How to Install Cassandra on Ubuntu 16.04 LTS

Posted on by Michelle Almendarez
Category: Tutorials | Tags: , , , , ,

Apache Cassandra is a free open-source database system that is NoSQL based. Meaning Cassandra does not use the table model seen in MySQL, MSSQL or PostgreSQL, but instead uses a cluster model. It’s designed to handle large amounts of data and is highly scalable. We will be installing Cassandra and its pre-requisites, Oracle Java, and if necessary the Cassandra drivers.

Pre-Flight Check

  • We are logged in as root on an Ubuntu 16.04 VPS powered by Liquid Web!
  • Apache Cassandra and this article expect that you are using Oracle Java Standard Edition 8, as opposed to OpenJDk . Verify your Java version by typing the command below into your terminal:

java --version

  • At the time of this article, Python 2.7.11 and later versions will need to install updated Cassandra drivers to fix a known bug with the cqlsh command. You can check your Python version similar to checking your Java version:

python --version

  • If you have Python 2.7.11+ or later, download the required driver by running the pip command. You will need pip installed. Within this tutorial, we will show you how to install pip. However, pip is usually pre-installed with Python by default.

Step 1: Install Oracle Java (JRE)

Cassandra requires your using Oracle Java SE (JRE) installed on your server. First, you will have to add Personal Package Archives to make the (JRE) package available.

sudo add-apt-repository ppa:webupd8team/java

After entering this command, it may prompt you to hit enter to continue.
Once it completes update the package database using the following:

sudo apt-get update

You can now install Oracle JRE with the following:
sudo apt-get install oracle-java8-set-default

A pink screen prompts you to agree to the terms and conditions of JRE. Hit enter to continue from this screen and accept the terms and conditions in the next screen.

Java Installer Screen

 

Once successfully installed verify the default version of Java by typing:

java -version

You’ll receive the following or something very similar :

Java Version Output

 

Step 2: Installing Apache Cassandra

First, we have to install the Cassandra repository to /etc/apt/sources.list.d/cassandra.sources.list directory by running following command (When we made this article Cassandra 3.6 was the current version. You may need to edit this line to reflect the latest release by updating the 36x value. For example, use 37x if Cassandra 3.7 is the newest version.):
echo "deb http://www.apache.org/dist/cassandra/debian 36x main" | sudo tee -a /etc/apt/sources.list.d/cassandra.sources.list

Next, run the cURL command to add the repository keys :

curl https://www.apache.org/dist/cassandra/KEYS | sudo apt-key add -

We can now update the repositories:

sudo apt-get update

 

Note
If you get the following error: GPG error: http://www.apache.org 36x InRelease: The following signatures couldn’t be verified because the public key is not available: NO_PUBKEY A278B781FE4B2BDA
Add the public key by running the following command:
sudo apt-key adv --keyserver pool.sks-keyservers.net --recv-key A278B781FE4B2BDARepeat the update to the repositories:
sudo apt-get update

Finally, finish installing by entering the following:
sudo apt-get install cassandra

Verify the installation of Cassandra by running:
nodetool status

The desired output will show UN meaning everything is up and running normally.

Verifying Cassandra is Installed

 

Step 3: Connect with cqlsh

If you have an older version of Python before 2.7.11, you’ll skip this step and start using Cassandra with the cqlsh command. Good for you! You have successfully installed Cassandra!
cqlsh

You should see something similar to this:
Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.6 | CQL spec 3.4.2 | Native protocol v4] Use HELP for help.

Note
For future reference, Cassandra’s configuration file, data directory and logs can be found in:

  • /etc/cassandra is the default file configuration location.
  • /var/log cassandra and /var/lib cassandra are the default log and data directories location.

However, if you get the following error,

Connection error: (‘Unable to connect to any servers’, {‘127.0.0.1’: TypeError(‘ref() does not take keyword arguments’,)}),

you’ll update the Cassandra drivers. These drivers have a known bug with Cassandra and later versions of Python. Check your Python version by typing:
python --version

Luckily, I am going to show you how you can fix this error in 3 easy steps by downloading the drivers.

 

Step 3a: First we will need pip installed. If you don’t have it already, you can get it with the following command.

sudo apt-get install python-pip

 

Step 3b: Once pip is installed, run the following to install the new Cassandra driver. Please note this command may take a while to execute. Grab a snack and wait for it to complete. It can take 5-10 minutes to install fully.

pip install cassandra-driver

 

Step 3c: Finally disable the embedded driver by entering :

export CQLSH_NO_BUNDLED=true

You should now be able to run the cqlsh command.

cqlsh

You should see this if successful :

Connected to Test Cluster at 127.0.0.1:9042.
[cqlsh 5.0.1 | Cassandra 3.6 | CQL spec 3.4.2 | Native protocol v4] Use HELP for help.

To exit cqlsh type exit:
cqlsh> exit

Congrats! You have successfully installed Cassandra!

Note

Cassandra should start automatically, but you’ll want to stop Cassandra to make any additional configuration changes. Start and stop it with the following:

sudo service cassandra start
sudo service cassandra stop

Whitelisting in ModSecurity

Posted on by Cameron Paxton
Category: Tutorials | Tags: , , , , , , , , , ,

Broken down into two parts our article’s first section hits on “how to whitelist IPs or URIs,” for people who are somewhat familiar with ModSecurity but want to know further about the process. Our second section examines why we configure ModSecurity and how to prevent the security of the server from getting in the way of our work. If you have a Fully Managed Liquid Web server reach out to our Heroic Support team for assistance with whitelisting!

How to Whitelist IPs or URIs

“ModSecurity is a toolkit for real-time web application monitoring, logging, and access control.” (modsecurity.org).  In simple terms, this means that ModSec, also called mod_security or ModSecurity, is a web application firewall that can actively look for attacks to the system and stop malicious activity. However, sometimes these rules trigger when legitimate work is taking place, blocking your IP and stopping you or your developer’s until you can remove the IP block. The way around for being blocked is known as whitelisting, which essentially allows for a specific IP to access the server.   There are a few ways to whitelist a request in ModSec, either by IP or by URI (URIs are specific pages on the website). 

Getting Started

  1. Find your IP or ask your developer for theirs. (You can find this by going to ip.liquidweb.com)If you or your developer have a static IP (one that will not change), one way you can whitelist the ModSec rules is by IP.
  2. Find the ModSec error in the Apache error logs with the following command (Be sure to modify the command with your IP in place of “IP here.”):
    grep ModSec /usr/local/apache/logs/error_log | grep “IP here”.
  3. The output of this command will give you a list of hits for ModSecurity from you or your developer’s IP, which you can see below. While this looks intimidating, you will only want to pay attention to 3 bits of information highlighted.  Please note, the output will not show these colors when you are viewing the files.
Note
Blue = client, the IP which tripped the rule
Red = ID number of tripped rule within ModSec
Green = URI, the location where the error started from

[Fri May 25 23:07:04.178701 2018] [:error] [pid 78007:tid 139708457686784] [client 61.14.210.4:30095] [client 61.14.210.4] ModSecurity: Access denied with code 406 (phase 2). Pattern match "Mozilla/(4|5)\\\\.0$" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec2.liquidweb.conf"] [line "109"] [id "20000221"] [hostname "67.227.209.163"] [uri "/db/index.php"] [unique_id "WwjPWChxvG1CO4kz-D55eQAAACU"]

 

Whitelist By IP:

1. Once you have the correct ModSec error, you will need to edit the ModSec configuration. If you are using Easy Apache 4 you will find the configuration file with this path:
/etc/apache2/conf.d/modsec2/whitelist.conf

2. Open the file with your favorite text editor, such as vim, nano, or file manager like so:

vim /etc/apache2/conf.d/whitelist.conf

3.  The blue text above will be the IP address that you are whitelisting from the original error. You must keep the backslashes (\) and up-carrot (^) in order for the IP to be read correctly. Thus it will always look something like:

“^192\.168\.896\.321”

For for the id, noted in red, you will change the number after the colon, which will be the Apache error log like we saw above. This will look similar to:

Id:2000221

Add the following code with the colored sections edited to match your intended IP.

SecRule REMOTE_ADDR "^64\.14\.210\.4"
"phase:1,nolog,allow,ctl:ruleEngine=off,id:20000221"

 

Whitelist By URI:

If your IP is dynamic (changing) and you keep getting blocked in the firewall, it is best to whitelist it via URI, the yellow item in the ModSec error.

1. Begin by opening the Easy Apache 4 configuration file:

vim /etc/apache2/conf.d/whitelist.conf

2. Add the following text to the configuration. Remember to pay attention to the highlighted parts.  Change the yellow “/db/index.php” to match your URI and the red id to match the id of your error (Do not use the colon in this one).

<LocationMatch "/db/index.php">
SecRuleRemoveById 20000221
</LocationMatch>

3. The final step for whitelisting, before you finalize the process, is to ensure you have correctly set up the whitelist. For Easy Apache 4 you will run the command:
apachectl -t

As long as the command returns “Syntax Ok” you are safe to make the whitelist active by restarting Apache. Otherwise, review the whitelists to make sure the syntax matches up correctly with the above directions.

4. Lastly, restart Apache with the following command.

/scripts/restartsrv_httpd

You have successfully whitelisted yourself in ModSec!

 

Using ModSec

Cyber Security is a hydra; once one threat is cut off, two more grow back. While this is not a new analogy, it’s important to understand as we battle threats to our network, computers, and servers. With all the complexities that come with security, I want to talk about adequately configuring ModSec to deter threats while still allowing you to work on your websites. Often, when it comes to server security, too much protection can hinder effectiveness.

For example, say you have the following set up on your server:

  • You do not allow root SSH login to the server
  • utilize dual-factor authentication for any SSH logins
  • use an SSH key for the sudo user and require other security safeguards

While this type of configuration is secure, it takes longer to log into your system to make a quick edit to your settings, a double-edged sword; how can you keep the server safe while not tying your own hands?  A great example of how this plays out is using ModSec.

ModSec can block your IP if it falsely flags your work. While this module improves system security, you’ll need to be aware of properly implementing and “scoping” the technology. Scoping in this sense means to manage risks, the focus of what is important for security while still allowing work on the server with minimal interference. To tune out legitimate requests to your server, such as when you are editing your website’s code via a plugin, ModSec has the options to whitelist rules or IPs and keep your work on track.

Whitelisting an IP from the rules that ModSec follows is a great option so long as the IP never changes (i.e. a static IP, see article here to learn more https://support.google.com/fiber/answer/3547208?hl=en) and is limited to only people you trust. This method prevents ModSec from viewing your requests as malicious and blocking your IP. This practice has the drawback that if someone (say an unhappy employee) has access to your network, they now have a way around ModSec to attack your server.

With non-static (dynamic) IPs the problems of whitelisting an IP are readily apparent. With the continual change of a dynamic IP, it creates the potential of exploiting your server, as someone could use an old IP to access the server. Whitelisting specific rules comes to save the day! When you whitelist by rules, you can edit with granularity and limit the rules to particular domains and URIs, protecting the rest of the server from attacks related to that same rule!

Example of ModSecurity

ModSec reads a series of rules and applies them to incoming requests being made to the web server. An example of what a block looks like is:

[Sat Jun 30 02:21:56.013837 2018] [:error] [pid 79577:tid 139862413879040] [client 120.27.217.223:24397] [client 120.27.217.223] ModSecurity: Access denied with code 406 (phase 2). Pattern match "Mozilla/(4|5)\\\\.0$" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec2.liquidweb.conf"] [line "109"] [id "2000064"] [hostname "67.227.192.139"] [uri "/mysql/index.php"] [unique_id "WzchhAjuZ6wPAzo9AwW1WwAAAE8"]

This error shows Apache stopped a potential attack on a file at /mysql/index.php. This is an error similar to what appears when the code is being written or edited within programs like Drupal or WordPress.

Evaluating ModSecurity

If you are persistently being blocked in your firewall while working on your code, ModSec is the likely culprit. The ModSec errors can be found in the Apache error log (in cPanel the path is /usr/local/apache/logs/error_log). The phrase “ModSec” can be quickly isolated from the log (via the command ‘grep “ModSec” /usr/local/apache/logs/error_log’). By comparing you or your developer(s) IP to the log, you’ll be able to identify stopped requests that are legitimate. Verify these are valid requests by double-checking that someone in your organization made them. Once you have done so, you can move forward in setting up a whitelist for the error, per the steps above.

Again, we want to scope to allow the least amount of wiggle room for an attack and ensure we can keep working. If you are unable to have a trusted static IP, you’ll need to use the whitelist URI  method, providing the specific page as an exemption. Once completed, remove both whitelisted items from the configuration file, in case of a genuine attack.

On a parting note, I encourage you to explore ModSec and learn more of the ins and outs of the software. Exploring different methods of whitelisting can be a lot of for to learn and most importantly helps to tighten server security. As always, our Fully Supported Customers can contact our Helpful Human Support team for assistance. Check out articles on security in our Knowledge Base, like this one on Maldet! It’s another excellent way to learn about your server and develop an understanding of server security.

How to Add a User and Grant Root Privileges on Ubuntu 16.04

Posted on by Echo Diaz | Updated:
Category: Tutorials | Tags: , , , , , , , ,

Ubuntu 16.04 LTS provides you the ability to add a user for anyone who plans on accessing your server.  Creating a user is a basic setup but an important and critical one for your server security. In this tutorial, we will create a user and grant administrative access, known as root, to your trusted user.

 

Pre-Flight Check

  1. Open a terminal and log in as root.  
  2. Work on a Linux Ubuntu 16.04 server

Step 1:  Add The User

Create a username for your new user, in my example my new user is Tom:

adduser tom

You’ll then be prompted to enter a password for this user.   We recommend using a strong password because malicious bots are programmed to guess simple passwords. If you need a secure password, this third party password generator can assist with creating one.

Output:

~# adduser tom
Adding user `tom' ...
Adding new group `tom' (1002) ...
Adding new user `tom' (1002) with group `tom' ...
Creating home directory `/home/tom' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Note
Usernames should be lowercase and avoid special characters. If you receive the error below, alter the username. ~# adduser Tom
adduser: Please enter a username matching the regular expression configured via the NAME_REGEX[_SYSTEM] configuration variable.  Use the `--force-badname' option to relax this check or reconfigure NAME_REGEX.

 

Prompts will appear to enter in information on your new user.  Entering this information is not required and can be skipped by pressing enter in each field.

Enter the new value or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:

 

Lastly, the system will ask you to review the information for accuracy.  Enter Y to continue to our next step.

Is the information correct? [Y/n]

 

Step 2: Grant Root Privileges

Assigning a user root access is to grant a user the highest power.  My user, Tom, can then make changes to the system as a whole, so it’s critical to allow this access only to users who need it. Afterward, Tom will be able to use sudo before commands that are usually designed to be used by the root user.

usermod -aG sudo tom

 

Step 3: Verify New User

As root, you can switch to your new user with the su – command and then test to see if your new user has root privileges.

su - tom

If the user has properly been granted root access the command below will show tom in the list.

grep '^sudo' /etc/group

Output:

sudo:x:27:tom

 

How To Install Oracle Java 8 in Ubuntu 16.04

Posted on by Echo Diaz
Category: Tutorials | Tags: , , , , , ,

Pre-Flight Check

  1. Open the terminal and log in as root.  If you are logged in as another user, you will need to add sudo before each command.
  2. Working on a Linux Ubuntu 16.04 server
  3. No installations of previous Java versions

Step 1:  Update & Upgrade

It is advised to update your system by copy and pasting the command below.  Be sure to accept the update by typing Y when asked to continue:

apt-get update && apt-get upgrade

 

Step 2: Install the Repository

WebUpd8 Team Personal Package Archive (PPA), a third party repository,  allows us to download the package necessary for Java 8 installation.  Press Enter to continue the installation.

add-apt-repository ppa:webupd8team/java

Once again, update your package list.

apt-get update

 

Step 3: Install Java 8

Use the apt-get command to install Oracle’s Java 8 via their installer:

apt-get install oracle-java8-installer

 

Click Y to continue and press Enter to agree to the licensing agreement.

 

Select Yes and hit the Enter key.

 

Step 4: Verify Java 8 is Installed

java -version

Output:

java version "1.8.0_181"
Java(TM) SE Runtime Environment (build 1.8.0_181-b13)
Java HotSpot(TM) 64-Bit Server VM (build 25.181-b13, mixed mode)

 

It’s essential to know the path of our Java installation for our applications to function. Where is Java installed? Run this command to find its path:update-alternatives --config java

Output:

~# update-alternatives --config java
There is 1 choice for the alternative java (providing /usr/bin/java).
Selection Path Priority Status
------------------------------------------------------------
0 /usr/lib/jvm/java-8-oracle/jre/bin/java 1081 auto mode
* 1 /usr/lib/jvm/java-8-oracle/jre/bin/java 1081 manual mode

 

Copy the highlighted path from the second row: /usr/lib/jvm/java-8-oracle/jre/bin/java/.  After copying, open the file /etc/environment and add in the path of your Java installation to the end of your file.

vim /etc/environment

JAVA_HOME="/usr/lib/jvm/java-8-oracle/jre/bin/java"

 

Save the file by hitting ESC button and type :wq to execute the command below to recognize the changes to the file:

source /etc/environment

 

You should now see the path of installation when using the $Java_Home variable:

echo $JAVA_HOME

Output:

~# echo $JAVA_HOME
/usr/lib/jvm/java-8-oracle/jre/bin/java

 

VPS Server Space/Disk Quota

Posted on by David Singer | Updated:
Category: Tutorials | Tags: , , , ,

The term “server space” refers to the amount of disk space that is available on your server’s hard disk drive. This space varies according to server type, hosting plan and possibly by additional services that are set up and available on your Liquid Web account.

Some of the largest hard disk drives on the market now can hold up to 100TB of data. To better visualize this, 100 terabytes of data is approximately equivalent to:

  • 42,000,000,000 trillion single-spaced typewritten pages
  • 8,000,000 phone books
  • 160,000 regular compact discs
  • 20,000 DVDs
  • 200 average-sized hard disks (500GB)
  • 80 human brains (the capacity of a human being’s functional memory is estimated to be 1.25 terabytes by futurist Raymond Kurzweil in The Singularity Is Near)

Your disk space can hold many types of data including file types like HTML, TXT, CSS, PHP, PDF, JPG, MP3, MP4, compressed (tar.gz) backups, SQL databases and more. These files are in specific folders which are defined by the applications configuration files or locations you determine.

How do I locate the folders containing a particular set of data?

The location of a file depends primarily on the type of file. On a Linux server, your typical cPanel account is set up under the /home/username folder, and your cPanel account username specifies the username folder. This folder is sometimes called the top-level or root folder of your cPanel account. This root folder is not publicly accessible on the web but, contains folders which are accessible via a web browser. The root folder holds other cPanel specific system folders that use a variety of functions.

As you can see, when uploading files to your account, you’ll likely want them to be in public_html to be accessible on the web. Uploading an image.jpg file to the public_html folder makes it available at domain.com/image.jpg. Additionally, if you create a folder inside of the public_html directory and add the same image there, it would be accessible at yourdomain.com/foldername/image.jpg.

To see the location of a file, you have several options;

  1. Log into your cPanel and open the File Manager under the Files section
    cPanel >> Home >> Files >> File Manager’ here you can view all of the files and folders in your account’s root directory.cPanel File Manager
  2. When a cPanel account is initially set up, it also creates the main FTP user. You can use the servers FTP functionality to access folders from a remote location to view the file listings. Several software titles like Filezilla, Cyberduck, and WinSCP are available for this type of connection.
  3. Lastly, you can connect to the server via SSH and get access to folders/files on the server.

How do I see how much space I’m using?

Disk Usage Graph

Let’s start by reviewing a few command line examples; mainly the “du” and “df” commands.

Note
The ‘du’ command sums up the total space of files that exist on the filesystem, while the ‘df’ command shows blocks available in the file system.

The ‘df’ command (abbreviation for disk free) simply lists the space used per partition:

df Command Output

The ‘du’ command (abbreviation for disk usage) reports the sizes of directories including all of their contents and the sizes of individual files:

du Command Output

Note
There are times when the ‘du’ and ‘df’ commands show different usage amounts. Previously removed files can cause this discrepancy from a running process holding open that file. Open processes cause the ‘df’ command to report that space as still being used. The solution to this is to restart the service to close any open process.

You can also use cPanel to determine the amount of space used and where its located. If you log in to cPanel, you would need to go to cPanel >> Home >> Files >> Disk Usage to get graphical of your disk usage.

cPanel Disk Usage

Lastly, to view your server’s disk usage in your Manage account server resource graph

  1. Log into your Manage portal.
  2. Navigate to the Servers section and then click on the Plus sign (+) next to the server of focus.
  3. Click on the Dashboard button and click the link next to the Disk Usage text as seen below

graphical statistics

This view provides a graphical representation of your disk space and the used amount.

How do I prevent disk space overages?

Disk space overages can result in lost emails, backups or even websites or the server going down! Just like your car, your server requires regular server maintenance. Attention to server maintenance reduces lost data. One way to prevent disk space overages is to use cPanel’s built-in tools.

cPanel possess the ability to send “Disk Quota Warning”  emails that denote when your server is using too much space. They contain specific locations to check, and the space used. The settings for these emails notifications are in WHM (Web Hosting Manager) under the Home »Server Configuration »Tweak Settings .

Email Notifications AreaOther areas of server maintenance to check on regularly include:

  • Pruning backups
  • Logs are rotating correctly (including Domlogs, Apache2, MySql, and Chkservd)
  • Regularly archiving email
  • Using the /home directory for large user accounts

What are the dangers of being too close to Disk Quota?

When a server gets close to or is at its max disk space capacity, strange errors and problems can manifest themselves in many ways including:

  • Services (like MySQL or Apache) can error out or stop
  • Websites can become very sluggish
  • The servers overall responsiveness can become slower
  • The server may exhibit a high load
  • You may see degraded disk performance
  • The server may display an increase in I/O wait
  • The server may demonstrate an increase in CPU usage
  • The file system can go into “read-only” mode
  • The server can run out of inodes
  • Files can become corrupted
  • Decreased swap space may occur causing issues

So what do I do if I’m running out of space?

As Benjamin Franklin stated, “By failing to prepare, you are preparing to fail.” In light of this knowledge, taking steps in advance to prevent these issues is always the best course of action. Directly monitoring your server disk space on a weekly or monthly basis prevents most space issues from turning into actual problems.

If you have already reached the point where immediate action needs to be taken to bring a server back in line with normal space expectations, you have several options. Using the “du” and “df” commands are your primary weapons in tracking down used server space.

The primary steps needed are:

    1. Log into your server
    2. Run a df -h command to locate which partitions are using the most spacedf Command Output
    3. Change directories into the affected folders using the most space.
    4. Run the following command:

du-sk Command Output(This is an advanced du command that sorts the contents of a directory by size. Use this to drill down into a folder to see used space.)

  1. Move files (to a backup drive or folder) or, remove the files that are no longer needed using the ‘rm’ command.
  2. Repeat steps 2 through 6 as needed until reaching desired space level.

Final Thoughts

Over time, any operating system can become overcrowded with addition and removal of programs or accounts. Actively monitoring your servers disk space is the most effective method to prevent server space issues. If you do run into issues, using the du, df command line tools or, using the graphical interface in your account allows you to view files as needed. As always, if you have further thoughts or questions about this topic, please contact our Linux Support department for more information.

 

How To Install Apache Tomcat 8 on Ubuntu 16.04

Posted on by Michelle Almendarez
Category: Tutorials | Tags: , , , , , , ,

Apache Tomcat is used to deploy and serve JavaServer Pages and Java servlets. It is an open source technology based off Apache.

Pre-Flight Check

  • This document assumes you are installing Apache Tomcat on Ubuntu 16.04.
  • Be sure you are logged in as root user.

Installing Apache Tomcat 8

Step 1: Create the Tomcat Folder

Logged in as root, within the opt folder make a directory called tomcat and cd into that folder after completion.

mkdir /opt/tomcat

cd /opt/tomcat

 

Step 2: Install Tomcat Through Wget

Click this link to the Apache Tomcat 8 Download site. Place you cursor under 8.5.32  Binary Distributions, right click on the tar file and select copy link address (as shown in the picture below). At the time of this article Tomcat 8 is the newest version but feel free to pick whatever version is more up-to-date.

Tomcat 8's Download Page

Next from your server, use wget command to download the tar to  the tomcat folder from the URL you copied in the previous step:

wget http://apache.spinellicreations.com/tomcat/tomcat-8/v8.5.32/bin/apache-tomcat-8.5.32.tar.gz

Note
You can down the file to your local desktop, but you’ll then want to transfer the file to your Liquid Web server. If assistance is needed, check out this article: Using SFTP and SCP Instead of FTP

After the download completes, decompress the file in your tomcat folder:

tar xvzf apache-tomcat-8.5.32.tar.gz

 

Step 3: Install Java

Before you can use Tomcat you’ll have to install the Java Development Kit (JDK). Beforehand, check to see if Java is installed:

java -version

If that command returns the following message then Java has yet to be installed:
The program 'java' can be found in the following packages:

To install Java, simply run the following command (and at the prompt enter Y to continue):
apt-get install default-jdk

 

Step 4: Configure .bashrc file

Set the environment variables in .bashrc with the following command:

vim ~/.bashrc

Add this information to the end of the file:
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
export CATALINA_HOME=/opt/tomcat/apache-tomcat-8.5.32

Note
Verify your file paths! If you downloaded a different version or already installed Java, you may have to edit the file path or name. Older versions of Java may say java-7-openjdk-amd64 instead of java-1.8.0-openjdk-amd64 . Likewise, if you installed Tomcat in a different folder other then /opt/tomcat (as suggested) you’ll indicate the path in your bash file and edit the lines above.

Save your edits and exit from the .bashrc file, then run the following command to register the changes:

. ~/.bashrc

 

Step 5: Test Run

Tomcat and Java should now be installed and configured on your server. To activate Tomcat, run the following script:

$CATALINA_HOME/bin/startup.sh

You should get a result similar to:

Using CATALINA_BASE: /opt/tomcat
Using CATALINA_HOME: /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME: /usr/lib/jvm/java-7-openjdk-amd64/
Using CLASSPATH: /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar
Tomcat started

 

To verify that Tomcat is working visit the ip address of you server:8080 in a web browser. For example http://127.0.0.1:8080.

Apache Tomcat 8 Verification Page

 

How To Install Apache Tomcat 7 on Ubuntu 16.04

Posted on by Michelle Almendarez
Category: Tutorials | Tags: , , , , , , ,

Apache Tomcat is used to deploy and serve JavaServer Pages and Java servlets. It is an open source technology based off Apache.
Pre-Flight Check

  • This document assumes you are installing Apache Tomcat on Ubuntu 16.04.
  • Be sure you are logged in as root user.

Installing Tomcat 7

Step 1: Create the Tomcat Folder

Logged in as root, within the opt folder make a directory called tomcat and cd into that folder after completion.

mkdir /opt/tomcat
cd /opt/tomcat

 

Step 2: Install Tomcat Through Wget

Click this link to the Apache Tomcat 7 Download site. Place your cursor under 7.0.90 Binary Distributions, right click on the tar.gz file and select Copy Link Address (as shown in the picture below).  At the time of this article Tomcat 7 is the newest version but feel free to pick whatever version is more up-to-date.

Tomcat Version 7.0.90

Next, from your server, use wget command to download the tar to  the tomcat folder from the URL you copied in the previous step:

wget http://www.trieuvan.com/apache/tomcat/tomcat-7/v7.0.90/bin/apache-tomcat-7.0.90.tar.gz

Note
You can down the file to your local desktop, but you’ll then want to transfer the file to your Liquid Web server. If assistance is needed, check out this article: Using SFTP and SCP Instead of FTP

After the download completes, decompress the file in your Tomcat folder:

tar xvzf apache-tomcat-7.0.90.tar.gz

You will end up with a file called apache-tomcat-7.0.90.

 

Step 3: Install Java

Before you can use Tomcat, you’ll have to install the Java Development Kit (JDK). Beforehand, check to see if Java is installed:

java -version
If that command returns the following message then Java has yet to be installed:
The program 'java' can be found in the following packages:
To install Java, simply run the following command (and at the prompt enter Y to continue:
apt-get install default-jdk

 

Step 4: Configure .bashrc file

Set the environment variables in .bashrc with the following command:

vim ~/.bashrc
Add this information to the end of the file:
export JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64
export CATALINA_HOME=/opt/tomcat/apache-tomcat-7.0.90

Note
Verify your file paths! If you downloaded a different version or already installed Java, you may have to edit the file path or name. Older versions of Java may say java-7-openjdk-amd64 instead of java-1.8.0-openjdk-amd64 . Likewise, if you installed Tomcat in a different folder other then /opt/tomcat (as suggested) you’ll indicate the path in your bash file and edit the lines above.

Save your edits and exit from the .bashrc file, then run the following command to register the changes:

. ~/.bashrc

 

Step 5: Test Run

Tomcat and Java should now be installed and configured on your server. To activate Tomcat, run the following script:

$CATALINA_HOME/bin/startup.sh

You should get a result similar to:
Using CATALINA_BASE: /opt/tomcat
Using CATALINA_HOME: /opt/tomcat
Using CATALINA_TMPDIR: /opt/tomcat/temp
Using JRE_HOME: /usr/lib/jvm/java-7-openjdk-amd64/
Using CLASSPATH: /opt/tomcat/bin/bootstrap.jar:/opt/tomcat/bin/tomcat-juli.jar
Tomcat started.

 

To verify that Tomcat is working by visiting the IP address of your server:8080 in a web browser. For example http://127.0.0.1:8080.

Tomcat 7.0.90 Test Page

 

How to Install Pip on Ubuntu 16.04 LTS

Posted on by Echo Diaz | Updated:
Category: Tutorials | Tags: , , , , , ,

Arguably one of the easiest tools to use for installing and managing Python packages, Pip has earned is notoriety by the number of applications utilizing this tool. Fancied for its capabilities in handling binary packages over the easy_installed packaged manager, pip enables 3rd party package installations. Though Python does sometimes come with pip as a default, this tutorial will show how to install, check its version as well as some basic commands for using pip on Ubuntu 16.04.

 

Pre-Flight Check

  • These instructions are intended for an Ubuntu 16.04 LTS server, and we are logged in as root.
  • If you are using a different operating system, check out our other pip installation guides.

Step 1: 

Ensure that all packages are up-to-date. After running the command below, you’ll get an output of any packages getting their update.

apt-get update

Step 2:

Install pip with cURL and Python. Downloading using the cURL command ensures the latest version of pip.curl "https://bootstrap.pypa.io/get-pip.py" -o "get-pip.py"
python get-pip.py

Step 3: 

Verifying the installation of pip:

pip --version

Output:
pip --version
pip 18.0 from /usr/local/lib/python2.7/dist-packages/pip (python 2.7)

Installing Libraries

Pip can install 3rd party packages like Django, Tensorflow, Numpy, Pandas and many more with the following command.

pip install <library_name>

 

Searching for Libraries

You can also search for other libraries in Python’s repository via command line. For our example let’s look for Django packages. The search command shows us an extensive list similar to the one below.

pip search django
django-bagou (0.1.0) - Django Websocket for Django
django-maro (0.0.2) - `django-maro` is utility for django.
django-hooked (0.1.7) - WebHooks for Django and Django Rest Framework.
django-ide (0.0.5) - A Django app to develop Django apps
django-mailwhimp (0.1) - django-mailwhimp integrates mailchimp into Django
django-six (1.0.4) - Django-six —— Django Compatibility Library
django-umanage (1.1.1) - Django user management app for django
django-nadmin (0.1.0) - django nadmin support django version 1.8 based on django-xadmin
diy-django (1.3.1) - diy-django

 

Uninstalling a Library

If you don’t need the library and your scripts use them you can uninstall easily with this command:

pip uninstall

 

Installing Python Resources

Many times Python packages have a requirements.txt file, if you see this file, you can run this command to install all libraries in that package

pip install -r requirements.txt

 

Malware – How to Detect and Remove

Posted on by Helpful Humans of Liquid Web
Category: Tutorials | Tags: , ,

Maldet, a free popular malware scanning software for Linux servers, can be used to scan an entire server for potentially malicious files. Properly configured and monitored, it can even be used to disable or fully remove malware when it is detected. However, the removal of files should only be configured once you are certain no false positives will be picked up in the scans.

 

How to Install Maldet

To Install Maldet on your linux server copy and paste the following into the command lines. Maldet will then be pre-scheduled to run daily.

pushd /usr/local/src/
rm -vrf /usr/local/src/maldetect-*
rm -vrf /usr/local/src/linux-malware-detect*
wget http://www.rfxn.com/downloads/maldetect-current.tar.gz
tar -zxvf maldetect-current.tar.gz
cd maldetect-*
sh ./install.sh
maldet --update-ver
#sed patch - commands added to address current problem with maldet overriding values in the conf file
sed -i 's/quarantine_hits=\"1\"/quarantine_hits=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/quarantine_clean=\"1\"/quarantine_clean=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/email_alert=\"1\"/email_alert=\"0\"/' /usr/local/maldetect/conf.maldet
sed -i 's/email_addr=\"you@domain.com\"/email_addr=\"\"/' /usr/local/maldetect/conf.maldet
#end sed patch
maldet --update
if [ -e /usr/local/cpanel/3rdparty/bin/clamscan ] then
ln -s /usr/local/cpanel/3rdparty/bin/clamscan /usr/bin/clamscan
ln -s /usr/local/cpanel/3rdparty/bin/freshclam /usr/bin/freshclam
if [ ! -d /var/lib/clamav ] then mkdir /var/lib/clamav
fi
ln -s /usr/local/cpanel/3rdparty/share/clamav/main.cld /var/lib/clamav/main.cld
ln -s /usr/local/cpanel/3rdparty/share/clamav/daily.cld /var/lib/clamav/daily.cld
ln -s /usr/local/cpanel/3rdparty/share/clamav/bytecode.cld /var/lib/clamav/bytecode.cld
else
echo -e "\n\e[31mClamAV does not appear to be installed through cPanel.\nThe ClamAV definitions will not be used.\e[39m\n"
fi
Popd

Scanning for Malware

Once you have completed the installation you will want to configure the scanning process. The configuration for maldet is located /usr/local/maldetect/conf.maldet. You will want to open the file with your favorite text editor such as vim or nano:

vim /usr/local/maldetect/conf.maldet
Once you are editing the file you will want to add your email address between the “ “ on the line email_addr=,  like so email_addr=“myemail@mydomain.tld”

You can also set up the scan to quarantine the malicious files it finds by changing the line quarantine_hits= from “0” to “1”, it should look like quarantine_hits=“1”. I would advise against this option as it can pick up legitimate code mistakenly. If the scan does mistakenly place a legitimate file into quarantine, you will need to move it back into place by using the following command template, replacing SCANID with the proper scan ID reported by maldet:

Maldet --restore {SCANID}
Once you have run the scan with quarantines for some time and you are confident that no safe files are being picked up, you may want to turn on removal of quarantined files in the same configuration /usr/local/maldetect/conf.maldet at the line quarantine_clean= from “0” to “1” , it should look like quarantine_clean=”1”. I would personally avoid this configuration option as it can always pick up new edits mistakenly and destroy your hard work.

Looking for pre-configured protection for servers and websites? Check out our wide security offerings that are sure to fit any of your security concerns!

Configure Apache 2 to Control Browser Caching

Posted on by J. Potter | Updated:
Category: Technical Support, Tutorials | Tags: , , , , ,

Today we are configuring browser caching control on common Apache 2 servers. Caching is a great tool to reduce server resource consumption, bandwidth utilization and provide a faster end-user experience to visitors. To get familiar with caching concepts, simply review our ‘What is Caching?’ tutorial.

Pre-Flight Check

This article covers all Apache 2 servers running the mod_expires and mod_headers Apache modules. This includes, but is not limited to, both traditional Dedicated servers and Cloud VPS servers running a number of different Linux distributions:

  • Core-managed CentOS 7* Servers
  • Core-managed CentOS 6* Servers
  • Fully-managed CentOS 7 cPanel Servers
  • Fully-managed CentOS 6 cPanel Servers
  • Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers
Note:
Self-managed servers running a similar Linux distribution can take advantage of this article. However, instructions are not specifically provided for Self-managed configurations.

The article assumes familiarity with the following basic system administration concepts:

Verify Modules

Our servers generally include both the mod_expires and mod_headers modules needed for browser cache control. However, before we configure the directives, we must first ensure the modules are installed and Apache 2 is ready to accept the directives. Verification is simple. We will be using the apachectl -M command to list the installed Apache modules while piping the output through the grep module_name command to filter the results down to showing only modules with the provided module_name, likes so:

Verifying mod_headers (also known as Headers_module) by copying & pasting the following command.

apachectl -M | grep header

… will return:

headers_module (shared)

Verifying mod_expires (also known as expires module) by copying and pasting the following command.

apachectl -M | grep expires

… will return:

expires_module (shared)

These modules must be present in the output when running the command. If they do not show up in the output, it will simply be blank, which indicates the modules are not installed. If the modules are missing then we will need to install them before we can continue.

Configuration Directives

We can use the following example of a generic configuration that serves to reduce the strain on server resources by prolonging the cache duration of common static files. These types of files typically do not change between visits. So they do not need to be downloaded on every visit. Modern browsers are equipped to accept instructions from web servers that provide suggestions for how long content should be cached. This example works well for most sites. However, you may need to add/remove file types or adjust lifespan as needed for your particular content.

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

Explanation of Each Directive

These are opening tags and will only process directives between these if the module, mod_expires, is installed on the server.

<IfModule mod_expires.c> ... </IfModule>

Download all files only if the cached has not been accessed in more than 2 days.

ExpiresDefault "access plus 2 days"
Download files only if the cached file has not been access in more than 1 month. This covers jpg, jpeg, gif, png, css, javascript, flash, ico and x-icon file types.

ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"

Download files only if the cached copy hasn’t been accessed in 10 minutes.

ExpiresByType text/html "access plus 600 seconds"

You can find a more robust explanation of these directives and all that expires_module offers in the Apache mod_expires Online Docs.

Implementation

Now that we have an understanding of how these directives can be configured, we need to decide on our method of implementation. There are generally two method of implementation for these directives. We classify these as either Portable or Include Methods.

Portable Method

The Portable Method uses .htaccess files to manage which directories are affected by the mod_expires configuration we are settings. These are handled like any other .htaccess file changes.

  1. SSH/FTP to the server
  2. Locate the directory which needs browser caching enabled.
  3. Modify the .htaccess file in that directory or create one if there is not one already.
  4. Add the needed directives from the Configuration Directives section above.
  5. Save the changes to the file.
  6. Done.

There is a small bottleneck caveat associated with .htaccess files. This caveat is not specific to mod_expires and is an overall Apache caveat with .htaccess files in general. In order for .htaccess files to work, Apache must scan every directory leading up to a targeted file looking for and applying any .htaccess files it finds along the way. This can create an I/O bottleneck on some server configurations. We recommend using the Include Method on all Cloud VPS Servers to avoid this type of problem.

Include Method

In contrast to the Portable Method, the Include Method takes advantage of the Apache include system. Apache only reads include files at startup so this prevents the I/O Bottleneck discussed above in the Portable Method section.

There are generally two ways to use the Include Method: Globally or Per Website. Either method requires locating and modifying the correct include files on the server. The correct files to modify is dependent on both distribution and server management software. We will discuss the correct locations for both methods on the various Liquid Web CentOS servers we support and listed in the Pre-Flight Check section above.

Global Includes

Applying the mod_expires directives globally is straight forward. It will have the effect of enabling the desired directives over the entire server, affecting every site running through Apache.

Core-managed CentOS 6 & 7 Servers

1.  Create a file named expires.conf in /etc/httpd/conf.d/ by typing in the following command:

vim /etc/httpd/conf.d/expire.conf

2. Add the necessary directives to the file and save the changes.
File should look like the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  To finish, reload Apache for the server to see the changes:

Service httpd reload

Fully-managed CentOS 6 & 7 cPanel Servers

1. Create file name pre_virtualhost_global.conf  in /usr/local/apache/conf/includes/ if it does not already exist.

vim /usr/local/apache/conf/includes/pre_virtualhost_global.conf

2.  Add the necessary directives to the bottom of the  file and save the changes.
Your file may contain additional directives in this file, but the bottom should look like this:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  Restart Apache Service:

/scripts/restartsrv_apache

If Running EasyApache 4: Restart Apache PHP-FPM Service

/scripts/restartsrv_apache_php_fpm

Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers

1. Create file name expires.conf in /etc/httpd/conf.d/

vim /etc/httpd/conf.d/expire.conf

2.Add the necessary directives to the file and save the changes.
The file should look like the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3.  Restart Apache Service:

Service httpd restart

Per Website Includes

We can also use Apache includes on a per virtual host level to enable browser caching on an individual website basis. We’ll go over how to configure these on our CentOS systems below.

Note:
Each website has two virtual hosts, one for HTTP (port 80) connections and another for HTTPS (port 443) connections. Each virtual host is independent of one another. Adding a change to the HTTP virtual host will not automatically apply to the HTTPS virtual host and vice versa.
Core-managed CentOS 6 & 7 Servers

The exact method of site management on Core-managed servers is left up to the server owner. This can vary dramatically depending on the person. We will use the default SSL site configuration file as an example on how to configure the Per Website includes for browser caching. Once you locate the necessary site’s configuration file, follow these steps:

1. Locate and Open the configuration file for the site being modified. 

vim /etc/httpd/conf.d/ssl.conf

2.  Locate the Virtual Host line for the site within its config file.  A Virtual Host Stanza looks like the following example:

<VirtualHost _default_:443>

</VirtualHost

3. Apply the needed mod_expires directives between the virtual host lines.
The results should look similar to the following example:

<VirtualHost _default_:443>

    <IfModule mod_expires.c>
    # Turn on the module.
    ExpiresActive on
    # Set the default expiry times.
    ExpiresDefault "access plus 2 days"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType text/javascript "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
    ExpiresByType application/x-shockwave-flash "access plus 1 month"
    ExpiresByType text/css "now plus 1 month"
    ExpiresByType image/ico "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 month"
    ExpiresByType text/html "access plus 600 seconds"
    </IfModule>

</VirtualHost>
4. Restart Apache Service

Service httpd restart

Fully-managed CentOS 6 & 7 cPanel Servers

cPanel provides a rich template system that can be used to modify Apache behavior as needed. There is a specific directory structure needed to ensure our modifications persist through updates, upgrades and restarts. This system works the same way on both EasyApache 3 as well as EasyApache 4 systems.

 

Each site can handle its own set of custom include files. These need to be located in the following locations:


HTTP Virtual Hosts:
/etc/apache2/conf.d/userdata/std/2_4/<USER>/<DOMAIN>/<INCLUDENAME>.conf


HTTPS Virtual Hosts:
/etc/apache2/conf.d/userdata/ssl/2_4/<USER>/<DOMAIN>/<INCLUDENAME>.conf

There are three variables in the path above that need to be reconciled:

  • <USER> replaced by the necessary accounts username.
  • <DOMAIN> replaced by the fully qualified domain.tld name of the site. (minus the www. prefix)
  • <INCLUDENAME> replace by the name of the include file. This should reflect the include’s purpose. E.G. expires.conf

1. These directories do not exists by default and will need to be created. Once you know the details this can be done easily with the mkdir -p command like so:

HTTP Virtual Host:

mkdir -p /etc/apache2/conf.d/userdata/std/2_4/myuser/example.com/

HTTPS Virtual Host:

mkdir -p /etc/apache2/conf.d/userdata/ssl/2_4/myuser/example.com/

2. After the directories are created, we can now create our include files, calling it expires.conf.
HTTP Virtual Host:

vim /etc/apache2/conf.d/userdata/std/2_4/myuser/example.com/expires.conf

HTTPS Virtual Host:
vim /etc/apache2/conf.d/userdata/ssl/2_4/myuser/example.com/expires.conf

3. Add the necessary mod_expires directives to both expires.conf files. They should look similar to this when complete:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

4. Now we will need to have cPanel rebuild the Apache configuration to apply the new includes.

/usr/local/cpanel/scripts/rebuildhttpdconf

5. Restart Apache to update the running configuration:
/usr/local/cpanel/scripts/restartsrv_apache

6. If running EasyApache 4, Restart Apache PHP-FPM service as well:
/usr/local/cpanel/scripts/restartsrv_apache_php_fpm

There are additional methods for handling virtual hosts in cPanel. Applying includes to all hosts or all HTTPS hosts or even all hosts by one user. For a much more in-depth explanation of the cPanel Virtual Host Include system, visit the Official cPanel Online Docs.

Fully-managed CentOS 7 Plesk Onyx 17 Linux Servers

Plesk provides a robust include and template system for modification of virtual host entries on an individual virtual host basis. These are done in the following files:

Note:
We will need to replace example.com with your domain name (minus www. prefix).
/var/www/vhosts/system/example.com/conf/vhost_ssl.conf

The directory structure here should already exist. However, these vhost.conf and vhost_ssl.conf files do not exist by default and will need to created.

1. Create the needed include files:
HTTP Virtual Host:

touch /var/www/vhosts/system/example.com/conf/vhost.conf

HTTPS Virtual Host:
touch /var/www/vhosts/system/example.com/conf/vhost_ssl.conf

2. Modify both vhost.conf and vhost_ssl.conf applying the necessary mod_expires directives. When finish each file should look similar to the following:

<IfModule mod_expires.c>
# Turn on the module.
ExpiresActive on
# Set the default expiry times.
ExpiresDefault "access plus 2 days"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType text/css "now plus 1 month"
ExpiresByType image/ico "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
ExpiresByType text/html "access plus 600 seconds"
</IfModule>

3. Have Plesk rebuild the configuration for the site in question
/usr/local/psa/admin/sbin/httpdmng --reconfigure-domain example.com

4. Restart Apache Service:
service httpd restart

The Plesk templates and includes systems is very robust and permits integration of many other common Apache directives. Visit the Plesk Onyx Online Documentation to learn more about leveraging its capabilities.