Useful Commands for Managing GridPane Servers

  • Updated
8 min read

Table of Contents

  1. Introduction
  2. Check Disk Space Per Website
  3. Check Database Size Per Website
  4. Discover Attacking IPs on Nginx
  5. Discover Attacking IPs on OpenLiteSpeed
  6. Ban IPs with Fail2Ban
  7. Ban IPs with Nginx Rules
  8. Ban IPs on OpenLiteSpeed
  9. Renewing Monit SSL Certificates
  10. Renewing PHPMyAdmin SSL Certificates
  11. Create a Magic Login Link
  12. Export/Import a WordPress Database
  13. Check and Repair a WordPress Database
  14. Backup a Website
  15. Log in to MySQL
  16. Display your MySQL Password
  17. Log Locations and How to View Them

Introduction

There are commands that can come in extremely useful for managing your GridPane servers. We use them ourselves, many of them daily, and knowing them should prove useful in your GridPane journey.

Let’s jump right in!

Check File Disk Space Per Website

First, navigate to the directory where your websites are stored with:

cd /var/www

And then run the following to sort them in order of file size:

du -h --max-depth=1 | sort -h

This is an extremely useful command. It will work for all directories on your server, not just your websites, but checking website disk space is likely the most common reason you’ll want to use it.

Do keep in mind that this excludes the website database, which takes up additional disk space. See the section below for checking database sizes. 

Check Database Size Per Website

You can check individual database sizes with the following:

cd /var/lib/mysql
du -h --max-depth=1 | sort -h

Discover Attacking IPs on Nginx

Nginx server under attack? The following commands will help you uncover attacking IPs so that you can then ban them either through Nginx rules, Fail2Ban, or Cloudflare.

Check your access logs on your server with the following commands. The first two will check for IPs hitting xmlrpc.php and wp-login.php, and the third will list IPs accessing your server as a whole.

Check for hits on xmlrpc.php:
cat /var/log/nginx/*access.log | grep xmlrpc | awk '{print $1}' | sort | uniq -c
Check for hits on wp-login.php:
cat /var/log/nginx/*access.log | grep wp-login | awk '{print $1}' | sort | uniq -c
Check overall access for the day:

Here you’ll need to replace the date with the actual current date:

cat /var/log/nginx/*access.log | grep '11/Dec/2021' | sudo awk '{ print $1}' | sort | uniq -c | sort -nr

Here you may see some IPs with hundreds or thousands of hits on your website. If that’s the case, run this to display the top 50:

cat /var/log/nginx/*access.log | grep '11/Dec/2021' | sudo awk '{ print $1}' | sort | uniq -c | sort -nr | head -n 50

Discover Attacking IPs on OpenLiteSpeed

OLS server under attack? The following commands will help you uncover attacking IPs so that you can then ban them either through OLS rules, Fail2Ban, or Cloudflare.

Check your access logs on your server with the following commands. The first two will check for IPs hitting xmlrpc.php and wp-login.php, and the third will list IPs accessing your server as a whole.

Check for hits on xmlrpc.php:
cat /var/log/ols/*access.log | grep xmlrpc | awk '{print $1}' | sort | uniq -c
Check for hits on wp-login.php:
cat /var/log/ols/*access.log | grep wp-login | awk '{print $1}' | sort | uniq -c
Check overall access for the day:

Here you’ll need to replace the date with the actual current date:

cat /var/log/ols/*access.log | grep '11/Dec/2021' | sudo awk '{ print $1}' | sort | uniq -c | sort -nr

Here you may see some IPs with hundreds or thousands of hits on your website. If that’s the case, run this to display the top 50:

cat /var/log/ols/*access.log | grep '11/Dec/2021' | sudo awk '{ print $1}' | sort | uniq -c | sort -nr | head -n 50

Banning IPs with Fail2Ban

You can quickly manually ban an IP address directly on the server. Run the following command, replacing the actual IP address:

fail2ban-client set wordpress-extra banip {ip-address}

The ban time for the wordpress-extra jail is 24 hours (86400 seconds). 

For example:

fail2ban-client set wordpress-extra banip 199.199.199.199

Ban IPs with Nginx Rules

To block an IP at the server level, you can use the http-context.conf. To customize this config, run the following command:

nano /etc/nginx/extra.d/http-context.conf

Add your IP as follows (or if multiple IPs, then 1 per line):

deny 199.199.199.19;
deny 123.123.123.45;

Save the file with CTRL+O followed by Enter. Exit nano with CTRL+X.

Now copy the file into the _custom directory to ensure it’s not overwritten:

cp /etc/nginx/extra.d/http-context.conf /etc/nginx/extra.d/_custom/http-context.conf

Now check your Nginx syntax with:

nginx -t

As long as there are no errors present you can then reload Nginx with:

gp ngx reload

Ban IPs on OpenLiteSpeed

On OpenLiteSpeed, when denying IPs at the server level it will close its connection so nothing gets hit on the server. If you deny at the site level, a 403 HTTP Error will be served.

Full details on Allowing/Denying IPs on OpenLiteSpeed can be found here:
Allow or Deny IP Addresses on OpenLiteSpeed

Block at the Server Level

The server-wide configuration is located here:

/usr/local/lsws/conf/ip_deny.conf

Add Your IP/s

To edit either file, open them with nano like so:

nano /usr/local/lsws/conf/ip_deny.conf

Add one IP address per line, then hit CTRL+O followed by Enter to save the file, and CTRL+X to exit nano.

Restart OLS

For the changes to take effect you will first need to restart OLS.

Restart and regenerate the server configuration with the following command:

gpols httpd

Renewing Monit SSL Certificates

Copy and paste the following command to run your Monit SSL renewal: 
gp site monit -ssl-renewal

Renewing PHPMyAdmin SSL Certificates

Copy and paste the following command to run your PHPMA SSL renewal:

gp site phpma -ssl-renewal

Create a Magic Login Link

You can quickly and easily create a magic login link to login to any of your websites directly on your server. Normally, you can just SSO in, but if for some reason that’s not working, or you need to send a login link to a client (not really recommended), you can create one as outlined below.

Note: Links expire after 15 minutes or once they’ve been successfully used.

You can create one with GP-WP-CLI as follows:

gp wp site.url login create 1

Export/Import a WordPress Database

Being able to quickly backup a WordPress database can come in handy when you’re about to perform any kind of clean up (better tested on staging first) or repair. You can create a backup with:

gp wp site.url db export /var/www/site.url/htdocs/name_of_backup.sql --all-tablespaces --add-drop-table

And restore a backup with:

 gp wp site.url db import name_of_backup.sql

You can also check out this article for more database backup options: How to backup / export / import a WordPress database.

Check and Repair a WordPress Database

These are handy commands if you’re seeing performance issues or database errors. You can check the health of a websites database with either GP-WP-CLI as follows:

gp wp site.url db check

And then, if necessary, repair it. Always back up your database before performing work on it. Copy and paste the following command to run the repair:

gp wp site.url db repair

Backup a Website

If you’re working on a site inside your server and wish to make a backup, you can do so with the following command:

gpbup2 site.url -local-single-site

Note that the above command only works for V2 backups.

Log in to MySQL

If you need to log in to MySQL directly on your server, you can do so with the following GP-CLI command: 

gp mysql login root

Display your MySQL Password

If you’re working on your database remotely with a program such as MySQL Workbench, you can view your password with the following GP-CLI command:

gp mysql get-pass root

Log Locations and How to View Them

You can view the last 300 lines of various logs in your site customizer modal, but if you need to view more, or would like to view specific logs in real-time. To view the logs list below you can use the cat command like so:

cat /path/to/example.log

Or you can view them in real time with the tail -f command:

tail -f /path/to/example.log

To exit from tail -f hit CTRL+C.

In the commands below that include “site.url“, be sure to switch this for your websites domain. For example:

cat /var/www/gridpane.com/logs/ssl-provision.log

Server Logs

The gridpane.log logs what commands are run on your server.

/var/log/gridpane.log

General Website Logs

The general logs keeps track of the changes made to your website in the site customizer. You can view changes that have been made to your site in this log. You can find them here:

/var/www/site.url/logs/gridpane-general.log

Error Logs

You can view your websites Nginx error logs here:

/var/log/nginx/site.url.error.log

Access Logs

The access.log logs the IP addresses of those that visit your websites, what they do, what browser they use, the names of the bots that crawl your site, and more.

/var/log/nginx/site.url.access.log

SSL Renewal Logs

You can view your SSL renewal logs here. This includes renewals for all of your websites.

/opt/gridpane/certbot.monitoring.log

SSL Provisioning Logs

To view the SSL provisioning logs for your individual websites you can find them in your websites /logs directory:

/var/www/site.url/logs/ssl-provision.log

Single Sign On (SSO) Logs

View your websites single sign on logs:

/var/www/site.url/logs/sso.log

Domains Log

The domains.log logs all of the changes made to your site, such as caching changes,

/var/www/site.url/logs/domains.log

Debug Logs

If you’ve turned on WP Debug and need to see more of your debug log you can find it here (be sure to always turn debug off once you’ve finished using it):

/var/www/site.url/logs/debug.log

If you’d like to learn more about using WP Debug along with the Query Monitor plugin, check out this article.