Jose Velazquez, Author at Atlantic.Net

How to Install Apache, MySQL, PHP (LAMP) On Arch Linux

January 12, 2016 by Jose Velazquez under Cloud Hosting 0 Comments

LAMP – Lighting created by Walker Cahall

Verified and Tested 1/12/16

Introduction

This how-to will help you with your LAMP installation in Arch Linux so that you can successfully run a high available solid platform for your web environment. LAMP is simply a software bundle that consists of 4 components that work together to form a powerful web server. However, in this setup the acronym’s are as follows: Linux (L) is the core of the platform which will sustain the other components. Apache (A) is used for the web service. MySQL (M) is used for database management, and PHP (P) is used as the programming language.

Prerequisites

You need an Arch Linux server that is configured with a static IP address. If you do not have a server already, please consider our cheap and reliable Cloud Hosting plans and spin a new server up in under 30 seconds.

December 30, 2015 by Jose Velazquez under HIPAA Compliant Cloud Hosting 0 Comments

Verified and Tested 08/28/15

Introduction

Nothing is more frustrating than wanting to do something and not knowing how to do it. In this How-to, we will be going over the some of FreeBSD’s more popular commands so we could make our lives easier and work more effective.

November 17, 2015 by Jose Velazquez under Cloud Hosting 0 Comments

Introduction

This how-to will help you with your initial setup on CentOS 6 so that you can successfully secure your server while giving you the peace of mind knowing your server is protected. With any server, the primary goal should always be security. Many users are victims of malicious infiltration on their servers due to the lack of security boundaries established from the beginning. Let us begin on the right path by laying our foundation with security.

What Do You Need?

You need a CentOS 6.x server that is configured with a static IP address. If you do not have a server already, you can visit Atlantic.Net’s Cloud Hosting page and spin a new server up in under 30 seconds.

Server Preparation

To get started, log in to your CentOS 6 server via SSH or the VNC Console located here. Atlantic.Net Cloud servers are setup as minimal installations in order to avoid having unnecessary packages from being installed and never used. If some software packages that you’re used to using aren’t installed by default, feel free to install them as needed.

Let’s make sure that your server is fully up-to-date.

yum update

With the server up-to-date, we can continue the process and secure your server.

Update the CentOS 6 Root Password

By default, your Atlantic.Net servers are automatically set with secure passwords. However, we still recommend updating your password after creating your server and every 60-90 days thereafter in order to ensure it remains secure. A minimum of 8 characters, including lowercase, uppercase, symbols and numbers are recommended to increase the level of security.

Type the following command to activate your request and follow the on-screen instructions to update/confirm your root password:

passwd

Create a new user with sudo privileges

After successfully updating your password, it’s recommended that you create a new user with sudo/root permissions. Since the common admin user for many Linux Operating Systems like CentOS 6 is “root”, we’re going to make a new admin user that will be used for day-to-day administration tasks. Creating a new user with root permissions will increase the security in the way your server is accessed. Unwanted users target the root user because they know its the default admin user but when you create a new user with sudo/root permissions and then disable the default root user, they will never know what user to login with.

Type the following command to create your new user replacing “user1” with your own username and confirm.

adduser user1

Create a password for that user by typing the following command to activate your request and following the on-screen instructions to update/confirm your “user1” password:

passwd user1

CentOS 6 uses VIM as the default text editor which we will use to grant sudo privileges for user1.(i – is to insert/edit the text, ESC – will disable the editing and :wq – Saves and Quit)

/usr/sbin/visudo

The permissions are located under the following line:

## Allow root to run any commands anywhere)
root ALL=(ALL) ALL

Once you’ve located, the line listed above add the following code underneath the root user.

user1 ALL=(ALL) ALL

You could now close the VIM editor and save the file.

Esc button
:wq

Upon completion, exit out of your session and log back in to your server with the new user1 and password.

Configure SSH Access

In Linux systems, port 22 is the default port for remote connections via SSH. By changing the ssh port, you will increase the security of your server in preventing brute force attacks and unwanted users from reaching your server using the default port. For this tutorial, I will use Port 5022 as an example.

Open your SSH Configuration file, find the Port line, remove the # and change 22 number to your Custom port Save and exit.

sudo vi /etc/ssh/sshd_config

#Port 22
Port 5022

In order for your system to update the settings from the SSH Configuration file, we must restart sshd.

service sshd reload
or
service sshd restart

SSH has now been configured to use Port 5022 and if you attempt to login using Port 22, your login will fail. However, do not exit your session as we need to configure the custom port on the firewalls configuration part first, which we will configure in the upcoming steps.

Limit Root Access

Since we’ve created a new user with root permissions and created a custom ssh port, there’s no need keep the actual root user available and vulnerable over SSH on your server. Let us restrict the root users access to be available on the local server and granting permission to the new user over SSH only.

Open the SSH Configuration file, find the PermitRootLogin line, remove the # and change it from yes to no.

sudo vi /etc/ssh/sshd_config
#PermitRootLogin yes
PermitRootLogin no

Furthermore, add the following command all the way to the bottom of the page so that your new user can access the Server remotely using SSH. Save your work and exit.

AllowUsers user1

In order for your system to update all the settings that took place in the SSH Configuration file, we must restart the sshd service.

service sshd reload
or
service sshd restart

Note: Do not exit your session as we need to configure the custom port on the firewall which we will continue in the following steps.

Create a Private SSH Key

Private/Public SSH Keys are great additional features that increases security in the method a server is accessed. However, it takes a bit more effort to setup. The question is, Is your server worth the extra security? If you would like to implement the following security features you can continue with the following steps. Let us proceed and generate the SSH Key.

ssh-keygen

If you want to change the location where the SSH Key will be saved, you can specify it here. However, the default location where its stored should be OK. Press enter when you are prompted with the following question then enter a pass phrase, unless you don’t want one.

Enter file in which to save the key (/home/user1/.ssh/id_rsa):

You will then see the following information on the screen.

This is the default page when installing SSH Keys on a CentOS 6 server

Configuring the SSH Key is crucial, we must copy the full key string to a Word/ Notepad Document. The Key can be viewed in the following location with the cat command.

cat ~/.ssh/id_rsa.pub

Copy the SSH key beginning with ssh-rsa and ending with [email protected] into a Word/ Notepad document, so we can add it to the config file later on.

ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEApDJtSeXDMqM0+xmUW73AECrOmQ1n6Nut5/fn3CsdUv/ozuJDxsAkGptZ
s2JkKwhjPdrBb98SD9imOIT1+jT5wGcglNQK6kuSfjSQRA35YiYdamOxl2flR/2rGfyJsQmn5/tqoebvcPKu
SB1e+aquSMumYJ6stQIAj/
+j/BFDVL49tVEz75Wrr17Oj4Gshu7sSOHzqXH3VY/AeCY7i4UqEKv4U3r5nH3vkxcIZxkGpNcy5JEctydFhM
sEi0/1UA5KWv3pT4ao/rPzJrPlRs
+9L8OEYxZYXKMAcov16oFJbC/Xn8bFQUHsu4qXt23OD5Ib1Y5dkwbDXjKdQu+Vq3+82Q==
[email protected]

Once the SSH Key is stored safely, the directory for the SSH Keys needs limited permissions which only the owner can read, write and execute the file.

su - user1

The directory for the SSH Keys needs limited permissions which only the owner can read, write and execute the file.

mkdir .ssh
chmod 700 .ssh

Within the SSH directory, a file containing the SSH Key must to be added, simply using your editor (in this case VI) the following location:

vi .ssh/authorized_keys

Paste the SSH Key then save and exit using the VI format.

Finally, we have to limit the privileges of the authorized_keys file that we just created so only owner can read and write.

chmod 600 .ssh/authorized_keys

We can no verify that the key is working by closing your session and by typing the following in your SSH Console [email protected] or your servers host name. Furthermore, you can click “here” to see our How To Generate and Use SSH Keys article.

Basic Firewall Rules

By default your Atlantic.Net’s CentOS6 Server is loaded with IPTABLES and basic security rules that only allow SSH/Remote access publicly.We will need to update that rule with the custom port that was created earlier. Once you log in to the firewall you will see the following:

sudo vi /etc/sysconfig/iptables

This is the default page after configuring IPTABLES rules on a CentOS 6 server

Update the SSH port from 22 to 5022(your custom port)

-A INPUT -m state --state NEW -m tcp -p tcp --dport 5022 -j ACCEPT

If you have a web server you may want to allow the following rules so your sites could be accessed over the internet.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

If you have a mail server you may want to allow the following rules if you will be using your server for incoming POP3 settings. Port 110 is the standard port and port 995 is for a more secure connection using SSL.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 110 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 995-j ACCEPT

Furthermore, you may want to allow the following rules if you will be using your server for outgoing SMTP settings. Port 25 is the standard port and 465 is for a secure connection using SSL.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 25 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 465 -j ACCEPT

Finally, you may want to allow the following rules if you will be using your server with IMAP settings.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 143 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 993 -j ACCEPT

Save your work and exit.

In order for IPTABLES to accept those settings you must restart the server.

service iptables restart

Your settings will have been saved and you are ready to proceed.

NTP Time Sync

The NTP (Network Time Protocol) is a basically used to synchronize the time and date of computers over the network in order to remain accurate and up to date. Let us begin by installing the NTP(If it hasn’t been installed) and configuring the service to synchronize with their servers.

yum install ntp ntpdate

Once the NTP service is installed, we need to make sure that the service is ON.

chkconfig ntpd on

With the service ON, its time to synchronize the server’s time information with NTP’s server with the following command:

ntpdate pool.ntp.org

Finally, we can start the NTP server with the following command which will constantly update the server’s time from the NTP server.

/etc/init.d/ntpd start

Add Swap File

A Swap file is simply a small amount of space created on a servers hard drive to simulate Ram. In the event that the server is running low on memory, it will look at the hard drive and ease the load, tricking the system to think it has more memory than it thinks. We will now set the swap file on the hard drive to increase the performance of the server just a bit more.

Begin by checking your resources to make sure we can add the file. When you run the following command you will see the percentage space on your Hard drive that is currently being used.

df

When creating a Swap file usually you want to add half of your existing RAM up to 4GB(If you have 1GB of actual Ram then you add a 512MB file). In this part I will be adding a adding a 512MB swap file to the drive.

sudo dd if=/dev/zero of=/swapfilename bs=1024 count=512k

Now that we have added a swap file, a Swap file area needs to be created in order to proceed.

sudo mkswap /swapfilename

With the Swap file created and the Swap file area added we can go ahead and add permissions to the file so that only the owner can read and write.

sudo chown root:root /swapfile
sudo dfchmod 600 /swapfile

Now that the swap file has the appropriate permissions we can go ahead and activate the it.

sudo swapon /swapfile

You can verify your newly added Swap file with the following.

sudo swapon -s

In order to make the Swap file always active even after a reboot, we must configure it accordingly.

sudo vi /etc/fstab

Paste the following command at the bottom of the file save your work and exit.

/swapfile              swap   swap     defaults     0 0

Finally, verify if your swapfile is activated by typing the following command:

free -m

What Next?

With that, you now have a reliable CentOS 6 cloud server with a strong security foundation which will give you the peace of mind knowing that your server is protected. You may now proceed building your platform according to your needs. Thank you for following along and feel free to check back with us for further updates.

How to Install LEMP using Atlantic.Net’s One-Click Application

November 16, 2015 by Jose Velazquez under Cloud Hosting 0 Comments

NGINX Car by Walker Cahall

Verified and Tested 10/31/15

Introduction

Atlantic.Net is actively working towards providing an exceptional customer experience for everyone, whether you are Tech savvy or not, we want to simplify our services so you can be up and running in no time. This is where the One-Click application installation comes into place. Atlantic.Net is working to ensure that all of the most popular applications are available to you at the click of a button.

In this how-to we will walk you through Atlantic.Net’s LEMP one-click cloud hosting install. As of now, we offer the LEMP One-click installation runs on an Ubuntu 14.04 LTS Operating System.

Prerequisites

The only requirement that you need to accomplish this task is a valid or active Atlantic.Net cloud account. If you do not have one, please sign up here.

Installing LEMP via Atlantic.Net’s One-Click Install

First we need to log into the Cloud Portal here: https://cloud.atlantic.net and select Add Server.

Click on Add Server

You will now be prompted to type a server name (in this case our server will be named “One Click LEMP”), and then you will select the location where you want your server created. If you don’t know which location to use, we recommend selecting the one that is closest to your geographical area to ensure the best performance.

Server name and server location

Then, you will need to click on Applications and then select LEMP. You should see that it will change the icon to LEMP on Ubuntu 14.04.

LEMP application selected

Once done, you will need to select the size that you want to create. For this tutorial, an XS server was selected.

Server size selected

Finally, you before you create the server there are two optional add-ons to choose from: SSH Key and Enable Backups.Atlantic.Net highly recommends using both of these features to help improve security and to ensure that all of your server data is backed up.

Once you’ve decided to go with the add-ons or not, you may proceed with the clicking Create Server.

Create Server selected

You will then see your servers information like the following image. You should receive a copy of this information in your email. Make sure to store your server connection details in a safe place!

Server created and server credentials

Once you’ve received an email stating your server is available you can use an SSH client to access the server, or you can use our Atlantic.Net VNC Console from within your Cloud Panel. For this tutorial, we are using PUTTY – a free open source SSH client that can be downloaded here. Once your in, you will see the following Welcome message on your terminal session.

Your servers Welcome message with MySQL Credentials

Now, that the installation is complete we can begin testing out our LEMP components. Since we’re already in the command line, Let us test MYSQL with the following command which will confirm that it is running.

mysql status

MySQL status

Then, we will test Nginx by going to your web browser and typing http://YOUR.IP.ADD.RESS you should see the following screen.

Nginx verification page online

Finally, we can test PHP by completing the following steps. We must create a test PHP file which can be accomplished with the following command:

nano /usr/share/nginx/html/test.php

You will then paste the following PHP script in the empty document and then save your file.

<?php
phpinfo();
?>

OK! Finally, test PHP by going to your web browser and typing http://YOUR.IP.ADD.RESS/test.php you should see the following screen.

PHP verification page online

Remove the test.php file with the following command:

Note: It is always a good idea to remove your phpinfo file as a hacker could use it to attack you.

 rm /usr/share/nginx/html/test.php

What Next?

Congratulations! You have just installed LEMP using Atlantic.Net’s One-Click Install. Thank you for following along in this How-To and feel free to check back with us for latest updates.

How to Install LAMP using Atlantic.Net’s One-Click Install

November 12, 2015 by Jose Velazquez under Cloud Hosting 0 Comments

LAMPs created by Walker Cahall

Verified and Tested 10/31/15

Introduction

In this how-to we will walk you through Atlantic.Net’s one-click cloud hosting LAMP installation. As of now, we offer the LAMP One-click installation runs on an Ubuntu 14.04 LTS Operating System.

Prerequisites

The only requirement that you need to accomplish this task is a valid or active Atlantic.Net cloud account. If you do not have one, feel free to sign up for one here.

Installing LAMP via Atlantic.Net’s One-Click Install

First, log into the Cloud Portal at https://cloud.atlantic.net and select Add Server.

Click on Add Server

You will now be prompted to type a server name (in this case our server will be named “One Click LAMP”), and then you will select the location where you want your server created. If you don’t know which location to use, we recommend selecting the one that is closest to your geographical area to ensure the best performance.

Server name and server location

Then, you will need to click on Applications and then select LAMP. You should see that it will change the icon to LAMP on Ubuntu 14.04.

LAMP application selected

Once done, you will need to select the size that you want to create. For this tutorial, an XS server was selected.

Server size selected

Once you’ve decided to go with the add-ons or not, you may proceed with the clicking Create Server.

Create Server selected

You will then see your servers information like the following image. You should receive a copy of this information in your email. Make sure to store your server connection details in a safe place!

Server created and server credentials

Your servers Welcome message with MySQL Credentials

Now, that the installation is complete we can begin testing out our LAMP components. Since we’re already in the command line, Let us test MYSQL with the following command which will confirm that it is running.

service mysql status

MySQL status

Then, we will test Apache by going to your web browser and typing http://YOUR.IP.ADD.RESS you should see the following screen.

Apache verification page online

Finally, we can test PHP by completing the following steps. We must create a test PHP file which can be accomplished with the following command:

nano /var/www/html/test.php

You will then paste the following PHP script in the empty document and then save your file.

<?php
phpinfo();
?>

Restart Apache so these setting can take affect. Do this with the following command:

service apache2 restart

OK! Finally, test PHP by going to your web browser and typing http://YOUR.IP.ADD.RESS/test.php you should see the following screen.

PHP verification page online

What Next?

Congratulations! You have just installed LAMP using Atlantic.Net’s One-Click Install. Thank you for following along in this How-To and feel free to check back with us for latest updates.

How to Install IonCube Loader on Fedora 23

November 6, 2015 by Jose Velazquez under Cloud Hosting 0 Comments

Verified and Tested 10/3/15

Introduction

In this How-To, we will walk you through the install and configuration of IonCube on Fedora 23. The IonCube Loader provides additional security to your PHP files or websites. It is a module that encrypts basic PHP language making it more secure and more reliable.

Prerequisites

– You need a Fedora 23 server configured with a static IP address. If you do not have a server already, you why not try our super fast cloud hosting and spin a new server up in under 30 seconds.

– You will also need to have a LAMP (Linux, Apache, MySQL, PHP) stack installed. If you need assistance with configuring LAMP, see our related article here.

Installing IonCube on Fedora 23

To get started, log in to your Fedora 23 server via SSH or Console. If you are using the Atlantic.Net cloud service, note that they are setup with minimal installations to avoid having unnecessary packages from being installed and never used. If some software packages that you’re used to using aren’t installed by default, feel free to install them as needed.

Before we get started, let’s download tar so we can simplify the walkthrough. tar is used to create, maintain, modify, and extract archived files.

dnf install tar

Once installed, make sure that your server is fully up-to-date.

dnf update

Downloading ionCube on Fedora 23

For this tutorial, we are using the 64-bit version of ionCube. Use the wget command to get the most recent ionCube file from their website:

wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz

Extract the ionCube file by using the following command:

tar xfz ioncube_loaders_lin_x86-64.tar.gz

Alternatively, if you have a 32-bit system you can download the 32-bit version from the site:
wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86.tar.gz
Extract the 32-bit ionCube file with the following command:
tar xfz ioncube_loaders_lin_x86.tar.gz

Configuring ionCube on Fedora 23

In order to configure ionCube correctly, we must select the correct version according to the PHP version that is currently installed on your server. So let us verify the version of PHP that is currently installed on your system with the following command:

php -v

PHP 5.6.14 (cli) (built: Sep 30 2015 12:53:57)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies

Now, we have the correct version of PHP (in our case 5.6) we can run the following command to find the location of the extension directory of your version of PHP because this is where we will move the IonCube files later on.

php -i | grep extension_dir

extension_dir => /usr/lib64/php/modules => /usr/lib64/php/modules
PHP Warning:  Unknown: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone. in Unknown on line 0
sqlite3.extension_dir => no value => no value

(Note:On the test system we’re working from, the extension directory location reads is extension_dir => /usr/lib64/php/modules => /usr/lib64/php/modules. However, every version may have a different directory name, use the one that your version displays).

Now that you know which version of PHP you are running, and the location of your PHP extension, we can proceed with selecting the ionCube files that we need for our system. Run the ls (list) command on the ioncube folder to get that information.

ls ioncube

ioncube_loader_lin_4.1.so     ioncube_loader_lin_5.1_ts.so  ioncube_loader_lin_5.6.so
ioncube_loader_lin_4.2.so     ioncube_loader_lin_5.2.so     ioncube_loader_lin_5.6_ts.so
ioncube_loader_lin_4.3.so     ioncube_loader_lin_5.2_ts.so  LICENSE.txt
ioncube_loader_lin_4.3_ts.so  ioncube_loader_lin_5.3.so     loader-wizard.php
ioncube_loader_lin_4.4.so     ioncube_loader_lin_5.3_ts.so  README.txt
ioncube_loader_lin_4.4_ts.so  ioncube_loader_lin_5.4.so     USER-GUIDE.md
ioncube_loader_lin_5.0.so     ioncube_loader_lin_5.4_ts.so  USER-GUIDE.txt
ioncube_loader_lin_5.0_ts.so  ioncube_loader_lin_5.5.so
ioncube_loader_lin_5.1.so     ioncube_loader_lin_5.5_ts.so

Since our installed version of PHP is 5.6, then I will need to locate the 5.6 version of the ionCube Loader and copy it to the Extensions Directory that we identified earlier. This can be accomplished with the following command:

cp ioncube/ioncube_loader_lin_5.6.so /usr/lib64/php/modules

Once done, we must configure the php.ini file so that it knows where to look for the newly moved ioncube_loader file. Using your favorite text editor, open the php.ini file:

nano /etc/php.ini

At the very top of the file, add the following line:

zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.6.so

Restart Apache so that the web server accepts all the configuration changes that were made with the following command:

systemctl restart httpd.service

Testing ionCube on Fedora 23

Our last step is to make sure that ionCube is now loading. You can run the following php -v command and will notice that a message stating ionCube Loader is enabled:

php -v

PHP 5.6.14 (cli) (built: Sep 30 2015 12:53:57)
Copyright (c) 1997-2015 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2015 Zend Technologies
 with the ionCube PHP Loader (enabled) + Intrusion Protection from ioncube24.com (unconfigured) v5.0.19, Copyright (c) 2002-2015, by ionCube Ltd.

This is the Zend Engine confirmation that ionCube Loader is currently enabled.

What’s Next?

Congratulations! You now have successfully installed and configured ionCube Loader on Fedora 23.Thank you for following along and feel free to check back with us for further updates.

How to Install Drupal on CentOS 7 with Apache

October 15, 2015 by Jose Velazquez under Cloud Hosting 0 Comments

Verified and Tested 09/28/15

Introduction

In this How-To, we will walk you through the install and configuration of Drupal on CentOS 7 with Apache. Drupal is a free content management system that will facilitate the way your content is organized and managed. It has a user-friendly interface that makes customizing your content easy and simple with little effort.

Prerequisites

– You need a CentOS 7 server that is configured with a static IP address.

– You will also need to have LAMP (Linux, Apache, MySQL, PHP) installed. If your server doesn’t have LAMP installed already, see our guide here for a quick installation run through.

Installing Drupal on CentOS 7 with Apache

To get started, log in to your CentOS 7 server via SSH or Console. If you are using the Atlantic.Net cloud hosting service, note that they are setup with minimal installations to avoid having unnecessary packages from being installed and never used. If some software packages that you’re used to using aren’t installed by default, feel free to install them as needed.

Let us download wget and unzip so we can simplify this tutorial.

sudo yum install wget unzip

Before moving on, let’s make sure the system is up to date:

sudo yum update

October 13, 2015 by Jose Velazquez under Cloud Hosting 0 Comments

Verified and Tested 09/30/15

Introduction

In this How-To, we will walk you through the install and configuration of ionCube on CentOS 7.1. The ionCube Loader provides additional security to your PHP files or websites; it’s a PHP module that encrypts basic PHP language making it more secure.

Prerequisites

– You need a CentOS 7.1 server that is configured with a static IP address. If you do not have a server already, you can visit our cloud hosting page and spin a new server up in under 30 seconds.

– You will also need to have a LAMP(Linux, Apache, MySQL, PHP) stack platform that can be installed by clicking here if you don’t already have it.

September 30, 2015 by Jose Velazquez under Cloud Hosting 0 Comments

Verified and Tested 08/31/15

Introduction

Remote administration has become more popular, than ever before. Due to the rise of virtualization and Cloud VPS Servers, it has become a necessity in many small to large scale networks. In this How-to, we will be going over the Remote Administration in FreeBSD.

Prerequisites

You need a FreeBSD server that is configured with a static IP address. If you do not have a server already, visit our page for fast and reliable Cloud Hosting and spin a new server up in under 30 seconds.

Verifying Open SSH in FreeBSD

In order for you to access your FreeBSD server remotely, we must verify that the SSH service is currently enabled. To check if SSH is enabled on your server, you can accomplish this by typing the following command:

less /etc/rc.conf

Enabling SSH in FreeBSD

If Open SSH is not enabled on your server, you could enable it by first opening the /etc/rc.conf file:

vi/etc/rc.conf

Than locate the sshd_enable line and set sshd_enable to YES.

sshd_enable="YES"

Starting Open SSH in FreeBSD

After making the above change, we need to make sure that SSH is enabled and running. Start it with the following command:

/etc/rc.d/sshd start

Stopping Open SSH in FreeBSD

If you wish to stop the Open SSH service, you could accomplish this with the following command:

/etc/rc.d/sshd stop

Restarting Open SSH in FreeBSD

If you would like to restart the Open SSH service, you could accomplish this with the following command:

/etc/rc.d/sshd restart

Allowing Root Login in FreeBSD

To access your server using the root user, we must make sure that this is allowable in the Open SSH configuration file. Using your vi text editor open up the sshd_config configuration file with the following command:

vi /etc/ssh/sshd_config

With the sshd_config configuration file open, locate the line that reads “PermitRootLogin” and make sure that its set to yes.

PermitRootLogin yes

Once you have completed this, save your changes and restart the service with the following command:

/etc/rc.d/sshd restart

Testing OpenSSH in FreeBSD

If you are using the a Linux server to remote into your FreeBSD server, you can accomplish this with the following command replacing the IP address with the IP of your FreeBSD server.

ssh [email protected]

In like many Linux systems out there, the default Open SSH port is 22. However, this can be changed in the sshd_config configuration file to anything you want(I will be using my custom port 1050). To successfully accomplish this task, you will have to add a -p followed by the custom port.

ssh [email protected] -p 1050

If you are using the a Windows system to remote into your FreeBSD server, you will need to download a 3rd party SSH client. Putty is the most common Open SSH Windows Client and could be downloaded here. There are 3 things that you need to have in mind. The Host Name (IP address) section where your FreeBSD server’s IP will go, the Port section where by default is set to 22(it can be changed to your custom port also) and the Connection type section where SSH must be selected. Below is a screen shot of how the putty interface looks like.

This is the Putty interface when using SSH in a Windows System

Copying Files Securely FreeBSD

Since security is a big concern nowadays, FreeBSD had a built-in feature that allows you to securely copy files from a private or public network using encryption. This feature is called SCP! There is a similar tool for use on Windows systems called WinSCP, make sure to check it out as well!

Our first task is to copy a file from a remote location to my local root directory. Give it a try with the following command where Remote IP=10.50.2.10, Remote File=myremote.file and /root/ being your local root directory.

scp [email protected]:/root/myremote.file /root/

Our second task is to copy a file from a remote location to your current directory. Give it a try with the following command where Remote IP=10.50.2.10, Remote File=myremote.file and ./ being your current directory.

scp [email protected]:/root/myremote.file ./
Alternatively, if you are using a custom port, simply add the -P 1050 after scp to put the file in your current directory.

scp -P 1050 [email protected]:/root/myremote.file ./

Copying Directories Securely in FreeBSD

TO copy a directory from a remote location to your local root directory. Give it a try with the following command where -r =Directory variable, Remote IP=10.50.2.10, Remote File=myremotedb and /root/ being your local root directory. How to copy a directory from another client to your machine

scp -r [email protected]:/root/myremotedb /root/

Alternatively, if you want to accomplish the same task with a custom port, then you could complete this with the following command:

scp-rP 8000 [email protected]:/root/myremotedb /root/

Copying Remote Files Securely in FreeBSD

If you want to copy a file from another system into yours, you can accomplish this with the following command. To understand the command, Remote File=myremote.file, Remote IP=10.50.2.10 and /root/ being your local root directory.

scp myremote.file [email protected]:/root/

Alternatively, if you want to accomplish the same task with a custom port, then you could complete this with the following command:

scp -P 8000 database.backup [email protected]:/root/
Furthermore, if you would like to copy multiple files from a remote location, then you could complete this with the following command adding each file separated with a space.

scp myremote.file myremote.file2 [email protected]:/root/
Copying Remote Directories Securely in FreeBSDTo copy a directory from another system into yours, you can accomplish this with the following command. To understand the command -r = Directory variable, Remote Directory=myremotedb, Remote IP=10.50.2.10 and /root/ being your local root directory.

scp -r myremotedb [email protected]:/root/
Alternatively, if you want to accomplish the same task with a custom port, then you could complete this with the following command:

scp -rP 8000 myremotedb [email protected]:/root/

What next?

Congratulations! This completes this tutorial on FreeBSD Remote Administration. I hope that you find this information useful just like it was to me. Thank you for following along this how-to! Check back with us for further updates and, try a reliable cloud server solution from Atlantic.Net.

How to: FreeBSD Network Administration

September 14, 2015 by Jose Velazquez under Cloud Hosting 0 Comments

Verified and Tested 08/18/15

Introduction

Networks are composed of two or more devices that form one group, and each device is assigned a unique IP, that identifies them to that specific group. In order to keep things organized and protected withing a network, Network Administration is very important. In this how-to we will walk through the Network Administration on a FreeBSD server.

Prerequisites

A FreeBSD server configured with a static IP address. If you do not have a server already, spin up an Atlantic.Net reliable SSD Cloud Server.

Set up your IP address in FreeBSD

First of all, let us look at your current active interface configurations so we can Identify some important settings that make it all work. To see your network configurations type the following command:

ifconfig

This is the output after running the ifconfig command in FreeBSD

Do not be alarmed of all the information that you see on the screen. We will need to identify the following two pieces of important information so we can properly verify and configure a network interface.

Interface: Usually identified as ethX, our virtualized instance names the interfaces in the above output as vtnet0 and vtnet1. These interfaces are the point of connection between the device and the private or public network that they are connected to.inet: This is the IP addressed configured for use on the interface. Above, you can see that IP 10.50.2.10 is configured on interface vtnet0.

Static IP Address in FreeBSD

Static IP’s are IP addresses that are assigned to specific devices and will remain assigned until the IP it is removed or changed. Adding a static IP address could be accomplished using two different methods. You could set the IP so that it holds that address temporary, which will then be removed once the device or networking is restarted, or you can assign it permanently.

To configure a temporary static IP address, you could run the following via command line:

ifconfig vtnet0 10.50.2.10 netmask 255.255.255.0
ifconfig vtnet0 10.50.2.10/24

If you would rather permanently assign the IP address, you’ll need to make some changes to the network configuration files. Unlike the temporary one, you could reboot the device, and once it’s turned back on, it will hold the IP address that you specifically assigned to it.

Configuring a permanent IP can be done by editing the rc.conf file. First, open the rc.conf file using a text editor with the following command:

vi /etc/rc.conf

Locate the line that reads “ifconfig_ “and replace IP address that is there with the one that you want the system to have permanently.

Note: This can be done two different ways, depending entirely on your preference for subnet notation:

ifconfig_vtnet0="10.50.2.10 netmask 255.255.255.0"

ifconfig_vtnet0="10.50.2.10/24"

Default Gateway in FreeBSD

You will also need to configure the default Gateway for your network interface. The default gateway is the next hop on your network and is typically a router or switch that handles network connectivity and routing. The gateway is usually the first IP address in an IP range which gives you access in and out of the network that it belongs to. Setting the default gateway (called defaultrouter in FreeBSD) is again done by editing the rc.conf file.

vi /etc/rc.conf

Locate the “defaultrouter=” line and adding the Gateway IP address.

defaultrouter="10.50.2.1"

Alternatively, you could also add a default gateway address with the following command, though this will only be a temporary addition:

route add default 10.50.2.1

If you would like to remove the default gateway address, this can be accomplished via with the following command:

route delete default

Dynamic IP Address in FreeBSD

Dynamic IP’s are random IP addresses that could be assign or leased to specific devices. They are held by the device for a period then released and then the device would grab another IP. Adding a Dynamic IP address could be accomplished using two different methods. You could set that device IP so that it holds that address temporary, which will then be removed once the device is restarted, or you can assign it permanently.

To configure a temporary dynamic IP address, you could accomplish this using any one of with the following command:

dhclient vnet0

To set up you system so that it always receives a dynamic IP Addresses, we must configure the system manually. As before, first open the rc.conf file using a text editor with the following command:

vi /etc/rc.conf

Now, Locate the line that reads “ifconfig_ “and replace IP address that is there with the DHCP setting that it will permanently have. This should look like the following:

ifconfig_vtnet0="DHCP"

DNS Servers in FreeBSD

DNS servers are specific servers with large libraries of registered domains which directs your request when you search a domain in your web browser. These are public servers that can be used by anyone. Google has them available along with many other companies. However, we will be using Atlantic.Net’s name servers so that domain lookup can occur quickly. This can be completed by editing the “resolv.conf” file using your text editor with the following command:

vi /etc/resolv.conf

Add your name servers to the “resolv.conf” file using the following lines (each line representing one name server, these are used for Atlantic.Net Cloud Servers.).

nameserver 209.208.127.65
nameserver 209.208.25.18

What Next?

Congratulations! This completes our session on FreeBSD Network Administration. Thank you for following along! Check back with us for further updates and try one of our top Cloud hosting solutions.

Author: Jose Velazquez

Verified and Tested 1/12/16

Introduction

Prerequisites

Verified and Tested 08/28/15

Introduction

Introduction

What Do You Need?

Server Preparation

Update the CentOS 6 Root Password

Create a new user with sudo privileges

Configure SSH Access

Limit Root Access

Create a Private SSH Key

Basic Firewall Rules

NTP Time Sync

Add Swap File

What Next?

Verified and Tested 10/31/15

Introduction

Prerequisites

Installing LEMP via Atlantic.Net’s One-Click Install

What Next?

Verified and Tested 10/31/15

Introduction

Prerequisites

Installing LAMP via Atlantic.Net’s One-Click Install

What Next?

Verified and Tested 10/3/15

Introduction

Prerequisites

Installing IonCube on Fedora 23

Downloading ionCube on Fedora 23

Configuring ionCube on Fedora 23

Testing ionCube on Fedora 23

What’s Next?

Verified and Tested 09/28/15

Introduction

Prerequisites

Installing Drupal on CentOS 7 with Apache

Verified and Tested 09/30/15

Introduction

Prerequisites

Verified and Tested 08/31/15

Introduction

Prerequisites

Verifying Open SSH in FreeBSD

Enabling SSH in FreeBSD

Starting Open SSH in FreeBSD

Stopping Open SSH in FreeBSD

Restarting Open SSH in FreeBSD

Allowing Root Login in FreeBSD

Testing OpenSSH in FreeBSD

Copying Files Securely FreeBSD

Copying Directories Securely in FreeBSD

Copying Remote Files Securely in FreeBSD

Copying Remote Directories Securely in FreeBSD

What next?

Verified and Tested 08/18/15

Introduction

Prerequisites

Set up your IP address in FreeBSD

Static IP Address in FreeBSD

Default Gateway in FreeBSD

Dynamic IP Address in FreeBSD

DNS Servers in FreeBSD

What Next?

Resources