To find out where disk space is being used:

Get to the root of your machine by running

# cd /

Run

# sudo du -h --max-depth=1

Note which directories are using a lot of disk space.
cd into one of the big directories.
Run

# ls -l

to see which files are using a lot of space. Delete any you don’t need.
Repeat steps to run once you cd into the directory with the largest size

sudo du -h --max-depth=1

This article describes how to change the SSL cert for you Windows server to match a hostname so that when you remote desktop to a windows server, you don’t get a warning for the identity and the SSL cert.

Go to Sectigo (Comodo) and sign up for a free ssl.

https://ssl.comodo.com/free-ssl-certificate.php

First, generate a CSR.

One: https://knowledge.digicert.com/solution/SO21586.html

https://support.comodo.com/index.php?/Knowledgebase/Article/View/739/19/csr-generation-and-ssl-installation-for-ms-terminal-services-rdp

Set up the CSR

Godaddy – https://hk.godaddy.com/en/help/windows-generate-csr-for-code-or-driver-signing-certificate-7282

CSR Generation: Using certreq (Windows)
This article is for administrators who prefer the command shell!

Save the following file as request.inf on your server editing the subject according to the comment:

;----------------- request.inf -----------------

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "C=US, CN=something.example.com" 

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashAlgorithm = SHA256 

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing
;-----------------------------------------------


then run

certreq -new request.inf request.csr

This add the key as well – https://blogs.technet.microsoft.com/rmilne/2014/06/17/how-to-request-certificate-without-using-iis-or-exchange/

re: https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/813/102/

Finish install:

iPerf is a command-line tool used in diagnosing network speed issues by measuring the maximum network throughput a server can handle. It is particularly useful when experiencing network speed issues, as you can use iPerf to determine which server is unable to reach maximum throughput.

Basic usage:

run iperf -s on machine A then go to machine b and run iperf -c and it’ll tell you the xfer speed

Install iPerf

The iperf package is included in most Linux distribution’s repositories.

Debian and UbuntuPermalink

# apt-get install iperf

CentOS

CentOS repositories do not have iPerf. Use the EPEL repository, which is a repository used to install third-party software packages on RedHat systems such as RHEL and CentOS:

# yum install epel-release
# yum update
# yum install iperf

Arch LinuxPermalink

# pacman -S iperf

openSUSEPermalink

# zypper install iperf

GentooPermalink

# emerge iperf

If you have not yet run emaint –sync you may need to do so before it will allow you to install the iPerf package. Additionally, by default you will need to substitute each iperf command with /usr/bin/iperf3. This path may differ dependent on your iPerf version.

How to Use iPerf

iPerf must be installed on the computers at both ends of the connection you’re testing. If you are using a Unix or Linux-based operating system on your personal computer, you can install iPerf on your local machine.

If you are testing the throughput of your server, however, it’s better to use another server as the end point, as your local ISP may impose network restrictions that can affect the results of your test.

CP Clients & Servers

iPerf requires two systems because one system must act as a server, while the other acts as a client. The client connects to the server you’re testing the speed of.

On the server you plan to test, launch iPerf in server mode:

# iperf -s

You should see output similar to:

      
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------

On your second server, connect to the first. Replace 198.51.100.5 with the first servers IP address.


# iperf -c 198.51.100.5

     
------------------------------------------------------------
Client connecting to 198.51.100.5, TCP port 5001
TCP window size: 45.0 KByte (default)
------------------------------------------------------------
[  3] local 198.51.100.6 port 50616 connected with 198.51.100.5 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.1 sec  1.27 GBytes  1.08 Gbits/sec

You will also see the connection and results on your iPerf server:


------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
[  4] local 198.51.100.5 port 5001 connected with 198.51.100.6 port 50616
[ ID] Interval       Transfer     Bandwidth
[  4]  0.0-10.1 sec  1.27 GBytes  1.08 Gbits/sec

To stop the iPerf server process, press CTRL + c.

UDP Clients & Servers

Using iPerf, you can also test the maximum throughput achieved via UDP connections.

Start a UDP iPerf server:

# iperf -s -u

      
------------------------------------------------------------
Server listening on UDP port 5001
Receiving 1470 byte datagrams
UDP buffer size:  208 KByte (default)
------------------------------------------------------------

Connect your client to your iPerf UDP server. Replace 198.51.100.5 with your IP address:


# iperf -c 198.51.100.5 -u

   
------------------------------------------------------------
Client connecting to 198.51.100.5, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  208 KByte (default)
------------------------------------------------------------
[  3] local 198.51.100.6 port 58070 connected with 198.51.100.5 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  1.25 MBytes  1.05 Mbits/sec
[  3] Sent 893 datagrams
[  3] Server Report:
[  3]  0.0-10.0 sec  1.25 MBytes  1.05 Mbits/sec   0.084 ms    0/  893 (0%)

1.05 Mbits/sec is considerably less than what was observed on the TCP tests. It is also considerably less than the maximum outbound bandwidth cap provided by the 1GB link. This is because iPerf limits the bandwidth for UDP clients to 1 Mbit per second by default.

You can change this with the -b flag, replacing the number after with the maximum bandwidth rate you wish to test against. If you are testing for network speed, set this number above the maximum bandwidth cap provided by your provider:

# iperf -c 198.51.100.5 -u -b 1000m

This tells the client that we want to achieve a maximum of 1000 Mbits per second if possible. The -b flag only works when using UDP connections, since iPerf does not set a bandwidth limit on the TCP clients.

   
------------------------------------------------------------
Client connecting to 198.51.100.5, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size:  208 KByte (default)
 ------------------------------------------------------------
      [  3] local 198.51.100.5 port 52308 connected with 198.51.100.5 port 5001
      [ ID] Interval       Transfer     Bandwidth
      [  3]  0.0-10.0 sec   966 MBytes   810 Mbits/sec
      [  3] Sent 688897 datagrams
      [  3] Server Report:
      [  3]  0.0-10.0 sec   966 MBytes   810 Mbits/sec   0.001 ms    0/688896 (0%)
      [  3]  0.0-10.0 sec  1 datagrams received out-of-order

This time the results are considerably higher.

Bidirectional Tests

In some cases, you may want to test both servers for the maximum amount of throughput. This can easily be done using the built-in bidirectional testing feature iPerf offers.

to test both connections, run the following command from the client:

# iperf -c 198.51.100.5 -d

The result is that iPerf will start a server and a client connection on the client server (198.51.100.6). Once this has been done, iPerf will connect the iPerf server to the client connection, which is now acting as both a server connection and a client connection.

------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 85.3 KByte (default)
------------------------------------------------------------
------------------------------------------------------------
Client connecting to 198.51.100.5, TCP port 5001
TCP window size:  351 KByte (default)
------------------------------------------------------------
[  3] local 198.51.100.6 port 50618 connected with 198.51.100.5 port 5001
[  5] local 198.51.100.6 port 5001 connected with 198.51.100.5 port 58650
[ ID] Interval       Transfer     Bandwidth
[  5]  0.0-10.1 sec  1.27 GBytes  1.08 Gbits/sec
[  3]  0.0-10.2 sec  1.28 GBytes  1.08 Gbits/sec

On the server, you will see:


------------------------------------------------------------
Client connecting to 198.51.100.6, TCP port 5001
TCP window size:  153 KByte (default)
------------------------------------------------------------
[  6] local 198.51.100.5 port 58650 connected with 198.51.100.6 port 5001
[  6]  0.0-10.1 sec  1.27 GBytes  1.08 Gbits/sec
[  5]  0.0-10.2 sec  1.28 GBytes  1.08 Gbits/sec

Options
Option Description
-f Change the format in which the tests are run. For example, you can use -f k to get results in Kbits per second instead of Mbits per second. Valid options include m (Mbits, default), k (Kbits), K (KBytes), and M (MBytes).
-V Forces iPerf to use IPv6 rather than IPv4.
-i Changes the interval between periodic bandwidth tests. For example, -i 60 will make a new bandwidth report every 60 seconds. The default is zero, which performs one bandwidth test.
-p Changes the port. When not specified, the default port is 5001. You must use this flag on both the client and server.
-B Binds iPerf to a specific interface or address. If passed through the server command, the incoming interface will be set. If passed through the client command, the outgoing interface will be set.

The term hairpinning comes from the fact that the traffic comes from one source into a router or similar devices, makes a U-turn and goes back the same way it came.

Visualize this and you see something that looks like a hairpin.

Hairpin NAT is a useful technique for accessing an internal server using a public IP. Since you are using a public IP to attempt to access a server in your network, the traffic will attempt to go out to the internet. In order to reach the server, the traffic will need to be redirected to the correct location.
The issue with this article is that you need to load a website or use curl to access the website on an internal IP that is set up as NAT to a public IP.

Scenario:

Server1 – Web Server. Has a public IP 214.44.55.44 and is behind a firewall with the private IP 10.0.0.12.

When you try and load the site on this server, it does not load.
Fix: Set up hosts file to point to the private IP.

Use this information when changing the hostname in centos 7.

Ways to show the hostname

# hostname
# hostname -s
# hostname -f
# cat /etc/hostname
# hostnamectl

How to change the hostname.
In order to change or set a CentOS 7 machine hostname, use the hostnamectl command as shown in the below command excerpt.

# hostnamectl set-hostname your-new-hostname

In order to apply the new hostname, a system reboot is required, issue one of the below commands in order to reboot a CentOS 7 machine.


# init 6
# systemctl reboot
# shutdown -r now

A second method to setup a CentOS 7 machine hostname is to manually edit the /etc/hostname file

# nano /etc/hostname

Follow this: https://documentation.cpanel.net/display/CKB/The+Let%27s+Encrypt+Plugin
The this for the icon in cpanel: https://premium.wpmudev.org/blog/free-ssl-https-cpanel/

Log into your SSH client at root level, then add the Let’s Encrypt repository with the following command:


cd /etc/yum.repos.d/ && wget https://letsencrypt-for-cpanel.com/static/letsencrypt.repo

Next, install the plugin for cPanel with line below and yum:

yum -y install letsencrypt-cpanel

Output:

 yum -y install letsencrypt-cpanel
Loaded plugins: fastestmirror, universal-hooks
Loading mirror speeds from cached hostfile
 * EA4: 104.219.172.10
 * cpanel-addons-production-feed: 104.219.172.10
 * base: mirrors.usc.edu
 * extras: mirror.san.fastserv.com
 * updates: mirrors.xmission.com
letsencrypt-cpanel                                                                                                             | 2.9 kB  00:00:00
letsencrypt-cpanel/primary_db                                                                                                  | 9.4 kB  00:00:00
Resolving Dependencies
--> Running transaction check
---> Package letsencrypt-cpanel.x86_64 0:0.14.0-1 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

======================================================================================================================================================
 Package                                  Arch                         Version                         Repository                                Size
======================================================================================================================================================
Installing:
 letsencrypt-cpanel                       x86_64                       0.14.0-1                        letsencrypt-cpanel                       3.5 M

Transaction Summary
======================================================================================================================================================
Install  1 Package

Total download size: 3.5 M
Installed size: 10 M
Downloading packages:
letsencrypt-cpanel-0.14.0-1.x86_64.rpm                                                                                         | 3.5 MB  00:00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
*** By running this installer, you indicate that you have read the end-user
 licence agreement (https://cpanel.fleetssl.com/eula) and agree to all of its terms, as stated. ***

Running installer as root
OS version OK
cPanel version OK
No licence file detected at /etc/letsencrypt-cpanel.licence
Fetching new trial licence ...
Licence file present
Redirecting to /bin/systemctl stop letsencrypt-cpanel.service
Failed to stop letsencrypt-cpanel.service: Unit letsencrypt-cpanel.service not loaded.
FleetSSL cPanel service daemon stopped
  Installing : letsencrypt-cpanel-0.14.0-1.x86_64                                                                                                 1/1

This server has self-signed service certificates
It is not safe to operate this plugin in this circumstance
'insecure' is being added to /etc/letsencrypt-cpanel.conf

If you wish to generate a Let's Encrypt cert for the server
Please read the configuration documentation on our website, at
https://cpanel.fleetssl.com/docs/service-certificates/

Config written to /etc/letsencrypt-cpanel.conf
Uninstallation of existing service failed (it's OK)
Installed init scripts.
Copied plugin files OK
Installing cPanel paper_lantern plugin (may take a minute) ...
cPanel Plugin installer succeeded OK
Installed chkservd scripts
Added apache pre virtualhost global include
Set cpanel tweak settings

--- Installation complete ---
The plugin should now be available in the cPanel feature manager
Will rebuild conf and restart Apache to reload AutoSSL DCV URLs
Rebuilding Apache conf and restarting now ...
Built /etc/apache2/conf/httpd.conf OK
  Verifying  : letsencrypt-cpanel-0.14.0-1.x86_64                                                                                                 1/1

Installed:
  letsencrypt-cpanel.x86_64 0:0.14.0-1

Complete!