How to setup composer globally

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"
php composer-setup.php --install-dir=/usr/bin --filename=composer
php -r "unlink('composer-setup.php');"
 10   11 d  

How to fix several compatibility issues with new MySQL versions

Let’s see how to solve some problems after updating MySQL server. All ones fixes in one place by one method, so I show detailed only first solve and next will be more short.

... which is not functionally dependent on columns in GROUP BY clause;
this is incompatible with sql_mode=only_full_group_by

Find path of mysqld program:

which mysqld

Find file which you can use for change mysqld options. Change mysqld path in command if you need.

sudo /usr/sbin/mysqld --verbose --help | grep -A 1 "Default options"

Remember printed filenames. Actually remember anyone filename e. g. “/etc/mysql/my.cnf”.

Next you need to know active sql modes:

sudo mysql -u root -p -e "select @@sql_mode"

Copy printed constants to somewhere. Drop “ONLY_FULL_GROUP_BY” constant from list. Next go to open filename of mysqld options file:

sudo mcedit /etc/mysql/my.cnf

And after “!includedir” put “[mysqld]” section (if it missing) and write into [mysqld] section:

sql_mode = "YOUR_NEW_CONSTANTS_LIST"

Save file and restart mysql server:

sudo service mysql restart

Incorrect integer value

Open options file like above and from constants list drop “STRICT_TRANS_TABLES” constant. Save file and restart mysql server.

Incorrect datetime value: ‘0000-00-00 00:00:00’

Again, open options file and now drop constant “NO_ZERO_DATE” from list. Save file and restart mysql server.

 19   1 mon  
 33   1 mon  

Rocket Raccoon Day

The fandom shall define it now: Rocket Raccoon Day shall be October 18th, and “Rocktober” shall be Rocket’s month.

 20   1 mon  

How to protect from flood on nginx server

Add next lines into “http” section of nginx.conf file:

limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;

And add next lines into “server” section (wherever it placed):

limit_conn conn_limit_per_ip 10;
limit_req zone=req_limit_per_ip burst=10 nodelay;

Change values as you need, according to documenation:
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html

 42   2 mon  
 37   2 mon  

How to fix Chromium forgets cookies at reboot

Warn: this topic have hatred.

I had updated Chromium on the other day. You know... some sites didn’t want to show some very useful content like videos of raccoons when you’re using old browser. Even if your browser had updated two months ago. So I had done it. I had updated Chromium and do you know what I had gotten? Nothing bad. It had been continuing its work. But for a while. Did I already said that I like hate flarking updates? After week or two weeks I closed browser and open it again. And it required interference. No, it didn’t frozed up. And it did’t want to hug. It forgot all cookies!

As the matter of fact it is no neccessary to descend deeper than may seem for looking for decision. The solution was on surface.

I dunno why but after flarking updates Chromium decided to change my privacy settings (and may be some options more). In a specific case how browser relates to keeping cookies at reboot.

So only what you need to do it is disable option “Keep local data only until you quit your browser” in Cookies settings which you can find at

chrome://settings/content/cookies
 44   2 mon  

Setting up Linux firewall for make more safe web server

Server works in network with opened every ports — sounds not very safety. Let’s protect it by using netfilter firewall which delivered together with Linux. Netfilter, in turn, managed by iptables utility. So, iptables is what we need.

Warning: if you don’t have physical access to real server (working with it remotely e. g. by SSH) first you need find anybody (e. g. supportguy from hosting provider) who could restore SSH access to you or do something else if you accidentally, suddenly or not specially will block yourself.

So, iptables. I should warn you iptables doesn’t save self settings and after server restart, iptables settings will restored to default. Therefore it is possible to use iptables-persistent program which can save iptables settings when you ask about it. Let’s install it:

sudo apt install iptables-persistent

Setup program will ask you would you want to save present rules. Why not? Of course you want to save present rules because you will change it in next steps. Later on you can save your rules anytime by using next command:

sudo dpkg-reconfigure iptables-persistent

The next what you should know that netfilter will process rules in reverse order. If you block packet in some rule it won’t go to rule above last.

Every iptables command neccessary enter into the console. I added comments to every command for you know what it do.

sudo -i # Working with root privileges
iptables -L -n # Will show list of current rules in system
iptables -F # Will delete all current rules 
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP # Will block null-packets
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # Will drop XMAS packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP # Will protect from Syn-flood
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # Don't forget allow access to SSH oneself (change 22 port if your SSH working on another port)
iptables -A INPUT -i lo -j ACCEPT # Will allow access to local interface. It is neccessary for database, mail, etc.
iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT # Will allow 80 port for access to sites by HTTP
iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT # It will allow 443 port for access to sites by HTTPS (if you have)
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT # Allow ping our server (if you block it external services will think that our server doesn't work)
iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT # It is neccessary for server updates
iptables -P OUTPUT ACCEPT # Allow output traffic from our server
iptables -P INPUT DROP # It will close left ports
iptables -L -n # Check set rules

Now you need to exit from ssh connection and relogin it again. Check it. It’s ok? Now check how work sites on 80 or 443 port. Also check disallowed ports e. g. 2525:

telnet your_server_IP 2525

Warning: if you got “Connected” it is mean something wrong.

If all is good save your rules:

sudo dpkg-reconfigure iptables-persistent
 70   2 mon  

How to find IPs with highest count of requests in access.log

First command will show you IPs sorted by number and them count of requests:

cat access.log | awk '{print $1}' | sort | uniq -c

You will be able to find IP masks with highest count of requests:

...
    158 217.115.65.19
    152 217.115.92.114
   3236 217.118.64.107
   8631 217.118.64.115
    640 217.118.64.119
   5122 217.118.64.124
    980 217.118.64.14
     37 217.218.94.2
     41 217.218.164.34
...

Next command will show you IPs sorted by count of requests:

less access.log | cut -d' ' -f1 | sort | uniq -c | sort -bg

For example:

...
   3818 178.207.194.252
   4090 89.169.172.165
   4732 60.47.208.104
   6500 82.146.33.201
   6698 31.200.239.18
   9934 141.8.132.20
  18032 141.8.142.126
...
 52   3 mon  
Earlier Ctrl + ↓