Install Laravel and Homestead

Step by step guide to install Laravel including Homestead:

  1. Download Composer
  2. Download (the installer) and install Laravel using the following command in Terminal:
    composer global require "laravel/installer"
  3. Download VirtualBox, then double-click the package to install it
  4. Download Vagrant, then double-click the package to install it
  5. Add the Vagrant box to Laravel using the following command in Terminal:
    vagrant box add laravel/homestead
  6. Make sure to pick choice 3 (which stands for the VirtualBox provider) when asked
  7. Clone the Homestead GIT repository using the following command in Terminal:
    git clone https://github.com/laravel/homestead.git ~/Homestead
  8. Change to the Homestead directory using the following command in Terminal:
    cd ~/Homestead
  9. Check out the latest Homestead GIT repository using the following command in Terminal:
    git checkout v7.17.0

    Note: Make sure to pick the latest stable Homestead GIT repository version here

  10. Terminal:
    bash init.sh

    Note: This will generate the initial Homestead.yaml file in the Homestead install directory, which I’ll explain in more details below

Homestead.yaml

The Homestead.yaml comes with default settings. The most important changes I make are folders, sites, and databases.

Folders

folders:
- map: path/to/your/host-os/directory
  to:  path/to/your/guest-os/directory

The host-os directory is where your project’s files will be stored. Here’s a real-life example:

folders:
- map: /Applications/MAMP/htdocs/vagrant/code/project1
  to:  /home/vagrant/code/project1

Sites

sites:
- map: project1.dev
  to:  /home/vagrant/code/project1/public

You must also edit your local host file, using the following Terminal command:

sudo nano /etc/hosts

For example:

192.168.10.10 project1.dev # The IP should be the same as set in the Homestead.yaml configuration file.

When ready use the following Terminal command:

vagrant up

Or in case of an edit use the following Terminal command:

vagrant reload --provision

Troubleshooting Homestead

If you have a headache to get Homestead running as it should, perhaps because of the “No input file specified.” message like I have experienced, here comes the solution:

  • folders: map is the actual location of your files, locally
  • folders: to is the location on your virtual machine
  • sites: map is the name of your project (this is a dummy domain, don’t forget to edit your hosts file)
  • sites: to is the location where your files are hosted on your virtual machine (comparable to the location on a remote server)

How to recover a deleted folder on a Mac

I accidentally deleted MAMP, including the htdocs folder containing most of my projects past my latest back-up dating from February, 2018. This happened yesterday, when I was making a back-up from my MacBook Pro which I wanted to reinstall from scratch after being sick of it’s slow performance.

I uninstalled MAMP actually, however this should be kind of the same as deleting it. Now I want my files back! But how?

I am trying various kind of recovery programs, and had some success before using Prosoft’s Data Rescue and TestDisk. So I am running these again.

For Data Rescue, I had to buy a new external hard drive (which I needed anyway) to create a so called Data Recovery Drive. I first tried to install this on a SD card, but this seemed to take forever, so I canceled it. But also on the external HD it is really bothering slow!

TestDisk, on the other hand, is a small app that runs in Terminal. It’s a little bit more complicated without a GUI, but the documentation is pretty clear. Best of all this one is free! The forum is also quite helpful, you can find it here. At the time being I have posted a question, and by the looks of it they even get answered, so let’s see how long it takes.

To be continued…

Updating mod_pagespeed can be a pain in the @ss

Just a quick reminder to self, since simply updating mod_pagespeed doesn’t seem to be able by just running yum update. If you have installed mod_pagespeed building from the source, like I have, you will probably run into the following issue:

"httpd >= 2.2 is needed by mod-pagespeed"

Here is a quick and dirty solution that has worked for me.

1) Remove the old version with this command:

yum remove mod-pagespeed-stable.x86_64

2) Follow these steps to update mod_pagespeed to the latest version:

cd ~
yum install at
wget https://dl-ssl.google.com/dl/linux/direct/mod-pagespeed-stable_current_x86_64.rpm
rpm -i --nodeps mod-pagespeed-stable_current_x86_64.rpm

Updating Discover Car Navigation on Mac

Today I tried updating my Volkswagen navigation to the latest available version, which can be downloaded from the Volkswagen site (in Dutch) for free, or at least for a specified amount of time after it was manufactured. Originally it used to be three years, but a blog post mentioned the updates will be available up to five years after the navigation will be taken out of production.

So I took out the current SD card from my car and made a back-up of it. Then I downloaded the correct update, unzipped it with Keka, which I downloaded just to be sure that the 7-zipped files from Volkswagen would unzip without corrupting any files.

Street names went missing after updating of Discover navigation

After I copied all of the files to the newly formatted SD card, I used Disk Utility to format it with the MS-Dos (FAT) format, I inserted it in my car and found out that the street names and road names were not showing up, but the maps were working fine.

So I did some research on Google to figure out what the hell was going on and I found out that other people using a Mac where facing the same problem. Someone mentioned an application named HiM, which can be downloaded from Macupdate, and can be used to delete hidden files from volumes created on a Mac. In my case, I simply dragged and dropped the SD card containing the navigation update into the HiM window, to delete folders like .Trashes and .Spotlight.

That did it, because after I inserted the SD card into my car, the streets were showing up as expected.

Good luck with updating your car navigation. By the way, this also applies to Discover car navigations for Audi, Seat and Skoda cars.

Global protection of all wp-login.php files

Here’s another short post about protecting wp-login.php files on your server from Brute Force Attacks, which can drastically increase your server load. Mine was constantly up to 90% making my server completely inaccessible.

.htaccess or not .htaccess

Adding the following code to your .htaccess files is a solution, but if you have tons of sites like me, you don’t want to manually have to upload .htaccess and .htpasswd files. Instead, you want to handle this at once, globally and server-wide. Here’s how I did it:

First of all, you need to find out if your httpd.conf file is an autogenerated file, or if you can manually edit it (without it being regenerated after an update.)

Usually, modifications go into the pre_main_global.conf include file. If this is also the case for you, make sure this is included in your active httpd.conf file.

Edit pre_main_global.conf and add the following code:

<Files ~ "^\.ht">
 Require all denied
</Files>

<Files wp-login.php>
 AuthUserFile /var/htpass/.htpasswd
 AuthName "Private access"
 AuthType Basic
 require user yourloginname
</Files>

Rename “yourloginname” to whatever login name you like.

Create the directory to store your .htpasswd file as follows:

mkdir /var/htpass/

You can generate a .htpasswd file here: http://www.htaccesstools.com/htpasswd-generator/, make sure to use the same login name as chosen before. Any password you want will do, also an empty password if that’s what you want.

Finally, save your .htpasswd file in the previously created directory, in this example we suggested /var/htpass/.

Assuming the pre_main_global.conf gets included as it should, the only thing left is to restart Apache. Use the following command to do so:

service httpd restart

Alternatively, you can restart Apache from DirectAdmin or WHM.Voila, you are now asked for a User Name and Password each time you access your wp-login.php file to login into WordPress.

Voila, you are now asked for a User Name and Password each time you access your wp-login.php file to login into WordPress.

What an Ordeal – I have Crashed and Reinstalled my CentOS VPS

It’s been an ordeal last night, working until 4:30 pm, but after two hours of sleep, I am now on my way back re-installing my VPS from scratch.

When I started experimenting with Google Pagespeed (mod_pagespeed) I just took it a bit too far and wanted too much at the same time. Besides installing and tweaking the speed module, I also tried to update my server to HTTP/2 and wanted to update PHP to it’s latest version 7.1.3.

Mod_pagespeed never was the problem. I actually got it working, and set-up as follows. If you care about speed, this is just the configuration you’ll need. Before you start, make sure to benchmark your server using a tool such as https://tools.pingdom.com/ or PageSpeed Insights. Open you pagespeed.conf file with the following command:

nano /etc/httpd/conf.d/pagespeed.conf

If you are running WordPress just like I am, and also make use of PHPMyAdmin, then add the following two location dependencies to the beginning of the pagespeed.conf file:

<Location /wp-admin/>
   ModPagespeed Off
</Location>

<Location /phpmyadmin/>
   ModPagespeed Off
</Location>

You’ll also want to have access to the Pagespeed Admin, the Pagespeed Statistics and the Pagefeed Messages. You can do so by adding the following code to your pagespeed.conf file:

ModPagespeedStatistics on
ModPagespeedStatisticsLogging on
ModPagespeedLogDir /usr/local/apache/logs
ModPagespeedMessageBufferSize 100000
<Location /mod_pagespeed_statistics>
  <IfModule mod_rewrite.c>
    RewriteEngine Off
  </IfModule>
  Order deny,allow
  Allow from localhost
  Allow from <OFFICE IP>
  SetHandler mod_pagespeed_statistics
</Location>
<Location /mod_pagespeed_message>
  <IfModule mod_rewrite.c>
    RewriteEngine Off
  </IfModule>
  Order deny,allow
  Allow from localhost
  Allow from <OFFICE IP>
  SetHandler mod_pagespeed_message
</Location>
<Location /pagespeed_admin>
  <IfModule mod_rewrite.c>
    RewriteEngine Off
  </IfModule>
  Order deny,allow
  Allow from localhost
  Allow from <OFFICE IP>
  SetHandler pagespeed_admin
</Location>

Finally, tell mod_pagespeed which Pagespeed Filters you want enabled, as follows:

ModPagespeedEnableFilters inline_import_to_link
ModPagespeedEnableFilters flatten_css_imports
ModPagespeedEnableFilters combine_css
ModPagespeedEnableFilters rewrite_css
ModPagespeedEnableFilters prioritize_critical_css
ModPagespeedEnableFilters move_css_to_head
ModPagespeedEnableFilters move_css_above_scripts
ModPagespeedEnableFilters combine_javascript
ModPagespeedEnableFilters rewrite_javascript
ModPagespeedEnableFilters defer_javascript
ModPagespeedEnableFilters remove_comments
ModPagespeedEnableFilters collapse_whitespace
ModPagespeedEnableFilters sprite_images
ModPagespeedEnableFilters lazyload_images
ModPagespeedEnableFilters recompress_png
ModPagespeedEnableFilters convert_png_to_jpeg
ModPagespeedEnableFilters convert_jpeg_to_webp
ModPagespeedEnableFilters rewrite_images

Please have a look here how each of these filters will help to make your server faster.

HTTP/2 Protocol

After reading this article on Yoast, I became interested in the HTTP/2 Protocol, mod_http2, which can be used for performance optimization. Upgrading to HTTP/2 should speed up your web server significantly, and so I found this step by step tutorial on how to set-up HTTP/2 on your server or VPS. Have a look for yourself, but sure to know what you do as this has caused major problems for at my first attempt to get HTTP/w working. By all means, I have spent hours getting everything to work, so be really careful!

Once you have everything running smoothly, have a look here for a list of HTTP/2 test sites and other methods to see if it works as it should.

LetsEncrypt

I am just posting this here for future reference:

  1. https://help.directadmin.com/item.php?id=641&in1=letsencrypt&in2=1 (This one makes DirectAdmin secure.)
  2. https://help.directadmin.com/item.php?id=648
  3. https://help.directadmin.com/item.php?id=15

If you have updated Apache to work with HTTP/2, make sure to configure the correct web root path in the httpd.conf file.

Don’t forget to enable SNI, which is an extension to the TSL Protocol, in DirectAdmin, this will allow you to use multiple certificates for one IP address. You can do so as follows:

grep -q 'enable_ssl_sni=1' /usr/local/directadmin/conf/directadmin.conf || echo 'enable_ssl_sni=1' >> /usr/local/directadmin/conf/directadmin.conf

Credits: https://www.transip.nl/forum/post/prm/4543 (This is a Dutch written article.)

Installing Fail2ban on CentOS

Here’s a short tutorial for those of you looking to install Fail2ban on an existing CentOS server or VPS.

First of all, you will have to determine which CentOS version you have, with the following command after starting a SSH session using a terminal window:

cat /etc/centos-release

The response will probably be something like this:

CentOS release 6.8 (Final)

Now that we know the CentOS version is 6, we will have to get the latest EPEL yum repository, using the following command:

rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-6.noarch.rpm

Next step is to install Fail2ban with the following command:

yum install fail2ban

When prompted Is this ok [y/N]: please type y and then hit enter.

This may take a few minutes, so sit back and relax waiting for the installation to finish.

The reasons you might want to protect your server or VPS using Fail2ban is because you are experiencing too many false logins attempts for WordPress, Proftpd, Exim2 or sshd4/sshd5 for example. To do so you will have to create the following local configuration file, using an editor such as nano:

nano /etc/fail2ban/jail.local

(Don’t have Nano? You can install Nano with the following command: yum install nano.)

Here is how to set-up a sshd jail to catch failed login attempts to SSH:

[sshd]
enabled = true
port = ssh
filter = sshd
logpath = /var/log/secure
maxretry = 3
findtime = 3600
bantime = 86400

Here is how to set-up an exim jail to catch failed login attempts to Exim:

[exim]
enabled = true
port = smtp,465,submission
filter = exim
logpath = /var/log/exim/mainlog
maxretry = 3
findtime = 86400
bantime = 31536000

Now that we have created these jails, and saved our configuration file (ctrl+x) we have to restart our server or VPS with the following command:

service fail2ban start

If everything went as expected you should get the following response:

Starting fail2ban: [ OK ]

Using Fail2ban to block login attempts to WordPress

If additionally you also would like to protect your server or VPS from failed login attempts to WordPress, you should first create a filter.

Your filters are located here: /etc/fail2ban/filter.d/

Create a new filter named wordpress.conf using Nano as follows: nano /etc/fail2ban/filter.d/wordpress.conf

Copy and paste the following code into the newly created wordpress.conf filter file:

# Fail2Ban filter for wordpress
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = wordpress

failregex = ^%(__prefix_line)sAuthentication failure for .* from <HOST>$
            ^%(__prefix_line)sPingback error .* generated from <HOST>$

ignoreregex =

# Author: John Doe

Now that you have created the wordpress.conf filter, you will need to add a new rule to your jail.local file which you have previously created:

[wordpress]
enabled = true
filter = wordpress
logpath = /var/log/secure
maxretry = 3
findtime = 86400
bantime = 31536000
action = iptables-multiport[name=wordpress,port="80,443"]

Finally, you will have to restart Fail2ban using the following command: service fail2ban restart

If everything went well, this is what the response should look like:

Stopping fail2ban: [ OK ]
Starting fail2ban: [ OK ]

Congratulations, your server of VPS is now protected against scum trying to make your life misserable!

How Google Spoiled my Fun with the Panda Update

OK, since I kind of promised, when I wrote my last post nearly a year ago, to write a new one a little bit sooner – which I didn’t, I am going to start by saying that I’m not going to make any other promises again. The affiliate life is like a roller coaster ride, even worse, a roller coaster ride but in the dark, as you’ll never know which turn will be coming up next.

One month you’re celebrating and thinking of buying that new Audi, the next one you’ll be set back to where you were before. And usually this goes along with the amount of time and money you are willing to invest into your sites. Don’t get me wrong though, I’m still far better off being on this crazy ride than working as a corporate slave from nine to five –  besides making better money, I can honestly say that freedom is what makes being an affiliate so great.

Another factor that always comes around to mess things up when things seem to go well is good old G. Most of you know that I have been hit pretty hard by the Google Panda update last year, and that I am still struggling and stuck with lower rankings for my main site www.pokerforfree.org today. I hate to say it, but Google is doing a lousy job!  The SERPs are filled with thin affiliate sites, where mine has grown to a very decent resource with great content, including:

  • a comprehensive World Series of Poker guide,
  • an ongoing European Poker Tour guide, which includes my best page of the site, the yearly EPT Grand Finals coverage,
  • a completely new Poker Rules section, with well written in-depth guides,
  • and much much more… in fact, still adding as we speak.

For anyone who doesn’t understand the impact of the Panda update, the following graph reveils everything.

This actually means that it takes much more, to recover from the Panda update, than just locating and rewriting a bunch of bad pages. The examples I outlined above are just a small portion from what has been ‘fixed’. I literary spent thousands of dollars to improve the quality of my site, with the result I am aiming for still lacking. One thing I have to admit though,  frankly most of the content on my site sucked, so it should have been penalized in the first place. But it’s time to reward good sites, with great content, not just sites with a shit load of links!

To continue on the subject, other things I did in my best effort trying to recover from the Panda update, was moving the Italian version of Poker For Free to it’s own domain www.giochipokergratis.co, and as well the German version to www.kostenlospokeronline.de. The reason to move these sections was that I suspected them to have a negative impact of the total quality of my site. Unfortunately it didn’t make a difference, or not yet at least.

Furthermore I also bought myself a licence for a free poker game, which I am hosting on one of my own servers. It’s pretty cool actually, since I was able to create custom tables and card decks, and it would be even cooler if there were any active players, but with a limited amount of traffic the only thing I can do is keep dreaming.

Of course, all the trouble came during the aftermath of dealing with the douche bags from Stickyeyes, but that chapter is closed and I’m not going to touch it again. (Alright, for the sake of it, one more time: Stay away from dealing with Stickyeyes. They do more harm than good, or if your budget is sky-high, they will certainly abuse it by taking much more than needed! In fact, I’ll do the same for half the price if you want me to!)

Finally I have been examining my site inside out, and tried to fix any flaws that could possibly have a negative impact on SEO. For example, I fixed a bug that redirected non existing pages to my File Not Found page, without generating a proper 404 header. Instead, I am no longer redirecting pages, but parsing the content and a 404 header right on the spot. So no more Soft 404’s in Google’s Webmaster Tools soon!

Hereby I am concluding this post with a short message for anyone who would like to add a free poker game to their site. I’ve developed an API for my free poker game, to use it throughout my own network, and could offer this to the public. If you’re seriously interested and think you have the audience for it, please get in touch with me. I can definitely use some players!

Thanks for reading, and ’till the next, when I’ve finally recovered from Google Panda. (I know… just wishful thinking.)