How to Add a User and Grant Root Privileges on Ubuntu 16.04

Ubuntu 16.04 LTS provides you the ability to add a user for anyone who plans on accessing your server.  Creating a user is a basic setup but an important and critical one for your server security. In this tutorial, we will create a user and grant administrative access, known as root, to your trusted user.

 

Pre-Flight Check

  1. Open a terminal and log in as root.  
  2. Work on a Linux Ubuntu 16.04 server

Step 1:  Add The User

Create a username for your new user, in my example my new user is Tom:

adduser tom

You’ll then be prompted to enter a password for this user.   We recommend using a strong password because malicious bots are programmed to guess simple passwords. If you need a secure password, this third party password generator can assist with creating one.

Output:

~# adduser tom
Adding user `tom' ...
Adding new group `tom' (1002) ...
Adding new user `tom' (1002) with group `tom' ...
Creating home directory `/home/tom' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Note
Usernames should be lowercase and avoid special characters. If you receive the error below, alter the username. ~# adduser Tom
adduser: Please enter a username matching the regular expression configured via the NAME_REGEX[_SYSTEM] configuration variable.  Use the `--force-badname' option to relax this check or reconfigure NAME_REGEX.

 

Prompts will appear to enter in information on your new user.  Entering this information is not required and can be skipped by pressing enter in each field.

Enter the new value or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:

 

Lastly, the system will ask you to review the information for accuracy.  Enter Y to continue to our next step.

Is the information correct? [Y/n]

 

Step 2: Grant Root Privileges

Assigning a user root access is to grant a user the highest power.  My user, tom, can then make changes to the system as a whole, so it’s critical to allow this access only to users who need it. Afterward, this user will be able to use sudo before commands that are usually designed to be used by the root user.

usermod -aG sudo tom

 

Step 3: Verify New User

As root, you can switch to your new user with the su – command and then test to see if your new user has root privileges.

su - tom

If the user has properly been granted root access the command below will show tom in the list.

grep '^sudo' /etc/group

Output:

sudo:x:27:tom

 

How To Install Oracle Java 8 in Ubuntu 16.04

Pre-Flight Check

  1. Open the terminal and log in as root.  If you are logged in as another user, you will need to add sudo before each command.
  2. Working on a Linux Ubuntu 16.04 server
  3. No installations of previous Java versions

Step 1:  Update & Upgrade

It is advised to update your system by copy and pasting the command below.  Be sure to accept the update by typing Y when asked to continue:

apt-get update && apt-get upgrade

 

Step 2: Install the Repository

WebUpd8 Team Personal Package Archive (PPA), a third party repository,  allows us to download the package necessary for Java 8 installation.  Press Enter to continue the installation.

add-apt-repository ppa:webupd8team/java

Once again, update your package list.

apt-get update

 

Step 3: Install Java 8

Use the apt-get command to install Oracle’s Java 8 via their installer:

apt-get install oracle-java8-installer

 

Click Y to continue and press Enter to agree to the licensing agreement.

 

Select Yes and hit the Enter key.

 

Step 4: Verify Java 8 is Installed

java -version

Output:

java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

 

It’s essential to know the path of our Java installation for our applications to function. Where is Java installed? Run this command to find its path:update-alternatives --config java

Output:

~# update-alternatives --config java
There is 1 choice for the alternative java (providing /usr/bin/java).
Selection Path Priority Status
------------------------------------------------------------
0 /usr/lib/jvm/java-8-oracle/jre/bin/java 1081 auto mode
* 1 /usr/lib/jvm/java-8-oracle/jre/bin/java 1081 manual mode

 

Copy the highlighted path from the second row: /usr/lib/jvm/java-8-oracle/jre/bin/java/.  After copying, open the file /etc/environment and add in the path of your Java installation to the end of your file.

vim /etc/environment

JAVA_HOME="/usr/lib/jvm/java-8-oracle/jre/bin/java"

 

Save the file by hitting ESC button and type :wq to execute the command below to recognize the changes to the file:

source /etc/environment

 

You should now see the path of installation when using the $Java_Home variable:

echo $JAVA_HOME

Output:

~# echo $JAVA_HOME
/usr/lib/jvm/java-8-oracle/jre/bin/java

 

VPS Server Space/Disk Quota

The term “server space” refers to the amount of disk space that is available on your server’s hard disk drive. This space varies according to server type, hosting plan and possibly by additional services that are set up and available on your Liquid Web account.

Some of the largest hard disk drives on the market now can hold up to 100TB of data. To better visualize this, 100 terabytes of data is approximately equivalent to:

  • 42,000,000,000 trillion single-spaced typewritten pages
  • 8,000,000 phone books
  • 160,000 regular compact discs
  • 20,000 DVDs
  • 200 average-sized hard disks (500GB)
  • 80 human brains (the capacity of a human being’s functional memory is estimated to be 1.25 terabytes by futurist Raymond Kurzweil in The Singularity Is Near)

Your disk space can hold many types of data including file types like HTML, TXT, CSS, PHP, PDF, JPG, MP3, MP4, compressed (tar.gz) backups, SQL databases and more. These files are in specific folders which are defined by the applications configuration files or locations you determine.

How do I locate the folders containing a particular set of data?

The location of a file depends primarily on the type of file. On a Linux server, your typical cPanel account is set up under the /home/username folder, and your cPanel account username specifies the username folder. This folder is sometimes called the top-level or root folder of your cPanel account. This root folder is not publicly accessible on the web but, contains folders which are accessible via a web browser. The root folder holds other cPanel specific system folders that use a variety of functions.

As you can see, when uploading files to your account, you’ll likely want them to be in public_html to be accessible on the web. Uploading an image.jpg file to the public_html folder makes it available at domain.com/image.jpg. Additionally, if you create a folder inside of the public_html directory and add the same image there, it would be accessible at yourdomain.com/foldername/image.jpg.

To see the location of a file, you have several options;

  1. Log into your cPanel and open the File Manager under the Files section
    cPanel >> Home >> Files >> File Manager’ here you can view all of the files and folders in your account’s root directory.cPanel File Manager
  2. When a cPanel account is initially set up, it also creates the main FTP user. You can use the servers FTP functionality to access folders from a remote location to view the file listings. Several software titles like Filezilla, Cyberduck, and WinSCP are available for this type of connection.
  3. Lastly, you can connect to the server via SSH and get access to folders/files on the server.

How do I see how much space I’m using?

Disk Usage Graph

Let’s start by reviewing a few command line examples; mainly the “du” and “df” commands.

Note
The ‘du’ command sums up the total space of files that exist on the filesystem, while the ‘df’ command shows blocks available in the file system.

The ‘df’ command (abbreviation for disk free) simply lists the space used per partition:

df Command Output

The ‘du’ command (abbreviation for disk usage) reports the sizes of directories including all of their contents and the sizes of individual files:

du Command Output

Note
There are times when the ‘du’ and ‘df’ commands show different usage amounts. Previously removed files can cause this discrepancy from a running process holding open that file. Open processes cause the ‘df’ command to report that space as still being used. The solution to this is to restart the service to close any open process.

You can also use cPanel to determine the amount of space used and where its located. If you log in to cPanel, you would need to go to cPanel >> Home >> Files >> Disk Usage to get graphical of your disk usage.

cPanel Disk Usage

Lastly, to view your server’s disk usage in your Manage account server resource graph

  1. Log into your Manage portal.
  2. Navigate to the Servers section and then click on the Plus sign (+) next to the server of focus.
  3. Click on the Dashboard button and click the link next to the Disk Usage text as seen below

graphical statistics

This view provides a graphical representation of your disk space and the used amount.

How do I prevent disk space overages?

Disk space overages can result in lost emails, backups or even websites or the server going down! Just like your car, your server requires regular server maintenance. Attention to server maintenance reduces lost data. One way to prevent disk space overages is to use cPanel’s built-in tools.

cPanel possess the ability to send “Disk Quota Warning”  emails that denote when your server is using too much space. They contain specific locations to check, and the space used. The settings for these emails notifications are in WHM (Web Hosting Manager) under the Home »Server Configuration »Tweak Settings .

Email Notifications AreaOther areas of server maintenance to check on regularly include:

  • Pruning backups
  • Logs are rotating correctly (including Domlogs, Apache2, MySql, and Chkservd)
  • Regularly archiving email
  • Using the /home directory for large user accounts

What are the dangers of being too close to Disk Quota?

When a server gets close to or is at its max disk space capacity, strange errors and problems can manifest themselves in many ways including:

  • Services (like MySQL or Apache) can error out or stop
  • Websites can become very sluggish
  • The servers overall responsiveness can become slower
  • The server may exhibit a high load
  • You may see degraded disk performance
  • The server may display an increase in I/O wait
  • The server may demonstrate an increase in CPU usage
  • The file system can go into “read-only” mode
  • The server can run out of inodes
  • Files can become corrupted
  • Decreased swap space may occur causing issues

So what do I do if I’m running out of space?

As Benjamin Franklin stated, “By failing to prepare, you are preparing to fail.” In light of this knowledge, taking steps in advance to prevent these issues is always the best course of action. Directly monitoring your server disk space on a weekly or monthly basis prevents most space issues from turning into actual problems.

If you have already reached the point where immediate action needs to be taken to bring a server back in line with normal space expectations, you have several options. Using the “du” and “df” commands are your primary weapons in tracking down used server space.

The primary steps needed are:

    1. Log into your server
    2. Run a df -h command to locate which partitions are using the most spacedf Command Output
    3. Change directories into the affected folders using the most space.
    4. Run the following command:

du-sk Command Output(This is an advanced du command that sorts the contents of a directory by size. Use this to drill down into a folder to see used space.)

  1. Move files (to a backup drive or folder) or, remove the files that are no longer needed using the ‘rm’ command.
  2. Repeat steps 2 through 6 as needed until reaching desired space level.

Final Thoughts

Over time, any operating system can become overcrowded with addition and removal of programs or accounts. Actively monitoring your servers disk space is the most effective method to prevent server space issues. If you do run into issues, using the du, df command line tools or, using the graphical interface in your account allows you to view files as needed. As always, if you have further thoughts or questions about this topic, please contact our Linux Support department for more information.

 

How To Install Apache Tomcat 8 on Ubuntu 16.04

Apache Tomcat is used to deploy and serve JavaServer Pages and Java servlets. It is an open source technology based off Apache.

Pre-Flight Check

  • This document assumes you are installing Apache Tomcat on Ubuntu 16.04.
  • Be sure you are logged in as root user.

Installing Apache Tomcat 8

Step 1: Create the Tomcat Folder

Logged in as root, within the opt folder make a directory called tomcat and cd into that folder after completion.

mkdir /opt/tomcat

cd /opt/tomcat

 

Step 2: Install Tomcat Through Wget

Click this link to the Apache Tomcat 8 Download site. Place you cursor under 8.5.32  Binary Distributions, right click on the tar file and select copy link address (as shown in the picture below). At the time of this article Tomcat 8 is the newest version but feel free to pick whatever version is more up-to-date.

Tomcat 8's Download Page

Next from your server, use wget command to download the tar to  the tomcat folder from the URL you copied in the previous step:

wget http://apache.spinellicreations.com/tomcat/tomcat-8/v8.5.32/bin/apache-tomcat-8.5.32.tar.gz

Note
You can down the file to your local desktop, but you’ll then want to transfer the file to your Liquid Web server. If assistance is needed, check out this article: Using SFTP and SCP Instead of FTP

After the download completes, decompress the file in your tomcat folder:

tar xvzf apache-tomcat-8.5.32.tar.gz

 

Step 3: Install Java

Before you can use Tomcat you’ll have to install the Java Development Kit (JDK). Beforehand, check to see if Java is installed:

java -version

If that command returns the following message then Java has yet to be installed:
The program 'java' can be found in the following packages:

To install Java, simply run the following command (and at the prompt enter Y to continue):
apt-get install default-jdk

 

Step 4: Configure .bashrc file

Set the environment variables in .bashrc with the following command:

vim ~/.bashrc

Add this information to the end of the file:
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
export CATALINA_HOME=/opt/tomcat/apache-tomcat-8.5.32

Note
Verify your file paths! If you downloaded a different version or already installed Java, you may have to edit the file path or name. Older versions of Java may say java-7-openjdk-amd64 instead of java-1.8.0-openjdk-amd64 . Likewise, if you installed Tomcat in a different folder other then /opt/tomcat (as suggested) you’ll indicate the path in your bash file and edit the lines above.

Save your edits and exit from the .bashrc file, then run the following command to register the changes:

. ~/.bashrc

 

Step 5: Test Run

Tomcat and Java should now be installed and configured on your server. To activate Tomcat, run the following script:

$CATALINA_HOME/bin/startup.sh

You should get a result similar to:

Using CATALINA_BASE: /opt/tomcat
Using CATALINA_HOME: /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME: /usr/lib/jvm/java-7-openjdk-amd64/
Using CLASSPATH: /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar
Tomcat started

 

To verify that Tomcat is working visit the ip address of you server:8080 in a web browser. For example http://127.0.0.1:8080.

Apache Tomcat 8 Verification Page

 

How To Install Apache Tomcat 7 on Ubuntu 16.04

Apache Tomcat is used to deploy and serve JavaServer Pages and Java servlets. It is an open source technology based off Apache.
Pre-Flight Check

  • This document assumes you are installing Apache Tomcat on Ubuntu 16.04.
  • Be sure you are logged in as root user.

Installing Tomcat 7

Step 1: Create the Tomcat Folder

Logged in as root, within the opt folder make a directory called tomcat and cd into that folder after completion.

mkdir /opt/tomcat
cd /opt/tomcat

 

Step 2: Install Tomcat Through Wget

Click this link to the Apache Tomcat 7 Download site. Place your cursor under 7.0.90 Binary Distributions, right click on the tar.gz file and select Copy Link Address (as shown in the picture below).  At the time of this article Tomcat 7 is the newest version but feel free to pick whatever version is more up-to-date.

Tomcat Version 7.0.90

Next, from your server, use wget command to download the tar to  the tomcat folder from the URL you copied in the previous step:

wget http://www.trieuvan.com/apache/tomcat/tomcat-7/v7.0.90/bin/apache-tomcat-7.0.90.tar.gz

Note
You can down the file to your local desktop, but you’ll then want to transfer the file to your Liquid Web server. If assistance is needed, check out this article: Using SFTP and SCP Instead of FTP

After the download completes, decompress the file in your Tomcat folder:

tar xvzf apache-tomcat-7.0.90.tar.gz

You will end up with a file called apache-tomcat-7.0.90.

 

Step 3: Install Java

Before you can use Tomcat, you’ll have to install the Java Development Kit (JDK). Beforehand, check to see if Java is installed:

java -version
If that command returns the following message then Java has yet to be installed:
The program 'java' can be found in the following packages:
To install Java, simply run the following command (and at the prompt enter Y to continue:
apt-get install default-jdk

 

Step 4: Configure .bashrc file

Set the environment variables in .bashrc with the following command:

vim ~/.bashrc
Add this information to the end of the file:
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
export CATALINA_HOME=/opt/tomcat/apache-tomcat-7.0.90

Note
Verify your file paths! If you downloaded a different version or already installed Java, you may have to edit the file path or name. Older versions of Java may say java-7-openjdk-amd64 instead of java-1.8.0-openjdk-amd64 . Likewise, if you installed Tomcat in a different folder other then /opt/tomcat (as suggested) you’ll indicate the path in your bash file and edit the lines above.

Save your edits and exit from the .bashrc file, then run the following command to register the changes:

. ~/.bashrc

 

Step 5: Test Run

Tomcat and Java should now be installed and configured on your server. To activate Tomcat, run the following script:

$CATALINA_HOME/bin/startup.sh

You should get a result similar to:
Using CATALINA_BASE: /opt/tomcat
Using CATALINA_HOME: /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME: /usr/lib/jvm/java-7-openjdk-amd64/
Using CLASSPATH: /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar
Tomcat started.

 

To verify that Tomcat is working by visiting the IP address of your server:8080 in a web browser. For example http://127.0.0.1:8080.

Tomcat 7.0.90 Test Page

 

How to Install Pip on Ubuntu 16.04 LTS

Arguably one of the easiest tools to use for installing and managing Python packages, Pip has earned is notoriety by the number of applications utilizing this tool. Fancied for its capabilities in handling binary packages over the easy_installed packaged manager, pip enables 3rd party package installations. Though Python does sometimes come with pip as a default, this tutorial will show how to install, check its version as well as some basic commands for using pip on Ubuntu 16.04.

 

Pre-Flight Check

  • These instructions are intended for an Ubuntu 16.04 LTS server, and we are logged in as root.
  • If you are using a different operating system, check out our other pip installation guides.

Step 1: 

Ensure that all packages are up-to-date. After running the command below, you’ll get an output of any packages getting their update.

apt-get update

Step 2:

Install pip with cURL and Python. Downloading using the cURL command ensures the latest version of pip.curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
python get-pip.py

Step 3: 

Verifying the installation of pip:

pip --version

Output:
pip --version
pip 18.0 from /usr/local/lib/python2.7/dist-packages/pip (python 2.7)

Installing Libraries

Pip can install 3rd party packages like Django, Tensorflow, Numpy, Pandas and many more with the following command.

pip install <library_name>

 

Searching for Libraries

You can also search for other libraries in Python’s repository via command line. For our example let’s look for Django packages. The search command shows us an extensive list similar to the one below.

pip search django
django-bagou (0.1.0) - Django Websocket for Django
django-maro (0.0.2) - `django-maro` is utility for django.
django-hooked (0.1.7) - WebHooks for Django and Django Rest Framework.
django-ide (0.0.5) - A Django app to develop Django apps
django-mailwhimp (0.1) - django-mailwhimp integrates mailchimp into Django
django-six (1.0.4) - Django-six —— Django Compatibility Library
django-umanage (1.1.1) - Django user management app for django
django-nadmin (0.1.0) - django nadmin support django version 1.8 based on django-xadmin
diy-django (1.3.1) - diy-django

 

Uninstalling a Library

If you don’t need the library and your scripts use them you can uninstall easily with this command:

pip uninstall

 

Installing Python Resources

Many times Python packages have a requirements.txt file, if you see this file, you can run this command to install all libraries in that package

pip install -r requirements.txt

 

Malware – How to Detect and Remove

Maldet, a free popular malware scanning software for Linux servers, can be used to scan an entire server for potentially malicious files. Properly configured and monitored, it can even be used to disable or fully remove malware when it is detected. However, the removal of files should only be configured once you are certain no false positives will be picked up in the scans.

 

How to Install Maldet

To Install Maldet on your linux server copy and paste the following into the command lines. Maldet will then be pre-scheduled to run daily.

pushd /usr/local/src/
rm -vrf /usr/local/src/maldetect-*
rm -vrf /usr/local/src/linux-malware-detect*
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -zxvf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh
maldet --update-ver
#sed patch - commands added to address current problem with maldet overriding values in the conf file
sed -i 's/quarantine_hits=\"1\"/quarantine_hits=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/quarantine_clean=\"1\"/quarantine_clean=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/email_alert=\"1\"/email_alert=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/email_addr=\"you@domain.com\"/email_addr=\"\"/' /usr/local/maldetect/conf.maldet
#end sed patch
maldet --update
if [ -e /usr/local/cpanel/3rdparty/bin/clamscan ] then
ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/bin/freshclam
if [ ! -d /var/lib/clamav ] then mkdir /var/lib/clamav
fi
ln -s /usr/local/cpanel/3rdparty/share/clamav/main.cld /var/lib/clamav/main.cld
ln -s /usr/local/cpanel/3rdparty/share/clamav/daily.cld /var/lib/clamav/daily.cld
ln -s /usr/local/cpanel/3rdparty/share/clamav/bytecode.cld /var/lib/clamav/bytecode.cld
else
echo -e "\n\e[31mClamAV does not appear to be installed through cPanel.\nThe ClamAV definitions will not be used.\e[39m\n"
fi
Popd

Scanning for Malware

Once you have completed the installation you will want to configure the scanning process. The configuration for maldet is located /usr/local/maldetect/conf.maldet. You will want to open the file with your favorite text editor such as vim or nano:

vim /usr/local/maldetect/conf.maldet
Once you are editing the file you will want to add your email address between the “ “ on the line email_addr=,  like so email_addr=“myemail@mydomain.tld”

You can also set up the scan to quarantine the malicious files it finds by changing the line quarantine_hits= from “0” to “1”, it should look like quarantine_hits=“1”. I would advise against this option as it can pick up legitimate code mistakenly. If the scan does mistakenly place a legitimate file into quarantine, you will need to move it back into place by using the following command template, replacing SCANID with the proper scan ID reported by maldet:

Maldet --restore {SCANID}
Once you have run the scan with quarantines for some time and you are confident that no safe files are being picked up, you may want to turn on removal of quarantined files in the same configuration /usr/local/maldetect/conf.maldet at the line quarantine_clean= from “0” to “1” , it should look like quarantine_clean=”1”. I would personally avoid this configuration option as it can always pick up new edits mistakenly and destroy your hard work.

Looking for pre-configured protection for servers and websites? Check out our wide security offerings that are sure to fit any of your security concerns!

How to Configure Apache 2 to Control Browser Caching

Today we are configuring browser caching control on common Apache 2 servers. Caching is a great tool to reduce server resource consumption, bandwidth utilization and provide a faster end-user experience to visitors. To get familiar with caching concepts, simply review our ‘What is Caching?’ tutorial.

Pre-Flight Check

This article covers all Apache 2 servers running the mod_expires and mod_headers Apache modules. This includes, but is not limited to, both traditional Dedicated servers and Cloud VPS servers running a number of different Linux distributions:

  • Core-managed CentOS 7* Servers
  • Core-managed CentOS 6* Servers
  • Fully-managed CentOS 7 cPanel Servers
  • Fully-managed CentOS 6 cPanel Servers
  • Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers
Note:
Self-managed servers running a similar Linux distribution can take advantage of this article. However, instructions are not specifically provided for Self-managed configurations.

The article assumes familiarity with the following basic system administration concepts:

Verify Modules

Our servers generally include both the mod_expires and mod_headers modules needed for browser cache control. However, before we configure the directives, we must first ensure the modules are installed and Apache 2 is ready to accept the directives. Verification is simple. We will be using the apachectl -M command to list the installed Apache modules while piping the output through the grep module_name command to filter the results down to showing only modules with the provided module_name, likes so:

Verifying mod_headers (also known as Headers_module) by copying & pasting the following command.

apachectl -M | grep header

… will return:

headers_module (shared)

Verifying mod_expires (also known as expires module) by copying and pasting the following command.

apachectl -M | grep expires

… will return:

expires_module (shared)

These modules must be present in the output when running the command. If they do not show up in the output, it will simply be blank, which indicates the modules are not installed. If the modules are missing then we will need to install them before we can continue.

Configuration Directives

We can use the following example of a generic configuration that serves to reduce the strain on server resources by prolonging the cache duration of common static files. These types of files typically do not change between visits. So they do not need to be downloaded on every visit. Modern browsers are equipped to accept instructions from web servers that provide suggestions for how long content should be cached. This example works well for most sites. However, you may need to add/remove file types or adjust lifespan as needed for your particular content.

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

Explanation of Each Directive

These are opening tags and will only process directives between these if the module, mod_expires, is installed on the server.

<IfModule mod_expires.c> ... </IfModule>

Download all files only if the cached has not been accessed in more than 2 days.

ExpiresDefault "access plus 2 days"
Download files only if the cached file has not been access in more than 1 month. This covers jpg, jpeg, gif, png, css, javascript, flash, ico and x-icon file types.

ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"

Download files only if the cached copy hasn’t been accessed in 10 minutes.

ExpiresByType text/html "access plus 600 seconds"

You can find a more robust explanation of these directives and all that expires_module offers in the Apache mod_expires Online Docs.

Implementation

Now that we have an understanding of how these directives can be configured, we need to decide on our method of implementation. There are generally two method of implementation for these directives. We classify these as either Portable or Include Methods.

Portable Method

The Portable Method uses .htaccess files to manage which directories are affected by the mod_expires configuration we are settings. These are handled like any other .htaccess file changes.

  1. SSH/FTP to the server
  2. Locate the directory which needs browser caching enabled.
  3. Modify the .htaccess file in that directory or create one if there is not one already.
  4. Add the needed directives from the Configuration Directives section above.
  5. Save the changes to the file.
  6. Done.

There is a small bottleneck caveat associated with .htaccess files. This caveat is not specific to mod_expires and is an overall Apache caveat with .htaccess files in general. In order for .htaccess files to work, Apache must scan every directory leading up to a targeted file looking for and applying any .htaccess files it finds along the way. This can create an I/O bottleneck on some server configurations. We recommend using the Include Method on all Cloud VPS Servers to avoid this type of problem.

Include Method

In contrast to the Portable Method, the Include Method takes advantage of the Apache include system. Apache only reads include files at startup so this prevents the I/O Bottleneck discussed above in the Portable Method section.

There are generally two ways to use the Include Method: Globally or Per Website. Either method requires locating and modifying the correct include files on the server. The correct files to modify is dependent on both distribution and server management software. We will discuss the correct locations for both methods on the various Liquid Web CentOS servers we support and listed in the Pre-Flight Check section above.

Global Includes

Applying the mod_expires directives globally is straight forward. It will have the effect of enabling the desired directives over the entire server, affecting every site running through Apache.

Core-managed CentOS 6 & 7 Servers

1.  Create a file named expires.conf in /etc/httpd/conf.d/ by typing in the following command:

vim /etc/httpd/conf.d/expire.conf

2. Add the necessary directives to the file and save the changes.
File should look like the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  To finish, reload Apache for the server to see the changes:

Service httpd reload

Fully-managed CentOS 6 & 7 cPanel Servers

1. Create file name pre_virtualhost_global.conf  in /usr/local/apache/conf/includes/ if it does not already exist.

vim /usr/local/apache/conf/includes/pre_virtualhost_global.conf

2.  Add the necessary directives to the bottom of the  file and save the changes.
Your file may contain additional directives in this file, but the bottom should look like this:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  Restart Apache Service:

/scripts/restartsrv_apache

If Running EasyApache 4: Restart Apache PHP-FPM Service

/scripts/restartsrv_apache_php_fpm

Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers

1. Create file name expires.conf in /etc/httpd/conf.d/

vim /etc/httpd/conf.d/expire.conf

2.Add the necessary directives to the file and save the changes.
The file should look like the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  Restart Apache Service:

Service httpd restart

Per Website Includes

We can also use Apache includes on a per virtual host level to enable browser caching on an individual website basis. We’ll go over how to configure these on our CentOS systems below.

Note:
Each website has two virtual hosts, one for HTTP (port 80) connections and another for HTTPS (port 443) connections. Each virtual host is independent of one another. Adding a change to the HTTP virtual host will not automatically apply to the HTTPS virtual host and vice versa.
Core-managed CentOS 6 & 7 Servers

The exact method of site management on Core-managed servers is left up to the server owner. This can vary dramatically depending on the person. We will use the default SSL site configuration file as an example on how to configure the Per Website includes for browser caching. Once you locate the necessary site’s configuration file, follow these steps:

1. Locate and Open the configuration file for the site being modified. 

vim /etc/httpd/conf.d/ssl.conf

2.  Locate the Virtual Host line for the site within its config file.  A Virtual Host Stanza looks like the following example:

<VirtualHost _default_:443>

</VirtualHost

3. Apply the needed mod_expires directives between the virtual host lines.
The results should look similar to the following example:

<VirtualHost _default_:443>

   <IfModule mod_expires.c>
   # Turn on the module.
   ExpiresActive on
   # Set the default expiry times.
   ExpiresDefault "access plus 2 days"
   ExpiresByType image/jpg "access plus 1 month"
   ExpiresByType image/gif "access plus 1 month"
   ExpiresByType image/jpeg "access plus 1 month"
   ExpiresByType image/png "access plus 1 month"
   ExpiresByType text/javascript "access plus 1 month"
   ExpiresByType application/javascript "access plus 1 month"
   ExpiresByType application/x-shockwave-flash "access plus 1 month"
   ExpiresByType text/css "now plus 1 month"
   ExpiresByType image/ico "access plus 1 month"
   ExpiresByType image/x-icon "access plus 1 month"
   ExpiresByType text/html "access plus 600 seconds"
   </IfModule>

</VirtualHost>

4. Restart Apache Service

Service httpd restart

Fully-managed CentOS 6 & 7 cPanel Servers

cPanel provides a rich template system that can be used to modify Apache behavior as needed. There is a specific directory structure needed to ensure our modifications persist through updates, upgrades and restarts. This system works the same way on both EasyApache 3 as well as EasyApache 4 systems.

 

Each site can handle its own set of custom include files. These need to be located in the following locations:


HTTP Virtual Hosts:
/etc/apache2/conf.d/userdata/std/2_4/<USER>/<DOMAIN>/<INCLUDENAME>.conf


HTTPS Virtual Hosts:
/etc/apache2/conf.d/userdata/ssl/2_4/<USER>/<DOMAIN>/<INCLUDENAME>.conf

There are three variables in the path above that need to be reconciled:

  • <USER> replaced by the necessary accounts username.
  • <DOMAIN> replaced by the fully qualified domain.tld name of the site. (minus the www. prefix)
  • <INCLUDENAME> replace by the name of the include file. This should reflect the include’s purpose. E.G. expires.conf

1. These directories do not exists by default and will need to be created. Once you know the details this can be done easily with the mkdir -p command like so:

HTTP Virtual Host:

mkdir -p /etc/apache2/conf.d/userdata/std/2_4/myuser/example.com/

HTTPS Virtual Host:

mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/myuser/example.com/

2. After the directories are created, we can now create our include files, calling it expires.conf.
HTTP Virtual Host:

vim /etc/apache2/conf.d/userdata/std/2_4/myuser/example.com/expires.conf

HTTPS Virtual Host:
vim /etc/apache2/conf.d/userdata/ssl/2_4/myuser/example.com/expires.conf

3. Add the necessary mod_expires directives to both expires.conf files. They should look similar to this when complete:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

4. Now we will need to have cPanel rebuild the Apache configuration to apply the new includes.

/usr/local/cpanel/scripts/rebuildhttpdconf

5. Restart Apache to update the running configuration:
/usr/local/cpanel/scripts/restartsrv_apache

6. If running EasyApache 4, Restart Apache PHP-FPM service as well:
/usr/local/cpanel/scripts/restartsrv_apache_php_fpm

There are additional methods for handling virtual hosts in cPanel. Applying includes to all hosts or all HTTPS hosts or even all hosts by one user. For a much more in-depth explanation of the cPanel Virtual Host Include system, visit the Official cPanel Online Docs.

Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers

Plesk provides a robust include and template system for modification of virtual host entries on an individual virtual host basis. These are done in the following files:

Note:
We will need to replace example.com with your domain name (minus www. prefix).
/var/www/vhosts/system/example.com/conf/vhost_ssl.conf

The directory structure here should already exist. However, these vhost.conf and vhost_ssl.conf files do not exist by default and will need to created.

1. Create the needed include files:
HTTP Virtual Host:

touch /var/www/vhosts/system/example.com/conf/vhost.conf

HTTPS Virtual Host:
touch /var/www/vhosts/system/example.com/conf/vhost_ssl.conf

2. Modify both vhost.conf and vhost_ssl.conf applying the necessary mod_expires directives. When finish each file should look similar to the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3. Have Plesk rebuild the configuration for the site in question
/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain example.com

4. Restart Apache Service:
service httpd restart

The Plesk templates and includes systems is very robust and permits integration of many other common Apache directives. Visit the Plesk Onyx Online Documentation to learn more about leveraging its capabilities.

Editing MX Records

How to Edit MX Records in DNS

Perhaps you are moving from using your web server for e-mail to a new service that offers advanced features such as Liquid Web’s Premium Business Email Hosting, or maybe you want your e-mail address to better reflect the business you conduct with your inbox. Either way, when changing mail servers, you will find yourself editing MX records. Each time you send a message, these records help an e-mail server figure out how to get your message where it needs to go. Once the message is ready to leave the server you send it from, it looks up the record for the domain where your receiver checks their mail. By the end of this article, you will be able to edit your domain’s MX records in cPanel or Plesk.

Preparation

This step is necessary whenever editing DNS entries such as the MX record. Before starting, you’ll want to make sure that the server you are editing the MX records with is the “name server.” The name server is the server responsible for letting browsers (and e-mail servers) know where your domain “lives” on the internet by providing the list of DNS records associated with the domain. DNS records provide information about domains to computers that need to interact with them to provide you with services. The key thing to note here is that you can only effectively edit the MX record at the name server for your domain. To look up your name server, you can use easyWhois. Once you get to the site, simply enter your domain and hit enter. Once the list of details loads, look for the “Name Server” lines. Usually, there is a ‘ns’ part with a number after it. That part after that tells you the server, and this is where you will login to cPanel or Plesk. For a refresher on how to login to your cPanel or Plesk server, you can look here: Logging Into cPanel or Logging Into Plesk.

Editing Plesk MX Records

Part 1: Removing The Old Records

  1. Once logged into Plesk, click the “Websites & Domains” tab on the left hand side.
  2. Find the section for the domain that you want to change an MX record for.
  3. If you see a bar with an arrow that points downward and reads “Show More” click that button, then click “DNS Settings,” otherwise just click “DNS Settings” in the section for your domain.
  4. Look at the “Record Type” column in the list, and find any entries that read “MX” (with a number after it). Click the checkbox on the left hand side for each of these entries.
  5. Towards the top of the page select the “Remove” button.
  6. At the “Remove the selected DNS records?” dialogue box that appears, select “Yes.”

Part 2: Adding Your New MX Records

  1. Towards the top of the page click the “Add Record” button.
  2. Next to “Record Type” click the dropdown box, and select “MX”.
  3. Ensure that the “Mail domain” section shows everything that comes after the “@” symbol for your e-mail address here. Most of the time this blank should be left empty. However, if your e-mail address is less common such as francis@research.example.com (instead of francis@example.com), you’ll want to make sure ‘research’ appears in the blank at the left. The domain (example.com part in this example) is listed automatically.
  4. At the “Mail Exchange Server” blank, enter the entire mail server you are changing your MX record to point to (Example: mail.example.com).
  5. At the next section, “Specify the priority of the mail exchange server”, click the dropdown box and select “5.” Most of the time that should be perfectly adequate, however if your new MX record has a number in the middle that does not match, you may change it from “5” to match the new record you wish to use.
  6. Click the “OK” button to proceed.
  7. You will now see a box at the top of the page that reads “The changes you made to DNS records are not saved yet. The changes are marked in the list of records. Click Update to apply the changes to the DNS zone. Click Revert to cancel the changes.”
    Click “Update.”
  8. Click the button marked “Apply DNS Template.”

You have now set up your new MX record(s) for your domain in Plesk.

Editing cPanel MX Records

  1. Once logged into cPanel for the domain you wish to set the MX record for, find the “Domains” section and click “Zone Editor.”
  2. Click “Manage.”
  3. Look at the “Type” column and find the entries with “MX” under that section.
  4. Select “Edit” next to the first MX entry.
  5. Under the “Record” section, set the priority to match the number given in the MX entry you wish to add, then place the server name at the right side of your entry in the “Destination” blank.
  6. If you have a second (or third, etc.) MX record line to add, click the arrow next to the “Add Record” button, and select “Add MX Record.” then repeat step 5.

If you want to set up or change MX records for multiple domains, you can use WHM. For a guide, check out step 2 of our Knowledge Base article “cPanel – How to Change a Domain’s MX Record”.

Additional Notes:

  • If you can spare 24-48 hours, it’s a great idea to reduce the TTL (Time To Live) for each MX record already in place BEFORE adjusting the other values for the MX record. These are given in seconds, and you’ll want to make sure they’re reasonably low (around 300 is a good value) to ensure that when you are ready to make your MX record changes they will spread throughout the internet without a long delay. After changing these TTL values, allow 24-48 hours before completing your final MX record changes.
  • Most of the time you will have the new mail server’s “hostname” (the server address in text form), however if you have only an IP address see this article for a procedure that will show you what to do before following the previous steps in this guide.
  • For a more detailed look at DNS records in general you can check out What is DNS.

Useful Links:

For instructions on how to look up an MX record and what it looks like, see Understanding MX Records.

This guide is not intended to be comprehensive, and if you need more detail about what we’ve gone over, this article is a great resource.

 

Free Website Migration Service

How To Request Free Website Migrations from Liquid Web

The Migration team at Liquid Web is dedicated to providing you with an efficient and as uneventful a migration as possible. Whether you are migrating from a current Liquid Web server (internal migration) or from another host (external migration) into Liquid Web, it is important that we work together to ensure an effective transfer of information.

If you would like to skip the overview and go straight to the request form, you can do that clicking on this link for Requesting A Migration. At the bottom of this article we guide you through making a migration request. To request a Windows server migration, please open a Support Ticket with the Windows Team indicating that you are requesting a migration.

Otherwise, check out some helpful terms to know before your migration begins. Still have questions about what to expect? We have a handy guide called What to Expect During a Site Migration.

Before Your Migration Begins

Before you start your migration, there are a few terms that we use that you will need to be familiar with:

  • Initial Sync – This is the first of three stages of a migration. In this stage, access levels are determined and tested, version matching occurs, and the initial seed of data for your websites being migrated is brought to the new server.
  • Hosts File – The hosts file is a computer file used by an operating system to map hostnames to IP addresses. This file is a plain text file and stored on your computer or workstation, it is the first stop when your browser looks up a domain name via DNS. You can edit the hosts file to re-route requests for a particular domain name to a different IP Address. This is the preferred method of testing your site on your new server. This allows you to view the site as if it were live on the new server at Liquid Web and verify that all pages are working as intended prior to going live with a DNS update.
  • Final Sync – The final sync is the last transfer of data in the migration process. This is completed after you confirm that all testing has come back without any major issues to fix before the site goes live. The final sync typically updates files, email, and databases that have been changed since the initial migration of data. This is done with the source server no longer serving requests and is most effective when a DNS update is performed in tandem.
  • DNS Update – A DNS update is part of the final sync of your migration which makes the target server (the new server at Liquid Web) live. The DNS update can be performed in conjunction with a final sync, or on its own if a final sync is not possible.
Note:
Your site is not live on the new server until the DNS update has occurred. It is normal to see some errors during testing and most will resolve once the DNS has been updated.
  • Authoritative Nameservers – a specific nameserver which holds the authoritative DNS records for a specific domain. Authoritative nameservers are defined for a specific domain at that domain’s registrar. A change to DNS at the authoritative nameserver will make its way around the internet through propagation. This is why it can sometimes take a little while for your DNS changes to take effect.
  • Nameserver – A nameserver is computer hardware or software that implements a network service for providing responses to DNS queries. Nameservers serve several types of information for a certain domain name, including A Records, MX Records, and CNAME records.
  • Nameserver Glue – Nameserver glue is a record which associates a named nameserver with an IP address on the internet, much like a A Record associates a domain name with an IP address. This record is stored at the domain registrar. During migrations, if nameserver authority is moving from one machine to another, the glue records at the registrar will need to be changed after the final sync and DNS update.

Requesting a Migration

Migrations begin by filling out our form through your Liquid Web account.
1. Once you log into your account, click on the Migration Center link at the top of the page.

2. You will be directed to the Migration Center home page. Click on Create a Migration Request to begin filling out the form.

Note:
If you want more information about migrations to Liquid Web, we have linked our Help Center Migration articles in the Migrations tab. Here you can read our articles What to Expect During a Site Migration and Testing Best Practices for Migrations.

3. Once the Request Migration form opens, you will be given the option to name your migration and add your source account. Click on the Add a Source Account button to add information about the hosting account you are migrating from.

4. Click on the Add a Source button to add server access information for the source account. This is where you would add SSH or panel login details for the server or cPanel account you are migrating.

5. You can add more than one source by clicking the link Add a Source Account at the bottom of the section.

6. Next, you will select your destination. You can choose the server from the drop-down menu.  If you do not currently have a server at Liquid Web, click on the Create a New Server link to be directed to a page for you to purchase and create a server.

7. Provide us with information on what software you’d like to have updated with the migration, or if you don’t need or want updates, you can leave this as it is.

8. We will need information from you on the domains on the incoming server and DNS settings. You can choose what domains you want tested and how you want the DNS handled.

9. The final step before submitting your request is to review the information you’ve provided. When you are ready, click the Submit button and a ticket will be sent to our Heroic Migration team.

We will contact you to schedule the migration and stay in contact with you through the entire process. Once the migration is complete, the last step is to test your site.

Please see our article Editing Your DNS Hosts File for information on how to securely test your site. If at any time you have questions or concerns, please feel free to contact our Heroic Support team by chat, phone or support ticket.