Sometimes during a software install, things go sideways and you realize that not all of the program downloaded or the install was interrupted for some reason leaving you with incomplete files and empty directories. Honestly, this is an rare occurance but it can happen from time to time. This then begs the question; So how do I completely uninstall recently installed software? In this tutorial, we’ll be safely removing PostgreSQL from our Liquid Web Ubuntu 16.04 server.
Reading Time: 2 minutesBy default, SSH on Ubuntu comes configured in a way that disables the root users log in. This was originally enabled as a security precaution which means that you cannot directly log in as the root user over SSH. However, you can usually get around the need for root ssh login by using the sudo command. In some cases, though it’s just more convenient to get directly logged in as root.
Reading Time: 2 minutesIn this article and related video, we will be discussing how to check the kernel version in both Ubuntu and CentOS Linux. The following command works with all Linux distributions, such as Red Hat, CentOS, Debian, and Ubuntu. It also works on other UNIX-like operating systems such as HPUX, FreeBSD, OpenBSD, Solaris, etc. Use the following command to check which kernel version your server is currently running:
Continue reading “How To Check the Kernel Version in Linux / Ubuntu / CentOS”
Reading Time: 9 minutes
What is Puppet?
In this tutorial, we will install Puppet on a Ubuntu 18.04 server. Puppet is an open core, server based, task management type of automation software that is primarily used to limit your interactions for many of the mundane, day to day server tasks that used to require personal intervention.
This software allows you as the server owner to delegate specific functions to the software, thereby freeing you up for more critical business efforts. Puppet is a master/client based system that can interact with both Windows and Linux servers. The Puppet master server is run from a Linux server (a small downside given the time and effort it will save in the long run) but, can control efforts on other server types as well.
Continue reading “Install Puppet on Ubuntu 18.04”
Reading Time: 3 minutes
What Is Jenkins?
Jenkins is an open source automation server software developed in Java. It allows developers to integrate CI/CD (Continuous Integration/Continuous Delivery) pipelines within their organization that ease and automate workflows. It has an extensive help community, supports over 1000 plugins, allows users the ability to automate almost any task and, it saves significant time that can be better utilized addressing other issues.
When automating tasks with Jenkins, users can optimize their workflow by quickly automating the jobs that servers are not able to do themselves. Jenkins has a wide array of features including building projects, executing unit tests for bug detection, analyzing static code, and deploying applications. For this article, we will learn how to install Jenkins on a Ubuntu 16.04 server using APT (Advanced Package Tool). When using APT, we can retrieve and install all of the needed dependencies as well.
Reading Time: 4 minutes
What is a Firewall?
Broadly speaking, a firewall is part of a network or server that is designed to restrict potentially malicious and unauthorized access to the hardware while still allowing outward communication from the network or server.
There are two types of firewalls; physical hardware firewalls which are devices that connect to the destination server and stop traffic from passing to it and, software-based firewalls that run on a server and filter/reject connection attempts. In both cases, the firewall is at its core, a security measure meant to protect your data from unauthorized access. Today, we are going to review how to install CSF Firewall on a Ubuntu server
Reading Time: 5 minutes
Let the Battle Begin!
Today we will be reviewing the major differences between CentOS and Ubuntu in a web hosting environment. Although this is not a fully comprehensive analysis of every single aspect of the numerous in-depth features of each operating system, it should provide a solid overview which will allow you to choose which system is best suited for your needs. Without further ado, let’s jump right in…
Reading Time: 6 minutesWith the shortage of available address space in IPv4, IPs are becoming increasingly difficult to come by, and in some cases, increasingly expensive. However, in most instances, this is not a drawback. Servers are perfectly capable of hosting multiple websites on one IP address, as they have for years.
But, there was a time when using an SSL certificate to secure traffic to your site required having a separate IPv4 address for each secured domain. This is not because SSLs were bound to IPs, or even to servers, but because the request for SSL certificate information did not specify what domain was being loaded, and thus the server was forced to respond with only one certificate. A name mismatch caused an insecure certificate warning, and therefore, a server owner was required to have unique IPs for all SSL hosts.
Luckily, IPv4 limitations have brought new technologies and usability to the forefront, most notably, Server Name Indication (SNI).
Why Do I Need an SSL?
Secure Socket Layer (SSL) certificates allow two-way encrypted communication between a client and a server. This allows any data protection from prying eyes, including sensitive information like credit card numbers or passwords. SSLs are optionally signed by a well-known, third-party signing authority, such as GlobalSign. The most common use of such certificates are to secure web traffic over HTTPS.
When browsing an HTTPS site, rather than displaying a positive indicator, modern browsers show a negative indicator for a site that is not using an SSL. So, websites that don’t have an SSL will have a red flag right off the bat for any new visitors. Sites that want to maintain reputation are therefore forced to get an SSL.
Luckily, it is so easy to get and install an SSL, even for free, that this is reduced to a basic formality. We’ll cover the specifics of this below.
What is SNI?
Server Name Indication is a browser and web server capability in which an HTTPS request includes an extra header, server_name, to which the server can respond with the appropriate SSL certificate. This allows a single IP address to host hundreds or thousands of domains, each with their own SSL!
SNI technology is available on all modern browsers and web server software, so some 98+% of web users, according to W3, will be able to support it.
We’ll be working on a CentOS 7 server that uses Nginx and PHP-FPM to host websites without any control panel (cPanel, Plesk, etc.). This is commonly referred to as a “LEMP” stack, which substitutes Nginx for Apache in the “LAMP” stack. These instructions will be similar to most other flavors of Linux, though the installation of Let’s Encrypt for Ubuntu 18.04 will be different. I’ll include side-by-side instructions for both CentOS 7 and Ubuntu 18.04.
For the remainder of the instructions, we’ll assume you have Nginx installed and set up to host multiple websites, including firewall configuration to open necessary ports (80 and 443). We are connected over SSH to a shell on our server as root.
Step 1: Enabling SNI in Nginx
Our first step is already complete! Modern repository versions of Nginx will be compiled with OpenSSL support to server SNI information by default. We can confirm this on the command line with:
This will output a bunch of text, but we are interested in just this line:
TLS SNI support enabled
If you do not have a line like this one, then Nginx will have to be re-compiled manually to include this support. This would be a very rare instance, such as in an outdated version of Nginx, one already manually compiled from source with a different OpenSSL library. The Nginx version installed by the CentOS 7 EPEL repository (1.12.2) and the one included with Ubuntu 18.04 (1.14.0) will support SNI.
Step 2: Configuring Nginx Virtual Hosts
Since you have already set up more than one domain in Nginx, you likely have server configuration blocks set up for each site in a separate file. Just in case you don’t, let’s first ensure that our domains are set up for non-SSL traffic. If they are, you can skip this step. We’ll be working on domain.com and example.com.
At the very least, insert the following options, replacing the document root with the real path to your site files, and adding any other variables you require for your sites:
A similar file should be set up for example.com, and any other domains you wish to host. Once these files are created, we can enable them with a symbolic link:
ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/
ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
Now, we restart Nginx…
systemctl reload nginx
This reloads the configuration files without restarting the application. We can confirm that the two we just made are loaded using:
You should see your server_name line for both domain.com and example.com.
Now that we have valid running configurations, we can add the SSLs we have for these domains as new server blocks in Nginx. First, save your SSL certificate and the (private) key to a global folder on the server, with names that indicate the relevant domain. Let’s say that you chose the global folder of /etc/ssl/. Our names, in this case, will be /etc/ssl/domain.com.crt (which contains the certificate itself and any chain certificates from the signing authority), and /etc/ssl/domain.com.key, which contains the private key. Edit the configuration files we created:
Add a brand new server block underneath the end of the existing one (outside of the last curly brace) with the following information:
Note the change of the listening port to 443 (for HTTPS) and the addition of the ssl_certificate and ssl_certificate_key lines. Instead of rewriting the whole block, you could copy the original server block and then add these extra lines, while changing the listen port. Save this file and reload the Nginx configuration.
systemctl reload nginx
We again confirm the change is in place using:
For some setups you’ll see two server_name lines each for domain.com and example.com, one using port 80 and one using port 443. If you do, you can skip to Step 4, otherwise continue to the next step.
Let’s next set up the free SSL provider Let’s Encrypt to automatically sign certificates for all of the domains we just set up in Nginx. On Ubuntu 18.04, add the PPA and install the certificate scripts with aptitude:
apt-get install certbot python-certbot-nginx
In CentOS 7, we install the EPEL repository and install the certificate helper from there.
yum install epel-release
yum install certbot python2-certbot-nginx
On both systems, we can now read the Nginx configuration and ask the Certbot to assign us some certificates.
This will ask you some questions about which domains you would like to use (you can leave the option blank to select all domains) and whether you would like Nginx to redirect traffic to your new SSL (we would!). After it finishes it’s signing process, Nginx should automatically reload its configuration, but in case it doesn’t, reload it manually:
systemctl reload nginx
You can now check the running configuration with:
You should now instead see two server_name lines each for domain.com and example.com, one using port 80 and one using port 443.
Let’s Encrypt certificates are only valid for 90 days from issuance, so we want to ensure that they are automatically renewed. Edit the cron file for the root user by running:
The cron should look like this:
45 2 * * 3,6 certbot renew && systemctl reload nginx
Once you save this file, every Wednesday and Saturday at 2:45 AM, the certbot command will check for any needed renewals, automatically download and install the certs, followed by a reload of the Nginx configuration.
We should now check the validity of our SSLs and ensure that browsers see the certificates properly. Visit https://sslcheck.liquidweb.com/ and type in your domain names to check the site’s SSL on your server. You should see four green checkmarks, indicatating SSL protection.
We hope you’ve enjoyed our tutorial on how to install SSLs on multiple sites within one server. Liquid Web customers have access to our support team 24/7. We can help with signed SSL or ordering a new server for an easy transfer over to Liquid Web.
Reading Time: 4 minutes
What is Puppet?
Puppet is an intuitive, task-controlling software which provides a straightforward method to manage Linux and Windows server functions from a central master server. It can perform administrative work across a wide array of systems that are primarily defined by a “manifest” file, for the group or type of server(s) being controlled.