• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • Create a VM ($25 Credit)
  • Buy a Domain
  • 1 Month free Back Blaze Backup
  • Other Deals
    • Domain Email
    • Nixstats Server Monitoring
    • ewww.io Auto WordPress Image Resizing and Acceleration
  • About
  • Links

IoT, Code, Security, Server Stuff etc

Views are my own and not my employer's.

Personal Development Blog...

Coding for fun since 1996, Learn by doing and sharing.

Buy a domain name, then create your own server (get $25 free credit)

View all of my posts.

  • Cloud
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • How to buy a new domain and SSL cert from NameCheap, a Server from Digital Ocean and configure it.
    • Setting up a Vultr VM and configuring it
    • All Cloud Articles
  • Dev
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • How to setup pooled MySQL connections in Node JS that don’t disconnect
    • NodeJS code to handle App logins via API (using MySQL connection pools (1000 connections) and query parameters)
    • Infographic: So you have an idea for an app
    • All Development Articles
  • MySQL
    • Using the free Adminer GUI for MySQL on your website
    • All MySQL Articles
  • Perf
    • PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • Measuring VM performance (CPU, Disk, Latency, Concurrent Users etc) on Ubuntu and comparing Vultr, Digital Ocean and UpCloud – Part 1 of 4
    • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
    • Setting up a website to use Cloudflare on a VM hosted on Vultr and Namecheap
    • All Performance Articles
  • Sec
    • Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
    • Using OWASP ZAP GUI to scan your Applications for security issues
    • Setting up the Debian Kali Linux distro to perform penetration testing of your systems
    • Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
    • PHP implementation to check a password exposure level with Troy Hunt’s pwnedpasswords API
    • Setting strong SSL cryptographic protocols and ciphers on Ubuntu and NGINX
    • Securing Google G Suite email by setting up SPF, DKIM and DMARC with Cloudflare
    • All Security Articles
  • Server
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • All Server Articles
  • Ubuntu
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • Useful Linux Terminal Commands
    • All Ubuntu Articles
  • VM
    • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
    • All VM Articles
  • WordPress
    • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
    • Installing and managing WordPress with WP-CLI from the command line on Ubuntu
    • How to backup WordPress on a host that has CPanel
    • Moving WordPress to a new self managed server away from CPanel
    • Moving a CPanel domain with email to a self managed VPS and Gmail
    • All WordPress Articles
  • All

on

Adding HTTPS to Apache on OSX High Sierra

December 18, 2017 by Simon

This guide will help you create and install a self-signed SSL certificate in Apache on OSX (High Sierra) to aid local SSL/HTTPS development.

UPDATE: Nov 21st 2018 – This works on OSX Mojave too.

I usually force HTTPS traffic on everything I develop (see code below in PHP).  This PHP code will direct all HTTP requests to HTTPS.

if ($_SERVER['SERVER_NAME'] == "www.yourserver.com") {
	  if (! isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off' ) {
	          $redirect_url = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
	          header("Location: $redirect_url");
	          exit();
	  }
}

Also, you can deny non-https traffic in NGINX with online servers by editing your/etc/nginx/sites-available/default file

sudo nano /etc/nginx/sites-available/default

Add this to your Nginx sites available file (above) to force SSL at the web server.

if ($scheme != "https") {
     return 301 https://$host$request_uri;
}

You can also deny port 80 connections in your firewall and NGINX if you don’t trust the directive(s) above.

Apache Configuration (sor https)

Edit httpd.conf

sudo nano /private/etc/apache2/httpd.conf

Uncomment lines with these text strings in httpd.conf

"socache_shmcb_module" (

or “LoadModule socache_shmcb_module libexec/apache2/mod_socache_shmcb.so”

)
"ssl_module" (

or “LoadModule ssl_module libexec/apache2/mod_ssl.so”

)

I had to find my and “httpd.conf” file

sudo find / -name "httpd.conf"
/private/etc/apache2/httpd.conf

Find your “httpd-ssl.conf” file

sudo find / -name "httpd-ssl.conf"
/private/etc/apache2/original/extra/httpd-ssl.conf

Copy the config file (just in case a future update overwrites it).

sudo cp /private/etc/apache2/original/extra/httpd-ssl.conf /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

Now go back and edit the “httpd.conf” file

sudo nano /private/etc/apache2/httpd.conf

Add the following line (to the end of the file, on a new line) so the new SSL config file loads.

Include /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

You can have a look at the file “httpd-ssl-localhost.conf”. Take note of paths in the VirtualHost node.

<VirtualHost _default_:443>

#   General setup for the virtual host
DocumentRoot "/Library/WebServer/Documents"
ServerName www.example.com:443
ServerAdmin [email protected]
ErrorLog "/private/var/log/apache2/error_log"
TransferLog "/private/var/log/apache2/access_log"

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   Server Certificate:
#   Point SSLCertificateFile at a PEM encoded certificate. If the certificate is encrypted, then you will be prompted for a
#   pass phrase.  Note that a kill -HUP will prompt again. Keep in mind that if you have both an RSA and a DSA certificate 
#   you can configure both in parallel (to also allow the use of DS ciphers, etc.) Some ECC cipher suites (
#   http://www.ietf.org/rfc/rfc4492.txt) require an ECC certificate which can also be configured in parallel.

SSLCertificateFile "/private/etc/apache2/server.crt"

#SSLCertificateFile "/private/etc/apache2/server-dsa.crt"
#SSLCertificateFile "/private/etc/apache2/server-ecc.crt"

#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
#   ECC keys, when in use, can also be configured in parallel

SSLCertificateKeyFile "/private/etc/apache2/server.key"

#SSLCertificateKeyFile "/private/etc/apache2/server-dsa.key"
#SSLCertificateKeyFile "/private/etc/apache2/server-ecc.key"

#   Server Certificate Chain:
#   Point SSLCertificateChainFile at a file containing the
#   concatenation of PEM encoded CA certificates which form the
#   certificate chain for the server certificate. Alternatively
#   the referenced file can be the same as SSLCertificateFile
#   when the CA certificates are directly appended to the server
#   certificate for convenience.
#SSLCertificateChainFile "/private/etc/apache2/server-ca.crt"

#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
#   Note: Inside SSLCACertificatePath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.
#SSLCACertificatePath "/private/etc/apache2/ssl.crt"
#SSLCACertificateFile "/private/etc/apache2/ssl.crt/ca-bundle.crt"

#   Certificate Revocation Lists (CRL):
#   Set the CA revocation path where to find CA CRLs for client
#   authentication or alternatively one huge file containing all
#   of them (file must be PEM encoded).
#   The CRL checking mode needs to be configured explicitly
#   through SSLCARevocationCheck (defaults to "none" otherwise).
#   Note: Inside SSLCARevocationPath you need hash symlinks
#         to point to the certificate files. Use the provided
#         Makefile to update the hash symlinks after changes.

#SSLCARevocationPath "/private/etc/apache2/ssl.crl"
#SSLCARevocationFile "/private/etc/apache2/ssl.crl/ca-bundle.crl"
#SSLCARevocationCheck chain

#   Client Authentication (Type):
#   Client certificate verification type and depth.  Types are
#   none, optional, require and optional_no_ca.  Depth is a
#   number which specifies how deeply to verify the certificate
#   issuer chain before deciding the certificate is not valid.

#SSLVerifyClient require
#SSLVerifyDepth  10

#   TLS-SRP mutual authentication:
#   Enable TLS-SRP and set the path to the OpenSSL SRP verifier
#   file (containing login information for SRP user accounts). 
#   Requires OpenSSL 1.0.1 or newer. See the mod_ssl FAQ for
#   detailed instructions on creating this file. Example:
#   "openssl srp -srpvfile /private/etc/apache2/passwd.srpv -add username"

#SSLSRPVerifierFile "/private/etc/apache2/passwd.srpv"

#   Access Control:
#   With SSLRequire you can do per-directory access control based
#   on arbitrary complex boolean expressions containing server
#   variable checks and other lookup directives.  The syntax is a
#   mixture between C and Perl.  See the mod_ssl documentation
#   for more details.
#<Location />

Generating a Key and Certificate

Generate a Key (I prefer filenames start with “localhost” so future updates to not overwrite it).

sudo cd /private/etc/apache2/ 
sudo openssl genrsa -out localhost.key 2048
sudo openssl req -new -x509 -key ./localhost.key -out ./localhost.crt -days 3650 -subj /CN=localhost

Check that file files ” localhost.crt” and ” localhost.key” were outputted to “/private/etc/apache2/”

pwd
/private/etc/apache2
192-168-1-200:apache2 simon$ ls -al
total 208
drwxr-xr-x   13 root  wheel    416 18 Dec 00:33 .
drwxr-xr-x  128 root  wheel   4096 16 Dec 19:41 ..
...
-rw-r--r--    1 root  wheel   1318 18 Dec 00:33 localhost.crt
-rw-r--r--    1 root  wheel   1708 18 Dec 00:33 localhost.key
...

Open “/private/etc/apache2/original/extra/httpd-ssl-localhost.conf” and replace the following text.

sudo nnao /private/etc/apache2/original/extra/httpd-ssl-localhost.conf

Replace the following text:

  • “server.crt” with “localhost.crt”
  • “server.key” with “localhost.key”

Changes shoud have been made to the following values in “<VirtualHost _default_:443>”

  • SSLCertificateFile “/private/etc/apache2/localhost.crt”

  • SSLCertificateKeyFile “/private/etc/apache2/localhost.key”

Check your apache conf

sudo apachectl configtest

I had the following error

AH00526: Syntax error on line 1 of /private/etc/apache2/original/extra/httpd-ssl-localhost.conf:
Invalid command '\xe2\x88\x91#', perhaps misspelled or defined by a module not included in the server configuration

OSX SSL

I removed the invalid first line (I must have inserted something while searching using nano (I must have presses Option+W instead of Control+W to find in Nano)).

I ran the Apache config check again and received the following error.

sudo apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using REMOVED ISP Static IP. Set the 'ServerName' directive globally to suppress this message
Syntax OK

I added my domain but with a 2 on the end for later use via local DNS.

<VirtualHost _default_:443>
...
ServerName https://www.mydomainname2.com:443
...

TIP: This will not by default allow you to load this address locally without, not without DNS changes (to be added soon).

Restart Apache (you may still receive a warning about the ServerName (I Ignored it)).

Restart Apache

sudo apachectl -k restart
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using REMOVED ISP Static IP. Set the 'ServerName' directive globally to suppress this message

Loading Your Site

You can now load the website localhost in your browser (it will show as insecure).

Insecure localhost

Click “Proceed to localhost (unsafe)”

The reason for no trust is the self-signed cert is not trusted by OSX or browsers.

Cert Details

OSX Certificate Trust (Key Chain Access)

Let’s tell OSX we trust this certificate (by adding it to the keychain)

sudo cd  /private/etc/apache2/
sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain /private/etc/apache2/localhost.crt

Restart Apache

sudo apachectl -k restart

TIP: Check your certificate date in your browser, and clear your cache if older certificates are loading from cache.

Results

Great, Safari uses the SSL cert (and obeys Keychain’s Trust)

Safari

Google Chrome reports the Cert has issues (even though it is trusted locally). I will investigate and update this post soon.

Chrome

I suspect that Chrome will need to trust this cert fully to allow AJAX and API calls to be made.It’ss weird that Google Chrome has detected it is trusted by all users but does not trust it.

This is my next link to research a solution.

More

Read Useful OSX Terminal Commands or Useful OSX Linux Commands and Securing an Ubuntu VM with a free LetsEncrypt SSL certificate in 1 Minute first.

Hope this helps someone.

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.4 Nov 208 – Works on Mojave

v1.3 Small Edits, Added link to investigate Chrome issue (Current Version)

v1.2 Added More Explanations

v1.1 Reworded

v1.0 Initial Version

Filed Under: Local SSL Tagged With: Adding, Apache, High, HTTPS, on, OSX, Sierra, to

Restoring lost files on a Windows FAT, FAT32, NTFS or Linux EXT, Linux XFS volume with iRecover from diydatarecovery.nl

December 3, 2017 by Simon

Below is my quick guide to showing how I recover lost files on a removable (or internal drive) with software on Windows. This is not a paid advert but this is what works for me (and has worked with everything I have thrown at it). Tell me what works for you (especially on OSX).

“Helping one person might not change the world but it could change the world for one person” – Buddha.

I hope this guide helps someone, I have never seen someone happier than when I have been able to restore lost files or photos for someone. Not everyone backs up data (read my guide here).

Before you start

Don’t touch (format, access or install software) onto drives and USB drive that you want to restore files from or you may overwrite files on that drive. Doing this will potentially block the ability to restore files. Electronics die, software gets corrupted, this can be complex so If in doubt seek professional help and advice before proceeding. This is advice only and it’s your call with your data, Restoring files on damaged magnetic or USB drives can damage the data storage platter or storage chips, so proceed at your own risk. (legal disclaimer over, good luck).

More on how file systems and storage work

How File Systems Work

How the File Allocation Table Works

Installing DIY Data Recovery

The DIY Data Recovery software can restore images (photos) from a UBS, SD card or files (images or non-images) from data or operating system drives. If you have a system or data drive from a PC you can plug it into another PC running DIY Dat Recovery and scan and restore from the possibly bad drive to a good host drive, never restore files to a bad drive from a bad drive. I am an Apple Mac user now but only know of this Windows method for restoring files, please let me know of an Apple Mac way to restore files on FAT, NTFS and other file systems, please.

I usually connect USB drives directly or connect SATA drives via a small caddy

On a working Windows computer install DIY Data Recovery software from here.

Install

Plugin your dead USB or another drive to restore files from (do not interact with the drive once Windows can see it).

Insert Drive

Do not format or modify the drive if prompted (cancel this screen).

Dont Format

Sometimes Windows will offer to fix it (do not interact with this dialogue).

From memory, you can follow the steps below on a free trial version but you will need a paid version (serial number) to actually restore files. The free trial will show files that it can restore though. I paid about $60 for the software a few years ago, it is currently 59 EUROS. Enter your serial number if you have one.

Register iRecovery

After you register it (or continue with the free trial) select the drive to scan for files and click Next.

Select Drive

Here is another unreadable SATA drive

DIY Data Recovery will scan each sector and try and find files. On a smaller healthy drive, the scan won’t take long, on a larger drive (e.g a 2TB NTFS drive it may take 18+ hours).

In this case, we can see the USB drive has two bad sectors (red squares) at the front of the USB stick in the file system sectors (green squares). This possibly happened when the USB was pulled out when the operating system was writing to the USB stick. If the USB was dying the bad sectors would be at random positions.

Data fragments are listed as blue squares.

Let it scan

Here is another sample scan results

When the scan is done click ‘Save” to save the found sectors state (saving the state can save you time later).

Disclaimer: Clicking save does not save lost files it just saves the current scan state.

choose Files to recover

You can click the legend button to see the state of each file (Not processed, Presumably valid, Invalid, bad sectors etc)

Tick the files you want to be restored.

Legend

FYI: You will see some files you know, some files you forgot and some weird files. Restoring files is hit and miss and you may never see files again (do backup). Benjamin Franklin once said “Failing to plan is planning to fail”, You can also say “Failing to backup is guaranteeing lost data”.

Restoring Files

Do

  • Create a folder on your working Desktop to restore files to.
  • Do increase Read and Write cache
  • Do set longer Timeouts (e.g 1000, 5000, 10000, 60000)

Restore

Click “Start copying the selected files” to restore.

restore

Hopefully, you will have files restored, if not seek professional help. I’d recommend keeping the corrupt or source drive in a drawer, you may be able to use other tools to restore more files at a later date.

Restored Files

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

V1.1 Added more screenshot from a second DATA drive scan

v1.0 Initial Post

Filed Under: Restore Tagged With: a, diydatarecovery.nl, FAT32, files, from, iRecover, Linux EXT, Linux XFS, lost, NTFS, on, or, Restoring, volume, Windows FAT, with

Building your first app on Heroku

November 26, 2017 by Simon

Below is my blog post on setting up a hello world app on Heroku that is powered by a database (e.g Client requests a page, the page reads a database and return hello world).

I found IBM/Cloudant would cost multiple thousands a month to run a good NoSQL database backend, I moved to a self-managed server on Digital Ocean in Singapore but the distance of the server killed latency and maximum throughput in Australia.  I moved to a dedicated AWS EC2 instance with a  Mongo DB cluster on AWS in Australia and it was great but pricey. A self-managed server (on Digital Ocean or Vultr) allows you to install whatever you want (e.g PHP, MySQL, MongoDB, Redis, SSL Certificate, Mail or WordPress) and configure what you want (but at what cost?).

Heroku say: “Get straight to building apps – Setting up, operating and maintaining your own platform is not where the race is won. Avoid the risk and complexity, and dedicate your energy to what really matters: building great apps.”.

heroku

Having setup serves on IBM Cloudant, Digital Ocean, AWS and Vultr (and even managing with RunCoud and Webmin) and not focusing on a self-managed server-issues like security, backup, security audits, upgrading PHP, updating ssl, setting up distributed mysql, updating https certificates etc sounds like the holy grail.

Let’s put that to the tets and build a Hello World App.

About Heroku

Heroku have a page here about what they offer.

Heroku

Sign up for Free: https://signup.heroku.com

Signup

Programming Languages (Ruby, PHP, Python, NodeJS, Java, Cloujure, Scala, Go etc). I so wanted to select “I’m not a developer” but I won’t.  I selected NodeJS.

Programming Language

Next: Verify your email, enter a password and you’ll find yourself here.

Setup Done

Now we can create an app?

App Help

Help

Ok, let’s skim the NodeJS help before we start: https://devcenter.heroku.com/articles/getting-started-with-nodejs#set-up

Let’s download the Command Line tools

Heroku CLI

Installing Heroku CLI on OSX was uneventful

Heroku CLI

I clicked the “I have installed the Heroku CLI” button.

Heroku wanted me to clone a repo but I logged in to Heroku the Heroku CLI and created a local Heroku folder first (in my local Terminal).

Last login: Sat Nov 25 18:54:43 on ttys000
192-168-1-200:~ username$ mkdir ~/Desktop/heroku
192-168-1-200:~ username$ cd ~/Desktop/heroku
192-168-1-200:heroku simon$ pwd
/Users/username/Desktop/heroku
192-168-1-200:~ username$ heroku login
heroku-cli: Updating to 6.14.38-9bfc11a... 12.7 MB/12.7 MB
Enter your Heroku credentials:
Email: [email protected]
Password: *******************************************************

I checked the Heroku Version

heroku --version
heroku-cli/6.14.38-9bfc11a (darwin-x64) node-v9.2.0

I checked Heroku Help

heroku --help
Usage: heroku COMMAND

Help topics, type heroku help TOPIC for more details:

 access          manage user access to apps
 addons          tools and services for developing, extending, and operating your app
 apps            manage apps
 auth            heroku authentication
 authorizations  OAuth authorizations
 buildpacks      manage the buildpacks for an app
 certs           a topic for the ssl plugin
 ci              run an application test suite on Heroku
 clients         OAuth clients on the platform
 config          manage app config vars
 container       Use containers to build and deploy Heroku apps
 domains         manage the domains for an app
 drains          list all log drains
 features        manage optional features
 git             manage local git repository for app
 keys            manage ssh keys
 labs            experimental features
 local           run heroku app locally
 logs            display recent log output
 maintenance     manage maintenance mode for an app
 members         manage organization members
 notifications   display notifications
 orgs            manage organizations
 pg              manage postgresql databases
 pipelines       manage collections of apps in pipelines
 plugins         manage plugins
 ps              manage dynos (dynos, workers)
 redis           manage heroku redis instances
 regions         list available regions
 releases        manage app releases
 run             run a one-off process inside a Heroku dyno
 sessions        OAuth sessions
 spaces          manage heroku private spaces
 status          status of the Heroku platform
 teams           manage teams
 update          update CLI
 webhooks        setup HTTP notifications of app activity

I ran the advised commands

git clone https://github.com/heroku/node-js-getting-started.git
cd node-js-getting-started

At this point, I followed the steps at https://devcenter.heroku.com/articles/getting-started-with-nodejs#deploy-the-app

Ran

heroku create
Creating app... done, ⬢ fathomless-anchorage-#####
https://fathomless-anchorage-##removed##.herokuapp.com/ | https://git.heroku.com/fathomless-anchorage-70974.git

The website is up

App Up

Where is this app located

traceroute fathomless-anchorage-70974.herokuapp.com
traceroute: Warning: fathomless-anchorage-70974.herokuapp.com has multiple addresses; using 54.243.121.236
traceroute to us-east-1-a.route.herokuapp.com (54.243.121.236), 64 hops max, 52 byte packets
 1  192-168-1-1 (192.168.1.1)  1.045 ms  1.121 ms  0.727 ms
 2  10.20.23.227 (10.20.23.227)  34.415 ms  30.378 ms  26.927 ms
 3  syd-gls-har-agr11-be-12 (202.7.205.13)  42.363 ms  42.957 ms  35.670 ms
 4  203-221-3-3 (203.221.3.3)  37.517 ms
    203-221-3-4 (203.221.3.4)  29.832 ms
    203-221-3-67 (203.221.3.67)  29.412 ms
 5  10ge4-11.core1.sjc1.he.net (72.52.101.37)  208.270 ms  213.679 ms
    las-b24-link.telia.net (213.248.95.232)  181.162 ms
 6  las-b21-link.telia.net (62.115.136.46)  173.171 ms
    100ge1-1.core1.sjc2.he.net (184.105.65.114)  208.705 ms
    10ge7-2.core1.sjc2.he.net (72.52.92.118)  212.061 ms
 7  dls-b21-link.telia.net (62.115.137.106)  205.615 ms
    100ge2-1.core4.fmt2.he.net (184.105.213.158)  204.186 ms
    dls-b21-link.telia.net (62.115.123.136)  204.317 ms
 8  a100us-ic-303626-dls-bb1.c.telia.net (62.115.36.38)  332.192 ms  205.536 ms
    100ge11-1.core1.dal1.he.net (184.105.64.222)  241.649 ms
 9  176.32.125.172 (176.32.125.172)  209.481 ms
    176.32.125.212 (176.32.125.212)  223.887 ms
    176.32.125.164 (176.32.125.164)  205.608 ms
10  176.32.125.169 (176.32.125.169)  205.849 ms
    176.32.125.150 (176.32.125.150)  274.887 ms
    176.32.125.167 (176.32.125.167)  230.285 ms
11  * 176.32.125.241 (176.32.125.241)  232.125 ms *
12  * * 54.240.229.175 (54.240.229.175)  231.710 ms
13  * 54.240.229.171 (54.240.229.171)  239.321 ms *
14  * * *
15  *^C

Traceroute times out but appears to be in the eastern United States (AWS).

Q1) Can I change to Sydney Australia?

Twitter

Waiting for an answer from Twitter.

Virginia is a long way away.

Let’s test the SSL

It’s all good apart from on weak cipher (“TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) WEAK (112)“).

SSL

A shodan scan of the IP reveals an open port 80 and 443 (as expected, nothing out of the ordinary)

Pushing Changes

I ran this to push the app.

cd /Users/username/Desktop/heroku/node-js-getting-started
git push heroku masterCounting objects: 488, done.
Delta compression using up to 8 threads.
Compressing objects: 100% (367/367), done.
Writing objects: 100% (488/488), 231.76 KiB | 231.76 MiB/s, done.
Total 488 (delta 86), reused 488 (delta 86)
remote: Compressing source files... done.
remote: Building source:
remote: 
remote: -----> Node.js app detected
remote: 
remote: -----> Creating runtime environment
remote:        
remote:        NPM_CONFIG_LOGLEVEL=error
remote:        NPM_CONFIG_PRODUCTION=true
remote:        NODE_VERBOSE=false
remote:        NODE_ENV=production
remote:        NODE_MODULES_CACHE=true
remote: 
remote: -----> Installing binaries
remote:        engines.node (package.json):  8.9.1
remote:        engines.npm (package.json):   unspecified (use default)
remote:        
remote:        Resolving node version 8.9.1...
remote:        Downloading and installing node 8.9.1...
remote:        Using default npm version: 5.5.1
remote: 
remote: -----> Restoring cache
remote:        Skipping cache restore (not-found)
remote: 
remote: -----> Building dependencies
remote:        Installing node modules (package.json)
remote:        added 49 packages in 1.686s
remote: 
remote: -----> Caching build
remote:        Clearing previous node cache
remote:        Saving 2 cacheDirectories (default):
remote:        - node_modules
remote:        - bower_components (nothing to cache)
remote: 
remote: -----> Build succeeded!
remote: -----> Discovering process types
remote:        Procfile declares types -> web
remote: 
remote: -----> Compressing...
remote:        Done: 17.7M
remote: -----> Launching...
remote:        Released v3
remote:        https://fathomless-anchorage-#####.herokuapp.com/ deployed to Heroku
remote: 
remote: Verifying deploy... done.
To https://git.heroku.com/fathomless-anchorage-#####.git
 * [new branch]      master -> master

I ran this to ensure the app was running

heroku ps:scale web=1
Scaling dynos... done, now running web at 1:Free

I ran this to open the app

heroku open

This opened the apps URL in a browser.

A nice help page was pushed to my app.

I changed the contents of “node-js-getting-started/views/pages/index.ejs” and repushed.

git push heroku master
heroku ps:scale web=1
heroku open

It reported “Everything up-to-date“???

Repush

I tried to force a push (just in-case something on the server was changed)

git push --force heroku master
Everything up-to-date

???

Ok, let’s pull and see what’s new?

git pull heroku master
From https://git.heroku.com/fathomless-anchorage-#####
 * branch            master     -> FETCH_HEAD
Already up-to-date.

I edited “./index.js” and made the entry point “pages/index2.ejs” and tried to push and no luck.

Everything up-to-date

I tried running push under sudo too (no luck)

Googling revealed I can go to https://dashboard.heroku.com/apps/YOUR-APP/deploy/heroku-gi and see what the issue is.

I logged into the app and could not find how to delete or edit it?

How do I edit files

At this point, I would have just ssh’ed in and restarted the node process in pm2 or node on my own self-managed server and edited remote files locally in sublime on my local machine.

Personally, I like to know where files live and not delve into another designers management interface.

I’ll come back to this guide later until then I’ll stick with Digital Ocean or Vultr

Linking to your own Domain on Heroku

It looks like I can use custom domains via Namecheap to link a domain to a heroku app.

Or you can setup a domain sub domain to point to a heroku app with a DNS C Name record.

App Cost on Heroku

todo: After Hello World is deployed. Digital Ocean (is as low as $5 a month) or Vultr (is as low as $2.5 a month)

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.4 added custom domain, database, CNAME info

etc

Filed Under: Heroku Tagged With: app, Building, first, Heroku, on, your

Connect to a remote server with ssh keys generated on OSX

November 26, 2017 by Simon

Below is the way I connect to a remote server via SSH keys generated on OSX.

Setting up a server

When you set up an Ubuntu server on Vultr (read my guide on setting up a Vultr server for as low as $2.5 a month) or Digital Ocean (use this link to get two months free when you setup an Ubuntu server on digital ocean) you can specify an SSH key to use for remote connections during the server create stage (old guide here).

How to create an SSH key on OSX to use to connect to a remote server

Run the following command (“sudo ssh-keygen -t rsa“) to generate an ssh key paid in “~/.ssh/” on OSX.

cd ~/.ssh/
sudo ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/root/.ssh/id_rsa): test.rsa            
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in test.rsa.
Your public key has been saved in test.rsa.pub.
The key fingerprint is:
SHA256:sJtlhWremoved2IUp8 [email protected]
The key's randomart image is (edited):
+---[RSA 2048]----+
|    .   +o=+.    |
|   . o + =.o..   |
|  . . + o *o+ .  |
|   .   E B +.=   |
|      o S = +.   |
|       O o..+ o  |
|   * . .o * .    |
|   o  ..*        |
|   ..+..         |
+----[SHA256]-----+

TIP: It is a good idea to also generate a passphrase to use with the key (double protection). You will be prompted to enter this password to use the RSA key.

You can now see the generated keys in ~/.ssh/

ls test* -al
total 224
drwxr-xr-x+ 29 username  staff   928 26 Nov 17:07 .
[email protected] 89 username  staff  2848 25 Nov 19:03 ..
...
-rw-------   1 username   staff  1766 26 Nov 17:07 test.rsa
-rw-r--r--   1 username   staff   412 26 Nov 17:07 test.rsa.pub
...

You can view the contents of the public file (you can use this when generating Digital Ocean, Vultr, AWS or Azure or other cloud servers).

fyi: Replace 123.123.123.123 with your remote serves ip.

sudo cat /~.ssh/test.rsa.pub
ssh-rsa AAAAB3NzaC...removed...1RL5hCG0lUn 123.123.123.123

How to connect to a server (the old way).

As long as your host added the desired public ssh key file contents to the server (adding the public ssh key contents to “~/.ssh/authorized_keys” you will be able to connect to the server.

Run the following command on OSX command line to connect to the server via SSH.

sudo ssh -i ~/.ssh/test.rsa [email protected]

You should see..

Enter passphrase for key '/Users/username/.ssh/test.rsa': 
> PASSPHRASECREATEDEARLIER
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-101-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

Last login: Sun Nov 26 08:47:20 2017 from 123.123.123.123

[email protected]:~# ls -al
total 32
drwx------  5 remoteuser remoteuser 4096 Nov 25 12:07 .
drwxr-xr-x 24 remoteuser remoteuser 4096 Nov 25 12:15 ..
-rw-------  1 remoteuser remoteuser 1813 Nov 26 08:57 .bash_history
-rw-r--r--  1 remoteuser remoteuser 3106 Oct 22  2015 .bashrc
...

Congratulations, you should now be able to connect to your server via SSH.

Securing your ubuntu Server

Read my guides here, here and here.

Don’t forget to add a firewall and set up an SSL certificate.

How to connect to a server (faster way).

todo: ~/.ssh/config method

Now we can connect to your remote server with the shorter method.

todo: ~/.ssh/config method

Donate and make this blog better

Ask a question or recommend an article

[contact-form-7 id=”30″ title=”Ask a Question”]

Revision History

v1.0 Initial Post

etc

Filed Under: SSH Tagged With: a, Connect, generated, keys, on, OSX, remote, server, ssh, to, with

Updating PHP 7.0 to 7.1 on an Ubuntu 16.04 Vultr VM

November 21, 2017 by Simon

Here is how you can quickly update PHP 7.0 to 7.1 on a Vultr Ubuntu domain.

I have configured a number of Vultr domains with NGINX and PHP 7.1 FPM and today I realised I need to update PHP 7.0 to 7.1 to fix a  few security exploits (read more here and here on securing Ubuntu in the cloud). PHP has a good page where you can keep up to date with PHP news here https://secure.php.net/. You can also view the PHP bug tracker to view bugs here. PHP aggregation user @php_net on twitter is good to follow, the official PHP twitter account is @official_php.

I have not noticed in daily Ubuntu package updates no option to update PHP 7.0 to 7.1, I must have to update manually.

WARNING: Backup your site and test this on a non-production server before doing it on a live server.  I had an issue with PHP 7.1 breaking WordPress 3.9 (MySQL issues with some plugins) and I had to roll back to 7.0 (see rollback tips in troubleshooting below). WordPress says it is PHP 7.1 compatible but issues exist. WordPress 3.9 ditches “mysql” and used “mysqli” and when instead PHP 7.1 WordPress could not find “mysqli”?

List packages with updates

sudo /usr/lib/update-notifier/apt-check -p
linux-libc-dev
python3-apport
python3-problem-report

You can run the following to view upgradable packages (TIP: Backup NGINX and other configuration files before any upgrades).

apt list --upgradable
Listing... Done
apport/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
linux-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-headers-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-image-generic/xenial-updates,xenial-security 4.4.0.101.106 amd64 [upgradable from: 4.4.0.87.93]
linux-libc-dev/xenial-updates,xenial-security 4.4.0-101.124 amd64 [upgradable from: 4.4.0-98.121]
nginx/xenial,xenial 1.13.6-2chl1~xenial1 all [upgradable from: 1.13.3-1chl1~xenial1]
nginx-common/xenial,xenial 1.13.6-2chl1~xenial1 all [upgradable from: 1.13.3-1chl1~xenial1]
nginx-core/xenial 1.13.4-1chl1~xenial1 amd64 [upgradable from: 1.13.3-1chl1~xenial1]
procmail/xenial-updates,xenial-security 3.22-25ubuntu0.16.04.1 amd64 [upgradable from: 3.22-25]
python-cryptography/xenial 1.9-1+ubuntu16.04.1+certbot+2 amd64 [upgradable from: 1.7.1-2+certbot~xenial+1]
python-openssl/xenial,xenial 17.3.0-1~0+ubuntu16.04.1+certbot+1 all [upgradable from: 17.0.0-0+certbot~xenial+1]
python-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.12.4-1+certbot~xenial+1]
python-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.19.1-1+certbot~xenial+1]
python3-apport/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
python3-problem-report/xenial-updates,xenial-updates,xenial-security,xenial-security 2.20.1-0ubuntu2.13 all [upgradable from: 2.20.1-0ubuntu2.12]
python3-requests/xenial,xenial 2.18.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 2.12.4-1+certbot~xenial+1]
python3-urllib3/xenial,xenial 1.21.1-1+ubuntu16.04.1+certbot+1 all [upgradable from: 1.19.1-1+certbot~xenial+1]

Update your server packages

sudo apt-get update && sudo apt-get upgrade

Reboot

sudo shutdown -r now

You should now see this on startup

0 packages can be updated.
0 updates are security updates.

You can view your installed PHP configuration file and installed version by typing to following in your servers command line.

# locate php.ini
/etc/php/7.0/apache2/php.ini
/etc/php/7.0/cli/php.ini
/etc/php/7.0/fpm/php.ini

Now let’s install a package viewer

sudo apt-get install apt-show-versions

Search installed packages (or non-installed) PHP packages.

sudo apt-show-versions | grep php | more

libapache2-mod-php7.0:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
libapache2-mod-php7.0:i386 not installed
php-common:all/xenial 1:55+ubuntu16.04.1+deb.sury.org+1 uptodate
php-xdebug:amd64/xenial 2.5.5-3+ubuntu16.04.1+deb.sury.org+1 uptodate
php-xdebug:i386 not installed
php7.0:all/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-cli:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-cli:i386 not installed
php7.0-common:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-common:i386 not installed
php7.0-curl:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-curl:i386 not installed
php7.0-dev:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-dev:i386 not installed
php7.0-fpm:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-fpm:i386 not installed
php7.0-gd:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-gd:i386 not installed
php7.0-imap:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-imap:i386 not installed
php7.0-intl:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-intl:i386 not installed
php7.0-json:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-json:i386 not installed
php7.0-ldap:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-ldap:i386 not installed
php7.0-mbstring:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-mbstring:i386 not installed
php7.0-mysql:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-mysql:i386 not installed
php7.0-opcache:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-opcache:i386 not installed
php7.0-pgsql:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-pgsql:i386 not installed
php7.0-phpdbg:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-phpdbg:i386 not installed
php7.0-pspell:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-pspell:i386 not installed
php7.0-readline:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-readline:i386 not installed
php7.0-recode:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-recode:i386 not installed
php7.0-snmp:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-snmp:i386 not installed
php7.0-tidy:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-tidy:i386 not installed
php7.0-xml:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-xml:i386 not installed
php7.0-zip:amd64/xenial 7.0.25-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.0-zip:i386 not installed

Uninstall all local PHP related packages

sudo apt-get remove php* 
...
After this operation, 35.7 MB disk space will be freed.
Do you want to continue? [Y/n] y
(Reading database ... 139182 files and directories currently installed.)
Removing php7.0 (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php-xdebug (2.5.5-3+ubuntu16.04.1+deb.sury.org+1) ...
Removing libapache2-mod-php7.0 (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-zip (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-xml (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-mbstring (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-dev (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-fpm (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-curl (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-gd (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-imap (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-intl (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-phpdbg (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-ldap (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-mysql (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-pgsql (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-pspell (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-recode (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-snmp (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-tidy (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-cli (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-json (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-opcache (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-readline (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php7.0-common (7.0.25-1+ubuntu16.04.1+deb.sury.org+1) ...
Removing php-common (1:55+ubuntu16.04.1+deb.sury.org+1) ...
Processing triggers for man-db (2.7.5-1) ...

Confirm packages are uninstalled

sudo apt-show-versions | grep php
>

Install PHP 7.1 and common packages

sudo apt-get install php7.1 php7.1-cli php7.1-common libapache2-mod-php7.1 php7.1-mysql php7.1-fpm php7.1-curl php7.1-gd php7.1-bz2 php7.1-mcrypt php7.1-json php7.1-tidy php7.1-mbstring php-redis php-memcached

Verify PHP 7.1 installation

apt-show-versions | grep php
libapache2-mod-php7.1:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
libapache2-mod-php7.1:i386 not installed
php-common:all/xenial 1:55+ubuntu16.04.1+deb.sury.org+1 uptodate
php-igbinary:amd64/xenial 2.0.1-1+ubuntu16.04.1+deb.sury.org+2 uptodate
php-igbinary:i386 not installed
php-memcached:amd64/xenial 3.0.3+2.2.0-1+ubuntu16.04.1+deb.sury.org+3 uptodate
php-memcached:i386 not installed
php-msgpack:amd64/xenial 2.0.2+0.5.7-1+ubuntu16.04.1+deb.sury.org+3 uptodate
php-msgpack:i386 not installed
php-redis:amd64/xenial 3.1.4-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php-redis:i386 not installed
php7.1:all/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-bz2:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-bz2:i386 not installed
php7.1-cli:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-cli:i386 not installed
php7.1-common:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-common:i386 not installed
php7.1-curl:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-curl:i386 not installed
php7.1-fpm:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-fpm:i386 not installed
php7.1-gd:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-gd:i386 not installed
php7.1-json:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-json:i386 not installed
php7.1-mbstring:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mbstring:i386 not installed
php7.1-mcrypt:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mcrypt:i386 not installed
php7.1-mysql:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-mysql:i386 not installed
php7.1-opcache:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-opcache:i386 not installed
php7.1-readline:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-readline:i386 not installed
php7.1-tidy:amd64/xenial 7.1.11-1+ubuntu16.04.1+deb.sury.org+1 uptodate
php7.1-tidy:i386 not installed

Reboot

sudo shutdown -r now

See if the PHP 7.1 FPM service has started

sudo systemctl | grep php
> php7.1-fpm.service

Restart PHP 7.1 FPM Service

sudo systemctl restart php7.1-fpm.service

Edit your /etc/nginx/sites-enabled/default and change the fastcgi_pass from “7.0” to “7.1”

sudo nano /etc/nginx/sites-enabled/default

Edits:

location ~ \.php$ {
    ...
    fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
    ...
}

Reload NGINX configuration and restart NGINX

sudo nginx -t && sudo nginx -s reload && sudo /etc/init.d/nginx restart
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
[ ok ] Restarting nginx (via systemctl): nginx.service.

Your website should now be back up and running PHP 7.1

PHP 7.1

Post Install Tasks

View this blog post on other useful linux commands.

Run a Lynis security scan.

Edit your PHP.ini file and add required changes (e.g upload sizes).

sudo nano /etc/php/7.1/fpm/php.ini
# upload_max_filesize = 2M
+ upload_max_filesize = 8M

Troubleshooting

View PHP configuration values (add this to a debug.php and load in in a browser)

<?php

// Show all information, defaults to INFO_ALL
phpinfo();

// Show just the module information.
// phpinfo(8) yields identical results.
phpinfo(INFO_MODULES);

?>

I broke my WordPress 3.9 when I tried to update to PHP 7.1 so I rolled back to 7.0.

sudo apt-get remove php*
sudo apt-get -y install php7.0-fpm
sudo apt-get -y install php7.0-mysql php7.0-curl php7.0-gd php7.0-intl php-pear php-imagick php7.0-imap php7.0-mcrypt php-memcache  php7.0-pspell php7.0-recode php7.0-sqlite3 php7.0-tidy php7.0-xmlrpc php7.0-xsl php7.0-mbstring php-gettext
service php7.0-fpm reload

Google help had me stuck for a while when I had issues purging php 7.1.

Purge Error

Because my blog (with install steps) was down I used this site to help be find the commands to run.

Conclusion

Sometimes going with cutting edge tech you will go out on a limb, ensure you know and can restore a working site if need be.

Always have a backup and restore plan.

Hope this guide helps.

Donate and make this blog better


Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.35 WordPress 3.9 error with PHP 7.1

Filed Under: PHP, Server, Ubuntu, VM, Vultr Tagged With: 16.04, a, on, php, ubuntu, Updating, vm, vultr

Setting up additional server storage on cloud servers (block storage on Vultr)

October 7, 2017 by Simon

Vultr has a generous disk quota with the cloud servers you can set up. But what do you do when you want more space than the default allocation (for backup or application data)?

I have blogged before about setting up an Ubuntu server on the cloud on Vultr and configuring it if you do not already have a cloud server.

Vultr allows you to set up a server in minutes.

Server

A Vultr $2.5 a month server comes with 20GB storage, a $20 a month server comes with 60GB of SSD storage.

Vultr does offer more storage for about 0.10c per GB. At this time or writing Vultr allows you to add more storage to serves in NY/NJ (only). Read my guide on moving data between servers with RSync. And cond forget yo secure your server with a free SSL certificate and secure it (read more here and here).

An additional 10GB of storage would cost $1/m.

10GB

An additional 50GB of storage would cost $5/m.

50GB

An additional 100GB of storage would cost $10/m.

100GB

An additional 250 GB of storage would cost $25/m

250GB

View the Vultr pricing calculator here. Vultr does say that you can resize your block storage volume but there are manual actions and risks involved so get the space you need early on and prevent resizing later.

Read the Vultr Block Storage FAQ here: https://www.vultr.com/docs/block-storage

Vultr did offer early customers in (limited location’s) a free 50GB storage (read more on these limits here).

I am going to spin up a Block storage and attach to my server in Sydney.

fyi: Read the official guide on Attacking Block Storage to a Vultr server.

1. Login to your Vultr admin panel ( https://my.vultr.com/ ) and click Block Storage (  https://my.vultr.com/blockstorage/ ).

2. Click Add Block Storage

Add Block Storage

3. Choose the size of your block storage volume.

New Block Storage

Darn, I can’t choose Syndey yet as a location to create a block storage volume (I have asked Vultr when we can) so I’ll continue this guide with my existing (free) 50GB volume in New Jersey) and mount it in a server in NY/NJ (and also Syndey).

It appears I can’t connect to a  Block Storage volume outside the block storages location (data centre).

Manage Block Storage

You will need to attach the block storage volume to the server at that data centre location or you will get this error when you try and connect to it later.

Error

In my case, the server did not automatically restart so I manually restarted it.

Connecting the Block Storage to your VM

From the Vultr admin panel ( https://my.vultr.com ), Block Storage ( https://my.vultr.com/blockstorage/ ) you can manage individual Block Storage volumes and see the mounting information.

e.g

(Linux Example) Create partitions:
# parted -s /dev/vdb mklabel gpt
# parted -s /dev/vdb unit mib mkpart primary 0% 100%

(Linux Example) Create filesystem:
# mkfs.ext4 /dev/vdb1

(Linux Example) Mount block storage:
# mkdir /mnt/blockstorage
# echo >> /etc/fstab
# echo /dev/vdb1               /mnt/blockstorage       ext4    defaults,noatime 0 0 >> /etc/fstab
# mount /mnt/blockstorage

FYI: You can only connect to block storage from the same location (one server at a time I’d imagine).

4. From the Vultr Admin panel SSH into the server (in the same location).  See my guide here on setting up a Vultr server and configuring it.

Vultr say’s “Block storage is connected to your server as /dev/vdb. We do not create any filesystems on it by default.” Official Block storage documentation is located here.

5. Run the commands listed in the Block Storage screen (above)

Mount

Error: In my case, the echo command failed to add to configuration to the /etc/fstab file (even with sudo) and the mount command failed?

mount: can't find /mnt/blockstorage in /etc/fstab

I checked the /etc/fstab file contents

sudo cat /etc/fstab
# ..missing mount commands from Vultr..

I manually edited the /etc/fstab file and added the mount point configuration as suggested by Vultr.

sudo nano ./etc/fstab

Contents

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
# / was on /dev/vda1 during installation
UUID=removedGUID /               ext4    errors=remount-ro 0       1
/dev/fd0        /media/floppy0  auto    rw,user,noauto,exec,utf8 0       0
/dev/vdb1       /mnt/blockstorage       ext4    defaults,noatime 0 0 >> /etc/fstab

6. I re-ran the mount command

sudo mount /mnt/blockstorage
#

Success

I can now directory list in the block storage volume.

ls /dev/vdb1 -al
brw-rw---- 1 username disk 253, 17 Nov  7 21:18 /dev/vdb1

Now let’s attach it to another folder in the root folder (e.g /data)

First, unmount the volume

sudo umount /mnt/blockstorage

Edit the /etc/fstab file with sudo nano

sudo nano /etc/fstab

Change the mount point somewhere else (e.g /data)

/dev/vdb1               /data       ext4    defaults,noatime 0 0 >> /etc/fstab

Make a folder in the new path (/data), If you don’t do this the mount will fail.

sudo mkdir /data

Remount the volume (but use the new path)

sudo mount /data

You can now use the path and new storage.

cd /data
mkdir /data/test
cd /data/test
pwd
# /data/test/
sudo nano /data/test/test.txt

Nice

Disposing of Block Storage

TIP: Move or backup any data before you destroy or detach the volume.

First, you will need to unmount the volume (SSH session with your server).

sudo umount /data

Then remove the entry from the /etc/fstab file

Then you can navigate to the https://my.vultr.com/blockstorage/ and edit the said block storage volume and detach the volume (this will cause the server to reboot).

Detatch

After a few minutes you can delete the volume from the edited Block Storage Volume page  (click the Trashcan up the upper right).

Detatch

Done, You can now add and remove Block Storage volumes on Vultr.

How to check the disk usage of the block storage volume

You may need to remind yourself of the block storage volume (cat the /etc/fstab file and view the drive information on the mount line).

cat /etc/fstab
# .. /dev/vdb1 ..

How much space is used/free

df -h /dev/vdb1
Filesystem      Size  Used Avail Use% Mounted on
/dev/vdb1        50G   52M   47G   1% /data

You can also show the usage information in that mounted folder

du -xsch /data
10G     /folder1
10G     /folder2
20G     total

Use the pydf tool to view mounted partitions

Install pydf

sudo apt-get install pydf

Use pydf

pydf
Filesystem Size  Used Avail Use%                                                             Mounted on
/dev/vda1   20G 3496M   15G 17.4 [##########...............................................] /
/dev/vdb1   49G   52M   47G  0.1 [.........................................................] /data

Troubleshooting

  • You need to attach the block storage volume and reboot in the Vultr admin panel before mounting.
  • The echo command (as documented by Vultr) may not add information to the /etc/fstab file (a manual edit will work).

How to Resize a Block Storage Volume on Vultr.

Coming soon (if requested below).

Donate and make this blog better


Ask a question or recommend an article
[contact-form-7 id=”30″ title=”Ask a Question”]

v1.2 added disk usage information

Filed Under: Storage, VM, Vultr Tagged With: additional, Block, cloud, on, server, servers, Setting, storage, up, vultr

  • « Go to Previous Page
  • Go to page 1
  • Go to page 2
  • Go to page 3

Primary Sidebar

Poll

What would you like to see more posts about?
Results

Support this Blog

Create your own server today (support me by using these links

Create your own server on UpCloud here ($25 free credit).

Create your own server on Vultr here.

Create your own server on Digital Ocean here ($10 free credit).

Remember you can install the Runcloud server management dashboard here if you need DevOps help.

Advertisement:

Tags

2FA (9) Advice (17) Analytics (9) App (9) Apple (10) AWS (9) Backup (21) Business (8) CDN (8) Cloud (49) Cloudflare (8) Code (8) Development (26) Digital Ocean (13) DNS (11) Domain (27) Firewall (12) Git (7) Hosting (18) IoT (9) LetsEncrypt (7) Linux (21) Marketing (11) MySQL (24) NGINX (11) NodeJS (11) OS (10) Performance (6) PHP (13) Scalability (12) Scalable (14) Security (45) SEO (7) Server (26) Software (7) SSH (7) ssl (17) Tech Advice (9) Ubuntu (39) Uncategorized (23) UpCloud (12) VM (45) Vultr (24) Website (14) Wordpress (25)

Disclaimer

Terms And Conditions Of Use All content provided on this "www.fearby.com" blog is for informational purposes only. Views are his own and not his employers. The owner of this blog makes no representations as to the accuracy or completeness of any information on this site or found by following any link on this site. Never make changes to a live site without backing it up first.

Advertisement:

Footer

Popular

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Setup two factor authenticator protection at login on Ubuntu or Debian
  • Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software
  • I moved my domain to UpCloud (on the other side of the world) from Vultr (Sydney) and could not be happier with the performance.
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
  • Add Google AdWords to your WordPress blog

Security

  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Setup two factor authenticator protection at login on Ubuntu or Debian
  • Using the Yubico YubiKey NEO hardware-based two-factor authentication device to improve authentication and logins to OSX and software
  • Setting up DNSSEC on a Namecheap domain hosted on UpCloud using CloudFlare
  • Set up Feature-Policy, Referrer-Policy and Content Security Policy headers in Nginx
  • Securing Google G Suite email by setting up SPF, DKIM and DMARC with Cloudflare
  • Enabling TLS 1.3 SSL on a NGINX Website (Ubuntu 16.04 server) that is using Cloudflare
  • Using the Qualys FreeScan Scanner to test your website for online vulnerabilities
  • Beyond SSL with Content Security Policy, Public Key Pinning etc
  • Upgraded to Wordfence Premium to get real-time login defence, malware scanner and two-factor authentication for WordPress logins
  • Run an Ubuntu VM system audit with Lynis
  • Securing Ubuntu in the cloud
  • No matter what server-provider you are using I strongly recommend you have a hot spare ready on a different provider

Code

  • How to code PHP on your localhost and deploy to the cloud via SFTP with PHPStorm by Jet Brains
  • Useful Java FX Code I use in a project using IntelliJ IDEA and jdk1.8.0_161.jdk
  • No matter what server-provider you are using I strongly recommend you have a hot spare ready on a different provider
  • How to setup PHP FPM on demand child workers in PHP 7.x to increase website traffic
  • Installing Android Studio 3 and creating your first Kotlin Android App
  • PHP 7 code to send object oriented sanitised input data via bound parameters to a MYSQL database
  • How to use Sublime Text editor locally to edit code files on a remote server via SSH
  • Creating your first Java FX app and using the Gluon Scene Builder in the IntelliJ IDEA IDE
  • Deploying nodejs apps in the background and monitoring them with PM2 from keymetrics.io

Tech

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • US v Huawei: The battle for 5G
  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Is OSX Mojave on a 2014 MacBook Pro slower or faster than High Sierra
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..
  • The case of the overheating Mac Book Pro and Occam’s Razor
  • Useful Linux Terminal Commands
  • Useful OSX Terminal Commands
  • Useful Linux Terminal Commands
  • What is the difference between 2D, 3D, 360 Video, AR, AR2D, AR3D, MR, VR and HR?
  • Application scalability on a budget (my journey)
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Why I will never buy a new Apple Laptop until they fix the hardware cooling issues.

Wordpress

  • Replacing Google Analytics with Piwik/Matomo for a locally hosted privacy focused open source analytics solution
  • Setting web push notifications in WordPress with OneSignal
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..
  • Check the compatibility of your WordPress theme and plugin code with PHP Compatibility Checker
  • Add two factor auth login protection to WordPress with YubiCo hardware YubiKeys and or 2FA Authenticator App
  • Monitor server performance with NixStats and receive alerts by SMS, Push, Email, Telegram etc
  • Upgraded to Wordfence Premium to get real-time login defence, malware scanner and two-factor authentication for WordPress logins
  • Wordfence Security Plugin for WordPress
  • Speeding up WordPress with the ewww.io ExactDN CDN and Image Compression Plugin
  • Installing and managing WordPress with WP-CLI from the command line on Ubuntu
  • Moving WordPress to a new self managed server away from CPanel
  • Moving WordPress to a new self managed server away from CPanel

General

  • Backing up your computer automatically with BackBlaze software (no data limit)
  • How to back up an iPhone (including photos and videos) multiple ways
  • US v Huawei: The battle for 5G
  • Using the WinSCP Client on Windows to transfer files to and from a Linux server over SFTP
  • Connecting to a server via SSH with Putty
  • Setting web push notifications in WordPress with OneSignal
  • Infographic: So you have an idea for an app
  • Restoring lost files on a Windows FAT, FAT32, NTFS or Linux EXT, Linux XFS volume with iRecover from diydatarecovery.nl
  • Building faster web apps with google tools and exceed user expectations
  • Why I will never buy a new Apple Laptop until they fix the hardware cooling issues.
  • Telstra promised Fibre to the house (FTTP) when I had FTTN and this is what happened..

Copyright © 2023 · News Pro on Genesis Framework · WordPress · Log in

Some ads on this site use cookies. You can opt-out if of local analytics tracking by scrolling to the bottom of the front page or any article and clicking "You are not opted out. Click here to opt out.". Accept Reject Read More
GDPR, Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT