Advanced Linux Service Commands and Configurations to manage Ubuntu and Cloudpanel 2024

I’ve created a new artifact with advanced commands and configurations for the services used by me in Ubuntu based Cloudpanel. The content includes:

  1. Advanced Bash Commands and Scripts

    • Array operations
    • String operations
    • Advanced file operations
    • Process substitution
    • Advanced error handling
    • Background jobs management
  2. Advanced NGINX Configuration

    • Performance tuning
    • Rate limiting
    • Browser caching
    • SSL configuration
    • Logging configuration
    • Monitoring commands
  3. Advanced Logrotate Configurations

    • Sample configurations
    • Debugging commands
    • Manual rotation
    • Size checking
  4. Advanced CrowdSec Commands

    • Collection management
    • Scenarios and rules
    • Bouncers management
    • Advanced monitoring
    • Custom actions
  5. Advanced MariaDB Commands

    • Performance tuning
    • Backup and restore
    • Replication commands
    • Performance schema queries
    • Security operations
  6. Advanced Redis Commands

    • Monitoring and statistics
    • Memory management
    • Backup and recovery
    • Cluster operations
    • Performance testing
  7. Advanced Varnish Commands

    • Service management
    • Logging and monitoring
    • Cache management
    • VCL management
    • Performance analysis

Advanced Bash Commands and Scripts

# Array Operations
declare -A myarray                             # Declare associative array
myarray=([key1]="value1" [key2]="value2")     # Initialize associative array
echo "${myarray[@]}"                          # Print all values
echo "${!myarray[@]}"                         # Print all keys

# String Operations
string="hello world"
echo "${string^}"                             # Capitalize first letter
echo "${string^^}"                            # Convert to uppercase
echo "${string,}"                             # Lowercase first letter
echo "${string,,}"                            # Convert to lowercase
echo "${string:0:5}"                          # Substring (start:length)
echo "${#string}"                             # String length

# Advanced File Operations
# Find files modified in last hour and compress them
find . -type f -mmin -60 -exec tar -czf archive.tar.gz {} +

# Process Substitution
diff <(ls dir1) <(ls dir2)                    # Compare directory contents
while read line; do echo "$line"; done < <(ls -l)  # Process command output

# Trap Commands
trap 'echo "EXIT detected"' EXIT              # Execute on script exit
trap 'echo "SIGINT detected"' SIGINT          # Handle Ctrl+C
trap - SIGINT                                 # Remove trap

# Advanced Loop Constructs
# Parallel processing with xargs
find . -type f -name "*.log" | xargs -P 4 -I {} gzip {}

# Read file line by line properly
while IFS= read -r line || [[ -n "$line" ]]; do
    echo "$line"
done < "file.txt"

# Advanced Error Handling
set -e                                        # Exit on error
set -u                                        # Exit on undefined variable
set -o pipefail                               # Exit on pipe failure
set -x                                        # Debug mode

# Background Jobs Management
jobs                                          # List background jobs
fg %1                                         # Bring job 1 to foreground
bg %1                                         # Send job 1 to background
disown %1                                     # Detach job from shell

# File Descriptor Operations
exec 3> output.log                            # Open file descriptor 3
echo "log entry" >&3                          # Write to descriptor 3
exec 3>&-                                     # Close descriptor 3

Advanced NGINX Configuration and Commands

# Performance Tuning
nginx -V                                      # Show compile-time options
ulimit -n                                     # Check open file limits

# Configuration Examples
# Rate Limiting
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
location /login/ {
    limit_req zone=one burst=5 nodelay;
}

# Browser Caching
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 30d;
    add_header Cache-Control "public, no-transform";
}

# SSL Configuration with Security Headers
server {
    listen 443 ssl http2;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000" always;
    add_header X-Frame-Options SAMEORIGIN;
    add_header X-Content-Type-Options nosniff;
}

# Logging Configuration
log_format detailed '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" '
                    '$request_time $upstream_response_time';

# Monitoring Commands
fuser -k 80/tcp                               # Kill process using port 80
netstat -tulpn | grep nginx                   # Check nginx ports
nginx -T                                      # Test and dump configuration

Advanced Logrotate Configurations

# Sample Configuration for Multiple Services
/var/log/nginx/*.log {
    daily
    missingok
    rotate 14
    compress
    delaycompress
    notifempty
    create 0640 www-data adm
    sharedscripts
    prerotate
        if [ -d /etc/logrotate.d/httpd-prerotate ]; then
            run-parts /etc/logrotate.d/httpd-prerotate;
        fi
    endscript
    postrotate
        invoke-rc.d nginx rotate >/dev/null 2>&1
    endscript
}

# Commands and Debugging
logrotate -d /etc/logrotate.d/*               # Debug all configurations
logrotate -vf /etc/logrotate.conf             # Verbose force rotation
cat /var/lib/logrotate/status                 # Check rotation status

# Manual Rotation with Size Check
find /var/log -type f -size +100M -exec ls -lh {} \;

Advanced CrowdSec Commands and Configurations

# Collection Management
cscli collections list                        # List available collections
cscli collections inspect crowdsecurity/nginx  # Inspect collection
cscli collections install crowdsecurity/nginx  # Install collection

# Scenarios and Rules
cscli scenarios list                          # List scenarios
cscli scenarios install crowdsecurity/ssh-bf   # Install scenario
cscli scenarios remove crowdsecurity/ssh-bf    # Remove scenario

# Bouncers Management
cscli bouncers list                           # List bouncers
cscli bouncers add bouncer-name               # Add bouncer
cscli bouncers delete bouncer-name            # Delete bouncer

# Advanced Monitoring
cscli metrics                                 # Show metrics
cscli alerts list                             # List recent alerts
cscli decisions list --ip 1.2.3.4             # Check IP decisions
cscli hub list                                # List hub items

# Configuration Validation
cscli config show                             # Show current config
cscli config validate                         # Validate config
cscli parsers debug --file /var/log/auth.log  # Debug log parsing

# Custom Actions
cscli decisions add --ip 1.2.3.4 --duration 24h --type ban  # Manual ban
cscli decisions delete --ip 1.2.3.4           # Remove ban

Advanced MariaDB Commands

# Performance Tuning
mysqltuner                                    # Run MySQLTuner
mysqldumpslow /var/log/mysql/slow-query.log   # Analyze slow queries

# Backup and Restore
# Hot backup of all databases
mysqldump --all-databases --single-transaction --quick --lock-tables=false > backup.sql

# Restore specific database
mysql -u root -p database_name < backup.sql

# Replication Commands
SHOW MASTER STATUS;
SHOW SLAVE STATUS\G
CHANGE MASTER TO MASTER_HOST='host';
START SLAVE;
STOP SLAVE;

# Performance Schema Queries
SELECT * FROM performance_schema.events_waits_summary_global_by_event_name
WHERE event_name LIKE 'wait/io/file/%'
ORDER BY sum_timer_wait DESC LIMIT 10;

# Table Maintenance
ANALYZE TABLE tablename;
OPTIMIZE TABLE tablename;
REPAIR TABLE tablename;

# Security
SHOW GRANTS FOR 'user'@'host';
FLUSH PRIVILEGES;

Advanced Redis Commands

# Monitoring and Statistics
redis-cli info                                # Server information
redis-cli --stat                              # Live statistics
redis-cli monitor                             # Monitor commands
redis-cli slowlog get 10                      # Get slow logs

# Memory Management
redis-cli memory doctor                       # Memory analysis
redis-cli memory usage key                    # Memory used by key
redis-cli memory purge                        # Purge memory

# Backup and Recovery
redis-cli save                                # Force save to disk
redis-cli bgsave                              # Background save
redis-cli config get *                        # Get all configs

# Cluster Operations
redis-cli cluster info                        # Cluster information
redis-cli cluster nodes                       # List cluster nodes
redis-cli cluster slots                       # Show slot distribution

# Performance Testing
redis-benchmark -n 100000 -q                  # Quick benchmark
redis-benchmark -t set,get -n 100000          # Test specific commands

Advanced Varnish Commands

# Service Management
varnishd -C -f /etc/varnish/default.vcl      # Verify VCL
varnishadm panic.show                         # Show panic log
varnishadm backend.list                       # List backends

# Logging and Monitoring
varnishlog -g request -q "RespStatus == 503"  # Filter 503 errors
varnishstat -1                                # One-time stats dump
varnishtop -i txurl                           # Top URLs

# Cache Management
varnishadm ban "req.url ~ /path/"            # Ban cache by URL
varnishadm ban.list                          # List bans
varnishadm storage.list                       # List storage

# VCL Management
varnishadm vcl.list                          # List VCL configs
varnishadm vcl.load name /path/to/vcl        # Load new VCL
varnishadm vcl.use name                      # Activate VCL

# Performance Analysis
varnishstat -1 -f MAIN.cache_hit             # Cache hit rate
varnishstat -1 -f MAIN.cache_miss            # Cache miss rate

Tips for Service Integration

  1. Monitoring Integration
# Combined log monitoring
tail -f /var/log/{nginx/error.log,mysql/error.log,redis/redis.log}

# Quick service status check
for service in nginx mysql redis varnish crowdsec; do
    systemctl status $service | grep Active
done
  1. Backup Strategy
# Create backup directory with date
backup_dir="/backup/$(date +%Y%m%d)"
mkdir -p "$backup_dir"

# Backup all services
mysqldump --all-databases > "$backup_dir/mysql_backup.sql"
redis-cli save
cp /etc/nginx/nginx.conf "$backup_dir/"
cp /etc/varnish/default.vcl "$backup_dir/"
  1. Security Integration
# Check all service ports
netstat -tulpn | grep -E '(nginx|mysql|redis|varnish)'

# Check for failed authentication attempts
grep -E "failed|error" /var/log/{auth.log,nginx/error.log,mysql/error.log}

Remember to:

  • Always test configurations in a staging environment
  • Keep regular backups of all service configurations
  • Monitor service logs for unusual patterns
  • Regularly update security rules and configurations
  • Document all custom configurations and changes