Month: December 2022

bookmark_borderHow to Install Gogs Git on Ubuntu 22.10

Posted on by crowncloud

Hello,

In this week’s feature highlight, we look at How to Install Gogs Git on Ubuntu 22.10


This tutorial will walk you through the steps necessary to install the Gogs self-hosted Git service on an Ubuntu 22.10 server. The Gogs project, written in Go, aims to create a simple, stable, and extensible self-hosted Git service with a simple setup process.

Gogs performs admirably and is extremely light. It uses very little RAM and CPU power. 

Checkout the Gogs Project at https://gogs.io/ for more information.

Prerequisites

  • Full SSH root access or a user with sudo privileges is required.
  • Gogs supports the following databases.
    • SQLite3
    • PostgreSQL
    • MySQL
    • MariaDB

First, check for any pending system upgrade

Let’s update software packages first. To perform updates, run the following command:

apt update
apt upgrade

Install MariaDB Database Server

Use the below command to install MariaDB.

apt install mariadb-server mariadb-client

Check the status of MariaDB service.

root@crown~# systemctl status mariadb
● mariadb.service - MariaDB 10.6.9 database server
     Loaded: loaded (/lib/systemd/system/mariadb.service; enabled; preset: enab>
     Active: active (running) since Sat 2022-11-19 17:44:57 UTC; 8s ago
       Docs: man:mariadbd(8)
             https://mariadb.com/kb/en/library/systemd/
    Process: 1808 ExecStartPre=/usr/bin/install -m 755 -o mysql -g root -d /var>
    Process: 1811 ExecStartPre=/bin/sh -c systemctl unset-environment _WSREP_ST>
    Process: 1818 ExecStartPre=/bin/sh -c [ ! -e /usr/bin/galera_recovery ] && >
    Process: 1876 ExecStartPost=/bin/sh -c systemctl unset-environment _WSREP_S>
    Process: 1878 ExecStartPost=/etc/mysql/debian-start (code=exited, status=0/>
   Main PID: 1862 (mariadbd)
     Status: "Taking your SQL requests now..."
      Tasks: 15 (limit: 2227)
     Memory: 61.6M
        CPU: 418ms
     CGroup: /system.slice/mariadb.service
             └─1862 /usr/sbin/mariadbd

Secure the MariaDB Installation with the below command,

mysql_secure_installation

Output:

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!

Login to MariaDB as root user,

mariadb -u root -p

Enable global variables as shown below,

SET GLOBAL innodb_file_per_table = ON;

Create a database called gogs which will be used for this project,

CREATE DATABASE IF NOT EXISTS gogs CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;

Create a user and grant all the privileges of the gogs database,

GRANT ALL PRIVILEGES ON gogs.* TO 'gogs'@'localhost' IDENTIFIED BY "StrongPassword";

Replace “StrongPassword” with an actual password that is long and strong.

FLUSH PRIVILEGES;
EXIT

Download and Install Gogs from GitHub

Use curl to download the Gogs file from their official github repository.

curl -s https://api.github.com/repos/gogs/gogs/releases/latest | grep browser_download_url | grep '\linux_amd64.tar.gz' | cut -d '"' -f 4 | wget -i -

Un-tar the downloaded Gogs file.

tar xvf gogs_*_linux_amd64.tar.gz

Create a new user called git,

adduser git

Create a dedicated logs directory for it’s user,

mkdir /var/log/gogs

Permit created directory access to the added user,

chown -R git:git /var/log/gogs/

Add the gogs systemd service file to the system directory at /etc/systemd/system/,

cp gogs/scripts/systemd/gogs.service /etc/systemd/system

Create a configuration file for Gogs,

nano /etc/systemd/system/gogs.service

If you want to make use of a different port to host Gogs, refer below.

You can use any other port you want to, this is to keep the site a bit safer.

Edit the ExecStart=/home/git/gogs web port, you can set a custom port such as 3001

ExecStart=/home/git/gogs/gogs web -port 3001

Move the Gogs binary file to /home/git,

mv gogs /home/git/

Change the permission of the site directory.

chown -R git:git /home/git/

To start the Gogs service.

systemctl daemon-reload
systemctl start gogs

Enable Gogs service to run on boot and check the Status,

systemctl enable gogs
systemctl status gogs

Output:

root@crown:~# systemctl status gogs
● gogs.service - Gogs
     Loaded: loaded (/etc/systemd/system/gogs.service; enabled; preset: enabled)
     Active: active (running) since Sat 2022-11-19 17:51:21 UTC; 10s ago
   Main PID: 3281 (gogs)
      Tasks: 6 (limit: 2227)
     Memory: 34.5M
        CPU: 271ms
     CGroup: /system.slice/gogs.service
             └─3281 /home/git/gogs/gogs web -port 3001

Configure Gogs

Navigate to your browser and load the server’s IP address or the domain name with 3001 port.

http://server-ip-address:3001 and you will see the Gogs installation screen.

In Database Settings we’ll first enter the Database information that was created earlier.

image

Next, In Application General Settings

  • Application Name – enter the Project name of your choice.
  • Run User – will be the new user that was added earlier, git.
  • Domain – enter the Domain name that should be associated with the application. If you do not have any domain, use localhost.
  • Application URL – enter the IP address of the server or the Domain name with the port to be used. Do not use localhost in Application URL.
  • Log Path – enter the directory path that was created earlier, /var/log/gogs.
image

In Optional Settings,

  • Enable or Disable the required settings that goes with your application usage.
  • Create an Admin Account which you will be using as first user with Admin privileges.
image

Now click on Install Gogs button to start the installation. Once the installation is complete, you will be redirected to login screen.

Login with the Admin user that was just created in the last step.

image

This concludes the Installation and Gogs on Ubuntu 22.10

bookmark_borderHow to Install Drupal on Ubuntu 22.10

Posted on by crowncloud

Drupal is a Content Management System (CMS) to maintain and publish an internet website. It’s an open-source content management system (CMS) with a large, supportive community. It’s used by millions of people and organizations around the globe to build and maintain their websites.

Update the System

Let us update the system packages to the latest by running the below commands,

apt update -y 
apt upgrade -y

Install MariaDB Server

Next is to install MariaDB or MySQL. I will be using MariaDB for this process. So let’s install MariaDB with the following command.

apt install -y mariadb-server mariadb-client

Secure your database server by setting a root password, disabling root remote logins, and removing test databases.

mysql_secure_installation

Output:

root@crown:~# sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

To log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] y
New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] Y 
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] Y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

Check that you can log in to the database as a root user with a password set.

mysql -u root -p

Now that we are able to log in as regular users, we can now create a Drupal database that Drupal can use once we installed it into our system. To create one using the following command.

Create Database for Drupal

Create a database for Drupal and grant all privileges to the Drupal user.

mysql -u root -p
CREATE DATABASE drupal;
CREATE USER 'drupal_user'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON drupal.* to drupal_user@'localhost';
FLUSH PRIVILEGES;
\q

Replace “password” with a real and strong password.

Output:


Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 41
Server version: 10.6.9-MariaDB-1 Ubuntu 22.10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE drupal;
Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]> CREATE USER 'drupal_user'@'localhost' IDENTIFIED BY 'password';
Query OK, 0 rows affected (0.003 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON drupal.* to drupal_user@'localhost';
Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> \q
Bye

Install PHP

By default, Ubuntu 22.10 comes with PHP version 8.1. We will install PHP and other necessary modules required to run Drupal.

apt install php php-{cli,fpm,json,common,mysql,zip,gd,intl,mbstring,curl,xml,pear,tidy,soap,bcmath,xmlrpc}

Output:

root@crown:~# apt install php php-{cli,fpm,json,common,mysql,zip,gd,intl,mbstring,curl,xml,pear,tidy,soap,bcmath,xmlrpc}
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
php is already the newest version (2:8.1+92ubuntu1).
php-cli is already the newest version (2:8.1+92ubuntu1).
php-json is already the newest version (2:8.1+92ubuntu1).
php-common is already the newest version (2:92ubuntu1).
php-mysql is already the newest version (2:8.1+92ubuntu1).
php-zip is already the newest version (2:8.1+92ubuntu1).
php-gd is already the newest version (2:8.1+92ubuntu1).
php-mbstring is already the newest version (2:8.1+92ubuntu1).
php-curl is already the newest version (2:8.1+92ubuntu1).

Install Apache Web Server

As for the Web Server, we will use Apache as it is easy to configure and use.

To install, run the below commands

apt install apache2 libapache2-mod-php

Output:

root@crown:~# apt install apache2 libapache2-mod-php
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
apache2 is already the newest version (2.4.54-2ubuntu1).
libapache2-mod-php is already the newest version (2:8.1+92ubuntu1).
0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded.

Update PHP Timezone and Memory Limit.

Enter the TimeZone you want Drupal to use as default.

nano /etc/php/*/apache2/php.ini
memory_limit = 256
date.timezone = UTC

Download the Latest Version of Drupal and extract it on Ubuntu 22.10.

wget https://www.drupal.org/download-latest/tar.gz -O drupal.tar.gz
tar xvf drupal.tar.gz
mv drupal-*/  /var/www/html/drupal

Update ownership for a drupal directory to Apache user and group.

 chown -R www-data:www-data /var/www/html/
 chmod -R 755 /var/www/html/

Configure Apache Web Server for Drupal

Create a configuration file for Drupal.

 nano /etc/apache2/sites-available/drupal.conf

Add the following content,

Replace example.com with your actual domain name. If you do not have any domain, you can enter the server’s IP address instead.

<VirtualHost *:80>
     ServerName example.com
     ServerAdmin admin@example.com
     DocumentRoot /var/www/html/drupal/

     CustomLog ${APACHE_LOG_DIR}/access.log combined
     ErrorLog ${APACHE_LOG_DIR}/error.log

      <Directory /var/www/html/drupal>
            Options Indexes FollowSymLinks
            AllowOverride All
            Require all granted
            RewriteEngine on
            RewriteBase /
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
   </Directory>
</VirtualHost>

Configure and Enable the Website using the below commands,

 apachectl -t
 a2dismod mpm_event
 a2enmod mpm_prefork
 a2enmod php8.1
 a2enmod rewrite
 a2ensite drupal.conf
 systemctl restart apache2

Check and Install Drupal on Ubuntu from the browser.

Access the Drupal configuration page by using http://example.com

Replace example.com with your actual domain or the server’s IP address.

images

Select an installation profile.

images

Input the Database configuration that was created from earlier.

images

Wait for the installation to complete,

images

Configure your site,

images

You’ll get to the Drupal dashboard as shown below,

images

Done.

bookmark_borderHow To Protect SSH With Fail2Ban on Ubuntu 22.10

Posted on by crowncloud

Hello,

In this week’s feature highlight, we look at How To Protect SSH With Fail2Ban on Ubuntu 22.10

Fail2Ban is an intrusion prevention framework written in the Python programming language. It works by reading SSH, ProFTP, Apache logs, etc. And uses iptables profiles to block brute-force attempts.

Installing the Fail2Ban package

Check for system updates and install them.

apt update -y

apt upgrade -y

Command to install the Fail2Ban

apt install fail2ban -y

To enable fail2ban, run the following command.

systemctl enable fail2ban

To check the status of the service, run the following command.

systemctl status fail2ban

Output:

root@crown:~# systemctl status fail2ban
● fail2ban.service - Fail2Ban Service
     Loaded: loaded (/lib/systemd/system/fail2ban.service; enabled; vendor pres>
     Active: active (running) since Thu 2022-10-19 13:37:13 UTC; 14s ago
       Docs: man:fail2ban(1)
   Main PID: 2557 (fail2ban-server)
      Tasks: 5 (limit: 1034)
     Memory: 13.2M
        CPU: 442ms
     CGroup: /system.slice/fail2ban.service
             └─2557 /usr/bin/python3 /usr/bin/fail2ban-server -xf start

Configuring Fail2Ban

Jail.conf contains a section in which Configuration settings can be done for the fail2ban, we are not going to edit this file because package upgrades can overwrite this file.

Jail.local contains the same sections where “jail.conf” file contains and it can override these values.

Command to create a jail.local configuration file by copying the default jail.conf file.

cp /etc/fail2ban/jail.{conf,local}

Open the file to configure.

nano /etc/fail2ban/jail.local

Whitelisting IP addresses

Find the following line in the config file /etc/fail2ban/jail.local and uncomment it to whitelist the IP address.

#ignoreip = 127.0.0.1/8 ::1

Once you uncomment it, add your IP address at the last of the command For ex.

ignoreip = 192.168.0.100 192.168.1.0/24

Multiple IP addresses can be whitelisted with the above configuration, they have to be separated with a single white space. You can also white list an IP block as shown above.

Ban settings

3 main options in these settings,

  • bantime: is the number of sec/hours/day that an IP address is banned.
  • findtime: is the window that fail2ban will pay attention to when looking for repeated failed authentication attempts.
  • maxretry: is the maximum try which will be given before blocking.

Find these lines in the config file /etc/fail2ban/jail.local and change them as you required.

Default values of the option are,

bantime  = 10m

findtime  = 10m

maxretry = 5

Note: If you want to block an IP address permanently use a negative value in the bantime option.

Get e-mail notifications

Note: To receive email alerts, you need to have an SMTP installed on your server.

To receive email alerts with relevant logs, find the following line in the config file /etc/fail2ban/jail.local and make sure that the following line is present.

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(action_)s
             %(mta)s-whois-lines[sender="%(sender)s", dest="%(destemail)s", logpath="%(logpath)s", chain="%(chain)s"]

To configure sending and receiving email addresses.

Find the following line in the config file /etc/fail2ban/jail.local and update the details.

Example:

destemail = admin@xyz.com

sender = root@xyz.com

Fail2ban Client

To interact with the Fail2ban service there is a command-line tool called fail2ban-client.

To check its available options enter the following command.

fail2ban-client -h

Here is a few examples that can be performed by using this tool,

Check the jail status.

fail2ban-client status sshd

To unban an IP.

fail2ban-client set sshd unbanip "IP address here"

To Ban an IP.

fail2ban-client set sshd banip "IP address here"

bookmark_borderHow to Enable BBR on Ubuntu 22.10

Posted on by crowncloud

Hello,

In this week’s feature highlight, we look at How to Install BBR on Ubuntu 22.10

BBR stands for Bottleneck Bandwidth and RTT is a congestion control system. You can enable TCP BBR on your Linux desktop to improve the overall web surfing experience. By default, Linux uses the Reno and CUBIC congestion control algorithm.

Run the following command to check available congestion control algorithms,

sysctl net.ipv4.tcp_available_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = reno cubic bbr

Run the below command to check the current congestion control algorithm used in your system,

sysctl net.ipv4.tcp_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr

Enabling TCP BBR in Ubuntu

Open the following configuration file /etc/sysctl.conf to enable TCP BBR.

 nano /etc/sysctl.conf

At the end of the config file, add the following lines.

net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr

Save the file, and refresh your configuration by using this command,

sysctl -p

Output:

root@crown:~# sysctl -p
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

Now, Verify if BBR is enabled in your system,

sysctl net.ipv4.tcp_congestion_control

Output:

root@crown:~# sysctl net.ipv4.tcp_congestion_control
net.ipv4.tcp_congestion_control = bbr