Update: Install Multiple PHP Versions on Ubuntu 16.04

Reading Time: 2 minutes

In this article, we will be discussing how to install Multiple PHP Versions on Ubuntu 16.04. Ubuntu 16.04 LTS servers assign the PHP 7.0 version by default. Although PHP 5.6 is currently EOL (end of life) as of December of 2018, some applications may not be compatible with PHP 7.0. For this tutorial, we instruct on how to switch between PHP 7.0 and PHP 5.6 for Apache and the overall default PHP version for Ubuntu.

Continue reading “Update: Install Multiple PHP Versions on Ubuntu 16.04”

How to Install Node Version Manager on Ubuntu

Reading Time: 2 minutes

The Node Version Manager (NVM) is a command-line utility used to manage and switch between multiple active versions of Node.js on a single system. Whether you’re an admin or a developer, being able to change the javascript runtime environment on your system simplifies testing applications across different versions.

Continue reading “How to Install Node Version Manager on Ubuntu”

How To Remove PostgreSQL

Reading Time: 2 minutes

Sometimes during a software install, things go sideways and you realize that not all of the program downloaded or the install was interrupted for some reason leaving you with incomplete files and empty directories. Honestly, this is a rare occurrence but it can happen from time to time. This then begs the question; So how do I completely uninstall recently installed software? In this tutorial, we’ll be safely removing PostgreSQL from our Liquid Web Ubuntu 16.04 server.  

Continue reading “How To Remove PostgreSQL”

Enable Root Login via SSH In Ubuntu

Reading Time: 2 minutesBy default, SSH on Ubuntu comes configured in a way that disables the root users log in. This was originally enabled as a security precaution which means that you cannot directly log in as the root user over SSH. However, you can usually get around the need for root ssh login by using the sudo command. In some cases, though it’s just more convenient to get directly logged in as root.

Continue reading “Enable Root Login via SSH In Ubuntu”

How To Check the Kernel Version in Linux / Ubuntu / CentOS

Reading Time: 2 minutesIn this article and related video, we will be discussing how to check the kernel version in both Ubuntu and CentOS Linux. The following command works with all Linux distributions, such as Red Hat, CentOS, Debian, and Ubuntu. It also works on other UNIX-like operating systems such as HPUX, FreeBSD, OpenBSD, Solaris, etc. Use the following command to check which kernel version your server is currently running:
Continue reading “How To Check the Kernel Version in Linux / Ubuntu / CentOS”

Install Puppet on Ubuntu 18.04

Reading Time: 9 minutes

What is Puppet?

In this tutorial, we will install Puppet on a Ubuntu 18.04 server. Puppet is an open core, server based, task management type of automation software that is primarily used to limit your interactions for many of the mundane, day to day server tasks that used to require personal intervention. 

This software allows you as the server owner to delegate specific functions to the software, thereby freeing you up for more critical business efforts. Puppet is a master/client based system that can interact with both Windows and Linux servers. The Puppet master server is run from a Linux server (a small downside given the time and effort it will save in the long run) but, can control efforts on other server types as well.
Continue reading “Install Puppet on Ubuntu 18.04”

Installing Jenkins on Ubuntu 16.04

Reading Time: 3 minutes

What Is Jenkins?

Jenkins is an open source automation server software developed in Java. It allows developers to integrate CI/CD (Continuous Integration/Continuous Delivery) pipelines within their organization that ease and automate workflows. It has an extensive help community, supports over 1000 plugins, allows users the ability to automate almost any task and, it saves significant time that can be better utilized addressing other issues.

When automating tasks with Jenkins, users can optimize their workflow by quickly automating the jobs that servers are not able to do themselves. Jenkins has a wide array of features including building projects, executing unit tests for bug detection, analyzing static code, and deploying applications. For this article, we will learn how to install Jenkins on a Ubuntu 16.04 server using APT (Advanced Package Tool). When using APT, we can retrieve and install all of the needed dependencies as well.

Continue reading “Installing Jenkins on Ubuntu 16.04”

How to Install ConfigServer Firewall (CSF) on Ubuntu

Reading Time: 4 minutes

What is a Firewall?

Broadly speaking, a firewall is part of a network or server that is designed to restrict potentially malicious and unauthorized access to the hardware while still allowing outward communication from the network or server. 

There are two types of firewalls; physical hardware firewalls which are devices that connect to the destination server and stop traffic from passing to it and, software-based firewalls that run on a server and filter/reject connection attempts. In both cases, the firewall is at its core, a security measure meant to protect your data from unauthorized access. Today, we are going to review how to install CSF Firewall on a Ubuntu server 

Continue reading “How to Install ConfigServer Firewall (CSF) on Ubuntu”

CentOS vs Ubuntu: 15 Factors to Consider!

Reading Time: 5 minutes

Let the Battle Begin!

Today we will be reviewing the major differences between CentOS and Ubuntu in a web hosting environment. Although this is not a fully comprehensive analysis of every single aspect of the numerous in-depth features of each operating system, it should provide a solid overview which will allow you to choose which system is best suited for your needs. Without further ado, let’s jump right in…

Continue reading “CentOS vs Ubuntu: 15 Factors to Consider!”

How to Set Up Multiple SSLs on One IP With Nginx

Reading Time: 6 minutesWith the shortage of available address space in IPv4, IPs are becoming increasingly difficult to come by, and in some cases, increasingly expensive. However, in most instances, this is not a drawback. Servers are perfectly capable of hosting multiple websites on one IP address, as they have for years.

But, there was a time when using an SSL certificate to secure traffic to your site required having a separate IPv4 address for each secured domain. This is not because SSLs were bound to IPs, or even to servers, but because the request for SSL certificate information did not specify what domain was being loaded, and thus the server was forced to respond with only one certificate. A name mismatch caused an insecure certificate warning, and therefore, a server owner was required to have unique IPs for all SSL hosts.

Luckily, IPv4 limitations have brought new technologies and usability to the forefront, most notably, Server Name Indication (SNI).

 

Why Do I Need an SSL?

Secure Socket Layer (SSL) certificates allow two-way encrypted communication between a client and a server. This allows any data protection from prying eyes, including sensitive information like credit card numbers or passwords. SSLs are optionally signed by a well-known, third-party signing authority, such as GlobalSign. The most common use of such certificates are to secure web traffic over HTTPS.

When browsing an HTTPS site, rather than displaying a positive indicator, modern browsers show a negative indicator for a site that is not using an SSL. So, websites that don’t have an SSL will have a red flag right off the bat for any new visitors. Sites that want to maintain reputation are therefore forced to get an SSL.

Luckily, it is so easy to get and install an SSL, even for free, that this is reduced to a basic formality. We’ll cover the specifics of this below.

 

What is SNI?

Server Name Indication is a browser and web server capability in which an HTTPS request includes an extra header, server_name, to which the server can respond with the appropriate SSL certificate. This allows a single IP address to host hundreds or thousands of domains, each with their own SSL!

SNI technology is available on all modern browsers and web server software, so some 98+% of web users, according to W3, will be able to support it.

 

Pre-Flight Check

We’ll be working on a CentOS 7 server that uses Nginx and PHP-FPM to host websites without any control panel (cPanel, Plesk, etc.). This is commonly referred to as a “LEMP” stack, which substitutes Nginx for Apache in the “LAMP” stack. These instructions will be similar to most other flavors of Linux, though the installation of Let’s Encrypt for Ubuntu 18.04 will be different. I’ll include side-by-side instructions for both CentOS 7 and Ubuntu 18.04.

For the remainder of the instructions, we’ll assume you have Nginx installed and set up to host multiple websites, including firewall configuration to open necessary ports (80 and 443). We are connected over SSH to a shell on our server as root.

Note
If you have SSLs for each domain, but they are just not yet installed, you should use Step 3a to add them manually. If you do not have SSLs and would like to use the free Let’s Encrypt service to order and automatically configure them, you should use Step 3b.

 

Step 1: Enabling SNI in Nginx

Our first step is already complete! Modern repository versions of Nginx will be compiled with OpenSSL support to server SNI information by default. We can confirm this on the command line with:

nginx -V

This will output a bunch of text, but we are interested in just this line:

...
TLS SNI support enabled
...

If you do not have a line like this one, then Nginx will have to be re-compiled manually to include this support. This would be a very rare instance, such as in an outdated version of Nginx, one already manually compiled from source with a different OpenSSL library. The Nginx version installed by the CentOS 7 EPEL repository (1.12.2) and the one included with Ubuntu 18.04 (1.14.0) will support SNI.

Step 2: Configuring Nginx Virtual Hosts

Since you have already set up more than one domain in Nginx, you likely have server configuration blocks set up for each site in a separate file. Just in case you don’t, let’s first ensure that our domains are set up for non-SSL traffic. If they are, you can skip this step. We’ll be working on domain.com and example.com.

vim /etc/nginx/sites-available/domain.com

Note
If you don’t happen to have sites-enabled or sites-available folders, and you want to use them, you can create /etc/nginx/sites-available and /etc/nginx/sites-enabled with the mkdir command. Afterward,  inside /etc/nginx/nginx.conf, add this line anywhere inside the main http{} block (we recommend putting it right after the include line that talks about conf.d):

include /etc/nginx/sites-enabled/*;

Otherwise, you can make your configurations in /etc/nginx/conf.d/*.conf.

At the very least, insert the following options, replacing the document root with the real path to your site files, and adding any other variables you require for your sites:

server {
listen 80;
server_name domain.com;
root /var/www/domain.com;
...
}

A similar file should be set up for example.com, and any other domains you wish to host. Once these files are created, we can enable them with a symbolic link:

ln -s /etc/nginx/sites-available/domain.com /etc/nginx/sites-enabled/

ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/

Now, we restart Nginx…

systemctl reload nginx

This reloads the configuration files without restarting the application. We can confirm that the two we just made are loaded using:

nginx -T

You should see your server_name line for both domain.com and example.com.

Note
The listen line included in the server block above will allow the site to listen on any IP that is on the server. If you would like to specify an IP instead, you can use the IP:port format instead, like this:

server {
listen 123.45.67.89:80;
...
}

Step 3a: Add Existing SSLs to Nginx Virtual Hosts

Now that we have valid running configurations, we can add the SSLs we have for these domains as new server blocks in Nginx. First, save your SSL certificate and the (private) key to a global folder on the server, with names that indicate the relevant domain. Let’s say that you chose the global folder of /etc/ssl/. Our names, in this case, will be /etc/ssl/domain.com.crt (which contains the certificate itself and any chain certificates from the signing authority), and /etc/ssl/domain.com.key, which contains the private key. Edit the configuration files we created:

vim /etc/nginx/sites-available/domain.com

Add a brand new server block underneath the end of the existing one (outside of the last curly brace) with the following information:

server {
listen 443;
server_name domain.com;
root /var/www/domain.com;
ssl_certificate /etc/ssl/domain.com.crt;
ssl_certificate_key /etc/ssl/domain.com.key;
...
}

Note the change of the listening port to 443 (for HTTPS) and the addition of the ssl_certificate and ssl_certificate_key lines. Instead of rewriting the whole block, you could copy the original server block and then add these extra lines, while changing the listen port. Save this file and reload the Nginx configuration.

systemctl reload nginx

We again confirm the change is in place using:

nginx -T

For some setups you’ll see two server_name lines each for domain.com and example.com, one using port 80 and one using port 443. If you do, you can skip to Step 4, otherwise continue to the next step.

Step 3b: Install and Configure Let’s Encrypt

Let’s next set up the free SSL provider Let’s Encrypt to automatically sign certificates for all of the domains we just set up in Nginx. On Ubuntu 18.04, add the PPA and install the certificate scripts with aptitude:

add-apt-repository ppa:certbot/certbot

apt-get update

apt-get install certbot python-certbot-nginx

In CentOS 7, we install the EPEL repository and install the certificate helper from there.

yum install epel-release

yum install certbot python2-certbot-nginx

On both systems, we can now read the Nginx configuration and ask the Certbot to assign us some certificates.

certbot --nginx

This will ask you some questions about which domains you would like to use (you can leave the option blank to select all domains) and whether you would like Nginx to redirect traffic to your new SSL (we would!). After it finishes it’s signing process, Nginx should automatically reload its configuration, but in case it doesn’t, reload it manually:

systemctl reload nginx

You can now check the running configuration with:

nginx -T

You should now instead see two server_name lines each for domain.com and example.com, one using port 80 and one using port 443.

Let’s Encrypt certificates are only valid for 90 days from issuance, so we want to ensure that they are automatically renewed. Edit the cron file for the root user by running:

crontab -e

The cron should look like this:

45 2 * * 3,6 certbot renew && systemctl reload nginx

Once you save this file, every Wednesday and Saturday at 2:45 AM, the certbot command will check for any needed renewals, automatically download and install the certs, followed by a reload of the Nginx configuration.

Step 4: Verify Installation and Validity

We should now check the validity of our SSLs and ensure that browsers see the certificates properly. Visit https://sslcheck.liquidweb.com/ and type in your domain names to check the site’s SSL on your server. You should see four green checkmarks, indicatating SSL protection.

We hope you’ve enjoyed our tutorial on how to install SSLs on multiple sites within one server. Liquid Web customers have access to our support team 24/7.  We can help with signed SSL or ordering a new server for an easy transfer over to Liquid Web.