geekdecoder – Page 2 – Linux, Windows and Other Tips and Tricks

Change Windows RDP SSL Cert from Default to Comodo Free SSL

May 31, 2019 The Geek Decoder Leave a comment Administration

This article describes how to change the SSL cert for you Windows server to match a hostname so that when you remote desktop to a windows server, you don’t get a warning for the identity and the SSL cert.

Go to Sectigo (Comodo) and sign up for a free ssl.

https://ssl.comodo.com/free-ssl-certificate.php

First, generate a CSR.

One: https://knowledge.digicert.com/solution/SO21586.html

https://support.comodo.com/index.php?/Knowledgebase/Article/View/739/19/csr-generation-and-ssl-installation-for-ms-terminal-services-rdp

Set up the CSR

Godaddy – https://hk.godaddy.com/en/help/windows-generate-csr-for-code-or-driver-signing-certificate-7282

CSR Generation: Using certreq (Windows)
This article is for administrators who prefer the command shell!

Save the following file as request.inf on your server editing the subject according to the comment:

;----------------- request.inf -----------------

[Version]
Signature="$Windows NT$"

[NewRequest]
Subject = "C=US, CN=something.example.com" 

KeySpec = 1
KeyLength = 2048
Exportable = TRUE
MachineKeySet = TRUE
SMIME = False
PrivateKeyArchive = FALSE
UserProtected = FALSE
UseExistingKeySet = FALSE
ProviderName = "Microsoft RSA SChannel Cryptographic Provider"
ProviderType = 12
RequestType = PKCS10
KeyUsage = 0xa0
HashAlgorithm = SHA256 

[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1 ; this is for Server Authentication / Token Signing
;-----------------------------------------------

then run

certreq -new request.inf request.csr

This add the key as well – https://blogs.technet.microsoft.com/rmilne/2014/06/17/how-to-request-certificate-without-using-iis-or-exchange/

re: https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/813/102/

Finish install:

How to Change the IP for Webmail on Plesk Domain

May 30, 2019 The Geek Decoder Leave a comment Plesk

Symptoms

Webmail webmail.example.com shows the blank page or the default plesk page.

DNS records for webmail.example.com is managed by external DNS server:


# dig +short webmail.example.com @8.8.8.8
203.0.113.2

There is another IP 203.0.113.3 is set in web server configuration file for webmail.example.com:

RHEL-like systems


grep VirtualHost /etc/httpd/conf/plesk.conf.d/webmails/example.com_webmail.conf | grep -v "/VirtualHost"

Debian-like systems


grep VirtualHost /etc/apache2/plesk.conf.d/webmails/example.com_webmail.conf | grep -v "/VirtualHost"

Both IP addresses belongs to the server
Cause

IP address that is set for domain does not match the one specified on registrar’s side.
Resolution

Log into Plesk
Browse to Home > Domains > example.com > Web Hosting Access and change IP address to the correct one 203.0.113.2

If the domain has no hosting and used only to serve mail, Web Hosting Access link is not present in Plesk. However, to update IP for webmail’s configuration file is possible via command line:

Connect to the server using SSH
Update the IP address to correct one:


# plesk bin subscription -u example.com -ip 203.0.113.2

Source: https://support.plesk.com/hc/en-us/articles/115005104213-Webmail-shows-the-blank-page

DDos Analysis

May 30, 2019 The Geek Decoder Leave a comment Security

DDos Detection Articles:

https://www.hivelocity.net/kb/how-to-check-if-your-linux-server-is-under-ddos-attack/

http://linuxaria.com/howto/how-to-verify-ddos-attack-with-netstat-command-on-linux-terminal

https://support.plesk.com/hc/en-us/articles/360000345633-How-to-diagnose-possible-DoS-or-DDoS-attack-on-Apache

Import a large sql dump file to a MySQL database from command line

May 12, 2019 The Geek Decoder Leave a comment MySQL

How to import a very large SQL dump file (6 Gb) to a MySQL database using windows command line. If you are using linux it is the same. The process is the following:

Open a command prompt (or shell in Linux) with administrative privilleges

Connect to a mysql instance using command line:

# mysql -h 192.168.1.1 --port=3306 -u root -p

if you are in localhost you do not need host and port

# mysql -u root -p

Or if plesk,

# mysql -uadmin -p`cat /etc/psa/.psa.shadow`

You are now in mysql shell. Set network buffer length to a large byte number. The default value may throw errors for such large data files

mysql> set global net_buffer_length=1000000;

Set maximum allowed packet size to a large byte number.The default value may throw errors for such large data files.

mysql> set global max_allowed_packet=1000000000;

Disable foreign key checking to avoid delays,errors and unwanted behaviour

mysql> SET foreign_key_checks = 0;
mysql> SET UNIQUE_CHECKS = 0;
mysql> SET AUTOCOMMIT = 0;

Import your sql dump file

mysql> use db_name;
mysql> source backup-file.sql;

Remember to enable foreign key checks when procedure is complete!

 mysql> SET foreign_key_checks = 1;
 mysql> SET UNIQUE_CHECKS = 1;
 mysql> SET AUTOCOMMIT = 1;

If you are in Linux you can create a Bash script which will do the dirty job and write to stdout start and end time of import:

  #!/bin/sh 

  # store start date to a variable
  imeron=`date`

  echo "Import started: OK"
  dumpfile="/home/bob/bobiras.sql"

  ddl="set names utf8; "
  ddl="$ddl set global net_buffer_length=1000000;"
  ddl="$ddl set global max_allowed_packet=1000000000; "
  ddl="$ddl SET foreign_key_checks = 0; "
  ddl="$ddl SET UNIQUE_CHECKS = 0; "
  ddl="$ddl SET AUTOCOMMIT = 0; "
  # if your dump file does not create a database, select one
  ddl="$ddl USE jetdb; "
  ddl="$ddl source $dumpfile; "
  ddl="$ddl SET foreign_key_checks = 1; "
  ddl="$ddl SET UNIQUE_CHECKS = 1; "
  ddl="$ddl SET AUTOCOMMIT = 1; "
  ddl="$ddl COMMIT ; "

  echo "Import started: OK"

  time mysql -h 127.0.0.1 -u root -proot -e "$ddl"

  # store end date to a variable
  imeron2=`date`

  echo "Start import:$imeron"
  echo "End import:$imeron2"

Other solutions:
Big Dump
http://www.ozerov.de/bigdump/ seems good

Split Files
http://www.rusiczki.net/2007/01/24/sql-dump-file-splitter/

CORS on Plesk

May 10, 2019 The Geek Decoder Leave a comment Plesk

How to enable and test CORS on Plesk

https://stackoverflow.com/questions/12173990/how-can-you-debug-a-cors-request-with-curl
https://support.plesk.com/hc/en-us/articles/115001338265-How-to-set-up-CORS-cross-origin-resource-sharing-in-Plesk-for-Linux-

and

Getting CORS to work with Apache

Using the MutiPHP Editor changes are overwritten for fopen and exec

May 9, 2019 The Geek Decoder Leave a comment cPanel, PHP

Recently there was an issue where the fopen and curl function and shell_exec functions were reverting back to original values. Using the MutiPHP Editor was not working.

the resolution was that the php-fmp handler was being used on a cpanel server. So the php-fpm config file needed to be changed.

The line that needs to be edited is:in /opt/cpanel/ea-php56/root/etc/php-fpm.d/$DOMAIN

Remove the disable_functions which includes shell_exec

php_admin_value[disable_functions] =

Then restart the following services.

systemctl restart httpd.service
/scripts/restartsrv_apache_php_fpm
/scripts/restartsrv_cpanel_php_fpm

UPDATE; Seems the yaml files need to be updated:
https://forums.cpanel.net/threads/stop-cpanel-from-overwriting-php-fpm-settings-file.596527/

This information is for editing the yaml file which should result in permanent changes.

More information here on php-fpm configurations:
https://documentation.cpanel.net/display/64Docs/Configurations+Values+of+PHP-FPM#ConfigurationsValuesofPHP-FPM-Howtoremovedefaultvaluesfromaconfiguration

UPDATE 2:

Also, there was an issue with fopen where the changes in the MultiPHP Editor were being overwritten.

If PHP handler is LSAPI, you can adjustment to your Apache configuration. Please ensure the setting is enabled for the site(s) in question under MultiPHP Ini Editor. If this still does not work, in whm from Home »Software »MultiPHP Manager there is a System PHP-FPM Configuration tab and from it you can change the user override ability for allow_url_fopen and other options.

How do I manage databases in the Plesk control panel?

May 8, 2019 The Geek Decoder Leave a comment Knowledge Base, Plesk

The Plesk Control Panel has the ability to create multiple MySQL and PostgreSQL databases as well as multiple users within each database. Also, directly accessible via Plesk, are the links to phpMyAdmin and PhpPGAdmin, the PHP interface applications that abstract mysql or postgresql into a web-based administration tool, allowing you to sort, edit, and create tables within a given database.

Before creating your databases within the Plesk Control Panel, please ensure that you have already added a hosted domain name to your dedicated server.

Here is how you can create MySQL (or PostgreSQL) databases using Plesk:
Login to your Plesk Control Panel. The login URL is in the following format (https://ipaddress:8443).
Click on Websites and Domains from the navigation bar on the left.

Select the domain name that you’d like to associate your database with.
Click the Databases icon on the top right menu.

Click the Add Database icon.

Add the Database Name
Select the related site for the data base.
Click the “Create a Database User” box in order to setup database administrator’s credentials.
Enter a username and a password which will be used for accessing the contents of the database.
Select if the User has access to all databases.
Select Access Control for the database.
Click OK.
Now, you can use the phpMyAdmin and other tools where you can manage your database.

PHP Custom Sessions Not Working in Plesk

April 15, 2019 The Geek Decoder Leave a comment Plesk

I went and adjusted the expected time out to 4 hours on every domain and on the default settings through Plesk. But it seems that instead of time outs being handled by php, the server runs a cron job that handles the timeouts and ignore php settings. That breaks our apps. Is it there a way to change his?

See: https://websavers.ca/plesk-php-sessions-timing-earlier-expected

After switching a WordPress website to FPM served by nginx in Plesk, it fails to load with “404 Not Found” on all pages except start page

April 1, 2019 The Geek Decoder Leave a comment Plesk

After switching a WordPress website to FPM served by nginx in Plesk, it fails to load with “404 Not Found” on all pages except start page.

See: https://support.plesk.com/hc/en-us/articles/213912945-A-WordPress-website-on-a-Plesk-server-shows-404-Not-Found-on-all-pages-except-index-php-when-running-on-FPM-by-nginx

For one website

In Plesk, add the content below to the Additional nginx directives field of the WordPress domain at Domains > example.com > Apache & nginx Settings:


    if (!-e $request_filename) {
    set $test P;
    }
    if ($uri !~ ^/(plesk-stat|webstat|webstat-ssl|ftpstat|anon_ftpstat|awstats-icon|internal-nginx-static-location)) {
    set $test "${test}C";
    }
    if ($test = PC) {
    rewrite ^/(.*)$ /index.php?$1;
    }

Mariadb default logs location & –log-error

March 14, 2019 The Geek Decoder Leave a comment MySQL

I am using mariadb and I to investigate some issue I wanted to check the logs. To my surprise, log file is not generated for mariadb.

I suspect this cannot be the case so I am doubting my search skills.

MariaDB [(none)]> show variables like 'log_error'
    -> ;
+---------------+-------+
| Variable_name | Value |
+---------------+-------+
| log_error     |       |
+---------------+-------+
1 row in set (0.00 sec)

I have added the entry in my.cnf still above field is coming to be empty.

[root@cslcodev11-oem ~]# cat /etc/my.cnf
[mysqld]
!includedir /etc/mysqld/conf.d
datadir=/mnt/mgmt/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
tmpdir=/mnt/mgmt/var/lib/mysql_tmp
user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
### TRT-3229 #####
sync_binlog=1
innodb_flush_method=O_DIRECT
innodb_support_xa = 1
myisam_repair_threads = 2
myisam_recover_options = FORCE
###################
innodb_file_per_table=1
innodb_log_buffer_size = 8M
table_open_cache=256
max_heap_table_size=256M
### TRT-4685 ###
max_connections=500
################
innodb_log_file_size = 512M

[mysqld_safe]
log-error=/var/log/mariadb/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
[root@cslcodev11-oem ~]#

So, I want to know do we have any default location where these logs are getting generated, if the path cannot be read from config files.

INFO: Reference: https://mariadb.com/kb/en/mariadb/error-log/

On the MariaDB Knowledge base page for the error-log there is a paragraph that states.

systemd has its own logging system, and Linux distributions running systemd may log errors there instead. To view the systemd logs, use:

# journalctl -u mariadb.

This answers the question because –log-error would be an option that could be added to MY_SPECIAL.conf file and journalctl is where mariadb logs errors by default on a systemd system.