Installing Squid on CentOS 7.x and Ubuntu 16.04

Squid Proxy

Installing Squid Proxy on CentOS 7.x and Ubuntu 16.04

What is Squid Proxy

Squid is a caching and forwarding HTTP web proxy. It has a wide variety of uses, including speeding up a web server by caching repeated requests, caching web, DNS and other computer network lookups for a group of people sharing network resources, and aiding security by filtering traffic. (Read more on Wikipedia)

Making Life Easier

Again trying to make life a little bit more easier I have borrowed and modified a script that automates the installation and configuration of squid proxy on each system individually as follows;

Squid Proxy on Centos 7.x

Download the bash script from Github and edit the squid_user and squid_password fields with a custom user and a complex password. Then run the following command in bash prompt to start the one liner install.

[user@localhost ~]$ sudo -i
[root@localhost ~]# curl -O https://raw.githubusercontent.com/khaledalhashem/squid/master/squid_centos.sh
[root@localhost ~]# vi squid_centos.sh
..
squid_user=customuser
squid_password=complexpassword
..
[root@localhost ~]# chmod 0700 squid_centos.sh && bash -x squid_centos.sh 2>&1 | tee squid.log

Squid Proxy on Ubuntu 16.04

Download the bash script from Github and edit the squid_user and squid_password fields with a custom user and a complex password. Then run the following command in bash prompt to start the one liner install.

[user@localhost ~]$ sudo -i
[root@localhost ~]# curl -O https://raw.githubusercontent.com/khaledalhashem/squid/master/squid_ubuntu.sh
[root@localhost ~]# vi squid_ubuntu.sh
..
squid_user=customuser
squid_password=complexpassword
..
[root@localhost ~]# chmod 0700 squid_ubuntu.sh && bash -x squid_ubuntu.sh 2>&1 | tee squid.log

Thats all folks

Turn on your proxy and insert your proxy server address in your browser;

Firefox

Menu -> Preferences -> Scroll all the way down to Network Proxy and click Settings -> Check Manual Proxy Configuration -> Check HTTP Proxy and enter your server IP address with Port 3128.

Once you start browsing you will be asked for a username and password, use the ones you insert earlier in the script.

Chrome

Similar settings as above.

Enjoy browsing behind a proxy. 🙂

Installing LEMP Stack on CentOS 7.x and Ubuntu 16.04

Installing LEMP Stack on CentOS 7.x & Ubuntu 16.04

Once you have your VPS or Server setup the next step will be installing something to server on this Server. Most likely than not you want to serve a static website with some content in it, some might go a little further and may require dynamic content to be served. In this tutorial we will accomodate all tastes and will install what is called a ‘LEMP Stack’. In definition a lemp stack is a combination of software that will work together to serve content on the web. (L)inux (E)Nginx (M)ysql (P)HP.

In a busy day one would like to make things as simple as possible, given that sometimes you will need to configure multiple servers at the same time and even if you didn’t still making things easier is a huge bonus. A simple BASH script or one liner to automate the installation of LEMP stack is available for download/clone at https://github.com/khaledalhashem/nginx_custom. Or simply copy and paste this command into a bash prompt.

Before you do so you can edit this file to better suite your needs, I will maintain an updated stable release of all the packages and modules.

For CentOS 7.x

Run the following command in bash prompt to start the one liner install.

[user@localhost ~]$ sudo -i
[root@localhost ~]# # yum -y update && curl -O https://raw.githubusercontent.com/khaledalhashem/lemp/master/lemptest_centos.sh && chmod 0700 lemptest_centos.sh && bash lemptest_centos.sh 2>&1 | tee lemp.log
For Ubuntu 16.04
[user@localhost ~]$ sudo -i
[root@localhost ~]# # curl -O https://raw.githubusercontent.com/khaledalhashem/lemp/master/lemp_ubuntu.sh && chmod 0700 lemp_ubuntu.sh && bash -x lemp_ubuntu.sh 2>&1 | tee lemp_custom.log

Congratulations!

Tagged with: , , , , , ,

Changing Default Hostname

Changing Default Hostname

The default hostname is the hostname you choose for your VPS once you purchased it. Which should look something like hostname.example.com. Should you want to change the default name after you set up your VPS then follow this simple tutorial.

The following command under BASH will show you the current hostname.

[user@localhost ~]$ uname -n
localhost.localdomain

Step 1: Add an A record to the DNS records

At your DNS control panel add an A record to your new subdomain and point it to the IP address of your VPS. Usually this is done where you purchased your domain name at. There are many free alternative DNS hosting, however, I recommend using Cloudflare Free DNS Hosting

Select A Record for Type and enter the Host you would like to point to an IP address:

[naurus] – you can insert any name of a subdomain that should be pointed to the IP address:
A Record | naurus | 11.22.33.44

Step 2: Changing the Hostname on the VPS

The following commands can be used for changing the hostname for both CentOS 7.x and Ubuntu 16.04. As root user in CLI edit file at /etc/hostname. Using nano, vi or pico text editor:

[user@localhost ~]$ sudo vim /etc/hostname

Only add the hostname here nothing else;

naurus.example.com

You can also use the hostnamectl command to check and change the hostname too.

[user@localhost ~]$ hostnamectl --help
hostnamectl [OPTIONS...] COMMAND ...

Query or change system hostname.

  -h --help              Show this help
     --version           Show package version
     --no-ask-password   Do not prompt for password
  -H --host=[USER@]HOST  Operate on remote host
  -M --machine=CONTAINER Operate on local container
     --transient         Only set transient hostname
     --static            Only set static hostname
     --pretty            Only set pretty hostname

Commands:
  status                 Show current hostname settings
  set-hostname NAME      Set system hostname
  set-icon-name NAME     Set icon name for host
  set-chassis NAME       Set chassis type for host
  set-deployment NAME    Set deployment environment for host
  set-location NAME      Set location for host
[user@localhost ~]$

To set the hostname:

[user@localhost ~]$ sudo hostnamectl set-hostname naurus.example.com

Edit /etc/hosts file and append a new entry to existing entries associated to your server’s main IP address i.e. 11.22.33.44 to the new hostname

11.22.33.44 naurus.example.com naurus

Finally add type in the command

[user@localhost ~]$ sudo hostname naurus.example.com

Then, restart network using the systemctl command:

sudo systemctl restart network

You can check the changes by typing this command again:

[user@localhost ~]$ uname -n

If all went well then you should see your new hostname:

naurus.example.com

Congratulations!

Ubuntu: Getting Started

Ubuntu: Getting Started

Once you have a VPS setup the first thing you will need to do is logging into it.
Login to your VPS using credentials sent to you;
If you are using windows then Download PuTTY; “PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.”

Step 1 – Root Login

If using Putty just inset the server_ip_address in the IP field and hit connect which will open up the terminal.

Using a linux terminal just input the following command.

[user@localhost ~]$ ssh root@server_ip_address

You will be prompted for a password or a private-key, depending on your choice insert it to complete the login process.
root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.

We will want to update the server and add a few packages that we’ll want later

[root@remotehost ~]# apt update && apt -y upgrade && apt –y install vim tmux

Step 2 – Add User

We ultimately wouldn’t want to use the root user all the time or at all for that matter. We will add a new user ‘naurus’ and give that user root (sudo) privilages.

[root@remotehost ~]# adduser naurus
Adding user `naurus' ...
Adding new group `naurus' (1000) ...
Adding new user `naurus' (1000) with group `naurus' ...
Creating home directory `/home/naurus' ...
Copying files from `/etc/skel' ...
Retype new UNIX password:
passwd: password updated successfully
Changing the user information for naurus
Enter the new value, or press ENTER for the default
Full Name []:
Room Number []:
Work Phone []:
Home Phone []:
Other []:
Is the information correct? [Y/n]
[root@remotehost ~]#

Password prompt will come up, be sure to use a strong password, then type the password again. Optionally add the requested information and type ‘y’ to confirm.

Step 3 – Add User to Wheel

We will now add the user ‘naurus’ to the wheel group so he can run root commands.

[root@remotehost ~]# usermod -aG sudo naurus

Usermod is the command to modify user attributes. The -a switch appends the user ‘naurus’ to the sudo group without removing ‘naurus’ from his original group, -G switch adds the user ‘naurus’ to the group wheel.

Step 4 – Key Authentication

There are 2 methods in creating an authentication key pair, first is using Terminal on your local machine and second using Putty.

In all cases we need to create a .ssh directory and give it permissoins 0700, and create 2 files in there, a file called id_rsa and authorized_keys we will give them permissions of 0600

[root@remotehost ~]# su naurus
password:
[naurus@remotehost ~]$ mkdir ~/.ssh && chmod 0700 .ssh
[naurus@remotehost ~]$ touch ~/.ssh/{id_rsa,authorized_keys}
[naurus@remotehost ~]$ chmod 0600 ~/.ssh/{id_rsa,authorized_keys}
Method 1 – Create SSH Key Pair using Terminal

Under linux, open another terminal on your local machine and use the following command to create a Public/Private key pair.


[user@localhost ~]$ ssh-keygen -f ~/.ssh/id_rsa -t rsa -b 4096
Generating public/private rsa key pair.
/home/user/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EvZ2zEGSgkJpiHk2d/TR9cfWNV1Z2vVLb49a2MbNlj8 user@localhost
The key's randomart image is:
+---[RSA 4096]----+
|.+.. o. oo... .X|
|+ B o o..+. . =B|
| + + .o.. . o.B|
| . o o . .oo|
| . S + .o|
| o . + =o|
| . *.=|
| + E.|
| . o|
+----[SHA256]-----+

The algorithm is selected using the -t option and key size using the -b option, -f switch will create the file id_rsa in .ssh directory. Another file id_rsa.pub will be created in the process which is the public key. Rename id_rsa.pub to authorized_keys

[user@localhost ~]# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

To use public key authentication, the public key must be copied to a server and installed in an authorized_keys file. This can be conveniently done using the ssh-copy-id tool. Like this:

[user@localhost ~]# ssh-copy-id ~/.ssh/id_rsa naurus@server_ip_address

After the key has been installed, log into the server using the new user account.

[user@localhost ~]# ssh -l naurus server_ip_address
Method 2 – Create SSH Key Pair using Putty

This site explains how this is done well. Follow the guide to get your key pair using Putty under Windows.

https://www.ssh.com/ssh/putty/windows/puttygen

Step 5 – SSH Config

Now we need to make a few changes to the SSH Configuration file, first we want to block root access to the SSH Daemon, second we want to disallow password authentication and enable key authentication. That way we will login to the shell with the key pair we created earlier instead of naurus’s password.

To do this we will again connect to the remote host as the new user we created before ‘naurus’ by using the following command:

[user@localhost ~]$ ssh -l naurus server_ip_address

Once logged into SSH we will interact as sudo and invoke the following command to start editing the SSH Configuration file. But before we start editing the ssh configuration file let’s make a backup of it first

[naurus@remotehost ~]$ sudo -i
[sudo] password for naurus:
[root@remotehost ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@remotehost ~]# vim /etc/ssh/sshd_config

To block root access to the SSH Daemon we will look for the following line

#PermitRootLogin yes

We will want to remove the comment ‘#” and replace the yes to a no. Type the letter I to start edit mode in vim then delete the comment and replace yes to no. Press Esc key to exit edit mode and :wq to save the file and quit vim. The end result will look like this.

PermitRootLogin no

To disallow password authentication we will look for the following line and remove the comment in front of it

#PasswordAuthentication yes

So it will look like this

PasswordAuthentication yes
Restart SSH Server

For the changes to take effect the ssh server has to be restarted. Using the following command restart the ssh server.

[root@remotehost ~]# systemctl restart sshd

Before logging out of the server make sure that everything works so that you wouldn’t lock yourself out. Open a new terminal window and login to the server again, if you’re logged in using the key pair authentication then you’re all set. If not go back through this walkthrough to make sure you haven’t missed anything.

Then exit the interactive sudo we invoked earlier

[root@remotehost ~]# exit
[naurus@remotehost ~]$
What to do next?

I suggest that you follow my next walkthrough on how to install LEMP stack on your server to start serving content.

Also should you be interested in installing a VPN or even a Proxy for your server.

Centos: Getting Started

Centos: Getting Started

Once you have a VPS setup the first thing you will need to do is logging into it.
Login to your VPS using credentials sent to you;
If you are using windows then Download PuTTY; “PuTTY is an SSH and telnet client, developed originally by Simon Tatham for the Windows platform. PuTTY is open source software that is available with source code and is developed and supported by a group of volunteers.”

Step 1 – Root Login

If using Putty just inset the server_ip_address in the IP field and hit connect which will open up the terminal.

Using a linux terminal just input the following command.

[user@localhost ~]$ ssh root@server_ip_address

You will be prompted for a password or a private-key, depending on your choice insert it to complete the login process.
root is the user name or account that by default has access to all commands and files on a Linux or other Unix-like operating system. It is also referred to as the root account, root user and the superuser.

We will want to update the server and add a few packages that we’ll want later

[root@remotehost ~]# yum -y update && yum -y install sudo vim tmux

Step 2 – Add User

We ultimately wouldn’t want to use the root user all the time or at all for that matter. We will add a new user ‘naurus’ and give that user root (sudo) privilages.

[root@remotehost ~]# useradd naurus && passwd naurus
Changing password for user naurus.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
[root@remotehost ~]#

Password prompt will come up, be sure to use a strong password, then type the password again.

Step 3 – Add User to Wheel

We will now add the user ‘naurus’ to the wheel group so he can run root commands.

[root@remotehost ~]# usermod -aG wheel naurus

Usermod is the command to modify user attributes. The -a switch appends the user ‘naurus’ to the wheel group without removing ‘naurus’ from his original group, -G switch adds the user ‘naurus’ to the group wheel.

Step 4 – Key Authentication

There are 2 methods in creating an authentication key pair, first is using Terminal on your local machine and second using Putty.

In all cases we need to create a .ssh directory and give it permissoins 0700, and create 2 files in there, a file called id_rsa and authorized_keys we will give them permissions of 0600

[root@remotehost ~]# su naurus
password:
[naurus@remotehost ~]$ mkdir ~/.ssh && chmod 0700 .ssh
[naurus@remotehost ~]$ touch ~/.ssh/{id_rsa,authorized_keys}
[naurus@remotehost ~]$ chmod 0600 ~/.ssh/{id_rsa,authorized_keys}
Method 1 – Create SSH Key Pair using Terminal

Under linux, open another terminal on your local machine and use the following command to create a Public/Private key pair.


[user@localhost ~]$ ssh-keygen -f ~/.ssh/id_rsa -t rsa -b 4096
Generating public/private rsa key pair.
/home/user/.ssh/id_rsa already exists.
Overwrite (y/n)? y
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /home/user/.ssh/id_rsa.
Your public key has been saved in /home/user/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:EvZ2zEGSgkJpiHk2d/TR9cfWNV1Z2vVLb49a2MbNlj8 user@localhost
The key's randomart image is:
+---[RSA 4096]----+
|.+.. o. oo... .X|
|+ B o o..+. . =B|
| + + .o.. . o.B|
| . o o . .oo|
| . S + .o|
| o . + =o|
| . *.=|
| + E.|
| . o|
+----[SHA256]-----+

The algorithm is selected using the -t option and key size using the -b option, -f switch will create the file id_rsa in .ssh directory. Another file id_rsa.pub will be created in the process which is the public key. Rename id_rsa.pub to authorized_keys

[user@localhost ~]# mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

To use public key authentication, the public key must be copied to a server and installed in an authorized_keys file. This can be conveniently done using the ssh-copy-id tool. Like this:

[user@localhost ~]# ssh-copy-id ~/.ssh/id_rsa naurus@server_ip_address

After the key has been installed, log into the server using the new user account.

[user@localhost ~]# ssh -l naurus server_ip_address
Method 2 – Create SSH Key Pair using Putty

This site explains how this is done well. Follow the guide to get your key pair using Putty under Windows.

https://www.ssh.com/ssh/putty/windows/puttygen

Step 5 – SSH Config

Now we need to make a few changes to the SSH Configuration file, first we want to block root access to the SSH Daemon, second we want to disallow password authentication and enable key authentication. That way we will login to the shell with the key pair we created earlier instead of naurus’s password.

To do this we will again connect to the remote host as the new user we created before ‘naurus’ by using the following command:

[user@localhost ~]$ ssh -l naurus server_ip_address

Once logged into SSH we will interact as sudo and invoke the following command to start editing the SSH Configuration file. But before we start editing the ssh configuration file let’s make a backup of it first

[naurus@remotehost ~]$ sudo -i
[sudo] password for naurus:
[root@remotehost ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak
[root@remotehost ~]# vim /etc/ssh/sshd_config

To block root access to the SSH Daemon we will look for the following line

#PermitRootLogin yes

We will want to remove the comment ‘#” and replace the yes to a no. Type the letter I to start edit mode in vim then delete the comment and replace yes to no. Press Esc key to exit edit mode and :wq to save the file and quit vim. The end result will look like this.

PermitRootLogin no

To disallow password authentication we will look for the following line and remove the comment in front of it

#PasswordAuthentication yes

So it will look like this

PasswordAuthentication yes
Restart SSH Server

For the changes to take effect the ssh server has to be restarted. Using the following command restart the ssh server.

[root@remotehost ~]# systemctl restart sshd

Before logging out of the server make sure that everything works so that you wouldn’t lock yourself out. Open a new terminal window and login to the server again, if you’re logged in using the key pair authentication then you’re all set. If not go back through this walkthrough to make sure you haven’t missed anything.

Then exit the interactive sudo we invoked earlier

[root@remotehost ~]# exit
[naurus@remotehost ~]$
What to do next?

I suggest that you follow my next walkthrough on how to install LEMP stack on your server to start serving content.

Also should you be interested in installing a VPN or even a Proxy for your server.

Top