Recent Updates Toggle Comment Threads | Keyboard Shortcuts

  • Jay Versluis 6:36 pm on December 18, 2014 Permalink | Reply
    Tags:   

    Categories: Plesk ( 49 )

    How to allow Passive FTP Connections in Plesk 

    Plesk-LogoA little while ago I’ve written an article about opening Passive FTP Ports specifically for using Plesk on Amazon AWS. Here’s a slightly more condensed version about how to do this on any server if you need it.

    Passive FTP ports are not open by default when you install Plesk. To make it happen we need to patch the ProFTP configuration with a range of ports (anything between 49152 and 65534) and open the same range in our firewall.

    You’ll find the ProFTP config file in /etc/proftpd.conf. There’s no need to open the whole available range, I’ll settle for 99 possible ports here. Add the following somewhere at the top of the file, outside any global declarations:

    # adding passive ports and public IP address
    PassivePorts 50001 50100
    

    For the changes to become effective we’ll need to restart the xinetd service which ProFTP is part of in Plesk:

    service xinetd restart
    

    This will allow passive connections – but you also need to open those in your firewall. The easiest way to do this is via the Firewall Extension in Plesk:

    Screen Shot 2014-12-18 at 18.20.48

    Select Modify Firewall Rules, then Add Custom Rule. Give it a title, then add your port rage and click OK. Your changes are not effective yet because Plesk needs to restart the firewall service. To do this hit “Apply Changes”, followed by “Activate”. Wait a moment and Plesk will have taken care of it.

    If you don’t want to use the extension, here’s how you can open those ports manually. On CentOS 6 you can manually add that port range on the command line like this:

    iptables –I INPUT –p tcp --dport 50001:50100 –j ACCEPT
    service iptables restart
    

    On CentOS 7 you can do it like this:

    firewall-cmd --zone=public --add-port=50001-50100/tcp --permanent
    firewall-cmd --reload
    

    Testing testing… this thing on?

    To make sure everything is working, simply use your favourite FTP client and try to make a passive connection. If you get timeout errors something isn’t right.

    You can also use a great web based tool to check if passive connections are working thanks to Tim Kosse: https://ftptest.net

    Enjoy!

    Further Reading

     
  • Jay Versluis 8:03 pm on December 8, 2014 Permalink | Reply
    Tags: vi   

    Categories: Linux ( 51 )

    How to quit vi without saving your changes 

    It just occurred to me that even though I know my way around vi fairly well, I never had to quit it without saving my changes. Usually I just go back in and overwrite my mistakes.

    Today I did something though that wasn’t as easy to eliminate: instead of pasting an IP address, I accidentally pasted a 4000+ character stylesheet. Dang!

    So how do we leave vi and NOT save our changes? Here’s how:

    • press ESC to exit editing mode (insert/append/whatever)
    • press : (the colon character)
    • enter q!

    Now you’re back on the command line without any saved changes.

    Remind me: how do we SAVE changes again?

    There are several ways of doing this, but my personal favourite is this:

    • press ESC to exit editing mode (insert/append/whatever)
    • press SHIFT + Z twice

    This will put you back on the command line and your changes are saved.

     
  • Jay Versluis 2:07 pm on December 8, 2014 Permalink | Reply
    Tags: , SELinux   

    Categories: Linux ( 51 )

    How to control SELinux in CentOS 7 

    SELinux – when installed – can take on one of three modes:

    • Enforcing
    • Permissive
    • Disabled

    To check which mode SELinux is running on, we can use either sestatus for a more detailed output, or simply getenforce for a one liner:

    sestatus
    
    SELinux status:                 enabled
    SELinuxfs mount:                /sys/fs/selinux
    SELinux root directory:         /etc/selinux
    Loaded policy name:             targeted
    Current mode:                   enforcing
    Mode from config file:          enforcing
    Policy MLS status:              enabled
    Policy deny_unknown status:     allowed
    Max kernel policy version:      28
    

    getenforce on the other hand will literally just say a single word, like “Enforcing”.

    To change this mode, edit /etc/selinux/config:

    vi /etc/selinux/config
    
    # This file controls the state of SELinux on the system.
    # SELINUX= can take one of these three values:
    #     enforcing - SELinux security policy is enforced.
    #     permissive - SELinux prints warnings instead of enforcing.
    #     disabled - No SELinux policy is loaded.
    SELINUX=enforcing
    # SELINUXTYPE= can take one of these two values:
    #     targeted - Targeted processes are protected,
    #     minimum - Modification of targeted policy. Only selected processes are protected. 
    #     mls - Multi Level Security protection.
    SELINUXTYPE=targeted
    

    Change the file according to the comments and restart the system for the changes to take effect.

    Find out more about SELinux and what it’s good for here:

     
  • Jay Versluis 3:58 pm on December 5, 2014 Permalink | Reply
    Tags:   

    Categories: MySQL, WordPress ( 18 )

    How to find and replace in MySQL with phpMyAdmin 

    mysqlSometimes you need to replace a string in your database with another string, and it can be rather tedious to plough through a large table manually. Thankfully MySQL can execute raw queries such as find and replace.

    This comes in handy if you’ve moved a WordPress installation to another URL: you only need to tweak two values in the options table, but there may be countless image references and links in the posts and options table too. That’s where find and replace can come in handy.

    You can execute the following statement either on the MySQL command line, or use phpMyAdmin’s Raw SQL option:

    Screen Shot 2014-12-05 at 15.42.10

    That big text field is where we’ll use the following code. Before we do however, make a backup of your database because there is NO UNDO FUNCTION in MySQL. A cute typo can break things beyond repair!

    Here’s what the find and replace statement looks like in principle:

    update table_name set field_name = replace(
    field_name, 'original text',
    'replacement text');
    

    For WordPress specifically, if you’d like to replace text strings inside posts and pages, then wp_posts would be your table, and field_name is the column of that table. So for wp_posts this will be post_content. You can see the field labels at the top of each column when you select a table.

    To replace a URL in all posts and pages the statement would look like this:

    update wp_posts set post_content = replace(
    post_content, 'http://oldurl.com/',
    'http://newdomain.com/subfolder/');
    

    As soon as you hit GO, MySQL will go to work and show you a success or failure message. The above would replace all image references and links from your old domain to the new one, where WordPress is installed in a subfolder.

    Make a note of your table prefix and replace it accordingly. wp_ is the default, but this can easily be changed into something else for security reasons. Be cautious of trailing slashes when you’re replacing URLs.

    Also note that a small letter “l” and a capital “I” look surprisingly similar in the phpMyAdmin! If you keep getting errors like “this table does not exist”, it’s something to watch out for before questioning your sanity again ;-)

     

    Replacing URL strings in WordPress

    I use this technique when I need to replace URLs across an entire WordPress installation. Those can hide not only in posts, but also in widgets and menus. Here’s a list of places to hunt for them:

    • wp_posts table, in the posts_content field (links inside posts and pages)
    • wp_links table, in the link_url field (the old Link Manager)
    • wp_postmeta table, in the meta_value field (URLs of Custom Menu items)
    • wp_options table, in the options_value field (anything saved by themes and plugins)
    • wp_comments table, in the comment_content field (URLs inside comments)

    And while we’re talking about replacing URLs: if you need to change the root URL of a WordPress installation, this is done in wp_options too. Look for two values called siteurl and home.

     

    Further Reading

     
  • Jay Versluis 4:17 pm on December 4, 2014 Permalink | Reply  
    Categories: Windows ( 8 )

    How to boot Windows into Desktop Mode, bypassing the Metro Start Screen 

    I’ve just installed the Windows 10 Technical Preview on my Samsung NC10. During the installation I was offered to transfer my settings from another PC, so I chose my Surface Pro running Windows 8.1.

    All settings were copied truthfully, including the fact that Windows boots up with the Metro Start Screen. It’s not what I had expected, mainly because my other Windows 10 installations don’t do this. So how do we change this behaviour?

    It’s very simple, let me show you how. This works on both Windows 8.1 and the Windows 10 Tech Preview.

    Enter Desktop Mode, then right-click the Task Bar at the bottom of the screen. Anywhere will do, as long as it’s not over an icon. Select Properties, then choose the Navigation tab at the top. You’ll see something like this:

    Screenshot (85)

    Tick the box that says “When I sign in, go to the Desktop instead of the Start Screen”. Windows may sign you out on this occasion, and when you’re signed in you’ll boot straight into Desktop mode.

    Windows 10 Start Menu

    New in Windows 10 is the Start Menu, as seen from Windows 95 to Windows 7. Microsoft have brought it back in Windows 10, but its use is optional. The Start Menu is enabled on new installations by default, but since I had copied all settings from a Windows 8.1 it was disabled.

    To bring it back, choose the Start Menu tab and tick the top box that reads “Use the Start Menu instead of the Start Screen”.

    Screen Shot 2014-12-04 at 16.13.05

    Don’t look for this option in Windows 8 – it’s only available in Windows 10.

     
  • Jay Versluis 11:54 am on December 4, 2014 Permalink | Reply  
    Categories: MySQL, Plesk ( 18 )

    How to move databases between subscriptions in Plesk 

    You can move databases and database users between subscriptions in Plesk. There’s no web interface for this, but with a bit of manual database tweaking you’ll soon get the hang of it.

    I recently split a subscription into two for a client and this trick came in handy.

    Before we begin, make sure you backup the psa database – that’s what Plesk uses to keep track of internal values, anything from user names, passwords, and which service is associated with what. If you ruin psa you’ll ruin your Plesk installation. Use caution!

    Editing psa

    You can use phpMyAdmin from Plesk to edit the psa database. Head over to Tools and Settings (or the Server Tab), Database Servers and click the little wrench icon. This will open phpMyAdmin in a new window.

    Screen Shot 2014-12-04 at 11.34.02

    Find the psa database and click on the little disclosure plus icon. This will show you all its tables, similar to this:

    Screen Shot 2014-12-04 at 11.37.24

    Scroll down to find data_bases and db_users. Open either of them (with the little disclose icon again) and you’ll find a list of databases and users respectively. Note the column dom_id. This is how Plesk knows which subscription (or domain) this database belongs to. MySQL takes care of the actual database, the value here is for visual representations in Plesk only.

    The difficult bit is to find out which numeric dom_id translates into which domain. There’s not an easy way to extract that info from Plesk, so we’ll use a quick workaround: create a new identifiable database (and user) in the subscription we’d like to move to and simply look at which dom_id it gets.

    Creating a Dummy Database

    Back in Plesk, head over to the subscription you’d like to move your database to and create a memorable user/database combo. Anything will do, we’ll delete this later. Call it “aaaaaaaaa” or “comehere” – up to you.

    Once done, head back over to psa database in phpMyAdmin, refresh and look at the data_bases (and db_users) again. You’ll see something like this:

    Screen Shot 2014-12-04 at 11.50.55

    Now we know that our important_database (and important_user) need a dom_id value of 2 instead of 1. Change it in both tables – and you’re done!

    Head back into Plesk and check your subscriptions: the database and user will have disappeared from subscription 1 and will now appear in subscription 2.

    Thanks to Matt Nelson for this tip!

     
  • Jay Versluis 10:00 am on December 4, 2014 Permalink | Reply  
    Categories: PHP ( 24 )

    How to create a redirect in PHP 

    Say you had domain.com/folder, and you’d like it to automatically redirect to domain.com/otherfolder, do the following:

    <?php
    
    // redirecting elsewhere
    header("Location: http://domain.com/otherfolder");
    die();
    
    ?>
    

    Add the above to a file called index.php in domain.com/folder. As soon as someone visits your location, the browser redirects to the new URL.

    Courtesy of the Stackoverflow community:

     
  • Jay Versluis 3:50 pm on December 3, 2014 Permalink | Reply
    Tags: ssl, SSL Certificates   

    Categories: Linux, Plesk ( 51 )

    How to secure SMTP, POP and IMAP connections in Plesk 

    Plesk-LogoYou’ve installed an SSL Certificate to secure your Plesk Panel, you’ve tested it with an SSL checker and sure enough: the ugly warning window doesn’t bother you or your customers anymore.

    But your email client still says that the server doesn’t have a valid certificate. What gives?

    The secret is this: SMTP, IMAP and POP3 use their own certificates which are not related to the ones you setup in Plesk to secure https connections. By default the mail services use auto-generated self-signed certificates.

    Sadly as of Plesk 12 there is still no way to manage those in the web interface – but it’s relatively easy to fix on the command line. Let’s go through this step by step. These instructions are for Plesk 12 on CentOS 6 and CentOS 7.

     

    Default Certificates

    We need to replace the following three files (default permissions in brackets):

    • /etc/postfix/postfix_default.pem (600)
    • /usr/share/imapd.pem (400)
    • /usr/share/pop3d.pem (400)

    Those are the culprits for SMTP, IMAP and POP3. We need to add our own private key and the certificate of a domain associated with this server and remove the default certificates.

    Before we begin, make a safety copy of them like this:

    mv /etc/postfix/postfix_default.pem /etc/postfix/postfix_default.old
    mv /usr/share/imapd.pem /usr/share/imapd.old
    mv /usr/share/pop3d.pem /usr/share/pop3d.old

    Here we rename the original files to .old files – in case anything goes wrong, simply rename them back into .pem files.

     

    Add your own certificate

    We need the same file three times, so we’ll start by making one for the SMTP service. Create a new file like this:

    vi /etc/postfix/postfix_default.pem
    

    and paste first the private key, followed by your certificate into this file. It will look something like this:

    -----BEGIN PRIVATE KEY-----
    MIID1TCCAr2gAwIBAgIDAjbRMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
    MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
    YWwgQ0EwHhcNMTAwMjE5MjI0NTA1WhcNMjAwMjE4MjI0NTA1WjA8MQswCQYDVQQG
    EwJVUzEXMBUGA1UEChMOR2VvVHJ1c3QsIEluYy4xFDASBgNVBAMTC1JhcGlkU1NM
    IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx3H4Vsce2cy1rfa0
    l6P7oeYLUF9QqjraD/w9KSRDxhApwfxVQHLuverfn7ZB9EhLyG7+T1cSi1v6kt1e
    6K3z8Buxe037z/3R5fjj3Of1c3/fAUnPjFbBvTfjW761T4uL8NpPx+PdVUdp3/Jb
    ewdPPeWsIcHIHXro5/YPoar1b96oZU8QiZwD84l6pV4BcjPtqelaHnnzh8jfyMX8
    N8iamte4dsywPuf95lTq319SQXhZV63xEtZ/vNWfcNMFbPqjfWdY3SZiHTGSDHl5
    HI7PynvBZq+odEj7joLCniyZXHstXZu8W1eefDp6E63yoxhbK1kPzVw662gzxigd
    gtFQiwIDAQABo4HZMIHWMA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUa2k9ahhC
    St2PAmU5/TUkhniRFjAwHwYDVR0jBBgwFoAUwHqYaI2J+6sFZAwRfap9ZbjKzE4w
    EgYDVR0TAQH/BAgwBgEB/wIBADA6BgNVHR8EMzAxMC+gLaArhilodHRwOi8vY3Js
    Lmdlb3RydXN0LmNvbS9jcmxzL2d0Z2xvYmFsLmNybDA0BggrBgEFBQcBAQQoMCYw
    JAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmdlb3RydXN0LmNvbTANBgkqhkiG9w0B
    AQUFAAOCAQEAq7y8Cl0YlOPBscOoTFXWvrSY8e48HM3P8yQkXJYDJ1j8Nq6iL4/x
    /torAsMzvcjdSCIrYA+lAxD9d/jQ7ZZnT/3qRyBwVNypDFV+4ZYlitm12ldKvo2O
    SUNjpWxOJ4cl61tt/qJ/OCjgNqutOaWlYsS3XFgsql0BYKZiZ6PAx2Ij9OdsRu61
    04BqIhPSLT90T+qvjF+0OJzbrs6vhB6m9jRRWXnT43XcvNfzc9+S7NIgWW+c+5X4
    knYYCnwPLKbK3opie9jzzl9ovY8+wXS7FXI6FoOpC+ZNmZzYV+yoAVHHb1c0XqtK
    LEL2TxyJeN4mTvVvk0wVaydWTQBUbHq3tw==
    -----END PRIVATE KEY-----
    -----BEGIN CERTIFICATE-----
    MIIDfTCCAuagAwIBAgIDErvmMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT
    MRAwDgYDVQQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0
    aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDIwNTIxMDQwMDAwWhcNMTgwODIxMDQwMDAw
    WjBCMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjEbMBkGA1UE
    AxMSR2VvVHJ1c3QgR2xvYmFsIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
    CgKCAQEA2swYYzD99BcjGlZ+W988bDjkcbd4kdS8odhM+KhDtgPpTSEHCIjaWC9m
    OSm9BXiLnTjoBbdqfnGk5sRgprDvgOSJKA+eJdbtg/OtppHHmMlCGDUUna2YRpIu
    T8rxh0PBFpVXLVDviS2Aelet8u5fa9IAjbkU+BQVNdnARqN7csiRv8lVK83Qlz6c
    JmTM386DGXHKTubU1XupGc1V3sjs0l44U+VcT4wt/lAjNvxm5suOpDkZALeVAjmR
    Cw7+OC7RHQWa9k0+bw8HHa8sHo9gOeL6NlMTOdReJivbPagUvTLrGAMoUgRx5asz
    PeE4uwc2hGKceeoWMPRfwCvocWvk+QIDAQABo4HwMIHtMB8GA1UdIwQYMBaAFEjm
    aPkr0rKV10fYIyAQTzOYkJ/UMB0GA1UdDgQWBBTAephojYn7qwVkDBF9qn1luMrM
    TjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjA6BgNVHR8EMzAxMC+g
    LaArhilodHRwOi8vY3JsLmdlb3RydXN0LmNvbS9jcmxzL3NlY3VyZWNhLmNybDBO
    BgNVHSAERzBFMEMGBFUdIAAwOzA5BggrBgEFBQcCARYtaHR0cHM6Ly93d3cuZ2Vv
    dHJ1c3QuY29tL3Jlc291cmNlcy9yZXBvc2l0b3J5MA0GCSqGSIb3DQEBBQUAA4GB
    AHbhEm5OSxYShjAGsoEIz/AIx8dxfmbuwu3UOx//8PDITtZDOLC5MH0Y0FWDomrL
    NhGc6Ehmo21/uBPUR/6LWlxz/K7ZGzIZOKuXNBSqltLroxwUCEm2u+WR74M26x1W
    b8ravHNjkOR/ez4iyz0H7V84dJzjA1BOoa+Y7mHyhD8S
    -----END CERTIFICATE-----
    

    The exact same file can be used for both IMAP and POP3 so we can simply copy it to these two new locations:

    cp /etc/postfix/postfix_default.pem /usr/share/imapd.pem
    cp /etc/postfix/postfix_default.pem /usr/share/pop3d.pem
    

    These two files had 400 permissions by default so that only root can read them, and no one can change them. Let’s adhere to this and apply the same permissions:

    chmod 400 /usr/share/imapd.pem
    chmod 400 /usr/share/pop3d.pem
    

     

    Restart Plesk Mail Services

    For the changes to take effect we’ll need to restart all Plesk mail services:

    /usr/local/psa/admin/sbin/mailmng --restart-service
    

    And that’s it! Now that pesky warning isn’t going to come up anymore when you access Plesk mail with an email client.

     

    Adding CA Certificates

    The above is enough to suppress the usual warning windows in email clients, however if you’re an avid SSL enthusiast you’ll notice that we’ve not added any CA Certificates to the above .pem files. In essence those tell a client that our certificate is valid – otherwise the client would only have our word for it.

    You can add the combined CA Certificate to the end of the three .pem files in addition to the private key and your own certificate. It’s not strictly necessary, but doing this means you will pass strict SSL tests.

    Thanks to Mike Yradebra for this tip, and the test URL below!
     

    Testing your mail services

    Mike also found a wonderful service that lets you check an email address which will flag up certificate warnings and exceptions – courtesy of CheckTLS:

    Simply hack in your email address and you’ll see if your certificate is installed properly. Note that to pass the test, your email address must match the domain on the certificate. For example, if your address is you@domain.com, but your certificate is for yourdomain.com then the test will fail the “Cert OK” field.

    Screen Shot 2014-12-04 at 12.49.23

     

    Wait – where do I find my private key and certificate?

    If you’re using the same certificate for mail that you’re using to secure Plesk, simply head over to

    • Tools and Settings (or the Server Tab)
    • Security Settings
    • SSL Certificates
    • click on your certificate from the list
    • scroll down to find plain text sections for your private key and certificate

     

    Wait – where do I find that CA Certificate you speak of?

    Your certificate provider will give that to you. Some providers call it “intermediate CA certificate”. They usually have several versions of the same thing. Look for a combined version. In essence it’s two plain text blocks, very similar to the ones I’ve shown you above.

    For example, the RapidSSL CA certificates can be found here: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=AR1548

    Further Reading

     
  • Jay Versluis 5:21 pm on December 2, 2014 Permalink | Reply
    Tags:   

    Categories: Mac ( 2 )

    How to force Safari to never open ZIP files again 

    I love Safari – but it has an ultra annoying habit on new installations: it’s trying to be helpful by automatically unzipping ZIP files. It’s the most unuseful feature ever for a techie ever.

    Thankfully we can switch it off – something you only need to do once every 5 years, and hence it’s easily forgotten where and how.

    Open Safari and head over to Safari – Preferences. Under the General Tab, at the very bottom, there’s a tick box. That’s the culprit. Untick it and Safari will never unzip those files for you again.

    Screen Shot 2014-12-02 at 17.15.17

    The confusing bit is that ZIP files as such are not mentioned. Mac OS X calls them “archives”.

    Unticking this option also means images and video files are no longer opened up as soon as they’re downloaded. Less automation is sometimes more. This is one such case.

     
  • Jay Versluis 3:16 pm on December 1, 2014 Permalink | Reply
    Tags: ,   

    Categories: Linux ( 51 )

    How to start CentOS in Recovery Mode from Parallels Desktop 

    To start your Linux distribution into EFI Recovery Mode you need an installation disk. Even the smallest “minimal” image will do. Shutdown the VM if it’s running. Then mount the ISO image onto your VM (under Configuration – Hardware – CD/DVD1). Make sure the “Connected” box is ticked.

    Screen Shot 2014-12-01 at 15.06.11

    Next you need to tell Parallels Desktop that you want to boot into recovery mode. Head over to Configuration – Hardware – Boot Order and tick the box Use EFI Boot. The boot order does not matter, just make sure CD/DVD is ticked in this list.

    Screen Shot 2014-12-01 at 15.05.56

    Now restart your VM and you’ll boot into the CD image.

    When you’re done here, simply shutdown the VM and untick the EFI Boot option. That’s to make sure you boot into the main installation on your next launch.

     
c
compose new post
j
next post/next comment
k
previous post/previous comment
r
reply
e
edit
o
show/hide comments
t
go to top
l
go to login
h
show/hide help
shift + esc
cancel