Server

FAQs/HOW-TOs related to server administration.

New Linux Server Checklist (2014 Edition)

These are some of the basic things I do when I setup a new server

 

Setup DirectAdmin with an SSL certificate

source: http://help.directadmin.com/item.php?id=15

If you don't own a certificate, you can create your own:

/usr/bin/openssl req -x509 -newkey rsa:2048 -keyout /usr/local/directadmin/conf/cakey.pem -out /usr/local/directadmin/conf/cacert.pem -days 9000 -nodes
chown diradmin:diradmin /usr/local/directadmin/conf/cakey.pem
chmod 400 /usr/local/directadmin/conf/cakey.pem

How to install CSF (ConfigServer Security & Firewall) with DirectAdmin

cd /usr/local/src
wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Now login as Admin into directadmin, and click the link at the bottom left ConfigServer Firewall&Security

You'll probably want to add your WAN IP here--you can find out what it is here: http://www.ip-secrets.com/

Then add your WAN IP into Quick Allow column.

How to optimize and auto repair all MySQL databases using SSH

Here's a simple command to optimize and auto repair all tables in your MySQL database.

mysqlcheck -uroot -p --auto-repair --optimize --all-databases

This is the same thing as using PHPMyAdmin, however, you don't need to do this one by one for each database, select all tables, and optimize--and not to mention if you wanted to repair a database prior to optimizing, it will take 2x as long.

Disable IE "compatibility mode" through .htaccess

Internet Explorer "compatibility mode" is that dreadful page icon, inconveniently placed right next to the refresh button/icon.

What it does is turn IE 8 or higher into an outdated browser, so it can properly display really old school websites that were, likely, built using invalid and/or outdated HTML code. It's a horrible feature, that I see no practical use for whatsoever. Plus it's easy to accidentally click it, because it's located a few pixels away from the refresh button--talk about non-intuitive...

Anyhow... 

This is how you disable IE compatability mode on your website.

  In your .htaccess insert the following:

Header set X-UA-Compatible "IE=9; IE=8; IE=7;IE=edge"

How to install XCache 3.0 from source

Alright... So APC has been pretty unstable for me on 2 separate servers running PHP 5.3.x and PHP 5.4.x. So I figured I'd give XCache a try after reading about similar problems with APC.

Anyhow...

Here's how to install XCache 3.X from source on CentOS

Get the latest version of XCache from here: http://xcache.lighttpd.net/#Downloads

Latest version at the time of this writing is XCache 3.0.1

How to install APC on CentOS and DirectAdmin

cd /usr/local/src
mount -o remount,exec,suid /tmp
yum install autoconf 
yum install php-pear 
yum install php-devel 
yum install httpd-devel 
yum install pcre-devel 
wget http://pecl.php.net/get/APC
tar xvfz APC-VERSION.tgz
cd APC-VERSION
phpize
whereis php-config 

This will give you the location of php-config, which you will put after --with-php-config=

Categories: 

Flush MySQL log-bin data and disable binary log files

If your disk is starting to run out of space due to an excess of mysql-bin.XXXXXXXX files here's what to do to fix that.

vi /etc/my.cnf

under 'log-bin=mysql-bin' (the destination could be different in your my.cnf) put:

expire_logs_days = 10

Change 10 to whatever you're comfortable with.

or you can simply disable the binary log files by uncommenting the line:

# log-bin=mysql-bin

You'll also want to remove all the excessive binary log files like so:

Categories: 

How to install Apache Solr 3.x for Drupal 7 or Drupal 6

First we'll need to install Java 1.6 JDK, and be on PHP 5.2 or higher (You can check my PHP installation tutorial here. Also I'm on CentOS.

Install Java 1.6 JDK

yum install java-1.6*

Install Apache Solr

We're going to install Apache Solr into /usr/local/share; however you can install it somewhere else if you'd like (e.g. install it in the root dir / )

Cannot find autoconf. Please check your autoconf installation and the $PHP_AUTOCONF environment variable.

if you try running the following:

phpize

and get this error

$PHP_PREFIX/bin/phpize
Configuring for:
PHP Api Version: 20041225
Zend Module Api No: 20060613
Zend Extension Api No: 220060519
Cannot find autoconf. Please check your autoconf installation and the
$PHP_AUTOCONF environment variable. Then, rerun this script.

Then it's because you don't have autoconf installed.

To fix this error, do the following:

yum install autoconf

or you can install from source (if you want to use the latest version)


cd /usr/local/src/

/* find latest version of m4 here: http://ftp.gnu.org/gnu/m4/ */

Categories: 

New Server Checklist for directadmin (2009)

-Add all your ips in directadmin under "IP management"
(and assign 2 ips to admin)
http://xx.xxx.xxx.xxx:2222/CMD_IP_MANAGER

-Register nameserver at registrar
(namecheap.com is my fav; networksolution.com is the worst for this... it's not longer an option you can click on the website, you have to send an email request for this)

-Add nameservers to server:
1. go to user level, and add the new domain you registered (leave default settings, and tweak them after)
2. go back to reseller level, and click "nameserver" and select 2 ips you want to use and click "create" then set the 2 new nameservers for "Set the Nameservers that will be assigned to new users" (it should be added by default)

-Share nameserver ips (so you're able to add other domains to them):

How-to: Secure tmp directories on linux

source: www.eth0.us: How-To: Secure your temp directories

Every system needs temporary folders that any user is able to read and write BUT these directories should not be able to execute programs or scripts. Though this will only protect you from somebody running the script directly it will help with a large portion of the automated rootkits and trojans that script kiddies use. They will still be able to put the files on the system but they will be unable to execute them and create the back door. One of the biggest problems is php injection via apache in which people will have apache download and then run an exploit. Securing the temp directories is probably the single biggest thing you can do towards securing your server.