Archive

Archive for the ‘Cloud Linux’ Category

How to install and configure Flask on a Linux shared hosting account

August 13th, 2022 No comments

Flask is a Python-based framework that enables you to quickly and easily create web applications. This article demonstrates how to install Flask and configure it on a Linux shared hosting account that uses cPanel.

After completing the following procedures, you will have a functioning Flask application on your account that displays a simple web page.

Step 1: Create a Python application in cPanel
The first step is to create a Python application within cPanel that will host the Flask project. To do this, follow these steps:

Log in to cPanel.
If you do not know how to log in to your cPanel account, please see this article.
In the SOFTWARE section of the cPanel home screen, click Setup Python App:
cPanel – Software – Setup Python App icon

Click CREATE APPLICATION:

  1. cPanel – Python Selector – Create Application button
  2. The application form appears:
  3. cPanel – Python – Create application form
  4. In the Python version list box, select the Python version you want to use. In this example, we use Python 3.7.3.
  5. In the Application root text box, type flaskapp.
  6. In the Application URL list box, select the domain, and then type flaskapp.
  7. Leave the Application startup file text box and Application Entry point text box blank.
  8. In the Passenger log file text box, you can optionally specify a log file for the application.
  9. In the top right corner of the page, click CREATE:
    cPanel creates the application and sets up the Python environment.
  10. At the top of the page, next to Enter to the virtual environment. To enter to the virtual environment, run the command, and copy the command. You will need this information in the following procedure.

Step 2: Configure the Flask project
After you create the Python application in cPanel, you are ready to do the following tasks at the command line:

Install Flask.
Configure Passenger to work with the Flask application.
To do this, follow these steps:

  1. Log in to your account using SSH.
  2. Activate the virtual environment, using the command you noted in step 10 above. For example:
    Copysource /home/username/virtualenv/flaskapp/3.7/bin/activate && cd /home/username/flaskapp
  3. To install Flask, type the following command:

Copypip install flask
To verify the version of Flask that is installed, type the following command:

Copyflask –version

  1. Use a text editor to open the ~/flaskapp/passenger_wsgi.py file. Replace the file contents with the following changes:
import os

from flask import Flask, request, render_template, redirect, url_for

project_root = os.path.dirname(os.path.realpath('__file__'))
template_path = os.path.join(project_root, 'app/templates')
static_path = os.path.join(project_root, 'app/static')
app = Flask(__name__, template_folder=template_path, static_folder=static_path)

@app.route('/')

def index():
    return 'Hello from flask'

application = app
  1. In cPanel, restart the Python application:

Log in to cPanel.

In the SOFTWARE section of the cPanel home screen, click Setup Python App.
Under WEB APPLICATIONS, locate the flaskapp application, and then click the Restart icon.

  1. To test the Flask site, use your browser to go to http://www.example.com/flaskapp, where example.com represents your domain name. You should see the Hello from the flask page.

How to set max_open_files in MariaDB / MySQL in CentOS 7

July 25th, 2022 Comments off

Set the system wide open file limit:

vi /etc/security/limits.conf

Change/Add the following:

* soft nofile 1024000
* hard nofile 1024000
* soft nproc 10240
* hard nproc 10240

Now do this for /etc/sysctl

vi /etc/sysctl

Add the following

fs.file-max = 1024000

Set the changes

sysctl -w fs.file-max=1024000
sysctl -p
# check changes
cat /proc/sys/fs/file-max

Set the mysqld.service limit (as settings here will override *.cnf ones)

Set both /etc/systemd/system.conf and /etc/systemd/user.conf

vi /etc/systemd/system.conf
vi /etc/systemd/user.conf

Add the following under [Manager] for both:

DefaultLimitNOFILE=1024000

ALSO, you may need to look in /etc/systemd/system to see if anything is overriding stuff.

/etc/systemd/system
grep -Rl LimitNOFILE

Then change all instances of “LimitNOFILE” with:

systemctl edit [name of service].service

Or do this via “vi”

LimitNOFILE=infinity
LimitMEMLOCK=infinity

You may even need to use the following:

LimitAS=infinity
LimitRSS=infinity
LimitCORE=infinity
LimitNOFILE=infinity

START METHOD1

Find out which .conf files are being used:

systemctl status mysqld
# You'll get something like the following
Drop-In: /etc/systemd/system/mariadb.service.d
           ??override.conf

So now that we see Drop-In: /etc/systemd/system/mariadb.service.d, we’ll do the following:

cd /etc/systemd/system/mariadb.service.d
# If you're using regular mysql, then the above path will likely be different
vi /etc/systemd/system/mariadb.service.d/override.conf

Add the following:

[Service]
LimitNOFILE=infinity
LimitMEMLOCK=infinity

If that doesn’t work, then “infinity” variable was set to mean a specific number, like “65536”… If that’s the case, set the same number as you did in “/etc/my.cnf.d/server.cnf”
or set a really high number like “2048000”

[Service]
LimitNOFILE=2048000
LimitMEMLOCK=2048000

END METHOD 1

START METHOD 2

Find the location of all potential *.service files

cd /
find -iname maria*.service
# or
find -iname mysql*.service

Then edit each one, as in example below:

vi /usr/local/directadmin/custombuild/configure/systemd/mysqld57.service
vi /usr/local/directadmin/custombuild/configure/systemd/mysql.service
vi /usr/local/directadmin/custombuild/configure/systemd/mysqld.service
vi /etc/systemd/system/mysqld.service

vi /etc/systemd/system/mariadb.service
vi /usr/share/mysql/systemd/mariadb.service
vi /usr/local/directadmin/custombuild/configure/systemd/mariadb.servicevi 

Change/Add the following, under “[Service]”:

LimitNOFILE=infinity
LimitMEMLOCK=infinity

If that doesn’t work, then “infinity” variable was set to mean a specific number, like “65536”… If that’s the case, set the same number as you did in “/etc/my.cnf.d/server.cnf”
or set a really high number like “2048000”

LimitNOFILE=2048000
LimitMEMLOCK=2048000

END METHOD 2

Set the *.cnf settings:

vi /etc/my.cnf.d/server.cnf
# or where ever your .cnf may be

Change/Add the following:

open_files_limit               = 1024000

Now reload/restart what’s necessary:

systemctl daemon-reload
systemctl restart mysqld; systemctl status mysqld

How to easily encrypt/decrypt a file in Linux with gpg

June 29th, 2022 Comments off

No matter what you’re doing on your computer, you need to do so with an eye to security — that means using strong passwords, storing files in safe locations, and in some cases encrypting files. Fortunately, for nearly every usage, there are tools to enable you to encrypt your data…from transferring data online to storing data on a locally attached storage, even encrypting your entire drive.

Since gpg is built into almost every Linux system, you won’t have to install anything to get this working from the command line. I’ll also show how to gain this functionality within the Nautilus (GNOME Files) file manager tool.

From the command line

Let’s say you have a file, /home/user/test.txt, that you want to password protect. Using gpg, you would do the following.

  1. Open a terminal window.
  2. Change to the /home/user/ directory with the command cd /home/user/
  3. Encrypt the file with the command gpg -c test.txt.
  4. Enter a unique password for the file and hit Enter.
  5. Verify the newly typed password by typing it again and hitting Enter.

You should now see the file test.txt.gpg in the /home/user folder. To decrypt that file, do the following.

  1. Open a terminal window.
  2. Change to the /home/user directory with the command cd /home/user.
  3. Decrypt the file with the command gpg important.dox.gpg.
  4. When prompted, enter the decryption password you created when encrypting the file.

You could send that file to a recipient and, as long as they have gpg installed, they can decrypt the file with the password you used for encryption. If they are a Windows user, they can always install Gpg4win.

The GUI way

If you happen to be a GNOME 3 user (or any Linux desktop that makes use of either Nautilus or GNOME Files), you can add a contextual menu entry to the file manager for encryption. Here’s how (I’ll demonstrate it on Ubuntu GNOME 16.04).

  1. Open a terminal window.
  2. Issue the command sudo apt-get install seahorse-nautilus.
  3. Type your sudo password and hit Enter.
  4. If prompted, type y and hit Enter.
  5. Allow the installation to complete.

Open the file manager and navigate to the /home/user directory. Right-click the test.text file and then click the Encrypt… entry. You will be prompted to enter and then verify an encryption password. Once you’ve verified the password, the test.txt.gpg file will appear in

The decryption process is the same.

  1. Open the file manager.
  2. Navigate to the encrypted file.
  3. Right-click the encrypted file.
  4. Click Open with Decrypt File.
  5. When prompted, give the new file a name and click Enter.
  6. When prompted, enter the decryption password and click Enter.

The encrypted file will now be decrypted and ready to use.

How to fix 502 Bad Gateway | Cloudflare and Nginx [Engintron]

May 13th, 2022 Comments off

When you want to point cloudflare nameservers to your working website with engintron you will have a technical issue with linking cloudflare with engintron.

Our technical support / server administrators at subwayhost worked to fix the issue after the request of many client’s to add cloudflare to our services.

So we have gone directly and fixed it.

and we decided to create a tutorial for all people and companies to see how they can fix it.

Instructions:

  1. Login in WHM
  2. Select Engintron for cPanel/WHM
  3. Select Edit your custom rule
  4. Uncomment set $PROXY_DOMAIN_OR_IP
  5. Add you EXTERNAL IP address (or INTERNAL IP address if you behind firewall and you like use server only for internal network)
  6. It will look like.
 set $PROXY_DOMAIN_OR_IP "X.X.X.X"; # Use your cPanel's shared IP address here

Replace x.x.x.x with your server IP address.

Some useful commands for Account migrations in Cpanel server

April 26th, 2022 Comments off

Pre migration steps (DNS)

rsync -avHl /var/named/ /home/named.backup/
sed -i -e "s/14400/600/" /var/named/*.db
newserial=$(date +%Y%m%d%H)
sed -i -e "s/[0-9]\{10\}/$newserial/" /var/named/*.db
rndc reload

For customers with a large number of domains you can use the find command.

cd /var/named
find . -name "*.db" -exec sed -i -e "s/TTL\ 14400/TTL\ 600/" {} \;
newserial=$(date +%Y%m%d%H)
find . -name "*.db" -exec sed -i -e "s/[0-9]\{10\}/$newserial/" {} \;
rndc reload

Shared accounts

On our name servers it is best to create a text file with the list of domains.

for domain in `cat domains.txt `; do sed -i -e "s/TTL\ 20h/TTL\ 600/" /var/named/$domain.db; done
newserial=$(date +%Y%m%d%H)
for domain in `cat domains.txt `; do sed -i -e "s/[0-9]\{10\}/$newserial/" /var/named/$domain.db; done
for domain in `cat domains.txt `; do sudo /usr/sbin/rndc reload $domain; done

Set up ssh key

ssh-keygen -t rsa
cat /root/.ssh/id_rsa.pub | ssh root<newhost> 'read key ; mkdir -p ~/.ssh ; echo "$key" >> ~/.ssh/authorized_keys'

Package Accounts

for i in $(/bin/ls -A /var/cpanel/users/);do /scripts/pkgacct $i /home/temp; done

To skip home dirs:

for i in $(/bin/ls -A /var/cpanel/users/);do /scripts/pkgacct --skiphomedir $i; done

Add “–skipacctdb” to skip databases.

To split the packaging process run this:

for i in $(/bin/ls -A /var/cpanel/users/[a-j]*| cut -d "/" -f 5);do /scripts/pkgacct $i; done
for i in $(/bin/ls -A /var/cpanel/users/[k-z]*| cut -d "/" -f 5);do /scripts/pkgacct $i; done

Migrate only certain accounts:

while read domain; do ACCT=$(grep -l DNS=$domain /var/cpanel/users/*); /scripts/pkgacct `basename $ACCT`; done < domains_to_move.txt
while read domain; do ACCT=$(grep -l DNS=$domain /var/cpanel/users/*); echo $domain `basename $ACCT`; done < domains_to_move.txt

FTP files:

ncftpget -R -u user -p pass host_name . public_html/
wget -c -r -nH ftp://user:pass@host.net:/
lftp: set ftp:ssl-allow no
mirror . .

Restore Accounts

Note: It is generally advised to run easyapache before restoring the accounts.

cd /home
for x in $(/bin/ls -A *.tar.gz | cut -d "-" -f 2 | cut -d "." -f 1); do /scripts/restorepkg $x; done

Prep for final rsync

for service in crond atd exim httpd cpanel courier-imap courier-authlib dovecot named pure-ftpd proftpd; do /etc/init.d/$service stop; done

Put up maintenance page:

cd /usr/local/apache/htdocs/moving.page

index.html contents:

cat << EOF > index.html
<html>

<head>
<title>Maintenance</title>
</head>
<body style="margin:50px 0px; padding:0px; text-align:center; background: LightGray;">
<p>Notice:</p>
<div id="content" style="border: 1px solid; width: 500px; margin:0px auto; padding:15px; background: Pink;">
<P class='quote'>This site is currently under maintenance.  Please try again later.</div>
</body>
</html>
EOF

Start up new http server:

python -m SimpleHTTPServer 80

Rsync Account Data

echo "x.x.x.x    oldserver" > /etc/hosts
for acct in $(/bin/ls -A /var/cpanel/users); do rsync -avzHPpl -e "ssh -c arcfour" --delete root@oldserver:/home/$acct/ /home/$acct/; done

ssh oldserver "mysql -Bse 'show databases'" | egrep -v "information_schema|cphulkd|eximstats|leechprotect|tmp|logaholic|modsec|mysql" > dbs.txt
for db in `cat dbs.txt `; do mysql -e "create database $db" 2>/dev/null; done
for db in `cat dbs.txt `; do echo $db && ssh oldserver "mysqldump --opt --skip-lock-tables $db" | mysql $db; done

rsync from a plesk server:
mypass=`ssh oldserver cat /etc/psa/.psa.shadow`
ssh oldserver "mysql -u admin -p'$mypass' -Bse 'show databases'" | egrep -v "information_schema|cphulkd|eximstats|leechprotect|tmp|logaholic|modsec|mysql" > dbs.txt
for db in `cat dbs.txt `; do mysql -e "create database $db" 2>/dev/null; done
for db in `cat dbs.txt `; do echo $db && ssh oldserver "mysqldump --opt --skip-lock-tables -u admin -p'$mypass' $db" | mysql $db; done 

push method:
for acct in $(/bin/ls -A /var/cpanel/users); do rsync -avzHl -e ssh /home/$acct/ root@$newserver:/home/$acct/; done
for db in $(mysql -Bse 'show databases' | egrep -v "information_schema|cphulkd|eximstats|leechprotect|tmp|logaholic|modsec|mysql"); do mysqldump --add-drop-database --databases $db | ssh $newserver "mysql";  done

Update Zone Files

Copy the zone files from the new server to the old server.

cd /var/named
scp *.db oldserver:/var/named/
ssh oldserver
cd /var/named
newserial=$(date +%Y%m%d%H)
sed -i -e "s/[0-9]\{10\}/$newserial/" /var/named/*.db
/etc/init.d/named restart
%d bloggers like this: