Tag Archives: linux

Sysadmin: check massive list of urls for HTTP status code reply in single line

As I mentioned in previous post I did a few upgrades to EasyApache4 on couple of WHM/cPanel servers recently. While providing with an impressive list of advantages this upgrade could render some of the hosted sites offline because of missing PHP modules and incompatible PHP versions. In order to minimize the downtime all hosted sites has to be verified for availability. There could be easily hundreds of web sites hosted on single WHM/cPanel server and checking all of them manually will take a lot of time. In Linux almost anything could be automated.
Read more »

Share Button

cPanel: Upgrade to EasyApache4 important points to consider


So, you also decided to take a leap? It’s about time – a lot of new features are coming with EasyApache4 but in order to reduce downtime one has to be careful in the process.
I’ve done a couple upgrades of a company cPanel servers to EasyApache4 recently – not so easy procedure after all although definitely an improvement to the whole cPanel/WHM ecosystem.
Read more »

Share Button

SSL protocol error 525 for nginx solved


I’ve hit an unusual error the other day – I had to configure couple of SSL virtual hosts on Nginx web server. I didn’t expect to see any problems with that – it’s really simple and very well documented. The purpose was to switch Cloudflare CDN crypto option from “Flexible” to “Full”, to avoid unencrypted connection between Cloudflare and the server itself. The tricky part is that you have to have SSL virtual host configured on the server side before doing redirection otherwise you will get redirect loop.
I configured both of the SSL virtual hosts (thought second virtual host with ssl_certificate and ssl_certificate_key commented out) and tried to modify Cloudflare configuration – and then I’ve got 525 protocol error. I turned off the caching and tried to investigate.

I tried to use OpenSSL to troubleshoot SSL connection with “s_client” option, trying to connect to each SSL virtual host directly, bypassing Cloudflare and I saw an interesting picture

and more verbosely

And then it hit me – I’ve turned on SSL mode on the virtual host and not specified nor certificate no key, then I’ve configured another SSL virtual host with valid certificate and key configured but the SSL is running on the single IP so it’s in SNI mode, sends me an EMPTY SSL SNI negotiation start. In order to avoid the problem I need to have valid certificates for ALL my SNI SSL virtual hosts. After I altered my configuration the problem was fixed.

Share Button

Centos: How to fine tune your Apache SSL server


The fine tuning of the SSL server side configuration is slow and tedious but necessary procedure. It’s always good to have your SSL site to conform the most latest security standards. It boosts ego and makes customer happy too. It turns out that all you need for that is already at your disposal the point is to properly configure it.
Read more »

Share Button

Sysadmin: Brute force detection – custom rule for SMTP and SSH

I wrote before about excellent tool BFD that allows to block brute force password guessing attempts on different network services.
I prefer it to Fail2ban because of portability (bash script) system resource consumption (bash script!) and extendаbility (true “unix way” modularity).
I also wrote before a brief instruction on how to extend BFD with your own rule to fight with apache/Wordpress DOS attack.
In this post I will show you how to write custom rules to block SMTP password guessing brute force attempts and SSSHD

Read more »

Share Button

Centos: recover MySQL users access after upgrade to MySQL-5.5

I had one of my customers asking me for the MySQL server version upgrade (OS provided MySQL 5.1.73 to something above MySQL 5.5) for one of his dedicated servers. Neither of us expected any problems from that, but we’ve ran into some that we had to resolve quickly because of production web sites running on the same server.
For more modern software versions I usually use excellent IUS reposity which in combination with EPEL repository serves about 87% of my needs in 3rd party packages and updates.
Read more »

Share Button

Centos: How to fix cPanel update insufficient disk space

cpsizeerror There are certain situations when you can encounter such cPanel update error message.
In order to update cPanel has to download new files and packages to replace outdated. For this it requires about 1.8Gb of free space on /usr partition. What can you do to fix the problem if you get this error message ?
Read more »

Share Button

Centos: how to install cpanel

cpanel “Extremely friendly…widely used …de-facto industry standard” cPanel all this and more. And I dislike it as much as it popular (I’ll talk about it later).
What surprised me that cpanel.net web site does not contain the link to the installation instruction on it’s front page which should be only logical.
Read more »

Share Button

Sysadmin: Why CentOS?

centos_icon Why CentOS as our main server farm Linux distribution? I really want this article to be pure technical, but there are some emotions attached to the question so please forgive me if I might break into rant somewhere down the road.

There were so many times when I was asked by young men with bright eyes and too much free time on their hands “Why do you use Centos for your server farm? Why not (debian,ubuntu, gentoo, insert your favorite distribution here)?” And I am so tired of explaining this decision over and over so I decided to put it together in this article and get it over with once and for all.
Read more »

Share Button

phpMyAdmin import.php Missing parameter problem solved

Very annoying phpMyadmin error. As you can see it points to the item in the phpMyAdmin FAQ page where there are list of possible causes which could lead to this kind of error. Let me give you a tip.
Read more »

Share Button
Page 1 of 212