SFTP (Secure Shell File Transfer Protocol) is a means of transferring files securely from a client to a server over a network.

Sometimes, you may want to grant SFTP access to allow users to upload files on your Linux server. However, this could pose a security risk to the entire file system.

To mitigate this risk, chroot is used. It changes the root directory of the user during an SFTP session, ensuring isolation from the main system.

Chrooted users cannot break the jail but can still run standard SFTP commands to manage their directories and files.

This is a step-by-step guide for creating an SFTP chroot environment on an Ubuntu 16.04 instance that locks users to their home directory while restricting shell access for security purposes.

Prerequisites

• A Linux server running Ubuntu 16.04.

• A non-root user with sudo privileges

Step 1: Creating an SFTP Group

To manage chrooted users, create a group using the groupadd command:

sudo groupadd sftpusers

Replace sftpusers with your preferred group name.

Step 2: Setting Up OpenSSH

SFTP operates over SSH and inherits its security features, including data encryption that prevents password sniffing and man-in-the-middle attacks.

OpenSSH reads configuration settings from /etc/ssh/sshd_config. Modify this file using a text editor such as nano:

sudo nano /etc/ssh/sshd_config

Locate the line:

#Subsystem sftp /usr/lib/openssh/sftp-server

And change it to:

Subsystem sftp internal-sftp

Add the following lines at the end of the file:

Match Group sftpusers
    ChrootDirectory %h
    X11Forwarding no
    AllowTcpForwarding no
    ForceCommand internal-sftp

Ensure to replace sftpusers with the group name you created.

Explanation of Configuration:

• Subsystem sftp internal-sftp: Configures the in-process SFTP server, simplifying chroot configurations.
• Match Group sftpusers: Applies the settings to users in the sftpusers group.
• ChrootDirectory %h: Restricts users to their home directory.
• X11Forwarding no: Disables X11 forwarding to limit access to graphical applications.
• AllowTcpForwarding no: Disables TCP forwarding to enhance security.
• ForceCommand internal-sftp: Ensures only the SFTP process runs upon login.

Restart the SSH daemon after making changes:

sudo service ssh restart

Step 3: Configuring User Accounts

Create and configure user accounts. For example, to create a user named jacob:

sudo adduser jacob

Follow the prompts to set the user password and details. By default, this command creates a home directory /home/jacob. Add the user to the sftpusers group:

sudo usermod -G sftpusers jacob

Change the ownership of the user’s home directory to root:

sudo chown root:root /home/jacob

Set the appropriate permissions:

sudo chmod 755 /home/jacob

Create subdirectories within the user’s home and assign ownership:

sudo mkdir /home/jacob/outbound
sudo chown jacob:jacob /home/jacob/outbound

sudo mkdir /home/jacob/inbound
sudo chown jacob:jacob /home/jacob/inbound
sudo chmod 700 /home/jacob/inbound

chmod 700 only allows jacob user to read and write and will not allow any other user to read.

Step 4: Testing the Configuration

Connect to your server using SFTP with the newly created user:

sftp jacob@<your-vps-ip>

Verify the connection by running the pwd command:

sftp> pwd
Remote working directory: /

Step 5: Confirming Shell Access Restriction

Attempt to connect via SSH with the restricted user credentials. If the setup is correct, shell access should be denied.

Congratulations! You have successfully created a chroot environment with SFTP access for your users.

The post Setup SFTP Server And Users In Ubuntu Linux appeared first on TEKSpace Blog.

The tutorial explains how to set up Postgres on an Ubuntu 20.04 server. It covers the installation process and includes instructions on creating a new user and database.

This tutorial focuses on PostgreSQL version 16.0.

Prerequisites

• Setup sudo user.

Step 1: Install PostgreSQL

Enable PostgreSQL APT Respository.

sudo sh -c 'echo "deb https://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main" > /etc/apt/sources.list.d/pgdg.list'

wget --quiet -O - https://www.postgresql.org/media/keys/ACCC4CF8.asc | sudo apt-key add -

sudo apt update -y && sudo apt upgrade -y

We will now install PostgreSQL packages.

sudo apt install postgresql postgresql-contrib -y

Next, we will start the PostgreSQL service and enable it to start the service on reboot.

sudo systemctl start postgresql.service && sudo systemctl enable postgresql.service

Step 2: PostgreSQL Roles and Databases

Postgres, by default, employs a mechanism termed “roles” for both authentication and authorization tasks. This is somewhat akin to the typical Unix-style user and group system.

When you install Postgres, it’s configured to use ident authentication. This means it links Postgres roles to corresponding Unix/Linux system accounts. If a role is present in Postgres, a Unix/Linux user with an identical name can log in under that role.

During the installation, a user named Postgres is established, which corresponds to the primary Postgres role. There are multiple methods to access Postgres using this account. One method is to transition to the Postgres account on your server using a specific command.

sudo -i -u postgres

Now, you can access the Postgres prompt by running the below command:

psql

This action will grant you access to the PostgreSQL interface, allowing you to immediately engage with the database management system.

To exit from the PostgreSQL interface, execute the subsequent command:

\q

Once you have exited the PostgreSQL prompt, you can easily switch back to your logged-in user from the Postgres user.

exit

Alternative way to connect to Postgres prompt:

sudo -i -u postgres psql

Step 3: Create A New Role in PostgreSQL

Once you are logged in as Postgres user, you can enter the below command:

createuser --interactive

Alternatively, you can also use the below command to run as sudo user.

sudo -u postgres createuser --interactive

output:

postgres@tekspace-db-dev:~$ createuser --interactive
Enter name of role to add: tekspace-db-dev
Shall the new role be a superuser? (y/n) n
Shall the new role be allowed to create databases? (y/n) n
Shall the new role be allowed to create more new roles? (y/n) n

Step 4: Create A New Database in PostgreSQL

When Postgres sets things up, it expects that each role (or user) will have a database with the same name they can use.

So, if you made a user named “tekspace-db-dev” before, it will try to connect to a database named “tekspace-demo” automatically. To make this database, you can use the “createdb” command.

If you’re using the Postgres account, you’d type a command similar to this:

createdb tekspace-db-dev

Alternatively, you can also run this with sudo user:

sudo -u postgres createdb tekspace-db-dev

Exit out of Postgres user:

exit

Step 5: Open a Postgres Prompt with A New Role

To sign in using ident authentication, your Linux username should match your Postgres role and database name.

If you don’t have a Linux username like that, you can make one using the “adduser” command. Perform this action with an account that has the necessary privileges, not the main ‘Postgres’ account. Please log in using a different account called ‘sudo’ instead of the main ‘Postgres’ account.

sudo adduser tekspace-db-dev

Output:

rahil@tekspace-db-dev:~$ sudo adduser tekspace-db-dev
[sudo] password for rahil:
Adding user `tekspace-db-dev' ...
Adding new group `tekspace-db-dev' (1001) ...
Adding new user `tekspace-db-dev' (1001) with group `tekspace-db-dev (1001)' ...
Creating home directory `/home/tekspace-db-dev' ...
Copying files from `/etc/skel' ...
New password:
Retype new password:
passwd: password updated successfully
Changing the user information for tekspace-db-dev
Enter the new value, or press ENTER for the default
        Full Name []:
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
Is the information correct? [Y/n] Y
Adding new user `tekspace-db-dev' to supplemental / extra groups `users' ...
Adding user `tekspace-db-dev' to group `users' ...

After a login user has been created, now you can navigate to Postgres prompt by executing the below command:

sudo -i -u tekspace-db-dev

To access the prompt in PostgreSQL as a newly created user, execute the following command after logging in:

psql

If you want to connect to a different database, you can specify the database as shown below:

psql -d postgres

Output:

tekspace-db-dev@tekspace-db-dev:~$ psql -d postgres
psql (15.4 (Ubuntu 15.4-0ubuntu0.23.04.1))
Type "help" for help.

Once you are logged-in, you can check your current connection information by executing the below command:

\conninfo

postgres=> \conninfo
You are connected to database "postgres" as user "tekspace-db-dev" via socket in "/var/run/postgresql" at port "5432".
postgres=>

That’s it! You have successfully set up a PostgreSQL server on an Ubuntu Linux server.

User & Database Management

CREATE DATABASE tekspace_db_dev;
CREATE USER tekspace_db_dev_user WITH PASSWORD 'super_secret_password';
GRANT ALL PRIVILEGES ON DATABASE tekspace_db_dev to tekspace_db_dev_user;

Next connect with admin account to a newly created database:

psql -h localhost -U postgres -d tekspace_db_dev -W

This is a workaround for PostgreSQL 15.

GRANT ALL ON SCHEMA public TO tekspace_db_dev_user;

Now connect to a newly created database with its user:

psql -h localhost -U tekspace_db_dev_user -d tekspace_db_dev -W

Change Password For Postgres USER

To change the password for Postgres user follow below steps.

sudo -i -u postgres

psql

ALTER USER postgres PASSWORD 'Super secret password';

The post How To Install PostgreSQL On Ubuntu Linux appeared first on TEKSpace Blog.

Install PHP-FPM

Install the latest version of PHP FPM. If there is a new version, select that version for installation.

sudo apt-get install php8-1-fpm

Check Service Status:

sudo systemctl status php8-1-fpm.service

Output:

rahil@localhost:$ sudo systemctl status php8.1-fpm.service
● php8.1-fpm.service - The PHP 8.1 FastCGI Process Manager
     Loaded: loaded (/lib/systemd/system/php8.1-fpm.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2023-09-25 18:28:47 UTC; 23min ago
       Docs: man:php-fpm8.1(8)
    Process: 14322 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/8.1/fpm/pool.d/www.conf 81 (code=exited, status=0/SUCCESS)
   Main PID: 14319 (php-fpm8.1)
     Status: "Processes active: 0, idle: 2, Requests: 0, slow: 0, Traffic: 0req/sec"
      Tasks: 3 (limit: 1013)
     Memory: 11.1M
        CPU: 83ms
     CGroup: /system.slice/php8.1-fpm.service
             ├─14319 "php-fpm: master process (/etc/php/8.1/fpm/php-fpm.conf)" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" ""
             ├─14320 "php-fpm: pool www" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "">
             └─14321 "php-fpm: pool www" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "">

Sep 25 18:28:47 localhost systemd[1]: Starting The PHP 8.1 FastCGI Process Manager...
Sep 25 18:28:47 localhost systemd[1]: Started The PHP 8.1 FastCGI Process Manager.

Configuring PHP-FPM Pool

Create group for WordPress site:

sudo groupadd wordpress_demo

sudo useradd -g wordpress_demo wordpress_demo

Next, let’s navigate to the PHP-FPM folder path to create a new configuration file:

cd /etc/php/8.1/fpm/pool.d/

Inside this folder create a new configuration file called wordpress_demo_pool.conf

sudo vi wordpress_demo_pool.conf

[wordpress_demo_site]
user = wordpress_demo
group = wordpress_demo
listen = /var/run/php/php8.1-fpm-wordpress-demo-site.sock
listen.owner = www-data
listen.group = www-data
php_admin_value[disable_functions] = exec,passthru,shell_exec,system
php_admin_flag[allow_url_fopen] = off
; Choose how the process manager will control the number of child processes. 
pm = dynamic 
pm.max_children = 75 
pm.start_servers = 10 
pm.min_spare_servers = 5 
pm.max_spare_servers = 20 
pm.process_idle_timeout = 10s
env[HOSTNAME] = $HOSTNAME
env[TMP] = /tmp

Insert the below command. Definition of each item is provided below:

• [wordpress_demo_site]: This is a unique identifier for the pool, ensuring no two pools share the same name.
• user and group: Specifies which user and group the pool operates under.
• listen: Defines the socket file’s name associated with this pool.
• listen.owner and listen.group: These should align with the user and group that NGINX operates under. For this scenario, it’s www-data.
• php_admin_value: Enables the setting of specific PHP configuration parameters.
• php_admin_flag: Used to define PHP boolean settings.
  pm: Manages processes, with the “Dynamic” value indicating that child process numbers adjust based on subsequent directives.
• pm.max_children: Indicates the peak number of concurrently active child processes.
• pm.start_servers: Represents the count of child processes initiated upon startup.
• pm.min_spare_servers: Denotes the least number of idle child processes. If idle processes drop below this, new ones are spawned.
• pm.max_spare_servers: Represents the upper limit for idle child processes. If this number is exceeded, some processes will be terminated.
• pm.process_idle_timeout: Specifies the ideal maximum for idle server processes. This is relevant only when the pm setting is “dynamic”. Beyond these configurations, it’s feasible to relay certain system environment variables to the php-fpm service, like using env[‘PHP_FOO’] = $bar. For instance, integrating the subsequent options in the mentioned configuration will assign the hostname and temporary directory path to the PHP environment.

PHP-FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features useful for sites with high traffic. One of the key features of PHP-FPM is its ability to manage PHP processes. The process manager (pm) is responsible for controlling the number of child processes, which in turn handle the PHP requests.

Here’s a breakdown of the PHP-FPM process manager for more details:

1. Types of Process Managers:
   PHP-FPM offers several ways to manage PHP processes:

• Static (pm = static): A fixed number of child processes are created. The number is specified by the pm.max_children directive. This mode is straightforward and can be efficient if you know the exact number of processes you need. However, it lacks flexibility.
• Dynamic (pm = dynamic): The number of child processes is set dynamically based on the following directives: pm.max_children, pm.start_servers, pm.min_spare_servers, and pm.max_spare_servers. This mode offers more flexibility and can adjust based on the demand.
• On-demand (pm = ondemand): Processes are spawned as needed. No child processes are created at startup, but they’re created on demand when there’s a request. This mode is the most flexible and can be efficient for sites with fluctuating traffic.

Benefits:

• Adaptability: PHP-FPM can adjust the number of child processes based on the traffic, ensuring efficient resource usage.
• Performance: By managing processes effectively, PHP-FPM can handle a large number of requests without overloading the server.
• Isolation: Each PHP request can be processed in a separate child process, providing isolation and security.
• Custom Configuration: PHP-FPM allows for pool-specific configurations, enabling fine-tuned settings for different websites or applications on the same server.

In summary, the PHP-FPM process manager provides a way to efficiently handle PHP requests by managing child processes. Depending on the configuration and the type of process manager chosen, PHP-FPM can offer a balance between performance and flexibility.

Restart fpm service to apply new changes:

sudo systemctl restart php8.1-fpm && sudo systemctl status php8.1-fpm --no-pager

Configure Nginx for PHP-FPM

server {
            listen 80;
            root /var/www/html/wordpress_blog/public_html;
            index index.php index.html;
            server_name blog.wordpress.xyz;

            access_log /var/log/nginx/wordpress_blog.access.log;
            error_log /var/log/nginx/wordpress_blog.error.log;

            location / {
                         try_files $uri $uri/ /index.php?$args;
            }

            location ~ \.php$ {
                         include snippets/fastcgi-php.conf;
                         fastcgi_pass unix:/run/php/php8.1-fpm-wordpress-demo-site.sock;
            }

            location ~ /\.ht {
                         deny all;
            }

            location = /favicon.ico {
                         log_not_found off;
                         access_log off;
            }

            location = /robots.txt {
                         allow all;
                         log_not_found off;
                         access_log off;
           }

            location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                         expires max;
                         log_not_found off;
           }
}

Next, test Nginx configuration.

sudo nginx -t

Restart Nginx Service:

sudo systemctl restart nginx

Testing PHP-FPM Nginx Configuration

To verify that the aforementioned NGINX configuration file is utilizing the newly established FPM pool, generate a PHP info file within the web root. In the above NGINX configuration file, I have designated /var/www/html/wordpress_blog/public_html as the web root. Modify this value to suit your setup.

echo "<?php echo phpinfo();?>" > info.php

Setting Permissions For WordPress

How we have set up PHP-FPM, it is crucial to set permissions to public_html folder. Execute the below commands:

sudo chmod -R 755 *
sudo chmod -R 664 *.php *.txt *.html
sudo chown -R wordpress_demo:www-data *

The post Configure PHP-FPM for Multiline WordPress Sites With Nginx appeared first on TEKSpace Blog.

1. Standard Output (stdout) Redirection: The standard output (usually the terminal) can be redirected to a file. This means that instead of seeing the output on your screen, it’ll be saved to a file.

• Overwrite a file: command > filename This will overwrite the filename with the output of the command.
• Append to a file:
  bash command >> filename
  This will append the output of command to filename without overwriting its current content.

1. Standard Error (stderr) Redirection: Sometimes commands generate errors, and these errors are sent to stderr.

• Overwrite a file: command 2> errorfile This will overwrite errorfile with the error messages from command.
• Append to a file:
  bash command 2>> errorfile
  This will append the error messages from command to errorfile.

1. Redirect Both stdout and stderr: If you want to redirect both standard output and standard error to the same file:

• Overwrite a file: command > filename 2>&1
• Append to a file: command >> filename 2>&1 The 2>&1 syntax tells the shell to redirect the standard error (file descriptor 2) to the same location as the standard output (file descriptor 1).

1. Pipes (|): The pipe operator allows you to use the output of one command as the input of another. This is very useful for chaining commands together.

   command1 | command2

The output of command1 is used as the input to command2.

5. Input Redirection: You can also redirect the input of a command:

   command < inputfile

This will use inputfile as the input to command.

6. Discarding Output: If you want to discard the output (or errors) of a command, you can redirect it to the special file /dev/null:

   command > /dev/null 2>&1

This discards both standard output and standard error.

NOTE: the order of redirections matters. For example, command > filename 2>&1 is not the same as command 2>&1 > filename. The first command redirects both the standard output (stdout) and standard error (stderr) to a file named “filename”. The second command redirects the standard output to the “filename” file, while keeping the standard error in its original location, typically the terminal.

The post How To Use Standard Redirection to Input or Output Commands appeared first on TEKSpace Blog.

1. Open the Crontab Editor:
   To edit the current user’s crontab, use the following command:

   crontab -e

2. Understand the Cron Time Format:
   Each cron job has a specific format:

   * * * * * /path/to/command

The five asterisks represent:

• Minute (0 – 59)
• Hour (0 – 23)
• Day of the month (1 – 31)
• Month (1 – 12)
• Day of the week (0 – 7, where both 0 and 7 represent Sunday)

1. Add Your Cron Job:
   For example, if you want to run /path/to/script.sh every day at 3:30 AM, you would add the following line to the crontab:

   30 3 * * * /path/to/script.sh

4. Save and Exit:
   After adding your cron job, save and exit the editor. The method to save and exit depends on the default editor set on your system:

• For vi/vim: Press Esc, type :wq, and press Enter.
• For nano: Press CTRL + O, press Enter, and then press CTRL + X.

4. View Current Cron Jobs:
   To view the current user’s cron jobs, use:

   crontab -l

6. Remove a Cron Job:
   If you want to remove a cron job, edit the crontab (crontab -e) and simply delete the line containing the job you want to remove. Then save and exit.
7. Manage Other User’s Cron Jobs:
   If you have superuser privileges, you can view or edit the crontab of another user with:

   crontab -u username -l   # To view
   crontab -u username -e   # To edit

8. Cron Job Output:
   By default, the output of the cron job will be mailed to the user the job runs as. If you want to redirect the output to a file or discard it, you can use standard redirection:

   30 3 * * * /path/to/script.sh > /path/to/logfile.log 2>&1

9. Ensure the Cron Daemon is Running:
   The cron jobs rely on the cron daemon to be running. You can check its status (on systems using systemd) with:

   systemctl status cron

10. Set Environment Variables:
    If your script relies on specific environment variables, you can set them at the top of the crontab file. For example:

   PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
   30 3 * * * /path/to/script.sh

Make sure that the script or command you schedule with cron has the right permissions to run. Also, use absolute paths for any paths inside the script, since cron jobs have a limited environment.

Using Standard Redirection to output cron job

Let’s explore some examples of using redirection with cron jobs. This will help you understand how to handle the output and errors generated by cron tasks.

1. Redirecting Standard Output to a File:
   If you have a cron job that generates output and you want to save that output to a file:

   0 0 * * * /path/to/script.sh > /path/to/output.log

This will run script.sh every day at midnight and save its output to output.log.

2. Redirecting Errors to a Separate File:
   If you want to save error messages to a separate file:

   0 0 * * * /path/to/script.sh > /path/to/output.log 2> /path/to/error.log

This will save standard output to output.log and errors to error.log.

3. Appending Output and Errors to Existing Files:
   If you don’t want to overwrite the log files but instead want to append to them:

   0 0 * * * /path/to/script.sh >> /path/to/output.log 2>> /path/to/error.log

4. Combining Output and Errors in a Single File:
   If you want both the standard output and errors in the same file:

   0 0 * * * /path/to/script.sh > /path/to/output_and_error.log 2>&1

5. Discarding Output and Errors:
   If you’re not interested in the output or errors of a cron job:

   0 0 * * * /path/to/script.sh > /dev/null 2>&1

6. Sending Output and Errors via Email:
   By default, cron will email the user with the output and errors of a job. If you want to explicitly set an email address to receive these messages, you can use the MAILTO variable:

   MAILTO="your_email@example.com"
   0 0 * * * /path/to/script.sh

7. Using Pipes with Cron Jobs:
   Let’s say you want to filter the output of a script and save only lines containing the word “ERROR” to a log file:

   0 0 * * * /path/to/script.sh | grep ERROR > /path/to/error.log

8. Running Multiple Commands:
   If you want to run multiple commands in a single cron job and redirect their output:

   0 0 * * * /path/to/first_script.sh && /path/to/second_script.sh > /path/to/output.log

NOTE: when working with cron jobs, always use absolute paths for commands, scripts, and files to avoid any ambiguity. Also, test your scripts manually before scheduling them with cron to ensure they work as expected.

How to Check CronJob Logs

Execute the below command to get all the execution logs from CronJobs.

sudo grep CRON /var/log/syslog

The post How to Setup CronJob On A Linux Server appeared first on TEKSpace Blog.

Step 1: Using stat and chmod: First, get the permissions of the source file using stat:

stat -c "%a" source_file

This will return the permissions of source_file in octal format.

Then, apply these permissions to the target file using chmod:

chmod $(stat -c "%a" source_file) target_file

Using a one-liner: You can combine the above commands into a single one-liner:

chmod --reference=source_file target_file

The --reference option allows chmod to take the permissions from the file specified (in this case, source_file) and apply them to target_file.

Remember to replace source_file with the name of the file from which you want to copy the permissions, and target_file with the name of the file to which you want to apply the permissions.

The post How To Copy Permissions From One File to Another On Linux appeared first on TEKSpace Blog.

On Linux, swap is a space on a hard drive or SSD that functions as an extension of a system’s physical memory (RAM). In case the RAM memory is fully occupied, the Linux operating system has the ability to transfer less frequently used data to the swap space. This smart approach ensures that the most essential and frequently accessed data remains within the RAM, optimizing system performance. This process helps in preventing system crashes due to memory exhaustion, but accessing data from swap is slower than accessing it from RAM. Therefore, while swap can provide a safety net for systems with limited RAM, relying on it excessively can degrade system performance.

In this tutorial, I am using Ubuntu 22.04. What I will do is turn off existing swap and apply new swap with extra space.

Show existing swap size:

sudo swapon --show

Output:

rahil@localhost:$ sudo swapon --show
[sudo] password for rahil:
NAME     TYPE      SIZE USED PRIO
/dev/sdb partition 512M   0B   -2

As you can see in the above output, the size of swap is 512M. This should be fine if your server is lightly used or has higher memory available. In my VPS server, I only have 2 GB of RAM and I would like to add more swap space so that I can use swap as my server load increases. I plan to run multiple WordPress websites and this will be beneficial to have extra swap space.

Next, we will implement a new swap with 2 GB of space.

Step 1: Remove the existing swap from the server:

sudo rm /swapfile

Step 2: Create a new Swap file with a new size per your desire:

sudo fallocate -l 2G /swapfile

If the `fallocate` command is not available on your Linux system, you can try the dd command:

sudo dd if=/dev/zero of=/swapfile bs=1M count=2048

Step 3: Set permissions:

sudo chmod 600 /swapfile

Step 4: Format the new Swap file you created:

sudo mkswap /swapfile

Output:

rahil@localhost:$ sudo mkswap /swapfile
Setting up swapspace version 1, size = 2 GiB (2147479552 bytes)
no label, UUID=79ca27fb-28bf-4aa5-a887-dd310ee73703

Step 5: Enable new Swap:

sudo swapon /swapfile

Step 6: Confirm swap creation by executing the below command:

ls -hl /swapfile

Output:

rahil@localhost:$ ls -hl /swapfile
-rw------- 1 root root 2.0G Sep 22 18:52 /swapfile

Step 7: Add entry in fstab file to keep the swap when the system reboots:

Note: If you see old swap in fstab, please go ahead and delete or comment it out so that old swap settings are disabled.

sudo vi /etc/fstab

In the last line add below:

/swapfile       swap            swap    defaults          0     0

Your file should look like this or similar:

# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
/dev/sda        /               ext4    errors=remount-ro 0     1
#/dev/sdb        none           swap    sw                0     0
/swapfile       swap            swap    defaults          0     0
~                                                                     

Step 8: Now the last step is to reboot the server to apply and active swap on restart:

sudo reboot

This is it! You are done.

The post How To Increase Swap size on Ubuntu Linux appeared first on TEKSpace Blog.

Prerequisites

• This tutorial uses sudo user to execute commands. Follow this link.
• You must own a domain name and should have it pointing to the VPS server where you will be setting up WordPress.
• A sudo user must be configured. Follow this guide for more details.

Update Ubuntu 22.04

sudo apt-get update

sudo apt-get upgrade

lsb_release -a

Install Nginx on Ubuntu

sudo apt-get install nginx

Output of Nginx installation

rahil@Shared-WP-01:~$ sudo apt-get install nginx
[sudo] password for rahil:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  fontconfig-config fonts-dejavu-core libdeflate0 libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8
  libnginx-mod-http-geoip2 libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail
  libnginx-mod-stream libnginx-mod-stream-geoip2 libtiff5 libwebp7 libxpm4 nginx-common nginx-core
Suggested packages:
  libgd-tools fcgiwrap nginx-doc ssl-cert
The following NEW packages will be installed:
  fontconfig-config fonts-dejavu-core libdeflate0 libfontconfig1 libgd3 libjbig0 libjpeg-turbo8 libjpeg8
  libnginx-mod-http-geoip2 libnginx-mod-http-image-filter libnginx-mod-http-xslt-filter libnginx-mod-mail
  libnginx-mod-stream libnginx-mod-stream-geoip2 libtiff5 libwebp7 libxpm4 nginx nginx-common nginx-core
0 upgraded, 20 newly installed, 0 to remove and 5 not upgraded.
Need to get 2691 kB of archives.
After this operation, 8339 kB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://mirrors.digitalocean.com/ubuntu jammy/main amd64 fonts-dejavu-core all 2.37-2build1 [1041 kB]
...
Get:20 http://mirrors.digitalocean.com/ubuntu jammy-updates/main amd64 nginx amd64 1.18.0-6ubuntu14.4 [3872 B]
Fetched 2691 kB in 7s (412 kB/s)
Preconfiguring packages ...
Selecting previously unselected package fonts-dejavu-core.
(Reading database ... 64277 files and directories currently installed.)
...
Setting up nginx-core (1.18.0-6ubuntu14.4) ...
 * Upgrading binary nginx                                                                                        [ OK ]
Setting up nginx (1.18.0-6ubuntu14.4) ...
Processing triggers for ufw (0.36.1-4ubuntu0.1) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.3) ...
Scanning processes...
Scanning candidates...
Scanning linux images...

Running kernel seems to be up-to-date.

Restarting services...
Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart getty@tty1.service
 systemctl restart networkd-dispatcher.service
 systemctl restart systemd-logind.service
 systemctl restart unattended-upgrades.service
 systemctl restart user@0.service

Check Nginx service status

sudo systemctl status nginx

rahil@Shared-WP-01:~$ sudo systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-09-21 16:35:43 UTC; 53s ago
       Docs: man:nginx(8)
    Process: 19571 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
    Process: 19572 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
   Main PID: 19665 (nginx)
      Tasks: 2 (limit: 1116)
     Memory: 4.0M
        CPU: 37ms
     CGroup: /system.slice/nginx.service
             ├─19665 "nginx: master process /usr/sbin/nginx -g daemon on; master_process on;"
             └─19668 "nginx: worker process" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "" "">

Sep 21 16:35:43 Shared-WP-01 systemd[1]: Starting A high performance web server and a reverse proxy server...
Sep 21 16:35:43 Shared-WP-01 systemd[1]: Started A high performance web server and a reverse proxy server.

Install MariaDB on Ubuntu

MariaDB is an alternative to MySQL database.

Install MariaDB:

sudo apt-get install mariadb-server

Enable MariaDB Service:

sudo systemctl enable mariadb.service

Run mysql_secure_installation to start MySQL configuration:

sudo mysql_secure_installation

Next, you will be asked to enter a password for root. Since it’s a new installation. The password will be empty, and you can hit enter to proceed with the next steps:

rahil@Shared-WP-01:~$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):

If you get a prompt to switch to unix_socket authentication. Say No, we will enter a password on next step to secure root login.

OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody
can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n]

Switch to unix_socket authentication [Y/n] n
 ... skipping.

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]

In the above output, press Y to change root password and add set new password to secure root login to MySQL.

New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]

Next, you will be prompted to remove anonymous users. Press Y.

 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]

Disallowing root login remotely is highly recommended. To proceed, kindly press the Y key.

 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]

Please press Y to delete the test database.

 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] Y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]

To reload the privilege tables, please press Y.

 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Now, test MySQL root login:

mysql -u root -p

If you see the below prompt, that means you have successfully setup MariaDB.

rahil@Shared-WP-01:~$ mysql -u root -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 39
Server version: 10.6.12-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

Install PHP

For this tutorial, we will use PHP 8.1. Execute the below command to install PHP, PHP-FPM, and other packages.

sudo apt install php8.1 php8.1-fpm php8.1-mysql php8.1-mbstring php8.1-xml php8.1-gd php8.1-curl php8.1-imagick php8.1-zip php8.1-intl -y

You can find a list of recommended packages from WordPress official developer guide.

Create WordPress Database

Next, we will create a database for WordPress site.

Execute the below command to login as root to a MariaDB server.

mysql -u root -p

Let’s create a new database called wordpress_tekspace. You can replace tekspace to your domain or sitename.

CREATE DATABASE wordpress_tekspace;

Next, we will create a database user along with the password and grant permission for access.

GRANT ALL ON wordpress_tekspace.* TO 'wptekspaceuser'@'localhost' IDENTIFIED BY 'Password!123' WITH GRANT OPTION;

Make sure to change the password with a strong password to your needs.

FLUSH PRIVILEGES;

Configure Nginx

Now, we will setup Nginx for WordPress.

First, we will create public_html folder under /var/www/html/tekspace. Feel free to use your own folder path as you desire.

sudo mkdir -p /var/www/html/tekspace/public_html

Now, let’s navigate to the folder path where Nginx stores server blocks configuration.

cd /etc/nginx/sites-available/

Inside sites-available folder we will create a new file called tekspace.conf. Feel free to name it according to your preference.

sudo vi tekspace.conf

Next, paste the following content into tekspace.conf file.

server {
            listen 80;
            root /var/www/html/tekspace/public_html;
            index index.php index.html;
            server_name demo.tekspace.io;

	    access_log /var/log/nginx/tekspace.access.log;
    	    error_log /var/log/nginx/tekspace.error.log;

            location / {
                         try_files $uri $uri/ /index.php?$args;
            }

            location ~ \.php$ {
                         include snippets/fastcgi-php.conf;
                         fastcgi_pass unix:/run/php/php8.1-fpm.sock;
            }
            
            location ~ /\.ht {
                         deny all;
            }

            location = /favicon.ico {
                         log_not_found off;
                         access_log off;
            }

            location = /robots.txt {
                         allow all;
                         log_not_found off;
                         access_log off;
           }
       
            location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
                         expires max;
                         log_not_found off;
           }
}

Once you have saved the file, let’s go ahead and test Nginx configuration by running a command.

sudo nginx -t

Output:

rahil@Shared-WP-01:/etc/nginx/sites-available$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

The next step is to create a symbolic link to activate configuration in Nginx. Execute the below command while you are in sites-available folder path.

Navigate to sites-enabled folder.

cd /etc/nginx/sites-enabled/

sudo ln -s ../sites-available/tekspace.conf .

To verify, a new symbolic link has been created. Execute the below command:

Output:

rahil@Shared-WP-01:/etc/nginx/sites-enabled$ ls -l
total 0
lrwxrwxrwx 1 root root 34 Sep 21 16:35 default -> /etc/nginx/sites-available/default
lrwxrwxrwx 1 root root 32 Sep 21 21:02 tekspace.conf -> ../sites-available/tekspace.conf

Now, we need to reload Nginx to apply new changes:

sudo systemctl reload nginx

Download and set up WordPress

cd /var/www/html/tekspace/public_html
sudo wget https://wordpress.org/latest.tar.gz
sudo tar -zxvf latest.tar.gz
sudo mv wordpress/* .
sudo rm -rf wordpress
sudo rm -rf latest.tar.gz

What the above commands will do is, download a WordPress compressed file from a WordPress server. Then, it will extract all the files and folders. And move them to public_html folder path.

Next, we need to change the ownership from root to www-data:www-data to make sure proper permissions are set and not have root be owner of the files and folders.

cd /var/www/html/tekspace/public_html
sudo chown -R www-data:www-data *
sudo chmod -R 755 *
sudo chmod -R 664 *.php *.txt *.html

WordPress Database Configuration

In order for WordPress to run, we need to connect it to a MariaDB database server. Follow the below guide to set the database connection string.

The below command will rename wp-config-sample.php to wp-config.php. This is the file WordPress references during initial startup.

sudo mv wp-config-sample.php wp-config.php

Open wp-config.php file in your favorite editor.

sudo vi wp-config.php

Replace the red-highlighted values in this file with the values that were set earlier in the tutorial when we set up the database for WordPress.

Here is how the file key value should look:

define( 'DB_NAME', 'wordpress_tekspace' );

/** Database username */
define( 'DB_USER', 'wptekspaceuser' );
 
/** Database password */
define( 'DB_PASSWORD', 'Password!123' );

Save the file.

Now, within the same file, scroll down where you will see below content:

define( 'AUTH_KEY',         'put your unique phrase here' );
define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );
define( 'LOGGED_IN_KEY',    'put your unique phrase here' );
define( 'NONCE_KEY',        'put your unique phrase here' );
define( 'AUTH_SALT',        'put your unique phrase here' );
define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );
define( 'LOGGED_IN_SALT',   'put your unique phrase here' );
define( 'NONCE_SALT',       'put your unique phrase here' );

We will replace this by opening this link in the browser, which will generate random strings for each key above. See the example below.

We will copy this content from the browser and replace all the values where it says put your unique phrase here. See the final file setting below:

Save and close the file. Open the domain URI that was set in the Nginx sites-available folder to run WordPress and finish the installation.

WordPress UI Installation Wizard

Browse the WordPress with dns alias you configured in Nginx. In my case, I will be using demo.tekspace.io. You should see the installation wizard as shown below:

Click on the Continue button, where you will see a welcome page to set up site title, username, password, and email address. Enter the details and click on Install WordPress.

Next, you will be prompted to login. Enter the Username and Password you set during the installation process.

Once you log in, you will be redirected to the WordPress Dashboard:

The next step is to set up SSL by getting a certificate from Lets Encrypt. Follow the below guide to set up an SSL certificate.

WordPress with Lets Encrypt SSL Certificate

I have created an SSL guide for Nginx here. We will go through each step here.

Step 1: Install Certbot Software:

sudo apt install python3-certbot-nginx certbot 

Step 2: Retrieve new SSL certificate from Let’s Encrypt:

sudo certbot --nginx -d demo.tekspace.io

Once you execute the above command, you will go through the Let’s Encrypt setup process. See the output for example:

rahil@Shared-WP-01:/var/log/nginx$ sudo certbot --nginx -d demo.tekspace.io
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): demo@demo.tekspace.io

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must
agree in order to register with the ACME server. Do you agree?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing, once your first certificate is successfully issued, to
share your email address with the Electronic Frontier Foundation, a founding
partner of the Let's Encrypt project and the non-profit organization that
develops Certbot? We'd like to send you email about our work encrypting the web,
EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Account registered.
Requesting a certificate for demo.tekspace.io

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/demo.tekspace.io/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/demo.tekspace.io/privkey.pem
This certificate expires on 2023-12-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for demo.tekspace.io to /etc/nginx/sites-enabled/tekspace.conf
Congratulations! You have successfully enabled HTTPS on https://demo.tekspace.io

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The main part that we need to see from the above output is this:

Deploying certificate
Successfully deployed certificate for demo.tekspace.io to /etc/nginx/sites-enabled/tekspace.conf
Congratulations! You have successfully enabled HTTPS on https://demo.tekspace.io

Now, when you browse the website, you should see a valid certificate.

Setup Lets Encrypt Certificate in Non-Interactive Mode

This step is optional, but if you want to set up Lets Encrypt certificate in non-interactive mode. Make sure to replace values accordingly to ensure the certificate is created successfully.

sudo certbot --nginx -d domain.com -d www.domain.com -m example@outlook.com --agree-tos --non-interactive

Troubleshooting guide

WordPress Nginx 404 Not Found Error

If you see a 404 page when you browse the page. Follow the below guide:

Open sudo vi /etc/nginx/sites-available/tekspace.conf and find below content:

sudo vi /etc/nginx/sites-available/tekspace.conf

Replace below:

location / {
   try_files $uri $uri/ =404;
}

With:

location / {
   try_files $uri $uri/ /index.php?$args;
}

Next, reload Nginx service to apply new changes:

sudo systemctl reload nginx

This should definitely fix a 404 page not found error.

How to Fix the 413 Request Entity Too Large on WordPress

If you see a 413 error when uploading WordPress backup in WPVivid. Enter the below values in nginx.conf file under http block.

sudo vi /etc/nginx/nginx.conf

http {
server_tokens off;
send_timeout 300s;
client_header_timeout 300s;
client_body_timeout 300s;
client_max_body_size 100m;

server_names_hash_max_size 65536;
server_names_hash_bucket_size 1024;

Advance level Configuration

If you want to segregate your WordPress site into its own PHP-FPM pool to better manage PHP-related configuration at site level. Follow this guide.

The post How To Setup WordPress with Nginx On Ubuntu appeared first on TEKSpace Blog.

The unzip command is a versatile tool that simplifies the process of extracting files from ZIP archives. It comes pre-installed in most Ubuntu distributions, making it readily available for various compression-related tasks.

The basic syntax of the unzip command is straightforward:

unzip [options] zipfile.zip

Here, zipfile.zip is the name of the ZIP archive you want to extract.

• -l or --list: List the contents of the ZIP file without extracting.
• -d <directory>: Specify the directory where extracted files will be placed.
• -q or --quiet: Quiet mode, suppresses output.
• -o or --overwrite: Overwrite existing files without prompting.

• Extracting a ZIP File: unzip archive.zip This command extracts all files from archive.zip into the current directory.
• Extracting to a Specific Directory: unzip archive.zip -d target_directory Using the -d option, you can extract files to a designated directory, such as target_directory.
• Listing Contents of a ZIP File:
  unzip -l archive.zip
  This command provides a detailed list of files contained within the archive.zip without actually extracting them.

If a ZIP archive is password-protected, you’ll be prompted to enter the password when using the unzip command. For example:

unzip secured.zip

unzip archive.zip file1.txt file2.txt

This command extracts only file1.txt and file2.txt from archive.zip.

unzip data.zip '*.csv'

Using wildcards, you can extract all CSV files from data.zip.

unzip -v archive.zip

The -v option provides a more verbose output, displaying the progress and details of extraction.

unzip -K archive.zip

The -K option preserves the permissions of extracted files, ensuring they retain their original attributes.

unzip -o updated_files.zip

The -o option overwrites existing files without prompting, which is useful when updating files.

unzip '*.zip'

This command extracts files from all ZIP archives in the current directory.

These additional examples showcase the versatility of the unzip command and how it can be tailored to suit various extraction scenarios. By combining different options and using wildcards, you can efficiently manage and manipulate compressed files in your Linux environment.

Conclusion:
The unzip command in Ubuntu Linux is a versatile tool that simplifies the extraction of files from ZIP archives. By mastering its usage and understanding the provided options, you can efficiently manage compressed files and streamline your workflow.

Whether you’re dealing with software distributions, compressed archives, or sharing files, the unzip command provides a straightforward solution to access the content within ZIP files. You can customize the extraction process to meet your specific needs with the various options available. This makes it an important tool in your Linux toolkit.

So, next time you encounter a ZIP archive, remember the power of the unzip command to effortlessly unzip and access its contents.

The post Unzipping Files in Ubuntu Linux: A Comprehensive Guide appeared first on TEKSpace Blog.

Prerequisites

Before we get started, we need to make sure Nginx web server is set up. Use the below link to set up Nginx server on Ubuntu.

• How to install Nginx on Ubuntu Linux.
• Ensuring that the domain name is correctly directed to the appropriate server.

NOTE: DNS setup is beyond the scope of the article. Please ensure domain name is pointing to correct server before proceeding with the below guide.

sudo apt-get update && \
  sudo apt-get install -y dotnet-sdk-7.0

Output:

rahil@ubuntu:~$ sudo apt-get update && \
  sudo apt-get install -y dotnet-sdk-7.0
[sudo] password for rahil:
Hit:1 http://mirrors.digitalocean.com/ubuntu jammy InRelease
Get:2 http://mirrors.digitalocean.com/ubuntu jammy-updates InRelease [119 kB]
Hit:3 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Get:4 http://mirrors.digitalocean.com/ubuntu jammy-backports InRelease [109 kB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security InRelease [110 kB]
Get:6 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [722 kB]
Get:7 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [160 kB]
Get:8 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [767 kB]
Get:9 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [123 kB]
Fetched 2109 kB in 6s (379 kB/s)
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following additional packages will be installed:
  aspnetcore-runtime-7.0 aspnetcore-targeting-pack-7.0 dotnet-apphost-pack-7.0 dotnet-host-7.0 dotnet-hostfxr-7.0
  dotnet-runtime-7.0 dotnet-targeting-pack-7.0 dotnet-templates-7.0 liblttng-ust-common1 liblttng-ust-ctl5 liblttng-ust1
  netstandard-targeting-pack-2.1-7.0
The following NEW packages will be installed:
  aspnetcore-runtime-7.0 aspnetcore-targeting-pack-7.0 dotnet-apphost-pack-7.0 dotnet-host-7.0 dotnet-hostfxr-7.0
  dotnet-runtime-7.0 dotnet-sdk-7.0 dotnet-targeting-pack-7.0 dotnet-templates-7.0 liblttng-ust-common1 liblttng-ust-ctl5
  liblttng-ust1 netstandard-targeting-pack-2.1-7.0
0 upgraded, 13 newly installed, 0 to remove and 61 not upgraded.
Need to get 136 MB of archives.
...

sudo apt-get update && \
  sudo apt-get install -y aspnetcore-runtime-7.0

Output:

rahil@ubuntu:~$ sudo apt-get update && \
  sudo apt-get install -y aspnetcore-runtime-7.0
Hit:1 http://mirrors.digitalocean.com/ubuntu jammy InRelease
Hit:2 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease
Hit:3 http://mirrors.digitalocean.com/ubuntu jammy-updates InRelease
Hit:4 http://mirrors.digitalocean.com/ubuntu jammy-backports InRelease
Hit:5 http://security.ubuntu.com/ubuntu jammy-security InRelease
Reading package lists... Done
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
aspnetcore-runtime-7.0 is already the newest version (7.0.110-0ubuntu1~22.04.1).
aspnetcore-runtime-7.0 set to manually installed.
0 upgraded, 0 newly installed, 0 to remove and 61 not upgraded.

As an alternative to the ASP.NET Core Runtime, you also can install the .NET Runtime. The package doesn’t include ASP.NET Core support. You can replace aspnetcore-runtime-7.0 in the previous command with dotnet-runtime-7.0.

sudo apt-get install -y dotnet-runtime-7.0

In my case, I will stick with option one as I am using ASP.NET Core in my WebApp.

In this tutorial, I am using a sample app I created here. You can setup CICD pipeline to build and deploy the package directly on Ubuntu web server if you prefer. For the purpose of this tutorial, I will follow manual download, unzip, and staging of package to hosting path.

wget https://github.com/tekspace-io/DotNetWebApp/archive/refs/heads/master.zip

Output:

rahil@ubuntu:~$ wget https://github.com/tekspace-io/DotNetWebApp/archive/refs/heads/master.zip
--2023-08-31 16:24:22--  https://github.com/tekspace-io/DotNetWebApp/archive/refs/heads/master.zip
Resolving github.com (github.com)... 192.30.255.112
Connecting to github.com (github.com)|192.30.255.112|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://codeload.github.com/tekspace-io/DotNetWebApp/zip/refs/heads/master [following]
--2023-08-31 16:24:22--  https://codeload.github.com/tekspace-io/DotNetWebApp/zip/refs/heads/master
Resolving codeload.github.com (codeload.github.com)... 192.30.255.121
Connecting to codeload.github.com (codeload.github.com)|192.30.255.121|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [application/zip]
Saving to: ‘master.zip’

Extract zip file that was downloaded on your Ubuntu server.

Install unzip, if the command doesn’t exist.

sudo apt-get install unzip

We will execute unzip command to extract master.zip file that we downloaded from GitHub repository.

unzip master.zip -d webapp

Output:

rahil@ubuntu:~$ unzip master.zip -d webapp
Archive:  master.zip
bd1ef2df340c39be5bebd55dd2f5938dd3679677
   creating: webapp/DotNetWebApp-master/
  inflating: webapp/DotNetWebApp-master/.gitattributes
  inflating: webapp/DotNetWebApp-master/.gitignore
  inflating: webapp/DotNetWebApp-master/DotNetWebApp.sln
   creating: webapp/DotNetWebApp-master/DotNetWebApp/
  inflating: webapp/DotNetWebApp-master/DotNetWebApp/DotNetWebApp.csproj
   creating: webapp/DotNetWebApp-master/DotNetWebApp/Pages/
  inflating: webapp/DotNetWebApp-master/DotNetWebApp/Pages/Error.cshtml
  inflating: webapp/DotNetWebApp-master/DotNetWebApp/Pages/Error.cshtml.cs
  inflating: webapp/DotNetWebApp-master/DotNetWebApp/Pages/Index.cshtml
  inflating: webapp/DotNetWebApp-master/DotNetWebApp/Pages/Index.cshtml.cs
  inflating: webapp/DotNetWebApp-master/DotNetWebApp/Pages/Privacy.cshtml
  inflating: webapp/DotNetWebApp-master/DotNetWebApp/Pages/Privacy.cshtml.cs
   creating: webapp/DotNetWebApp-master/DotNetWebApp/Pages/Shared/
...

Now navigate to the solution path ~/webapp/DotNetWebApp-master

cd ~/webapp/DotNetWebApp-master

Run dotnet publish to compile the code and publish.

dotnet publish --configuration Release

Output:

rahil@ubuntu:~/webapp/DotNetWebApp-master$ dotnet publish --configuration Release
MSBuild version 17.4.8+6918b863a for .NET
  Determining projects to restore...
  Restored /home/rahil/webapp/DotNetWebApp-master/DotNetWebApp/DotNetWebApp.csproj (in 102 ms).
  DotNetWebApp -> /home/rahil/webapp/DotNetWebApp-master/DotNetWebApp/bin/Release/net7.0/DotNetWebApp.dll
  DotNetWebApp -> /home/rahil/webapp/DotNetWebApp-master/DotNetWebApp/bin/Release/net7.0/publish/

Upon publish, you will notice the runtime code was created under ~/webapp/DotNetWebApp-master/DotNetWebApp/bin/Release/net7.0. We will copy the files from the published location to /var/www/demo_tekspace_io/.

NOTE: I am using /var/www/demo_tekspace_io/ path based on Nginx & let’s encrypt tutorial. If you would like to update demo_tekspace_io to your preferred folder name, you can do so as per your requirements.

Copy net.7.0 folder from ~/webapp/DotNetWebApp-master/DotNetWebApp/bin/Release to /var/www/demo_tekspace_io/.

sudo cp -r ~/webapp/DotNetWebApp-master/DotNetWebApp/bin/Release/net7.0/ /var/www/demo_tekspace_io/

To confirm if net7.0 was copied to the hosting path, execute ls -l /var/www/demo_tekspace_io/:

rahil@ubuntu:~$ ls -l /var/www/demo_tekspace_io/
total 8
drwxr-xr-x 2 rahil rahil 4096 Aug 30 21:20 html
drwxr-xr-x 3 root  root  4096 Aug 31 18:13 net7.0

Run the below command to change ownership of net7.0 from root to logged in sudo user.

sudo chown -R $USER:$USER /var/www/demo_tekspace_io/net7.0

You only need to do this if the folder is owned by root user.

If you have followed along our previous tutorial to set up Nginx server and Let’s Encrypt guide. Below is the server block setup by Nginx and CertBot. We will modify this file and add dotnet-related configuration to host the WebApp we are referencing for this tutorial.

rahil@ubuntu:~$ cat /etc/nginx/sites-available/demo_tekspace_io
server {

        root /var/www/demo_tekspace_io/html;
        index index.html index.htm index.nginx-debian.html;

        server_name demo.tekspace.io www.demo.tekspace.io;

        location / {
                try_files $uri $uri/ =404;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/demo.tekspace.io/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/demo.tekspace.io/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = demo.tekspace.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name demo.tekspace.io www.demo.tekspace.io;
    return 404; # managed by Certbot


}

Next, we will add a reverse proxy configuration to tell Nginx web server to serve all the traffic that is served on port 80 or 443 to localhost with port 5000.

Edit file with nano editor:

sudo nano /etc/nginx/sites-available/demo_tekspace_io

Add the following content inside location / {

proxy_pass         http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header   Upgrade $http_upgrade;
proxy_set_header   Connection keep-alive;
proxy_set_header   Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Proto $scheme;

Next, replace root /var/www/demo_tekspace_io/html; with root /var/www/demo_tekspace_io/net7.0;

Save the file. Your server block content should look like this:

server {

        root /var/www/demo_tekspace_io/net7.0/publish/wwwroot;
        index index.html index.htm index.nginx-debian.html;

        server_name demo.tekspace.io www.demo.tekspace.io;

        location / {
                try_files $uri $uri/ =404;
                proxy_pass         http://127.0.0.1:5000;
                proxy_http_version 1.1;
                proxy_set_header   Upgrade $http_upgrade;
                proxy_set_header   Connection keep-alive;
                proxy_set_header   Host $host;
                proxy_cache_bypass $http_upgrade;
                proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header   X-Forwarded-Proto $scheme;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/demo.tekspace.io/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/demo.tekspace.io/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = demo.tekspace.io) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


        listen 80;
        listen [::]:80;

        server_name demo.tekspace.io www.demo.tekspace.io;
    return 404; # managed by Certbot


}

Now, we will test Nginx configuration by executing the below command:

sudo nginx -t

If you see below output, that means your configurations are set correctly.

rahil@ubuntu:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

First, we will create a service definition file:

sudo nano /etc/systemd/system/kestrel-webapp.service

Enter below configuration and make changes to hosting path as needed:

[Unit]
Description=Example .NET Web API App running on Linux

[Service]
WorkingDirectory=/var/www/demo_tekspace_io/net7.0/publish
ExecStart=/usr/bin/dotnet /var/www/demo_tekspace_io/net7.0/publish/DotNetWebApp.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-example
User=rahil
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false

[Install]
WantedBy=multi-user.target

Save the file and enable the service:

sudo systemctl enable kestrel-webapp.service

Output:

rahil@ubuntu:~$ sudo systemctl enable kestrel-webapp.service
Created symlink /etc/systemd/system/multi-user.target.wants/kestrel-webapp.service → /etc/systemd/system/kestrel-webapp.service.

Next, we will start the service:

sudo systemctl start kestrel-webapp.service

Next, we will check the status of the service to make sure it has started successfully.

sudo systemctl status kestrel-webapp.service

Output:

rahil@ubuntu:~$ sudo systemctl status kestrel-webapp.service
● kestrel-webapp.service - Example .NET Web API App running on Linux
     Loaded: loaded (/etc/systemd/system/kestrel-webapp.service; enabled; vendor preset: enabled)
     Active: active (running) since Thu 2023-08-31 19:57:03 UTC; 15s ago
   Main PID: 30099 (dotnet)
      Tasks: 16 (limit: 512)
     Memory: 22.3M
        CPU: 383ms
     CGroup: /system.slice/kestrel-webapp.service
             └─30099 /usr/bin/dotnet /var/www/demo_tekspace_io/net7.0/publish/DotNetWebApp.dll

Aug 31 19:57:03 ubuntu systemd[1]: Started Example .NET Web API App running on Linux.
Aug 31 19:57:03 ubuntu dotnet-example[30099]: info: Microsoft.Hosting.Lifetime[14]
Aug 31 19:57:03 ubuntu dotnet-example[30099]:       Now listening on: http://localhost:5000
Aug 31 19:57:03 ubuntu dotnet-example[30099]: info: Microsoft.Hosting.Lifetime[0]
Aug 31 19:57:03 ubuntu dotnet-example[30099]:       Application started. Press Ctrl+C to shut down.
Aug 31 19:57:03 ubuntu dotnet-example[30099]: info: Microsoft.Hosting.Lifetime[0]
Aug 31 19:57:03 ubuntu dotnet-example[30099]:       Hosting environment: Production
Aug 31 19:57:03 ubuntu dotnet-example[30099]: info: Microsoft.Hosting.Lifetime[0]
Aug 31 19:57:03 ubuntu dotnet-example[30099]:       Content root path: /var/www/demo_tekspace_io/net7.0/publish

If you see the service status as active (running), that means all your setup is configured successfully.

Before we end the tutorial, we need to make sure the Nginx has been reloaded to apply new changes we make to Nginx server block.

sudo systemctl reload nginx

Once the Nginx service has been reloaded, browse the app via the URL you set up in the server block. In my case, I will browse demo.tekspace.io.

You will see the HTML page load on your browser. If you see all the css and js file load correctly, that means the app is configured successfully to run on Nginx web server.

The post How To Setup DotNet WebApp with Nginx and Lets Encrypt on Ubuntu appeared first on TEKSpace Blog.