Subscribe to nixCraft on Patreon to read all premium guides and support independent content creation.
Below is a sneak peek of this content!
MySQL version 8.0 is a free and open-source database system used by most web applications and sites on the Internet. Typically MySQL is part of the LAMP (Linux, Apache, MySQL, Perl/Python/PHP) stack. MySQL heavily uses popular open-source software such as WordPress, MediaWiki, and others as a database storage engine. Let us see how to install MySQL server version 8.x on Ubuntu 22.04 LTS Linux server, including settings up a new database, users and fine tuning server config.Below is a sneak peek of this content!
As you may know, email spoofing allows attackers to pose as someone else to gain illegal profit. For example, I only use [email protected] for communication, but someone might create a spoofed-up email, say [email protected], to trick someone. This is called email spoofing with fake headers as follow:Date: Thu, 24 Oct 2021 12:46:10 From: nixCraft <[email protected]> Reply-To: [email protected] To: <my@personal_gmail_com>Correct headers are often not checked by receiving email servers, and my@personal_gmail_com may think the email is from me. Here is the thing I don't use opensourceflare.com for email communication at all. So how do I prevent illegitimate email traffic on my domain? In this tutorial, I will explain how to configure DNS settings that tell receiving email servers this domain is not configured for emailing purposes and the attacker maliciously sending email on my behalf....
Below is a sneak peek of this content!
You deployed a perfect firewall and other network security policies preventing unauthorized access to the user's desktop computer over a network. However, you still need to block USB device access. We can configure a Linux desktop security policy to protect your computer against rogue USB devices (a.k.a. BadUSB) by implementing essential allow and blocklisting capabilities based on device attributes. For instance, I can define what kind of USB devices are authorized and how a USB device interacts with the Linux system. For example, I can define policy allowing Yubikey with serial number "XYZ" and USB LTE modem with serial # "ABC." Every other USB device access is denied by default. This guide will cover the following topics:
... Below is a sneak peek of this content!
This guide explains how to build and deploy applications quickly with Podman to the cloud server of your choice. All examples in this tutorial are tested on Fedora Linux 34, but they should work on any Linux distros as long as you install the correct packages. I prefer to use Fedora when my clients use RHEL 7/8. Experimental podman packages are also available for Windows and macOS, but I have not tested those. Running containers without Docker is possible with Podman. This page is the first part of building containers with Podman, which explains installing Podman and working with images, including basic concepts of containers. This guide will cover the following topics:
... Below is a sneak peek of this content!
This guide explains how to set up MariaDB high-availability cluster for the database using the Galera library, which provides a virtual mater-to-master three-node cluster running on Debian or Ubuntu Linux.
Software and hardware requirements
- Minimum three VMs running at cloud providers or bare metal servers in same zone or data center. Always keep an ODD number of servers (at least 3) when all the servers are in the same zone or data center. Please note that the MariaDB Galera cluster can exist between two or more zones/data centers. Galera Cluster requires server hardware for a minimum of three nodes. If your cluster runs on a single switch, use three nodes. If your cluster spans switches, use three switches. If your cluster spans networks, use three networks. If your cluster spans data centers, use three data centers. This ensures that the cluster can maintain a Primary Component in the event of network outages.
- Ubuntu 20.04 or Debian 10/11 Linux LTS release. The instructions will not work on other operating systems such as FreeBSD or other Linux distros such as RHEL/SUSE due to different tools (e.g., firewall). However, one...
Below is a sneak peek of this content!
All Linux and Unix servers are managed manually or by automation tools such as Ansible using ssh. For example, say you have a server at Linode or AWS. Then you copy your public ssh key to a remote cloud server. Once copied, you can now login to those servers without a password as long as ssh keys are matched. It is the best practice. Unfortunately, you are not protecting ssh keys stored on a local desktop or dev machine at $HOME/.ssh/ directory. If your keys are stolen, an attacker can get access to all of your cloud servers, including backup servers. To avoid this mess, we can protect our ssh keys stored on local dev/desktop machines using physical security keys such as YubiKey.
In the...
Below is a sneak peek of this content!
This guide explains how to set up Redis sentinel failover cluster for caching database or any other data type in high availability node.Software and hardware requirements
Minimum three VMs running at cloud providers or bare metal servers. Always keep an ODD number of servers.- Ubuntu 20.04 or Debian 10 Linux LTS.
- Redis server with sentinel on each VM.
- HAProxy for load balancing and traffic redirection to healthy Redis node for writing or reading data.
- Keepalived for IP failover for HAProxys.
- The Redis cluster will be protected using firewall, password, and VLAN or VPC.
- Email-based alert for HAproxy and Keepalived cluster.
- Simple web-based stats for Redis.
Below is a sneak peek of this content!
Debian 11 is an excellent server OS to run the LAMP stack. PHP (Hypertext Preprocessor) is a widely-used open source general-purpose scripting language especially suited for web development. However, Debian 11 comes with nixcbz[failed to get contents] - contact @ [email protected] with the url. Here is how to install PHP 8.2 with Apache server on Debian 11 using the CLI or over ssh based session.Below is a sneak peek of this content!
You can install LXD pure-container hypervisor on Debian 11 Linux to run an unmodified version of Debian, Ubuntu, CentOS, Fedora, Alpine, Arch and many other Linux distro. You can mimic AWS or different cloud instance types with LXD for testing and deployment purposes on your development machine. You can also run a GUI app such as Firefox completely isolated using LXD for security or privacy reasons. Let us see how to set up and use LXD on the Debian Linux 11 server or desktop.