Category: Ubuntu

Laravel Homestead: Vagrant SSH authentication failure

Sometimes when commanding vagrant up, you can receive this error:

==> homestead: Waiting for machine to boot. This may take a few minutes...
    homestead: SSH address: 127.0.0.1:2222
    homestead: SSH username: vagrant
    homestead: SSH auth method: private key
    homestead: Warning: Connection reset. Retrying...
    homestead: Warning: Authentication failure. Retrying...
    homestead: Warning: Authentication failure. Retrying...
    homestead: Warning: Authentication failure. Retrying...

You can cancel this by entering CTRL+C on a Mac.

One of the ways that seems to help is doing:

vagrant ssh-config

Then, you will see the location of the IdentityFile. For example:

 IdentityFile /Users/YOURNAME/Homestead/.vagrant/machines/homestead/virtualbox/private_key

You can temporarily move/backup this file. When doing a vagrant up or vagrant provision –reload, the private key will be regenerated. And it probably would work again.

Other method

You can connect directly temporarily with:

ssh vagrant@localhost -p 2222

You can then reinsert the contents of this file:

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key

in the file ~/.ssh/authorized_keys

Thanks to this answer: https://stackoverflow.com/questions/22922891/vagrant-ssh-authentication-failure. You can also find more possible solutions here.

Use it all at your own risk.

Setup SFTP Server on Ubuntu + Connecting with Laravel

This guide is at your own risk of course. We do not have any responsibility.

Why Choose SFTP over MinIO or S3?

There are several reasons to choose SFTP as a file server solution instead of MinIO / S3:

  • Easier, simpler, and less cluttered setup
  • Easier to update than a MinIO server
  • Uses only port 22 (or another assigned port)

Why Choose TransIP or a VPS Provider?

Here are some advantages of using TransIP or a VPS provider for your SFTP server:

  • Existing infrastructure with backups
  • Possibility to link big storage for increased storage capacity
  • Easy upgrade options for additional disk space. Don’t forget to allocate the new disk space in Linux.

Other parties like NetCup have dedicated storage servers. We have not tested them, so we are not sure if those are scalable. We did test a TransIP VPS together with a Big Storage addition.

Setting Up SFTP Server without Big Storage

Step 1: Set Up TransIP / VPS Server with SSD SFTP Group

Choose TransIP as your server provider and set up an SSD SFTP group:

sudo groupadd sftp

Step 2: Configure SFTP Server on Ubuntu

Follow the instructions at https://linuxhint.com/setup-sftp-server-ubuntu/ to configure the SFTP server.

sudo nano /etc/ssh/sshd_config

Add the following lines:

Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp
sudo systemctl restart ssh
sudo addgroup sftp
sudo useradd -m YOURUSER -g sftp
sudo passwd YOURUSER
sudo chmod 700 /home/YOURUSER/

Step 3: Edit SSH Configuration

Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Change the following line:

PasswordAuthentication yes

This is less secure, so choose at least a strong password. But even better, use SSH Keys, which are WAY more secure (if you don’t leak them).

Restart SSH:

sudo systemctl restart ssh

Step 4: Configure Firewall

Set up your firewall to allow inbound connections only on port 22 from your home IP, office IP, and server IPs if necessary.

Step 5: Login via SFTP Client

Use a client like FileZilla to connect to your SFTP server:

sftp YOURUSER@ip.address

Step 6: Install SFTP Flysystem Laravel Driver

Install the SFTP Flysystem Laravel driver to enable SFTP integration in your Laravel application:

composer require league/flysystem-sftp-v3 "^3.0"

Step 7: Configure SFTP in Laravel

Edit your Laravel’s filesystem configuration (config/filesystems.php):

'sftp' => [
    'driver' => 'sftp',
    'host' => env('SFTP_HOST'),
 
    // Settings for basic authentication...
    'username' => env('SFTP_USERNAME'),
    'password' => env('SFTP_PASSWORD'),
    'throw' => env('APP_DEBUG'),
    'root' => env('SFTP_USERNAME'),
],

Step 8: Create Disk Space Check Script

Create a shell script (disk-space-check.sh) to periodically check the disk space on your server. There are various guides for this, like: https://www.cyberciti.biz/tips/shell-script-to-watch-the-disk-space.html

Step 9: Add Script to Cron

Add the disk space check script to the crontab to run it at specified intervals.

Ordering TransIP Big Storage

If you require additional storage capacity, follow the guide at https://www.transip.nl/knowledgebase/artikel/195-big-storage-aan-linux-koppelen/ to order big storage from TransIP. In English: https://www.transip.eu/knowledgebase/entry/195-how-add-big-storage-linux/

Setting Up Big Storage User or Alternate Directory

If you want to use a different directory or want to use TransIP Big Storage, which is mounted at for example /mnt/bigstorage , follow these steps. Start with creating a big storage sftp group:

sudo groupadd sftpbigstorage
sudo nano /etc/ssh/sshd_config

Add the following lines:

Match Group sftpbigstorage
      ForceCommand internal-sftp
      ChrootDirectory /mnt/bigstorage/%u
      PermitTunnel no
      AllowAgentForwarding no
      AllowTcpForwarding no
      X11Forwarding no

Then run (replace myuser01 with your user name) :

sudo mkdir /mnt/bigstorage/myuser01
sudo chown root:root /mnt/bigstorage
sudo chown -R root:root /mnt/bigstorage/myuser01
sudo chmod -R 755 /mnt/bigstorage/myuser01

sudo adduser --home /mnt/bigstorage/myuser01 myuser01
sudo usermod -a -G sftpbigstorage myuser01
sudo usermod -s /sbin/nologin myuser01

sudo systemctl restart sshd

sudo mkdir /mnt/bigstorage/myuser01/files/
sudo chown -R myuser01:myuser01 /mnt/bigstorage/myuser01/files/

sudo systemctl restart ssh

When copying files via sftp you might need to re-assign the permissions:

sudo chown -R myuser01:myuser01 /mnt/bigstorage/myuser01/files/

MOST IMPORTANT NOTE: sftp needs that the root owns /mnt/bigstorage and /mnt/bigstorage/USERNAME . In order fot the user to edit something, a subdirectory like /mnt/bigstorage/USERNAME/files or /mnt/bigstorage/USERNAME/www is required. This is perfectly described in this post. Also this guide is useful: https://thunderysteak.github.io/sftp-user-chroot

By following these steps, you can set up a basic SFTP file server on your server using TransIP or another VPS provider. SFTP provides a simpler and less complex alternative to services like MinIO or S3, while still allowing secure file transfers. Integrating SFTP with Laravel/PHP enables seamless file management in your applications.

Other Alternatives for File Hosting with SFTP

  • Using Amazon S3: works well, but pricey
  • Bunny Storage: interesting SFTP alternative, pretty decently priced and easy to set up.
  • MinIO: Self-hosted S3 alternative

Installing and Setting Up MinIO on Ubuntu + Lets Encrypt + Laravel integration

Looking for a cost-effective alternative to Amazon S3? MinIO is a great option. In this guide, we’ll walk you through the installation and basic setup of MinIO on your Ubuntu server, along with bonus steps to integrate it with Laravel/PHP.

Of course, setting this up is at your own risk. We are not responsible for anything.

Step 1: Set up Ubuntu Server

Before we begin, make sure you have an Ubuntu server up and running.

Step 2: Install MinIO

To install MinIO, follow the instructions provided in the official MinIO documentation.

Step 3: Configure MinIO systemd Service

After the installation, add the systemd minio.service file. If it’s not added automatically, you can manually add it. You can find an example file here.

Open the minio.service file and remove the following lines:

User=minio-user
Group=minio-user

Without these lines, MinIO will work in the root as described in this GitHub issue.

Step 4: Install Let’s Encrypt SSL Certificate

MinIO supports SSL encryption. To set up SSL, you can use Let’s Encrypt, a free and widely trusted SSL certificate provider.

Follow the instructions at https://certbot.eff.org for Ubuntu to install Let’s Encrypt and generate your SSL certificate.

Step 5: Configure MinIO with Let’s Encrypt

Once you have the SSL certificate generated, you need to configure MinIO to use it. Here’s how:

Copy the SSL certificate files to the MinIO directory:

cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /root/.minio/certs/public.crt
cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /root/.minio/certs/private.key

Set up a crontab to renew the SSL certificate weekly:

0 5 * * 1 cp /etc/letsencrypt/live/yourdomain.com/fullchain.pem /root/.minio/certs/public.crt
0 5 * * 5 cp /etc/letsencrypt/live/yourdomain.com/privkey.pem /root/.minio/certs/private.key

Step 6: Change MinIO Settings

Modify the MinIO configuration file:

nano /etc/default/minio

Update the following settings:

MINIO_VOLUMES="/mnt/data"
MINIO_OPTS="--address :9000 --console-address :9001"

MINIO_ROOT_USER="your_username"

MINIO_ROOT_PASSWORD="your_password"

MINIO_SERVER_URL="https://yourdomain.com:9000"

MINIO_CONFIG_ENV_FILE=/etc/default/minio

Step 7: Change Default Username and Password

Change the default username and password to secure your MinIO installation.

Step 8: Restart MinIO Service

Restart the MinIO service to apply the changes:

sudo systemctl restart minio.service

Check the status to ensure MinIO is running:

sudo systemctl status minio.service

Step 9: Enable MinIO on Startup

To enable MinIO to run on startup, use the following command:

systemctl enable minio

Step 10: Create a Bucket

Create a bucket in MinIO to store your files. You can use the MinIO web interface or the MinIO command-line tool to create a bucket.

Step 11: Create a Policy for the Bucket

Create a policy for the bucket to define access permissions. Here’s an example policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::your_bucket/*"
      ]
    }
  ]
}

Step 12: Create a User and Assign the New Policy

Create a user in MinIO and assign the previously created policy to the user.

Generate an access key and secret key for the user. You will need these keys in the next steps.

Step 13: Set Up Laravel Support for MinIO

If you’re using Laravel or PHP, you can integrate MinIO with your application using the league/flysystem-aws-s3-v3 package.

Install the package via Composer:

composer require league/flysystem-aws-s3-v3 "^3.0"

Next, update the filesystems.php configuration file:

'cloud' => env('FILESYSTEM_CLOUD', 'minio'),
...

'minio' => [
'driver' => 's3',
'endpoint' => env('MINIO_ENDPOINT', 'https://yourdomain.com:9000'),
'use_path_style_endpoint' => true,
'key' => env('MINIO_KEY', '...'),
'secret' => env('MINIO_SECRET', '...'),
'region' => env('MINIO_REGION', 'JUSTSOMETHINGRANDOM'),
'bucket' => env('MINIO_BUCKET', 'BUCKETNAME'),
],

Step 14: Test MinIO Integration in Laravel

Verify the MinIO integration by using Laravel’s tinker console:

php artisan tinker
\Storage::cloud()->put('hello.json', '{"hello": "world"}');
\Storage::cloud()->get('hello.json');

This should return something like “true” or something successful. If not, you can add this filesystems debug option to MinIO: ‘throw’=> env(‘APP_DEBUG’), so it will become something like:

'cloud' => env('FILESYSTEM_CLOUD', 'minio'),
...

'minio' => [
'driver' => 's3',
'endpoint' => env('MINIO_ENDPOINT', 'https://yourdomain.com:9000'),
'use_path_style_endpoint' => true,
'key' => env('MINIO_KEY', '...'),
'secret' => env('MINIO_SECRET', '...'),
'region' => env('MINIO_REGION', 'JUSTSOMETHINGRANDOM'),
'bucket' => env('MINIO_BUCKET', 'BUCKETNAME'),
'throw' => env('APP_DEBUG', false)
],

This will only debug / throw error messages when APP_DEBUG is on. Never run this in production or in sensitive environments.

Step 15: Set Up Reverse DNS

Set up reverse DNS if possible.

Step 16: Restart and Verify

Restart your server and verify that MinIO and the integration with Laravel are still functioning correctly. This will (hopefully) mean that systemd is still working properly.

Step 17: Configure Firewalls

To improve security, you can set up firewalls to restrict access to MinIO:

  • For admin access, allow connections only from your home/office IP addresses.
  • For web access, allow connections only from the IPs of the servers that need access.

Always be wary of the fact that if your home, office or server IP changes, you will have to add them to the whitelist. If the IP addresses change to frequently, take other proper security steps for your server.

By following these steps, you can install and set up a basic MinIO server on your Ubuntu server, avoiding the high costs associated with Amazon S3. Integrating MinIO with Laravel/PHP allows you to leverage the power of object storage in your applications while maintaining control over your data and costs.

Also create a disk space checker cronjob that mails if your disk is almost full, especially if you are using MinIO in single server mode. MinIO has the ability to link multiple servers and replication zones to each other.

If this is too complex, we also created a guide for setting up a simple SFTP server for Ubuntu / Laravel.

Tarsnap change key file with tarsnap-keyregen and tarsnap-recrypt

Want to change the tarsnap.key file?

Check out this manual: https://www.acunote.com/blog/2012/02/tarsnap-key-rotation-with-tarsnap-recrypt-and-tarsnap-keyregen.html

Especially this part of code is useful:

# create new key
tarsnap-keyregen --keyfile ~/tarsnap/keys/server.new.key \
                 --oldkey ~/tarsnap/keys/server.old.key \
                 --user me@example.com --machine server


# run recrypt.  This can take a long time (days), and final delete
# transaction will fail because of server cron jobs that will happen
# in the meantime
tarsnap-recrypt --oldkey ~/tarsnap/keys/server.old.key \
                --oldcachedir ~/tarsnap/cache/server.old \
                --newkey ~/tarsnap/keys/server.new.key \
                --newcachedir ~/tarsnap/cache/server.new

You can find the location of your tarsnap key file and cache folder with:

find / -name tarsnap.key
find / -name tarsnap-cache

Fixing VBoxManage: error: VMDK: descriptor does not start as expected in

When using Vagrant / Virtualbox and optionally Laravel Homestead it could occur that this message displays:

There was an error while executing `VBoxManage`, a CLI used by Vagrant

for controlling VirtualBox. The command and stderr is shown below.

Command: ["startvm", "{LONGOCDE}", "--type", "headless"]

Stderr: VBoxManage: error: Could not open the medium '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk'.

VBoxManage: error: VMDK: descriptor does not start as expected in '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk' (VERR_VD_VMDK_INVALID_HEADER).

VBoxManage: error: VD: error VERR_VD_VMDK_INVALID_HEADER opening image file '/Users/USER/VirtualBox VMs/homestead-7/ubuntu-....vmdk' (VERR_VD_VMDK_INVALID_HEADER)

VBoxManage: error: Details: code NS_ERROR_FAILURE (0x80004005), component MediumWrap, interface IMedium

After changing lots of stuff and trying out a lot, I found out it’s best to restore a backup of your vmdk file. For Linux and Windows there seem to be restore tools (not sure if these will work),  but not for Mac.

So, after trying to restore your backup, hopefully everything works (always backup your new file before restoring as well). Everything is at your own risk of course. Good luck!

Adding an extra IP to your VPS with Ubuntu

Edit your networking interfaces file:

sudo nano /etc/network/interfaces

Use these instructions (they are in Dutch): https://www.transip.nl/knowledgebase/artikel/219-hoe-voeg-ipv4-ipv6-adres-mijn/#ubuntu16ipv4

Restart network facilities with:

sudo ifdown eth0 && sudo ifup eth0

Also bring up your new ip address:

sudo ifup eth0:

Check if new ip address(ess) are added with:

ifconfig -a

Ubuntu 14.04 OpenSSL with Nginx – Generate & Install SSL certificate

Not the best guide, but some handy links I use to Generate and Install an SSL-certfificate with OpenSSL in NginX.

Generate OpenSSL Request:
https://www.namecheap.com/support/knowledgebase/article.aspx/9446/0/apache-opensslmodsslnginx

Order an SSL-certificate with the CSR

Then, when you received bundle plus CRT:
https://www.namecheap.com/support/knowledgebase/article.aspx/9419//installing-a-certificate-on-nginx

Restart NGINX:
https://www.cyberciti.biz/faq/nginx-restart-ubuntu-linux-command/

Using TransIP SSL-certificates

When using TransIP SSL-certificates you get a decrypted zip SSL-certificate (if you choose for standard mode instead of advanced mode).

These contains:

  • cabundle.crt
  • certificate.crt
  • certficate.key
  • certificate.p7b (you don’t need this one)

Open cabundle.crt, remove the first certificate (that is a root certificate and will give chain issues: an ‘anchor issue’ in SSL Labs). Then, swap the order of the two certificates of the bundle, else SSL Labs will give a chain issue: incorrrect order. Then, concatenate the certificate.crt (first) with the new cabundle.crt (second).

Then insert the concatenated crt file + the key on the server and insert them in NGINX:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    
    server_name www.yourdomain.nl yourdomain.nl;
    
    ssl on;
    ssl_certificate /home/forge/ssl/domain1/20172018_cert_chain.crt;
    ssl_certificate_key /home/forge/ssl/domain1/20172018key.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    
}

When creating your certificate you can concatenate certificate.crt with cabundle.crt .

How to fix the Laravel Gulp Error: Cannot find module ‘internal/fs’

Laravel Gulp Error: Cannot find module ‘internal/fs’

Get this error?

vagrant@homestead:*****$ gulp
module.js:472
    throw err;
    ^

Error: Cannot find module 'internal/fs'
    at Function.Module._resolveFilename (module.js:470:15)
    at Function.Module._load (module.js:418:25)
    at Module.require (module.js:498:17)
    at require (internal/module.js:20:19)
    at evalmachine.:18:20
    at Object. (/usr/lib/node_modules/gulp/node_modules/vinyl-fs/node_modules/graceful-fs/fs.js:11:1)
    at Module._compile (module.js:571:32)
    at Object.Module._extensions..js (module.js:580:10)
    at Module.load (module.js:488:32)
    at tryModuleLoad (module.js:447:12)

How to fix this error?

Thanks to Softwarehorizont, I found the solution:

Try to delete all node modules and reinstall them. A command sequence like this would do:

npm cache clean
rm -Rf node_modules/
npm install

Still got this error?

If you still got this error, you can look up the following references (I have not tested these, at your own risk, like all solutions posted on this blog):

  1. https://github.com/nodejs/node/issues/9377
  2. http://stackoverflow.com/questions/40663489/npm-not-working-cannot-find-module-internal-fs-nodejs

Resetting Linux Root Password with TransIP / VPS on Ubuntu

Option 1 – Using bootloader

Use this guide: http://www.howtogeek.com/196520/grub2-101-how-to-access-and-use-your-linux-distributions-boot-loader/ . In my case this did not work.

Option 2 – Using SystemRescueCD

It might be that your VPS has a Linux Recovery Mode (not rescue mode) using a SystemRescueCD. If so, use this guide:
http://ubuntuportal.com/2011/07/reset-password-ubuntu-using-sytemrescuecd.html

In my case the /dev/vda5 was not mountable, because it was password encrypted. That was why I had to use these commands:
http://pissedoffadmins.com/os/mount-unknown-filesystem-type-lvm2_member.html

In summary it went like:

$ fdisk -l
$ mkdir /mnt/system
$ mount /dev/vda5 /mnt/system
# /dev/vda5 is the main Linux partition
mount: unknown filesystem type 'crypto_LUKS'
# I received an error that this partition is encrpted, so the I used:
$ cryptsetup open /dev/vda5 newRoot
$ modprobe dm-mod
$ vgchange -ay
$ lvscan
# hopefully the root is displayed now. Mount this one
mount /dev/xx/yy /mnt/system
# ACCESS :D :D
chroot /mnt/system
passwd
# Enter your new root password

Then I was able to reset my password, by entering passwd.