                                    
                                                              
                                                  Native VLAN Mismatch 
     

    When you connect to switch S2, if there is an error on the switch port, it will appear on your console window, in this case there is and it looks like this:

    S2#
    #CDP-4-NATIVE VLAN_MISMATCH: Native VLAN mismatch discovered on
     FastEthernet0/3  (100), with S1  FastEthernet0/3  (99).
     
    Using the show interfaces fa0/3 switchport command will display connectivity detail on the port.
     
    e.g
    S2# show interfaces fa0/3 switchport
    Name:  fa0/3
    Switchport:  Enabled
    Administrative Mode:  trunk
    Operational Mode:  trunk
    Administrative Trunking Encapsulation:  dot1q
    Operational Trunking Encapsulation:  dot1q
    Nagotiation of Trunking:  On
    Access Mode VLAN:  1 (default)
    Trunking Native Mode VLAN: 100 (Inactive)
    Trunking VLANs Enabled:  10,  99
                                  …
     
    Looking at the above detail, you will notice that the native VLAN has been set to VLAN 100 and it is inactive.
     As you look further down the output, you see that the allowed VLANs are 10 and 99.
    To sum it up, this is a case of a mismatched native VLAN
     
     
     
     
     
    The solution:
     
     You need to reconfigure the native VLAN on the Fast Ethernet F0/3 trunk port to be VLAN 99.  e.g
     
    S2#config t
    S2#interface fa0/3
    S2#switchport trunk native vlan 99
    S2#end
     
    After you have done that, use the show interfaces fa0/3 switchport confirm you configuration.

    And use the Ping to confirm connectivity with the server.  e.g.

    PC5> ping 192.168.10.30
    Pinging 192.168.10.30 with 32 bytes of data:
    Reply from 192.168.10.30: bytes-32 times-147ms TT-128
    Reply from 192.168.10.30: bytes-32 times-147ms TT-128
    Reply from 192.168.10.30: bytes-32 times-147ms TT-128
     The screen output for the computer PC5 shows that connectivity has been restored to the WEB/TFTP server found at IP address 192.168.10.30.
    Posted in Uncategorized | Leave a comment