How to Install Nextcloud 15 on Ubuntu 18.04

Reading Time: 2 minutes

Similar to Dropbox and Google Drive, Nextcloud is self-hosting software that allows you to share files, contacts, and calendars. But, unlike Dropbox and Google Drive, your files will be private and stored on your server instead of a third party server. Nextcloud is HIPAA and GDPR compliant, so your files will be encrypted along with the ability to audit. For this tutorial, we’ll be installing our Nextcloud instance on our Ubuntu 18.04 LTS server. Continue reading “How to Install Nextcloud 15 on Ubuntu 18.04”

Install and Configure Mod_Security on Ubuntu 16.04 Server

Reading Time: 5 minutes

Mod_security, also commonly called Modsec for short, is a powerful WAF (Web Application Firewall) that integrates directly into Apache’s module system. This direct integration allows the security module to intercept traffic at the earliest stages of a request. Early detection is crucial for blocking malicious requests before they are passed along to web applications hosted by Apache web sites. This provides and extra layer of protection against common threats a server faces. This article will explore the installation of mod_security along with the CRS (Core Rule Set) in a Ubuntu 16.04 LTS Server running Apache 2.4. Continue reading “Install and Configure Mod_Security on Ubuntu 16.04 Server”

Install Multiple PHP Versions Using EasyApache 4

Reading Time: 8 minutes

EasyApache 4 installs, configures, updates, and validates your Apache, PHP and other services on your server. EasyApache 4 also supports multiple versions of PHP.  This allows you to assign different versions of PHP to each of your domains. There are great tools that have been implemented with EasyApache 4 that makes managing PHP versions simple. Two of these are the MultiPHP Manager and MultiPHP INI Editor. These can be found within the Web Host Manager, or “WHM” for short.  With the addition of these tools in cPanel/WHM, users can now complete most of these tasks from the Graphical User Interface. However, it is worth mentioning, attempting these tasks from the command line is recommended as we have seen better performance when compiling Apache builds.  

Note:
If you are still using EasyApache 3, please contact our support for assistance upgrading your server to EasyApache 4. EasyApache 3 is no longer being supported as of December 31st, 2018. This means there will be no further updates for this service. This can create security risks and should be addressed. Also, cPanel will not allow you to update to version 78 or newer using EasyApache 3. Before considering upgrading, please be sure you meet the following requirements.

EasyApache 4 requirements

  • Utilize Apache 2.4 or newer, updating Apache from 2.2 to 2.4 can be done from WHM using EasyApache 3, but it is recommended to run from the command line.  You can read more about this here.
  • It is recommended for the system to use suPHP as the default PHP handler.  More information on handlers can be found here.
  • CentOS 6, CloudLinux 6, Red Hat Linux 6 or higher

          

Note:
If you are still running CentOS 5 or older “due to the security risks” we would highly recommend migrating to a newer operating system as soon as possible. More than likely your current server’s hardware is also obsolete. Due to the complexities of our packages, we would recommend migrating to a new server. If you need any assistance choosing a new server, please reach out to us. Our team will gladly assist you in selecting the perfect package that will provide you with the best performance possible.

  • PHP versions 5.4 or higher. If your site is using PHP 5.3 or older, you will need to update and confirm your site is compatible with PHP Versions 5.4 or higher.  
  • MySQL/MariaDB are using updated hashes. The older versions of MySQL use an incompatible hashing algorithm.  Mysql 5.6 and later use an updated secured hash.  Since EasyApache 4 uses mysqlnd “the MySQL Native Driver” this will need to be addressed before upgrading since mysqlnd does not support older hash.  

Once you have met these requirements, your server is ready to upgrade EasyApache 3 to EasyApache 4.  When upgrading EasyApache we would recommend beginning this task at a time your server is not expecting much traffic as the process can take 20 minutes to a few hours.  This depends on your specific server’s performance and overhead. If you require any assistance with meeting the requirements needed to upgrade or would like to schedule an upgrade.  Please call, start a chat or submit a ticket with our support team.

Other than the requirements there are a few other obstacles you may need to check.

  1. Be sure the suPHP_ConfigPath directive is not being used in any .htaccess file as unexpected behavior may occur. You can correct this by removing or commenting this directive out within the .htaccess file. (The .htaccess can be found in /home/$cpaneluser/public_html  or /home/$cpaneluser/)
  1. Find any php.ini or .user.ini that will try to reference the old environment variable,  extension_dir, either the line will need to be removed or corrected. (The .php.ini/.user.ini can be found in /home/$cpaneluser/public_html  or /home/$cpaneluser/)

Upgrading EasyApache 3 to EasyApache 4 Script

Access your server via SSH and insert the following command:  

/scripts/migrate_ea3_to_ea4 –run 

To revert back to EasyApache 3

/scripts/migrate_ea3_to_ea4 –revert –run

Once EasyApache 4 is installed, please be sure to test your sites for any errors and confirm that WHM/cPanel is up to date.

 

Configuring Apache and PHP Using EasyApache 4 

1. Login to WHM and access EasyApache 4 by using the search bar.

       WHM >> Software >> EasyApache 4

WHM EA4 Link

2. Once you have navigated to EasyApache 4 you can view, customize and provision available EasyApache profiles.  Click the  button under

WHM EA4 currently installed packages customize

Currently Installed Packages.

Note:
By default EasyApache 4 comes with additional profiles that help minimize setup up time as there are a few options tailored to the end users’ needs. If needed you still have the ability to create your own profiles for even further customization. For more information on EasyApache 4 profiles, you can view this documentation from cPanel.

3. From the “Apache MPMmenu you can select which MultiProcessing Module, or “MPM” you would like to use.  This will determine how Apache will handle incoming requests and how it processes them. You can select which MPM you would like to use by clicking the toggle button to the right of the module. If you are unsure on which MPM to use, check our tutorial to help you decide. Once selected click Next

EA4 apache mpm

4. The “Apache Modules” section will allow you to select and install needed Apache Modules.  Once the needed modules are selected, click Next. Apache Modules can add extra functionality to Apache.  For example, the mod_ssl module can be selected from this interface.  This allows Apache to process traffic using the Secure Sockets Layer “SSL v2/3” and TLS “Transport Layer Security”. For more Information on Apache Modules visit this link, which details more specific information on Apache Modules.

EA4 apache mod_auth_digest

5. From the PHP Versions menu, you can select which versions of PHP you wish to install.  WHM will automatically check for extensions currently being used by other versions of PHP on your server.  More than likely these extensions are currently being used by one of your domains, and because of this, we recommend selecting the PHP X.X and Extensions button when selecting a version.  After you have selected the versions you want to install, click Next.

EA4 php versions php72

Note:
If possible we would highly recommend using the most recent version of PHP as PHP version 5.6 and 7.0 will no longer have security updates as of January 1, 2019. For more information on supported PHP versions visit this link.

6. From the next menu, the PHP Extensions menu, you can select all PHP extensions you require.  PHP extensions enable particular functions used in your PHP code, an example of this would be if your PHP code communicates with MySQL you will need to utilize the mysqlnd extension.  EasyApache 4 has already selected recommended extensions that existed on previously installed versions of PHP on your server by default.   A good tip is to limit the selection view to only the version of PHP you are installing.  You can do so at the top of this page by deselecting the boxes next to Filter by PHP Version.  Once you have selected your PHP extensions click Next.

EA4 php extension php72-php-cli

7.  The next two sections are not commonly used, however, they are included for those that require these functions.  Ruby via Passenger allows you to integrate Ruby, Node.js, and Python applications on your server.  Within this menu, you can install/select which Ruby modules you would like to use.  More information on this can be found in this link

Within the Additional Packages menu, you can select custom packages to be installed on your server.  Currently, by default, the only option available is Tomcat 8.5.  Tomcat is a Java Servlet Container that allows you to run Javabased application on your server. You can save the profile to be used for later by clicking Save as profile button on the bottom-right corner of the page.

EA4 additional package tomcat85

Once you have finished your selections, click Next or Review.   You should see a notification like the one we have included below.  This can take a few minutes to complete so allow it some time to poll your results.

preparing selected packages for review

8.  Please be sure to review this next page to make sure you have selected the desired configuration. If you notice anything is missing or should be changed, you may return to the relevant menu to adjust the selections. Once reviewed, scroll down to the bottom of the page and click the Provision” button.

command line provisioning output

Once you have begun provisioning, please allow EasyApache some time to finish.  You will be prompted once the process has finished.

Congratulations, you have selected an MPM, installed additional Apache Modules, PHP versions, and PHP extensions using EasyApache 4.

 

Using the MultiPHP Manager from WHM

cPanel’s MultiPHP Manager allows users to manage cPanel accounts PHP configuration on a per domain basis.  This feature is only available on EasyApache 4.  You can also set the systems default global PHP version for all accounts, enable PHP-FPM globally or per domain, and adjust PHP-FPM pool options.

Selecting System default PHP Version 

  1. Navigate to the MultiPHP Manager (WHM >> Software >> MultiPHP Manager)
    whm multiphp manager link
    Note:
    Setting the system default PHP version will not change the PHP version for all domains. Your cPanel account “if not defined” is set to inherit by default. If the inherit option is enabled, the account will use the system’s default PHP version.
  1. Click Edit under System PHP Versions.
    system php version edit link
  1. Select the desired PHP version and click Apply. You should see a Success notification at the top right of the page if the change was successful.  It will also display any errors that may have occurred. php version change success  

Define PHP Versions per Domain

Within the MultiPHP Manager, you also can set the desired PHP version on a per domain basis.  

define php version per domain

  1. Select the domain or accounts you wish to alter.
  2. Click the dropdown menu located in the PHP column.
  3. Select your desired PHP version. The interface will prompt you once the change has completed.
    php version update success

Changing PHP Versions on Multiple Accounts

change php version per domain

  1. Select which accounts you would like to alter by clicking the check boxes next to the domain.
  2. Click the dropdown located in the type right.
  3. Select the desired PHP version and click Apply The interface will prompt you once the change has completed. php version update success 

 

MultiPHP INI Editor

MultiPHP INI Editor is a great tool that allows you to manage PHP settings per version.  You can quickly edit the most commonly adjusted PHP directives from within the Basic Mode or for more advanced users you can edit the configuration files directly using the Editor Mode.   For information on directives, please read PHP’s documentation which can be found here.

To access the MultiPHP INI Editor login into WHM. (WHM >> Home >> Software >> MultiPHP INI Editor)

whm multiphp ini editor

Basic Mode allows you to view and edit directive values for your selected PHP version.  WHM will save changes to the PHP configuration file.  Also, directives will only show if the version of PHP you are editing supports that directive. With WHM assistance this greatly helps minimize errors as the syntax within these files are sensitive.  

php ini editor basic mode

Edit PHP Configuration Using MultiPHP INI Editor in Basic Mode

  1. Select a PHP version from the dropdown menu.
  2. Adjust directives as needed.  For example, you can increase upload_max_filesize by editing the field to the right of the directive.
  3.  Click Apply to submit changes.  If the edit was submitted successfully WHM will notify you at the top right of the page.  It will also inform you if any errors have occurred.
  4. Adjust directives as needed.  For example, you can increase upload_max_filesize by editing the field to the right of the directive. 
  5.  Click Apply to submit changes.  If the edit was submitted successfully WHM will notify you at the top right of the page.  It will also inform you if any errors have occurred.

php ini manager apply

php version update success

 

Edit PHP Configuration Using MultiPHP INI Editor in Editor Mode

Editor Mode allows you to modify additional directives and PHP configurations that are not available in Basic Mode.  Please note, errors within this interface can result in errors causing PHP scripts not to function correctly.  Unlike Basic Mode which loads directives available to that version of PHP, Editor Mode loads the contents from the .ini file for the selected PHP version.  If the file does not exist then, the interface will load a blank editor.  When saving values or configurations to a blank editor, the systems will create a new file. 

  1. From within MultiPHP INI Editor click the Editor Mode tab.
    php version edit ini settings
  2. Click the dropdown menu to select PHP Version.
  3. The Editor will open the file as a text document. From here you can simply edit the configuration to your needs.
  1. Click Save to submit your changes.  If the changes were successful WHM will display a success notification in the top right of the screen as well as any errors that may have occurred.  

command line edit php ini version

EasyApache 4 makes adjustments and server tuning a breeze.  However, there is still a chance the end user can make a fatal mistake.  A quick call to our support staff could bring a quick resolution to your issue.  There are some cases where the best solution possible, is the fastest the end user can apply themselves.  For cases such as these, we would highly recommend utilizing our Cloud Backups.  Cloud Backups offer an extra layer of protection as your backups are stored on a remote device we manage here at Liquid Web.  This ensures full restoration in the unlikely event of a total system failure. The end user can manage and restore easily from our manage page.  For more information on how Cloud Backups can work for you visit our products page

How to Install PHP 7.2 on Ubuntu 16.04

Reading Time: 5 minutes

Using PHP 7.2 on an Ubuntu server is highly recommended over previous PHP versions for several reasons, first being security. Active Support for PHP 7.2 goes until November 30th, 2019 and Security Support until Nov 30, 2020. Older versions like 7.0 and anything 5.6 and below are no longer getting any support and can leave open security holes on a server if they are not replaced. Another main reason to upgrade is the big performance increase over previous versions when PHP 7.2 is installed and is using the OPcache module.  This can greatly decrease the time it takes for your webpage to load! If you are developing a site locally or launching it on one of Liquid Web’s Ubuntu VPS or Dedicated Servers, using PHP 7.2 or newer would be the way to go.

Continue reading “How to Install PHP 7.2 on Ubuntu 16.04”

Apache Performance Tuning: MPM Modules

Reading Time: 3 minutes

The keystone for understanding Apache server performance is by far the MultiProcessing Modules (MPMs). These modules determine the basis for how Apache addresses multiprocessing. Multiprocessing means running multiple operations simultaneously in a system with multiple central processing units (CPU Cores).

There are many MPMs to choose; however, this article focuses on the most commonly used modules found in Liquid Web Linux based servers. These modules are:

The self-regulating MPM Prefork derives its namesake from how it forks or copies itself into new identical processes preemptively to wait for incoming requests. A non-threaded process-based approach at multiprocessing, MPM Prefork runs Apache in a single master parent server process. This parent is responsible for managing any additional child servers that make up its serverpool. While using MPM Prefork, each child server handles only a single request. This focus provides complete isolation from other requests dealt with on the server. MPM Prefork is typically used for compatibility when non-threaded libraries/software, like mod_php (DSO), are required. From an optimization standpoint, MPM Prefork can be sorely lacking when compared to multi-threaded solutions, requiring vastly more resources to reach similar traffic levels as a threaded MPM. It is resource intensive due to its need to spawn full copies of Apache for every request.

MPM Prefork

Rule-of-Thumb:
Avoid using MPM Prefork whenever possible. It’s inability to scale well with increased traffic will quickly outpace the available hardware on most system configurations.

 

A hybrid pre-forking, multithreaded, multiprocessing web server. In the same fashion as MPM Prefork, MPM Worker uses the same approach with a single master parent process governing all children within its serverpool. However, unlike MPM Prefork, these children are multi-threaded processes that can handle dozens of threads (requests) simultaneously. MPM Worker has set the foundation for multithreaded multiprocessing in Apache servers which became stable in Apache 2.2. The threaded configuration allows Apache to service hundreds of requests with ease while retaining only a dozen or so child processes in memory. The MPM Worker make for both a high capacity and low resource solution for web service.

MPM Worker

Note
The KeepAliveTimeOut directive currently defines the amount of time Apache will wait for requests. When utilizing KeepAlive with MPM Worker use the smallest KeepAliveTimeout as possible (1 second preferably).

Based off the MPM Worker source code, MPM Event shares configuration directives with MPM Worker. It works nearly identical to MPM Worker except when it comes to handling KeepAlive requests. MPM Event uses a dedicated Listener thread in each child process. This Listening thread is responsible for directing incoming requests to an available worker thread. The Listening thread solves the issue encountered by MPM Worker which locks entire threads into waiting for the KeepAliveTimeout. The Listener approach of MPM Event ensures worker threads are not “stuck” waiting for KeepAliveTimeout to expire. This method keeps the maximum amount of worker threads handling as many requests as possible.


MPM EventMP

Tip:
MPM Event is stable in Apache 2.4, older versions can use MPM Worker as an alternative.

There is an assortment of additional MPMs available. These are typically part of Apache’s integration into Operating Systems other than Unix based systems. These have specific MPMs which are requirements or utilizing Apache on their respective system types. These types of MPMs are beyond the purview of this article. You can find more information on specific MPM in the MPM Defaults section of the official Apache Documentation.

MPM EventMP

Tip:
We recommend staying away from experimental and unstable MPMs. The unreliable nature of these types of software renders them unsupportable.

 

When considering optimization, it is essential to understand there is no such thing as a one-size-fits-all Apache configuration. Correctly choosing an MPM requires analysis of many moving variables like traffic, site code, server type, PHP Handler and available hardware. Every server is unique making the best MPM an entirely subjective choice.

If your application code does not support multi-threading, then your choice will inevitably be MPM Prefork purely on a compatibility basis. MPM Prefork includes software modules like mod_php (DSO). MPM Worker without KeepAlive performs very well if your application is a high-performance load balanced API system. The scalability and flexibility of MPM Event is a solid choice for hosting multiple small to medium sites in a shared hosting configuration.

Most simple servers setups operate well under the self-governing default configuration of MPM Event, making it an ideal starting point for optimization tuning. Once chosen, an MPM can then move onto Configuration Directives to review which settings pertain to server performance and optimization. Or check out our previous article in this series, Apache Performance Tuning: Swap Memory.

Whitelisting in ModSecurity

Reading Time: 6 minutes

Broken down into two parts our article’s first section hits on “how to whitelist IPs or URIs,” for people who are somewhat familiar with ModSecurity but want to know further about the process. Our second section examines why we configure ModSecurity and how to prevent the security of the server from getting in the way of our work. If you have a Fully Managed Liquid Web server reach out to our Heroic Support team for assistance with whitelisting! Continue reading “Whitelisting in ModSecurity”

What is mod_deflate?

Reading Time: 3 minutes

How mod_deflate works

When a visitor accesses a website, a request is made to the web server for a specific kind of data. An example might be a home page of a site. Next, the web server locates that data and delivers it to the client who is requesting that data – basically back to the web browser.

In this example, the speed at which the home page loads can depend on a variety of factors. One of them could be how long it takes to find and deliver the data for that page. This is just one example.

Some of that data – such as javascript files, css files, and php files – can actually be compressed into smaller sizes before they are delivered back to the visiting client or browser at the smaller size. The visitor can now have a more optimized browsing experience.

This is where mod_deflate comes in.

Continue reading “What is mod_deflate?”

List Which Apache 2 Modules are Enabled on Fedora 21

Reading Time: 1 minute

The Apache web server is one of the most popular and powerful web servers in the world due to its ease of administration and flexibility. This flexibility comes Apache’s modular design, and allows for such features as: URL rewriting for SSL encryption natively, and Outlook Anywhere passthrough support in reverse proxy setups. Modularity allows Administrators to modify Apache to meet their needs; adding modules that are needed and removing ones that are not.

Pre-Flight Check
  • These instructions are intended specifically for viewing which Apache modules are enabled on Fedora 21.
  • I’ll be working from a Liquid Web Self Managed Fedora 21 server with Apache 2 installed, and I’ll be logged in as root.

Continue reading “List Which Apache 2 Modules are Enabled on Fedora 21”

List Which Apache 2 Modules are Enabled on Fedora 20

Reading Time: 1 minute

The Apache web server is one of the most popular and powerful web servers in the world due to its ease of administration and flexibility. This flexibility comes Apache’s modular design, and allows for such features as: URL rewriting for SSL encryption natively, and Outlook Anywhere passthrough support in reverse proxy setups. Modularity allows Administrators to modify Apache to meet their needs; adding modules that are needed and removing ones that are not.

Pre-Flight Check
  • These instructions are intended specifically for viewing which Apache modules are enabled on Fedora 20.
  • I’ll be working from a Liquid Web Self Managed Fedora 20 server with Apache 2 installed, and I’ll be logged in as root.

Continue reading “List Which Apache 2 Modules are Enabled on Fedora 20”

List Which Apache 2 Modules are Enabled on CentOS 7

Reading Time: 1 minute

The Apache web server is one of the most popular and powerful web servers in the world due to its ease of administration and flexibility. This flexibility comes Apache’s modular design, and allows for such features as: URL rewriting for SSL encryption natively, and Outlook Anywhere passthrough support in reverse proxy setups. Modularity allows Administrators to modify Apache to meet their needs; adding modules that are needed and removing ones that are not. Here we’ll be working with Apache on CentOS 7.

Pre-Flight Check
  • These instructions are intended specifically for viewing which Apache modules are enabled on CentOS.
  • I’ll be working from a Liquid Web Core Managed CentOS 7 server with Apache 2 installed, and I’ll be logged in as root.

Continue reading “List Which Apache 2 Modules are Enabled on CentOS 7”