Limiting Systemd Journal Size: Preventing Log File Bloat
Introduction System logs are crucial for debugging, monitoring, and understanding your Linux system’s behavior. However, unchecked journal growth can quickly consume valuable disk space, potentially impacting system performance and available storage. This guide provides a practical approach to managing systemd journal sizes across Debian and other systemd-based Linux distributions. Understanding Systemd Journals Systemd journals collect…
Enable Keepalive in Nginx Reverse Proxy
In the Nginx Reverse Proxy context, keepalive connections are a critical performance optimization technique that allows multiple HTTP requests to be transmitted over a single TCP connection, dramatically reducing connection overhead and improving overall system performance. The Performance Challenge Traditional HTTP connections require a complete handshake for each request: This process introduces significant latency and…
Running Docker in Incus Containers
This guide demonstrates how to properly set up and run Docker inside an Incus container on Debian 12. It builds upon our previous article “Installing Incus on Debian 12 with ZFS Storage” and focuses on the secure deployment of Docker in a containerized environment. Prerequisites Security Considerations Running containers within containers (nesting) requires specific security…
Installing Debian 12 on PC Engines ALIX
This guide provides detailed instructions for installing Debian 12 (Bookworm) on PC Engines ALIX system boards with comprehensive write protection mechanisms. While tested on the ALIX.2d13, these instructions should work for other ALIX models as well. Hardware Requirements Prerequisites Before starting the installation, ensure you have: 1. BIOS Configuration 2. Environment Setup First, set up…
Rescaling Incus ZFS Storage on Hetzner Cloud
In a previous article about setting up Incus on Hetzner Cloud, we showed how to configure a CAX11 server with a separate ZFS partition for optimal container management. This tutorial builds upon that setup and demonstrates how to safely upgrade the server from a CAX11 to a CAX21 instance, focusing on expanding the ZFS storage…
Secure Debian 12 with Fail2ban and nftables
In a previous article, we covered how to protect your Debian 12 server with nftables, where we configured a custom SSH port and locked down access to your server. As a follow-up, this guide will show you how to set up Fail2ban to add an additional layer of security by automatically banning IP addresses that…
Add a Dynamic Copyright Year in WordPress
Do you need an automatic way to display the current year in your WordPress copyright notice? Here’s how to implement this using the Code Snippets plugin – no direct file editing is required! Prerequisites Implementation Steps Using Your New Shortcode Now you can use the [year] shortcode anywhere in your WordPress site. For example: Place…
Using mutt to Send HTML Emails with Attachments
Basic Command Usage The basic mutt command for sending HTML emails with attachments follows this pattern: Let’s break down each component: Script Implementation Here’s a general implementation that can be used for any backup or sync operation: Usage Example Here’s how you might use this in practice: Tips This template can be adapted for any…
Protect Your Incus Server with NFtables
This guide will walk you through the process of implementing a secure firewall configuration for your Incus server using nftables. We’ll use a modular approach by splitting rules into logical units, making the configuration easier to maintain and modify. Prerequisites 1. Understanding the Modular Configuration Approach Before we begin, let’s understand the structure we’ll be…
Optimizing MariaDB Performance for WordPress
Introduction This guide will help you optimize MariaDB performance for WordPress installations running on LEMP stacks (Linux, Nginx, MariaDB, PHP). Using custom configuration files, these optimizations are tailored for typical VPS setups with different CPU and RAM specifications. Understanding MariaDB Configuration MariaDB’s configuration on Debian-based systems follows a specific hierarchy: /etc/mysql/├── mariadb.conf.d/│ ├── 50-server.cnf│ ├──…
Implementing HTTP/3 with NGINX
As HTTP/3 gains traction, many system administrators are looking to implement this protocol to improve their web server performance. This guide will walk you through the process of setting up HTTP/3 with NGINX, focusing on a multi-domain setup using the sites-available configuration style. What is HTTP/3? HTTP/3 is the latest version of the Hypertext Transfer…
WordPress Upload Guide: Nginx & PHP-FPM Optimization
If you’re a WordPress user hosting your site on an Nginx server with PHP-FPM, you may encounter issues when uploading large files or migrating your site using popular plugins like UpdraftPlus or WPvivid. This guide will help you configure your server to handle large file uploads smoothly, ensuring a hassle-free experience when managing your WordPress…
Updating Your NGINX PGP Key on Debian/Ubuntu
If you’ve previously followed our guide on installing NGINX, it’s important to note that the NGINX PGP key has been updated. To maintain the security and integrity of your NGINX installation, you’ll need to update your PGP key. In this post, we’ll walk you through the necessary steps for Debian and Ubuntu systems. Updating Your…
Installing Incus on Debian 12 with ZFS Storage
In our previous tutorial, we set up ZFS on Debian 12 and created a dedicated ZFS pool named incus-zfs. Now, we’ll continue by installing Incus, a powerful system container manager, and configuring it to use our ZFS storage backend. Prerequisites Adding the Incus Repository First, let’s add the official Incus repository to our system. Installing…
Install ZFS on Debian 12 (Hetzner Cloud VPS)
This guide is part of a series on setting up an Incus host server on Hetzner Cloud. It follows the initial article where we covered repartitioning the existing disk to create a dedicated 30GB partition for ZFS. This tutorial will walk you through the process of installing and configuring ZFS on Debian 12, with specific…
How to Repartition a Hetzner Cloud Server
This guide will walk you through the process of repartitioning a Hetzner cloud server to create an additional partition that can be formatted with a different file system (e.g., ZFS or BTRFS). We’ll use a CAX11 cloud server with Debian 12 as an example. Prerequisites Step 1: Boot into Rescue Mode Step 2: Analyze Current…
How to Add Additional IPv6 Addresses on Hetzner Cloud Servers
Configuring additional IPv6 addresses on Hetzner Cloud servers allows for enhanced resource management and scalability. This guide will provide step-by-step instructions on how to assign multiple IPv6 addresses, ensure they persist across reboots, and clarify optional configurations for subnet accessibility.Note: These instructions are specifically tailored for Debian-based systems that use the traditional /etc/network/interfaces method. If you are using…
Optimal Disk Alignment for Partitioning with Parted
Introduction Disk partitioning is a fundamental aspect of storage management for system administrators. While the process might seem straightforward, achieving optimal partition alignment is a critical yet often overlooked step. This guide delves into the importance of proper alignment, the underlying principles, and provides a practical walkthrough using the parted command in Linux. The Importance…
Decentralizing Tech: The Open Source Movement’s Impact
In today’s digital landscape, open source software forms the backbone of much of our technological infrastructure. From the devices in our pockets to the servers powering the internet, open source solutions are ubiquitous, driving innovation and enabling countless individuals and organizations to build, learn, and create. Open source is more than just a development methodology;…
How to Configure UFW for Incus on Debian 12
If you’re running Incus (LXC containers) on Debian 12 with UFW (Uncomplicated Firewall), you may encounter networking issues with your containers. This guide will walk you through the process of configuring UFW to work seamlessly with Incus while also securing your host server. The Problem When UFW is set to drop all unknown traffic, it…
How to Fix ‘Backend error: GSQLBackend unable to list keys’ in PowerDNS
After upgrading to Ubuntu 22.04, you may encounter an error when attempting to start PowerDNS. The error message typically looks like this: This guide will walk you through the steps to resolve this issue. Pre-requisites Steps to Fix the Issue 1. Backup the Current Database Before making any changes, it’s crucial to back up the…
Verifying Your Domain’s Glue Records with dig
When managing domain name servers, ensuring that your glue records are correctly configured is crucial for proper DNS resolution. This guide will walk you through the steps to check your domain NS glue records using the dig command. This procedure is applicable for both .com and .eu domains. Step 1: Find the Parent Zone Name…
How to check if an LXD container runs privileged?
It is not recommended to run LXD containers in privileged mode because this can seriously compromise the isolation and/or security of the host system. A privileged container can do things that affect the entire host – for example, it can use things in /sys to reset the network card, which will reset it for the…
How to Install WordPress Using WP CLI
In previous articles, we covered how to set up a full LEMP stack in Ubuntu 22.04, configure Nginx for shared hosting, secure connections with SSL certificates, and ensure availability over HTTPS. One of the great advantages of building your own LEMP stack is the ability to customize the configuration and add additional modules to develop…
How to set up Nginx FastCGI Page Cache with WordPress.
Nginx FastCGI cache is a feature of the Nginx web server that enables the caching of dynamic content generated by FastCGI applications such as PHP. By caching the dynamic content, Nginx can serve the content directly to visitors as a static page so that the same dynamic request does not have to be processed repeatedly,…
How to solve “page cache is not detected but the server response time is ok” in WordPress Site Health.
If you don’t use any of the popular caching plugins (e.g. WP-Rocket, W3 Total Cache, WP Super Cache…), but instead deploy Nginx FastCGI cache for (server side) Full Page Caching, you will probably see the message “page cache is not detected but the server response time is ok” when you run the “Site Health” checker…
Connecting WordPress to Database using Unix Domain Socket.
According to a recent study by the Percona team, a significant performance improvement can be achieved when a “Unix Domain Socket” is used instead of a TCP/IP loopback for communication between database and application. Although in most WordPress tutorials the database connection is made via a TCP/IP loopback, it is also perfectly possible for WordPress…
How to boost WordPress Performance with Redis.
In today’s fast-paced digital world, website performance is crucial. Slow loading times can lead to a poor user experience and even impact your search engine rankings. Thankfully, there are powerful caching solutions available to speed up your WordPress site. One such solution is Redis Object Cache, a plugin that leverages the speed and efficiency of…
Install latest version of Redis on Ubuntu 22.04.
Redis is a popular open-source in-memory data structure storage that is often used as a caching layer for Web applications. In the context of PHP MySQL applications, such as WordPress, Redis can be used as an object cache to speed up application performance. Object caching is a technique that involves storing the results of expensive…
Reset PowerDNS MySQL Master Slave DNS Replication.
Although PowerDNS in native mode with a MySQL backend is usually very stable and hardly causes any problems, occasionally master slave replication between MySQL servers fails. This is usually a result of a failure in the network connection between the master and slave server, which in our case is usually through a SSH tunnel (autossh)….
Fast and Easy WordPress Migration with WP CLI.
Migrating a WordPress website from one server to another can be a daunting task, especially if you’re not familiar with the process. However, with the help of WP CLI, migrating WordPress can be a breeze. In this article, we’ll walk you through the steps required to migrate your WordPress website to a new server using…
Nginx: [warn] protocol options redefined
If you get an error message “nginx: [warn] protocol options redefined” after upgrading Nginx to the latest stable version 1.24, you can easily fix it by adding “http2” to the 443 “Listen” directive in the default.conf file. vi /etc/nginx/conf.d/default.conf server { listen 80 default_server; listen [::]:80 default_server; listen 443 default_server http2 ssl; listen [::]:443 default_server…
How to Install WP-CLI on Linux.
WP-CLI is a handy tool that greatly simplifies installing and managing WordPress. Its installation requires only a few steps, which we will go through here. In this tutorial, we assume you are working with Ubuntu and you are logged in as root, so switch to root user if you are not already. sudo -i Download…
Generate SSL certificates with acme.sh on Nginx.
In this article, we will see how to install and configure “acme.sh” to generate SSL certificates for domains and how to implement it with Nginx to secure the connection to corresponding websites hosted on our web server via “HTTPS”. To optimize the security of connections to the web server and comply with all applicable guidelines,…
Generate TLSA Record from the command line for DANE and DNSSEC.
If DNSEC is enabled for your domain, you should also create a TSLA record to implement DANE (DNS-based Authentication of Named Entities) to properly authenticate your domain. Although online tools exist to generate a TSLA record, you can also do it from the command line on the server where the SSL certificate is stored. In…
Host Multiple Domains with Nginx on Ubuntu 22.04.
In a previous article, we showed you how to set up a full LEMP stack on Ubuntu 22.04 with the latest stable version of Nginx, MariaDB and PHP, which will serve as the foundation for a reliable and performance-focused hosting platform. Nginx is a fast, lightweight and powerful web server that can also be used…
How to install a LEMP stack on Ubuntu 22.04.
If you’re looking to host your own open source applications, setting up a LEMP (Linux, Nginx, MySQL/MariaDB, PHP) web stack is one of the best choices out there, if not the best. With the latest versions of Nginx, MariaDB, and PHP 8.2, you’ll have a fast and reliable platform for running a wide range of…
How to set up ZFS ARC size on Ubuntu.
By default ZFS uses 50 % of the host memory for the “Adaptive Replacement Cache” (ARC). Allocating enough memory for the ARC is crucial for IO performance, so reduce it with caution. As a general rule of thumb, allocate at least 2 GiB Base + 1 GiB/TiB-Storage. For example, if you have a pool with…
How to Backup LXD Containers to a Remote Host with Rsync.
In this tutorial, you will learn how to use Rsync to backup your LXD containers running on a ZFS storage pool to a remote host. Backing up your containers is an essential step in protecting your data and ensuring business continuity in case of any disaster. With Rsync, you can easily transfer the snapshot of…
Get the Latest Version of Nginx on Ubuntu 22.04.
Nginx is a high-performance web server, load balancer, and reverse proxy that powers some of the most visited websites in the world. If you’re looking to improve the performance and security of your web applications, you can’t go wrong with Nginx. In this guide, we’ll show you how to install the latest version of Nginx…
Fix 504 Gateway Timeout error using Nginx as reverse Proxy.
When using Nginx as a reverse proxy for Apache, among others, you may get timeouts with error code 504 if an application takes longer to complete a request than the default Nginx request timeout which is 60 seconds. To increase the request timeout in Nginx to serve long-running requests, we need to change the default…
How to Limit Resources on a LXD Container?
LXD containers are lightweight virtual machines that provide isolated environments for applications to run. While they are designed to be lightweight and resource-efficient, it is still possible for applications to consume excessive resources and affect the overall performance of the system. To ensure that the resources of your LXD containers are used efficiently, it is…
Implementing security.txt.
A new standard has been proposed that will allow web sites to provide a way to communicate security-related issues. A “security.txt” file containing the relevant information should be placed in the “.well-known” directory of the web server. The securitytxt.org website has a form that allows you to quickly generate the text to be included in…
Adding BTRFS storage pool to LXD with an existing loop device.
In a previous post, we looked at creating a BTRFS loop device. In this tutorial, we are going to add an existing BTRFS storage pool to LXD. # storage create new-btrfs btrfs source=/mnt/btrfs Check the configuration # lxc storage show new-btrfs config: source: /mnt/btrfs volatile.initial_source: /mnt/btrfs description: “” name: new-btrfs driver: btrfs used_by: [] status:…
Create, mount and expand BTRFS loop device.
In this tutorial, we will learn how to create a BTRFS loop device (virtual block device) and how to mount this device permanently so that it is available when the system reboots. We will further see how to expand a BTRFS loop device without losing the data already stored. # mkdir /btrfs-dir Create a new…
Remove domain from list of certificates in acme.sh.
It often happens that a domain is moved to another web server or is simply no longer registered and the corresponding certificate needs to be removed from the list of domains that acme.sh maintains. This can be done easily with the following command: # acme.sh –remove -d my_domain.com [Wed Feb 1 15:10:58 CEST 2022] my_domain.com…
Installing ERPNext 14 on Ubuntu 22.04
ERPNext is a promising Open Source ERP solutions that, unlike similar products such as Odoo is completely Open Source and as such does not require paying modules to use all its functionalities. ERPNext is built on the Frappé Framework that can be managed with the cli tool “bench”. Although somewhat cumbersome, installation is not really…
Whitelist Hosts or IP addresses in Postfix.
To prevent a mail server in your own network (e.g. for sending alerts) from being blocked by the mail scanners/filters on your main Postfix mail server it is best to whitelist it Create a new file “rbl_override”. #vi /etc/postfix/rbl_override Add the IP addresses and host names you want to whitelist. 1.2.3.4 OK 1.2.3.5 OK [2a02:c123:1234:5a88::1]…
Adding domains to existing Letsencrypt certificate using Certbot.
If you want to add one or more (sub)domains to an existing Letsencrypt certificate, you can use Certbot with the “–cert-name” option to accomplish this. # certbot certonly –cert-name existing-domain.com –webroot -w /var/www/virtual/existing-domain.com/htdocs/ -d existing-domain.com -d www.existing-domain.com -d first-new-domain.com -d www.first-new-domain.com -d second-new-domain.net -d www.second-new-domain.net -d third-new-domain.org -d www.third-new-domain.org Make sure you have added all…
Fix “dataset is busy” error when deleting container in LXD.
If you try to delete a LXD container, you may get a “dataset is busy” error message because the dataset the container uses in the ZFS storage pool remains mounted in the namespace used by LXD. In this example, we will simulate this problem by trying to delete a container “alpine”. # lxc delete alpine…
Disable Direct IP Access in Nginx (HTTP & HTTPS) .
If you use Nginx for shared hosting, it is recommended for security reasons to enforce strict compliance with SNI, where requests for domain names not hosted on the web server or the IP address of both “IPv4” and “IPv6,” from the server itself for both “HTTP” and “HTTPS” are rejected. By default, Nginx chooses the…
Add SVG support to php-imagick.
By default, php-imagick does not have support for SVG. To enable it, an additional package must be installed. # apt install libmagickcore-6.q16-6-extra
Copy files and directories between host and a LXD container?
In this tutorial, we will show you how to use the “push” and “pull” command to easily copy files and directories between a host server and a LXC container and visa versa. In this example, on the host server, we will first create a file “myfile.txt” in the “tmp” directory. # touch /tmp/myfile.txt Now copy…
Rezising a loop-based BTRFS storage pool for LXD.
ZFS is without a doubt the best storage pool for use with LXD containers, mainly because of its advanced features, error correction and its great performance. However, in some cases it is better not to use ZFS because of conflicts or poor performance. This is the case, for example, when you want to run Docker…
Automatically update all your running LXD containers.
While you could perform common management of multiple LXD containers with tools like Ansible or Puppet, in this tutorial we are going to show how to work with a simple script that runs on the host and automatically updates/upgrades all running Debian/Ubuntu-based containers. We could extend the script to perform other tasks or include updates/upgrades…
Upgrading Mautic from v3 to v4
In a previous post we showed you how to upgrade Mautic from v2 to v3. In this tutorial, we will go through the steps you need to take to upgrade Mautic from v3 to v4. If you are running Mautic on a VPS or in a LXC/LXD container, it is highly recommended to take a…
PowerDNS Admin reset lost password
PowerDNS Admin is a powerful web administration tool that we use for easily managing domain zones on our PowerDNS servers. Although PowerDNS Admin offers extensive features it lacks a “lost password” feature. So if you happen to lose your password, you are forced to reset it via the command line. In this tutorial, we’ll show…
Set email alerts for root login on Linux servers.
As a Linux system administrator, it is important to know when someone logs into your server, especially as root. Unauthorized logins can cause serious security issues, as they can gain full access to the system and install unwanted and malicious software on it, among other things. Therefore, it is recommended to set up an automatic…
Upgrading Mautic from v2 to v3
A new client recently asked to upgrade a still functioning Mautic 2.15.3 running on Ubuntu 18.04 to the latest Mautic v3. In this guide, we will look at how this can be achieved and what to look out for. If you are running Mautic on a VPS or in a LXC/LXD container, it is highly…
How to convert a LXC container to a LXD container.
Until recently, we were still running a number of legacy LXC containers, which for years performed important mission-critical tasks very stably and with no significant problems. However, we decided to convert them to LXD containers to create a more homogeneous server environment and to simplify management. Switching to LXD also means more functionality and the…
How to Set Up SSH Keys on Ubuntu 22.04.
By default Ubuntu SSH root login is disabled and root password has not been set. However, many system administrators prefer to work as root to avoid having to use “sudo” for almost every command and enter passwords over and over again. To allow root login over SSH we first need to set the root password…
How to Install LiteSpeed Memcached (LSMCD) with OpenLiteSpeed
Although OpenLiteSpeed (OLS) can work well with Redis or Memcached for object caching, it is recommended to use LiteSpeed Memcached (LSMCD), which was developed specifically for OLS and guarantees the best performance. LSMCD is unfortunately not available as a package for Ubuntu/Debian nor for CentOS/RHEL and thus will have to be compiled and installed manually….
Migrating PowerDNS (Slave) Server to a New Host
Migrating a PowerDNS slave server with a new IP address can be tricky, so proper preparation is essential. Update the System and Install Required Packages Create a MySQL Database and User for PowerDNS Disable systemd-resolved and Configure Custom DNS Install and Configure PowerDNS You should see the PowerDNS service running. You should see the UDP…
Using sSMTP to send emails from a Linux system?
To send mail messages from a Linux server, you need to install an MTA to take care of this task. If you don’t want to use a full MTA like Postfix or Sendmail, sSMTP is a good lightweight alternative that is easy to install and configure. However, you do need a relay SMTP server to…
Monitoring ZFS on Linux with ZED
ZFS on Linux is without a doubt one of the most robust and powerful file systems available today. However, despite its high reliability, unexpected problems can occur quickly, especially with the underlying hardware. It is important that any error is immediately noticed and reported to the responsible system administrator, who can then intervene in time…
How to verify a checksum in Windows 10
A checksum is a string of numbers and letters used to verify that a copy of a file is identical to the original. For example, a binary file (especially a software program that has been downloaded) can be checked for errors before it is installed. If you know the checksum of an original file, you…
Set mdadm to send e-mail notifications.
By default the mdadm will monitor all MD (multi-disk) arrays on your system and will send a message to the root user whenever a problem occurs. Obviously, we want these messages to be sent by email to the system administrator, so we need a MTA (Message Transfer Agent) to send the mail from our system…
LXD container with static IPv4 address?
By default, a new LXD container is assigned a dynamic IPv4 address by the internal LXD DHCP server. However, in many cases it is necessary to assign a static IP address, for example to make a web server available on a separate container behind a proxy server running on another container on the same host,…
Error 413 on large file uploads with Nextcloud behind Nginx reverse proxy.
If you are running Nextcloud behind a Nginx proxy server, you will need to change the maximum file size for uploads which by default is only 1MB on Nginx. You can use the “client_max_body_size” directive to set the required file size for uploading. This directive can be set in the http, server or location context….
Edit php.ini settings for OpenLiteSpeed.
Modifying PHP settings is a common task when setting up a PHP-based website. Most of the settings in OpenLiteSpeed can be configured with the Web Admin Console, but unfortunately this does not apply to the PHP settings. Although it is possible to add this functionality to the Web Admin Console with individual settings per virtual…
How To Redirect All OpenLiteSpeed HTTP Traffic To HTTPS.
First login to the OpenLiteSpeed Web Admin Console.Click on “Configuration” and then on “Virtual Hosts” in the top navigation.Click on the virtual host you would like to redirect all traffic for.Click on “Rewrite” from the sub top navigation bar.Click on “Edit” in the top right of the “Rewrite Condition” box and change “Enable Rewrite” from…
Deleting software RAID device with swap partition during Ubuntu installation.
If you want to use HDD’s on which a raid array was created in a previous server setup we recommend to reset the HDD’s removing all existing partitions and raid arrays before starting a fresh installation using the Ubuntu installer (or any other Linux OS installer). Instructions on how to perform a full reset can…
Using wipefs to remove signatures and metadata from hard drives.
Wipefs is a great tool for removing signatures and metadata from used hard drives that have been previously partitioned and formatted. Removing metadata and signatures from previously used hard drives is important to ensure that when they are reused in a new system, they do not contain information that could interfere with the installation of…
Upgrading Mautic to a specific version.
Sometimes you want to upgrade Mautic to a specific version for testing or because it is necessary to upgrade to a latest version in several steps. In this guide, we’ll show you a way to accomplish that. First go to the Mautic github page and copy the download link of the the version you want…