Page not found – ShopingServer Wiki

How to upgrade Alpine Linux 3.4/3.5/3.6 to 3.7.xx

msrxp — Thu, 04 Jan 2018 06:26:43 +0000

am using Alpine Linux v3.5 or v3.6 with my LXD server. How do I upgrade Alpine Linux v3.6 to Alpine Linux v3.7? How can I upgrade Alpine Linux v3.4 to Alpine Linux v3.7?

Before you type any one of the following command make sure that you have a backup of your important data before continuing to update your system. It is important that you keep full backup of your system. Alpine Linux is built around musl libc and busybox. This makes it smaller and more resource efficient than traditional GNU/Linux distributions. A container requires no more than 8 MB and a minimal installation to disk requires around 130 MB of storage. Not only do you get a fully-fledged Linux environment but a large selection of packages from the repository.

Fig.01: Upgrading an Alpine Linux Hard-disk installation

Alpine Linux was designed with security in mind. The kernel is patched with an unofficial port of grsecurity/PaX, and all userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and other vulnerabilities. When Alpine Linux is installed to hard drive or as LXD VM, upgrading to a newer stable version is straightforward.

Make a backup of your LXD container

Type the following command to create container snapshots:

$ lxc snapshot alpine-www01 snap0-Dec-05-2017-b4-update

Verify it:

$ lxc info alpine-www01

Sample outputs:

Name: alpine-www01

Remote: unix://

Architecture: x86_64

Created: 2017/07/17 11:38 UTC

Status: Running

Type: persistent

Profiles: default

Pid: 2297

Ips:

eth0: inet 10.105.28.45 vethELBFFO

eth0: inet6 fe80::216:3eff:fe1c:8793 vethELBFFO

lo: inet 127.0.0.1

lo: inet6 ::1

Resources:

Processes: 33

CPU usage:

CPU usage (in seconds): 302

Memory usage:

Memory (current): 67.72MB

Memory (peak): 86.41MB

Network usage:

eth0:

Bytes received: 15.70MB

Bytes sent: 10.35MB

Packets received: 220397

Packets sent: 123106

lo:

Bytes received: 1.89MB

Bytes sent: 1.89MB

Packets received: 12806

Packets sent: 12806

Snapshots:

snap0-Dec-05-2017-b4-update (taken at 2017/12/05 07:33 UTC) (stateless)

Now login to your Alpine Linux box/LXD VM using ssh command or lxc command.

Find out your Alpine Linux version

Type the following command:

$ cat /etc/alpine-release

3.6.2

How to upgrading to latest release

Edit /etc/apk/repositories file, enter:

# vi /etc/apk/repositories

Change the version number by hand. For example, the default entry for 3.4 is as follows:

http://dl-3.alpinelinux.org/alpine/v3.4/main

To update to 3.5.xx, enter:

http://dl-3.alpinelinux.org/alpine/v3.5/main

Change the version number by hand. For example, the default entry for 3.5 is as follows:

http://dl-3.alpinelinux.org/alpine/v3.5/main

To update to 3.5.xx, enter:

http://dl-3.alpinelinux.org/alpine/v3.6/main

Change the version number by hand. For example, the default entry for 3.6 is as follows:

http://dl-cdn.alpinelinux.org/alpine/v3.6/main

To update to 3.7.xx, enter:

http://dl-cdn.alpinelinux.org/alpine/v3.7/main

Save and close the file. Next grab the latest index using apk command:

# apk update

Sample outputs:

fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/main/x86_64/APKINDEX.tar.gz

fetch http://dl-cdn.alpinelinux.org/alpine/v3.7/community/x86_64/APKINDEX.tar.gz

v3.7.0-8-g7f9d974993 [http://dl-cdn.alpinelinux.org/alpine/v3.7/main]

v3.7.0-9-geec9573c5c [http://dl-cdn.alpinelinux.org/alpine/v3.7/community]

OK: 9106 distinct packages available

To upgrade all your packages, run apk command:

# apk upgrade –available

# apk upgrade –purge

Sample outputs:

Upgrading critical system libraries and apk-tools:

(1/3) Installing libressl2.6-libcrypto (2.6.3-r0)

(2/3) Installing libressl2.6-libssl (2.6.3-r0)

(3/3) Upgrading apk-tools (2.7.4-r0 -> 2.8.1-r1)

Executing busybox-1.26.2-r9.trigger

Executing ca-certificates-20161130-r2.trigger

Continuing the upgrade transaction with new apk-tools:

(1/64) Upgrading musl (1.1.16-r14 -> 1.1.18-r2)

(2/64) Upgrading busybox (1.26.2-r9 -> 1.27.2-r6)

Executing busybox-1.27.2-r6.post-upgrade

NOTE: /usr/bin/telnet has been moved to the package busybox-extras

NOTE: /usr/sbin/httpd has been moved to the package busybox-extras

NOTE: /usr/bin/ftpget has been moved to the package busybox-extras

NOTE: /usr/bin/ftpput has been moved to the package busybox-extras

NOTE: /usr/sbin/ftpd has been moved to the package busybox-extras

NOTE: /usr/bin/tftp has been moved to the package busybox-extras

NOTE: /usr/sbin/fakeidentd has been moved to the package busybox-extras

NOTE: /usr/sbin/dnsd has been moved to the package busybox-extras

NOTE: /usr/sbin/inetd has been moved to the package busybox-extras

NOTE: /usr/sbin/udhcpd has been moved to the package busybox-extras

(3/64) Upgrading alpine-baselayout (3.0.4-r0 -> 3.0.5-r2)

Executing alpine-baselayout-3.0.5-r2.pre-upgrade

Executing alpine-baselayout-3.0.5-r2.post-upgrade

(4/64) Upgrading openrc (0.24.1-r2 -> 0.24.1-r4)

Executing openrc-0.24.1-r4.post-upgrade

(5/64) Upgrading alpine-conf (3.6.0-r0 -> 3.7.0-r0)

(6/64) Upgrading zlib (1.2.11-r0 -> 1.2.11-r1)

(7/64) Upgrading busybox-suid (1.26.2-r9 -> 1.27.2-r6)

(8/64) Upgrading busybox-initscripts (3.1-r1 -> 3.1-r2)

Executing busybox-initscripts-3.1-r2.post-upgrade

(9/64) Upgrading scanelf (1.2.2-r0 -> 1.2.2-r1)

(10/64) Upgrading musl-utils (1.1.16-r14 -> 1.1.18-r2)

(11/64) Replacing libc-utils (0.7.1-r0 -> 0.7.1-r0)

(12/64) Replacing alpine-keys (2.1-r1 -> 2.1-r1)

(13/64) Upgrading alpine-base (3.6.2-r0 -> 3.7.0-r0)

(14/64) Installing pkgconf (1.3.10-r0)

(15/64) Replacing ncurses-terminfo-base (6.0_p20170930-r0 -> 6.0_p20170930-r0)

(16/64) Replacing ncurses-terminfo (6.0_p20170930-r0 -> 6.0_p20170930-r0)

(17/64) Replacing ncurses-libs (6.0_p20170930-r0 -> 6.0_p20170930-r0)

(18/64) Upgrading readline (6.3.008-r5 -> 7.0.003-r0)

(19/64) Upgrading bash (4.3.48-r1 -> 4.4.12-r1)

Executing bash-4.4.12-r1.post-upgrade

(20/64) Upgrading bash-completion (2.4-r0 -> 2.7-r3)

(21/64) Upgrading bc (1.06.95-r2 -> 1.07.1-r0)

(22/64) Upgrading ca-certificates (20161130-r2 -> 20171114-r0)

(23/64) Upgrading libssh2 (1.8.0-r1 -> 1.8.0-r2)

(24/64) Upgrading libcurl (7.56.1-r0 -> 7.57.0-r0)

(25/64) Upgrading curl (7.56.1-r0 -> 7.57.0-r0)

(26/64) Upgrading expat (2.2.0-r1 -> 2.2.5-r0)

(27/64) Installing pcre2 (10.30-r0)

(28/64) Upgrading git (2.13.5-r0 -> 2.15.0-r1)

(29/64) Upgrading git-bash-completion (2.13.5-r0 -> 2.15.0-r1)

(30/64) Installing libressl2.6-libtls (2.6.3-r0)

(31/64) Upgrading libressl (2.5.5-r0 -> 2.6.3-r0)

(32/64) Upgrading popt (1.16-r6 -> 1.16-r7)

(33/64) Upgrading logrotate (3.12.2-r0 -> 3.13.0-r0)

(34/64) Upgrading mariadb-common (10.1.26-r0 -> 10.1.28-r1)

(35/64) Upgrading mariadb-client (10.1.26-r0 -> 10.1.28-r1)

(36/64) Upgrading mysql-client (10.1.26-r0 -> 10.1.28-r1)

(37/64) Upgrading libbsd (0.8.3-r3 -> 0.8.6-r1)

(38/64) Replacing netcat-openbsd (1.130-r1 -> 1.130-r1)

(39/64) Upgrading pcre (8.41-r0 -> 8.41-r1)

(40/64) Upgrading nginx (1.12.2-r1 -> 1.12.2-r3)

Executing nginx-1.12.2-r3.pre-upgrade

Executing nginx-1.12.2-r3.post-upgrade

(41/64) Upgrading php5-common (5.6.32-r0 -> 5.6.32-r2)

(42/64) Upgrading libxml2 (2.9.4-r4 -> 2.9.7-r0)

(43/64) Upgrading php5-cli (5.6.32-r0 -> 5.6.32-r2)

(44/64) Upgrading php5 (5.6.32-r0 -> 5.6.32-r2)

Executing php5-5.6.32-r2.post-upgrade

(45/64) Upgrading php5-curl (5.6.32-r0 -> 5.6.32-r2)

(46/64) Upgrading php5-fpm (5.6.32-r0 -> 5.6.32-r2)

(47/64) Upgrading libbz2 (1.0.6-r5 -> 1.0.6-r6)

(48/64) Upgrading libpng (1.6.29-r1 -> 1.6.34-r1)

(49/64) Upgrading freetype (2.7.1-r1 -> 2.8.1-r2)

(50/64) Upgrading libjpeg-turbo (1.5.1-r0 -> 1.5.2-r0)

(51/64) Upgrading php5-gd (5.6.32-r0 -> 5.6.32-r2)

(52/64) Replacing libintl (0.19.8.1-r1 -> 0.19.8.1-r1)

(53/64) Upgrading php5-gettext (5.6.32-r0 -> 5.6.32-r2)

(54/64) Upgrading php5-mysql (5.6.32-r0 -> 5.6.32-r2)

(55/64) Upgrading php5-mysqli (5.6.32-r0 -> 5.6.32-r2)

(56/64) Upgrading php5-opcache (5.6.32-r0 -> 5.6.32-r2)

(57/64) Upgrading php5-zlib (5.6.32-r0 -> 5.6.32-r2)

(58/64) Upgrading libwebp (0.6.0-r0 -> 0.6.0-r1)

(59/64) Upgrading libgd (2.2.4-r2 -> 2.2.5-r0)

(60/64) Replacing vnstat (1.17-r0 -> 1.17-r0)

(61/64) Upgrading wget (1.19.1-r2 -> 1.19.2-r1)

(62/64) Purging libressl2.5-libtls (2.5.5-r0)

(63/64) Purging libressl2.5-libssl (2.5.5-r0)

(64/64) Purging libressl2.5-libcrypto (2.5.5-r0)

Executing busybox-1.27.2-r6.trigger

Executing ca-certificates-20171114-r0.trigger

OK: 101 MiB in 64 packages

Restart the server/VM container:

# sync

# reboot

Verify it:

$ cat /etc/alpine-release

3.7.0

For more information see https://alpinelinux.org/.

How to install bash shell in Alpine Linux

msrxp — Thu, 04 Jan 2018 06:18:41 +0000

ow do I install bash shell in my Alpine Linux LXD (Linux Container) virtual machine (VM)?

Alpine Linux comes with BusyBox. It is described as, “The Swiss Army Knife of Embedded Linux.” BusyBox combines tiny versions of many common UNIX utilities into a single small executable including /bin/sh. By default, bash is not included with BusyBox and Alpine Linux.

How do install bash in Alpine Linux

It is easy to have bash installed but this does not mean the symlinks to busybox are gone. The syntax is:

# apk update

# apk upgrade

# apk add bash

Sample outputs:

(1/5) Installing ncurses-terminfo-base (6.0-r7)

(2/5) Installing ncurses-terminfo (6.0-r7)

(3/5) Installing ncurses-libs (6.0-r7)

(4/5) Installing readline (6.3.008-r5)

(5/5) Installing bash (4.3.48-r1)

Executing bash-4.3.48-r1.post-install

Executing busybox-1.26.2-r5.trigger

OK: 14 MiB in 21 packages

To install bash documentation, enter:

# apk add bash-doc

To install bash automatic command line completion install, run:

# apk add bash-completion

Sample session:

Fig.01: How to get bash working on Alpine Linux

To use bash as a shell just type bash:

$ bash

To login to alpine Linux LXD vm from host, enter:

$ lxc exec alpine-lxd-vm-name-here bash

To change root shell to bash, enter:

# vi /etc/passwd

Find user name and the default shell such as /bin/ash:

root:x:0:0:root:/root:/bin/ash

Replace it with /bin/bash:

root:x:0:0:root:/root:/bin/bash

Customize bash shell

Here is a sample file:

cat ~/.bashrc

Sample outputs:

alias update= apk update && apk upgrade

export HISTTIMEFORMAT= %d/%m/%y %T

export PS1= \u@\h:\W \$

alias l= ls -CF

alias la= ls -A

alias ll= ls -alF

alias ls= ls –color=auto

source /etc/profile.d/bash_completion.sh

See Customize the bash shell environments wiki page for more info.

How to install GoAccess web log analyzer with Nginx on Linux or Unix

msrxp — Wed, 03 Jan 2018 14:30:05 +0000

oAccess is a real-time Apache/Nginx/Lighttpd web log analyzer and interactive viewer that runs in a terminal and provides fast and valuable HTTP statistics for system administrators that require a visual report on the fly. How do I install GoAccess on Ubuntu Linux server? How can I instal and use GoAccess on Linux or Unix-like system?

GoAccess is a free and open source real-time web log analyzer and interactive viewer that runs in a terminal in Linux/Unix/*BSD systems or through your browser. This tutorial shows how to install the GoAccess on Linux/Unix and how to use it on the *nix command line.

Install GoAccess

You must install GoAccess as per your Linux or Unix distro.

Install GoAccess on Ubuntu Linux

Type the following apt-get command/apt command as follows:

$ sudo apt-get install goaccess

Sample outputs:

Fig.01: How to install GoAccess on Ubuntu Linux server

Install GoAccess on Debian Linux

Type the following apt-get command/apt command as follows:

$ sudo apt-get install goaccess

Install GoAccess on Alpine Linux

Type the following apk command as follows:

# apk add goaccess

Install GoAccess on CentOS Linux

First turn on the EPEL repo and type the following yum command as follows:

$ sudo yum install epel-release

$ sudo yum install goaccess

Install GoAccess on Fedora Linux

First turn on the EPEL repo and type the following dnf command as follows:

$ sudo dnf install epel-release

$ sudo dnf install goaccess

Install GoAccess on Arch Linux

Type the following pacman command as follows:

# pacman -S goaccess

Install GoAccess on FreeBSD UNIX

To install the port:

# cd /usr/ports/sysutils/goaccess/ && make install clean

OR To add the package:

# pkg install goaccess

Install GoAccess on macOS UNIX (Homebrew)

Type the following brew command:

$ brew install goaccess

Install GoAccess on OpenBSD UNIX

Type the following pkg_add command:

$ doas pkg_add goaccess

Installing GoAccess using source code method

Type the following command to download and compile GoAccess on Unix-like system:

$ cd /tmp

$ wget http://tar.goaccess.io/goaccess-1.2.tar.gz

$ tar -zxvf goaccess-1.2.tar.gz

$ cd goaccess-1.2/

$ ./configure –enable-utf8 –enable-geoip=legacy && make

$ sudo make install

How do I use GoAccess?

The syntax is:

goaccess -f /path/to/nginx/access.log

goaccess -f /path/to/apache/access.log

goaccess -f /path/to/lighttpd/access.log

goaccess -f /path/to/lighttpd/access.log /path/to/lighttpd/access.log.1

zcat /path/to/nginx/access.log.*.gz | goaccess access.log –

goaccess [options] /path/to/lighttpd/access.log

Examples

Let us see some examples.

How can I see output on screen with a live report?

goaccess -f /var/log/nginx/access.log

You will be promoted to select “Log Format Configuration”:

Fig.02: Set the log-format for your log file

Next you will see a report as follows:

Fig.03: See an interactive report on screen

IMPORTANT SHORTCUT KEYS

You can use the following keys:

q – Quit the program.

h or ? – See help.

0-9 and Shift + 0 – Set selected module to active.

j – Scroll down within expanded module.

k – Scroll up within expanded module.

c – Set or change scheme color.

^f – Scroll forward one screen within active module.

^b – Scroll backward one screen within active module.

TAB – Iterate modules (forward).

SHIFT + TAB – Iterate modules (backward).

s – Sort options for active module.

/Search – across all modules (regex allowed).

n – Find position of the next occurrence.

g – Move to the first item or top of screen.

G – move to the last item or bottom of screen.

How do I generate an HTML report?

The syntax is:

goaccess -f /var/log/nginx/access.log –log-format=COMBINED -o www.nixcraft.com.log.html

Sample outputs:

Parsing… [669] [1112]

You can view report with your web-browser. Here is a sample report:

https://www.cyberciti.biz/files/goaccess/www.nixcraft.com.log.html

How do I use goaccess over an ssh based session?

The syntax is:

$ ssh vivek@server1.cyberciti.biz cat /var/log/nginx/access.log |goaccess –log-format=COMBINED -a –

$ ssh vivek@server1.cyberciti.biz cat /var/log/nginx/access.log |goaccess –log-format=COMBINED –

$ ssh vivek@server1.cyberciti.biz cat /var/log/nginx/access.log |goaccess –log-format=COMBINED -o www.nixcraft.com.log.htm –

How do I view real time stats in browser?

Run it as follows:

$ goaccess -f access.log -o report.html –real-time-html –addr=192.168.1.254 –port=8022

How to install and configure logrotate in Alpine Linux

msrxp — Wed, 03 Jan 2018 14:23:38 +0000

installed Alpine Linux as LXD (“Linux Container”). How do I install logrotate to configure log rotating for Nginx server?

You need to use the apk command command to install logrotate. It is an easy to use sysadmin tool that manages large numbers of log files. You can do automatic rotation, compression, removal and much more. This tutorial shows you how to manage log files with logrotate on Alpine Linux running in lxd or VM or any other cloud service.

Installation

Type the following command:

# apk add logrotate

Sample outputs:

(1/2) Installing popt (1.16-r6)

(2/2) Installing logrotate (3.10.0-r0)

Executing busybox-1.25.1-r0.trigger

OK: 89 MiB in 51 packages

Configuration

Your logrotate will get called everyday using a cron job. Here is a default cronjob:

# cat /etc/periodic/daily/logrotate

Sample outputs:

#!/bin/sh

if [ -f /etc/conf.d/logrotate ]; then

. /etc/conf.d/logrotate

if [ -x /usr/bin/cpulimit ] && [ -n $CPULIMIT ]; then

_cpulimit= /usr/bin/cpulimit –limit=$CPULIMIT

$_cpulimit /usr/sbin/logrotate /etc/logrotate.conf

EXITVALUE=$?

if [ $EXITVALUE != 0 ]; then

/usr/bin/logger -t logrotate ALERT exited abnormally with [$EXITVALUE]

exit 0

The default logrotate file is located at /etc/logrotate.conf:

# cat /etc/logrotate.conf

Sample outputs:

# see man logrotate for details

# rotate log files weekly

weekly

# keep 4 weeks worth of backlogs

rotate 4

# create new (empty) log files after rotating old ones

create

# use date as a suffix of the rotated file

dateext

# exclude alpine files

tabooext + .apk-new

# uncomment this if you want your log files compressed

compress

# main log file

/var/log/messages {}

# apk packages drop log rotation information into this directory

include /etc/logrotate.d

# system-specific logs may be also be configured here.

For nginx server create/update /etc/logrotate.d/nginx file as follows:

# cat /etc/logrotate.d/nginx

Sample outputs:

/var/log/nginx/*.log {

missingok

sharedscripts

postrotate

/etc/init.d/nginx –quiet –ifstarted reopen

endscript

}

What this means is that:

/var/log/nginx/*.log – Work on all log files in /var/log/nginx/ directory.

missingok – Do not halt on any error and carries on with the next log file.

sharedscripts – The sharedscripts means that the postrotate script will only be run once (after the old logs have been compressed), not once for each log which is rotated.

postrotate … script … endscript – Run this script after the old logs have been compressed. In this case reopen log files for nginx.

This will rotate log file every week. For more info see logrotate(8) man page.

This entry is 3 of 4 in the Installing Linux, Nginx, MySQL/MariaDB, PHP (LEMP stack) in Alpine Linux series. Keep reading the rest of the series:

Install Nginx On Alpine Linux

Install PHP7-fpm On Alpine Linux

How to install and configure logrotate

How to install Letsencrypt free SSL/TLS for Nginx certificate on Alpine Linux

10 Alpine Linux apk Command Examples

msrxp — Wed, 03 Jan 2018 14:11:20 +0000

am new Alpine Linux system admin user. How do I use apk command line utility for the package management on Apline Linux server running in cloud or a Linux container? How can I use the apk command for the package management?

apk command details

Description APK command

Category Package Manager

Difficulty Easy

Root privileges Yes

Estimated completion time 10m

Contents

Syntax

Examples

Update the package list

Search for package

Install a package

Remove/delete a package

Upgrade running system

List installed packages

Show statistics

OR ###

# apk search -v php7*

Sample outputs:

php7-intl-7.0.16-r0 – PHP7 extension: intl

php7-openssl-7.0.16-r0 – PHP7 extension: openssl

php7-dba-7.0.16-r0 – PHP7 extension: dba

php7-sqlite3-7.0.16-r0 – PHP7 extension: sqlite3

php7-pear-7.0.16-r0 – PHP Extension and Application Repository

php7-phpdbg-7.0.16-r0 – Interactive PHP debugger

php7-litespeed-7.0.16-r0 – PHP LiteSpeed SAPI

php7-gmp-7.0.16-r0 – PHP7 extension: gmp

php7-pdo_mysql-7.0.16-r0 – PHP7 extension: pdo_mysql

php7-pcntl-7.0.16-r0 – PHP7 extension: pcntl

php7-common-7.0.16-r0 – The PHP language runtime engine – 7th branch (common config)

php7-xsl-7.0.16-r0 – PHP7 extension: xsl

php7-fpm-7.0.16-r0 – PHP FastCGI Process Manager

php7-mysqlnd-7.0.16-r0 – PHP7 extension: mysqlnd

php7-enchant-7.0.16-r0 – PHP7 extension: enchant

php7-pspell-7.0.16-r0 – PHP7 extension: pspell

php7-snmp-7.0.16-r0 – PHP7 extension: snmp

….

…

php7-sockets-7.0.16-r0 – PHP7 extension: sockets

php7-soap-7.0.16-r0 – PHP7 extension: soap

php7-apcu-5.1.8-r0 – PHP extension APC User Cache

php7-sysvmsg-7.0.16-r0 – PHP7 extension: sysvmsg

php7-zlib-7.0.16-r0 – PHP7 extension: zlib

php7-ftp-7.0.16-r0 – PHP7 extension: ftp

php7-sysvsem-7.0.16-r0 – PHP7 extension: sysvsem

php7-pdo-7.0.16-r0 – PHP7 extension: pdo

php7-bz2-7.0.16-r0 – PHP7 extension: bz2

php7-mysqli-7.0.16-r0 – PHP7 extension: mysqli

How to install a package(s) by name

The syntax is:

# apk add pkgName

apk add pkgName1 pkgName2

To install a htop package, run:

# apk add htop

Sample outputs:

(1/1) Installing htop (2.0.2-r0)

Executing busybox-1.25.1-r0.trigger

OK: 39 MiB in 28 packages

To install Apache2 along with PHP7 and modules, run:

apk add apache2 php7-apache2 php7-gd php7-mysqli

Sample outputs:

(1/28) Installing libuuid (2.28.2-r1)

(2/28) Installing apr (1.5.2-r1)

(3/28) Installing expat (2.2.0-r0)

(4/28) Installing apr-util (1.5.4-r2)

(5/28) Installing pcre (8.39-r0)

(6/28) Installing apache2 (2.4.25-r0)

Executing apache2-2.4.25-r0.pre-install

(7/28) Installing php7-common (7.0.16-r0)

(8/28) Installing libedit (20150325.3.1-r3)

(9/28) Installing libxml2 (2.9.4-r2)

(10/28) Installing php7-apache2 (7.0.16-r0)

(11/28) Installing libxau (1.0.8-r1)

(12/28) Installing libxdmcp (1.1.2-r2)

(13/28) Installing libxcb (1.12-r0)

(14/28) Installing libx11 (1.6.4-r0)

(15/28) Installing libxext (1.3.3-r1)

(16/28) Installing libice (1.0.9-r1)

(17/28) Installing libsm (1.2.2-r0)

(18/28) Installing libxt (1.1.5-r0)

(19/28) Installing libxpm (3.5.12-r0)

(20/28) Installing libbz2 (1.0.6-r5)

(21/28) Installing libpng (1.6.25-r0)

(22/28) Installing freetype (2.7-r1)

(23/28) Installing libjpeg-turbo (1.5.1-r0)

(24/28) Installing libwebp (0.5.2-r0)

(25/28) Installing php7-gd (7.0.16-r0)

(26/28) Installing mariadb-common (10.1.22-r0)

(27/28) Installing mariadb-client-libs (10.1.22-r0)

(28/28) Installing php7-mysqli (7.0.16-r0)

Executing busybox-1.25.1-r0.trigger

OK: 64 MiB in 56 packages

How do install a local .apk file package?

The syntax is as follows to add a local package named foo.apk:

# apk add –allow-untrusted /path/to/foo.apk

How to remove or delete a package(s) by name

The syntax is:

# apk del pkgName

# apk del pkgName1 pkgName2

To delete a htop package run:

# apk del htop

Sample outputs:

(1/1) Purging htop (2.0.2-r0)

Executing busybox-1.25.1-r0.trigger

OK: 39 MiB in 27 packages

How to upgrade running Alpine Linux

The syntax is:

# apk update && apk upgrade

You can create a bash shell alias as follows in ~/.bashrc

# echo alias update= apk update && apk upgrade >> /.bashrc

Run it as follows:

# update

How do I upgrade selected packages only?

The syntax is

# apk add -u pkgName

To upgrade a htop only package:

# apk update

# apk add -u htop

How do I list installed packages?

The syntax is:

# apk info

# apk info -vv | grep foo

# apk info -vv | sort

Fig.02: How do I show/list installed packages in Alpine Linux

Find out which package a file belongs to..

to determine which package a file named /etc/passwd or /sbin/apk belongs to:

# apk info –who-owns /etc/passwd

/etc/passwd is owned by alpine-baselayout-3.0.4-r0

# apk info –who-owns /sbin/apk

/sbin/apk is owned by apk-tools-2.6.8-r2

List contents of the PACKAGE

# apk -L info pkgName

# apk -L info htop

Sample outputs:

htop-2.0.2-r0 contains:

usr/bin/htop

usr/share/applications/htop.desktop

usr/share/pixmaps/htop.png

Check if PACKAGE is installed

# apk -e info pkgName

#######################################

find out if atop PACKAGE is installed ###

#######################################

# apk -e info atop

No output displayed if PACKAGE is NOT installed.

List packages that the PACKAGE depends on

# apk -R info atop

Sample outputs:

atop-2.2_p3-r0 depends on:

so:libc.musl-x86_64.so.1

so:libncursesw.so.6

so:libz.so.1

List all packages depending on PACKAGE

# apk info -r pkgName

# apk info -r bash

Sample outputs:

bash-completion-2.4-r0

Show installed size of PACKAGE

# apk info -s pkgName

# apk info -s atop

Sample outputs:

atop-2.2_p3-r0 installed size:

520192

Print description for PACKAGE

# apk info -d pkgName

# apk info -d bash

Sample outputs:

bash-4.3.46-r5 description:

The GNU Bourne Again shell

Print all information about PACKAGE

# apk info -a pkgName

# apk info -a bash

Sample outputs:

apk info -a bash

bash-4.3.46-r5 description:

The GNU Bourne Again shell

bash-4.3.46-r5 webpage:

http://www.gnu.org/software/bash/bash.html

bash-4.3.46-r5 installed size:

700416

bash-4.3.46-r5 depends on:

busybox

so:libc.musl-x86_64.so.1

so:libncursesw.so.6

so:libreadline.so.6

bash-4.3.46-r5 provides:

bash-4.3.46-r5 is required by:

bash-completion-2.4-r0

bash-4.3.46-r5 contains:

bin/bashbug

bin/bash

bash-4.3.46-r5 triggers:

bash-4.3.46-r5 has auto-install rule:

bash-4.3.46-r5 affects auto-installation of:

bash-doc-4.3.46-r5

bash-4.3.46-r5 replaces:

bash-4.3.46-r5 license:

GPL3+

How do I see statistics about repositories and installations?

Run the command:

# apk stats

Sample outputs:

installed:

packages: 28

dirs: 163

files: 7097

bytes: 41205760

triggers: 1

available:

names: 11710

packages: 7961

atoms:

num: 5934

bash-4.3#

bash-4.3# apk stats

installed:

packages: 28

dirs: 163

files: 7097

bytes: 41205760

triggers: 1

available:

names: 11710

packages: 7961

atoms:

num: 5934

apk command options and examples

Command Usage Example

apk update Update the package list apk update

apk upgrade Upgrade the system apk update

apt ugrade

apk add pkg Add a package apk add apache

apk del pkg Delete a package apk del nginx

apk search -v Search for packages apk search -v

apk search -v -d ‘nginx*’

apk search -v ‘apache*’

apk info List all installed pacakges apk info

apk fix Repair package or upgrade it without modifying main dependencies apk fix

apk policy pkg Show repository policy for packages apk policy bash

apk stats Show statistics about repositories and installations apk stats

How To Install Nginx web server on Alpine Linux

omid — Wed, 03 Jan 2018 13:51:51 +0000

am a new user of Alpine Linux. How do I install nginx web server on Alpine Linux?

Nginx is a free and open source web server. You need nginx to display static or dynamic web pages. Nginx can also act as a reverse proxy and load balancer. This tutorial shows how to install nginx on Alpine Linux.

Step 1: Install the Nginx web server

First update your repo, run apk command as follows:

# apk update

Install the nginx server, run:

# apk add nginx

Sample outputs:

Fig.01: Installing the Nginx web server

Step 2: Create the user and Nginx directory

I am going to store files in /home/www/ directory and going to create a user named wwwcbz for the nginx. Run the following command:

# adduser -g Nginx www user -h /home/www/ wwwcbz

You will be prompted for the password as follows:

Changing password for wwwcbz

New password:

Retype password:

passwd: password for wwwcbz changed by root

Where,

-g Nginx www user : Set general information about the account wwwcbz

-h /home/www/ : The account home directory

wwwcbz : The account name

Step 3: Nginx configuration

You need to edit the /etc/nginx/nginx.conf file:

# vi /etc/nginx/nginx.conf

Your virtual hosts configs are located in /etc/nginx/conf.d/ directory:

# ls -l /etc/nginx/conf.d/

Sample outputs:

-rw-r–r– 1 root root 342 May 9 17:48 default.conf

Find out your serer IP address, run ifconfig command or ip command:

# ip a

# ifconfig -a

Fig.02: Finding out your IP address on Alpine Linux

Note down the IP address 10.114.13.11. I recommend that you create your virtual host entry in /etc/nginx/conf.d/ directory. For example, I am going to create a virtual entry for domain called www.cyberciti.biz as follows:

# vi /etc/nginx/conf.d/www.cyberciti.biz.conf

server {

# server ip #

listen 10.114.13.11:80;

# virtual server name i.e. domain name #

server_name www.cyberciti.biz;

# document root #

root /home/www;

# log files

access_log /var/log/nginx/www.cyberciti.biz_access.log;

error_log /var/log/nginx/www.cyberciti.biz_error.log;

# cache files on browser level #

# Directives to send expires headers and turn off 404 error logging. #

location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {

access_log off; log_not_found off; expires max;

}

I suggest you read the Nginx wiki for all other config options.

Step 4: Start the Nginx server

Make sure the nginx starts when system reboots:

# rc-update add nginx default

Sample outputs:

* service nginx added to runlevel default

Type the following command to start the nginx server:

# /etc/init.d/nginx start

# rc-service nginx start

Sample outputs:

* Caching service dependencies … [ ok ]

* /run/nginx: creating directory

* /run/nginx: correcting owner [ ok ]

* Starting nginx …

Command to restart nginx server

# rc-service nginx restart

Command to stop the nginx server

# rc-service nginx stop

Command to see status of the nginx server

# rc-service nginx status

Step 5: Viewing log files

The default log files can be views with the help of grep command/egrep command/more command/tail command:

# less /var/log/nginx/error.log

# less /var/log/nginx/access.log

# tail -f /var/log/nginx/www.cyberciti.biz_access.log

# grep error /var/log/nginx/www.cyberciti.biz_error.log

Finally, you must configure logrotate in Alpine Linux to rotate Nginx log files.

Verifying that Nginx is running

Type the following pgrep command:

# pgrep nginx

OR use the ps command along with grep command

# ps aux | grep [n|N]ginx

Sample outputs:

27876 root 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf

27877 nginx 0:00 nginx: worker process

27878 nginx 0:00 nginx: worker process

27879 nginx 0:00 nginx: worker process

27880 nginx 0:00 nginx: worker process

27882 nginx 0:00 nginx: worker process

27883 nginx 0:00 nginx: worker process

27884 nginx 0:00 nginx: worker process

27885 nginx 0:00 nginx: worker process

Verifying that Nginx port is open

Use the netstat command:

# netstat -tulpn | grep :80

Sample outputs:

tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 27876/nginx.conf

tcp 0 0 :::80 :::* LISTEN 27876/nginx.conf

This entry is 1 of 4 in the Installing Linux, Nginx, MySQL/MariaDB, PHP (LEMP stack) in Alpine Linux series. Keep reading the rest of the series:

Install Nginx On Alpine Linux

Install PHP7-fpm On Alpine Linux

How to install and configure logrotate

How to install Letsencrypt free SSL/TLS for Nginx certificate on Alpine Linux

msrxp — Wed, 03 Jan 2018 12:40:14 +0000

already installed and setup regular Nginx based HTTP server on Alpine Linux. How do I configure Nginx web server with letsencrypt free SSL/TLS certificate?

Nginx is a free and open source web server. You need nginx to display static or dynamic web pages. Nginx can also act as a reverse proxy and load balancer. Let’s Encrypt is a free certificate authority that provides free X.509 certificates for Transport Layer Security (TLS) encryption.

This tutorial shows how to install Let’s Encrypt for nginx on Alpine Linux.

Step 1 – Installation

First, you need to install the following commands on Alpine Linux using apk command:

# apk add netcat-openbsd bc curl wget git bash

Sample outputs:

(1/8) Installing bc (1.06.95-r2)

(2/8) Installing curl (7.54.0-r0)

(3/8) Installing expat (2.2.0-r1)

(4/8) Installing git (2.13.0-r0)

(5/8) Installing git-bash-completion (2.13.0-r0)

(6/8) Installing libbsd (0.8.3-r3)

(7/8) Installing netcat-openbsd (1.130-r1)

(8/8) Installing wget (1.19.1-r2)

Executing busybox-1.26.2-r5.trigger

OK: 106 MiB in 59 packages

Step 2 – Install acme.sh client

Type the following command to clone the acme.sh client, enter:

# cd /tmp/

# git clone https://github.com/Neilpang/acme.sh.git

Sample outputs:

Cloning into acme.sh …

remote: Counting objects: 4762, done.

remote: Compressing objects: 100% (6/6), done.

remote: Total 4762 (delta 2), reused 8 (delta 2), pack-reused 4754

Receiving objects: 100% (4762/4762), 1.69 MiB | 0 bytes/s, done.

Resolving deltas: 100% (2516/2516), done.

To install acme.sh client, enter:

# cd acme.sh/

# sudo -i

# ./acme.sh –install

Sample outputs:

[Sat Jul 29 11:20:29 GMT 2017] Installing to /root/.acme.sh

[Sat Jul 29 11:20:29 GMT 2017] Installed to /root/.acme.sh/acme.sh

[Sat Jul 29 11:20:29 GMT 2017] Installing alias to /root/.bashrc

[Sat Jul 29 11:20:29 GMT 2017] OK, Close and reopen your terminal to start using acme.sh

[Sat Jul 29 11:20:29 GMT 2017] Installing cron job

0 0 * * * /root/.acme.sh /acme.sh –cron –home /root/.acme.sh > /dev/null

[Sat Jul 29 11:20:29 GMT 2017] Good, bash is found, so change the shebang to use bash as preferred.

[Sat Jul 29 11:20:29 GMT 2017] OK

After install, you must close current terminal and reopen again to make the alias take effect. Or simply type the following command:

# source ~/.bashrc

Test it

# acme.sh

Step 3 – Create /.well-known/acme-challenge/ directory

Type the following command (set D to actual DocumentRoot path as per your setup):

# D=/var/www/localhost/htdocs

# mkdir -vp ${D}/.well-known/acme-challenge/

—[ NOTE: Adjust permission as per your setup ]—###

# chown -R nginx:nginx ${D}/.well-known/acme-challenge/

# chmod -R 0555 ${D}/.well-known/acme-challenge/

Step 4 – Generate a global dhparam file

First, you must install libressl:

# apk install libressl

Next, type the following command to create a global dhparam file. Run:

# mkdir -p /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/

# cd /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/

# openssl dhparam -dsaparam -out dhparams.pem 4096

Step 4 – Issue a certificate for newsletter.cyberciti.biz domain

The syntax is:

# acme.sh –issue -w $D -d newsletter.cyberciti.biz -k 4096

Where,

–issue : Issue a new certificate.

-w /DocumentRootPath/ : Specifies the web root folder for web root mode.

-d newsletter.cyberciti.biz : Specifies a domain, used to issue, renew or revoke etc. Can be used multiple times.

-k 4096 : Specifies the domain key length.

Step 5 – Configure TLS/SSL on Nginx web server

Edit the following file:

# vi /etc/nginx/conf.d/ssl.newsletter.cyberciti.biz.conf

START: SSL/HTTPS newsletter.cyberciti.biz ###

server {

listen 443 http2;

server_name newsletter.cyberciti.biz;

ssl on;

ssl_certificate /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/newsletter.cyberciti.biz.cer;

ssl_certificate_key /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/newsletter.cyberciti.biz.key;

ssl_session_timeout 1d;

ssl_session_cache shared:SSL:50m;

ssl_session_tickets off;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

ssl_dhparam /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/dhparams.pem;

ssl_prefer_server_ciphers on;

## Improves TTFB by using a smaller SSL buffer than the nginx default

ssl_buffer_size 8k;

## Enables OCSP stapling

ssl_stapling on;

resolver 8.8.8.8;

ssl_stapling_verify on;

## Send header to tell the browser to prefer https to http traffic

#add_header Strict-Transport-Security max-age=31536000;

## SSL logs ##

access_log /var/log/nginx/newsletter.cyberciti.biz_ssl_access.log;

error_log /var/log/nginx/newsletter.cyberciti.biz_ssl_error.log;

#——– END SSL config ——-##

root /var/www/localhost/htdocs;

index index.html index.htm index.php;

server_name newsletter.cyberciti.biz;

# configure php

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

# rest of your config ##

}

END SSL newsletter.cyberciti.biz ######

Install the issued certificate to Nginx web server

Type the following command:

# acme.sh –installcert -d newsletter.cyberciti.biz \

–keypath /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/newsletter.cyberciti.biz.key \

–fullchainpath /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/newsletter.cyberciti.biz.cer \

–reloadcmd /etc/init.d/nginx restart

Step 6 – Test it

Fire a web browser and type the following url:

https://newsletter.cyberciti.biz

A note about cron job

A cron job will try to do renewal a certificate for you too. This is installed by default as follows (no action required on your part):

# crontab -l

Sample job:

0 0 * * * /root/.acme.sh /acme.sh –cron –home /root/.acme.sh > /dev/null

How do I renew a certificate manually?

Type the following command:

# acme.sh –renew -d newsletter.cyberciti.biz

How do I upgrade acme.sh client?

Type the following command to upgrade acme.sh client to the latest code from https://github.com/Neilpang/acme.sh

# acme.sh –upgrade

This entry is 4 of 4 in the Installing Linux, Nginx, MySQL/MariaDB, PHP (LEMP stack) in Alpine Linux series. Keep reading the rest of the series:

Install Nginx On Alpine Linux

Install PHP7-fpm On Alpine Linux

How to install and configure logrotate

How to install Letsencrypt free SSL/TLS for Nginx certificate on Alpine Linux

How to install PHP 7 fpm on Alpine Linux

msrxp — Wed, 03 Jan 2018 12:38:15 +0000

am a new user of Alpine Linux. How do I install PHP 7.x along with Nginx web server on Alpine Linux?

Nginx is a free and open source web server. You need nginx to display static or dynamic web pages. Nginx can also act as a reverse proxy and load balancer. PHP is a free and open source server side programming language. This tutorial shows how to install PHP 7.x along with nginx on Alpine Linux.

Step 1: Install the Nginx web server

Type the following apk command to install nginx server on an Alpine Linux:

# apk update && apk upgrade

# apk add nginx

Step 2: Install the PHP 7.x

Type the following apk command to install the PHP 7.x language runtime engine:

# apk add php7 php7-fpm php7-opcache

Sample outputs:

Fig.01: Installing PHP 7

Step 3: Install the PHP 7.x modules

Add popular PHP modules such as MySQL, GD and others:

# apk add php7-gd php7-mysqli php7-zlib php7-curl

Sample outputs:

Fig.02: Installing PHP 7 modules

To search other modules run the following apk command. Run:

# apk search php7

# apk search php7 | more

Sample outputs:

php7-intl-7.1.5-r0

php7-openssl-7.1.5-r0

php7-dba-7.1.5-r0

php7-sqlite3-7.1.5-r0

php7-pear-7.1.5-r0

php7-tokenizer-7.1.5-r0

php7-phpdbg-7.1.5-r0

cacti-php7-1.0.0-r1

xapian-bindings-php7-1.4.3-r2

php7-litespeed-7.1.5-r0

php7-gmp-7.1.5-r0

php7-pdo_mysql-7.1.5-r0

php7-pcntl-7.1.5-r0

php7-common-7.1.5-r0

php7-xsl-7.1.5-r0

php7-fpm-7.1.5-r0

php7-imagick-3.4.3-r2

php7-mysqlnd-7.1.5-r0

php7-enchant-7.1.5-r0

php7-pspell-7.1.5-r0

php7-redis-3.1.2-r1

php7-snmp-7.1.5-r0

php7-doc-7.1.5-r0

php7-fileinfo-7.1.5-r0

php7-mbstring-7.1.5-r0

php7-dev-7.1.5-r0

php7-pear-mail_mime-1.10.0-r0

php7-xmlrpc-7.1.5-r0

php7-embed-7.1.5-r0

php7-xmlreader-7.1.5-r0

php7-pear-mdb2_driver_mysql-1.5.0b4-r0

php7-pdo_sqlite-7.1.5-r0

php7-pear-auth_sasl2-0.2.0-r0

php7-exif-7.1.5-r0

php7-recode-7.1.5-r0

php7-opcache-7.1.5-r0

php7-ldap-7.1.5-r0

php7-posix-7.1.5-r0

php7-pear-net_socket-1.1.0-r0

php7-session-7.1.5-r0

php7-gd-7.1.5-r0

php7-gettext-7.1.5-r0

php7-mailparse-3.0.2-r1

php7-json-7.1.5-r0

php7-xml-7.1.5-r0

php7-7.1.5-r0

php7-iconv-7.1.5-r0

php7-sysvshm-7.1.5-r0

php7-curl-7.1.5-r0

php7-shmop-7.1.5-r0

php7-odbc-7.1.5-r0

php7-phar-7.1.5-r0

php7-pdo_pgsql-7.1.5-r0

php7-imap-7.1.5-r0

php7-pear-mdb2_driver_pgsql-1.5.0b4-r0

php7-pdo_dblib-7.1.5-r0

php7-pgsql-7.1.5-r0

php7-pdo_odbc-7.1.5-r0

php7-xdebug-2.5.3-r1

php7-zip-7.1.5-r0

php7-apache2-7.1.5-r0

php7-cgi-7.1.5-r0

php7-ctype-7.1.5-r0

php7-amqp-1.9.0-r0

php7-mcrypt-7.1.5-r0

php7-wddx-7.1.5-r0

php7-pear-net_smtp-1.8.0-r1

php7-bcmath-7.1.5-r0

php7-calendar-7.1.5-r0

php7-tidy-7.1.5-r0

php7-dom-7.1.5-r0

php7-sockets-7.1.5-r0

php7-zmq-1.1.3-r1

php7-memcached-3.0.3-r1

php7-soap-7.1.5-r0

php7-apcu-5.1.8-r1

php7-sysvmsg-7.1.5-r0

php7-zlib-7.1.5-r0

php7-imagick-dev-3.4.3-r2

php7-ftp-7.1.5-r0

php7-sysvsem-7.1.5-r0

php7-pear-net_idna2-0.2.0-r1

php7-pdo-7.1.5-r0

php7-pear-auth_sasl-1.1.0-r0

php7-bz2-7.1.5-r0

php7-mysqli-7.1.5-r0

php7-pear-net_smtp-doc-1.8.0-r1

php7-simplexml-7.1.5-r0

php7-xmlwriter-7.1.5-r0

Or use the grep command along with the apk command:

# apk search php7 | grep -i gd

Step 4: Start the php-fpm7 server

Make sure the nginx and php-fpm7 starts when system reboots:

# rc-update add nginx default

service nginx added to runlevel default
# rc-update add php-fpm7 default
* service php-fpm7 added to runlevel default
Command to restart nginx and PHP7-fpm server
# rc-service nginx restart
# rc-service php-fpm7 restart

Sample outputs:

Fig.03: Starting/Stopping PHP and Nginx services

Command to stop nginx and PHP7-fpm server

# rc-service nginx stop

# rc-service php-fpm7 stop

Command to start nginx and PHP7-fpm server

# rc-service nginx start

# rc-service php-fpm7 start

Step 5: Configure PHP 7

Update you virtual host config file as follows

# vi /etc/nginx/conf.d/ssl.newsletter.cyberciti.biz.conf

Append/edit in server context:

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

Save and close the file. Here is a full config file:

START: SSL/HTTPS newsletter.cyberciti.biz ###

server {

listen 443 http2;

server_name newsletter.cyberciti.biz;

ssl on;

ssl_certificate /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/newsletter.cyberciti.biz.cer;

ssl_certificate_key /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/newsletter.cyberciti.biz.key;

ssl_session_timeout 1d;

ssl_session_cache shared:SSL:50m;

ssl_session_tickets off;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

ssl_dhparam /etc/nginx/ssl/letsencrypt/newsletter.cyberciti.biz/dhparams.pem;

ssl_prefer_server_ciphers on;

## Improves TTFB by using a smaller SSL buffer than the nginx default

ssl_buffer_size 8k;

## Enables OCSP stapling

ssl_stapling on;

resolver 8.8.8.8;

ssl_stapling_verify on;

## Send header to tell the browser to prefer https to http traffic

#add_header Strict-Transport-Security max-age=31536000;

## SSL logs ##

access_log /var/log/nginx/newsletter.cyberciti.biz_ssl_access.log;

error_log /var/log/nginx/newsletter.cyberciti.biz_ssl_error.log;

#——– END SSL config ——-##

root /var/www/localhost/htdocs;

index index.html index.htm index.php;

server_name newsletter.cyberciti.biz;

# configure php

location ~ \.php$ {

fastcgi_pass 127.0.0.1:9000;

fastcgi_index index.php;

include fastcgi.conf;

}

# rest of your config ##

}

END SSL newsletter.cyberciti.biz ######

Make sure you restart the nginx and php7:

# rc-service nginx restart

# rc-service php-fpm7 restart

Step 6: Test PHP 7

Create a php script file in your root directory such as /var/www/localhost/htdocs

# vi test.php

Add the following:

phpinfo();

Save and close the file. Test it:

http://your-domain/test.php

https://your-domain/test.php

This entry is 2 of 4 in the Installing Linux, Nginx, MySQL/MariaDB, PHP (LEMP stack) in Alpine Linux series. Keep reading the rest of the series:

Install Nginx On Alpine Linux

Install PHP7-fpm On Alpine Linux

How to install and configure logrotate

How to install Letsencrypt free SSL/TLS for Nginx certificate on Alpine Linux

How to hide PHP 5/7 version when using Nginx

msrxp — Wed, 03 Jan 2018 11:21:32 +0000

am using PHP 5.6.xx and Nginx server on an Apline Linux server. I want to hide ‘X-Powered-By: PHP/5.6.32’ HTTP header. How can I hide PHP version when using Nginx along with PHP-fpm5 or PHP-fpm7?

By default, client/user/browser see information about your PHP and web server version. If you forgot to update your PHP version, an attacker can use version information to attack or find vulnerabilities in your PHP version.

Let us see how to hide PHP version on a Linux or Unix-like system.

How to find out PHP version using the CLI

You need to use the curl command as follows:

curl -IL https://some-server-ip-OR-domain-name/

curl -IL https://server1.cyberciti.biz/

Sample outputs:

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 05 Dec 2017 04:36:28 GMT

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

X-Powered-By: PHP/5.6.32

Set-Cookie: PHPSESSID=lf9r4cdc1fqrm5l881ia5p52l2; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

X-Robots-Tag: noindex, noarchive

Strict-Transport-Security: max-age=15768000

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

X-Whome: l-cbz01

Referrer-Policy: no-referrer-when-downgrade

Hiding your PHP version

You need to edit/create a file named custom.ini as per your Linux/Unix variant. Do not edit php.ini file as it might get updated/replaced with your PHP version. Here is a quick list:

Alpine Linux and PHP v5.6.xx : /etc/php5/conf.d/custom.ini

Alpine Linux and PHP v7.xx : /etc/php7/conf.d/custom.ini

Debian/Ubuntu Linux and PHP v7.xx : /etc/php/7.0/fpm/conf.d/custom.ini

RHEL/Fedora/CentOS Linux : /etc/php.d/custom.ini

You can always find php directory location using php* and grep command:

$ php -i | more

$ php -i | grep -i -A4 Additional .ini files parsed

$ php-fpm5 -i | grep -i -A4 Additional .ini files parsed

$ php-fpm7.0 -i | grep -i -A4 Additional .ini files parsed

Sample outputs (look for directory name that stores all .ini files):

Configuration File (php.ini) Path => /etc/php/7.0/fpm

Loaded Configuration File => /etc/php/7.0/fpm/php.ini

Scan this dir for additional .ini files => /etc/php/7.0/fpm/conf.d

Additional .ini files parsed => /etc/php/7.0/fpm/conf.d/10-mysqlnd.ini,

/etc/php/7.0/fpm/conf.d/10-opcache.ini,

/etc/php/7.0/fpm/conf.d/10-pdo.ini,

Add the following line to custom.ini as per your setup:

########################################

this is for Alpine Linux and PHP v5.6.xx ##

########################################

echo expose_php = off >> /etc/php5/conf.d/custom.ini

Restart/reload PHP

The syntax depends upon your PHP version:

[ Alpine linux restart php-fpm ] ##

$ sudo /etc/init.d/php-fpm restart

[ RHEL/CentOS 5.x/6.x restart php-fpm ] ##

$ sudo service php-fpm restart

[ RHEL/CentOS 7.x restart php-fpm ] ##

$ sudo systemctl restart php-fpm

[ Debian/Ubuntu Linux latest restart php-fpm ] ##

$sudo service php7.0-fpm restart

[ FreeBSD restart php-fpm ] ##

$ sudo service php-fpm restart

Verification

Use the curl command again:

$ curl -IL https://some-server-ip-OR-domain-name/

$ curl -IL https://server1.cyberciti.biz/

Sample outputs:

HTTP/1.1 200 OK

Server: nginx

Date: Tue, 05 Dec 2017 05:17:40 GMT

Content-Type: text/html; charset=UTF-8

Connection: keep-alive

Set-Cookie: PHPSESSID=6vkcp53a1p99n57lccte9fs0m3; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

X-Robots-Tag: noindex, noarchive

Strict-Transport-Security: max-age=15768000

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

X-Whome: l-cbz01

Referrer-Policy: no-referrer-when-downgrade

You can also use the nmap command as follows:

sudo nmap -sV –script=http-php-version server-ip-here

sudo nmap -sV –script=http-php-version server1.cyberciti.biz

Sample outputs:

[sudo] password for vivek:

Starting Nmap 7.60 ( https://nmap.org ) at 2017-12-05 10:58 IST

Nmap scan report for server1.cyberciti.biz (192.168.2.42)

Host is up (0.39s latency).

rDNS record for 192.168.2.42: 42-2-168-192-staging.balancer.nginx.nixcraft.lan

Not shown: 998 closed ports

PORT STATE SERVICE VERSION

80/tcp open http nginx

|_http-server-header: nginx

443/tcp open ssl/http nginx

|_http-server-header: nginx

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 13.42 seconds

A warning about hiding PHP version

This technique falls under Security Through Obscurity. Even if nobody outside of your org allowed to find out anything about PHP version, an attacker can still guess or find your PHP version using other methods such as fingerprinting. I strongly suggest that you apply PHP/Nginx/Apache patches on time and write secure code. Updating PHP is pretty simple as per your Linux/Unix variant:

Update PHP and other apps on an Ubuntu/Debian Linux

Type the following apt command/apt-get command:

$ sudo apt update

$ sudo apt upgrade

Update PHP and other apps on a RHEL/CentOS/Fedora Linux

Type the following yum command:

$ sudo yum update

Update PHP and other apps on an Alpine Linux

Type the following apk command:

# apk update && apk upgrade

How to enable and start services on Alpine Linux

msrxp — Wed, 03 Jan 2018 11:13:31 +0000

ow do I add or delete service at boot time on an Alpine Linux? How do I enable service such as Nginx/Apache at boot time on an Alpine Linux? How do I start/stop/restart services on an Alpine Linux?

Alpine Linux comes with OpenRC init system. This tutorial shows how to use the various command on OpenRC to manage services.

View status of all services

Type the following command:

# rc-status

Runlevel: default

crond [ started ]

networking [ started ]

Dynamic Runlevel: hotplugged

Dynamic Runlevel: needed/wanted

Dynamic Runlevel: manual

The default run level is called default, and it started crond and networking service for us.

View service list

Type the following command:

# rc-status –list

Sample outputs:

boot

nonetwork

default

sysinit

shutdown

You can change run level using the rc command:

# rc {runlevel}

# rc boot

# rc default

# rc shutdown

boot – Generally the only services you should add to the boot runlevel are those which deal with the mounting of filesystems, set the initial state of attached peripherals and logging. Hotplugged services are added to the boot runlevel by the system. All services in the boot and sysinit runlevels are automatically included in all other runlevels except for those listed here.

single – Stops all services except for those in the sysinit runlevel.

reboot – Changes to the shutdown runlevel and then reboots the host.

shutdown – Changes to the shutdown runlevel and then halts the host.

default – Used if no runlevel is specified. (This is generally the runlevel you want to add services to.)

To see manually started services, run:

# rc-status –manual

apache2

To see crashed services, run:

# rc-status –crashed

How to list all available services

Type the following command:

# rc-service –list

# rc-service –list | grep -i nginx

If apache2/nginx not installed, try the apk command to install it:

# apk add apache2

How to add/enable service at boot time

The syntax is:

rc-update add {service-name} {run-level-name}

To add apache2 service at boot time, run:

# rc-update add apache2

# rc-update add apache2 default

Sample outputs:

* service apache2 added to runlevel default

How to start/stop/restart services on Alpine Linux

The syntax is as as follows:

How to start service

The syntax is:

# rc-service {service-name} start

# /etc/init.d/{service-name} start

How to stop service

The syntax is:

# rc-service {service-name} stop

# /etc/init.d/{service-name} stop

How to restart service

The syntax is:

# rc-service {service-name} restart

# /etc/init.d/{service-name} restart

Thus to stop, start, and restart an Apache2 service:

# rc-service apache2 stop

# rc-service apache2 start

[ edit config file ] ###

# vi /etc/apache2/httpd.conf

[ restart apache 2 after editing the file ] ###

# rc-service apache2 restart

Sample outputs:

For more info see Alpine Linux project.