Linux is life: 2016

Thursday, 29 December 2016

Comment and uncomment the multiple lines in vi editor linux

1. For comment the multiple lines :-

Suppose we need to comment the lines from 6th line to 20th line in vi text editor using below syntax in vieditor.

from 6 line to 20line

type ESC in vi editor

:6,20s/^/#/

Here ^ indicates starting of the line. So We replaced starting of line with '#' means comment the line.

2. For uncomment the multiple lines :-

from 6th line to 20th line

type ESC in vi editor

:6,20s/^#//

From above one line started with # will be removed, line uncommented

Thursday, 8 December 2016

Create yum local repository

Create the yum local repository

yum local repository very useful when you are work in LAN (Local Area Network ) .

Requirements :-

Need to copy the Packages folder to where you are create the repository.

Configuration Steps :-

Mount the CD/DVD to linux server :

Syntacx : mount -t iso9660 -o loop /dev/dvd or /dev/cdrom /mnt/iso

1. Copy /centos/6/os/x86_64/Packages/ to any local directory

#mkdir /home/yum

#cp -r /centos/6/os/x86_64/Packages/ /home/yum

2. Install the create repo package with rpm.

#cd /home/yum/Packages

#rpm -ivh createrepo-0.9.9-24.el6.noarch.rpm

When installing above package it's ask for some dependency packages and install that packages.

3. Create or edit the yum repository configuration file.

#cd /etc/yum.repos.d/

Backup or move all repositories to another directory and create the new file with any name 'localrep.repo' and add the lines like below

#vi localrep.repo

[Centos]

name=Centos Repo

baseurl=file:///home/yum/Packages

enabled=1

gpgcheck=0

:wq!

save&quit

From above configuration file gpg disabled if you want to enable the gpg please add below steps it's not mandatory

gpgcheck=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6

4. Create the repository file

#createrepo ///home/yum/Packages

After the successful creation list the yum repository it's shows like below

# yum repolist

Loaded plugins: fastestmirror, refresh-packagekit, security

Loading mirror speeds from cached hostfile

* base: repos.lax.quadranet.com

* extras: mirror.compevo.com

* updates: repos.dfw.quadranet.com

repo id repo name status

base CentOS-6 - Base 6,696

extras CentOS-6 - Extras 62

updates CentOS-6 - Updates 686

repolist: 7,444

5. In LAN your installed in one server you can use that repository in all servers in that LAN by using the ftp service. Please follow the the below steps.

create the repo configuration file. Suppose you are created yum repository in one of local server 10.1.2.4 and you want to use that repository in another server in LAN 10.1.2.5 byusing ftp. Please modify the lines as below.

Note :- ftp server must be configured on 10.1.2.4 with directory ///home/yum/Packages

10.1.2.5

#vi remote.repo

[Centos]

name=Centos Repo

baseurl=ftp:10.1.2.4///home/yum/Packages

enabled=1

gpgcheck=0

:wq!

save&quit

Wednesday, 7 December 2016

Nginx installation and configuration linux

Nginx Server Installation and configuration Centos

Operating System : centos 6.x 64bit

1. Installation through RPM.

# wget http://nginx.org/packages/centos/6/noarch/RPMS/nginx-release-centos-6-0.el6.ngx.noarch.rpm

# rpm -ivh nginx-release-centos-6-0.el6.ngx.noarch.rpm

2. Installation through epel

## RHEL/CentOS 6 64-Bit ##

# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

# rpm -ivh epel-release-6-8.noarch.rpm

3. After any one of above step completed. Please proceed with you install.

# yum install nginx

4. Belo are the default location for Nginx configuration.

Default configuration Directory : /etc/nginx

Default Vhost Directory : /etc/nginx/conf.d/( in this directory we need to add the configuration for domain in virtual.conf or any *.conf in this directory

Default log file directory: /var/log/nginx/

Default document root directory: /usr/share/nginx/html

Default configuration file: /etc/nginx/nginx.conf(in this configuration file main setting are there)

Worker_processes :-

worker_processes 2; this line in nginx.conf file we need to set the worker_processes according to the number of CPUs on server for better perfomance

5. Sample Domain configuration :-

#cd /etc/nginx/conf.d/

# vi virtual.conf ( open the file and remove existing configurations and add like below configuration)

Note : line must end with';'

server {

listen 80;

listen 10.180.20.161:80;

server_name trailinfos.com;

access_log /var/log/nginx/trailinfos.com.access.log;

error_log /var/log/nginx/trailinfos.com.error.log;

}

Above one is the basic configuration for domain we need to include rewrite and location between starting and ending "{"

server {

_____

___________

}

Loading Balancing or proxy Balancing :-

upstream rails_application {

server 10.180.20.160:80;

server 10.180.20.161:80;

}

To difine the balancing servers should like above for proxy balancing and for preferences need to set the weight like below.

upstream rails_application {

server srv1.example.com weight=3;

server srv2.example.com;

server srv3.example.com;

}

from above example in place of 'rails_application' you can give any name and define the upstream name in domain configuration syntax should be like

upstream rails_application {

server 10.180.20.160:80;

server 10.180.20.161:80;

}

server {

_____

_________

location / {

proxy_pass http://rails_application;

}

Define the Custome home directory and index page.

server {

_____

_________

location / {

root /home/html;

index index.php;

}

PHP Installation with Nginx :-

1. Installation of required packages through yum.

yum install php-fpm php-cli php-mysql php-gd php-imap php-ldap php-odbc php-pear php-xml php-xmlrpc php-magickwand php-magpierss php-mbstring php-mcrypt php-mssql php-shout php-snmp php-soap php-tidy

2.APC installation

yum install php-pecl-apc

3. open the /etc/php.ini and set cgi.fix_pathinfo=0:

4. set date.timezone in /etc/php.ini

[...]

[Date]

; Defines the default timezone used by the date functions

; http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone

date.timezone = "Europe/Berlin"

[...]

[root@server1 nginx]# cat /etc/sysconfig/clock

ZONE="Europe/Berlin"

[root@server1 nginx]#

5. After above steps completed open the mime.types file and add the 'text/php php php5;' line at the end of line .

vi /etc/nginx/mime.types

text/php php php5;

6. Reload the php-fpm service :

service php-fpm reload

7. Add the below configuration in domain configuration for enable the php.

server {

_____

_________

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

8. Add the rewrite rules :

server {

_____

_________

location ~ \.(gif|jpg|png|txt) {

return http://trailinfos.com/index.php;

}

From above rewrite rule if you click on http://trailinfos.com/any.gif or http://trailinfos.com/any.jpg ..etc like it redirect to http://trailinfos.com/index.php

9. Restart the Nginx service

#service nginx restart

10. Please find below details configuration file.

upstream rails_application {

server 10.180.20.160:80;

server 10.180.20.161:80;

}

server {

listen 80;

listen 10.180.20.161:80;

server_name trailinfos.com;

access_log /var/log/nginx/trailinfos.com.access.log;

error_log /var/log/nginx/trailinfos.com.error.log;

location / {

proxy_pass http://rails_application;

}

#location / {

# root html;

# index index.php;

# }

location ~ \.(gif|jpg|png|txt) {

return http://trailinfos.com/index.php;

}

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

you can add the another domain same like don't include "upstream " it's one time defenition

server {

listen 80;

listen 10.180.20.161:80;

server_name test.trailinfos.com;

access_log /var/log/nginx/test.trailinfos.com.access.log;

error_log /var/log/nginx/test.trailinfos.com.error.log;

location / {

proxy_pass http://rails_application;

}

#location / {

# root html;

# index index.php;

# }

location ~ \.(gif|jpg|png|txt) {

return http://test.trailinfos.com/index.php;

}

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

include fastcgi_params;

}

Backup and Restore the mysql database in linux

Backup and Restore the mysql database in Linux cli mode

1. 'mysqldump' command is used to backup the database in linux.

Backup Syntax :-

#mysqldump -udatabase -p databasename > databasename.sql

Once database backup completed from source side copy the .sql file to Destination Server and restore the backup file.

Before restore create the database and user if not exists.

>create database databasename;

>create user 'database'@'localhost';

>grant all privileges on databasename.* to 'database'@'localhost';

>flush privileges;

Now restore the database

#mysql -udatabase -p databasename < databasename.sql

Remove the Selinux file permissions linux

File start with '.' permission means selinux permissions enabled for the file. if selinux enable to the file even some times we are not able to modify the files also. Please find below steps to remove the selinux file permissions .

-rwxr-xr-x . 1

1. First check selinux enabled or disabled . if enabled please disable the selinux.

# sestatus

SELinux status: disabled

#vi /etc/sysconfig/selinux

Open selinux file and set the status to 'SELINUX=disabled' . Some times reboot also required.

2. Remove the selinux file permission for single file.

setfattr -x security.selinux filename

3. To remove the all selinux file permissions , Please use below one.

find / $ -fstype ext2 -o -fstype ext3 -o -fstype ext4 -o -fstype btrfs $ -exec setfattr -x security.selinux {} \;

Copy the Directory structure to linux Remote Server

Copy the Directory structure to linux Remote Server using rsync

Package Required : rsync

1. By default rsync available in linux server. if not there please install with yum.

#yum install rsync

2. Copy the directory structure from one linux server to another linux server with out copying the inner files. Please follow the below steps.

3. For example we have two linux server, we want to copy the directory structure '/home' from source to destination server using rsync.

Server1 : 10.200.18.2 - Source
Server2 : 10.200.18.3 - Destination

rsync -a -f"+ */" -f"- *" /home test@10.200.18.3:~

options :-

a --archive

f --filter=RULE

above example copy the only directory structure of '10.200.18.2' /home to 10.200.18.3.

Monday, 5 December 2016

squid proxy server configuration in linux

http proxy server configuration using squid and use it as private proxy IPs.

OS : Linux (rhel,centos)
Squid Server : 10.20.36.54
Additional IPs : 10.20.30.2
10.20.30.4

In above Case we use only private IPs. so it can work over LAN Only. if you want use http proxy IPs over WAN you need to setup on public IPs.

1. install the required packages.

# yum install squid*

install httpd

#yum install httpd

2. Backup the existing squid.conf and modify it has below.

#cd /etc/squid
#cp squid.conf squid.conf-bkp
#vi squid.conf

#add this to the auth_param section of squid.conf
#
auth_param basic program /usr/lib64/squid/ncsa_auth /etc/squid/squid_passwd

#
# Add this to the bottom of the ACL section of squid.conf
#
acl ncsa_users proxy_auth REQUIRED

#
# Add this at the top of the http_access section of squid.conf
#
http_access allow ncsa_users

forwarded_for off

http_port 3128

# TAG: httpd_suppress_version_string on|off

# Suppress Squid version string info in HTTP headers and HTML error pages.

#Default:

httpd_suppress_version_string on

acl ip1 myip 10.20.30.2

acl ip1 myip 10.20.30.4

tcp_outgoing_address 10.20.30.2 ip1

tcp_outgoing_address 10.20.30.4 ip2

#save and exit the file (wq! )

from above configuration file We used 3128 has port number . you can use any port number in place of that.

if you have more IPs also you can use same format like below.

acl ip1 myip 10.20.30.1

acl ip250 myip 10.20.30.250

tcp_outgoing_address 10.20.30.1 ip1

tcp_outgoing_address 10.20.30.250 ip250

3. Create user authentication

# htpasswd -c /etc/squid/squid_passwd proxyuser

New password:

it's prompt for new password. Please enter your password. These credentials used as http proxy authentication

4. Once all above steps completed. Please restart squid service and add it in chkconfig

# service squid restart

# chkconfig squid on

4. Test the http squid proxy IPs.

Open firefox or any browser and got to option click on advanced tab and click on network after that click on settings.

Provide the Proxy IP and port number, click on ok then it's prompt for username and password. Please provide the logins what ever you are given.

Squid proxy server installation and configuration completed successfully

Tuesday, 17 May 2016

Add the bulk IPs on linux using perl script

To add the bulk IP subnet's (/22,/21) on linux server using below perl script very easy

Example subnet : 192.168.2.0/22

     192.168.8.0/24
    192.168.9.0/24
        192.168.10.0/24
    192.168.11.0/24

perl -e 'my $cntr= 101; for $o3(8 .. 11){for $o4(1 .. 254){ `ifconfig eth0:$cntr 192.168.$o3.$o4 netmask 255.255.255.0`;$cntr++}}'

Setup Trusted connection between two linux servers

Setup Trusted connection between Two linux servers

Server 1 (198.158.5.6)

         user : linux

Server 2 (198.160.43.8)

        user : unix

Now i am going to create the Trusted connection from Server1 - linux user to server2 to unix user.

Before setup trusted connection generate the key pair. if already exist it will over write. please take care of that.

Server 1 (198.158.5.6)

         user : linux

ssh keypar generation :-

Switch to 'linux' user in my case and run 'ssh-keygen -t rsa'

Enter and continue with default option. Please don't enter 'passphrase' when it's asking.

root]$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/linux/.ssh/id_rsa):
Created directory '/home/linux/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/linux/.ssh/id_rsa.
Your public key has been saved in /home/linux/.ssh/id_rsa.pub.
The key fingerprint is:
63:c7:83:08:2a:85:92:15:e3:4f:18:49:66:c2:ff:9e linux@dedicated2388.inmotionhosting.com
The key's randomart image is:
+--[ RSA 2048]----+
|o.Oo             |
| X.+             |
|+ = o            |
|.. = . . o       |
|. . o . S +      |
| .   . . o .     |
|    . .          |
|     E           |
|                 |
+-----------------+

Server 2 (198.160.43.8)

        user : unix

Follow the same steps like same as above one. switch to 'unix' user and run 'ssh-keygen -t ras'

Now main steps begin here. I want to enable the trusted connection from 'Server 1' (198.158.5.6) linux user to 'Server 2' (198.160.43.8) unix user.

So login to 'Server 1' (198.158.5.6) linux user and change directory to '/home/linux/.ssh/' and copy 'id_rsa.pub' kay

$ cd /home/linux/.ssh/

[test@dedicated2388 .ssh]$ cat id_rsa.pub
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuz3zLfxxxxxxxxxxhxqnQ44YC7L7XnkzLIuLJSDUYEglkNDrdmOx7Me/4o6ZLyrfxh0cQ0LvYvIBQMQUSLE0aIfk1cGNYnNt7R9BiHZfei/3FHcRQ3jUlkd4DMWadJDsASe5uYni6BecmLrSS1PEr/EUBBYXgcngdvP5bOfOd/78u9/VN6+D2FmCNBvCdr6024/qHZ8e7/PPDq7oZ1/Xle1gWGVIWK2wYs8sgGVWRVWNeZf86uHFFHUm2Fd8PGSupUP+9Z9Wd8XQ== linux@xxxxxxxxx

Copy above key and login to 'Server 2' (198.160.43.8) unix user and change directory to '/home/unix/.ssh/' , create 'authorized_keys' file and paste the above key in 'authorized_keys' file.

$ cd /home/unix/.ssh/

$ vi authorized_keys

Now give the exicute permission to 'authorized_keys'

$ chmod -x authorized_keys

Now i am able connect the 'Server 2' (198.160.43.8) unix user from Server 1 (198.158.5.6) linux user with out asking the password.

server1-linux $ ssh unix@198.160.43.8

Monday, 16 May 2016

IP GRE Tunnel in linux step by step

IP Tunneling between linux servers using IP GRE Tunneling

Network A : 192.168.92.6 (Public IP) ( IPs tunnel from the server )-source

       10.200.10.1 (Private IP)

       180.168.94.1 (GateWay)

Network B : 180.168.94.5 (Public IP) IPs tunnel to server )- destination

          10.200.10.2 (Private IP)

                    180.168.94.1(GateWay)

Required modules : ip_gre

Server1 : 192.168.92.6 ( source side configuration )

Step1 :-

Before going to IP GRE Tunnel you need to check 'ip_gre' module is loaded or not, other wise install the 'ip_gre' module.

lsmod | grep ip_gre
modprobe ip_gre

Step2 :-

Enable IP Forwarding. By default IP Forwarding set to '0' Means it's Disabled. you need to enable the IP Forwarding by set the value to '1' .

echo 1 >> /proc/sys/net/ipv4/ip_forward

Enable = 1
Disable = 0

Step3 :-

Enable 'proxy_arp'. By default it set to '0'. you need to set to '1'.

Proxy_arp :-

When a computer wants to send an ip packet it first decides, wether the destination ip address is on the same LAN or the packet must be sent to a router (which must be on the same LAN).
Before it can deliver the packet to the LAN, it must know the recipient's Ethernet MAC address.
In order to determine the MAC address it sends an ARP broadcast package to the LAN asking "who has ip address a.b.c.d".
Normally only the computer with that ip address answers.
Proxy arp changes that: A computer doing proxy arp answers all ARP requests with its own MAC address.
The asking computer retrieves the MAC address and sends the packet to that computer.

echo 1 >> /proc/sys/net/ipv4/conf/eth0/proxy_arp

Enable = 1
Disable = 0

Step4 :-

Add the IP Tunnel on source server

Syntax : ip tunnel add [Tunnel name] mode gre local [source ip] remote [destination ip] ttl 255

ip tunnel add gre-mta250 mode gre local 192.168.92.6 remote 191.168.94.5 ttl 255

Step5 :-

Up the added gre tunnel

Syntax : ip link set [Tunnel name] up

ip link set gre-node21 up

Step 6 :-

Add the private or local IP to gre tunnel. you can add any IP for local addredd, but add same subnet IPs on sourece and destination .

ip addr add 10.11.22.1 dev gre-node21

route add -net 10.11.22.0/30 dev gre-mta250

In my case i will use 10.11.22.1 as source IP 10.11.22.2 as destination local ip.

Step 7 :-

Route the Destination Server IP through source server gateway.

Syntax : route add [destination IP] gw [gateway of source server] dev [interface]

route add 180.168.94.5 gw 180.168.94.1 dev eth0

Step8 :-

Route what are the IPs we need to move to destination side.

Syntax : route add [Moved IP] gw 10.11.22.1 dev gre-mta250

route add 64.20.35.68 gw 10.11.22.1 dev gre-mta250

you need to down the interface of routed IP on source side.

Suppose 64.20.35.68 interface is eth0:1

ifconfig eth0:1 down

Destination side configuration : -

Network B : 180.168.94.5 (Public IP) IPs tunnel to server )

           10.200.10.2 (Private IP)

Step1 :-

Before going to IP GRE Tunnel you need to check 'ip_gre' module is loaded or not, other wise install the 'ip_gre' module.

lsmod | grep ip_gre
modprobe ip_gre

Step2 :-

Enable IP Forwarding

echo 1 >> /proc/sys/net/ipv4/ip_forward

Step3 :-

Enable 'proxy_arp'

echo 1 >> /proc/sys/net/ipv4/conf/eth0/proxy_arp

Step4 :-

Add the IP Tunnel on source server

Syntax : ip tunnel add [Tunnel name] mode gre local [source ip] remote [destination ip] ttl 255

ip tunnel add gre-mta250 mode gre local 191.168.94.5 remote 192.168.92.6 ttl 255

Step5 :-

Up the added gre tunnel

Syntax : ip link set [Tunnel name] up

ip link set gre-node21 up

Step 6 :-

Add the private or local IP to gre tunnel. you can add any IP for local addredd, but add same subnet IPs on sourece and destination .

ip addr add 10.11.22.1 dev gre-node21

route add -net 10.11.22.0/30 dev gre-mta250

In my case i will use 10.11.22.2 as source IP 10.11.22.1 as destination local ip.

Step7 :-

Route add source IPs to gateway of destination server.

Syntax : route add [IPs to Tunnel] gw [gateway of destination server] dev eth0

route add 64.20.35.67 gw 180.168.94.1 dev eth0

Step8 :-

Create the route table

echo 99999 example >>/etc/iproute2/rt_tables
ip route add default via 10.11.22.2 dev gre-node21 table example

you can give route table name as any thing.

Step9 :-

Add the Tunnel IPs to route table.

ip rule add from x.x.x.x/32 table example
ip rule add from x.x.x.x/32 table example

Step10 :-

Add the IPs on destination server.

ifconfig eth0:1 x.x.x.x netmask 255.255.255.0
ifconfig eth0:2 x.x.x.x netmask 255.255.255.0