How to install PHPMyadmin at Ubuntu

sudo apt-get update
sudo apt-get install phpmyadmin
sudo ln -s /usr/share/phpmyadmin /var/www/html/phpmyadmin_your_customize_domain_name
sudo phpenmod mcrypt
sudo systemctl restart php7.0-fpm (up to your php version )


Configuration for SSH at a new Ubuntu Server

Step 1 – Creating New Sudo and Root User
// Adding new user
1) adduser TESTUSER

// Adding user to sudo group
2) usermod -aG sudo TESTUSER

// Adding user to root group
3) usermod -aG root TESTUSER

// Adding user to www-data group
4) usermod -aG www-data TESTUSER

// Checking user groups

// to reload your groups)
6) su – TESTUSER

// Checking user groups

result will show – uid=1000(TESTUSER) gid=1000(TESTUSER) groups=1000(TESTUSER),27(sudo),33(www-data)

Step 2 – Editing SSH Configurations

1) Allow new port to firewall and Changing SSH port

Adding and allow new port to Firewall
sudo ufw status
sudo ufw allow newport(eg_7676)

2) Disable the root user for login
** Before you disable root access, make sure to have the other root access user **

Changing SSH port
sudo nano /etc/ssh/sshd_config
change –
PermitRootLogin no
Port 7676 (AsYouWish)

3) /etc/init.d/ssh reload

Step 3 – Upgrading SSH security

3.1) Installing the Fail To Ban Server for SSH Security

3.1.1) sudo apt-get install fail2ban -y
3.1.2) sudo apt-get install sendmail
// testing sendmail can send or not
echo “hello” | sendmail -f

(sendmail or mail)

3.1.3) sudo apt install mailutils
// testing mail can send or not with mailutils
echo “testing” | mail -s “testing”

3.2) Copy the /etc/fail2ban/jail.cof as /etc/fail2ban/jail.local
awk ‘{ printf “# “; print; }’ /etc/fail2ban/jail.conf | sudo tee /etc/fail2ban/jail.local

3.3) // Change bantime at /etc/fail2ban/jail.local

// jail.local without sending alert email
bantime = 120
// bantime is with seconds
ignoreip =
findtime = 120
destemail =
sender = root@localhost

port = ssh
# logpath = %(sshd_log)s


port = 7878
logpath = /var/log/auth.log

port = 7878
logpath = /var/log/auth.log

port = 7878
logpath = /var/log/auth.log
maxretry = 3

And then restart fail2ban server
/etc/init.d/fail2ban restart


// jail.local without sending alert email

ignoreip = –REMOVED IPS–
findtime = 600
bantime = 600
maxretry = 3

backend = polling

destemail =
banaction = iptables-multiport
mta = sendmail
protocol = tcp
action_ = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
action_mw = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
%(mta)s-whois[name=%(__name__)s, dest=”%(destemail)s”, protocol=”%(protocol)s]
action_mwl = %(banaction)s[name=%(__name__)s, port=”%(port)s”, protocol=”%(protocol)s]
%(mta)s-whois-lines[name=%(__name__)s, dest=”%(destemail)s”, logpath=%(logpath)s]
action = %(action_mw)s

enabled = true
port = ssh
filter = sshd
logpath = /var/log/auth.log
maxretry = 3

3.4) // Checking ban IPs
sudo zgrep ‘Ban’ /var/log/fail2ban.log

3.5) If you change the ssh port from ‘22’ to ‘custom_port’, you need to allow that port at ufw.

Sudo ufw status
Sudo ufw allow custom_port
Sudo ufw reload
Sudo ufw status

3.6) reload the fail2ban service
sudo /etc/init.d/fail2ban restart

3.7) check fail2ban server working or not by accessing with ssh 3 times and system will ban your ip 120 seconds

ssh ap2@ -p 7878

fallocate: fallocate failed: Text file busy in ubuntu OS

fallocate: fallocate failed: Text file busy in ubuntu OS

swapoff -a turns off swap usage. You were trying to allocate 15G to /swapfile,
but you can’t do that if it’s in use.
You do a swapoff -a, fallocate (you may have to delete the current /swapfile first), mkswap /swapfile, then swapon -a.

swapoff -a
swapon -a

sudo fallocate -l 1G /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile




How to install Mail Service at Ubutu Live Serer (LEMP)

How to install Mail Service at Ubutu Live Serer (LEMP)

Install mailutils by the following command
apt-get install mailutils
apt-get install ssmtp

edit ssmtp.conf under /etc/ssmtp/ssmtp.conf
Remove “#” from “#FromLineOverride=YES” and add the following lines to ssmtp.conf


After that, test email can send it or not with the following command
echo “tesitng” | mail -s “testing”

Checking Error about mail

if some setting are not and you want to re-configure the setting

Reconfigure / Resetting setting
sudo dpkg-reconfigure postfix
sudo dpkg-reconfigure mailutils



Example syntax for Secure Copy (scp)

What is Secure Copy?

scp allows files to be copied to, from, or between different hosts. It uses ssh for data transfer and provides the same authentication and same level of security as ssh.


Copy the file “foobar.txt” from a remote host to the local host

$ scp /some/local/directory

Copy the file “foobar.txt” from the local host to a remote host

$ scp foobar.txt

Copy the directory “foo” from the local host to a remote host’s directory “bar”

$ scp -r foo

Copy the file “foobar.txt” from remote host “” to remote host “”

$ scp \

Copying the files “foo.txt” and “bar.txt” from the local host to your home directory on the remote host

$ scp foo.txt bar.txt

Copy the file “foobar.txt” from the local host to a remote host using port 2264

$ scp -P 2264 foobar.txt

Copy multiple files from the remote host to your current directory on the local host

$ scp\{a,b,c\} .
$ scp\{foo.txt,bar.txt\} .

scp Performance

By default scp uses the Triple-DES cipher to encrypt the data being sent. Using the Blowfish cipher has been shown to increase speed. This can be done by using option -c blowfish in the command line.

$ scp -c blowfish some_file

It is often suggested that the -C option for compression should also be used to increase speed. The effect of compression, however, will only significantly increase speed if your connection is very slow. Otherwise it may just be adding extra burden to the CPU. An example of using blowfish and compression:

$ scp -c blowfish -C local_file


Thanks Stewart Macleod for port example.

Ref :

How to Use SSL Certificate in LEMP Digital Droplet

(1) We need to create two Certificate to give to SSL Certificate Vendor ( / GMO-ACE )

How do I generate a CSR Code


OS – Ubuntu 14.04
Digital Ocean Droplet with LEMP

cd /etc/ssl
mkdir /etc/ssl/websitessl
openssl req -new -newkey rsa:2048 -nodes -keyout domainname.key -out domainname.csr

“`means you create a 2048bits csr. I recommend for more security to use “`rsa:4069“`
You also need to change “`domainname.key“`and “`domainname.csr“` into your own domain name
so you can verify the CSR file. After you filled in all the legit information ,
you can open the new file using a client for example WinSCP, copy it, and use it for your SSL.


(2) And then, we have to buy/generate our SSL certificate at SSL Vendor Site and we will get / SSL vendor will generate the certificate files .

We have to copy generated .PEM files from SSL Certifiate Provider to our host ( Digital Ocean LEMP )
And then, we have to edit the virtual host setting file at

Using SSL Certificate at Nginx Virtual Host Setting
you have to create tow server blocks for both HTTP and HTTPS request.
And then, redirect to every request to HTTPS.

server {
listen 80;
return 301$request_uri;

server {
listen 443 ssl;
ssl on;

root /var/www/registrations/public;
index index.php index.html index.htm;

# Make site accessible from http://localhost/
# server_name localhost;

access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;

ssl_certificate /etc/ssl/websitessl/;
ssl_certificate_key /etc/ssl/websitessl/examplesite.key;
ssl_trusted_certificate /etc/ssl/websitessl/;

ssl_ciphers “HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:3DES”;
ssl_prefer_server_ciphers on;

# to disable SSL3 service – to prevent the POODLE Vulnerablitiy attack
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php?$query_string;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules

# Only for nginx-naxsi used with nginx-naxsi-ui : process denied requests
#location /RequestDenied {
# proxy_pass;

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#error_page 500 502 503 504 /50x.html;
#location = /50x.html {
# root /usr/share/nginx/html;

# pass the PHP scripts to FastCGI server listening on
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# # NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini
# # With php5-cgi alone:
# fastcgi_pass;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;

# deny access to .htaccess files, if Apache’s document root
# concurs with nginx’s one
location ~ /\.ht {
deny all;

client_max_body_size 10M;