Get real IP when using CloudFlare with Nginx / Apache

CloudFlare acts as a reverse proxy, so all connections to your server’s IP will be displayed with CloudFlare.

If your server configuration uses to IP, such as using firewall, log files … it is obligatory to adjust add additional steps to be able to operate stably.

the IP address of the original users are stored in the header X-Forwarded-for or header CF-Connecting-IP you use headers Whatever.

See also: Thiet ke biet thu dep

Get original IP client using CloudFlare with Nginx

Open Nginx configuration file, usually the path /etc/nginx/nginx.conf and place the real Nginx configuration later in the block IP module http .

 set_real_ip_from 103.21.244.0/22;
set_real_ip_from 103.22.200.0/22;
set_real_ip_from 103.31.4.0/22;
set_real_ip_from 104.16.0.0/12;
set_real_ip_from 108.162.192.0/18;
set_real_ip_from 131.0.72.0/22;
set_real_ip_from 141.101.64.0/18;
set_real_ip_from 162.158.0.0/15;
set_real_ip_from 172.64.0.0/13;
set_real_ip_from 173.245.48.0/20;
set_real_ip_from 188.114.96.0/20;
set_real_ip_from 190.93.240.0/20;
set_real_ip_from 197.234.240.0/22;
set_real_ip_from 198.41.128.0/17;
set_real_ip_from 199.27.128.0/21;
set_real_ip_from 2400: cb00 :: / 32;
set_real_ip_from 2606: 4700 :: / 32;
set_real_ip_from 2803: F800 :: / 32;
set_real_ip_from 2405: B500 :: / 32;
set_real_ip_from 2405: 8100 :: / 32;
set_real_ip_from 2c0f: f248 :: / 32;
set_real_ip_from 2a06: 98c0 :: / 29;

# Use any of the drop down two
CF-Connecting-IP real_ip_header;
X-Forwarded-For #real_ip_header;

In addition, you need to adjust the parameters to use log_format $ http_cf_connecting_ip or $ HTTP_X_FORWARDED_FOR as follows:

 main log_format '$ REMOTE_ADDR - $ REMOTE_USER [$time_local] $ status'
                '' $ Request "$ body_bytes_sent" $ HTTP_REFERER " '
                ' "$ HTTP_USER_AGENT" "$ http_cf_connecting_ip"';

Reload the Nginx to use the new configuration is complete.

List of IP needs to be updated from time to time, you can get the IP the latest here .

Get original IP client using CloudFlare with Apache

If using Apache Webserver, you can use the package available mod cloudflare .

1. Install the package needed

– Red Hat / Fedora:

 sudo yum install httpd-devel libtool git

– Debian / Ubuntu:

 sudo apt-get install apache2-dev libtool git

2. The latest Clone mod_cloudflare code

 && cd git clone https://github.com/cloudflare/mod_cloudflare.git mod_cloudflare

3. Compile the module

Red Hat / Fedora / Debain / Ubuntu:

 apxs -i -a -c mod_cloudflare.c

4. Restart the webserver and check the module was active

– Red Hat / Fedora:

 service httpd restart httpd -M && | grep CloudFlare

– Debian / Ubuntu:

 sudo apachectl restart; apache2ctl -M | grep CloudFlare

5. If your web server load balancer is used to add the following line to your Apache configuration file:

 CloudFlareRemoteIPTrustedProxy 123 123 123 123

More information here guidelines use CloudFlare and configure WordPress, Joomla …

Wish you success.

See more:

> Máy ép bùn khung bản tốt nhất Việt Nam

> Mẫu thiết kế biệt thự cao cấp nhất

> Thiết kế biệt thự cổ điển bởi Kiến Trúc AC

> Dự án thiết kế biệt thự Pháp đẹp

Get real IP when using CloudFlare with Nginx / Apache
3.3 (65.33%) 150 votes

Instructions for installing the Comodo SSL certificate

Installing the Comodo SSL certificate

PositiveSSL of Comodo SSL Certificate Domain Validation is a lot of people used by low cost, easy to install, does not require paperwork to confirm the information at all.

In this article, I will guide you how to install the certificate on the server PositiveSSL using Nginx.

If you have not registered SSL certificate, refer to promotional SSL blog thiết kế biệt thự

1. Generate certificate

SSL After registration, you need to conduct a new receiving generate the certificate file.

In this step, you need to give Private Key (and CSR Key), be careful to save Private Key to use the steps below. Depending on where you register the certificate that supports key functions automatically generate different.

See also: Plan your keywords for any website

Format private key form:

—– BEGIN PRIVATE KEY —–
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDXCvdAoLtG5QRb
GvYZ / 9pOqYYUpA / rZnAAUAFyqdnMcMsYmD6W / m4J9W7 / onDrQX7ExzfAKhbWy + FA
v18S8P7arvjxnjXoS8rs4 / IVwiqLy5PqispyEmlsFp19 / TpJeYltVrrPofiS7 / IV
p095TH66erRgxe54BhzPI2XrurKeqSlgyMbBfgw73KaX3LP7qVcVOSEJWkz9WEhl
RJrYwZ3s8U2iFF7ZK / wX7pVN36XM187pFg6vcIjKWdnOUmgPsOYof6d72koddiPm
oOuDIHAd3M3i1OrhLmx1usHmbL5hj2ls9MI6LOjm15ZAGk + q7lIOsdRfAto8pgE7
u7oB4ts / AgMBAAECggEAaLYGP4oEpzjNLi + qtm5HNxaFG3fn6JAw6XYLvnHGhC5I
NumrUIsDugWwzvmiUmvJ9rerBf94r48HWCfXe7mt335j6gNH7J07aq50KvQpE3lF
xWdfvLwKaX95oOe1giGUMZGR1ZjhGWuNTc3yfPYqn1Mwkg7PV9JiJNrvviFi6K5B
vcjVNBlf44zQG4UMeZ9T / aoVFtmDifRMDQQ62MdzgJs4AE0U2 + MEbN3NBySbeXID
—– END PRIVATE KEY —–
Email sent from Comodo SSL certificate with the same title as follows: ” Your PositiveSSL Certificate for seosieutoc.com “, in the mail with attachment 1 zip seosieutoc_com.zip consists of two files:

seosieutoc_com.crt
seosieutoc_com.ca-bundle
You use any editor, Notepad ++ for example, open the file seosieutoc_com.crt copy and paste the entire contents of the file on top of seosieutoc_com.ca-bundle saved in the file ssl-bundle.crt

At this time, the certificate file ssl-bundle.crt will contain the contents of two files .crt and .ca-bundle

2. Install SSL certificates

This step alone operation on server installation HocVPS Script the server installed Nginx server manually or else how do you keep reading same carefully to understand. Entanglements place to leave a comment I will support always.

Create a file folder containing the certificate:

mkdir -p / etc / nginx / ssl / seosieutoc_com /
Save the content certificate file in this folder, copy / paste using Nano editor

nano /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt
Save the content shared folder Private Key:

nano /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key
Creating parameters DH 2048 bit file, the process will generate a while:

mkdir / etc / nginx / cert /
openssl-out /etc/nginx/cert/dhparam.pem[19459015dhparam2048]
Next, we will adjust the Nginx configuration file. For example, your domain name is seosieutoc.com the file will be the path configuration is /etc/nginx/conf.d/seosieutoc.com.conf

Open up the configuration file with nano

nano /etc/nginx/conf.d/seosieutoc.com.conf
Configuring SSL processing requests

In block server … 2nd adjusted as follows:

+ Transfer listen 80 default_server ; to listen ssl 443 http2 ;

+ The line server_name seosieutoc.com; add the SSL configuration has been optimized yourself:

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

OCSP ## Stapling
127.0.0.1 resolver;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;

# Improve performance with HTTPS session resumption
ssl_session_cache shared: SSL: 50m;
ssl_session_timeout 1d;

ssl_session_tickets off;

# DH parameters
ssl_dhparam /etc/nginx/cert/dhparam.pem;

# Enable HSTS (https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security)
Strict-Transport-Security add_header “max-age = 31536000” always;
Redirect entire www http to https link

In block server … at the top:

+ Transfer server_name www.seosieutoc.com ; to server_name seosieutoc.com www.seosieutoc.com ;

+ Transfer rewrite ^ (. *) http : //seosieutoc.com$1 permanent; to rewrite ^ (. *) https : //seosieutoc.com$1 permanent;

Results are as follows:

server
listen 80;
server_name seosieutoc.com www.seosieutoc.com ;
rewrite ^ (. *) https : //seosieutoc.com$1 permanent;

Now when accessed http://seosieutoc.com and will automatically redirect to http://www.seosieutoc.com https://seosieutoc.com

Redirect entire www https link to https

Add new block server … at the top

server
http2 listen ssl 443;
server_name www.seosieutoc.com;

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

At this time when access will be automatically redirected to https://www.seosieutoc.com https://seosieutoc.com

Configuring SSL with port management HocVPS Admin Script

If you install SSL for the domain name used HocVPS Script, add SSL configuration required when using the port. For example, if your installation to the default port 2313 .

Find block server … line listen 2313;

Add text and paragraph ssl SSL configuration similar to below:

server {
listen 2313 ssl http2 ;
access_log off;
log_not_found off;
error_log off;
/home/seosieutoc.com/private_html root;
index.htm index.html index.php index;
server_name seosieutoc.com;

# SSL
ssl_certificate /etc/nginx/ssl/seosieutoc_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/seosieutoc_com/seosieutoc_com.key;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers’ ECDHE-ECDSA-CHACHA20-POLY1305: ECDHE-RSA-CHACHA20-POLY1305: ECDHE AES128-GCM-ECDSA-SHA256-: RSA-AES128-ECDHE-GCM-SHA256: ECDHE AES256-GCM-ECDSA-SHA384-: ECDHE- RSA-AES256-GCM-SHA384: DHE-RSA-AES128-GCM-SHA256: DHE-RSA-AES256-GCM-SHA384: ECDHE-ECDSA-AES128-SHA256: RSA-AES128-ECDHE-SHA256: ECDHE-ECDSA-AES128- SHA: RSA-AES256-ECDHE-SHA384: RSA-AES128-ECDHE-SHA: ECDHE-ECDSA-AES256-SHA384: ECDHE AES256-SHA-ECDSA-: RSA-AES256-ECDHE-SHA: DHE-RSA-AES128-SHA256: DHE-RSA-AES128-SHA: DHE-RSA-AES256-SHA256: DHE-RSA-AES256-SHA: ECDHE-ECDSA-DES-CBC3-SHA: ECDHE-RSA-DES-CBC3-SHA: EDH-RSA-DES CBC3-SHA: AES128-GCM-SHA256: AES256-GCM-SHA384: AES128-SHA256: AES256-SHA256: AES128-SHA: AES256-SHA: DES-CBC3-SHA:! DSS ‘;

auth_basic “Restricted”;
auth_basic_user_file /home/seosieutoc.com/private_html/hocvps/.htpasswd;


Now HocVPS Script link Admin login will be https://seosieutoc.com

Nginx configuration file will eventually be similar to the following:

server
http2 listen ssl 443;
server_name www.seosieutoc.com;

# SSL
ssl_certificate /etc/letsencrypt/live/seosieutoc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seosieutoc.com/privkey.pem;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH + CHACHA20: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES:! MD5;

rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

server
listen 80;
server_name seosieutoc.com www.seosieutoc.com;
rewrite ^ (. *) https: //seosieutoc.com$1 permanent;

server rar

server
ssl http2 listen 2313;
access_log off;
log_not_found off;
error_log off;
/home/seosieutoc.com/private_html root;
index.htm index.html index.php index;
server_name seosieutoc.com;

# SSL
ssl_certificate /etc/letsencrypt/live/seosieutoc.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seosieutoc.com/privkey.pem;
TLSv1 TLSv1.1 ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers EECDH + CHACHA20: EECDH + AES128: RSA + AES128: EECDH + AES256: RSA + AES256: EECDH + 3DES: RSA + 3DES:! MD5;

auth_basic “Restricted”;
auth_basic_user_file /home/seosieutoc.com/private_html/hocvps/.htpasswd;

location /
$ uri $ uri try_files / /index.php;
location ~ .php $
fastcgi_split_path_info ^ (. + . php) (/.+) $;
include / etc / nginx / fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_connect_timeout 1000;
fastcgi_send_timeout 1000;
fastcgi_read_timeout 1000;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 256k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
fastcgi_param SCRIPT_FILENAME /home/seosieutoc.com/private_html$fastcgi_script_name;

location ~ / .
deny all;
Check your Nginx configuration standard view has not

nginx -t
Restart Nginx

service nginx restart
If you use WordPress, install the plugin Really Simple SSL to redirect http to https automatically and transfer the entire link .css, .js to https. The address bar will be green at this time.

Access time to enjoy the fruits domain only. Wish you success.

See also: 

The most searched keywords: dich vu seo, thiết kế biệt thự cổ điển, máy ép bùn khung bản

Why you should focus on improving the speed of web load in 2017

Google AdSense: 10 Methods of optimizing revenue for Web page

Instructions for installing the Comodo SSL certificate
3.2 (63.53%) 170 votes

Blocking access from certain countries into WordPress blog

Blocking access from certain countries on blog / website WordPress.

Blog / website WordPress Your are gong against denial-of-service attack ( DDoS ), steal data or password … from a probe or a certain number of countries in the world? You headaches do not know how to reinforce defenses to protect the blog / website and your customers from hackers? Immediately following solutions will help you somewhat alleviate such worries. Of course, nothing is perfect, but if you combine it with other solutions, the effect will be much better. And what I’m referring to here is blocking access by IP of the country or territory.

See also:

Block access by IP of certain countries

1. First, as usual, you need to install the plugin IP2Location Country Blocker . After installation, you postpone the activation offline.

2. Next, visit here and register for an account IP2Location Free.

3. Successful registration, you will be redirected to the download site IP database.

Please download files ending .bin.zip 2 as shown in the image above.

4. Use WinRAR (or the software has a similar function) to extract 2 .bin.zip file, obtained 2 .bin file inside.

5. Access folder wp-content / plugins / IP2Location-country-blockers through File Manager of cPanel / DirectAdmin or FTP / SFTP upload 2 .bin file on it.

6. Activate the plugin IP2Location Country Blocker you will get a notification that looks like this.

Click on Download Now to move to the setup page.

7. Skip the set Lookup Mode because you have done in the previous steps. 2 important components you need to set the Frontend Block List and Backend Block List .

Where:

  • Frontend Enable Blocking / Enable Backend Blocking : enable IP blocking access by countries in the list below.
  • Click on the country that you want to block access to the blog / website. Press hold CTRL to choose if you want to block multiple countries simultaneously.
  • Show sau khi page visitor is blocked : set the page displays a message when IP access blocked. You can leave the default page or create a customized one page.
  • Send email notification to : send notifications to the administrator or a particular user upon detection of IP in the list are trying to access is blocked.
  • Secret code to bypass validation : create a secret code so that users are blocked from the country can still gain access to your page by entering the code into the browser address bar. See an example to better understand the mechanism of action.

After setting each piece is finished, remember to click the button Save to save. Just a few simple actions alone but can help you somewhat reassured about the attacks from certain countries. I wish you success!

If the blog / website that you do not use the code WordPress you can still block access by national IP by following the instructions on the form following .

Do you know other measures simpler and more efficient to IP blocking of certain countries? Please share it with us in the comments below frame.

If you liked this article, please subscribe to my blog to regularly update the best articles, the latest by email offline. Thank you very much. 🙂

Blocking access from certain countries into WordPress blog
5 (100%) 10 vote

Installing Redis Cache on CentOS 7/6

Redis caching system that stores data in RAM is similar Memcached. Format not only supports cache keys / values ​​as good as Memcached that Redis also supports many data structures such as hash, list, set, sorted sets, and string.

Redis fully supports similar functions but manipulation Memcached retrieve and load data very quickly, than memcached.

In this article, I will guide you installing Redis on CentOS and Redis configuration instructions for work on WordPress and Magento.

To Redis can work with Magento, we will need to install Redis server with PHP extension can PhpRedis to connect with Redis.

1. Add EPEL repo, remi

 CentOS 7 ## ##
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm

CentOS 6 ## ##
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm

2. Install Redis and PhpRedis extension

 PHP 5.6 ## ##
yum --enablerepo = remi, remi-php56 install php-pecl-Redis Redis
php-fpm service restart

PHP 5.5 ## ##
yum --enablerepo = remi, remi-php55 install php-pecl-Redis Redis
php-fpm service restart

– Running Redis and automatically start at boot

 chkconfig Redis on
Redis service start

1. Check back Redis server

 Redis-cli ping

If the result of PONG is ok

2. Check back PhpRedis extension

 php -m | grep Redis

The results of Redis is ok

3. Redis shell tools

Default Redis installed with a tool comment is Redis-cli

After booting Redis, you can use a command like:

  • FLUSHALL – clear all databases
  • SELECT # – select the database under Index #
  • FLUSHDB – hiện selected empty database
  • KEYS * – list all keys from hiện selected

See the complete list of command here .

4. Application management and tracking Redis

Once installed, you can use PHPRedMin to manage Redis with intuitive interface on the web. Download here .

compression is done, you rename the folder phpredmin-master to phpredmin such then up to the server. Access to the management interface using the link: http://domain.com/phpredmin/public/

The login username / password default is admin / admin . To edit the file you open /phpredmin/config.dist.php up and correct corresponding in paragraph auth

 'auth' => array (
  'Username' => 'admin',
  'Password' => password_hash ( 'admin', PASSWORD_DEFAULT)
),

If left step login, you delete a few lines on the go is.

PHPRedMin used rewritten, so you need to reconfigure the new rules work.

– With Apache:

  Alias ​​ / phpredmin / var / www / phpredmin / public


    AllowOverride  All

   
      # Apache 2.4 
     
        Require  ip localhost
        Require  local
   
   
      # Apache 2.2 
      Order   Deny   Allow 
      Deny  from All
      Allow  from 127.0.0.1
      Allow  from :: 1
   

– With Nginx:

 location / phpredmin / public / 
   $ uri $ uri try_files / /phpredmin/public/index.php;

After the installation is completed and activated Redis service, you just need to install additional plugins W3 Total Cache and then activate selected Redis configuration page is finished.

With Magento, Redis supports different versions. In case your Magento version does not support Redis backend cache or session (or both), you can use to install extensions.

Magento CE> = 1.7.0.0 and <1.8.0.0

  • Session storage – does not support
  • -no Cache backend support, after installing the class name is Cm_Cache_Backend_Redis

Magento CE> = 1.8.0.0

  • Session storage – support
  • -backed cache backend, after installing the class name is Mage_Cache_Backend_Redis

Magento EE> = 1.13.0.0 and <1.13.1.0

  • Session storage – does not support
  • Cache backend – support, after installing the class name is Mage_Cache_Backend_Redis

Magento EE> = 1.13.1.0

Session storage – support
Cache backend – support, after installing the class name is Mage_Cache_Backend_Redis

Using Redis as cache backend

Redis To activate, simply edit the file app / etc / local.xml add the following to the corresponding position to use database 0

            CACHE_BACKEND_CLASS_NAME  
          
             127.0.0.1  
             6379 
              
             0 
             
             0  
             1  
             10  
             0  
             1  
             1  
             20480  
             gzip  
          

Rather CACHE_BACKEND_CLASS_NAME by class name as mentioned above.

Redis Once activated, you can delete the entire contents of the folder var / cache . Redis To check if there really are active or not, run the tool Redis-cli then use the following commands with the database 0

 SELECT 0
KEYS *

Redis works very effectively, particularly with large websites with data, mainly the SELECT query, you can not ignore this stuff.

Installing Redis Cache on CentOS 7/6
5 (100%) 10 vote

Optimized for VPS configuration, 2GB RAM 4363 People Online

There are currently a lot of instructions configured to be able to create a large load on the network VPS through load balancing, optimize the services … Today, I’ll show you another way using a combination HocVPS Script , Zend Opcache, Memcache to be able to build a VPS can withstand thousands of people online at the same time.

I tried installing the VPS in Vultr package $ 0022 / hour ~ $ 15 / month, 2 CPUs, 2GB of RAM found at online to 4k (according to statistics Google Analytics) is still running smoothly. Unfortunately, there is no long-term conditions see the actual test the stamina of how VPS.

Pictures taken at the date 12.11.2014 Online 4363 people, as measured by Google Analytics, using WordPress news site:

The number of people online that much, but just used up 20% of the CPU, lots of RAM left over, if operating at full capacity to not know too much online 🙂 k

1. HocVPS Script Settings

 

Use HocVPS Script will be automatically installed and optimized server on CentOS LEMP. Before carrying out the installation, remember to select the CentOS operating system, location Japan in Vultr for the speed of the fastest Vietnam.

Also you should create 1GB swap for VPS (usually double or ~ RAM swap)

The installation steps performed similar HocVPS Script installation guide .

2. Install Zend Opcache

using Zend OPcache aim to optimize and speed up PHP, this is especially important and are required to install the VPS has a large number of people online. Thereby reducing CPU performance and significantly reduce the amount of RAM that PHP uses.

HocvPS Script automatically install Zend OPcache helped you, now just need to adjust the parameters to suit your needs use only.

You keep track of the actual situation when running VPS with the web viewer 1, for example opcache-gui (server installation, the path is http://domain.com:port/op.php HocVPS). Increase or decrease the memory how to keep the memory usage <= 70% is okay, the available memory will be used for other things.

Note The next step you can use cache plugin like WP Super Cache W3 Total Cache or Memcached with (steps 3 and 4). Should try to WP Super Cache before, because most of the website this plugin is just enough, but installation is simple.

3. Install Memcached

 

Memcached cache used to query your database, object and page cache. Normally, the data is usually using a disk cache, but memcached memory stores information on the performance and the speed should be increased a lot.

Have you done as guidelines install memcached . In the Configure Memcached note rose parameters maxconn = "1024" to maxconn = "10240"

 nano / etc / sysconfig / memcached

PORT = "11211"
USER = "memcached"
Maxconn = "10240"
CacheSize = "64"
OPTIONS = ""

Similarly Zend OPcache above, you should use the tool to track phpMemcachedAdmin adjusted to ensure memory <= 70%, avoid too much redundant RAM (like blogs Learning VPS due WordPress just 64MB RAM for memcached should spend).

In the last step you do not need to install plugin for WordPress WP-FFPC because we W3 Total Cache plugin using the guidance below.

4. W3 Total Cache configuration

To make sure everything works smoothly, please use the W3 Total Cache plugin. I still ordinary or WP Super Cache plugin used because it is simple, easy to use and also very effective ( Watch Me is used). However when used to Memcached, you are required to W3 Total Cache or switch WP-FFPC.

After the installation is complete plugin, you just activate Page Cache, Cache and Object Database Cache used method is Memcached. In addition, it should enable Browser Cache and CDN if possible.

Click on each item to be able to configure more specific details.

Hopefully, with this article you will be able to build better be 1 VPS load. Do not forget to leave a comment below notice the results you achieve after doing offline.

Update : I was removed from the article by ngx_pagespeed unnecessary.

Optimized for VPS configuration, 2GB RAM 4363 People Online
4 (80%) 40 votes

[HocVPS Script Plugin] – Automatically backup the entire VPS

Yesterday I had to share a script to help automatically backup the entire WordPress website activity on the server settings HocVPS Script . However, today I will introduce a better bash scripts, the entire VPS backup with instructions to create autorun daily cronjob always.

This script automatically back up all data on the server, including:

  1. The entire MySQL database, each database .sql file
  2. The entire code in the folder public_html of the domain, in the form /home/domain.com/public_html/
  3. Complete Nginx configuration folder /etc/nginx/conf.d/

All data will be compressed into a .zip file to the directory and / root / backup / and automatically delete old backup files, only keeping the file within 14 days of return.

Thus, you absolutely can use this script to move the VPS, or restore any particular piece of data. Her script writing is compatible with the directory structure by HocVPS Script management, but you can also modify to fit any other server also.

Currently, I am using this script to daily data backup and upload to Google Drive with Rclone.

Guidelines automatically backup the entire VPS

1. Create a backup script bash

– Creates backup.sh file in the directory / root /

 nano /root/backup.sh

Consult guidelines use nano if unknown user.

– Copy the entire contents of the script below and paste into:

 # HocVPS Plugin Script - Backup Server

#! / Bin / bash

. /etc/hocvps/scripts.conf

SERVER_NAME = VPS

TIMESTAMP = $ (date + "% Y-% m-% H% M D_%")
BACKUP_DIR = "/ root / backup / $ TIMESTAMP"
MYSQL_USER = "root"
MYSQL = / usr / bin / mysql
MYSQL_PASSWORD = $ mariadbpass
Mysqldump = / usr / bin / mysqldump
SECONDS = 0

mkdir -p "$ BACKUP_DIR / mysql"

echo "Starting Backup Database";
= `$ MYSQL databases --user = $ MYSQL_USER -p -e $ MYSQL_PASSWORD" SHOW databases; " | -Ev grep "(Database | information_schema | performance_schema | mysql)" `

print for $ db databases; dirty
$ Mysqldump --user = $ MYSQL_USER --opt --force -p $ MYSQL_PASSWORD --databases $ db | gzip> "$ BACKUP_DIR / mysql / $ db.gz"
done
echo "Finished";
echo '';

echo "Starting Backup Website";
#Loop Through the / home directory
for D in / home / *; dirty
if [ -d "$D" ]; then #if a directory
domain = $ D ## * / # Domain name
echo "-" $ domain;
zip -r $ BACKUP_DIR / $ domain.zip / home / $ domain / public_html / q -x / home / $ domain / public_html / wp-content / cache / **  * #Exclude cache
fi
done
echo "Finished";
echo '';

echo "Starting Backup Nginx Configuration";
cp -r $ /etc/nginx/conf.d/ BACKUP_DIR / nginx /
echo "Finished";
echo '';

echo "Starting Compress Files";
zip -r -q /root/backup/$SERVER_NAME-$TIMESTAMP.zip $ BACKUP_DIR
rm -rf $ BACKUP_DIR
size = $ (ls -lah /root/backup/$SERVER_NAME-$TIMESTAMP.zip | awk 'print $ 5')
echo "Finished";
echo '';

#remove Older backups (14 days)
find / root / backup / -mindepth 1 -mtime +14 -delete

duration = $ SECONDS
echo "Total $ size, $ (($ duration / 60)) minutes and $ (($ duration% 60)) seconds elapsed."

Additional explanation:

  • Name the backup file is automatically set to the current date and time.
  • MYSQL_USER default is root, password is taken in the configuration file /etc/hocvps/scripts.conf.

– Press Ctrl + O, Enter to save and Ctrl + X to exit.

– Distribution rights to the script

 chmod + x /root/backup.sh

– So that’s it then, now you can test it by running the command /root/backup.sh

Done, check the folder / root / backup / has yet lightweight .ZIP file backup.

2. Create automated daily backup cronjob

Now I would for scripts automatically run at 2:00 am.

 crontab -e EDITOR = nano

Paste the following into the Terminal window

 0 2 * * * /root/backup.sh> / dev / null 2> & 1

Press Ctrl + O, Enter to save and Ctrl + X to exit

That’s it, keep daily 2am script automatically runs, the entire data backup of VPS.

In the next article, I will guide you how to automatically upload files to Google Drive backups to save space for VPS. Me welcome to read offline.

[HocVPS Script Plugin] – Automatically backup the entire VPS
5 (100%) 10 vote

Rclone – VPS Backup to Google Drive

Ago I still used to store backup VPS using tools Duplicity or Rsync . However, now there was a new, more effective methods, saving more (Free), which is backed up to the Cloud with Rclone.

Rclone is a tool for data synchronization similar Rsync but is focused on developing the functions connected to the cloud storage service.

The advantage of using cloud storage services such as high speed (due to the server are located around the world), data security (no worries hardware issues, network) and most is mostly Free . Especially liked his stuff Free!

Rclone supports many popular Cloud services such as:

  • Google Drive
  • Amazon S3
  • OpenStack Swift / Rackspace cloud files / memset Memstore
  • Dropbox
  • Google Cloud Storage
  • Amazon Cloud Drive
  • Microsoft One Drive
  • Hubic
  • Backblaze B2
  • Yandex Disk

instead of backup time is taken up other VPS hosting, I switched to using Google Drive, 15GB of free storage, also quite cheap to buy, only 45k / month and 100GB. You do have a free Google Apps account, the more great again.

In this article will have two main parts, one is installed on VPS Rclone, 2 is used to upload files compressed backup Rclone to Google Drive. With the cloud of other service you do the same.

Creating a full backup of data files your VPS has detailed instructions in the article Guidelines automatically backup the entire VPS this article will only focus on the installation of automatic compressed file upload to Google Drive. More manuals Rclone with Google Drive and other cloud services here .

Automatic backup scenario is as follows:

  • Backup entire MySQL database into .sql files, each database file
  • Backup the entire code in the folder /home/domain.com/public_html/
  • Backup entire Nginx configuration folder /etc/nginx/conf.d/
  • Compress all data into .ZIP file
  • Upload backup files to Google Drive at 2:00 am
  • Automatically delete backup files on a VPS after the upload, delete backup files on Google Drive if past 2 weeks

Now starting on offline.

I. Installation instructions Rclone

1. Install Rclone

Rclone is a command line program, so I will then move down to the file executable file to the folder / usr / sbin / VPS to use later.

– Install the operating system version Linux 64bit

 cd / root /
wget http://downloads.rclone.org/rclone-v1.33-linux-amd64.zip
unzip rclone-v1.33-linux-amd64.zip
cp rclone-v * -linux-amd64 / rclone / usr / sbin /
rm -rf rclone - *

– Install the operating system version Linux 32bit

 cd / root /
wget http://downloads.rclone.org/rclone-v1.33-linux-386.zip
unzip rclone-v1.33-linux-386.zip
cp rclone-v * -linux-386 / rclone / usr / sbin /
rm -rf rclone - *

Link download directly here .

Now you can use the command rclone for more information to use.

2. Some common statement

Rclone statements often use the following form:

 rclone command

where command is the statement, parameters are the parameters.

Some commonly used commands using Rclone: ​​

  • rclone config – Configure connect to cloud services.
  • rclone Copy – Copy files from the server to cloud, skip if data already exists.
  • rclone sync – Synchronize between server and cloud, just update the data on the cloud only.
  • rclone move – Move files from the server to the cloud.
  • rclone delete – Delete data folders.
  • rclone purge – Delete data folders and all the contents inside.
  • rclone mkdir – Create a folder.
  • rclone rmdir – Delete folder.
  • rclone check – Check the data server and cloud with synchronous or not.
  • rclone ls – List all data including size and path.
  • rclone LSD – Listing the entire folder.
  • rclone LSL – Listing of all data including modification time, size and path.
  • rclone size – Returns the directory size.

Details of each command you see here .

II. VPS Backup to Google Drive with Rclone

1. Create connected to Google Drive

First, we will configure the connection Rclone with Google Drive, it will only have to do one time only.

Connect with VPS SSH and run the command:

 rclone config

You will get the message: No remotes found - make a new one enter n then press Enter to create a new connection.

In line name you enter remote to name the connection, you can choose any name will do.

A list of cloud services that appears, select the number of 7 Google Drive, then press Enter.

In the next 2 lines client_id and client_secret you leave it blank and press Enter.

When asked Use auto config? enter n then press Enter. Immediately, Rclone will give a link, you can click directly on it or copy and paste into your browser.

"

interface appears as follows:

"

Click Allow to agree, then you will receive a verification code snippet shown below:

"

Return SSH window, copy and paste this code into line Enter verification code> then press Enter.

Rclone need to verify the information again, press y to agree and then press q to exit the configuration interface connections.

The entire installation process will be similar to the following:

 No remotes found - make a new one
n) New Remote
s) Set password configuration
q) Quit config
n / s / q>  n 
name>  remote 
Type of storage to configure.
Choose a number from below, or type in your own value
 1 / Amazon Drive
  "Amazon cloud drive"
 2 / Amazon S3 (also Dreamhost, CEPH, Minio)
  "S3"
 3 / Backblaze B2
  "B2"
 4 / Dropbox
  "Dropbox"
 5 / Encrypt / Decrypt a remote
  "Crypt"
 6 / Google Cloud Storage (this is not Google Drive)
  "Google cloud storage"
 7 / Google Drive
  "Drive"
 8 / Hubic
  "Hubic"
 9 / Local Disk
  "Local"
10 / Microsoft OneDrive
  "Onedrive"
11 / OpenStack Swift (Rackspace Cloud Files, memset Memstore, OVH)
  "Swift"
12 / Yandex Disk
  "Yandex"
Storage>  7 
Google Application Client Id - thường leave blank.
client_id>
Google Application Client Secret - thường leave blank.
client_secret>
Remote config
Use auto config?
 * Say Y if not sure
 * Say N if you are working on a remote machine or headless or Y did not work
y) Yes
n) No
y / n>  n 
If your browser does not open automatically go to the drop down link: https://accounts.google.com/o/oauth2/auth
Log in and authorize rclone for access
Enter verification code>  x / xxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 
--------------------
[remote]
client_id =
client_secret =
token =  "access_token": "xxxx.xxxxx-xxxxxxxxxxxxxxx_xxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "token_type": "Bearer", "refresh_token": "1 / xxxxxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxxx", "EXPIRY": "2016-09-12T00: 12: 53.66619724- 04:00 "
--------------------
y) Yes this is OK
e) Edit this remote
d) Delete this remote
y / e / d>  y 
Current remotes:

Name Type
==== ====
remote drive

e) Edit existing remote
n) New Remote
d) Delete the remote
s) Set password configuration
q) Quit config
f / n / d / s / q>  q 

The public is highlighted in red, please enter input

That’s it, now you can test to try to connect with the command: LSD remote rclone: ​​

If no matter what the output will be similar to below:

"

account your Google Drive is newly created, not what to upload, only the default file Getting started.

2. Script full backup and upload to Google Drive VPS

In Guidelines automatically backup the entire VPS shared his script automatically backup VPS but in this article I will edit down a bit, to script automatically uploaded to Google after creating the archive.

I wrote this script according to the folder structure on the server because of HocVPS Script management. With the other server, you need to adjust a bit the new work.

– Create file backup.sh in the directory / root /

 nano /root/backup.sh

– Copy the entire contents of the script below and paste into:

 # HocVPS Plugin Script - Backup Server and Upload to Google Drive

#! / Bin / bash

. /etc/hocvps/scripts.conf

SERVER_NAME = HOCVPS_BACKUP

TIMESTAMP = $ (date + "% F")
BACKUP_DIR = "/ root / backup / $ TIMESTAMP"
MYSQL_USER = "root"
MYSQL = / usr / bin / mysql
MYSQL_PASSWORD = $ mariadbpass
Mysqldump = / usr / bin / mysqldump
SECONDS = 0

mkdir -p "$ BACKUP_DIR / mysql"

echo "Starting Backup Database";
= `$ MYSQL databases --user = $ MYSQL_USER -p -e $ MYSQL_PASSWORD" SHOW databases; " | -Ev grep "(Database | information_schema | performance_schema | mysql)" `

print for $ db databases; dirty
$ Mysqldump --user = $ MYSQL_USER --opt --force -p $ MYSQL_PASSWORD --databases $ db | gzip> "$ BACKUP_DIR / mysql / $ db.gz"
done
echo "Finished";
echo '';

echo "Starting Backup Website";
#Loop Through the / home directory
for D in / home / *; dirty
if [ -d "$D" ]; then #if a directory
domain = $ D ## * / # Domain name
echo "-" $ domain;
zip -r $ BACKUP_DIR / $ domain.zip / home / $ domain / public_html / q -x / home / $ domain / public_html / wp-content / cache / **  * #Exclude cache
fi
done
echo "Finished";
echo '';

echo "Starting Backup Nginx Configuration";
cp -r $ /etc/nginx/conf.d/ BACKUP_DIR / nginx /
echo "Finished";
echo '';

size = $ (du -SH $ BACKUP_DIR | awk 'print $ 1')

echo "Starting Backup Uploading";
/ Usr / sbin / rclone move $ BACKUP_DIR "remote: $ SERVER_NAME / $ TIMESTAMP" >> /var/log/rclone.log 2> & 1
/ Usr / sbin / 2w rclone -q delete --min-age "remote: $ SERVER_NAME" #remove all backups older than 2 week
echo "Finished";
echo '';

duration = $ SECONDS
echo "Total $ size, $ (($ duration / 60)) minutes and $ (($ duration% 60)) seconds elapsed."

Note:

  • Script will back up the entire database, each database compress a .gz file, stored in the mysql
  • Each folder contains the websites are compressed into one .zip file
  • Complete Nginx configuration of the website is stored in the folder nginx
  • server_name HOCVPS_BACKUP default, if you want to change your Drive folder change this parameter
  • If you want to adjust the time, delete the backup, you set parameters in line / usr / sbin / 2w rclone -q delete --min-age "remote: $ SERVER_NAME" #remove all backups older than 2 week transfer 2w to 5d (5 days) or 30d (30 days) depending on the needs.

– Press Ctrl + O, Enter to save and Ctrl + X to exit.

– Distribution rights to the script

 chmod + x /root/backup.sh

– So that’s it then, now you can test it by running the command /root/backup.sh

Try checking on Google Drive can see the new folder with the backup data is not light, or test with the command LSD remote rclone: ​​

3. Create automated daily backup cronjob

Now I would for scripts automatically run at 2:00 am.

 crontab -e EDITOR = nano

Paste the following into the Terminal window

 0 2 * * * /root/backup.sh> / dev / null 2> & 1

Press Ctrl + O, Enter to save and Ctrl + X to exit

That’s it, keep daily 2am script automatically runs, the entire data backup of VPS and then upload to Google Drive. At the same time, data backup on the VPS will be deleted always after the upload is complete.

See also manual cronjob .

III. Download the backup files from Google Drive to VPS

The easiest way for you to restore data that is downloaded from Google Drive backup file to your computer, and then depending on the needs that up again to VPS.

However, if you want to load the backup files directly on VPS, you can use the command always Rclone copy .

Reference example:

 rclone copy "remote: /VPS/VPS-2016-11-02_02-00.zip" / root /

The command above will copy the file VPS-2016-11-02_02-00.zip in directory VPS Google Drive on the directory / root / VPS. Upload and download speeds from Google Drive are also very fast.

IV. Summary

backup job VPS / Server is the extremely important I’ve lost all of the data is not recoverable by pressing the wrong backup Rebuild and not subjective. Hopefully with this detailed tutorial, you will have to add new methods and more efficient savings.

Now It’s Your Turn to follow it, should support further comments or whatever you below in comments.

Rclone – VPS Backup to Google Drive
5 (100%) 10 vote

Remove or Disable YUM Repo (Repository)

Sometimes some Repo (Repository) defective, unusable. How to remove or disable this repo go?

You can not use the yum to delete repository which must use rpm . Yum repo files stored in the folder /etc/yum.repos.d/

Example Varnish repo file contents:

 [varnish-4.0]
name = Varnish 4.0 for Enterprise Linux
baseurl = https: //repo.varnish-cache.org/redhat/varnish-4.0/el6/$basearch
enabled = 1
gpgcheck = 0
gpgkey = file: /// etc / PKI / rpm-gpg / RPM-GPG-KEY-varnish

Guidelines delete YUM Repo (Repository)

Search the exact name of the repo

 rpm -qa | grep -i repo-name

For example:

 [[email protected] yum.repos.d] # rpm -qa | grep -i varnish
varnish-release-4.0-3.el6.noarch
varnish-libs-4.0.3-1.el6.x86_64
varnish-4.0.3-1.el6.x86_64
varnish-agent-4.0.1-1.el6.x86_64

If found repo, use the following command to delete

 -e repo-name

For example:

 -e varnish-release-4.0-3.el6.noarch

If you do not find the repo, direct delete files or change the file name .repo

 rm /etc/yum.repos.d/repo-file.repo
 
## OR just rename it (without repo file extension) ##
mv /etc/yum.repos.d/repo-file.repo /etc/yum.repos.d/repo-file.repo.bak

Disable YUM Repo (Repository)

In .repo file contents will be configured enabled . Go to enabled = 0 if you want to disable, and vice versa. This will have the effect of fixed, applicable to the whole of the statement yum later.

For example:

 [varnish-4.0]
name = Varnish 4.0 for Enterprise Linux
baseurl = https: //repo.varnish-cache.org/redhat/varnish-4.0/el6/$basearch
 enabled = 0 
gpgcheck = 0
gpgkey = file: /// etc / PKI / rpm-gpg / RPM-GPG-KEY-varnish

Alternatively, you can temporarily disable when using the command yum parameter - disablerepo

For example:

 yum install --disablerepo = some-some-package repository
Remove or Disable YUM Repo (Repository)
5 (100%) 10 vote

Manual iptables

iptables is a firewall (Firewall) standard is configured, integrated by default in most distributions of Linux (CentOS, Ubuntu …). Iptables operate on the classification and implementation of the package in / out according to the rules set in advance.

In this article, I will guide uses iptables simple and easy so that you can manually set your own VPS firewall.

1. Install iptables

iptables usually installed by default in the system. You can check to see if iptables was installed in the system by:

On CentOS:

 # rpm -q iptables
iptables-1.4.7-16.el6.x86_64
# Iptables --version
iptables v1.4.7

On Ubuntu:

 # iptables --version
iptables v1.6.0

If iptables is not installed, you can run the following command to install:

  • CentOS: # yum install iptables
  • Ubuntu: # apt-get install iptables

Note, on Ubuntu, before installation, you need to disable ufw ( # ufw disable ) to avoid conflict by ufw firewall and iptables are installed by default in the VPS Linux.

Before use, you need to check the status of the iptables, as well as how to turn off services on CentOS

 # service iptables status
# Service iptables start
# Service iptables stop
# Service iptables restart

To start iptables every time you start up.

 # chkconfig iptables on

On Ubuntu, iptables is not the first command chain services so you can not start, stop or restart. A simple way to disable that you erase the rules established by the flush:

 # iptables -F

2. The principles applied in iptables

To start, you need to specify the services to close / open and the corresponding port.

For example, with a common website and mail server

  • To access VPS using SSH, you need to open the SSH port (port 22).
  • In order to access the website, you need to open port 80 and can be 443 (SSL).
  • To send mail, you will need to open port SMTP (port 25) or Secure SMTP (port 465).
  • For users receive an email, you should open the POP3 port (port 110) or Secure POP3 (port 995). Besides, you will open the IMAP port (143 and 993)

Having identified the need to open port, you need to set the corresponding firewall rules to allow.

You can delete all the default firewall rules to start from the beginning: # iptables -F

I will guide you to see and understand the rules of iptables. List the current rules:

 # iptables -L
 Chain INPUT (policy ACCEPT)
target prot opt ​​source destination
ACCEPT all - anywhere anywhere state RELATED, ESTABLISHED
ACCEPT icmp - anywhere anywhere
ACCEPT all - anywhere anywhere
ACCEPT tcp - anywhere anywhere tcp dpt: ssh
REJECT all - anywhere anywhere reject-with icmp-host-prohibited
ACCEPT tcp - anywhere anywhere tcp dpt: http
ACCEPT tcp - anywhere anywhere tcp dpt: https
ACCEPT tcp - anywhere anywhere tcp dpt: smtp
ACCEPT tcp - anywhere anywhere tcp dpt: URD
ACCEPT tcp - anywhere anywhere tcp dpt: pop3
ACCEPT tcp - anywhere anywhere tcp dpt: pop3s
ACCEPT tcp - anywhere anywhere tcp dpt: imap
ACCEPT tcp - anywhere anywhere tcp dpt: imaps
Chain FORWARD (policy ACCEPT)
target prot opt ​​source destination
REJECT all - anywhere anywhere reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target prot opt ​​source destination

Column 1: TARGET actions will be applied to each rule

  • Accept: the packet is forwarded to the application processor at the end or OS
  • Drop: packets blocked, removed
  • Reject: packets blocked, removed simultaneously send an error message to the sender

Column 2: PROT (protocol – the protocol) defines the protocol will be applied to enforce the rules, including all, TCP or UDP. Applications SSH, FTP, SFTP … all use TCP.

Column 4 and 5: SOURCE and DESTINATION address of the visitor is permitted to apply the rule.

3. Some example uses iptables open port

structure in order to open the port xxx iptables as follows:

 # iptables -A INPUT -p tcp -m tcp -j ACCEPT --dport xxx

3.1. Open SSH port

To access VPS via SSH, you need to open the SSH port 22. You can allow ssh connections on any device, anyone and anywhere.

 # iptables -A INPUT -p tcp -m tcp -j ACCEPT --dport 22

Default will show ssh port 22, if you change to another port ssh iptables will display the port number

 ACCEPT tcp - anywhere anywhere tcp dpt: ssh

You can only allow VPS through SSH connections only from certain IP addresses 1 (determined easily by visiting the website or check ip command # w )

 # iptables -A INPUT -p tcp -m tcp -s xxx.xxx.xxx.xxx --dport 22 -j ACCEPT

Then, in iptables will add rules

 ACCEPT tcp - anywhere tcp dpt xxx.xxx.xxx.xxx: ssh

3.2. Open ports Web Server

To allow access to the webserver via default port 80 and 443:

 # iptables -A INPUT -p tcp -m tcp -j ACCEPT --dport 80
Iptables -A INPUT -p tcp # -m tcp -j ACCEPT --dport 443

Default iptables will show http and https

 ACCEPT tcp - anywhere anywhere tcp dpt: http
ACCEPT tcp - anywhere anywhere tcp dpt: https

3.3. Open port Mail

– To allow the user to use SMTP servers via port 25 and 465 default:

 # iptables -A INPUT -p tcp -m tcp -j ACCEPT --dport 25
Iptables -A INPUT -p tcp # -m tcp -j ACCEPT --dport 465

Default iptables will show smtp and URD

 ACCEPT tcp - anywhere anywhere tcp dpt: smtp
ACCEPT tcp - anywhere anywhere tcp dpt: URD

– For users read email on the server, you need to open the POP3 port (default port 110 and 995)

 # iptables -A INPUT -p tcp -m tcp -j ACCEPT 110 --dport
Iptables -A INPUT -p tcp # -m tcp -j ACCEPT --dport 995

Default iptables will show pop3 and pop3s

 ACCEPT tcp - anywhere anywhere tcp dpt: pop3
ACCEPT tcp - anywhere anywhere tcp dpt: pop3s

Besides, you also need to enable IMAP mail protocol protocol (default port 143 and 993)

 # iptables -A INPUT -p tcp -m tcp -j ACCEPT 143 --dport
Iptables -A INPUT -p tcp # -m tcp -j ACCEPT --dport 993

Default iptables will show pop3 and pop3s

 ACCEPT tcp - anywhere anywhere tcp dpt: imap
ACCEPT tcp - anywhere anywhere tcp dpt: imaps

3.4. Block 1 IP access

 # iptables -A INPUT -s -j DROP IP_ADDRESS

– 1 Block 1 IP access specific ports:

 -A INPUT -p tcp -s #iptables -dport IP_ADDRESS PORT j DROP

Once fully established, including the necessary ports open or restrict the connection, you need to block all remaining connections and allows all outgoing connections from VPS

 # iptables -P OUTPUT ACCEPT
# Iptables -P INPUT DROP

Once setup is complete, you can check the rules

 # service iptables status

OR

 # iptables -L -n

-n means that we only care about each IP address. For example, if the block connections from hocvps.com then iptables will display the parameter -n xxx.xxx.xxx.xxx
Finally, you need to save the iptables firewall settings without setting will disappear when you reboot the system. In CentOS, the configuration is saved in /etc/sysconfig/iptables.

 # iptables-save | sudo tee / etc / sysconfig / iptables

OR

 # service iptables save
iptables: Saving firewall rules to / etc / sysconfig / iptables: [ OK ]

Basically, the article guide you to the most basic things to use iptables firewall as one of the linux VPS, enough for one website or email server normally. However, there are still many things you can do with iptables. Hopefully, this tutorial will give you the basic security for VPS

Manual iptables
5 (100%) 10 vote

Zip and Unzip Tar files, Gzip and Zip

Tar, Gzip, Zip is the compressed form of packaging and basic data on Linux systems. Specifically, Tar used to encapsulate data, GZip and Zip compressed data can do both jobs.

I. Tar

Tar help pack the files / folders in one file, very helpful for backing up data. Typically, Tar files ending in .tar. To minimize file size, we need to add options or bunzip2 gzip compression. Synthetic options include

  • c: Create archive file.
  • x: Extract the archive file.
  • z: Compress with gzip – Always have when working with files gzip (gz).
  • j: Compression with bunzip2 – Always have when working with files bunzip2 (.bz2).
  • LZMA: Compressing with LZMA – Always have when working with files LZMA (.lzma).
  • f: Only archives will create – Always have when working with archives.
  • v: Displays the working file on the screen.
  • r: Add files to the archive files.
  • u: Update files already in the archive file.
  • t: List the remaining files in the archives.
  • Delete: Delete files in archives.
  • totals: Displays parameters tar file
  • exclude: remove files on demand during compression

1. Create compressed .tar fie

 # tar -cvf folder1 folder2 filename.tar file1 file2

Filename.tar the tar file name you create. File1, folder1 … the files, the folder you want packed in tar file (packed in the order listed).

For example, you are working in / usr, should pack folder / usr / bin, folder / boot / grub and /boot/abc.img[19459005file]

 # tar -cvf filename.tar bin / boot / grub /boot/abc.img

Files can be stored in the form filename (abc.img) or in the form attached file path (boot / abc.img). Meanwhile, in the process of extracting data, the file will be placed in the correct path saved.

Packing and data compression

Tar normally helps encapsulate data. To compress the data to reduce the amount, you should use the optional compression z for gzip (.gz format) or j for bunzip (.bz2 format)

 # tar -czvf folder1 folder2 filename.tar.gz file1 file2
or
# Tar -cjvf folder1 folder2 filename.tar.bz2 file1 file2

Archives skip files on demand

During the packaging process and store data, which can remove the file as required using option exclude .

For example, remove from the packaging .pyc file directory data /usr/lib/python2.6/site-packages

 # tar -cvf /usr/lib/python2.6/site-packages filename.tar --exclude = '*. Pyc'

Displays total storage capacity has been

Use option totals helps show the total storage capacity is

 # tar -cvf folder1 file1 filename.tar --totals
Total bytes ghi: 20561920 (20MiB, 354MiB / s)

2. Working with .tar file

Listing the contents inside archives

To view the contents inside the first tar file, use the option v to give out the information on the display includes permissions, owner, date / time …

 # tar -tvf filename.tar

Add new, updated content into an archive

Use option r to add content into an archive

 # tar -rvf add_file1 filename.tar add_file2

To update data into an archive already, use the option u (a special need to update the backup file)

 # tar -uf filename.tar

This command will compare the time modification of the contents on the outside and inside of the archives. Inside files will be updated if newer external file.

Deleting data in archives

Use option delete to remove content at the request of archives

 # tar --delete filename.tar -f file1 file2

3. Unzip the file .tar

 # tar -xvf filename.tar

This command will not remove the .tar file that will only extract the data inside the tar file into the current directory. In case the file is saved with path included, if the path does not exist, the system will automatically create a corresponding folder to place the file. Depending on how you package the data to extract the file location can change

For example, you are working in / boot / grub and wants encapsulation 1.map files in that folder.

  • If you pack 1.map, when decompressing the file path will be /boot/grub/1.map
  • If you pack /boot/grub/1.map, when decompressing the file path will be /boot/grub/boot/grub/1.map

Bung zip

For .tar.gz gzip compressed files you need to use more options z (with gzip compressed files) or optional j (with zip bunzip)

 # tar -xzvf filename.tar.gz
# Tar -xjvf filename.tar.bz2

Bung several files / folders specific

 # tar -xvf filename.tar file1 file2

Bung into one directory to another

To extract the data in the current folder elsewhere, you need to specify the path of the destination folder with the option -C

 # tar -xvf filename.tar -C / directory

For example, # tar -xvf test.tar -C / boot / efi the entire file will be unbent test.tar in the / boot / efi

II. Gzip

GZIP is used quite commonly in platforms Unix / Linux. GZIP can only work on one file or one stream of data, so can not store more files. So, if you want to use for multiple files then we have to use them before the TAR package.

1. Create a gzip compressed file

 # gzip filename

In this case, the original file automatically converted into compressed files. For example, # gzip test.php will convert into test.php.gz test.php

Set the compression level

The degree of compression is the custom in the range from 1 to 9. In particular, the fastest 1 ~ fast compression but lowest compression level to 9 ~ highest compression level best but slowest compression

 # # gzip gzip -1 --fast filename or filename
 # gzip -9 --best filename or # gzip filename

Check the compressed file attribute

 # gzip -l filename.gz

For example,

 # gzip -l hocvps.tar.gz
         uncompressed_name compressed ratio uncompressed
           23724096 64901120 63.4% hocvps.tar

2. Unzip the file gzip

 # gzip -d filename

Then, the compressed files automatically converted into the original file. For example, # gzip -d test.php.gz will convert into test.php test.php.gz

III. Zip

First, you need to check the installation zip in the systems.

 # rpm -q zip
zip package is not installed
or
Package zip-3.0-1.el6_7.1.x86_64 already installed and Latest version

Conduct install Zip if no

 # yum -y install zip
Installed:
zip.x86_64 0: 3.0-1.el6_7.1

1. Create a .zip compressed file

 # zip filename.zip filename1 filename2

In particular, the zip file filename.zip will be created from the compressed filename1 and filename2

folder into 1 Compressed zip file

Use option -r zip compression to the entire folder and files inside.

 # zip -r test.zip folder1

2. Unzip the .zip file

 # unzip filename.zip

Meanwhile, in filename.zip file will be unpacked into the current folder, compressed files remain
If the file exists in the directory decompression, the program will ask you about your options replace

 [y] es, [n] o, [A] ll, [N] one, [r] ename
Zip and Unzip Tar files, Gzip and Zip
5 (100%) 10 vote

Reset password management server HocVPS Script

HocVPS Script has supported a number of tools to manage the server and change the password to access the tool via the link domain.com:port. If after swapping passes you do not mind, please follow this operation to reset regain new pass.

HocVPS Admin Script supports the change password tool:

  1. HocVPS Admin Script access any path containing port (limited detectors pass)
  2. File Manager access path http://domain.com:port/filemanager/
  3. phpMyAdmin access path http://domain.com:port/phpmyadmin/

To change the password for this tool, after logging into HocVPS Admin Script you press the menu Change Password select the corresponding tool and then enter a new password is finished.

 

If you have changed the password to log on HocVPS Admin Script to reset connect SSH, then run this command:

. /etc/hocvps/scripts.conf
printf "admin: $ (openssl passwd -apr1 admin)  n"> /home/$mainsite/private_html/hocvps/.htpasswd

Where:

  • The first line to read configuration HocVPS Script taking the parameters $ mainsite .
  • 2nd Line reset the password on admin .

That’s it, now you can login with your new password Admin HocVPS admin I got you. Please log in and change your password immediately different.

Note, if you log in a password more than 3 times the wrong block access will be 1 hour!

Reset password management server HocVPS Script
3 (60%) 20 votes