Quick server setup #2

For quick run:

wget -N http://www.nat.li/wp-code/104.1.sh&&bash 104.1.sh


Install lighttpd along with mysql and some other useful applications.

First of all, some useful/mandatory applications and mysql

1. Installs htop, rcconf, aptitude, vim, dos2unix and mysql

apt-get -y --force-yes update
apt-get -y --force-yes install htop aptitude rcconf vim dos2unix mysql-server

Copy this next part to a new file and name it something.sh, upload it to your server. I use the “/var” directory. “dos2unix thefile.sh” first if you uploaded from windows to make sure line endings are correct. After this, chmod u+x thefile.sh and then run it “./thefile.sh”.

2. Installs lighttpd
3. Installs php5-cgi
4. Configures & restarts lighttpd and php
5. change owner for /var/www2 ‘s subfolders to www-data
6. Install phpmyadmin

apt-get -y --force-yes install lighttpd php5-cgi
echo -e "server.modules += ( \"mod_fastcgi\" )\n fastcgi.server = ( \".php\" =>\n                    ( \"localhost\" =>\n                        (\n                            \"host\" => \"\",\n                            \"port\" => \"9000\"\n                        )\n                    )\n                 )" > /etc/lighttpd/conf-available/10-fastcgi-fpm.conf
lighty-enable-mod fastcgi 
lighty-enable-mod fastcgi-php
/etc/init.d/lighttpd restart
mkdir /var/www2
chmod 777 /var/www2
chown -R www-data /var/www2/*
apt-get -y --force-yes install phpmyadmin
/etc/init.d/lighttpd restart



php-fpm instead of cgi:

lua support to lighttpd:

usenet posting:

pptp vpn:

Set-up redundant MySQL system

Note: Setting up the slave like this, means it can only be used to read.. don’t ever try to write to it because you will break replication. If you want to add writing to it, set replication up both ways and change the auto-increment-increment and auto-increment-offset on both/all servers to ensure the unique keys don’t collide.

#Master and Slave(s)

apt-get install mysql-server –yes


vim /etc/mysql/my.cnf
#bind-address = #Comment it out

server-id = 1
log_bin = /var/log/mysql/mysql-bin.log
expire_logs_days = 10
max_binlog_size = 100M

mysql -u root --password={pass}
> grant replication slave on *.* to 'replication'@'%' identified by '{some_pass}';
> \q
/etc/init.d/mysql restart
> create database my_application;
> GRANT ALL PRIVILEGES ON my_application.* TO replication;


vim /etc/mysql/my.cnf
#bind-address = #Comment it out

server-id = X # (pick number 2 or over)
master-host = db1.dom.ext
master-user = replication
master-password = some_pass
master-port = 3306
replicate-wild-do-table = my\_application.%

(use the slash in front of an underscore because it’s a wildcard)

/etc/init.d/mysql restart

Additional Notes

#If u ever need to change master settings, run this mysql command on the slave:


#Check if slave OK
If the Slave_IO_State is “Waiting for master to send event” then you’ve been successful.

mysql -u root --password={pass}
> show slave status \G

#Check if connection to master OK
mysql –host=db1.dom.ext –port=*mysql-port* -u replication –password={pass}

#Check connection to slave OK from master
mysql -h dbX.dom.ext -u root –password={pass}

#Troubleshoot using telnet
telnet dbX.dom.ext *mysql-port*

#Create new user

INSERT INTO mysql.user (Host, User, Password, Select_priv) VALUES ('%', 'username', password('supersecret'), 'Y');

#Change pass

use mysql
update mysql.user set password=PASSWORD("NEW-PASSWORD-HERE") where User='tom';

Add users to vsftpd

Source: linux-hacks.blogspot.nl

#edit /etc/vsftpd.conf or /opt/etc/vsftpd.conf
chroot_list_file=/etc/vsftpd.chroot_list or /opt/etc/vsftpd.chroot_list
#You may alsow ant to disable anonymous access
#You may also want to enable write access

#Create vsftpd.chroot_list in /etc/ or /opt/etc/
Add the username you want to export to ftp.
If the user you want to add is not a system user then create that user first before editing the above file.

Restart the vsftpd server using /etc/init.d/vsftpd restart or service vsftpd restart
Now you can log into ftp using the new user.

Show iptable blocks

range="$1 $2"

if  [[ $cntonly == "c" ]] ;
then #Count only
    res=$(grep -c "$range.*iptables denied" /var/log/debug*)
    echo "$res"
else #Get actual lines
    res=$(grep "$range.*iptables denied" /var/log/debug*)
    echo "$res"

exit 1

Example usage:
./scriptname.sh Nov 11
Will show all dropped connections on November the 11th
./scriptname.sh Nov 11 c
Will show *amount* of dropped connections on November the 11th

Debian VPS (OpenVZ) Quick Setup

Fix getty processes causing log file growth

Comment out all but the first (tty1) getty entries

vim /etc/inittab
# Note that on most Debian systems tty7 is used by the X Window System,
# so if you want to add more getty's go ahead but skip tty7 if you run X.
1:2345:respawn:/sbin/getty 38400 tty1
#2:23:respawn:/sbin/getty 38400 tty2
#3:23:respawn:/sbin/getty 38400 tty3
#4:23:respawn:/sbin/getty 38400 tty4
#5:23:respawn:/sbin/getty 38400 tty5
#6:23:respawn:/sbin/getty 38400 tty6
telinit q

Set IPTables

$sshport = 22

#echo to /etc/iptables.rules

# Allows all loopback (lo0) traffic and drop all traffic to 127/8 that doesn't use lo0
-A INPUT -i lo -j ACCEPT
-A INPUT ! -i lo -d -j REJECT

# Accepts all established inbound connections

# Allows all outbound traffic
# You could modify this to only allow certain traffic

# Allows HTTP and HTTPS connections from anywhere (the normal ports for websites)
-A INPUT -p tcp --dport 80 -j ACCEPT
-A INPUT -p tcp --dport 443 -j ACCEPT
-A INPUT -p tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m multiport --dport 3128,smtp,9000,submission -j ACCEPT
-A INPUT -p udp -m multiport --dport icpv2,58177 -j ACCEPT

# Allows SSH connections from your home IP
-A INPUT -p tcp -m state --state NEW -s $ip --dport $sshport -j ACCEPT

# Allow ping
-A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT

# log iptables denied calls (access via 'dmesg' command)
-A INPUT -m limit --limit 5/min -j LOG --log-prefix "iptables denied: " --log-level 7

# Reject all other inbound - default deny unless explicitly allowed policy:


#echo to /etc/iptables.reload.sh
#Note that this doesn't reset any other tables than the default one (so not NAT etc.)
iptables -F
iptables -X
iptables-restore < /etc/iptables.rules chmod u+x /etc/iptables.reload.sh #echo to /etc/rc.local /etc/iptables.reload.sh

OpenVZ install on Debian 6.0

mkdir /var/openvz-dl
cd /var/openvz-dl

wget http://download.openvz.org/kernel/branches/rhel6-2.6.32/042stab062.2/vzkernel-2.6.32-042stab062.2.i686.rpm
wget http://download.openvz.org/kernel/branches/rhel6-2.6.32/042stab062.2/vzkernel-devel-2.6.32-042stab062.2.i686.rpm
wget http://download.openvz.org/utils/vzctl/4.0/vzctl-4.0-1.i386.rpm
wget http://download.openvz.org/utils/vzctl/4.0/vzctl-core-4.0-1.i386.rpm
wget http://download.openvz.org/utils/ploop/1.5/ploop-1.5-1.i386.rpm
wget http://download.openvz.org/utils/ploop/1.5/ploop-lib-1.5-1.x86_64.rpm
wget http://download.openvz.org/utils/vzquota/3.1/vzquota-3.1-1.i386.rpm

wget http://download.openvz.org/kernel/branches/rhel6-2.6.32/042stab062.2/vzkernel-2.6.32-042stab062.2.x86_64.rpm
wget http://download.openvz.org/kernel/branches/rhel6-2.6.32/042stab062.2/vzkernel-devel-2.6.32-042stab062.2.x86_64.rpm
wget http://download.openvz.org/utils/vzctl/4.0/vzctl-4.0-1.x86_64.rpm
wget http://download.openvz.org/utils/vzctl/4.0/vzctl-core-4.0-1.x86_64.rpm
wget http://download.openvz.org/utils/ploop/1.5/ploop-1.5-1.x86_64.rpm
wget http://download.openvz.org/utils/ploop/1.5/ploop-lib-1.5-1.x86_64.rpm
wget http://download.openvz.org/utils/vzquota/3.1/vzquota-3.1-1.x86_64.rpm

apt-get install fakeroot alien
fakeroot alien --to-deb --scripts --keep-version vz*.rpm ploop*.rpm
dpkg -i vz*.deb ploop*.deb --force-overwrite

update-rc.d vz defaults
update-rc.d vzeventd defaults


cd /vz/template/cache
wget http://download.openvz.org/template/precreated/debian-6.0-x86_64.tar.gz
---More pre-mades at http://wiki.openvz.org/Download/template/precreated

cp /usr/lib64/libvzctl-4.0.so /usr/lib/libvzctl-4.0.so
apt-get install libcgroup1

#Make new box (with ID 1)
vzctl create 1 --ostemplate debian-6.0-x86_64

#Static IP networking:
vzctl set 1 --nameserver --save
vzctl set 1 --ipadd --save

#Start box
vzctl start 1

Bridged networking


aptitude install bridge-utils
ifdown eth0
brctl addbr br0
brctl addif br0 eth0
ifconfig eth0 0
dhclient br0

vzctl set 1 --netif_add eth0,,,,br0 --save
ifconfig eth0
*write down mac address*
easymac.sh -R
*write down new address*
vzctl set 1 --veth_add veth1.0,08:00:27:42:1e:15,eth0,00:0C:29:22:D7:C1 --save

ifconfig veth1.0 0
brctl addif br0 veth1.0
vzctl enter 1
dhcpcd eth0
dhclient eth0

Copy openvz container to new template

Close the openvz container first!

#Create a file /tmp/excludes.excl with these contents:


#Then create the tar. But remember, when the system is 'not' using udev, you have to look into /proc/ after creating your container because some devices might not exist. (/dev/ptmx or others)

tar --numeric-owner -cjpf /var/mysystem.tar.bz2 / -X /tmp/excludes.excl

Using mod-cband to limit monthly bandwidth on apache2 vhosts


apt-get install apache2-dev
cd var
wget http://dembol.org/downloads/cband/mod-cband-
tar -zxvf mod-cband-
cd mod-cband-

Now open Makefile and edit the line APXS_OPTS=*
APXS_OPTS=-lm -Wc,-Wall -Wc,-DDST_CLASS=3

make install

Example vhost

<VirtualHost *:80>
ServerAdmin [email protected]
DocumentRoot /var/www/dom.ex/public_html/testblog
ServerName testblog.dom.ex

CBandLimit 100G
CBandScoreboard /var/www/scoreboard
CBandPeriod 4W

#<Location /cband-status>
#    SetHandler cband-status
<Location /cband-status-me>
SetHandler cband-status-me

More info here

How to install Mono 2.11.2 on Debian Squeeze

At the time of writing 2.11.2 is the newest version for Mono that I could find. If a newer version of Mono has come out by now, you can probably find it here.

Before installing

Before installing version 2.11.2 I actually had 2.6.7 installed (which doesn’t support .NET 4.0). I am not sure if my installation guide will work without you having done this, so in case you run into problems, run this first;

apt-get install mono-complete
apt-get remove mono-complete

After doing this, the command “Mono -V” actually still showed 2.6.7 as being installed so I’m not exactly sure if any of these files were required to get 2.11.2 to run.

Installation guide

Make might take 30-60 minutes, make-install should be fast

Updated for 3.4.0

This release has a bug (missing file) so one of the below commands creates it

apt-get update
apt-get install -y --force-yes gcc libtool bison pkg-config libglib2.0-dev gettext make bzip2 g++ build-essential

mkdir -p /var/mono-install
cd /var/mono-install

wget http://origin-download.mono-project.com/sources/mono/mono-3.4.0.tar.bz2
tar xvjf mono-3.4.*.tar.bz2
cd mono-3.4.*

echo -e '<Project xmlns=<a class="moz-txt-link-rfc2396E" href="http://schemas.microsoft.com/developer/msbuild/2003">"http://schemas.microsoft.com/developer/msbuild/2003">\n    <Import Project="..\Microsoft.Portable.Core.props" />\n    <Import Project="..\Microsoft.Portable.Core.targets" />\n</Project>' > mcs/tools/xbuild/targets/Microsoft.Portable.Common.targets

./configure --prefix=/opt/mono-3.4
make install

rm /usr/bin/mono
rm /usr/bin/gmcs
rm /usr/bin/mcs
rm /usr/bin/smcs
rm /usr/bin/dmcs
ln -s /opt/mono-3.4/bin/mono /usr/bin/mono
ln -s /opt/mono-3.4/bin/gmcs /usr/bin/gmcs
ln -s /opt/mono-3.4/bin/mcs /usr/bin/mcs
ln -s /opt/mono-3.4/bin/smcs /usr/bin/smcs
ln -s /opt/mono-3.4/bin/dmcs /usr/bin/dmcs

Updated for 3.2.6

apt-get update
apt-get install -y --force-yes gcc libtool bison pkg-config libglib2.0-dev gettext make bzip2 g++ build-essential

mkdir -p /var/mono-install
cd /var/mono-install

wget http://origin-download.mono-project.com/sources/mono/mono-3.2.6.tar.bz2
tar xvjf mono-3.2.*.tar.bz2
cd mono-3.2.*
./configure --prefix=/opt/mono-3.2

make install

rm /usr/bin/mono
rm /usr/bin/gmcs
rm /usr/bin/mcs
rm /usr/bin/smcs
rm /usr/bin/dmcs
ln -s /opt/mono-3.2/bin/mono /usr/bin/mono
ln -s /opt/mono-3.2/bin/gmcs /usr/bin/gmcs
ln -s /opt/mono-3.2/bin/mcs /usr/bin/mcs
ln -s /opt/mono-3.2/bin/smcs /usr/bin/smcs
ln -s /opt/mono-3.2/bin/dmcs /usr/bin/dmcs

Updated for 3.0.3

apt-get update
apt-get install gcc libtool bison pkg-config libglib2.0-dev gettext make bzip2 g++

mkdir /var/mono-install
cd /var/mono-install

wget http://origin-download.mono-project.com/sources/mono/mono-3.0.3.tar.bz2
tar xvjf mono-3.0.3.tar.bz2
cd mono-3.0.3
./configure --prefix=/opt/mono-3.0

# Make might take 30-60 minutes, make-install should be fast
make install

cd /usr/bin
mv mono mono.old
mv gmcs gmcs.old
ln -s /opt/mono-3.0/bin/mono /usr/bin/mono
ln -s /opt/mono-3.0/bin/gmcs /usr/bin/gmcs

2.11.2 version

apt-get update
apt-get install gcc libtool bison pkg-config libglib2.0-dev gettext make bzip2 g++

mkdir /var/mono-install
cd /var/mono-install

wget http://origin-download.mono-project.com/sources/mono/mono-2.11.2.tar.bz2
tar xvjf mono-2.11.2.tar.bz2
cd mono-2.11.2
./configure --prefix=/opt/mono-2.11

# Make might take 30-60 minutes, make-install should be fast
make install

cd /usr/bin
mv mono mono.old
mv gmcs gmcs.old
ln -s /opt/mono-2.11/bin/mono /usr/bin/mono
ln -s /opt/mono-2.11/bin/gmcs /usr/bin/gmcs