Difference between revisions of "Ubuntu"

From Server Knowledge Base
Jump to navigationJump to search
Line 332: Line 332:


apt-get install libgnutls28 libgnutls28-dbg libgnutls28-dev libgnutlsxx28-->
apt-get install libgnutls28 libgnutls28-dbg libgnutls28-dev libgnutlsxx28-->
== Linux Container ==
https://help.ubuntu.com/12.04/serverguide/lxc.html
=== Installation of LXC ===
<pre>apt-get install lxc
cat /etc/init/lxc-net.conf | grep USE_LXC_BRIDGE</pre>
If true set to false unless you want the containers to NAT to your servers real IP addresses, and to be accessible externally.
=== Pre-container creation steps ===
To reduce errors pre-container creation do the following:
<pre>dpkg-reconfigure locales
locale-gen en_GB
update-locale LANG=en_GB.UTF-8</pre>
<!-- <pre>vim ~/.profile
export LC_CTYPE=en_GB.UTF-8 export LC_ALL=en_GB.UTF-8</pre>
Or:
<pre>vim /etc/environment
LC_ALL="en_GB.utf8"</pre>-->
=== Creating/deleting containers ===
Check the templates below and pick one:
<pre>cd /usr/lib/lxc/templates/ ; ls -lah</pre>
Create a container from one of the templates:
<pre>lxc-create -t ubuntu -n NameOfTheContainer</pre>
If you want to install the fedora package, do apt-get install yum
To delete it just do:
<pre>lxc-destroy -n NameOfTheContainer</pre>
=== Start a container ===
<pre>lxc-start -n NameOfTheContainer -d</pre>
=== Access the container ===
The default user is 'ubuntu' with the password 'ubuntu', to enter a container, do:
<pre>lxc-console -n NameOfTheContainer
sudo -i</pre>
Exit using Ctrl + a, then press q
To re-enter the container, do lxc-console -n NameOfTheContainer and then press enter (you may have to a few times)
=== Configuration settings ===
* By default you can ping a container from the host, and vice versa, and you can ping the outside world from the container.
* You can set the hostname just like a normal server, if you want to rename the container.
=== List containers ===
lxc-list
=== Set passwords ===
Log in as the root user of the container:
'''Fedora''' container:
<pre>Username: root
Password: root</pre>
Set the user's password:
<pre>passwd fedora</pre>
'''Ubuntu''' container:
<pre>sudo -i
Username: ubuntu
Password: ubuntu</pre>
Set the user's password:
<pre>passwd ubuntu</pre>
Set the root user's password:
passwd
=== SSH in externally ===
'''To route from externally through the host to the container, just do the below iptables rule''':
<pre>iptables -t nat -A PREROUTING -p tcp --dport 1337 -j DNAT --to 10.0.4.60:22
iptables-save</pre>
In the above case we are saying:
- You want to SSH in on port 1337<br>
- The container's eth0 IP address is 10.0.4.60<br>
- Then below we are saying the physical machine has an IP address of 110.111.112.113
Then externally from the server do:
<pre>ssh [email protected] -p2222</pre>
And bingo! You should be in the container.
<pre>passwd</pre>
<!-- OpenVZ
https://code.google.com/p/ovz-web-panel/
apt-get install vzctl vzdump vzquota
wget -O - http://ovz-web-panel.googlecode.com/svn/installer/ai.sh | sh
gem install net-ssh
gem install net-sftp -->


== Log Locations ==
== Log Locations ==

Revision as of 15:16, 5 February 2013

dpkg -l | grep service will show the enabled modules for that service.

32bit on 64bit

To use 32bit applications on Ubuntu 10.04 64bit you will need the following package: ia32 libs
Guide 1
Guide 2

apt-get upgrade option

bind9 fails to start

ubuntu none:0: open: /etc/named.conf: permission denied

The below fix is not related to the above error in the box.

This can be caused because the Operating System is Ubuntu 12 (as of 28/01/13), and there is a bug with Plesk version 11 servers.

cd /etc/apparmor.d/disable
ls -lah
ln -s ../usr.sbin.named .

Restart apparmor by doing one of the below:

/etc/init.d/apparmor restart
service apparmor reload

or it could be this. Then restart bind:

/etc/init.d/bind9 restart

Custom Software

Dropbox via CLI

ffmpeg and x264 on 10.04

GeoIP

IceCast

Follow the above guide and then before you get to starting ezstream section do the following:

FTP your .mp3 music files to /var/www/vhosts/yourdomain.com/httpdocs/FolderOfYourChoice as either files or folders. Folders will work as when you index the files it picks them up anyway.

cp /usr/share/doc/ezstream/examples/ezstream_mp3.xml /var/www/vhosts/yourdomain.com/httpdocs/FolderOfYourChoice/

vim /var/www/vhosts/thesixts.com/httpdocs/mu/ezstream_mp3.xml

Ensure these are set correctly.

<url>http://DomainNameOrServerIP:8000/mu</url>
<sourcepassword>SameAsWhatIsIn/etc/icecast2/icecast.xml</sourcepassword>
<filename>/var/www/vhosts/thesixts.com/httpdocs/mu/playlist-pickaname.txt</filename>
<stream_once>0</stream_once>
<svrinfopublic>0</svrinfopublic>

find /var/www/vhosts/yourdomain.com/httpdocs/FolderOfYourChoice/ -name *mp3 -type f > /var/www/vhosts/yourdomain.com/httpdocs/FolderOfYourChoice/playlist-pickaname.txt

ezstream -c /var/www/vhosts/yourdomain.com/httpdocs/FolderOfYourChoice/ezstream_mp3.xml

Nagios

apt-get install build-essential
apt-get install libgd2-xpm-dev
cd /etc ; mkdir nagios1
wget http://serverkb.co.uk/tools/nagios-3.2.3.tar.gz
cd nagios1
useradd -m nagios1
passwd nagios1
groupadd nag1cmd
usermod -a -G nag1cmd nagios1
usermod -a -G nag1cmd www-data
tar -zxvf nagios-3.2.3.tar.gz
mv nagios-3.2.3/* . ; rm nagios-3.2.3 -R
./configure --with-command-group=nag1cmd
make all
make install
make install-init
make install-config
make install-commandmode
make install-webconf

Currently up to this step documented.

OS ticket

Plex

wget http://plex.r.worldssl.net/PlexMediaServer/0.9.7.7.339-5ec3b53/plexmediaserver_0.9.7.7.339-5ec3b53_amd64.deb
apt-get -f install avahi-daemon avahi-utils ffmpeg
mv plexmediaserver_0.9.7.7.339-5ec3b53_amd64.deb plex.0.9.7.7.339.deb
dpkg -i plex.0.9.7.7.339.deb

You need to set the Web URL to be http://127.0.0.1:port/web to be able to remotely manage the settings externally.

Once installed to access the panel, go to http://ipaddress:32400/web

If the settings menu disappears, do:

/etc/init.d/plexmediaserver restart

Log Files

$PLEX_HOME/Library/Application Support/Plex Media Server/Logs
cd /var/lib/plexmediaserver/Library/Application Support/Plex Media Server/Logs
tail -f Plex\ Media\ Server.log

Red5

add-apt-repository "deb http://archive.canonical.com/ lucid partner"
apt-get update
apt-get install subversion
apt-get install ant
apt-get install python-software-properties
apt-get upgrade
apt-get install sun-java6-jdk
apt-get install sun-java6-jre
wget http://trac.red5.org/downloads/1_0/red5-1.0.0-RC1.tar.gz
tar xvfz red5-1.0.0-RC1.tar.gz
mv red5-1.0.0 red5
mv red5 /usr/local/
adduser –system –group –home /usr/local/red5 red5
chown -R red5.red5 /usr/local/red5
touch /etc/init.d/red5
vim /etc/init.d/red5

Paste this script:

#! /bin/sh
#
# red5 red5 initscript
#
# Author: Simon Eisenmann.
#
set -e
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DESC="Red5 flash streaming server"
NAME=red5
RED5_HOME=/usr/local/red5
DAEMON=$RED5_HOME/$NAME.sh
PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
RED5_USER=red5

# Gracefully exit if the package has been removed.
test -x $DAEMON || exit 0

# Read config file if it is present.
if [ -r /etc/default/$NAME ]
then
  . /etc/default/$NAME
fi
#
# Function that starts the daemon/service.
#
d_start() {
	start-stop-daemon --start -c $RED5_USER --pidfile $PIDFILE \
	--chdir $RED5_HOME --background --make-pidfile \
	--exec $DAEMON
}
#
# Function that stops the daemon/service.
#
d_stop() {
	start-stop-daemon --stop --quiet --pidfile $PIDFILE \
	--name java
	rm -f $PIDFILE
}

case "$1" in
  start)
	echo -n "Starting $DESC: $NAME"
	d_start
	echo "."
	;;
  stop)
	echo -n "Stopping $DESC: $NAME"
	d_stop
	echo "."
	;;
  restart|force-reload)
	echo -n "Restarting $DESC: $NAME"
	d_stop
	sleep 1
	d_start
	echo "."
	;;
  *)
	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
	exit 1
	;;

esac

exit 0
chmod +x /etc/init.d/red5
update-rc.d red5 defaults
/etc/init.d/red5 start
netstat -ant (Check for: “tcp6 0 0 :::5080 :::* Listen”)

Go to http://DomainOrIP:5080 and you should see the red5 landing page there.

Install Xuggle next

http://www.emunewz.net/forum/showthread.php?tid=2448

Install Xuggler. Go to http://www.xuggle.com/xuggler/downloads/

cd /usr/local
wget http://com.xuggle.s3.amazonaws.com/xuggler/xuggler-3.1.FINAL/xuggle-xuggler.3.1.818-i686-pc-linux-gnu.sh
 
chmod a+x xuggle-xuggler.3.1.818-i686-pc-linux-gnu.sh
./xuggle-xuggler.3.1.818-i686-pc-linux-gnu.sh

Put Xuggler into PATH

vim /etc/profile

Add the following at the bottom of the file

export XUGGLE_HOME=/usr/local/xuggler
export LD_LIBRARY_PATH=$XUGGLE_HOME/lib:$LD_LIBRARY_PATH
export PATH=$XUGGLE_HOME/bin:$PATH

Red5 Tutorials Website

Install LAMP

apt-get install lamp-server^ phpmyadmin

Install SSL on Ubuntu 12.04 with Apache 2.2.22

This is for a fresh install, unmodified in any way from apt-get install apache2.

a2ensite default-ssl
a2enmod ssl
service apache2 restart
/etc/init.d/apache2 restart

Then go to https://yourhostname (either your domain or IP address), accept the certificate warning and you should see your website.

mkdir /etc/apache2/ssl
vim /etc/apache2/sites-enabled/default-ssl
/SSLCertificateFile

Press insert and edit the filepath of:

SSLCertificateFile
SSLCertificateKeyFile
SSLCACertificateFile

to direct to your files with the Certificate (.crt format), the Private Key (.key format) and the Intermediate Root CA Bundle (.crt format).

Then vim each of the above filepaths and enter the certificate, key and Chain CA in their respective files.

chmod 600 /etc/apache2/ssl/SSLCertificateKeyFile
/etc/init.d/apache2 restart

To mitigate the BEAST attack and disable SSLv3 enter the following into /etc/apache2/sites-enabled/default-ssl

SSLHonorCipherOrder On
SSLProtocol -all +TLSv1
SSLCipherSuite ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH

To disable Apache and OS version put the following in /etc/apache2/sites-enabled/default-ssl outside of the VirtualHost tags:

ServerTokens Prod
ServerSignature Off
TraceEnable Off
/etc/init.d/apache2 restart

Tokens is the header
Signature is the footer

Example of these in place

To get 100 on SSL, see HN.

Log Locations

FTP: /usr/local/psa/var/log/xferlog

Old Version of Plesk and an update fails

If you get the following error when upgrading Plesk using the updates section in plesk:

Installation could not be started: Unable to install packages because of package dependency problems. Not all packages were installed. ERROR: An error occurred on attempt to install packages. Attention! Your software might be inoperable. Please, contact product technical support.

Check what Ubuntu OS you are running. To do this via command line run cat /etc/issue.

Repositories

The below repository issue most commonly happens on Ubuntu 6.06 as it is out of support now and the repos have changed. Edit the following file by using vim /etc/apt/sources.list

Comment out the old Ubuntu repository list using # (leave any others such as Plesk) and put in the below.

For Ubuntu 6.06 (Dapper Drake):

#Old-Release Sources
deb http://old-releases.ubuntu.com/ubuntu/ dapper  main universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ dapper  main universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ dapper-security main restricted universe multiverse
deb-src http://old-releases.ubuntu.com/ubuntu/ dapper-security main restricted universe multiverse

If you get the following error via SSH:

Err karmic/main Packages  404  Not Found
Err karmic/restricted Packages 404  Not Found
Err  karmic/universe Packages, 404  Not Found
Err  karmic-updates/main Packages 404  Not Found
Err karmic-updates/restricted Packages 404  Not Found

vim /etc/apt/sources.list.d

karmic.list is Ubuntu 9 which many hosters did not offer (hence no mirrors). If you are using lucid (Ubuntu 10), comment out the lines in this file. Apt should now update with no errors.

For Ubuntu 8.04 (Hardy Heron):

deb http://archive.ubuntu.com/ubuntu hardy main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu hardy-updates main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu hardy-security main restricted universe multiverse
# Plesk
deb http://autoinstall.plesk.com/ubuntu/PSA8 hardy all

For Ubuntu 10.04 (Lucid Lynx):

deb gb.archive.ubuntu.com lucid main restricted universe
deb gb.archive.ubuntu.com lucid-updates main restricted universe
deb gb.archive.ubuntu.com lucid-security main restricted universe

Note: change mirrors from gb.archive.ubuntu.com to your own/your hosting companies if need be.

Subversion repository guides: 1, 2, 3, 4, 5

Additional repos:

deb http://archive.ubuntu.com/ubuntu lucid universe
deb http://archive.canonical.com/ lucid partner

Then run the following afterwards:

apt-get update
/opt/psa/admin/bin/autoinstaller

This should provide more information as to which packages are causing the problem. Also try looking in the following log as this should have the info:

#/tmp/autoinstaller3.log

Depending what is broken you may be able to force the install or configure the packages:

apt-get -f install
dpkg -a configure-all

If neither of those fix then rebuild the VPS. Also check if there have been any custom upgrades such as PHP as that can break it.

For Ubuntu 12.04 (Precise Pangolin):

http://ubuntuguide.org/wiki/Ubuntu:Precise#Edit_the_repository_sources_list

# deb cdrom:[Ubuntu 12.04 LTS _Precise Pangolin_ - Beta amd64 (20120328)]/ dists/precise/main/binary-i386/

# deb cdrom:[Ubuntu 12.04 LTS _Precise Pangolin_ - Beta amd64 (20120328)]/ dists/precise/restricted/binary-i386/
# deb cdrom:[Ubuntu 12.04 LTS _Precise Pangolin_ - Beta amd64 (20120328)]/ precise main restricted

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://archive.ubuntu.com/ubuntu precise main restricted
# deb-src http://de.archive.ubuntu.com/ubuntu/ precise main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://archive.ubuntu.com/ubuntu precise-updates main restricted
# deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu precise universe
# deb-src http://de.archive.ubuntu.com/ubuntu/ precise universe
deb http://archive.ubuntu.com/ubuntu precise-updates universe
# deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
## team, and may not be under a free licence. Please satisfy yourself as to 
## your rights to use the software. Also, please note that software in 
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://archive.ubuntu.com/ubuntu precise multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ precise multiverse
deb http://archive.ubuntu.com/ubuntu precise-updates multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ precise-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://archive.ubuntu.com/ubuntu precise-backports main restricted universe multiverse
# deb-src http://de.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse

deb http://archive.ubuntu.com/ubuntu precise-security main restricted
# deb-src http://security.ubuntu.com/ubuntu precise-security main restricted
deb http://archive.ubuntu.com/ubuntu precise-security universe
# deb-src http://security.ubuntu.com/ubuntu precise-security universe
deb http://archive.ubuntu.com/ubuntu precise-security multiverse
# deb-src http://security.ubuntu.com/ubuntu precise-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
deb http://archive.canonical.com/ubuntu precise partner
# deb-src http://archive.canonical.com/ubuntu precise partner

## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
deb http://extras.ubuntu.com/ubuntu precise main
# deb-src http://extras.ubuntu.com/ubuntu precise main

Cyber Citi Guides

Monitoring Tools

Security Tips

Linux Debian cheat sheet

iptables

If within Virtuozzo you receive Failed to add the firewall rule to the Input chain when editing the firewall: http://kb.parallels.com/6691

Upgrade MySQL on Ubuntu 8.04

Upgrade MySQL on Ubuntu 10.04

VNC

apt-get install vnc4server
vnc4server

You will be prompted for a password. This password will be used to log into the vnc session. After providing a password, you will get output that looks like: New 'IP.IP.IP.IP:1 (laptop)' desktop is IP.IP.IP.IP:1

Take notice of the number after the colon (:), in this case it is "1." Starting the vnc4server will cause a .vnc directory to be placed in your home directory.

vnc4server -kill :1 

Open the .vnc/xstartup file for editing.

vim ~/.vnc/xstartup

The file will look like:

#!/bin/sh
# Uncomment the following two lines for normal desktop:
#unset SESSION_MANAGER
#exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
twm &

Type :wq and hit enter. Uncomment the lines that start with unset and exec. Comment out the lines that start with xsetroot, vncconfig, xterm, and twm.

The final file should look like:

#!/bin/sh
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
#xsetroot -solid grey
#vncconfig -iconic &
#xterm -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
#twm &

OR

#!/bin/sh
unset SESSION_MANAGER
exec /etc/X11/xinit/xinitrc
[ -x /etc/vnc/xstartup ] && exec /etc/vnc/xstartup
[ -r $HOME/.Xresources ] && xrdb $HOME/.Xresources
xsetroot -solid grey
vncconfig -iconic &
x-terminal-emulator -geometry 80x24+10+10 -ls -title "$VNCDESKTOP Desktop" &
x-window-manager &

Change the permissions on the /etc/X11/xinit/xinitrc file to make it executable. Run the server, install Ubuntu Desktop.

chmod 755 /etc/X11/xinit/xinitrc
vnc4server
apt-get install ubuntu-desktop

Remember the number after the colon (:). Log into your remote desktop to check the configuration.

vncviewer IP.IP.IP.IP:1

Provide the password that you chose.

warning: setlocale: LC_ALL: cannot change locale

If you get this error when logging in, or you get the below when doing locale-gen en_GB:

/bin/bash: warning: setlocale: LC_ALL: cannot change locale ((unset))
/usr/sbin/locale-gen: line 177: warning: setlocale: LC_ALL: cannot change locale ((unset))

You normally need to comment out LC_ALL="(unset)" in /etc/environment or /root/.profile

Work Offline in Firefox

If the browser in Ubuntu 10.04 is always set to Work Offline, go into about:config and set the following:

browser:offline set to FALSE network.online set to TRUE toolkit.networkmanager.disable set to FALSE

Create New > Boolean

network.manage-offline-status set to FALSE

https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/191889