Category Archives: Linux

Everything related to Linux, Ubuntu, Centos, Debian.

Zammad throws error csrf token verification failed! Apache 2.4.41 Ubuntu 20.4

Symptoms:

Right after a fresh installation of Zammad you implement Let’s Encrypt and you are unable to login to your Zammad portal due to the following error.

CSRF token verification failed!

Cause:

When you install Zammad, it’ll automatically create a zammad.conf file under the path /etc/apache2/sites-enabled.

Until this moment your web page should be functioning normal, the problem starts when you implement the Let’s Encrypt certificate which creates another .conf file that would corrupt the web server and cause the error you’re having.

Solution:

To solve this problem simply, change the extension of the zammad-le-ssl.conf file into something else other than .conf and restart apache or nginx.

Solution 2:

You need to uncomment the “ServerTokens Prod” part in your configuration file if the solution 1 doesn’t work.

Solution 3:

Beneath the SSO Setup you need to make sure to change the RequestHeader set X_FORWARDED_PROTO ‘http’ to https as in the below line.

After you apply all those, you need to restart both apache and zammad services.

Here’s a working configuration of Zammad


# security - prevent information disclosure about server version
ServerTokens Prod

<VirtualHost *:80>
    ServerName support.cloud-net.tech
    Redirect permanent / https://support.cloud-net.tech
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    SSLCertificateFile /etc/letsencrypt/live/support.cloud-net.tech/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/support.cloud-net.tech/privkey.pem
    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem

    ## don't loose time with IP address lookups
    HostnameLookups Off

    ## needed for named virtual hosts
    UseCanonicalName Off

    ## configures the footer on server-generated documents
    ServerSignature Off

    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy 127.0.0.1:3000>
      Require local
    </Proxy>

    ProxyPass /assets !
    ProxyPass /favicon.ico !
    ProxyPass /apple-touch-icon.png !
    ProxyPass /robots.txt !
    ProxyPass /ws ws://127.0.0.1:6042/
    ProxyPass / http://127.0.0.1:3000/

    # change this line in an SSO setup
    RequestHeader unset X-Forwarded-User
    RequestHeader set X_FORWARDED_PROTO 'https'

    # Use settings below if proxying does not work and you receive HTTP-Errror 404
    # if you use the settings below, make sure to comment out the above two options
    # This may not apply to all systems, applies to openSuse
    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"

    DocumentRoot "/opt/zammad/public"

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory "/opt/zammad/public">
        Options FollowSymLinks
              Require all granted
    </Directory>
</VirtualHost>
# security - prevent information disclosure about server version
ServerTokens Prod

<VirtualHost *:80>
    ServerName support.cloud-net.tech
    Redirect permanent / https://support.cloud-net.tech
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    SSLCertificateFile /etc/letsencrypt/live/support.cloud-net.tech/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/support.cloud-net.tech/privkey.pem
    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem

    ## don't loose time with IP address lookups
    HostnameLookups Off

    ## needed for named virtual hosts
    UseCanonicalName Off

    ## configures the footer on server-generated documents
    ServerSignature Off

    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy 127.0.0.1:3000>
      Require local
    </Proxy>

    ProxyPass /assets !
    ProxyPass /favicon.ico !
    ProxyPass /apple-touch-icon.png !
    ProxyPass /robots.txt !
    ProxyPass /ws ws://127.0.0.1:6042/
    ProxyPass / http://127.0.0.1:3000/

    # change this line in an SSO setup
    RequestHeader unset X-Forwarded-User
    RequestHeader set X_FORWARDED_PROTO 'https'

    # Use settings below if proxying does not work and you receive HTTP-Errror 404
    # if you use the settings below, make sure to comment out the above two options
    # This may not apply to all systems, applies to openSuse
    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"

    DocumentRoot "/opt/zammad/public"

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory "/opt/zammad/public">
        Options FollowSymLinks
              Require all granted
    </Directory>
</VirtualHost>
# security - prevent information disclosure about server version
ServerTokens Prod

<VirtualHost *:80>
    ServerName support.cloud-net.tech
    Redirect permanent / https://support.cloud-net.tech
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLProtocol all -SSLv2 -SSLv3
    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH

    SSLCertificateFile /etc/letsencrypt/live/support.cloud-net.tech/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/support.cloud-net.tech/privkey.pem
    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem

    ## don't loose time with IP address lookups
    HostnameLookups Off

    ## needed for named virtual hosts
    UseCanonicalName Off

    ## configures the footer on server-generated documents
    ServerSignature Off

    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy 127.0.0.1:3000>
      Require local
    </Proxy>

    ProxyPass /assets !
    ProxyPass /favicon.ico !
    ProxyPass /apple-touch-icon.png !
    ProxyPass /robots.txt !
    ProxyPass /ws ws://127.0.0.1:6042/
    ProxyPass / http://127.0.0.1:3000/

    # change this line in an SSO setup
    RequestHeader unset X-Forwarded-User
    RequestHeader set X_FORWARDED_PROTO 'https'

    # Use settings below if proxying does not work and you receive HTTP-Errror 404
    # if you use the settings below, make sure to comment out the above two options
    # This may not apply to all systems, applies to openSuse
    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"
    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"

    DocumentRoot "/opt/zammad/public"

    <Directory />
        Options FollowSymLinks
        AllowOverride None
    </Directory>

    <Directory "/opt/zammad/public">
        Options FollowSymLinks
              Require all granted
    </Directory>
</VirtualHost>

Hope this helps

Secure Zammad with LetsEncrypt Certıfıcate on Ubuntu 20.4 Apache

The Story

after installing Zammad ticketing system I tried to implement Let’sEncrypt certificate to secure the system but there was nothing available on the internet except an old article about implementing this on Ubuntu 16 with Nginx (see article here).

In my case I was using apache and no Nginx in place, and after installing Zammad it was using pretty fine on Http but needed to redirect http to HTTPS after implementing the certificate.

Zammad: Intuitive Service Desk with connection to i-doit | i-doit

Solution:

I first Installed Certbot for apache and then I took a backup of all my Zammad configuration and made sure not to alter the default Zammad directory.

So I created a dummy folder called /var/www/support and a file called /var/www/support/index.html within that folder and provided them the appropriate permissions.

sudo apt install certbot python3-certbot-apache

 sudo mkdir /var/www/support

sudo chown -R $USER:$USER /var/www/support

sudo chmod -R 755 /var/www/support

sudo nano /var/www/support/index.html


Edit the index.html file with the following to make sure that it works

<html>
             <head>
                         <title>Welcome to Your_domain!</title>
             </head>
             <body>
                       <h1>Success! The your_domain virtual host is working!</h1>
           </body>
</html>

image

image

Edit Zammad’s Default Config File

Please make sure you take a move the original copy of Zammad file to another location using the following command

sudo mv /etc/apache2/sites-enabled/zammad.conf /etc/apache2/sites-enabled/zammad.bak

Then we’ll replace the file with this configuration but since we moved the original file to .bak then we’ll have to recreate it with our intended configuration.

Edit a new zammad.conf file and copy the configuration below

sudo vi /etc/apache2/sites-enabled/zammad.conf

Configuration starts below this:

#

# this is the apache config for zammad

#

# security – prevent information disclosure about server version

#ServerTokens Prod

<VirtualHost *:8080> # I changed the default port of Zammad to 8080 to allow Letsencrypt to connect on 80 and create the certificate

# replace ‘localhost’ with your fqdn if you want to use zammad from remote

ServerName localhost:8080

## don’t loose time with IP address lookups

HostnameLookups Off

## needed for named virtual hosts

UseCanonicalName Off

## configures the footer on server-generated documents

ServerSignature Off

ProxyRequests Off

ProxyPreserveHost On

<Proxy 127.0.0.1:3000>

Require local

</Proxy>

ProxyPass /assets !

ProxyPass /favicon.ico !

ProxyPass /apple-touch-icon.png !

ProxyPass /robots.txt !

ProxyPass /ws ws://127.0.0.1:6042/

ProxyPass / http://127.0.0.1:3000/

— INSERT — 10,38 Top

DocumentRoot “/opt/zammad/public”

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory “/opt/zammad/public”>

Options FollowSymLinks

Require all granted

</Directory>

</VirtualHost>

<VirtualHost *:80>

ServerName support.cloud-net.tech

DocumentRoot /var/www/support

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

– ————————-

In the above configuration we did two things:

1- Replacing the original Zammad listening port instead of 80 to 8080

2- Created a new virtual host that points to our dummy folder /var/www/support

Save the file and exit from vi

Make sure you restart Apache after this

sudo systemctl restart apache2

Enable the new site configuration

sudo a2ensite zammad.conf

Lets create the certificate

In the below commands , the first one will drive you through the process of getting the certificate.

The second checks the status of the configuration of the auto renewal script certbot and third command tests the renewal of the certificate.

1- sudo certbot –apache

2- sudo systemctl status certbot.timer

3- sudo certbot renew –dry-run

As you can see in the below screenshot the command also asks you if you’d like to redirect all http traffic to HTTPS. You should want to say Y to that.

clip_image001

clip_image001[4]

When you accept creating Redirection rule from HTTP to HTTPs the main Zammad config will get that configuration which wont work in that case because we already changed the default zammad port to 8080.

So you’ll need to get into that zammad.conf that you created again and enter the redirection portion

image

# this is the apache config for zammad
#


# security – prevent information disclosure about server version
#ServerTokens Prod


<VirtualHost *:8080>
     # replace ‘localhost’ with your fqdn if you want to use zammad from remote
     ServerName support.cloud-net.tech:8080


    ## don’t loose time with IP address lookups
     HostnameLookups Off


    ## needed for named virtual hosts
     UseCanonicalName Off


    ## configures the footer on server-generated documents
     ServerSignature Off


    ProxyRequests Off
     ProxyPreserveHost On


    <Proxy 127.0.0.1:3000>
         Require local
     </Proxy>


    ProxyPass /assets !
     ProxyPass /favicon.ico !
     ProxyPass /apple-touch-icon.png !
     ProxyPass /robots.txt !
     ProxyPass /ws ws://127.0.0.1:6042/
     ProxyPass /
http://127.0.0.1:3000/


    # change this line in an SSO setup
     RequestHeader unset X-Forwarded-User


     DocumentRoot “/opt/zammad/public”


    <Directory />
         Options FollowSymLinks
         AllowOverride None
     </Directory>


    <Directory “/opt/zammad/public”>
         Options FollowSymLinks
         Require all granted
     </Directory>


RewriteEngine on
RewriteCond %{SERVER_NAME} =support.cloud-net.tech
RewriteRule ^
https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<VirtualHost *:80>
     ServerName support.cloud-net.tech
RewriteEngine on
RewriteCond %{SERVER_NAME} =support.cloud-net.tech
RewriteRule ^
https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

image

Note:

You need to make sure that you have enabled port 443 on your Firewall and changed the main protocol of Zammad to HTTPs

To do so you’ll need to get into the Zammad portal > Settings > System > Http Type and change that to HTTPS.

image

That’s it, my example here worked as expected and now my traffic is automatically getting redirected to https.

image

Hope this helps anyone looking for such configuration.

Please consider donating to this Bitcoin account if you like this article or website.

image

Resizing Plesk Linux (Ubuntu) server on Hyper-V with dynamic expansion

Change Production Environment VM (Plesk):

Having to change a production Environment Virtual Machine while hosting multiple website could be a nightmare especially when you have no space left and websites are on the edge of error.

I got a complaint from one of the webmasters of the websites that her password was not working so I went and changed it from Plesk however, it didn’t actually work.

When connected to the server I realized that there was no space left on the server

Ubuntu 18.04 is the server edition.

On my Hyper-V Host I went and checked if I can resize the VM while it’s on but unfortunately since the machine has Checkpoints. After switching off the machine and removing the Checkpoints I was able to resize the disk to 700GB and start it again.

In this article I will take you through the process or resizing the Linux Machine starting from Hyper-V all the way until your Plesk Server is able to provision this disk space.

Resize Linux / Ubuntu on Hyper-V

To Resize Ubuntu/Linux Server on HyperV

Edit Machine On Hyper-V, If the edit button is greyed out then you’ll need to switch off the VM to be able to expand the physical disk.

clip_image001

After expanding the disk (in my case I expand it to 712GB) since the current disk is 100% full already

clip_image002

clip_image003

Scan Physical Disk Space

After expansion on Hyper-V is successful, I will switch on the VM, then will need to rescan the already connected disk, first identify which disk you want to rescan. (in my case it is sda3)

ls /sys/class/scsi_disk/

In my example, I see a symlink named 2:0:0:0, so we rescan this scsi-disk.

clip_image004

echo ‘1’ > /sys/class/scsi_disk/2\:0\:0\:0/device/rescan

When trying to scan as a normal user or a superuser in normal mode, I get permission denied issue so I will go ahead and turn to Root mode

clip_image005

Scanning is finished

Change Volume Disk

Follow the instructions below in order to expand the machine’s disk and introduce the changes to Plesk.

Run Parted as a super user (Root or sudo su superuser)

Press P to list partitions and then choose the partition you want to expand.

In my case it’s going to be Partition 3

clip_image006

In order to resize the partition 3 I will type

Resizepart 3

And next to that you’ll have to put the value that you need to expand the disk (In my case I will type -0)

-0 value will give it provision the entire disk space from Hyper-V

clip_image007

After doing so, the new value of partition 3 will be updated

clip_image008

Quit

Resize Logical Volume

The file system meta information needs to indicate the size of disk, and resize2fs updates this. Thus, after expanding, run resize2fs /dev/sda3.

If resize2fs didn’t work for any reason try pvresize in Root Mode

pvresize /dev/sda3

To write changes to the Logical Volume run the following command

lvextend -l +100%FREE /dev/mapper/ubuntu–vg-ubuntu–lv

clip_image009

It’s recommended to do this in read mode, so I will quit the root and get back to my normal user

Let’s see the Volume Group using VGS command, as you can see it looks like the Volume group has already updated the size.

image

Now we need to check the Physical Volume. sda3 was upgraded from 268GB to 711 GB

image

Next we’ll need to check the Logical Volume and see if it is updated

To do this, type sudo lvdisplay

image

Let’s check if there’s any update on the Logical Volumes by using

sudo df –H

image

The disk I need to increase is /dev/mapper/ubuntu—vg-ubuntu—lv

Last step:

Extending Logical Volume

To do this I will type the command

Sudo resize2fs /dev/mapper/ubuntu—vg-ubuntu—lv

This should take care of the disk expansion

image

Once this command is successful, It should reflect on the disk size via command df -H

image

Hope this help someone, If for some reason your Plesk stopped working after this please try to move the tc.log file to another location and then restart mysql/mariadb

sudo mv /var/lib/mysql/tc.log /root/

sudo service mariadb start

Onboarding Linux Client (DEEPIN) to Microsoft Azure Threat protection ATP using ubuntu repository

Installing Microsoft Azure Threat Protection (ATP) on Linux Devices

While playing with ATP on some windows devices, I was in the mood of trying the new Deepin 20 desktop flavor which is a famous Chinese Linux OS based system.

Microsoft doesn’t indicate anywhere that installation of ATP on a Linux client is possible but Linux server is mentioned in the official ATP installation documents.

How to Install?

After I installed the Deepin OS, I was really impressed by the new beautiful Linux design so I plan to use it and have it secure with ATP.

image

Prerequisites:

  1. Configure the Linux software repository for Ubuntu and Debian
  2. Application Installation
  3. Download the onboarding Package
  4. Client Config

1-Configure the Linux software repository for Ubuntu and Debian

You will need to install the required libraries, install Gpg, apt-transport-https and update repository metadata using the following commands one by one.

  • sudo apt-get install curl

image

  • sudo apt-get install libplist-utils

image

image

  • sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-ubuntu.list
  • sudo apt-get install gpg

image

image

image

After successfully installing all the libraries, I will go ahead and install the application

2- Application Installation

From the Linux client Terminal using sudo power user run the following script

sudo apt-get install mdatp

image

Once finished, You can go back to the ATP portal and download the Linux Onboarding package on the linux server/client you want to onboard

3- Download the onboarding Package

Since I am doing a single deployment not bulk, then I will go to the Microsoft Defender Security Center’s setting page and download the Linux package from the device management section.

image

The steps for the onboarding is already mentioned on that page so after you download the script you’ll know exactly what to do next.

The file is 9kb python in size

image

Copy the file to your Linux Desktop

image

4- Client Config

From the terminal type in chmod a+x MicrosoftDefenderATPOnBoardingLinuxServer.py and hit enter

Note: python must be installed on this linux dervice.

Then type python /MicrosoftDefenderATPOnBoardingLinuxServer.py

image

This will run pretty quick and will assign your Linux server/client with your Organization ID.

To see the Organization ID type:

mdatp –health orgId

image

Few minutes later you’ll be able to see the installation completion and the status through this command

Check if WDATP is functioning as expected

mdatp –health healthy

image

Check if WDATP agent is enabled

mdatp –health realTimeProtectionEnabled

image

Let’s check on our ATP portal and see if the machine is showing there.

Note: It might take 5-15 mins to update the definitions of WDATP when onboarding.

image

Running a detection Test:

curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt

image

In few seconds the file has disappeared

image

Checking for threats

mdatp –threat –list –pretty

image

Let’s see this on the ATP Portal

image

image

This is just a test malware not a real one therefore it wont harm your machine at all.

Hope this helps you with your deployments

Ref:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually

Deepin 20 Beta version

https://www.deepin.org/en/2020/04/15/deepin-20-beta/

Deploy Azure Linux and Windows servers in 10 mins via cli

This is a step by step guide about deploying Linux or Windows servers on Azure via CLI.

Why Cli?

Some people prefer using Linux rather than PowerShell and it seems sometimes easier and faster to learn esp if you’re not GUI type of person.

Installation Options

If you’re working on Windows and would like to use CLI, you’ll have two options to install CLI

Option 1

Run Azure CLI installation directly from your Powershell (PowerShell needs to run from a privileged account)

Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList ‘/I AzureCLI.msi /quiet’

As soon as you run this command, it’ll take about 5 mins or less depending on the connection you have.

clip_image001

Option 2

Download the MSI file directly from MS’s link and install it on your Computer.

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest

Connect to Azure CLI from PowerShell

Run PowerShell or CMD and type the following command to connect

Az Login then hit enter

As soon as you type this, a web page will be launched asking you for your Azure Account credentials so open the session for your Cli window.

The moment you verified your account, PowerShell will list your azure plans that you have / had before.

clip_image002

If you’re going to use Linux (Ubuntu, Debian) flavor then you’d have to following the following instructions

Manual install instructions

If you don’t want to run a script as superuser or the all-in-one script fails, follow these steps to install the Azure CLI.

  1. Get packages needed for the install process:

    bash

    
    
    sudo apt-get update
    sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg
  2. Download and install the Microsoft signing key:

    bash

    
    
    curl -sL https://packages.microsoft.com/keys/microsoft.asc |
        gpg --dearmor |
        sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg &gt; /dev/null
  3. Add the Azure CLI software repository:

    bash

    
    
    AZ_REPO=$(lsb_release -cs)
    echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" |
        sudo tee /etc/apt/sources.list.d/azure-cli.list
  4. Update repository information and install the

    azure-cli

    package:

    bash

    
    
    sudo apt-get update
    sudo apt-get install azure-cli

Run the Azure CLI with the

az

command. To sign in, use the az login command.

  1. Run the

    login

    command.

    Azure CLI

    Try It

    
    
    az login

    If the CLI can open your default browser, it will do so and load an Azure sign-in page.

    Otherwise, open a browser page at https://aka.ms/devicelogin and enter the authorization code displayed in your terminal.

  2. Sign in with your account credentials in the browser.

To learn more about different authentication methods, see Sign in with Azure CLI.

Deploying Linux (CentOS):

Creating a Resource Group for Azure Container Instances (ACI)

We will start first by creating a Resource Group for our Machine, calling it a AzureLinuxServersGroup to easily identify that this group contains our Linux Servers

az group create –name AzureLinuxServersGroup –location westeurope

clip_image001[4]

Next we will be creating a container to contain the Linux OS on the resource group which we have just created

First, How we know which Image to use and if that will be proper for our deployment?

To answer that, we will use the following command which will view the available latest edition Linux OS with different flavors.

I would like to use CentOS since its identical to RedHat and used by majority of Enterprises.

To list the Images, Enter the following command

az vm image list –output table

clip_image002[4]

Notice there are many columns, The one which we are going to use in terminal command line is the UrnAlias. It’s important to remember this.

az vm create \

–resource-group AzureLinuxServersGroup \

–name AzureCentOSWP \

–image CentOS \

–admin-username Moh10lyUser \

–generate-ssh-keys

clip_image003

Since we are using Bash, It’s a case sensitive and it complained about user having capital letters. So we’ll go ahead and use small letters

clip_image004

After running the command with small letters, it’s telling us where we can find the keys in order for us to reach and get them to use later to login to this newly created machine.

SSH key files ‘/home/moh10ly/.ssh/id_rsa’ and ‘/home/moh10ly/.ssh/id_rsa.pub’ have been generated under ~/.ssh to allow SSH access to the VM. If using machines without permanent storage, back up your keys to a safe location.

The deployment of the machine takes about 3 mins, and it’ll be created with the default minimum resources. Let’s view

clip_image005

Our machine is ready to be accessed now

clip_image006

In order for you to get the SSH Keys, you’ll have to have a bit of knowledge

I am going to go the location mentioned previously after creating a machine and copy the keys from the bash screen into a file. Save the file and Import it into SSH client which I will be using (Bitvise in my case).

From the bash screen goto cd /

Cd /home/user/.ssh/

Cat id_rsa hit enter and copy the key and save it into notepad.

Cat id_rsa.pub and copy/save into a notepad as the public key.

clip_image007

After loading both keys, I was able to successfully login to the Server

clip_image008

clip_image009

clip_image010

Get a list of Azure VMS

az vm image list

clip_image011

Let’s List and deploy a WordPress on CentOS

To view the list of available CentOS images, we’ll use the following cli command

az vm image list -f CentOS –all

The image needs to be grabbed from dockerhub URL

cognosys:wordpress-with-centos-77-free:wordpress-with-centos-77-free:1.2019.1008

az container create –resource-group mohazbackupgroup –name mohcontainer –os-type Linux –image cognosys:wordpress-with-centos-77-free:wordpress-with-centos-77-free:1.2019.1008 –dns-name-label azmohlinux –ports 22

Create Windows Server core with IIS

az container create –resource-group mohazbackupgroup –name mohcontainer –os-type windows –image mcr.microsoft.com/windoervercore/centos –dns-name-label azmohlinux –ports 22ws/servercore/iis:nanoserver –dns-name-label azmohiis –ports 80

clip_image012

Here we go I got a machine ready (took about 5 mins)

clip_image013

azmohiis.westeurope.azurecontainer.io

To delete the container, you can write the following

az container delete –resource-group mohazbackupgroup –name mohcontainer

clip_image014

clip_image015

Stay tuned for more articles about Azure.

Windows 10 powershell’s Linux sudo apt-get install like CMDlet with Chocolately app

The Story

Windows 10 has arrived finally and with it came lot of new features, and one of my favorite new features is that you can finally install applications through powershell just like Linux OS’s terminal window command (apt-get install).

Although the command is still pretty new and lack many repositories where you can find and install applications from.

There’s already some people who are working on adding sources of applications which you can test initially before Microsoft asks product companies to start making their own repositories so Powershell can trust these sites and applications.

One of the sites that are working on providing Windows 10 with repositories is https://chocolatey.org/ which provides hundreds of softwares that can be installed through PS.

To install Chocolately repository simply do the following

Open powershell as an administrator and paste the following cmdlet

@powershell -NoProfile -ExecutionPolicy Bypass -Command “iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’))” && SET PATH=%PATH%;%ALLUSERSPROFILE%\chocolatey\bin

clip_image001

Then this

iex ((new-object net.webclient).DownloadString(‘https://chocolatey.org/install.ps1’))

clip_image002

From

https://chocolatey.org/

As soon as you have installed chocolately, you will get a new huge list of applications that can be installed with a very simple and short cmdlet as in the below screenshots.

The good things about these cmdlets is it can be used to deploy an app for a huge number of clients by simply running the script through GPO or batch file.

I am going to install VLC and Google drive on my computer using these cmdlet …

Find-Package

Find-package -Name VLC

clip_image003

clip_image004

Install-package

clip_image005

clip_image006

clip_image007

Checking if the app is really installed or not?

clip_image008

——————————————

Find and install google drive package

Downloading

clip_image009

Installing

clip_image010

clip_image011

If an application doesn’t install, how to troubleshoot it?

If for instance you were trying to install a package or app and that doesn’t work or get stuck then you can navigate to the Chocolately directory and delete any package that you tried to install but were suspended for any reason.

c:\Chocolately\lib\

clip_image012

You can simply delete the whole directory or the file that ends with extension .nupkg and try again to install…

clip_image013

CHANGE WORDPRESS DOMAIN USING HTTP://WP-CLI.ORG/

These are instructions that demonstrate how to change WordPress to match your replaced or changed Public domain. as this occurs in case if you are already using WordPress and have it published on let’s say Domain1.com and then you transferred this domain to Domain2.com.

When you try to reach wordpress website from your new public domain. you might not reach it or wordpress might try to redirect you to your old domain1.com instead.

In order to fix this, we’ll have to use a tool called wp-cli which fixes this configuration problem. to do so please open your SSH shell or get in your UBuntu server and do the following.

  1. sudo curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
clip_image001

2. From User@UbuntuServer:/var/www/html$ I will run the following command to make sure that the command is working

sudo php wp-cli.phar –info

clip_image002

3. I’ll move the file to a new path and location so I can access it from anywhere using only the command WP.

First I will give the required permissions

moh10ly@Ubunut-Mohammed:/var/www/html$ sudo chmod +x wp-cli.phar

clip_image003

Next I will move the file

sudo mv wp-cli.phar /usr//local/bin/wp

clip_image004

3. Check if the file is working properly after moving?

clip_image005

4. Final step is to change the domain of your wordpress site to a new domain.

My previous domain was www.mytechweb.ga and now I changed it to www.moh10ly.website

So I only used two commands to change the domain name to the new on

5. moh10ly@Ubunut-Mohammed:/var/www/html$ wp option update home “http://www.moh10ly.website

clip_image006

6. moh10ly@Ubunut-Mohammed:/var/www/html$ wp option update siteurl “http://www.moh10ly.website

clip_image007

Now I tested my website and it’s working perfectly…

http://wp-cli.org/

What to have in your Linux Desktop?

The tools that a Must have on Linux Desktop are

1- Variety

(Automatic desktop wallpaper downloader and customizer), Variety also displays quotes on your desktop along with wallpapers.

clip_image001

2- Cairo dock (shortcut bar to Applications)

clip_image002

3- Shutter (Graphic tool)

Shutter is a graphic tool that can take snapshots, desktop screenshots and edit them or send them to your e-mail.

it’s very powerful and every button on it can be customized with a shortcut by the keyboard. for example if you want to create a shortcut for screen selection (Like the OneNote on Windows) you can simply open the keyboard shortcuts app (mate-keybinding-properties)

clip_image003

Once you have launched the keyboard shortcuts utility, you can customize a new shortcut to take a screenshot for you with Shutter by selection.

clip_image004

You will have to click on Add and create a new shortcut as following

clip_image005

Once you click apply, you can assign the shortcut for this command.

For example, I am using the shortcut CTRL + SHIFT + S

clip_image006

4- Remote Desktop tools

A- NoMachine

NoMachine is a free and very powerful remote desktop utility that works on all Operating systems and supports all kinds of features that are available in other remote desktop utlities like (Radmin, Teamviewer, RDP).

clip_image007

5- OneDrive for Linux.

http://xmodulo.com/sync-microsoft-onedrive-linux.html

Install onedrive-d on Linux

While onedrive-d was originally developed for Ubuntu/Debian, it now supports CentOS/Fedora/RHEL as well.

Installation is as easy as typing the following.

$ git clone https://github.com/xybu92/onedrive-d.git

$ cd onedrive-d

$ ./inst install

First-Time Configuration

After installation, you need to go through one-time configuration which involves granting onedrive-d read/write access to your OneDrive account.

First, create a local folder which will be used to sync against a remote OneDrive account.

$ mkdir ~/onedrive

Then run the following command to start the first-time configuration.

$ onedrive-d

It will pop up a onedrive-d’s Settings window as shown below. In “Location” option, choose the local folder you created earlier. In “Authentication” option, you will see “You have not authenticated OneDrive-d yet” message. Now click on “Connect to OneDrive.com” box.

clip_image008

It will pop up a new window asking you to sign in to OneDrive.com.

clip_image009

After logging in to OneDrive.com, you will be asked to grant access to onedrive-d. Choose “Yes”.

clip_image010

Coming back to the Settings window, you will see that the previous status has changed to “You have connected to OneDrive.com”. Click on “OK” to finish.

clip_image011

Sync a Local Folder with OneDrive

There are two ways to sync a local folder with your OneDrive storage by using onedrive-d.

One way is to sync with OneDrive manually from the command line. That is, whenever you want to sync a local folder against your OneDrive account, simply run:

$ onedrive-d

onedrive-d will then scan the content of both a local folder and a OneDrive account, and make the two in sync. This means either uploading newly added files in a local folder, or downloading newly found files from a remote OneDrive account. If you remove any file from a local folder, the corresponding file will automatically be deleted from a OneDrive account after sync. The same thing will happen in the reverse direction as well.

Once sync is completed, you can kill the foreground-running onedrive-d process by pressing Ctrl+C.

clip_image012

Another way is to run onedrive-d as an always-on daemon which launches automatically upon start. In that case, the background daemon will monitor both the local folder and OneDrive account, to keep them in sync. For that, simply add onedrive-d to the auto-start program list of your desktop.

When onedrive-d daemon is running in the background, you will see OneDrive icon in the desktop status bar as shown below. Whenever sync update is triggered, you will see a desktop notification.

clip_image013

6- Evolution Email Client for Exchange accounts.

If you ever thought of using an e-mail client that supports your account on Microsoft Exchange Email server’s protocol which is known as (RPC over HTTP) then you have probably used Mozilla thunderbird or kmail, geary..etc but all those clients don’t support Exchange’s most flexible connectivity which is RPC over HTTP that will sync all your emails, contacts, tasks, calendars ..etc

To Install evolution, all you have to do is open Linux Terminal and type the following

Sudo apt-get install evolution

clip_image014

Since I already have Evolution installed it won’t proceed and will tell me that it’s already installed. but that’s not all!

In order to setup an Exchange account on Evolution you will have to install an Evolution plugin that will support the web services for the RPC over http connectivity which is known as (EWS = Exchange Web Services).

In order to install this plugin you will have to type the following command

Sudo apt-get install Evolution-ews

clip_image015

Once you install the plugin, you can launch the program and setup your account as following.

Click on Add as in the picture

clip_image016

When you click add you should be welcomed by a message saying “Welcome to Evolution wizard ..etd”

Click Continue and then type in your name and email address in the next window

You can skip the automatic configuration as Evolution still doesn’t support Exchange Autodiscover mechanism for auto configuration of the account. so you must manually provide all the configuration of your exchange as following

clip_image017

In the host URL you will have to provide your Exchange server’s EWS URL which usually looks like this

https://mail.domain.com/ews/exchange.asmx

In my case I am using an Office 365 account so instead I’ll use Microsoft’s EWS url.

https://outlook.office365.com/ews/exchange.asmx

For the OAB (Offline Address Book) you also need to provide the configured URL of the OAB on your Exchange Server. which in my case again it’s Microsoft Office 365.

https://outlook.office365.com/OAB

you will need to make sure that the correct authentication method is set (NTLM) in my case, this can vary though on Exchange server’s Outlook Anywhere configuration. it can be Basic as well. so it’s up to your configuration to choose but for Office 365 it’s NTLM.

clip_image018

Once you finish the configuration you can continue and you’ll get prompted to enter your Credentials. as soon as you finish typing your Password hit enter and your e-mails will start syncing. as in the following snapshot

clip_image019

That’s it, you’re setup here either if it’s an exchange on-premises or Office 365 for Linux desktop client.

Here’s another guide for the new mapi connectivity for Evolution, probably the same steps

https://www.linux.com/learn/tutorials/370590:connect-evolution-to-an-exchange-server

7- For Office (Word, Powerpoint ..etc) I prefer to use Kingsoft’s community version along with LibreOffice

Since Libre office provide more tools or the full package I still use it on Linux but Kingsoft’s WPS tools have a user friendly and rich of tools GUI.

clip_image020

In order to download WPS software you will have to navigate to the link below and download the suitable version with your Linux OS. or use the terminal to download latest available version with the following command

sudo apt-get install wps-office

http://wps-community.org/download.html

8- For media there are various available software and tools that you can use on Linux to either listen to music or edit mp3s or convert media types.

A- Audacity (Convert and Edit audio files).

B- Spotify (listen to music online)

C- Clementine (Listen to Music on your computer)

D- VLC (Watch Videos on your PC) or use it as a streaming server.

There are other useful tools and things to do on Linux OS as it’s a very flexible and customizable OS but I’ll end this article here and write a new one about how to decorate your welcome screen and your desktop with beautiful pictures and tools.

Hope you find this useful