Month: August 2025

To flush the DNS cache on an Ubuntu server

To flush the DNS cache on an Ubuntu server, the method depends on which DNS resolver your system is using. Here’s how to do it for the most common setups:

🧼 For Ubuntu 22.04+ (Using systemd-resolved)

Ubuntu now uses systemd-resolved for DNS caching. To flush the cache:

sudo resolvectl flush-caches

You can verify the cache was cleared by checking statistics:

resolvectl statistics

Look for Cache Current Size: 0 to confirm the flush.

🧼 For Ubuntu 20.04 and Earlier (Using systemd-resolve)

If your system still uses the older command:

sudo systemd-resolve --flush-caches

This is functionally similar and works on many 20.04 setups.

🧼 If You’re Using dnsmasq

Some Ubuntu setups (especially custom or lightweight ones) use dnsmasq:

sudo systemctl restart dnsmasq

This restarts the service and clears its cache.

🧼 If You’re Using bind9

For servers running BIND:

sudo rndc flush

Or to flush a specific zone:

sudo rndc flushname example.com

🧠 Pro Tip

If you’re troubleshooting DNS issues, you might also want to clear your local resolver cache and browser cache, or test with:

dig example.com

to bypass local caching and query directly.

Cloudflare ERR_SSL_VERSION_OR_CIPHER_MISMATCH

This error usually means Cloudflare can’t establish a secure connection with your origin server due to an SSL/TLS mismatch. Since you were previously using SSL on Apache and just moved to Cloudflare, here’s how to troubleshoot it step-by-step:

🔍 What the Error Means

ERR_SSL_VERSION_OR_CIPHER_MISMATCH indicates that:

  • The browser and server don’t agree on a common SSL/TLS protocol or cipher.
  • Cloudflare can’t present a valid certificate for your domain.
  • Your origin server may be misconfigured or using outdated SSL settings.

✅ Fixes You Should Try

1. Check Cloudflare SSL Mode

Log into your Cloudflare dashboard:

  • Go to SSL/TLS > Overview
  • Make sure SSL mode is set to Full or Full (Strict)
    Avoid Flexible, as it can cause issues with sites that already have SSL.

2. Verify Edge Certificate Status

  • Go to SSL/TLS > Edge Certificates
  • Look for the Universal SSL certificate for your domain.
  • Make sure its status is Active
    If it’s still initializing, it can take up to 24 hours after DNS propagation.

3. Ensure DNS Records Are Proxied

  • Go to DNS > Records
  • Make sure your A or CNAME records for site.com are set to Proxied (orange cloud icon).
    If they’re DNS only, Cloudflare won’t serve SSL for that subdomain.

4. Check Apache SSL Configuration

On your origin server:

  • Make sure Apache is listening on port 443.
  • Confirm that your SSL certificate is valid and not expired.
  • Ensure you’re using modern TLS protocols (e.g., TLS 1.2 or 1.3) and not deprecated ones like SSLv3 or TLS 1.0.

Example Apache config snippet:

<VirtualHost *:443>
    ServerName site.com
    SSLEngine on
    SSLCertificateFile /path/to/cert.pem
    SSLCertificateKeyFile /path/to/key.pem
    SSLCertificateChainFile /path/to/chain.pem

    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLCipherSuite HIGH:!aNULL:!MD5
</VirtualHost>

5. Temporarily Pause Cloudflare

If you need to test directly:

  • Go to Overview > Advanced Actions
  • Click Pause Cloudflare on Site
  • Then access your site directly via its IP or domain to confirm SSL is working.

Debugging a 500 Server Error in Laravel (Nginx + PHP-FPM)

When Laravel throws a 500, you’ll need to trace it through three layers: Laravel itself, Nginx, and PHP-FPM. Here’s where to look and how to pinpoint the issue.

1. Turn on Laravel Debug

  1. Open your project’s .env file.
  2. Set APP_DEBUG=true APP_ENV=local
  3. Save and reload your page.
    – You should now see a detailed stack trace instead of the generic 500 page.

2. Inspect Laravel Logs

Laravel logs errors in storage/logs. Usually you’ll find:

cd /home/mailivery/mailivery
ls storage/logs
tail -n 50 storage/logs/laravel.log

– Look for the latest timestamped file (laravel-YYYY-MM-DD.log).
– Errors, exceptions, SQL problems and failed queue jobs all land here.

3. Check Nginx Error Logs

By default Nginx writes to:

/var/log/nginx/error.log

Or, if you have a per-site config:

/var/log/nginx/your-site-error.log

Tail it live as you refresh:

sudo tail -f /var/log/nginx/error.log

Common culprits: wrong root path, missing index.php, bad fastcgi_pass.

4. Review PHP-FPM Logs

Depending on your PHP version, you’ll have one or more of:

/var/log/php7.4-fpm.log
/var/log/php8.1-fpm.log

Or check the pool-specific log in /etc/php/8.1/fpm/pool.d/www.conf for error_log.

Tail it:

sudo tail -f /var/log/php8.1-fpm.log

Look for PHP parse errors, call-stack dumps, or FPM pool failures.

5. Verify File & Folder Permissions

Laravel needs write access to storage/ and bootstrap/cache:

cd /home/mailivery/mailivery
sudo chown -R www-data:www-data storage bootstrap/cache
sudo chmod -R 750 storage bootstrap/cache

If PHP-FPM runs as a different user, swap www-data accordingly.

6. Final Tips & Next Steps

  • Use Laravel’s Log::info() or dd() to pinpoint logic errors.
  • Install Laravel Telescope or Sentry for deeper runtime telemetry.
  • If you suspect opcache or stale files, restart PHP-FPM: sudo service php8.1-fpm restart
  • For systemd-enabled servers, view FPM via journalctl -u php8.1-fpm.

Once you find the first error line in Laravel’s log or PHP-FPM’s stack, you’ll know exactly what to fix. Happy debugging!

Step-by-Step: Enable Password Authentication in Redis-Step: Enable Password Authentication in Redis

To set a password for your Redis server on Ubuntu, you’ll need to modify the Redis configuration file. Here’s how to do it securely and persistently:

1. Edit the Redis Configuration File

Open the config file:

sudo nano /etc/redis/redis.conf

2. Set the Password

Find the line that starts with:

# requirepass foobared

Uncomment it and replace foobared with your desired strong password:

requirepass YourSecurePasswordHere

💡 Tip: Use a long, random password. You can generate one with openssl rand -base64 32.

3. Restart Redis

Apply the changes:

sudo systemctl restart redis

✅ Test Authentication

Try connecting via redis-cli:

redis-cli

Then authenticate:

AUTH YourSecurePasswordHere

You should get:

OK

Now you’re authenticated and can run commands like SET, GET, etc.

🧠 Bonus: Secure Remote Access

If you’re allowing remote connections (e.g., bind 0.0.0.0), make sure to:

  • Use a firewall to restrict access
  • Consider enabling TLS (requires Redis 6+ and extra config)
  • Never expose Redis directly to the internet without protection

Solving 419 | Page Expired in Laravel

A 419 error means Laravel rejected a form submission because the CSRF token or session was invalid or expired. Below is a step-by-step guide to pinpoint and fix the root cause.

1. Ensure CSRF Token Is Present

In every <form> that submits to a POST, PUT, PATCH or DELETE route, include:

<form action="/..." method="POST">
  @csrf
  <!-- your inputs here -->
</form>

For AJAX requests, make sure you send the X-CSRF-TOKEN header. In JavaScript (e.g., Axios):

import axios from 'axios';

axios.defaults.headers.common['X-CSRF-TOKEN'] =
  document.querySelector('meta[name="csrf-token"]').getAttribute('content');

Also add the meta tag in your layout’s <head>:

<meta name="csrf-token" content="{{ csrf_token() }}">

2. Verify Session Configuration

Laravel uses cookies to store the session identifier. If sessions aren’t persisting, tokens expire immediately.

  • In config/session.php, check:
    • lifetime (minutes before expiry)
    • expire_on_close (whether to clear on browser close)
  • Ensure SESSION_DRIVER in your .env matches your setup (e.g., file, redis, database).
  • If you use Redis or Memcached, confirm connectivity and credentials.
SESSION_DRIVER=file
SESSION_LIFETIME=120

3. Check Cookie Domain & Secure Settings

Cookies have flags that can prevent them from being sent back to the server.

  • In config/session.php: 'domain' => env('SESSION_DOMAIN', null), 'secure' => env('SESSION_SECURE_COOKIE', false), 'same_site' => 'lax',
  • If you’re on https://, set SESSION_SECURE_COOKIE=true in .env.
  • For a subdomain or custom domain, set SESSION_DOMAIN=.yourdomain.com.

4. Clear and Rebuild Caches

Old configuration or view files can cause tokens to mismatch.

php artisan config:clear
php artisan route:clear
php artisan view:clear
php artisan cache:clear

If you’re using config caching in production, rebuild it:

php artisan config:cache

5. Confirm Middleware Order

In app/Http/Kernel.php, ensure \App\Http\Middleware\VerifyCsrfToken::class is registered under web middleware:

protected $middlewareGroups = [
    'web' => [
        \Illuminate\Session\Middleware\StartSession::class,
        \Illuminate\View\Middleware\ShareErrorsFromSession::class,
        \App\Http\Middleware\VerifyCsrfToken::class,
        // ...
    ],
];

The session must start before CSRF verification.

6. Debugging Tips

  • Use dd(session()->all()) or dd(csrf_token()) in a route to confirm you’re generating and persisting tokens.
  • Inspect browser dev-tools to see if the laravel_session cookie is set and sent on form submission.
  • For SPA frontends, consider using Laravel Sanctum or JWT instead of CSRF/session cookies.

Beyond 419: Improving UX

  • Implement AJAX form submission to catch token errors and auto-refresh the page or token.
  • Use Laravel Passport or Sanctum for API token auth, avoiding CSRF entirely for JSON APIs.
  • Shorten session lifetimes for increased security, but display a warning banner when a session is about to expire.

With these checks your forms will keep valid CSRF tokens, sessions will persist correctly, and 419 errors will vanish.

How to Reduce number of binlog in Mysql

To reduce the number of MySQL binary log (binlog) files and manage their size effectively, here are several strategies you can apply:

🔧 1. Manually Purge Old Binlogs

Inside the MySQL shell:

PURGE BINARY LOGS BEFORE '2025-08-01 00:00:00';

Or purge up to a specific file:

PURGE BINARY LOGS TO 'binlog.000142';

⚠️ Never delete binlog files manually from the filesystem—always use the PURGE command to avoid corruption.

🕒 2. Set Automatic Expiry

You can configure MySQL to automatically delete binlogs older than a certain number of seconds:

SET GLOBAL binlog_expire_logs_seconds = 259200;  -- 3 days
SET PERSIST binlog_expire_logs_seconds = 259200;

This replaces the older expire_logs_days setting in MySQL 8+.

📏 3. Limit Binlog File Size

In your MySQL config file (/etc/mysql/my.cnf or /etc/my.cnf), add:

[mysqld]
max_binlog_size = 100M

This causes MySQL to rotate to a new binlog file once the current one hits 100MB.

🧼 4. Disable Binary Logging (If Not Needed)

If you’re not using replication or point-in-time recovery, you can disable binlogs entirely:

[mysqld]
skip-log-bin

⚠️ This disables replication and binlog-based recovery—only do this if you’re sure you don’t need those features.

🔁 5. Monitor and Automate with Cron

You can create a cron job that runs a purge command periodically. Example:

0 3 * * * mysql -e "PURGE BINARY LOGS BEFORE NOW() - INTERVAL 7 DAY;"

This purges logs older than 7 days every night at 3 AM.

How to get to edit config mode on cisco asr-1000 router

To get into configuration mode on a Cisco ASR 1000 series router, follow this flow from privileged exec mode (#). Here’s the step-by-step:

🛠 Enter Global Configuration Mode

Start by accessing the device via console, SSH, or telnet, then:

enable

This brings you to privileged exec mode, which looks like:

Router#

Then enter global configuration mode:

configure terminal

You’ll now see:

Router(config)#

From here, you can modify settings like interfaces, routing, access lists, etc.

✏️ Example: Configure an Interface

If you wanted to edit, say, GigabitEthernet0/0/0:

interface GigabitEthernet0/0/0
description Link to ISP
ip address 192.168.1.1 255.255.255.0
no shutdown

Exit interface config:

exit

✅ When You’re Done

Save your changes so they persist:

copy running-config startup-config

Or just:

wr

How do I install an ssh key ubuntu server

To install an SSH key on your Ubuntu server for secure, passwordless login, follow these steps:

🛠️ Step 1: Generate SSH Key Pair (on your local machine)

Open a terminal and run:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  • Press Enter to accept the default file location (~/.ssh/id_rsa)
  • Optionally enter a passphrase for added security

This creates:

  • ~/.ssh/id_rsa — your private key
  • ~/.ssh/id_rsa.pub — your public key

📤 Step 2: Copy Public Key to Ubuntu Server

Use ssh-copy-id to transfer your public key:

ssh-copy-id username@your_server_ip

If your server uses a custom port (e.g. 2222):

ssh-copy-id -p 2222 username@your_server_ip

This appends your public key to the server’s ~/.ssh/authorized_keys file.

🔐 Step 3: Verify SSH Key Authentication

Try logging in:

ssh username@your_server_ip

If successful, you won’t be prompted for a password.

🧱 Optional: Disable Password Authentication (for extra security)

Edit the SSH config on the server:

sudo nano /etc/ssh/sshd_config

Set these options:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Then restart SSH:

sudo systemctl restart ssh