centos – Reffffference

CentOS Configure account to never expire / fix cron problem

Ivan — Fri, 15 Feb 2019 15:47:08 +0000

CentOS have security measure to force users password expiration which can cause problems.
For example – you do not use passwords to log in to machines, and you prefer ssh keys. And the day the password for that user expires its cron jobs will stop working.

You can fix it with one of these, I prefer removing the expiration with chage:

chage -M -1 root

passwd -x -1 root

You can confirm with:

chage -l root

osTicket nginx config

Ivan — Tue, 31 Oct 2017 18:18:55 +0000

Had to install osTicket recently, and it had bit of a problems with the ajax requests returning 404.
This config should be enough to get you started, you might not even need to change it, well besides the obvious things like server name and root.
Ideally it shouldn’t have if blocks, but I am too lazy right now to refine it.

server {
        root /var/www/osticket/;
        index index.php index.html;
        listen 80;

        server_name domain.com;

        set $path_info "";

        # Deny access to everything inside the include directory
        location ~ ^/include {
                deny all;
                return 403;
        }

        # Deny access to .htaccess
        location ~ /\.ht {
                deny all;
        }

        # Requests to /api/* need their PATH_INFO set, this does that
        if ($request_uri ~ "^/api(/[^\?]+)") {
                set $path_info $1;
        }

        # /api/*.* should be handled by /api/http.php if the requested file does not exist
        location ~ ^/api/(tickets|tasks)(.*)$ {
                try_files $uri $uri/ /api/http.php;
        }

        # /scp/ajax.php needs PATH_INFO too
        if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
                set $path_info $1;
        }

        # Catch requests to /scp/ajax.php/some/path and redirect them to ajax.php
        location ~ ^/scp/ajax.php/(.*)$ {
                try_files $uri $uri/ /scp/ajax.php;
        }

        # Set index.php as directory index
        location / {
                index index.php;
        }

        # PHP-FPM listening on 127.0.0.1:9001 or on a socket
        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_pass 127.0.0.1:9001;
                #fastcgi_pass    unix:/var/run/php5-fpm.sock;
                fastcgi_index   index.php;
                fastcgi_param   SCRIPT_FILENAME         $document_root$fastcgi_script_name;
                fastcgi_param   PATH_INFO               $path_info;
                include fastcgi_params;
        }
}

Mount SSHFS volumes in fstab with ssh key

Ivan — Thu, 05 Oct 2017 17:03:43 +0000

SSHFS on command line usually takes the ssh key with the -o, option which doesn’t really work when adding it in fstab. If you look around the internet you most probably found that people recommend adding fstab records with the -o option, but this wont work, simply add the key as another regular fstab option –

sshfs#USER@domain.com:/data/www /mnt/logs/  fuse IdentityFile=/home/USER/.ssh/id_rsa,uid=UID,gid=GUID,users,idmap=user,noatime,allow_other,_netdev,reconnect,ro 0 0

Replace USER with the user who connects to the remote server and UID and GUID with the ones from the remote server.
The above also mounts the remote system as read-only so you wont be able to write on the mount.

Rsyslog don’t work after settings change.

Ivan — Thu, 28 Sep 2017 23:01:30 +0000

Got into strange issue where rsyslog will stop logging at all without warnings or logging errors. This happened after simple settings change which should not cause problems.
Well you need not only to restart rsylog, you need as well to restart systemd journald service.
At least this solved it for me.

systemctl restart systemd-journald