Like most OSs out of the box the system is set to get it’s IP address from a DHCP server (i.e. dynamically). On the rare occasions I’m deploying Linux its to perform a specific task, so in nearly all cases I want it to have a static IP. Here is how to achieve that.
Solution : Ubuntu Static IP
Disable Cloud-Init
Since Ubuntu version 18.04, it has shipped with this enabled, you can proceed with it enabled, but the procedure is different and your efforts can be ignored, so I simply disable it. the first command sees if its running (if it yields any output, {as shown} then it is).
Remember: This procedure changes the IP address, if you are connected remotely by SSH for example, you may lose connectivity. Perform this at the console or ensure you can reconnect to the new IP address (post change).
Paste in the following, then save and exit (CTRL+X > Y > Enter).
[box]
network: {config: disabled}
[/box]
Then reboot the machine.
[box]
reboot
[/box]
Ubuntu Static IP Netplan
Ubuntu will apply a set of network configuration settings that are formatted as YAML. Before we create that file let’s look to find out what our network interface is called, what the current IP address and network range is, and where the default gateway (or default route) has been pointed to.
[box]
ip addr
ip route
[/box]
From the above we can see our interface is called ens33 (yours may be called something different like eth0), it has an IP address of 192.168.100.103/24 (i.e it has a netmask of 255.255.255.0), and its default gateway is 192.168.100.1 To see the current netplan we need to look in/etc/netplan as you can see (below) mines called 50-cloud-init.yaml (yours may have a slightly different name, so change to the directory and list is contents to make sure.
[box]
cd /etc/netplan
ls
sudoedit {name-of-your-netplan-file}.yaml
[/box]
Here is an idea of what your file may currently look like.
And here is one I’ve edited to include the required IP 192.168.100.20/24 and the default route (gateway) 192.168.100.1, and my local DNS servers 192.168.100.10 and 192.168.100.3.
[box]
network:
ethernets:
ens33:
dhcp4: no
addresses:
- 192.168.100.20/24
routes:
- to: default
via: 192.168.100.1
nameservers:
addresses: [192.168.100.10,192.168.100.3]
Version: 2
[/box]
Save and exit the file, then apply the netplan (Note: if you are connected via SSH you may lose connectivity).
Note: For an example of setting up a bridged network see the link below.
[box]
sudo netplan apply
AT THIS POINT CHECK CONNECTIVITY
[/box]
Related Articles, References, Credits, or External Links
Not sure why KVM does not come preconfigured for this out of the box, and it took me a very long time to work out how to do this. But if you want your KVM VMs to behave as if they are on your production LAN (rather than the default of setting up DHCP and NAT). The default is fine but if you want to access your VMs from outside the host you need to setup bridged networking.
In my example I want my VMs to get an IP address from my DHCP server.
Solution : Bridge Network
Currently you probably have an IP address on the host itself (192.168.100.20) the process is to create a network bridge, Move the IP address from your network interface so that it is now ON THE BRIDGE, add the network interface to the bridge, then finally move the VMs onto the bridge.
The following commands with display your current virtual networks, and current bridges, then we will create a new bridge (br0), and finally make sure that new switch is listed.
[box]
virsh net-list --all
brctl show
sudo brctl addbr br0
brctl show
[/box]
We need to change the IP address location so edit your current netplan.
[box]
ls /etc/netplan
TAKE NOTE OF THE NAME
sudoedit /etc/netplan/{name-of-netplan-file}.yaml
[/box]
Edit Netplan
Example (Note: you will need to enter YOUR details and your interface mat have a different name e.g. eth0)
Now before we apply the netplan we created earlier take a look, our IP address is currently on interface ens33 when we have finished it will move to the br0 network.
[box]
ip addr
sudo netplan apply
[/box]
Now check again, and ensure the bridge now has the IP address.
[box]
ip addr
[/box]
We are now going to define the bridge, sudoedit won’t work in the home directory so I’m using vi instead.
[box]
vi host-bridge.xml
[/box]
Text
Paste in the following, then save and exit (Esc > wq!)
From the file we just created, we will define the new bridge network, start the network, then set it to autostart with the host, then finally we make sure its defined and listed.
List the registered VMs, then edit the VM you want to change.
[box]
virsh list all
virsh edit {VM-Machine-Name}
[/box]
Locate the source network= section and change it from default .
To host-bridge then save and exit the file.
I manage my VMs with Cockpit, and they were working fine, but they were asking to be restarted. I did that with mixed results. (some worked others didn’t).
I had 100% success by removing the old network connections, and adding a new one like so, this was for an Ubuntu guest VM (Note: if it’s a Windows VM, use a e1000e model card instead).
Related Articles, References, Credits, or External Links
I’ve been looking at KVM for a couple of reasons, firstly people are looking at VMware alternatives, now there’s no ‘free version‘, and secondly the firm I work for have potentially a large KVM to VMware migration on the horizon, so I thought I’d build it on the test bench and see how best to address that migration scenario.
Note: This was written with Ubuntu version 24.04, which was current at the time of publication, if the experience has taught me anything it’s the commands and procedures may well change in future versions. If you are reading this in the distant future and something needs tweaking let me know below, so I can try to keep things up to date.
Solution : Ubuntu KVM
Update Ubuntu.
I’m assuming you’ve already got an Ubuntu server installed ready to go, the first task is to ensure its fully up to date.
[box]
sudo apt update && sudo apt upgrade -y
[/box]
Go and have a coffee, when complete simply reboot the server.
[box]
[ -e /var/run/reboot-required ] && sudo reboot
[/box]
Ubuntu KVM (CPU Checker)
All modern physical servers will now have the virtualisation CPU elements enabled in BIOS, It’s been many years since I had to go and enable them, but if you on an old piece of tin, or someone’s disabled them, you need to check they are available. Note: This is more a problem id you intent to run Ubuntu nested inside another hypervisor like VMware ESX, or Hyper-V where you have to manually expose the virtualisation elements to a guest VM (often called nested virtualisation).
To make sure, we install cpu-checker.
[box]
sudo apt install cpu-checker
[/box]
Then to test the CPU run the kvm-ok command and ensure it responds KVM acceleration can be used.
Finally ensure all is well run virsh version and ensure the components look like the following (note some may have newer versions depending on how far in the future you are following along).
[box]
virsh version
[/box]
Ubuntu KVM: Install Cockpit
Cockpit is a web based GUI where you can directly interrace with Linux, you can create run and manage your virtual machines from command line, but this is a little easier for most people.
[box]
sudo apt install cockpit
[/box]
When complete add the machines plugin (for managing virtual machines) and podman plugin (for managing containers).
[box]
sudo apt install cockpit-{machines,podman}
[/box]
Then enable Cockpit to AutoStart with the host and check its status. Take note of the port it is running on (highlighted below, this is usually TCP port 9090).
[box]
sudo systemctl enable --now cockpit.socket
systemctl status cockpit.socket
[/box]
Connect to the Ubuntu KVM server using a web browser to port 9090 (https://{ip-address-or-host-name}:9090 and log in.
Select “Turn on administrative access” and supply your password to authenticate again.
Ubuntu KVM Creating Guest VMs
I prefer to have the ISO files that I will build my VMs from on the server itself, so I upload them into the /tmp directory on the Ubuntu host. Below I’m using WinSCP because its free and it’s simple to use,
In Cockpit navigate to virtual Machines > Create VM.
Enter the details, and the path to the ISO file you uploaded above > Create and Run.
Now if you select the server you get a nice VNC remote console which you can interact with to build and manage the server remotely.
What you will notice is at this point your VMS get an IP address from the KVM host which will NAT the traffic to the outside world, which is fine. But if you want to access these VMs FROM the outside world then you have a problem (no, routing the traffic back to the KVM server manually or adding static routes to your other devices does not work) Well it didn’t for me! So a more likely scenario is you want bridged networking, where your VMs will get an IP address on your live LAN. I’ll be showing you how to do that next
Related Articles, References, Credits, or External Links
The certificate here at PNL expired over the weekend, I got a new one and installed it. All appeared to be fine until I did an online check to make sure it was OK.
The server’s certificate chain is incomplete
Solution
I had this problem once before, back then I was using Apache and CentOS7, and things were a little different, (now I’m using NGINX and Ubuntu 18.04). Essentially you see this error because you have bought a ‘cheap‘ SSL certificate. There’s nothing wrong with that per se, but they tend to be issued from an ‘Intermediate CA‘. Again there’s nothing wrong with that either, but to improve your score you need to ‘Embed‘ the intermediate certificate, into your SSL certificate, (or all the intermediates back to a Root CA Server, if you have multiple intermediate certificates!)
Here I have ONE intermediate, (which is pretty normal.)
There a no special tools you require to be able to do this, other than a simple text editor, you open your SSL certificate and ‘Paste” the intermediate certificate on the bottom. (DO NOT ADD ANY EXTRA SPACES). Like so;
Note: As you can see, you DON’T put the Root CA certificate at the bottom, (clients should already have them!) I made this mistake then got the following error;
[box]
Jun 23 14:12:29 localhost nginx[1197]: nginx: [emerg] PEM_read_bio_X509("/etc/nginx/ssl/www_petenetlive_com.crt") failed (SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line)
Jun 23 14:12:29 localhost nginx[1197]: nginx: configuration file /etc/nginx/nginx.conf test failed
[/box]
Retry your test.
Related Articles, References, Credits, or External Links
Note: This is to install the VMware Tools NOT the OPEN-VM-TOOLS.
I’ve had to do this a few times now, and every time I Goolge how to do it, I get pages of instructions on how to install the open vm tools. When what I really want is to install the VMware Tools.
Solution
I’m using vSphere ESX, but even if you are using VMware Workstation or VMware Fusion, you can still select ‘Install/Upgrade VMware tools’, this presents a DVD image to the virtual machine.
The install for VMware tools uses Perl, so you will need to have that installed.
[box]
yum install perl
[/box]
Now we are going to mount the virtual CDROM/DVD drive into a folder, (called/mnt). Then when we have a look inside this folder, you will see the VMwareTools-{version}.tar.gz (take a note of this).
[box]
mount /dev/cdrom /mnt
cd /mnt
ls
TAKE NOTE OF THE VERSION!
[/box]
Unzip those files into the /tmp directory, then run the installer.
[box]
cd /tmp
tar zxf /mnt/VMwareTools-9.10.0-2476743.tar.gz
cd vmware-tools-distrib
./vmware-install.pl
[/box]
Keep pressing {Enter} to accept the defaults, when complete the mounted VMware tools DVD will be ejected.
Related Articles, References, Credits, or External Links
A few weeks ago I did a series on setting up a new WordPress site, shortly after I had some problems uploading my caching plugin (wp-rocket). This was the error I got;
413 Request Entity Too Large
nginx/1.10.3 (Ubuntu)
Anyway, I fixed the error, and a few days later I got an email from someone with the same problem, so I thought this time I would document the fix.
Solution
Note: I’m going to raise the limits to 100Mb this might be far to large for you, 20 or 50Mb might be more sensible for most sites.
Firstly you need to make an entry in the nginx.conf file
[box]sudo nano /etc/nginx/nginx.conf[/box]
If you’re unused to working in these config files, you are looking for the http section, just before this sections ends (i.e. before the end curly bracket ‘}’), insert the following text.
[box]client_max_body_size 100M;[/box]
Exit and Save the file (ctrl+x, then ‘y’ {Enter}.
Restart nginx.
[box]sudo service nginx restart[/box]
You will also need to enter the new values in the php.ini file.
[box]sudo nano /etc/php/7.0/fpm/php.ini[/box]
Change the following values, like so;
upload_max_filesize = 100M
post_max_size = 100M
Exit and save the file, then restart PHP.
[box]sudo service php7.0-fpm restart[/box]
Related Articles, References, Credits, or External Links
So you want your own web server running WordPress? Previously in Parts One and Two, we setup a new Linux box, and got all the prerequisites installed. Now it’s time to deploy WordPress.
Solution
There are a few extra bits we need to add to the PHP installation before we setup WordPress, to get those installed run the following command;
We are going to use the /tmp directory and download wordpress into that, you don’t need to worry about what version to download because the good folk at WordPress use the same URL for the latest version and keep it updated.
[box]
cd /tmp
curl -O https://wordpress.org/latest.tar.gz
[/box]
If you didn’t already guess from the file extension, the WordPress files are compressed, we need to ‘extract’ them.
[box]tar xzvf latest.tar.gz[/box]
WordPress has a file called wp-config.php in the root of the website that we will be editing in a while, so we are going to create that file by using the ‘sample’ file provided.
And, to save you hassle, (in future) we will pre-create the folder that WordPress will need when you eventually come to upgrade it, it will also, (after we have moved it in a minute), have the correct permissions.
Now we have all the files, but they are in the WRONG PLACE, they are all sat in the /tmp directory, but we want them in the root of your website, i.e. the /var/www/html directory. So to copy them (in bulk).
[box]sudo cp -a /tmp/wordpress/. /var/www/html[/box]
You won’t see anything happen, but if you have a look in your /var/www/html directory, the files will be there.
To set the correct permissions, execute the following commands;
COPY THAT TEXT TO THE CLIPBOARD (Yours will look different to the one above!)
Now edit the wp-config.php file, when its open go the the section that ‘looks like’ the text you copied above and paste your text over the top.
[box]nano /var/www/html/wp-config.php[/box]
While you are still in the file, you need to enter the database settings you setup in Part One. Near the top of the file you will see there’s a space for database name, username and password.
Enter your settings;
Save and close the file.
Now if you browse to your website, you should see the WordPress language selection, select your language and enter the settings and logon details for your website.
You will be logged into your sites admin panel (http://your-site/wp-admin). From here you can install new themes, add new plugins, and create new posts. Your website will now be ‘live’.
You may want to consider raising the maximum upload limit before proceeding;
Now the test if the web server is up and running, get the IP address (ifconfig), and browse to the IP address and you should see the nginx welcome page.
Note: If you get a 403 error, issue a ‘cp index.nginx-debian.html index.html‘ command and try again.
sudo systemctl start php7.0-fpm
systemctl status php7.0-fpm
[/box]
Now to enable nginx to pass information to the FastCGI server (allows php scripts to be executed outside the web server). Your nginx install should be taking its settings from a configuration file ‘/etc/nginx/sites-enabled/default’. To make sure execute an ‘nginx -t’ command. We need to edit that file.
Note: Below you will want to change the values in red to match your server, and the values in blue are optional. You can remove all the contents of the existing file and paste in the following.
# Default server configuration
server {
listen 80 default_server;
listen [::]:80 default_server;
# Set The Root Directory for the Entire Website
root /var/www/html/;
# Adding index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
# Add The Server IP Address or FQDN
server_name 123.123.123.12;
# Auto Remove and re-write .htm from requests (to maintain old back-links)
rewrite ^(/.*)\.htm(\?.*)?$ $1$2 permanent;
# The following does the WordPress Rewrites for the permalinks
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
# Allow the user to Cache Static files for 1 year
location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
expires 365d;
}
# pass PHP scripts to FastCGI server
location ~ \.php$ {
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
include snippets/fastcgi-php.conf;
}
}
[/box]
Now save and exit the file, make sure its ok by running;
[box]nginx -t[/box]
Providing it says ‘successful’ restart nginx.
[box]sudo systemctl reload nginx[/box]
Testing PHP7 Works
Make sure we are up and running on version 7.
[box]php –version[/box]
Now just to be sure we are going to create a test page, put in some PHP and make sure it works.
Create a file;
[box]sudo nano /var/www/html/test.php[/box]
Pete in the following;
[box]<?php phpinfo(); ?>[/box]
Save and exit the file, then browse to http://{ip-address}/test.php it should look something like the image below.
It’s considered bad practice to have that file on the server, so lets delete it with the following command;
[box]sudo rm /var/www/html/test.php[/box]
That’s us with a fully functioning nginx web server thats processing PHP, in part three we will install WordPress, connect it to the database we made easier, and then you will be ready to start posting.
Related Articles, References, Credits, or External Links
First of all not being able to connect to your Ubuntu server via SSH as root is ‘by design’, and it’s a perfectly good security measure. I do find it interesting that every hosting company I ever used, spin up a new machine and then email me the root password and they’ve enabled it anyway?
I needed to enable this recently and the internet is full of posts saying ‘just edit the config file, and restart the service’. What they don’t tell you is that the root user is disabled by default, even with a valid password, IT STILL WONT WORK!
Solution
Connect to your Ubuntu machine, and reset the root user password, (so you know what it is).
[box]sudo passwd root[/box]
As shown you will need to enter your password first, then enter and confirm a new root password.
Then ‘unlock the root account’;
[box]sudo passwd -u root[/box]
Note: If you ever want to ‘lock‘ it again, use (sudo passwd -l root).
Now you can edit the sshd config file;
[box]sudo nano /etc/ssh/sshd_config[/box]
Locate the line ‘PermitRootLogin’ and change it so it ONLY says yes (as below).
Note: Here I’m also changing the SSH port (to 2223 in this example, from the default port of 22), I usually change the default SSH port.
Now finally, restart the SSH Daemon, (that always looks like it’s spelled incorrectly!) With the following command;
[box]sudo service sshd restart[/box]
Don’t forget if, (like me) you changed the port, you will need to specify that in your client connection software (i.e. PuTTy or RoyalTSX).
Related Articles, References, Credits, or External Links
At the time of writing this site is running on CentOS7 LAMP (Linux Apache MySQL and PHP). Well I’m actually using MariaDB not MySQL as it’s ‘supposed’ to be a little faster, but they are similar enough to be accepted. I’m planning to migrate to Ubuntu 17 LEMP (Linux ‘EnginX’ MySQL and PHP) again with MariaDB. As the site is getting more traffic I want to utilise the better performance of nginx (I know I called it EnginX above but LNMP stack doesn’t sound so good, and nginx is ‘pronounced ‘engine x’).
So the following series of articles will be how to install nginx, MariaDB, PHP and WordPress.
Solution
Installing Linux
You have essentially two choices, do what most people do and go to a hosting company and rent a VPS, (virtual private server) for a monthly fee. Then when you set it up you can select what flavour of Linux you require, press go, and by the time you have had a coffee, they will have emailed you the IP and logon details, and Linux is already installed for you. You can of course install linux on your own server, and as long as you can make it publicly available use that.
The main difference is, if your hosting company build it for you, the root user will be enabled and you will connect with the root user and password. If you build your own server you will connect with user account and root will be disabled. If you know nothing about Linux that means to execute any system level commands you need to prefix them with ‘sudo’ (or type su and enter the root password). If you are logged in as root and use sudo it does not make any difference so I will prefix all the commands I use below with sudo to make things easier, just remember the first time you use sudo it will ask for your password again.
Why Ubuntu? Well I use CentOS presently, but while doing research there was little information on getting nginx and PHP7 running on CentOS, but there was for Ubuntu that’s the only reason I’m switching OS.
Update The Server
It might have been built from an image, but that does not mean that the image was up to date, thankfully that’s simple to do, run the following command to see if there’s any updates.
[box]sudo apt update[/box]
In my example theres two updates, I can upgrade to them with the following command, (you may be asked to answer ‘y’ for yes);
[box]sudo apt upgrade[/box]
Change the Linux SSH Port
Note: If you built the server, you may need to install openssh server.
[box]sudo apt-get install openssh-server[/box]
I’ve had servers compromised in the past so let’s start with some basic security, I always change the default SSH port, in this example I’ll use 2223 (instead of the default SSH port of 22).
Edit the SSH config file;
[box]sudo nano /etc/ssh/sshd_config[/box]
Uncomment and change the Port number to something other than 22, (make it above 1024 to be on the safe side, I’m using 2223).
Note: If you built your own server, and you are allowing root access to SSH you may want to see the following article;
Traditionally Linux uses iptables, (or FirewallD for CentOS.) I like iptables, because like all things Linux I worked out how to set it up, and wrote it down. Ubuntu has a ‘front-end’ to iptables thats still command driven, it’s called UFW (uncomplicated firewall). Which I didn’t want to learn about because I use iptables! But in all honestly UFW is so simple it’s painfully easy.
I want to allow TCP 80 (http), TCP 443 (https), and TCP 2223 (for my SSH server). And that’s it, block everything else incoming, allow the server to speak out, and secure the server.
Note: If it looks like it’s frozen, press Ctrl+C to get the cursor back
Set MariaDB to start when the server restarts;
[box]systemctl enable mariadb[/box]
Secure MariaDB: At the moment MariaDB will have a blank root password, (it has its own root user). So to secure it you simply run;
[box]sudo mysql_secure_installation[/box]
Note: It immediately asks for a password, (it will be blank so hit (Enter},) answer ‘Y’ to set a root password, set a fresh one (you will need it in a minute, so remember what it is!) Then accept all the defaults by just pressing {Enter}.
Create Your WordPress Database
WordPress needs a database, to get WordPress talking to MariaDB (or MySQL) you need three things;
A database name.
A username to access the database.
A password for that user.
So in the following example I will use;
Database Name: PETESDATABASE
Username: petesuser
Password: P@ssword12345
Execute the following commands one by one;
[box]
sudo mysql -u root -p
{Enter the root password you just set for MariaDB}
CREATE DATABASE PETESDATABASE;
CREATE USER 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
GRANT ALL ON PETESDATABASE.* TO 'petesuser'@'localhost' IDENTIFIED BY 'P@ssword12345';
FLUSH PRIVILEGES;
exit