Ubuntu

  • Apache service randomly stopping

    If you're apache server somehow stops working randomly, first thing you can do is to check Apache error logs. [Mon May 24 15:39:26.328479 2021] [php7:error] [pid 3203] [client 52.65.15.196:9267] script '/var/www/html/wp-login.php' not found or unable to stat [Mon May 24 15:39:26.852814 2021] [php7:error] [pid 7809] [client 52.65.15.196:31930] script '/var/www/html/wp-login.php' not found or unable to stat [Mon May 24 15:42:15.348017 2021] [php7:error] [pid 6091] [client 52.192.73.251:59992] script '/var/www/html/wp-login.php' not found or unable to stat [Mon May 24 15:42:18.382698 2021] [php7:error] [pid 6263] [client 52.192.73.251:20394] script '/var/www/html/wp-login.php' not found or unable to stat [Mon May 24 15:51:41.982574 2021] [php7:error] [pid 4420] [client 3.8.12.221:32028] script '/var/www/html/wp-login.php' not found or unable to stat [Mon May 24 15:51:42.243716 2021] [php7:error] [pid 15790] [client 3.8.12.221:39625] script '/var/www/html/wp-login.php' not found or unable to stat For my case, the logs above are so suspicious because I don't even run a Wordpress site. So it feels like something or someone is trying to brute force attack my server. If you have notice something similar, one thing you can do is to install Fail2ban.   Installing in Ubuntu 16.04 apt-get install fail2ban then copy jail.conf to jail.local cd /etc/fail2ban cp jail.conf jail.local edit jail.local and search for "apache-noscript" [apache-noscript] enabled=true then restart the fail2ban service to reload the configurations service fail2ban restart to check the status like the ip addresses that were banned and some statistics, run fail2ban-client status apache-noscript  
  • Run node.js application in the background as service easily

    Simplest way I found is too install the node.js application named "forever" Just install forever in your server like: sudo npm install -g forever Then you can run your application as service like (inside your actual node application): forever start bot.js To kill the service: Show the forver process list: forver list Will return something like this: info: Forever processes running data: uid command script forever pid id logfile uptime data: [0] 1RSg /root/.nvm/versions/node/v9.5.0/bin/node bot.js 20554 20560 /root/.forever/1RSg.log 0:0:10:44.34400000000005 Then get the forever id which is from the sample above is [0] and stop the process like this: forever stop 0  
  • Schedule command using at command

    Creating commands Type in your terminal: at [schedule] e.g.: at 10:30 am Then inside the at command you can type in your commands like: at> php /var/www/html/yii-application/yii job/my-custom-job param1 param2 Then when you are done adding commands, presst CTRL+D Deleting commands If you don't know yet the schedule id, you can execute atq It will show you the list of scheduled commands like below: job 12 at Wed Feb 20 01:00:00 2019 To see the actual command you can execute at -c 12 To delete the schedule, simply use atrm command with the schedule id like this: atrm 12 And just in case you were thinking how to close the command that is already running, atrm will not stop the command. Instead you need to kill manually. In your terminal, run: ps -ef | grep 'YOUR_COMMAND' It will return something like this: UID PID PPID C STIME TTY TIME CMD root 361 1 0 Oct19 ? 00:00:04 YOUR_COMMAND Get the PID to kill the command kill 361
  • Run SSH command in background

    Do you have to run a big command that requires 30 minutes, 1 hour, 2 hours or 6 hours? Unfortunately SSH connections times out. Here's a simple trick on how to run a ssh command in the background so you can run your command and maybe sleep for a while or continue with your life.   In your terminal, run: nohup YOUR_COMMAND your_command_parameters > my.log 2>&1 &   And just in case you were thinking how to close the command, in your terminal, run: ps -ef | grep 'YOUR_COMMAND' It will return something like this: UID PID PPID C STIME TTY TIME CMD root 361 1 0 Oct19 ? 00:00:04 YOUR_COMMAND Get the PID to kill the command kill 361  
  • Jenkins (standalone) SSL + Let's Encrypt

    In this tutorial, I will show how to use Let's Encrypt free SSL with a standalone Jenkins in Ubuntu 16.04.   Installation of certbot and jenkins are not included in this tutorial.   Generate Certificates Run the command to generate the certificate and key files. sudo certbot certonly --standalone --preferred-challenges http -d example.com You should get this response: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for example.com Waiting for verification... Cleaning up challenges IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2019-02-07. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le Just in case you got this response: Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator standalone, Installer None Obtaining a new certificate Performing the following challenges: http-01 challenge for example.com Cleaning up challenges Problem binding to port 80: Could not bind to IPv4 or IPv6. You need to stop your web server and try again.   Convert the certificate to JKS keystore Go to your certificate folder cd /etc/letsencrypt/live/example.com And execute this command to convert the certificate to PKCS12 file first openssl pkcs12 -inkey privkey.pem -in fullchain.pem -export -out keys.pkcs12 If you are renewing the certificates, make sure to delete the existing /var/lib/jenkins/jenkins.jks file first. Then convert to JKS file keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore /var/lib/jenkins/jenkins.jks Enter export and import passwords and answer "yes" if asked to overwrite an existing alias Enter Export Password: Verifying - Enter Export Password: root@example:/etc/letsencrypt/live/example.com# keytool -importkeystore -srckeystore keys.pkcs12 -srcstoretype pkcs12 -destkeystore /var/lib/jenkins/jenkins.jks Importing keystore keys.pkcs12 to /var/lib/jenkins/jenkins.jks... Enter destination keystore password: Enter source keystore password: Existing entry alias 1 exists, overwrite? [no]: yes Entry for alias 1 successfully imported. Import command completed: 1 entries successfully imported, 0 entries failed or cancelled   Set Jenkins configuration to use the SSL Edit the Jenkins config file vim /etc/default/jenkins Look for JENKINS_ARGS and update the value to this: JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=-1 --httpsPort=8443 --httpsKeyStore=/var/lib/jenkins/jenkins.jks --httpsKeyStorePassword=PASSWORD_SET_ON_CONVERT_TO_JKS" Restart jenkins sudo service jenkins restart