Installing Nginx with PHP 7 and MySQL 5.7 (LEMP) on Ubuntu 16.04 LTS

Standard

From: https://www.howtoforge.com/tutorial/installing-nginx-with-php7-fpm-and-mysql-on-ubuntu-16.04-lts-lemp/


Nginx (pronounced “engine x”) is a free, open-source, high-performance HTTP server. Nginx is known for its stability, rich feature set, simple configuration, and low resource consumption. This tutorial shows how you can install Nginx on an Ubuntu 16.04 server with PHP 7 support (through PHP-FPM) and MySQL 5.7 support (LEMP = Linux + nginx (pronounced “engine x”) + MySQL + PHP).

 

1 Preliminary Note

In this tutorial, I use the hostname server1.example.com with the IP address 192.168.1.100. These settings might differ for you, so you have to replace them where appropriate.

I’m running all the steps in this tutorial with root privileges, so make sure you’re logged in as root:

sudo -s

 

2 Installing MySQL 5.7

In order to install MySQL, we run:

apt-get -y install mysql-server mysql-client

You will be asked to provide a password for the MySQL root user – this password is valid for the user root@localhost as well as root@server1.example.com, so we don’t have to specify a MySQL root password manually later on:

New password for the MySQL “root” user: <– yourrootsqlpassword
Repeat password for the MySQL “root” user: <– yourrootsqlpassword

To secure the database server and remove  the anonymous user and test database, run the mysql_secure_installation command.

mysql_secure_installation

You will be asked these questions:

root@server1:~# mysql_secure_installation

Securing the MySQL server deployment.

Enter password for user root: <– Enter the MySQL root password

VALIDATE PASSWORD PLUGIN can be used to test passwords
and improve security. It checks the strength of password
and allows the users to set only those passwords which are
secure enough. Would you like to setup VALIDATE PASSWORD plugin?

Press y|Y for Yes, any other key for No: <– Press y if you want this function or press Enter otherwise.
Using existing password for root.
Change the password for root ? ((Press y|Y for Yes, any other key for No) : <– Press enter

… skipping.
By default, a MySQL installation has an anonymous user,
allowing anyone to log into MySQL without having to have
a user account created for them. This is intended only for
testing, and to make the installation go a bit smoother.
You should remove them before moving into a production
environment.

Remove anonymous users? (Press y|Y for Yes, any other key for No) : <– y
Success.

Normally, root should only be allowed to connect from
‘localhost’. This ensures that someone cannot guess at
the root password from the network.

Disallow root login remotely? (Press y|Y for Yes, any other key for No) : <– y
Success.

By default, MySQL comes with a database named ‘test’ that
anyone can access. This is also intended only for testing,
and should be removed before moving into a production
environment.

Remove test database and access to it? (Press y|Y for Yes, any other key for No) : <– y
– Dropping test database…
Success.

– Removing privileges on test database…
Success.

Reloading the privilege tables will ensure that all changes
made so far will take effect immediately.

Reload privilege tables now? (Press y|Y for Yes, any other key for No) : <– y
Success.

All done!

MySQL is secured now.

3 Installing Nginx

In case that you have installed Apache2 already, then remove it first with these commands & then install nginx:

service apache2 stop
update-rc.d -f apache2 remove
apt-get remove apache2

Nginx is available as a package for Ubuntu 16.04 which we can install.

apt-get -y install nginx

Start nginx afterwards:

service nginx start

Type in your web server’s IP address or hostname into a browser (e.g. http://192.168.1.100), and you should see the following page:

The Ubuntu Nginx default page.

The default nginx document root on Ubuntu 16.04 is /var/www/html.

 

4 Installing PHP 7

We can make PHP work in nginx through PHP-FPM (PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites of any size, especially busier sites) which we install as follows:

apt-get -y install php7.0-fpm

PHP-FPM is a daemon process (with the init script php7.0-fpm) that runs a FastCGI server on the socket /run/php/php7.0-fpm.sock.

 

5 Configuring nginx

The nginx configuration is in /etc/nginx/nginx.conf which we open now:

nano /etc/nginx/nginx.conf

The configuration is easy to understand (you can learn more about it here: http://wiki.nginx.org/NginxFullExample and here: http://wiki.nginx.org/NginxFullExample2)

First (this is optional) adjust the keepalive_timeout to a reasonable value:

The virtual hosts are defined in server {} containers. The default vhost is defined in the file /etc/nginx/sites-available/default – let’s modify it as follows:

nano /etc/nginx/sites-available/default

server_name _; makes this a default catchall vhost (of course, you can as well specify a hostname here like www.example.com).

root /var/www/html; means that the document root is the directory /var/www/html.

The important part for PHP is the location ~ \.php$ {} stanza. Uncomment it to enable it.

Now save the file and reload nginx:

service nginx reload

Next open /etc/php/7.0/fpm/php.ini

nano /etc/php/7.0/fpm/php.ini

… and set cgi.fix_pathinfo=0:

Reload PHP-FPM:

service php7.0-fpm reload

Now create the following PHP file in the document root /var/www/html:

nano /var/www/html/info.php

Now we call that file in a browser (e.g. http://192.168.1.100/info.php):

PHP Info on Ubuntu with Nginx.

As you see, PHP 7 is working, and it’s working through FPM/FastCGI, as shown in the Server API line. If you scroll further down, you will see all modules that are already enabled in PHP. MySQL is not listed there which means we don’t have MySQL support in PHP yet.

 

6 Getting MySQL Support In PHP 7

To get MySQL support in PHP, we can install the php7.0-mysql package. It’s a good idea to install some other PHP modules as well as you might need them for your applications. You can search for available PHP modules like this:

apt-cache search php7.0

Pick the ones you need and install them like this:

apt-get -y install php7.0-mysql php7.0-curl php7.0-gd php7.0-intl php-pear php-imagick php7.0-imap php7.0-mcrypt php-memcache  php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettext

APCu is an extension for the PHP Opcache module that comes with PHP 7, it adds some compatibility features for software that supports the APC cache (e.g. WordPress cache plugins).

APCu can be installed as follows:

apt-get -y install php-apcu

Now reload PHP-FPM:

service php7.0-fpm reload

Now reload http://192.168.1.100/info.php in your browser and scroll down to the modules section again. You should now find lots of new modules there, including the MySQL module:

The PHP Modules have been installed.

 

7 Making PHP-FPM use a TCP Connection

By default PHP-FPM is listening on the socket /var/run/php/php7.0-fpm.sock. It is also possible to make PHP-FPM use a TCP connection. To do this, open /etc/php/7.0/fpm/pool.d/www.conf

nano /etc/php/7.0/fpm/pool.d/www.conf

… and make the listen line look as follows:

This will make PHP-FPM listen on port 9000 on the IP 127.0.0.1 (localhost). Make sure you use a port that is not in use on your system.

Then reload PHP-FPM:

php7.0-fpm reload

Next go through your nginx configuration and all your vhosts and change the line fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; to fastcgi_pass 127.0.0.1:9000;, e.g. like this:

nano /etc/nginx/sites-available/default

Finally, reload nginx:

service nginx reload

That’s it. The Nginx LEMP server is installed.

155 total views, no views today

Zerotier VPN bridge BASH script

Standard

 

166 total views, no views today

Step-by-step Guide On How To Setup OpenVPN From pfSense’s Web-GUI (USER/PASS Auth)

Standard

FROM: https://chubbable.com/setup-openvpn-pfsense


OpenVPN is the most simplest open source software out there that implements a secure virtual private networking (VPN) techniques to secure your connection, whether it be a site-to-site or point-to-point connection. It is comes built-in with pfSense router software and it’s simple to use and easy to configure. In this guide, you’ll gonna learn how to configure an OpenVPN server under pfSense’s long list of useful features and services. I will show you how you would configure a client machine to connect to the OpenVPN server, both under Windows and Linux machines. To start with this guide, you must have already

installed and configured your pfSense machine and that you already have a working local area network.

Part 1: Setting Up The Server

The first part of this guide will show you how to bring up the OpenVPN server instance using pfSense’s webConfigurator GUI. This method is by far the most easiest way to setup an VPN access server, compared to the command-line method of configuration. Take note that, version 2.1.4 release of pfSense was used for this guide.

  • Step 1: For the first step, you need to create a Certificate Authority that will be used to sign future user certificates. So whenever you create a new user certificate, this Certificate Authority shall be in charge in signing those newly created certificates. To do this, you must login to pfSense webConfigurator or admin web page, by accessing its IP address using a browser. So type in and press key. Login by supplying the correct data for the user and user-password. Upon logging in, navigate to Main Menu -> -> . Make sure you’re on the tab, to add a new CA (Certificate Authority), click on plus button. A new page should open, now fill up the necessary fields.

    This is how I did:

    • Method – Create an internal Certificate
    • Descriptive name – MyCA
    • Method – Create an internal Certificate Authority
    • Key length – 2048 bits
    • Digest Algorithm – SHA256
    • Lifetime – 3650
    • Common Name – Internal-CA

Those are the most important fields to fill up on this page. But don’t miss to fill up the Country Code, State or Province, City, Organization and Email Address. Enter what’s applicable to you. Save your settings by clicking the

button. You should see a page similar to the image shown below.

[/crayon]

pfSense OpenVPN CA Certificate Setup - Image 1

pfSense OpenVPN CA Certificate Setup - Image 2

pfSense OpenVPN CA Certificate Setup - Image 3

  • Step 2: While still on the tab, add another certificate by clicking the plus button. This process is similar to the steps you took under Step 1. But this time, you’ll be creating a for OpenVPN Server. Click the add button again and fill up the necessary fields like so:
    • Method – Create an internal Certificate
    • Descriptive name – MyOpenVPN-Server-Cert
    • Certificate authority – MyCA
    • Key length – 2048 bits
    • Digest Algorithm – SHA256
    • Certificate Type – Server Certificate
    • Lifetime – 3650
    • Common Name – ovpn.chubbable.com

    Note: Substitute the values with your own data. Fill up the other fields; Country Code, State or Province, City, Organization and Email Address. Then to save your settings. You should see a page similar to the image shown below. Reference Image:

    CA Certificated Created

  • Step 3: The third step you should take is to create a new user account for the VPN client to use. While still on page, do the next step below. Navigate to Main Menu -> -> . Reference Image:
    OpenVPN Setup - Step 3

    You should be now at the

    page. On this page, create a new user by clicking plus

    button, you should be taken to a new page where you should enter the details of the new user account. Fill up the

    field,

    fields twice, Full name, Expiration date (blank = no expiration). In my case, I named my first user account as

    .

    Note: Remember to create a corresponding certificate for this user.

    Tick the check-box next to

    dialog. It should expand and let’s you fill the necessary fields to create a new user certificate.

    Fill up the

    field. Make it similar with your user account name. In my case, I named my first VPN user account as

    , while I put

    as my certificate

    . Fill up

    , but this should be automatically filled showing an entry that you’ve previously made from step 1, the Certificate Authority (CA). So in this case,

    should show up here. Select a

    for the certificate, in my case I chose

    .

    Reference Image:

    OpenVPN Setup - Step 3b

    Finally, save your settings by clicking the

    button. You should see a screen similar to the image shown below.

    Reference Image:

    OpenVPN Setup - Step 3c

  • Step 4: Next you should install the from the package manager page. Take the next steps below. Navigate to main menu -> -> -> . You should see a list of available packages. Now scroll further down below and look for the package name . To install the package, click the add button and you should be taken to a new sub-page. Click the button to start the installation. You should see a screen similar to this one. Reference Images:
    pfSense OpenVPN Setup - Step 4a

    pfSense OpenVPN Setup - Step 4b

    pfSense OpenVPN Setup - Step 4c

    pfSense OpenVPN Setup - Step 4d

    You’ll have a hint about the progress of the install process by watching your screen. Upon successful installation, you should see a message

    .

  • Step 5: While still logged in, navigate to main menu then

    ->

    . Reference Image:

    pfSense OpenVPN Seteup - Step 5a

    You should be now on the OpenVPN Server page, now click the

    tab, to start a wizard-assisted configuration. A new page should open, entitled

    . On this page, select

    for

    , then click

    . Reference Image:

    pfSense OpenVPN Setup - Step 5c

    On the next page, choose a Certificate Authority (CA). Select the CA you’ve previously created from step 1 of this guide. In this case, it’s the

    . Click Next to continue. The next page should ask you to choose a Server Certificate. You had created this already from step 2 above, and in this case it’s the

    . In case you named it like you wished, then choose that entry as your server certificate. Then click Next when done.

    The next page contains a long list of field set. The first field set that you should see is the

    field set. This is how I filled those up. General OpenVPN Server Information:

    • Interface = LAN
    • Protocol = UDP
    • Local Port = 1194
    • Description = MYOpenVPN-Server-LAN

    Note: The Interface settings is typically set to WAN, but if you have a Dynamic IP address, your VPN connection will break if your IP address changes. So it’s better to set it to LAN if you only intend to use OpenVPN within your Local Area Network.

    For a site-to-site implementation of OpenVPN, Interface should be set to WAN. Cryptographic Settings:

    • Cryptographic Settings = Enable authentication of TLS packets – CHECKED
    • Generate TLS Key = Automatically generate a shared TLS authentication key = CHECKED
    • DH Parameters Length = 2048
    • Encryption Algorithm = AES-256-CBC (256-bit)
    • Hardware Crypto = No Hardware…

    Tunnel Settings:

    • Tunnel Network = 10.0.1.0/24
    • Redirect Gateway = Force all client generated traffic through the tunnel = CHECKED
    • Local Network = 192.168.1.0/24 > Note: Leave Local Network blank if you don’t want to add a route to your LAN, using this VPN tunnel.
    • Concurrent Connections = 10
    • Compression = CHECKED

    Client Settings:

    • Dynamic IP = CHECKED
    • Address Pool = CHECKED

    Note: Other fields that were not mentioned here, were left blank. After filling those necessary fields, click next to advance to the next page. The next page should be the

    . This is what I did to this page.

    • Firewall Rule = CHECKED
    • OpenVPN Rule = CHECKED

    After doing the above step, click NEXT and then finally, click FINISH. You should be taken back to the Server` tab.

    At this point, you’ve already configured a working OpenVPN Server in pfSense. Next step will be to export your user config files for your chosen VPN client. A client could be a Windows machines, Android Devices, Mac or Linux machines. You need to export the client configuration file by downloading the file from pfSense’s webConfigurator page, using OpenVPN Client Export utility. Read Part 2 of this guide to learn how to export your configuration files for specific VPN clients.

Part 2: Client Config Files Export & Client Connection

Now that you’ve set up an OpenVPN Server, it’s for you to test it and let your chosen client machine connects to it. This part of the guide has sub-parts, broken according to client types. So you will learn how to connect from Windows and Linux based machines.

Connecting From Linux Clients

For this guide, I’m going to show you how you would connect from a Linux-Mint-based machine.

  • Step 1: Login to pfSense webConfigurator and navigate to main menu, then go to -> -> tab. You should be now on the Client Export Utility page.

    This is how I’ve set up my client before exporting it for my Linux Mint machine:

    • Remote Access Server = MyOpenVPN-Server-LAN UDP:1194 > Note: This is the name of the OpenVPN server instance that you’ve configured from step 5 above, under General OpenVPN Server Information -> Description. If you named it otherwise, then it should appear from the drop-down menu.
    • Host Name Resolution = Interface IP Address
    • Verify Server CN = Automatic – Use verify-x509-name (OpenVPN 2.3+) where possible
    • Use Random Local Port = CHECKED
    • Certificate Export Options = Use a password to protect the pkcs12 file contents or key in Viscosity bundle – CHECKED

    Then enter your desired password.

    This is an additional password on top of your pfSense user-password. And that’s it. I left other fields untouched. Scroll further down below ’till you reach the

    block. Look for the user-name you wish to export this configuration from.

    Under the

    column, click

    text link just below the

    text. It should let you download the configuration files in ZIP format. Choose the location where you want to save it and keep note of this. Save the file and extract it after. You should find three files similar to the ones listed below:

    • vpn-user-name.ovpn
    • vpn-user-name-tls.key
    • vpn-user-name.p12

    Note: vpn-user-name should be your OpenVPN account user-name that you were exporting from.

  • Step 2: For this step, I think it’s better to teach you this by showing a video guide. So watch this video guide on how to connect from Linux Mint 17. Make sure you have the package installed on your Linux Mint 17 instance. You won’t see the OpenVPN Import dialog if you haven’t installed this yet. To install this package, open a terminal and type: And proceed with the steps shown from the video guide.

Connecting From Windows Clients

Connecting to pfSense-based OpenVPN server from a Windows client is very straight-forward. I decided to show you a quick video guide on how to do this. Windows XP was used in the guide, but it’s also applicable to Windows Vista/7/8. Prior to exporting the configuration file, make sure you have set following from the Client Export utility page: Host Name Resolution = Interface IP Address

  • Verify Server CN = Automatic – Use verify-x509-name (OpenVPN 2.3+) where possible
  • Use Random Local Port = CHECKED
  • Certificate Export Options = Use Microsoft Certificate Storage instead of local files
  • Certificate Export Options = Use a password to protect the pkcs12 file contents or key in Viscosity bundle – CHECKED

Watch the mini-video guide:

That’s a Wrap

I hope you now know how to setup your OpenVPN server. It’s not that difficult really when you set it under pfSense, since it takes care all the tasks involve during your VPN setup. Creating your client certificate is done in no time, just point and click and you’re done. Thanks to pfSense! But if you still having issues with your setup, please feel free to ask about it and put your comments below. Till next time, and hope you enjoyed this guide.

135 total views, 1 views today

Getting a list of logical and physical drives from the command line

Standard

It’s often useful to know what logical and physical drives are available to Windows, and sometimes this needs to be done from the command line.

Logical drives

Here’s a handy command to return a list of logical drives in Windows.

The Win32_LogicalDisk WMI class represents a data source that resolves to an actual local storage device on a computer system running Windows. While Caption, Description, DriveType, ProviderName, and VolumeName are useful in most cases, more properties are available, and a complete list is available at http://msdn.microsoft.com/en-us/library/windows/desktop/aa394173(v=vs.85).aspx. The output will be formatted as a table, the properties will be the column headings, and they will be placed into alphabetical order.

Caption is the drive letter of the logical disk. The Name property also returns the drive letter.

Description is the type of disk. For example: Local Fixed Disk, CD-ROM Disc, or Removable Disk.

DriveType is returned as an integer that corresponds to the type of disk drive the logical disk represents (and this matches the Description, making DriveType sort of superfluous).

0 = Unknown
1 = No Root Directory
2 = Removable Disk
3 = Local Disk
4 = Network Drive
5 = Compact Disc
6 = RAM Disk

ProviderName is the network path to the logical device.

VolumeName is the volume name of the logical disk.

Physical drives

And here is a command to return a list of physical drives.

The Win32_DiskDrive WMI class represents a physical disk drive as seen by a computer running Windows. Like the Win32_LogicalDisk WMI class, it has lots of properties, as listed at http://msdn.microsoft.com/en-us/library/windows/desktop/aa394132(v=vs.85).aspx.

For simplicity, though, and ease of reading in command window, wmic diskdrive list brief /format:list does the trick, particularly in combination with wmic logicaldisk.

189 total views, no views today

Shutdown or Wake Up a PC on a LAN

Standard

FROM: http://ccm.net/faq/9200-shutdown-or-wake-up-a-pc-on-a-lan


Shutdown or Wake Up a PC on a LAN

In addition to serving as a host, a LAN (or local area network) also gives users a certain amount of control over the PCs that are connected to a network. Included in this is the ability to turn a computer on or off from a remote location.

This article will explain how to use the Shutdown command to turn off a computer remotely as well as how to use the WakeOnLan standard to wake or boot a PC.

This method was tested using a Windows XP Professional computer.

Remotely Shutdown a Computer on a LAN

In order to control a computer remotely, please note that you must be connected to the same local network as the target PC. You must also know the username and password required for login.

The first step is to open TCP port 445 on the target computer. To do this, open your Start menu and then go to Settings > Control Panel > Security Center.

Open Windows Firewall and click the Exceptions tab.

Select the line that reads File Sharing and printers and press OK. If this line is missing, click Add Port and choose TCP port 445 .

Next, head to Start > Settings > Control Panel > System. Select the Remote tab and check the option that reads Allow users to connect remotely to this computer.

It is now time to open the command prompt.

Head to Start/Run or use the keyboard shortcut Windows + R. Next, type cmd and then hit OK. This will open your command prompt.

To obtain the necessary rights to run a shutdown command on the target machine, you must first run the net use command. Use the Windows + R keyboard shortcut and then enter net use \\ip_address_of_target_machine. Enter an administrator username and password for the target computer to connect to the target PC.

Once connected to the target PC, we can run the shutdown command. An example of the command is given below, whereby instructions are given for the target computer to close all active applications and shutdown after 30 seconds of inactivity. Please note that you can substitute any of the variables according to your network or PC specifics:

-s: Shutdown the PC

-f: Force active applications to close without warning

-t xx: Set a countdown in seconds

-m \\xxx.xxx.xxx.xxx: The IP address of the target computer


The GUI is available by typing shutdown -i.

For any additional information about this command, type shutdown /?.

The WakeOnLAN Command

WakeOnLAN, as the name already suggests, is a tool that can boot or wake a computer by sending a Magic Packet to the network adapter of the target computer. It is important to note that not all network cards and BIOS are compatible with, or support, the use of Magic Packet.

In order to use the WakeOnLAN command, you must be connected to the same local area network (LAN) as the target computer. Knowledge of the physical location (MAC) and IP address of the target computer is also required.

Retrieve IP and MAC Address

The first step is to retrieve the IP address and MAC address of the target computer. To do this, go to Start/Run or use the keyboard shortcutWindows + R and type cmd > OK.

The command prompt will open. Now type ipconfig /all:


Copy the IP and physical (MAC) address of the target PC.

Compatibility Checks

It’s now time to check if your network card is compatible with Magic Packets. To do this, right-click on My Computer and click Manage. Next, go to Device Manager/Network Cards and do a right-click on your Network Card. Then click Properties.

Do a search for the following words and verify that all options that relate to them are currently active: Magic Packet, Wake On Magic Packet, Wake On Lan, or Wake. If none of these words appear, you may be required to update the drivers for your Network Card.

To see if your computer is BIOS compatible, enter the BIOS when you start the computer. You can do this by pressing ESC, F2, F5, F12 or DEL (depending on your system).

Once in the BIOS, go Power Options and enable Wake-On-LAN, or any similar option:


Open Port 8900

You can open Port 8900 in the same way as you would Port 445.

Wake On LAN (WOL)

Start by downloading the Symantec WOL tool on the source computer. Launch the tool and then fill in the empty fields using the information gathered above.

Mac Address: MAC address (the target machine)

Internet Address: Local IP address (target machine)

Subnet Mask: 255.255.255.255

Send Options: Local Subnet

Remote Port Number: 8900

Click the button: Wake Me Up

Once the packet has been received, the target computer will boot:

255 total views, no views today