bookmark_borderTroubleshooting PHP-FPM Pool Setup: WordPress Requires FTP/SFTP User After Successful Configuration

This post assumes you have successfully installed PHP-FPM and have confirmed it is running on the server, and

# systemctl status php7.2-fpm.service
● php7.2-fpm.service - The PHP 7.2 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.2-fpm.service; enabled; vendor preset: enabled)
   Active: active (running) since Thu 2020-08-13 03:40:43 UTC; 14min ago

Configured on the site:

But still getting this:

The good news is you are actually pretty close, and it’s actually something you missed in your site config file.

Go back and verify the port you’re listening on (e.g., vim /etc/php/7.2/fpm/pool.d/[pool name].conf). For instance, in my case it was:

listen = 127.0.0.1:9001

But my Apache config was looking for:

<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9000/"
</FilesMatch>

A simple update to:

<FilesMatch "\.php$">
SetHandler "proxy:fcgi://127.0.0.1:9001/"
</FilesMatch>

And a restart of the web server:

systemctl restart apache2.service

Should do the trick, and get you situated again.

bookmark_borderSSH Permission Denied on DD-WRT Router

DD-WRT is an OpenSource router firmware supported by most modern router systems. If you want to open the door to what you can do with your router, DD-WRT is the way to do it. It allows you to bypass the limitations your commercial router software introduces.

Ok, let’s cut to the chase..

Permission Denied Using SSH with DD-WRT

If you’re like me, you have probably hit a brick wall when trying to SSH into the router after it’s been imaged with DD-WRT.

Check All SSH Settings

There are two place you want to update SSHD settings. Navigate to the following location

Services > Services > Secure Shell

Here, you will enable the SSHD daemon.

Make note of the port you’re using, and select to use a password or key or both. This is pretty straight forward, in my scenario I selected to disable password login and use my public SSH key for security.

Snapshot of Secure Shell Panel on Services Page

Then, navigate here:

Administration > Management > Remote Access

Don’t ask me why, but here you will make sure that SSH Management is Enabled and that your port is set the same as the last page.

Snapshot of Remote Access Panel on Management Page

Now save, and reboot the machine to make sure the changes stick.

Verify Username is Correct

If you are still having an issue, and it looks something like this:

$ ssh admin@192.168.1.1

DD-WRT v3.0-r44048 std (c) 2020 NewMedia-NET GmbH

Release: 08/02/20

Board: Linksys WRT3200ACM

admin@192.168.1.1: Permission denied (publickey).

or, something like this:

$ ssh admin@192.168.1.1

ssh: connect to host 192.168.1.1 port 22: Network is unreachable

tony:public antonioperez$ ssh admin@192.168.1.1

DD-WRT v3.0-r44048 std (c) 2020 NewMedia-NET GmbH

Release: 08/02/20

Board: Linksys WRT3200ACM

admin@192.168.1.1’s password: 

Permission denied, please try again.

admin@192.168.1.1’s password: 

Permission denied, please try again.

admin@192.168.1.1’s password: 

But you swear you are using the same username and password you log into the GUI with, then it might be something a little more frustrating.

The user.

Update the user to root instead of whatever user you were using. In my case, I was testing with admin.

After updating the username to ROOT:

$ ssh root@192.168.1.1

DD-WRT v3.0-r44048 std (c) 2020 NewMedia-NET GmbH

Release: 08/02/20

Board: Linksys WRT3200ACM

Enter passphrase for key ‘/Users/antonioperez/.ssh/id_rsa’:

Tada! Like magic, it started working. I have no idea why this is, but I have successfully used this on three DD-WRT installations and it works every time.

Cheers

bookmark_borderHow to remove .php / .html extension from URL slug

Was recently working on a project, not using a CMS like WordPress and Daniel was making fun of me for requiring “.php” in my URL.

Naturally, that could not go without a response.

Example of What I wanted to Do

Example of what I’m talking about:

https://defragged.org/somdirectory/somefile.php

I wanted to remove the “.php” extension from the URL, so that it reads:

https://defragged.org/somdirectory/somefile

If this is you, then here is the quick and dirty on how to get this done.

How To Remove .PHP / .HTML from URL Slug

I am working on Apache and the latest version of Ubuntu, but it should be the same for most of the latest versions.

Because this is a test server, I wanted to do a global deployment so that I don’t have to worry about it anymore. This saves me from having to remember to do this in each web directory via an .htaccess file.

Navigate to your apache config file, something like this:

# vim /etc/apache2/apache2.conf 

Scroll to the bottom, and append this to your file:

<Directory /var/www/>
 <IfModule mod_rewrite.c>
  RewriteEngine On
  RewriteCond %{REQUEST_FILENAME} !-d
  RewriteRule ^(.*)/$ $1 [R,L]
  RewriteCond %{REQUEST_FILENAME}.php -f
  RewriteRule (.*) $1.php [L]
  RewriteCond %{REQUEST_FILENAME}.html -f
  RewriteRule (.*) $1.html [L]
 </IfModule>
</Directory>

Save the file, and restart the web server.

service apache2 restart

That should be it, clear your browser cache, and revisit the site. It should do the trick.

Sharing is caring!

bookmark_borderParse JSON Responses using Bash Scripts

I was working with the categorify.org site and I wanted to parse through the API’s response. The response was in JSON format.

There are a number of different ways you can do this, but if you want a quick, simple, way that uses existing tools you probably already have installed, this is for you.

To parse through the JSON response I used Python.

Here is an example of what I was doing:

curl -s https://categorify.org/api?website=pornhub.com

If you do this, the response is something like this:

$ curl -s https://categorify.org/api?website=pornhub.com

{“domain”:”pornhub.com”,”ip”:”31.192.120.36″,”country-code”:”NL”,”country”:”Netherlands”,”rating”:{“language”:true,”violence”:false,”nudity”:true,”adult”:true,”value”:”R & NSFW”,”description”:”Adult-only content and not safe for a work environment”},”category”:[“Adult\/Pornography”],”keyword_heatmap”:{“videos”:99,”free”:85,”pornhub”:61,”porn”:55,”models”:54,”premium”:45,”content”:45,”rated”:44,”photos”:44,”exclusive”:43,”party”:43,”gifs”:42,”sister”:39,”discover”:36,”online”:36,”video”:35,”albums”:34,”pornhubcom”:33,”cancel”:33,”subscribed”:30}}

What I specifically wanted was the category value: “category”:[“Adult\/Pornography”]

So I modified my command to pipe my output to python and ran the following:

$ curl -s https://categorify.org/api?website=pornhub.com | python -c ‘import json,sys;obj=json.load(sys.stdin);print obj[“category”]’

The section you’re most interested in is this: print obj[“category”]

You have to choose which object you want to print. In my case, I wanted the category object as it holds the value I am looking for.

You can use this to parse any JSON response, just update the print object with one that corresponds to your results. The beautiful part is that this should be available on most major OS platforms without additional installations.


Side note, here are two variations depending on which version of Python you have on your machine.

Python 3

python3 -c "import sys, json; print(json.load(sys.stdin)['category'])"

Python 2

python2 -c "import sys, json; print json.load(sys.stdin)['category']"

bookmark_borderUse Bash Script to Monitor The Status of Service

When you manage multiple servers it’s sometimes impossible to stay ahead of the various administrative tasks, which is why automation is so important.

If you’re working on a linux based server and want to monitor the status of a service, here is a quick an easy way to automate that process.

#!/bin/bash
# Script to find if a service is running

for i in ossec-monitord ossec-logcollector ossec-integratord;

 do ps auwx | grep -v grep | grep $i >/dev/null 2>&1 ;

   if [ $? = 0 ];

    then

     echo `date “+%Y-%m-%d %H:%M “`”$i Running…”;

    else

     echo `date “+%Y-%m-%d %H:%M “`”$i not running…”;

fi;

What we did above is create a simple loop looking for three distinct services:

  • ossec-monitord
  • ossec-logcollector
  • ossec-integratord

Those three services are assigned to the i variable, and that variable is then passed into the grep query here:

ps auwx | grep -v grep | grep $i >/dev/null 2>&1 ;

What we’re also doing above is cutting out any grep inquiries, because if you were to run a grep command it will show as a process as shown here in red:

root@server:~/scripts# ps auwx | grep ossec-logcollector

root      1260  0.0  0.0   4876  1784 ?        S    May19   0:03 /var/ossec/bin/ossec-logcollector

root     29353  0.0  0.0  14428  1116 pts/0    S+   20:59   0:00 grep –color=auto ossec-logcollector

By cutting out the grep request you see this response:

root@server:~/scripts# ps auwx | grep -v grep | grep ossec-logcollector

root      1260  0.0  0.0   4876  1784 ?        S    May19   0:03 /var/ossec/bin/ossec-logcollector

This is important because this   if [ $? = 0 ]; is looking for the grep exit value of 0, which states:

EXIT STATUS
    The grep utility exits with one of the following values:

    0     One or more lines were selected.
    1     No lines were selected.
    >1    An error occurred.

With this selection, if you run the grep and there are no service running it would still find the grep service itself. It’d give you a false positive response.

The echo command then prints the status of the service:

echo `date “+%Y-%m-%d %H:%M “`”$i Running…”;

It passes each argument through the loop. If the service is found to be running it prints:

2020-05-19 18:27 ossec-monitord Running…

2020-05-19 18:27 ossec-logcollector Running…

2020-05-19 18:27 ossec-integratord Running…

bookmark_borderHow To List UFW Rules When The Application is Inactive or Disabled

When working on your server you might need to disable the Uncomplicated Firewall (UFW). When doing so you’ll notice it doesn’t display your rules when the application is inactive.

Continue reading “How To List UFW Rules When The Application is Inactive or Disabled”

bookmark_borderHow to Auto-Update CentOS 7 Packages with Yum-Cron

If you’re looking for a quick way to keep your CentOS machine patched at all times, become friends with yum-cron.

To install, in terminal, use:

#yum -y install yum-cron

The -y forces the install, answering any Yes / No “are you sure” questions.

Once installed, be sure to start the service using:

# systemctl start yum-cron.service

You can verify the status (make sure it’s running) using:

# systemctl status yum-cron.service

Output should look something like:

yum-cron.service – Run automatic yum updates as a cron job
Loaded: loaded (/usr/lib/systemd/system/yum-cron.service; enabled; vendor preset: disabled)
Active: active (exited) since Mon 2016-11-07 19:16:01 UTC; 2s ago
Process: 5385 ExecStart=/bin/touch /var/lock/subsys/yum-cron (code=exited, status=0/SUCCESS)
Main PID: 5385 (code=exited, status=0/SUCCESS)

Last step is to make sure it’s enabled, this will make sure it restarts in the event the machines reboots later.

# systemctl enable yum-cron.service

Sharing is caring!

bookmark_borderHow do you add color or bold the echo outputs in a shell script?

If you’re working in linux you will be introduced to writing shell scripts at some point. When you do, you’ll become very familiar with the echo.

If you open your terminal, and run an echo command it’ll literally echo whatever you put after the echo:

$ echo "Hello World" Hello World
Continue reading “How do you add color or bold the echo outputs in a shell script?”

bookmark_borderTar (Compress) a Directory without Images via Terminal

Sometimes you need to compress an entire directory, but sometimes you want to ignore specific file types.

Here is a basic command that you can use to remove specific file types before you compress it. In this example we use the find command to look for, and ignore, all image file types. That then gets piped into the tar command:

Continue reading “Tar (Compress) a Directory without Images via Terminal”

bookmark_borderHow do you enable SFTP on your Ubuntu server?

SFTP is a file transfer protocol. It wraps the File Transfer Protocol (FTP) inside the Secure Shell (SSH) protocol. This allows the communication to be protected as it moves from one point to another.

PSA: Using FTP is considered an insecure transfer protocol and should be avoided.

This article assumes you are trying to create new SFTP users on your linux machine. In this example we’ll be using Ubuntu 18.04.

Enabling and Creating SFTP users:

To enable SFTP you have to enable it inside your SSH configuration file. It’s often located here: /etc/ssh/sshd_config. Open the file and add the following to the end of the configuration file:

# override default of no subsystems
Subsystem       sftp    /usr/lib/openssh/sftp-server
Match group sftp
X11Forwarding no
AllowTCPForwarding no
ForceCommand internal-sftp

Options explained:

OptionDescription
SubsystemAn abstraction layer that allows you to invoke remote commands. In this instance, we’re invoking sftp-server.
MatchAllows you to limit actions in shell, in this instance we’re limiting the actions to a specific group – sftp. Only those users inside the SFTP group will be able to SFTP into the server.
X11ForwardingThis is a special case for remote tunneling. Unfortuantely it can be used maliciously by a bad actor, so it’s recommended your disable unless you know what you’re doing.
AllowTCPForwarding“TCP Forwarding” allows you to encapsulate any other protocol (based on TCP of course) inside an already established SSH connection. There are a lot of reasons for this, but we don’t want to allow SFTP users to use this without appropriate planning.
ForceCommandThe remote system can only execute a set of statically defined commands. Specifying a command of internal-sftp will force the use of an in-process SFTP server that requires no support files when used with ChrootDirectory.

Once you add this to the SSH config file you need to restart OpenSSH:

service ssh restart

Now you need to add new SFTP users, and apply the user to the right group.

useradd -m [newsftpuser] -g sftp

Set the password:

passwd [newsftpuser]

Now you can test your SFTP connection, from a different server:

sftp [newsftpuser]@[serverIPaddress]

Happy SFTP’ing!

Sharing is caring!