How to Install Python on Windows

Python is a popular programming language for developing applications. The Python design philosophy emphasizes code readability and focuses on clear programming for both small and large-scale projects. Python allows you to run modules and full applications from a large library of resources (or even applications you write yourself) on your server. Python works on a number of popular operating systems, including Windows Server OS.

Installation of Python on the Windows Server operating system is a simple matter of downloading the installer from Python.org and running it on your server. Additional configuration adjustments can make using Python easier.

Installing Python

  1. Log in to your server via Remote Desktop Protocol (RDP). For more information on using RDP, see Using Remote Desktop Protocol (RDP) to Log into Your Windows Server.
  2. Download and execute the latest Python installation package from Python.org. For Liquid Web servers, you’ll most likely want the 64-bit version of the installer, but you may want to discuss software requirements with your developer.
  3. Choose the recommended installation options for the simplest installation experience (You can also choose Customize Installation if you need to adjust locations or features, but this may require additional configuration. See Python.org for further instructions on custom installation options).
  4. Check the box for “Add Python 3.7 to PATH”. This will adjust your System Environment Variables automatically so that Python can be launched from any command prompt.The installion screen of Python on a Windows server.
  5. Verify a successful installation by opening a command prompt window in your Python installation directory (probably C:\Users\*yourusername*\AppData\Local\Programs\Python\Python37 if you’ve installed the latest available version). You should receive a message similar to what is shown below.
    If you selected “Add Python 3.7 to PATH”, you can verify the installation from any command prompt window.

When installing Python on a Windows server you'll see the path of installation.

Installing PIP

If you didn’t install PIP using the default settings in the installer, you’d want to install this program to make application and module management easier. You can verify PIP installation by opening a command prompt and entering

pip -VYou’ll see the output similar to the following:

By running the pip -V command we see which version of pip and its path that your Windows Server is running.

If PIP is not installed or for more information on installing PIP, see our article How to Install PIP on Windows.

Any core-managed server at Liquid Web, both traditional-dedicated and Cloud servers, can run Python once installed. If you need assistance, our Helpful Humans can help install and verify the installation. You can also install Python on any of our self-managed servers. Plesk fully-managed servers support Python through ActiveState Python 2.6.5. Plesk also supports full Python installations, but does not include the software in its default components. For more information about using Python with Plesk, see Plesk’s support documentation. Please contact our Solutions team if you have further questions about ordering a server that can support Python.

Note
NOTE: Python software installation is considered Beyond Scope Support. This means it is not covered under our managed support, but we will do what we reasonably can to assist. It may take longer for us to assist as the SLA for Beyond Scope Support is different than our managed services. Find out more in our article What Is Beyond Scope Support?

Install vsftpd on Ubuntu 16.04

Installing vsftpd allows you to upload files to a server, the concept is comparable to that of Google Drive.  When you invite specified users to your Google Drive they can create, delete, upload and download files all behind a secure login. Vsftpd is excellent for company’s looking for an alternative to Google Drive or for anyone who wants to create a robust server. This “Very Secure File Transfer Protocol Daemon” is favored for its security and speed and we’ll be showing you how to install vsftpd on an Ubuntu 16.04 LTS server.

 

Pre-Flight Check

  • These instructions are intended specifically for installing vsftpd on Ubuntu 16.04.
  • You must be logged in via SSH as the root user to follow these directions.
Warning:
FTP data is insecure; traffic is not encrypted, and all transmissions are clear text, including usernames, passwords, commands, and data. Consider securing your FTP connection (FTPS).

Step 1: Updating Apt-Get

As a matter of best practices we update apt-get with the following command:

apt-get update

Step 2: Installing Vsftpd

One command allows us to install vsftpd very easily.

apt-get -y install vsftpd

Step 3: Configuring Vsftpd

We’ve installed vsftpd, and now we will edit some options that will help us to protect the FTP environment and enable the environment for utilization. Enter the configuration file using the text editor of your choice.

vim /etc/vsftpd.conf

Change the values in the config file to match the values below and lastly, save exit by typing

:wq

 

anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
ascii_upload_enable=YES
ascii_download_enable=YES

 

Click Here for a Further Explaination on Each Directive
Anonymous_enable: Prohibit anonymous internet users access files from your FTP. Change anonymous_enable section to NO.

Local_enable: If you have created users you can allow these users to log in by changing the local_enable setting to YES.

Write_enabled: Enable users the ability to write the directory, allowing them to upload files. Uncomment by removing the # in from of write_enabled:

Chroot jail: You can “chroot jail” local users, restricting them to their home directories (/home/username) and prohibiting access to any other part of the server. Choosing this is optional but if you state YES follow the steps in Step 4 for removing write privileges and making their own directory for uploads. If you select NO, the user will have access to other directories.

Step 4: Editing Permissions for a User

If you have an existing or new user that is not able to connect, try removing write privileges to their directory:

chmod a-w /home/username

Step 5: Creating the User a Directory

Create a directory just for FTP, in this case, and we are name it files. Afterward, this user will be able to upload and create files within the files folder:

mkdir /home/username/files

Step 6: Accepting FTP Traffic to Ports

There are a few ways to open ports within a server, below is one way of opening port 20 and 21 for FTP users to connect.

Note
Directly passing iptable commands, like below, can break some firewalls. In whichever method you choose to edit your iptables ensure that port 20 and 21 are open.

iptables -I INPUT 1 -p tcp --dport=20 -j ACCEPT

iptables -I INPUT 1 -p tcp --dport=21 -j ACCEPT

Step 7: Restarting the Vsftpd Service

Restarting vsftpd enables changes to the file (step 3) to be recognized.

service vsftpd restart

Step 8: Verifying Vsftpd

Now for a little fun, let’s connect to our FTP to verify it is working.

ftp 79.212.205.191

Example Output:

ftp 79.212.205.191
Connected to 79.212.205.191.
220 Welcome to FTP!
Name (79.212.205.191:terminalusername):<enter your FTP user>

You’ll also be able to connect via an FTP client, like Filezilla, using the IP address of your hostname and leaving the port number blank.  Take it for a spin and try to upload a file or write a file. If you enabled the chroot jail option, the user should not be able to go to any other parent directory.

 

Malicious Activity Detector (MAD) for Windows

One of the simplest goals of server security is keeping administrator credentials private. There is no better way to achieve this than through strict firewall rules that only allows specific IPs to authenticate. However, there are some situations where it is necessary to open a login prompt to the broader Internet. In this case, the only thing barring anonymous internet users from unauthorized access is your password. The stronger your password, the better off you are, but even the most cryptic passwords can be guessed given enough tries.

Malicious Activity Detector (MAD) helps protect you in these instances. It functions by monitoring login attempts to several services, and if it detects malicious activity, it applies a temporary block on that IP. If more attempts come in, the block continues to last longer. This method is exceptionally effective in preventing a successful brute-force attack while limiting the number of system resources expended.

 

Installation of MAD

Depending on the configuration and age of your server, you may already have it installed. Check the installation status by looking for an item in your Start Menu shown below.

Installing Liquid Web's Malicious Activity Detector for Windows tightens security for you server.

The program path is C:\Program Files (x86)\Liquid Web\MAD\MADGUI.exe

You may also check if “MAD.exe” is running from your Task Manager. If you don’t see it there, please Contact Support so that we may get it up and running for you. Once running,  we can move on to the configuration.

 

Note:
MAD will be installed on all Windows servers by default in the future.

 

Configuring MAD

MAD’s default settings offer protection for the most vulnerable services, and extra configuration is not required. That said, you may find yourself wanting to change its behavior, and we’re happy to give you the tools you need.

Let’s start with the most common change you may want to make: whitelisting and blacklisting. Opening the MAD Configure utility will get you on the right page. From here, you only need to choose the radio button for the list you want to modify, enter the IP, and click the button. You can remove entries in either list by right-clicking. This page also allows you to start or restart the service, but you shouldn’t need to use those functions.

The List tab easily let's you add in blacklisted or whitelisted IPs.

The next page is where most options are located. All of the service scanners list three choices for each: Enabled/Disabled, BlockThreshold, and Retention.

Our Malicious Activity Detector allows you to adjust settings for maximum security.

Enabled/Disabled -You may want to disable scanners for services that you do not have installed, but it is generally recommended to leave all options enabled due to minimal performance cost.

BlockThreshold – This setting controls how many ‘strikes’ it takes to be blocked. These are set fairly high by default to avoid affecting legitimate users, but you may want to lower the threshold to increase MAD’s sensitivity.

Retention -This refers to the size of the window that MAD looks at to determine if a user has met the BlockThreshold in seconds. By default, this is set to 300 (five minutes).

Example:
Set your BlockThreshold to 10 and your Retention to 300. If 9 failed attempts occurred at 12:00 and a failed attempt occurs before 12:05 it will be blocked. By 12:06 you will be in a new period and will be able to attempt 9 more times before being blocked.

PermaBlock – Sometimes robots can’t take the hint after being temporarily blocked several times in a row. The PermaBlock list remedies this situation. By default the retention period is 2 hours, this scanner checks for IPs that have been temp blocked five times (or your custom BlockThreshold). If it gets a hit, it does as the name implies and adds it to your blacklist, where it is managed much like manual entries.

AuditPolicy – This setting determines if MAD is allowed to edit your login event auditing policy. Disabling AuditPolicy is not recommended and may prevent MAD from working as intended.

TempBlockTimeout -When a block is triggered on one of the scanners the offending IP address will be blocked for this amount of time. Measured in seconds with a default setting of 900 (15 minutes).

 

Reviewing MAD Logs

MAD creates logs of all of the actions that it takes. It is good practice to review them regularly to see what has been going on. For example, if a certain service seems to be getting attacked more often than others you may want to consider hardening your firewall rules or MAD’s configuration itself.

Our Malicious Activity Detector keeps logs of anyone attempting to connect to your Windows server.

MAD also creates events in Windows Event Viewer under the ‘Applications and Services Logs’ folder. These events are most helpful for long-term investigation, as the folder will hold historical data for quite some time.

MAD also creates Events for long-term investigation, as the folder will hold historical data.

MAD for Windows is an excellent tool in your security arsenal, but a proactive plan is always better than a reactive one. We recommend utilizing Windows Firewall to ensure that only things that must be publicly accessible are. For further reading on security visit some of our other articles:

Security for Remote Desktop
Best Practices for Your Firewall

Reverse DNS Lookup

DNS is typically used to resolve a domain name to an IP address. This act is known as a forward resolution and enacted every time you visit a site on the internet. Reverse DNS (rDNS), as its name implies, is a method of resolving an IP address to a domain name.

The DNS records used for resolving an IP address to the domain name are known as pointer (PTR) records. A particular type of PTR-record is used to store reverse DNS entries. The name portion of the PTR-record is the IP address with the segments reversed and “.in-addr.arpa” added at the end of the record. The “.in-addr.arpa” portion of the record refers to the “address and routing parameter area” (arpa). rDNS uses “in-addr.arpa” for IPv4 and “ip6.arpa” is used for IPv6 addresses.

For example, the reverse DNS entry for IPv4 IP “1.2.3.4” would be “4.3.2.1.in-addr.arpa”.

 

The use of reverse DNS is for the same reason as standard (forward) DNS. It is easier to remember and identify a domain name than a string of numbers. rDNS is less critical than forward DNS, as forward DNS records are required to load up a website. Sites will still load fine in the absence of a reverse DNS record.

Email Servers commonly use rDNS to block incoming SPAM messages. Many mail servers are set to automatically reject messages from an IP address that does not have rDNS in place. Though the rDNS record can block spam, it is not a reliable means and is used mostly as an extra layer of protection. It is also important to note that merely enabling rDNS can still result in rejected messages due to a variety of reasons.  Additionally, rDNS is also used in logging to help provide human readable data rather than logs consisting entirely of IP addresses.

 

Reverse DNS lookups query the DNS servers of a domain for a PTR (pointer) record. If the domain’s DNS server does not have a valid PTR record setup, it cannot resolve a reverse lookup.  However, if a domain does have a PTR record, you can do a rDNS Lookup by using the method below.

 

Numerous online tools can be used to perform a rDNS lookup. A few examples of these online tools are linked below:

https://mxtoolbox.com/ReverseLookup.aspx

https://www.whatismyip.com/reverse-dns-lookup/

https://www.iplocation.net/reverse-dns

 

You can also perform a rDNS lookup manually from command line. In Linux, the command you would use is “dig” with the added “-x” flag. 

If you are on a Windows computer, you would typically use the “nslookup” command, though you could also use “ping -a”. An example of the Linux command and its output shown below:

dig -x 8.8.8.8

 

Output:

;<<>> DiG 9.9.4-RedHat-9.9.4-61.el7 <<>> -x 8.8.8.8
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36810
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;8.8.8.8.in-addr.arpa. IN PTR
 
;; ANSWER SECTION:
8.8.8.8.in-addr.arpa. 21599 IN PTR google-public-dns-a.google.com.
 
;; Query time: 19 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Wed Jul 18 11:58:54 EDT 2018
;; MSG SIZE  rcvd: 93

 

You can see the full rDNS PTR record for that IP in the “ANSWER SECTION” leading 8.8.8.8 back to the Google subdomain, google-public-dns-a.google.com :

8.8.8.8.in-addr.arpa. 21599 IN PTR google-public-dns-a.google.com.

Liquid Web makes it easy to set up and manage rDNS for your servers IPs. Just follow the steps outlined in our Knowledge Base article below:

https://www.liquidweb.com/kb/using-manage-to-update-reverse-dns/

 

Setting up a reverse DNS record is straightforward and can be beneficial to ensure that an IP does indeed belong to the domain it claims. If you are unsure who your DNS provider is, follow our helpful guide in locating where you should add the rDNS record.

Configure Apache 2 to Control Browser Caching

Today we are configuring browser caching control on common Apache 2 servers. Caching is a great tool to reduce server resource consumption, bandwidth utilization and provide a faster end-user experience to visitors. To get familiar with caching concepts, simply review our ‘What is Caching?’ tutorial.

Pre-Flight Check

This article covers all Apache 2 servers running the mod_expires and mod_headers Apache modules. This includes, but is not limited to, both traditional Dedicated servers and Cloud VPS servers running a number of different Linux distributions:

  • Core-managed CentOS 7* Servers
  • Core-managed CentOS 6* Servers
  • Fully-managed CentOS 7 cPanel Servers
  • Fully-managed CentOS 6 cPanel Servers
  • Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers
Note:
Self-managed servers running a similar Linux distribution can take advantage of this article. However, instructions are not specifically provided for Self-managed configurations.

The article assumes familiarity with the following basic system administration concepts:

Verify Modules

Our servers generally include both the mod_expires and mod_headers modules needed for browser cache control. However, before we configure the directives, we must first ensure the modules are installed and Apache 2 is ready to accept the directives. Verification is simple. We will be using the apachectl -M command to list the installed Apache modules while piping the output through the grep module_name command to filter the results down to showing only modules with the provided module_name, likes so:

Verifying mod_headers (also known as Headers_module) by copying & pasting the following command.

apachectl -M | grep header

… will return:

headers_module (shared)

Verifying mod_expires (also known as expires module) by copying and pasting the following command.

apachectl -M | grep expires

… will return:

expires_module (shared)

These modules must be present in the output when running the command. If they do not show up in the output, it will simply be blank, which indicates the modules are not installed. If the modules are missing then we will need to install them before we can continue.

Configuration Directives

We can use the following example of a generic configuration that serves to reduce the strain on server resources by prolonging the cache duration of common static files. These types of files typically do not change between visits. So they do not need to be downloaded on every visit. Modern browsers are equipped to accept instructions from web servers that provide suggestions for how long content should be cached. This example works well for most sites. However, you may need to add/remove file types or adjust lifespan as needed for your particular content.

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

Explanation of Each Directive

These are opening tags and will only process directives between these if the module, mod_expires, is installed on the server.

<IfModule mod_expires.c> ... </IfModule>

Download all files only if the cached has not been accessed in more than 2 days.

ExpiresDefault "access plus 2 days"
Download files only if the cached file has not been access in more than 1 month. This covers jpg, jpeg, gif, png, css, javascript, flash, ico and x-icon file types.

ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"

Download files only if the cached copy hasn’t been accessed in 10 minutes.

ExpiresByType text/html "access plus 600 seconds"

You can find a more robust explanation of these directives and all that expires_module offers in the Apache mod_expires Online Docs.

Implementation

Now that we have an understanding of how these directives can be configured, we need to decide on our method of implementation. There are generally two method of implementation for these directives. We classify these as either Portable or Include Methods.

Portable Method

The Portable Method uses .htaccess files to manage which directories are affected by the mod_expires configuration we are settings. These are handled like any other .htaccess file changes.

  1. SSH/FTP to the server
  2. Locate the directory which needs browser caching enabled.
  3. Modify the .htaccess file in that directory or create one if there is not one already.
  4. Add the needed directives from the Configuration Directives section above.
  5. Save the changes to the file.
  6. Done.

There is a small bottleneck caveat associated with .htaccess files. This caveat is not specific to mod_expires and is an overall Apache caveat with .htaccess files in general. In order for .htaccess files to work, Apache must scan every directory leading up to a targeted file looking for and applying any .htaccess files it finds along the way. This can create an I/O bottleneck on some server configurations. We recommend using the Include Method on all Cloud VPS Servers to avoid this type of problem.

Include Method

In contrast to the Portable Method, the Include Method takes advantage of the Apache include system. Apache only reads include files at startup so this prevents the I/O Bottleneck discussed above in the Portable Method section.

There are generally two ways to use the Include Method: Globally or Per Website. Either method requires locating and modifying the correct include files on the server. The correct files to modify is dependent on both distribution and server management software. We will discuss the correct locations for both methods on the various Liquid Web CentOS servers we support and listed in the Pre-Flight Check section above.

Global Includes

Applying the mod_expires directives globally is straight forward. It will have the effect of enabling the desired directives over the entire server, affecting every site running through Apache.

Core-managed CentOS 6 & 7 Servers

1.  Create a file named expires.conf in /etc/httpd/conf.d/ by typing in the following command:

vim /etc/httpd/conf.d/expire.conf

2. Add the necessary directives to the file and save the changes.
File should look like the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  To finish, reload Apache for the server to see the changes:

Service httpd reload

Fully-managed CentOS 6 & 7 cPanel Servers

1. Create file name pre_virtualhost_global.conf  in /usr/local/apache/conf/includes/ if it does not already exist.

vim /usr/local/apache/conf/includes/pre_virtualhost_global.conf

2.  Add the necessary directives to the bottom of the  file and save the changes.
Your file may contain additional directives in this file, but the bottom should look like this:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  Restart Apache Service:

/scripts/restartsrv_apache

If Running EasyApache 4: Restart Apache PHP-FPM Service

/scripts/restartsrv_apache_php_fpm

Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers

1. Create file name expires.conf in /etc/httpd/conf.d/

vim /etc/httpd/conf.d/expire.conf

2.Add the necessary directives to the file and save the changes.
The file should look like the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  Restart Apache Service:

Service httpd restart

Per Website Includes

We can also use Apache includes on a per virtual host level to enable browser caching on an individual website basis. We’ll go over how to configure these on our CentOS systems below.

Note:
Each website has two virtual hosts, one for HTTP (port 80) connections and another for HTTPS (port 443) connections. Each virtual host is independent of one another. Adding a change to the HTTP virtual host will not automatically apply to the HTTPS virtual host and vice versa.
Core-managed CentOS 6 & 7 Servers

The exact method of site management on Core-managed servers is left up to the server owner. This can vary dramatically depending on the person. We will use the default SSL site configuration file as an example on how to configure the Per Website includes for browser caching. Once you locate the necessary site’s configuration file, follow these steps:

1. Locate and Open the configuration file for the site being modified. 

vim /etc/httpd/conf.d/ssl.conf

2.  Locate the Virtual Host line for the site within its config file.  A Virtual Host Stanza looks like the following example:

<VirtualHost _default_:443>

</VirtualHost

3. Apply the needed mod_expires directives between the virtual host lines.
The results should look similar to the following example:

<VirtualHost _default_:443>

   <IfModule mod_expires.c>
   # Turn on the module.
   ExpiresActive on
   # Set the default expiry times.
   ExpiresDefault "access plus 2 days"
   ExpiresByType image/jpg "access plus 1 month"
   ExpiresByType image/gif "access plus 1 month"
   ExpiresByType image/jpeg "access plus 1 month"
   ExpiresByType image/png "access plus 1 month"
   ExpiresByType text/javascript "access plus 1 month"
   ExpiresByType application/javascript "access plus 1 month"
   ExpiresByType application/x-shockwave-flash "access plus 1 month"
   ExpiresByType text/css "now plus 1 month"
   ExpiresByType image/ico "access plus 1 month"
   ExpiresByType image/x-icon "access plus 1 month"
   ExpiresByType text/html "access plus 600 seconds"
   </IfModule>

</VirtualHost>

4. Restart Apache Service

Service httpd restart

Fully-managed CentOS 6 & 7 cPanel Servers

cPanel provides a rich template system that can be used to modify Apache behavior as needed. There is a specific directory structure needed to ensure our modifications persist through updates, upgrades and restarts. This system works the same way on both EasyApache 3 as well as EasyApache 4 systems.

 

Each site can handle its own set of custom include files. These need to be located in the following locations:


HTTP Virtual Hosts:
/etc/apache2/conf.d/userdata/std/2_4/<USER>/<DOMAIN>/<INCLUDENAME>.conf


HTTPS Virtual Hosts:
/etc/apache2/conf.d/userdata/ssl/2_4/<USER>/<DOMAIN>/<INCLUDENAME>.conf

There are three variables in the path above that need to be reconciled:

  • <USER> replaced by the necessary accounts username.
  • <DOMAIN> replaced by the fully qualified domain.tld name of the site. (minus the www. prefix)
  • <INCLUDENAME> replace by the name of the include file. This should reflect the include’s purpose. E.G. expires.conf

1. These directories do not exists by default and will need to be created. Once you know the details this can be done easily with the mkdir -p command like so:

HTTP Virtual Host:

mkdir -p /etc/apache2/conf.d/userdata/std/2_4/myuser/example.com/

HTTPS Virtual Host:

mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/myuser/example.com/

2. After the directories are created, we can now create our include files, calling it expires.conf.
HTTP Virtual Host:

vim /etc/apache2/conf.d/userdata/std/2_4/myuser/example.com/expires.conf

HTTPS Virtual Host:
vim /etc/apache2/conf.d/userdata/ssl/2_4/myuser/example.com/expires.conf

3. Add the necessary mod_expires directives to both expires.conf files. They should look similar to this when complete:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

4. Now we will need to have cPanel rebuild the Apache configuration to apply the new includes.

/usr/local/cpanel/scripts/rebuildhttpdconf

5. Restart Apache to update the running configuration:
/usr/local/cpanel/scripts/restartsrv_apache

6. If running EasyApache 4, Restart Apache PHP-FPM service as well:
/usr/local/cpanel/scripts/restartsrv_apache_php_fpm

There are additional methods for handling virtual hosts in cPanel. Applying includes to all hosts or all HTTPS hosts or even all hosts by one user. For a much more in-depth explanation of the cPanel Virtual Host Include system, visit the Official cPanel Online Docs.

Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers

Plesk provides a robust include and template system for modification of virtual host entries on an individual virtual host basis. These are done in the following files:

Note:
We will need to replace example.com with your domain name (minus www. prefix).
/var/www/vhosts/system/example.com/conf/vhost_ssl.conf

The directory structure here should already exist. However, these vhost.conf and vhost_ssl.conf files do not exist by default and will need to created.

1. Create the needed include files:
HTTP Virtual Host:

touch /var/www/vhosts/system/example.com/conf/vhost.conf

HTTPS Virtual Host:
touch /var/www/vhosts/system/example.com/conf/vhost_ssl.conf

2. Modify both vhost.conf and vhost_ssl.conf applying the necessary mod_expires directives. When finish each file should look similar to the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3. Have Plesk rebuild the configuration for the site in question
/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain example.com

4. Restart Apache Service:
service httpd restart

The Plesk templates and includes systems is very robust and permits integration of many other common Apache directives. Visit the Plesk Onyx Online Documentation to learn more about leveraging its capabilities.

Use Disk Quotas in Dedicated Linux Servers for Plesk Servers

Using Disk Quotas on Plesk Servers

Plesk servers come in a variety of underlying operating systems like: Windows, CentOS and Ubuntu. These systems address disk quotas in different ways. However, they all use the same tools within the Plesk interface. Plesk servers can assign quotas on an individual domain basis or through the Service Plans & Subscriptions system. We will go over both of these methods below.

Continue reading “Use Disk Quotas in Dedicated Linux Servers for Plesk Servers”

What is mod_deflate?

How mod_deflate works

When a visitor accesses a website, a request is made to the web server for a specific kind of data. An example might be a home page of a site. Next, the web server locates that data and delivers it to the client who is requesting that data – basically back to the web browser.

In this example, the speed at which the home page loads can depend on a variety of factors. One of them could be how long it takes to find and deliver the data for that page. This is just one example.

Some of that data – such as javascript files, css files, and php files – can actually be compressed into smaller sizes before they are delivered back to the visiting client or browser at the smaller size. The visitor can now have a more optimized browsing experience.

This is where mod_deflate comes in.

Continue reading “What is mod_deflate?”

Upgrading from the Legacy Storm Private Network

The recently announced deprecation of the Legacy Storm Private Network has prompted several questions, the most frequent of which being: How to upgrade and am I affected? Fortunately this announcement only affects a handful of our thousands of clients, those being customers who started using the Private Networking back in 2013. If you’re not sure, you’re welcome to open a ticket and be certain.

Regarding the upgrade process, we’ve made that as easy as possible and accessible to anyone with access to the manage interface. This how-to will walk you through the steps you need to follow to get detach from the current implementation and get connected to the new, improved version.

Continue reading “Upgrading from the Legacy Storm Private Network”

Upgrading PHP on Windows

Performing an upgrade to PHP on Windows Server

Keeping your software and applications up to date is a crucial part of maintaining security and stability in your web hosting systems. Unfortunately, updating system components and back-end software can sometimes be a frustrating and a difficult process. However, thanks to Microsoft’s Web Platform Installer, upgrading PHP on a Windows server with IIS is as simple as a few clicks.

Continue reading “Upgrading PHP on Windows”