DEVGET.NET

Feeding Your Inner Developer

Monthly Archive: May 2014

0

NGINX/Apache

nginx configtest vs nginx -t

While both of these commands will tell you if your new nginx configuration is ok [without killing your current instance]. Configtest uses the running service and tells you if it passes or fails the check whereas nginx -t will not only check the config but print any info, warning as well as error messages..

Usage is typically:

service nginx configtest && service nginx restart
or
nginx -t && service nginx restart

My personal preference is to use nginx -t because 1. its shorter and i’m lazy snf 2. I like knowing where exactly the problem lies (easier debugging and whatnot).

0

Tutorials

How To Setup a LAMP Server (Linux, Apache, MySQL, PHP) on Ubuntu Server 14.04

Today we are going to setup a web server using the ever so popular LAMP Stack. This tutorial assumes you:

  1. Own a VPS or Dedicated Server (you can get a cheap one here [its only $5])
  2. Have configured ssh and are currently logged in. (If not, learn how here)
  3. Optional: Have secured your vps from hackers

Step 1 – Install LAMP  xD

First update and install tasksel

apt-get update && apt-get install tasksel

Next… and Finally we install lamp

tasksel install lamp-server

 

Pretty simple right? Normally people go through the trouble in installing PHP, MySQL and Apache manually but why? When ubuntu already knows how to do it all 🙂

 

1

Tutorials

Securing an Ubuntu 14.04 Server with Fail2Ban

When it comes to securing a server from malicious bruteforcers, Fail2Ban is an extremely powerful tool and my goto application on every server I setup. While that position was once held by denyhosts, as of Ubuntu 14.04, denyhosts is no longer in the official ubuntu repo and so is recommend that it no longer be used… Before we get into how to configure Fail2Ban, lets take a look at how it works….

Fail2Ban works by constantly scanning your log files and takes predetermined actions based on what is set in its configuration file. For example, we can set Fail2Ban to ban the IP Address of anyone who tries and fails to login 3 or more times. To do this, every few seconds, Fail2Ban will scan the server’s access log and keep and record of every failed attempt. When the limit of 3 is reached, it will immedieately set a rule in the built in iptables firewall for said ip address, effectively rejecting it from all further communication with the server.

Step 1 – Installing Fail2Ban

To install fail2ban we need to run 3 commands, the first to update our apt-cache, the second to upgrade any old packages in our system and the third to install Fail2Ban itself

apt-get update
apt-get upgrade
apt-get install fail2ban

Now that it is installed let us make a copy of the configuration file (so that the original can serve as a template in the future) and open it in our editor of preference

Step 2 – Configure Fail2Ban

cd /etc/fail2ban/
cp jail.conf jail.local && nano jail.local

By default fail2ban comes preconfigured with a great set of options so we will only be making a few changes. I also highly recommend you read though the config file to see what fail2ban is capable of in case you wish to tweak it more in the future.

Find and change in the open config file to match the following

# add your ip to exceptions list so you dont accidentally lock youself out
ignoreip = 127.0.0.1/8 192.168.1.2
#increase bantimee to an hour
bantime = 3600
.....
[ssh]
enabled = true
port = 4444 ; If you are using a custom ssh port, change this to your chosen port
filter = sshd
logpath = /var/log/auth.log
maxretry = 6

Remember, ctrl + x to close file, and Y to save

Step 3 – Apply Changes

We finish up by restartting the fail2ban service so that our changes come into effect

service fail2ban restart

Final Notes: fail2ban consists of alot more features such as sending an email whenever an ip is banned or using custom iptable templates but those (once again, in my opinion) are not necessary as the preset config is, for the average server, near perfect.

Now that your server is secure let us move on to Setting up a LAMP Server or a LEMP Server on Ubuntu/Debian.

0

Tutorials

Initial Ubuntu 14.04 Server Setup

So you just got a new VPS and/or dedicated server and you want to use it as a webserver, fileserver, mailserver or maybe even all of the above. Buy before you do any of that, you KNOW that you gotta harden the security on it right… rightt??? Of course you do… In this tutorial we are going to go through the steps of locking down a server out there on the internet and making it safe enough to host our applications.

Note: While I am writing this for ubuntu 14.04, it should be exactly the same for debian and any other debian based distro (including previous versions of ubuntu)

Step 1 – Login to the Server

Before we can start configuring we need to login to said server, to do this, assuming you have windows we can either download putty (easy and just works) or cygwin (my preferred option but you need to select ssh during installation). If you have linux or mac, just open up your ‘terminal’ and type

ssh root@192.168.1.1

Replace ‘192.168.1.1’ with your server’s ip address and ‘root’ with the login for your server, if you are unsure what your username is, leave it as root.

Accept whatever certificate it provides and enter your password when it prompts you for it.

Step 2 – Change the root Password

Now that we have logged into our server we want to immedieately change the root password, to do this we type

passwd

At the prompt enter and confirm your new password.

Step 3 – Change Default SSH Port

Now that we have changed out default password, to make it even more difficult for intruders we change the default ssh port. Open up config file
nano /etc/ssh/sshd_config

find the line that says

Port 22

and replace 22 with any number between 1000 and 65000 and is not already found in the TCP area of this wiki article.

Tip: to exit nano press Ctrl + Z. It will ask you to save.. type Y then enter to overwrite.

Step 4 – Reload SSH

To restart the ssh service type

service ssh restart

you can now logout of your server

logout

and relog with the command

ssh root@10.0.10.20 -p 4444

with 4444 being the port you previously chose.

Thats it for this tutorial, if you are still a bit paranoid about your server, we can secure it even more by installing denyhosts, or you can skip that and move on to Setting up an Ubuntu/Debian LAMP Server or maybe you would prefer to Setup a LEMP Server.

 

18

Featured / reviews / VPS

DigitalOcean vs Vultr vs Wable : A low end cloud vps comparison

If you have been reading my rants you should know that some time back I finally made the move from shared hosting to vps’s. My first host was DigitalOcean, followed by Vultr and now I am trying out Wable, the newest kid on the block.
Now, before you start getting all ‘matter of factly’ I will state that I know this comparison is not exactly fair as Wable is openvz based while both Vultr and DigitalOcean are KVM. Still, I feel that as they are all relatively new, low end cloud based services, they’re all worth a look at.
This comparison was done by utilizing the following tools.
  • Unixbench
  • A custom bash benchmark script.
  • dd
  • Official Website of each respective site for pricing and whatnot

The metrics I will be using are

  • Price (value per dollar)
  • Upload Speed
  • I/O speed
  • CPU Performance
  • HDD Capacity
  • Extra Features

Vultr vs DigitalOcean (vs Wable).. let the fight begin..

First up DigitalOcean, they have been around for some time now and out of the three, they feature the most features, (private networking, snapshots, automated backups and a custom api for those who love scripting their own interfaces for stuff). While I will display screen shots of all benchmarks below, I will summarize and state that they had the lowest performance. I guess with all those free extra features you lost some of that hardcore baremetal performance.

Still, for enterprise customers looking for a cheap (and stable) service for their IT staff to develop on, with the plethora of features that DO (DigitalOcean) offers (especially private networking) it would be best suited to sit in the lap of the enterprise client.

Next up Vultr, this is a relatively new company (at the time of writing, it’s only been a month or two since they have been open to the public.) And I must say their service is exceptional. Like DO they offer KVM’s and their machines are ready in under a minute. Featurewise, while they don’t have the list of stuff I mentioned for DO above (except a custom api), but they recently added custom ISO’s which is a huge plus for people who want to run those os’s scraped from the dark depths of the Internet.

Performancewise Vultr blows everything out of the water with benchmark scores you would only see in VPS’s 10x it’s price. Since its inception they have been rolling out features one after the other and I would not be surprised if in a few more months they catch up to DigitalOcean in pure feature count.

For the tech enthusiast I would highly recommend Vultr and with their current promotion of doubling your first payment… The value is incredible. (I have personally loaded 100us and haven’t regretted a second of it).

Now Wable, truthfully, Wable is only here in this battle against giants because of its price. Currently for $8 you get 3 CPU’s 2GB RAM and a 50GB SSD

Also, it’s structure is unique… You don’t buy single vpses nor do you spin up kvms and pay per minute. Instead every month you pay for resources. And with those resources you can do practically anything with em. For instance the $8 plan comes with 3 cores and 2gb of ram…. With that I can either spin one machine with all the specs, make three tiny machines or anything in between. Also, IP addresses. Dear god they give you IP addresses like they grew on trees (24 of em for $8). And not ipv6 no… They give ipv4… Crazy right?

For them, when it comes to performance… It’s hard to explain… Core for core, Vultr has it beat hands down… But since for $8 you get 3 cores unlike 1 for both Vultr and DO.. you actually get better dollar for dollar benchmark performance. Unfortunately it uses openvz so it’s very limited when it comes to features.. I’d only recommend wable for someone who wants a ton of tiny machines each with a different ip addresses. While the average wable machine has the potential to be the most powerful of them all…. I am a bit skeptical, and will wait a few months before putting anything critical on their servers.

CONCLUSION: So.. who to go with? thats a simple one… if it’s a corporate or mission critical application.. use DigitalOcean for reliability and pure feature count, if not go Vultr (my personal favorite) for beast performance at a lower cost and a super active development team… as for Wable… lets give them a few more months and see whats up…

UPDATES:

  1. DigitalOcean now has a promo where you get $10 free to try em out with the coupon 2014SSD
  2. Vultr now Supports Snapshots. (Still in beta and no automatic backups yet) (May 22 2014)
  3. Vultr adds startup scripts feature to let you customize vm on first boot (June 09 2014)
  4. Vultr added Private Networking with unlimited transfer between servers  (July 08 2014)

POLL:

In the end, it’s still your decision, the following are poll-esque links which I will be using to track the popularity of each and report here a bit later on…

Vultr: I need speed!! | DigitalOcean: Stable and Rock Solid for me | Wable: Did you say 24 IP Addresses?

 

0

Linux

How to complile and install programs in linux

So you have a tar.gz file and you want to compile and install it.. To do that you need the gcc compiler (not always but its good to have anyways)…

apt-get update
sudo apt-get install build-essential

Cool, we have gcc and other essential build tools… cd into the directory with the tar.gz file and type the following

tar -xzvf myprogram.tar.gz
cd myprogram
./configure
make
make install

That should pretty much do it… of course, depending on what you are compiling the steps may be a bit different but more often than not there is a readme file in the extracted folder if you ever need to do extra configuration.

0

Linux

How to set fqdn in Linux

Edit /etc/hostname and change the text to your hostname:

blog

Edit /etc/hosts and edit like 2 to look like the following (under the one written 127.0.0.1 localhsot).

127.0.1.1 blog.devget.net blog

Where blog.devget.net is your FQDN and blog is your hostname

save and test your config by typing the following

hostname
This should output blog
hostname -f
This should output blog.devget.net

0

Featured / reviews

Bluehost vs Hostgator.. a 2014 Review

For years now I’ve been using shared hosting for a variety of websites, and while I’ve recently jumped on the vps/cloud bandwagon I wanted to compare those two hosts who served me faithfully for quite a few years now.

The plans I will be comparing here are Hostgator’s Baby and Bluehost’s standard plan. Each of these give: ‘unlimited’ storage, bandwidth, databases and domains. A shared ssl certificate and essentials such as ssh and ruby/python.
(Note. Hostgators ‘Hatchling’ plan, while cheaper does not let you have more than one add on domain so it was not chosen for this comparison)

A Brief History: my first ever shared paid host was Hostgator and I stayed with them for about a year. (Baby plan of course). The only reason I ever switched was because I was paying month to month and it was pretty much $10 each month.. and as my sites were not yet making any profit.. That was just crazy talk. When I saw that bluehost was offering 3 years for 4.95 a pop there was no way I could not jump on that deal.

Now over a year later, I am back on Hostgator mainly because I saw a great deal (that rare 50% off coupon I told you about) and jumped on it.

COST: when it comes to pure dollar for dollar value, Bluehost comes out on top. No matter when you register, the price of 4.95 (using this link of course) is pretty hard to beat.

Hostgator’s baby plan is initially 6.36 but, a few times a year (labour day, black Friday etc) it does have a 50 percent coupon.. But it’s usually only for 24 hours and you pretty much need to be on their mailing list to get it on time. Of course I will always be on the lookout and will post any codes I learn about here. Until then you may use this link for 20% off.

Winner: Bluehost

PERFORMANCE: In general, they are both pretty snappy overall with Hostgator having a slight edge in the cPanel area (a lighter experience), while Bluehost gives better website performance. How did I test? I used loadimpact as well as a custom written shell benchmark script… If you won’t want to take my word for it.. ill attach the results below.

A small thing to note is that Bluehost saw a degradation in performance after 60k files or so, I never had that manyon hostgator so I wouldn’t know how it would handle it.

SUMAMRY: I did not bother compare features as they are both pretty equal, so are their customer service. Only main difference would be Bluehost has an anytime moneyback guarantee while Hostgator has a 45 day guarantee.

If I had to choose one shared host to stick with until the end of time… I would definitely at this point choose Bluehost… with better price AND performance.. why choose otherwise? plus.. have you seen their datacenter?