HTTP 2.4 (apache) & PHP-FPM TUNNING

[ HTTP 2.4 (apache) & PHP-FPM TUNNING ]

Note :- If server memory is 8 GB & 4 core CPU


# HTTPD {MPM MODULE} config
# vim /etc/httpd/conf.modules.d/00-mpm.conf 

LoadModule mpm_event_module modules/mod_mpm_event.so

ServerLimit 1400
StartServers 4
MinSpareThreads 25
MaxSpareThreads 75
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 1400
MaxConnectionsPerChild 1000

# PHP-FPM CONFIGURATION
# vim /etc/php-fpm.d/www.conf

pm = dynamic
pm.max_children = 128
pm.start_servers = 10
pm.min_spare_servers = 10
pm.max_spare_servers = 20
pm.max_requests = 1000

YUM Update Only Security Patches

[ YUM Update Only Security Patches ]

# yum info-sec
# yum -y update --security
# yum update-minimal --security -y
# yum update --cve CVE-2008-0947

Redis Cli Commands

[ Redis Cli Commands ]

[ check redis ]
# redis-cli ping

[ check set & get as well as master slave replication ]
# On Master side #
# redis-cli
# 127.0.0.1:6379> set 'a' 1
# OK
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# On Slave side #
# redis-cli
# 127.0.0.1:6379> get 'a'
# "1"
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[ Redis AUTH command is used to authenticate a password-protected server with a given password. ]
# redis-cli
127.0.0.1:6379> AUTH master_password
127.0.0.1:6379> INFO replication
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Elasticsearch Backup (Snapshots) Restore on Server from S3 Bucket

[ Elasticsearch Backup (Snapshots) Restore On Server  from S3 Bucket ]


[ first create snapshot path using postman ]
PUT http://192.168.1.22:9200/_snapshot/s3_repository
{
"type": "s3",
"settings": {
"bucket": "mylocals3backup",
"base_path": "elasticsearch_backup/local_elasticsearch_backup",
"region": "ap-southeast-1",
"access_key": "XXXXXXXXXXXXXXXXXXXX",
"secret_key": "XXXXXXXXXXXXXXXXXXXX"
}
}'

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# vim elasticserch_index_restore.sh

#!/bin/bash

## DELETE INDEX FROM EXISTING HOSTS ##
curl -XDELETE http://192.168.1.22:9200/index1
curl -XDELETE http://192.168.1.22:9200/index2
curl -XDELETE http://192.168.1.22:9200/index3
curl -XDELETE http://192.168.1.22:9200/index4

## GET LATEST SNAPSHOT ID ##
curl -X GET "http://192.168.1.22:9200/_cat/snapshot/s3_repository?v&s=id&pretty" > /tmp/get_latest_snapshot_id.txt
LATEST_SNAP_ID=`tail -n1 /tmp/get_latest_snapshot_id.txt | awk {'print $1'}`

## RESTORE SNAPSHOT ##
curl -X POST http://192.168.1.22:9200/_snapshot/s3_repository/$LATEST_SNAP_ID/_restore

sleep 5m

## EMAIL NOTIFICATION ##
mailx -r "system@mylocal.com" -s "ELASTICSEARCH SNAPSHOT RESTORED ON SERVER" -S smtp="127.0.0.1:25" user1@mylocal.com,user2@mylocal.com<<EOF

Hi Team,

elasticsearch snapshot restored successfully on 192.168.1.22 server.
restore snapshot_id = $LATEST_SNAP_ID

"curl -XGET 'http://192.168.1.22:9200/_cat/indices?v&pretty"
`curl -XGET http://192.168.1.22:9200/_cat/indices?v`

EOF
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# sh -x elasticserch_index_restore.sh

Fast downloader for linux

[ Fast downloader for linux ( download any files fast) ]
note :- increase -n value if u want to download very fast
# yum install epel-release
# yum install axel
# rpm -ivh ftp://fr2.rpmfind.net/linux/dag/redhat/el6/en/x86_64/dag/RPMS/axel-2.4-1.el6.rf.x86_64.rpm
(Examples)
# axel -n 4 http://212.183.159.230/100MB.zip
# axel -n 12 http://centos.hbcse.tifr.res.in/centos/8.0.1905/isos/x86_64/CentOS-8-x86_64-1905-dvd1.iso

Useful Commands

[ Top Command ]
# top -bn1 | grep php-fpm
# top -bn1 | grep apache

[  Mail Test From CLI ]
# echo "Testing relay" | mailx -r "system@mylocal.com" -s "test subject" -S smtp="127.0.0.1:25" user1@mylocal.com
# echo "This is message body" | mail -s "This is Subject" user1@mylocal.com

[ Journalctl Command ]
# journalctl -af

[ Live Apache/httpd logs monitor using apachetop command ]
# yum install apachetop
# apachetop /var/log/httpd/access_log

[ Screen Command ]
[add task in screen]
# screen
[list]
# screen -list
[reattached]
# screen -r image
[detached]
# Ctr + ad

[ Flush IPTABLES ]
# iptables -L (check iptables)
# iptables -F INPUT && iptables -F OUTPUT (flush iptables)
[disable & stop firewall]
# systemctl disable firewalld.service
# systemctl stop firewalld.service

Create swap Partition on Centos & Amazon Linux

[ Create Swap Partition on Centos & Amazon Linux ]

# dd if=/dev/zero of=/swap count=2048 bs=1MiB
# chmod 600 /swap
# mkswap /swap
# swapon /swap
# vim /etc/fstab
/swap swap swap sw 0 0
# swapon -s

[ Clear Swap Cache Memory / Drop Cache Memory ]
# echo 3 > /proc/sys/vm/drop_caches
# sync && echo 3 > /proc/sys/vm/drop_caches

Elasticsearch Backup on S3 Bucket (Snapshots)

[ How to take elasticsearch backup (snapshots) on AWS S3 bucket ]

[ first create snapshot path using postman ]

PUT http://elastic.mylocal.com/_snapshot/s3_repository

{

"type": "s3",

"settings": {

"bucket": "mylocals3backup",

"base_path": "elasticsearch_backup/local_elasticsearch_backup",

"region": "ap-southeast-1",

"access_key": "XXXXXXXXXXXXXXXXXXXX",

"secret_key": "XXXXXXXXXXXXXXXXXXXX"

}

}'

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ Create Elasticsearch Backup Script ]

# vim /root/scripts/elasticsearch_backup.sh

#!/bin/bash

_TODAY_DATE=snp-$(date +%F-%H%M-%S)

curl -XPUT "http://elastic.mylocal.com/_snapshot/s3_repository/$_TODAY_DATE?wait_for_completion=true" -d'

{

"indices": "index1,index2",

"ignore_unavailable": true,

"include_global_state": false

}' -H "Content-Type:application/json" > /tmp/elasticsearch_backup_result.txt

mailx -r "system@mylocal.com" -s "Elasticsearch Snapshot Backup" -S smtp="127.0.0.1:25" user1@mylocal.com,user2@mylocal.com<<EOF

Hi Team,

Live Elasticsearch Snapshot Backup has been successfully done.

Backup has been copied on s3 bucket.

BACKUP_PATH = s3://mylocals3backup/elasticsearch_backup/local_elasticsearch_backup

SNAPSHOT_NAME = $_TODAY_DATE

FULL_DISCRIPTION =

`cat /tmp/elasticsearch_backup_result.txt`

EOF

> /tmp/elasticsearch_backup_result.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[ Set Cron ]

## [Elasticsearch Backup Script] ##
0 */1 * * * /bin/sh /root/scripts/elasticsearch_backup.sh

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Find Command Examples

[  Find & Replace ]
# vim test.txt {then run below command}
:%s#string1#string2#g
# find ./ -type f -exec sed -i 's/string1/string2/g' {} \;

[ find & remove ]
# cd /tmp && find . -name '*' | xargs rm
# find /var/log/elasticsearch/snapshot -type d -exec chmod 755 {} \;
# find /var/log/elasticsearch/snapshot -type f -exec chmod 644 {} \;

[ find & replace blank spaces in notepad++ ]
https://superuser.com/questions/621720/remove-empty-lines-and-spaces-in-notepad
Go to Search -> Replace
Select "Regular expression" under Search mode.Nn Knows yn Shetty
Use ^\s* for "Find what" and leave "Replace with" blank.
Click Replace all

[ Find & Change Permission ]
[dir change permission]
#cd /tmp/
#find . -type d -exec chmod 755 {} \;
[files change permission]
#cd /tmp/
#find . -type f -exec chmod 644 {} \;

Elasticsearch Commands

[  Elasticsearch get  node status  ]


# curl localhost:9200/_nodes/http
# curl localhost:9200/_nodes/jvm
# curl localhost:9200/_nodes/network
# curl localhost:9200/_nodes/os
# curl localhost:9200/_nodes/plugins
# curl localhost:9200/_nodes/process
# curl localhost:9200/_nodes/settings
# curl localhost:9200/_nodes/thread_pool
# curl localhost:9200/_nodes/transport

[ other get api examples ]

/_cat/allocation
/_cat/shards
/_cat/shards/{index}
/_cat/master
/_cat/nodes
/_cat/tasks
/_cat/indices
/_cat/indices/{index}
/_cat/segments
/_cat/segments/{index}
/_cat/count
/_cat/count/{index}
/_cat/recovery
/_cat/recovery/{index}
/_cat/health
/_cat/pending_tasks
/_cat/aliases
/_cat/aliases/{alias}
/_cat/thread_pool
/_cat/thread_pool/{thread_pools}
/_cat/plugins
/_cat/fielddata
/_cat/fielddata/{fields}
/_cat/nodeattrs
/_cat/repositories
/_cat/snapshots/{repository}
/_cat/templates

Selinux Permissions

[ Mongodb Selinux Permissions ]
# semanage fcontext -a -t mongod_var_lib_t /mongodata
# chcon -Rv -u system_u -t mongod_var_lib_t /mongodata
# restorecon -R -v /mongodata
----------------------------------------
# semanage fcontext -a -t mongod_var_lib_t '/mongodb/data.*'
# chcon -Rv -u system_u -t mongod_var_lib_t '/mongodb/data'
# restorecon -R -v '/mongodb/data'

How to Increase Solr Heap Memory On Linux

[ Solr Increase Memory ]

# vim /etc/profile
[add below line in /etc/profile at end ]
export SOLR_JAVA_MEM="-Xms1024m -Xmx2048m"

#/etc/init.d/solr restart
#/etc/init.d/solr status

{
"solr_home":"/solr/data",
"version":"6.5.1 cd1f23c63abe03ae650c75ec8ccb37762806cc75 - jimczi - 2017-04-21 12:23:42",
"startTime":"2019-10-30T06:38:59.019Z",
"uptime":"0 days, 0 hours, 0 minutes, 14 seconds",
"memory":"129 MB (%6.6) of 981.4 MB"}

Ossec Server & Client Configuration

Ossec is an Open Source Host-based Intrusion Detection System. It performs log analysis, 
integrity checking, Windows registry monitoring, rootkit detection, real-time alerting and active response. [HIDS]

[ SERVER ]
# wget https://github.com/ossec/ossec-hids/archive/2.9.3.tar.gz
# tar -xvf 2.9.3.tar.gz
# cd ossec-hids-2.9.3
# sh install.sh
select server
# /var/ossec/bin/ossec-control start
# /var/ossec/bin/ossec-control restart
# /var/ossec/bin/manage_agents
# /var/ossec/bin/agent_control -l

[ CLIENT ]
# wget https://github.com/ossec/ossec-hids/archive/2.9.3.tar.gz
# tar -xvf 2.9.3.tar.gz
# cd ossec-hids-2.9.3
# sh install.sh
select client
# /var/ossec/bin/ossec-control start
# /var/ossec/bin/ossec-control restart
# /var/ossec/bin/manage_agents

[ check on server side agents are active or not ]
/var/ossec/bin/agent_control -l
e.g
OSSEC HIDS agent_control. List of available agents:
ID: 000, Name: amazonlinux2 (server), IP: 127.0.0.1, Active/Local
ID: 01, Name: amazonlinux2, IP: 192.168.1.52, Active
ID: 03, Name: glsupport, IP: 192.168.1.110, Never connected
ID: 04, Name: glsupport_3, IP: 192.168.1.3, Active

[ Get blocked ips on ossec agent ]
# tail -f /var/ossec/logs/active-responses.log
Wed Oct 23 10:40:43 UTC 2019 /var/ossec/active-response/bin/host-deny.sh add - 192.168.1.30 1571827243.473519 5712
Wed Oct 23 10:40:43 UTC 2019 /var/ossec/active-response/bin/firewall-drop.sh add - 192.168.1.30 1571827243.473519 5712

[ Unblock block ip using below command ]
# /var/ossec/active-response/bin/host-deny.sh delete - 192.168.1.30 1571827243.473519 5712
# /var/ossec/active-response/bin/firewall-drop.sh delete - 192.168.1.30 1571827243.473519 5712
[remove from ip /etc/hosts.deny]
# vim /etc/hosts.deny

Check NTP Connection

[ Check NTP connection client to server port 123(UDP) ]

# ntpdate -dv 0.amazon.pool.ntp.org
=== Output ===
host found : 139.59.221.20
transmit(139.59.221.20)
receive(139.59.221.20)
transmit(128.199.84.169)
receive(128.199.84.169)
========================
[sync time with server]
# ntpdate -u 0.amazon.pool.ntp.org
========================
[UDP connection check]
# nc -vu 139.162.60.234 1194
# nc -vu 192.168.1.48 1514
========================

Install packages using IUS repo on Amazon Linux 2

# yum install https://centos7.iuscommunity.org/ius-release.rpm
# yum remove mod_php72u-7.2.13-2.ius.centos7.x86_64

[php-fpm + httpd]
# yum install php72u-sodium.x86_64 php72u-soap.x86_64 php72u-xml.x86_64 php72u-pecl-memcached.x86_64 php72u-pecl-imagick.x86_64 php72u-pdo.x86_64 php72u-mysqlnd.x86_64 php72u-mbstring.x86_64 php72u-json.x86_64 php72u-imap.x86_64 php72u-gd.x86_64 php72u-fpm-httpd.noarch php72u-devel.x86_64 php72u-cli.x86_64 php72u-bcmath.x86_64 php72u-opcache.x86_64 -y

[php-fpm + nginx]
# yum install php72u-bcmath.x86_64 php72u-cli.x86_64 php72u-fpm-nginx.noarch php72u-devel.x86_64 php72u-json.x86_64 php72u-mbstring.x86_64 php72u-mysqlnd.x86_64 php72u-opcache.x86_64 php72u-pdo.x86_64 php72u-pecl-imagick.x86_64 php72u-pecl-memcached.x86_64 php72u-soap.x86_64 php72u-sodium.x86_64 php72u-xml.x86_64

# wget https://pecl.php.net/get/imagick-3.4.4.tgz
# tar -xvf imagick-3.4.4.tgz
# cd imagick-3.4.4/
# phpize
# ./configure
# make
# make install
# php -m
# systemctl restart php-fpm

Centos 8 Firewall Rules

# firewall-cmd --state
# firewall-cmd --get-active-zones
# firewall-cmd --zone=public --add-service=http
# firewall-cmd --zone=public --add-service=https
# firewall-cmd --zone=public --permanent --add-service=http
# firewall-cmd --zone=public --permanent --add-service=https
# firewall-cmd --reload
# firewall-cmd --list-all
# firewall-cmd --zone=public --permanent --remove-service=http
# firewall-cmd --zone=public --permanent --remove-service=https
# firewall-cmd --reload

Dstat [versatile resource statistics tool for Linux]

# yum install dstat
# dstat

[To show detailed information about Memory, Included (used, buffer, cache & free), Swap (used & free)
& Virtual Memory (allocated, free, major page fault & minor page fault) usage.]
# dstat --mem --swap --vm

[To show detailed information about each CPU (include cpu0, cpu1, etc) & total usage.
It display each CPU (user time, system time, idle time, steal time & wait time) process activity]
# dstat -C 0,1,2,total

[To show detailed information about disk utilization (read & write) & disk I/O (read & write)
utilization for particular disk. If you want to check total disk utilization & I/O, use]
# dstat --disk --io -D sda

[To show detailed information about network utilization (data receive & data send)
for particular Ethernet. If you want to show all the Ethernet utilization, use]
# dstat --net -N eth1

[To show detailed information about top cpu, top cputime (process using the most CPU time (in ms)),
top disk I/O activity, top disk block I/O activity, top memory and top latency usage.]
#dstat --top-cpu --top-cputime --top-io --top-bio --top-mem --top-latency

[To show detailed information about (CPU, Disk, Memory, Process, Load & network) usage,
which is very common for basic troubleshooting when server load is too high]
# dstat --cpu --mem --proc --load --disk --net

[To show detailed information about tcp (listen, established, syn, time_wait, close),
udp (listen, active) & socket (total, tcp, udp, raw, ip-fragments) usage]
# dstat --tcp --udp --socket

Check which process taking high memory & cpu ?

 # ps axo rss,comm,pid | awk '{ proc_list[$2]++; proc_list[$2 "," 1] += $1; } END { for (proc in proc_list) { printf("%d\t%s\n", proc_list[proc "," 1],proc); }}' | sort -n | tail -n 10 | sort -rn | awk '{$1/=1024;printf "%.0fMB\t",$1}{print $2}'

# ps aux --sort=-%mem | awk 'NR<=10{print $0}'
# ps aux |grep nginx |awk '{sum=sum+$6}; END {print sum/1024 " MB"}'

[ Check Top Processes sorted by RAM or CPU Usage in Linux ]
# ps -eo pid,ppid,user,cmd,%mem,%cpu --sort=-%mem | head
# ps -eo pid,ppid,user,cmd,%mem,%cpu --sort=-%cpu | head

[ php-fpm process (memory utilization) ]
# ps --no-headers -o "rss,cmd" -C php-fpm | awk '{ sum+=$1 } END { printf ("%d%s\n", sum/NR/1024,"Mb") }'

[ print Process Tree ]
# ps -e --forest | grep php-fpm
[Print Process Threads]
# ps -fL -C mysqld
# ps -fL -C httpd
# ps -fL -C php-fpm

[ custom output format showing process ID, Parent Process ID,file system group, nice value, start time and elapsed time of a process ]
# ps -eo pid,ppid,fgroup,user,cmd,ni,lstart,etime
# ps -eo pid,ppid,fgroup,user,cmd,ni,lstart,etime | grep httpd
# ps -eo pid,ppid,fgroup,user,cmd,ni,lstart,etime | grep php-fpm

[ Check execution time of a process ]
# ps -eo pid,comm,etime,user | grep httpd
# ps -eo pid,comm,etime,user | grep php-fpm
# ps -eo comm,etime,user | grep mysqld

[ find the PID of the unresponsive process or application and kill them ]
# ps -A | grep -i stress
# kill -9 2342 5632

[ monitor Real-time Process Monitoring Using Watch Utility as below ]
# watch -n 1 'ps -eo pid,ppid,user,cmd,%mem,%cpu --sort=-%mem | head'