November 24 2018

Linux Mail Server

Zimbra Configurations

maxmessagesize

  • Use this parameter to adjust the Maximum Message Size for messages passing through the MTA (Postfix).
  • The postconf parameter message_size_limit is configured globally for all MTAs (Default value: 10MB)
  • Note: this is the size of the full RFC 2822 internet message, after MIME-encoding
  • Multiply the variable zimbraMtaMaxMessageSize by 1.5, and then compare against the free space available on the partition.  Errors logged to /var/log/zimbra.log

Postfix Configurations

' Log In as zimbra admin user
# su - zimbra
' Display value of variable
$ postconf message_size_limit
' Set the maximum message size to 20MB
$ zmprov modifyConfig zimbraMtaMaxMessageSize 2048000
' Confirm changes
$ postconf | grep message_size_limit

IMAP Configurations

' Log In as zimbra admin user
# su - zimbra
' Set global file upload (attachments) size limit to 20MB
$ zmprov modifyConfig zimbraFileUploadMaxSize 20971520
' Set file (attachments) size limit to 20MB for a given server
$ zmprov modifyServer mail.domain.com zimbraFileUploadMaxSize 20971520
' Set maximum request size 20MB
$ zmprov modifyConfig zimbraImapMaxRequestSize 20971520
' Set mail content size limit to 20MB
$ zmprov ms `zmhostname` zimbraMailContentMaxSize 20971520
$ zmprov modifyConfig zimbraMailContentMaxSize 20971520
' Restart mail store
$ zmcontrol stop
$ zmcontrol start

Category: Network | Comments Off on Linux Mail Server
November 24 2018

Linux Rescue and Recovery

Ubuntu Recovery Mode

GRUB > Recovery Mode

$ locate recovery-mode
/lib/ecovery-mode

System Rescue Images

  1. Knoppnix
  2. Ubuntu Boot-Repair
  3. SystemRescueCD
  4. GPARTED Live

Write Live Boot Images to USB Drive

  1. Download ISO image
  2. Verify downloaded image with checksum utility (MD5 or SHA256)
  3. Add MBR to ISO  image in Ubuntu host
    • # apt update
    • # apt install syslinux_utils
    • $ isohybrid <image>.iso
  4. Create Live Boot drive
    • Ubuntu Startup Disk Creator
    • dd
  5. Find target drive with these commands (if use dd):
    • $ df -h (USB)
    • $ lsblk (Writeable CD/DVD)
  6. Unmount target drive
    • # umount /dev/<targetdrive>
  7. Write image to drive with dd
    • # dd bs=4M if=<image>.iso of=/dev/<targetdrive>&& sync

SystemRescueCD Commands

' Network access
% net-setup
' Load light-weighed GUI
% startx
' Backup partition with DD
% dd if=/dev/sdx of=/dev/sdy
' Test hard drive
% test-driv

Mount Damaged Partition Temporarily

# mkdir /mnt/<tempdir>
# mount /dev/sdx/ /mnt/<tempdir>
' Copy useful files to healthy partition

Recovery with DDRESCUE

# apt install gddrescue
# yum install ddrescue
# ddrescue -d /dev/sdx1 \
  /mnt/usb-mount/sdx1-backup.img \
  /mnt/usb-mount/sdx1-backup.logfile
' Test image by writing with dd to new drive

Password Recovery with CHROOT

' Live boot first, and then determine root partition
# lsblk
# mkdir /mnt/<tempdir>
# mount /dev/<rootpart> /mnt/<tempdir>
# chroot /mnt/<tempdir>
# passwd
# exit

Category: Network | Comments Off on Linux Rescue and Recovery
November 16 2018

AWS Cheatsheet

Install AWS Command Line Interface (CLI)

# apt install python3-pip
$ pip3 install --upgrade --user awscli

Configure AWS with CLI

' Get access id and key from AWS console > My Security Credentials 
$ aws configure
AWS Access Key ID [None]: <your-access-key>
AWS Secret Access Key [None]: <your-secret-key>
Default region name [None]: us-west-2
Default output format [None]: JSON

List S3 Buckets in AWS Account

$ aws s3 ls

Create S3 Bucket in AWS Account

$ aws s3 mb s3://<my_unique_bucket_id>

Off-site Backup to S3 Bucket

' With AWS CLI
$ aws s3 sync /<folder> s3://<my_unique_bucket_id>

' With Bash script
#!/bin/bash
/usr/local/bin/aws s3 sync /<folder> s3://<my_unique_bucket_id>
Category: Network | Comments Off on AWS Cheatsheet
October 31 2018

Manage Virtual Machines

VMWare

Backup Guest on a Standalone ESXi Host

Using vSphere Client

  1. Shutdown the target Guest
  2. Select (Highlight) the Guest
  3. File->Export->Export OVF Template.
  4. Follow the prompts.

Using the command line ovftool to create thin backup

ovftool -dm=thin vi://<user>@<esxi-host>/<vm-name> <local-file>.ovf

More options can be found in http://www.virtuallyghetto.com/

Restore Guest on a Standalone ESXi Host

Using vSphere Client

  1. Deploy OVF Template

VirtualBox

Install VirtualBox in Ubuntu

# apt update
# apt install virtualbox
# apt install virtualbox-guest-additions-iso

Install VirtualBox in Fedora

# cd /etc/yum.repos.d/
# wget http://download.virtualbox.org/virtualbox/rpm/fedora/virtulbox.repo
# dnf update
# dnf install patch kernel-devel dkms
# dnf install virtualbox

Operations from Command Line

' Display all VMs available on the computer
$ vboxmanage list vms
' Clone VM
$ vboxmanage clonevm --register <vm1> --name <vm2>
' Export VM to OVA format
$ vboxmanage export <vm1> -o <vm-filename>.ova
' Import OVA VM
$ vboxmanage import <vm-filename>.ova
' Get IP address assigned to the guest OS 
$ vboxmanage guestproperty get <UUID|Name> "/VirtualBox/GuestInfo/Net/0/V4/IP"

LXC

Install LXC in Ubuntu

# apt update
# apt install lxc

Install LXC in Fedora / CentOS

' For CentOS
# yum install epel-release
# yum install libcap-devel libcgroup busybox wget bridge-utils
' For Fedora
# yum install debootstrap libvirt perl gpg
# yum install lxc lxc-templates lxc-extra

Modify Default Configuration /etc/lxc/default.conf

# Network configuration
lxc.network.type = veth
lxc.network.link = br0
lxc.network.flags = up

Manage LXC Containers in Command Line

' List container templates installed on system
$ ls -l /usr/share/lxc/templates
' Create new container with template
# lxc-create -n <container-name> -t <template>
' Check status of all containers on system
# lxc-ls --fancy
' Get status of one container with more details
# lxc-info -n <container-name>
' Access container root file system and change user password
# chroot /var/lib/lxc/<container-name>/rootfs/
# passwd <username>
' Start container
# lxc-start -d -n <container-name>
' Launch a root shell
# lxc-attach -n <container-name>
' Access container with console
# lxc-console -n <container-name>
' Display content of the container from host
$ ls -lh /var/lib/lxc/<container-name>/
' Stop the container
# lxc-stop -n <container-name> 
' Remove the container from system
# lxc-destroy -n <conatiner-name>

More information can be found in 
https://linuxcontainers.org/lxc/getting-started/

Parallels Desktop

Unable To Start Parallels Services (Non-Restricted Status)

' 1. Check the Restricted status
# ls -dlO /Library/StagedExtensions/
drwxr-xr-x  5 root  wheel - 160 Oct  9 10:18 /Library/StagedExtensions
' 2. Reboot in recovery mode using Command+R combination 
' 3. If FileVault is ON
'      a. Open Disk Utility before getting to the Terminal
'      b. Highlight the Macintosh HD volume in the left panel 
'      c. Press the Mount button in the Disk utility menu
'         (should be prompted for the Mac password)
'      d. From the Mac menu bar, Select Disk utility > Quit
' 4. Open Utilities > Terminal from Mac top menu. Type these commands in the terminal
# spctl kext-consent add 4C6364ACXT 
# spctl kext-consent enable 
# spctl kext-consent list
Allowed Team Identifiers: 4C6364ACXT
# chflags -R restricted /Volumes/Macintosh\ HD/Library/StagedExtensions/
' 5. Run First Aid under Disk Utility
' 6. Reboot the Mac
' 7. Verify Restricted status again
# ls -dlO /Library/StagedExtensions/
drwxr-xr-x  4 root  wheel  restricted 128 Oct 12 13:04 /Library/StagedExtensions/
Category: Network | Comments Off on Manage Virtual Machines
October 4 2018

Disable Web Browser Update

Firefox Browser

Open Options > Firefox Updates
Check Never check for updates (not recommended) checkbox
Type about:config in the address bar
app.update.auto = false
app.update.enabled = false
app.update.service.enabled = false
app.update.silent = true
extensions.shield-recipe-client.enabled = false
Category: Development, Network | Comments Off on Disable Web Browser Update
October 21 2016

Get Website IP Address

Firefox Browser

Open Web Developer Tool (Ctrl+Shift+I) > Network (Ctrl+Shift+Q)
Select Net Tab
The website IP address can be seen in the Remote IP column
Refresh the page if necessary

Google Chrome Browser

Open Developer Tools > Network
Reload your page.
Select one of the URLs from the domain in question. 
The IP will be shown under Headers > General > Remote Address.

Linux Terminal with curl

  curl ipinfo.io/ip
  curl ipecho.net/plain ; echo
  curl ifconfig.me
  curl ipv4.icanhazip.com
Category: Network | Comments Off on Get Website IP Address
July 14 2016

Website Performance

Deferred parsing of Javascript – General

<script type="text/javascript">
  // Add a script element as a child of the body
  function downloadJSAtOnload() {
    var element = document.createElement("script");
    element.src = "deferredfunctions.js";
    document.body.appendChild(element);
  }
  // Check for browser support of event handling capability
  if (window.addEventListener)
    window.addEventListener("load", downloadJSAtOnload, false);
  else if (window.attachEvent)
    window.attachEvent("onload", downloadJSAtOnload);
  else
    window.onload = downloadJSAtOnload;
</script>

Deferred parsing of JavaScript in WordPress

// Defer Javascript parsing.  Add this to the theme's functions.php 
function defer_parsing_of_js ($url) {
    if (false === strpos($url, '.js'))
        return $url;
    if (strpos($url, 'jquery.js'))
        return $url;
    // return '$url async onload=myinit()';
    return '$url defer ';
}
add_filter('clean_url', 'defer_parsing_of_js', 11, 1);

Lazy CSS Loading with JavaScript

<script>
    var cb = function() { 
        var l = document.createElement('link'); 
        l.rel = 'stylesheet'; 
        l.href = 'yourCSSfile.css'; 
        var h = document.getElementsByTagName('head')[0];
        h.parentNode.insertBefore(l, h); 
    }; 
    var raf = requestAnimationFrame || 
              mozRequestAnimationFrame || 
              webkitRequestAnimationFrame || 
              msRequestAnimationFrame; 
    if (raf) 
        raf(cb); 
    else 
        window.addEventListener('load', cb); 
</script>

Modify .htaccess to Leverage Browser Caching

# ----------------------------------------------------------------------
# | Leverage Browser Caching |
# ----------------------------------------------------------------------
## EXPIRES CACHING ##
<IfModule mod_expires.c>
  ExpiresActive On
  ExpiresByType image/jpg "access 1 year"
  ExpiresByType image/jpeg "access 1 year"
  ExpiresByType image/gif "access 1 year"
  ExpiresByType image/png "access 1 year"
  ExpiresByType text/css "access 1 month"
  ExpiresByType text/html "access 1 month"
  ExpiresByType application/pdf "access 1 month"
  ExpiresByType text/x-javascript "access 1 month"
  ExpiresByType application/x-shockwave-flash "access 1 month"
  ExpiresByType image/x-icon "access 1 year"
  ExpiresDefault "access 1 month"
</IfModule>
## EXPIRES CACHING ##
## CACHE CONTROL BY HTTP HEADERS ##
Header unset Pragma
<IfModule mod_headers.c>
  <FilesMatch "\\.(ico|jpe?g|png|gif|flv|svg|swf)$">
    Header set Cache-Control "max-age=2692000, public"
  </FilesMatch>
  <FilesMatch "\\.(css)$">
    Header set Cache-Control "max-age=2692000, public"
  </FilesMatch>
  <FilesMatch "\\.(js)$">
    Header set Cache-Control "max-age=216000, private"
  </FilesMatch>
  <FilesMatch "\\.(x?html?|php)$">
    Header set Cache-Control "max-age=600, private, must-revalidate"
  </FilesMatch>
  # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  # Remove `ETags` as resources are sent with far-future expires headers
  Header unset ETag
  Header unset Last-Modified
</IfModule>
# - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
# `FileETag None` doesn't work in all cases.
FileETag None
## CACHE CONTROL BY HTTP HEADERS ##

Modify .htaccess to enable Compression

# ----------------------------------------------------------------------
# | Compression |
# ----------------------------------------------------------------------
<IfModule mod_deflate.c>
 # Force compression for mangled `Accept-Encoding` request headers
 <IfModule mod_setenvif.c>
 <IfModule mod_headers.c>
 SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
 RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
 </IfModule>
 </IfModule>
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Compress all output labeled with one of the following media types.
 # (!) For Apache versions below version 2.3.7 you don't need to
 # enable `mod_filter` and can remove the `<IfModule mod_filter.c>`
 # and `</IfModule>` lines as `AddOutputFilterByType` is still in
 # the core directives.
 <IfModule mod_filter.c>
 AddOutputFilterByType DEFLATE "application/atom+xml" \
 "application/javascript" \
 "application/json" \
 "application/ld+json" \
 "application/manifest+json" \
 "application/rdf+xml" \
 "application/rss+xml" \
 "application/schema+json" \
 "application/vnd.geo+json" \
 "application/vnd.ms-fontobject" \
 "application/x-font-ttf" \
 "application/x-javascript" \
 "application/x-web-app-manifest+json" \
 "application/xhtml+xml" \
 "application/xml" \
 "font/eot" \
 "font/opentype" \
 "image/bmp" \
 "image/svg+xml" \
 "image/vnd.microsoft.icon" \
 "image/x-icon" \
 "text/cache-manifest" \
 "text/css" \
 "text/html" \
 "text/javascript" \
 "text/plain" \
 "text/vcard" \
 "text/vnd.rim.location.xloc" \
 "text/vtt" \
 "text/x-component" \
 "text/x-cross-domain-policy" \
 "text/xml"
 </IfModule>
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 # Map the following filename extensions to the specified
 # encoding type in order to make Apache serve the file types
 # with the appropriate `Content-Encoding` response header
 # (do note that this will NOT make Apache compress them!).
 #
 # If these files types would be served without an appropriate
 # `Content-Enable` response header, client applications (e.g.:
 # browsers) wouldn't know that they first need to uncompress
 # the response, and thus, wouldn't be able to understand the
 # content.
 <IfModule mod_mime.c>
 AddEncoding gzip svgz
 </IfModule>
</IfModule>

<FilesMatch "\\.(js|css|html|htm|php|xml)$">
 SetOutputFilter DEFLATE
</FilesMatch>

<IfModule mod_gzip.c>
 mod_gzip_on Yes
 mod_gzip_dechunk Yes
 mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
 mod_gzip_item_include handler ^cgi-script$
 mod_gzip_item_include mime ^text/.*
 mod_gzip_item_include mime ^application/x-javascript.*
 mod_gzip_item_exclude mime ^image/.*
 mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</IfModule>

Prevent Image Hotlinking

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourwebsite.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourotherwebsite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ http://i.imgur.com/MlQAH71.jpg [NC,R,L]

Allow Caching with HTTP Headers

// Allow cache in HTTP headers
function frontend_http_headers_with_cache() {
 if(!is_admin()) {
 header_remove("Cache-Control");
 header("Cache-Control: public, max-age=1200");
 }
}
add_action('send_headers', 'frontend_http_headers_with_cache', 10, 1);

MySQL Query Cache

# Check if query cache is available
show variables like 'have_query_cache';
+------------------+-------+
| Variable_name    | Value |
+------------------+-------+
| have_query_cache | YES   |
+------------------+-------+
# Check query cache variables
show variables like 'query%';
+------------------------------+---------+
| Variable_name                | Value   |
+------------------------------+---------+
| query_alloc_block_size       | 8192    |
| query_cache_limit            | 1048576 |
| query_cache_min_res_unit     | 4096    |
| query_cache_size             | 8388608 |
| query_cache_type             | ON      |
| query_cache_wlock_invalidate | OFF     |
| query_prealloc_size          | 8192    |
+------------------------------+---------+
# Enable query cache in my.cnf
query_cache_size = 268435456
query_cache_type = 1
query_cache_limit = 1048576

suPHP vs mod_php

suPHP – for each request the web server opens a new thread on behalf of that user

mod_php – every request is processed on web server behalf

Pros:
suPHP
– the web server can be … threaded safe, and it is separated from php
– can be isolated based on user/environment

mod_php
– you can use php_value and other php settings right from .htaccess
– it is way faster than suPHP

Cons:
suPHP
– you can’t use php_value and other php settings from .htaccess
– slower
– higher response time
– higher CPU load

mod_php
– PHP safe mode it is not quite safe
– higher memory consumption than suPHP
– can’t be isolated based on user/environment
Category: Development, Network | Comments Off on Website Performance
June 3 2015

Videos

[embedyt] https://www.youtube.com/watch?v=01sy410NaUU[/embedyt]
[embedyt] https://www.youtube.com/watch?v=pynDvIsLoU0[/embedyt]

Category: Network | Comments Off on Videos