Automatically SSL without Passphrase Prompt on Apache2 Restart or Server Reboot

You need to remove encryption from your private key file like this:

openssl rsa -in server.key -out
mv server.key

Make sure the new key file is only readable by root – otherwise anyone with shell access to this server will be able to grab the private key and impersonate your server.

To make the key readable only by root, do ‘chmod 600’ before swapping keys.

Now you should have Httpd Apache2 automatically started without SSL Passphrase prompt.

Check CPU Usage of Ubuntu Redhat Linux

To get CPU usage, best way is to read /proc/stat file. See man 5 proc for more help.

There is a useful script written by Paul Colby.

# by Paul Colby (, no rights reserved ;)


while true; do

 CPU=(`cat /proc/stat | grep '^cpu '`) # Get the total CPU statistics.
 unset CPU[0] # Discard the "cpu" prefix.
 IDLE=${CPU[4]} # Get the idle CPU time.

 # Calculate the total CPU time.

 for VALUE in "${CPU[@]:0:4}"; do

 # Calculate the CPU usage since we last checked.
 echo -en "\rCPU: $DIFF_USAGE% \b\b"

 # Remember the total and idle CPU times for the next check.

 # Wait before checking again.
 sleep 1

Save it to ~/cpu_usage, add execute permission sudo chmod +x ~/cpu_usage and run:


To stop the script, hit Ctrl + C

Free EC2 Scheduler to Start and Stop Instances Automatically in Ubuntu

Firstly, you have to install EC2 API Tools & AMI Tools.

Edit sudo nano /root/.bashrc and add following at the end.

export EC2_REGION=<your-ec2-region>
export EC2_URL=ec2.$
export AWS_ACCESS_KEY=<your-access-key>
export AWS_SECRET_KEY=<your-secret-key>
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

Remember to change <your-ec2-region>, <your-access-key>, <your-secret-key> accordingly.

Create sudo nano ~/


export EC2_REGION=<your-ec2-region>
export EC2_URL=ec2.$
export AWS_ACCESS_KEY=<your-access-key>
export AWS_SECRET_KEY=<your-secret-key>
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

ec2-start-instances <instance-id>
sleep 5

And create sudo nano ~/


export EC2_REGION=<your-ec2-region>
export EC2_URL=ec2.$
export AWS_ACCESS_KEY=<your-access-key>
export AWS_SECRET_KEY=<your-secret-key>
export JAVA_HOME=/usr/lib/jvm/java-7-openjdk-amd64/jre

ec2-stop-instances <instance-id>
sleep 5

To add into cronjob, crontab -e

# monday to friday, morning 9am to start instances
0 8 * * 1-5 /bin/bash -c ~/ >> ~/start_instances.log 2>&1
# monday to friday, evening 5pm to stop instances
0 17 * * 1-5 /bin/bash -c ~/ >> ~/stop_instances.log 2>&1

It will create a log file for start & stop instances.

That’s all for a Free and Simple EC2 Scheduler to start and stop instances automatically in your Ubuntu server.

You could also add a timestamp for your log files with this tutorial: Adding Timestamp Date Time while Saving a Log File from Crontab Cronjob Ubuntu Redhat Linux.

Install EC2 API AMI Tools in Ubuntu

ec2-api-tools and ec2-ami-tools are available in multiverse. The
multiverse component is not enabled in /etc/apt/sources.list by default in
the Ubuntu ec2 images.

There are 2 ways to get at these:

a) get (older) versions released with karmic by adding multiverse to

$ sudo sed -i.dist 's,universe$,universe multiverse,' /etc/apt/sources.list
$ sudo apt-get update
$ sudo apt-get install ec2-api-tools ec2-ami-tools

b) add most recent versions backported to karmic:
Add the ppa
Follow the instructions there, or:

$ sudo apt-get update && sudo apt-get install python-software-properties
$ sudo add-apt-repository ppa:ubuntu-on-ec2/ec2-tools
$ sudo apt-get update && sudo apt-get install ec2-api-tools ec2-ami-tools

That’s it. Enjoy your EC2 API Tools and EC2 AMI Tools in Ubuntu.

Adding Timestamp Date Time while Saving a Log File from Crontab Cronjob Ubuntu Redhat Linux

This is just a quick solution to put a timestamp with each line of the output of some command in Ubuntu Redhat Linux (*nix). It’s a very simple thing, thought I’d write it down here so maybe it’ll help somebody some day.

I have a cron job running on my server, it’s a high frequency job so I don’t want to send email reports each time, I’m logging it into a file, but I want to log the timestamp of each time it runs and logs something to this file, I didn’t want to change the code behind it to also print the timestamp with each write to the output, so I pipelined the command to a simple bash script that will append the timestamp to each line in the output then write the result to the stdout again.

Here is the bash script for sudo nano ~/

while read x; do
 echo -n `date +%d/%m/%Y\ %H:%M:%S`;
 echo -n " ";
 echo $x;

Then I edited the cron job crontab -e line to be like this:

* 9 * * 1-5 ~/ 2>&1 | ~/ >> /var/log/cron/my-cronjob-command.log

And you’re done!

Enjoy it.

Perfect Linux Ubuntu (Apache2, PHP, MySQL) Server on AWS EC2

Firstly, change the hostname

$ sudo echo > /etc/hostname 
$ sudo service hostname restart

Afterwards, run

$ hostname 
$ hostname -f

Both should show now.

Update the apt package database.

$ sudo apt-get update

Install the latest updates (if there are any).

$ sudo apt-get upgrade

If you see that a new kernel gets installed as part of the updates, you should reboot the system afterwards:

$ sudo reboot

Disable AppArmor.

$ sudo service apparmor stop 
$ sudo update-rc.d -f apparmor remove 
$ sudo apt-get remove apparmor apparmor-utils

Check Date and Time.

$ date
Wed Jul 16 22:52:47 EDT 2014

Check the Timezone.

$ cat /etc/timezone

To change and update Timezone.

$ sudo dpkg-reconfigure tzdata
$ sudo service cron stop && service cron start

It is a good idea to synchronize the system clock with an NTP (network time protocol) server over the Internet. Simply run

$ sudo apt-get install ntp ntpdate

and your system time will always be in sync.

Run locale to list what locales currently defined for the current user account:

$ sudo locale

Then generate the missing locale:

$ sudo locale-gen "en_US" "en_US.UTF-8"

Reconfigure locales to take notice

$ sudo dpkg-reconfigure locales

For Ubuntu Server 12.04 LTS, add following lines to /etc/environment


The default settings are stored in the /etc/default/locale file.

$ sudo cat /etc/default/locale

This file can either be adjusted manually or updated using the tool, update-locale.

$ sudo update-locale LANG=en_US.UTF-8

Install MySQL.

$ sudo apt-get install mysql-client mysql-server

You will be asked the following questions:

New password for the MySQL "root" user: <-- yourrootsqlpassword 
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

We want MySQL to listen on all interfaces, not just localhost, therefore we edit /etc/mysql/my.cnf and comment out the line bind-address =

$ sudo nano /etc/mysql/my.cnf
# Instead of skip-networking the default is now to listen only on
# localhost which is more compatible and is not less secure.
#bind-address =

Then we restart MySQL:

$ sudo service mysql restart

Now check that networking is enabled. Run

$ sudo netstat -tap | grep mysql

Install Apache2, PHP5, FCGI, suExec, Pear, and mcrypt.

Apache2, PHP5, FCGI, suExec, Pear, and mcrypt can be installed as follows:

$ sudo apt-get install apache2 apache2-doc apache2-utils libapache2-mod-php5 php5 php5-common php5-gd php5-mysql php5-imap php5-cli php5-cgi libapache2-mod-fcgid apache2-suexec php-pear php-auth php5-mcrypt mcrypt php5-imagick imagemagick libapache2-mod-suphp libruby libapache2-mod-python php5-curl php5-intl php5-memcache php5-memcached php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl memcached snmp

The PHP5 mcrypt module has to be enabled manually:

$ sudo php5enmod mcrypt

Then run the following command to enable the Apache modules suexec, rewrite, ssl, actions:

$ sudo a2enmod suexec rewrite ssl actions include cgi

Next open /etc/apache2/mods-available/suphp.conf

$ sudo nano /etc/apache2/mods-available/suphp.conf

Comment out the <FilesMatch “\.ph(p3?|tml)$”> section and add the line AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml – otherwise all PHP files will be run by SuPHP:

<IfModule mod_suphp.c>
 #<FilesMatch "\.ph(p3?|tml)$">
 # SetHandler application/x-httpd-suphp
 suPHP_AddHandler application/x-httpd-suphp
 AddType application/x-httpd-suphp .php .php3 .php4 .php5 .phtml

<Directory />
 suPHP_Engine on

# By default, disable suPHP for debian packaged web applications as files
 # are owned by root and cannot be executed by suPHP because of min_uid.

 <Directory /usr/share>
 suPHP_Engine off

# # Use a specific php config file (a dir which contains a php.ini file)
 # suPHP_ConfigPath /etc/php5/cgi/suphp/
 # # Tells mod_suphp NOT to handle requests with the type <mime-type>.
 # suPHP_RemoveHandler <mime-type>

Restart Apache afterwards:

$ sudo service apache2 restart

If you want to host Ruby files with the extension .rb on your web sites created, you must comment out the line application/x-ruby rb in /etc/mime.types:

$ sudo /etc/mime.types
#application/x-ruby rb

(This is needed only for .rb files; Ruby files with the extension .rbx work out of the box.)

Restart Apache afterwards:

$ sudo service apache2 restart

Xcache is a free and open PHP opcode cacher for caching and optimizing PHP intermediate code. It’s similar to other PHP opcode cachers, such as eAccelerator and APC. It is strongly recommended to have one of these installed to speed up your PHP page.

Xcache can be installed as follows:

$ sudo apt-get install php5-xcache

Now restart Apache:

$ sudo service apache2 restart

The Perfect Ubuntu Server is now ready.

Add Swap File on AWS EC2 Ubuntu Redhat Linux

Use following commands to create swap file on your system.

$ sudo dd if=/dev/zero of=/var/swapfile bs=1M count=2048

bs=1M count=2048 means it will create 2GB of swap file, You may change as per you need. After enabling swap we can see that our system has swap enabled by running “free -m” command.

To prevent the file from being world-readable, you should set up the correct permissions on the swap file:

$ sudo chown root:root /var/swapfile
$ sudo chmod 0600 /var/swapfile

Subsequently we are going to prepare the swap file by creating a linux swap area.

$ sudo mkswap /var/swapfile

Finish up by activating the swap file.

$ sudo swapon /var/swapfile

You will then be able to see the new swap file when you view the swap summary.

$ sudo swapon -s

This file will last on the virtual private server until the machine reboots. You can ensure that the swap is permanent by adding it to the fstab file.

$ sudo nano /etc/fstab

Paste in the following line:

/var/swapfile swap swap defaults 0 0

Ubuntu system comes with a default of 60, meaning that the swap file will be used fairly often if the memory usage is around half of my RAM. You can check your own system’s swappiness value by running:

$ cat /proc/sys/vm/swappiness

As I have 4 GB of RAM, so I’d like to turn that down to 10 or 15. The swap file will then only be used when my RAM usage is around 80 or 90 percent. To change the system swappiness value, open /etc/sysctl.conf as root. Then, change or add this line to the file:

vm.swappiness = 10

Reboot for the change to take effect.

You can also change the value while your system is still running

sysctl vm.swappiness=10

Skipping this step may cause both poor performance.

You can also clear your swap by running

swapoff -a

And then

swapon -a

As root instead of rebooting to achieve the same effect.

Configuring a PPTP VPN on iOS iPhone iPad and Android

Previously, we learnt about how to setup a Private PPTP VPN Server on AWS EC2 Ubuntu Redhat. This is a follow up to that posting which describes how to setup the VPN on an iOS or Android device.

Please note that some carriers might block PPTP traffic. I experienced problems with using the VPN connection via 3G, while connecting through Wifi works for me. On 3G I can connect to the server, but no data is being transferred. On the server I see a lot of messages of the type “Protocol-Reject”. So if your device seems to be connected to the VPN but you get no traffic, it might be blocked by your carrier. You then need to find a Wifi Hotspot to use the VPN.

iOS Devices

Setting up the VPN is pretty straight forward:

  1. Go to Settings and open the “General” settings
  2. Select “Network”
  3. Select “VPN”
  4. Choose “Add VPN Configuration”
  5. On this screen make sure you activate “PPTP”. Now you can name your VPN connection and enter the address of the server, your login and your password. Ensure that “Send All Traffic” is “ON”. Now save your settings.
  6. Now you can turn on the VPN connection. An active connection is indicated by a blue “VPN” icon in the status bar.

Android Devices

On Android, the steps are quite similar:

  1. Go to “Settings” and open “Wireless & networks”
  2. Select “VPN settings”
  3. Select “Add VPN”
  4. Choose “Add PPTP VPN”
  5. Enter the “VPN name” and the server address in “Set VPN server”. Encryption should be enabled and DNS search domains not set. Now pull up the menu and save your changes.
  6. Click on connect and enter your login and password.
  7. An active VPN connection is indicated by a key icon in the status bar.

Now you should have your very own private VPN running on your both iOS and Android Devices.

Create Own Private PPTP VPN Server on AWS EC2 Ubuntu Redhat

For Ubuntu Server,

$ sudo apt-get install pptpd ufw

For 32 bit Redhat instances,

$ wget
$ yum localinstall pptpd-1.3.4-2.el6.i686.rpm

For 64 bit Redhat instances,

$ wget
$ yum localinstall pptpd-1.4.0-1.el6.x86_64.rpm

If you are using uwf, please allow Ports 22 and 1723 on UFW and Enable UFW
Warning: if you are connected to SSH on a port other than 22, please adjust the first command accordingly so you don’t get kicked off.

$ sudo ufw allow 22
$ sudo ufw allow 1723
$ sudo ufw enable

Edit “/etc/ppp/pptpd-options”
Comment out (by placing a “#” at the beginning of the line) the following lines in “/etc/ppp/pptpd-options”:


If you don’t want to require encryption, comment out “require-mppe-128” (might be good to disable it just for testing and re-enable it later)

Add the following:


*You can use any DNS servers you like, the two above are Google’s public DNS servers.

Edit “/etc/pptpd.conf”
At the end of the file “/etc/pptpd.conf”, add:



The localip field determines the IP address of your EC2 instance on the VPN, while remoteip field determines the IP address of connected clients. Because there may be potentially many clients connecting to this VPN, the remoteip is a range of 10 IP addresses.

Same edit “/etc/pptpd.conf”, Comment out logwtmp by adding # at the beginning of the line


Edit “/etc/ppp/chap-secrets”
The format for “/etc/ppp/chap-secrets” is: [Username] [Service] [Password] [Allowed IP Address]
Add something like this to the end (replacing sampleusername and samplepassword with whatever you want):

sampleusername pptpd samplepassword *

Reboot pptpd
Finally, you can reboot the pptpd server with:

$ sudo /etc/init.d/pptpd restart

Edit “/etc/sysctl.conf”
Un-comment the following line in “/etc/sysctl.conf”:


The following command reloads the configuration (you can also just reboot at the end of this guide):

$ sudo sysctl -p

And we also need to enable iptables NAT configuration:

$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

To ensure the NAT configuration be loaded when the machine boots, it might be a good idea to add in your “/etc/rc.local” the command:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

OK, it’s nearly finished! You need to start the pptpd service, and set it to automatically start when the machine boots:

$ /sbin/service pptpd start
$ chkconfig pptpd on

Be sure to enable port 1723 of your EC2 instance, otherwise the firewall will prevent your VPN from working!