Perform the following steps to quickly install Composer on your CentOS 8 system:
Install PHP CLI and Zip:
$ sudo dnf install php-cli php-json php-zip curl unzipCopyDownload Composer with curl:
$ curl -sS https://getcomposer.org/installer |phpMove the Composer file to /usr/local/bin directory:
$ sudo mv composer.phar /usr/local/bin/composer
Similar to tcpdump, the LOG target of iptables allows you to log each packet that’s sent to and from WireGuard. Most Linux systems use iptables, or its newer sibling nftables, to define their firewall.
If you’re using iptables, you can run the following commands to add iptables rules that will log the header info of IPv4 packets carrying WireGuard encrypted content (where 51820 is the ListenPort in your WireGuard config):
If you’re using IPv6 networking, replace iptables with ip6tables; or if you’re using both IPv4 and IPv6, run both variants.
Once you do that, you’ll be able to see WireGuard packets logged to the kernel message buffer. If your system is set up with rsyslogd, journald, or a similar logging daemon, you can use it to see this logging. With rsyslogd, check the /var/log/kern.log or /var/log/messages file. With journald, run journalctl -ek.
To capture this logging to its own file, you can “tail” these messages via the dmesg command’s -w (follow) flag:
This will allow you to track the remote IP addresses that are connecting to your local WireGuard interface. A WireGuard handshake and short encrypted HTTP request and response will look like this:
In the above output, 198.51.100.1 is the IP address of the ethernet interface on the local host, and 203.0.113.2 is the IP address of the remote WireGuard endpoint (the remote endpoint is also listening on port 51820, but the above iptables rules would capture similar output even if the remote endpoint was on some other port).
You can also use iptables to log the packets that are sent inside the WireGuard tunnel. Run the following commands to log packet headers sent through the tunnel to and from the system itself (where wg0 is the name of your WireGuard interface):
And run the following commands to log packer headers sent through the tunnel to and from other hosts (if the system is operating as a router for other hosts on its network):
This will allow you to track exactly what is being sent through your WireGuard virtual private network. The short HTTP request and response from above will look like this when logging the packets within the tunnel:
In the above output, the IP address of local WireGuard interface is 10.0.0.1, and the IP address of the remote WireGuard peer is 10.0.0.2. An HTTP server is running on port 8080 of the local host, which the remote host is connecting to through the WireGuard tunnel (using the ephemeral TCP port 34770 inside the tunnel).
You can use the iptables logging on UDP port 51820 (the first example) to keep track of the external IP addresses that are connecting to your WireGuard network; and the iptables logging on the wg0 interface (the last example) to track which peers are using your network (and what they’re accessing inside the network).
You can remove iptables rules by running the same command you used to add them, except replacing the -I flag (or the -A flag for appended rules) with the -D flag. For example, you can remove the last two rules added above by running the following commands:
To check for active rules that you may want to remove, run iptables-save (iptables-save doesn’t actually save anything, it just dumps all active rules in a format that can be saved and restored).
Ever worry about losing your data, or get tired of performing manual backups daily or weekly? Use the rsync command and automatically sync your local files to a remote server as often as desired with no manual intervention. Please note, this guide does require access to a remote Linux server (eg. AWS), and is written under Ubuntu 20.04 although any Linux distro should work fine.
Install rsync
Before anything, check whether or not rsync is installed. On both your local PC and web server run this command:
rsync --version
If
you get the current rsync version in return, then you're all set for the next
section. Otherwise, if you receive a command not found error, you may
install rsync with this command:
sudo apt-get -y install rsync
Generate SSH Key
We
will use a SSH key to
authenticate the connection between our local PC and the remote server. To
generate a new SSH key on your local PC within the terminal run the command:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/rsync.key
When
prompted for a password, leave it blank and hit the Enter key twice. This will
generate two new files within your ~/.ssh/ directory named rsync.key which
is the private key, and rsync.key.pub, the public key.
Setup Remote Server
Although
not required, for this guide we will create a new user on
the remote server for rsync connections and to store all backup files. Login to
the remote server via SSH and run this command:
sudo useradd -m rsync
The
above example uses the username rsync, but you may change it to anything
you wish. The -m option simply tells Linux to create a home directory
for our new user.
To
allow your local PC to authenticate, the public SSH key that was generated in
the previous section needs to be copied over to the remote server. Open
the /~.ssh/rsync.key.pub file in a text editor and
you will see one large line that looks something like.
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAACAQDNhyYKsjcGGdXmzOM3742+c+TzMLFdZtrMPj1q6JWNWzgY/gTGVy1C72kw6BcTYSG8B8kLQlaBRl16m2Gm8Ra/U1wl0TYSufOnRKjGq2glnBPysWNzR6i9qd4h/byKa4ptNH/ieYkT+BnSJVo8fT0iboYwEaL9D0jPtYxFzZes2ctsGZ/zi78VlX9N224YBtoZcrxK6gzKtcIVrplsXt4MbMCPc0hfr9f2VMt0HignLphTDLQWKwF3sGi4OHDPzNTRkjyHazsIOFIKDLQgdsIJv7b2VMs028YDqPnXHZZl4Ix5vg8ssqE+s/J+rzS0B6gwj2b/f6vJMI9DmTk8SO5LKWtSl4lXjLpQ1eP+xjf3SeMFWWkk2tPpGBo6d+8VJT6htj9Ga927qx3bYJ3FDdqjoE/28yBzMsg3wKI8lobiQGIbF0B0jZmSeq42ds7dh76iU/LOraWJWJhKPIjCYHdaVqj5rgxSulUW6oqr/LOxMNwsj5NLpyKygr5/RVjCUpxQLw5G7AClmW5nOZDFUgtI1CAOzhG8oYQes7jE7ZbQKmMf9IGquNV1BCRGX2mbcYad77UE2IjzPqSG8pFGb7ekZA6ukUk61fqoheL4Zl2jmhhWoXQ09LZE9FNfr1UwIoZ+GwUcip8NPIZPSo+Z4yMB/5VNF7J0o76eTNwh0gZlEw==
user@host
This
long line is the public SSH key. Copy it to your clipboard, and within your
remote server run these commands:
sudo su rsync
mkdir -m 0700 $HOME/.ssh
echo "ssh-rsa AAAAB... user@host" > $HOME/.ssh/authorized_keys
chmod 0644 $HOME/.ssh/authorized_keys
In
the second last command, replace the text between the quotation marks with that
long public SSH key line. That's it, your local PC will now be able to
authenticate with your remote server.
Configure ssh config File
For
sake of simplicity, add an entry to the ~/.ssh/config file on your
local PC to easily connect to the remote server. Open the file on
your local PC with the command.
nano $HOME/.ssh/config
Within
the file add an entry for the remote server such as:
host backup_server
hostname 192.168.0.24
user rsync
IdentityFile ~/.ssh/rsync.key
Change
the hostname to the IP address of your remote server, and if you used a
username other than "rsync" change that as well. You may use anything
you wish for the host, but for this example, "backup_server" was
used. Save and close the file by pressing Ctrl+X followed by the "Y"
and Enter keys.
Test
your SSH connection to the remote server with the command.
ssh backup_server
Assuming
everything is set up correctly, you should now be logged into your remote
server via SSH. Close the connection with the command.
exit
Sync Your Files
Now
test the rsync functionality, and for example, to sync your Documents
directory on your local PC run the command:
rsync -avz --progress ~/Documents/
backup_server:~/Documents
The
first occurrence of ~/Documents/ specifies the local file or
directory to sync, backup_server corresponds with the entry added to
the ~/.ssh/config file, and the ending :~/Documents simply
specifies to upload everything into the /Documents directory of the remote server relative to the home directory.
Log
in to the remote server, and you should see a new Documents directory that is
in sync with that of your local PC. Each time you run the above command, only files that have been modified since the last
time will be uploaded, so you're not constantly uploading the entire contents
of the directory.
Automate via Crontab
Now
that everything is tested and working properly, we can easily automate the
entire process by adding a crontab job to our local PC. To automatically sync
your local folder to the remote server every 15 minutes, within the terminal
run the command.
(crontab -l; echo "*/15 * * * * rsync -avz --progress
~/Documents/ backup_server:~/Documents > /dev/null 2>&1";) | crontab
You
may get a "no crontab for user" message, and you can just ignore it.
Change the Documents directory to whatever you wish to backup, but
ensure to leave a trailing slash for directories otherwise they will not
properly backup.
Check
to ensure the crontab job was successfully added with the command.
crontab -l
If
you see the crontab job that was just added, then everything is in place. Wait
15 minutes, check your remote server, and all necessary files should be there.
Starting from now, all changes made to your files will be automatically
uploaded to the remote server every 15 minutes.
Download from Remote Server
You
may also use rsync to download files from the remote server and sync
them to your local PC. Using the above /Documents directory example, within the
terminal run the command:
rsync -chavzP backup_server:~/Documents/ ~/Documents
The ~./Documents directory
on your local PC should now be a mirror image of the remote server.
Include and Exclude Patterns
If
you ever need to sync only files that match a certain pattern, such as end
with .html you can use the --include pattern. Within
terminal run the command.
rsync -avz --include "*.html" --progress ~/mysite/ backup_server:~/public_html
Check
the remote server, and you will see only files with a .html extension from the
local /mysite/ directory have been uploaded into the /public_html/ remote
directory. Similarly, you can also sync everything except certain files with
the --exclude option. For example, the following command will sync
all files except those with a .txt extension.
rsync -avz --exclude "*.txt" --progress ~/mysite/ backup_server:~/public_html
Sync Two Local Directories
If
ever needed, you may also sync two local directories with the command.
rsync -zvr ~/source/directory ~/destination/directory
This
command works exactly the same as when syncing to a remote server, the only
difference being its two local directories.
Rest Easy
You
can now breathe a sigh of relief knowing your chances of data loss are now
substantially lower. In this article, you have learned what rsync is,
how to generate and install an SSH key, define a server within the ~./.ssh/config file,
sync a local and remote directory, and automate the entire process via crontab.
Going forward, all necessary files will always be synced with
your remote server with only a 15-minute delay.
This tutorial will explain how to install PHP 8 on CentOS 8 Linux and its dependent packages.
remi-release-8.rpmConfigure the Remi repository for installing PHP 8 on CentOS 8
# dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm
# dnf install epel-release
# dnf module list php
CentOS Stream 8 - AppStream
Name Stream Profiles Summary
php 7.2 [d] common [d], devel, minimal PHP scripting language
php 7.3 common [d], devel, minimal PHP scripting language
php 7.4 common [d], devel, minimal PHP scripting language
php 8.0 common [d], devel, minimal PHP scripting language
Remi's Modular repository for Enterprise Linux 8 - x86_64
Name Stream Profiles Summary
php remi-7.2 common [d], devel, minimal PHP scripting language
php remi-7.3 common [d], devel, minimal PHP scripting language
php remi-7.4 common [d], devel, minimal PHP scripting language
php remi-8.0 common [d], devel, minimal PHP scripting language
php remi-8.1 common [d], devel, minimal PHP scripting language
Hint: [d]efault, [e]nabled, [x]disabled, [i]nstalledFrom the above output, by default PHP 7.2 from the AppStream repo shall be installed and no other version is enabled. To install PHP 8.1 from the remi repo, enable it before installation.
# dnf module enable php:remi-8.1
# dnf module list php CentOS Stream 8 - AppStream Name Stream Profiles Summary php 7.2 [d] common [d], devel, minimal PHP scripting language php 7.3 common [d], devel, minimal PHP scripting language php 7.4 common [d], devel, minimal PHP scripting language php 8.0 common [d], devel, minimal PHP scripting language Remi's Modular repository for Enterprise Linux 8 - x86_64 Name Stream Profiles Summary php remi-7.2 common [d], devel, minimal PHP scripting language php remi-7.3 common [d], devel, minimal PHP scripting language php remi-7.4 common [d], devel, minimal PHP scripting language php remi-8.0 common [d], devel, minimal PHP scripting language php remi-8.1 [e] common [d], devel, minimal PHP scripting language
In case, if you need to install any other version, you can reset the current module enabled and set the new using the below commands:
# dnf module reset php # dnf module enable php:remi-8.0
# dnf install php Last metadata expiration check: 0:13:44 ago on Wed 16 Feb 2022 11:53:53 AM IST. Dependencies resolved. ============================================================================================================================================================================================================================================= Package Architecture Version Repository Size ============================================================================================================================================================================================================================================= Installing: php x86_64 8.1.2-1.el8.remi remi-modular 1.7 M Installing dependencies: apr x86_64 1.6.3-12.el8 appstream 129 k apr-util x86_64 1.6.1-6.el8 appstream 105 k centos-logos-httpd noarch 85.8-2.el8 baseos 75 k httpd x86_64 2.4.37-43.module_el8.5.0+1022+b541f3b1 appstream 1.4 M httpd-filesystem noarch 2.4.37-43.module_el8.5.0+1022+b541f3b1 appstream 39 k httpd-tools x86_64 2.4.37-43.module_el8.5.0+1022+b541f3b1 appstream 107 k libsodium x86_64 1.0.18-2.el8 epel 162 k libxslt x86_64 1.1.32-6.el8 baseos 250 k mailcap noarch 2.1.48-3.el8 baseos 39 k mod_http2 x86_64 1.15.7-3.module_el8.4.0+778+c970deab appstream 154 k oniguruma5php x86_64 6.9.7.1-1.el8.remi remi-safe 210 k php-common x86_64 8.1.2-1.el8.remi remi-modular 1.2 M Installing weak dependencies: apr-util-bdb x86_64 1.6.1-6.el8 appstream 25 k apr-util-openssl x86_64 1.6.1-6.el8 appstream 27 k nginx-filesystem noarch 1:1.14.1-9.module_el8.0.0+184+e34fea82 appstream 24 k php-cli x86_64 8.1.2-1.el8.remi remi-modular 5.3 M php-fpm x86_64 8.1.2-1.el8.remi remi-modular 1.8 M php-mbstring x86_64 8.1.2-1.el8.remi remi-modular 522 k php-opcache x86_64 8.1.2-1.el8.remi remi-modular 628 k php-pdo x86_64 8.1.2-1.el8.remi remi-modular 160 k php-sodium x86_64 8.1.2-1.el8.remi remi-modular 100 k php-xml x86_64 8.1.2-1.el8.remi remi-modular 250 k Enabling module streams: httpd 2.4 nginx 1.14 Transaction Summary ============================================================================================================================================================================================================================================= Install 23 Packages
# php -v PHP 8.1.2 (cli) (built: Jan 18 2022 23:52:03) (NTS gcc x86_64) Copyright (c) The PHP Group Zend Engine v4.1.2, Copyright (c) Zend Technologies with Zend OPcache v8.1.2, Copyright (c), by Zend Technologies
Enjoy and comment if any issue arrised...If you desire to know how to implement a Mikrotik time-based queue to apply different queues to clients or networks based on the time of the day, then you are reading the right post. After reading this article, you will be able to configure a Mikrotik router to assign a certain bandwidth plan to a client in the day and a different bandwidth plan at night.
The implementation of a Mikrotik time-based queue will be configured using simple queue with scripts and schedulers to automatically assign bandwidth plans to customers based on time of the day. ISPs use this method to provide extra speed to customers during off-peak periods.
The implementation of Mikrotik time-based queue can be achieved on any Mikrotik router capable of simple queue. For this demonstration, the Mikrotik hAP lite series was used.
Implementation
Since Mikrotik time-based queue works with the router’s time, it is important that the time on the router remains accurate at all times. For to happen, the router must be configured as an NTP client. See commands to configure the router as an NTP client below:
/sys ntp client set primary-ntp=bd.pool.ntp.org enabled=yes
The next step is to create two simple queues; one for day (peak period) and the other for night (off-peak period). See commands below:
/queue simple add name=day target=192.168.10.2/32 max-limit=2M/2M add name=night target=192.168.10.2/32 max-limit=4M/4M
Next, we create a script that will enforce this queues. See commands below:
/system script add name=Day source=/queue simple enable day; /queue simple disable night add name=Night source=/queue simple enable night; /queue simple disable day
See below image for how to implement it on Winbox. Simply click on system>script and eneter values similar to the ones in the image below.
The final step involves the configuration system scheduler to activate any of the queues referenced in the script, depending on the system time. See commands below:
/system scheduler name=Day on-event=Day policy=read,write start-date=may/07/2023 start-time=06:00:00 interval=1d name=Night on-event=Night policy=read,write start-date=may/07/2023 start-time=18:00:00 interval=1d
The scheduler will execute, based on the router time, and cause the script to activate the desired queue while disabling the other. See the result of executing the “Day” script below.
