Linux

How to login and connect to NordVPN on Ubuntu Server

Installing the latest NordVPN by opening the terminal, writing the command below, and following any on-screen instructions:

sh <(curl -sSf https://downloads.nordcdn.com/apps/linux/install.sh)

Note: If you do not have a curl package, evidenced by the fact that the above does not work, you can alternatively use this command:

sh <(wget -qO - https://downloads.nordcdn.com/apps/linux/install.sh)

Additionally, if you receive the following issue:
Whoops! Permission denied accessing /run/nordvpn/nordvpnd.sock, all you need to do is write the following command:

sudo usermod -aG nordvpn $USER # and then reboot your device.

After installing NordVPN Linux Client you might get the following message when you try to login “nordvpn login”:
Continue in the browser

server@server:~$ nordvpn login
Continue in the browser: https://zwyr157wwiu6eior.com/v1/users……

There is a simple solution:
nordvpn login –legacy

server@server:~$ nordvpn login –legacy
Please enter your login details.
Email:

or even:
nordvpn login –username username –password password

How to disable the automatic ZFS snapshots on Ubuntu 20.04 with ZFS

Disable user snapshots

systemctl --user stop zsys-user-savestate.timer
systemctl --user disable zsys-user-savestate.timer

Disable system snapshots

sudo mv /etc/apt/apt.conf.d/90_zsys_system_autosnapshot /etc/apt/apt.conf.d/90_zsys_system_autosnapshot.disabled

Re-enable user snapshots

systemctl --user start zsys-user-savestate.timer
systemctl --user enable zsys-user-savestate.timer

Re-enable system snapshots

sudo mv /etc/apt/apt.conf.d/90_zsys_system_autosnapshot.disabled /etc/apt/apt.conf.d/90_zsys_system_autosnapshot

2021 Updated! Install WordPress on Ubuntu Server with add-on features as HTTPS support, SSL certificate and HTTP2 supports

sudo apt-get install apache2 apache2-utils 
sudo systemctl enable apache2
sudo systemctl start apache2
sudo apt-get install mysql-client mysql-server
sudo apt-get install php7.4 php7.4-mysql libapache2-mod-php7.4 php7.4-cli php7.4-cgi php7.4-gd  
sudo nano  /var/www/html/info.php
<?php 
phpinfo();
?>
This is only for info about the server configuration and settings etc, very highly recommended to remove it after the initial test.
Simply:
sudo rm -rf /var/www/html/info.php
sudo a2enmod rewrite

sudo apache2ctl configtest
(You might get a "AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message")
There is an easy fix: 
sudo nano /etc/apache2/apache2.conf
Then Just add a line like this: 
ServerName 127.0.0.1
This should solve the issue.


It's time to download and deploy the latest wordpress version.
wget -c http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz
sudo rsync -av wordpress/* /var/www/html
sudo chown -R www-data:www-data /var/www/html
sudo chmod -R 755 /var/www/html
cd /var/www/html
mysql -u root -p
CREATE DATABASE dbuser;
CREATE USER 'dbuser'@'localhost' IDENTIFIED BY 'YourPassword';
GRANT ALL PRIVILEGES ON dbuser.* TO 'dbuser'@'localhost';
FLUSH PRIVILEGES;

There are several methods to determine what is our current password strength, and we can make it stronger if required.
I usually use these methods:

SHOW VARIABLES LIKE 'validate_password%';
SHOW VARIABLES LIKE 'default_authentication_plugin';

then if I need to modify something here are some useful variable settings:

SET GLOBAL validate_password.LENGTH = 8;
SET GLOBAL validate_password.policy=2;
SET GLOBAL validate_password.policy=MEDIUM;
SET GLOBAL validate_password.mixed_case_count = 1;
SET GLOBAL validate_password.number_count = 1;
SET GLOBAL validate_password.special_char_count = 1;
SET GLOBAL validate_password.check_user_name = 0; 

cd /var/www/html
sudo mv wp-config-sample.php wp-config.php

In the wp-config.php we will set our own database name , username password ,and host name/address.

sudo nano wp-config.php 

sudo systemctl restart apache2.service 
sudo systemctl restart mysql.service

If we carefully followed all my steps above , you should have a running wordpress page by now.
You might need to run as the wordpress uses php file extensions.
sudo rm -rf /var/www/html/index.html

Enable HTTPS supports:

Create a ssl-params.conf file and add the following definition below to it, then save it.

$ sudo nvim /etc/apache2/conf-available/ssl-params.conf 
# Cipherli.st Strong Ciphers for Apache url: https://cipherli.st/
# Addong some Strong SSL Security on Apache2
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling on
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

Next thing to do is create a backup of the original default-ssl.conf file.

$ sudo cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak

Then modify it accordingly, we are deploying a wordpress site in this particular example we use the following adjustments.

ServerName lnrsoft.ddns.net
ServerAlias lnrsoft.ddns.net

Redirect permanent / https://lnrsoft.ddns.net/
DocumentRoot /var/www/html

Protocols h2 http:/1.1

<If "%{HTTP_HOST} == 'lnrsoft.ddns.net'">
    Redirect permanent / https://lnrsoft.ddns.net/

SSLEngine on
  
Options FollowSymLinks
AllowOverride All
Require all granted
  
SSLProtocol +TLSv1.2

Enable HTTP2 supports:

<VirtualHost *:443>
  ServerName lnrsoft.ddns.net
  ServerAlias lnrsoft.ddns.net

  Protocols h2 http:/1.1

  <If "%{HTTP_HOST} == 'lnrsoft.ddns.net'">
    Redirect permanent / https://lnrsoft.ddns.net/
  </If>

  DirectoryIndex index.html index.php
  DocumentRoot /var/www            

  ErrorLog ${APACHE_LOG_DIR}/lnrsoft.ddns.net.log
  CustomLog ${APACHE_LOG_DIR}/lnrsoft.ddns.net-access.log combined

  SSLEngine On
  SSLCertificateFile /etc/letsencrypt/live/lnrsoft.ddns.net/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/lnrsoft.ddns.net/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/live/lnrsoft.ddns.net/chain.pem

  <Directory /var/www>
      Options FollowSymLinks
      AllowOverride All
      Require all granted
  </Directory>

</VirtualHost>

It is also recommended adding strong ciphers for Apache to increase SSL Security on the server.
Part of my Best Practices to deploy a secure webserver, virtual personal server or database serve is to add the recommended ciphers from SSL Server Test.

How to Enable HTTP2 in Apache 2.4 on Ubuntu

### Step 1: Upgrade Apache from PPA

sudo add-apt-repository ppa:ondrej/apache2
sudo apt update
sudo apt upgrade

### Step 2: Install the PHP FastCGI module for PHP 7.4

sudo apt install php7.4-fpm 
sudo a2enmod proxy_fcgi setenvif
sudo a2enconf php7.4-fpm 
sudo a2dismod php7.4 
sudo service apache2 restart

### Step 3: Change MPM from "prefork" to "event"

sudo a2dismod mpm_prefork 
sudo a2enmod mpm_event 
sudo service apache2 restart 
sudo service php7.4-fpm restart

### Step 4: Add a line to your Virtual Host file

Protocols h2 h2c http/1.1

### Step 5: Enable the mod_http2 Apache module

sudo a2enmod http2
sudo service apache2 restart

### Step 6: Test your Apache server for HTTP/2

https://http2.pro/

vnStat – a brilliant open source console-based network traffic monitor for Linux

vnStat is a console-based network traffic monitor for Linux and BSD that keeps a log of network traffic for the selected interface(s).
Features:
Quick and simple to install and get running.
Gathered statistics persists through system reboots.
Can monitor multiple interfaces at the same time.
Several output options.
Summary, 5 minute, hourly, daily, monthly, weekly, yearly, top days.
Optional png image output (using libgd).
Data retention duration is fully user configurable on the fly.
Months can be configured to follow billing period.
Light, minimal resource usage.
Same low cpu usage regardless of traffic.
Can be used without root permissions.
Online color configuration editor.
humdi.net/vnstat/