Testing Email Using The Ubuntu CLI

For a Virtual Private Server (VPS) or any other web or other server you should have alerts sent by email for various things. So for example if you automate security updates for an Ubuntu web server you want to be notified if there is some issue with the automatic update.

In order to check and be sure email is setup and working on the sever there is simple command line code to use:

mail -s Test

you then get a prompt to enter

To: [enter the email and press return]

Cc: [press return]

then a blank where you can type in any text you want in the body of the message.

Then you send the message with by pressing CTRL-d

CTRL-d

If you don’t receive the email then you can troubleshoot what is going wrong.

Keeping Your Hosted Ubuntu Web Server Software Up to Date

To setup automatic security updates follow the instructions from Ubuntu.

To run security update manually

sudo unattended-upgrade

A full update of all packages can be done using the follow, remember this may create some issues is one update makes something else you have no longer work properly. You should test to make sure things all work after the updates (for production systems obviously you should test things before [first updating the staging server to make sure the updates don’t cause any problems] and after the updates).

First update the local package index (to find what needs to be upgraded).

sudo apt-get update

Then upgrade the software.

sudo apt-get upgrade

Adding a Key to Your Server for SSH Login

Using Ubuntu

An authentication key allows your server to authenticate the computer you are using has the right key and should be granted access. This lets you use the key instead of a username and password when using ssh.

If you don’t already have a key on your local machine (look for a file named id_rsa.pub in your user home directory under the .ssh folder

cd /.ssh

will get you to the right directory) then you need to generate the key pair. On your desktop machine use:

ssh-keygen

Next you copy the file to your server. scp ~/.ssh/id_dsa.pub [user]@[server]:.ssh/

scp ~/.ssh/id_dsa.pub username@servername:.ssh/

Rename the file on the server to authorized_keys2

mv id_rsa.pub authorized_keys2

The key is for to authenticate your computer. But on the ssh login Ubuntu will look in the user folder. So if you also had user2 access to the server and tried to ssh into the server you would not be authenticated because it would look in user2/.ssh for the authorized key file and not find it. You can put the same key in any user folder on your server to have that user also be automatically authenticated.

Checklist: Setting Up a New Domain on VPS

Two great hosts for Ruby on Rails are Slicehost and Linode. With these hosts you fully manager your virtual private server, installing the operating system, modifying apache (on Ning…), etc.. I use Ubuntu as the operating system and Apache as the web server.

If you are moving a domain from elsewhere it can be wise to reduce the TTL time to say 5 minutes a few days before you make the switch. This is make the change propagate across the internet more quickly.

  1. And DNS entry on your profile (login to your, for example, Linode account)
  2. Add a new file for /etc/apache2/sites-available/your_site_name.com
  3. sudo nano /etc/apache2/sites-available/example.com

    The file would look something like this: with your ip in place of 8.8.8.8

    ServerAdmin is the address Apache will use to send error messages to. Using gmail and the + option lets you use one gmail account and just use rules to filter all your sites.

  4. create the directories needed on your server
  5. enable the site (for apache)
    sudo a2ensite example.com
  6. You should see the file you created /etc/apache2/sites-available/example.com now also at /etc/apache2/sites-enabled/example.com

  7. Test the site out to make sure the setup is working properly. Create a index.html page and just verify the page is displayed. Change your local hosts file to point to your server IP address for the new domain you created. If not, take steps to get this to work, before continuing with the rest of the checklist.
  8. copy over the site – if you are moving the site from elsewhere
  9. remember to move the database over, if the site relies on a database
  10. restart apache
    sudo /etc/init.d/apache2 restart
  11. You can test the site out, before updating the DNS, by changing your local hosts file to point to your server IP address for the new domain you created.

    Resources: Install the Apache 2 Web Server on Ubuntu 10.04 LTS (Lucid)

Replace Text in Files Recursively (Linux)

To replace text in all the files in a directory, recursively, you can use grep.

sudo grep -rl texttoreplace /somedirectory/ | sudo xargs sed -i ‘s/repacethis/withthis/g’

sudo grep -rl oldtext /example/directory/ | sudo xargs sed -i 's/oldtext/newtext/g'

The g on the end, lets it replace all the instances of the text in each file.

More ubuntu and linux tips and code samples

WordPress error: Image could not be processed. Please go back and try again.

If you get an error saying

Image could not be processed. Please go back and try again.

when you try to put a new custom header image for WordPress theme 2010 on a server using Ubuntu the following may help:

apt-get install php5-gd

once it installs then

invoke-rc.d apache2 restart

This will provide php the ability to manipulate images that WordPress is trying to use.

Replacing a Host Key

Host keys are used to security log into remote servers (such as Virtual Private Servers – VPS). With Ubuntu if you are using host keys to sign into servers securely and have asked for strict checking, if you make a change (such as rebuilding your VPS) the host key will change and you cannot login and will get a message like:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is

Please contact your system administrator.

RSA host key for 128.0.0.128 has changed and you have requested strict checking.
Host key verification failed.

if that happens you need to remove your local host key. Then you can sign back in and you will be able to save a new copy of the host key. If you don’t know why the key has changed you should figure that out first as it maybe be an indication of an important security problem. To remove you local key, you can use ssh-keygen -R [ip address of server with the bad key] for example: ssh-keygen -R 128.0.0.128

Then when you try to sign in you will get

The authenticity of host '128.0.0.128 (128.0.0.128)' can't be established.

RSA key fingerprint is ed:...:ea.
Are you sure you want to continue connecting (yes/no)?

And if you know why (such as you made changes to the server) you can say yes and connect and save the new known host key.

Managing Users in Ubuntu

add a user: sudo adduser [newuser]

sudo adduser john

then give password, and setup home folder,when prompted

edit the list of super users

visudo

list users

cat /etc/passwd

change password of a user – sudo passwd [username]

sudo passwd john

to change your password you can just use sudo passwd.

delete user

sudo deluser username

This will not delete the home folder (and subfolder) those must be dealt with separately. A new user created with the old user name would have access to those files.

temporarily lock a user account – Simply locking a user account will not prevent a user from logging into your server remotely if they have previously set up RSA public key authentication.

sudo passwd -l username

To unlock the account

sudo passwd -u username

Groups

Groups are used in to control permissions (see file permissions)
add user to a group
usermod -G [group-name] [username]

usermod -G basketball john

using the -G switch ads the group as a supplemental group. Using -g would make the group that users primary group.

see what groups a user is in

id john

add a new group: groupadd [new_group_name]

groupadd ruby_developers

Phusion Passenger Tips and Troubleshooting Ideas

Some tips and troubleshooting ideas for Phusion Passenger

Phusion Passenger manages resources for rails applications – spawning new instances as needed, etc..

  • passenger-status

    – provide the status of passenger rails processes

Configuring Phusion Passenger

Add lines to /etc/apache2/apache2.conf to change the default settings

  • PassengerMaxPoolSize 10

    – maximum number of total rails application instances, the default is 6

  • PassengerMaxInstancesPerApp 5 – sets the maximum pool size for any 1 rails application to 10 instances (default is no limit).
  • PassengerUseGlobalQueue ON

    – sets globaly queing on, it is off by default. You want globaly queuing on if your requests have large differences in response times (slow and fast responses).

Related: Passenger documentation

Troubleshooting

If you try

sudo passenger-status

and get something like
*** ERROR: Cannot query status for Passenger instance 2280:
Connection refused – /tmp/passenger.2280/info/status.socket
Restarting (not reloading) apache

sudo /etc/init.d/apache2 restart

may fix the problem.

System Monitoring Tools for VPS

Tools for monitoring performance and troubleshooting Ubuntu VPS web servers

  • Munin – graphs of system resources over time. Very nice. Can be a bit difficult to setup.
  • top – system stats
  • iotop – like top, but for io stats. Install
    sudo apt-get install iotop

    Useful setup

    iotop -b -o -d 30 -t

    -b (batch – so you can keep a running tally of results) -o (only those processes with io) -d (delay and seconds – how often to print out stats) -t (include time in printout)

  • vmstat – stats on memory, io, swap, cpu and system. Example:
    vmstat 10

    (prints out stats every ten seconds.

  • iostat

Error logs

  • sudo nano /var/log/apache2/error.log

Apache web server access log statistics

  • Webalizer –
    sudo apt-get install webalizer

    GeoIP is required for webalizer

    sudo apt-get install geoip-bin

    detailed instructions