Akamai Linode Debian 12

Akamai Linode Instances

If we wish to use a Linode instance, there will be no charge for use of the IP4 static IP address, making costs lower than Amazon AWS.

A shared $5/month (USD) instance should run at about the same performance for our use, as an EC2 t3a.micro instance. With the $2/month backups we come out at about $140 per year rather than $250. If no backups, it is less.

You may have multiple domains on the instance. But again, use Nginx with memcached to get best performance.

When Linode assigns an IP4 address, check it is not blacklisted.

I will go through a Debian 12 configuration, adding a total of 1GB swap space, and adding an SSH key login as we already have on Amazon AWS EC2.

The terminal shell login needs some fussy work so that the terminal behaves properly, as already configured for us on Amazon.

If an instance does not respond quickly to apt install commands, start again on a new instance.

After installing, go to the root directory and issue an ls -lRa command to check nothing freezes while listing files.

After all installation work, make a manual snapshot, and after adding your applications, overwrite it. This is critical in case you find hardware errors pop up on your terminal screen later on. If you get such errors, keep your existing IP address on a new install from a known good snapshot. There is no point installing from a suspect snapshot.

Email is always additional work.

If using postfix, see my postfix article. You can always access an Amazon EC2 account’s SES service, at virtually no cost if forwarding emails, or use of a non-protected gmail account – i.e. no 2-step authorisations. (We don’t know how long Google will allow this functionality)

WordPress can access access email via the plugins FluentSMTP or Google SMTP at no cost. It is a bit of a learning curve to configure these on MS Exchange or Google.

Adding a Linode instance user – for proper use of terminal commands

All my work is via root login on an iMac terminal (shell) to Linux. I always “sudo su” in Linux for root access.

After installing Debian, we need to make a terminal login that is friendly to use. We will create a user called ec2-user to keep familiarity with how Amazon AWS EC2 works. We will not need to make a backup user as we would need to in AWS for a console login. The Linode lish console login is our Linode backdoor.

From iMac, login into the linode instance, initially using the lish command. e.g.:

iMac:

$sudo su
# set -o vi
# ssh -t user@lish-ap-southeast.linode.com development-ap-southeast.  [whatever the user and names are in your Linode console]

Login: [enter the linode account password. It takes a while to login.]
Debian GNU/Linux 12 localhost ttyS0

localhost login: root
[enter the instance password - I simply set the same passwords to avoid confusion later]

root@...:

We don't do a sudo su as we are already in root. When we cut and paste text from my articles, the single quotation marks must be the simple vertical ' characters.

set -o vi
export EXINIT='set noautoindent'
export VISUAL=vim

We are not editing crontab at this early point. If we were we would use:
VISUAL=vim crontab -e

adduser ec2-user (if you want something else like "admin", go ahead, but my examples will use ec2-user.
Give the password you want.

cd /etc
vi sudoers

Go to the end of the file with the vi editor's SHFT G, and add a new line (or whichever editor you use)
Ignore the warning that the file is read only.

Manually type in:

ec2-user ALL=(ALL:ALL) ALL

Then use the vi editor w! write command, and exit with the quit q! command or SHIFT ZZ.

Give ec2-user root permissions:
usermod -aG adm ec2-user
usermod -aG root ec2-user

Log out of the terminal shell with CTRL-D

As we are not as yet using the SSH keys to login, from the Login: prompt, use ec2-user and password, then "sudo su" with the same password to get user-ec2 with root priveleges.

Once logged in and in root access under ec2-user, we type the following...

set -o vi
export EXINIT='set noautoindent'
export VISUAL=vim

vi /etc/vim/vimrc.local.  (again, single quotes are simple verticals, not slanted quote characters.)

let skip_defaults_vim = 1
if has('mouse')
set mouse=r
endif

[save and exit]

Edit root and ec2-user's .bashrc files: use your own domain.com entry.

cd ~
vi .bashrc
export EXINIT='set noautoindent'
export VISUAL=vim
export PS1="[\u@domain.com: \w]\\$ "
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

[save and exit]

cd /home/ec2-user
vi .bashrc
export EXINIT='set noautoindent'
export VISUAL=vim
export PS1="[\u@domain.com: \w]\\$ "
alias rm='rm -i'
alias cp='cp -i'
alias mv='mv -i'

[save and exit]

Prepare the .ssh directory:

cd /home/ec2-user
mkdir .ssh
ls -la
drwxr-xr-x 2 root root 4096 Sep 24 01:40 .ssh
chown ec2-user .ssh;chgrp ec2-user .ssh; chmod 700 .ssh
ls -la
drwx------ 2 ec2-user ec2-user 4096 Sep 23 16:17 .ssh

Now use the next section to Create SSH Logins for SSH terminals. T
Just check that you have the correct logins by terminating the shell and starting one fresh from scratch, and at Login: test ec2-user works.
If it works, sudo su will be okay, and you can copy and past multiple Linux commands that execute all in sequence, and when you vi a file it works properly for multiple line, and scrolling back through the terminal's history.

Configure SSH

Add a longer SSH timeout period of 2 hours instead of one hour:

cd /etc/ssh

vi ssh_config

ClientAliveInterval 2400
ClientAliveCountMax 3


[save and exit]

Do the same for the file sshd_config but also add:
PermitRootLogin yes
PasswordAuthentication no



Then run:
systemctl daemon-reload
systemctl reload sshd
systemctl restart sshd

If you get this error: (unlikely)

[sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.22], expected [0.23] for domain implicit_files!
Higher version of database is expected!
In order to upgrade the database, you must run SSSD.
Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials.
Could not open available domains

the fiix this as follows:
cd /var/lib/sss/db
rm *
sss_cache -E

Manual SSH

As root login to Linode, do the following:

It is important to have previously set up the ec2-user (or whoever you want) as per my other Debian articles.
Linode lets you use its own lish command to login if you get blocked out, whereas in Amazon EC2 you must create another backdoor user and add to sudoers.
On Linode we also add this ec2-user (or whoever you decide to use) in /etc/sudoers and grant access. This is why I siggest you install debian as per my other articles, and fix a few things specific to Linode/Debian before adding the SSH keys below.
Keep a copy of your .pem file (you may work out what to do if using Putty on Windows) on the instance, and you PC and personal cloud or backups.

Consider the domain email you would like to use. Let's say you have set up a user to mimick an Amazon EC2 user under /home/ec2-user.

cd /home/ec2-user
ssh-keygen -t rsa -b 4096 -C "admin@mydomain.com"
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): /home/ec2-user/linode
Enter passphrase (empty for no passphrase):           LEAVE THIS EMPTY FOR loggin in without a password - same method as Amazon AWS EC2 instances.
Enter same passphrase again:                          LEAVE THIS EMPTY
Your identification has been saved in /home/ec2-user/linode
Your public key has been saved in /home/ec2-user/linode.pub
The key fingerprint is:
......
The key's randomart image is:
+---[RSA 4096]----+
|   .*+.+.        |
......


cp -p linode linode.pem
chmod 777 linode.pem

Use FieZilla to download the .pem file. It will change to -rw-r--r--  1 YOUR_iMAC  staff  3381  2 Aug 12:49 linode.pem

On your iMac, open a terminal and sudo su with your root password. (This need to be previously configured).
Move the linode.pem file from Downloads to, say, a PEM subdirectory using Finder.

vi linode.sh

#!/bin/sh
cd ./PEM
ssh -i "linode.pem" ec2-user@XXX.XXX.XX.XX    (This is your Linode IP4 address.)
exit

[save and exit]
chmod 777 linode.sh

You also need a script to clean out known_hosts when things will not connect:

vi ssh.sh

#!/bin/sh
:>/var/root/.ssh/known_hosts
exit

[save and exit]
chmod 777 ssh.sh

Back on the Linode, set up the key:

vi linode.pub

COPY THE CONTENT

[exit vi]

Paste or create and paste the content into ./ssh/authorized_keys:

ssh-rsa AAAAB3NzaC1................................ admin@mydomain.com

[save and exit]

ls -l
-rw------- 1 ec2-user ec2-user 743 Aug  2 12:51 authorized_keys

You will already have the .ssh directory above this:
cd ..
ls -la
drwx------ 2 ec2-user ec2-user   4096 Aug  2 12:51 .ssh


On the iMac terminal: (Use ssh.sh if need be)

sudo su
./ssh.sh
./linode.sh


You will log into Linode without the hassle of a passphrase.  There you can type "sudo su; set -o vi" to continue.

The Amazon AWS configurations seem to be okay, but not in Linode.

(1) If you get page errors when saving your edits in WordPress, or errors from the following (AWS or Akamai)

(2) journalctl -p err|grep “Out of memory”

or (3) Memory pages being freed often in /var/log/mariadb-error.log with a message like this:
Memory pressure event freed 3920 pages, then you have issues.

I am still testing the configurations for this.
At time of writing, www.conf and php.ini are changed from 512MB to 256MB,
and these details in www.conf:

; pm.max_children = 75
pm.max_children = 5
; pm.start_servers = 10
pm.start_servers = 2
; pm.min_spare_servers = 5
pm.min_spare_servers = 2
; pm.max_spare_servers = 35
pm.max_spare_servers = 3

my.cnf is using:
[mysqld]
innodb_buffer_pool_size=256M
innodb_buffer_pool_chunk_size=256M
optimizer_search_depth=0
log_error=/var/log/mariadb-error.log
log_warnings=9
innodb_flush_method=O_DIRECT

I will update this section as appropriate

Configure Debian 12
When all the logins are working, it may be good to take a snapshot in case the Debian install is faulty.
Afterwards, to the snapshot when it is correct.
Either way:
cd /
ls -lRa
If there is no freezing, the hardware and files are good. Then do that snapshot.