New Linux Server Checklist (2014 Edition)

These are some of the basic things I do when I setup a new server


Setup DirectAdmin with an SSL certificate


If you don't own a certificate, you can create your own:

/usr/bin/openssl req -x509 -newkey rsa:2048 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

Magento upgrade from 1.4 or 1.5 or 1.6 or 1.7 to 1.8

NOTE: this upgrade process works the same way for Magento version 1.4, 1.5, 1.6, 1.7, and 1.8

As many magento users will know, Magento is no fun to work with-- mainly due to poor community support (the developers help paying customers; i.e. Magento Enterprise ... Only payed support there... Great for business but bad for the average or beginning user...)


So here's how we do it.


You can skip this step all together, however, please make a backup of everything prior to beginning the upgrade.

Create a test environment somewhere on your server (preferably away from your production installation)

How to install Apache Solr 4.6 with Apache Tomcat 7, for use with Drupal

Here's the 2014 version on how-to install Apache Solr 4.6, alongside Apache Tomcat 7, to help out with things like Drupal faceted search.

Ok... let's do this.

Install Java 1.7

yum install java-1.7.0-openjdk
# or
aptitude install java7-jdk

Done--that was quick.

Install Tomcat 7

Get the latest version of Tomcat here:

How to install a new drive in Linux larger than 2TB with proper alignment

Let's assume that we already have a primary physical drive in our system (HDD or SDD), and have added a second drive to our box, which we need to partition and mount automatically on boot.

Here's how to that:

Let's see what physical drives we have installed in our server:

ls /dev/sd*

Since this is our 2nd drive, you should see /dev/sdb.


How to fix Linux error "read-only file system"

Recently our /etc/fstab got screwed up preventing us from SSH-ing into the server after a reboot. So we were given KVM access to our server.

Once seting up Java to allow unsigned certificates--hint: under the Java Control Panel click the "Security" tab, and slide the "security level" to the bottom "Medium" . We were then greated with a message:

'give root password for maintenance or press ctrl+d to continue"

Come to find out CTRL-C and CTRL-V doesn't work, you have to type the pass by hand--this was very tedious since my root pass is extremely complex.

So once in I soon realized that the system was mounted as "read-only"; meaning that you couldn't make any changes to it; or in other words, completely useless at this state.

How to install CSF (ConfigServer Security & Firewall) with DirectAdmin

cd /usr/local/src
tar -xzf csf.tgz
cd csf

Now login as Admin into directadmin, and click the link at the bottom left ConfigServer Firewall&Security

You'll probably want to add your WAN IP here--you can find out what it is here:

Then add your WAN IP into Quick Allow column.

DirectAdmin how to set an external email server for Domain Pointers

If you ever created domain pointers in DirectAdmin, you may have wondered how to set the domain pointer NOT to process email locally.

For instance say you have as the main domain under your DirectAdmin account--and it is set NOT to process emails locally, but rather have an external email server handle that; Under MX Records you un-checked "Use this server to handle my emails. If not, change the MX record and uncheck this option". So now you decided to create a "domain pointer" under that same account for another domain ... You set the proper MX records for this domain pointer under DNS settings, pointing to the external mail server, and think you're all good to go...

How to install an Apple Thunderbolt Display on a NON-Apple Thunderbolt PC with brightness control support

So... A couple of years ago I purchased a Thunderbolt capable motherboard  (Gigabyte GA-z77X-UP5), and an Apple's 27-in Thunderbolt Display--rather than it's (now-discontinued) Apple LED Cinema display--to go along with my Apple iMac 2010 (as a dual-display setup) which I was primarily using as an LED monitor for my Windows 7/8 PC.  Boy was that a mistake... LOL . Thunderbolt support on non-Apple computers was TERRIBLE back then. Maybe it still is terrible still, but I got some good news after all this time. More after the break.

How to specify where root email goes

Your server sends out a lot of email to user root. For example, CSF (ConfigServer Security & Firewall) sends out most security notifications to root.

So, this is how we specify what email address root emails go to:

vi /etc/aliases

Scroll to the bottom,  and add or replace  existing:


Save and exit, then reload the aliases:


Another option is to create a ~/.forward file and put your email address in it.

How to prevent accidentally doing "rm -rf /" | How to Install safe-rm

As a server administrator, I rely mostly on root or sudo access--allowing me absolute control of the server. However, "with great power, comes great responsibility!"

You can easily accidentally do this devastatingly bad command of wiping your entire system clean.

rm -rf /
# or
rm -rf /*

Which looks almost identical to the popular command

How to fix iTunes not recognizing iPhone or iPad on Windows 8 or Windows 7

I recently ran into this problem of iTunes NOT seeing my iPhone or iPad, even though Windows 8 recognized it with no problem.

Well, come to find out, somehow the "Apple Mobile Device USB Driver" drivers got uninstalled and only Microsoft Windows 8 drivers "Portable Devices" MTP USB Device driver existed.

How to upgrade coreutils to latest version (from source)

Say you're on CentOS 5.x, and want to pimp out your bash prompt using the pretty awesome Solarized color scheme. Well, there's a nice .bashrc Solarized setup here: To use all the features of dircolors.256dark version, you'll need GNU coreutils 8.5 or higher, otherwise you'll get errors like this:

Notepad++ : How to enable syntax highlighting for PHP, HTML, CSS, etc

I found an interesting discovery with Notepad++ where PHP, HTML, CSS, etc language syntax highlighting didn't appear in the language menu. Not sure if this is the result of the way an older version set the settings--whereas, even if you upgraded to latest version (without uninstalling first), the upgrades wouldn't overwrite the original settings file. I think this was disabled at the time of install when it asks if you want it to be your default for HTML files; where I normally UNselect this, since I use a PHP IDE to handle PHP, HTML, CSS, etc files.

Anyway... The fix:

How to create an additional domain and use it as a domain pointers in DirectAdmin

Domain Pointers are designed to be exact duplicates of the domain they're created under. As such, you cannot edit many aspects of them.

However, if you wish to have the website data remain the same as the main domain, but be able to control email accounts, you can do it by creating the pointer as another full domain name, and then use symbolic links to link the website data to that of the main domain.

1) If the Domain Pointer exists, delete it.

2) Create the Domain Pointer as a full domain:
- User Level -> Domain Setup -> Add Another Domain ->

3) Link the data directory that of the main domain, requires ssh:

Update CentOS / DirectAdmin Server with custombuild 2.0

Here is how to use latest version of custombuild 2.0 . The commands for custombuild 2.0 are basically identical to custombuild 1.1 and 1.2, so all this stuff should look familiar. Here are instructions to custombuild 1.x.

Update server via custombuild

Download latest version of custombuild 2.0

Enable Zend OPcache for PHP 5.5 or Install ZendOpcache for PHP 5.3 or PHP 5.4

Zend Opcache is part of PHP 5.5, however, it's not enabled by default. It's a successor to APC cache--meaning APC cache is never going to be compatible with PHP 5.5 or higher

Opcache is also around 10% faster than APC, and more stable.

However, if you're on PHP 5.3 or PHP 5.4, you can still use ZendOpCache, and it should still be a bit faster than APC

Enable OpCache (part of with PHP 5.5)

vi /usr/local/lib/php.ini

Paste this under your extension_dir

wget download all files from a directory with resume

Here is how you download all files from a directory using wget with automatic resume of partially downloaded files (in case your connection gets cut off)

wget -r -c --no-parent

Keep in mind this will only download files that it can read from that location.  If you need to wget a bunch of files from a directory you have SSH or FTP access to you first have to do the following inside that directory:

vi .htaccess

and paste in the following and save.


How to create a larger /tmp location using ext2 filesystem

Increasing the size of /tmp is not a practical thing to do on a busy server, mainly because you probably won't be able to dismount /tmp because it's constantly used by various services--trying to find and kill them all is too tedius. (Plus you won't be able to do single user mode through SSH)

So what we will do here is create a whole new /tmp storage location, make a backup of the old /tmp, add the new location to fstab, reboot the server, copy everything from the backup /tmpBKP location to new location, and lastly reboot the server again.

How to permanently raise ulimit 'open files' and MySQL 'open_files_limit'

The default ulimit (maximum) open files limit is: 1024--Which is very low, especially for a web server environment hosting multiple heavy database driven sites.

This ulimit 'open files' setting is also used by MySQL. MySQL automatically sets its open_files_limit to whatever the system's ulimit is set to--at default will be 1024.

NOTE: MySQL can NOT set it's open_files_limit to anything higher than what is specified under ulimit 'open files'--you can set it lower, but not above the 'open files' limit.


This is how we raise the ulimit

To check the limits:


How to optimize and auto repair all MySQL databases using SSH

Here's a simple command to optimize and auto repair all tables in your MySQL database.

mysqlcheck -uroot -p --auto-repair --optimize --all-databases

This is the same thing as using PHPMyAdmin, however, you don't need to do this one by one for each database, select all tables, and optimize--and not to mention if you wanted to repair a database prior to optimizing, it will take 2x as long.

MySQL dump all databases via mysqldump -- the proper way

Here's a command that properly dumps all databases, in case you wanted to restore a full backup.

For whatever reason, many sites are using improper characters ( ' –– ' , ' – ' ) to display this mysqldump command line--copy pasting will throw up an error stating something like:

mysqldump: Got error: 1049: Unknown database '??extended-insert' when selecting the database

Here is a sample of wrong characters, which appear just fine, but won't work:

mysqldump ––extended-insert ––all-databases ––add-drop-database ––disable-keys ––flush-privileges ––quick ––routines ––triggers > all-databases.sql


How to set date and time automatically in CentOS


Answer the 3 locations questions. Then create a symlink to your local time.

rm -rf /etc/localtime
ln -sf /usr/share/zoneinfo/America/Los_Angeles /etc/localtime

The symlink will be according to your time zone--above is just an example.

Now, we check the date and time


Time and date should now be properly set.


Disable IE "compatibility mode" through .htaccess

Internet Explorer "compatibility mode" is that dreadful page icon, inconveniently placed right next to the refresh button/icon.

What it does is turn IE 8 or higher into an outdated browser, so it can properly display really old school websites that were, likely, built using invalid and/or outdated HTML code. It's a horrible feature, that I see no practical use for whatsoever. Plus it's easy to accidentally click it, because it's located a few pixels away from the refresh button--talk about non-intuitive...


This is how you disable IE compatability mode on your website.

  In your .htaccess insert the following:

Header set X-UA-Compatible "IE=9; IE=8; IE=7;IE=edge"