How to Setup Varnish HTTP Cache on an Ubuntu

Featured

December 20, 2019 in Tips and Tricks, Ubuntu

How to Setup Varnish HTTP Cache on an Ubuntu

Varnish Cache is a web application accelerator that can be used as a proxy to your Apache web server. The open-source software sits in front of your web server to serve web traffic very fast. If you are running multiple servers, Varnish Cache can also be used as a load balancer.

Varnish works by caching regularly requested web content on the system memory, and this ensures faster information retrieval if the same information is asked for several times.

$ sudo apt-get install varnish

By default, Apache listens on port 80 for HTTP traffic. We need to make some changes here. Instead of the default settings, Varnish will instead listen on port 80  and forward all traffic to Apache web server which we will configure to listen on port 8080. 

$ sudo nano /etc/apache2/ports.conf
Listen 8080
<IfModule ssl_module>
        Listen 443
</IfModule>
<IfModule mod_gnutls.c>
        Listen 443
</IfModule>

Press CTRL + Xand hit Enter to save the file once you make the changes.
Next, edit the default Apache Virtual Host to listen to port 8080 too: 

$ sudo service apache2 restart

 Configure Varnish HTTP Cache to listen on port 80

Next we will configure Varnish to listen on port 80 and forward all requests to our Apache web server.

We can do this by editing Varnish configuration file /etc/default/varnish

$ sudo nano  /etc/default/varnish
DAEMON_OPTS="-a :80 \
             -T localhost:6082 \
             -f /etc/varnish/default.vcl \
             -S /etc/varnish/secret \
             -s malloc,256m"

Then, press CTRL + Xand hit Enter to save the file.

Next, check the file ‘/etc/varnish/default.vcl’ using a nano text editor. You should see the below content and this means Varnish will forward http traffic to port 8080:

$ sudo nano /etc/varnish/default.vcl

File contents:

# Default backend definition. Set this to point to your content server.
backend default {
.host = "127.0.0.1";
.port = "8080";
}

We also need to edit the port on the file /lib/systemd/system/varnish.service’ file. To do so, type the command below:

$ sudo nano /lib/systemd/system/varnish.service

Change the default port from 6081 to 80 as shown below 

[Unit]
Description=Varnish HTTP accelerator
Documentation=https://www.varnish-cache.org/docs/4.1/ man:varnishd
[Service]
Type=simple
LimitNOFILE=131072
LimitMEMLOCK=82000
ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f$
ExecReload=/usr/share/varnish/varnishreload
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target

Then, press CTRL + Xand hit Enter to save the file.

Restart Apache, Varnish, and the Systemd Daemon

$ sudo systemctl restart apache2
$ sudo systemctl daemon-reload
$ sudo systemctl restart varnish

If the setup was successful, Varnish will now be the default HTTP Listener on port 80.

Testing the Setup

You can now try visiting your server one more time on a web browser:

http://public_ip_adress
or
http://example.com

The server traffic should now be handled by Varnish HTTP Cache software and forwarded to Apache.

To make sure that Varnish is working, use the curl command for verification purposes:

$ curl -I server_ip_address

You should get an output similar to the below text. If you see the line ‘Via: 1.1 varnish (Varnish/5.2)’, then Varnish is working like expected. 

HTTP/1.1 200 OK
Date: Thu, 05 Jul 2018 20:56:11 GMT
Server: Apache/2.4.29 (Ubuntu)
Last-Modified: Fri, 29 Jun 2018 07:19:34 GMT
Vary: Accept-Encoding
Content-Type: text/html
X-Varnish: 7
Age: 0
Via: 1.1 varnish (Varnish/5.2)
ETag: W/"2aa6-56fc2ab77545d-gzip"
Accept-Ranges: bytes
Connection: keep-alive

December 11, 2019 in Php, Tips and Tricks, Ubuntu

How to check my phpmyadmin is secure on ubuntu server?

Useful Tips to Secure PhpMyAdmin Login Interface

  1. Change Default PhpMyAdmin Login URL
/etc/phpmyadmin/apache.conf

------------ On CentOS/RHEL and Fedora ------------ 
# vi /etc/httpd/conf.d/phpMyAdmin.conf

------------ On Debian and Ubuntu ------------ 
# /etc/phpmyadmin/apache.conf

Then add a new one as follows:
# Alias /phpmyadmin /usr/share/phpmyadmin
Alias /my /usr/share/phpmyadmin

------------ On Debian and Ubuntu ------------ 
# echo "Include /etc/phpmyadmin/apache.conf" >> /etc/apache2/apache2.conf
     ------------ On CentOS/RHEL and Fedora ------------ 
# systemctl restart nginx
# systemctl restart php-fpm

------------ On CentOS/RHEL and Fedora ------------ 
# systemctl restart httpd

------------ On Debian and Ubuntu ------------ 
# systemctl restart apache2

------------ On Debian and Ubuntu ------------ 
# systemctl restart nginx
# systemctl restart php5-fpm
  1. Enable HTTPS on PhpMyAdmin

  1. Password Protect on PhpMyAdmin
Add these lines to the Apache configuration file (/etc/apache2/sites-available/000-default.conf or /etc/httpd/conf/httpd.conf):

/etc/apache2/sites-available/000-default.conf – On Ubuntu
<Directory /usr/share/phpmyadmin>
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/apache2/.htpasswd
    Require valid-user
</Directory>
/etc/httpd/conf/httpd.conf – On CentOS
 
<Directory /usr/share/phpmyadmin>
    AuthType Basic
    AuthName "Restricted Content"
    AuthUserFile /etc/httpd/.htpasswd
    Require valid-user
</Directory>
Then use htpasswd to generate a password file for an account that will be authorized to access the phpmyadmin login page. We will use /etc/apache2/.htpasswd and tecmint in this case:

---------- On Ubuntu/Debian Systems ---------- 
# htpasswd -c /etc/apache2/.htpasswd tecmint

---------- On CentOS/RHEL Systems ---------- 
# htpasswd -c /etc/httpd/.htpasswd tecmint
Enter password twice and then change the permissions and ownership of the file. This is to prevent anyone not in the www-data or apache group from being able to read .htpasswd:

# chmod 640 /etc/apache2/.htpasswd

---------- On Ubuntu/Debian Systems ---------- 
# chgrp www-data /etc/apache2/.htpasswd 

---------- On CentOS/RHEL Systems ---------- 
# chgrp apache /etc/httpd/.htpasswd 
Open your phpmyadmin url and you’ll see the authentication dialog before accessing the login page.
  1. Disable root Login to PhpMyAdmin
/etc/phpmyadmin/config.inc.php
/* Authentication type */
$cfg['Servers'][$i]['auth_type'] = 'cookie';
$cfg['Servers'][$i]['AllowRoot'] = false;

------------- On CentOS/RHEL Systems -------------
# systemctl restart httpd.service

------------- On Debian/Ubuntu Systems -------------
# systemctl restart apache2.service
  1. Prevent remote usage of phpmyadmin

  1. Change password frequently

  1. Check configuration /etc/phpmyadmin

December 11, 2019 in Tips and Tricks, Ubuntu

How To Set Up/Enable a Firewall with UFW on Ubuntu

UFW, or Uncomplicated Firewall, is an interface to iptables

Prerequisites

To follow this tutorial, you will need:

UFW is installed by default on Ubuntu. If it has been uninstalled for some reason, you can install it with sudo apt install ufw.

$ sudo nano /etc/default/ufw

Then make sure the value of IPV6 is yes. 

$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow ssh
$ sudo ufw allow 22
$ sudo ufw enable
$ sudo ufw allow 80
$ sudo ufw allow 443
$ sudo ufw allow 6000:6007/tcp
$ sudo ufw allow 6000:6007/udp
$ sudo ufw allow from 203.0.113.4
$ sudo ufw allow from 203.0.113.4 to any port 22
$ sudo ufw allow from 203.0.113.0/24
$ sudo ufw allow from 203.0.113.0/24 to any port 22
$ sudo ufw deny http
$ sudo ufw deny from 203.0.113.4
$ sudo ufw status numbered
$ sudo ufw delete 2
$ sudo ufw delete allow http
$ sudo ufw delete allow 80
$ sudo ufw status verbose
$ sudo ufw disable
$ sudo ufw reset

November 18, 2019 in News, Ubuntu

just empty the file with:

sudo truncate -s 0 /var/lib/ubuntu-release-upgrader/release-upgrade-available

November 13, 2019 in Tips and Tricks, Ubuntu

Reduce system reboots and improve kernel security.

Canonical Livepatch Service

Apply critical kernel patches without rebooting.

  • Fixes are applied automatically, without restarting your system
  • Reduces downtime, keeping your Ubuntu LTS systems secure
    and compliant
  • Included as part of all Ubuntu Advantage for Infrastructure
    support packages

Livepatch is like a dream come true, both from a technical and a business standpoint. Our Ubuntu systems now rarely or never have to be rebooted. Service is continuous. That makes a big difference for user and customer satisfaction and loyalty.Masaaki Hirose, IT Platform Department, DeNA

Free for personal use

All you need is an Ubuntu One account. Free for 3 machines.

Get Livepatch

how to remove live patch from ubuntu

$ sudo snap remove canonical-livepatch

November 7, 2019 in MySql, Tips and Tricks, Ubuntu

change mysql password

Stop the MySQL service

(Ubuntu and Debian) Run the following command:

sudo /etc/init.d/mysql stop

(CentOS, Fedora, and Red Hat Enterprise Linux) Run the following command:

sudo /etc/init.d/mysqld stop

Start MySQL without a password

Run the following command. The ampersand (&) at the end of the command is required.

sudo mysqld_safe --skip-grant-tables &

Connect to MySQL

Run the following command:

mysql -uroot

Set a new MySQL root password

Run the following command:

use mysql;

update user set authentication_string=PASSWORD("mynewpassword") where User='root';

flush privileges;

quit

Stop and start the MySQL service

(Ubuntu and Debian) Run the following commands:

sudo /etc/init.d/mysql stop
...
sudo /etc/init.d/mysql start

(CentOS, Fedora, and Red Hat Enterprise Linux) Run the following commands:

sudo /etc/init.d/mysqld stop
...
sudo /etc/init.d/mysqld start

Log in to the database

Test the new password by logging in to the database.

mysql -u root -p

Enter your new password when prompted.

October 31, 2019 in News, Ubuntu

install composer globally ubuntu

Composer is a dependency manager for PHP (similar to npm for Node.js or pip for Python). Composer will pull in all the required PHP packages your project depends on and manage them for you.

In this tutorial, we’ll show you how to install and use Composer on an Ubuntu 18.04 machine. The same steps can be used for Ubuntu 16.04.

Prerequisites

Before continuing with this tutorial, make sure you are logged in as a user with sudo privileges and you have PHP installed on your Ubuntu 18.04 system.

Installing PHP Composer

To install Composer on your Ubuntu system, perform the following steps:

  1. Before downloading and installing Composer, first update the packages index and install the necessary requirements:
$ sudo apt update
$ sudo apt install wget php-cli php-zip unzip

2. Now that we have php cli installed on our machine, we can download the composer installer with: 

$ php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"

The command above will download the composer-setup.php file in the current working directory.

3. Next, we need to verify the data integrity of the script by comparing the script SHA-384 hash with the latest installer hash found on the Composer Public Keys / Signatures page.

We will use the following wget command to download the expected signature of the latest Composer installer from the Composer’s Github page and store it in a variable named HASH:

$ HASH="$(wget -q -O - https://composer.github.io/installer.sig)"

Now run the following command to verify that the installation script is not corrupted: 

php -r "if (hash_file('SHA384', 'composer-setup.php') === '$HASH') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;"

If the hashes match, you will see the following output: 

output:

Installer verified

If the hashes don’t match you will see Installer corrupt. In this case you will need to redownload the Composer installation script and double check the value of the $HASH variable with echo $HASH. Once the installer is verified, you can continue with the next step.

4. The following command will install Composer in the /usr/local/bin directory:

$ sudo php composer-setup.php --install-dir=/usr/local/bin --filename=composer
output:

All settings correct for using Composer
Downloading...

Composer (version 1.8.5) successfully installed to: /usr/local/bin/composer
Use it: php /usr/local/bin/composer

The composer is installed as a system-wide command and it will be available for all users.

5. The last step is to verify the installation:

$ composer

The command above, will print the Composer’s version, commands and arguments. 

output:

______
/ ____/___  ____ ___  ____  ____  ________  _____
/ /   / __ \/ __ `__ \/ __ \/ __ \/ ___/ _ \/ ___/
/ /___/ /_/ / / / / / / /_/ / /_/ (__  )  __/ /
\____/\____/_/ /_/ /_/ .___/\____/____/\___/_/
                    /_/
Composer version 1.8.5 2019-04-09 17:46:47

Usage:
    command [options] [arguments]

October 29, 2019 in Learning, Tips and Tricks, Ubuntu

How to Change the Username of a Linux Account

Linux is a multi-user operating system. Each account on the system has a unique username. This is the name the user uses to log in to the system. It is also the name of the user’s home directory. Every Linux distribution uses the “usermod” command to modify user accounts. This includes changing the user name for a particular account. The “usermod” command can only be used by the root user. The root user can modify every account that accesses the operating system.

Step 1

Click on the main “Applications” or “Programs” menu.

Step 2

Click on the “Terminal” or “Konsole” menu option to open a terminal window and access the command prompt.

Step 3

Type the command “su -” to become the root user. Ubuntu and Linux Mint users type “sudo” before the following command.

Step 4

Type the command “usermod -l new_user login” to change the user name for an account. Replace “new_user” with the new username for the account. Replace “login” with the current username for the account.

Step 5

Type the command “exit” to close the root session.

October 9, 2019 in News, Ubuntu

add swap space ubuntu

I increased/add the swap size to 8 GB with the following sequence ( If you look at your system monitor swap space you will see Ubuntu emptying out your swap space as you run the first command): 

sudo swapoff /swapfile
sudo fallocate -l 8G /swapfile
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

Verify it: 

 sudo swapon --show
 free -m

Make it permanent: 

echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab

September 19, 2019 in MySql, Php, Tips and Tricks, Ubuntu

Complete Web Server Setup(Apache2, php, mysql, phpmyadmin)

$ sudo apt-get update
$ sudo apt-get install apache2
$ sudo ufw app list
$ sudo ufw allow 'Apache Full'
$ sudo ufw status
$ sudo systemctl status apache2
$ hostname -I
$ sudo apt-get install curl

Manage the Apache Process

$ sudo systemctl stop apache2
$ sudo systemctl start apache2
$ sudo systemctl restart apache2
$ sudo systemctl reload apache2
$ sudo systemctl disable apache2
$ sudo systemctl enable apache2

How to install PHP

$ apt-get update
$ apt-get upgrade
$ apt-get install php
$ php -v
$ apt-get install php-pear php-fpm php-dev php-zip php-curl php-xmlrpc php-gd php-mysql php-mbstring php-xml libapache2-mod-php
$ apt-cache search --names-only ^php
$ systemctl restart apache2

How To Install MySQL 

$ sudo apt update
$ sudo apt install mysql-server
$ sudo mysql_secure_installation
$ sudo mysql -u root -p
$ sudo systemctl status mysql.service

How To Install and Secure phpMyAdmin 

$ sudo apt update
$ sudo apt install phpmyadmin php-mbstring php-gettext
ON UBUNTU 20
$ sudo apt install phpmyadmin php-mbstring php-zip php-gd php-json php-curl

If Error

mysql> UNINSTALL COMPONENT "file://component_validate_password";

After phpmyadmin installation 

mysql> INSTALL COMPONENT "file://component_validate_password";
$ sudo phpenmod mbstring
$ sudo systemctl restart apache2

Grant Permissions in MySQL

mysql> GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost';
mysql> FLUSH PRIVILEGES;

Enabling mod_rewrite

$ sudo nano /etc/apache2/apache2.conf
$ sudo nano /etc/apache2/sites-available/000-default.conf


<Directory /home/ubuntu/public_html/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>


$ sudo a2enmod rewrite
$ sudo systemctl restart apache2

Install and Secure Redis on Ubuntu 18.04

$ sudo apt update
$ sudo apt install redis-server
$ sudo nano /etc/redis/redis.conf
$ sudo systemctl restart redis.service

Testing Redis

$ sudo systemctl status redis
Note: This setting is desirable for many common use cases of Redis. If, however, you prefer to start up Redis manually every time your server boots, you can configure this with the following command:

$ sudo systemctl disable redis
$ redis-cli
127.0.0.1:6379> ping
127.0.0.1:6379> set test "It's working!"
127.0.0.1:6379> get test
127.0.0.1:6379> exit
$ sudo systemctl restart redis

enable/disable site in ubuntu

a2ensite, a2dissite - enable or disable an apache2 site / virtual host

DESCRIPTION

This manual page documents briefly the a2ensite and a2dissite commands.

       a2ensite  is  a  script  that  enables  the specified site (which contains a <VirtualHost>
       block) within the apache2  configuration.   It  does  this  by  creating  symlinks  within
       /etc/apache2/sites-enabled.   Likewise,  a2dissite  disables  a  site  by  removing  those
       symlinks.  It is not an error to enable a site which is already enabled, or to disable one
       which is already disabled.

       Apache  treats the very first virtual host enabled specially as every request not matching
       any actual directive is being redirected there. Thus it should be  called  000-default  in
       order to sort before the remaining hosts to be loaded first.

OPTIONS

 -q, --quiet
              Don't show informative messages.

       -m, --maintmode
              Enables  the  maintainer  mode,  that  is  the  program  invocation  is effectuated
              automatically by a maintainer script. This switch should not be used by end users.

       -p, --purge
              When disabling a module, purge all traces of the module in the internal state  data
              base.

EXIT STATUS

       a2ensite  and  a2dissite  exit with status 0 if all sites are processed successfully, 1 if
       errors occur, 2 if an invalid option was used.

EXAMPLES

              a2dissite 000-default

       Disables the default site.

FOR Enable SSL Module 

 sudo a2enmod ssl
 sudo a2ensite default-ssl

FILES

       /etc/apache2/sites-available
              Directory with files giving information on available sites.

       /etc/apache2/sites-enabled
              Directory with links to the files in sites-available for enabled sites.

header set not working in ubuntu

$ sudo a2enmod headers
$ sudo service apache2 reload

after that write bellow config in your .htaccess file


 Header set X-XSS-Protection "1; mode=block"
  Header set X-Content-Type-Options nosniff