Skip to main content


Showing posts with the label Installation Perquisite

How to secure Zimbra Nginx to use strong encryption ciphers for TLS ?

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence.  Further reading: In this article we will learn how to secure Zimbra Nginx to use only strong encryption ciphers for TLS. Check the following version: root@mail:~# openssl version OpenSSL 1.1.1 11 Sep 2018 zimbra@mail:~$ nginx -v nginx version: nginx/1.20.0 zimbra@mail:~$ zmcontrol -v Release 9.0.0.ZEXTRAS.20220713.UBUNTU18.64 UBUNTU18_64 FOSS edition. How to configure Protocol version TLSv1.3 to existing  zimbraReverseProxySSLProtocols ?  Check existing protocol version and Add TLSv1.3 to existing Case 1: Example ( Add to existing ) $ zmprov gcf zimbraReverseProxySSLProtocols zimbraReverseProxySSLProtocols: TLSv1 TLSv1.1 TLSv1.2 Now add TLSv1.3 to exi

How to Optimized MySQL Percona XtraDB Cluster 5.7 Performance for 1GB RAM VPS - Part 3

SQL database optimization is the extensive strategy of reducing the response time for queries in the system. Note, the database you use for your business offers you all the critical data stored in a related and hierarchical structure. This permits you to get the content and organize it easily. Database tuning, or performance tuning, involves optimizing and homogenizing the design of database files and of the database’s environment.  This can make data access easier than you imagined.  I am using three(03) node where server RAM is 1GB each. To optimize MySQL Percona node which is installed on 1GB RAM VPS you need to add  this configs in  /etc/mysql/my.cnf under [mysqld] : # vi /etc/mysql/my.cnf [mysqld] bind-address = ( Use DB Node IP for another Node ) collation-server = utf8mb4_unicode_ci init-connect='SET NAMES utf8mb4' character-set-server = utf8mb4 skip-name-resolve skip_external_locking tmp_table_size = 128M join_buffer_size = 128M innodb_doublewrite = o

How to install MySQL Percona XtraDB Cluster 5.7 on Ubuntu 18.04 LTS - Part 2

This guide describes the procedure for setting up Percona XtraDB Cluster 5.7 on Ubuntu 18.04 LTS three nodes in a multi-master replication . Multi-master replication allows writing of records in each node, so if a node will fail, we can work on the other as if nothing happened. First of all, why we choose three nodes and not only two? In any cluster, the number of nodes should be odd, so in the case of disconnection of a node, we assume that the highest group of servers has the fresh data, and should be replicated to the down node to avoid data loss. This is related only to resolve conflicts in data replication, we won't loose data written only to the disconnected node. This is used to avoid a circumstance called split brain, in which we can't automatically choose which node has correct data. Think for example of a 2 node cluster where both nodes are disconnected from each other, and the same record is written to both nodes: who wins when they come back online? We don't kn

How to install MySQL Percona XtraDB Cluster 5.7 on Ubuntu 18.04 LTS - Part 1

Percona XtraDB Cluster (PXC) is a fully open-source high-availability solution for MySQL. It integrates Percona Server and Percona XtraBackup with the Galera library to enable synchronous multi-source replication. MySQL clustering solution that helps enterprises minimize unexpected downtime and data loss, reduce costs, and improve the performance and scalability of your database environments. PXC supports your critical business applications in the most demanding public, private, and hybrid cloud environments.  A cluster consists of nodes, where each node contains the same set of data synchronized accross nodes. The recommended configuration is to have at least 3 nodes. You can convert an existing MySQL Server instance to a node and run the cluster using this node as a base. You can also detach any node from the cluster and use it as a regular MySQL Server instance. Benefits When you execute a query, it is executed locally on the node. All data is available locally, no need for remot

How to change default system email for root@hostname for Postfix in CentOS 7?

By default, any system email is generated by system is sent to root@hostname or system-user@hostname . So critical server errors, log errors, corn jobs alerts etc. all are sent to this default email address. Most likely you want to receive all the emails from different daemons and system components not to the user ‘root ’ but in another user that has access to emails.  To change it to different appropriate email id, we can do this by two ways.  Step 1: To do this, open /etc/aliases with your favourite editor and navigate to the end of the file. You will find something like this: # vi /etc/aliases root: To add multiple email ids, we can simply separate them by comma. root:, Run the aliases command, to compile aliases file. # newaliases # service postfix restart Step 2: We can simply create .forward file to the folder root and add email address there. # vi /root/.forward serveradmin@awsmo

How to install unrar with Clamav for MailScanner?

The unrar command is used to extract, list or test archive files only .ClamAV will need unrar, it can be installed from rpmforge repository , so: # cd /usr/local/src/ # wget # rpm -ivh rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm # yum update -y # yum install unrar # rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-rpmforge-dag Note: RPMForge is now RepoForge & might be outdated. There is no updates since very long time. After installing unrar, Disabled rpmforge repo:  # sed -i 's/enabled = 1/enabled = 0/g' /etc/yum.repos.d/rpmforge.repo # yum update -y Viruses are commonly spread as attachments to email messages. Install the following packages for Amavis to extract and scan archive files in email messages such as .7z, .cab, .doc, .exe, .iso, .jar, and .rar files. # yum install arj bzip2 cpio file gzip nomarch spax unrar p7zip unzip zip lrzsz lzip lz4 lzop FreshClam Setup:  freshclam will update the virus signatur

How to Secure Postfix/Dovecot on CWP Email Server on CentOS 7?

At first I would like thank to CWP team for their great effort at $11.99. It has corporate mail features better than Cpanel and others. BTW It's my personal opinion. CWP team has changes many options on Postfix and Dovecot Configuration. It is very important to secure Postfix & Dovecot for Production server that will never expose your internal office or user home network. I did some little research and studies a lot to learn Postfix & Dovecot configuration. Lets Explain my scenario:  I have a VPS and it has two IPs. Both IP has valid PTR records . You must configure a valid FQDN for your IPs. My Details are below:  My Primary Domain:  Server FQDN :  ---  (IP for Shared Hosting) Sub-Domain   :  ---  (IP for sending Outgoing Email) Now build your Mail Server with the following options that mentioned in below snapshot You can follow the link to Build your own CWP Mail Server How to Bu

Part 2: How to install Wildcard SSL to Nginx Load Balancer on Ubuntu 18.04 LTS ?

In previous tutorial We already installed and secured our Nginx Load Balancer. In this part, We are going to use Let's Encrypt Wildcard SSL for our domain. It is a free, automated, and open Certificate Authority. That means you do not need to pay charges for SSL Certificate.  Part 1: How to Configure Nginx as a Web/HTTP/HTTPS Load Balancer on Ubuntu 18.04 LTS ? Once you are logged in to your server, you need to install certbot to process further. (Certbot is not available in the default ubuntu repository.) Run the below command to add ppa repository. # sudo add-apt-repository ppa:certbot/certbot # apt update -y # apt list --upgradable # apt upgrade -y # sudo apt install certbot # apt-cache policy certbot | grep -i Installed Generate 2048 bits Wildcard SSL for # certbot certonly --manual --preferred-challenges=dns --email --server --agree-tos -d * -d Now you nee

Part 1: How to Configure Nginx as a Web/HTTP/HTTPS Load Balancer on Ubuntu 18.04 LTS ?

Load balancing across multiple application instances is a commonly used technique for optimizing resource utilization, maximizing throughput, reducing latency, and ensuring fault-tolerant configurations.  It is possible to use nginx as a very efficient HTTP load balancer to distribute traffic to several application servers and to improve performance, scalability and reliability of web applications with nginx. The following load balancing mechanisms (or methods) are supported in nginx:   round-robin: requests to the application servers are distributed in a round-robin fashion,  least-connected: next request is assigned to the server with the least number of active connections,  ip-hash: a hash-function is used to determine what server should be selected for the next request (based on the client’s IP address).   Note: Please note that with round-robin or least-connected load balancing, each subsequent client’s request can be potentially distributed to a different server. There is no