I’ve got a complain from the customer of my recent cPanel server installation that his DNS zones are not replicated by our main DNS servers and therefore they have problems.
Category Archives: network
cPanel: How to replicate DNS zones to external Bind server without views
Posted by admin
on 07/15/2020
No comments
Sysadmin: Letsencrypt renewal htaccess redirect bypass
Posted by admin
on 05/27/2018
No comments
With increasing role of HTTPS websites (Google pushing everybody to run only HTTPS websites considering regular HTTP as insecure) the service provided by Let’s encrypt becomes critically important. But there is a catch – once you get the certificate and redirect your site to HTTPS using .htaccess you will get a problem renewing certificate because 301 redirect breaks the challenge verification and the command
|
1 |
certbot-auto renew |
gives an error about authorization problem.
Read more »
Sysadmin: Virtualmin and Letsencrypt integration
Posted by admin
on 11/16/2017
No comments
If you are using webmin excellent system for managing virtual host configuration it would make perfect sense to integrate with it the popular certificate authority Letsencrypt that issues completely free SSL certificates.
There are few initial steps that has to be made nside Webmin in order to make it utilize Letsencrypt SSL certificate issuing process for configured virtual hosts. I have successufully configured and used Webmin version 1.831 and certbot-auto 0.12. YMMV.
Read more »
Sysadmin: How to configure PXE server on VMware workstation
Posted by admin
on 09/20/2017
No comments
Vmware Workstation is the perfect candidate for configuring local PXE server for testing and development – it contains independent DHCP server that is an equivalent to ISC DHCP v2. All you need is to have your own VM that will be serving as TFTP server for network boot images, there are plenty of instruction on how to do that on Linux (.
I decided to configure my Vmware workstation for windows (windows 7 in that case) DHCP as PXE server using vmNAT network adapter, since I already have Linux VM in vmNAT network which I can configure for TFTP server.
The config file is %SYSTEMDRIVE%\Users\All Users\vmnetdhcp.conf, in order to enable PXE you will need to add 4 lines.
- 2 Lines at the top right after comments
12allow booting;allow bootp; - And another 2 lines inside the subnet block that is related to your VmNAT adapter network
12next-server <Your-TFTP-VM-IP-Here>;filename "pxelinux.0";
You will need to assign static IP to your Linux TFTP server so that network booted VMs will be able to access it. - Now you can go to Administrative tools->Services and restart Vmware DHCP server – if everything correct then it will restart without complains.
- In order to configure your TFTP server use this, or this instruction
Sysadmin: How to install Letsencrypt on CentOS
Posted by admin
on 09/18/2017
No comments
Since Letsencrypt started their services life became much easier (or less). You can get free valid and secure SSL certificates that are recognized by majority of browsers, but for that you need to do some initial configuration and keep in mind that if you don’t renew all these nice certificates will turn into pumpkin after 2 month.
Here is the one liner command to install certbot-auto in CentOS 6 (requires additional Python 2.7 from EPEL repo)
|
1 2 3 4 5 6 |
yum -y install python27 python27-devel python27-pip cd /usr/local/sbin wget https://dl.eff.org/certbot-auto chmod +x ./certbot-auto export PYTHON=/usr/bin/python2.7 ./certbot-auto register --agree-tos --no-eff-email -m <your@email.address> |
Almost, the same for the CentOS 7 just without Python.
|
1 2 3 4 |
cd /usr/local/sbin wget https://dl.eff.org/certbot-auto chmod +x ./certbot-auto ./certbot-auto register --agree-tos --no-eff-email -m <your@e-mail.address> |
Here is how quickly request/retrieve certificate for your website on domain.com that is hosted under /home/domain/public_html from command line (presuming that the site is answering on this server already e.g. DNS and web server configured properly)
|
1 2 |
/usr/local/sbin/certbot-auto certonly --webroot \ -w /home/domain/public_html -d domain.com -d www.domain.com |
If the request was successful your new certificates could be accessible from /etc/letsencrypt/live/domain.com, where
privkey.pem – is the certificate key, cert.pem – bare certificate fullchain.pem – certificate along with the whole CA chain.
Don’t forget that these are valid for 2 month only. You’ll need to run
|
1 |
/usr/local/sbin/certbot-auto renew |
after that to get valid certificates.
Centos: How to fine tune your Apache SSL server
Posted by admin
on 12/14/2016
No comments
The fine tuning of the SSL server side configuration is slow and tedious but necessary procedure. It’s always good to have your SSL site to conform the most latest security standards. It boosts ego and makes customer happy too. It turns out that all you need for that is already at your disposal the point is to properly configure it.
Read more »
Sysadmin: Brute force detection – custom rule for SMTP and SSH
Posted by admin
on 12/13/2016
No comments
I wrote before about excellent tool BFD that allows to block brute force password guessing attempts on different network services.
I prefer it to Fail2ban because of portability (bash script) system resource consumption (bash script!) and extendĐ°bility (true “unix way” modularity).
I also wrote before a brief instruction on how to extend BFD with your own rule to fight with apache/Wordpress DOS attack.
In this post I will show you how to write custom rules to block SMTP password guessing brute force attempts and SSSHD
OSX: PPTP VPN networking problem solved with custom MTU
Posted by admin
on 05/15/2015
No comments
I had an interesting complain the other day – customer experienced connectivity problems trying to access some web sites while on PPTP VPN connection. The VPN server was running on Linux and also under our control so troubleshooting the situation was pretty easy. All MS Windows based clients didn’t have this problem, only OSX based clients.
Read more »
Sysadmin: How to make use of apache web server mod_expires to improve performance
Posted by admin
on 06/26/2014
No comments
Most of modern Linux distributions contain Apache 2.x web server with the set of standard modules. One of these modules is mod_expires that allows to configure content expiration in local browser cache or caching proxies. Proper configuration for it can significantly improve overall server performance and reduce bandwidth consumption.
Read more »
Centos: how to install cpanel
Posted by admin
on 11/07/2013
No comments
“Extremely friendly…widely used …de-facto industry standard” cPanel all this and more. And I dislike it as much as it popular (I’ll talk about it later).
What surprised me that cpanel.net web site does not contain the link to the installation instruction on it’s front page which should be only logical.
Read more »