Linux Blimp – Page 2 – One more Linux Magazine

November 19, 2023November 19, 2023

Fix “Failed to Start Session” at Login in Ubuntu.

Unable to log in to Ubuntu because of ‘failed to start session’ error? Here’s what you could try.

I was trying to log in to Ubuntu as usual. I entered my password and it did not log me in even with the correct password. Instead, it showed me failed to start session in red colors. I could not even log in to the guest session.

In this quick post, we shall see how to fix failed to start session issue in Ubuntu 16.04-20.04 and earlier versions.

Fix failed to start session in Ubuntu

The reason here is that somehow your Unity desktop has been messed up. You can try several way to recover it. Let’s see how to do it.

When you are at login, press Ctrl+Alt+F1. It will take you to command line interface from the GUI. In here, type your username and password. Now, you can try the following command to install Unity Desktop:

sudo apt-get install ubuntu-desktop

If it is already installed, try reinstalling:

sudo apt-get install --reinstall ubuntu-desktop

Once it is installed or reinstalled. Use the following command to reboot the system:

sudo reboot

It will reboot and bring you back to login screen. Try login now. You should be able to log in. If you are still unlucky, try to use the alternative below:

Alternative method:

As an alternative you can use the command below to reconfigure the packaging:

sudo dpkg-reconfigure -a

At times, this should fix the failed to start session issue in Ubuntu. But it was not that easy for me. I used another approach which is slightly dirty. When I noticed that reinstalling Unity and reconfiguring the packages did not make any difference, I installed GNOME instead using a command like this:

sudo apt-get install gnome-shell ubuntu-gnome-desktop

This time at reboot, I was able to boot in to GNOME desktop or even choose to boot in to Ubuntu default, i.e. Unity. A word of warning, Unity may seem broken after installing Gnome. Change the theme and icons to that of Ambiance, instead of the default (Adawita).

That helped me fix “failed to load session” error in Ubuntu. Did it work for you? Do let me know if you have questions or suggestions.

Source

November 12, 2023November 12, 2023

Understanding Kubernetes Architecture: A Comprehensive Guide.

This comprehensive guide on Kubernetes architecture aims to explain each kubernetes component in detail with illustrations.

If you’re looking to:

Understand the architecture of Kubernetes,
Grasp the fundamental concepts underlying Kubernetes,
Learn about Kubernetes architecture components, and
Explore the workflows that connect these components,

Then you’ll find this guide invaluable.

Table of Contents :

1. What is Kubernetes Architecture?

1.1. Control Plane

1.2. Worker Node

2. Kubernetes Control Plane Components

2.1. 1. kube-apiserver

2.2. 2. etcd

2.3. 3. kube-scheduler

2.4. 4. Kube Controller Manager

2.5. 5. Cloud Controller Manager (CCM)

3. Kubernetes Worker Node Components

3.1. 1. Kubelet

3.2. 2. Kube proxy

3.3. 3. Container Runtime

4. Kubernetes Cluster Addon Components

4.1. 1. CNI Plugin

5. Kubernetes Native Objects

6. Kubernetes Architecture FAQs

6.1. What is the main purpose of the Kubernetes control plane?

6.2. What is the purpose of the worker nodes in a Kubernetes cluster?

6.3. How is communication between the control plane and worker nodes secured in Kubernetes?

6.4. What is the purpose of the etcd key-value store in Kubernetes?

6.5. What happens to Kubernetes applications if the etcd goes down?

7. Conclusion

What is Kubernetes Architecture?

The following Kubernetes architecture diagram shows all the components of the Kubernetes cluster and how external systems connect to the Kubernetes cluster.

The first and foremost thing you should understand about Kubernetes is, that it is a distributed system. Meaning, it has multiple components spread across different servers over a network. These servers could be Virtual machines or bare metal servers. We call it a Kubernetes cluster.

A Kubernetes cluster consists of control plane nodes and worker nodes.

Control Plane

The control plane is responsible for container orchestration and maintaining the desired state of the cluster. It has the following components.

kube-apiserver
etcd
kube-scheduler
kube-controller-manager
cloud-controller-manager

Worker Node

The Worker nodes are responsible for running containerized applications. The worker Node has the following components.

kubelet
kube-proxy
Container runtime

Kubernetes Control Plane Components

First, let’s take a look at each control plane component and the important concepts behind each component.

1. kube-apiserver

The kube-api server is the central hub of the Kubernetes cluster that exposes the Kubernetes API.

End users, and other cluster components, talk to the cluster via the API server. Very rarely monitoring systems and third-party services may talk to API servers to interact with the cluster.

So when you use kubectl to manage the cluster, at the backend you are actually communicating with the API server through HTTP REST APIs. However, the internal cluster components like the scheduler, controller, etc talk to the API server using gRPC.

The communication between the API server and other components in the cluster happens over TLS to prevent unauthorized access to the cluster.

Kubernetes api-server is responsible for the following

API management: Exposes the cluster API endpoint and handles all API requests.
Authentication (Using client certificates, bearer tokens, and HTTP Basic Authentication) and Authorization (ABAC and RBAC evaluation)
Processing API requests and validating data for the API objects like pods, services, etc. (Validation and Mutation Admission controllers)
It is the only component that communicates with etcd.
api-server coordinates all the processes between the control plane and worker node components.
api-server has a built-in bastion apiserver proxy. It is part of the API server process. It is primarily used to enable access to ClusterIP services from outside the cluster, even though these services are typically only reachable within the cluster itself.

Note: To reduce the cluster attack surface, it is crucial to secure the API server. The Shadowserver Foundation has conducted an experiment that discovered 380 000 publicly accessible Kubernetes API servers.

2. etcd

Kubernetes is a distributed system and it needs an efficient distributed database like etcd that supports its distributed nature. It acts as both a backend service discovery and a database. You can call it the brain of the Kubernetes cluster.

etcd is an open-source strongly consistent, distributed key-value store. So what does it mean?

Strongly consistent: If an update is made to a node, strong consistency will ensure it gets updated to all the other nodes in the cluster immediately. Also if you look at CAP theorem, achieving 100% availability with strong consistency and & Partition Tolerance is impossible.
Distributed: etcd is designed to run on multiple nodes as a cluster without sacrificing consistency.
Key Value Store: A nonrelational database that stores data as keys and values. It also exposes a key-value API. The datastore is built on top of BboltDB which is a fork of BoltDB.

etcd uses raft consensus algorithm for strong consistency and availability. It works in a leader-member fashion for high availability and to withstand node failures.

So how does etcd work with Kubernetes?

To put it simply, when you use kubectl to get kubernetes object details, you are getting it from etcd. Also, when you deploy an object like a pod, an entry gets created in etcd.

In a nutshell, here is what you need to know about etcd.

etcd stores all configurations, states, and metadata of Kubernetes objects (pods, secrets, daemonsets, deployments, configmaps, statefulsets, etc).
etcd allows a client to subscribe to events using Watch() API . Kubernetes api-server uses the etcd’s watch functionality to track the change in the state of an object.
etcd exposes key-value API using gRPC. Also, the gRPC gateway is a RESTful proxy that translates all the HTTP API calls into gRPC messages. This makes it an ideal database for Kubernetes.
etcd stores all objects under the /registry directory key in key-value format. For example, information on a pod named Nginx in the default namespace can be found under /registry/pods/default/nginx

Also, etcd it is the only Statefulset component in the control plane.

3. kube-scheduler

The kube-scheduler is responsible for scheduling Kubernetes pods on worker nodes.

When you deploy a pod, you specify the pod requirements such as CPU, memory, affinity, taints or tolerations, priority, persistent volumes (PV), etc. The scheduler’s primary task is to identify the create request and choose the best node for a pod that satisfies the requirements.

The following image shows a high-level overview of how the scheduler works.

In a Kubernetes cluster, there will be more than one worker node. So how does the scheduler select the node out of all worker nodes?

Here is how the scheduler works.

To choose the best node, the Kube-scheduler uses filtering and scoring operations.
In filtering, the scheduler finds the best-suited nodes where the pod can be scheduled. For example, if there are five worker nodes with resource availability to run the pod, it selects all five nodes. If there are no nodes, then the pod is unschedulable and moved to the scheduling queue. If It is a large cluster, let’s say 100 worker nodes, and the scheduler doesn’t iterate over all the nodes. There is a scheduler configuration parameter called percentageOfNodesToScore. The default value is typically 50%. So it tries to iterate over 50% of nodes in a round-robin fashion. If the worker nodes are spread across multiple zones, then the scheduler iterates over nodes in different zones. For very large clusters the default percentageOfNodesToScore is 5%.
In the scoring phase, the scheduler ranks the nodes by assigning a score to the filtered worker nodes. The scheduler makes the scoring by calling multiple scheduling plugins. Finally, the worker node with the highest rank will be selected for scheduling the pod. If all the nodes have the same rank, a node will be selected at random.
Once the node is selected, the scheduler creates a binding event in the API server. Meaning an event to bind a pod and node.

Here is shat you need to know about a scheduler.

It is a controller that listens to pod creation events in the API server.
The scheduler has two phases. Scheduling cycle and the Binding cycle. Together it is called the scheduling context. The scheduling cycle selects a worker node and the binding cycle applies that change to the cluster.
The scheduler always places the high-priority pods ahead of the low-priority pods for scheduling. Also, in some cases, after the pod starts running in the selected node, the pod might get evicted or moved to other nodes. If you want to understand more, read the Kubernetes pod priority guide
You can create custom schedulers and run multiple schedulers in a cluster along with the native scheduler. When you deploy a pod you can specify the custom scheduler in the pod manifest. So the scheduling decisions will be taken based on the custom scheduler logic.
The scheduler has a pluggable scheduling framework. Meaning, that you can add your custom plugin to the scheduling workflow.

4. Kube Controller Manager

What is a controller? Controllers are programs that run infinite control loops. Meaning it runs continuously and watches the actual and desired state of objects. If there is a difference in the actual and desired state, it ensures that the kubernetes resource/object is in the desired state.

As per the official documentation,

In Kubernetes, controllers are control loops that watch the state of your cluster, then make or request changes where needed. Each controller tries to move the current cluster state closer to the desired state.

Let’s say you want to create a deployment, you specify the desired state in the manifest YAML file (declarative approach). For example, 2 replicas, one volume mount, configmap, etc. The in-built deployment controller ensures that the deployment is in the desired state all the time. If a user updates the deployment with 5 replicas, the deployment controller recognizes it and ensures the desired state is 5 replicas.

Kube controller manager is a component that manages all the Kubernetes controllers. Kubernetes resources/objects like pods, namespaces, jobs, replicaset are managed by respective controllers. Also, the Kube scheduler is also a controller managed by the Kube controller manager.

Following is the list of important built-in Kubernetes controllers.

Deployment controller
Replicaset controller
DaemonSet controller
Job Controller (Kubernetes Jobs)
CronJob Controller
endpoints controller
namespace controller
service accounts controller.
Node controller

Here is what you should know about the Kube controller manager.

It manages all the controllers and the controllers try to keep the cluster in the desired state.
You can extend kubernetes with custom controllers associated with a custom resource definition.

5. Cloud Controller Manager (CCM)

When kubernetes is deployed in cloud environments, the cloud controller manager acts as a bridge between Cloud Platform APIs and the Kubernetes cluster.

This way the core kubernetes core components can work independently and allow the cloud providers to integrate with kubernetes using plugins. (For example, an interface between kubernetes cluster and AWS cloud API)

Cloud controller integration allows Kubernetes cluster to provision cloud resources like instances (for nodes), Load Balancers (for services), and Storage Volumes (for persistent volumes).

Cloud Controller Manager contains a set of cloud platform-specific controllers that ensure the desired state of cloud-specific components (nodes, Loadbalancers, storage, etc). Following are the three main controllers that are part of the cloud controller manager.

Node controller: This controller updates node-related information by talking to the cloud provider API. For example, node labeling & annotation, getting hostname, CPU & memory availability, nodes health, etc.
Route controller: It is responsible for configuring networking routes on a cloud platform. So that pods in different nodes can talk to each other.
Service controller: It takes care of deploying load balancers for kubernetes services, assigning IP addresses, etc.

Following are some of the classic examples of cloud controller manager.

Deploying Kubernetes Service of type Load balancer. Here Kubernetes provisions a Cloud-specific Loadbalancer and integrates with Kubernetes Service.
Provisioning storage volumes (PV) for pods backed by cloud storage solutions.

Overall Cloud Controller Manager manages the lifecycle of cloud-specific resources used by kubernetes.

Kubernetes Worker Node Components

Now let’s look at each of the worker node components.

1. Kubelet

Kubelet is an agent component that runs on every node in the cluster. t does not run as a container instead runs as a daemon, managed by systemd.

It is responsible for registering worker nodes with the API server and working with the podSpec (Pod specification – YAML or JSON) primarily from the API server. podSpec defines the containers that should run inside the pod, their resources (e.g. CPU and memory limits), and other settings such as environment variables, volumes, and labels.

It then brings the podSpec to the desired state by creating containers.

To put it simply, kubelet is responsible for the following.

Creating, modifying, and deleting containers for the pod.
Responsible for handling liveliness, readiness, and startup probes.
Responsible for Mounting volumes by reading pod configuration and creating respective directories on the host for the volume mount.
Collecting and reporting Node and pod status via calls to the API server with implementations like cAdvisor and CRI.

Kubelet is also a controller that watches for pod changes and utilizes the node’s container runtime to pull images, run containers, etc.

Other than PodSpecs from the API server, kubelet can accept podSpec from a file, HTTP endpoint, and HTTP server. A good example of “podSpec from a file” is Kubernetes static pods.

Static pods are controlled by kubelet, not the API servers.

This means you can create pods by providing a pod YAML location to the Kubelet component. However, static pods created by Kubelet are not managed by the API server.

Here is a real-world example use case of the static pod.

While bootstrapping the control plane, kubelet starts the api-server, scheduler, and controller manager as static pods from podSpecs located at /etc/kubernetes/manifests

Following are some of the key things about kubelet.

Kubelet uses the CRI (container runtime interface) gRPC interface to talk to the container runtime.
It also exposes an HTTP endpoint to stream logs and provides exec sessions for clients.
Uses the CSI (container storage interface) gRPC to configure block volumes.
It uses the CNI plugin configured in the cluster to allocate the pod IP address and set up any necessary network routes and firewall rules for the pod.

2. Kube proxy

To understand Kube proxy, you need to have a basic knowledge of Kubernetes Service & endpoint objects.

Service in Kubernetes is a way to expose a set of pods internally or to external traffic. When you create the service object, it gets a virtual IP assigned to it. It is called clusterIP. It is only accessible within the Kubernetes cluster.

The Endpoint object contains all the IP addresses and ports of pod groups under a Service object. The endpoints controller is responsible for maintaining a list of pod IP addresses (endpoints). The service controller is responsible for configuring endpoints to a service.

You cannot ping the ClusterIP because it is only used for service discovery, unlike pod IPs which are pingable.

Now let’s understand Kube Proxy.

Kube-proxy is a daemon that runs on every node as a daemonset. It is a proxy component that implements the Kubernetes Services concept for pods. (single DNS for a set of pods with load balancing). It primarily proxies UDP, TCP, and SCTP and does not understand HTTP.

When you expose pods using a Service (ClusterIP), Kube-proxy creates network rules to send traffic to the backend pods (endpoints) grouped under the Service object. Meaning, all the load balancing, and service discovery are handled by the Kube proxy.

So how does Kube-proxy work?

Kube proxy talks to the API server to get the details about the Service (ClusterIP) and respective pod IPs & ports (endpoints). It also monitors for changes in service and endpoints.

Kube-proxy then uses any one of the following modes to create/update rules for routing traffic to pods behind a Service

IPTables: It is the default mode. In IPTables mode, the traffic is handled by IPtable rules. This means that for each service, IPtable rules are created. These rules capture the traffic coming to the ClusterIP and then forward it to the backend pods. Also, In this mode, kube-proxy chooses the backend pod random for load balancing. Once the connection is established, the requests go to the same pod until the connection is terminated.
IPVS: For clusters with services exceeding 1000, IPVS offers performance improvement. It supports the following load-balancing algorithms for the backend.
1. rr: round-robin : It is the default mode.
2. lc: least connection (smallest number of open connections)
3. dh: destination hashing
4. sh: source hashing
5. sed: shortest expected delay
6. nq: never queue
Userspace (legacy & not recommended)
Kernelspace: This mode is only for Windows systems.

If you would like to understand the performance difference between kube-proxy IPtables and IPVS mode, read this article.

Also, you can run a Kubernetes cluster without kube-proxy by replacing it with Cilium.

3. Container Runtime

You probably know about Java Runtime (JRE). It is the software required to run Java programs on a host. In the same way, container runtime is a software component that is required to run containers.

Container runtime runs on all the nodes in the Kubernetes cluster. It is responsible for pulling images from container registries, running containers, allocating and isolating resources for containers, and managing the entire lifecycle of a container on a host.

To understand this better, let’s take a look at two key concepts:

Container Runtime Interface (CRI): It is a set of APIs that allows Kubernetes to interact with different container runtimes. It allows different container runtimes to be used interchangeably with Kubernetes. The CRI defines the API for creating, starting, stopping, and deleting containers, as well as for managing images and container networks.
Open Container Initiative (OCI): It is a set of standards for container formats and runtimes

Kubernetes supports multiple container runtimes (CRI-O, Docker Engine, containerd, etc) that are compliant with Container Runtime Interface (CRI). This means, all these container runtimes implement the CRI interface and expose gRPC CRI APIs (runtime and image service endpoints).

So how does Kubernetes make use of the container runtime?

As we learned in the Kubelet section, the kubelet agent is responsible for interacting with the container runtime using CRI APIs to manage the lifecycle of a container. It also gets all the container information from the container runtime and provides it to the control plane.

Let’s take an example of CRI-O container runtime interface. Here is a high-level overview of how container runtime works with kubernetes.

When there is a new request for a pod from the API server, the kubelet talks to CRI-O daemon to launch the required containers via Kubernetes Container Runtime Interface.
CRI-O checks and pulls the required container image from the configured container registry using containers/image library.
CRI-O then generates OCI runtime specification (JSON) for a container.
CRI-O then launches an OCI-compatible runtime (runc) to start the container process as per the runtime specification.

Kubernetes Cluster Addon Components

Apart from the core components, the kubernetes cluster needs addon components to be fully operational. Choosing an addon depends on the project requirements and use cases.

Following are some of the popular addon components that you might need on a cluster.

CNI Plugin (Container Network Interface)
CoreDNS (For DNS server): CoreDNS acts as a DNS server within the Kubernetes cluster. By enabling this addon, you can enable DNS-based service discovery.
Metrics Server (For Resource Metrics): This addon helps you collect performance data and resource usage of Nodes and pods in the cluster.
Web UI (Kubernetes Dashboard): This addon enables the Kubernetes dashboard to manage the object via web UI.

1. CNI Plugin

First, you need to understand Container Networking Interface (CNI)

It is a plugin-based architecture with vendor-neutral specifications and libraries for creating network interfaces for Containers.

It is not specific to Kubernetes. With CNI container networking can be standardized across container orchestration tools like Kubernetes, Mesos, CloudFoundry, Podman, Docker, etc.

When it comes to container networking, companies might have different requirements such as network isolation, security, encryption, etc. As container technology advanced, many network providers created CNI-based solutions for containers with a wide range of networking capabilities. You can call it CNI-Plugins

This allows users to choose a networking solution that best fits their needs from different providers.

How does the CNI Plugin work with Kubernetes?

The Kube-controller-manager is responsible for assigning pod CIDR to each node. Each pod gets a unique IP address from the pod CIDR.
Kubelet interacts with container runtime to launch the scheduled pod. The CRI plugin which is part of the Container runtime interacts with the CNI plugin to configure the pod network.
CNI Plugin enables networking between pods spread across the same or different nodes using an overlay network.

Following are high-level functionalities provided by CNI plugins.

Pod Networking
Pod network security & isolation using Network Policies to control the traffic flow between pods and between namespaces.

Some popular CNI plugins include:

Calico
Flannel
Weave Net
Cilium (Uses eBPF)
Amazon VPC CNI (For AWS VPC)
Azure CNI (For Azure Virtual network)Kubernetes networking is a big topic and it differs based on the hosting platforms.

Kubernetes Native Objects

Till now we have learned about the core kubernetes components and how each component works.

All these components work towards managing the following key Kubernetes objects.

Pod
Namespaces
Replicaset
Deployment
Daemonset
Statefulset
Jobs & Cronjobs

Also, Kubernetes is extendable using CRDs, and Custom Controllers. So the cluster components also manage the objects created using custom controllers and custom resource definitions.

Kubernetes Architecture FAQs

What is the main purpose of the Kubernetes control plane?

The control plane is responsible for maintaining the desired state of the cluster and the applications running on it. It consists of components such as the API server, etcd, Scheduler, and controller manager.

What is the purpose of the worker nodes in a Kubernetes cluster?

Worker nodes are the servers (either bare-metal or virtual) that run the container in the cluster. They are managed by the control plane and receive instructions from it on how to run the containers that are part of pods.

How is communication between the control plane and worker nodes secured in Kubernetes?

Communication between the control plane and worker nodes is secured using PKI certificates and communication between different components happens over TLS. This way, only trusted components can communicate with each other.

What is the purpose of the etcd key-value store in Kubernetes?

Etcd primarily stores the kubernetes objects, cluster information, node information, and configuration data of the cluster, such as the desired state of the applications running on the cluster.

What happens to Kubernetes applications if the etcd goes down?

While the running applications will not be affected if etcd experiences an outage, it will not be possible to create or update any objects without a functioning etcd

Conclusion

Understanding Kubernetes architecture helps you with day-to-day Kubernetes implementation and operations.

When implementing a production-level cluster setup, having the right knowledge of Kubernetes components will help you run and troubleshoot applications.

Next, you can start with step-by-step kubernetes tutorials to get hands-on experience with Kubernetes objects and resources.

Source

November 5, 2023November 5, 2023

Simple trick to use terminal window to see all PATH variable.

If you’re having trouble reading the directories in the $PATH variable, you can make use of the tr command to replace the colons with the newline characters so each directory is displayed on a single line.

$ echo $PATH | tr “:” “\n”

Here is an example.

November 4, 2023November 4, 2023

How to Install LAMP (Apache, MariaDB, PHP) on Debian 12

Hello Debian users, are you looking to install the widely used LAMP Stack on your system? This will empower you to develop and deploy incredible websites.

If you’re interested, follow along with this comprehensive guide that outlines the installation process for LAMP on your Debian 12 system.

Contents :

What is LAMP?

Install Apache in Debian 12

Install MariaDB in Debian 12

Install PHP, Perl, and Python in Debian 12

Install PHP in Debian

Install Python in Debian

Check PHP Info on Debian

Create a Virtual Hosting for a Website Using LAMP

Host a Website on LAMP Stack

Conclusion

What is LAMP?

LAMP is a combination of four powerful open-source tools (Linux, Apache, MariaDB, PHP) which aid in building and hosting websites and applications.

Linux (Debian 12) is a free, open-source operating system, Apache serves as the web server, MariaDB is a powerful database server and PHP is the programming language.

Before MariaDB, MySQL was used in the LAMP stack. However, some people argue about using Python or Perl in place of PHP now.

Let’s initiate the process of LAMP Stack installation on a fresh Debian 12 installation.

Install Apache in Debian 12

Begin by executing the provided apt command to refresh the local package repository cache, which will update the package lists and upgrade any installed packages:

$ sudo apt update && sudo apt upgrade -y

With your repositories and packages now up-to-date, proceed to install the Apache web server from the official repository:

$ sudo apt install apache2* -y

Now that Apache2 is installed on your system, verify its version by running the following command:

$ sudo apache2 -v

Server version: Apache/2.4.57 (Debian)

Server built: 2023-04-13T03:26:51

To initiate the service of your Apache2 web server, execute the ‘systemctl start‘ command provided below.

$ sudo systemctl start apache2

After initiating your web server service, you can also run the command to enable the Apache2 service to start automatically after a reboot:

$ sudo systemctl enable apache2

Moving forward, we can examine the status of the Apache2 service using the command below.

$ sudo systemctl status apache2

Next, you should configure your firewall to allow access to the Apache web server from any web browser:

$ sudo ufw allow 80

$ sudo ufw reload

Next, let’s check if our Apache2 server is running successfully. To do this, open any web browser and enter “http://localhost” in the address bar.

However, you can also access the Apache page by entering your server’s IP address or domain name:

http://your_server_ip/

http://your_domain.com/

If you are unsure about your server’s IP address, run the ‘ip addr‘ command to locate it:

$ ip addr

Install MariaDB in Debian 12

MariaDB is a widely used, high-speed, open-source relational database system that assists users in storing and organizing their data.

To utilize the MariaDB database server, execute the provided command to install it:

$ sudo apt install mariadb-* -y

To view the version of the installed MariaDB server, type the following:

$ mariadb -V

mariadb Ver 15.1 Distrib 10.11.3-MariaDB, for debian-linux-gnu (x86_64) using EditLine wrapper

Next, initiate, enable, and verify the status of your MariaDB database server service:

$ sudo systemctl start mariadb

$ sudo systemctl enable mariadb

$ sudo systemctl status mariadb

Lastly, we will run the following command to ensure the security of our database server:

$ sudo mariadb-secure-installation

Note: The primary aim of this command is to generate robust passwords, eliminate anonymous users and unnecessary databases, and disable remote logins. However, you can customize the security settings of your database according to your preferences.

The terminal will present various questions. Read and respond to them correctly.

After securing your database, log in to it by executing the provided command. The terminal will request your password. Enter the password you previously set for your database to successfully access your database server:

$ sudo mariadb -u root -p

Connect MySQL in Debian — Connect MySQL to Debian

After successfully logging into your database server, you can create and manage your databases. Since we have already set up Linux and installed Apache and MariaDB, we can finalize our LAMP stack installation by adding PHP.

Install PHP, Perl, and Python in Debian 12

Although the ‘P‘ in the LAMP stack traditionally stands for the PHP programming language, there is an ongoing discussion about potentially replacing it with Perl or Python.

In this context, we will install PHP, Python, and Perl.

Install PHP in Debian

To install PHP, execute the command provided below:

$ sudo apt install php libapache2-mod-php php-mysql -y

After installing PHP, enter the command “php -v” to display the installed version:

$ php -v

PHP 8.2.7 (cli) (built: Jun 9 2023 19:37:27) (NTS) Copyright (c) The PHP Group Zend Engine v4.2.7, Copyright (c) Zend Technologies with Zend OPcache v8.2.7, Copyright (c), by Zend Technologies

Install Python in Debian

However, if you’re someone who wants to install Perl instead of PHP, the choice is yours. Simply run the following command to install Perl:

$ sudo apt install perl libapache2-mod-perl2 -y

To determine the installed version of Perl, execute the command:

$ perl -v

This is perl 5, version 36, subversion 0 (v5.36.0) built for x86_64-linux-gnu-thread-multi

Install Python in Debian

Continuing, let’s provide the command to install Python on your system, in case you wish to do so:

$ sudo apt install python3 libapache2-mod-python -y

To verify the installed version of Python3, enter the following command:

$ python3 –version

Python 3.11.2

With our LAMP stack now fully configured and operational, let’s assess its functionality by hosting a PHP website on it.

Check PHP Info on Debian

Begin by creating a PHP file named “ubuntumint_test.php” within the Apache2 directory using the nano editor:

$ sudo nano /var/www/html/ubuntumint_test.php

Next, add the following line to the file, which will display comprehensive information about the PHP installation and configuration:

<?php phpinfo(); ?>

Now, open a web browser and enter the following URL to view your successfully deployed webpage using the LAMP stack:

http://localhost/ubuntumint_test.php

http://your_server_ip/ubuntumint_test.php

http://your_domain.com/ubuntumint_test.php

Here, we can observe that our sample website is hosted on an Apache web server. Continuing, we will thoroughly test the functionality of our LAMP Stack by creating a virtual host and deploying a PHP website on it, along with connecting to a MariaDB database.

Create a Virtual Hosting for a Website Using LAMP

Apache provides the capability to create virtual hosts, a feature that enables hosting multiple domains on a single server.

In Debian 12, the default configuration of Apache includes a server block designed to serve a single website, with its documents located in the “/var/www/html” directory.

However, if your intention is to host multiple websites on Apache, you can accomplish this by creating a new directory within the “/var/www/” directory using the “mkdir” command. This new directory should be named after your domain:

$ sudo mkdir /var/www/ubuntumint

Now that we’ve successfully created a directory named “ubuntumint”, let’s assign ownership of this directory to the “$USER” environment variable, as illustrated below:

$ sudo chown -R $USER:$USER /var/www/ubuntumint

Next, generate a new configuration file named “ubuntumint.conf” within the “sites-available” directory, which will guide Apache on how to handle the specified domain name:

$ sudo nano /etc/apache2/sites-available/ubuntumint.conf

In this new file, copy and paste the code provided below. Remember to modify the values of “ServerName”, “ServerAlias”, “DocumentRoot”, and “Directory” to match your domain settings:

ServerName ubuntumint

ServerAlias www.ubuntumint

DocumentRoot /var/www/ubuntumint

Options Indexes FollowSymLinks

AllowOverride All

Require all granted

</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

After saving this file, it’s time to enable the new virtual host:

$ sudo a2ensite ubuntumint

Since you’re now using a custom domain name, you might want to disable the default Apache website. To do so, execute the following command:

$ sudo a2dissite 000-default

Lastly, verify the integrity of your configuration file by utilizing the following command:

$ sudo apache2ctl configtest

Subsequently, execute the reload command to apply the changes to the Apache web server configurations:

$ sudo systemctl reload apache2

Let’s test this domain by moving the sample PHP file we previously created into our domain’s directory:

$ cp /var/www/html/ubuntumint_test.php /var/www/ubuntumint/

Now that you’ve established a domain for your website, you can access your website by entering the following URL into your web browser.

http://your_domain.com/ubuntumint_test.php

Observe that your website is successfully hosted on the custom domain instead of localhost. This demonstrates how to configure your Apache web server for hosting any website.

Host a Website on LAMP Stack

In this step, we will cover the configuration and testing of the MariaDB database server and PHP for website creation. Subsequently, we will proceed to host this website using the custom domain on the Apache web server.

Now connect to the MariaDB database server and create a new database named “umdatabase”:

$ sudo mariadb -u root -p

$ CREATE DATABASE umdatabase;

After successfully creating a new database, proceed to create a new user named “neem” for all databases and set its password as “Pass123?”. If you encounter any errors, consult MariaDB’s password policy for guidance:

CREATE USER ‘neem’@’%’ IDENTIFIED BY ‘Pass123?’;

Next, provide the necessary or all privileges to this user by executing the “GRANT” command:

GRANT ALL PRIVILEGES ON umdatabase.* TO ‘neem’@’%’;

After granting permissions, it’s necessary to reload the privileges by executing the following command:

FLUSH PRIVILEGES;

Continuing, let’s generate a new PHP file named “lampUser.php” in the domain’s directory using the nano editor:

$ sudo nano /var/www/ubuntumint/lampUser.php

In this file, copy and paste the code provided below to create a website capable of storing data in the MariaDB database. This code will establish a connection to the database and display an error message if any issues arise during the connection:

<?php // Database connection parameters

$dbHost = “localhost”; // Replace with your database host

$dbUsername = “neem”; // Replace with your database username $dbPassword = “Pass123?”; // Replace with your database password $dbName = “umdatabase”; // Replace with your database name

// change your database connection parameters according to your system

// Create a database connection

$conn = new mysqli($dbHost, $dbUsername, $dbPassword, $dbName);

// Check if the connection was successful

if ($conn->connect_error) {

die(“Connection failed: ” . $conn->connect_error);

}

// Create the ‘UMusers’ table if it doesn’t exist

$sqlCreateTable = “CREATE TABLE IF NOT EXISTS UMusers (

id INT(11) AUTO_INCREMENT PRIMARY KEY,

first_name VARCHAR(50) NOT NULL,

last_name VARCHAR(50) )”;

// Throw an exception if table does not create

if ($conn->query($sqlCreateTable) === FALSE) {

echo “Error creating table: ” . $conn->error;

$conn->close();

exit();

}

// Check if the form is submitted

if ($_SERVER[“REQUEST_METHOD”] == “POST”) {

// Get the form data

$firstName = $_POST[“first_name”];

$lastName = $_POST[“last_name”];

// Prepare and execute the SQL query to insert the data into the ‘users’ table

$sqlInsert = “INSERT INTO UMusers (first_name, last_name) VALUES (‘$firstName’, ‘$lastName’)”;

if ($conn->query($sqlInsert) === TRUE) {

echo “Data saved successfully!”;

} else {

echo “Error: ” . $sqlInsert . “<br>” . $conn->error;

}

// Close the database connection

$conn->close();

<!DOCTYPE html>

<html>

<head>

<title>UbuntuMint LAMP</title>

</head>

<body>

<h1>UbuntuMint – LAMP Guide</h1>

<label for=”first_name”>First Name:</label>

</form>

</body>

</html>

Save this file and open your web browser to test this PHP website, which can store data in the database table named “UMusers”:

http://your_domain/lampUser.php

Check Website on LAMP Stack — Check the Website on the LAMP Stack

Let’s save some data using this website to verify if it will be stored in your MariaDB server or not:

$ sudo mariadb -u neem -p USE umdatabase;

SELECT * FROM UMusers;

Check Data on Database — Check Data on the Database

Conclusion

LAMP is a robust combination of four open-source tools that are essential for creating and hosting websites and applications. This article has presented a comprehensive guide for installing LAMP on Debian 12.

Source

November 4, 2023November 4, 2023

10 Free Google Courses for Career Growth in 2023

In today’s digital world, staying ahead in your career often means acquiring new skills. With the rapid evolution of technology, it’s crucial to keep up with the latest trends and tools to remain competitive.

Google, one of the tech giants, recognizes the importance of skill development and offers a range of free courses to help you stay relevant in 2023 and beyond.

Skill development enables individuals to adapt to changing environments and excel in their careers. In this highly competitive job market, employers are constantly seeking individuals with up-to-date skills. Whether you’re a recent graduate, a working professional, or someone looking to switch careers, improving your skill set is essential.

Google, a company renowned for innovation, has extended its support to skill development by enabling individual free courses in various domains such as digital marketing, IT support, cybersecurity, data analytics, project management, and UX design etc that are suitable for beginners as well as experienced professionals.

These free courses provide an ideal learning platform with practical knowledge and hands-on experience to upskill or supplant their knowledge in their line of profession. They are also a great choice for professionals looking for upward mobility in their careers or those transitioning into a different line of work.

Contents:

Key Benefits of Free Google Courses

10 Best FREE Google Courses

1. Application Development-Python

2. Applied Data Science with Python

3. Build Apps & Websites with Firebase

4. Google Ads Search Certification

5. YouTube Music Certification

6. Fundamentals of Digital Marketing

7. Build Apps with Flutter

8. Google Ads Display Certification

9. Introduction to ML: Language Processing

10. Build Interactive Apps with Google Assistant

How to Enroll in Free Google Courses

How to Obtain a Free Certificate From Google

Tips And Tricks To Crack The Interview Round

Best Free Google Courses to Become Skilled FAQs

1. Are Google certifications worth it?

2. How long does it take to complete a Google course?

3. What is the Process of Applying For A Job At Google?

4. What are the prerequisites for Google courses?

5. Are Google courses recognized by employers?

Conclusion

Key Benefits of Free Google Courses

Cost-Effective: These courses are entirely free, eliminating financial barriers to education.
Self-Paced Learning: Google’s courses allow you to learn at your own pace, accommodating to your busy schedules.
Certifications: Upon successful completion, you receive a certificate from Google, a well-recognized credential that will help you get employment in industries with high rates of growth.
Hands-on Experience: Many courses include practical assignments and real-world projects.

10 Best FREE Google Courses

This tutorial features some of the top free Google courses you can enroll in to boost your skills.

1. Application Development-Python

In this advanced course, you will learn how to Develop Python applications for Google Cloud Platform (GCP). In addition to receiving practical experience in deploying Python apps on Kubernetes and App Engine, you will study the fundamentals of setting up environments and storing application data with Cloud Datastore.

Moreover, the course incorporates special bonus labs that cover backend service development and user authentication. This course can be accessed through Google on Class Central.

Application Development - Python — Application Development – Python

2. Applied Data Science with Python

This course includes a Data Science with Python curriculum that equips learners with data science skills, including knowledge of popular data science libraries in Python such as Numpy, SciPy, Plotly, and Pandas.

Anyone who wants to launch a career as a data scientist. this course material is a vaulable resource for Kickstarter with.

Learners who have a basic understanding of Python programming and want to get their hands dirty by using Python toolkits to apply social network analysis techniques, machine learning, information visualization, and text analysis to their data will find this course beneficial.

3. Build Apps & Websites with Firebase

The fundamentals of the Firebase application development platform are covered in this Google course. You will discover how to use Firebase and its Google Cloud connectors to create Google Assistant applications, construct serverless web apps, and load data into serverless databases.

To verify your knowledge and showcase your abilities, the course also contains a challenge lab. You will obtain a special digital badge from Google Cloud upon fulfilling this task.

4. Google Ads Search Certification

Google Ads (previously Google Adwords) is the most widely used PPC system and a significant source of revenue for Google. To help marketers make the most of Google Ads’ features, they created several certification courses that are all freely accessible through Google Skillshop.

The Google Ads Search Certification is one of the Google Ads courses that will equip you with solid skills to manage Google search marketing campaigns.

5. YouTube Music Certification

The YouTube Music Certification course is tailored for music content owners and examines the tactics and tools needed for teams to deliver content and manage musical assets at scale efficiently. The training addresses key elements such as rights management, commercialization, and promotion.

The certification is free, and you can add it to your LinkedIn profile upon completion.

6. Fundamentals of Digital Marketing

Google offers a free course on the Fundamentals of Digital Marketing, which Interactive Advertising Bureau Europe and the Open University have accredited.

By enrolling in this course, you’ll acquire the skills needed to manage multiple digital marketing channels, such as:

Online Marketing Strategy
Email Marketing
Content Marketing
Display Advertising
Mobile Marketing
eCommerce Marketing

This certification course is meant for beginners and requires a total of 40 hours of time commitment. To become certified, you must complete all 26 modules and ace the 40-question Google Garage exam.

7. Build Apps with Flutter

Developed by Google, Flutter is a popular open-source framework for creating beautiful, responsive cross-platform web and mobile applications from a shared codebase.

Google is offering a free course called Build Apps with Flutter which comprises two codelabs, one quiz, and four activities. You will learn how to create your first Flutter app, how stateful widgets work best, and how Flutter differs from other app development frameworks.

8. Google Ads Display Certification

The Google Ads Display Certification is provided by Google and is aimed at helping digital marketers prove their capacity to create successful Display strategies and campaigns that accomplish particular marketing objectives.

Upon earning this certification, you will have the skills to:

Develop a comprehensive strategy to enhance awareness, consideration, action, and retention.
Effectively target audiences, reaching both existing and prospective customers.
Make sure that the display marketing plan aligns properly with the digital marketing budget.
Initiate/start permission marketing campaigns.

9. Introduction to ML: Language Processing

With Intro to ML: Language Processing, course you will learn about machine learning in the context of language processing and get practical experience with the technology. You’ll discover how to use the Speech-to-Text API for transcription, perform sentiment and syntactic analysis, and extract entities from text.

Through a series of labs, the course will teach you how to use AI Platform, Google Cloud Speech API, and Cloud Natural Language API to fully utilize machine learning. Upon completion, you will receive a special digital badge from Google Cloud.

10. Build Interactive Apps with Google Assistant

This Build Interactive Apps with Google Assistant is a free course offered by Google through Qwiklabs, which awards a skill badge upon completion.

The course teaches learners how to create Actions projects, integrate Dialogflow into Actions projects, test their applications using Actions Simulator, build Assistant apps using flash card templates, integrate customer MP3 files into Assistant apps, add Cloud Translation API to Assistant apps, and use APIs and integrate.

How to Enroll in Free Google Courses

The Free Google Courses are available online without any cost. Getting started with Google’s free courses is very simple, Go to Google’s free online Courses, create an account, choose your course, and begin learning.

How to Obtain a Free Certificate From Google

Obtaining a free certificate from Google is a valuable accomplishment that can enhance your skills and boost your career prospects. Here’s a step-by-step guide on how to get a free certificate from Google.

Choose and Enroll in the Course: Select the course that aligns with your interests and career goals. and Enroll it. This involves creating an account on the Google learning platform.
Complete the Course: Google’s courses are designed to allow users to study at their own pace that suits their schedule.
Pass Project and Quiz: Complete the assessments and quizzes with a passing score.
Finish Practical Assignments: Some Google courses require you to complete practical projects.
Receive Certificate: After completing the course, you will be awarded a certificate from Google. You can view and print the certification on your profile page, and add it to your resume, and LinkedIn to maximize the value of the Google certificate.

Tips And Tricks To Crack The Interview Round

You can use Google Careers tips and techniques to prepare for a Google job interview. The tips include:

Do your homework before applying for the position and the company.
Use a whiteboard or paper to practice coding.
Expect behavioral inquiries; be ready.
Ask questions when necessary

Best Free Google Courses to Become Skilled FAQs

This FAQ section answers commonly asked questions about the Best Free Google Courses to Become Skilled.

1. Are Google certifications worth it?

Yes, Google certificates are worth pursuing because according to Google, 75% of certificate holders report achieving a good career outcome such as a new job, promotion, or raise, all within six months of completing the certificate.

For those with 0–5 years of professional experience, the median pay in various fields stands at $76,000 or higher.

Also, thanks to the value that employers and academic institutions place on Google certifications, you can find work in a variety of industries, including IT and digital marketing. The majority of certificates are free, and those that cost money are fairly priced.

2. How long does it take to complete a Google course?

The duration varies depending on the course, but they are self-paced, allowing you to learn at your speed.

3. What is the Process of Applying For A Job At Google?

Now, once you’ve gained the relevant skills needed and want to get employment at Google, you must register for a Google Careers account and submit your application online to apply for a job at Google. Your resume and cover letter must both be included in the application.

If your application is chosen for further consideration, you will receive an invitation to take part in an interview process that may involve several rounds of interviews with various teams.

4. What are the prerequisites for Google courses?

Most courses have no specific prerequisites, making them accessible to learners of all levels.

5. Are Google courses recognized by employers?

Yes, Google’s certifications are highly regarded by employers and can enhance your job prospects.

Conclusion

The free courses scheduled for 2023 are a priceless resource for students looking to advance or hone their knowledge in a variety of subject areas. Participants who acquire certification are acknowledged for their efforts and successes, in addition to learning new information.

Join Google Free Courses right away to begin your journey toward development and lifelong learning.

Source

November 4, 2023November 4, 2023

How to Upgrade from Ubuntu 20.04 LTS to Ubuntu 22.04 LTS

Ubuntu 22.04, codenamed Jammy Jellyfish, was released by Canonical on April 21 2022. It is the latest long-term support (LTS) release after its predecessor, Ubuntu 20.04 LTS.

Ubuntu 22.04 provides major enhancements, new capabilities, and a number of new software packages such as:

PHP 8.1.2
OpenSSL 3.0
Ruby 3.0
Python 3.10.4
MySQL 8.0.28
PostgreSQL 14.2
Linux kernel v5.15.0-25 & MESA 22

For a comprehensive list of all the new features and software packages, check out the release notes.

In this tutorial, we will walk you through the process of how to upgrade Ubuntu 20.04 to Ubuntu 22.04.

Prerequisites

Before you begin the upgrade, ensure you meet the following requirements:

At least 20 GB of free disk space. You can check the available disk space using the df -Th command.
Ensure you have a regular user configured with sudo privileges with access to SSH or the terminal app. This is the user you will use to perform the upgrade process.
In addition, ensure you have a fast and stable internet connection. Do not cancel the operation once it’s begun.
Ensure your UPS or battery are fully charged and working.
Close all open applications.

Step 1: Backup all your data

It is prudent to take a backup of all your databases and files before embarking on any major upgrade of an operating system. This ensures you will not lose your data in case something goes wrong during the upgrade process.

Cloud server providers offer snapshot services. Therefore, if you are running a virtual machine or cloud VPS, ensure you take a complete snapshot so that you can restore your instance in case it breaks.

Step 2: Upgrade all the system packages

Once the backup is in place, log in to your instance and upgrade all the packages to their latest versions. This upgrades the entire system to the latest Ubuntu release.

To list upgradable packages, run the command (note: if you haven’t done this in a while, you may want to run the sudo apt update command first to get the most current details possible):

$ sudo apt list –upgradable

Next, refresh the local package index and upgrade the packages in one single command as follows:

$ sudo apt update && sudo apt upgrade -y

This might take a while depending on the number of installed packages with pending upgrades. Once the upgrade is complete, reboot your system to take advantage of the latest kernel that will come with the upgrade.

$ sudo reboot

Then log back into the system and confirm it has been upgraded to the latest release, which, at the time of publishing this guide, is Ubuntu 20.04.4 LTS.

$ lsb_release -a

Step 3: Open TCP port 1022

If you are connected to your Ubuntu instance via SSH, the upgrade tool will open another SSH port (1022) as a fallback port in case the SSH connection drops on port 22.

To simplify things, we recommend that you open port 1022 on your firewall as follows. We also recommend speaking with your networking team beforehand to ensure you are minimizing potential security risks. Be sure to follow Step 6 below to close the port when you are done.

$ sudo ufw allow 1022/tcp

To apply the firewall rule, reload the firewall.

$ sudo ufw reload

Then verify that the port has been opened by probing the firewall status as shown.

$ sudo ufw status

Step 4: Upgrade to Ubuntu 22.04 Jammy Jellyfish

At this point, upgrading to Ubuntu 22.04 will be a straightforward and seamless process. There are two ways to upgrade to the latest Ubuntu version: You can use the do-release-upgrade tool, which works for both CLI and GUI instances, or the GUI update tool.

In this guide, we will use the do-release-upgrade tool. If it is not installed, you can install it by running the command:

$ sudo apt install update-manager-core

To commence the upgrade, run the command:

$ sudo do-release-upgrade

During the upgrade, the upgrade tool will probe for the latest LTS release and walk you through a series of prompts.

First and foremost, it will detect your SSH connection and notify you that an additional SSH service will be started on port 1022. Simply type “Y” to proceed.

Next, the upgrade tool will notify you to open port 1022, which will be used as an alternative SSH port in case of an SSH connection interruption on the default port. Since you already opened the port, just hit ENTER.

Next, you will be prompted to update the “sources.list” file from ‘focal’ to ‘jammy’ entries. To proceed with the upgrade, press “Y” and press ENTER.

The update tool will calculate all the changes and provide a summary of the following:

Installed packages that are no longer supported by Canonical.
The number of packages to be removed.
The number of new packages that will be installed.
The number of packages that will be upgraded.
Total download size and how long the download will take.

To continue, once again, press “Y” and press ENTER.

Some services will need to be restarted once some libraries and packages are upgraded. On this pop-up, select ‘Yes‘ to restart these services during package upgrades without being prompted.

From here, the upgrade tool will proceed to download all the requisite packages from the official Ubuntu repositories and upgrade them.

When prompted on what to do with the modified “sshd_config” configuration file, you can choose to install the package maintainer’s version or keep the local version installed. Then, select ‘Ok’.

Next, press “Y” and hit ENTER to remove obsolete packages.

Thereafter, all the old packages alongside their configuration files will be removed.

The entire process takes quite some time, so patience will be required. This is a good time to take a break and grab some coffee.

Once the upgrade is complete, you will be prompted to restart the system to finish the upgrade. Press “Y” and hit ENTER to reboot. This will cause you to lose connection to the server.

Step 5: Verify the upgrade to Ubuntu 22.04

After rebooting, log back in and confirm the upgrade was successful.

The command:

$ lsb_release -a

checks the version of Linux, while the command

$ uname -mrs

checks the kernel version.

From the output below, you can see that we are now currently running Ubuntu 22.04 LTS. Also, note that we are using kernel 5.15 which is the kernel version that comes with Ubuntu 22.04 by default.

Step 6: Delete the firewall rule you created

Now that you are finished with the update and no longer need port 1022 open, run the following command to close the port and prevent it from becoming a security vulnerability.

$ sudoufw delete allow 1022/tcp

Step 7: Enable third-party repositories

During the upgrade, all third-party repositories are disabled. You might want to re-enable them now that the upgrade is complete. You can find these repositories in the/etc/apt/sources.list.d directory.

To display these repositories, run the command:

$ ls -l etc/apt/sources.list.d/

To enable them, simply open each file and uncomment the entries by deleting the # sign at the beginning of each line.

Finally, free up the disk space by removing all the unnecessary packages as follows:

$ sudo apt autoremove –purge

Conclusion

As you have seen, upgrading Ubuntu 20.04 to Ubuntu 22.04 is a simple process that requires just a few commands.

If you are an IT admin overseeing the updates of multiple Ubuntu systems, in addition to macOS and Windows device updates, your workflow can become quite complicated very quickly.

Source

November 4, 2023November 4, 2023

How To Check Your Ubuntu Version (Using the Command Line and GUI)

Ubuntu is an open source Operating System (OS) used by people all over the world. Although it is user-friendly and customizable, it may not always be compatible with additional software. As such, you’ll need to check if your version of Ubuntu will integrate with other programs.

Fortunately, it’s relatively easy to check your Ubuntu version. You can do so using commands in the terminal or by accessing the settings in the Graphical User Interface (GUI).

In this guide, we’ll discuss what Ubuntu is and why you might want to check which version of it you are running. Then, we’ll explain how to perform this check using various easy methods. Let’s get started!

An Overview of Ubuntu (and Why You Might Need to Check Your Version of It)

Ubuntu is a Linux-based OS popular across the world. You can use the desktop, server, or core versions, depending on your needs.

The platform is entirely free. It also has some advantages over other OS such as Windows or macOS.

For example, it uses open source software and provides a secure development environment. As such, Ubuntu can be a helpful tool for web developers.

You can also customize most aspects of your User Interface (UI) and User Experience (UX). Therefore, Ubuntu could be an excellent choice if you feel limited by other OS options.

There are updated releases of Ubuntu approximately every six months. New versions of the software usually include maintenance and hardware updates that help the OS run more smoothly. As such, it’s in your best interest to stay up to date with the latest release.

However, you may not know if you’re running the latest version of Ubuntu. Therefore, you might like to check your OS and see if you need to update it.

Furthermore, you may need to check your Ubuntu version when installing third-party software. Not all other platforms may be compatible with the OS updates, so it’s worth investigating this before you install them.

Finally, you may run into some issues when using Ubuntu. If this happens, you can turn to technical support forums such as the official Ubuntu Forums.

You can improve your forum experience by providing your version of Ubuntu. With this information, other members can assist you more precisely.

Wondering if your version of Ubuntu will integrate with other programs? 🤔 It’s easy to check… and this guide is here to help! 💪

How To Check Your Ubuntu Version in the Command Line (4 Methods)

You can check your Ubuntu version quickly using the command line (also known as the terminal). You can access this tool by using the keyboard shortcut Ctrl + Alt + T.

Once you have the command line open, you can use a few different methods to find out your Ubuntu version. Let’s explore some of them.

Use the lsb_release -a Command
Use the /etc/lsb-release or /etc/os-release Command
Check the /etc/issue File
Use the hostnamectl Command

1. Use the lsb_release -a Command

The lsb_release command shows you details about your Linux distribution. For example, it displays data concerning LSB modules. It also shows the ID and release number of the distributor.

When you add “-a” to the end of this command, it returns all possible information. This method is pretty straightforward, so you might want to utilize it if you need to find out your Ubuntu version quickly.

To start, open up your terminal and type in this command:

lsb_release -a

Then hit your Enter key to return the results. They should look something like this.

Hit "Enter" after the command to return results

You can see your Ubuntu version next to the Description heading. You can also see data about your LSB modules and the codename for your distributor.

2. Use the /etc/lsb-release or /etc/os-release Command

The /etc/lsb-release command can show you your Ubuntu version with separate lines for the release number and its description. It is designed for older systems, so you may like to use it if you’re running an outdated version of Ubuntu.

You can also obtain the same information using the /etc/os-release command. This is compatible with Ubuntu 16.04 and higher.

As before, open your terminal and enter one of the above commands. You’ll need to add “cat” before either of them:

cat etc/os-release

Then, you’ll see a list of information that includes the number of your Ubuntu version and its release name. Additionally, there are a few links to the Ubuntu website and resources that can help you.

Find the Ubuntu version and its release name — Ubuntu version and release name

Using the /etc/lsb-release command will return simpler results that show you the release ID, description, and codename. It doesn’t include the links and the Ubuntu version name.

3. Check the /etc/issue File

The /etc/issue file is a text-based document. It contains system identification data.

Using this method is simpler because the command won’t display anything other than your Ubuntu version. As such, you may like to utilize this file if you’re in a hurry and don’t need to gather any additional information about your system.

As with the previous commands, you’ll need to enter “cat” before the command. Type this into your terminal:

cat /etc/issue

Hit Enter, and you’ll see a single line of text.

Your version of Ubuntu is the series of numbers before LTS. You don’t need to do anything else here.

4. Use the hostnamectl Command

Finally, you can use the hostnamectl command. This is typically used when you want to change the hostname of your system. However, it also returns information such as your Ubuntu version and machine ID.

Open up your terminal and type in this command:

hostnamectl

Next, press your Enter key and you’ll see a list of information.

Here you can see both your Ubuntu version and your Ubuntu Linux kernel version. That’s it! Those are the main methods you can use to find the version of your Ubuntu OS.

How To Check Your Ubuntu Version in the GUI Settings?

If you’d rather not use the command line, you can also find your Ubuntu version in your GUI settings. You might prefer to use this method if you’re still getting used to working with the OS and its layout. However, it is a bit more time-consuming.

First, head to Show Applications. It’s the icon in the bottom left of your screen:

Next, click on Settings. If you can’t find it, type “settings” into the search bar at the top of the screen.

Then select the About tab from the left menu. You’ll need to scroll to the bottom of the list of items to find it. Here, you will be able to see your Ubuntu version next to the OS Name heading.

Find and select the "About" tab from the left menu — Find and select the “About” tab

For example, we’re currently running Ubuntu 20.04.3 on our system. It’s that easy!

Summary

Ubuntu is an open source OS that provides an excellent web development environment. However, it isn’t perfect and may not integrate with all the latest software. Therefore, you might need to check your version of Ubuntu before installing new programs.

To recap, you can check your Ubuntu version using any of the following methods:

Use the lsb_release -a command.
Use the /etc/lsb-release or /etc/os-release command.
Check the /etc/issue file.
Use the hostnamectl command.
Check the Ubuntu version in your GUI settings.

Source

November 3, 2023November 3, 2023

How To Install and Secure phpMyAdmin on Ubuntu 22.04

Introduction

While many users need the functionality of a database management system like MySQL, they may not feel comfortable interacting with the system solely from the MySQL prompt.

phpMyAdmin was created so that users can interact with MySQL through a web interface. In this guide, we’ll discuss how to install and secure phpMyAdmin so that you can safely use it to manage your databases on an Ubuntu 22.04 system.

Prerequisites

In order to complete this guide, you will need:

An Ubuntu 22.04 server. This server should have a non-root user with administrative privileges and a firewall configured with ufw. To set this up, follow our initial server setup guide for Ubuntu 22.04.
A LAMP (Linux, Apache, MySQL, and PHP) stack installed on your Ubuntu 22.04 server. If this is not completed yet, you can follow this guide on installing a LAMP stack on Ubuntu 22.04.

Additionally, there are important security considerations when using software like phpMyAdmin, since it:

Communicates directly with your MySQL installation
Handles authentication using MySQL credentials
Executes and returns results for arbitrary SQL queries

For these reasons, and because it is a widely-deployed PHP application which is frequently targeted for attack, you should never run phpMyAdmin on remote systems over a plain HTTP connection.

If you do not have an existing domain configured with an SSL/TLS certificate, you can follow this guide on securing Apache with Let’s Encrypt on Ubuntu 22.04. This will require you to register a domain name, create DNS records for your server, and set up an Apache Virtual Host.

Step 1 — Installing phpMyAdmin

You can use APT to install phpMyAdmin from the default Ubuntu repositories.

As your non-root sudo user, update your server’s package index if you haven’t done so recently:

sudo apt update

Following that you can install the phpmyadmin package. Along with this package, the official documentation also recommends that you install a few PHP extensions onto your server to enable certain functionalities and improve performance.

If you followed the prerequisite LAMP stack tutorial, several of these modules will have been installed along with the php package. However, it’s recommended that you also install these packages:

php-mbstring: A module for managing non-ASCII strings and convert strings to different encodings
php-zip: This extension supports uploading .zip files to phpMyAdmin
php-gd: Enables support for the GD Graphics Library
php-json: Provides PHP with support for JSON serialization
php-curl: Allows PHP to interact with different kinds of servers using different protocols

Run the following command to install these packages onto your system. Please note, though, that the installation process requires you to make some choices to configure phpMyAdmin correctly. We’ll walk through these options shortly:

sudo apt install phpmyadmin php-mbstring php-zip php-gd php-json php-curl

Here are the options you should choose when prompted in order to configure your installation correctly:

For the server selection, choose apache2

Warning: When the prompt appears, “apache2” is highlighted, but not selected. If you do not hit SPACE to select Apache, the installer will not move the necessary files during installation. Hit SPACE, TAB, and then ENTER to select Apache.

Select Yes when asked whether to use dbconfig-common to set up the database
You will then be asked to choose and confirm a MySQL application password for phpMyAdmin

Note: Assuming you installed MySQL by following Step 2 of the prerequisite LAMP stack tutorial, you may have decided to enable the Validate Password plugin. As of this writing, enabling this component will trigger an error when you attempt to set a password for the phpmyadmin user:

To resolve this, select the abort option to stop the installation process. Then, open up your MySQL prompt:

sudo mysql

Or, if you enabled password authentication for the root MySQL user, run this command and then enter your password when prompted:

mysql -u root -p

From the prompt, run the following command to disable the Validate Password component. Note that this won’t actually uninstall it, but just stop the component from being loaded on your MySQL server:

UNINSTALL COMPONENT "file://component_validate_password";

Following that, you can close the MySQL client:

exit

Then try installing the phpmyadmin package again and it will work as expected:

sudo apt install phpmyadmin

Once phpMyAdmin is installed, you can open the MySQL prompt once again with sudo mysql or mysql -u root -p and then run the following command to re-enable the Validate Password component:

INSTALL COMPONENT "file://component_validate_password";

The installation process adds the phpMyAdmin Apache configuration file into the /etc/apache2/conf-enabled/ directory, where it is read automatically. To finish configuring Apache and PHP to work with phpMyAdmin, the only remaining task in this section of the tutorial is to is explicitly enable the mbstring PHP extension, which you can do by typing:

sudo phpenmod mbstring

Afterwards, restart Apache for your changes to be recognized:

sudo systemctl restart apache2

phpMyAdmin is now installed and configured to work with Apache. However, before you can log in and begin interacting with your MySQL databases, you will need to ensure that your MySQL users have the privileges required for interacting with the program.

Step 2 — Adjusting User Authentication and Privileges

When you installed phpMyAdmin onto your server, it automatically created a database user called phpmyadmin which performs certain underlying processes for the program. Rather than logging in as this user with the administrative password you set during installation, it’s recommended that you log in as either your root MySQL user or as a user dedicated to managing databases through the phpMyAdmin interface.

Configuring Password Access for the MySQL Root Account

In Ubuntu systems running MySQL 5.7 (and later versions), the root MySQL user is set to authenticate using the auth_socket plugin by default rather than with a password. This allows for some greater security and usability in many cases, but it can also complicate things when you need to allow an external program — like phpMyAdmin — to access the user.

In order to log in to phpMyAdmin as your root MySQL user, you will need to switch its authentication method from auth_socket to one that makes use of a password, if you haven’t already done so. To do this, open up the MySQL prompt from your terminal:

sudo mysql

Next, check which authentication method each of your MySQL user accounts use with the following command:

SELECT user,authentication_string,plugin,host FROM mysql.user;

Output+------------------+------------------------------------------------------------------------+-----------------------+-----------+
| user             | authentication_string                                                  | plugin                | host      |
+------------------+------------------------------------------------------------------------+-----------------------+-----------+
| debian-sys-maint | $A$005$I:jOry?]Sy<|qhQRj3fBRQ43i4UJxrpm.IaT6lOHkgveJjmeIjJrRe6         | caching_sha2_password | localhost |
| mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| mysql.session    | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| mysql.sys        | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| phpmyadmin       | $A$005$?#{Z?`gN!c2az)}V-INCWXSuVdqB9zWteH1IkZfTe/rOLgVhSzEMM9R3G6K9    | caching_sha2_password | localhost |
| root             |                                                                        | auth_socket           | localhost |
+------------------+------------------------------------------------------------------------+-----------------------+-----------+
6 rows in set (0.00 sec)

This example output indicates that the root user does in fact authenticate using the auth_socket plugin. To configure the root account to authenticate with a password, run the following ALTER USER command. Be sure to change password to a strong password of your choosing:

ALTER USER 'root'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'password';

Note: The previous ALTER USER statement sets the root MySQL user to authenticate with the caching_sha2_password plugin. Per the official MySQL documentation, caching_sha2_password is MySQL’s preferred authentication plugin, as it provides more secure password encryption than the older, but still widely used, mysql_native_password.

However, some versions of PHP don’t work reliably with caching_sha2_password. PHP has reported that this issue was fixed as of PHP 7.4, but if you encounter an error when trying to log in to phpMyAdmin later on, you may want to set root to authenticate with mysql_native_password instead:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

Then, check the authentication methods employed by each of your users again to confirm that root no longer authenticates using the auth_socket plugin:

SELECT user,authentication_string,plugin,host FROM mysql.user;

Output+------------------+------------------------------------------------------------------------+-----------------------+-----------+
| user             | authentication_string                                                  | plugin                | host      |
+------------------+------------------------------------------------------------------------+-----------------------+-----------+
| debian-sys-maint | $A$005$I:jOry?]Sy<|qhQRj3fBRQ43i4UJxrpm.IaT6lOHkgveJjmeIjJrRe6         | caching_sha2_password | localhost |
| mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| mysql.session    | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| mysql.sys        | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED | caching_sha2_password | localhost |
| phpmyadmin       | $A$005$?#{Z?`gN!c2az)}V-INCWXSuVdqB9zWteH1IkZfTe/rOLgVhSzEMM9R3G6K9    | caching_sha2_password | localhost |
| root             | $A$005$3y�y|Z?'_[} ZyVHuESVwNmjKWOH/ndETwS.Kty0IH7UfiXjOfVvyWroy4a.   | caching_sha2_password | localhost |
+------------------+------------------------------------------------------------------------+-----------------------+-----------+
6 rows in set (0.00 sec)

This output shows that the root user will authenticate using a password. You can now log in to the phpMyAdmin interface as your root user with the password you’ve set for it here.

Configuring Password Access for a Dedicated MySQL User

Alternatively, some may find that it better suits their workflow to connect to phpMyAdmin with a dedicated user. To do this, open up the MySQL shell once again:

sudo mysql

If you have password authentication enabled for your root user, as described in the previous section, you will need to run the following command and enter your password when prompted in order to connect:

mysql -u root -p

From there, create a new user and give it a strong password:

CREATE USER 'sammy'@'localhost' IDENTIFIED WITH caching_sha2_password BY 'password';

Note: Again, depending on what version of PHP you have installed, you may want to set your new user to authenticate with mysql_native_password instead of caching_sha2_password:

ALTER USER 'sammy'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';

Then, grant your new user appropriate privileges. For example, you could grant the user privileges to all tables within the database, as well as the power to add, change, and remove user privileges, with this command:

GRANT ALL PRIVILEGES ON *.* TO 'sammy'@'localhost' WITH GRANT OPTION;

Following that, exit the MySQL shell:

exit

You can now access the web interface by visiting your server’s domain name or public IP address followed by /phpmyadmin:

https://your_domain_or_IP/phpmyadmin

When you log in, you’ll be taken to phpMyAdmin’s user interface:

Now that you’re able to connect and interact with phpMyAdmin, all that’s left to do is harden your system’s security to protect it from attackers.

Step 3 — Securing Your phpMyAdmin Instance

Because of its ubiquity, phpMyAdmin is a popular target for attackers, and you should take extra care to prevent unauthorized access. One way of doing this is to place a gateway in front of the entire application by using Apache’s built-in .htaccess authentication and authorization functionalities.

To do this, you must first enable the use of .htaccess file overrides by editing your phpMyAdmin installation’s Apache configuration file.

Use your preferred text editor to edit the phpmyadmin.conf file that has been placed in your Apache configuration directory. Here, we’ll use nano:

sudo nano /etc/apache2/conf-available/phpmyadmin.conf

Add an AllowOverride All directive within the <Directory /usr/share/phpmyadmin> section of the configuration file, like this:

/etc/apache2/conf-available/phpmyadmin.conf

<Directory /usr/share/phpmyadmin>
    Options SymLinksIfOwnerMatch
    DirectoryIndex index.php
    AllowOverride All
    . . .

When you have added this line, save and close the file. If you used nano to edit the file, do so by pressing CTRL + X, Y, and then ENTER.

To implement the changes you made, restart Apache:

sudo systemctl restart apache2

Now that you have enabled the use of .htaccess files for your application, you need to create one to actually implement some security.

In order for this to be successful, the file must be created within the application directory. You can create the necessary file and open it in your text editor with root privileges by typing:

sudo nano /usr/share/phpmyadmin/.htaccess

Within this file, enter the following information:

/usr/share/phpmyadmin/.htaccess

AuthType Basic
AuthName "Restricted Files"
AuthUserFile /etc/phpmyadmin/.htpasswd
Require valid-user

Here is what each of these lines mean:

AuthType Basic: This line specifies the authentication type that you are implementing. This type will implement password authentication using a password file.
AuthName: This sets the message for the authentication dialog box. You should keep this generic so that unauthorized users won’t gain any information about what is being protected.
AuthUserFile: This sets the location of the password file that will be used for authentication. This should be outside of the directories that are being served. We will create this file shortly.
Require valid-user: This specifies that only authenticated users should be given access to this resource. This is what actually stops unauthorized users from entering.

When you are finished, save and close the file.

The location that you selected for your password file was /etc/phpmyadmin/.htpasswd. You can now create this file and pass it an initial user with the htpasswd utility:

sudo htpasswd -c /etc/phpmyadmin/.htpasswd username

You will be prompted to select and confirm a password for the user you are creating. Afterwards, the file is created with the hashed password that you entered.

If you want to enter an additional user, you need to do so without the -c flag, like this:

sudo htpasswd /etc/phpmyadmin/.htpasswd additionaluser

Then restart Apache to put .htaccess authentication into effect:

sudo systemctl restart apache2

Now, when you access your phpMyAdmin subdirectory, you will be prompted for the additional account name and password that you just configured:

https://domain_name_or_IP/phpmyadmin

After entering the Apache authentication, you’ll be taken to the regular phpMyAdmin authentication page to enter your MySQL credentials. By adding an extra set of non-MySQL credentials, you’re providing your database with an additional layer of security. This is desirable, since phpMyAdmin has been vulnerable to security threats in the past.

Conclusion

You should now have phpMyAdmin configured and ready to use on your Ubuntu 22.04 server. Using this interface, you can create databases, users, and tables, as well as perform the usual operations like deleting and modifying structures and data.

Source

November 3, 2023November 3, 2023

How To Secure Apache with Let’s Encrypt on Ubuntu 22.04

Introduction

Let’s Encrypt is a Certificate Authority (CA) that facilitates obtaining and installing free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. It streamlines the process by providing a software client, Certbot, that attempts to automate most (if not all) of the required steps. Currently, the entire process of obtaining and installing a certificate is fully automated on both Apache and Nginx.

In this guide, you’ll use Certbot to obtain a free SSL certificate for Apache on Ubuntu 22.04, and make sure this certificate is set up to renew automatically.

This tutorial uses a separate virtual host file instead of Apache’s default configuration file for setting up the website that will be secured by Let’s Encrypt. We recommend creating new Apache virtual host files for each domain hosted in a server because it helps to avoid common mistakes and maintains the default configuration files as a fallback setup.

Prerequisites

To follow this tutorial, you will need:

One Ubuntu 22.04 server set up with a non-root user with sudo administrative privileges and firewall enabled. You can set this up by following our initial server setup for Ubuntu 22.04 tutorial.
A fully registered domain name. This tutorial will use your_domain as an example throughout. You can purchase a domain name on Namecheap, get one for free on Freenom, or use the domain registrar of your choice.
Both of the following DNS records set up for your server. You can follow this introduction to DigitalOcean DNS for details on how to add them.
- An A record with your_domain pointing to your server’s public IP address.
- An A record with www.your_domain pointing to your server’s public IP address.
Apache installed by following How To Install Apache on Ubuntu 22.04. Be sure that you have a virtual host file for your domain. This tutorial will use /etc/apache2/sites-available/your_domain.conf as an example.

Step 1 — Installing Certbot

To obtain an SSL certificate with Let’s Encrypt, you need to install the Certbot software on your server. You’ll use the default Ubuntu package repositories for that.

First, update the local package index:

sudo apt update

You need two packages: certbot, and python3-certbot-apache. The latter is a plugin that integrates Certbot with Apache, making it possible to automate obtaining a certificate and configuring HTTPS within your web server with a single command:

sudo apt install certbot python3-certbot-apache

You will be prompted to confirm the installation by pressing Y, then ENTER.

Certbot is now installed on your server. In the next step, you’ll verify Apache’s configuration to make sure your virtual host is set appropriately. This will ensure that the certbot client script will be able to detect your domains and reconfigure your web server to use your newly generated SSL certificate automatically.

Step 2 — Checking your Apache Virtual Host Configuration

To automatically obtain and configure SSL for your web server, Certbot needs to find the correct virtual host within your Apache configuration files. Your server domain name(s) will be retrieved from the ServerName and ServerAlias directives defined within your VirtualHost configuration block.

If you followed the virtual host setup step in the Apache installation tutorial, you should have a VirtualHost block set up for your domain at /etc/apache2/sites-available/your_domain.conf with the ServerName and also the ServerAlias directives already set appropriately.

To confirm this is set up, open the virtual host file for your domain using nano or your preferred text editor:

sudo nano /etc/apache2/sites-available/your_domain.conf

Find the existing ServerName and ServerAlias lines. They should be listed as follows:

/etc/apache2/sites-available/your_domain.conf

...
ServerName your_domain
ServerAlias www.your_domain
...

If you already have your ServerName and ServerAlias set up like this, you can exit your text editor and move on to the next step. If your current virtual host configuration doesn’t match the example, update it accordingly. If you’re using nano, you can exit by pressing CTRL+X, then Y and ENTER to confirm your changes, if any. Then, run the following command to validate your changes:

sudo apache2ctl configtest

You should receive Syntax OK as a response. If you get an error, reopen the virtual host file and check for any typos or missing characters. Once your configuration file’s syntax is correct, reload Apache so that the changes take effect:

sudo systemctl reload apache2

With these changes, Certbot will be able to find the correct VirtualHost block and update it.

Next, you’ll update the firewall to allow HTTPS traffic.

Step 3 — Allowing HTTPS Through the Firewall

If you have the UFW firewall enabled, as recommended by the prerequisite guides, you’ll need to adjust the settings to allow HTTPS traffic. Upon installation, Apache registers a few different UFW application profiles. You can leverage the Apache Full profile to allow both HTTP and HTTPS traffic on your server.

To verify what kind of traffic is currently allowed on your server, check the status:

sudo ufw status

If you followed one of our Apache installation guides, you will have output similar to the following, meaning that only HTTP traffic on port 80 is currently allowed:

OutputStatus: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache                     ALLOW       Anywhere             
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache (v6)                ALLOW       Anywhere (v6)

To allow for HTTPS traffic, allow the “Apache Full” profile:

sudo ufw allow 'Apache Full'

Then delete the redundant “Apache” profile:

sudo ufw delete allow 'Apache'

Your status will display as the following:

sudo ufw status

OutputStatus: active

To                         Action      From
--                         ------      ----
OpenSSH                    ALLOW       Anywhere                  
Apache Full                ALLOW       Anywhere                  
OpenSSH (v6)               ALLOW       Anywhere (v6)             
Apache Full (v6)           ALLOW       Anywhere (v6)

You are now ready to run Certbot and obtain your certificates.

Step 4 — Obtaining an SSL Certificate

Certbot provides a variety of ways to obtain SSL certificates through plugins. The Apache plugin will take care of reconfiguring Apache and reloading the configuration whenever necessary. To use this plugin, run the following:

sudo certbot --apache

This script will prompt you to answer a series of questions in order to configure your SSL certificate. First, it will ask you for a valid email address. This email will be used for renewal notifications and security notices:

OutputSaving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): you@your_domain

After providing a valid email address, press ENTER to proceed to the next step. You will then be prompted to confirm if you agree to Let’s Encrypt terms of service. You can confirm by pressing Y and then ENTER:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Next, you’ll be asked if you would like to share your email with the Electronic Frontier Foundation to receive news and other information. If you do not want to subscribe to their content, write N. Otherwise, write Y then press ENTER to proceed to the next step:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

The next step will prompt you to inform Certbot of which domains you’d like to activate HTTPS for. The listed domain names are automatically obtained from your Apache virtual host configuration, so it’s important to make sure you have the correct ServerName and ServerAlias settings configured in your virtual host. If you’d like to enable HTTPS for all listed domain names (recommended), you can leave the prompt blank and press ENTER to proceed. Otherwise, select the domains you want to enable HTTPS for by listing each appropriate number, separated by commas and/ or spaces, then press ENTER:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: your_domain
2: www.your_domain
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

After this step, Certbot’s configuration is finished, and you will be presented with the final remarks about your new certificate and where to locate the generated files:

OutputSuccessfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/your_domain/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/your_domain/privkey.pem
This certificate expires on 2022-07-10.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

Deploying certificate
Successfully deployed certificate for your_domain to /etc/apache2/sites-available/your_domain-le-ssl.conf
Successfully deployed certificate for www.your_domain.com to /etc/apache2/sites-available/your_domain-le-ssl.conf
Congratulations! You have successfully enabled HTTPS on https:/your_domain and https://www.your_domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Your certificate is now installed and loaded into Apache’s configuration. Try reloading your website using https:// and notice your browser’s security indicator. It should indicate that your site is properly secured, typically by a lock icon in the address bar.

You can use the SSL Labs Server Test to verify your certificate’s grade and obtain detailed information about it, from the perspective of an external service.

In the next and final step, you’ll test the auto-renewal feature of Certbot, which guarantees that your certificate will be renewed automatically before the expiration date.

Step 5 — Verifying Certbot Auto-Renewal

Let’s Encrypt’s certificates are only valid for ninety days. This is to encourage users to automate their certificate renewal process, as well as to ensure that misused certificates or stolen keys will expire sooner rather than later.

The certbot package you installed takes care of renewals by including a renew script to /etc/cron.d, which is managed by a systemctl service called certbot.timer. This script runs twice a day and will automatically renew any certificate that’s within thirty days of expiration.

To check the status of this service and make sure it’s active, run the following:

sudo systemctl status certbot.timer

Your output will be similar to the following:

Output● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset:>
     Active: active (waiting) since Mon 2022-04-11 20:52:46 UTC; 4min 3s ago
    Trigger: Tue 2022-04-12 00:56:55 UTC; 4h 0min left
   Triggers: ● certbot.service

Apr 11 20:52:46 jammy-encrypt systemd[1]: Started Run certbot twice daily.

To test the renewal process, you can do a dry run with certbot:

sudo certbot renew --dry-run

OutputSaving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/your_domain.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Account registered.
Simulating renewal of an existing certificate for your_domain and www.your_domain.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/your_domain/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you don’t receive any errors, you’re all set. When necessary, Certbot will renew your certificates and reload Apache to pick up the changes. If the automated renewal process ever fails, Let’s Encrypt will send a message to the email you specified, warning you when your certificate is about to expire.

Conclusion

In this tutorial, you installed the Let’s Encrypt client certbot, configured and installed an SSL certificate for your domain, and confirmed that Certbot’s automatic renewal service is active within systemctl. If you have further questions about using Certbot, their documentation is a good place to start.

Source