Category Archives: Linux

Nginx basic authentication

Setting up basic authentication in Nginx is pretty easy, you need to first add couple of directives in block config, you can out them directly in the server if you want the whole site not be accessible or just on some parts-

    auth_basic "Restricted Content";
    auth_basic_user_file /etc/nginx/.htpasswd;

Then in the .htpasswd file add the user and use openssl to generate hash for the chosen password –

echo "password" | openssl passwd -apr1 -stdin

Encrypt and decrypt files with openssl

If you need easy way to encrypt and decrypt files on linux systems, one way you can go is to use openssl, usually it is available on most servers,

Encyrpt:

openssl aes-256-cbc -e -in file.zip -out file.enc -k password

Decrypt:


openssl aes-256-cbc -d -in file.enc -out file.zip -k password

 

You should also be able to use it with des3, but I haven’t tested the fallowing:

Encrypt:

openssl des3 -salt -in file-plain.txt -out file-encrypted.txt.des3

Decrypt:

openssl des3 -d -salt -in file-encrypted.txt.des3 -out file-plain.txt

Calculate total size of files listed

Sometimes you need to know the combined size of a given files that are combined with other files in the same dir, either by their extension or by some other property.

This example is based on file extension, but can be adapted to any other results you like find to return:

find . -name "mysql-bin.*.1" -size +1000000c -print0 | du -hc --files0-from=- | awk 'END{print $1}'

Stop and remove all docker containers and images

If you want to save some time removing all containers, you can use this two command(the first one is to stop all if there are some running):

docker stop $(docker ps -a -q)
docker rm $(docker ps -a -q)

You can also remove all the images with:

docker rmi -f $(docker images -q)

Be aware that the -f option will force delete even images that are being used.

Hits per second, hits per minute

In case you need to generate file from a log with the number of hits per second or minute you can use the fallowing commands-

Hits per second –

cat access.log | cut -d[ -f2 | cut -d] -f1 | awk 'BEGIN { FS=":" } ; { print $1":"$2":"$3":"$4 }'| sort | uniq -c >/home/user/hits-per-sec

Hits per minute –

cat access.log | cut -d[ -f2 | cut -d] -f1 | awk 'BEGIN { FS=":" } ; { print $1":"$2":"$3 }' | sort | uniq -c >/home/user/hits-per-min

SFTP upload on one line

This can be used in a script to schedule uploads, however it is not recommended to use it and store passwords in plain text, but sometimes you might not have choice if you don’t control the remote server.

You will also need the sshpass package installed.

sshpass -p "password" sftp user@remote.com:/directory <<< $'put /var/www/www.local.com/httpdocs/var/export/*.Products.csv'

Ubuntu 16.04 – Install Apache2 and php7

I have experimented some time ago, with php7, as described in this post. At that time that wasn’t official realease, however the link seems to pick up on some searches in google, and there was some confusion for people expecting this to be copy/paste guide.

So I would try to fix these and outline the steps to install Apache2 with php7 on the latest server LTS Ubuntu – 16.04.01 – freshly downloaded from the official site, at the time of the writing.

First, the two most repeated commands:


sudo apt-get update

sudo apt-get upgrade

That will update any software installed on the server distro.

Then install apache2 –

sudo apt-get install apache2

Open the IP of the server you have installed it on and you should be presented with the default apache web page, if nothing is showing, you need to check if apache2 is running and if the firewall/ufw is blocking requests.

It comes the turn to install mysql –

sudo apt-get install mysql-server

You will be asked to provide password for the MySQL root user, you should be aware this is not the same user as the Linux root user, it is different one having rights to do everything with every database in MySQL, so it is a good idea to pick a different password then the ones you are using currently in the system.

After installation is finished, we will have to run buil-in script to tighten some of the security for MySQL and clean up some things –

sudo mysql_secure_installation

You will be asked for you the root password (MySQL root user), and then to choose a level for password validation:


There are three levels of password validation policy:

LOW Length >= 8

MEDIUM Length >= 8, numeric, mixed case, and special characters

STRONG Length >= 8, numeric, mixed case, special characters and dictionary file Please enter 0 = LOW, 1 = MEDIUM and 2 = STRONG: 1

They are self explainatory, but I don’t really like password validators – I find them stupid security measure, especially on the level of MySQL server/users. So I would set that to 0/low for machines I am using.

You should read the questions and answer then with ‘y’ or ‘no’, in the past it was fine to answer all with ‘y/yes’ however, now I am noticing that the first question is “Change the password for root” – you might not really want to do that, so the best thing is to read what are you actually asked.

 

Ok, so we are getting there, let’s install php7 with the apache mod –

sudo apt-get install php7.0 libapache2-mod-php7.0 php7.0-mcrypt php7.0-mysql

Then you could check the php version in the terminal with –

php -v

And the final step is to be sure apache is interpreting php in the browser.

First, become root with –

sudo -i

Then will add php info page to the server web root directory, so we could open it in our browser after that to verify it is running properly on check all the configuration details for php –

echo '<?php phpinfo(); ?> > /var/www/html/info.php'

After that you should navigate in your browser to the IP your server is listening to, and add /info.php after it, so it would look something like this –

http://192.168.122.113/info.php

That’s pretty much for it, but this where the complicated things starts from.

Dump and compress all MySQL databases

This is a little variation of a script I used in the past, what will do is find all databases, and export them compressed, with piping to gzip.

#!/bin/bash
MYSQLDUMP="$(which mysqldump)"
DIR="/root/db_dumps"
DBS=`mysql --defaults-extra-file=.my.cnf -e"show databases"`

#Remove	old dumps
rm -f $DIR/*.sql*

for DATABASE in $DBS
do
if [ $DATABASE != "Database" ]; then
FILENAME=$DATABASE
$MYSQLDUMP --defaults-extra-file=.my.cnf $DATABASE --single-transaction | gzip > $DIR/$FILENAME.sql.gz
fi
done

rm -f $DIR/information_schema.sql*
rm -f $DIR/performance_schema.sql*

.my.cnf file contents:

[client]
user=root
password=your_password

.my.cnf file should be in the user directory owned by him with permissions 600 or even 400