Login to OpenLiteSpeed using its default webmin port (7080)
Navigate to Server Configuration
Next click on External App
Click the edit button to the right of the row for LiteSpeed SAPI App and then scroll down to the command
This is where the relative path for the php version is set, lsphp is normally installed to:
/usr/local/lsws/
and in this case lsphp82/bin/lsphp refers to the binary path, this can be then changed to suit your new version for example.
lsphp83/bin/lsphp will make it use php version 8.3 instead.
I recommend hard rebooting the server (sudo reboot) afterwards as a soft-reset may take some time to transition all the existing lsphp process instances.
Btrfs is a file-system that touts many improvements over traditionally simple file systems like ext4. Such as but not limited to: Snapshots, and file error corruption detection and recovery
Thing is if you’ve already got an installation it’d be a pain to reinstall everything just to switch file systems; so let’s convert it 🙂
First we need to boot from a live-system eg: CD or USB, we’ll be using https://endeavouros.com/ here but any distro that comes with btrfs-convert utility should work.
Next you’ll need to find the partition that you’ve installed the OS to,
sudo su
fdisk -l
In my case its on /dev/sda3 for root partition and /dev/sda4 for home partition
The next step is to check the filesystem for corruption, this can be done using the fsck utility.
fsck /dev/sda3
fsck /dev/sda4
If it’s clean then you’re good to continue, otherwise repair the partition first
Now lets do the actual conversion, this may take a long time and possibly crash if the volume is very big (but is reversible):
btrfs-convert /dev/sda3
btrfs-convert /dev/sda4
In my case it completed successfully, so next lets mount and chroot into our OS
mount /dev/sda3 /mnt
mount -t proc none /mnt/proc
mount -t sysfs none /mnt/sys
mount -o bind /dev /mnt/dev
mount -o bind /dev/pts /mnt/dev/pts
modprobe efivarfs
chroot /mnt bash
mount -t efivarfs efivarfs /sys/firmware/efi/efivars
Now we need to see what the filesystem uuid is for our new filesystem
blkid
In our case we can see that our /dev/sda3 has a UUID of 5bb0773c-86b0-40ca-b6f9-e0eb5dd6193a and our /dev/sda4 has a UUID of d81e1f4d-4c6e-46bb-a6ac-05e65d369e9f so those what we will use
Next lets modify our fstab to match something like this (remember to change the file-system from ext4 to btrfs in the next column)
nano /etc/fstab
Next we will need to rebuild grub, first mount the EFI folder (in our case its /dev/sda1)
mount -t auto /dev/sda1 /efi
Next lets detect the operating systems on the root file-system
Last but not least we may need to rebuild the initramfs (note that you may have to reboot into fallback initramfs if this command doesn’t work in chroot and run it there)
mkinitcpio -P
exit
reboot
If all went well we should have a working Btrfs installation now 🙂
and we didn’t need to re-install our programs 😛
Assuming things went well lets delete the conversion image since we don’t need it anymore (optional – saves space).
btrfs subvolume delete /ext2_saved
Manual Method: How to easily create and mount a snapshot
btrfs subvolume snapshot / @
Next we need to find out the subvolume id of this new subvolume
sudo btrfs subvolume show /@ | grep "Subvolume ID"
btrfs subvol set-default 425 /
Reboot, and in order to go back we can just mount the previous volume
btrfs subvol set-default 5 /
Automated Method:
If you don’t feel like managing the snapshots yourself, you can always use snapshot manager like snapper:
yay -S snapper snap-sync snap-pac snapper-gui-git
sudo snapper create-config /
sudo snapper list
sudo snapper-gui
Next lets setup the kvm group so that it can manage the libvirtd
nano /etc/polkit-1/rules.d/50-libvirt.rules
Put the following inside
/* Allow users in kvm group to manage the libvirt
daemon without authentication */
polkit.addRule(function(action, subject) {
if (action.id == "org.libvirt.unix.manage" &&
subject.isInGroup("kvm")) {
return polkit.Result.YES;
}
});
Next lets create the libvirt group if it doesn’t exist already and add ourselves to it
groupadd libvirt
sudo gpasswd -a $(whoami) libvirt
Step 3 : Configure Networking
Next lets check the virsh interface status
sudo virsh net-list --all
If default exists then start it and set it up to autostart using:
The Amazon Linux AMI is a supported and maintained Linux image provided by Amazon Web Services for use on Amazon Elastic Compute Cloud (Amazon EC2). It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2.
However, for whatever reason it is not enabled with automatic security updates on by default.
So lets fix that.
Step 0:
First lets install a version locking system for yum package manager. The reason we want something like this is to lock any and all packages that are too sensitive for automatic updates. A good example of this is any package where the version number can affect functionality in a major way such as gcc or Java.
sudo yum install yum-plugin-versionlock
You can then lock any package/set of packages with a statement like the following
sudo yum versionlock java*
To view a list of the current package locks, you can
sudo yum versionlock list
To remove all current package locks
sudo yum versionlock clear
Step 1:
Next lets configure automatic updates by first installing yum-cron
sudo yum install yum-cron
Lets modify the configuration to only enable security updates
sudo nano /etc/yum/yum-cron.conf
In the commands section set update_cmd to security and save-exit (Ctrl+o + Ctrl+x)
By default in IntelliJ IDE the internal view of a collection is hidden.
This is rather useless when debugging complex custom collections; so to avoid a bunch of extra debug code, you can simply disable the alternate view of collections in the customize data views option. (Ctrl+Shift+A)
You can also enable showing of static fields in here too which I recommend you turn on.
Now we can see the innards of the collection when debugging – YAY!
Let’s say that you need a run-of-the-mill VPN for your own purposes and you aren’t worried about using VPN-detecting services like Netflix then OpenVPN is a great option. Unfortunately it’s also a configuration nightmare; so lucky us then that the folks over at Streisand VPN have taken care of that.
Step 0 : Unattended Upgrades
The preparation step is to install unattended upgrades as an un-patched web-server is a really bad thing
Now we need to install the dependencies and clone the github (note we don’t use the official github address here since there is a bug-fix we would like)
Now execute the setup script, and be sure to enter your server’s IP address when prompted.
Also do NOT USE the default install, you can use all the default values in the custom install EXCEPT do not install wireguard and shadowsocks.
./streisand
At a certain point you may get an error about some tunnelblick issue, simply hit Ctrl +C and then C to continue
Once it is finished you will have your documentation available to you in the ~/streisand/generated-docs/tunnel.html file
Save it somewhere and open the file in a web-browser and follow the instructions
Step 2 : Configuration of OpenVPN
By default, OpenVPN is configured by the installation script to not allow multiple clients to use the same common-name (mentioned in the certificate), if you wish to change that you can by
sudo nano /etc/openvpn/server.conf
Find and un-comment this line so that you won’t need to generate a unique certificate for every VPN client
duplicate-cn
And hit Ctrl+o and Ctrl+x to save and exit
Now simply restart the OpenVPN server
sudo systemctl restart openvpn@server
Now you need to download the OpenVPN Connect Application and import the config file (you can pick any from the list on your website after following the tunnel.html instructions)
