How to set time in OpenVZ container

March 8, 2017, 1:47 am

≫ Next: Nginx Reverse Proxy Tutorial (Centos 6)

≪ Previous: How-to: Run LXC containers inside OpenVZ VPS

I want to share my experience of solving time problem inside OpenVZ container.
This article is not related to KVM containers, they should have no problems with time.
OpenVZ container is running on same Linux kernel as host machine, and OpenVZ container is very well isolated from host system and cannot change many important system-wide parameters.

Problem #1: Bad container timezone
Time is wrong, difference can be measured in hours.
'date' command - result: Wed Mar 8 10:15:05 GMT 2017
'date' command - expected result: Wed Mar 8 15:15:05 GMT+5 2017
Solution: 'dpkg-reconfigure tzdata'.
System clock keep running in UTC time, your container timezone is changed, you see correct time in your console but always can check original UTC clock (with command 'date -u' or any other way).

Problem #2: Bad system time
Time is wrong, difference can be measured in minutes.
'date' command - result: Wed Mar 8 10:15:05 GMT 2017
'date' command - expected result: Wed Mar 8 10:37:05 GMT 2017
'ntpdate time.nist.gov' - result: Operation not permitted
'date -s 10:37' - result: Operation not permitted

Solution 1: Ask your provider to allow you to change system time.
Google quickly finds a command like "vzctl set 101 --capability sys_time:on --save". But this is bad solution because your container will be able to set whole system time (for other containers, too). Your provider should not give you this option.

Solution 2: Ask your provider to fix time on host system. The best variant but depends on provider support quality. Solution can take some time.

Solution 3: Do it yourself. Use libfaketime
Most google links say that it's impossible to change time inside OpenVZ container. But you can change time for your important applications, even for shell. You can use special library for any application and it will tune time to any value. Link is here: https://github.com/wolfcw/libfaketime, there is complete instruction about installation and usage.
Proof:

↧

Nginx Reverse Proxy Tutorial (Centos 6)

July 17, 2014, 4:49 pm

≫ Next: Building A Social Website With SpamPress

≪ Previous: How to set time in OpenVZ container

Why Nginx (Engine X)?

Sorry for the layout, I'm a noob at writing tutorials, A video tutorial with voice naration will be uploaded soon

We recommend getting a DDoS Protected VPS/Server to defend yourself against Layer 4

Nginx Will pass true HTTP Request's and will drop the bad requests (Floods)

Prerequisites
64MB Ram Minimum
Centos 6 32-64 Bit will do
EPEL repository
Apache Uninstalled to free port 80

Step One
This step isn't really needed however it's good to keep stuff updated
Run Yum update -y

Also by default, Centos Installs Apache, So we're going to need to uninstall that to free port 80 to be used for Nginx

Run the following to get rid of Apache

Yum remove httpd -y

Step Two
We're going to need to install the EPEL repo as you won't find the Nginx package with your current default repo's

So visit this page https://fedoraproject.org/wiki/EPEL

Then copy the direct url of the package and do something like this
rpm -Uvh insert repo package direct link here

However I've done this for you already so just run the following
rpm -Uvh http://mirror.ancl.hawaii.edu/linux/epel/6/i386/epel-release-6-8.noarch.rpm

Step Three
We're now going to install Nginx, To do that run the following command
yum install nginx -y

Now we're going to adjust the Nginx configuration
Run the following command cd /etc/nginx/conf.d

Now we're going to delete the default configuration, As we're not going to need it. You can delete it with rm default.conf or move it with mv default.conf default.conf.disabled
Either way works

Step Four
We're now going to setup the actual reverse proxy, Using your favorite text editor, Mine is Nano, We're going to add the configuration

To install nano do the following yum install nano -y
In my case of using nano, I'll do the following command
Nano testproxy.conf Feel free to name your configuration file anything you want
Then i'll edit these values to my own domain and IP Address
Then I'll paste it in
server { listen 80; server_name YourDomain.com; access_log off; error_log off; location / { proxy_pass http://Source IP/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_max_temp_file_size 0; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } }

Make sure you adjust the YourDomain.com in the server_name are and the Source IP for the Proxy_Pass Area

Then you'll save the configuration
Add the IP Tables rule to allow Port 80
iptables -I INPUT 5 -m state --state NEW -p tcp --dport 80 -j ACCEPT
service iptables save
service iptables restart

We'll start Nginx with the following command service nginx start
And make sure Nginx starts on a reboot, With the following command chkconfig nginx on

If all goes Well, Your VPS IP can be used as an A Record for your Website

Congratulations, You're now using a Reverse Proxy for your website!

Here's some adjustment's for Cloudflare usage and Additional Flood Protection

Adjust the Main Nginx configuration by editing /etc/nginx/nginx.conf

To restore your visitor's IP, Add this little snippet of code into the HTTP Block
set_real_ip_from 199.27.128.0/21; set_real_ip_from 173.245.48.0/20; set_real_ip_from 103.21.244.0/22; set_real_ip_from 103.22.200.0/22; set_real_ip_from 103.31.4.0/22; set_real_ip_from 141.101.64.0/18; set_real_ip_from 108.162.192.0/18; set_real_ip_from 190.93.240.0/20; set_real_ip_from 188.114.96.0/20; set_real_ip_from 197.234.240.0/22; set_real_ip_from 198.41.128.0/17; set_real_ip_from 162.158.0.0/15; set_real_ip_from 104.16.0.0/12; real_ip_header CF-Connecting-IP;

For HTTP Flood based Attacks add this into the HTTP Block
limit_req_zone $binary_remote_addr zone=slimitss:10m rate=1r/s; limit_req zone=slimitss burst=10;

Save the config file and restart nginx

↧

Building A Social Website With SpamPress

March 23, 2017, 5:03 am

≫ Next: OpenVPN secure configuration script

≪ Previous: Nginx Reverse Proxy Tutorial (Centos 6)

SpamPress helps building a simple social website. https://www.penispenispenispenispenis.com/blog/building-a-spam-site-spampress-wordpress/

↧

OpenVPN secure configuration script

November 21, 2017, 11:03 am

≫ Next: Add Free SSL in WordPress with Let’s Encrypt

≪ Previous: Building A Social Website With SpamPress

Awesome script to automatically configure OpenVPN on your VPS. The only one you'll need. Consistently updated. Handles LES plans with IPv6.

https://github.com/Angristan/OpenVPN-install

I modified the options and some of the config files to my liking (use 4096 bit keys, SHA-512, add OpenNIC DNS servers, auth-nocache, comp-lzo adaptive, etc.), but can be used well straight outta the box.

Enjoy!

↧

Add Free SSL in WordPress with Let’s Encrypt

November 26, 2017, 12:30 am

≫ Next: Install docker with standrad user using ansible playbook

≪ Previous: OpenVPN secure configuration script

http://megatrontech.com/add-free-ssl-in-wordpress-with-lets-encrypt/

↧

Install docker with standrad user using ansible playbook

January 9, 2017, 12:11 am

≫ Next: Egghead.io New Node Docker course

≪ Previous: Add Free SSL in WordPress with Let’s Encrypt

Hi all,

I want to share one small playbook with you, it will help you with installation of new Debian 8 server and if you need docker and docker-composer installed with only one command.

Task in this playbook are

Update && upgrade
Install debian keyrings
Install dependency
Add docker and backports repository
Install and pip upgrade (to get last version of docker-compose)
Add your user to docker group (no need to run docker daemon as root in most of the cases)
Reboot your server after all settings and start docker-engine

You will need ansible 2.2+ and Debian 8 (tested with Debian 8.6)

How to use

Clone repo https://github.com/ZEROF/ansible

Folder debian-docker

You will need to add ssh key to your Debian machine:

ssh-copy-id -i ~/.ssh/id_rsa user@serverip

If you don't have ssh key:

ssh-keygen -t rsa -b 4096

After this you will need to edit /etc/ansible/hosts file(set your server info):

[docker]

debian ansible_host=server_ip ansible_user=server_user_name ansible_su_pass=user_password ansible_ssh_private_key_file=~/.ssh/id_rsa

Edit vars in debian-docker/roles/docker/vars/main.yml

host_ip: your_server_ip

user: server_nonroot_user

Run playbook:

ansible-playbook install-docker-debian8-playbook.yml

Have a nice day/night!

↧

Egghead.io New Node Docker course

December 7, 2017, 1:37 pm

≫ Next: Force kernel AES-NI usage on a VPS without the aes CPU flag

≪ Previous: Install docker with standrad user using ansible playbook

Usually their new courses are free for the first two weeks. Even if you aren't familiar with node, maybe this will help you learn how to setup docker for your next deployment.

https://egghead.io/courses/build-a-twelve-factor-node-js-app-with-docker

↧

Force kernel AES-NI usage on a VPS without the aes CPU flag

December 6, 2017, 9:59 am

≫ Next: Installing Free SSL for Server Hostname Using Letsencrypt

≪ Previous: Egghead.io New Node Docker course

First of all, thanks to @rm_ for his brilliant blog post on forcing OpenSSL to use the AES-NI instruction set when the CPU of a VPS does not report its existence while it is actually supported. This is a counterpart that forces the Linux kernel to use AES-NI when QEMU does not pass through that flag, which is useful for IPSec, disk encryption, etc.

It turns out to be fairly simple with a kernel module. Just shove these two lines into any hello world boilerplate that you can find in a "how to write Linux kernel modules" tutorial.

#include <linux/bitops.h>
set_bit(153, (unsigned long *)(boot_cpu_data.x86_capability));

The magic number 153 is taken from arch/x86/include/asm/cpufeatures.h. It is trivial to enforce the usage of another CPU feature (e.g., AVX) with another magic number.

After inserting your own module, manually modprobe aesni_intel should do the trick.

On one of my KVM servers, the result of cryptsetup benchmark increased from

#     Algorithm | Key |  Encryption |  Decryption
        aes-cbc   128b   169.8 MiB/s   167.3 MiB/s

... to ...

#     Algorithm | Key |  Encryption |  Decryption
        aes-cbc   128b   678.2 MiB/s  2201.4 MiB/s

↧

Installing Free SSL for Server Hostname Using Letsencrypt

February 16, 2017, 11:04 pm

≫ Next: MySQL Master-Slave Replication

≪ Previous: Force kernel AES-NI usage on a VPS without the aes CPU flag

Overview

The Let's Encrypt plugin allows you to automatically provision cPanel accounts with Let's Encrypt SSL certificates for sites that do not already have valid CA-signed SSL certificates.

Requiremenst Root SSH access to WHM i386 or x86_64 CentOS 6 or 7 (5 is not supported) WHM 11.52 or higher (CloudLinux and LSWS compatible) Remote access key has been generated (/root/.accesshash). If it is not present, simply visit the “Remote Access Key” page in WHM. Please note: cPanel DNSONLY servers are currently NOT supported.

Installation

To install the plugin, perform the following steps:

Log in to the command line via SSH as the root user.

Run the following command:

** /scripts/install_lets_encrypt_autossl_provider**

Thenselect Let's Encrypt as an AutoSSL provider, use WHM's Manage AutoSSL interface (Home >> SSL/TLS >> Manage AutoSSL).

Installing Letsencrypt for Server Hostname

First take a backup of your current SSL CRT directory first:

# tar -zcf /root/cptechs/var_cpanel_ssl.tar.gz$(date +%s) /var/cpanel/ssl/

Go to WHM > Service Configuration > Manage Service SSL Certificates and clicked "Reset Certificate" for each service to install a Self Signed SSL CRT.

Run below command in command line to issue new SSLfor services

/usr/local/cpanel/bin/checkallsslcerts --verbose

The system will attempt to replace the self-signed certificate for the “exim” service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the “ftp” service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the “dovecot” service with a signed certificate from the cPanel Store. The system will attempt to replace the self-signed certificate for the “cpanel” service with a signed certificate from the cPanel Store. The cPanel Store is processing the hostname certificate request. The system will check the cPanel Store again the next time that “/usr/local/cpanel/bin/checkallsslcerts” runs.

We can see the SSL CRT's have been requested for your services. The hostname for the SSL CRT will be with one that is currently defined in cPanel:

# whmapi1 gethostname|grep hostname:

hostname: server1.hostname.com

While the process is not always this fast, after a few moments, we can see the SSL CRT's are ready for install. Then re-ran the '/usr/local/cpanel/bin/checkallsslcerts --verbose' command which would have been ran at maintenance time. You may verify at WHM > Service Configuration > Manage Service SSL Certificates.

You can verify SSL installation by running https://server1.hostname.com:2087 You can see a green padlock with letsencrypt SSL.

↧

MySQL Master-Slave Replication

February 17, 2017, 8:41 am

≫ Next: Backup your 2FA

≪ Previous: Installing Free SSL for Server Hostname Using Letsencrypt

_MySQL master slave replication _ MySQL master slave replication gives you two copies of your database: the “live” one and the backup one. You always write your data to your master and read from the master too, but you will always have an up-to-date copy on your slave.

Setting up the master Server

Make sure you have updated packages and MYSQL server isntalled in the server

yum update

yum install install mysql-server

Open the my.cnf file, which contains MYSQL database configuration

vi /etc/my.cnf

Add following lines

**[mysqld] log-bin=mysql-bin binlog-do-db=mydb1 server-id=1 innodb_flush_log_at_trx_commit=1 sync_binlog=1 **

Restart mysql service

service mysqld restart

mysql -u root -p

Grand Access to your slave server GRANT REPLICATION SLAVE ON . to ‘replication’@192.168.1.60 IDENTIFIED BY ‘yourpassword’; mysql> FLUSH PRIVILEGES;

Replace the IP address (192.168.1.60)with your slave’s IPv4 address and replace ‘yourpassword’ with a strong password. Execute the query. It should say ‘Query OK’.

Check the current binary log file name (File) and current offset (Position) value using following command.

Please note the filename (‘File’) and number (‘Position’). Remember these or write them down. You will use this to start replication on the slave.

Take a backup of database and copy it to slave mysql server. ** mysqldump -u root -p mydb > mydb1.sql

scp mydb1.sql 192.168.1.60:/opt/**

Setup MySQL Slave Server

Make sure you have updated packages and MYSQL server isntalled in the server

**# yum update

yum install install mysql-server**

Edit salve mysql configuration file and add following values under [mysqld] section. [mysqld] server-id=2 replicate-do-db=mydb1

Restart mysql service service mysqld restart

Restore database backup taken from master server. # mysql -u root -p mydb < mydb.sql

Setup option values on slave server using following command. mysql> CHANGE MASTER TO MASTER_HOST='192.168.1.20', -> MASTER_USER='replication', -> MASTER_PASSWORD='secretpassword', -> MASTER_LOG_FILE='mysql-bin.000109', -> MASTER_LOG_POS=187;

Finally start the slave thread mysql> SLAVE START;

Check the status of slave server. mysql> show slave status G

*************************** 1. row *************************** Slave_IO_State: Master_Host: 192.168.1.60 Master_User: replication Master_Port: 3306 Connect_Retry: 60 Master_Log_File: mysql-bin.000109 Read_Master_Log_Pos: 187 Relay_Log_File: mysqld-relay-bin.000001 Relay_Log_Pos: 4 Relay_Master_Log_File: mysql-bin.000002 Slave_IO_Running: No Slave_SQL_Running: No Replicate_Do_DB: mydb Replicate_Ignore_DB: Replicate_Do_Table: Replicate_Ignore_Table: Replicate_Wild_Do_Table: Replicate_Wild_Ignore_Table: Last_Errno: 0 Last_Error: Skip_Counter: 0 Exec_Master_Log_Pos: 187 Relay_Log_Space: 187 Until_Condition: None Until_Log_File: Until_Log_Pos: 0 Master_SSL_Allowed: No Master_SSL_CA_File: Master_SSL_CA_Path: Master_SSL_Cert: Master_SSL_Cipher: Master_SSL_Key: Seconds_Behind_Master: NULL Master_SSL_Verify_Server_Cert: No Last_IO_Errno: 0 Last_IO_Error: Last_SQL_Errno: 0 Last_SQL_Error: Replicate_Ignore_Server_Ids: Master_Server_Id: 1 1 row in set (0.00 sec) mysql>

MySQL Master-slave Replication has been configured successfully on your system . You can test the same by creating a test datatabse in Master server, so it will automatically copied to slave server.

↧

Backup your 2FA

February 28, 2017, 3:09 am

≫ Next: How to set time in OpenVZ container

≪ Previous: MySQL Master-Slave Replication

2FA on Google and most other services follow the Time-based One-time Password (TOTP) standard that combines a shared key and the current time to generate an OTP. So once you have the shared key, use it to seed multiple token generators, not just Google Authenticator

(Option 1): Recover shared key from existing Google Authenticator

If Google Authenticator is on a rooted phone, use adb (pacman -S android-tools) to recover the key : https://gist.github.com/jbinto/8876658

More likely, you would need to delete your current device and re-register it in Google.

(Option 2): Extract shared key from the QR code (New device registration)

Install ZXing

Dependencies : opencv (pacman -S opencv on ArchLinux)

$ git clone https://github.com/glassechidna/zxing-cpp
$ cd zxing-cpp
$ mkdir build
$ cd build
$ cmake -G "Unix Makefiles" \
    -DCMAKE_INSTALL_PREFIX:PATH=/usr \
    -DCMAKE_BUILD_TYPE=Release \
    ..
$ make
$ sudo make install

installs /usr/bin/zxing.

Save QR code and extract key

When Google displays a QR code for Google-Authenticator, use a screenshot tool to capture the QR code alone in an image file. Pass it as input to zxing to read the QR.

$ zxing image.png
otpauth://totp/Google%3AYOUREMAILID%40gmail.com?secret=YOURSECRETCODE&issuer=Google

The secret-code is all that is needed to initialize your OTP token generator.

Install and initialize your OTP token generator

Came across the following combos:

pass + totp-cli
Keepass TOTP plugins (KeeOTP or TrayOTP )
LinOTP Supports hardware keys like Yubi, RADIUS tokens, and TOTP. Runs as a webserver. Very enterprise.
Authy Cloud OTP. Seemed like a bad idea.

I found the first option the most appealing.

Install pass

Dependencies: gnupg for encryption, tree for displaying ASCII trees.

While pass is part of most repos (apt install pass or pacman -S pass), the latest version 1.7.0 has still not made it in. So, install from source

$ wget https://git.zx2c4.com/password-store/snapshot/password-store-1.7.tar.xz
$ tar Jxvf password-store-1.7.tar.xz
$ cd password-store-1.7
$ sudo make install

Initialize your password store

Create a GPG key with id, say password-store. Use the id to initialize pass:

$ pass init password-store

Optionally push to a git repo

$ pass git init
$ pass git remote add origin http://your_git_repo/user/repo

To push to repo: pass git push -u --all More details here : [Extended example](https://git.zx2c4.com/password-store/about/#EXTENDED GIT EXAMPLE)

Setup OTP generator

Dependencies: xclip, python >= 3.3

$ pip install totp

The shared-key needs to be stored in pass in the format 2fa/Service/code. Eg- 2fa/Google/code or 2fa/Github/code. Take the secret code extracted from the QR and store it in pass

$ pass insert 2fa/Google/code

The passwords/codes in pass are encrypted by your GPG key the store was initialized with.

Now, anytime you need a 2FA code, run

$ totp Google

↧

How to set time in OpenVZ container

March 8, 2017, 1:47 am

≫ Next: Nginx Reverse Proxy Tutorial (Centos 6)

≪ Previous: Backup your 2FA

↧

Nginx Reverse Proxy Tutorial (Centos 6)

July 17, 2014, 4:49 pm

≫ Next: Building A Social Website With SpamPress

≪ Previous: How to set time in OpenVZ container

Step One
This step isn't really needed however it's good to keep stuff updated
Run Yum update -y

Also by default, Centos Installs Apache, So we're going to need to uninstall that to free port 80 to be used for Nginx

Run the following to get rid of Apache

↧

Building A Social Website With SpamPress

March 23, 2017, 5:03 am

≫ Next: [Script] Install Ghost blogs with Caddy as a reverse proxy

≪ Previous: Nginx Reverse Proxy Tutorial (Centos 6)

SpamPress helps building a simple social website. https://www.penispenispenispenispenis.com/blog/building-a-spam-site-spampress-wordpress/

↧

[Script] Install Ghost blogs with Caddy as a reverse proxy

March 22, 2017, 8:49 am

≫ Next: Z-push for MX Route

≪ Previous: Building A Social Website With SpamPress

Hello there everyone!

Following @howardsl2 Ghost script I've created a bash script that can install Ghost blogs on your server, with Caddy as reverse proxy.

Setup is fully automated with minimal user input. A freshly installed Ubuntu LTS or Debian 8 VPS with at least 512MB RAM is required. I look forward to hearing your feedback/suggestion.

Github: https://github.com/sayem314/Ghost-over-Caddy

For those who is looking for Nginx version, post is here

Script is in it's beta phrase, pulling a issue on github is more than welcome.

↧

Z-push for MX Route

April 8, 2017, 8:32 am

≫ Next: making proxies

≪ Previous: [Script] Install Ghost blogs with Caddy as a reverse proxy

@jarland please remove if not appropriate!

So I have a service with MXRoute, unfortunately due to it being quite unreliable MXRoute doesn't currently offer Active Sync. I decided to see if it was possible to setup Z-push on a standalone VPS to connect to the MXRoute servers... Turns out it is! :)

I have put together a small document to explain how I did it. Note Z-push is not the most reliable and there are a couple of annoying issues that I haven't managed to fix yet.

Using Z-PUSH (2.3.5) to connect to MX Route

Known Issues:

Z-push syncs the shared address book, I haven’t worked out how to stop this, it’s a minor issue, but you do need to be aware of it.

Z-push fails to get the name of the calendar, so on an activesync device the calendar name shows up as unknown, but it works.

Z-push pulls the tasks through as a calendar, I have turned off syncing tasks.

Z-push itself isn’t the most reliable platform. This isn’t an issue per se, but it is something you need to be aware of.

Pre-Reqs

A VPS or server, I am running Ubuntu 16.04 LTS A MXRoute account Apache installed with an SSL cert (I’m using letencrypt) PHP7 with php-cli and php-soap Instructions

Add the z-push repo by creating /etc/apt/sources.list.d/z-push.list with the content

deb http://repo.z-hub.io/z-push:/final/Ubuntu_16.04/ /

Download and add the repo key to the keychain

wget -qO - http://repo.z-hub.io/z-push:/final/Debian_8.0/Release.key | sudo apt-key add –

Run apt-get update

We then need to install the z-push packages that we need

apt-get install z-push-common z-push-config-apache z-push-backend-caldav z-push-backend-carddav z-push-backend-combined z-push-backup-imap z-push-ipc-sharedmemory

This will install and configure z-push ready to go, we now need to edit the config files to tell it where to get the contacts, calendar and email from.

Start by editing /usr/share/z-push/config.php

Change the section “Default Settings” to match your timezone and ensure that the define(‘USE_FULLEMAIL_FOR_LOGIN’,true); is set to true.

Under the logging settings there is a specialLogUsers value, this is really useful to put a user in here when you need to troubleshoot, this generates debug logs for the named user and which can be found in the /var/log/z-push directory, but remember to remove them when you have done your testing as they can generate massive log files.

The only other setting we need to change is the Backend settings.

Change the backend provider setting to:

define(‘BACKEND_PROVIDER’,’BackendCombined’);

Save and exit the file

Next edit the /usr/share/z-push/backend/combined/config.php

Update it to match the following values

'backends' => array(

            'i' => array(

                'name' => 'BackendIMAP',

            ),

            'd' => array(

                'name' => 'BackendCardDAV',

            ),

            'c' => array(

                'name' => 'BackendCalDAV',

            ),

        ),

        'delimiter' => '/',

        //force one type of folder to one backend

        //it must match one of the above defined backends

        'folderbackend' => array(

            SYNC_FOLDER_TYPE_INBOX => 'i',

            SYNC_FOLDER_TYPE_DRAFTS => 'i',

            SYNC_FOLDER_TYPE_WASTEBASKET => 'i',

            SYNC_FOLDER_TYPE_SENTMAIL => 'i',

            SYNC_FOLDER_TYPE_OUTBOX => 'i',

// SYNC_FOLDER_TYPE_TASK => 'c',

           SYNC_FOLDER_TYPE_APPOINTMENT => 'c',

            SYNC_FOLDER_TYPE_CONTACT => 'd',

           SYNC_FOLDER_TYPE_NOTE => 'c',

           SYNC_FOLDER_TYPE_JOURNAL => 'c',

            SYNC_FOLDER_TYPE_OTHER => 'i',

            SYNC_FOLDER_TYPE_USER_MAIL => 'i',

           SYNC_FOLDER_TYPE_USER_APPOINTMENT => 'c',

            SYNC_FOLDER_TYPE_USER_CONTACT => 'd',

           SYNC_FOLDER_TYPE_USER_TASK => 'c',

           SYNC_FOLDER_TYPE_USER_JOURNAL => 'c',

           SYNC_FOLDER_TYPE_USER_NOTE => 'c',

            SYNC_FOLDER_TYPE_UNKNOWN => 'i',

        ),

        //creating a new folder in the root folder should create a folder in one backend

        'rootcreatefolderbackend' => 'i',

    );

}

}

This tells z-push which backend is responsible for which function.

Next we need to edit the individual service files we will start with email.

Edit the file /usr/share/z-push/backend/imap/config.php

Update the following values, this is assuming you are using MXRoute’s London servers.

// Defines the server to which we want to connect

define('IMAP_SERVER', 'london.mxroute.com');

// connecting to default port (143)

define('IMAP_PORT', 993);

// best cross-platform compatibility (see http://php.net/imap_open for options)

define('IMAP_OPTIONS', '/ssl/norsh');

// Mark messages as read when moving to Trash.

// BE AWARE that you will lose the unread flag, but some mail clients do this so the Trash folder doesn't get boldened

define('IMAP_AUTOSEEN_ON_DELETE', false);

// Since I know you won't configure this, I will raise an error unless you do.

// When configured set this to true to remove the error

define('IMAP_FOLDER_CONFIGURED', true);

// Folder prefix is the common part in your names (3, 4)

define('IMAP_FOLDER_PREFIX', '');

// Inbox will have the preffix preppend (3 & 4 to true)

define('IMAP_FOLDER_PREFIX_IN_INBOX', false);

// Inbox folder name (case doesn't matter) - (empty in 4)

define('IMAP_FOLDER_INBOX', 'INBOX');

// Sent folder name (case doesn't matter)

define('IMAP_FOLDER_SENT', 'inbox.SENT');

// Draft folder name (case doesn't matter)

define('IMAP_FOLDER_DRAFT', 'inbox.DRAFTS');

// Trash folder name (case doesn't matter)

define('IMAP_FOLDER_TRASH', 'inbox.TRASH');

// Spam folder name (case doesn't matter). Only showed as special by iOS devices

define('IMAP_FOLDER_SPAM', 'inbox.junk');

// Archive folder name (case doesn't matter). Only showed as special by iOS devices

define('IMAP_FOLDER_ARCHIVE', 'ARCHIVE');

You also want to update the method used for sending emails (I am using an SSL connection to MXRoute)

define('IMAP_SMTP_METHOD', 'smtp');

global $imap_smtp_params;

$imap_smtp_params = array('host' => 'ssl://london.mxroute.com', 'port' => 465, 'auth' => true, 'username' => 'imap_username', 'password' => 'imap_password' );

The above ‘imap_username’ and ‘imap_password’ are variables and do not need changing to the actual username and password.

Save and close the file.

Next we will setup syncing contacts

Edit /usr/share/z-push/backend/carddav/config.php update the following

// Server protocol: http or https

define('CARDDAV_PROTOCOL', 'https');

// Server name

define('CARDDAV_SERVER', 'london.mxroute.com');

// Server port

define('CARDDAV_PORT', '2080');

// Address book path

define('CARDDAV_PATH', '/rpc/addressbooks/%u/');

// Server path to the default address book

define('CARDDAV_DEFAULT_PATH', 'contacts/');

// Support sync-collection

define('CARDDAV_SUPPORTS_SYNC', false);

Save and close the file

Finally the calendar sync

Edit /usr/share/z-push/backend/caldav/config.php

// Server protocol: http or https

define('CALDAV_PROTOCOL', 'https');

// Server name

define('CALDAV_SERVER', 'london.mxroute.com');

// Server port

define('CALDAV_PORT', '2080');

// Path

define('CALDAV_PATH', '/rpc/calendars/%u/');

// Default CalDAV folder (calendar folder/principal). This will be marked as the default calendar in the mobile

define('CALDAV_PERSONAL', 'calendar');

// If the CalDAV server supports the sync-collection operation

// DAViCal, SOGo and SabreDav support it

// SabreDav version must be at least 1.9.0, otherwise set this to false

// Setting this to false will work with most servers, but it will be slower

define('CALDAV_SUPPORTS_SYNC', false);

// Maximum period to sync.

// Some servers don't support more than 10 years so you will need to change this

define('CALDAV_MAX_SYNC_PERIOD', 2147483647);

Save and close the file

Although not necessarily I restart apache at this point.

service apache2 restart

Client Device

On your client device (iOS / Android / Outlook 2013+)

As there is no autodiscovery function you will need to enter the settings manually.

Username: Full email address

Password: Users MXRoute Password

Server: Your VPS address (i.e. z-push.yourdomain.com)

Basic Troubleshooting

Check the apache and z-push logs, both of which can be found in /usr/var/log/ Turn on debugging for a single user (see above for details) Check you can access activesync on your server https://z-push.yourdomain.com/Microsoft-Server-ActiveSync, you should be promoted for a username and password use the email address and the users mxroute password, you should see a page that gives you the activesync information and tell you that “GET is not supported”. You should now be good to go!

↧

making proxies

February 24, 2017, 10:30 pm

≫ Next: How to: Windows on SoYouStart 4790k

≪ Previous: Z-push for MX Route

Hi there

I am looking for someone who can make proxies on providers like quadhost and myserverplanet if someone would be willing to help me I would be able to pay them for there time thank you

↧

How to: Windows on SoYouStart 4790k

January 18, 2017, 3:17 pm

≫ Next: [Hot to FIX] vzquota : (error) can't lock quota file

≪ Previous: making proxies

This is something I've had people ask me before and message me about, how do you get Windows on an MC-32. The Kimsufi templates don't appear to have the ethernet driver in them, and I have tried to do this over KVM IP on a MC-32 as well and Windows by default doesn't have this.

There is an easy way to get Windows 8.1 Pro on one of these machines for free. First, visit https://technet.microsoft.com/en-us/library/jj612867(v=ws.11).aspx and find the Windows 8.1 Pro KMS product key, it's at the top of the "Windows Server 2012 R2 and Windows 8.1" table. This is 100% legal and that is a Microsoft website, keep in mind Windows will remain unactivated and put a watermark in the corner of your screen.

Copy the KMS activation key for 8.1 Pro, then log into your SoYouStart Manager and click on Licenses

Then in the left hand side of the screen click on "Add an SPLA license" and select your server from the dropdown list, then for version type select "OS Windows SPLA license" from the bottom of the list, then paste the KMS product key for 8.1 Pro you got from the microsoft technet website listed above, then click on "Confirm", and then "Back to the dashboard", it has been added to the list.

Now go back to the server page and click on "reinstall", in the OS list under "Select your template" scroll all the way down to the bottom and select "Windows Client 8.1 PRO 64bits (InstallV2) (64bits)", then press next, on the next screen at the bottom you will see a checkbox that says "Use your windows SPLA license", tick the check box and click on "Confirm". Note that if you do not click the checkbox the install will fail as windows needs a product key to continue, and the KMS technet product key will get the windows install finished, it won't activate it however.

Now wait for around an hour or 2, you then will recieve an email from OVH with the user account details to login to. I would recommend uninstalling CopSSH when you login as that been linked to some vulnerabilities in the past with people being able to login with a "default password", then changing your Windows password.

↧

[Hot to FIX] vzquota : (error) can't lock quota file

January 2, 2018, 4:24 am

≫ Next: openvz vps-server time sync issue

≪ Previous: How to: Windows on SoYouStart 4790k

Hi ,

To fix this issue ,

[ vzquota : (error) can't lock quota file, some quota operations are performing for id 101 ]

First you need to open your ssh session and run this command:

ps ax | grep vzquota

Then kill the pid for example :

kill -9 1234

And then try to start the vz container

vzquota off id

vzctl start id

After that your openvz container should work fine, Some openvz nodes needs to fix the quota and this need some time depending on your quota size, if your openvz doesn't run after awhile then you need to check the availability of ram inside your openvz to see if there is enough ram or not by running the following command:

free -m

Have a nice day.

↧

openvz vps-server time sync issue

January 2, 2018, 4:43 am

≫ Next: Tutorial: Create Your Own Windows Template Using VirtualBox

≪ Previous: [Hot to FIX] vzquota : (error) can't lock quota file

We have one openvz server and have some vps on it

few days before one client said that the server time needs to synchronise his server time to his local

I entered his whm and set time zone Amsterdam/Europe(the zone he wants)

but the time still shows 5 to 10 minutes delayed, On searching i found that we need to synchronise node time for this.

To this happen, we need to install NTPD(Network Time Protocol) on our node server

=====

yum install ntp ntpdate ntp-doc

chkconfig ntpd on

then,

Synchronize the system clock

ntpdate vps-name

/etc/init.d/ntpd start

you can edit the conf file here

vi /etc/ntp.conf

↧