Skip to content

Instantly share code, notes, and snippets.

@brianmituka

brianmituka/sysadminintro.md

Last active September 18, 2018 14:07
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save brianmituka/7833ce9c14fd4b9a23a45cfb3f98baa8 to your computer and use it in GitHub Desktop.
Save brianmituka/7833ce9c14fd4b9a23a45cfb3f98baa8 to your computer and use it in GitHub Desktop.
Download ZIP
SysAdmin intro
Raw
sysadminintro.md

System administration basic intro

ip address i.e 127.0.0.1 - internet protocol DNS - maps ip addresses to domains - (Domain name system) 216.58.223.110=== google.com DNS works with caches a lot. it uses the local cache, LAN DNS server and the ISP DNS server to find the shortest route to a domain. DNS cache poisoning can be prevented by using https. DNS cache poisoning tampers with the cache such that a domain name is pointed to the wrong ip. traceroute shows you the number of hops it takes to get to a domain name, while ping just shows you if the server is live. traceroute uses (ICMP) internet control message protocol(ICMP) - An error reporting protocol, used by routers, hosts and network devices to generate error messaages when there are problems delivering ip packets. it's an extension of (ICMP)

SSh - a way of connecting to remote devices. you can either log into a server either using a username and a password or via ssh keys(more secure). there are two types of ssh keys: private and public. The private key stays in your local machine while the public key is stored in the server.

ssh-keygen - generate for you a private key. A server can be a web server, database server or a storage server Dedicated server- completely under your control, very expensive. one site get's like all the resources. it's a physical box. Vps- A dedicated server is broken into parts and shared among different users.i.e can host multiple websites, cheap, runs on a virtual machine like hypervisor Advantages of the cloud:

  1. flexible
  2. scalable
  3. on demand(use it when you need it.)
    most unix-like system use openSSH as the ssh client. alternatively you can use putty. add public key to a server ssh-copy-id -i ~/.ssh/key.pub user@host. use private key to log in to a server ssh -i ~/.ssh/privatekey user@host -i stands for identity. the known_hosts file is used to authenticate servers. it is created when you ssh into a server and it contains both the copies of the private key and public keys. the authorised key files is used to authenticate users before they are looged into a server and it contains a copy of the public key added to the server.

it is good not safe to use root user to log into your server always. so it is advisable to create a normal user, and then add them to the sudo user group so that the user can have acces to some superuser powers.

creating a new user with sudo previleges: adduser $USERNAME adding the user to the sudo group: usermod -aG sudo $USERNAME sudo !! run the previous command as root

to create ssh access for the new user you have just added do the following: log into the server as root user and then: su $USERNAME - switch the user. mkdir ~/.ssh - create an ssh folder nano ~/.ssh/authorized_keys - create a file called athouried_keys and then copy the contents of your public key into this file. chmod 600 ~/.ssh/authorized_keys - restrict the permissions of authorized_keys file. now you can ssh into the server into your new user account. TODO: CHange my server username.

mkdir -p somefolder- the p flag means create the directory if it does not exist. the sshd_config file contains ssh configuration rules. it located in /etc/ssh/sshd_config. to disable root login, go into the file above and set PermitRootLogin to no. and the restart the ssh service using sudo service ssh restart

the www host name means that i.e www.brianmituka.com will take you to the correct ip and @hostname allows you to use brianmituka.com and it will still take you to the correct ip. this is when setting up your domain from a domain registrar. i.e godaddy.

the A record maps a name to one or more IP addresses, when the ip are known and stable the CNAME record maps a name to another name. you can use a CNAME to create a subdomain

NGINX(engine x)

NGINX is a high‑performance, highly scalable, highly available web server, reverse proxy server, and web accelerator (combining the features of an HTTP load balancer, content cache, and more). NGINX offers a highly scalable architecture that is very different from that of Apache (and many other open source and commercial products in the same category). NGINX has a modular, event‑driven, asynchronous, single-threaded architecture that scales extremely well on generic server hardware and across multi-processor systems. NGINX uses all of the underlying power of modern operating systems like Linux to optimize the usage of memory, CPU, and network, and extract the maximum performance out of a physical or virtual server. The end result is that NGINX can often serve at least 10x more (and often 100–1000x more) requests per server compared to Apache – that means more connected users per server, better bandwidth utilization, less CPU and RAM consumed, and a greener environment too. NGINX can also function as a proxy server for email (IMAP, POP3, and SMTP) and a reverse proxy and load balancer for HTTP, TCP, and UDP servers. a proxy server is a server that acts as an intermediary for requests from clients seeking resources from other servers. A reverse proxy (or surrogate) is a proxy server that appears to clients to be an ordinary server. Reverse proxies forward requests to one or more ordinary servers which handle the request. The response from the proxy server is returned as if it came directly from the original server, leaving the client with no knowledge of the origin servers. sudo apt install nginx - install nginx sudo service nginx start - start nginx service /etc/nginx/sites-available/default contains default nginx settings. i.e it's the configuration file.

sudo service nginx restart or sudo service nginx reload - restart nginx server.

rmdir foldername* - remove all the folders that start with foldername sudo chown -R $USER:$USER /exampledirectory - make the current user the owner of a directory

Securing nginx with an ssl certificate.(later)

Directing nginx to a particular port

create a location block like this:

location /example {
  proxy_pass http://127.0.0.1:3001/;
}

the location /example block means that when someone goes to http://site.com/example, the request will be redirected to the application that is listening on port 3001;

keeping a node app alive as a process

there are several process managers for node:

  1. Forever

  2. PM2

  3. Strong loop process

installing forever: npm install -g forever

start an app: forever start app.js

forever stop all apps: forever stopall

create a directory for logs: sudo mkdir -p /var/log/forever

change the owner of that directory to the current user: chown -R $USER:$USER /var/log/forever

log output of the app being run by forever: forever start app.js >> /var/log/forever/forever.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment