Cloud Hosting

LAMP vs. WAMP: Why do Startups Prefer LAMP to WAMP?

Sam Guiliano September 24, 2015 by under Cloud Hosting 0 Comments
  • LAMP vs. WAMP: What’s the Difference?
  • Affordability
  • Security
  • Smoother Operation
  • Flexibility
  • Use within Enterprises?
  • One-Click LAMP Cloud Hosting

LAMP vs. WAMP: What’s the Difference?

A LAMP or WAMP stack is four pieces of software that are used in combination for open source web development. Components include:

  • L/W – Linux/Windows, the operating system
  • A – Apache, the Web server
  • M – MySQL, the database management system
  • P – PHP, Python, or Perl, the scripting language.

A common variation of this Web stack is a LEMP or WEMP Cloud Hosting stack, which replaces Apache with Nginx. You will also frequently see the term WAMP, which replaces Linux with Windows.

Read More


How to: Using Basic SQL Syntax

Andrew Couch September 24, 2015 by under Cloud Hosting 0 Comments

Introduction

Behind every great web application is a database of some kind. Many of the widely used database systems (e.g., MySQL, Percona, PostgressSQL, MariaDBMSSQL) use SQL (Structured Query Language) to pull data out and push data in. A lot of modern programming languages provide an ORM (Object-Relational Mapping) layer which loads data directly into code without needing to know SQL, but sometimes you just want to talk to the database directly. While SQL has a lot of keywords and can get very complex, this article goes through the basic CRUD (Create Read Update Delete) constructs.
.

Prerequisites

– A basic understanding of what a database is and how to interact with a database system.

Using Basic SQL Syntax

Some Notes About Dialects and Data Values

Every database system that uses SQL has a slightly different implementation. The differences do not show up in the basic commands that this guide covers, but it is good to know that there are potential differences across systems.

In all of the examples here the SQL keywords are capitalized. While this is a common practice and helps make examples clear, most SQL databases don’t care. The same is true with the line breaks and spacing. SQL can be written all on one line if you prefer, but here we will write statements across multiple lines to help clarify some explanations.

Different data values need to be entered differently depending on data type. Text values need to be encased (escaped) in single quotes. If you happen to have a value that itself contains a single quote, that interior quote needs to be doubled to make sure the statement will run.

WHERE lastname = 'O''niel'

Numeric types, integers, decimals and the like do not need any extra escaping. Boolean values like True and False also do not need to be escaped.

Finally, many SQL implementations use a semicolon as a statement terminator. While this usage isn’t universal, many consider it a best-practice to ensure portabiility of SQL statements across different implementations. This article will use semicolons.

.

SELECT – Reading Data from the Database.

Reading data is the most common task and illustrates the basic structure of a SQL statement nicely. This SELECT is (almost) the most basic SQL statement there is.

SELECT <column_list>
FROM <table>
WHERE <column_name> = <value>;

SELECT, FROM and WHERE are SQL keywords. <column_list> is a comma-separated list of column names that you want to read. It can also be replaced with * to just return all columns of the table. Be aware that * can be quite slow if you have a lot of columns in a very large table.

<table> is the name of the table you want to retrieve data from. <column_name> indicates the name of the column which should contain the <value>.

The WHERE section is optional, but is so useful and idiomatic in SQL that it makes sense to include it. WHERE restricts the data set based on the criteria. Although depicted here with only a single criterion, it is possible to include several criteria with boolean operators AND and OR. See the UPDATE example below for something more complex.

Example:

SELECT common_name, genus, species, type FROM animals WHERE type = 'mammal';

.

UPDATE – Making a Change

Sometimes it isn’t enough to just see what it is in the database. Sometimes you need a change. And when you do, UPDATE is there for you.

UPDATE <table>
SET <column_name> = <value>
WHERE <column_name> = <value>
AND <column_name> = <value>;

Again, UPDATE, SET, and WHERE are SQL keywords. <table> is the name of the table you want to update. Within the SET section, you can include one or more <column_name> = <value> pairs separated by commas. This portion of the statement is where you define the change to be made. The <column_name> will be set with the given <value>.
The WHERE section is optional on UPDATE as well, but leaving it out will update the entire table. Occasionally this is what you want, but most of the time you only want to update a single row or a few rows. In these cases, updating the entire table would be disastrous, so it is good practice to always have a WHERE. This example shows using AND in the WHERE section.

Example:

UPDATE animals SET have_seen = True, common_name='River Otter' WHERE Genus = 'Lontra' AND Species = 'Canadensis';

.

DELETE – Making It Gone

Sometimes you need to remove data from a table. This action is a DELETE.

DELETE FROM <table>
WHERE <column_name> = <value>;

Once again we have our SQL keywords and a <table> defining which table will be deleted from, and a WHERE section defining which rows are to be deleted. Again the WHERE clause is technically optional, but this statement will delete all rows in a table if it is missing.

Example:

DELETE FROM animals WHERE have_seen = False;

.

Delete Tip

One best practice I find for doing manual deletes like this one is to make a SELECT first. The DELETE command shares a lot of structural similarity with SELECT and yet is far more destructive. First write the statement as a SELECT * FROM <table> WHERE <column_name> = <value>; to make sure you know exactly which rows will be affected. Once you are happy with the output, swap out the SELECT * for the DELETE keyword and run it. In the example below, the DELETE statement is commented out. Two dashes -- comment out the rest of the line. This practice can be really helpful when performing DELETEs to keep an accidental run of the query from removing data.

Example:

SELECT *
-- DELETE
FROM animals WHERE have_seen = False;

Note: The -- comments out all text to the end of the line, not the end of the statement. If the FROM animals WHERE have_seen = False were on the same line as -- DELETE, SQL would only see the SELECT * portion of the statement.

.

INSERT – Bringing New Data to the Table

The last piece of this puzzle is adding data into a table. There are two forms of INSERT in classic SQL. The one I’ll cover here allows you to add explicit data into a table.

INSERT INTO <table>(<list_of_column_names>)
VALUES (<list_of_values>);

The INSERT statement looks different than the rest. The <table> again defines the table where the data is going, though here it is followed by a comma-separated <list_of_column_names> enclosed in parentheses. You only have to list the columns for which you have data to enter; however, if the table you are working with has required fields (defined as NOT NULL constraints), you will need to give data for all of those fields to avoid an error.

The VALUES keyword introduces a <list_of_values> inside of parentheses. This list is the list of values to be inserted into the columns you defined above. The listed columns and values need to match each other’s order. The first value will be inserted into the first column name in the list, the second column to the second value and so on. This order in the statement may be different than the order of columns in the target table, but that is fine.

Example:

INSERT INTO animals(common_name, species, genus) VALUES ('Sea Otter', 'Lutris', 'Enhydra');

What Is a DDoS Attack?

Matthew Watts September 23, 2015 by under Cloud Hosting 0 Comments
Target Audience

This article is aimed at non-expert computer users (without a background in network or systems administration).

Introduction

DDoS stands for “Distributed Denial of Service” and, naturally enough, is a type of Denial of Service (DoS) attack. The basic aim of a DoS attack is to render a cloud server, PC or network resource inaccessible or unusable–denying service to anyone trying to access it. It is a malicious attack designed to cause maximum inconvenience.
.

Are DDoS Attacks a New Thing?

No, DDoS attacks are not a new phenomenon, but they have been making the headlines more in recent years as their scope has increased in size and as they have included higher profile targets. One recent example is the attack on the Playstation Network and Xbox Live. A hacking group known as ‘Lizard Squad’ used a DDoS attack to shut down the online gaming services on Christmas Day 2014, upsetting many gamers and causing financial and reputation damage to Microsoft and Sony.
.

How Do DDoS Attacks Work?

In a Denial of Service attack, the attacker uses a computer to send an overwhelming amount of data to a target. This target receives so much traffic that it slows down and cannot respond to legitimate traffic, or, in the case of a Permanent Denial of Service (PDoS) attack, its hardware is damaged beyond repair. In this simple style of DoS attack, one computer directly targets another. It is a fairly simple attack to execute and requires minimal computer skills–an attacker can simply acquire and run a piece of software to conduct a DoS.

The ‘distributed’ in DDoS refers to the multiple computers used in this type of attack. The attacker either launches a synchronized attack with collaborators or, more commonly, uses a botnet to execute a DDoS. A botnet (a shortened form of “robot network”) is a network of computers infected with malware that allows the attacker to remotely control them without the owner’s knowledge. Using a botnet, an attacker dramatically increases the effect of their attack.

Another method attackers use to increase the effect of a DDoS is the “amplification attack”. Rather than directly bombarding a target with data, an attacker sends requests for data to multiple servers. The attacker spoofs the source IP address of each request so that it looks as though it comes from the target of the attack instead of from the attacker. As a result, all of the responses go to the IP address of the victim, flooding them with traffic. It’s essentially like signing your friend up to a load of unwanted junk newsletters.

Attackers have found various ways to create these amplification attacks. The IP address spoofing is possible, in part, because they use the UDP protocol-–a protocol that doesn’t validate source IP addresses or connections. The amplification comes into play in the way attackers have found ways to cause the responding servers to return certain responses that are significantly larger than the requests. For example, DNS (Domain Name Service) servers can deliver a response 50-150 times larger than the response. Similarly, Character Generation Protocol (CharGEN) supported by various servers will respond to a character generation request with a response that is 200-1000 times larger. Similarly, the Network Time Protocol (NTP) used to sync clocks across machines, can return a response that can be up to 556.9 times larger than the request.
.

Why Do People Use DDoS Attacks?

The motivations behind DDoS attacks vary. In the case of Lizard Squad , it appeared to be a publicity stunt to promote their freelance hacking services. Sometimes attackers target websites with a demonstration and send their owners extortion letters demanding payment to prevent future attacks. One of the Internet’s more renowned and iconic hacking groups, Anonymous, has used these sorts of attacks as a tool for activism. In their ongoing fight against organizations such as Scientology and the Westboro Baptist Church, people acting under the Anonymous banner have used DDoS attacks to take down their respective websites.
.

What Defenses Are There?

DDoS attacks are difficult to fight, and mitigation is often the best a target can hope for. A big part of dealing with DDoS attacks is simply being prepared. Here are some techniques that can be used to mitigate the effects of a DDoS attack:

Some organizations invest in more bandwidth for their servers. The more bandwidth the target has, the harder it is to DDoS. In principle, it’s the same idea as adding more lanes to a road–the wider the road, the more cars are needed to cause a traffic jam.

ISPs (Internet Service Providers) may also offer services to help mitigate the effects of DDoS attacks. Since they generally have access to more powerful networking resources, ISPs may have DDoS mitigation plans in place that can help keep your servers safe.

There are now many companies who provide help to those who might be targetted by DDoS attacks. During an attack, the target’s traffic is redirected to the mitigation company’s network, where they then “scrub” the data, identifying malicious traffic to drop and allowing through legitimate traffic which is then rerouted back to the target. Companies such as CloudFlare, Black Lotus, F5, Prolexic, and Incapsula offer such services in this growing sector.
.

Part of the Problem?

Most of us will likely not be the target of a DDoS. So even if you might feel too small a target, your home computer, your multimedia server, your little home router, the cloud hosting server that hosts your website may, however, be a part of a vast botnet being used to DDoS, without your even realizing.

For home systems, keeping up with security patches and changing default device passwords to something much more secure can help protect you exploitation.

For web-facing servers (such as web servers or DNS name servers), you can take a little time to close security vulnerabilities, such as those that can be exploited in amplification attacks. You can also monitor network traffic for any unusual traffic patterns with something like Zabbix or with a more elaborate Intrusion Detection System (IDS) like Suricata or Security Onion.


How to Configure NGINX on a CentOS 6.7 Server

Daniel Foster September 22, 2015 by under Cloud Hosting 0 Comments
NGINX Car by Walker Cahall

NGINX Car by Walker Cahall

Verified and Tested 04/10/2015

Introduction

This how-to will help you install and configure NGINX so you can run high traffic websites while maintaining the high level of performance your customers expect. We are also going to install additional software in order to get the most out of NGINX, so this guide will also include installation and configuration of MySQL, PHP-APC, and PHP-FPM.

Why NGINX? There’s a long back and forth debate over whether you should use Apache or NGINX, and while the overall performance of the two web server platforms is roughly the same, NGINX’s event-based processing model shines by being simple, lightweight and simply better at handling large amounts of concurrent hits for static content without overly taxing your server hardware.

Read More


How to Test Responsive Design in Device Mode with Chrome Developer Tools

Catherine Moca September 17, 2015 by under Cloud Hosting 0 Comments

Introduction

In the rapidly changing landscape that is web development, it can be challenging to find the right tools to meet your growing needs as a developer. With the emergence of mobile devices as a significant source of online traffic, responsive design is rising as an important tool in a developer’s set of skills.
According to the tenets of responsive design, websites should adapt to different resolutions, supporting devices ranging from smartphones to desktops with full-sized monitors. Not only do websites have to look great, but they also have to perform well across the scope of connectivity options that mobile devices have introduced. Fortunately, Chrome has made it easier to test responsive design through Developer Tools by integrating a powerful emulation feature: device mode.
Device mode can emulate a mobile environment to test a website’s responsiveness in different devices. This mode can change the resolution of your page to reflect the size of screens from devices like the Samsung Galaxy S4 and the Apple iPad. You can also test your site with different throttling options.
.

Prerequisites

– Any modern version of Chrome. If you want a more developer-centric tool, try Chrome Canary.

Read More


What Is RVM (Ruby enVironment Manager or Ruby Version Manager)?

Matthew Raymond Billock September 15, 2015 by under Cloud Hosting 0 Comments
Target Audience:

This article is intended to be useful for anyone who has a need to deploy–or manage–multiple Ruby installations on a single machine. A reader should have a basic understanding of how Ruby and Ruby gems work within an operating system.

Introduction

Managing multiple Ruby environments can be a challenge. Ruby is an open-source language, so new releases can be frequent, and those releases can introduce drastic functionality changes. Couple this potential with the use of third-party Gems that may depend on functionality within specific Ruby versions, and your application can quickly find itself struggling to meet all of the dependencies it needs just to execute. RVM (alternately expanded as Ruby enVironment Manager or Ruby Version Manager) tackles this problem head-on by providing a set of command-line tools that allow you to actively control not only the version of Ruby your application uses but also the Gem sets and versions it uses. Below we’ll discuss what RVM is, touching on each of the benefits that it has to offer.
.

Managing Multiple Ruby Environments

RVM enables you to install multiple versions of the Ruby programming language on a single machine. A native install of the Ruby programming language will install the language’s binaries into a common bin directory on the operating system; thus any change to those installed binaries will affect all Ruby applications hosted on the machine. Even relatively minor version increases–such as from 2.1.4 to 2.2.1–can introduce changes to the language that break existing language behavior.
.
RVM allows you to isolate these language binaries into separately-managed environments, which can be used at-will on your system. It accomplishes this isolation by encapsulating each installation into a separate set of directories and dependencies and providing easy-to-use command line tools to quickly switch between versions. RVM handles swapping out all relevant execution paths, environment variables, and installed third-party libraries, allowing developers to focus on developing their applications instead of managing their dependencies.
.

Why Is RVM Important?

For a single small application, RVM may seem to be overkill. However, once a codebase reaches a certain level of complexity, it may be challenging to track exactly which dependencies the application relies on. Furthermore, as an application grows and leverages various Ruby Gems, these third-party libraries may introduce further dependencies, making a simple version change a complex event fraught with peril. For example, the release of version 2.1.0 introduced a breaking change in the REXML parsers that many Gems use to provide SOAP functionality. This consideration is also crucial for cloud hosted web servers, which may host multiple Ruby applications at once (such as a Resque-based delayed job server, a web server built on Rails, and a Sinatra-based admin console). Getting several different applications with several different sets of dependencies behaving properly can be a full-time job by itself. By encapsulating different Ruby language versions into separate environments, RVM allows the developer to test out new versions, deploy existing applications without worrying about breaking changes, and ensure that application infrastructure management takes as little time as possible.
.

Resolving Dependency Conflicts

The most obvious benefit gained through the use of RVM is dependency management. By encapsulating the installations of the Ruby programming language into separate command-line-driven environments, you can more easily control version dependencies. RVM, coupled with a Gem management framework like Bundler, can make language-based dependency conflicts a thing of the past–you simply need to verify that there is a version of the Gem you are working with that is compatible with your current installation. Furthermore, using RVM allows you to be confident that only the Gems you need will be installed. Each Ruby environment managed by RVM has its own set of Gems, and as such there is no cross-contamination between apps that may use Gems that affect the Ruby execution environment itself.
.

Simplifying Deployment

In addition to mitigating breaking changes and resolving dependency conflicts, RVM can ease the deployment process for Ruby applications. RVM offers features like “Named Gemsets”, which allow you to quickly and easily specify the dependencies for your Ruby application. Furthermore, Ruby uses a shared cache of gem versions, which reduces the overall disk space used by your Ruby deployment. Finally, RVM works to ensure that all of the specified dependencies are contained entirely within user space, reducing security risks and removing the need to run your application as the root user.
.

Conclusion

The above article only scratches the surface of the functionality offered by RVM. By using RVM to manage your application’s environment, you can ease deployment concerns, mitigate upgrade issues, and create a reliable set of dependencies for your Ruby application. Coupled with tools like Bundler, RVM makes installing, running, and managing a Ruby application a simple and streamlined process.

Atlantic.Net

We offer many one click cloud install applications which also offer a simple and streamlined process.   We have many popular applications like WordPress, cPanel Hosting and Docker Hosting.
.


How to: FreeBSD Network Administration

Jose Velazquez September 14, 2015 by under Cloud Hosting 0 Comments
Verified and Tested 08/18/15

Introduction

Networks are composed of two or more devices that form one group, and each device is assigned a unique IP, that identifies them to that specific group. In order to keep things organized and protected withing a network, Network Administration is very important. In this how-to we will walk through the Network Administration on a FreeBSD server.

Prerequisites

A FreeBSD server configured with a static IP address. If you do not have a server already,  spin up an Atlantic.Net reliable SSD Cloud Server.

Set up your IP address in FreeBSD

First of all,  let us look at your current active interface configurations so we can Identify some important settings that make it all work. To see your network configurations type the following command:

ifconfig
This is the output after running the ifconfig command in FreeBSD

This is the output after running the ifconfig command in FreeBSD

Do not be alarmed of all the information that you see on the screen. We will need to identify the following two pieces of important information so we can properly verify and configure a network interface.

Interface: Usually identified as ethX, our virtualized instance names the interfaces in the above output as vtnet0 and vtnet1. These interfaces are the point of connection between the device and the private or public network that they are connected to.inet: This is the IP addressed configured for use on the interface. Above, you can see that IP 10.50.2.10 is configured on interface vtnet0.

Static IP Address in FreeBSD

Static IP’s are IP addresses that are assigned to specific devices and will remain assigned until the IP it is removed or changed. Adding a static IP address could be accomplished using two different methods.  You could set the IP so that it holds that address temporary, which will then be removed once the device or networking is restarted, or you can assign it permanently.

To configure a temporary static IP address, you could run the following via command line:

ifconfig vtnet0 10.50.2.10 netmask 255.255.255.0
ifconfig vtnet0 10.50.2.10/24

If you would rather permanently assign the IP address, you’ll need to make some changes to the network configuration files.  Unlike the temporary one, you could reboot the device, and once it’s turned back on, it will hold the IP address that you specifically assigned to it.

Configuring a permanent IP can be done by editing the rc.conf file. First, open the rc.conf file using a text editor with the following command:

vi /etc/rc.conf
Locate the line that reads “ifconfig_ “and replace IP address that is there with the one that you want the system to have permanently.
Note: This can be done two different ways, depending entirely on your preference for subnet notation:
ifconfig_vtnet0="10.50.2.10 netmask 255.255.255.0"
or
ifconfig_vtnet0="10.50.2.10/24"

Default Gateway in FreeBSD

You will also need to configure the default Gateway for your network interface. The default gateway is the next hop on your network and is typically a router or switch that handles network connectivity and routing. The gateway is usually the first IP address in an IP range which gives you access in and out of the network that it belongs to. Setting the default gateway (called defaultrouter in FreeBSD) is again done by editing the rc.conf file.

vi /etc/rc.conf

Locate the “defaultrouter=” line and adding the Gateway IP address.

defaultrouter="10.50.2.1"
 Alternatively, you could also add a default gateway address with the following command, though this will only be a temporary addition:
route add default 10.50.2.1

If you would like to remove the default gateway address, this can be accomplished via with the following command:

route delete default

Dynamic IP Address in FreeBSD

Dynamic IP’s are random IP addresses that could be assign or leased to specific devices. They are held by the device for a period then released and then the device would grab another IP. Adding a Dynamic IP address could be accomplished using two different methods.  You could set that device  IP so that it holds that address temporary, which will then be removed once the device is restarted, or you can assign it permanently.

To configure a temporary dynamic IP address, you could accomplish this using any one of with the following  command:

dhclient vnet0
 To set up you system so that it always receives a dynamic IP Addresses, we must configure the system manually. As before, first open the rc.conf file using a text editor with the following command:
vi /etc/rc.conf

Now, Locate the line that reads “ifconfig_ “and replace IP address that is there with the DHCP setting that it will permanently have. This should look like the following:

ifconfig_vtnet0="DHCP"

DNS Servers in FreeBSD

DNS servers are specific servers with large libraries of registered domains which directs your request when you search a domain in your web browser. These are public servers that can be used by anyone. Google has them available along with many other companies. However, we will be using Atlantic.Net’s name servers so that domain lookup can occur quickly. This can be completed by editing the “resolv.conf” file using your text editor with the following command:

vi /etc/resolv.conf

Add your name servers to the “resolv.conf” file using the following lines (each line representing one name server, these are used for Atlantic.Net Cloud Servers.).

nameserver 209.208.127.65
nameserver 209.208.25.18

What Next?

Congratulations! This completes our session on FreeBSD Network Administration. Thank you for following along! Check back with us for further updates and try one of our top Cloud hosting solutions.

How to Install FEMP (FreeBSD 10, Nginx, MySQL, PHP) on a Cloud or VPS Server

Jose Velazquez September 10, 2015 by under Cloud Hosting 0 Comments
Verified and Tested 09/02/15

Introduction

This how-to will guide you through installing a FEMP stack. FEMP is simply a software bundle that consists of 4 components that work together to form a powerful web server.  However, in this setup the acronym’s are as follows: FreeBSD 10 (F) is the core of the platform which will sustain the other components. Nginx (E) is used for the web service. MySQL (M) is used for database management,  and PHP (P) is used as the programming language.

Prerequisites

You need a FreeBSD server that is configured with a static IP address. If you do not have a server already, you can visit our Cloud Hosting page and spin a new server up in under 30 seconds.

Install FEMP on FreeBSD 10

To get started, login to your FreeBSD server via SSH or Console. If you are using the Atlantic.Net cloud service, note that they are setup as minimal installations to avoid having unnecessary packages from being installed and never used. If some software packages that you’re used to using aren’t installed by default, feel free to install them as needed.

Let us download nano so we can simplify this tutorial.

pkg install nano

Let’s make sure that your server is fully up-to-date so we can complete the preparation.

freebsd-update fetch
freebsd-update install

With the server up-to-date, we can continue the process and install FEMP on your server.

Install Nginx on FreeBSD 10

Begin by installing Nginx with the following commands:

pkg install nginx
Rehash

Enable and start the Nginx service with the following commands:

sysrc nginx_enable=yes
service nginx start

You can now verify that Nginx is installed correctly by typing http:// and your IP address on your browser(http://YOUR.IP.ADD.RESS ).

To get your servers IP Address enter the following command:

ifconfig vtnet0 | grep "inet " | awk '{ print $2 }'
This is the test page created to verify Nginx was installed correctly in FreeBSD

This is the test page created to verify Nginx was installed correctly in FreeBSD

Configure Nginx on FreeBSD 10

The first change to the configuration file is to make a backup of the original config, just in case anything ever happens and we want to revert back. We will accomplish this task by moving the file and renaming it nginx.conf.backup.

mv /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/nginx.conf.backup

Now, we create the nginx.conf file with the following command:

nano /usr/local/etc/nginx/nginx.conf

Paste the following configurations to your empty file then save your session.

Note: To simplify our configurations, this file contains the PHP configurations as well.

user www;
worker_processes  1;
error_log /var/log/nginx/error.log info;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    access_log /var/log/nginx/access.log;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        server_name  example.com www.example.com;
        root /usr/local/www/nginx;
        index index.php index.html index.htm;

        location / {
            try_files $uri $uri/ =404;
        }

        error_page      500 502 503 504  /50x.html;
        location = /50x.html {
            root /usr/local/www/nginx-dist;
        }

        location ~ \.php$ {
                try_files $uri =404;
                fastcgi_split_path_info ^(.+\.php)(/.+)$;
                fastcgi_pass unix:/var/run/php-fpm.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $request_filename;
                include fastcgi_params;
        }
    }
}

After, we will create the log file directory for Nginx and create the empty log files. This will allow the system o store errors and helpful information for troubleshooting.

mkdir -p /var/log/nginx

Create the access and error log files with the touch command:

touch /var/log/nginx/access.log
touch /var/log/nginx/error.log

By default, Nginx has the web files going to the “nginx-dist” directory via a symbolic link. We must remove that link and point it to the correct location that is the “nginx” directory.

rm -rf /usr/local/www/nginx

Then remake the directory with the following command:

mkdir /usr/local/www/nginx

With the link broken/removed and the new directory made, we need to copy the index.html file to the new directory with the following command:

cp /usr/local/www/nginx-dist/index.html /usr/local/www/nginx

Finally, restart Nginx and the system, so  all the configurations take effect with the following commands:

service nginx restart
rehash

Install MySQL on FreeBSD 10

We then would like to continue by installing MySQL. After running the following MySQL, command hit y and then enter to confirm your installation.

pkg install mysql55-server

Enable and start the MySQL service with the following commands:

sysrc mysql_enable=yes
service mysql-server start

Configure MySQL on FreeBSD 10

To ensure the security of the default settings of MySQL, continue with the command below:

mysql_secure_installation

Note: When prompt with “Enter current password for root” hit enter for none then Y(Yes) to set MYSQL password. You will then be prompted with a series of questions. Just type Y for yes on all of them, see the screen shot below:

This is the secure installation of screen when installing MySql on a FreeBSD FEMP Stack server.

This is the secure installation of screen when installing MySql on a FreeBSD FEMP Stack server.

Restart the MySQL and the system, so  all the configurations take effect with the following commands:

service mysql-server restart
rehash

Install PHP on FreeBSD 10

Finally, we will conclude with the FEMP Stack by installing PHP and configuring it to work with Nginx.

pkg install php55-mysql php55-mysqli

With PHP installed, we can go ahead a begin the preparation to configure it with Nginx. Copy the sample PHP configuration file to the correct location.

cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini

Enable and start the PHP-FPM service with the following commands:

sysrc php_fpm_enable=yes
service php-fpm start

Configure PHP on FreeBSD 10

We will now have to make minor changes to the PHP-FPM configuration. Using your text editor, type the following command to access the configurations.

nano /usr/local/etc/php-fpm.conf

Locate the line that reads listen = 127.0.0.1:9000 and replace it with the following line, so it listens to php-fpm.sock:

#locate
listen = 127.0.0.1:9000
#Replace
listen = /var/run/php-fpm.sock

Then you will need to locate the following lines and uncomment(Remove the semi-colon) from them:

listen.owner = www
listen.group = www
listen.mode = 0660

Go ahead and create the PHP file to make sure that it works with the following command:

nano /usr/local/www/nginx/info.php

Then insert the following PHP script to the empty info.php file with the following command:

<?php phpinfo(); ?>

Additionally, restart the PHP-FPM, so  all the configurations take effect with the following command:

service php-fpm restart

Finally, restart Nginx and the system, so  all the configurations take effect with the following commands:

service nginx restart
rehash

You can now verify that PHP is installed correctly by typing the following on your browser. Below is the default page after installing PHP on an FEMP Stack FreeBSD server when viewing the following URL: http://YOUR.IP.ADD.RESS/info.php

This is the default page after installing PHP on an FEMP Stack FreeBSD server

What’s Next?

Congratulations! You now have a server with an FEMP Stack platform for your web environment. Thank you for following along and feel free to check back with us for further updates.


How to: DRBD Replication and Configuration

Paul Cortes September 9, 2015 by under Cloud Hosting 0 Comments

Introduction

This how-to will help walk you through the DRBD replication and configuration process. Distributed Replicated Block Device (DRBD) is a block level replication between two or more nodes and is used as a replacement for shared storage by created a networked mirror. DRBD is used in environments that require systems or data to be Highly Available.

Prerequisites

* Two servers running Debian GNU/Linux Distribution. Other versions of Linux will work as well, but the installation packages may be different.
* Both servers should be directly cross-connected together, or have a separate Network Interface for private communication.
* Both servers should have the same partitioning. This walkthrough assumes that both systems have a single /dev/sdb device that is going to be used as the
DRBD volume.

If you do not have a server or need a new one, check out the industry-leading cloud server hosting from Atlantic.Net.

Read More


How to: Initial Debian 8.2 Server Setup

Jose Velazquez September 5, 2015 by under Cloud Hosting 0 Comments

Introduction

This how-to will help you with your initial setup on Debian 8.2 so that you can successfully secure your server while giving you the peace of mind knowing your server is protected.

With any server, the primary goal should always be security. Many users are victims of malicious infiltrations on their servers due to the lack of security boundaries established from the beginning. Let us begin on the right path by laying our foundation with security.

What Do You Need?

You need a Debian 8.2 server that is configured with a static IP address. If you do not have a server already, you can visit our cloud server page  and spin a new server up in under 30 seconds.

Server Preparation

To get started, log in to your Debian 8.2 via SSH or the VNC Console in cloud.atlantic.net. Atlantic.Net Cloud servers are setup as minimal installations in order to avoid having unnecessary packages from being installed and never used.  Because of this, let’s make sure that your server is fully up-to-date and the sudo service is installed.

apt-get update
apt-get install sudo

With the server up-to-date, we can continue the process and secure your server.

Update Root Password on Debian 8.2

Update the Root Password as you will be the only person who will know it. We recommend a minimum of 8 characters, including lowercase, uppercase, and numbers.

passwd

Create a new user withsudo privileges on Debian 8.2

Creating a new user with sudo privileges will allow you to easily manage your server without having to worry about accidentally making unwanted changes. Let us create the user1!

adduser user1

Fill in the information that applies to the user and confirm the information

[email protected]:~# adduser user1
Adding user `user1' ...
Adding new group `user1' (1000) ...
Adding new user `user1' (1000) with group `user1' ...
Creating home directory `/home/user1' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for user1
Enter the new value, or press ENTER for the default
 Full Name []: user1
 Room Number []:
 Work Phone []:
 Home Phone []:
 Other []:
Is the information correct? [Y/n] y

In Debian 8.2 by simply adding your user to the sudo group, will grant sudo privileges for that user by typing sudo before running any command. Let us add the user are to the sudo group.

adduser user1 sudo

ID8S-1

Upon completion, you can use the su – user1 command to change the user from root to user1. It is important to remember that you will then have to use sudo before running any command with the user.

Configure SSH Access on Debian 8.2

In Linux systems port 22 is the default port for remote connections via SSH. By changing the ssh port you will increase the security of your server in preventing brute force attacks and unwanted users from reaching your server(I will use Port 5022 for this tutorial). Open your SSH Configuration file, find the Port line, and change Port 22 to your Custom port Save and exit.

sudo nano /etc/ssh/sshd_config

# What ports, IPs and protocols we listen for

Port 22 to 5022

 

For your system to update the new settings from the SSH Configuration file, we must restart the sshd service.

sudo systemctl restart sshd.service

SSH has now been configured to use Port 5022 and if you attempt to login using Port 22, your login will fail.

Limit Root Access on Debian 8.2

Since we’ve created a new user with root permissions, there’s no need keep the actual root user available and vulnerable over SSH on your server. Let us restrict the root users access to be available on the local server only and granting permission to the new user over SSH.

Open the SSH Configuration file, find the PermitRootLogin line and change it from yes to no.

sudo nano /etc/ssh/sshd_config
PermitRootLogin no

For your system to update the new settings in the SSH Configuration file, we must restart the sshd service.

sudo systemctl restart sshd.service

Create a Private SSH Key on Debian 8.2

Private/Public SSH Keys are great additional features that increase security in the method a server is accessed. However, it takes a bit more effort to setup. The question is, Is your server worth the extra security? If you would like to implement this security feature and additional measures you can continue with the following steps as well, let us proceed and generate the SSH Key.

ssh-keygen

If you want to change the location where the SSH Key will be saved,  you can specify it here, if not the default location is OK. Press enter when you are prompted with the following question then enter a passphrase, unless you don’t want one.

Enter file in which to save the key (/home/user1/.ssh/id_rsa):

You will then see the following information on the screen.

ISST-1

Configuring the SSH Key is crucial, we must copy the full key string to a Word/ Notepad Document. The Key can be viewed in the following location by using the cat command.

cat ~/.ssh/id_rsa.pub

Copy the SSH key beginning with ssh-rsa and ending with [email protected] into your Word/ Notepad document so we can add it to the config file. Once the SSH Key is stored safely, we must make more changes on the server. This is where the sudo privileges for your user1, steps in.

su - user1

The directory for the SSH Keys needs limited permissions which only the owner can read, write and execute the file.

sudo chmod 700 .ssh

Within the SSH directory, a file containing the SSH Key must to be added, simply using your editor (in this case VI) the following location:

nano .ssh/authorized_keys

Paste the SSH Key then save and exit using the nano format.

Finally, we have to limit the privileges of the authorized_keys file that we just created so only owner can read and write.

chmod 600 .ssh/authorized_keys

We can now verify that the key is working by closing your session and by typing the following in your SSH Console [email protected] or your servers hostname. This can be accomplished with the following command:

ifconfig eth0 | grep inet | awk '{ print $2 }'

Furthermore, you can click “here” to see our How To Generate and Use SSH Keys article.

Basic Firewall Rules on Debian 8.2

By default your Atlantic.Net’s Debian 8.2 Server is not loaded with a firewall. However, depending on your preference you may install any of the following: firewalld, iptables, etc. In this part, I will be using Firewalld which uses the firewall-cmd tool in order to configure its rules. We must first install the Firewall service with the following:

sudo apt-get install firewalld

We must now allow our custom SSH Port that was created earlier in order to to access the server publicly. Also, there are several other rules that’s can be used depending the type of server that you wish to deploy.

sudo firewall-cmd --permanent --add-port=5022/tcp

If you have a web server you may want to allow the following rules so your sites could be accessed over the internet.

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

If you have a mail server, you may want to allow the following rules if you will be using your server for incoming POP3 settings. Port 110 is the standard port and port 995 is for a more secure connection using SSL.

sudo firewall-cmd --permanent --add-service=pop3s

Furthermore, you may want to allow the following rules if you will be using your server for outgoing SMTP settings.

sudo firewall-cmd --permanent --add-service=smtp

Finally, you may want to allow the following rules if you will be using your server with IMAP settings.

sudo firewall-cmd --permanent --add-service=imaps

Save your work and exit.

In order for Firewalld to accept those settings you must restart the firewall.

sudo firewall-cmd --reload

Your settings will have been saved and you are ready to proceed by verifying all the services/ports that are available by  running the following:

sudo firewall-cmd --permanent --list-all

 

NTP Time Sync on Debian 8.2

The NTP (Network Time Protocol) is basically used to synchronize the time and date of computers over the network in order to remain accurate and up to date. Let us begin by installing the NTP service (if it hasn’t been installed already) and configure the service to synchronize with their servers.

sudo apt-get install ntp

Once the NTP service is installed, we need to make sure that the service is ON.

sudo /etc/init.d/ntp start

Having the service ON , it will automatically synchronize the server’s time information with NTP’s  server.

Add Swap File on Debian 8.2

A Swap file is simply a small amount of space created on a servers hard drive to simulate Ram. In the event that the server is running low on memory it will look at the hard drive and ease the load tricking the system to think it has more memory. We will set up the swap file on the hard drive to increase the performance of the server just a little bit more.

Begin by checking your resources to make sure we can add the file. When you run the following command you will see the percentage space on your Hard drive that is currently being used.

df -h

When creating a Swap file usually you want to add half of your existing RAM up to 4GB(If you have 1GB of actual Ram then you add a 512MB file). In this part I will be adding a 512MB swap file to the drive. The way that this is calculated is by 1024 x 512MB = 524288 block size.

sudo dd if=/dev/zero of=/swapfile bs=1024 count=524288

Now that we have added a swap file, a Swap file area needs to be created in order to proceed.

sudo mkswap /swapfile

With the Swap file created and the Swap file area added we can go ahead and add permissions to the file so that only the owner can read and write.

sudo chown root:root /swapfile
sudo chmod 600 /swapfile

Now that the swap file has the appropriate permissions we can go ahead and activate the it.

sudo swapon /swapfile

You can verify your newly added Swap file with the following.

sudo swapon -s

In order to make the Swap file always active even after a reboot, we must configure it accordingly.

sudo nano /etc/fstab

Paste the following command at the bottom of the file save your work and exit.

/swapfile              swap   swap     defaults     0 0

Finally, verify if your swap file is activated by typing the following command:

free -m

ID8S-2

What Next?

You now have a server with a strong security foundation that will give you the peace of mind knowing that your server is protected. You could begin installing any additional software depending the purpose of the server.


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.