Moving a Website to Another Server – Redirect Traffic to the New Server While DNS Propagates (for No Downtime)

If you're migrating a website from one server to another and have updated the DNS for the domain to point to the new server, some traffic will still be directed to the old server due to DNS caching.  So, while the DNS changes propagate over the internet (can take up to three days), you can still redirect traffic to the new server from the old server so that you won't suffer any downtime. 

On the old server, run these commands to redirect web traffic on port 80 (http) and port 443 (https) to the new server (adjust the {DESTINATION_IP_ADDRESS} variable accordingly):

echo 1 >/proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination {DESTINATION_IP_ADDRESS}:80
iptables -t nat -A PREROUTING -p tcp --dport 443 -j DNAT --to-destination {DESTINATION_IP_ADDRESS}:443
iptables -t nat -A POSTROUTING -p tcp -d {DESTINATION_IP_ADDRESS} --dport 80 -j MASQUERADE
iptables -t nat -A POSTROUTING -p tcp -d {DESTINATION_IP_ADDRESS} --dport 443 -j MASQUERADE

Reference:  https://serverfault.com/questions/371833/changing-servers-redirect-to-new-ip-no-downtime#371870

cURL and wget Issues on Ubuntu 16.04

When using wget or curl to make HTTP requests from a no longer supported installation of Ubuntu 16.04 Xenial, if you get any of the following errors:

curl gnutls_handshake() failed: Error in protocol version
curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version  /home/mohan/mesg
[SSL: TLSV1_ALERT_PROTOCOL_VERSION] tlsv1 alert protocol version (_ssl.c:727) 

The solution is to add SavOS Rob Savoury PPAs to get updated curl and wget packages:

sudo add-apt-repository ppa:savoury1/build-tools
sudo add-apt-repository ppa:savoury1/backports
sudo add-apt-repository ppa:savoury1/python
sudo add-apt-repository ppa:savoury1/encryption
sudo add-apt-repository ppa:savoury1/curl34
sudo apt-get update && sudo apt-get upgrade
sudo apt-get install wget curl python2.7

Transferring LVM Containers

Before you transfer a KVM container to another machine, create a KVM virtual machine on the target server with the same or larger disk size than the container being transferred. 

You can see a full list of LVM containers by using the below command:

sudo lvdisplay

Copying an LVM Container from the Local Machine to a Remote Server

sudo -i
dd if=/dev/vms/phpdev bs=4096 | pv | ssh root@IPADDRESS_HERE -p SSH_PORT 'dd of=/dev/pool/phpdev bs=4096'

Adjust the above pool paths as necessary since this may vary from server to server. 

Copying an LVM Container from a Remote Machine to the Local Machine

sudo -i
ssh root@IPADDRESS_HERE -p SSH_PORT "dd if=/dev/vms/phpdev bs=4096" | dd of="/dev/vms/phpdev" bs="4096"

Adjust the above pool paths as necessary since this may vary from server to server. 

With SSH Passphrase Key

If you're using an SSH key that is protected with a passphrase, use the below commands to open the key, provide the passphrase for that key, and copy the containers without being prompted for the passphrase when the container transfer begins:

sudo -i
eval $(ssh-agent)
ssh-add /root/keys/{PATH_TO_KEY}
dd if=/dev/pool/test bs=4096 | pv | ssh root@host.com -p {PORT} -i /root/keys/{PATH_TO_KEY} 'dd of=/dev/haha/test bs=4096'

Secure your Ubuntu Server from Flood and Other Attacks Using IPTables and WonderShaper

The following commands use IPTables to prevent common flooding and other miscellaneous malicious attacks. These commands can prevent a Linux server from lagging and spending resources on malformed packets.  Some of these attacks can cause DDoS attacks, so it is best to use these filters and rules.  Use at your own risk. A detailed explanation can be found here.

# Explanations here:
# http://www.cyberciti.biz/tips/linux-iptables-10-how-to-block-common-attack.html
sudo apt-get install iptables
sudo iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
sudo iptables -A INPUT -f -j DROP
sudo iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
sudo iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP

If you want to drop ICMP ping requests, click here.

Limiting Download and Upload Speeds / Traffic Globally in Ubuntu

Limiting download and upload speeds globally does not make a server any more secure than before.  However, it can aleviate network lag, which in my opinion ensures availability enhancing security.  In Ubuntu, it's easy to limit the max download and upload speed that can be used on an interface.  It wasn't always this easy, but thanks to a tool called wondershaper, you don't have to worry about any of the complexities.  To install, run the following command:

sudo apt-get install wondershaper  

Now, we need to tell wondershaper to start limiting our max download and upload rate on our particular interface. To see a list of interfaces, type the following command:

ifconfig

To determine what your max download and max upload speed should be, use SpeedTest to run a couple of bandwidth tests using your connection.  With your results, convert the speeds from mbps to kilobits per second.  Use this bandwidth calculator / converter to help you out.  Then, I'd subtract 20-30% of each value, as you want to leave some room between your max speed so that bandwith will still be available to other computers / nodes on the network.

Once you have your speeds, start wondershaper (modifying the example below to fit your needs):

# wondershaper [interface] [max_download_speed_kilobits] [max_upload_speed_kilobits]
sudo wondershaper eth0 8192 2764

Make a backup of the /etc/network/interfaces file:

sudo cp /etc/network/interfaces /etc/network/interfaces.bakup
sudo nano /etc/network/interfaces

To run wondershaper upon boot or startup, edit the /etc/network/interfaces file, and add the following (modify to fit your needs if neccessary):

auto lo
iface lo inet loopback
up /sbin/wondershaper eth0 8192 2764
down /sbin/wondershaper clear eth0

Make sure you change your max download and upload speed in both of the examples.  Settings will now apply when the computer boots into Linux.

Exclude LAN from Speed Limits

WonderShaper does not differentiate between LAN traffic and external traffic by default.  To prevent WonderShaper from limiting LAN network download and upload speeds, install this updated WonderShaper script:

cd ~/Downloads
wget -O wondershaper_exclude_lan.tar.gz www.dinofly.com/files/wondershaper_exclude_lan.tar.gz
tar xzvf wondershaper_exclude_lan.tar.gz
sudo cp -f wondershaper /sbin/wondershaper
sudo chmod +x /sbin/wondershaper
sudo nano /sbin/wondershaper

Find:

#Local Network
LAN_SUBNET=192.168.0.0

Change it to your LAN's main IP address.  For example, if your LAN gateway is 192.168.1.X, change it to:

#Local Network
LAN_SUBNET=192.168.1.0

Another example, if your LAN gateway is 192.168.43.X, change it to:

#Local Network
LAN_SUBNET=192.168.43.0

Save the file and reboot.

Your local area network (LAN) traffic is not filtered, but external traffic is!  Enjoy lag free connections from both the outside and inside while running any type of web server. 

Open Game Panel Windows Installation Guide

Open Game Panel (OGP) is a free, open source game server panel.  OGP allows server administrators to manage multiple game servers and assign users to those servers.  These users are then allowed to login and manage their rented game servers.  Users can stop, start, restart, and edit command line parameters for their servers.  FTP management is also included in the Linux version.  OGP does have a Windows version, however, it is difficult to setup.  However, this guide will walk you through everything you need to know.

General Information and Notes

• Some links used in this guide will only work from your local server.
• I installed ZPanelX and OGP on a Windows 7 server, and yes, they are working.
• OGP is short for Open Game Panel, if you didn't already know.

Step 1:  Download and Install Prerequisites

Open Game Panel works in conjunction with a web hosting control panel and requires web server software.  To make this guide as simple as possible, it is recommended to install the ZPanelX package, which includes everything you'll need to run Open Game Panel.  Download both the Core and Stack ZPanelX packages here:

ZPanelX Hosting Control Panel & Software for Windows

Install the Server Stack version first, and then run the Core version to setup your web panel and login information. It's really as simple as running the installation executables and following the installation prompts.

After ZPanelX has been installed, download the SVN version of OGP from here: http://hldstart.svn.sourceforge.net/viewvc/hldstart/trunk/.  From the SVN page, just click on "Download GNU tarball".  This will download a compacted zipped file which can be open using 7-Zip or WinRar.  Extract the files.  From the extraction directory, copy the upload folder to the C:\zpanel\panel directory. Rename the folder to opengamepanel.

Open up the php.ini file located in C:\zpanel\bin\php and change the following line:

display_errors = Off

To:

display_errors = On

Keep the php.ini file open, as we'll need to change another setting after installing PEAR, a module required by OGP to run.

Step 2:  Installing PEAR For Windows

To install the PHP PEAR module for Windows, save this file containing the patched PEAR PHP installation script, and extract it to the C:\zpanel\panel directory.  Run the PEAR installation by following this URL from your LOCAL server: http://localhost/go-pear.php.  Read the prompt and go to the next page.  On the installation page under the Configuration section, you'll need to make the following changes:

For "1. Installation prefix ($prefix)", use the path of:

C:\zpanel\bin\php\pear

Keep the rest of the settings set to their default value. Click Install. After PEAR has been successfully installed, go back to your php.ini file and find your include path:

Change:

; include_path = ".;C:\php\includes;"

To:

include_path = ".;C:\zpanel\bin\php\pear\PEAR;"

Save your PHP.ini file. Now, before your changes will take effect, you must restart the Apache daemon. Do this by going to Start –> All Programs –> ZPanel –> Management –> Apache Monitor

When the Apache monitor loads, click Stop, and then click Start.

Step 3:  Creating Database and Users:

Login to ZPanel using your login and password that was created during ZPanelX installation. Under Database Management, click on MySQL Database. Create a new database with any name. Once the database has been created, go back to the main Admin page. Under Database Management, click on MySQL Users. Assign a user to the database you just created… this will be the login and the user's password will be generated after assigning the user to a database. Save the database name, login, and password, as you will need these values when installing OGP.

Start the installation of OGP from your LOCAL server:

Start OGP Install

After installing OGP, it's time we installed the Windows server agent program:

Windows OGP x64 Agent Install Download | Windows OGP x86 Agent Install Download – (Create an account and login before you can access the download!)

Install the OGP Windows Agent program.  Run the agent_stop.bat file in the OGP installation directory after the installation has finished to stop OGP.  To run OGP without using the service account, simply use these agent start and stop scripts instead.

Start the agent. Login to OGP, create a server, use the encryption key you just created, and for the username use your Windows username.

The server should be added successfully and show up as online.  You can now setup and administrate game servers on your Windows server!

My Favorite Ubuntu Distribution and Software

I run my own personal dedicated server, and I choose Ubuntu to power my server.  But, I don't just use any version of Ubuntu.  I use Ylmf OS, a Windows XP GUI interface Ubuntu 10.04 distribution.  Yes, the Chinese wrote it, but we can all trust the Chinese, right?

Why Do I Use Ylmf OS

I used to be a n00b to Linux a few years back, and I wanted something that looked like Windows XP.  You should be able to tell by now that I love Windows XP and Windows XP x64 with a passion.  Everything just works unlike in Windows 7 and Windows Vista.

List of Best Open Source Software for Ubuntu

• EHCP Hosting Control Panel – Automatically configures all services you'd need for a dedicated apache2 web server with VSFTPD and includes a fully functional advanced GUI control panel for easy user management, MySQL functionality, subdomains, addon domains, easy install scripts, everything you'd find in CPanel X3, and more!
• Open Game Panel – An open source game server management panel software.  Allows you and your customers the ability to start, stop, restart, and modify config files for gaming servers on the fly.
• Mumble Client and Server – Great open source voice over IP client that resembles Teamspeak and has greater functionality.  Install it using:

  sudo apt-get install mumble-server

• FreeNX – An open source remote SSH GUI login which allows you to remote desktop with encryption without having to learn those nasty ssh commands in the terminal (yes they're simple, but I like the GUI better thanks).

More to come as I think of them.