Linux Training : Section 7 (Part-4)

NGINX

  • NGINX (pronounced "engine x") is a free, open-source web server that can also be used as a reverse proxy, load balancer, and more. It's known for its high performance and low resource usage.

Features-

  • Web serving: NGINX is a popular web server that can route requests to FastCGI servers

  • Reverse proxying: NGINX can be used as a reverse proxy to route requests to a proxied server

  • Load balancing: NGINX can distribute requests across multiple servers to avoid overloading a busy server

  • Caching: NGINX can cache content to improve performance

  • Media streaming: NGINX can be used for media streaming

Serve HTTPS with Node.js and Nginx | by Learn Backend | Dev Genius

The NGINX is just like the receptionist at the hotel, where it will catch all the information from you and then it will re-direct to the exact and desired server. NGINX makes sure that websites load fast and can manage lot of traffic even during peak time.

LAB-

  1. Check for the package-

  2. Start and Enable Nginx Services-

    NOTE: We got error, because NGINX runs on port 80 and on 80 port httpd was already running. So, we have first disabled httpd, now it is working fine.

  3. Disable Firewall-

  4. Configuring NGINX-

    • vi /etc/nginx/nginx.conf

    • vi /etc/nginx/conf.d/myfirstlinuxos.conf

  5. Creating the directory and content-

  6. Testing configuration & Accessing the website-

    • Test the file-

    • Restart the service-

    • Check for the website content-

  7. Repeat the process of installation and configuration on the new machine-

    • dnf install nginx -y

    • systemctl start nginx

    • systemctl enable nginx

    • systemctl stop firewalld

    • systemctl disable firewalld

    • vi /etc/nginx/nginx.conf

    • vi /etc/nginx/conf.d/centosserver.conf

      server

      {

      listen 80;

      server_name 192.168.100.162;

      root /var/www/centosserver/html;

      index index.html;

      location / {

      try_files $uri $uri/ =404;

      }

      }

    • mkdir -p /var/www/centosserver/html

    • cd /var/www/centosserver/html/

    • vi index.html

      <h1> Hello from CentOS Server </h1>

    • nginx -t

    • systemctl restart nginx

    • http://192.168.100.162

NOTE: faced 403 forbidden error, use below commands-

  1. Setting up a reverse proxy-

    Copy the content in a first machine file-

    NOTE:

  2. Final Testing & Accessing Website Through Reverse Proxy-

    • nginx -t

    • systemctl restart nginx

    • 198.162.1.10

      During this execution, we will get the below error-

      Resolve this, use the below step-

      NOTE : After using this step, getting timeout error, due to this not able to check the final status.

NOTE: Using this we are trying to setup a reverse proxy, by which we will be able to get the CentOS machine data using the FirstLinuxOS machine. The FirstLinuxOS machine will act as a middleware/proxy server, whenever we will try to fetch the data from FirstLinuxOS machine it will pull the data from CentOS machine. This process is just similar as a Forwarding a call to another number!!

Central Logger(RSYSLOG)

  • Purpose» General logs or collect logs form other servers

  • Service or Package name » rsyslog

  • Configuration File » /etc/rsyslog.conf

  • Service » systemctl restart/enable rsyslog

    How to Setup Centralized Logging Server using Rsyslog – TecAdmin

Let’s say, in our daily-to-day activity, the machine are having some error/problem and we need to check the log. one way is to go to each machine and check the logs but there is one more efficient way available to achieve this task i.e., Rsyslog thing.

Nagios

  • Nagios is an event monitoring system that offers monitoring and alerting services for servers, switches, applications and services. It alerts users when things go wrong and alerts them a second time when the problem has been resolved. Alerts can be send via message, email, phone call.

  • Nagios is popular by flexibility

  • Nagios has strong community support

LAB-

  1. Check for package

    dnf install httpd php gcc glibc glibc-common gd gd-devel make net-snmp unzip wget -y

  2. Create Nagios User and Group

    useradd nagios

    groupadd nagcmd

    usermod -a -G nagcmd nagios

    usermod -a -G nagcmd apache

  3. Download and Extract Nagios Core

    cd /tmp

    wget -O nagios-4.5.4.tar.gz https://go.nagios.org/l/975333/2024-08-14/6dqd8

    tar xzf nagios-4.5.4.tar.gz

    cd nagios-4.5.4

    Get the link from the NAGIOS website (nagios-core).

  4. Configure Nagios Core

    dnf install openssl-devel

    ./configure --with-command-group=nagcmd

  5. Install Nagios Core

    make all

    make install

    make install-commandmode

    make install-init

    make install-config

    make install-webconf

  6. Download, Install Nagios Plugins and Disable the Firewall

    cd /tmp

    wget https://nagios-plugins.org/download/nagios-plugins-2.4.11.tar.gz

    tar xzf nagios-plugins-2.4.11.tar.gz

    cd nagios-plugins-2.4.11

    ./configure --with-nagios-user=nagios --with-nagios-group=nagios

    make

    make install

    systemctl stop firewalld

    systemctl disable firewalld

  7. Create Nagios Web Interface Password and Start and Enable Services

    htpasswd -c /usr/local/nagios/etc/htpasswd.users nagiosadmin

    systemctl start httpd

    systemctl enable httpd

    systemctl start nagios

    systemctl enable nagios

    systemctl status nagios

    NOTE: Getting below error and due to this, not able to start the nagios service. and not able to proceed further.

  8. Configure hosts in Nagios

    cd /usr/local/nagios/etc/objects/

    ls -ltr

    vi localhost.cfg

    vi hosts.cfg


    define host {

    use linux-server

    host_name CentosServer

    alias My First Server

    address 192.168.100.162

    max_check_attempts 5

    check_period 24x7

    notification_interval 30

    notification_period 24x7 }

    define service {

    use generic-service

    host_name CentosServer

    service_description PING

    check_command

    check_ping!100.0,20%!500.0,60%

    max_check_attempts 5

    normal_check_interval 5

    retry_check_interval 1

    check_period 24x7

    notification_interval 30

    notification_period 24x7 }

  9. Update Nagios Configuration

    cd /usr/local/nagios/etc/

    vi nagios.cfg

    cfg_file=/usr/local/nagios/etc/objects/hosts.cfg

  10. Verify, Restart and Run Nagios

    cd /usr/local/nagios/etc/

    vi nagios.cfg

    cfg_file=/usr/local/nagios/etc/objects/hosts.cfg

    http://192.168.100.161/nagios

Securing Linux Machine (OS Hardening)

OS hardening in Linux is the process of applying security measures to the operating system to protect against threats.

  • User Account

  • Remove un-wanted packages

  • Stop un-used services

  • Check on Listening Ports

  • Secure SSH Configuration

  • Enable Firewall(iptables/firewalld)

  • Enable SELinux

  • Change Listening Services Ports Numbers

  • Keep your OS up to date(Security Patching)

  • Security-Enhanced Linux (SELinux) is a security module for Linux that controls access to files, processes, and applications. It's a mandatory access control (MAC) system that's more restrictive than the discretionary access control (DAC) system that Linux traditionally uses.

Commands-

    1. chage -l aditya

      1. cat /etc/passwd

      2. cat /etc/shadow

      3. more /etc/login.defs

      4. rpm -qa

      5. rpm -qa | wc -l

      6. systemctl -a

      7. netstat -tunlp

      8. cd /etc/ssh/ » more sshd_config

      9. firewall-config

      10. firewall-cmd --help

      11. iptables --help

      12. sestatus

OpenLDAP

  • OpenLDAP is a free, open-source implementation of the Lightweight Directory Access Protocol (LDAP). It's used in many Linux distributions to support LDAP.

  • OpenLDAP Service » slapd

  • Start or Stop the service » systemctl start/enable/stop/disable slapd

  • Configuration Files » /etc/openldap/slapd.d

Tracing Network Traffic (traceroute)

  • The traceroute command is used in Linux to map the journey that a packet of information undertakes from its source to its destination. One use for traceroute to locate when data loss occurs throughout a network, which could signify a node that’s down.

  • Because each hop in the record reflects a new server or router between the originating PC and the intended target, reviewing the results of a v scan also lets you identify slow points that may adversely affect your network traffic.

  • Command » traceroute www.google.com

How to Open Image File Through Command Line

  • Using GUI, we can directly click and open the image but in cmd line we can’t do this, Let’s say, I’m having a image in my linux machine desktop and will try to open it using cat cmd-

  • Now, install a package which will help us to fetch this image-

    NOTE: In CentOS10, ImageMagick and GraphicsMagic both packages are not getting install due to this not able to open the image file-


Thanks for going through this blog, Happy Learning !! 😁

0
Subscribe to my newsletter

Read articles from Aditya Dev Shrivastava directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Aditya Dev Shrivastava
Aditya Dev Shrivastava