Gunabalan S: March 2021

Tuesday 30 March 2021

installed mysql-server-8.0 package pre-removal script subprocess returned error exit status 1

sudo apt-get purge mysql-server
sudo dpkg --remove --force-remove-reinstreq mysql-server
sudo dpkg --remove --force-remove-reinstreq mysql-server
sudo dpkg --remove --force-remove-reinstreq
Errors were encountered while processing:
mysql-server-8.0

installed mysql-server-8.0 package pre-removal script subprocess returned error exit status 1

sudo apt-get purge mysql-common
sudo rm -rf /var/log/mysql
sudo rm -rf /var/log/mysql.*
sudo rm -rf /var/lib/mysql
sudo rm -rf /etc/mysql

sudo dpkg --remove --force-remove-reinstreq mysql.*

# and then:
sudo apt-get install mysql-server --fix-missing --fix-broken

Configure nginx web server with tls and firewall in ubuntu

Install nginx

sudo apt update
sudo apt install nginx

after installation these are the command to operate nginx

sudo systemctl status nginx
sudo systemctl stop nginx
sudo systemctl reload nginx
sudo systemctl restart nginx
sudo systemctl start nginx
sudo systemctl disable nginx
sudo systemctl enable nginx

log files is here

error_log /var/log/nginx/error.log;

change document root

sudo chown -R www-data:www-data /var/www/html/

permission may be 755 or 644

sudo chmod -R 755 ./

Configure firewall

sudo ufw status

   sudo ufw app list

   sudo ufw allow 'Nginx Full'
   sudo ufw allow 'OpenSSH'

or
sudo ufw allow ssh

   This will add tcp 22 port (22/tcp (v6)    ALLOW       Anywhere (v6))

   sudo ufw logging on

   sudo ufw logging low|medium|high
   /var/log/ufw.log

Install mysql server

sudo apt-get install mysql-server

Any issue you can find log here

/var/log/mysql/error.log

sudo mysql_secure_installation

follow steps of the above command

use localhost for host; that is allow database access only from localhost

Manage mysql service

sudo service mysql start
sudo service mysql stop

Create new user and set privilages

       sudo mysql

           USE databasename;
           CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'your pw';
           GRANT ALL ON databasename.* TO 'newuser'@'localhost';
           FLUSH PRIVILEGES;

Install PHP

   sudo apt-get install php7.4-fpm php-mysql

   sudo systemctl restart php7.4-fpm
   sudo service mysql restart

additionally you may need zip; gd;

sudo apt-get install php7.4-zip

sudo apt-get install php7.4-curl

sudo apt-get install php7.4-gd

sudo curl -V

Lets-encrypt for nginx

Install snapd

Snap (also known as Snappy) is a software deployment and package management system.Snapd is a REST API daemon for managing snap packages.

Ensure that your version of snapd is up to date

sudo snap install core
sudo snap refresh core

Remove any pre existing Certbot packages

        sudo apt-get remove certbot
         sudo dnf remove certbot
         sudo yum remove certbot

       Install Certbot

sudo snap install --classic certbot

sudo certbot --nginx

Follow step by step process; example the certificate issued for the host :

www.ishtabox.com,ishtabox.com

nginx server block to run php

https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04

sudo vi /etc/nginx/sites-available/default

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;
    index index.php index.html index.htm index.nginx-debian.html;

    server_name server_domain_or_IP;

    location / {
        try_files $uri $uri/ =404;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location ~ /\.ht {
        deny all;
    }
}

 ==========

Test your configuration file for syntax errors:

 sudo nginx -t

Then reload server

sudo systemctl reload nginx

now put a php file in document root and test the site

Ref:

https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-20-04
https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-in-ubuntu-16-04

https://www.linode.com/docs/guides/configure-firewall-with-ufw/
https://certbot.eff.org/lets-encrypt/ubuntufocal-nginx

Monday 15 March 2021

woocommerce force ssl checkout

force to use Checkout page with https or remove for local host dev purpose

https://localhost/wordpress/with checkout/

or more advanced setting from admin..

http://localhost/wordpress/wp-admin/options.php

add in the option

woocommerce_force_ssl_checkout

yes or no

Monday 1 March 2021

Bitnami HTTPS Configuration

bitnami@ip-172-26-44-221:/opt/bitnami$ sudo /opt/bitnami/bncert-tool
----------------------------------------------------------------------------
Welcome to the Bitnami HTTPS Configuration tool.

----------------------------------------------------------------------------
Domains

Please provide a valid space-separated list of domains for which you wish to
configure your web server.

Domain list []: dev.whyscience.com

The following domains were not included: www.dev.whyscience.com.

Do you want to add them? [Y/n]: n

Warning: No www domains (e.g. www.example.com) or non-www domains (e.g.
www.example.com) have been provided, so the following redirections will be
disabled: non-www to www, www to non-www.
Press [Enter] to continue:
----------------------------------------------------------------------------
Enable/disable redirections

Please select the redirections you wish to enable or disable on your Bitnami
installation.

Enable HTTP to HTTPS redirection [Y/n]: Y

Changes to perform

The following changes will be performed to your Bitnami installation:

1. Stop web server
2. Configure web server to use a free Let's Encrypt certificate for the domains:
dev.whyscience.com
3. Configure a cron job to automatically renew the certificate each month
4. Configure web server name to: dev.whyscience.com
5. Enable HTTP to HTTPS redirection (example: redirect http://dev.whyscience.com
to https://dev.whyscience.com)
6. Start web server once all changes have been performed

Do you agree to these changes? [Y/n]: Y

----------------------------------------------------------------------------
Error: There has been an error.
Cannot bind to port 80 and/or 443. These ports are used for Let's Encrypt to
verify the domain DNS configuration. Please stop any services using those ports,
and ensure your system user has permissions to bind to them.
Press [Enter] to continue:

----------------------------------------------------------------------------

To solve this issue

Look for who is using the port

bitnami@ip-172-26-44-221:/opt/bitnami$ sudo fuser 443/tcp
443/tcp: 3693 4811 12652 12900 13082

and then kill the process

bitnami@ip-172-26-44-221:/opt/bitnami$ sudo fuser -k 443/tcp
443/tcp: 3693 4811 12652 12900 13082

Now rerun you will not see anything

bitnami@ip-172-26-44-221:/opt/bitnami$ sudo fuser 443/tcp
bitnami@ip-172-26-44-221:/opt/bitnami$ sudo fuser -k 443/tcp

------------------------------------------------------------------------------

Then rerun the command

bitnami@ip-172-26-44-221:/opt/bitnami$ sudo /opt/bitnami/bncert-tool

----------------------------------------------------------------------------
Performing changes to your installation

The Bitnami HTTPS Configuration Tool will perform any necessary actions to your
Bitnami installation. This may take some time, please be patient.

/Warning: Certificates may not renew automatically, due to a web server
configuration issue. For more information see:
https://docs.bitnami.com/general/how-to/understand-bncert/#certificates-not-renew
ed-automatically
Press [Enter] to continue: ----------------------------------------------------------------------------
Some errors occurred

The configuration was applied, but some of the changes could not be applied.
Find the details below.

The configuration report is shown below.

Failed steps:
* Creating Let's Encrypt certificate: Automatic renewal not working

Find more details in the log file:
/tmp/bncert-202103020529.log

Now check the httpd.conf ; especially running port if it is not 80 and 443 then change.