A popular setup for Tomcat is to run it as a backend behind Apache. This lets you use Apache for some websites and URLs and Tomcat for others (while keeping the same IP address and port).
Another common requirement is to have a valid SSL certificate.
This HOWTO describes that setup. The HOWTO is for Centos8, but it would not be too different for other distros.
Run a clean install choosing Centos8 at https://rimuhosting.com/cp/vps/disk/install.jsp
In /etc/httpd/conf.modules.d/00-proxy.conf enable:
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
Run the following:
The latest long term support (LTS) release of Ubuntu is now available for new installs. Ubuntu 20.04, also known as "Focal Fossa" can be ordered at https://rimuhosting.com/order/v2orderstart.jsp. It's also an option to consider if you reinstall an existing VPS.
The official release notes for this release are available at https://wiki.ubuntu.com/FocalFossa/ReleaseNotes and will be be upstream supported until at least April 2025
Features in the 20.04 long term support release include:
- python3 is now the default python interpreter
- php updated to v7.4, with support for strongly typed properties and enforces stricter usage of arrays and ternary operators
- updates to ha/clustering tools, notably now using kronosnet (or knet for short) as an essential feature, supporting dynamic configuration of new network resources
- HAProxy 2.0
- TLS 1.3 support is now baked in to services through the updated openssl library, so all your sites can take full advantage of the latest web encryption technology
As usual there is a supported upgrade path from previous Ubuntu releases, though customers with 18.04 LTS installs may be better to wait for the next (20.04.1) point release before updating. For anyone looking to do this, please see our recommendations at https://rimuhosting.com/knowledgebase/linux/distros/ubuntu
You can install new servers now at https://rimuhosting.com/order/v2orderstart.jsp, or contact us if you have any questions about Ubuntu 20.04.
Often numerous people have access to an account, developers, owners, system administrators.
Occasionally they do things, they maybe shouldn't - like changing the password - leaving all other people in the loop out.
When this happens its always good to make sure that you know who changed that password - because if it was not you, it was potentially an exploit of some sort
Its fairly hard to track down exactly WHO did this, however its easy to work out WHEN it happens, which allows you to look up other things to determine who
To determine when the password was changed you can check the /etc/shadow file . It looks like this
Today we launch our Woop! WordPress hosting service. We are pretty excited about this.
Many of our RimuHosting customers run WordPress on the VMs they host with us. That makes sense since 30% of the world's sites run on WordPress. For over a decade we have been working with these customers to keep their WordPress installs up to date and secure. As well as working with them to make their sites load quickly, and have up to date SSL certs.
With so many customers wanting to run WordPress, and after seeing so many different setups, we wondered:
If we had our way, what would the ideal WordPress setup look like?-Some guys (and Liz) at RimuHosting
The long awaited release of CentOS 8 64bit is now available with new installs from our order pages at https://rimuhosting.com/order/v2orderstart.jsp. It's also an option to consider if you reinstall an existing VPS. CentOS8 was formally released on 24 Sep 2019.
The official release notes are available at https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.1905.
CentOS8 will be supported until 30 Sep 2029. It is based on sources used by well known enterprise platforms, and will provide a reliable long term install target for new projects.
For many years I have maintained a shell script that checks and can update wordpress. Its great, it needs nearly nothing and is handy for basic diagnosis, however its not good as something that can update things on a cron so well which multiple people have asked about.
Developers have just announced the release of Webmin 1.930. This includes some important security fixes. If you have an older Webmin version please update urgently to insure your server remains secure.
In particular they described an exploit that is fairly major.
Should your install be too old to update, you can fix the bug by editing the file in /etc/webmin/miniserv.conf and remove the passwd_mode= line, followed by restarting the webmin service. A quick easy shell script for this would be like this ...
sed -i s/passwd_mode.*// /etc/webmin/miniserv.conf
service webmin restart
If you need a hand with any of this, pop in a ticket and we can help out.
Netflix has identified several vulnerabilities in the TCP networking stack that affects all Linux users with un-patched kernels. The vulnerabilities have been assigned CVE-2019-11477, CVE-2019-11478 and CVE-2019-11479.
All three issues have already been mitigated for all our VPS customers.
The original advisory says...
The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels
We are not aware of anyone abusing this exploit yet, however that is likely to change rapidly over the next few days. More information is available below.
In the advent of containerized applications it can be quite daunting to get started with docker and multiple containers in a cluster. In this post we will go through some of the terminology and how to get started in a simplified case for a single host, multiple containers application stack, with containers for wordpress, mysql and a reverse proxy using ngnix.
(Photo by Allagash Brewing)