Install Lets encrypt on Linux AMI

Run Following Commands :

curl -O https://dl.eff.org/certbot-auto
chmod +x certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto

Make sure apache is running on 443 port and it is opened.

Install mod ssl using following command

sudo yum install mod24_ssl

We have used this command because we have installed httpd using `sudo yum install -y httpd24 php56 php56-mysqlnd`

If you have installed httpd using `sudo yum install httpd`, install mod_ssl using
`sudo yum install mod_ssl`
 
Now install certificates using

certbot-auto -d domain.com --debug

https://coderwall.com/p/e7gzbq/https-with-certbot-for-nginx-on-amazon-linux

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

lets encrypt has one security vulnerability so changed command for generating https certificates

Solution :

sudo certbot --authenticator webroot --installer apache

Now it will ask the domain name to install certificates for it. Follow the instructions and you can install certificates successfully.

Note :
Now this issue has been fixed. Update lets encrypt and use regular commands.

s3cmd - 400 Bad Request

ERROR: S3 error: 400 (Bad Request):

Solution :
Use latest version of s3cmd
https://sourceforge.net/projects/s3tools/files/s3cmd/

mod_qos(004): failed to create mutex (ACT)(/var/tmp/K564968484.mod_qos): No space left on device

Solution :
Apache cannot be started because of this error, it means you have installed and enabled qos module in apache to avoid ddos attack. Now apache is crashed automatically and you are not able to start it.

Disable qos module

sudo a2dismod qos

Restart apache2

Error : django.db.utils.ProgrammingError: permission denied for relation django_migrations

While running django migrations for postgresql if you get above error, there may be chances that postgresql user which is used in connection file does not have sufficient permissions to run the migrations command. You need to provide privileges to postgresql user using super user.
1. Log into the database which is going to be migrated using super user

\c database name

2. Run following queries

GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public to username;
GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public to username;
GRANT ALL PRIVILEGES ON ALL FUNCTIONS IN SCHEMA public to username;

Change text username with postgresql user which is used in server side postgresql connection file.

Note :
Generally you get this error while running python manage.py migrate 
and above solution works well for this error.

Apache - Block IP or an IP Range to prevent opening your site

If you want to block IPs from accessing your site, you can simply achieve it using an htaccess file. Add following line in .htaccess and IP owner will not be able to open your site anymore.

Suppose you want that your site should not be opened from IP 46.161.9.67, you need to add a line your .htaccess file.

Deny from 46.161.9.67

If there are multiple IPs and you want to block them all. Add following line in .htaccess.

Deny from 46.161.9.67 46.161.10.187 46.161.58.89

Block a whole IP Range
Here is the tricky part, If you want to block a whole IP Range like 69.0.0.0 to 69.0.0.255. Use following code in your .htaccess 

Deny from 69.208.0.0/24

If it is from 69.0.0.0 to 69.0.255.255

Deny from 69.208.0.0/16

And If it is from 69.0.0.0 to 69.255.255.255

Deny from 69.208.0.0/8

Refer Link for more wide Range :
https://www.mediawiki.org/wiki/Help:Range_blocks

Sort all files of present working directory and sub directories by modified date and time

If you want to sort all files of a folder and its subfolders by modified date and time, Here is the command.

find . -type f -printf "%T@ %Tc %p\n" | sort -n

Latest modified file will be last in the sequence.

If you want to reverse the sequence i.e. latest modified should be on top.

find . -type f -printf "%T@ %Tc %p\n" | sort -nr

Dot (.) indicates the present working directory. You can use absolute path also.

Laravel Error - No supported encrypter found. The cipher and / or key length are invalid.

While running  composer install or php artisan optimize, If you get this error, here is the solution.

Solution :

Change values in config/app.php

'cipher' => 'AES-256-CBC',
to
'cipher' => MCRYPT_RIJNDAEL_128,

Now run again composer install or php artisan optimize , you will not get the same error again.

AWS RDS - Create mysql user with superuser Privileges

Login as super user on command prompt.

Run following query to create user.

CREATE USER 'username'@'%' IDENTIFIED BY 'password';

Just change username and password in above query and execute as root user. A new user will be created.

Now give super user privileges to new user.

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'username'@'%' WITH GRANT OPTION;

Just change username in above query. Your new created user will be a super user now.

AWS RDS - Give Superuser Privileges to Regular mysql User

Login as super user on command prompt.

Run following query to give superuser privileges to normal user.

GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, PROCESS, REFERENCES, INDEX, ALTER, SHOW DATABASES, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON *.* TO 'username'@'%' WITH GRANT OPTION;

Just change username in above query and execute as root user. Your regular user will be a super user now.

Wordpress Permissions - Upload plugin using wp-admin

Upload plugin using wp-admin without ftp.

If you are not able to install plugin using wp-admin because of forbidden error or a permission issue, you simply change the permission of whole wordpress directory to fix it. That is very dangerous and a common security loophole.

Here is the minimum permission for your plugin directory which is enough to instal plugin using wp-admin.

Give 777 to wp-content/plugins and wp-content/upgrade Non-Recursively. It will allow admin to install plugin using wp-admin.

postgresql error : ERROR: database is being accessed by other users

ERROR:  database "X" is being accessed by other users
DETAIL:  There is 1 other session using the database

Solution :

SELECT pg_terminate_backend(pid) FROM pg_stat_activity WHERE pid <> pg_backend_pid() AND datname = 'database-name';

You need to replace only database name in above query.

Now you can drop the database or perform other activity what you were trying to perform.

composer update - exceeded the timeout of 300 seconds

Failed to download from source: The process  exceeded the timeout of 300 seconds.

Solution :
Increase the timeout limit globally for composer

composer --global config process-timeout 6000

Now run

composer update

You should not get timeout issue.

gitlab forbidden issue

This feature has been added by default in recent update of gitlab.
When there are number of failed login attempts while cloning or pushing files into gitlab repository, gitlab blocks UI as well as pull and push for the IP. Technically, it bans the IP.

Solution :
Disable this feature.

sudo nano /etc/gitlab/gitlab.rb

Uncomment these lines.

gitlab_rails['rack_attack_git_basic_auth'] = {
'enabled' => false,
}

Reconfigure gitlab.

sudo gitlab-ctl reconfigure

Now it will not block that ip after number of failed login attempts.

ubuntu 16.04 - wkhtmltopdf error - QSslSocket: cannot resolve CRYPTO_num_locks

wkhtmltopdf error on ubuntu 16.04 :
Loading pages (1/6)
QSslSocket: cannot resolve CRYPTO_num_locks                  ] 10%
QSslSocket: cannot resolve CRYPTO_set_id_callback
QSslSocket: cannot resolve CRYPTO_set_locking_callback
QSslSocket: cannot resolve sk_free
QSslSocket: cannot resolve sk_num

Solution :

sudo apt-get install libssl-dev=1.0.2g-1ubuntu4.10 openssl=1.0.2g-1ubuntu4

Gem::Ext::BuildError: ERROR: Failed to build gem native extension.

Ruby Error while installing charlock_holmes 

Error :
Fetching charlock_holmes 0.7.5
Installing charlock_holmes 0.7.5 with native extensions
Gem::Ext::BuildError: ERROR: Failed to build gem native extension.


Solution : 1
If you are using debian or ubuntu

sudo apt-get install libicu-dev

If you are using Centos or fedora

sudo yum install libicu-devel

Solution : 2
Try to install other version of charlock_holmes

gem pristine charlock_holmes --version 0.6.9.4

or

gem install charlock_holmes -v '0.6.9'

Skipping ssh-dss key id_dsa - not in PubkeyAcceptedKeyTypes

SSH keeps skipping my pubkey and asking for a password

You have correct ssh key but still it is asking password to login or if password authentication is prohibited, it stopped accepting correct keys.

If it was working before and suddenly it starts giving above error, it means you have upgraded your openssh. The new openssh version - 7.0+ does not support DSA keys anymore  (Neither on server nor on client). 

If openssh client has been upgraded and openssh server still supports DSA keys, make the changes in client side ssh config.

Solution  :

sudo nano /etc/ssh/ssh_config

Add following line in the file.

PubkeyAcceptedKeyTypes=+ssh-dss

Restart ssh.

If openssh server has been upgraded and openssh client still supports DSA keys, make the changes in server side sshd config.

Solution  :

sudo nano /etc/ssh/sshd_config

Add following line in the file.

PubkeyAcceptedKeyTypes=+ssh-dss

Restart ssh.

Note :  The best solution, you must use RSA keys. It has strong and secure algorithm and it is better than the patch you are finding.

openedx installation on Linux | openedx installation on Ubuntu

Easy way :
1. Download the installer (.run file)

https://bitnami.com/stack/edx/installer

2. Make it executable.

chmod a+x filename.run

3. Run the installer.

./filename.run

Hard way:
Install using bash script. Why it is hard because it is gonna give many errors, you need to fix them one by one and start installing again and again until it is installed completely.

wget https://raw.githubusercontent.com/edx/configuration/$OPENEDX_RELEASE/util/install/sandbox.sh -O - | bash

You choose the version of Open edX by setting the OPENEDX_RELEASE variable before running the commands. See Open edX Releases for the tags you can use.

https://openedx.atlassian.net/wiki/spaces/DOC/pages/11108700/Open+edX+Releases

Release names like open-release/ginkgo.2, open-release/eucalyptus.3, open-release/ficus.4 etc

Example:

wget https://raw.githubusercontent.com/edx/configuration/open-release/ginkgo.2/util/install/sandbox.sh -O - | bash

Helpful url :

https://openedx.atlassian.net/wiki/spaces/OpenOPS/pages/146440579/Native+Open+edX+Ubuntu+16.04+64+bit+Installation

Hardest way:
Install each package separately like these guides are suggesting. Similar guides you can find for centos and fedora.

https://www.iblstudios.com/step-step-guide-install-open-edx-platform-ficus-release/

I would suggest you to install on virtual machine like docker, vagrant or vmware instead of start installing on your system.

postgresql - Check ip of logged in user

To get Logged in user IP

Run Query :

postgres=> select inet_client_addr();

mysql - Check IP of logged in user

Run Query :

mysql> select user();

Mysql 5.7 - Update root password

mysql 5.7 does not have password field in user table of mysql database. They have come up with new idea i.e. authentication_string for security purpose.

Here is way to update mysql superuser password using command line.

UPDATE mysql.user SET authentication_string=PASSWORD('sToituY78hebrt'), plugin='mysql_native_password' WHERE User='root' AND Host='localhost';

where sToituY78hebrt is my root password

Invalid command '\xef\xbb\xbf#', perhaps misspelled or defined by a module not included in the server configuration

\xef\xbb\xbf are three invisible junk characters (at least from Apache's perspective) called the Unicode BOM, or byte order mark. Apache thinks that those characters are part of the command that follows right after. This is what you see in the log, though the characters are escaped so they're visible to the naked eye. \xef\xbb\xbfRewriteEngine

Copy the content in any advanced notepad editor which will detect the characters and you can easily remove them.

If you are not able to see these characters, remove this file completely and write again.

cpanel - wordpress - internal server error because of invalid permissions

cpanel - wordpress application - fix wordpress permissions of complete directory

cpanel > wordpress tool kit > Manage your site (Click on manage button) > Fix Permissions

It will fix all permissions of wordpress directory.