Tech Help Blog

For a long time we have been working so hard on content and meta tags and image tags and alt tags, etc, etc that we have often left the speed and performance of our websites be pushed to the back burner! And if any of you have use Google Webmasters tools you’ll stand up and take notice of the Performance area which compares the speed of your website with, well, all others in some sort of low quality result comparison. This comparison, I’m lead to believe, is actually now a small(may be more than a small part) part of the google algorithm and is taken into consideration when page rank/page quality/content quality, etc, etc is calculated in the google brain.

Which brings me to this post, a helpful method of speeding up those sluggish ecommerce or heavily content driven sites is by utilizing Gzip, which is available in Apache version 2.x and up. Gzip will compress the content on the server delivering a much smaller file size to the browser where it is uncompressed and served as per normal, this reduces bandwidth and in most cases drastically reduces the viewing time of your websites. The only downside is there will be some increase in CPU load on the server side and also a slight increase in the browsers load as it decompresses the content, this is minimal and I haven’t yet seen any negative effects.

Basically in order for Gzip to work Apache 2.x needs to be compiled with mod_deflate so the first step, if it isn’t already enabled, is to enable mod_deflated and recompile your apache.

1. Using EasyApache in WHM we rebuild with mod_deflate enabled
   I won’t go through the initial steps in detail, once clicked into the Easy Apache area  ensure the Previously Saved Config (**DEFAULT**) is selected and click start customizing based on profile leave the next screen on its default which should be the current apache version (remember needs to be 2.x to support mod_deflated) choose NEXT leave the PHP Major version the same and click NEXT, leave PHP minor version the same and click NEXT, leave Short Options List the same and click Exhaustive Options List, Here we will check the box that says Deflated. See image right. Then select save and build note that this can take a long time depending on the servers performance, etc. Once its done, apply it and thats it Deflate is now compiled into Apache.
   
2. With mod_deflate enabled we can turn on Gzip on a per account basis.
   In CPanel under the specific accounts you can enable Gzip via the Optimize Website page! See image below.
   
   Once in the Optimize Website menu you can choose from a few options as shown below. I’ll leave that up to you, its relativelt self explanitory. If you want to check your site to see if it is being gzipped you can use  this little tool http://www.gidnetwork.com/tools/gzip-test.php which is pretty helpful, or google gzip test as there is a whole bunch of them out there.
   

Hope this helped give you an idea of how to enable Gzip in CPanel! Questions in the comments, happy fast browsing

I was recently connected to the console of a Linux VM on an ESXi server using vSphere and whenever I would type it would repeat each character a random number of times, needless to say this got quiet anoying. So I did some Googleing! As we all do, and I found this article which was exactly what I needed and figured I’d post up my findings on the same.

Basically in order to make this change you will require access to the .vmx file for the VM in question on the server with either vSphere/telnet/ssh. I actually used ssh to perform the change browsing to the virtual machine and editing the .vmx file that way. However as most people probably don’t have ssh/telnet enabled, view this post by clicking here to learn how to enable it, I will demonstrate this using vSphere and its built in Datastore Browser.

1. Browse the datastore from vSphere as shown below.
   Basically you click on the top level host in the left column, then choose the Configuration tab >> storage in the Hardware menu and right click on the datastore in question and select Browse Datastore.
   NOTE: Ensure the VM is Shutdown when changing this file.
2. Browse to the VM and download the .vmx file
   This part is mostly self explanatory, using the datastore browser window that pops up you can browse the file store and find the .vmx file inside your VM’s folder. Then click the small download button and choose an appropriate place for it.
3. Now lets edit the file with WordPad or similar.
   Find a neat place within the file to add the following line.

   keyboard.typematicMinDelay = “2000000″

Save the file, ensuring it retains its .vmx extension.

4. Upload the file using the Datastore Browser.
   Overwrite the original file with the changed file and you’re good to go. Start the VM up again and you shouldn’t have the typing issue again!

Typing may be slowed down somewhat and as mentioned in Robert Chases post here you may need to repeat keystrokes within editors like vi when holding a key doesn’t quiet work as normal. But quality is more important that quantity! Leave questions in the comments. Cheers

From time to time it is necessary to update the hosts file on a machine, and MAC’s are no different! given they are based on unix most bits and pieces are in their usual places but “hidden” from the usual users. With good cause! If your reading this your obviously not a normal user…

So lets begin.

1. Open Terminal and gain elevated privileges
   Click on Applications >> Utilities >> Terminal then enter the below command to gain elevated privileges.

   sudo su

   you will need to provide your root password at the prompt see below, typing the password will be blind.
   

2. Enter and edit the hosts file as below.
   Enter the below command to edit the hosts file

   pico /etc/hosts

   Once in pico you will see something like the below screen shot.
   

3. Once done save!
   Once you’ve finished editing the file as required hold Control and hit O then Enter, then Control and hit X to exit, and you’re done! Exit Terminal.

Job done! It isn’t difficult, however you need to use the sudo su command to gain root privileges before you will be able to successfully save the hosts file. For more information on Hosts Files check out this wiki link.

So you have, for whatever reason, a requirement to send all mail from CPanel server x addressed to *@domain.com via a specific smtp server. I recently ran into this issue and found a relatively simple fix. Unlike Microsoft Exchange and its easy UI where you can create a send connector with a bunch of prerequisites, with exim you need to work on the exim.conf file. Luckily its actually not that hard, once you know how!

1. Open Exim configuration from within WHM
   Open up a WHM connection to your CPanel server and head to Service Configuration >> Exim Configuration Editor then click on Advanced Editor.
I will take this moment to make a note:- if you are running a CPanel server you MUST use the WHM editor Exim Configuration Editor, I learnt the hard way before I even knew you could edit this option in WHM by editing exim.conf on a CPanel server that it will definitely be overwritten at some stage by an update! However these changes also apply to a non CPanel server that uses Exim by applying the same changes to /etc/exim.conf. See image below.



2. Find and edit the Routers Configuration
   Find the editable section below ROUTERS CONFIGURATION it looks something like this.
   Just below the section that says demo accounts are not permitted to relay email is where we are going to add our relay hosts. And below is a demo of a very basic send connector.

   domain1send:
   driver = manualroute
   transport = remote_smtp
   route_list = domain1.com smtp2.anotherserver.com

   This one here basically would take anything sent to a @domain1.com address and send it out via smtp2.anotherserver.com.

3. Save your changes and restart Exim
   Save the changes you have made by clicking save at the bottom of the page, then go to Restart Services >> Mail Server (Exim) then click yes. And test away.

This is a fairly basic setup and is intended to be used in a server that “sends to the world” directly already. IE this is for those domains that become a problem or in your environment may need to be routed differently than what the DNS resolve for that address might come up with.

Any questions, leave them in the comments!

1. Go to the ESXi console and press
   

   ALT+F1

2. Type:
   

   unsupported

3. Enter the root password (typing will be blind)
4. Once logged in type
   

   vi /etc/inetd.conf

5. Look for the line that starts with #ssh and remove the # so it starts with ssh (press “x” if the cursor is on the character)
6. Save by typing
   

   :wq!

7. Restart the ESXi server & test connecting via ssh.

NOTE: You can also enable telnet access by removing the # infront of the telnet line and I haven’t tested this, as I use secure management networks, however if you follow my post “How to Secure SSH on CPanel and restrict to specific hosts” you can probably use the step 2 bit to change the listening port if you really wanted to

There are many ways to secure SSH on a CPanel Server, including authenticating with keys and more. However I usually go for a simpler way. Given most of my personal applications are dedicated & shared servers there is only a small list of people requiring access to SSH (I don’t allow SSH for shared servers at all) often only myself. What I tend to do is restrict ssh to protocol 2 to start with, then change the listening port for ssh and lastly utilize CPanel’s built in hosts access control to restrict what sources are able to access ssh.

1. Restrict SSH to Protocol 2 & Restrict the Port to a non standard port.

to do this simply log into the console of the server as the root user and use your favourite editor to modify the sshd configuration file like so.

pico /etc/ssh/sshd_config

Find the line that reads Protocol 2,1 and the line that reads Port. Below is an example of a modified configuration. Port 22444 is the new ssh port and the #Protocol 2,1 is removing that line from the config and the line below it is restricting the Protocol to 2 only.

Port 22444

#Protocol 2,1

Protocol 2

2. Restrict Source Hosts from within CPanel.
   From within your WHM head to Security Center >> Host Access Control.
   Here we can add in some rules to control who can access sshd. View the image below you can see how I have added access to Office and Head Office with two rules (Access List is internal ranges in this case, would normally be a single external source, IE 123.211.123.211) & the third rule is to deny ALL others, the final deny rule must be the last of the sshd rules.
   
   
3. Restart SSHD service.
   From console/terminal or WHM restart the sshd service. type service sshd restart in console/terminal or go to Restart Services >> SSH Server (OpenSSH) from within WHM and hit YES.

NOTES: I am using OpenSSH in this example. If you have any third party firewall’s in place you will need to punch a hole in those with the different port as well. Also as I recommend you run a firewall on your CPanel box you will also need to configure that. I recommend Config Server Firewall as an addon/pluggin for CPanel and will have an install and configuration writeup on that at some stage soon! Post a Comment if you have any questions.

From time to time my configuration of CPanel Hosting servers requires the ability to allow a Windows  (or other) style DNS server to retrieve hosted dns zones from the hosting server. As default AXFR is blocked with Bind/NSD on a CPanel box, and with good cause! My configuration in an environment where Windows DNS servers are God means in order to give control over things like subdomains, mx entries and the plethora of CPanel adjustable DNS related items to the individual I need a way of allowing the Windows box (or other dns server) to get its primary records from the CPanel box! This comes in the form of a zone transfer (AXFR). While the CPanel box will respond to queries it certainly will not give up the entire zone of a domain unless we tell it to! So here is how to allow zone transfers to a specific list of sources.

1. Create an ACL (Access List) within named.conf

Get access to your CPanel servers console or SSH in with root permissions. Using your favourite editor, pico in my case, edit the following file

pico /etc/named.conf

Here is the section of named.conf we are going to add in our ACL. This is prior to any changes to show the default file.

controls {
inet 127.0.0.1 allow { localhost; } keys { “rndc-key”; };
};
WE WANT TO ADD HERE
options {

here is an example of the same section with a basic ACL added. Bolded for convenience.

controls {
inet 127.0.0.1 allow { localhost; } keys { “rndc-key”; };
};
acl trusted-servers {
192.168.100.0/24;   //Showing a entire range allowed
123.122.123.122;     //dns0.something.com
122.123.122.123;     //dns1.something.com
};
options {

Above you can see we have allowed the entire 192.168.100.0 address range (just an example of allowing a range of IPs) and we have added specific access from the two dns0 and dns1 servers. Everything behind the // is ignored and only used to comment the file so we can understand what we have done when we need to view this file some random time in the future! It saves the headache of trying to figure out what the hell we did last time

2. Apply our new ACL to the main options in named.conf
   Now all we need to do is add in the trusted-servers ACL we created!
   Find the below bit a little further down in named.conf

// Put files that named is allowed to write in the data/ directory:
directory                ”/var/named”; // the default
pid-file                 “/var/run/named/named.pid”;
dump-file                ”data/cache_dump.db”;
statistics-file          ”data/named_stats.txt”;
/* memstatistics-file     “data/named_mem_stats.txt”; */
allow-transfer {none;};
};

And below example is the same area changed to add in the ACL we created. I have bolded the bit I changed.

// Put files that named is allowed to write in the data/ directory:
directory “/var/named”; // the default
pid-file “/var/run/named/named.pid”;
dump-file “data/cache_dump.db”;
statistics-file “data/named_stats.txt”;
/* memstatistics-file “data/named_mem_stats.txt”; */
allow-transfer { trusted-servers; };
};

Save your changed file and restart BIND/NSD. You can do this from command or simply from within the WHM panel!

Now TEST! From an allowed source you can use nslookup from command, if its a windows box simply run nslookup then server then ls -d domainname.com domainname.com being a domain which is hosted on the CPanel server. You should recieve a copy of the entire zone on screen! Any questions, put them in the comments.

C:\>nslookup
>server my.cpanelhost.com
>ls -d domainname.com
Zone information will be displayed.

OK, so if you’re like me your a bit of an all rounder, you will almost certainly come up against a MAC in your travels! While I used to cringe when I got the “ohh while you are here, the designers MAC has been playing up” line, now I am joyed by this as it tends to give a challenge! And for those of us who have embraced the world of MAC OSX we realise that its not all bad…

So in this little post I’ll be demonstrating how to use Terminal to mount an SMB (windows share) to a folder. Firstly there is the basic method of “Connect to Server” from the Finder >> Go >> Connect to Server option, see image left.. While I regularly use this method it simply mounts the share as a browse-able network share failing to actually “mount” it to a folder on your Mac drive. To briefly cover this Connect to Server option, simply select the connect to server option then type in smb://serveraddress/share and hit connect, its that simple.

My Mount option is a little more tricky however it enables the ability to say use a SMB share for all of your iTunes music, or work from a SMB/Windows share. Of great benefit is utilizing this as a logon script to enable a user in a predominantly Windows environment to have an equivalent to “mapped network drives” on their mac.

1. Open up Terminal and mount mount mount!
   Head to Applications >> Utilities >> Terminal and follow the below sample to create a folder to mount to in your home directory and to mount your share to said folder. Note you can create the folder wherever you want.

mkdir ./sharemount

The below will mount your smb share to the folder we just created!

mount_smbfs //username:password@serverip/share ./sharemount

Ensure that the user account you will use to access this share has the correct permissions on the share and the folder (inherited down) on the windows server or you will mount but have issues accessing files.

Unfortunately this method will only mount for the session and a restart will require the command to be run again (not the mkdir bit! just the mount_smbfs bit) I find the best way is to create a script and then have it launch when the user logs in.

NOTES: I’ve noticed some occasions where windows server might have restarted or the MAC went to sleep and didn’t re establish correctly, for this I usually simply eject the server in Finder by clicking the little eject button to the right of the server in finder and then run the script again to reconnect the shares. Perhaps even leave a copy of the connect script you create on the desktop so the user can re establish before calling support!

Leave questions in the comments, thanks!