Tag Archives: Linux

Linux, Security, Ubuntu

Zammad throws error csrf token verification failed! Apache 2.4.41 Ubuntu 20.4

Leave a comment

Symptoms:

Right after a fresh installation of Zammad you implement Let’s Encrypt and you are unable to login to your Zammad portal due to the following error.

CSRF token verification failed!

Cause:

When you install Zammad, it’ll automatically create a zammad.conf file under the path /etc/apache2/sites-enabled.

Until this moment your web page should be functioning normal, the problem starts when you implement the Let’s Encrypt certificate which creates another .conf file that would corrupt the web server and cause the error you’re having.

Solution:

To solve this problem simply, change the extension of the zammad-le-ssl.conf file into something else other than .conf and restart apache or nginx.

Solution 2:

You need to uncomment the “ServerTokens Prod” part in your configuration file if the solution 1 doesn’t work.

Solution 3:

Beneath the SSO Setup you need to make sure to change the RequestHeader set X_FORWARDED_PROTO ‘http’ to https as in the below line.

After you apply all those, you need to restart both apache and zammad services.

Here’s a working configuration of Zammad 



# security - prevent information disclosure about server version

ServerTokens Prod



<VirtualHost *:80>

    ServerName support.cloud-net.tech

    Redirect permanent / https://support.cloud-net.tech

</VirtualHost>



<VirtualHost *:443>

    SSLEngine on

    SSLProtocol all -SSLv2 -SSLv3

    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH



    SSLCertificateFile /etc/letsencrypt/live/support.cloud-net.tech/fullchain.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/support.cloud-net.tech/privkey.pem

    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem



    ## don't loose time with IP address lookups

    HostnameLookups Off



    ## needed for named virtual hosts

    UseCanonicalName Off



    ## configures the footer on server-generated documents

    ServerSignature Off



    ProxyRequests Off

    ProxyPreserveHost On



    <Proxy 127.0.0.1:3000>

      Require local

    </Proxy>



    ProxyPass /assets !

    ProxyPass /favicon.ico !

    ProxyPass /apple-touch-icon.png !

    ProxyPass /robots.txt !

    ProxyPass /ws ws://127.0.0.1:6042/

    ProxyPass / http://127.0.0.1:3000/



    # change this line in an SSO setup

    RequestHeader unset X-Forwarded-User

    RequestHeader set X_FORWARDED_PROTO 'https'



    # Use settings below if proxying does not work and you receive HTTP-Errror 404

    # if you use the settings below, make sure to comment out the above two options

    # This may not apply to all systems, applies to openSuse

    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"

    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"



    DocumentRoot "/opt/zammad/public"



    <Directory />

        Options FollowSymLinks

        AllowOverride None

    </Directory>



    <Directory "/opt/zammad/public">

        Options FollowSymLinks

              Require all granted

    </Directory>

</VirtualHost>

# security - prevent information disclosure about server version

ServerTokens Prod



<VirtualHost *:80>

    ServerName support.cloud-net.tech

    Redirect permanent / https://support.cloud-net.tech

</VirtualHost>



<VirtualHost *:443>

    SSLEngine on

    SSLProtocol all -SSLv2 -SSLv3

    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH



    SSLCertificateFile /etc/letsencrypt/live/support.cloud-net.tech/fullchain.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/support.cloud-net.tech/privkey.pem

    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem



    ## don't loose time with IP address lookups

    HostnameLookups Off



    ## needed for named virtual hosts

    UseCanonicalName Off



    ## configures the footer on server-generated documents

    ServerSignature Off



    ProxyRequests Off

    ProxyPreserveHost On



    <Proxy 127.0.0.1:3000>

      Require local

    </Proxy>



    ProxyPass /assets !

    ProxyPass /favicon.ico !

    ProxyPass /apple-touch-icon.png !

    ProxyPass /robots.txt !

    ProxyPass /ws ws://127.0.0.1:6042/

    ProxyPass / http://127.0.0.1:3000/



    # change this line in an SSO setup

    RequestHeader unset X-Forwarded-User

    RequestHeader set X_FORWARDED_PROTO 'https'



    # Use settings below if proxying does not work and you receive HTTP-Errror 404

    # if you use the settings below, make sure to comment out the above two options

    # This may not apply to all systems, applies to openSuse

    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"

    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"



    DocumentRoot "/opt/zammad/public"



    <Directory />

        Options FollowSymLinks

        AllowOverride None

    </Directory>



    <Directory "/opt/zammad/public">

        Options FollowSymLinks

              Require all granted

    </Directory>

</VirtualHost>

# security - prevent information disclosure about server version

ServerTokens Prod



<VirtualHost *:80>

    ServerName support.cloud-net.tech

    Redirect permanent / https://support.cloud-net.tech

</VirtualHost>



<VirtualHost *:443>

    SSLEngine on

    SSLProtocol all -SSLv2 -SSLv3

    SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH



    SSLCertificateFile /etc/letsencrypt/live/support.cloud-net.tech/fullchain.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/support.cloud-net.tech/privkey.pem

    SSLOpenSSLConfCmd DHParameters /etc/ssl/dhparam.pem



    ## don't loose time with IP address lookups

    HostnameLookups Off



    ## needed for named virtual hosts

    UseCanonicalName Off



    ## configures the footer on server-generated documents

    ServerSignature Off



    ProxyRequests Off

    ProxyPreserveHost On



    <Proxy 127.0.0.1:3000>

      Require local

    </Proxy>



    ProxyPass /assets !

    ProxyPass /favicon.ico !

    ProxyPass /apple-touch-icon.png !

    ProxyPass /robots.txt !

    ProxyPass /ws ws://127.0.0.1:6042/

    ProxyPass / http://127.0.0.1:3000/



    # change this line in an SSO setup

    RequestHeader unset X-Forwarded-User

    RequestHeader set X_FORWARDED_PROTO 'https'



    # Use settings below if proxying does not work and you receive HTTP-Errror 404

    # if you use the settings below, make sure to comment out the above two options

    # This may not apply to all systems, applies to openSuse

    #ProxyPass /ws ws://127.0.0.1:6042/ "retry=1 acque=3000 timeout=600 keepalive=On"

    #ProxyPass / http://127.0.0.1:3000/ "retry=1 acque=3000 timeout=600 keepalive=On"



    DocumentRoot "/opt/zammad/public"



    <Directory />

        Options FollowSymLinks

        AllowOverride None

    </Directory>



    <Directory "/opt/zammad/public">

        Options FollowSymLinks

              Require all granted

    </Directory>

</VirtualHost>

Hope this helps

Linux, Security, Ubuntu

Secure Zammad with LetsEncrypt Certıfıcate on Ubuntu 20.4 Apache

Leave a comment

The Story

after installing Zammad ticketing system I tried to implement Let’sEncrypt certificate to secure the system but there was nothing available on the internet except an old article about implementing this on Ubuntu 16 with Nginx (see article here).

In my case I was using apache and no Nginx in place, and after installing Zammad it was using pretty fine on Http but needed to redirect http to HTTPS after implementing the certificate.

Zammad: Intuitive Service Desk with connection to i-doit | i-doit

Solution:

I first Installed Certbot for apache and then I took a backup of all my Zammad configuration and made sure not to alter the default Zammad directory.

So I created a dummy folder called /var/www/support and a file called /var/www/support/index.html within that folder and provided them the appropriate permissions.

sudo apt install certbot python3-certbot-apache

 sudo mkdir /var/www/support

sudo chown -R $USER:$USER /var/www/support

sudo chmod -R 755 /var/www/support

sudo nano /var/www/support/index.html


Edit the index.html file with the following to make sure that it works

<html>
             <head>
                         <title>Welcome to Your_domain!</title>
             </head>
             <body>
                       <h1>Success! The your_domain virtual host is working!</h1>
           </body>
</html>

image

image

Edit Zammad’s Default Config File

Please make sure you take a move the original copy of Zammad file to another location using the following command

sudo mv /etc/apache2/sites-enabled/zammad.conf /etc/apache2/sites-enabled/zammad.bak

Then we’ll replace the file with this configuration but since we moved the original file to .bak then we’ll have to recreate it with our intended configuration.

Edit a new zammad.conf file and copy the configuration below

sudo vi /etc/apache2/sites-enabled/zammad.conf

Configuration starts below this:

#

# this is the apache config for zammad

#

# security – prevent information disclosure about server version

#ServerTokens Prod

<VirtualHost *:8080> # I changed the default port of Zammad to 8080 to allow Letsencrypt to connect on 80 and create the certificate

# replace ‘localhost’ with your fqdn if you want to use zammad from remote

ServerName localhost:8080

## don’t loose time with IP address lookups

HostnameLookups Off

## needed for named virtual hosts

UseCanonicalName Off

## configures the footer on server-generated documents

ServerSignature Off

ProxyRequests Off

ProxyPreserveHost On

<Proxy 127.0.0.1:3000>

Require local

</Proxy>

ProxyPass /assets !

ProxyPass /favicon.ico !

ProxyPass /apple-touch-icon.png !

ProxyPass /robots.txt !

ProxyPass /ws ws://127.0.0.1:6042/

ProxyPass / http://127.0.0.1:3000/

— INSERT — 10,38 Top

DocumentRoot “/opt/zammad/public”

<Directory />

Options FollowSymLinks

AllowOverride None

</Directory>

<Directory “/opt/zammad/public”>

Options FollowSymLinks

Require all granted

</Directory>

</VirtualHost>

<VirtualHost *:80>

ServerName support.cloud-net.tech

DocumentRoot /var/www/support

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>

– ————————-

In the above configuration we did two things:

1- Replacing the original Zammad listening port instead of 80 to 8080

2- Created a new virtual host that points to our dummy folder /var/www/support

Save the file and exit from vi

Make sure you restart Apache after this

sudo systemctl restart apache2

Enable the new site configuration

sudo a2ensite zammad.conf

Lets create the certificate

In the below commands , the first one will drive you through the process of getting the certificate.

The second checks the status of the configuration of the auto renewal script certbot and third command tests the renewal of the certificate.

1- sudo certbot –apache

2- sudo systemctl status certbot.timer

3- sudo certbot renew –dry-run

As you can see in the below screenshot the command also asks you if you’d like to redirect all http traffic to HTTPS. You should want to say Y to that.

clip_image001

clip_image001[4]

When you accept creating Redirection rule from HTTP to HTTPs the main Zammad config will get that configuration which wont work in that case because we already changed the default zammad port to 8080.

So you’ll need to get into that zammad.conf that you created again and enter the redirection portion

image

# this is the apache config for zammad
#


# security – prevent information disclosure about server version
#ServerTokens Prod


<VirtualHost *:8080>
     # replace ‘localhost’ with your fqdn if you want to use zammad from remote
     ServerName support.cloud-net.tech:8080


    ## don’t loose time with IP address lookups
     HostnameLookups Off


    ## needed for named virtual hosts
     UseCanonicalName Off


    ## configures the footer on server-generated documents
     ServerSignature Off


    ProxyRequests Off
     ProxyPreserveHost On


    <Proxy 127.0.0.1:3000>
         Require local
     </Proxy>


    ProxyPass /assets !
     ProxyPass /favicon.ico !
     ProxyPass /apple-touch-icon.png !
     ProxyPass /robots.txt !
     ProxyPass /ws ws://127.0.0.1:6042/
     ProxyPass / http://127.0.0.1:3000/


    # change this line in an SSO setup
     RequestHeader unset X-Forwarded-User


     DocumentRoot “/opt/zammad/public”


    <Directory />
         Options FollowSymLinks
         AllowOverride None
     </Directory>


    <Directory “/opt/zammad/public”>
         Options FollowSymLinks
         Require all granted
     </Directory>


RewriteEngine on
RewriteCond %{SERVER_NAME} =support.cloud-net.tech
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

<VirtualHost *:80>
     ServerName support.cloud-net.tech
RewriteEngine on
RewriteCond %{SERVER_NAME} =support.cloud-net.tech
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

image

Note:

You need to make sure that you have enabled port 443 on your Firewall and changed the main protocol of Zammad to HTTPs

To do so you’ll need to get into the Zammad portal > Settings > System > Http Type and change that to HTTPS.

image

That’s it, my example here worked as expected and now my traffic is automatically getting redirected to https.

image

Hope this helps anyone looking for such configuration.

Please consider donating to this Bitcoin account if you like this article or website.

image

Linux, Microsoft, Plesk, Virtualization, WordPress

Resizing Plesk Linux (Ubuntu) server on Hyper-V with dynamic expansion

Leave a comment

Change Production Environment VM (Plesk):

Having to change a production Environment Virtual Machine while hosting multiple website could be a nightmare especially when you have no space left and websites are on the edge of error.

I got a complaint from one of the webmasters of the websites that her password was not working so I went and changed it from Plesk however, it didn’t actually work.

When connected to the server I realized that there was no space left on the server

Ubuntu 18.04 is the server edition.

On my Hyper-V Host I went and checked if I can resize the VM while it’s on but unfortunately since the machine has Checkpoints. After switching off the machine and removing the Checkpoints I was able to resize the disk to 700GB and start it again.

In this article I will take you through the process or resizing the Linux Machine starting from Hyper-V all the way until your Plesk Server is able to provision this disk space.

Resize Linux / Ubuntu on Hyper-V

To Resize Ubuntu/Linux Server on HyperV

Edit Machine On Hyper-V, If the edit button is greyed out then you’ll need to switch off the VM to be able to expand the physical disk.

clip_image001

After expanding the disk (in my case I expand it to 712GB) since the current disk is 100% full already

clip_image002

clip_image003

Scan Physical Disk Space

After expansion on Hyper-V is successful, I will switch on the VM, then will need to rescan the already connected disk, first identify which disk you want to rescan. (in my case it is sda3)

ls /sys/class/scsi_disk/

In my example, I see a symlink named 2:0:0:0, so we rescan this scsi-disk.

clip_image004

echo ‘1’ > /sys/class/scsi_disk/2\:0\:0\:0/device/rescan

When trying to scan as a normal user or a superuser in normal mode, I get permission denied issue so I will go ahead and turn to Root mode

clip_image005

Scanning is finished

Change Volume Disk

Follow the instructions below in order to expand the machine’s disk and introduce the changes to Plesk.

Run Parted as a super user (Root or sudo su superuser)

Press P to list partitions and then choose the partition you want to expand.

In my case it’s going to be Partition 3

clip_image006

In order to resize the partition 3 I will type

Resizepart 3

And next to that you’ll have to put the value that you need to expand the disk (In my case I will type -0)

-0 value will give it provision the entire disk space from Hyper-V

clip_image007

After doing so, the new value of partition 3 will be updated

clip_image008

Quit

Resize Logical Volume

The file system meta information needs to indicate the size of disk, and resize2fs updates this. Thus, after expanding, run resize2fs /dev/sda3.

If resize2fs didn’t work for any reason try pvresize in Root Mode

pvresize /dev/sda3

To write changes to the Logical Volume run the following command

lvextend -l +100%FREE /dev/mapper/ubuntu–vg-ubuntu–lv

clip_image009

It’s recommended to do this in read mode, so I will quit the root and get back to my normal user

Let’s see the Volume Group using VGS command, as you can see it looks like the Volume group has already updated the size.

image

Now we need to check the Physical Volume. sda3 was upgraded from 268GB to 711 GB

image

Next we’ll need to check the Logical Volume and see if it is updated

To do this, type sudo lvdisplay

image

Let’s check if there’s any update on the Logical Volumes by using

sudo df –H

image

The disk I need to increase is /dev/mapper/ubuntu—vg-ubuntu—lv

Last step:

Extending Logical Volume

To do this I will type the command

Sudo resize2fs /dev/mapper/ubuntu—vg-ubuntu—lv

This should take care of the disk expansion

image

Once this command is successful, It should reflect on the disk size via command df -H

image

Hope this help someone, If for some reason your Plesk stopped working after this please try to move the tc.log file to another location and then restart mysql/mariadb

sudo mv /var/lib/mysql/tc.log /root/

sudo service mariadb start

ATP, AZURE, Linux, Microsoft Azure, Office 365, Security

Onboarding Linux Client (DEEPIN) to Microsoft Azure Threat protection ATP using ubuntu repository

Leave a comment

Installing Microsoft Azure Threat Protection (ATP) on Linux Devices

While playing with ATP on some windows devices, I was in the mood of trying the new Deepin 20 desktop flavor which is a famous Chinese Linux OS based system.

Microsoft doesn’t indicate anywhere that installation of ATP on a Linux client is possible but Linux server is mentioned in the official ATP installation documents.

How to Install?

After I installed the Deepin OS, I was really impressed by the new beautiful Linux design so I plan to use it and have it secure with ATP.

image

Prerequisites:

  1. Configure the Linux software repository for Ubuntu and Debian
  2. Application Installation
  3. Download the onboarding Package
  4. Client Config

1-Configure the Linux software repository for Ubuntu and Debian

You will need to install the required libraries, install Gpg, apt-transport-https and update repository metadata using the following commands one by one.

  • sudo apt-get install curl

image

  • sudo apt-get install libplist-utils

image

image

  • sudo mv ./microsoft.list /etc/apt/sources.list.d/microsoft-ubuntu.list
  • sudo apt-get install gpg

image

image

image

After successfully installing all the libraries, I will go ahead and install the application

2- Application Installation

From the Linux client Terminal using sudo power user run the following script

sudo apt-get install mdatp

image

Once finished, You can go back to the ATP portal and download the Linux Onboarding package on the linux server/client you want to onboard

3- Download the onboarding Package

Since I am doing a single deployment not bulk, then I will go to the Microsoft Defender Security Center’s setting page and download the Linux package from the device management section.

image

The steps for the onboarding is already mentioned on that page so after you download the script you’ll know exactly what to do next.

The file is 9kb python in size

image

Copy the file to your Linux Desktop

image

4- Client Config

From the terminal type in chmod a+x MicrosoftDefenderATPOnBoardingLinuxServer.py and hit enter

Note: python must be installed on this linux dervice.

Then type python /MicrosoftDefenderATPOnBoardingLinuxServer.py

image

This will run pretty quick and will assign your Linux server/client with your Organization ID.

To see the Organization ID type:

mdatp –health orgId

image

Few minutes later you’ll be able to see the installation completion and the status through this command

Check if WDATP is functioning as expected

mdatp –health healthy

image

Check if WDATP agent is enabled

mdatp –health realTimeProtectionEnabled

image

Let’s check on our ATP portal and see if the machine is showing there.

Note: It might take 5-15 mins to update the definitions of WDATP when onboarding.

image

Running a detection Test:

curl -o ~/Downloads/eicar.com.txt https://www.eicar.org/download/eicar.com.txt

image

In few seconds the file has disappeared

image

Checking for threats

mdatp –threat –list –pretty

image

Let’s see this on the ATP Portal

image

image

This is just a test malware not a real one therefore it wont harm your machine at all.

Hope this helps you with your deployments

Ref:

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/linux-install-manually

Deepin 20 Beta version

https://www.deepin.org/en/2020/04/15/deepin-20-beta/

Cloud, Linux, Microsoft, Microsoft Azure, Virtualization

Deploy Azure Linux and Windows servers in 10 mins via cli

Leave a comment

This is a step by step guide about deploying Linux or Windows servers on Azure via CLI.

Why Cli?

Some people prefer using Linux rather than PowerShell and it seems sometimes easier and faster to learn esp if you’re not GUI type of person.

Installation Options

If you’re working on Windows and would like to use CLI, you’ll have two options to install CLI

Option 1

Run Azure CLI installation directly from your Powershell (PowerShell needs to run from a privileged account)

Invoke-WebRequest -Uri https://aka.ms/installazurecliwindows -OutFile .\AzureCLI.msi; Start-Process msiexec.exe -Wait -ArgumentList ‘/I AzureCLI.msi /quiet’

As soon as you run this command, it’ll take about 5 mins or less depending on the connection you have.

clip_image001

Option 2

Download the MSI file directly from MS’s link and install it on your Computer.

https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-windows?view=azure-cli-latest

Connect to Azure CLI from PowerShell

Run PowerShell or CMD and type the following command to connect

Az Login then hit enter

As soon as you type this, a web page will be launched asking you for your Azure Account credentials so open the session for your Cli window.

The moment you verified your account, PowerShell will list your azure plans that you have / had before.

clip_image002

If you’re going to use Linux (Ubuntu, Debian) flavor then you’d have to following the following instructions

Manual install instructions

If you don’t want to run a script as superuser or the all-in-one script fails, follow these steps to install the Azure CLI.

  1. Get packages needed for the install process:

    bash

    

    sudo apt-get update
    
sudo apt-get install ca-certificates curl apt-transport-https lsb-release gnupg

  2. Download and install the Microsoft signing key:

    bash

    

    curl -sL https://packages.microsoft.com/keys/microsoft.asc | 
    
    gpg --dearmor | 
    
    sudo tee /etc/apt/trusted.gpg.d/microsoft.asc.gpg &gt; /dev/null

  3. Add the Azure CLI software repository:

    bash

    

    AZ_REPO=$(lsb_release -cs)
    
echo "deb [arch=amd64] https://packages.microsoft.com/repos/azure-cli/ $AZ_REPO main" | 
    
    sudo tee /etc/apt/sources.list.d/azure-cli.list

  4. Update repository information and install the

    azure-cli

    package:

    bash

    

    sudo apt-get update
    
sudo apt-get install azure-cli

Run the Azure CLI with the

az

command. To sign in, use the az login command.

  1. Run the

    login

    command.

    Azure CLI

    Try It

    

    az login

    If the CLI can open your default browser, it will do so and load an Azure sign-in page.

    Otherwise, open a browser page at https://aka.ms/devicelogin and enter the authorization code displayed in your terminal.

  2. Sign in with your account credentials in the browser.

To learn more about different authentication methods, see Sign in with Azure CLI.

Deploying Linux (CentOS):

Creating a Resource Group for Azure Container Instances (ACI)

We will start first by creating a Resource Group for our Machine, calling it a AzureLinuxServersGroup to easily identify that this group contains our Linux Servers

az group create –name AzureLinuxServersGroup –location westeurope

clip_image001[4]

Next we will be creating a container to contain the Linux OS on the resource group which we have just created

First, How we know which Image to use and if that will be proper for our deployment?

To answer that, we will use the following command which will view the available latest edition Linux OS with different flavors.

I would like to use CentOS since its identical to RedHat and used by majority of Enterprises.

To list the Images, Enter the following command

az vm image list –output table

clip_image002[4]

Notice there are many columns, The one which we are going to use in terminal command line is the UrnAlias. It’s important to remember this.

az vm create \

–resource-group AzureLinuxServersGroup \

–name AzureCentOSWP \

–image CentOS \

–admin-username Moh10lyUser \

–generate-ssh-keys

clip_image003

Since we are using Bash, It’s a case sensitive and it complained about user having capital letters. So we’ll go ahead and use small letters

clip_image004

After running the command with small letters, it’s telling us where we can find the keys in order for us to reach and get them to use later to login to this newly created machine.

SSH key files ‘/home/moh10ly/.ssh/id_rsa’ and ‘/home/moh10ly/.ssh/id_rsa.pub’ have been generated under ~/.ssh to allow SSH access to the VM. If using machines without permanent storage, back up your keys to a safe location.

The deployment of the machine takes about 3 mins, and it’ll be created with the default minimum resources. Let’s view

clip_image005

Our machine is ready to be accessed now

clip_image006

In order for you to get the SSH Keys, you’ll have to have a bit of knowledge

I am going to go the location mentioned previously after creating a machine and copy the keys from the bash screen into a file. Save the file and Import it into SSH client which I will be using (Bitvise in my case).

From the bash screen goto cd /

Cd /home/user/.ssh/

Cat id_rsa hit enter and copy the key and save it into notepad.

Cat id_rsa.pub and copy/save into a notepad as the public key.

clip_image007

After loading both keys, I was able to successfully login to the Server

clip_image008

clip_image009

clip_image010

Get a list of Azure VMS

az vm image list

clip_image011

Let’s List and deploy a WordPress on CentOS

To view the list of available CentOS images, we’ll use the following cli command

az vm image list -f CentOS –all

The image needs to be grabbed from dockerhub URL

cognosys:wordpress-with-centos-77-free:wordpress-with-centos-77-free:1.2019.1008

az container create –resource-group mohazbackupgroup –name mohcontainer –os-type Linux –image cognosys:wordpress-with-centos-77-free:wordpress-with-centos-77-free:1.2019.1008 –dns-name-label azmohlinux –ports 22

Create Windows Server core with IIS

az container create –resource-group mohazbackupgroup –name mohcontainer –os-type windows –image mcr.microsoft.com/windoervercore/centos –dns-name-label azmohlinux –ports 22ws/servercore/iis:nanoserver –dns-name-label azmohiis –ports 80

clip_image012

Here we go I got a machine ready (took about 5 mins)

clip_image013

azmohiis.westeurope.azurecontainer.io

To delete the container, you can write the following

az container delete –resource-group mohazbackupgroup –name mohcontainer

clip_image014

clip_image015

Stay tuned for more articles about Azure.