CentOS System Setup

Notes from 2018…
 
# Upgrade system and clean disk
yum upgrade
yum clean all
 
# Install the basics
yum install -y vim wget curl net-tools lsof bash-completion psmisc
 
# Set hostname
nmtui-hostname
 
# Set network
nmtui-edit
 
# Check auto-starts
systemctl list-unit-files -t service
 
# Enable firewall
systemctl enable firewalld
systemctl start firewalld
 
# Open firewall port for SSH
firewall-cmd –add-service=ssh –permanent
firewall-cmd –add-service=http –permanent
firewall-cmd –add-service=https –permanent
firewall-cmd –reload
 
usermod -a -G backup backup
 
# Allow user1 to change into sitebuild
– skipped
vim /etc/ssh/sshd_config
groupadd permitssh
 
gpasswd -M user1,user2 permitssh
 
# If ssh is running on a non-standard port security context must be set
# yum -y install policycoreutils-python
semanage port -a -t ssh_port_t -p tcp XXXXX
 
# SSL Certificate
vim /etc/letsencrypt/live/dragoncoin.com/dragoncoin.com.pem
# Vim Create Directory If Not Exists: !mkdir -p %:h
—–BEGIN CERTIFICATE—–
 
ggJ0MIICcDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
==
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
 
 
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
 
—–END CERTIFICATE—–
—–BEGIN PRIVATE KEY—–
fOiBWgPceWLXspqfvjAieoBqQYy3R/N6mOayB9w43jzZHy/2YraR9P/P7yWSQAhB
kCsIp7OmqKmOmNEQspQ7/YAwtwUkqyTseYu17e0j29lG8hCioGvYKJpJhFQERbdG
NDg8c2PvAgMBAAECggEAQQcJG1UPzgXGgI3vpd6fLZ3DHhdNBoLlg/ish/0cYYRF
HAHA!
—–END PRIVATE KEY—–

 
# Allocate swapfile, set appropriate permissions, create swapfile
sudo dd if=/dev/zero of=/swapfile count=16384 bs=1MiB    #allocate
chmod 600 /swapfile        #secure the directory
mkswap /swapfile        #make swapfile in the /swapfile directory
swapon /swapfile        #configure system to use /swapfile
 
# Check swapfile settings
swapon -s
 
# Make permanent
vim /etc/fstab
# add this line
/swapfile none swap defaults 0 0
 

# Install HAProxy 1.8 using SCL repo
yum install centos-release-scl
yum install rh-haproxy18-haproxy rh-haproxy18-haproxy-syspaths
 
# Run HAProxy if it’s not already started by CRON
systemctl enable rh-haproxy18-haproxy
systemctl restart rh-haproxy18-haproxy
systemctl status rh-haproxy18-haproxy
 
# Set firewall
#firewall-cmd –zone=public –permanent  –add-port=9000/tcp
firewall-cmd –zone=public –add-service=http –permanent
firewall-cmd –zone=public –add-service=https –permanent
firewall-cmd –reload
 
#  This step is a must to resolve error: “cannot bind UNIX socket [/run/haproxy/admin.sock]
crontab -e
@reboot mkdir /run/haproxy && systemctl start rh-haproxy18-haproxy
 
# This step is to resolve 503 service unavailable errors in selinux enforce systems
setsebool -P haproxy_connect_any 1
 
# Edit config file
cp  /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg  /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg.bak
vim /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg
 
### Add these lines
 
frontend http_in
        bind *:80
        mode http
        redirect scheme https code 301 if !{ ssl_fc }
 
 
frontend https_in
        bind *:443 ssl crt /etc/certs/dragoncoin.com/dragoncoin.com.pem
        reqadd X-Forwarded-Proto:\ https
 
        # ShellInABox
        acl host_shell hdr(host) -i shell.dragoncoin.com
        use_backend shell if host_shell
 
        # Portainer
        acl host_docker hdr(host) -i docker.dragoncoin.com
        use_backend docker if host_docker
 
        # Project
        acl host_project hdr(host) -i project.dragoncoin.com
        use_backend project if host_project
 
#———————————————————————
# simple passwords to protect certain backends
#———————————————————————
 
userlist shell-users
        user kimconnect insecure-password ‘PASSWORD’
 
#———————————————————————
# backends
#———————————————————————
backend shell
        acl devops-auth http_auth(shell-users)
        http-request auth realm devops if !devops-auth
        mode http
        option forwardfor
        option http-keep-alive
        server static web01 127.0.0.1:8080 check
 
backend project
        mode http
        option forwardfor
        option http-keep-alive
        server web01 127.0.0.1:3000
 
backend docker
        mode http
        stats enable
        option forwardfor
        option http-keep-alive
        server web01 127.0.0.1:9000
Notes from 2015...

su
yum update && yum upgrade

yum install net-tools vim
ip addr show //find interface name
vim /etc/sysconfig/network-scripts/ifcfg-{interface_name} //change IP address and network interface automatic starting behavior
network {hostname} //set server hostname
service network restart

Firewall:
yum install firewalld
firewall-cmd --state
firewall-cmd --get-default-zone //display default zone
optional: firewall-cmd --set-default-zone=work //switch default zone to work
firewall-cmd --list-services //list all services in current zone
firewall-cmd --add-service=http
firewall-cmd --permanent --add-port={port_number}/tcp //open port number
firewall-cmd --reload
firewall-cmd --list-ports
firewall-cmd --get-zones
Optional: systemctl disable|enable firewalld //disable firewall

SELinux:
yum install selinux-policy
getenforce
vim /etc/selinux/config
setenforce 1

Rootkit Hunter:
yum install rkhunter
rkhunter --check

Install command line web browser:
yum install links
links 127.0.0.1 //test http service at localhost

Install nmap to monitor ports:
yum install nmap
nmap 127.0.0.1

Install telnet:
yum install telnet
telnet 127.0.0.1 80

Add EPEL Repo:
yum install epel-release

Other tools:
yum install p7zip ntfs-3g

Install FTP server:
yum install vsftpd
vim /etc/vsftpd/vsftpd.conf //configure FTP server if necessary
firewall-cmd --add-service=ftp
firewall-cmd --permanent --add-port=21/tcp
semanage permissive -a ftpd_t //http://linux.die.net/man/8/ftpd_selinux
firewall-cmd --reload
systemctl restart vsftpd
systemctl enable vsftpd

Add Sudoers:
visudo
Add user below 'root': kimconnect ALL=(ALL) ALL

Cron Jobs:
vim /etc/crontab //configure cron

HAProxy Example for SSH & OpenVNP forwarding

# Source: https://limbenjamin.com/articles/running-https-ssh-vpn-on-port-443.html
 
global
tune.ssl.default-dh-param 2048
 
defaults
timeout connect 5000
timeout client 50000
timeout server 50000
 
frontend ssl
mode tcp
bind 0.0.0.0:443
tcp-request inspect-delay 5s
tcp-request content accept if HTTP
use_backend ssh if { payload(0,7) -m bin 5353482d322e30 }
use_backend main-ssl if { req.ssl_hello_type 1 }
default_backend openvpn
 
frontend main
bind 127.0.0.1:443 ssl crt /some/folder/cert.pem accept-proxy
mode http
option forwardfor
default_backend webserver
 
frontend http
bind 0.0.0.0:80
reqadd X-Forwarded-Proto:\ http
default_backend webserver
 
backend main-ssl
mode tcp
server main-ssl 127.0.0.1:443 send-proxy
 
backend openvpn
mode tcp
timeout server 2h
server openvpn-localhost 127.0.0.1:1193
 
backend ssh
mode tcp
timeout server 2h
server ssh-localhost 127.0.0.1:22
 
backend webserver
mode http
option forwardfor
redirect scheme https code 301 if !{ ssl_fc }
server webserver-localhost 127.0.0.1:81

HAProxy on CentOS 7

# Install HAProxy 1.8 using SCL repo
yum install centos-release-scl
yum install rh-haproxy18-haproxy rh-haproxy18-haproxy-syspaths
 
# Run HAProxy if it’s not already started by CRON
systemctl enable rh-haproxy18-haproxy
systemctl restart rh-haproxy18-haproxy
systemctl status rh-haproxy18-haproxy
 
# Set firewall
#firewall-cmd –zone=public –permanent  –add-port=9000/tcp
firewall-cmd –zone=public –add-service=http –permanent
firewall-cmd –zone=public –add-service=https –permanent
firewall-cmd –reload
 
#  This step is a must to resolve error: “cannot bind UNIX socket [/run/haproxy/admin.sock]
crontab -e
@reboot mkdir /run/haproxy && systemctl start rh-haproxy18-haproxy
 
# This step is to resolve 503 service unavailable errors in selinux enforce systems
setsebool -P haproxy_connect_any 1
 
# Edit config file
cp  /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg  /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg.bak
vim /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg
 
################################## Sample Config ######################
global
        log /dev/log    local0
        log /dev/log    local1 notice
        chroot /var/lib/haproxy
        stats socket /run/haproxy/admin.sock mode 660 level admin
        stats timeout 30s
        user haproxy
        group haproxy
        daemon
 
        # Default SSL material locations
#        ca-base “/etc/certs/dragoncoin.com”
#       crt-base “/etc/certs/dragoncoin.com”
 
        # Default ciphers to use on SSL-enabled listening sockets.
        # For more information, see ciphers(1SSL).
        ssl-default-bind-ciphers – change this to remove weak ciphers: kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL
 
defaults
        log     global
        mode    http
        option  httplog
        option  dontlognull
#        timeout connect 5000
#        timeout client  50000
#        timeout server  50000
#        errorfile 400 /etc/haproxy/errors/400.http
#       errorfile 403 /etc/haproxy/errors/403.http
  #      errorfile 408 /etc/haproxy/errors/408.http
   #     errorfile 500 /etc/haproxy/errors/500.http
    #    errorfile 502 /etc/haproxy/errors/502.http
    #    errorfile 503 /etc/haproxy/errors/503.http
    #    errorfile 504 /etc/haproxy/errors/504.http
        option forwardfor       except 127.0.0.1/8
        option http-server-close
        timeout client 1d
        timeout server 1d
        option redispatch
        retries 30
        timeout http-request 300s
        timeout queue 1m
        timeout connect 10s
        timeout http-keep-alive 10s
        timeout check 10s
        maxconn 10000
 
listen stats
        bind *:999999
#       balance
        mode http
        stats enable
        maxconn 10
        timeout client 10s
        timeout server 10s
        timeout connect 10s
        timeout queue 10s
        stats auth kimconnect:’PASSWORD’
        stats hide-version
        stats refresh 30s
        stats show-node
        stats realm Haproxy \ Statistics
        stats uri /
        stats admin if TRUE
 
frontend http_in
        bind *:80
        mode http
        redirect scheme https code 301 if !{ ssl_fc }
 
frontend https_in
        bind *:443 ssl crt /etc/certs/dragoncoin.com/dragoncoin.com.pem
        reqadd X-Forwarded-Proto:\ https
#       acl letsencrypt-acl path_beg /.well-known/acme-challenge/
#       use_backend letsencrypt-backend if letsencrypt-acl
 
        # Define Sites:
        acl host_docker hdr(host) -i docker.dragoncoin.com
        use_backend docker if host_docker
 
        acl host_dragoncoin hdr(host) -i dragoncoin.com
        use_backend dragoncoin if host_dragoncoin
 
        # special URI to define blogs
        acl blog_in_url path_beg /blog/
        acl dragoncoin_com path_dom dragoncoin.com
        use_backend dragoncoin_blog if dragoncoin_com blog_in_url
#       acl host_dragoncoin hdr(host) -i dragoncoin.com
#       use_backend dragoncoin_blog if host_dragoncoin
 
#       acl host_project hdr(host) -i project.dragoncoin.com
#       use_backend project if host_project
 
        acl host_shell hdr(host) -i shell.dragoncoin.com
        use_backend shell if host_shell
 
#       acl host_proxy hdr(host) -h proxy.dragoncoin.com
#       use_backend proxy if host_proxy
 
userlist shell-users
        user kim insecure-password ‘PASSWORD’
 
backend shell
        acl devops-auth http_auth(shell-users)
        http-request auth realm devops if !devops-auth
#       http-request realm auth kim:’PASSWORD’
        mode http
        option forwardfor
        option http-keep-alive
        server web01 127.0.0.1:8080
 
#backend project
#       mode http
#       option forwardfor
#       option http-keep-alive
#       stats enable
#       server web01 127.0.0.1:3000
 
backend docker
        mode http
        stats enable
        option forwardfor
        option http-keep-alive
        server web01 127.0.0.1:9000
 
backend dragoncoin
        mode http
        option forwardfor
        option http-keep-alive
        stats enable
        server dragoncoin.com 127.0.0.1:8082
 
backend dragoncoin_blog
        mode http
        option forwardfor
        option http-keep-alive
        server blog 127.0.0.1:8081
####################################################################
 
 
 

 
Troubleshooting
 
# Check backend connections using SSL
openssl s_client -connect 127.0.0.1:3000

 
WEB02 HAProxy Config
vim /etc/opt/rh/rh-haproxy18/haproxy/haproxy.cfg
#### Add these at the end ####
frontend http_in
        bind *:80
        mode http
        redirect scheme https code 301 if !{ ssl_fc }
 
 
frontend https_in
        bind *:443 ssl crt /etc/certs/dragoncoin.com/dragoncoin.com.pem
        reqadd X-Forwarded-Proto:\ https
 
        # ShellInABox
        acl host_shell hdr(host) -i shell.dragoncoin.com
        use_backend shell if host_shell
 
        # Portainer
        acl host_docker hdr(host) -i docker.dragoncoin.com
        use_backend docker if host_docker
 
        # Project
        acl host_project hdr(host) -i project.dragoncoin.com
        use_backend project if host_project
 
#———————————————————————
# simple passwords to protect certain backends
#———————————————————————
 
userlist shell-users
        user kimconnect insecure-password ‘PASSWORD’
 
#———————————————————————
# backends
#———————————————————————
backend shell
        acl devops-auth http_auth(shell-users)
        http-request auth realm devops if !devops-auth
        mode http
        option forwardfor
        option http-keep-alive
        server static web01 127.0.0.1:8080 check
 
backend project
        mode http
        option forwardfor
        option http-keep-alive
        server web01 127.0.0.1:3000
 
backend docker
        mode http
        stats enable
        option forwardfor
        option http-keep-alive
        server web01 127.0.0.1:9000
 

HAProxy with Multiple SSL Certs

Method 1:
———
defaults
  log 127.0.0.1 local0
  option tcplog
 
frontend ft_test
  mode http
  bind 0.0.0.0:443 ssl crt /certs/haproxy1.pem crt /certs/haproxy2.pem
  use_backend bk_cert1 if { ssl_fc_sni dragoncoin.com } # content switching based on SNI
  use_backend bk_cert2 if { ssl_fc_sni kimconnect.com } # content switching based on SNI
 
backend bk_cert1
  mode http
  server srv1 <ip-address2>:80
 
backend bk_cert2
  mode http
  server srv2 <ip-address3>:80

HaProxy RDP Forwarding

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp

PortNumber = 000001BB

frontend fe_rdp_tsc
  bind 0.0.0.0:443 name rdp_web ssl crt kimconnect.com.pem
  mode http
  
  log global
  option httplog
  
  maxconn 1000
  acl path_rdweb path_beg -i /RDWeb/
  http-request redirect location /RDWeb/ if { path -i / /RDWeb }
  http-request deny unless path_rdweb
  default_backend be_rdp_tsc

backend rdp
  balance leastconn
	timeout client 300s
	capture request header Host len 32
  timeout connect 4s
  timeout server 300s
  option httpchk GET /
  cookie RDPWEB insert nocache
  default-server inter 3s    rise 2  fall 3
  server srv01 10.10.10.4:443 maxconn 1000 weight 10 ssl check cookie srv01

Apache Multiple Domains Config

vim /ect/httpd/conf/httpd.conf
<VirtualHost *:80>
     ServerAdmin admin@kimconnect.com
     ServerName kimconnect.com
     ServerAlias www.kimconnect.com
     DocumentRoot /home/www/kimconnect.com/
#     ErrorLog /home/www/kimconnect.com/logs/error.log
#     CustomLog /home/www/kimconnect.com/logs/access.log combined
</VirtualHost>
 
Setup FTP Server:
vim /etc/vsftpd/vsftpd.conf
# line 12: no anonymous
 
anonymous_enable=
NO
# line 80,81: uncomment ( allow ascii mode )
 
ascii_upload_enable=YES
ascii_download_enable=YES
# line 95, 96: uncomment ( enable chroot )
 
chroot_local_user=NO
chroot_list_enable=YES
# line 98: uncomment ( specify chroot list )
 
chroot_list_file=/etc/vsftpd/chroot_list
# line 104: uncomment
 
ls_recurse_enable=YES
# add at the last line
 
# specify root directory ( if don’t specify, users’ home directory become FTP home directory)
 
local_root=/home/www/
# use localtime
 
use_localtime=YES
[root@www ~]#
vim /etc/vsftpd/chroot_list
# add users you allow to move over their home directory
kim
=========== set selinux to permit ftp change directory ============
setseboll -P ftp_home_dir on
======== memcached and shit =========
yum install memcached
vim /etc/php.ini
==== add this line ====
extension=memcache.so
chkconfig –add memcached
======= phpMyAdmin ===
vim /etc/httpd/conf.d/phpMyAdmin.conf
——– allow from LAN —–
Allow from 127.0.0.1 108.224.10.118 192.168.1.0/24

Mods to Zencart

Important Mods to Zencart
OC GOLD® setup:
 
Zens Footer copyright info is moded at the “english.php”:
home/yours/public_html/yoursite/includes/languages/english.php
FOOTER_TEXT_BODY’, ‘Copyright © 2006 http://www.yoursite.com/” target=”_blank”>yoursite. Operated by http://www.yoursite.com/” target=”_blank”>yoursite
 
————————-
 
Logo Change
/includes/templates/YOURTEMPLATE/images
 
————————
 
EZPages on SiteMap: http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_47&products_id=222
Zencart Sitemap: http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_60&products_id=544
 
More Zencart Tools can be found here: http://www.zen-cart.com/index.php?main_page=index&cPath=40
 
———————–
 
Zencart Gallery2 Integration:
http://codex.gallery2.org/Gallery2:Modules:zencart
 
————————-
 
Remove meta author and meta generator
includes/templates/YOURTEMPLATE/common/html_header.php
 
Applied:
0.1 Security for Admin Panel – http://www.zen-cart.com/forum/showthread.php?t=130161
 
1. Selling gold?
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_50&products_id=1091
Instructions missing a copying of /includes/modules/pages/product_info  into /includes/modules/pages/product_gold_info
Check forum: http://www.zen-cart.com/forum/showthread.php?t=103632&page=4
 
Since XE gold prices update more accurately than Oanda, wwitch your default update order to use xe first, by switching the oanda and xe values in these settings: /admin/includes/init_includes/init_general_funcs.php:
 
Code:
// Define how do we update currency exchange rates
// Possible values are ‘oanda’ ‘xe’ or ”
  define(‘CURRENCY_SERVER_PRIMARY’, ‘oanda’);
  define(‘CURRENCY_SERVER_BACKUP’, ‘xe’);
 
1.1 Automatic Currency Updates
————–
Make cron job accessible to auto-update: http://www.zen-cart.com/forum/showthread.php?t=114279
 
 if ($_SERVER[‘REMOTE_ADDR’] == $_SERVER[‘SERVER_ADDR’]) {
 define(‘CRON_ADMIN_USER_ID’, ‘XXXX’);
 }
 define(‘EMAIL_USE_HTML’, false);
use CPanel to define these jobs:
 GET “http://ocgold.com/admin/currencies.php?page=1&cID=5&action=update” >> /dev/null 2>&1
 GET “http://ocgold.com/admin/currencies.php?page=1&cID=5&action=updateGoldProductPrices” >> /dev/null 2>&1
 
/admin/init_includes/init_admin_auth.php   — add this:
if (!isset($_SESSION[‘admin_id’]) && defined(‘CRON_ADMIN_USER_ID’) && CRON_ADMIN_USER_ID != ”) { $_SESSION[‘admin_id’] = CRON_ADMIN_USER_ID; }
 
~/admin/currencies.php
if ($_SERVER[‘REMOTE_ADDR’] == ‘XX.XX.XX.XX’) {
define(‘CRON_ADMIN_USER_ID’, ‘XXXX’);
 }
 
Use phpMyAdmin to create an Admin account with user ID = XXXX
 
create a file called “update_prices.sh” in /home/ocgold/public_html/
#!/bin/sh
GET “http://ocgold.com/admin/currencies.php?page=1&cID=5&action=update” >> /dev/null 2>&1
sleep 10
GET “http://ocgold.com/admin/currencies.php?page=1&cID=5&action=updateGoldProductPrices” >> /dev/null 2>&1
 
create a cron job
sh /home/ocgold/public_html/price_update.sh
====================================================
 
Edit admin/currencies.php to add a line making sure that Zero values will not throw off prices..
—-
Change
if (zen_not_null($rate))
To
if (zen_not_null($rate) && $rate != 0)
 
1.5 Display links:
BBB
USA Patriot Act Compliance
Jewelers Vigilance Commitee
Second Hand Dealer’s License #
Registered with State Attorney’s General
 
1.6 Image Handler for 3.8.x http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=117
The following files must be backed up prior to installation:
/includes/modules/additional_images.php
/includes/modules/main_product_image.php
/includes/modules/pages/popup_image/header_php.php
/includes/modules/pages/popup_image_additional/header_php.php
/includes/templates/template_default/popup_image_additional/tpl_main_page.php
/admin/includes/modules/category_product_listing.php
 
1.7 Testimonials Manager http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=446
1.8 Links Manager http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=297
 
2. Ultimate SEO URLs (not working correctly)
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_47&products_id=231
 
13. Ceon URI Mapping (SEO)
http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=1269
 
3. WordPress On ZenCart
WOZ: http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=681
User Integration: http://wordpress.org/extend/plugins/zencart-and-wordpress-user-integration/
{this plugin doesn’t work} Admin Login as Customer: http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=829
Encrypted Master Password: http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_41&products_id=190
 
Follow the instructions, then do this at the end Admin Panel -> Tools -> WOZ Manager -> Ceon URI Mapping Setting
Edit:   public_html/includes/init_includes/init_ceon_uri_mapping.php
Add the new lines shown, around approx line 115:
 
find:
$uri_to_match = preg_replace(‘/[^a-zA-Z0-9_\-\.\/%]/’, ”, $request_uri);
 
// for WordPress On ZenCart BOF
$woz_uri_query = “
SELECT
um.language_id,
um.uri
FROM
” . TABLE_CEON_URI_MAPPINGS . ” um
WHERE
um.main_page = ‘” . FILENAME_WORDPRESS . “‘
ORDER BY
BIT_LENGTH(um.uri) DESC;”;
$woz_uri_result = $db->Execute($woz_uri_query);
$woz_uri = ”;
while (!$woz_uri_result->EOF) {
$woz_uri = $woz_uri_result->fields[‘uri’];
if(ereg(“^$woz_uri”, $uri_to_match)){
if(ereg(“/comments/feed/”, $uri_to_match)){
$_GET[‘feed’] = ‘comments-rss2’;
}else if(ereg(“/feed/”, $uri_to_match)){
$_GET[‘feed’] = ‘rss2’;
}
$uri_to_match = $woz_uri;
break;
}
$woz_uri_result->MoveNext();
}
// for WordPress On ZenCart EOF
 
if (substr($uri_to_match, -1) == ‘/’) {
 
==============================================================================================
 
Remove WordPress Meta Junkie Links: http://desizntech.info/2009/01/remove-wordpress-meta/
 
Make posts show up on front page: http://www.zen-cart.com/forum/showthread.php?t=27980&page=164
Admin-Tools-define main page
——–
 
require(‘./blog/wp-blog-header.php’);
?>$posts = get_posts(‘numberposts=1’); // change to whatever number of posts to show
foreach($posts as $post) :
setup_postdata($post);
?>
 
—-
 
To remove “Meta” Log in WordPress Admin – Appearance – Editor – sidebar.php (right hand side)
 
————————- Admin | Define Pages Editor | Main Page —————–
// Include WordPress
define(‘WP_USE_THEMES’, false);
require(‘./blog/wp-blog-header.php’);
query_posts(‘showposts=2’);
?>
—————————————————————————————————–
 
4. PO Box Ban
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_51&products_id=1031
 
5. Ebay Exporter
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_60&products_id=711
For Seller Manager Pro or Turbo Lister 2.0
 
6. Maximum Amount Allowed in Shopping Cart
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_60&products_id=1259
 
7. Credit Card Fraud Detection – Maxmind
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_41&products_id=447
 
8. Monthly Sales and Tax Summary Report
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_41&products_id=1043
 
9. USPS.com Click-n-Ship AutoFill Button
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_41&products_id=285
 
10. Zen Cart Order Manager
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_41&products_id=223
Must sign up for Encidia.com’s $10/month service
 
11. Add Shipping Telephone
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_47&products_id=1628
 
12. Ask A Question
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_47&products_id=206
 
14. Jgallery
http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=973
 
15. Image Handler 2 for v1.3.x
http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_47&products_id=117
 
16. Google Maps
 
17. Testimonial Manager
http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=446
 
18. Google Base (Froogle) Feeder
http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=473
 
Zencart with Changes:
– Change the index page with business maps: /ocgold.com/includes/languages/english/ocean_front/index.php
– Make sure that Google robot is allowed to index your site /public_html/includes/templates/ocean_front/common/html_header.php
– Optional: Remove / replace “Contact Us” to control spam hackers: /includes/templates/template_default/templates/tpl_contact_us_default.php
– Email options: remove “tell a friend” function as that is being used by spammers
– Change the tags:  /public_html/includes/languages/english/meta_tags.php
– Change image sizes: configuration, images
– Change the logo: http://ocgold.com/includes/templates/classic/images/logo.gif
– Edit header text line (blue browser bar): /public_html/includes/languages/english/header.php and index.php
– Edit Location below header search box: /public_html/includes/templates/ocean_front/sideboxes/tpl_search_header.php
– Title Bar Change: /public_html/includes/languages/english/ocean_front/meta_tags.php
– Change the top body middle portion to display Phone number: /public_html/includes/languages/english/ocean_front/header.php
– Add a tab link to blog: edit /public_html/includes/templates/ocean_front/common/tbl_header.php
 
– Edit the body of front page in tools – define pages editor – define_main_page.php
– Edit the headline of the body: /public_html/includes/languages/english/ocean_front/index.php
– Edit footer: /public_html/includes/languages/ocean_front/english.php
– Change the word “Categories” /public_html/includes/languages/ocean_front/english.php Line #77 : define(‘BOX_HEADING_CATEGORIES’, ‘Categories’);
– CFK Editor: http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=268
– Activate Godaddy CURL for Paypal/Zencart: http://www.zen-cart.com/forum/showthread.php?t=61528
– Set payment module: modules, payment
– Set up Paypal Express: http://www.zen-cart.com/index.php?main_page=page&id=15
– Edit Left/Right Columns: Tools, Layout Boxes Controller
– Location, Taxes: Define Zone and rate
– Shipping module
– Tools, Define Pages Editor: make text changes to reflect policies and contact information
– Main page featured products sort
Edits to featured_products.php:
1. append “order by featured_sort_id” to the two select statements
2. change ExecuteRandomMulti() to Execute()
3. change MoveNextRandom() to MoveNext()
First I created a new field “featured_sort_id” in “products_description” table.
 
Create custom page in Zencart with keywords for SEO purposes:
1. Download this tool to generate the files: http://www.zen-cart.com/downloads.php?do=file&id=566
2. Upload via FTP
3. Control panel – Tools – Define Pages Editor
4. Use CEON-URI to create ezpage: Tools – EzPages
 
After adding sort_id’s to each product I edited featured_products.php (as below) and placed in /includes/modules/custom/
 
Edits to featured_products.php:
 
1. append “order by featured_sort_id” to the two select statements
2. change ExecuteRandomMulti() to Execute()
3. change MoveNextRandom() to MoveNext()
 
remove “sold out” button: /public_html/includes/templates/ocean_front/buttons/english/button_sold_out_sm.gif
/public_html/includes/templates/template_default/buttons/english/button_sold_out_sm.gif
 
remove filter results box: Admin-Configuration-Product Listing; `Include Product Listing Alpha Sorter Dropdown = false
 
Activate Header background: /public_html/includes/templates/ocean_front/css/stylesheet.css -==> Look for: #logoWrapper ==> update background image to template’s image folder
 
========================================================================================
 
WRONG! Zens Footer copyright info is moded at the “english.php”:
home/yours/public_html/yoursite/includes/languages/english.php
FOOTER_TEXT_BODY’, ‘Copyright © 2007 http://ocgold.com/” target=”_blank”>OC GOLD. All purchases are subject to availability.
 
————————-
Logo Change
/includes/templates/YOURTEMPLATE/images
————————
EZPages on SiteMap: http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_47&products_id=222
Zencart Sitemap: http://www.zen-cart.com/index.php?main_page=product_contrib_info&cPath=40_60&products_id=544
More Zencart Tools can be found here: http://www.zen-cart.com/index.php?main_page=index&cPath=40
———————–
Zencart Gallery2 Integration:
http://codex.gallery2.org/Gallery2:Modules:zencart
————————-
Remove meta author and meta generator
includes/templates/YOURTEMPLATE/common/html_header.php
 
Ultimate_SEO_urls_2-1-107 (doesn’t work on 1.3.8)
1. Copy files from `_zen_cart_folder` to your Zen Cart install
2. Copy (or MERGE if you have made changes) files from v138-specific-files to your Zen Cart install
3. A sample .htaccess file is included. Simply rename to .htaccess and edit the word /shop/ to match your site
4. Config the module in CONFIGURATION – SEO URLS
 
=======================================================================================
 
If you want to eliminate “Welcome Guest!” Would you like to log yourself in?” message completely, turn off the Customer Greeting in your Admin -> Configuration -> Layout settings -> Customer Greeting -> Show on Index Page and set to 0.
 
If you want to replace this message with one of your own, start your text editor and open the includes/languages/ENGLISH/index.php file and locate these lines of code
 
if (STORE_STATUS == ‘0’) {
define(‘TEXT_GREETING_GUEST’, ‘Welcome Guest! Would you like to log yourself in?’);
} else {
define(‘TEXT_GREETING_GUEST’, ‘Welcome, please enjoy our online showcase.’);
}
define(‘TEXT_GREETING_PERSONAL’, ‘Hello %s!’);
 
As you can see, there are two Welcome messages depending upon whether you wish Zen Cart to be a fully functioning store, or just a showroom.
 
Edit the message starting from the word “Welcome” but be careful not to change the text in angled brackets, or the brackets themselves. Make sure that the single quote marks are not left out. If you want to include an apostrophe in your text e.g. “Lucy’s Store”, you will need to put an escape character before the apostrophe, i.e. “Lucy\’s Store”.
 
Save the edited file to includes/languages/ENGLISH/CUSTOM/index.php and upload it to your server.
 
=======================================================================================
To change the “Sales Message Goes Here” or “Tagline Here” text to say what you want open the includes/languages/english/header.php file in your text editor. Find the following line of code:
 
define(‘HEADER_SALES_TEXT’, ‘Tagline Here’);
 
Replace the tagline text with your own text, making sure that the single quote marks are not left out.
 
Save the edited file to includes/languages/english/custom/header.php and upload it to your server.
 
NB: By default the text “Sales Message Goes Here” is located in includes/languages/english/classic/header.php define(‘HEADER_SALES_TEXT’, ‘Sales Message Goes Here’);
 
=======================================================================================
 
How do I add and position a new logo?
 
By default Zen Cart™ uses logo.gif for the name of this image, but you can use you own filename for the logo.
 
Using an image editor, create your new logo and save it to includes/templates/CUSTOM/images/your_image_name.??? and upload it to your server.
 
After creating your logo you can adjust the height, width and logo name in includes/languages/ENGLISH/header.php
 
define(‘HEADER_LOGO_WIDTH’, ‘192px’);
define(‘HEADER_LOGO_HEIGHT’, ’64px’);
define(‘HEADER_LOGO_IMAGE’, ‘logo.gif’);
 
Make the needed changes, save the file to includes/languages/ENGLISH/CUSTOM/header.php and upload to your server.
 
=======================================================================================
 
How do I Change the Congratulations! Message?
 
If you want to change the Congratulations! You have successfully installed your Zen Cart™ E-Commerce Solution? Text with your own open the includes/languages/ENGLISH/index.php file and find the following code:
 
// This section deals with the “home” page at the top level with no  options/products selected
/*Replace this text with the headline you would like for your shop.
For  example: ‘Welcome to My SHOP!’*/
define(‘HEADING_TITLE’, ‘Congratulations! You have successfully installed your
Zen Cart™ E-Commerce Solution.’);
} elseif ($category_depth == ‘nested’) {
// This section deals with displaying a subcategory
/*Replace this line with the headline you would like for your shop. For
example: ‘Welcome to My SHOP!’*/
define(‘HEADING_TITLE’, ‘Congratulations! You have successfully installed your
Zen Cart™ E-Commerce Solution.’);
}
 
Replace the text starting Congratulations with your own text. Make sure that the single quote marks are not left out, save the file and upload to your server.
 
=======================================================================================
 
How do I add additional links to the Header and Footer?
 
CAPITALIZED words refer to a folder or language that you choose. We use CUSTOM for your template and ENGLISH for your language by default. These generic terms should be changed to  the name of the  template/language you are using.
 
There are two options for adding additional links to the header and footer of your site.
 
OPTION 1:
 
Additional links requires editing two files; tpl_header.php and tpl_footer.php.
You can add internal page links as well external links. We’ll use tpl_header.php in this article, but the same procedures would apply to tpl_footer.php.
 
Adding an internal page link (let’s use the Contact Us page in this example.)
 
In your text editor open includes -> templates -> template_default -> common -> tpl_header.php
 
 find the following code:
 
– ‘; ?>
 
– Add the following code just below the last line in the above code.
 
– SSL’) . ‘”>’ . BOX_INFORMATION_CONTACT . ”; ?>
 
You would add an external link as outlined above.
 
– http://your_external_link.com”>Your Link Text
 
– Save the edited file to includes -> templates -> CUSTOM -> common -> tpl_header.php and upload to your server.
OPTION 2:
Make sure the EZ-Pages header or footer are activated – admin -> configuration -> EZ-Pages Settings and turn them on.
Using EZ-Pages – Go to admin -> tools -> EZ-Pages and click the New File Button.
Fill in the Page Title Box (in our example add Contact Us)
Select Where you want the link to appear:
Header -> select Yes and add a Sort Order
Footer -> select Yes and add a Sort Order
Scroll down to the Internal Link URL box
Add your link as follows – index.php?main_page=contact_us (You would follow this procedure for whatever page you are adding)
Click the Insert Button and your finished.
—————————————–
GoogeBase
http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=473
Unzip and upload all files to your store directory (except .sql files);
Chmod feed directory to 777
Go to Admin->Tools->Install SQL Patches and install googlefroogle.sql by copying and pasting (do not upload);
Go to http://base.google.com and create/sign to your account. Follow the link on the right hand side of their website to create your FTP account.
 
– Go to Admin->Configuration->Google Base Configuration and setup all parameters;
Register your bulk upload .xml file using the same name in your Google Base Configuration at base.google.com
– Go to Admin->Tools>Google Base Feeder and follow instructions to create, view, and upload feed file.
Set up cron job to update products hourly: GET “http://ocgold.com/googlefroogle.php?feed=fy_un_tp” >> /dev/null 2>&1
– Goto Google Merchant Center | Data Feeds | Setup daily upload of link: http://ocgold.com/feed/domain_products.xml
Install Zen Cart: 1.3.9h…
Rename “admin” folder to “panel”
chmod 777, then edit: ~/admin/includes/configure.php (change 3 instances of “admin” to “panel”)
chmod 444 configure.php back
remove “meta” junk links: http://desizntech.info/2009/01/remove-wordpress-meta/default-widgets.php
 
Install “Ceon URI Mapping”
This will turn BLOG address “index.php?main_page=wordpress” to /blog/ among other mappings
——————————–
Ceon URI Mapping Setting
——————————–
Access Zen Cart Admin > tools > WOZ Manager and Click [Ceon URI Mapping Setting].
Please input URI Mapping and Update.
Access WordPress Admin > Setting > General and [Blog address (URL)] change to [URI Mapping].
Please edit /includes/init_includes/init_ceon_uri_mapping.php
(Cf. WOZ Manager > Ceon URI Mapping Setting)
 
Install WOZ (wordpress on zencart)
Get the woz_en_pro version
Important:
1. Must install after CEON
2. Must create mapping “/blog” after install http://YOUR_DOMAIN/cpanel/woz_manager.php?page=1&action=ceon_url_setting
3. .htaccess file must allow remapping of “/blog” directory
4. Must remake some changes when there’s a template change
5. Make header.php and footer.php BLANK in /home/USERNAME/webapps/SITENAME/blog/wp-content/themes/woz_default
6. Remove META in /home/kimconnect/webapps/kimconnect_com/blog/wp-content/themes/woz_default/sidebar.php
 
Install Adult 04 template:
These are the files that are overridden:
includes/languages/english.php
includes/modules/new_products.php
includes/modules/specials_index.php
includes/languages/english/html_includes/define_main_page.php
 
Important Plug Ins:
CFK Editor
Image Handler
Group Pricing
Define Pages Generator
Categories Dressing
Colum divider Pro
Better Together
Column Layout Grid for Product Listing
Admin Category / Product Images
Maximum Amount Allowed in Shopping Cart
Ultimate SEO Urls
ZEN Lightbox
Quick Updates
Search Log
Ad Manager
 
Remove Links under Header + Box
Admin – Configurations – Layout Settings – Categories-Tabs Menu ON/OFF = 0
 
Title Bar change: /includes/languages/english/lite_red/meta_tags.php ???
 
Add a tab link to blog: edit /home/kimconnect/webapps/kimconnect_com/includes/templates/lite_red/templates/tpl_top_nav.php
 
Make sure that Google robot is allowed
/home/kimconnect/webapps/kimconnect_com/includes/templates/TEMPLATE/common/html_header.php
 
Change the tags:
/home/kimconnect/webapps/kimconnect_com/includes/languages/english/meta_tags.php
 
Change the top body texts:
/home/sexcenter/webapps/kimconnect_com/includes/languages/english/lite_red/index.php
 
Edit footer:
/home/kimconnect/webapps/sexcenter_com/includes/languages/lite_red/english.php
 
Change box to say “Shopping” instead of “Categories”
Change the search box to say “search our store” instead of “search”
Change the “blog sidebar” to say “Blog”
 
======================= Re-do when upgrading
Remove Generators:
Zen Cart
/home/kimconnect/webapps/kimconnect_com/includes/templates/template_default/common/html_header.php
remove: generator
change: “noindex” to “index”
 
WordPress Cleanup Header
/home/kimconnect/webapps/kimconnect_com/blog/wp-content/themes/woz_default/functions.php
add these lines before the last ?>
 
//wordpress header junk
    remove_action( ‘wp_head’, ‘feed_links_extra’, 3 ); // Display the links to the extra feeds such as category feeds
    remove_action( ‘wp_head’, ‘feed_links’, 2 ); // Display the links to the general feeds: Post and Comment Feed
    remove_action( ‘wp_head’, ‘rsd_link’ ); // Display the link to the Really Simple Discovery service endpoint, EditURI link
    remove_action( ‘wp_head’, ‘wlwmanifest_link’ ); // Display the link to the Windows Live Writer manifest file.
    remove_action( ‘wp_head’, ‘index_rel_link’ ); // index link
    remove_action( ‘wp_head’, ‘parent_post_rel_link’, 10, 0 ); // prev link
    remove_action( ‘wp_head’, ‘start_post_rel_link’, 10, 0 ); // start link
    remove_action( ‘wp_head’, ‘adjacent_posts_rel_link_wp_head’, 10, 0 ); // Display relational links for the posts adjacent to the current post.
    remove_action( ‘wp_head’, ‘wp_generator’ ); // Display the XHTML generator that is generated on the wp_head hook, WP version
 
//Pods Plugin
if (!is_admin()) {
function site_init()
{
    wp_deregister_script(‘pods-ui’);
}
 
add_action(‘init’, ‘site_init’);
}
 
Clean-up NextGen header generator: /home/kimconnect/webapps/kimconnect_com/blog/wp-content/plugins/nextgen-gallery/nggallery.php
// Add a version number to the header…
// Add MRSS to wp_head…
============================
 
Install Testimonials Manager
SQL patch, change template names, upload, then edit /home/kimconnect/webapps/kimconnect_com/includes/templates/template_default/css/stylesheet.css and /home/kimconnect/webapps/kimconnect_com/includes/templates/lite_red/css/stylesheet.css
 
Install Links Manager
http://www.zen-cart.com/index.php?main_page=product_contrib_info&products_id=297
 
Install WP plugins
NextGen Gallery
Google XML Sitemaps
The Crawl Rate Tracker
WordPress Database Backup
 
—————– When updating Gallery, one must edit “Style” as follows ———————-
/* ———– Album Styles Compact ————-*/
 
.ngg-album-compact {
    float:left;
    height:180px;
    padding-right:6px !important;
    margin:0px !important;
    text-align:left;
    width:120px;   
}
 
.ngg-album-compactbox {
    background:transparent no-repeat scroll 0%;
    height:86px;
    margin:0pt 0pt 6px !important;
    padding:12px 0pt 0pt 7px !important;
    width:120px;
}
 
 
.ngg-album-compactbox .Thumb {
    border:1px solid #000000;
    margin:0px !important;
    padding:0px !important;
    width:109px;
    height:109px;
}
 
.ngg-album-compact h4 {
    font-size:15px;
    font-weight:bold;
    margin-bottom:0px;
    margin-top:21px;
    width:110px;
    text-align:center;
}
 
.ngg-album-compact p {
    font-size:11px;
    margin-top:0px;
    text-align:center;
}

In Search of an Appointment Calendaring System

Group I: WordPress Plug-in
Since websites are often built with Content Management Systems such as WordPress, it is logical to choose an application that integrates well with such framework. Below is a list of comparable products:
 
1. BirchPress Scheduler
– Features: multiple service providers, services, and locations
– Integrations: Paypal, Authorize.net, WooCommerce
– Notes: appointment booking is a single page form. General calendar does not yet have a function to choose an available time to make a booking
– Pricing: $199 for 1 site, $499 for 5 sites
– Our subjective rating: 8 of 10
 
2. wpBooking Calendar
– Features: multiple “resources,” which would translate to locations – no multiple services
– Integrations: Paypal, Authorize.net, Sage, iPay88 – no shopping cart
– Notes: general calendar is point and click. The booking process is not yet very polished
– Pricing: $749 for 1 site, $999 for 5 sites
– Our subjective rating: 6 of 10
 
3. Appointment+
– Features: multiple service providers & services – no locations
– Integrations: Paypal, Authorize.net, MarketPress, BuddyPress, Membership
– Notes: service providers have their individual pages, Membership module is useful for enticing sign-ups
– Pricing: $294 per year per site
– Our subjective rating: 8 of 10
 
4. WooCommerce Appointments
– Features: multiple locations & services – no multiple service providers
– Integration: Google Calenda, WooCommerce shopping cart
– Notes: this plugin is excellent for a property rental business
– Pricing: $69 single site, $129 10 sites, $199 25 sites
– Our subjective rating: 7 of 10
 
Group II: Purposed Applications
1. 10 to 8
– Features: multiple service providers, locations, and services
– Notes: this booking software is a standalone, cloud service application. users are entrusting their data on the vendor’s server. It is not a self-hosted solution
– Pricing: $25/month 3 users, $50/month 6 users, $150/month 25 users
– Our rating:
2. Timely
– Features: multiple service providers, locations, and services
– Notes: another cloud booking service
– Pricing: $24/month 2 users, $64/month unlimited PLUS $0.10 per SMS 
– Our rating: 

Quick Setup Notes: Install WordPress Using Docker

  • Obtain SSL Certificate
  • Configure HAProxy
  • Configure MySQL
  • Run Docker Container
# Simple WordPress with nothing
docker run –privileged –name kimconnect-p XXXXX:XX -d wordpress
  • Configure WordPress Container with SSL
# Install VIM to edit .htaccess
docker exec -it blog /bin/bash
apt-get update && apt-get install neovim -y
vim .htaccess #edit the file to finish with content below
 
# Setup WordPress to run on HTTPS
# Preemptively resolve looping redirects and mixed-contents (http & https) issues with browsers raising security warnings
vim wp-config.php
#### Add these lines at the top, right below <?php ####
define(‘FORCE_SSL_ADMIN’, true);
define(‘FORCE_SSL_LOGIN’, true);
if ($_SERVER[‘HTTP_X_FORWARDED_PROTO’] == ‘https’) $_SERVER[‘HTTPS’]=’on’;
 
  • Run WordPress Setup
Troubleshooting:
 
Error: Sorry, you are not allowed to access this page.
Resolution: 
Method 0: Ensure that SSL_ADMIN is set correctly (at the top of wp-config.php)
 
Method 1: Edit user role
UPDATE wp_usermeta SET meta_value=’a:1:{s:13:”administrator”;s:1:”1″;}’ WHERE user_id=1 AND meta_key=’wp_capabilities’;
 
Method 2: Create New Admin User
INSERT INTO kimconnect.wp_users (‘ID’, ‘user_login’, ‘user_pass’, ‘user_nicename’, ‘user_email’, ‘user_url’, ‘user_registered’, ‘user_activation_key’, ‘user_status’, ‘display_name’) VALUES (‘2’, ‘kim’, MD5(‘test’), ‘Kim Connect’, ‘admin@kimconnect.com’, ‘https://www.kimconnect.com/’, ‘2019-01-01 00:00:00’, ”, ‘0’, ‘Kim Doan’);
INSERT INTO ‘kimconnect’.’wp_usermeta’ (‘umeta_id’, ‘user_id’, ‘meta_key’, ‘meta_value’) VALUES (NULL, ‘2’, ‘kc_capabilities’, ‘a:1:{s:13:”administrator”;s:1:”1″;}’);
INSERT INTO ‘kimconnect’.’wp_usermeta’ (‘umeta_id’, ‘user_id’, ‘meta_key’, ‘meta_value’) VALUES (NULL, ‘2’, ‘kc_user_level’, ’10’);
 
# Manually Update Admin user’s password using MySQL commands
UPDATE kimconnect.wp_users SET user_pass = MD5(‘PASSWORD’) WHERE ID = 1;
 
# Show permissions as octal values
root@CONTAINER_ID:/var/www/html# stat -c “%a %n” *
644 index.php
644 license.txt
644 readme.html
644 wp-activate.php
755 wp-admin
644 wp-blog-header.php
644 wp-comments-post.php
644 wp-config-sample.php
666 wp-config.php
755 wp-content
644 wp-cron.php
755 wp-includes
644 wp-links-opml.php
644 wp-load.php
644 wp-login.php
644 wp-mail.php
644 wp-settings.php
644 wp-signup.php
644 wp-trackback.php
644 xmlrpc.php
 
# Database manipulation
UPDATE
    kimconnect.wp_usermeta
SET
    use_ssl = 1,
WHERE
    user_id = 1;
 
# Delete all tables in database
USE kimconnect;
SET FOREIGN_KEY_CHECKS = 0;
SET GROUP_CONCAT_MAX_LEN=32768;
SET @tables = NULL;
SELECT GROUP_CONCAT(‘`’, table_name, ‘`’) INTO @tables
  FROM information_schema.tables
  WHERE table_schema = (SELECT DATABASE());
SELECT IFNULL(@tables,’dummy’) INTO @tables;
 
SET @tables = CONCAT(‘DROP TABLE IF EXISTS ‘, @tables);
PREPARE stmt FROM @tables;
EXECUTE stmt;
DEALLOCATE PREPARE stmt;
SET FOREIGN_KEY_CHECKS = 1;

CentOS: Java & Tomcat Installation

Install Java 1.6.0_20:
 
The following instructions assume that there is no root access to the system. Thus, Java must be made available in a home directory of user named webadmin.
 
Download the file:
cd ~
wget http://software.cs.utep.edu/LINUX/Java/jdk-6u20-linux-x64.bin
 
Set execution permissions:
chmod +x jdk-6u20-linux-x64.bin
 
Install:
# sh jdk-6u20-linux-x64.bin
./jdk-6u20-linux-x64.bin
 
Install Tomcat:
cd ~
wget https://archive.apache.org/dist/tomcat/tomcat-5/v5.5.35/bin/apache-tomcat-5.5.35.tar.gz
tar -xzvf apache-tomcat-5.5.35.tar.gz
mv apache-tomcat-5.5.35 ~/webserver
rm apache-tomcat-5.5.35.tar.gz
Set environment:
vim ~/webserver/bin/setenv.sh
— paste these lines —
JAVA_HOME=/home/webadmin/jdk1.6.0_20/
JRE_HOME=/home/webadmin/jdk1.6.0_20/jre
 
—- alternative —-
Create a symlink for Tomcat pointing toward Java directory:
ln -s /home/webadmin/jdk1.6.0_20 /home/webadmin/pkg/share/jre180131
 
OR Add Java into the Bash Profile
vim ~/.bash_profile
PATH=$PATH:$HOME/jdk1.6.0_20
export JAVA_HOME=/home/webadmin/jdk1.6.0_20
export PATH
=== didn’t work ===
vim ~/webserver/bin/startup.sh
# JAVA_HOME for Tomcat  
JAVA_HOME = /home/webadmin/jdk1.6.0_20  
JRE_HOME = /home/webadmin/jdk1.6.0_20/jre  
export JAVA_HOME  
export JRE_HOME
 
vim ~/webserver/bin/shutdown.sh
# JAVA_HOME for Tomcat  
JAVA_HOME = /home/webadmin/jdk1.6.0_20  
JRE_HOME = /home/webadmin/jdk1.6.0_20/jre  
export JAVA_HOME  
export JRE_HOME
=== didn’t work ===
 
Start Tomcat:
~/webserver/bin/startup.sh
 
Check running status:
wget http://127.0.0.1:8080
tail ~/webserver/logs/catalina.out
 
Set Tomcat administration access:
vim ~/webserver/conf/tomcat-users.xml
 
Edit Crontab for autorun:
crontab -e
Add this line:
@reboot /home/webadmin/webserver/bin/startup.sh
 
Script to send an email if Tomcat Is Not running:
kill -0 `cat $CATALINA_PID` > /dev/null 2>&1
if [ $? -gt 0 ]
then
echo “Check tomcat” | mailx -s “Tomcat not running” support@kimconnect.com
fi
 

The following requires root privileges:
 
Create a Tomcat control script at startup directory:
vim /etc/init.d/tomcat
 
#! / bin / bash  
# chkconfig: 234 20 80  
# description: Tomcat Server basic start / shutdown script  
# processname: tomcat  
JAVA_HOME = /home/webadmin/jdk1.6.0_20  
export JAVA_HOME
TOMCAT_HOME = /home/webadmin/webserver/bin/  
START_TOMCAT = /home/webadmin/webserver/bin/startup.sh  
STOP_TOMCAT = /home/webadmin/webserver/bin/shutdown.sh  
start () {  
        echo -n “Starting tomcat:”  
        cd $ TOMCAT_HOME  
        $ {START_TOMCAT}  
        echo “done.”  
}  
stop () {  
        echo -n “Shutting down tomcat:”  
        cd $ TOMCAT_HOME  
        $ {STOP_TOMCAT}  
– 4 out of 5 –  
        echo “done.”  
}  
case “$ 1” in  
start)  
        start  
        ;;  
stop)  
        stop  
        ;;
 
        start  
        ;;  
*)  
        echo “Usage: $ 0 {start | stop | restart}”  
esac  
exit 0  
 
Configure system to automatically start Tomcat:
chkconfig –add tomcat  
chkconfig -level 234 tomcat on

Installing Team Foundation Server

1. Installation
a. All in one
b. Separate TFS and database (advanced)

2. Setup reporting
a. Warehouse database
b. Analysis servicesc. Reports

3. Configure Extension for Sharepoint
TFS Administration Console > {servername} > Application Tier > Extensions for Sharepoint Products > Grant Access > URL for TFS = http://{servername}:8080/tfs , Sharepoint web application = http://{sharepointservername}/ > OK

4. Configure TFS Build Service
Run tfs_server.exe > Configuration Center opens > select Configure Team Foundation Build Service > Start Wizard > Next > Select Team Project Collection = browse toward the correct Team Project Collection > Next > Build Services opens, User the default setting > Next > Run Team Foundation Service as User a user account = {Domain_Name}\{Service_Account} > Next > Next > Configure

5. Create Team Project Collection
TFS Administration Console > Team Project Collections > DefaultCollection would appear > Click Create Collection > give new collection a name do describe its purpose > fill in Description > Next > Enter the data tier where Team Project Collection will reside > Create a new database for this collection > Next > click Next to accept the predefined Reports configuration > Next > Verify > Complete > Close

How to Install SSL Certificate(s) on Various Web Servers

Public facing websites often become become targets of attacks such as eavesdropping, denial of service, spoofing, etc. In the case of eavesdropping, an SSL certificate can be installed so that the hosting server and each client browser can reasonably form a secure communication channel. Hence, it is becoming a common practice for web administrators to implement this technology.


IIS 5 & 6Legacy OS such as Windows 2000 & 2003 are still being serve as production servers today. Thus, it would serve an administrator’s interest to know how to assign an SSL cert into these machines.
Step 1: obtain a publicly signed certificateThere are many public SSL certificate providers on the Internet. An example of a free service would be from StartSSL, and a paid subscription would be from GeoTrust. The formats of a certificate should be with the extension of *.key, *.crt, *.der, *.pem, or *.pfx (IIS-5’s default).
Step 2: Apply the certificate to a websiteStart >> All Programs >> Administrative Tools >> Internet Information Service (IIS) Manager >> browse to {server_name} >> Web Sites >> right-click on the correct {website_name} >> properties >> select the Directory Security tab >> click on Server Certificate >> Next >> select the radio button next to Assign an existing certificate >> Next >> select the correct certificate (one may choose to add a new certificate to this server if this list does not present a valid item) >> Next >> input the port number as 443 >> Next >> Next >> Finish >> click on Edit >> put a check mark next to “Require secure channel (SSL)” and “Require 128-bit encryption” >> select any or all item(s) if there is pop-up list >> click OK >> Apply >> OK


IIS 7 & 7.5There are two type of certificates that could be installed on an IIS: a site certificate or an intermediate certificate. The former is a normal cert that should be applied directly on the server hosts contents, while the latter should be installed on an IIS that behaves as a relay or proxy to complete the chain of trust between a web host, a proxy, and a client browser.
Start >> Internet Information Services (IIS) Manager >> expand to select the correct server >> double-click on Server Certificates >> click Complete Certificate Request from the right hand side panel >> click … to browse toward the location of the certificate file >> click Open >> input a Friendly Name for this cert >> to bind this new cert, navigate back to the server where the cert has been installed within the Internet Information Services (IIS) Manager >> expand Sites >> select the desired site to be secured with SSL >> click Bindings from the Action Panel on the right hand side >> Add >> a Site Binding window appears >> select HTTPS as type, choose Select All Unassigned as IP Address, input 443 as port the port number or type, and pick the correct cert that has been installed previously >> OK >> OK


IIS 8 & 8.5Windows Server 2012 is bundled with IIS 8, and Windows 2012 R2 comes with IIS 8.5. The administration process between these two versions are very similar. 
Right-click on the Windows icon >> Run >> INETMGR.exe >> Enter >> locate the desired server by its icon >> double-click “Server Certificates” >> click Complete Certificate Request from the right side (Actions Menu) >> click … >> browse to the path of the cert >> OK >> input the Friendly name such as {domain-name.com} >> click on the drop-down menu to choose the certificate store type (i.e. Web Hosting) >> OK >> to bind this new cert, navigate back to the server where the cert has been installed within the Internet Information Services (IIS) Manager >> click on Bindings from the right side Action Menu >> Add >> choose HTTS as Type, All Unassigned as IP address, and {domain-name.com} as SSL certificate >> OK >> repeat this process to install additional certificates for other sites being hosted by this server


NGINX
Step 1: Edit the server block to enable SSL support. Please note that if NGINX has been manually compiled, it must be compiled with the option to support SSL.(A) stop NGINX with this command: killall -9 nginx(B)  Add the following sample script into the server blockserver {listen 443;server_name <FQDN>;ssl on;ssl_certificate <Path_to_Certificate>;ssl_certificate_key <Path_to_SSL_Key>;root <EMPTY DIRECTORY>location / {…}}
Step 2: Restart NGINX with one of these commands, depending on the Linux flavor and NGINX installation method/usr/local/nginx/sbin/nginx -s reload/etc/init.d/nginx restartservice nginx restartsudo service nginx restartsudo /etc/init.d/nginx restartnginx -s reload


Apache
Step 1: Copy the file to the server as a *.crt file name extension. Two types of certs are required. Those are the Intermediate and the Primary certificates. There is also a private key file being required. Thus, the total number of files to be transferred are three (3). FTP, SFTP, SAMBA, or SCP could be used to transfer these files. For instance, this is a syntax of the SCP method
To copy a file from B to A while logged into B:scp /path/to/file username@a:/path/to/destination
To copy a file from B to A while logged into A:scp username@b:/path/to/file /path/to/destinationStep 2: edit the httpd.conf or httpd-ssl.conf (depending on the server’s predisposition)(A) Locate the SSL Configurationgrep -i -r “SSLCertificateFile” /etc/httpd/                          # where /etc/httpd/ is the base directory of Apache(B) Edit the file by adding the following block<VirtualHost 443>DocumentRoot /var/www/htmlServerName www.domain-name.comSSLEngine onSSLCertificateFile /path/to/primary-cert.crtSSLCertificateKeyFile /path/to/ssl-private.keySSLCertificateChainFile /path/to/intermediate-cert.crt</VirtualHost>
Step 3: reload ApacheVarious Linux flavors have different commands to accomplish this task. Also, whether Apache has been compiled from source would affect the actual command line to restart HTTPD. The Linux server administrator would know which of these commands to be used:apachectl restart/sbin/service httpd restartsudo restart apache2/usr/sbin/rcapache2 restart

IIS Mime Types

One of the features of IIS security is to enforce file access by its associated extensions. As such, objects that are not set in IIS with a specific type association such as .zhp (Swiftview proprietary extension) would not be rendered by a client browser. To resolve such quirk, one would need to manually add a new entry onto the “MIME types” using the convention as recommended by the software vendor. The procedure to accomplish similar task is as follows:

Step 1: open IIS >> browse to the specific “site” such as the one below >> double-click on the “MIME Types” icon

Step 2: click on the “Add” button from the right hand side of Actions menu >> type in the information below

Step 3: on a Windows client, open Internet Explorer and browse toward the site via its FQDN to verify the application’s successful execution