cPanel: Enable IonCube Loaders

This is a very tricky thing even for the most experienced cPanel system administrators.

First, we run Easy Apache to enable IonCube support in PHP.

Profile:
Choose “Previously Saved Config” and click “Start customizing based on profile”.

Apache Version:
Choose the latest which is not END OF LIFE. For this tutorial, Apache 2.2.23 is the latest and we want to choose this then click “Next step”.

Please choose which PHP version(s) to build:
We do not want END OF LIFE or EXPERIMENTAL. For this tutorial, 5.3.17 is the latest and most stable version so we choose this and click “Next step”.

Short Options List:
Here is our option for IonCube Loader for PHP. Now click “Exhaustive Options List”

Exhaustive Options List:
While we are here, you may want to consider enabling these options under PHP 5.3.17 such as Exif, GD, Mbstring, Mcrypt, PDO MySQL, and Zlib. These are common PHP requirements on most web applications and if you run a shared or reseller web hosting for individuals, they will require this one day!

Next, we click “Save and build” while we go grab a cup of coffee or take the dog for a walk around the block. Recompiling Apache and PHP takes about 10 minutes or so, depending on your system.

Step 2:
Most people forget this step!

We login to our cPanel server http://ip-address:2087 and go to Tweak Settings up at the very top.

Search for PHP and look for cPanel PHP loader. Here you enable ioncube, scroll down to the bottom and click Save. This is where most people forget to enable the PHP loader in this area but compile it in our PHP.

Conclusion:
With this enabled, you can run your IonCube encoded PHP web applications and have it fully supported for your cPanel server for all your other domains, customers and resellers.

Ubuntu: Setting Up a PPTP On Ubuntu VPS

This is a common request and relatively easy to accomplish. Usually, you will need a Xen or KVM VPS to load the necessary kernel modules. If you don’t want to spend too much money, get a custom Xen VPS with a VPS hosting company.

You need about 256mb of RAM and 512mb of swap, one CPU and whatever bandwidth you need. 5 – 10gb of disk space will do fine for you.

First, we verify the kernel modules:

# lsmod
Module                  Size  Used by
dm_crypt               23125  0

We need various PPP modules so we issue the following commands:

# modprobe ppp_async
# modprobe ppp_deflate
# modprobe ppp_mppe
# lsmod
Module                  Size  Used by
arc4                   12529  0 
ppp_mppe               13077  0 
ppp_deflate            13038  0 
zlib_deflate           27139  1 ppp_deflate
ppp_async              17539  0 
crc_ccitt              12667  1 ppp_async
dm_crypt               23125  0

All our necessary PPP modules are installed, which are required for PPTP so we’re doing very good.

Next, we install pptpd:

apt-get update
apt-get install pptpd

We edit a few files, such as /etc/pptpd.conf and add to the bottom of the file:

localip 10.10.10.1
remoteip 10.10.10.100-150

We edit /etc/ppp/pptpd-options and uncomment ms-dns to add:

ms-dns 8.8.8.8
ms-dns 8.8.4.4

These are Google’s DNS servers. Feel free to add your VPS hosting company’s resolvers, a third party DNS server like OpenDNS or even your own DNS servers.

We add our account now by opening up /etc/ppp/chap-secrets:

# client    server  secret          IP addresses
testacct    pptpd   vpn1234    *

The username “testacct” has the password “vpn1234″. You would want to create something more secure than using this. We have to configure NAT for PPTP with the following line added to /etc/rc.local but right before exit 0 in the file:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

If you do not add this line to /etc/rc.local, your connection will not connect to the Internet.

This is what your /etc/rc.local file should look like:

#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
exit 0

Next, we have to edit /etc/sysctl.conf and find this line net.ipv4.ip_forward=1 and make sure there is not a # in front of it which disables it. We have to “uncomment” it.

net.ipv4.ip_forward=1

We reload the configuration with sysctl -p and reboot our Xen VPS server from the command like with the reboot command.

To make this work on my Ubuntu laptop, I went to the network icon at the top right hand corner and went to VPN Connections -> Configure VPN.

I clicked Add, then chose Point-to-Point Tunneling Protocol (PPTP) at the next screen.

You need to fill in the following settings:
Gateway = Your VPS IP address
Username = testvpn
Password = 1234vpn (or whatever you changed user/password to)

We click the Advanced box, and enable Use Point-to-Point encryption (MPPE) or you will have errors when trying to use your PPTP VPN. I had this problem for a long time and was glad it was a simple setting to enable to get it working.

PPTP works fine on Android based devices. This PPTP VPN worked flawlessly on my Samsung Replenish cell phone running Android Gingerbread. It allowed my web browsing to go through the VPN and when I verified my IP address, it gave the IP address of the VPN.

Conclusion:
Like I mentioned above, it’s relatively inexpensive and very simple to setup on a Xen VPS server. You can email a hosting provider to see if these kernel modules are available on OpenVZ but this setup works on a Xen VPS 100% of the time. If the price of Xen scares you, get a custom Xen VPS with the following specs:

• 1 CPU core
• 256mb RAM
• 512mb swap
• 5gb disk

Get whatever bandwidth you need and since bandwidth is cheap, you won’t really need a lot. 500gb – 1TB should be more than enough bandwidth for you, depending on how many people you have on this PPTP VPN.

If you are trying to get your coworkers, friends and family to browse a little bit more securely on the Internet, if you use the Internet a lot on unsecure networks or coffee shop wireless Internet connections this is really recommended as an extra layer of encryption on an otherwise unsecure to the point of anyone with some minor technical knowledge can monitor who goes to what website and can even get information that you think is SSL encrypted.

Debian: Install Flash Plugin For IceWeasel

This is another quickie tutorial for the sometime difficult task of installing Flash Player for Linux.

For those who do not know, “IceWeasel” is Debian’s version of Firefox due to licensing reasons. I forgot the whole story but Debian got in some dispute and “unbranded” Firefox to fit into Debian’s software philosophy but it’s very easy to fix.

First, we install IceWeasel:

apt-get install iceweasel

Next, we install the Flash Player installer:

apt-get install flashplugin-nonfree

Finally, we install it:

update-flashplugin-nonfree --install

If you are running IceWeasel, close the browser and open it back up. You should be able to see Flash advertisements, do a speed test on Flash based Speed Test websites, and enjoy what Flash has to offer.

My Debian VPS Can Connect To SSH But Not Apt-Get Update

This is a common problem with Debian VPS servers that I see probably one third of the time when reviewing VPS hosting companies. I think it’s just oversight on a template and not anyone’s fault but kinda annoying sometimes.

A VPS company will send you login details, such as an IP, root password and SolusVM info, but when you login via SSH you cannot apt-get update or ping Google’s website but somehow can connect via SSH.

This is because your VPS does not have any nameservers set.

You can issue the following command:

rm -rf /etc/resolv.conf
nano /etc/resolv.conf

Add in the following lines and press Ctrl+O to save, then Ctrl+X to exit:

nameserver 8.8.8.8
nameserver 8.8.4.4

The final command:

/etc/init.d/networking restart

You should be able to run apt-get update or ping google.com to verify a working Internet connection.

cPanel Tutorial: My Email Is Flagged As Spam

When a cPanel user’s email is flagged as spam by Hotmail, Yahoo and Gmail there are a few things you can do.

First, enable DKIM and SPF when you setup a domain:

DKIM, according to Wikipedia is, DomainKeys Identified Mail is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message. The association is set up by means of a digital signature which can be validated by recipients. Responsibility is claimed by a signer —independently of the message’s actual authors or recipients— by adding a DKIM-Signature: field to the message’s header. The verifier recovers the signer’s public key using the DNS, and then verifies that the signature matches the actual message’s content.

SPF, according to Wikipedia, is Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses. SPF allows administrators to specify which hosts are allowed to send mail from a given domain by creating a specific SPF record (or TXT record) in the Domain Name System (DNS). Mail exchangers use the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain’s administrators.

When you have the option to enable DKIM and SPF, plus you are running your own nameservers on your cPanel server, you need to enable both options to guarantee maximum delivery of your email.

Another common mistake is the lack of a reverse DNS / PTR record for the IP address of the cPanel server or dedicated IP address the domain is sending email on. Yahoo, Hotmail and Gmail will usually flag such emails coming from mailservers with no rDNS / PTR record as spam, so please contact your VPS provider’s support department or look in the SolusVM area to set a rDNS / PTR record.

Most providers check for the existence of an A Record (subdomain) before SolusVM can set an rDNS / PTR record if the provider has SolusVM enabled to set the record. Some providers request you contact their support department to submit the rDNS / PTR records to them to submit to their network administrators.

Once you have DKIM, SPF and reverse DNS / PTR records enabled for your cPanel server, your email delivery should increase and less emails should go to spam.

The only other reason you may have a problem is if your virtual private server or dedicated server hosting provider ignores spam complaints and gets blacklisted by a spam database blacklist, like DNSBL, or other blacklists. If this is the case, you will receive bounced emails saying you are on a blacklist as the error message and will have to contact your support department of your hosting provider to have new IPs assigned to you.

Tutorial: How To Install NGINX On CentOS VPS

Just like our how to install NGINX on Debian VPS tutorial, installing on CentOS is just as easy.

First, we create /etc/yum.repos.d/nginx.repo and put in the following:

[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=0
enabled=1

Next, we update our yum repos with yum update and install nginx with yum install nginx

Our nginx webserver is serving up files from /usr/share/nginx/html

A common problem is if your VPS has IPv6 that nginx will have issues. You resolve this by compiling nginx from source and enabling IPv6 support. Nginx packages, both Debian and CentOS in my experience, act funny and cause headache when IPv6 is not enabled even if you use it or not.

cPanel Tutorial: Enable Gzip Compression In A Few Easy Steps

I had a client request this addition and it’s not as up front or simple as it should be but a few simple steps will make it easier.

Gzip compression is used by a few web applications, such as Magento’s ecommerce shopping cart and is a requirement in some instances, so installing on cPanel can be difficult and will drive you crazy.

First step:
We enable “Deflate” by running Easy Apache. If you are familiar with Easy Apache, this will not be a problem. We click the Easy Apache button and go to the following.

Profile:
Choose “Previously Saved Config” and click “Start customizing based on profile”.

Apache Version:
Choose the latest which is not END OF LIFE. For this tutorial, Apache 2.2.23 is the latest and we want to choose this then click “Next step”.

Please choose which PHP version(s) to build:
We do not want END OF LIFE or EXPERIMENTAL. For this tutorial, 5.3.17 is the latest and most stable version so we choose this and click “Next step”.

Short Options List:
You should have IonCube Loader for PHP and Suhosin for PHP enabled because most people require this at a later date. Choose both two of them and click “Exhaustive Options List”

Exhaustive Options List:
We have found our Deflate option! Click it to enable it. While we are here, you may want to consider enabling these options under PHP 5.3.17 such as Exif, GD, Mbstring, Mcrypt, PDO MySQL, and Zlib. These are common PHP requirements on most web applications and if you run a shared or reseller web hosting for individuals, they will require this one day!

Next, we click “Save and build” while we go grab a cup of coffee or take the dog for a walk around the block. Recompiling Apache and PHP takes about 10 minutes or so, depending on your system.

Second Step:

We navigate to Services Configuration >> Apache Configuration >> Include Editor >> Post VirtualHost Include, and select All Versions.

Next, we paste this:
Click here for the code to paste into this area

After we paste this, we click “Update”.

Third Step:
We login to the account of the domain we want to enable Gzip for. There will be an “Optimize Website” option now under “Software / Services” and you can enable Gzip entirely for the site, for certain file extensions, or disable it.

We have enabled Gzip globally for every domain on the server and this works because we give the user the power to maintain their account without contacting you to have this enabled.

Netselect-Apt, A Utility Some Debian Users Never Heard Of

I’ve been using Debian for quite a long time and most people just use the default mirrors that come with Debian’s /etc/apt/sources.list but if you live overseas, using the official Debian mirrors in the United States may be slow for you.

To resolve this, netselect-apt is an application that downloads the official Debian mirror lists and finds out which one is geographically closest to you and creates you a brand new sources.list for your /etc/apt directory.

Installation is easy:

apt-get install netselect-apt
netselect-apt
(wait for it to finish)
mv sources.list /etc/apt/sources.list
apt-get update

Now, you would have mirrors to the closest Debian mirror near you which would have the best download speeds. So, for instance, you try to do a huge apt-get dist-upgrade – this would make the download much faster.

Ps_Mem – A Simple Python Memory Usage Script

I don’t know where I was looking but I came across ps_mem.py, a simple Python memory usage script. All you need for this is Python, the programming language, to run this on your VPS.

wget http://www.pixelbeat.org/scripts/ps_mem.py
chmod +x ps_mem.py
sudo ./ps_mem.py

Here is an example of some output of my VPS running nginx and CSF, the ConfigServer Firewall.

# ./ps_mem.py 
 Private  +   Shared  =  RAM used	Program 

296.0 KiB +  37.5 KiB = 333.5 KiB	udevd
680.0 KiB +  97.5 KiB = 777.5 KiB	crond
696.0 KiB + 124.5 KiB = 820.5 KiB	init
  1.1 MiB + 118.0 KiB =   1.2 MiB	bash
  1.2 MiB + 376.5 KiB =   1.6 MiB	syslog-ng (2)
  2.4 MiB + 887.5 KiB =   3.3 MiB	sshd (2)
  4.6 MiB +   1.0 MiB =   5.6 MiB	sendmail.sendmail (3)
 13.3 MiB + 911.5 KiB =  14.2 MiB	nginx (2)
  1.9 MiB +  24.2 MiB =  26.1 MiB	lfd (2)
---------------------------------
                         53.9 MiB
=================================

This tells me that lfd, part of CSF, is using up the most memory with 26.1 MB and nginx uses 14.2 MB plus the combined programs running use 53.9 MB of my virtual private server’s 256mb of memory, which is not very much at all and very good!

You have to keep your eye on your virtual private server’s resource use and this ps_mem.py script is absolutely perfect for doing so when some folks find ps aux confusing. I would even go as far as putting it in your /usr/bin directory if memory consumption checking is something that you do often on your VPS.

What Kind of VPS Do I Need To Run WordPress?

This is a very common question and there are tons of information on the Internet about what the minimum requirements are and what to avoid so let me clear up some of the confusion.

This is part of an ongoing series of “WordPress Wednesdays” and in the month of October we will discuss on this website what kind of virtual private server do we need to run WordPress, a popular content management system that operates a significant amount of websites including blogs, websites just like this and even many news websites such as from CBS Local all run WordPress because of it’s flexibility.

OpenVZ or Xen?
A very good question indeed!

OpenVZ would be the bare minimum I would use for WordPress hosting while if you have a medium to large traffic website or require a lot of plugins, caching, etc. I would go with Xen VPS hosting for WordPress hosting which is generally only a few more dollars more in comparison to OpenVZ but the performance is worth those few extra dollars.

Hardware?
A VPS server’s CPU and hardware are often overlooked by individuals who are primarily focused on price!

WordPress is not CPU intensive, however MySQL which powers the WordPress content management system is, so if you go out and get a $3 VPS which has 128mb RAM, 10gb of disk space and only one CPU – do not be surprised if that medium or high traffic WordPress based website starts to crawl!

I’m sure you see guys on forums talking about they have WordPress running on a 32mb – 64mb VPS but please do not even consider shorting yourself on memory. If you want 32mb of memory dedicated to running your WordPress blog, why did you even leave shared web hosting?

A budget motivated website owner will get a custom VPS with more than enough RAM, disk space and bandwidth but only get one or two CPUs for a website that receives thousands of visits during peak hours!

Don’t short yourself on CPU!

To put things into perspective, how many single core processor desktops and laptops do you own?

If you own one, they’re slow as molasses when you’re trying to watch high definition video right? Same concept with a virtual private server – one CPU works for DNS servers, OpenVPN servers and web servers offering static files like images and HTML files but if MySQL is involved in your project and a dependency, 2 CPU cores are a minimum I would consider with 4 or more CPUs as what would be acceptable to me.

It does not matter if you have Intel Xeon or AMD based CPUs on your server. 8 CPUs at 1Ghz with an AMD based system is just as good as 2 CPUs running at 3Ghz on an Intel Xeon system.

The problem you had when you were on shared hosting running your WordPress site was your CPU and memory was limited. Most memory available to shared web hosting customers is anywhere from 8 – 32mb to run their PHP web applications. If you have multiple plugins, including a sitemap generator, this is where you would get all the weird errors, blank pages and what generally drove you away from shared hosting to virtual private server hosting.

Conclusion:
With our first lesson on “WordPress Wednesdays”, we have learned that OpenVZ and Xen does not really matter when it comes to running a WordPress site.

With OpenVZ, all the resources are shared with “your neighbors” on the same VPS node like shared web hosting and with Xen, your resources are guaranteed. Xen is only a few more dollars than OpenVZ but I think resource guarantees are worth the few extra dollars.

We also learned that CPU is something often overlooked by VPS hosting customers but should be emphasized more than anything. Would you drive a sports car if it only had a two cylinder engine inside of it that would be fast as a lawnmower or do you want the V8 engine, with 8 cylinders powering the sports car, which could be similar to an 8 CPU core system?

Thank you and tune in for next Wednesday’s article where we discuss if we should consider Apache or nginx with our WordPress website.