Static Website Configuration for Nginx Web Server on CentOS 6 / CentOS 7

Q. How to configure and host static website on Nginx web server?

A. Nginx is a lightweight web server and an alternative to Apache. In order to run a static website on Nginx web server, you must configure your server to at least the following basic configuration. Failure to do this will stop some basic functions such as access to sitemap.xml which is required when submit a page to google and bing in webmaster tool.

Note : The following steps has been tested using root access on Nginx web server :

Static Website Configuration for Nginx Web Server

1. This is main Nginx configuration file. Make sure that sites-available folder was included at the bottom of the configuration as below :

# sudo vim /etc/nginx/nginx.conf
user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;


    include /etc/nginx/sites-available/*.conf;
}

2. Create static.conf file which contains the configuration specific for static website that running on Nginx web server :

# sudo vim /etc/nginx/conf.d/static.conf
# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*.php$ {
    deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ .php$ {
    # SECURITY : Zero day Exploit Protection
    try_files $uri =404;
    # ENABLE : Enable PHP, listen fpm sock
    fastcgi_split_path_info ^(.+.php)(/.+)$;
    #fastcgi_pass unix:/tmp/php-fpm.sock;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_send_timeout 300s;
    fastcgi_read_timeout 300s;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 4k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
}

location /sitemap.xml.gz {
    add_header Cache-Control "public, must-revalidate";
}

3. Create common.conf file for common option in Nginx web server :

# sudo vim /etc/nginx/conf.d/common.conf

Add below :

# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port
listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;
   add_header Pragma no-cache;
   add_header Cache-Control "public";
}

4. Configure website1 configuration :

# sudo vim /etc/nginx/sites-available/website1.com.conf
server {
    listen      80;
    server_name website1.com;
    rewrite ^/(.*)$ http://www.website1.com/$1 permanent;

}

server {
        server_name www.website1.com;
        root /var/www/html/website1.com;
        access_log /var/log/nginx/website1.com.access.log;
        error_log /var/log/nginx/website1.com.error.log;
        include conf.d/common.conf;
        include conf.d/static.conf;

}

5. Verify Nginx configuration syntax :

# sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

6. Restart Nginx web server :

For CentOS 7 :

# sudo systemctl restart nginx

For CentOS 5/ CentOS 6

# sudo service nginx restart

static website

Static website are the cheapest was to start a website and does not require a lot of server resources to run it. Basic shared hosting plan is sufficient to use and nowaday static website is widely used by companies that are smaller.

How to Setup Multiple WordPress Sites on Nginx

This article describes how to install and configure multiple WordPress sites on Nginx and the steps have been prepared based on CentOS 7.0 and Nginx 1.6.3. NGINX (pronounced Engine ex) is an open source high performance web servers and able to handle large number of concurrent connections. It has the lowest memory footprint if compared to the alternate web server, apache http server. Please follow the following steps to host multiple WordPress sites on Nginx. Please note that this configuration also tested working on RHEL 7 and Oracle Linux 7.

Steps to Setup Multiple WordPress Sites on Nginx

1. First, we need to set up directories for multi-sites the server blocks and additional WordPress configuration files :

# mkdir -p /etc/nginx/conf.d
# mkdir -p /etc/nginx/sites-available

2. Tell the main nginx.conf file to look for the new setup directories :

# vi /etc/nginx/nginx.conf

Add the following into the configuration file :

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-available/*.conf;
user  nginx;
worker_processes  2;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;


    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-available/*.conf;
}

3. Add new wordpress configuration file :

# vi /etc/nginx/conf.d/wordpress.conf
# WORDPRESS : Rewrite rules, sends everything through index.php and keeps the appended query string intact
location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
}

# SECURITY : Deny all attempts to access PHP Files in the uploads directory
location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}
# REQUIREMENTS : Enable PHP Support
location ~ \.php$ {
    # SECURITY : Zero day Exploit Protection
    try_files $uri =404;
    # ENABLE : Enable PHP, listen fpm sock
    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    fastcgi_pass   127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_send_timeout 300s;
    fastcgi_read_timeout 300s;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_buffer_size 128k;
    fastcgi_buffers 256 4k;
    fastcgi_busy_buffers_size 256k;
    fastcgi_temp_file_write_size 256k;
    fastcgi_intercept_errors on;
}
# PLUGINS : Enable Rewrite Rules for SiteMap
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml$ "/index.php?xml_sitemap=params=$2" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.xml\.gz$ "/index.php?xml_sitemap=params=$2;zip=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html$ "/index.php?xml_sitemap=params=$2;html=true" last;
rewrite ^/sitemap(-+([a-zA-Z0-9_-]+))?\.html.gz$ "/index.php?xml_sitemap=params=$2;html=true;zip=true" last;

4. Add new common configuration file :

# vi /etc/nginx/conf.d/common.conf
# Global configuration file.
# ESSENTIAL : Configure Nginx Listening Port

listen 80;
# ESSENTIAL : Default file to serve. If the first file isn't found,
index index.php index.html index.htm;
# ESSENTIAL : no favicon logs
location = /favicon.ico {
    log_not_found off;
    access_log off;
}
# ESSENTIAL : robots.txt
location = /robots.txt {
    allow all;
    log_not_found off;
    access_log off;
}
# ESSENTIAL : Configure 404 Pages
error_page 404 /404.html;
# ESSENTIAL : Configure 50x Pages
error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }
# SECURITY : Deny all attempts to access hidden files .abcde
location ~ /\. {
    deny all;
}
# PERFORMANCE : Set expires headers for static files and turn off logging.
location ~* ^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off; log_not_found off; expires 30d;
   #    expires max;
   add_header Pragma no-cache;
   add_header Cache-Control "public";
}

5. Create the document root for mutiple websites :

# mkdir -p /var/www/html/example-site1
# mkdir -p /var/www/html/example-site2

6. Add the server block configuration for example-site1.com :

# vi /etc/nginx/sites-available/example-site1.com.conf

Add lines as below :

server {
    listen     80;
    server_name example-site1.com;
    rewrite ^/(.*)$ http://www.example-site1.com/$1 permanent;
}

server {
        server_name www.example-site1.com;
        root /var/www/html/example-site1;
        access_log /var/log/nginx/example-site1.com.access.log;
        error_log /var/log/nginx/example-site1.com.error.log;
        include conf.d/common.conf;
        include conf.d/wordpress.conf;
}

7. Add the server block configuration for example-site2.com :

# vi /etc/nginx/sites-available/example-site2.com.conf

Add lines as below :

server {
    listen     80;
    server_name example-site2.com;
    rewrite ^/(.*)$ http://www.example-site2.com/$1 permanent;
}

server {
        server_name www.example-site2.com;
        root /var/www/html/example-site2;
        access_log /var/log/nginx/example-site2.com.access.log;
        error_log /var/log/nginx/example-site2.com.error.log;
        include conf.d/common.conf;
        include conf.d/wordpress.conf;
}

8. Check the nginx syntax :

# sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

9. Restart Nginx service to apply for Multiple WordPress sites on Nginx configuration :

# sudo systemctl restart  nginx.service

Multiple WordPress sites on Nginx

Resource

How to Install IonCube Loader in CentOS 6 / CentOS 7

ioncube loader

What is IonCube Loader ?

IonCube Loader is a PHP module or extension for PHP files decoding encrypted and is often required for many applications based on PHP. It helps us to protect php applications from unauthorized execution and at the same time can accelerate the website. This article will show you how you can install ioncube loader on CentOS 6 and the steps also works on CentOS 7.

1. Check and verify ioncube version :

# php -v
PHP 5.4.33 (cli) (built: Sep 20 2014 16:20:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies

Your PHP version must match ioncube version :
eg. PHP 5.5 will use file: ioncube_loader_lin_5.5.so
eg. PHP 5.4 will use file: ioncube_loader_lin_5.4.so
eg. PHP 5.3 will use file: ioncube_loader_lin_5.3.so

In this case, php version is PHP 5.4, and the matching ioncube loader version should be ioncube_loader_lin_5.4.so.

2. Create directory for ioncube :

# mkdir /usr/local/ioncube

3. Download and extract the ioncube:

# wget http://downloads3.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.tar.gz
# tar xzvf ioncube_loaders_lin_x86-64.tar.gz

4. Open the extracted ioncube folder and copy the ioncube loader file match to your php version. :

# cd ioncube
# cp -p ioncube_loader_lin_5.4.so /usr/local/ioncube

5. Now locate php.ini file. This is how you can find location of php.ini.

# php -i| grep php.ini
Configuration File (php.ini) Path => /etc
Loaded Configuration File => /etc/php.ini

6. Edit php.ini file and save :

# vim /etc/php.ini

Add the following at the bottom of php.ini :

..
..
zend_extension = /usr/local/ioncube/ioncube_loader_lin_5.4.so

7. Verify the php version, it is now should include file “ioncube_loader_lin_5.4.so” in PHP 5.4 if you get the display as below :

# php -v
PHP 5.4.33 (cli) (built: Sep 20 2014 16:20:03)
Copyright (c) 1997-2014 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2014 Zend Technologies
    with the ionCube PHP Loader v4.7.5, Copyright (c) 2002-2014, by ionCube Ltd.

If you can see the version of PHP with ionCube loader version, meaning you have successfully installed and configured ioncube PHP loader in your linux system.

How to Install CentOS Web panel(CWP) on CentOS 6

There are many open source control panel to run linux web hosting on the internet like ISPConfig, Webmin, Virtualmin and Open Panel. In this post, I want to share how to install CentOS Web panel (CWP) on CentOS 6. CentOS Web panel is a free Web Hosting panel designed for easy management of servers ( VPS & Dedicated ) without the need to use their expertise and knowledge in the linux command line and without SSH access to the server.

From the CWP official website, they do not provide uninstaller and reinstall the server to remove it. CWP should be install on the fresh CentOS operating system without any non-default configuration.

Follow the following step to install CWP on CentOS 6.6.

1. Install Fresh CentOS 6.6 with direct internet connection :
2. Allocate atleast 512MB RAM for 32 bit systems and 1024MB for 64 bit systems. In this example we will allocate 4GB RAM.

3. Configure your server hostname :
a. Modify the hostname and reboot the server to take effect:

# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=centos66.ehowstuff.local
GATEWAY=192.168.0.1

a. Verify hostname :

[root@centos66 ~]# hostname
centos66.ehowstuff.local

4. Update your server before begin. Reboot the server to take effect the changes :

# yum update -y

5. Install CWP:
a. Change directory to /usr/local/src/ directory:

# cd /usr/local/src

b. Download the installer via wget :

# wget http://centos-webpanel.com/cwp-latest

Or try the following URL if above url not working :

# wget http://dl1.centos-webpanel.com/files/cwp-latest

c. Start CWP installer

# sh cwp-latest

6. The installation will take up to 50 minutes, depend on your internet connection speed :

cmp-2

7. Once the installation completed, you will see the the screen below. In this case i leave mySQL root password blank.
cmp-3

Press Enter to reboot the server.

8. Go to your browser and enter CWP ip address with 2030 port number. You will see login page as below. CentOS WebPanel Admin GUI at http://SERVER-IP:2030/

Username: root
Password: your server root password

cmp-4

9. You can start configure your CWP via dasgboard panel below. Get consult from official website, and the CWP forum to proceed the configuration.

cmp-5

10. You can start configure your CWP server and then start hosting your website.

  • Setup nameservers
  • Setup shared ip (must be your public IP address)
  • Setup at least one hosting package (or edit default package)
  • Setup root email
  • & now you are ready to host domains…

11. Install Softaculous Apps Installer via command :

# /usr/local/src/install.sh --quick
-----------------------------------------------
 Welcome to Softaculous Apps Installer
-----------------------------------------------

///////////////////////////////
// INSTALLING SOFTACULOUS :
// 1) CONFIGURING universal.php
// 2) FETCHED A LICENSE
// 3) UPDATING Categories
// 4) UPDATING Scripts List
// 5) UPDATING Installed Scripts List
// 6) SETTING A CRON JOB
// 7) DOWNLOADING SCRIPTS
///////////////////////////////

ln: creating symbolic link `/usr/local/cwpsrv/conf.d/softaculous.conf': File exists
cwpsrvd: Could not reliably determine the server's fully qualified domain name, using centos66.ehowstuff.local for ServerName
=====================================================
Congratulations, Softaculous was installed successfully
Softaculous has been installed at:
Path : /usr/local/softaculous
Scripts Path : /var/softaculous

We request you to please register for updates and notifications at :
http://www.softaculous.com/board/index.php?act=register
It also inspires us when you register. Registration is free and just a one minute job.

If you need any support you can always count on us. Just drop in at our Support Board:
http://www.softaculous.com/board
Alternatively, you can contact us via Email at support@softaculous.com

Thank you for using Softaculous

How to Enable Logging for Email Subject Fields in Postfix Maillog

Postfix MTA basically just capture ‘From’ and ‘To’ field while the subject is not logged to the maillog. There are simple steps to enable logging of the e – mail subject in postfix maillog. This will very useful for email administrators when performing troubleshooting of problems related with email.

1. Assume that postfix has been installed. Open the postfix main configuration file :
# vi /etc/postfix/main.cf
2. Uncomment the following :
..
..
header_checks = regexp:/etc/postfix/header_checks
..
..
3. Open /etc/postfix/header_checks file and add the following line at the bottom :
# vi /etc/postfix/header_checks
..
..
/^Subject:/     WARN
4. Run postmap to apply the new configuration in /etc/postfix/header_checks :
# postmap /etc/postfix/header_checks :
5. Restart or reload postfix configuration :
# service postfix restart

or

# postfix reload
6. Test send email with subject:test-ABC :
# telnet localhost 25
Trying ::1...
Connected to localhost.
Escape character is '^]'.
220 centos66.ehowstuff.local ESMTP Postfix
ehlo abc.com
250-centos66.ehowstuff.local
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:admin@ehowstuff.com
250 2.1.0 Ok
rcpt to:admin@ehowstuff.com
250 2.1.5 Ok
data
354 End data with .
subject:test-ABC
.
250 2.0.0 Ok: queued as 196AD1FDEA
quit
221 2.0.0 Bye
Connection closed by foreign host.
7. Please confirm that the subject “test – ABC” is appearing in the log :
# tail -f /var/log/maillog
Apr  6 23:41:28 centos66 postfix/smtpd[4919]: connect from localhost[::1]
Apr  6 23:41:58 centos66 postfix/smtpd[4919]: 196AD1FDEA: client=localhost[::1]
Apr  6 23:42:07 centos66 postfix/cleanup[4924]: 196AD1FDEA: warning: header subject:test-ABC from localhost[::1]; from= to= proto=ESMTP helo=
Apr  6 23:42:07 centos66 postfix/cleanup[4924]: 196AD1FDEA: message-id=<20150406154158.196AD1FDEA@centos66.ehowstuff.local>
Apr  6 23:42:07 centos66 postfix/qmgr[4914]: 196AD1FDEA: from=, size=365, nrcpt=1 (queue active)
Apr  6 23:42:09 centos66 postfix/smtpd[4919]: disconnect from localhost[::1]

Postfix_logo

NGINX DDos Attack Tutorial – Implement Basic Protection

DDoS attacks are usually intended to paralyze websites and web services and it is better to mitigate it at the firewall level. But for the web server that runs on Nginx, I have prepared a basic step to provide DDoS protection which proved to work for small-scale DDoS attacks and DDoS attacks that aimed at applications. This DDos Attack Tutorial protection for Nginx guidelines has been tested on CentOS 6, CentOS 7, RHEL 7 and Oracle Linux 7. This steps may work on your environment but please note that this guidelines is not an official document and official recommendation from Nginx website.

DDos Attack Tutorial – Implement Basic Protection for Nginx :

1. In /etc/nginx/nginx.conf, include the following parameters :

client_body_buffer_size 128k;
large_client_header_buffers 4 256k;
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;
server {
    limit_conn conn_limit_per_ip 10;
    limit_req zone=req_limit_per_ip burst=10 nodelay;
}

2. Then restart or reload your Nginx service to apply DDoS protection for Nginx :

# /etc/init.d/nginx restart

or

# /etc/init.d/nginx reload

Explanation :

a) Limit the number of connections per single IP :

limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;

b) Limit the number of requests for a given session :

limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=50r/s;

C) Zone which we want to limit by upper values, we want limit whole server :

server {
limit_conn conn_limit_per_ip 10;
limit_req zone=req_limit_per_ip burst=10 nodelay;
}

If your WordPress is under DDoS attack, you will get the following log into Nginx files domain.access.log :

1.2.3.4 - - [25/Mar/2015:16:52:38 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:39 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:39 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:40 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:40 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:41 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:41 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:42 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:42 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:43 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:43 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:44 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:44 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:45 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"
1.2.3.4 - - [25/Mar/2015:16:52:45 +0800] "POST /wp-login.php HTTP/1.0" 200 6203 "-" "-"

Here is an example of the results after you perform basic DDoS protection for Nginx :

2015/03/28 11:44:33 [error] 22370#0: *71492 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71493 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71494 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71498 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71502 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"
2015/03/28 11:44:33 [error] 22370#0: *71506 limiting connections by zone "conn_limit_per_ip", client: 1.2.3.4, server: www.ehowstuff.com, request: "GET /wp-login.php HTTP/1.0", host: "www.ehowstuff.com"

Hope this DDos Attack Tutorial to Implement Basic Protection on NGINX help!!

DDos Attack Tutorial

Nginx Released Version Nginx 1.6.3

Nginx is lightweight fast web server/reverse proxy and e-mail (IMAP/POP3) proxy. On April 7, 2015, Nginx officially released nginx-1.6.3 stable version which includes the following changes and bug fixes :

*) Feature: now the “tcp_nodelay” directive works with SPDY connections.

*) Bugfix: in error handling.
Thanks to Yichun Zhang and Daniil Bondarev.

*) Bugfix: alerts “header already sent” appeared in logs if the
“post_action” directive was used; the bug had appeared in 1.5.4.

*) Bugfix: alerts “sem_post() failed” might appear in logs.

*) Bugfix: in hash table handling.
Thanks to Chris West.

*) Bugfix: in integer overflow handling.
Thanks to Régis Leroy.

Source

How to Install and Update OpenSSL on CentOS 6 / CentOS 7

Install and Update OpenSSL

I have CentOS 6 server and still running with OpenSSL 1.0.1e (openssl-1.0.1e-30) that vulnerable to a remote attacker to access parts of memory on systems using vulnerable versions of OpenSSL. OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers (nginx web server, Apache web server) and MySQL database server.

OpenSSL is a library that provides cryptographic functionality, specifically SSL/TLS for popular applications such as secure web servers, MySQL databases and email applications.

I have tried to perform command “yum update openssl” but I receive “No Packages marked for Update” even though the latest version of tar version has been published.

The following steps describe how to install and update OpenSSL on CentOS 6 and CentOS 7.

Install and Update OpenSSL on CentOS 6 / CentOS 7

1. Get the current version with “openssl version” and “yum info openssl” command :

# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
# yum info openssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * Webmin: download.webmin.com
 * base: centos.netonboard.com
 * epel: ftp.cuhk.edu.hk
 * extras: centos.netonboard.com
 * updates: ossm.utm.my
Installed Packages
Name        : openssl
Arch        : x86_64
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 4.0 M
Repo        : installed
From repo   : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

Available Packages
Name        : openssl
Arch        : i686
Version     : 1.0.1e
Release     : 30.el6_6.7
Size        : 1.5 M
Repo        : updates
Summary     : A general purpose cryptography library with TLS implementation
URL         : http://www.openssl.org/
License     : OpenSSL
Description : The OpenSSL toolkit provides support for secure communications between
            : machines. OpenSSL includes a certificate management tool and shared
            : libraries which provide various cryptographic algorithms and
            : protocols.

2. To download the latest version of OpenSSL, do as follows:

# cd /usr/src
# wget https://www.openssl.org/source/openssl-1.0.2-latest.tar.gz
# tar -zxf openssl-1.0.2-latest.tar.gz

3. To manually compile OpenSSL and install/upgrade OpenSSL, do as follows:

# cd openssl-1.0.2a
# ./config
# make
# make test
# make install

4. If the old version is still displayed or installed before, please make acopy of openssl bin file :

# mv /usr/bin/openssl /root/
# ln -s /usr/local/ssl/bin/openssl /usr/bin/openssl

5. Verify the OpenSSL version :

# openssl version

Output :

OpenSSL 1.0.2a 19 Mar 2015