systemd | Debian

Limiting Systemd Journal Size: Preventing Log File Bloat

Introduction System logs are crucial for debugging, monitoring, and understanding your Linux system’s behavior. However, unchecked journal growth can quickly consume valuable disk space, potentially impacting system performance and available storage. This guide provides a practical approach to managing systemd journal sizes across Debian and other systemd-based Linux distributions. Understanding Systemd Journals Systemd journals collect…

Nginx

Enable Keepalive in Nginx Reverse Proxy

In the Nginx Reverse Proxy context, keepalive connections are a critical performance optimization technique that allows multiple HTTP requests to be transmitted over a single TCP connection, dramatically reducing connection overhead and improving overall system performance. The Performance Challenge Traditional HTTP connections require a complete handshake for each request: This process introduces significant latency and…

Incus | Docker

Running Docker in Incus Containers

This guide demonstrates how to properly set up and run Docker inside an Incus container on Debian 12. It builds upon our previous article “Installing Incus on Debian 12 with ZFS Storage” and focuses on the secure deployment of Docker in a containerized environment. Prerequisites Security Considerations Running containers within containers (nesting) requires specific security…

Debian | Linux | PC engines Alix

Installing Debian 12 on PC Engines ALIX

This guide provides detailed instructions for installing Debian 12 (Bookworm) on PC Engines ALIX system boards with comprehensive write protection mechanisms. While tested on the ALIX.2d13, these instructions should work for other ALIX models as well. Hardware Requirements Prerequisites Before starting the installation, ensure you have: 1. BIOS Configuration 2. Environment Setup First, set up…

Mutt

Using mutt to Send HTML Emails with Attachments

Basic Command Usage The basic mutt command for sending HTML emails with attachments follows this pattern: Let’s break down each component: Script Implementation Here’s a general implementation that can be used for any backup or sync operation: Usage Example Here’s how you might use this in practice: Tips This template can be adapted for any…

Incus | nftables

Protect Your Incus Server with NFtables

This guide will walk you through the process of implementing a secure firewall configuration for your Incus server using nftables. We’ll use a modular approach by splitting rules into logical units, making the configuration easier to maintain and modify. Prerequisites 1. Understanding the Modular Configuration Approach Before we begin, let’s understand the structure we’ll be…

MariaDB | LEMP | WordPress

Optimizing MariaDB Performance for WordPress

Introduction This guide will help you optimize MariaDB performance for WordPress installations running on LEMP stacks (Linux, Nginx, MariaDB, PHP). Using custom configuration files, these optimizations are tailored for typical VPS setups with different CPU and RAM specifications. Understanding MariaDB Configuration MariaDB’s configuration on Debian-based systems follows a specific hierarchy: /etc/mysql/├── mariadb.conf.d/│ ├── 50-server.cnf│ ├──…

Nginx

Implementing HTTP/3 with NGINX

As HTTP/3 gains traction, many system administrators are looking to implement this protocol to improve their web server performance. This guide will walk you through the process of setting up HTTP/3 with NGINX, focusing on a multi-domain setup using the sites-available configuration style. What is HTTP/3? HTTP/3 is the latest version of the Hypertext Transfer…

Nginx | PHP | WordPress

WordPress Upload Guide: Nginx & PHP-FPM Optimization

If you’re a WordPress user hosting your site on an Nginx server with PHP-FPM, you may encounter issues when uploading large files or migrating your site using popular plugins like UpdraftPlus or WPvivid. This guide will help you configure your server to handle large file uploads smoothly, ensuring a hassle-free experience when managing your WordPress…

ZFS | Debian | Incus

Installing Incus on Debian 12 with ZFS Storage

In our previous tutorial, we set up ZFS on Debian 12 and created a dedicated ZFS pool named incus-zfs. Now, we’ll continue by installing Incus, a powerful system container manager, and configuring it to use our ZFS storage backend. Prerequisites Adding the Incus Repository First, let’s add the official Incus repository to our system. Installing…

Debian | Hetzner

How to Add Additional IPv6 Addresses on Hetzner Cloud Servers

Configuring additional IPv6 addresses on Hetzner Cloud servers allows for enhanced resource management and scalability. This guide will provide step-by-step instructions on how to assign multiple IPv6 addresses, ensure they persist across reboots, and clarify optional configurations for subnet accessibility.Note: These instructions are specifically tailored for Debian-based systems that use the traditional /etc/network/interfaces method. If you are using…

Parted

Optimal Disk Alignment for Partitioning with Parted

Introduction Disk partitioning is a fundamental aspect of storage management for system administrators. While the process might seem straightforward, achieving optimal partition alignment is a critical yet often overlooked step. This guide delves into the importance of proper alignment, the underlying principles, and provides a practical walkthrough using the parted command in Linux. The Importance…

Open Source

Decentralizing Tech: The Open Source Movement’s Impact

In today’s digital landscape, open source software forms the backbone of much of our technological infrastructure. From the devices in our pockets to the servers powering the internet, open source solutions are ubiquitous, driving innovation and enabling countless individuals and organizations to build, learn, and create. Open source is more than just a development methodology;…

PowerDNS

How to Fix ‘Backend error: GSQLBackend unable to list keys’ in PowerDNS

After upgrading to Ubuntu 22.04, you may encounter an error when attempting to start PowerDNS. The error message typically looks like this: This guide will walk you through the steps to resolve this issue. Pre-requisites Steps to Fix the Issue 1. Backup the Current Database Before making any changes, it’s crucial to back up the…

PowerDNS | Bind9 | dig | DNS

Verifying Your Domain’s Glue Records with dig

When managing domain name servers, ensuring that your glue records are correctly configured is crucial for proper DNS resolution. This guide will walk you through the steps to check your domain NS glue records using the dig command. This procedure is applicable for both .com and .eu domains. Step 1: Find the Parent Zone Name…

Nginx | Caching | WordPress

How to set up Nginx FastCGI Page Cache with WordPress.

Nginx FastCGI cache is a feature of the Nginx web server that enables the caching of dynamic content generated by FastCGI applications such as PHP. By caching the dynamic content, Nginx can serve the content directly to visitors as a static page so that the same dynamic request does not have to be processed repeatedly,…

Caching | Nginx | WordPress

How to solve “page cache is not detected but the server response time is ok” in WordPress Site Health.

If you don’t use any of the popular caching plugins (e.g. WP-Rocket, W3 Total Cache, WP Super Cache…), but instead deploy Nginx FastCGI cache for (server side) Full Page Caching, you will probably see the message “page cache is not detected but the server response time is ok” when you run the “Site Health” checker…

MariaDB | WordPress

Connecting WordPress to Database using Unix Domain Socket.

According to a recent study by the Percona team, a significant performance improvement can be achieved when a “Unix Domain Socket” is used instead of a TCP/IP loopback for communication between database and application. Although in most WordPress tutorials the database connection is made via a TCP/IP loopback, it is also perfectly possible for WordPress…

Redis | WordPress | WP-CLI

How to boost WordPress Performance with Redis.

In today’s fast-paced digital world, website performance is crucial. Slow loading times can lead to a poor user experience and even impact your search engine rankings. Thankfully, there are powerful caching solutions available to speed up your WordPress site. One such solution is Redis Object Cache, a plugin that leverages the speed and efficiency of…

Redis | LEMP | Ubuntu | Ubuntu 22.04

Install latest version of Redis on Ubuntu 22.04.

Redis is a popular open-source in-memory data structure storage that is often used as a caching layer for Web applications. In the context of PHP MySQL applications, such as WordPress, Redis can be used as an object cache to speed up application performance. Object caching is a technique that involves storing the results of expensive…

MariaDB | MySQL | PowerDNS

Reset PowerDNS MySQL Master Slave DNS Replication.

Although PowerDNS in native mode with a MySQL backend is usually very stable and hardly causes any problems, occasionally master slave replication between MySQL servers fails. This is usually a result of a failure in the network connection between the master and slave server, which in our case is usually through a SSH tunnel (autossh)….

Nginx

Nginx: [warn] protocol options redefined

If you get an error message “nginx: [warn] protocol options redefined” after upgrading Nginx to the latest stable version 1.24, you can easily fix it by adding “http2” to the 443 “Listen” directive in the default.conf file. vi /etc/nginx/conf.d/default.conf server { listen 80 default_server; listen [::]:80 default_server; listen 443 default_server http2 ssl; listen [::]:443 default_server…

acme.sh | LEMP | Nginx

Generate SSL certificates with acme.sh on Nginx.

In this article, we will see how to install and configure “acme.sh” to generate SSL certificates for domains and how to implement it with Nginx to secure the connection to corresponding websites hosted on our web server via “HTTPS”. To optimize the security of connections to the web server and comply with all applicable guidelines,…

DNSSEC | DANE | TLSA

Generate TLSA Record from the command line for DANE and DNSSEC.

If DNSEC is enabled for your domain, you should also create a TSLA record to implement DANE (DNS-based Authentication of Named Entities) to properly authenticate your domain. Although online tools exist to generate a TSLA record, you can also do it from the command line on the server where the SSL certificate is stored. In…

Nginx | LEMP | Ubuntu | Ubuntu 22.04

Host Multiple Domains with Nginx on Ubuntu 22.04.

In a previous article, we showed you how to set up a full LEMP stack on Ubuntu 22.04 with the latest stable version of Nginx, MariaDB and PHP, which will serve as the foundation for a reliable and performance-focused hosting platform. Nginx is a fast, lightweight and powerful web server that can also be used…

LXD | LXC | Rsync | ZFS

How to Backup LXD Containers to a Remote Host with Rsync.

In this tutorial, you will learn how to use Rsync to backup your LXD containers running on a ZFS storage pool to a remote host. Backing up your containers is an essential step in protecting your data and ensuring business continuity in case of any disaster. With Rsync, you can easily transfer the snapshot of…

Nginx

Fix 504 Gateway Timeout error using Nginx as reverse Proxy.

When using Nginx as a reverse proxy for Apache, among others, you may get timeouts with error code 504 if an application takes longer to complete a request than the default Nginx request timeout which is 60 seconds. To increase the request timeout in Nginx to serve long-running requests, we need to change the default…

LXD

How to Limit Resources on a LXD Container?

LXD containers are lightweight virtual machines that provide isolated environments for applications to run. While they are designed to be lightweight and resource-efficient, it is still possible for applications to consume excessive resources and affect the overall performance of the system. To ensure that the resources of your LXD containers are used efficiently, it is…

security.txt

Implementing security.txt.

A new standard has been proposed that will allow web sites to provide a way to communicate security-related issues. A “security.txt” file containing the relevant information should be placed in the “.well-known” directory of the web server. The securitytxt.org website has a form that allows you to quickly generate the text to be included in…

BTRFS

Adding BTRFS storage pool to LXD with an existing loop device.

In a previous post, we looked at creating a BTRFS loop device. In this tutorial, we are going to add an existing BTRFS storage pool to LXD. # storage create new-btrfs btrfs source=/mnt/btrfs Check the configuration # lxc storage show new-btrfs config: source: /mnt/btrfs volatile.initial_source: /mnt/btrfs description: “” name: new-btrfs driver: btrfs used_by: [] status:…

acme.sh

Remove domain from list of certificates in acme.sh.

It often happens that a domain is moved to another web server or is simply no longer registered and the corresponding certificate needs to be removed from the list of domains that acme.sh maintains. This can be done easily with the following command: # acme.sh –remove -d my_domain.com [Wed Feb  1 15:10:58 CEST 2022] my_domain.com…

Ubuntu 22.04 | ERPnext

Installing ERPNext 14 on Ubuntu 22.04

ERPNext is a promising Open Source ERP solutions that, unlike similar products such as Odoo is completely Open Source and as such does not require paying modules to use all its functionalities. ERPNext is built on the Frappé Framework that can be managed with the cli tool “bench”. Although somewhat cumbersome, installation is not really…

Postfix

Whitelist Hosts or IP addresses in Postfix.

To prevent a mail server in your own network (e.g. for sending alerts) from being blocked by the mail scanners/filters on your main Postfix mail server it is best to whitelist it Create a new file “rbl_override”. #vi /etc/postfix/rbl_override Add the IP addresses and host names you want to whitelist. 1.2.3.4 OK 1.2.3.5 OK [2a02:c123:1234:5a88::1]…

Letsencrypt | Certbot

Adding domains to existing Letsencrypt certificate using Certbot.

If you want to add one or more (sub)domains to an existing Letsencrypt certificate, you can use Certbot with the “–cert-name” option to accomplish this. # certbot certonly –cert-name existing-domain.com –webroot -w /var/www/virtual/existing-domain.com/htdocs/ -d existing-domain.com -d www.existing-domain.com -d first-new-domain.com -d www.first-new-domain.com -d second-new-domain.net -d www.second-new-domain.net -d third-new-domain.org -d www.third-new-domain.org Make sure you have added all…

LXD | ZFS

Fix “dataset is busy” error when deleting container in LXD.

If you try to delete a LXD container, you may get a “dataset is busy” error message because the dataset the container uses in the ZFS storage pool remains mounted in the namespace used by LXD. In this example, we will simulate this problem by trying to delete a container “alpine”. # lxc delete alpine…

LXD | LXC

Copy files and directories between host and a LXD container?

In this tutorial, we will show you how to use the “push” and “pull” command to easily copy files and directories between a host server and a LXC container and visa versa. In this example, on the host server, we will first create a file “myfile.txt” in the “tmp” directory. # touch /tmp/myfile.txt Now copy…

LXD | apt | Ubuntu

Automatically update all your running LXD containers.

While you could perform common management of multiple LXD containers with tools like Ansible or Puppet, in this tutorial we are going to show how to work with a simple script that runs on the host and automatically updates/upgrades all running Debian/Ubuntu-based containers. We could extend the script to perform other tasks or include updates/upgrades…

SSH | sSMTP

Set email alerts for root login on Linux servers.

As a Linux system administrator, it is important to know when someone logs into your server, especially as root. Unauthorized logins can cause serious security issues, as they can gain full access to the system and install unwanted and malicious software on it, among other things. Therefore, it is recommended to set up an automatic…

ZFS | LXC | LXD

How to convert a LXC container to a LXD container.

Until recently, we were still running a number of legacy LXC containers, which for years performed important mission-critical tasks very stably and with no significant problems. However, we decided to convert them to LXD containers to create a more homogeneous server environment and to simplify management. Switching to LXD also means more functionality and the…

Memcached | OpenLiteSpeed

How to Install LiteSpeed Memcached (LSMCD) with OpenLiteSpeed

Although OpenLiteSpeed (OLS) can work well with Redis or Memcached for object caching, it is recommended to use LiteSpeed Memcached (LSMCD), which was developed specifically for OLS and guarantees the best performance. LSMCD is unfortunately not available as a package for Ubuntu/Debian nor for CentOS/RHEL and thus will have to be compiled and installed manually….

MariaDB | PowerDNS

Migrating PowerDNS (Slave) Server to a New Host

Migrating a PowerDNS slave server with a new IP address can be tricky, so proper preparation is essential. Update the System and Install Required Packages Create a MySQL Database and User for PowerDNS Disable systemd-resolved and Configure Custom DNS Install and Configure PowerDNS You should see the PowerDNS service running. You should see the UDP…

ZFS

Monitoring ZFS on Linux with ZED

ZFS on Linux is without a doubt one of the most robust and powerful file systems available today. However, despite its high reliability, unexpected problems can occur quickly, especially with the underlying hardware. It is important that any error is immediately noticed and reported to the responsible system administrator, who can then intervene in time…

Nextcloud | Nginx

Error 413 on large file uploads with Nextcloud behind Nginx reverse proxy.

If you are running Nextcloud behind a Nginx proxy server, you will need to change the maximum file size for uploads which by default is only 1MB on Nginx. You can use the “client_max_body_size” directive to set the required file size for uploading. This directive can be set in the http, server or location context….

OpenLiteSpeed | WordPress

Edit php.ini settings for OpenLiteSpeed.

Modifying PHP settings is a common task when setting up a PHP-based website. Most of the settings in OpenLiteSpeed ​​can be configured with the Web Admin Console, but unfortunately this does not apply to the PHP settings. Although it is possible to add this functionality to the Web Admin Console with individual settings per virtual…

OpenLiteSpeed

How To Redirect All OpenLiteSpeed HTTP Traffic To HTTPS.

First login to the OpenLiteSpeed Web Admin Console.Click on “Configuration” and then on “Virtual Hosts” in the top navigation.Click on the virtual host you would like to redirect all traffic for.Click on “Rewrite” from the sub top navigation bar.Click on “Edit” in the top right of the “Rewrite Condition” box and change “Enable Rewrite” from…

Ubuntu | mdraid

Deleting software RAID device with swap partition during Ubuntu installation.

If you want to use HDD’s on which a raid array was created in a previous server setup we recommend to reset the HDD’s removing all existing partitions and raid arrays before starting a fresh installation using the Ubuntu installer (or any other Linux OS installer). Instructions on how to perform a full reset can…

Wipefs

Using wipefs to remove signatures and metadata from hard drives.

Wipefs is a great tool for removing signatures and metadata from used hard drives that have been previously partitioned and formatted. Removing metadata and signatures from previously used hard drives is important to ensure that when they are reused in a new system, they do not contain information that could interfere with the installation of…