It is very likely in today’s multi-platform landscape that you may encounter a situation where you have a Linux server running alongside Windows servers or Windows workstations. If you ever want users to interact with the Linux server, for example for backup and storage purposes, you will need to setup some form of interoperability. Samba is a tool that can help you integrate Linux or Unix-based operating systems within your Windows Active Directory network.
Samba supports many Windows networking features, such as file and print servers, authentication, name resolution, and service announcing. For the most part, this means that your Windows users can share files with your Linux users and vice versa without needing to use the cloud as an intermediary. This is particularly useful if you do not want to have to open your network simply to share items in the same office.
Linux machines make excellent Windows file servers. While on the surface it might make more sense to use a Windows box as a file sharing server for windows workstations, a Linux server requires less maintenance and security attention. Linux is also a more stable choice for a file sharing server. Perhaps most importantly of all, you will not have to purchase another license for Windows Server to run on that machine.
For a detailed explanation of how to setup a Samba file sharing server on Linux, see this tutorial.
Top is a handy little tool that allows you to view frequently updated information about your Linux server from load average to free memory. By default, top refreshes every three seconds, giving you near real-time monitoring of CPU and memory usage, top running processes, and more.
Normally, you need to run top from the console, terminal, or remote connect (via SSH) in order to view its information, but there is another way to receive top’s information without needing to run it in the foreground. With this method, you can log top’s activity to a file for later use.
Batch mode, designated by the “-b” option, tells top to run without any interactive measures required by the user. You can then send that information to a file using a method such as this:
top -b -d 10 -n 3 >> top-results
In this example, “-d” means top will refresh every 10 seconds, and “-n” means there will be a total of 3 iterations. You can adjust these options to suit your needs. Finally, “>>” will feed the output from top to a file named “top-results”, which you can view at any time, giving you your own top log file.
The more traffic your websites and applications generate, the higher the load your server will have to carry. Over the course of a given amount of time, your server may have a variation of high, medium, and low load. The average of that load over time is called the load average.
Programs like “top” allow you to get a glimpse of your system’s load average. The average may look something like this:
load average: 0.23, 0.18, 0.27
The above is an example of very low load averages. The “uptime” command will also display your system’s load average. Each number represents the average number of processes waiting to be scheduled on the run queue over the last minute.
In very intense situations, load averages can climb to 20 or higher. Imagine 5 lanes of traffic trying to squeeze onto a one-lane bridge, and you will have an idea of what a high load average can do to your system.
A high load average is not always an immediate cause for concern, especially if your CPUs themselves are not under a tremendous about of stress. One time when it should definitely be a concern is when you are not running anything requiring a lot of CPU attention either on your end or on any website. This could mean someone has exploited a vulnerability in your system and is running background processes.
Apache Cassandra is a free and open source NoSQL database system, an alternative to relational database management systems (RDMS) such as MySQL. Originally developed by Facebook, Cassandra is designed to handle large amounts of data, heavy loads and high traffic sites. It comes with management tools such as cassandra-cli and node-tool, but those looking to make things a little easier can look to these graphical tools.
Cassandra Cluster Admin – Similar to phpMyAdmin for MySQL, this graphical administration tool features a simple interface that can display Cassandra data in columns, rows, and range slices. It allows for keyspace, column family, and row manipulation.
OpsCenter – Provided by DataStax, OpsCenter is a complete data infrastructure management tool allowing you to manage, monitor and control Cassandra. It provides a wide range of visualization to help you see exactly what is going on with your databases.
Cassandra GUI 2.0 – Specifically designed to make management easier, this graphical tool for cassandra features a row view explorer and filtering of displayable data. This current version is only for viewing data and not for manipulation.
Helenos – This tool allows for exploring data and managing schema. You can add/remove/truncate column families, add/drop a keyspace, view paginated results and offer both administrative and read-only roles for users.
As NoSQL becomes increasingly popular, you can expect the list of graphical admin tools to grow. Until then, the above four are great for many basic tasks.
If you are new to the server arena, you might not have considered the legal implications of running one or more websites or even having an entire hosting company. There are local, federal, and international laws that you might need to address, depending on the content and audience of your websites.
Environmental – Many locations now have required environmental regulations for data centers. If you are housing your own equipment, you will need to make sure your data center complies with these regulations and is energy efficient.
Privacy – This one can be a little trickier since the privacy laws differ so widely from one country to another. In the United States, your customers may be concerned by recent privacy issues raised about government spying. You may be able to alleviate some of those concerns by using encryption that only customers know while still complying with government regulations. If you have European customers, you will need to provide even more privacy assurance. The EU even requires websites to declare if they are using cookies in the user’s browser.
Criminal Law – It goes without saying that you will need to comply with laws regulating copyright, pornography, gambling, alcohol and drugs. This is particularly important if you are hosting other websites because your hosting company could be held responsible for criminal activity perpetrated by your users, especially if you were aware of that activity.
With so many regulations and laws to consider, it might be a good idea to talk with some experts in the industry and, if you can afford one, an attorney. A lawsuit or even criminal prosecution can sometimes come when you least expect it. It is better to be prepared when it does.
In a previous post, we highlighted some crucial security measures you should adopt to keep your dedicated server safe. What follows are five more tips that are of equal or even greater importance.
1. Restrict root – Root, the administrator or super user has full control of your server. Ideally, only one person should be able to elevate their user permissions to root level. You can restrict who is able to use either the su or sudo command to become root, and you should.
2. Separate production from R&D – Production applications should be on one server, and research and development should be on another. At the very least, you should keep R&D on its own separate virtual machine. It would be a shame for something experimental to be the cause of a security exploit on your server.
3. Take advantage of security features – Many applications have security features built into them. For example, some Apache modules are included specifically for security purposes.
4. Tighten web applications – Make sure the code in your web applications is updated and tightly secured. You can also use web applications security tools such as ModSecurity.
5. Monitor and audit – Even if you plan perfectly, some things may slip by you. If you monitor carefully, you can catch those slip ups before they can cause damage. Routine audits can also help reveal vulnerabilities.
In part one, we looked at some of the bare essentials for getting started with your new server. The following are a few others that are sometimes essential, depending on what you want to do.
Server-side Scripting – If you are going to run dynamic websites, which you almost certainly will, you will need some type of scripting language. This is truly only limited by your programming skills and/or the third-party web applications you want to install. Popular choices include PHP, Python, Ruby, and Java. If you intend to offer web hosting services, you may find yourself installing as many solutions as possible.
Web security – Once you open your server up to the web, you invite attackers who can get in and do damage no matter how tightly you have configured your firewall. Therefore, you need an extra layer of security. Solutions like ModSecurity, an open source web application firewall, can prevent nasty attacks like XSS (cross-site scripting) and SQL injection.
Hosting automation – This may not seem like an essential server component, but in modern times, it can greatly simplify your life, especially if you intend to offer hosting to others. There are free options like Webmin and Virtualmin, and there are also commercial options like WHM and cPanel.
In part three of this exploration of Linux and Unix server tools, we will look at some smaller tools that can help you with day-to-day tasks.
Once you have deployed and booted up your first Linux server, you may suddenly find yourself in an awkward situation where you are unsure what to do next. There are so many options and so many ways to configure it that you might feel overwhelmed. The following tools are essentials for getting started with a new, small dedicated server or VPS. They are not the only options, but they are good ones that can help you get started.
Firewall – APF (Advanced Policy Firewall) – Before you even get started down the road of configuring your server, make sure it is secure. APF has a ton of firewall features, but what makes it great for getting started is that it is easy to use.
Web server – Depending on the server image and OS, you might already have a web server installed. If not, it is obviously essential if you want to host websites, even on your own internal network. The most popular choices are Apache, Nginx, and Lighttpd, all of which are free and open source.
Database – To build any dynamic website, you will need a database solution. This can be something very basic like using XML flat files or SQLite, or it can be a full blown database server like MySQL. There are also big data solutions like Apache Cassandra, MongoDB, and Apache Hadoop. All of these options are open source.
In part two of this series, we will explore even more tools that are essential for getting started with your new server.
One of the frequently mentioned benefits of VPS hosting is that it is more secure than shared hosting because your account is walled off from other accounts, allowing them to function as separate servers. Virtual private servers and virtualization in general are generally thought to be secure. So, can one virtual machine compromise the security of another? Is that even possible?
The short answer is: yes. It is possible, at least in theory. The long answer, however, involves digging a little deeper. First, it is important to understand that a virtual machine, no matter how much it appears to operate independently, is still ultimately dependent on its host machine. Therefore, if the host machine is in any way compromised, all of the virtual machines running on it could be at risk. Therefore, the real question is not whether one virtual machine can affect another but if it is possible for a virtual machine to affect the host.
Over time, there have been a few exploits, such as one for Xen hypervisor, that allowed an attacker operating within a virtual machine to “escape” into the larger host system, and another for VMware products running on Windows systems that allowed for a similar privilege escalation.
These exploits are largely theoretical since they may not have ever actually been used for attacks, and once discovered, the developers fixed the problems. The salient point here is that such attacks are possible, and you should therefore make sure your virtualization software stays updated and has standard security measures in place.
One of the very useful features of cPanel’s WebHost Manager (WHM) is the ability to control user quotas, the amount of disk space allotted to a given user account. Once an account reaches its disk quota, no more files can be added.
To modify an account’s quota, navigate WHM to Home >> Account Functions >> Quota Modification. There, you will find a list of the accounts.
Click on the account you wish to modify or search for it using “account search”
You can then either choose to modify a single quota or all of the users’ quotas
Enter the quota amount (in megabytes)
Account quotas are a good way to ensure that your customers do not abuse their accounts, even accidentally, by using more than their fair share of disk space. Even if you theoretically offer “unlimited” space, you might want to set a high maximum, since no server actually has unlimited disk space, even if you are continuously adding drives. If necessary, you can always go back and raise the quota for any or all users.
As we approach the end of the year, now might be a good time to review your security practices and fix any weaknesses in your system. The following are 5 basic security tips to keep your server secure.
1. Secure remote access – Whenever possible limit the amount of remote access users can obtain, and secure any necessary remote connections. Use SSH for encryption, and tunnel any other services through SSH.
2. Remove unused services – If you are not using a particular service, it should not be running on your system, especially if it is a networked service that could possibly have an exploit in the future.
3. Use tight permissions – Many third party web applications will recommend very loose permissions for their software when some of them are not necessary. When possible, tighten your file permissions and limit user access.
4. User control – Remove unused user accounts, and enforce strong user passwords. Many servers are attacked through vulnerable user accounts.
5. Check and double check – Just because you have not had any security problems does not mean they do not exist. Scan your system for vulnerabilities and perform regular audits to make sure everything is running smoothly.
In part 2, we will look at some more ways you can keep your server safe and manage your security with more consistency and ease.
Ever so often, you might try to update your Ubuntu Server packages and find that certain ones are “kept back” during the upgrade process. These will often be kernel or other mission critical packages that do not get updated.
The reason some packages might get kept back is that some dependencies have been changed for them, and installing the new versions will require additional packages to be installed. In most cases, the new installations will not hurt your system, but those packages are still held so that you can manually review each case.
Fortunately, the fix for this problem is quite simple. If you have run “upgrade”, and some packages are kept back, all you have to do to install them is run “dist-upgrade”. This will make sure your entire distribution is up to date and will install those “kept back” packages along with their new dependencies.
From the command line type:
$ sudo apt-get dist-upgrade
Alternatively, if you are unsure if you want to upgrade the entire system, you can install each package individually and approve any new dependencies as you are prompted. For more information as well as a lengthy discussion about the topic, see the Debian administration page.
There may be times when you want to send a message to your server users that they all can see when they log in. While “wall” allows you to send messages to currently logged in users, you need a different tool to make sure all users get it whenever they happen to log in. MOTD (message of the day) can serve that purpose. You can also use it just to display general reminders.
The easiest way to change the motd is to edit the /etc/motd file. You can place any information you want in this file. It could be a warning about unauthorized access, contact information for the administrator, helpful tips for new users, or even just general information about the server.
Keep in mind that anything you put in the motd will be sent to all users on your system every time they login. Make sure it is something useful and not annoying. There are also programs you can use that give random quotes for the message of the day if you would prefer that.
Example message of the day:
Welcome to Server 78923, Alpha Data Center
All activity on this server is monitored. Any unauthorized use of this server and its user accounts is prohibited.
Any good system administrator needs to be able to send authoritative messages to any online users. Fortunately, with BSD variants such as FreeBSD and OpenBSD, it is very easy with a tool called “wall”.
To send a general message to all users logged into the system, follow this format:
your message here
more of your message
At the end of your message, press CTRL+D to send.
For example, if you want to inform all users that the system will be shutting down for maintenance, you would type:
The system will reboot to complete maintenance in 15 minutes. Please save your work
– Your friendly system admin
You can also send messages to specific group members with the “-g” option. For example, to send messages only to those in the “wheel” group (for administrators), enter:
# wall -g wheel
Wall is a helpful tool for communicating with users logged into your server, and it is available on most Unix-like operating systems, including BSD variants and Linux distributions.
MySQL is one of the most widely used relational database management systems (RDMS), but it can also be responsible for placing a heavy load on your server if you do not manage it well. The more traffic you get coming to your site, the harder your database server will have to work. While you can improve performance simply by writing better code with more efficient queries, you can also make some adjustments to MySQL itself that will improve and optimize it.
To begin, you will need to backup and edit your my.cnf file, often found in /etc or /etc/mysql.
You should focus on improving MySQL’s caching using some of these parameters:
- query_cache_size – This controls the size of the caching for any repeated queries of the same data
- key_buffer – SQL commands run faster when the key buffer is larger, allowing the database to hold indexes
- table_cache – Any tables MySQL accesses are placed in a cache. If your server is accessing many tables at once, a larger cache may help
- thread_cache – Similarly, if you have multiple connections to MySQL, a higher thread cache will reduce server load
With better caching for MySQL, your server should use fewer CPU cycles and reduce overall load on the server.
HipHop can improve your server’s PHP performance. No, I do not mean the hip hop you might hear on your favorite rapper’s latest album. In this case, HipHop refers to some PHP improvements originally created by Facebook and then released as free and open source software. HipHop can significantly increase PHP web application speed and has helped Facebook maintain a reasonably good performance level despite the astronomical demands on its servers.
HipHop is an execution engine for PHP that is designed to handle higher loads and increase performance. It was originally a C++ compiler that would compile PHP code into a binary, offering nearly 6 times the performance. In order to increase compatibility, Facebook eventually created a PHP virtual machine called HHVM (HipHop Virtual Machine) that has reached identical performance to HPHPc, while also including full support for PHP and all its functions.
The source code for HipHop is available on GitHub and also available as a prebuilt package for an Ubuntu server. You can find out more information about HipHop for PHP by visiting its Facebook page and joining the community discussion.
Virtualization has been one of the best technologies to develop in a long time for many organizations. Server deployment times are shorter, data centers are more energy efficient, and overall operational costs are down. In short virtualization is almost certainly something you should consider for your servers. What follows are some tips that should help you along the way.
- Use virtualization hardware – Not all hardware is adequately equipped to handle virtualization. In addition to the basic hardware virtualization CPU support, you should also make sure the RAM, storage space, and other variables are ideal for virtual machine expansion
- Create snapshots or templates – One of the benefits of virtualization is that you can create templates that will make it easy to spin up new virtual machines. You should take advantage of this feature and have templates for all the types of virtual machines you need
- Maintain the host system – Do not neglect to keep the host operating system patched, secured, and optimized, as all of the virtual machines will depend on it
- Choose wisely – Just because you can virtualize does not mean you need to virtualize every service. Some may benefit from it more than others. Weigh the pros and cons and choose to virtualize when it is actually beneficial.
Virtualization is cost effective, easy to set up, and makes provisioning and deploying servers fast and convenient. If you use it, you will save physical server space and be able to expand the technological capabilities of your servers without purchasing additional hardware.
It does not take much for a web server to get overwhelmed when you have high traffic websites. Although you could always purchase more expensive hardware and networking equipment, there are more cost-effective ways to get better performance and get the most out of what you have. One such method is to use a web cache proxy like Squid.
Squid is a free and open source caching proxy for web servers that reduces bandwidth and dramatically improves access times with its caching system. Web servers are constantly receiving requests from clients (web browsers) and serving up web pages. This issue is compounded by dynamic websites that use server-side scripting, since each page request is created on the fly, often accessing a database and systematically draining your server’s resources.
When your web server caches content, it can serve up frequently requested pages that haven’t been changed on the sever side, giving users faster access. For the server, you save bandwidth and are able to server more content to more users. Even without caching squid can help improve connection times, just with its optimization of TCP flows.
Squid is free and open source software, released under the GNU GPL. It is free to download, use, modify, and redistribute. Millions of websites already use it.
OpenVZ is free and open source virtualization software that gives you the ability to create and manage virtual private server containers on your dedicated server. While you could manage it quite effectively from the command line, you may prefer to use some type of hosting automation system. The following are some free web-based management tools for OpenVZ.
HyperVM – This tool advertises its ability to manage an entire server cluster from a single console. It supports both OpenVZ and Xen, running primarily from RHEL, CentOS, or Fedora. It can also integrate with WHMCS and AWBS.
OpenVZ Web Panel – Recommended by OpenVZ, this web panel is designed exclusively for the purpose of managing it from a web-based graphical interface. It features an automatic installer, backup interface, and remote API.
VirtuoCP – This project does not have much of a description, but it does claim to be a virtual private server control panel that runs on Linux and is capable of managing OpenVZ.
OpenNode – Designed to be “bare metal”, this is a complete ISO that you can install on a new machine and have a private cloud up and running. It supports both OpenVZ and KVM.
For more control panels and solutions for OpenVZ, visit the OpenVZ wiki. You can also find complete documentation there.
It is a common error on websites, yet it is one of the most annoying for web developers and system administrators. The dreaded 500 “Internet Server Error” has plagued webmasters for years. Sometimes, it is very easy to fix, but it may be difficult to find out what the problem actually is because it is such a vague error. Nevertheless, if you know where to look, you may be able to remedy the situation quickly and easily.
A few possible causes could be:
Incorrect permissions on your scripts. If the scripts are not executable, they will not run. If you have installed a third-party web application, check the documentation for correct permissions
Incorrect settings in htaccess – The server will load the contents of your .htaccess file before anything else, so if there is something wrong, your site will come to a screeching halt.
Bad code – This may be a bit more tedious, but if you have written your own scripts, you will need to go through them and check the syntax and look for any mistakes.
Once you narrow down the problem, you should be able to fix a 500 error relatively quickly, and your server and website will return to business as usual.
One of the things that makes Linux servers so powerful is Bash and shell systems similar to it. You can use it to run complex scripts, execute multiple commands, and automate processes. If you ever want to execute multiple commands with bash, there are a couple of easy ways to make it happen.
One method is to put commands into the background. When you run a command and put a “&” after it, it will push that command to the background and allow you to run others. You could put this into a string of commands:
$ cmnd1 & cmnd2 & cmnd3 &
And the output would be:
Notice that the bash prompt returns allowing you to do more while those three commands run.
If those commands are connected, and you need the results of one to pour into the next, you can use piping “|” instead. For example:
$ cmnd1 | cmnd2
As you can see, this is just a little taste of what you can do to run multiple commands in bash. You can get much more creative with the tools it has available. For a more detailed explanation, see this post.
Once upon a time, data centers were huge, fully staffed with IT personnel, and required quite a bit of attention to keep them running. People had to manually deploy physical servers, maintain good temperature and humidity levels, and monitor the servers. Those days may soon be over and make way for the era of the software-defined data center.
A software-defined data center (SDDC) is described by Webopedia as a “data center where all infrastructure is virtualized and delivered as a service”. Most of that monitoring and maintenance that once required a real life person is now automated and controlled by software.
Virtualization has played a major role in the development of software-defined data centers. Deploying servers can now be as simple as clicking a button on a screen rather than the physical labor of deploying machines. The monitoring tools that have inevitably developed out of virtualization also make it easier to allocate resources to servers according to their precise needs.
Other developments like power distribution units (PDUs) have made it easier to maintain power levels according to server load, and temperature/humidity monitors help maintain the right environment for servers to operate at peak performance and ecological efficiency. All of these technologies are also controlled by software.
Some analysts predict that by 2017, software defined data centers will be the norm across most industries. There may come a time when data centers only require a few personnel who occasionally dust off the machines and do little else.
Virtualization is extremely popular in the server world right now, and many organizations swear by it. Still, there are some IT people that will look at individual virtualization examples and say to you, “Why don’t you just use a chroot environment.” There are pros and cons to this method, and we will discuss the benefits of virtualization versus chroot.
In general the only scenario where this argument would apply is when you are interested in virtualizing an instance of your current operating system within itself. In other words, you might be running Ubuntu and want to run another instance of Ubuntu within it to create a virtual private server (VPS). In such a scenario, you could either create a virtual machine with KVM, Virtualbox, VMware, or some other technology, or you could create a chroot jail and install another copy of Ubuntu within it.
One of the biggest differences between virtualization and chroot is that virtualization is designed to be simple and easy. Even a desktop user can start up VMware workstation and easily create a virtual machine. On the server, it only takes a few commands. Chroot, on the other hand, is quite complex, and the root user has the potential to do serious damage to it, since in many ways, it is still connected to the main system.
For a very technical operation or sandboxing, a system administrator may have use for chroot. When it comes to actually business use, virtualization makes more sense. You can easily duplicate a virtual machine, transfer it to another physical machine, start and stop it at will, and of course run a variety of operating systems and configurations. To state it plainly, the method you choose largely depends on what you want to accomplish.
In enterprise IT, Flash is a very popular topic. Traditionally, flash storage has been reserved for mobile devices, but more recently it has found its way into servers and even on network devices.
Flash storage can serve a number of purposes:
Replacing or supplementing the hard drive. This type of flash storage is often called a Solid State Drive on a server.
Serving as a cache device to increase speed. This cache can be on the hard drive, on an I/O card, on a network devices, or sitting between the server and the network. Flash cache can significantly increase speed and help avoid bottlenecks.
Because flash is still somewhat new, there are some reason not to use it.
It is still more expensive than traditional storage, such as hard disk drives
Flash memory is known to degrade over time, though it is not clear just how fast this will occur or if it is even a realistic concern.
Flash has many benefits, particularly in the area of server caching. If cost is not a concern, it may certainly be worth your consideration.
GNU Nano text editor is just one of many choices on Linux and Unix-like operating systems, but since it is the editor I use on my server, it will be the tutorial of choice today. It is easy to learn and use, though some may argue that some of the more complicated text editors, such as Vi or Vim, are more powerful. Nevertheless, Nano is more than enough for basic file editing and system configuration.
Edit a file:
$ nano filename
To make sure you preserve line breaks, you can edit with the -w option:
$ nano -w filename
From within the interface, you can navigate with the arrow keys up, down, left, and right. Enter creates a line break, and the space creates spaces, just as they would in a desktop text editor.
To find a keyword in a file, press CTRL+W
To move down an entire page, press CTRL+V
To move up an entire page, press CTRL+Y
When you are finished editing a file, press CTRL+X to exit. It will ask you if you want to save the file. Press Y and ENTER to save and exit.
That is all it takes to edit a file with Nano. GNU Nano is a free and open source alternative to the once popular text editor called Pico. For more information about Nano, visit the project website.
In the old days, when you needed to deploy a new server, there was at least some legwork involved. You would have to find rack space, make sure the rack had enough power for a new server, install an image on the server, and, if the image is not exactly what you needed, customize it to your specifications. All of that had to be done before the server would even be ready to turn on and boot. Virtualization has dramatically changed server deployment, and virtual machine (VM) provisioning is one way to streamline and automate the process.
By using a server provisioning application, you can create new virtual server instances on the fly. What once might have taken hours can now happen in minutes with just a few clicks. Moreover, if you need to deploy multiple servers, you can use virtual machine provisioning to duplicate VMs and deploy them automatically.
In addition to the creation of VMs, you can also allocate power, I/O resources, CPU cycles, and memory. Depending on the provisioning software, it may support multiple operating systems (such as Linux, BSD, or Windows) and multiple virtualization tools (such as KVM, Xen, and VMware). Some provisioning software may even offer features beyond initial deployment, allowing you to continuously track and monitor all of your virtual machines from one management interface.
You can find a list of Linux server provisioning applications right here at ServerSchool.com.
KVM is a Linux-based virtualization system that allows you to virtualize a wide variety of operating systems and environments. When you want to manage your virtual machines or guests, you can use a program called virsh. As a command line tool, you can use virsh to manage guests and the hypervisor. It is built on the libvirt management API, and you can use it as an alternative to qemu-kvm or graphical tools like virt-manager.
To list available guests, type:
$ virsh list
This will give you a list of all current guests. The output will look like this:
Connecting to uri: qemu:///system
Id Name State
3 cobalt running
To connect to the hypervisor, use the following command:
$ virsh connect qemu:///system
To start a guest named “cobalt” with virsh, run:
$ virsh start cobalt
To stop a guest, run:
$ virsh shutdown cobalt
There are many other commands you can run to control your guest, including reboot, suspend, resume, migrate, restore, and more. For a complete list of commands, you can type “man virsh” from the command line or see this online documentation.
If you have been following our Ubuntu server series, you have learned how to setup a LAMP server and configure an APF firewall. In order to do any of this, you likely already had your networking configured correctly, but if you do not, this brief tutorial explain how to setup name servers and ensure they are resolving correctly.
You can setup your system to use DNS for name resolution in /etc/resolv.conf. You can also add DNS suffix searches for your server’s domain names. A basic setup using public DNS servers, such as Google’s will look like this:
In this example, your domain is example.com, and the nameservers are public DNS servers. If your server is part of a network or larger domain of servers, you might want to configure different DNS settings for each machine and then point your router to the public DNS server.
If you require multiple domains or subdomains for searching, you can add them on the same line:
search example.com billing.example.com support.example.com
For more information about Ubuntu network configuration, consult the online Ubuntu documentation.
In a previous post, we learned how to install a basic LAMP server setup on an Ubuntu Server. Once you have Apache, MySQL, and PHP up and running, you should strongly consider reconfiguring your firewall to accommodate it, while still keeping your server secure. While you could labor at iptables configuration manually, there are some easier and more coherent options, such as APF (Advanced Policy Firewall), which is based on APF and makes setting up firewall rules much easier.
APF is available in the Ubuntu system online repository. To install simply run apt-get:
$ sudo apt-get install apf-firewall
APF will not be started until you confirm that the settings are correct and then enable it. Begin by editing the firewall configuration file located in /etc/apf-firewall/conf.apf. Two key lines you might want to edit include the common inbound TCP ports (IG_TCP_CPORTS) and common outbound TCP ports (EG_TCP_CPORTS), adding any ports for services you need to run and have open. For example, if your web-based control panel will use port 4382, you will need to list it here.
You can test the firewall at this point and when you are ready for it to go live, you need to turn off development mode:
Next, save the configuration file and edit /etc/default/apf-firewall and enable it with:
Finally, you can start APF by running:
$ sudo service apf-firewall start
LAMP is a software stack for servers that refers to Linux Apache MySQL and PHP. It is still one of the most common configurations for servers and web applications, and it is very easy to install on Ubuntu servers. Simply follow these instructions:
The first part of LAMP, namely Linux, should already be installed, so your first step is to install tasksel, a program that provides a base for easy software setup.
$ sudo apt-get install tasksel
Next, all you have to do is tell tasksel to install LAMP:
$ sudo tasksel install lamp-server
That is all it takes. You may get prompted with a couple of questions, such as if you want to create a MySQL password, which you should definitely do, but you will not need to install any items separately to have a working LAMP stack.
You should now test to make sure Apache is up and running. Open a web browser and point it to your domain or ip address, or if you are on the local machine, go to http://localhost.
You should also test PHP. An easy way is to create a phpinfo.php file with this code:
// Show all information, defaults to INFO_ALL
Save it to your /var/www directory and then access it from your web browser (http://ipaddress/phpinfo.php)
It should display complete PHP information about your server. For more information about LAMP on Ubuntu, see the Ubuntu wiki.