# FOR PRODUCTION SERVERS # Changing user without password promts: sudo -u www-data bash # Locate for files mlocate php.ini ## PHP 8.1 conf location /etc/php/8.1/fpm/php.ini /etc/php/8.1/cli/php.ini (local) ## Laravel 8 ubuntu issue When composer gives strange errors, do this: https://github.com/composer/composer/issues/9097 ## PHP List all PHP versions sudo update-alternatives --list php # PHP 7.4 sudo apt install php7.4-fpm php7.4-common php7.4-mysql php7.4-xml php7.4-xmlrpc php7.4-curl php7.4-gd php7.4-imagick php7.4-cli php7.4-dev php7.4-imap php7.4-mbstring php7.4-soap php7.4-zip php7.4-bcmath -y # Authorize with keys ### Local PC 1. Public key is one which my Mac has and which is in Server /root/.ssh/authorized_keys file. 2. Termius asks to give location of private_key in iMac (private_key is must! not public_key). Then no password for login needed, if public/private key pair has none, but the port of the server still needed to login. 3. Private key is hold only by Mac and needed for Filezilla, Termius. It is synced with public_key. It must be only in iMac 4. Echo Keys: - `cat ~/.ssh/id_rsa.pub` // public - `cat /users/bliss/.shh/id_rsa.pub` // public (user in localhost) - `cat /users/root/.shh/id_rsa.pub` // public (root server) - `cat ~/.ssh/id_rsa` // private ### Server Keys - Adding developer to the server: - uploading his “id_rsa.pub” first line to the server file: /root/.ssh/authorized_keys - Adding Server Public Key to the Bitbucket: - Generate public key for server (will generate in /home/username/.ssh/id_rsa): - `ssh-keygen -t rsa -b 4096 -C "sukys.gediminas@gmail.com"` - generate and manually download via ftp or open with nano: - `nano /root/.ssh/id_rsa.pub` - Save code in the bitbucket. # PERMISSIONS Set permissions for all www folder for www user: sudo chown -R www-data:www-data /var/www/ #### Config laravel directories correctly https://stackoverflow.com/questions/30639174/how-to-set-up-file-permissions-for-laravel Set 755 for all folders in storage `sudo find . -type f -exec chmod 664 {} \;` `sudo find . -type d -exec chmod 775 {} \;` `sudo chgrp -R www-data storage bootstrap/cache;` `sudo chmod -R ug+rwx storage bootstrap/cache;` #### MYSQL NAtive `Sudo mysql` `ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'NEWPASSWORD';` `FLUSH PRIVILEGES;` https://askubuntu.com/questions/766334/cant-login-as-mysql-user-root-from-normal-user-account-in-ubuntu-16-04 # CERTBOT # NGINX ### test config file sudo nginx -t ## Install php8.0 for nginx & modules sudo apt-get install php-cli php-fpm php-curl php-gd php-mysql php-mbstring php-dom php-zip ## Install php8.0 for nginx & modules sudo apt-get install php8.0-cli php8.0-fpm php8.0-curl php8.0-gd php8.0-mysql php8.0-mbstring php8.0-dom php8.0-zip ## Install php7.4 modules sudo apt-get install php7.4-cli php7.4-fpm php7.4-curl php7.4-gd php7.4-mysql php7.4-mbstring php7.4-dom php7.4-zip ## Install php7.3 for nginx & modules sudo apt-get install php7.3-cli php7.3-fpm php7.3-curl php7.3-gd php7.3-mysql php7.3-mbstring php7.3-dom php7.3-zip ## Install php7.2 on Ubuntu20 sudo add-apt-repository ppa:ondrej/php sudo apt update sudo apt-get install php7.2-cli php7.2-fpm php7.2-curl php7.2-gd php7.2-mysql php7.2-mbstring php7.2-dom php7.2-zip https://gist.github.com/GhazanfarMir/03bd1f1f770a3834d47274586d46ea62 https://askubuntu.com/questions/1230869/cant-install-php-7-2-on-ubuntu-20-04 # ZIP, FILE MANAGEMENT #### ZIP, TAR Compress to Zip: zip -r filename.zip folder #### Zip except folder: zip -r /var/www/lara_dviraciai3.zip /var/www/lara_dviraciai -x '\*/dviraciu-nuotraukos\*' #### Unzip .zip file: unzip /var/www/autorebus/application/public/phpMyAdmin-5.2.1-english.zip -d /var/www/autorebus/application/public/pma-53a5687cb26dc41f2ab4033e97e13adefd3740d6 ## .zip extract to current dir: `unzip /path/to/file.zip` ## .zip extract of PMA go to folder "cd /var/www/project/public" and type: `unzip /var/www/bauto.lt/testing1/public/phpMyAdmin-5.1.1-all-languages.zip` Extract tar.gz tar -C /myfolder -xvf yourfile.tar Compres to tar tar -czvf archive.tar.gz /path/directory-or-file Tar.gz ## TAR Compress an Entire Directory or a Single File tar -czvf name-of-archive.tar.gz /path/to/directory-or-file https://www.howtogeek.com/248780/how-to-compress-and-extract-files-using-the-tar-command-on-linux/ Compress the Dir to .tar Linux & Mac: tar -zcvf archive_name.tar.gz folder_to_compress To extract tar to destinaton_folder: tar -zxvf archive_name.tar.gz Get size of the folder: du -sh /path/to/directory Remove folder recursively: rm -rf /folder/name Move folder `sudo mv /fromPath /toPath` REMOVE FILES rm /var/log/mysql/-mysql rm -r /var/log/mysql - removes all dir with files # PHP MAIL Configuration to use PHP mail function https://devanswers.co/how-to-get-php-mail-working-on-ubuntu-16-04-digitalocean-droplet/ https://stackoverflow.com/questions/13193433/how-can-i-use-php-mail-function-within-php-fpm-on-nginx/13193480 2 modules, add line to config # UFW UFW Firewall setup and configuration: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-with-ufw-on-ubuntu-18-04 # FTP #### Installing FTP: TLS: https://www.digitalocean.com/community/tutorials/how-to-configure-vsftpd-to-use-ssl-tls-on-a-centos-vps Check disk space: df -h --total (look at the last line) Check what version of Apt-get package we have: apt-cache show supervisor Select default editor: sudo update-alternatives --config editor https://www.howtogeek.com/howto/ubuntu/change-the-default-editor-from-nano-on-ubuntu-linux/ #### Creating FTP on server, via vsftp. Fails on FTP over TLS (wrong way) https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-18-04 Add users: https://ma.ttias.be/vsftpd-linux-500-oops-vsftpd-refusing-run-writable-root-inside-chroot/ ## Create ftp user: 1. configure user, create dir https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-20-04 2. then make root dir writable: https://ma.ttias.be/vsftpd-linux-500-oops-vsftpd-refusing-run-writable-root-inside-chroot/ # APACHE #### Ubuntu installation on production `apt-get update` `apt-get upgrade` Remove apache2 `service apache2 stop` sudo apt-get autoremove sudo apt-get remove apache2* dpkg -S `which apache2` # SSH ## KEISTI SSH ROOT PORTA: Changing on Ubuntu 20 with UFW conf: https://linuxconfig.org/ubuntu-20-04-ssh-server `apt-get install nano` `nano /etc/ssh/sshd_config` `ufw allow 777` `sudo ufw enable` `sudo service ssh reload` `sudo service ssh restart` #### Connect via Mac Terminal to SFTP: sftp -oPort=port_number host_name #### Adding new SSH user and giving only FTP access for him https://www.digitalocean.com/community/tutorials/how-to-enable-sftp-without-shell-access-on-ubuntu-18-04 https://linuxconfig.org/how-to-setup-sftp-server-on-ubuntu-20-04-focal-fossa-linux # Denyhosts `apt-get install denyhosts` Instaliuoti denyhosts, jei neina per apt-get: http://www.liberiangeek.net/2014/10/install-denyhosts-ubuntu-14-04-server/ `nano /etc/hosts.allow (Add “all: 217.77.30.46” ateities) ` If already catched my ip, how to remove Remove from /etc/hosts.deny sudo /etc/init.d/denyhosts restart From iptables http://askubuntu.com/questions/193858/how-to-delete-or-unblock-an-ip-address-listed-in-iptables-firewall To Remove IP from Denyhosts more seriously: Second answer: http://stackoverflow.com/questions/9225300/denyhosts-keeps-adding-back-my-ip (from /var/lib/denyhosts dir) # MYSQL #### MySQL Dump Import `mysql -u username -p new_database < data-dump.sql` Do it without loging in to mysql MYSQL https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04 `sudo apt-get install mysql-server` Securing (do not install password plugin, because it is broken) `sudo mysql_secure_installation` login to console `mysql -u root -p` max_execution_time; max_file_uploads; max_input_time; memory_limit; post_max_size = 300M (sum of all files on post) upload_max_filesize; Restarting - must (serv): `service php7.0-fpm restart` `service apache2 restart` Add in fastcgi config in nginx.conf, if fails to accept php.info configuration (serv): fastcgi_param PHP_VALUE "upload_max_filesize = 50M \n post_max_size=51M"; # SSH KEYS Steup SSH Keys: https://www.digitalocean.com/community/articles/how-to-set-up-ssh-keys--2 copy and add it to the github account # LINUX PROCESSES GET ALL PROCESES LIST: service --status-all # LINUX TIME Check server time: timedatectl status CHANGE TIMEZONE dpkg-reconfigure tzconfig # LINUX MAIL READ MAIL nano /var/mail/root # CRONTAB crontab -e * * * * * wget -q https://ardogaparts.com/updating > /dev/null 2>&1 (quiet, saves no result) * * * * * /usr/bin/wget -O /dev/null --no-check-certificate https://junaka.lt/ad_photo_tasks/make >> /var/www/crontaberror.log 2>&1 # write log to the file * 0,1,2 * * * flock -n /tmp/pricelists_ap_upload.lock wget -O /dev/null https://vikodalys.lt/cron_pricelists_ap_upload # flock to not overlap # ADMIN Tcpdump Get only requests to some kind of port tcpdump port 80 tcpdump dst port 80 Get from IP and port: sudo tcpdump "src port 22" and "dst host 1.2.3.4" Killall: killall tcpdump Read saved file: tcpdump -r /home/users/demo/demo.dump Write to file: tcpdump -A -r /tmp/http.log | less Tshark (required to run as non-super user) tshark 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' Netstat netstat -an | grep 80 #### VNC Login with serveriai.lt 1. Remember to write password via hand, because copy/paste doesn’t work 2. username is root 3. if VNC password doesn't work, user original root password