Share This:

Sample NginX & php-fpm configuration with SSL on CentOS 7 and RHEL 7

By | All Linux HowTo's | No Comments

Share This:

This article shows an example configuration for NginX with php-fpm on CentOS 7. This is not a HowTo but rather something for you to copy/paste to help you on your way.

The website domain is “www.example.com” and we’re serving SSL as well. You can ignore that part if you like. Our site configuration files are in “/etc/nginx/conf.d/”. Our SSL certificates and related files are in “/etc/nginx/ssl/”. Our website content will be served from “/var/www/www.example.com”.

The HTTP configuration file: “/etc/nginx/conf.d/www.example.com.conf”

server {
        listen 80;
        server_name www.example.com;

        access_log   /var/log/nginx/www.example.com.access.log;
        error_log    /var/log/nginx/www.example.com.error.log;

        root /var/www/www.example.com;
        index index.php;

        location / {
                try_files $uri $uri/ /index.php?$args;
        }

        location ~ .php$ {
                #try_files $uri =404;
                include fastcgi_params;
                include fastcgi.conf;
                fastcgi_index  index.php;
                fastcgi_pass   127.0.0.1:9000;
        }
}

read more

Upgrade php-fpm to version 7 on CentOS 7

By | All Linux HowTo's | No Comments

Share This:

This article demonstrates how to upgrade php-fpm to 7.0.

This information is based on “https://webtatic.com/packages/php70/”.

Get the repositories ready:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
rpm -Uvh https://mirror.webtatic.com/yum/el7/webtatic-release.rpm

Do the upgrade:

yum install yum-plugin-replace
yum replace php-common --replace-with=php70w-common

Confirm your work:

php -v

Extend XFS filesystem on CentOS 7 and RHEL 7

By | All Linux HowTo's | No Comments

Share This:

This article shows how to expand a filesystem on a CentOS 7 or Redhat Enterprise Linux 7 system by adding a second disk/filesystem.

The disk in this example is “/dev/sda” and it has two filesystems on it “/dev/sda1” and “/dev/sda2”. There is plenty of unused disk space available no “/dev/sda”. We’ll be extending the “/root” filesystem.

read more

Creating a Hello World program in Assembly Language in 5 minutes

By | All Linux HowTo's | No Comments

Share This:

This article walks you through the process of building a very simple program in assembly language in 5 minutes. Tutorial programs usually go by the name “Hello World” because that’s all they print out to the screen. Plenty of this information came from: http://www.tutorialspoint.com/assembly_programming/assembly_environment_setup.htm.

Install the tools.

yum install nasm -y

Create a file called “~/hello.asm” and populate it with the following:

section	.text
   global_start   ;must be declared for linker (ld)
	
_start:	          ;tells linker entry point
   mov	edx,len   ;message length
   mov	ecx,msg   ;message to write
   mov	ebx,1     ;file descriptor (stdout)
   mov	eax,4     ;system call number (sys_write)
   int	0x80      ;call kernel
	
   mov	eax,1     ;system call number (sys_exit)
   int	0x80      ;call kernel

section	.data
msg db 'Hello, world!', 0xa  ;string to be printed
len equ $ - msg     ;length of the string

read more

Minimal Squid as a Transparent Proxy

By | All Linux HowTo's, Security HowTo's | No Comments

Share This:

This article demonstrates how to configure a Squid transparent proxy. We’re using CentOS or Redhat here but the configuration its self will work on any distribution. Note that Debian related distributions call it “squid3” while Redhat related distributions just call it “squid”.

A few extra notes. We’re going to be logging in a simplified way to “/var/log/squid/access.log.simple”. We’re using the network “192.168.0.0/24”. We’re not touching SSL/HTTPS. This server is both the router and proxy. It must be able to resolve DNS names and get to the Internet. Clients should use this proxy/router as their default gateway. The IP address of this server (in my examples) is “192.168.0.2”.

Install squid:

yum install squid

Enable Squid:

# CentOS/Redhat 6
chkconfig squid on
# CentOS/Redhat 7
systemctl enable squid

Make a backup of the config file:

cp /etc/squid/squid.conf /etc/squid/squid.conf.original

Remove the contents of the config file “/etc/squid/squid.conf” and replace it with the following:

http_port 3128 transparent

logformat agix %>a %>A %ul %ru %>Hs
access_log /var/log/squid/access.log.simple agix

acl mylan src 192.168.0.0/255.255.0.0

http_access allow mylan
http_access deny all

coredump_dir /var/spool/squid

Restart Squid with the following:

# CentOS/Redhat 6
service squid restart
# CentOS/Redhat 7
systemctl restart squid

read more

Hide Apache version information (CentOS and RHEL 6)

By | All Linux HowTo's, Security HowTo's | No Comments

Share This:

This is a short howto to hide the Apache version information on a CentOS or similar server.

Open the file “/etc/httpd/conf/httpd.conf” and change the following options to be as detailed below:

ServerTokens ProductOnly
ServerSignature Off

Now restart Apache and the version should be hidden.

Securing Apache SSL on CentOS 7

By | All Linux HowTo's, Security HowTo's | No Comments

Share This:

This howto describes how to keep an Apache server up to date with SSL security. Test your own server at:

https://www.ssllabs.com/ssltest/analyze.html

read more

Build an EC2 using Ansible Step By Step

By | All Linux HowTo's | No Comments

Share This:

This article explains step by step how to create (spin up) an EC2 instance within AWS using Ansible and a few extras. Unlike 100% of other articles out there, this one actually demonstrates how to do it. Pay attention to the date of this article because things DO change over time.

We’re using CentOS 7 as the Ansible host.

Run the following commands to install the required dependencies for Ansible and AWS. I’m running this as a normal user with SUDO access, not the root user.

sudo pip install --upgrade pip
sudo pip install boto
sudo yum install ansible

Log into your AWS account to get your “AWS_ACCESS_KEY_ID” and “AWS_SECRET_ACCESS_KEY”. Go to “Identity and Access Management”. Create a new user or select an exiting one. Go to “Security Credentials” and click “Create Access Key”. Here’s an example of what you’ll end up with:

Access Key ID: NUHKOIJFOJF9GFJDO
Secret Access Key: LSDJKFODSJF9SDJF8UH3U3HFKW

Keep those safe – download when asked. Use the above values to create environment variables. Copy and paste the following (with your values replacing mine) into your shell:

export AWS_ACCESS_KEY_ID="NUHKOIJFOJF9GFJDO" 
export AWS_SECRET_ACCESS_KEY="LSDJKFODSJF9SDJF8UH3U3HFKW"

Create the “~/hosts” file with the following contents:

[local]
localhost

[webserver]

Now we build our YML file for Ansible to run through. Here’s a sample that will create a basic EC2 with a public IP address and your public SSH key. Put the following into the file “~/ec2-basic.yml”

---
  - name: Provision an EC2 Instance
    hosts: local
    connection: local
    gather_facts: False
    tags: provisioning
    # Necessary Variables for creating/provisioning the EC2 Instance
    vars:
      instance_type: t2.micro
      security_group: ansible-webserver # Change the security group name here
      image: ami-719fb712 # This is an AMI i created myself
      keypair: agix-key # This is one of my keys that i already have in AWS
      region: ap-southeast-2 # Change the Region
      count: 1

    # Task that will be used to Launch/Create an EC2 Instance
    tasks:

      - name: Create a security group
        local_action: 
          module: ec2_group
          name: "{{ security_group }}"
          description: Security Group for webserver Servers
          region: "{{ region }}"
          rules:
            - proto: tcp
              from_port: 22
              to_port: 22
              cidr_ip: 0.0.0.0/0
            - proto: tcp
              from_port: 80
              to_port: 80
              cidr_ip: 0.0.0.0/0
            - proto: tcp
              from_port: 443
              to_port: 443
              cidr_ip: 0.0.0.0/0
          rules_egress:
            - proto: all
              cidr_ip: 0.0.0.0/0
        register: basic_firewall

      - name: Launch the new EC2 Instance
        local_action: ec2 
                      group={{ security_group }} 
                      instance_type={{ instance_type}} 
                      image={{ image }} 
                      wait=true 
                      region={{ region }} 
                      keypair={{ keypair }}
                      count={{count}}
        register: ec2

      - name: Add the newly created EC2 instance(s) to the local host group (located inside the directory)
        local_action: lineinfile 
                      dest="./hosts" 
                      regexp={{ item.public_ip }} 
                      insertafter="[webserver]" line={{ item.public_ip }}
        with_items: ec2.instances


      - name: Wait for SSH to come up
        local_action: wait_for 
                      host={{ item.public_ip }} 
                      port=22 
                      state=started
        with_items: ec2.instances

      - name: Add tag to Instance(s)
        local_action: ec2_tag resource={{ item.id }} region={{ region }} state=present
        with_items: ec2.instances
        args:
          tags:
            Name: webserver

read more

IaaS Alternatives to AWS (Google Cloud, Microsoft Azure and IBM Softlayer)

By | AGIX Discussion | No Comments

Share This:

Amazon has a head-start with AWS IaaS services. We use AWS at AGIX by default because we know what they have to offer and we know what to expect with pricing and performance. We also have automation tools that work well with their stack. We’re often asked for alternatives for comparison so we do keep our eyes open.

Don’t expect to be an expert by the end of this article. This is simply an intro to the link at the bottom – read this first and then hit the link.

Enter Microsoft, IBM and Google. I’ve spent some time testing each IaaS listed above. My tests were simply to create accounts and spin-up a CentOS 7 instance. Sadly I was turned off by the silliest thing with both Google and Microsoft. Microsoft’s Azure and Google Cloud interfaces (web interface, not CLI) are too animated and slow to respond. I often missed buttons and clicked something that slid into it’s path. Small, silly but annoying.

read more

Show top requests on Varnish

By | All Linux HowTo's | No Comments

Share This:

When logged into the Varnish server, you can see which requests are most common using the commands below. These will help determine popular content and also assist with troubleshooting during high-load times.

The following command shows the requests from the Internet to Varnish:

varnishtop -i TxURL

The following command shows the requests from Varnish to the backend server (web server):

varnishtop -i RxURL

Contact AGIX Support

Level 12, 101 Grenfell Street
Adelaide, South Australia
Phone: (08) 7324 4429
or 0422 927 598
support@agix.com.au