2020년 8월 31일 월요일

How to Upgrade MariaDB from Ubuntu-18.04 to Ubuntu-20.04

======================================

Environment

u1804 : Ubuntu-18.04

u2004 : Ubuntu-20.04

======================================

If you convert MariaDB from Ubuntu-18.04 to Ubuntu-20.04

you can see error message

Row size too large (> 8126). Changing some columns to TEXT or BLOB or using ROW_FORMAT=DYNAMIC or ROW_FORMAT=COMPRESSED may help. In current row format, BLOB prefix of 768 bytes is stored inline

1. Change Row type from compact to dynamic

2. convert MariaDB from Ubuntu-18.04 to Ubuntu-20.04

How to Install Openvpn on Ubuntu-20.04

How to Install OpenVPN on Ubuntu-20.04

    Environment
      Device : Odroid-HC2
      OS : Ubuntu-20.04
      Host : test(192.168.101.100/24)
      VPN Network : 10.8.0.0/24

    File Info
      ca.crt : CA(Certificate Authority) crt File
      dh2048.pem : DH(Diffie-Hellman) parameters File
      ta.key : tls-auth key File
      test.key : OpenVPN Server key File
      test.crt : OpenVPN Server crt File
      test.conf : Server Configuration File
      test-1.key : OpenVPN Client-1 key File
      test-1.crt : OpenVPN Client-1 crt File
      test-1.ovpn : OpenVPN Client-1 Configuration File
      test-2.key : OpenVPN Client-2 key File
      test-2.crt : OpenVPN Client-2 crt File
      test-2.ovpn : OpenVPN Client-2 Configuration File

1. Create vpn account

$ sudo adduser vpn
$ sudo nano /etc/group
$ su vpn
$ cd ~

2. Install Openvpn

$ sudo apt install openvpn easy-rsa -y

3. Generate of the CA(Certificate Authority)

$ ls
$ make-cadir easy-rsa
$ ls
$ cd easy-rsa
$ cp vars vars.orig
$ nano vars

Chanage Connfiguration

#set_var EASYRSA_REQ_COUNTRY    "US"
#set_var EASYRSA_REQ_PROVINCE   "California"
#set_var EASYRSA_REQ_CITY       "San Francisco"
#set_var EASYRSA_REQ_ORG        "Copyleft Certificate Co"
#set_var EASYRSA_REQ_EMAIL      "me@example.net"
#set_var EASYRSA_REQ_OU         "My Organizational Unit

==>

set_var EASYRSA_REQ_COUNTRY    "US"
set_var EASYRSA_REQ_PROVINCE   "NY"
set_var EASYRSA_REQ_CITY       "NY"
set_var EASYRSA_REQ_ORG        "TEST"
set_var EASYRSA_REQ_EMAIL      "test@test.com"
set_var EASYRSA_REQ_OU         "TEST"

$ ./easyrsa init-pki
$ ./easyrsa build-ca
$ cp ./pki/ca.crt ~/

4. Generate the server key and certificate request

$ ./easyrsa gen-req test nopass
$ ./easyrsa sign-req server test
$ cp ./pki/private/test.key ./pki/issued/test.crt ~/

5. Generate the DH(Diffie-Hellman) parameters

$ ./easyrsa gen-dh
$ cp ./pki/dh.pem ~/dh2048.pem

6. Generate the tls-auth key (ta.key)

$ openvpn --genkey --secret ta.key
$ cp ./ta.key ~/

7. Setup IP Forward

$ sudo cp /etc/sysctl.conf /etc/sysctl.conf.orig
$ sudo nano /etc/sysctl.conf

Chanage Configuration/h10>

#net.ipv4.ip_forward=1

==>

net.ipv4.ip_forward=1

$ sudo sysctl -p

8. Setup Sever configuration

$ cp /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz ./
$ gzip -d server.conf.gz
$ cp server.conf test.conf
$ nano test.conf

Chanage Configuration

cert server.crt
key server.key  # This file should be kept secret

==>

cert test.crt
key test.key  # This file should be kept secret

server 10.8.0.0 255.255.255.0

==>

server 10.8.0.0 255.255.255.0

;push "route 192.168.10.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

==>

push "route 192.168.101.0 255.255.255.0"
;push "route 192.168.20.0 255.255.255.0"

;push "redirect-gateway def1 bypass-dhcp"

==>

push "redirect-gateway def1 bypass-dhcp"

;push "dhcp-option DNS 208.67.222.222"
;push "dhcp-option DNS 208.67.220.220"

==>

push "dhcp-option DNS 192.168.101.210"
push "dhcp-option DNS 8.8.8.8"

;user nobody
;group nogroup

==>

;user nobody
;group nogroup

$ cp test.conf ~/

9. Generate the Client key and certificate request

Generate the Client-1 key and certificate request

$ ./easyrsa gen-req test-1 nopass
$ ./easyrsa sign-req client test-1
$ cp ./pki/issued/test-1.crt pki/private/test-1.key ~/

Generate the Client-2 key and certificate request

$ ./easyrsa gen-req test-2 nopass
$ ./easyrsa sign-req client test-2
$ cp ./pki/issued/test-2.crt pki/private/test-2.key ~/

10. Setup Client configuration

    Environment
      Remote Server : XXX.XXXX.XXX
      Remote Port : YYYY

$ cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf ./
$ cp client.conf ~/test-1.ovpn
$ cp client.conf ~/test-2.ovpn

$ cd ~/
$ nano test-1.opvn

Chanage Configuration

remote my-server-1 1194

==>

remote XXX.XXXX.XXX  YYYY

;user nobody
;group nogroup

==>

;user nobody
;group nogroup

cert client.crt
key client.key

==>

cert test-1.crt
key test-1.key

$ nano test-1.opvn

Chanage Configuration

remote my-server-1 1194

==>

remote XXX.XXXX.XXX  YYYY

;user nobody
;group nogroup

==>

;user nobody
;group nogroup

cert client.crt
key client.key

==>

cert test-2.crt
key test-2.key

11. Activate OpenVPN Server

$ sudo ls /etc/openvpn/
$ sudo cp ca.crt dh2048.pem ta.key test*.* /etc/openvpn/
$ sudo ls /etc/openvpn/

$ sudo systemctl start openvpn@test
$ sudo journalctl -u openvpn@test -xe

12. Install OpenVPN Client

Setup Sever Netawork GW

Copy File to Client

Install OpenVPN App on Client

How to Install NGINX on Ubuntu-20.04

    Environment
      Device : Odroid-HC2
      OS : Ubuntu-20.04
      Host : test (192.168.101.100)

1. Install NGINX

1) Install NGINX

$ sudo apt install nginx -y
$ nginx -v

Connect http://192.168.101.210

2) Install PHP

$ sudo apt install php php-fpm php-mysql -y
$ sudo apt remove apache2 --purge -y
$ sudo rm -rf /etc/apache2
$ sudo netstat -an | grep php

3) Setup NGIX For PHP

$ sudo mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.orig
$ sudo rm /etc/nginx/sites-enabled/default
$ sudo netstat -an | grep php

check php socket

$ sudo nano /etc/nginx/sites-available/default

Insert Configuration

server{

        listen                  80;
        server_name             test.local;
       root /var/www/html;
       index index.html index.htm index.php index.nginx-debian.html;
       location / {
               try_files $uri $uri/ =404;
       }
       location ~ \.php$ {
              fastcgi_pass unix:/run/php/php7.4-fpm.sock;
              fastcgi_index index.php;
              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
              include fastcgi_params;
       }
}

$ cd /etc/nginx/sites-enabled/
$ ls -l
$ sudo -i
# cd /etc/nginx/sites-enabled/
# ln -s /etc/nginx/sites-available/default
# ls -l
# exit

$ sudo nano /var/www/html/phpinfo.php

Insert Configuration

<?php
  phpinfo();
?>

Connect http://192.168.101.100/phpinfo.php

2. Install HTTPS service

1) Generate SSL Certification

Generate private key

$ sudo openssl genrsa -des3 -out server.key 2048

Generate CSR(Certification sinning Request)

$ sudo openssl req -new -days 365 -key server.key -out server.csr

Clear password of Private key

$ sudo cp server.key server.key.orig
$ sudo openssl rsa -in server.key.orig -out server.key

Create Certification

$ sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Verify Certification

$ ls -l server.*
$ sudo cat server.key | head -3
$ sudo cat server.crt | head -3

Copy Certification

$ sudo mkdir /etc/nginx/ssl
$ sudo cp ~/server.* /etc/nginx/ssl/

2) Setup NGINX For HTTPS

$ sudo nano /etc/nginx/sites-available/default

Insert Configuration

server{
        listen                  443;
        server_name             test.local;
       root /var/www/html;
       index index.html index.htm index.php index.nginx-debian.html;
        ssl                     on;
        ssl_certificate         /etc/nginx/ssl/server.crt;
        ssl_certificate_key     /etc/nginx/ssl/server.key;
        ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
       location / {
               try_files $uri $uri/ =404;
       }
       location ~ \.php$ {
              fastcgi_pass unix:/run/php/php7.4-fpm.sock;
              fastcgi_index index.php;
              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
              include fastcgi_params;
       }
}

Connect https://192.168.101.100

Connect https://192.168.101.100/phpinfo.php

How To Install MriaDB on Ubunut-20.04

    Environment
      Device :  Odroid-HC2 (or XU4)
      OS : Ubuntu-20.04
      Host : test (192.168.101.10)

1. Install MariaDB

$ sudo apt install mariadb-server mariadb-comm mycli python3-mysqldb -y

2. Setup intial mariadb configuration

MariaDB Initial Setup

$ sudo mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n]
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!


By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n]
... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]
... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n]
... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

MariaDB Server IP Change

$ sudo cp /etc/mysql/mariadb.conf.d/50-server.cnf /etc/mysql/mariadb.conf.d/50-server.cnf.orig
$ sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

Change Configuration

bind-address            = 127.0.0.1

==>

bind-address            = 192.168.101.100

3. Generate Management Account

MriadDB Login

$ sudo mysql -u root -p

Create MariaDB Account

> create user 'test'@'%' identified by 'test@test';
> grant all privileges on *.* to  'test'@'%' with grant option;
> flush privileges;

4. Verify MariaDB

$ mycli -h 192.168.101.100 -u test

How to Install Bind on Ubuntu-20.04

How to Install Bind9 on Ubuntu-20.04

======================================

Environment

Device : Odroid-HC2

OS : Ubuntu-20.04

Host Name : test

Domain Name : test.com

======================================

1. Install bind

$ sudo apt install bind9 dnsutils -y

2. Setup bind

1) Setup named.conf.local

$ sudo cp /etc/bind/named.conf /etc/bind/named.conf.orig

$ sudo cp /etc/bind/named.conf.local /etc/bind/named.conf.local.orig

$ sudo nano /etc/bind/named.conf.local

Insert Configuration

zone "test.com" {

type master;

file "/etc/bind/db.test.com";

};

2) Setup named.conf.options

$ sudo cp /etc/bind/named.conf.options /etc/bind/named.conf.options.orig

$ sudo nano /etc/bind/named.conf.option

3) Generate named.conf.options

$ sudo nano /etc/bind/db.test.com

Insert Configuration

; BIND reverse data file for empty rfc1918 zone

;
; DO NOT EDIT THIS FILE - it is used for multiple zones.
; Instead, copy it, edit named.conf, and use that copy.
;
$TTL 86400
@ IN SOA test.com. root.test.com. (
1 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
86400 ) ; Negative Cache TTL
;
@ IN NS ns.test.com.
@ IN A 192.168.101.100
@ IN AAAA ::1
ns IN A 192.168.101.100
test IN A 192.168.101.100
net IN A 192.168.101.210
net1 IN A 192.168.101.201
net2 IN A 192.168.101.202

$ sudo systemctl restart bind9

$ nslookup net.test.com 192.168.101.210

How To Install Ubuntu-20.04 on Odroid-HC2

======================================

Environment

Device : Odroid-HC2

OS : Ubuntu-20.04

Host : test (192.168.101.100)

======================================

1. Install Ubuntu-20.04 on Odroid-HC2

2. Initial Setup

1) Change default password

$ passwd

$ sudo -i

# passwd

2) Change Network IP

$ sudo nmcli con show
$ sudo nmcli con add con-name "main" ifname eth0 type ethernet ip4 192.168.101.100/24 gw4 192.168.101.1
$ sudo nmcli con show
$ sudo nmcli conn delete 'Wired connection 1'

Connet to new IP

$ sudo cp /etc/NetworkManager/system-connections/main.nmconnection /etc/NetworkManager/system-connections/main.nmconnection.orig

$ sudo nano /etc/NetworkManager/system-connections/main.nmconnection

Add next config

dns=192.168.101.210;8.8.8.8;

dns-search=ysm.net

3) Change hostname & domainname

$ sudo hostname

$ sudo hostname test

$ sudo hostname

$ sudo cp /etc/hostname /etc/hostname.orig

$ sudo nano /etc/hostname

Change Configuration

odroid

==>

test

$ sudo cp /etc/hosts /etc/hosts.orig

$ sudo nano /etc/hosts

Change Configuration

127.0.0.1 odroid

==>

127.0.0.1 test test.test.com

::1 localhost ip6-localhost ip6-loopback

==>

::1 test test.test.com localhost ip6-localhost ip6-loopback

$ sudo shutdown -r now

4) Upgrade all package

$ sudo apt update ; sudo apt dist-upgrade -y ; sudo apt autoremove -y

5) Install Bash autocompletion

$ sudo apt install bash-completion -y

6) Generate new Account

$ sudo adduser test

$ sudo cp /etc/group /etc/group.orig

$ sudo nano /etc/group

Change Configuration

odroid

odroid,test

7) Install additional utils

$ sudo apt install mc byobu vlc smplayer xrdp remmina

8) Install resolvconf

$ sudo cat /etc/resolv.conf

$ sudo apt install resolvconf

$ sudo cp /etc/resolvconf/resolv.conf.d/head /etc/resolvconf/resolv.conf.d/head.orig

$ sudo nano /etc/resolvconf/resolv.conf.d/head

Insert Configuration

nameserver 192.168.101.210
nameserver 164.124.101.2

$ sudo cat /etc/resolv.conf