Page not found – ShopingServer Wiki

HowTo: Upgrade CentOS Linux 6.4/6.3/6.2/6.1/6.0 to v6.5

omid — Sat, 06 Jan 2018 09:06:03 +0000

entOS Linux v6.5 has been released and available via repos for immediate update. The new version includes several hundred bug fixes for, and enhancements to the Linux kernel. How do I upgrade from CentOS Linux version 6.0 / 6.1 / 6.2 / 6.3 or 6.4 to the latest version 6.5?

You can only upgrade from minor release as CentOS does not support in-place upgrades between any major versions of CentOS Linux. However, a minor upgrade can be done easily and recommended for all users.

Back up any important data on the server/workstation

Make a backup – it cannot be stressed enough how important it is to make a backup of your system before you do this. You need to backup config files, user data stored in $HOME, pgsql/msyql/oracle and co databases, and web apps files. In short, backup all the data. Most of the actions listed in this post are written with the assumption that they will be executed by the root user running the bash or any other modern shell.

See your current CentOS release information

Type the following commands to see current version:

$ uname -mrs

$ cat /etc/redhat-release

Sample outputs:

CentOS release 6.4 (Final)

Show list of available updates

To list all packages with updates available with new release, enter:

# yum clean all

# yum check-update

# yum clean all

# yum list updates

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

Loading mirror speeds from cached hostfile

* base: centos.mirrors.tds.net

* extras: lug.mtu.edu

* updates: yum.singlehop.com

Updated Packages

abrt.x86_64 2.0.8-21.el6.centos base

abrt-addon-ccpp.x86_64 2.0.8-21.el6.centos base

abrt-addon-kerneloops.x86_64 2.0.8-21.el6.centos base

abrt-addon-python.x86_64 2.0.8-21.el6.centos base

abrt-cli.x86_64 2.0.8-21.el6.centos base

….

…

sysvinit-tools.x86_64 2.87-5.dsf.el6 base

udev.x86_64 147-2.51.el6 base

util-linux-ng.x86_64 2.17.2-12.14.el6 base

xmlrpc-c.x86_64 1.16.24-1210.1840.el6 base

xmlrpc-c-client.x86_64 1.16.24-1210.1840.el6 base

xorg-x11-drv-ati-firmware.noarch 7.1.0-3.el6 base

Note: Upgrade speed depends upon various factors such as the current system load, upstream rpm fetch server bandwidth and your Internet connection speed.

CentOS Linux: Upgrading your current system

Type the following yum command to upgrade:

# yum clean all

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

Cleaning repos: base extras updates

Cleaning up Everything

Cleaning up list of fastest mirrors

To update, enter:

# yum update

Sample outputs:

Loaded plugins: downloadonly, fastestmirror, security

Determining fastest mirrors

* base: mirrors.einstein.yu.edu

* extras: mirrors.loosefoot.com

* updates: yum.singlehop.com

base | 3.7 kB 00:00

base/primary_db | 4.4 MB 00:01

extras | 3.4 kB 00:00

extras/primary_db | 18 kB 00:00

updates | 3.4 kB 00:00

updates/primary_db | 26 kB 00:00

Setting up Update Process

Resolving Dependencies

–> Running transaction check

—> Package abrt.x86_64 0:2.0.8-16.el6.centos.1 will be updated

—> Package abrt.x86_64 0:2.0.8-21.el6.centos will be an update

—> Package abrt-addon-ccpp.x86_64 0:2.0.8-16.el6.centos.1 will be updated

—> Package abrt-addon-ccpp.x86_64 0:2.0.8-21.el6.centos will be an updateInstalling for dependencies:

….

…

lzo x86_64 2.03-3.1.el6 base 55 k

make x86_64 1:3.81-20.el6 base 389 k

p11-kit x86_64 0.18.5-2.el6 base 94 k

p11-kit-trust x86_64 0.18.5-2.el6 base 71 k

shared-mime-info x86_64 0.70-4.el6 base 209 k

snappy x86_64 1.1.0-1.el6 base 39 k

Transaction Summary

================================================================================

Install 7 Package(s)

Upgrade 128 Package(s)

Total download size: 122 M

Is this ok [y/N]: y

Downloading Packages:

(1/135): abrt-2.0.8-21.el6.centos.x86_64.rpm | 208 kB 00:00

(2/135): abrt-addon-ccpp-2.0.8-21.el6.centos.x86_64.rpm | 116 kB 00:00

(3/135): abrt-addon-kerneloops-2.0.8-21.el6.centos.x86_6 | 65 kB 00:00

(4/135): abrt-addon-python-2.0.8-21.el6.centos.x86_64.rp | 65 kB 00:00

(5/135): abrt-cli-2.0.8-21.el6.centos.x86_64.rpm | 54 kB 00:00

….

…

Updating : openssh-clients-5.3p1-94.el6.x86_64 107/263

Updating : openssh-server-5.3p1-94.el6.x86_64 108/263

warning: /etc/ssh/sshd_config created as /etc/ssh/sshd_config.rpmnew

Updating : parted-2.1-21.el6.x86_64 109/263

Updating : biosdevname-0.5.0-2.el6.x86_64 110/263

Updating : libdrm-2.4.45-2.el6.x86_64 111/263

…

Verifying : lvm2-2.02.98-9.el6_4.3.x86_64 262/263

Verifying : efibootmgr-0.5.4-10.el6.x86_64 263/263

Installed:

kernel.x86_64 0:2.6.32-431.el6

Dependency Installed:

lzo.x86_64 0:2.03-3.1.el6 make.x86_64 1:3.81-20.el6

p11-kit.x86_64 0:0.18.5-2.el6 p11-kit-trust.x86_64 0:0.18.5-2.el6

shared-mime-info.x86_64 0:0.70-4.el6 snappy.x86_64 0:1.1.0-1.el6

Updated:

abrt.x86_64 0:2.0.8-21.el6.centos

abrt-addon-ccpp.x86_64 0:2.0.8-21.el6.centos

….

systemtap-runtime.x86_64 0:2.3-3.el6

sysvinit-tools.x86_64 0:2.87-5.dsf.el6

udev.x86_64 0:147-2.51.el6

util-linux-ng.x86_64 0:2.17.2-12.14.el6

xmlrpc-c.x86_64 0:1.16.24-1210.1840.el6

xmlrpc-c-client.x86_64 0:1.16.24-1210.1840.el6

xorg-x11-drv-ati-firmware.noarch 0:7.1.0-3.el6

Complete!

(Command output truncated to fit on this page)

Reboot the Linux server using any one of the following method:

# reboot

# shutdown -r now

Sample outputs:

Broadcast message from vivek@db1

(/dev/pts/0) at 2:20 …

The system is going down for reboot NOW!

[root@db1 vivek]# Connection to 173.xxx.yyy.zzz closed by remote host.

Connection to 173.xxx.yyy.zz closed.

Verification: After rebooting the box

Verify that everything is working fine and you have been upgraded to the latest CentOS Linux v6.5 release with the following commands:

# uname -a

# cat /etc/redhat-release

Sample outputs:

Fig.01: CentOS Linux 6.5 Final

Verify open ports and make sure your apps are running without any problems with the following commands:

# netstat -tulpn

# tail -f /var/log/messages

# tail -f /path/to/log/files

# ps aux | less

# ps aux | egrep httpd|mysql

# pgrep my_app

See yum(8) for more information.

Mac OS X: Install Go Programming Language

omid — Sat, 06 Jan 2018 09:03:50 +0000

ow do I install Go language on Apple Mac OS X? How to setup GO lanuage on Mac OS X? How do I install Go language version 1.2+ on OS X?

Go or golang, is a programming language initially developed at Google by Robert Griesemer, Rob Pike, and Ken Thompson. Just like Linux kernel it has many contributors from the open source community. From the official project site:

Go is an open source programming language that makes it easy to build simple, reliable, and efficient software. Go is distributed under a BSD-style license. It is expressive, concise, clean, and efficient. Its concurrency mechanisms make it easy to write programs that get the most out of multicore and networked machines, while its novel type system enables flexible and modular program construction. Go compiles quickly to machine code yet has the convenience of garbage collection and the power of run-time reflection. It’s a fast, statically typed, compiled language that feels like a dynamically typed, interpreted language.

Install Xcode and gcc

Fig.01: Installing Xcode on OS X

First, you need to use the gcc that comes with Xcode. See how to install and use Xcode on Apple Mac OS X for more information.

Installing Golang on Mac OS X

Google provides the package file for OS X. All you have to do is visit this page and grab the latest version. Once downloaded, open it, and follow the prompts to install the Go tools. The package installs the Go distribution to /usr/local/go directory:

Golang installing on OS X using wizard

Golang install # 2

Golang install # 3

Golang – enter admin password

Golang install # 5

Golang install Completed

Verify your installation

Open the Terminal and type the following commands:

$ ls -l /usr/local/go

Sample outputs:

total 120

-rw-r–r– 1 root wheel 13577 Nov 29 03:13 AUTHORS

-rw-r–r– 1 root wheel 19578 Nov 29 03:13 CONTRIBUTORS

-rw-r–r– 1 root wheel 1479 Nov 29 03:13 LICENSE

-rw-r–r– 1 root wheel 1303 Nov 29 03:13 PATENTS

-rw-r–r– 1 root wheel 1112 Nov 29 03:13 README

-rw-r–r– 1 root wheel 5 Nov 29 03:16 VERSION

drwxr-xr-x 2 root wheel 272 Nov 29 03:13 api

drwxr-xr-x 2 root wheel 170 Nov 29 03:15 bin

drwxr-xr-x 4 root wheel 136 Nov 29 03:15 blog

drwxr-xr-x 8 root wheel 1292 Nov 29 03:13 doc

-rw-r–r– 1 root wheel 1150 Nov 29 03:13 favicon.ico

drwxr-xr-x 3 root wheel 510 Nov 29 03:13 include

drwxr-xr-x 3 root wheel 102 Nov 29 03:13 lib

drwxr-xr-x 22 root wheel 816 Nov 29 03:16 misc

drwxr-xr-x 6 root wheel 204 Nov 29 03:14 pkg

-rw-r–r– 1 root wheel 26 Nov 29 03:13 robots.txt

drwxr-xr-x 7 root wheel 782 Nov 29 03:13 src

drwxr-xr-x 16 root wheel 6800 Nov 29 03:13 test

Type the following command to display Go environment information:

$ go env

Sample outputs:

GOARCH= amd64

GOBIN=

GOCHAR= 6

GOEXE=

GOHOSTARCH= amd64

GOHOSTOS= darwin

GOOS= darwin

GOPATH=

GORACE=

GOROOT= /usr/local/go

GOTOOLDIR= /usr/local/go/pkg/tool/darwin_amd64

TERM= dumb

CC= gcc

GOGCCFLAGS= -g -O2 -fPIC -m64 -pthread -fno-common

CXX= g++

CGO_ENABLED= 1

Writing your first Go program

Create a text file called hello.go using a text editor such as vi/vim:

$ vi hello.go

Append the following code:

/* hello.go – My first Golang program */

package main

import fmt

func main() {

fmt.Printf( Hello, world\n )

}

Test and run hello.go, enter:

$ go run hello.go

Sample outputs:

Hello, world

To build an executable i.e. compile packages and dependencies into an executable file, enter:

$ go build hello.go

You will get an executable file called hello in the current directory:

$ ls -l hello

-rwxr-xr-x 1 vivek wheel 2188368 Dec 2 16:07 hello

$ file hello

hello: Mach-O 64-bit executable x86_64

You can run hello program as follows:

$ ./hello

Getting help

The go command is a tool for managing Go source code. To see basic help, type:

$ go help

Sample outputs:

Go is a tool for managing Go source code.

Usage:

go command [arguments]

The commands are:

build compile packages and dependencies

clean remove object files

env print Go environment information

fix run go tool fix on packages

fmt run gofmt on package sources

get download and install packages and dependencies

install compile and install packages and dependencies

list list packages

run compile and run Go program

test test packages

tool run specified go tool

version print Go version

vet run go tool vet on packages

Use go help [command] for more information about a command.

Additional help topics:

c calling between Go and C

gopath GOPATH environment variable

importpath import path syntax

packages description of package lists

testflag description of testing flags

testfunc description of testing functions

Use go help [topic] for more information about that topic.

To get more information on specific topic, type:

go help topicHere

go help build

go help build | less

References:

See the Golang home page and documenation for more information.

Nginx: Allow All But Block Certain POST Request URLS For Selected Spammer IP Address/CIDR

omid — Sat, 06 Jan 2018 09:02:02 +0000

am a small business and ecom site owner. I also run a WordPress based blog to connect with my customers. However, I get too much spam from certain IPs and net-blocks. How do I block access to certain url(s) such as example.com/blog/wp-comments-post.php for selected IP address and CIDRs? How do I allow everyone including IP address 1.2.3.4 to access my blog but block IP address 1.2.3.4 accessing only example.com/blog/wp-comments-post.php? How do I block POST requests for selected IPs/CIDR on nginx?

Nginx comes with a simple module called ngx_http_access_module to allow or deny access to IP address. You can also create a config file and block certain urls using the following method.

Step #1: Create spammers.conf file

Create a file called /etc/nginx/spammers.conf, enter:

# vi /etc/nginx/spammers.conf

You need to use the ngx_http_geo_module. This modile creates variables with values depending on the client IP address or CIDR. The syntax is:

geo $var_name {

default value1;

ip value2;

cidr value2;

}

In this example, block IPs/CIDRs – 101.0.71.27, 101.0.79.181, 101.0.79.27, 100.42.192.0/20, 101.192.0.0/14, and 148.248.0.0/16:

# spammers.conf #

geo $spammers_ip_cidrs {

## allow all ##

default no;

## block these bad ips/cidrs/spammers ##

101.0.71.27 yes;

101.0.79.181 yes;

101.0.79.27 yes;

100.42.192.0/20 yes;

101.192.0.0/14 yes;

148.248.0.0/16 yes;

}

Step #2: Update nginx.conf

Edit nginx.conf, enter:

# vi /etc/nginx/nginx.conf

Add the following in http section:

include /etc/nginx/spammers.conf;

Find your server section and add the following to match your POST request url:

location ~* /blog/wp-comments-post\.php$ {

if ( $spammers_ip_cidrs = yes ) {

## show default or custom forbidden page. To create black-hole use 444 code

return 403;

}

Here is a sample config directive for reverse proxy server:

server {

listen 75.126.153.206:80;

server_name www.cyberciti.biz;

access_log /var/log/nginx/access.log main;

error_log /var/log/nginx/error.log;

root /nfs/ha/root/nginx;

index index.html;

custom error pages put them at /nfs/ha/root/nginx location ##

error_page 404 /error-page-404.html;

location /error-page-404.html {

internal;

}

error_page 403 /error-page-403.html;

location = /error-page-403.html {

internal;

}

location section ##

location / {

proxy_pass http://backendapache;

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

proxy_set_header Host www.cyberciti.biz;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

location ~* /blog/wp-comments-post\.php$ {

if ( $spammers_ip_cidrs = yes ) {

return 403;

}

## add rest of config for matching url here ##

}

Save and close the file. Restart / reload nginx server, enter:

# service nginx reload

A visitor with an IP address 75.126.153.206 can browser your entire blog but will not able to post any comments. He/she (most likely a bot) will get an error code forbidden 403. A sample 403 error page:

Fig. 01: Custom nginx 403 page for www.cyberciti.biz

See how to create a custom 403/404 page using nginx for more information.

How do I find out spammers IP address?

Use the grep command as follows:

grep /blog/wp-comments-post.php access_1.log

Find all url /blog/wp-comments-post.php accessed on 30/Nov/2013 ##

last sort is bad ##

grep 30/Nov/2013 | grep /blog/wp-comments-post.php /path/to/archives/access_1.log | awk { print $1} | sort | uniq -c | sort -nr > spam.txt

Sample outputs:

$ cat spam.txt

22304 221.234.211.192

22133 221.235.67.111

11174 142.4.113.57

11110 192.184.37.126

4235 37.0.122.237

…

No sane person will try to submit comment 22304 times. So you can block all those IPs. You can automate the entire procedure by writing a shell/python/perl script. The writing of such script is left as an exercise to the readers.

Mac OS X Sierra Install wget Network Downloader Utility

omid — Sat, 06 Jan 2018 08:56:47 +0000

recently learned that “wget” can continue getting a partially-downloaded (resume download) file. I am unable to find wget command on Mac OS X. How do I install install wget on Mac OS X (Mountain Lion/ Mavericks / Snow Leopard)? How can I install wget in Mac OS X without 3rd-party repo such as Homebrew or MacPorts?

You can install the latest version of GNU/wget and many other open source software without using Homebrew or MacPorts. The steps are as follows to install wget on macOS Sierra using either Homebrew or source code:

Easy method #1: Install Homebrew and type command ‘brew install wget‘ on macOS Sierra.

Source code method #2:

Download, compile and install OpenSSL

Download, compile and install wget on macOS Sierra

Let use see both methods in detailed.

Method #1: Install wget using brew (recommended method)

Trust me this is the best and easy method to install wget using Homebrew:

Install Homebrew

$ /usr/bin/ruby -e $(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)

Install wget

$ brew install wget

Sample outputs:

Updating Homebrew…

==> Downloading https://homebrew.bintray.com/bottles/wget-1.19.1.sierra.bottle.tar.gz

################################################################## 100.0%

==> Pouring wget-1.19.1.sierra.bottle.tar.gz

? /usr/local/Cellar/wget/1.19.1: 10 files, 1.6MB

Use wget

$ /usr/local/bin/wget url

$ /usr/local/bin/wget url/file.tar.gz

$ /usr/local/bin/wget https://www.cyberciti.biz/

That is all, and you need to stop reading the rest. Please note that the rest of the following tutorial covers wget command installation using the source code method.

Method #2: Install wget using source code (recommended for advanced users only)

You need to install a free app called Xcode. It includes command line development tools such as gnu/gcc and friends. See how to install GCC Compiler with Xcode for more information.

Fig.01: Install gcc compiler on Mac OS X

I installed command line tools using the following command:

$ xcode-select –install

Step #1: Download gnu/wget source code

Use curl command as follows to download the latest gnu/wget from the official project site. Open the Terminal and than type the following commands:

$ cd /tmp

$ curl -O http://ftp.gnu.org/gnu/wget/wget-1.15.tar.gz

$ ls -l

Sample outputs:

Fig.02: Downloading wget source code with the curl utility

Step #2: Extract files

Use the tar command to extract files on OS X as follows:

$ tar xvf wget-1.15.tar.gz

Sample outputs:

x wget-1.15/

x wget-1.15/doc/

x wget-1.15/doc/stamp-vti

x wget-1.15/doc/texi2pod.pl

x wget-1.15/doc/Makefile.in

….

…

x wget-1.15/NEWS

x wget-1.15/configure

x wget-1.15/ChangeLog

x wget-1.15/MAILING-LIST

Step #3: Configure, Compile and Install GNU/wget on OS X

First, cd to the wget-1.15 directory using cd command:

$ cd wget-1.15

To configure wget, enter:

$ ./configure –with-ssl=openssl

Sample outputs:

Configure: configuring for GNU Wget 1.15

checking for a BSD-compatible install… /usr/bin/install -c

checking whether build environment is sane… yes

checking for a thread-safe mkdir -p… build-aux/install-sh -c -d

checking for gawk… no

checking for mawk… no

checking for nawk… no

checking for awk… awk

….

…

configure: creating ./config.status

config.status: creating Makefile

config.status: creating src/Makefile

config.status: creating doc/Makefile

config.status: creating util/Makefile

config.status: creating po/Makefile.in

config.status: creating tests/Makefile

config.status: creating tests/WgetTest.pm

config.status: creating lib/Makefile

config.status: creating src/config.h

config.status: executing depfiles commands

config.status: executing po-directories commands

config.status: creating po/POTFILES

config.status: creating po/Makefile

To compile wget on OS X, enter:

$ make

Sample outputs:

/Applications/Xcode.app/Contents/Developer/usr/bin/make all-recursive

Making all in lib

rm -f alloca.h-t alloca.h && \

{ echo /* DO NOT EDIT! GENERATED AUTOMATICALLY! */ ; \

cat ./alloca.in.h; \

} > alloca.h-t && \

mv -f alloca.h-t alloca.h

….

…

gcc -O2 -Wall -o wget cmpt.o connect.o convert.o cookies.o ftp.o css_.o css-url.o ftp-basic.o ftp-ls.o hash.o host.o html-parse.o html-url.o http.o init.o log.o main.o netrc.o progress.o ptimer.o recur.o res.o retr.o spider.o url.o warc.o utils.o exits.o build_info.o version.o ftp-opie.o openssl.o http-ntlm.o ../lib/libgnu.a -liconv -lssl -lcrypto -lz -ldl -lz -lz

Making all in doc

./texi2pod.pl -D VERSION= 1.15 ./wget.texi wget.pod

/usr/bin/pod2man –center= GNU Wget –release= GNU Wget 1.14 wget.pod > wget.1

Making all in po

Making all in tests

make[2]: Nothing to be done for `all .

Making all in util

make[2]: Nothing to be done for `all .

make[2]: Nothing to be done for `all-am .

To install wget, enter:

$ sudo make install

Find out wget location on OS X

By default wget will be installed at the /usr/local/bin/wget. You can use the whereis utility (or type -a) to check the wget location, enter:

$ whereis wget

$ type -a wget

If you do not see output, edit $HOME/.bash_profile or $HOME/.bashrc and add/edit/append PATH as follows:

export PATH=${PATH}:/usr/local/bin

Save and close the file.

How do I use wget command?

The basic syntax is:

wget url

wget http://www.cyberciti.biz/

wget ftp://url/

To see wget version, type:

$ wget –version

Sample outputs:

Installed wget on macOS Sierra

How do I update installed gnu/wget on OS X?

Warning: The following method only works if you installed gnu/wget earlier using source code based method as described above. Do not use the following method if you installed wget using Homebrew or MacPorts.

A note about installing wget on macOS Sierra using source code

You need to first install the latest version of openssl:

Step #1: Grab and install latest openssl version 1.19.1 using source code ###

$ cd /tmp/

$ curl -O https://www.openssl.org/source/openssl-1.1.0e.tar.gz

$ tar -zxvf openssl-1.1.0e.tar.gz

$ cd openssl-1.1.0e

$ ./config

$ make

$ sudo make install

Finally install wget using the following method:

Step #2: Grab and install wget version 1.19.1 using source code ###

$ cd /tmp

$ curl -O http://ftp.gnu.org/gnu/wget/wget-1.19.1.tar.gz

$ tar -zxvf wget-1.19.1.tar.gz

$ cd wget-1.19.1

$ export OPENSSL_CFLAGS= -I/usr/local/include

$ export OPENSSL_LIBS= -L/usr/local/lib -lssl -lcrypto -lz

$ ./configure –with-ssl=openssl

$ make

$ sudo make install

$ /usr/local/bin/wget url

See also

I recommend the following resources for usage and examples on both wget and curl commands:

wget: An intro to your ultimate command line downloader

See how to use wget alternative curl on OS X to download files.

See wget(1).

GNU/wget home page.

And there you have it, gnu/wget installed from directly source code without using 3rd party repos.

HowTo: Enable Nginx Status Page

omid — Sat, 06 Jan 2018 08:54:40 +0000

pache has status page that can provide data about Apache. How do I enable and display such page using nginx server? How do I enable nginx status page on Linux or Unix-like operating systems?

Like Aapache (httpd), nginx has status page to give you information about Nginx’s server health including Active connections and other data. You can use this info to fine tune your server. Please note that you will get stats for entire Nginx server running. This can not be used to get info per virtual host i.e. you will get data for entire Nginx server only.

Make sure HttpStubStatusModule compiled

Type the following command to verify that HttpStubStatusModule is compiled and available to you:

nginx -V | grep –color -o http_stub_status

Enable Nginx status page on Linux/Unix

Edit nginx.conf, enter:

# vi nginx.conf

Update your server { ….. } block/context as follows (see how to deny access to IP address on nginx):

location /nginx_status {

# Turn on nginx stats

stub_status on;

# I do not need logs for stats

access_log off;

# Security: Only allow access from 192.168.1.100 IP #

allow 192.168.1.100;

# Send rest of the world to /dev/null #

deny all;

}

Feel free to replace 192.168.1.100 with your actual IP address. This is a security feature as you do not want to show your status to the whole world.

Restart / reload nginx server

Type the following command to reload nginx:

# service nginx reload

# nginx -s reload

How do I view nginx status page?

Fire a browser and type the url:

example.com/nginx_status

1.2.3.4/nginx_status

www.cyberciti.biz/nginx_status

Sample outputs:

Gif 01: Nginx status page in action (note I am refreshing screen to show you demo)

Linux: Keep An Eye On Your System With Glances Monitor

omid — Sat, 06 Jan 2018 08:48:08 +0000

s there is a tool that can provide me a maximum of information (such as cpu, disk I/O, network, nfsd, memory and more) about my Linux/Unix server in a minimum of space in a terminal?

There are plenty of monitoring tools on Linux or Unix-like systems that can provide information about your server:

CPU load

OS Name/Kernel version

System load

Disk and Network I/O

Process

Memory usage

Mount point and much more.

Say hello to Glances

From the project home page:

Glances is a free (LGPL) cross-platform curses-based monitoring tool which aims to present a maximum of information in a minimum of space, ideally to fit in a classical 80×24 terminal or higher to have additionnal information. Glances can adapt dynamically the displayed information depending on the terminal size. It can also work in a client/server mode for remote monitoring.

This utility is written in Python and uses the psutil library to fetch the statistical values from your server.

Installation

You can install Glances using pip command line tool. You will also find packages for Arch Linux, Fedora/CentOS/RHEL, Debian, Ubuntu (13.04+), FreeBSD, OSX and so you should be able to install it using your favorite package manager as follows:

Install Glances on CentOS/Fedora/RHEL/Scientific Linux

First, turn on Extra Packages for Enterprise Linux (or EPEL) repo on CentOS/RHEL/SL. Type the following yum command:

# yum -y install glances

Sample outputs:

yum install glances

Loaded plugins: product-id, protectbase, rhnplugin

This system is receiving updates from RHN Classic or RHN Satellite.

rhel-x86_64-server-6 | 1.5 kB 00:00

rhel-x86_64-server-optional-6 | 1.5 kB 00:00

0 packages excluded due to repository protections

Setting up Install Process

Resolving Dependencies

–> Running transaction check

—> Package glances.noarch 0:1.7.1-1.el6 will be installed

–> Processing Dependency: python-psutil >= 0.4.1 for package: glances-1.7.1-1.el6.noarch

–> Processing Dependency: python-setuptools for package: glances-1.7.1-1.el6.noarch

–> Running transaction check

—> Package python-psutil.x86_64 0:0.6.1-1.el6 will be installed

—> Package python-setuptools.noarch 0:0.6.10-3.el6 will be installed

–> Finished Dependency Resolution

Dependencies Resolved

============================================================================

Package Arch Version Repository Size

============================================================================

Installing:

glances noarch 1.7.1-1.el6 epel 107 k

Installing for dependencies:

python-psutil x86_64 0.6.1-1.el6 epel 84 k

python-setuptools noarch 0.6.10-3.el6 rhel-x86_64-server-6 336 k

Transaction Summary

============================================================================

Install 3 Package(s)

Total download size: 527 k

Installed size: 843 k

Is this ok [y/N]: y

Downloading Packages:

(1/3): glances-1.7.1-1.el6.noarch.rpm | 107 kB 00:00

(2/3): python-psutil-0.6.1-1.el6.x86_64.rpm | 84 kB 00:00

(3/3): python-setuptools-0.6.10-3.el6.noarch.rpm | 336 kB 00:00

Total 1.8 MB/s | 527 kB 00:00

Running rpm_check_debug

Running Transaction Test

Transaction Test Succeeded

Running Transaction

Installing : python-psutil-0.6.1-1.el6.x86_64 1/3

Installing : python-setuptools-0.6.10-3.el6.noarch 2/3

Installing : glances-1.7.1-1.el6.noarch 3/3

Verifying : python-setuptools-0.6.10-3.el6.noarch 1/3

Verifying : python-psutil-0.6.1-1.el6.x86_64 2/3

Verifying : glances-1.7.1-1.el6.noarch 3/3

Installed:

glances.noarch 0:1.7.1-1.el6

Dependency Installed:

python-psutil.x86_64 0:0.6.1-1.el6

python-setuptools.noarch 0:0.6.10-3.el6

Complete!

Install Glances on Debian/Ubuntu Linux (13.04+)

Type the following command:

$ sudo apt-get install glances

Sample outputs:

Reading package lists… Done

Building dependency tree

Reading state information… Done

The following extra packages will be installed:

python-jinja2 python-markupsafe python-psutil

Suggested packages:

python-jinja2-doc

The following NEW packages will be installed:

glances python-jinja2 python-markupsafe python-psutil

0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.

Need to get 734 kB of archives.

After this operation, 2,429 kB of additional disk space will be used.

Do you want to continue? [Y/n]

Get:1 http://mirrors.service.networklayer.com/ubuntu/ trusty/main python-markupsafe amd64 0.18-1build2 [14.3 kB]

Get:2 http://mirrors.service.networklayer.com/ubuntu/ trusty/main python-jinja2 all 2.7.2-2 [161 kB]

Get:3 http://mirrors.service.networklayer.com/ubuntu/ trusty/main python-psutil amd64 1.2.1-1ubuntu2 [50.2 kB]

Get:4 http://mirrors.service.networklayer.com/ubuntu/ trusty/universe glances all 1.7.3-2ubuntu1 [509 kB]

Fetched 734 kB in 0s (6,667 kB/s)

Selecting previously unselected package python-markupsafe.

(Reading database … 64983 files and directories currently installed.)

Preparing to unpack …/python-markupsafe_0.18-1build2_amd64.deb …

Unpacking python-markupsafe (0.18-1build2) …

Selecting previously unselected package python-jinja2.

Preparing to unpack …/python-jinja2_2.7.2-2_all.deb …

Unpacking python-jinja2 (2.7.2-2) …

Selecting previously unselected package python-psutil.

Preparing to unpack …/python-psutil_1.2.1-1ubuntu2_amd64.deb …

Unpacking python-psutil (1.2.1-1ubuntu2) …

Selecting previously unselected package glances.

Preparing to unpack …/glances_1.7.3-2ubuntu1_all.deb …

Unpacking glances (1.7.3-2ubuntu1) …

Processing triggers for ureadahead (0.100.0-16) …

ureadahead will be reprofiled on next reboot

Processing triggers for man-db (2.6.7.1-1ubuntu1) …

Setting up python-markupsafe (0.18-1build2) …

Setting up python-jinja2 (2.7.2-2) …

Setting up python-psutil (1.2.1-1ubuntu2) …

Setting up glances (1.7.3-2ubuntu1) …

Creating system user glances .

* Starting Glances server glances * Not starting glances: disabled by /etc/default/glances.

Processing triggers for ureadahead (0.100.0-16) …

Turn on glances by editing the /etc/default/glances file, enter:

# vi /etc/default/glances

Update it as follows to ‘true’ to have glances running at startup:

RUN= true

Save and close the file. Start glances:

# service glances start

How do I use glances?

The basic syntax is:

# glances

# glances [options]

Sample outputs:

Fig.01: glances in action (click to enlarge)

To quit just press q (Esc and Ctrl-C also work). Here is another output from Ubuntu based system:

Fig.02: Glances in action (Image credit – Glances author)

HTML5 capable browser user can view quick video demo by clicking the following link:

Sorry, your browser doesn’t support HTML5 video.

(Video 01: Glances command in action)

Fine tuning output (interactive commands)

Use the following hot keys to find tune your output:

a Sort processes automatically.

c Sort processes by CPU%.

m Sort processes by MEM%.

p Sort processes by name.

i Sort processes by I/O rate.

d Show/hide disk I/O stats.

f Show/hide file system stats.

n Show/hide network stats.

s Show/hide sensors stats.

y Show/hide hddtemp stats.

l Show/hide logs.

b Bytes or bits for network I/O.

w Delete warning logs.

x Delete warning and critical logs.

1 Global CPU or per-CPU stats.

t View network I/O as combination.

u – View cumulative network I/O.

How do I use Glances in client/server mode?

On server type the following command to bind server to the given IPv4/IPv6 address or hostname:

# glances -B @IP|host

# glances -B 75.126.153.206

# glances -B www.cyberciti.biz

From your desktop client such as OSX/FreeBSD/Linux based system type the following command to connect to a Glances server by IPv4/IPv6 address or hostname:

# glances -c @IP|host

# glances -c 75.126.153.206

# glances -c www.cyberciti.biz

You may need to pass the -P password to set a client/server password. The -s run Glances in server mode:

How do I refresh information every 5 seconds?

Type the following command:

# glances -t 5

How do I see all supported options?

This command has many more options, type the following command at shell prompt:

$ glances -h

Sample outputs:

Glances version 1.7.3 with PsUtil 1.2.1

Usage: glances [options]

Options:

-b Display network rate in Byte per second

-B @IP|HOST Bind server to the given IPv4/IPv6 address or hostname

-c @IP|HOST Connect to a Glances server by IPv4/IPv6 address or hostname

-C FILE Path to the configuration file

-d Disable disk I/O module

-e Enable sensors module

-f FILE Set the HTML output folder or CSV file

-h Display the help and exit

-m Disable mount module

-n Disable network module

-o OUTPUT Define additional output (available: HTML or CSV)

-p PORT Define the client/server TCP port (default: 61209)

-P PASSWORD Define a client/server password

–password Define a client/server password from the prompt

-r Disable process list

-s Run Glances in server mode

-t SECONDS Set refresh time in seconds (default: 3 sec)

-v Display the version and exit

-y Enable hddtemp module

-z Do not use the bold color attribute

-1 Start Glances in per CPU mode

See also

Glances is not the only option. You can try:

How to install and use atop – an advanced system & process monitor.

How to install and use htop – an interactive process viewer.

Linux: Find Out What Process Are Using Swap Space

Install and Use nmon Tool To Monitor Linux Systems Performance

Top 20 recommend old good Linux and Unix system monitoring tool such as top, vmstat, mpstat, ps, iostat, sar, pmap and more.

Glances project home page or try pypi Glances repo for more info.

Linux: Monitor Hard Disks Temperature With hddtemp.

Man page: glances(1)

Nginx: Redirect Backend Traffic Based Upon Client IP Address

omid — Sat, 06 Jan 2018 08:43:50 +0000

have four Apache backend servers in front of nginx reverse proxy server. How do I make sure nginx reverse proxy load balancer always send specific client IP address (say IP 1.2.3.4) request to http://apachereadwrite/ backend and rest to http://apachereadonly/ backend?

Nginx web server does support if conditional configuration. You can redirect and/or select configuration depending on client ip address. In this case you need to use the variable called $remote_addr which can be used to retrieve information about the users ip address. This is useful if you want to give file upload capabilities to your own office IP address and read-only capabilities to the rest of the world based upon client IP address or vpn address:

File upload is disabled on

server {A,B,C} via php

+——+ +—–+ +—–+ +—–+

| | | | | | | |

Backends | A | | B | | C | | D | File upload enabled

| | | | | | | |

+–+—+ +-+—+ +–+–+ +-+—+

| | | |

+——–+———+——-+

+—+—+

| |

+——-+

nginx reverse proxy server

Edit the file /etc/php.ini on server {A,B,C}, type:

# vi /etc/php.ini

Make the following changes to /etc/php.ini:

# Disallow uploading altogether this makes moving or injecting bad scripts/code onto your web server more difficult

file_uploads = Off

# Disallow treatment of file requests as fopen calls

allow_url_fopen = Off

allow_url_include = Off

Restart Apache server on {A,B,C}. Make sure file upload is enabled on server A by editing php.ini and setting the following entries:

file_uploads = On

upload_max_filesize=2M

post_max_size=4M

Nginx syntax

The syntax is as follows:

if ( $remote_addr ~* ip-address-here ) {

proxy_pass http://YOUR-BACKEND-HERE;

}

First set default proxy_pass:

Default backend is apachereadonly ##

proxy_pass http://apachereadonly;

Check for client ip address:

If IP is 1.2.3.4 send backend to apachereadwrite ##

if ( $remote_addr ~* 1.2.3.4 ) {

proxy_pass http://apachereadwrite;

}

Examples

Edit nginx.conf file, enter:

# vi nginx.conf

Edit/append as follows:

## apachereadonly backend ##

upstream apachereadonly {

server 10.10.11.10:8011;

server 10.10.11.11:8011;

server 10.10.11.12:8011;

ip_hash;

}

## apachereadwrite backend ##

upstream apachereadwrite {

server 10.10.11.13:8011;

}

## config ##

location / {

proxy_set_header Accept-Encoding ;

proxy_set_header Host $http_host;

proxy_set_header X-Forwarded-By $server_addr:$server_port;

proxy_set_header X-Forwarded-For $remote_addr;

proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Real-IP $remote_addr;

## default backend

proxy_pass http://apachereadonly;

## send traffic to apachereadwrite backend if ip is 1.2.3.4 ##

if ( $remote_addr ~* 1.2.3.4 ) {

proxy_pass http://apachereadwrite;

}

proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

}

## rest of config ##

Save and close the file. Restart / reload nginx server:

# /etc/init.d/nginx reload

# /usr/sbin/nginx -s reload

Linux / Unix: whereis Command Examples

omid — Sat, 06 Jan 2018 08:42:14 +0000

am a new Linux and Unix-like system command line user. How do I find and locate the binary, source, and manual page files for a given command?

You need to use the whereiscommand to find the source, binary, and manuals sections for specified commands or files.

whereis command details

Description Locating command or program

Category Searching

Difficulty Easy

Root privileges No

Estimated completion time 10m

Contents

Syntax

Examples

Search only for binaries

Search only for manual sections

Search only for sources

Searches for unusual files

Limit the searches for binaries to specific directories

Options

See also

A binary is nothing but an executable from of a command such as ls or program such as Gimp. Use this command to find out:

The location of a binary file.

The location of source code.

The location of man page.

Purpose

Find the binary, source code and man page for specified program or command.

Syntax

The basic syntax is as follows:

whereis command

whereis program

whereis [options] program

whereis -BMS directory -f command

whereis command examples

To find out the location of the executable, source code and man page for the date command, type:

$ whereis date

Sample outputs:

Animated gif 01: whereis command running on my Debian based server

How do I only search for binary files?

Pass the -b option as follows:

$ whereis -b date

How do I only search for manual sections files?

Pass the -m option as follows:

$ whereis -m date

How do I only search for source code files?

Pass the -s option as follows:

$ whereis -s date

How do I only Search for unusual entries?

A file is said to be unusual if it does not have one entry of each requested type. Thus the following example, asks for those files in the current directory which have no documentation:

$ whereis -m -u *

How can I limit the searches for binaries to specific directories?

You can pass the following option to limit limit the places where whereis searches for files:

-B /path/to/dir : Limit the places where whereis searches for binaries.

-M /path/to/dir : Limit the places where whereis searches for manual sections.

-S /path/to/dir : Limit the places where whereis searches for sources.

You must pass the -f option when any of the -B, -M, or -S options are used. The -f option terminate the last directory list and signals the start of file names. In this example, limit search for binary files in /bin/ directory only for ls and gcc commands:

$ whereis -B /bin -f ls gcc

Sample outputs:

ls: /bin/ls /usr/share/man/man1/ls.1.gz

gcc:

There is no output for the gcc command since it is located in /usr/bin/ directory. To find all of the files in the /sbin/ directory that either are not documented in the /usr/man/man8 directory or do not have source in the /root/src directory, enter:

# cd /sbin

# whereis -u -M /usr/man/man8/ -S /root/src/ -f *

whereis command options

From the whereis(1) command man page:

Option Meaning

-f Define search scope.

-b Search only binaries.

-B Define binaries lookup path.

-m Search only manual paths.

-M Define man lookup path.

-s Search only sources path.

-S Define sources lookup path.

-u Search from unusual enties.

-V Output version information and exit.

-h Display this help and exit.

See also

whereis(1)

Category List of Unix and Linux commands

File Management cat

Network Utilities dig • host • ip •

Package Manager apk • apt

Processes Management bg • chroot • disown • fg • jobs • kill • killall • pwdx • time • pidof • pstree

Searching whereis • which

User Information groups • id • last • lastcomm • logname • users • w • who • whoami • lid • members

Linux / Unix: Check Last Time User Logged In On The System

omid — Sat, 06 Jan 2018 08:37:06 +0000

am a new Unix system admin. How do I find ouw who has recently use the Linux or Unix-like server? Which terminals they used, and when they logged in and out of the my server?

You need to use last command. This command displays last logins of users and ttys.

Listing the Last times a user logged in on server

The syntax is as follows:

last

last [UserNameHere]

last [option] [UserNameHere]

Example: Display Linux user last login

To display when a user named ‘vivek’ last logged in to the system, type:

$ last vivek

$ last vivek | less

Sample outputs:

Fig.01: last command in action on my Debian base nas server

The output in this example tell us when user vivek last logged in. The output will go back for several months or more as last command searches back through the file /var/log/wtmp and displays a list of all users logged in (and out) since that file was created.

Display a list of recent system use for all users

Simply type the last command:

$ last

$ last | less

Sample outputs taken from my RHEL based server:

root pts/0 10.1.6.120 Mon Jan 27 06:26 still logged in

root pts/0 10.1.6.120 Mon Jan 27 03:37 – 06:26 (02:48)

root pts/0 10.1.6.120 Sun Jan 26 02:47 – 09:28 (06:40)

root pts/4 10.1.6.120 Sat Jan 25 11:02 – 11:02 (00:00)

root pts/0 10.1.6.120 Sat Jan 25 10:15 – 13:12 (02:56)

root pts/4 10.1.6.120 Sat Jan 25 06:01 – 06:32 (00:31)

root pts/0 10.1.6.120 Sat Jan 25 03:08 – 09:04 (05:55)

root pts/4 10.1.6.120 Sat Jan 25 01:06 – 03:18 (02:11)

root pts/0 10.1.6.120 Fri Jan 24 23:59 – 02:11 (02:12)

root pts/0 10.1.6.120 Fri Jan 24 05:30 – 08:39 (03:08)

root pts/0 10.1.6.120 Thu Jan 23 04:22 – 05:41 (01:19)

….

…

root pts/1 10.1.6.120 Sun Jan 5 11:09 – 14:29 (03:20)

root pts/0 10.1.6.120 Sun Jan 5 10:05 – 12:19 (02:14)

reboot system boot 2.6.32-431.3.1.e Sun Jan 5 10:02 – 06:52 (21+20:50)

root pts/0 10.1.6.120 Sun Jan 5 09:58 – down (00:00)

root pts/0 10.1.6.120 Sun Jan 5 03:33 – 05:45 (02:12)

root pts/1 10.1.6.120 Sat Jan 4 15:06 – 17:28 (02:21)

root pts/0 10.1.6.120 Sat Jan 4 13:46 – 15:58 (02:11)

root pts/0 10.1.6.120 Sat Jan 4 05:05 – 07:16 (02:11)

root pts/1 10.1.6.120 Fri Jan 3 14:29 – 15:44 (01:15)

root pts/0 10.1.6.120 Fri Jan 3 13:20 – 15:32 (02:11)

root pts/0 10.1.6.120 Thu Jan 2 05:19 – 05:32 (00:13)

root pts/0 10.1.6.120 Tue Dec 31 13:57 – 16:06 (02:09)

wtmp begins Tue Dec 31 13:57:23 2013

See also

I strongly suggest that you see our last command examples page.

Read last(1).

See /var/log/wtmp file.

HowTo: Prevent Yum From Upgrading The Kernel On a CentOS / Red Hat Enterprise Linux

omid — Sat, 06 Jan 2018 08:34:07 +0000

am a new RHEL / Centos Linux server admin. I would like yum to update all packages except the Linux Kernel. How can I prevent yum command from updating kernel on a CentOS/RHEL/Fedora Linux based systems?

You can prevent yum command from updating the Kernel permanently by following the simple steps.

Option #1: Edit /etc/yum.conf file

Use a text editor such as vi to edit /etc/yum.conf:

# vi /etc/yum.conf

Append/modify exclude directive line under [main] section, enter:

exclude=kernel*

Save and close the file. Try, updating the system without updating the Linux kernel:

# yum -y update

This is a permanent option, so you don’t need pass the -x option to yum command.

Option #2: Pass the -x option to prevent yum from updating kernel

The syntax is as follows to skip update on command line itself:

# yum -x kernel* update