Before we can use any SSL certificates, we first have to enable mod_ssl, an Apache module that provides support for SSL encryption.
Enable mod_ssl with the a2enmod command:
$ sudo a2enmod ssl
[sudo] password for jack:
Considering dependency setenvif for ssl:
Module setenvif already enabled
Considering dependency mime for ssl:
Module mime already enabled
Considering dependency socache_shmcb for ssl:
Enabling module socache_shmcb.
Enabling module ssl.
See /usr/share/doc/apache2/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
systemctl restart apache2
Restart Apache to activate the module:
sudo systemctl restart apache2
Creating the SSL Certificate
Now that Apache is ready to use encryption, we can move on to generating a new SSL certificate. The certificate will store some basic information about your site, and will be accompanied by a key file that allows the server to securely handle encrypted data.
We can create the SSL key and certificate files with the openssl command:
Then make the web server user (www-data) as the owner of this directory.
sudo chown -R www-data:www-data /var/www/mautic/
Step 2: Create a MariaDB Database and User for Mautic
Log in to MariaDB console.
sudo mysql
Next, create a new database for Mautic using the following command. This tutorial names it mautic, you can use whatever name you like for the database.
CREATE DATABASE mautic DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci;
จะมี warning ประมาณนี้
CREATE DATABASE mautic DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci 1 row(s) affected, 2 warning(s):
3719 'utf8' is currently an alias for the character set UTF8MB3, but will be an alias for UTF8MB4 in a future release. Please consider using UTF8MB4 in order to be unambiguous.
3778 'utf8mb3_unicode_ci' is a collation of the deprecated character set UTF8MB3. Please consider using UTF8MB4 with an appropriate collation instead.
ให้เปลี่ยนเป็นใช้คำสั่งนี้แทน
CREATE DATABASE mautic DEFAULT CHARACTER SET UTF8MB4 COLLATE utf8mb4_unicode_ci;
The following command will create a database user and password, and at the same time grant all permission of the new database to the new user so later on Mautic can write to the database. Replace red texts with your preferred database name, username and password.
CREATE USER 'jack'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON mautic.* TO 'jack'@'localhost' IDENTIFIED BY 'password';
Flush privileges table and exit MariaDB console.
FLUSH PRIVILEGES;
EXIT;
Step 3: Install Required and Recommended PHP Modules.
Run the following command to install PHP modules required or recommended by Mautic
If you use Apache web server, then you need to disable the PHP module for Apache.
sudo a2dismod php7.4
You also need to disable the prefork MPM module in Apache.
sudo a2dismod mpm_prefork
Now you need to run the following command to enable three modules in order to use PHP-FPM in Apache, regardless of whether mod_php is installed on your server.
sudo a2enmod mpm_event proxy_fcgi setenvif
Then restart Apache.
sudo systemctl restart apache2
Step 4: Create Apache Virtual Host for Mautic
If you use Apache web server, create a virtual host for Mautic.
$ sudo mysql
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 8
Server version: 8.0.32-0ubuntu0.20.04.2 (Ubuntu)
Copyright (c) 2000, 2023, Oracle and/or its affiliates.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql>
สร้าง user
CREATE USER 'jack'@'localhost' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'jack'@'localhost';
FLUSH PRIVILEGES;
SELECT user,authentication_string,plugin,host FROM mysql.user;
You now have access to the MySQL server configuration file. Scroll down to the bind-address line and change the IP address. The current default IP is set to 127.0.0.1. This IP limits MySQL connections to the local machine.
The new IP should match the address of the machine that needs to access the MySQL server remotely. For example, if you bind MySQL to 0.0.0.0, then any machine that reaches the MySQL server can also connect with it.
bind-address = 0.0.0.0
sudo systemctl restart mysql
สร้าง remote user โดย remote ไปจากเครื่อง 192.168.1.124
CREATE USER 'jack'@'192.168.1.124' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON * . * TO 'jack'@'192.168.1.124';
FLUSH PRIVILEGES;
$ hostname --help
Usage: hostname [-b] {hostname|-F file} set host name (from file)
hostname [-a|-A|-d|-f|-i|-I|-s|-y] display formatted name
hostname display host name
{yp,nis,}domainname {nisdomain|-F file} set NIS domain name (from file)
{yp,nis,}domainname display NIS domain name
dnsdomainname display dns domain name
hostname -V|--version|-h|--help print info and exit
Program name:
{yp,nis,}domainname=hostname -y
dnsdomainname=hostname -d
Program options:
-a, --alias alias names
-A, --all-fqdns all long host names (FQDNs)
-b, --boot set default hostname if none available
-d, --domain DNS domain name
-f, --fqdn, --long long host name (FQDN)
-F, --file read host name or NIS domain name from given file
-i, --ip-address addresses for the host name
-I, --all-ip-addresses all addresses for the host
-s, --short short host name
-y, --yp, --nis NIS/YP domain name
Description:
This command can get or set the host name or the NIS domain name. You can
also get the DNS domain or the FQDN (fully qualified domain name).
Unless you are using bind or NIS for host lookups you can change the
FQDN (Fully Qualified Domain Name) and the DNS domain name (which is
part of the FQDN) in the /etc/hosts file.
AzCopy is a command-line utility that you can use to copy blobs or files to or from a storage account.
Download AzCopy
First, download the AzCopy V10 executable file to any directory on your computer. AzCopy V10 is just an executable file, so there’s nothing to install.
These files are compressed as a zip file (Windows and Mac) or a tar file (Linux). To download and decompress the tar file on Linux, see the documentation for your Linux distribution.
ตรวจสอบเวอร์ชันบน Command prompts
> azcopy --version
azcopy version 10.17.0
ตรวจสอบเวอร์ชันบน PowerShell
> .\azcopy --version
azcopy version 10.17.0
ดู help
> azcopy --help
AzCopy 10.17.0
Project URL: github.com/Azure/azure-storage-azcopy
AzCopy is a command line tool that moves data into and out of Azure Storage.
To report issues or to learn more about the tool, go to github.com/Azure/azure-storage-azcopy
The general format of the commands is: 'azcopy [command] [arguments] --[flag-name]=[flag-value]'.
Usage:
azcopy [command]
Available Commands:
bench Performs a performance benchmark
completion Generate the autocompletion script for the specified shell
copy Copies source data to a destination location
doc Generates documentation for the tool in Markdown format
env Shows the environment variables that you can use to configure the behavior of AzCopy.
help Help about any command
jobs Sub-commands related to managing jobs
list List the entities in a given resource
login Log in to Azure Active Directory (AD) to access Azure Storage resources.
logout Log out to terminate access to Azure Storage resources.
make Create a container or file share.
remove Delete blobs or files from an Azure storage account
set-properties (Preview) Given a location, change all the valid system properties of that storage (blob or file)
sync Replicate source to the destination location
Flags:
--cap-mbps float Caps the transfer rate, in megabits per second. Moment-by-moment throughput might vary slightly from the cap. If this option is set to zero, or it is omitted, the throughput isn't capped.
-h, --help help for azcopy
--log-level string Define the log verbosity for the log file, available levels: INFO(all requests/responses), WARNING(slow responses), ERROR(only failed requests), and NONE(no output logs). (default 'INFO'). (default "INFO")
--output-level string Define the output verbosity. Available levels: essential, quiet. (default "default")
--output-type string Format of the command's output. The choices include: text, json. The default value is 'text'. (default "text")
--skip-version-check Do not perform the version check at startup. Intended for automation scenarios & airgapped use. --trusted-microsoft-suffixes string Specifies additional domain suffixes where Azure Active Directory login tokens may be sent. The default is '*.core.windows.net;*.core.chinacloudapi.cn;*.core.cloudapi.de;*.core.usgovcloudapi.net;*.storage.azure.net'. Any listed here
are added to the default. For security, you should only put Microsoft Azure domains here. Separate multiple entries with semi-colons.
-v, --version version for azcopy
Use "azcopy [command] --help" for more information about a command.
Authorize AzCopy
You can provide authorization credentials by using Azure Active Directory (AD), or by using a Shared Access Signature (SAS) token.
Use this table as a guide:
Storage type
Currently supported method of authorization
Blob storage
Azure AD & SAS
Blob storage (hierarchical namespace)
Azure AD & SAS
File storage
SAS only
Option 1: Use Azure Active Directory
ใช้คำสั่ง azcopy login
> azcopy login
To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code XXXXXXXXX to authenticate.
You can append a SAS token to each source or destination URL that use in your AzCopy commands.
This example command recursively copies data from a local directory to a blob container. A fictitious SAS token is appended to the end of the container URL.
$ sudo ufw app list
Available applications:
Apache
Apache Full
Apache Secure
OpenSSH
As indicated by the output, there are three profiles available for Apache:
Apache: This profile opens only port 80 (normal, unencrypted web traffic)
Apache Full: This profile opens both port 80 (normal, unencrypted web traffic) and port 443 (TLS/SSL encrypted traffic)
Apache Secure: This profile opens only port 443 (TLS/SSL encrypted traffic)
It is recommended that you enable the most restrictive profile that will still allow the traffic you’ve configured. Since we haven’t configured SSL for our server yet in this guide, we will only need to allow traffic on port 80:
