Nginx: 413 – Request Entity Too Large Error at Ubuntu and Solution

Nginx: 413 – Request Entity Too Large Error and Solution

Nginx configuration

To fix this issue edit your nginx.conf. Open the Terminal or login to the remote server using ssh client. Type the following command to edit your nginx.conf using a text editor such as vi or joe or nano:
# vi /etc/nginx/nginx.conf

Use nano text editor:
$ sudo nano /etc/nginx/nginx.conf

Must be run as root:
# vi /usr/local/nginx/conf/nginx.conf

Add the following line to http or server or location context to increase the size limit in nginx.conf, enter:

# set client body size to 2M #
client_max_body_size 2M;

The client_max_body_size directive assigns the maximum accepted body size of client request, indicated by the line Content-Length in the header of request. If size is greater the given one, then the client gets the error “Request Entity Too Large” (413).
Save and close the file. Reload the nginx webserver, enter:
# /usr/local/nginx/sbin/nginx -s reload

Use nginx itself to reload it:
# /sbin/nginx -s reload

For RHEL/CentOS/Debian/Ubuntu Linux, try:
# service nginx reload

If you are using systemd based system run:
$ sudo systemctl reload nginx.service

PHP configuration (optional)

Your php installation also put limits on upload file size. Edit php.ini and set the following directives

;This sets the maximum amount of memory in bytes that a script is allowed to allocate
memory_limit = 32M

;The maximum size of an uploaded file.
upload_max_filesize = 2M

;Sets max size of post data allowed. This setting also affects file upload. To upload large files, this value must be larger than upload_max_filesize
post_max_size = 3M
If you are using PHP-FPM, restart it as follows:
$ sudo systemctl restart php-fpm
## OR ##
$ sudo systemctl restart php7.0-fpm.service
## OR ##
$ sudo /usr/local/etc/rc.d/php-fpm restart

Save and close the file. Make sure you reload/restart back-end apache or nginx web server as per your setup.

Advertisements

Enable Remote Connections Mysql Ubuntu

To expose MySQL to anything other than localhost you will have to have the following line

For mysql version 5.6 and below

uncommented in /etc/mysql/my.cnf and assigned to your computers IP address and not loopback

For mysql version 5.7 and above

uncommented in /etc/mysql/mysql.conf.d/mysqld.cnf and assigned to your computers IP address and not loopback

#Replace xxx with your IP Address
bind-address = xxx.xxx.xxx.xxx
Or add a bind-address = 0.0.0.0 if you don’t want to specify the IP

Then stop and restart MySQL with the new my.cnf entry. Once running go to the terminal and enter the following command.

lsof -i -P | grep :3306
That should come back something like this with your actual IP in the xxx’s

mysqld 1046 mysql 10u IPv4 5203 0t0 TCP xxx.xxx.xxx.xxx:3306 (LISTEN)
If the above statement returns correctly you will then be able to accept remote users. However for a remote user to connect with the correct priveleges you need to have that user created in both the localhost and ‘%’ as in.

CREATE USER ‘myuser’@’localhost’ IDENTIFIED BY ‘mypass’;
CREATE USER ‘myuser’@’%’ IDENTIFIED BY ‘mypass’;
then,

GRANT ALL ON *.* TO ‘myuser’@’localhost’;
GRANT ALL ON *.* TO ‘myuser’@’%’;
and finally,

FLUSH PRIVILEGES;
EXIT;

Restart Mysql service and test again with new user to mysql from remote access.

View files permissions in ubuntu

If you want to see the the permission of a file you can use ls -l /path/to/file command.

For example

ls -l testfilename
-rwxr-xr-x 1 10490 floppy 17242 May 8 2013 testfilename

What does this mean ?

First – represents a regular file. It gives you a hint of the type of object it is. It can have following values.

d (directory)
c (character device)
l (symlink)
p (named pipe)
s (socket)
b (block device)
D (door)
– (regular file)

r represents read permission.
w represents write permission and
x represents executable permission.

First combination of rwx represents permission for the owner .
Second combination of rwx represents permission for the group .
Third combination of rwx represents permission for the other of the file.

Octal notation

Permission of file can also be represented in octal notation.
In octal notation

Read or r is represented by 4,
Write or w is represented by 2
Execute x is represented by 1.

Sum of these three is use to represent the permission.

stat command can be used to view file permission in octal notation

stat -c “%a %n” /path/of/file
For example

stat -c “%a %n” testfilename
755 testfilename
Here you can see

For owner it is 4+2+1=7 (111 in binary)
For group it is 4+0+1=5 (101 in binary) and
For other it is 4+0+1=5 (101 in binary).

Ref:: https://askubuntu.com/questions/528411/how-do-you-view-file-permissions/528433#528433

Configuration for SSH at a new Ubuntu Server

=========================================
Step 1 – Creating New Sudo and Root User
=========================================
// Adding new user
1) adduser TESTUSER

// Adding user to sudo group
2) usermod -aG sudo TESTUSER

// Adding user to root group
3) usermod -aG root TESTUSER

// Adding user to www-data group
4) usermod -aG www-data TESTUSER

// Checking user groups
5) id TESTUSER

// to reload your groups)
6) su – TESTUSER

// Checking user groups
7) id TESTUSER

result will show – uid=1000(TESTUSER) gid=1000(TESTUSER) groups=1000(TESTUSER),27(sudo),33(www-data)

=========================================
Step 2 – Editing SSH Configurations
=========================================

1) Allow new port to firewall and Changing SSH port

Adding and allow new port to Firewall
sudo ufw status
sudo ufw allow newport(eg_7676)

2) Disable the root user for login
** Before you disable root access, make sure to have the other root access user **

Changing SSH port
sudo nano /etc/ssh/sshd_config
change –
PermitRootLogin no
Port 7676 (AsYouWish)

3) /etc/init.d/ssh reload

=========================================
Step 3 – Upgrading SSH security
=========================================

3.1) Installing the Fail To Ban Server for SSH Security
Ref https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04

3.1.1) sudo apt-get install fail2ban -y
3.1.2) sudo apt-get install sendmail
// testing sendmail can send or not
echo “hello” | sendmail -f receivermail@gmail.com sendermail@gmail.com

(sendmail or mail)

3.1.3) sudo apt install mailutils
// testing mail can send or not with mailutils
echo “testing” | mail -s “testing” receivermail@gmail.com

3.2) Copy the /etc/fail2ban/jail.cof as /etc/fail2ban/jail.local
awk ‘{ printf “# “; print; }’ /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local

3.3) // Change bantime at /etc/fail2ban/jail.local

// jail.local without sending alert email
—————————————————————
[DEFAULT]
bantime = 120
// bantime is with seconds
ignoreip = 127.0.0.1/8
findtime = 120
destemail = william.aceplus@gmail.com
sender = root@localhost

[sshd]
port = ssh
# logpath = %(sshd_log)s

[sshd-ddos]

port = 7878
logpath = /var/log/auth.log

[dropbear]
port = 7878
logpath = /var/log/auth.log

[selinux-ssh]
port = 7878
logpath = /var/log/auth.log
maxretry = 3

And then restart fail2ban server
/etc/init.d/fail2ban restart
—————————————————————

OR

// jail.local without sending alert email
—————————————————————
[DEFAULT]

ignoreip = –REMOVED IPS–
findtime = 600
bantime = 600
maxretry = 3

backend = polling

destemail = test@gmail.com
banaction = iptables-multiport
mta = sendmail
protocol = tcp
action_ = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
action_mw = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
%(mta)s-whois[name=%(__name__)s, dest=”%(destemail)s”, protocol=”%(protocol)s]
action_mwl = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
%(mta)s-whois-lines[name=%(__name__)s, dest=”%(destemail)s”, logpath=%(logpath)s]
action = %(action_mw)s
[ssh]

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
—————————————————————

3.4) // Checking ban IPs
sudo zgrep ‘Ban’ /var/log/fail2ban.log

3.5) If you change the ssh port from ‘22’ to ‘custom_port’, you need to allow that port at ufw.

Sudo ufw status
Sudo ufw allow custom_port
Sudo ufw reload
Sudo ufw status

3.6) reload the fail2ban service
sudo /etc/init.d/fail2ban restart

3.7) check fail2ban server working or not by accessing with ssh 3 times and system will ban your ip 120 seconds

ssh ap2@128.199.101.113 -p 7878

fallocate: fallocate failed: Text file busy in ubuntu OS

fallocate: fallocate failed: Text file busy in ubuntu OS

swapoff -a turns off swap usage. You were trying to allocate 15G to /swapfile,
but you can’t do that if it’s in use.
You do a swapoff -a, fallocate (you may have to delete the current /swapfile first), mkswap /swapfile, then swapon -a.

swapoff -a
swapon -a

sudo fallocate -l 1G /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile

 

Cheers