SMTP, SPF, DKIM, DMARC, TLS

Posted on August 25, 2021 by Peter Bryant

Did you know anyone can send an email impersonating your email address? Back in 1971 when 'email' was invented and later when it was connected to the Internet both email users knew each other.

Since then spammers and other bad actors started to abuse this 'feature'. And since then some new mechanisms have been added to permit validation around senders authenticity.

SPF DNS records say which mail servers are permitted to send an email for a particular email domain.

DKIM permits an email server to sign/hash key headers in an email. And DKIM DNS records permit a recipient to verify that the email is valid.

DMARC DNS records let you tell email servers that receive emails from your email domain what to do if the SPF and DKIM rules are not followed (e.g. don't accept the emails, or to send you a report).

TLS is a security option that permits emails between servers an be sent over an encrypted connection (helping to avoid man in the middle attacks).

Email recipients are becoming tougher on senders that don't implement these mechanisms. Implement these mechanisms to give your emails a higher chance of being seen by their recipients.

On a debian-based distro the setup will look like the following. Note that were we use example.com you would use your own domain name.

Continue reading
Posted in Rimuhosting | Tagged , | Leave a comment

Centos announce Centos 8 retirement

Posted on August 15, 2021 by Peter Bryant

centos logo

Centos have announced that their RHEL8-based distro Centos8 will no longer be supported from December 2021.

This affects customers running Centos 8. It also affects customers running older Centos versions that are thinking updating to a newer distro.

There are many alternatives to consider. To mention a few:

Centos 7. With support until 2024. RimuHosting image available.

Rocky Linux https://rockylinux.org/ From the founder of the Centos project. Migration notes

RHEL 8. There were some licensing changes

Alma Linux https://almalinux.org/ From the team behind CloudLinux.

Centos Stream. https://www.centos.org/centos-stream/ This is a 'rolling release'. The repository for this distro will receive new package versions over time. So rather than being on a particular 'fixed release' version of applications you will get updates to them over time. This is good if you wish to have them updated, and if you never want to have to reinstall a server. Bad if you rely on particular package versions.

Debian. RimuHosting image available. One of our favorite distros. Paired with our distrorejuve script you can easily upgrade (in place, without a reinstall) every few years to the latest Debian version.

Ubuntu. RimuHosting image available.

If you are currently running Centos 8, you can sit tight up until the December 2021 support cessation date and let the options mature and improve and delay making a decision.

If you are wanting to install a new VM and are open to non-RedHat based distros, then Debian is a great option.

If you are currently running Centos 8 and would like to switch to one of the alternative RHEL 8-based distros, you can follow the instructions to do that. Or contact our support and we can assist with that.

Posted in Rimuhosting | Tagged , | Leave a comment

Distro upgrade as a service

Posted on July 12, 2021 by Peter Bryant

For several years we have worked with customers to upgrade dozens of servers (primarily Debian and Ubuntu) from old (sometimes ancient) distro versions to the latest, stable versions.

We are now offering this distro upgrade as a service.

The upgrade steps are as follows:

  • We collect systems information to ensure your setup is updatable (e.g. that the server is SSH accessible, running Debian or Ubuntu, has sufficient space to run a backup).
  • We trigger a backup of your current server (it does not have to be a RimuHosting server).
  • We import that into a new RimuHosting VM
  • We dist-upgrade the new VM to the latest stable version
  • We crossgrade that from 32bit to 64bit if necessary
  • You perform your QA checks
  • You point your DNS to the updated server

The upgrade as a service is non-destructive: we only make changes to a copy of your server, not the original.

As an introductory offer this service is provided for no cost. After the upgrade, there will be a hosting fee for the resulting server.

To get going, just mention this post and any details about your setup on our contact form.

Sample scenario: Upgrade your Debian 8 Jessie server to Debian 10 buster and regain access to Debian security updates, and features like automated LetsEncrypt certificate installs.

Posted in Rimuhosting | Tagged , | 1 Comment

VM backup and download

Posted on June 28, 2021 by Peter Bryant

The following code snippet will let you create a backup image of a Linux server, encrypt it, and then make it available for download. It requires PHP, and makes use of PHP's built in HTTP server. You will need sufficient disk space on your VM image to create the download. The file is compressed, so the backup will typically be smaller than the disk space used on the VM.


{
# typically needed on the restore side
apt-get -y install rsync
# random password of letters and digits
password="$(</dev/urandom tr -dc A-Z0-9 | head -c10)"
# create a backup directory
[ ! -d /root/backup.$$ ] && mkdir /root/backup.$$
# date like 2021-06-28-1624846640
dt="$(date +%Y-%m-%d-%s)"
cd /root/backup.$$
# exclude mysql and log files, but keep directory structure
find /var/log /var/cache/apt/archives -type f > /root/excludefiles.log
#find /var/lib/mysql -type f > /root/excludefiles.log
# exclude sockets
find / -type s -print 2>/dev/null >> /root/excludefiles.log
# create a tar file, exclude certain directories
# encrypt the data using openssh with the provided password
tar --numeric-owner --create --preserve-permissions --gzip --file - \
--exclude-from=/root/excludefiles.log \
--exclude=/root/backup.* \
--exclude=/restore* \
--exclude=/proc \
--exclude=/tmp \
--exclude=/mnt \
--exclude=/dev \
--exclude=/sys \
--exclude=/run \
--exclude=/media \
--exclude=/usr/src/linux-headers* \
--exclude=/home/*/.gvfs \
--exclude=/home/*/.cache \
--exclude=/home/*/.local/share/Trash / | openssl enc -aes-256-cbc  -md sha256 -pass "pass:$password"  > /root/backup.$$/backup-$dt.tar.gz.enc

# save password details
echo "<meta charset="utf-8">openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" -in backup-$dt.tar.gz.enc -out backup-$dt.tar.gz" >> /root/backupcredentials.log

#zip --encrypt --password "$password" backup.zip $directorytozip

# output a message about how to access and use the file 
ip=$(ifconfig eth0 | grep 'inet ' | sed 's/inet addr:/inet /' | awk '{print $2}')
echo "The backup file is created at /root/backup.$$/backup-$dt.tar.gz.enc.  

Download your backup from http://$ip:32956/backup-$dt.tar.gz.enc

Download your backup with scp using: scp root@$ip:/root/backup.$$/backup-$dt.tar.gz.enc 

Extract your backup on a target host with scp using: mkdir /restore.$$; cd /restore.$$; scp root@$ip:/root/backup.$$/backup-$dt.tar.gz.enc /dev/stdout | openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" | tar  --extract --gunzip --numeric-owner --preserve-permissions

Unencrypt the backup with: openssl enc -d -aes-256-cbc  -md sha256 -pass "pass:$password" -in backup-$dt.tar.gz.enc -out backup-$dt.tar.gz

Should you need openssl for windows, you may download that.  For example from https://curl.se/windows/

The backup includes mysql databases.  You may prefer to exclude them, and run a MySQL database dump instead.

"
# offer the file for download.  Kill this process off after you have downloaded the file.  
# PHP has a built in web server
# at job to kill off process after 24h?
nohup php -S $ip:32956 &
}

To decrypt the backup you will need openssl. This is typically available on most Linux installs. There are also Windows binaries available, e.g. from https://curl.se/windows/

You may wish to skip the encryption step if you are scp-ing the file directly and not offering it via a public download URL.

The backup skips the mysql directory. You could include that if you wished (be sure to stop the mysql server while the files are being copied). Alternatively you could create a mysql database dump prior to creating the backup image.

Posted in Rimuhosting | Tagged , | Leave a comment

Centos8 + Apache + Tomcat + LetsEncrypt Setup

Posted on November 23, 2020 by Peter Bryant

A popular setup for Tomcat is to run it as a backend behind Apache. This lets you use Apache for some websites and URLs and Tomcat for others (while keeping the same IP address and port).

Another common requirement is to have a valid SSL certificate.

This HOWTO describes that setup. The HOWTO is for Centos8, but it would not be too different for other distros.

Run a clean install choosing Centos8 at https://rimuhosting.com/cp/vps/disk/install.jsp

In /etc/httpd/conf.modules.d/00-proxy.conf enable:

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

Run the following:

Continue reading
Posted in Rimuhosting | Comments Off on Centos8 + Apache + Tomcat + LetsEncrypt Setup

Ubuntu 20.04 LTS released

Posted on July 31, 2020 by Glenn Enright
Ubuntu Logo

The latest long term support (LTS) release of Ubuntu is now available for new installs. Ubuntu 20.04, also known as "Focal Fossa" can be ordered at https://rimuhosting.com/order/v2orderstart.jsp. It's also an option to consider if you reinstall an existing VPS.

The official release notes for this release are available at https://wiki.ubuntu.com/FocalFossa/ReleaseNotes and will be be upstream supported until at least April 2025

Features in the 20.04 long term support release include:

  • python3 is now the default python interpreter
  • php updated to v7.4, with support for strongly typed properties and enforces stricter usage of arrays and ternary operators
  • updates to ha/clustering tools, notably now using kronosnet (or knet for short) as an essential feature, supporting dynamic configuration of new network resources
  • HAProxy 2.0
  • TLS 1.3 support is now baked in to services through the updated openssl library, so all your sites can take full advantage of the latest web encryption technology

As usual there is a supported upgrade path from previous Ubuntu releases, though customers with 18.04 LTS installs may be better to wait for the next (20.04.1) point release before updating. For anyone looking to do this, please see our recommendations at https://rimuhosting.com/knowledgebase/linux/distros/ubuntu

You can install new servers now at https://rimuhosting.com/order/v2orderstart.jsp, or contact us if you have any questions about Ubuntu 20.04.

Posted in Distributions | Tagged , , | Comments Off on Ubuntu 20.04 LTS released

Unknown Password Change – diagnostics

Posted on July 8, 2020 by Liz Quilty

Often numerous people have access to an account, developers, owners, system administrators.

Occasionally they do things, they maybe shouldn't - like changing the password - leaving all other people in the loop out.

When this happens its always good to make sure that you know who changed that password - because if it was not you, it was potentially an exploit of some sort

Its fairly hard to track down exactly WHO did this, however its easy to work out WHEN it happens, which allows you to look up other things to determine who

To determine when the password was changed you can check the /etc/shadow file . It looks like this

Continue reading
Posted in Rimuhosting | Tagged , , , , | Comments Off on Unknown Password Change – diagnostics

Woop! WordPress hosting launch

Posted on April 24, 2020 by Peter Bryant

Today we launch our Woop! WordPress hosting service. We are pretty excited about this.

woop logoMany of our RimuHosting customers run WordPress on the VMs they host with us. That makes sense since 30% of the world's sites run on WordPress. For over a decade we have been working with these customers to keep their WordPress installs up to date and secure. As well as working with them to make their sites load quickly, and have up to date SSL certs.

With so many customers wanting to run WordPress, and after seeing so many different setups, we wondered:

If we had our way, what would the ideal WordPress setup look like?

-Some guys (and Liz) at RimuHosting
Continue reading
Posted in Rimuhosting | Tagged | Comments Off on Woop! WordPress hosting launch

Business as usual in the Covid-19 pandemic

Posted on March 20, 2020 by Alex
Novel Coronavirus

For customers using RimuHosting services, we don't expect the covid-19 pandemic will have any impact on our provision of services for you to use.

Existing servers are continuing to operate as normal and for now, provision of new services is also operating as normal. We have spare capacity available to cater for extra demand. It is conceivable that if demand increases significantly, shipping delays or shortages of parts may delay provisioning of new services. However, as of now we don't expect any problems.

We are continuing to work as normal. A number of our staff always work from home and the rest do so occasionally. From earlier this week, all our staff started working from home as a precaution, to reduce the risk in case community transmission starts in New Zealand.

The datacenters we operate from are all set up to continue operating with minimal staffing if necessary.

If your VPS has a firewall associated which has your office IP whitelisted, consider the impact on staff working remotely. We are happy to help with sorting out any problems such as this that you might experience when staff start to work from home.

We are also in a good position to provision new services aimed at supporting your organization working from home. e.g. We can help install software such as WordPress blogging and website platform, Nextcloud document sharing, Jitsi secure video conferencing for up to 8 participants, Mattermost enterprise messaging, Moodle online training and education platform, and Sandstorm easy-install self-hosted online services, and many other internet based products. Just mention what your needs are and our staff will be happy to assist.

We wish you well in these times of uncertainty.

Posted in Announce, Rimuhosting | Tagged , , , , , | Comments Off on Business as usual in the Covid-19 pandemic

CentOS 8 available

Posted on November 1, 2019 by Glenn Enright

The long awaited release of CentOS 8 64bit is now available with new installs from our order pages at https://rimuhosting.com/order/v2orderstart.jsp. It's also an option to consider if you reinstall an existing VPS. CentOS8 was formally released on 24 Sep 2019.

The official release notes are available at https://wiki.centos.org/Manuals/ReleaseNotes/CentOS8.1905.

CentOS8 will be supported until 30 Sep 2029. It is based on sources used by well known enterprise platforms, and will provide a reliable long term install target for new projects.

Continue reading
Posted in Announce, Distributions, Rimuhosting | Tagged , , , , , | Comments Off on CentOS 8 available