# Linux

# Command

# Add new user

useradd <username>

passwd <username>

Enter password

# check memory and restart service when less than X gb.

bash  
\#!/bin/bash

\# Get the available memory in KB  
free\_mem\_kb=$(free -k | grep Mem | awk '{print $4}')

\# Convert to GB (divide by 1024^2)  
\# without bc  
free\_mem\_gb=$((free\_mem\_kb / 1024 / 1024))  
\# with bc  
\# free\_mem\_gb=$(echo "scale=2; $free\_mem\_kb / (1024 \* 1024)" | bc)

\# Threshold for memory in GB  
threshold=2

\# Check if free memory is less than the threshold  
\# without bc  
if \[ "$free\_mem\_gb" -lt "$threshold" \]; then  
\# with bc  
\# if (( $(echo "$free\_mem\_gb < $threshold" | bc -l) )); then  
 echo "Free memory is less than 2GB ($free\_mem\_gb GB). Restarting Apache..."  
\# restart some service here  
\# sudo systemctl restart apache2  
else  
 echo "Free memory is sufficient: $free\_mem\_gb GB."  
fi

# change ownership

basic

  
chown <user>:<group> <option> <path>

chown www-data:wheel -R /var/www/html/project\_name

-R = recursive

change own from one of the user or group only

chown -R --from=root nginx /var/www/html/cms

chown -R --from=:root :nginx /var/www/html/cms

# Curl

simple curl GET

``sh  
curl "https://api.onesignal.com"  
``

simple curl POST

``sh  
curl -X "POST" "https://api.onesignal.com"  
``

curl with json request and header

``sh  
curl -X "POST" "https://iems.kpdn.gov.my/oauth/token" \\  
 -H 'Content-Type: application/json; charset=utf-8' \\  
 -d $'{  
 "client\_id": "3",  
 "scope": "ecoss",  
 "client\_secret": "v3v0kqaUPYkxO7tl3FprWcbD3pzyk7EgvnEBzLmk",  
 "grant\_type": "client\_credentials"  
}'``

curl with full url

``sh  
curl "https://familyhub.lppkn.gov.my/index.php/epms\_api/LPPKNReportGateway?token=HEgAtuOHunGqmiMEVDUMjhTAYJRxyM&laporan=1004&tahun=2023&sukuan=1"  
``  
curl with hidden method (laravel)  
``sh  
curl -X "POST" "http://10.29.59.97/gps/gpss/50/budgets"  
 -d $'{  
 "\_method": "PATCH",  
 "test": "somthing"  
}'  
``

curl with auth token in header

``sh  
curl -X "POST" "http://10.29.59.97/gps/gpss/50/budgets" -H "Content-Type: application/x-www-form-urlencoded" -d "\_method=PATCH&token=bgl2TOaY5IdSQRHQDEPKvZd1Y79N66fFNOaV4E9P"  
``

# nginx basic ssl config

```  
server {  
 listen 80 default\_server;  
 listen \[::\]:80 default\_server;

 location / {  
 return 301 https://$host$request\_uri;  
 }  
}

server {  
 listen 443 ssl http2;  
 listen \[::\]:443 ssl http2;

 ssl\_certificate /path/to/signed\_cert\_plus\_intermediates;  
 ssl\_certificate\_key /path/to/private\_key;  
 ssl\_trusted\_certificate /path/to/root\_CA\_cert\_plus\_intermediates;  
 ssl\_session\_timeout 1d;  
 ssl\_session\_cache shared:MozSSL:10m; # about 40000 sessions  
 ssl\_session\_tickets off;

 # OCSP stapling  
 ssl\_stapling on;  
 ssl\_stapling\_verify on;

 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam  
 ssl\_dhparam /path/to/dhparam;

 # intermediate configuration  
 ssl\_protocols TLSv1.2 TLSv1.3;  
 ssl\_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;  
 ssl\_prefer\_server\_ciphers off;

 # HSTS (ngx\_http\_headers\_module is required) (63072000 seconds)  
 add\_header Strict-Transport-Security "max-age=63072000" always;  
}  
```

# NPT

\# Centos 7

```install: yum install ntp -y```

``vi /etc/ntp.conf``

``server 192.168.1.100 iburst``

``systemctl restart ntp``

``check ntp: ntpq -p``

  
\# Centos 8

``install: dnf install chrony``

``vi /etc/chrony.conf``

``server 192.168.1.100 iburst``

``systemctl enable chronyd``

``systemctl restart chronyd``

``check ntp: chronyc sources``

# linux permission

\# chown

``chown user directory``

> chown ali /var/www/html/project/index.php  
> chown ali /var/www/html/project

\- this will assign user of the target directory or file to ali.

``chown -R user directory``

\- this will assign user of target directory and all its child to ali.

``chown :group directory``

> chown :wheel /var/www/html/project

\- this will assign group of target directory to wheel  
\- difference between user and group is :

``chown user:group directory``

> chown ali:wheel /var/www/html/project

\- this will assign user of target directory to ali and group of target directory to wheel

``chown -R --from=root nginx /var/www/html/project``

\- change target directory and its child that have current user as root to nginx

  
``chown -R --from=:root :wheel /var/www/html/project``

\- change target directory and its child that have current group as root to wheel

# basic config php system

\## ssh

ssh -l root 159.223.43.172

sudo dnf update -y

\## php

dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm  
rpm -qa | grep epel  
dnf install https://rpms.remirepo.net/enterprise/remi-release-8.rpm  
rpm -qa | grep remi  
dnf module list php  
dnf module enable php:remi-7.4

  
dnf install php php-fpm php-opcache php-gd php-curl php-mysqlnd php-mbstring php-dom zip unzip php-zip php-json php-pdo php-pdo\_mysql

\## mysql

dnf install mysql-server  
systemctl start mysqld | mysqld.service  
systemctl status mysqld  
systemctl enable mysqld  
mysql -u root -p  
mysql\_secure\_installation // jika mahu ke live, maka run ini untuk pastikan setting mysql adalah betul  
ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql\_native\_password BY 'password'; // jika php adalah php >7.3 + mysql 8

QvsfjYR@9pJs@T8oMCy23fwYyQ-.snmviq\_!\*24p.JC7YERFUsfx\_.mQaN.tJGnM

\## nginx

dnf install nginx  
mv /etc/nginx/default.d/php.conf /etc/nginx/default.d/php.conf.disabled  
vi /etc/nginx/conf.d/ekjp.conf

\~~~  
server {  
 listen 80;  
 server\_name 10.21.1.86;  
 root /var/www/html/hlp/public;  
 index index.php;

 charset utf-8;  
 gzip on;  
 gzip\_types text/css application/javascript text/javascript application/x-javascript image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon;  
 location / {  
 try\_files $uri $uri/ /index.php?$query\_string;  
 }

 location ~ \\.php {  
 # include fastcgi.conf;  
 fastcgi\_split\_path\_info ^(.+\\.php)(/.+)$;  
 fastcgi\_pass unix:/run/php-fpm/www.sock;  
   
 fastcgi\_pass 127.0.0.1:9000;  
 fastcgi\_index index.php;  
 fastcgi\_param SCRIPT\_FILENAME $document\_root$fastcgi\_script\_name;  
 fastcgi\_buffer\_size 128k;  
 fastcgi\_buffers 256 16k;  
 fastcgi\_busy\_buffers\_size 256k;  
 fastcgi\_temp\_file\_write\_size 256k;  
 include fastcgi\_params;  
 }  
 location ~ /\\.ht {  
 deny all;  
 }  
}

\~~~

nginx -t  
systemctl start nginx  
systemctl status nginx  
systemctl enable nginx

\## git

dnf install git

\## composer

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"  
php -r "if (hash\_file('sha384', 'composer-setup.php') === '756890a4488ce9024fc62c56153228907f1545c228516cbf63f885e036d37e9a59d27d63f46af1d4d07ee0f76181c7d3') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP\_EOL;"  
php composer-setup.php  
php -r "unlink('composer-setup.php');"  
mv composer.phar /usr/local/bin/composer  
composer

\## firewall

dnf install firewalld  
systemctl enable firewalld  
systemctl start firewalld  
firewall-cmd --zone=public --permanent --add-service=http  
firewall-cmd --zone=public --permanent --add-service=https  
firewall-cmd --reload  
firewall-cmd --permanent --list-all

\## setting

cd /var/www/html  
git clone https://gitlab.com/tmukmkd/jtm-ekjp-laravel-training.git ekjp  
cd ekjp  
composer update

vi /etc/php-fpm.d/www.conf  
tukar apache kepada nginx  
\-- tukar nobody kepada nginx

update .env

chown -R nginx:nginx /var/www/html/sago-beta/storage/  
chown -R nginx:nginx /var/www/html/sago-beta/bootstrap/cache/  
chmod -R 0777 /var/www/html/sago-beta/storage/  
chmod -R 0775 /var/www/html/sago-beta/bootstrap/cache/

semanage fcontext -a -t httpd\_sys\_rw\_content\_t '/var/www/html/sago-beta/storage(/.\*)?'  
semanage fcontext -a -t httpd\_sys\_rw\_content\_t '/var/www/html/sago-beta/bootstrap/cache(/.\*)?'  
restorecon -Rv '/var/www/html/sago-beta'

mv /etc/nginx/default.d/php.conf /etc/nginx/default.d/php.conf.disabled

systemctl restart php-fpm  
systemctl restart nginx

\## selinux  
sudo setsebool -P httpd\_can\_network\_connect\_db=1  
setenforce 0

\## letsencrypt

dnf install epel-release  
dnf install certbot python3-certbot-nginx  
certbot --nginx -d some.domain.name

\## add user to group  
usermod -a -G group\_name user\_name

# supervisord

yum install supervisor

\-- ubuntu

apt-get update -y  
apt-get install supervisor -y  
vi /etc/supervisor/supervisord.conf

```  
\[program:laravel-worker\]  
process\_name=%(program\_name)s\_%(process\_num)02d  
command=php /home/forge/app.com/artisan queue:work sqs --sleep=3 --tries=3  
autostart=true  
autorestart=true  
user=forge  
numprocs=8  
redirect\_stderr=true  
stdout\_logfile=/home/forge/app.com/worker.log

systemctl start supervisord

sudo supervisorctl reread

sudo supervisorctl update

sudo supervisorctl start laravel-worker:\*  
```

===

ps -ef | grep supervisord

kill -s SIGTERM 2503

=== ekbaru setting

vi /etc/supervisord.d/supervisor.ini

```  
\[program:laravel-worker\]  
command=php /var/www/html/ekgbaru/artisan queue:work --tries=3 --sleep=3  
process\_name=%(program\_name)s\_%(process\_num)02d  
numprocs=8  
; priority=99  
autostart=true  
stopasgroup=true  
killasgroup=true  
autorestart=true  
; startsecs=1  
; startretries=3  
user=root  
redirect\_stderr=true  
stdout\_logfile=/var/www/html/supervisor.log  
;stdout\_logfile=/var/logs/supervisor.log  
```

systemctl start supervisord

systemctl enable supervisord

systemctl status supervisord

# traceroute mtr mytraceroute

\## tracert

``tracert <url>``

``tracert pcdev.kpdn.gov.my``

\## traceroute

// install

``apt instal traceroute``

// usage

``traceroute <url>``

``traceroute pcdev.kpdn.gov.my``

\## mtr (mytraceroute)

``sudo mtr <url> -c <request count>``

``sudo mtr pcdev.kpdn.gov.my -c 1000``  
``sudo mtr pricecatcher.kpdn.gov.my -c 100``  
``sudo mtr myworkforce.perkeso.gov.my -c 10``

# wkhtmltopdf

\# Centos 8

```sh  
wget https://downloads.wkhtmltopdf.org/0.12/0.12.5/wkhtmltox-0.12.5-1.centos8.x86\_64.rpm

wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos8.x86\_64.rpm

rpm -i wkhtmltox-0.12.6-1.centos8.x86\_64.rpm  
```

\# Centos 7

\## install

```  
https://downloads.wkhtmltopdf.org/0.12/0.12.5/wkhtmltox-0.12.5-1.centos7.x86\_64.rpm

https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6-1/wkhtmltox-0.12.6-1.centos7.x86\_64.rpm

yum install -y libpng libjpeg openssl icu libX11 libXext libXrender xorg-x11-fonts-Type1 xorg-x11-fonts-75dpi  
```

\## spacedeal

``yum -y install wget``  
`yum localinstall wkhtmltox-0.12.6-1.centos7.x86\_64.rpm`  
`wkhtmltopdf --version`

\# rhel 9

```

wget https://github.com/wkhtmltopdf/packaging/releases/download/0.12.6.1-2/wkhtmltox-0.12.6.1-2.almalinux9.x86\_64.rpm

rpm -i wkhtmltox-0.12.6.1-2.almalinux9.x86\_64.rpm  
```

\# Ubuntu

`sudo apt-get install wkhtmltopdf`

`sudo ln -s /usr/bin/wkhtmltopdf /usr/local/bin/wkhtmltopdf`

If prompt reboot service just click OK. Use TAB or arrow to navigate.

known issues in Ubuntu

`https://packagist.org/packages/h4cc/wkhtmltopdf-amd64`

`php composer.phar require h4cc/wkhtmltopdf-amd64 "0.12.4"`

`$path = \\h4cc\\WKHTMLToPDF\\WKHTMLToPDF::PATH;` in .env

# Ubuntu Setup

install mysql-server  
create user 'hub'@'localhost' IDENTIFIED BY 'The-Best-WAY-2024';  
create user 'hub'@'localhost' IDENTIFIED BY 'The-Best-PROD-2024';  
grant all privileges on \*.\* to 'hub'@'localhost';  
FLUSH PRIVILEGES;

apt install ca-certificates apt-transport-https software-properties-common  
add-apt-repository ppa:ondrej/php  
apt update  
apt install php8.3 php8.3-common php8.3-xml php8.3-intl php8.3-mysql php8.3-zip php8.3-curl

php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');"  
php composer-setup.php  
php -r "unlink('composer-setup.php');"  
mv composer.phar /usr/bin/composer <-- 2204 guna usr bin. 2004 guna usr local bin  
composer install

php8.3-common   
php8.3-mysql   
php8.3-xml   
php8.3-xmlrpc   
php8.3-curl   
php8.3-gd   
php8.3-imagick   
php8.3-cli   
php8.3-mbstring   
php8.3-opcache   
php8.3-zip   
php8.3-redis   
php8.3-intl  
php8.3-fpm  
 -y  
   
\-- nginx  
   
 server {  
 listen 80;  
 server\_name server\_domain\_or\_IP;  
 root /var/www/travellist/public;

 add\_header X-Frame-Options "SAMEORIGIN";  
 add\_header X-XSS-Protection "1; mode=block";  
 add\_header X-Content-Type-Options "nosniff";

 index index.html index.htm index.php;

 charset utf-8;

 location / {  
 try\_files $uri $uri/ /index.php?$query\_string;  
 }

 location = /favicon.ico { access\_log off; log\_not\_found off; }  
 location = /robots.txt { access\_log off; log\_not\_found off; }

 error\_page 404 /index.php;

 location ~ \\.php$ {  
 fastcgi\_pass unix:/var/run/php/php8.1-fpm.sock;  
 fastcgi\_index index.php;  
 fastcgi\_param SCRIPT\_FILENAME $realpath\_root$fastcgi\_script\_name;  
 include fastcgi\_params;  
 }

 location ~ /\\.(?!well-known).\* {  
 deny all;  
 }  
}

\-- local git  
\[core\]  
 repositoryformatversion = 0  
 filemode = true  
 bare = false  
 logallrefupdates = true  
 ignorecase = true  
 precomposeunicode = true  
\[remote "origin"\]  
 url = git@gitlab.com:myopensoft/sprm-pesalah-rasuah.git  
 fetch = +refs/heads/\*:refs/remotes/origin/\*  
\[branch "main"\]  
".git/config" 13L, 315B  
\[core\]  
 repositoryformatversion = 0  
 filemode = true  
 bare = false  
 logallrefupdates = true  
 ignorecase = true  
 precomposeunicode = true  
\[remote "origin"\]  
 url = git@gitlab.com:myopensoft/sprm-pesalah-rasuah.git  
 fetch = +refs/heads/\*:refs/remotes/origin/\*  
\[branch "main"\]  
 remote = origin  
 merge = refs/heads/main  
~