December 2018
M T W T F S S
« Nov    
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Categories

WordPress Quotes

If you have built castles in the air, your work need not be lost; that is where they should be. Now put foundations under them.
Henry David Thoreau

Recent Comments

December 2018
M T W T F S S
« Nov    
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (34)
Ansibile (19)
Apache (133)
Asterisk (2)
cassandra (2)
Centos (209)
Centos RHEL 7 (259)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (28)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (2)
Ldap (5)
Linux (189)
Linux Commands (167)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (22)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (31)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (34)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (60)
Uncategorized (29)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

31 visitors online now
0 guests, 31 bots, 0 members

Hit Counter provided by dental implants orange county

ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

ERROR 1820 (HY000): You must reset your password using ALTER USER statement before executing this statement.

Create a user in Mysql in linux

login to mysql as a root

mysql -u root -p

now create user with following command

CREATE USER ‘testdb’@’localhost’ IDENTIFIED BY ‘test123’;

if you got error like below.

then you have to reset the root password as password policy level in mysql. so simply use the below command to set the password for root in mysql.

ALTER USER ‘root’@’localhost’ IDENTIFIED BY ‘Root@1234’;then it will show like “Query OK, 0 rows affected (0.00 sec)”

now try again the step to create user as per the password policy.

If you don’t want password policy and you want to create user password with some random simple password then follow the step below.

login mysql as root

mysql -u root -p

then check the policy status with below command

SHOW VARIABLES LIKE ‘validate_paswword%’;

it will show like below image.

you can see the validate_password_policy in MEDIUM.

now you have to change to LOW. So you can proceed in your own way. Now set the paoly rule in low with following command.

SET GLOBAL validat_password_policy=LOW;

now check the password policy like above. You will get like below image.

mysql> SET GLOBAL validate_password_length = 4;
Query OK, 0 rows affected (0.01 sec)

mysql> SHOW VARIABLES LIKE ‘validate_password%’;
+————————————–+——–+
| Variable_name | Value |
+————————————–+——–+
| validate_password_dictionary_file | |
| validate_password_length | 4 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+————————————–+——–+
6 rows in set (0.00 sec)

mysql> SET GLOBAL validate_password_policy = LOW;
Query OK, 0 rows affected (0.01 sec)

 

Performance schema is not installed by default.

For checking, you can run the command

SHOW VARIABLES LIKE 'performance_schema';

Suppose, now you will see OFF

To enable it, start the server with the performance_schema variable enabled. For example, use these lines in your my.cnf file:

[mysqld]
performance_schema=ON

More details you can found in official documentation:

https://dev.mysql.com/doc/refman/en/performance-schema-q

MySQL Slave Failed to Open the Relay Log

This problem is a little tricky, there are possible fixes that MySQL website has stated. Sad to say, the one’s I read in the forum and site didn’t fix my problem. What I encountered was that the relay-bin from my MySQL slave server has already been ‘rotated’, meaning deleted from the folder. This happens when the slave has been disconnected from the master for quite a long time already and has not replicated anything. A simple way to fix this is to flush the logs, but make sure the slave is stopped before using this command…

FLUSH LOGS;

Bring in a fresh copy of the database from the master-server and update the slave-server database. THIS IS IMPORTANT! Since if you don’t update the slave database, you will not have the data from the time you were disconnected until you reset the relay logs. So UPDATE YOUR SLAVE WITH THE LATEST DATABASE FROM THE MASTER!

Now when the logs are flushed,all the relay-bin logs will be deleted when the slave is started again. Usually, this fixes the problem, but when you start the slave and the failed relay log error is still there, now you have to do some more desperate measures… reset the slave. This is what I had to do to fully restore my MySQL slave server. Reseting the slaves restores all the settings to default… password, username, relay-log, port, table to replicate, etc… So better to have a copy of your settings first before actually do a slave reset. When your ready to rest the slave, do the command…

RESET SLAVE;

after which you should restore all your setting with a command something like…

CHANGE MASTER TO MASTER_HOST=.....

now start your server with…

SLAVE START;

check your slave server with…

SHOW SLAVE STATUS\G

look for …

Slave_IO_Running: Yes
Slave_SQL_Running: Yes

both should be YES, if not, check your syslog if there are other errors encountered. I’ll leave this until here since this is what I encountered and I was able to fix it.

Edit 5/14/11:

There is a possible change that after executing the CHANGE MASTER command that you’ll receive this error below…

ERROR 1201 (HY000): Could not initialize master info structure; more error messages can be found in the MySQL error log

This can occur when the relay logs under /var/lib/mysql were not properly cleaned and are still there. The next thing is to delete them manually, log back in to mysql, refresh logs, reset slave then execute the CHANGE MASTER command again. The file to delete would be relay-log.info .This should work now. Sometimes I don’t know why mysql can’t reset the slave logs.

Ngxin do http forced jump https interface POST request becomes GET

The company intends to replace http with https in the Ngxin environment. It requires http to force a jump to https. This search on the Internet, the basic summary
Configure rewrite ^(.*)$ https://$host$1 permanent;

Or in the server configuration return 301 https://$server_name$request_uri;

Or in the server with if, here refers to the need to configure multiple domain names

If ($host ~* “^rmohan.com$”) {

Rewrite ^/(.*)$ https://dev.rmohan.com/ permanent;

}

Or in the server configuration error_page 497 https://$host$uri?$args;

Basically on the above several methods, website visit is no problem, jump is ok

After the configuration is successful, prepare to change the address of the APP interface to https. This is a problem.

The investigation found that the first GET request is to receive information, POST pass in the past is no information, I configure the $ request_body in the nginx log, the log inside that does not come with parameters, view the front of the log, POST changed Become a GET. Finding the key to the problem

Through the online search, the discovery was caused by 301. Replaced by 307 problem solving.

301 Moved Permanently The
requested resource has been permanently moved to a new location, and any future references to this resource should use one of several URIs returned by this response

307 Temporary Redirect The
requested resource now temporarily responds to requests from different URIs. Because such redirection is temporary, the client should continue to send future requests to the original address.

From the above we can see that 301 jump is a permanent redirect, and 307 is a temporary redirect. This is the difference between 301 jumps and 307 jumps.

The above may not look very clear, simple and straightforward to express the difference:

Return 307 https://$server_name$request_uri;

307: For a POST request, indicating that the request has not yet been processed, the client should re-initiate a POST request to the URI in Location.

Change to the 307 status code to force the request to change the previous method.

The following configuration 80 and 443 coexist:

Need to be configured in a server, 443 port plus ssl. Comment out ssl on;, as follows:

Server{
listen 80;
listen 443 ssl;
server_name testapp.***.com;
root /data/vhost/test-app;
index index.html index.htm index.shtml index.php;
#ssl on;
ssl_certificate /usr/local/nginx/https/***.crt;
ssl_certificate_key /usr/local/nginx/https/***.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE -RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on
ssl_session_cache shared:SSL:10m;
error_page 404 /404. Html;
Location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
#include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
access_log /data/logs/ Nginx/access.log access;
error_log /data/logs/nginx/error.log crit;
}

The two server wording:

Server{
listen 80;
server_name testapp.***.com;
rewrite ^(.*) https://$server_name$1 permanent;
}

Server{
listen 443;
server_name testapp.***.com;
root /data/vhost/test-app;
index index.html index.htm index.shtml index.php;
Ssl on;
ssl_certificate /usr/local/nginx/https/***.crt;
ssl_certificate_key /usr/local/nginx/https/***.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE- RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on
ssl_session_cache shared:SSL:10m;
error_page 404 /404.html ;
Location ~ [^/]\.php(/|$) {
fastcgi_index index.php;
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
#include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
access_log /data/logs/ Nginx/access.log access;
error_log /data/logs/nginx/error.log crit;
}

Offer ssl optimization, the following can be used according to business, not all configuration, the general configuration of the red part on the line

Ssl on;
ssl_certificate /usr/local/https/www.localhost.com.crt;
ssl_certificate_key /usr/local/https/www.localhost.com.key;

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #allows only TLS protocol
ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:! AESGCM; # cipher suite, here used CloudFlare’s Internet facing SSL cipher configurationssl_prefer_server_ciphers on; # negotiated the best encryption algorithm for the server ssl_session_cache builtin: 1000 shared: SSL: 10m;
# Session Cache, the Session cache to the server, which may take up More server resources ssl_session_tickets on; # Open the browser’s Session Ticket cache ssl_session_timeout 10m; # SSL session expiration time ssl_stapling on;
# OCSP Stapling is ON, OCSP is a service for online query certificate revocation, using OCSP Stapling can certificate The valid state information is cached to the server to increase the TLS handshake speed ssl_stapling_verify on; #OCSP Stapling verification opens the resolver 8.8.8.8 8.8.4.4 valid=300s; # is used to query the DNS resolver_timeout 5s of the OCSP server; # query domain timeout time

Linux Servers Prevent Pings and Open Pings

Linux defaults to allow ping responses, which means that ping is on, but ping may be the start of a network attack, so turning off ping can improve the server’s security factor. Whether the system allows ping is determined by two factors: 1. Kernel parameters, 2. Firewall. Two factors are required to allow ping at the same time. If any of them is forbidden, ping cannot be opened. The specific configuration method is as follows:

1, the kernel parameter settings

Allow/disable ping settings (permit ping by default)

The command to temporarily enable/disable ping is to modify the contents of the /proc/sys/net/ipv4/icmp_echo_ignore_all file. The contents of the file are only 1 character. 0 is for ping, 1 is forbidden, and there is no need to restart the server.

Permanently allow/disable ping configuration method:

Modify the file /etc/sysctl.conf and add a line at the end of the file:

Net.ipv4.icmp_echo_ignore_all = 1

If you already have the net.ipv4.icmp_echo_ignore_all line, you can directly change the value after the = sign to allow 0 and 1 to disable.

Execute sysctl -p after modification to make the new configuration take effect (important).

2, firewall settings (the premise of the method here is the kernel configuration is the default value, that is not prohibited ping)

Here takes the iptables firewall as an example. For other firewall operation methods, refer to the official firewall documentation.

Allow ping settings

Iptables -A INPUT -p icmp –icmp-type echo-request -j ACCEPT

Iptables -A OUTPUT -p icmp –icmp-type echo-reply -j ACCEPT

Or you can temporarily stop the firewall:

Service iptables stop

Prohibit ping setting

Iptables -A INPUT -p icmp –icmp-type 8 -s 0/0 -j DROP

Linux configuration ssh remote remote login

This configuration allows you to: ssh logins between cluster servers. If you only want to ssh login from other machines (slave1, slave2) from a single machine (such as master), only follow the second step.

It is recommended to spend two or three minutes to read the full text and then follow the steps

Steps:

1. Cluster environment: master, slave1, and slave2; operating system CentOS 7. For the convenience of the next description, in addition to the master, all other slaves collectively referred to as slaveX

The necessary IP-to-hostname mappings have been added to all servers’ /etc/hosts files, as follows.

192.168.137.20 master

192.168.137.21 slave1

192.168.137.22 slave2

2. Configuration allows slave to log in to slaveX without login.

Execute the following command on the master host. Can be a non-root user, I use Hadoop users. According to my test so far, which user to use to configure, and finally only through that user to achieve free login, other users still need a password to remote login.

2.1 cd ~ // Switch to user’s home directory

2.2 ls -al //Check whether there is a hidden path in the home directory is .ssh. If not, create one. Note that the permission to view the .ssh directory is 700 (drwx — —), if not, it is changed to 700.

2.3 cd.ssh //Enter into the .ssh directory

2.4 ssh-keygen-t rsa // Press the carriage return character continuously while executing the command;

???????????// This command will use rsa algorithm to generate private key id_rsa and public key id_rsa.pub in ~/.ssh directory

2.5 ssh-copy-id master //This command appends the contents of the generated public key file to the master’s authorized_keys file.

????????????/ / Note that before executing this command authorized_keys file may not exist, it does not matter, directly execute the command on the line, it will be automatically generated, of course, you can create one yourself; pay attention to authorized_keys file permissions to be 600;

????????????// In addition to the ssh-copy-id command, you can use cat id_rsa.pub >> authorized_keys to append the contents of the public key to the authorized_keys file. It is not OK to append the content to the copy_paste method.

????????????// After executing this step, you can log in to the master through the ssh master command. (Before this step, even if you log in yourself through ssh, you will need to manually enter the password every time.)

????????????//The contents of the authorized_keys file is a string starting with ssh-rsa, as shown below:

 

Note: The host name in the figure is inconsistent with the master and slaveX described in the article, but it does not affect the understanding of the content format in the authenticated_keys file.

2.6 ssh-copy-id slaveX // append master’s public key to slaveX’s authorized_keys file, then master can login to slaveX without secret

3. Configuration makes slaveX free to log in to other machines in the cluster

After the second step above, you can already log in to the master and slaveX on the master, but you can’t log on to other machines (master, slaveX) from slaveX. If you want slaveX to be like master, you can avoid it. To log in to other machines, you need to perform the same steps in step 2 on slaveX, that is, generate your own private key public key pair on slaveX, and then append it’s public key to the authorized_keys file of other machines.

To sum up, if you want to configure cluster servers to securely log in to each other, you can use the following two methods: (The essence of the two methods is the same, but the process steps are slightly different.)

Method one: One server is operated as in step 2 until all machines are configured;

Method 2: All machines, including master and slaveX, use the ssh-keygen -t rsa command to generate their own private key public key pairs, and then use the ssh-copy-id master command to append both the master and slaveX public keys to the master. In the authorized_keys file, when all the files are appended, the master’s authorized_keys file already contains the public key information of all the servers in the cluster (including the master and other slaves). It can be seen that all the machines in the cluster can log in without SSH. Master), it is a complete public key information file, then use the scp command to send the authorized_keys on the master sequentially to the ~/.ssh/ directory of each slave (scp command example: scp ~/.ssh/ Authorized_keys hadoop@node01:~/.ssh/). In this way, the entire cluster can be ssh-free login.

————————————————– ——————————

As for the next step, I saw this operation in an individual blog post when I searched for information on the Internet. I didn’t configure this when I operated it. I don’t know how it affects the result because I didn’t do this configuration and also made ssh. Free login is successful. If you must configure it, complete this configuration before performing step 2.

On each host in the cluster

Sudo vim /etc/ssh/sshd_config

Open the following options

RSAAuthentication yes //Allows authentication with RSA keys

PubkeyAuthentication yes //Allows authentication with public key

AuthorizedKeysFile.ssh/authorized_keys //The file of the public key saved by this machine (this is more important)

For the /etc/ssh/sshd_config file, the online query suggested: “Do not change the setting of the /etc/ssh/sshd_config file unless necessary. Because the default situation is usually the most stringent SSH protection, you don’t need to change him!

Nginx load balancing and configuration

Nginx load balancing and configuration

1 Load Balancing Overview The 
    origin of load balancing is that when a server has a large amount of traffic per unit time, the server will be under great pressure. When it exceeds its own capacity, the server will crash. To avoid crashing the server. The user has a better experience, born load balancing to share the pressure of the server. 

    Load balancing is essentially implemented by the principle of reverse proxy, is a kind of technology that optimizes server resources and reasonably handles high concurrency, and can balance Server pressure to reduce user request wait time and ensure fault tolerance. Nginx is generally used as an efficient HTTP load balancing server to distribute traffic to multiple application servers to improve performance, scalability, and high availability. 

    Principle: Internal A large number of servers can be built on the network to form a server cluster. When users access the site, they first access the public network intermediate server. The intermediate server is assigned to the intranet server according to the algorithm and shares the pressure of the server. Therefore, each visit of the user will ensure the server. The pressure of each server in the cluster tends to balance, sharing server pressure and avoiding servers The collapse of the case.

    The nginx reverse proxy implementation includes the following load balancing HTTP, HTTPS, FastCGI, uwsgi, SCGI, and memcached. 
To configure HTTPS load balancing, simply use the protocol that begins with ‘http’. 
When you want to set load balancing for FastCGI, uwsgi, SCGI, or memcached, use the fastcgi_pass, uwsgi_pass, scgi_pass, and memcached_pass commands, respectively.

2 Common Balancing Mechanisms of Load Balancing

1 round-robin: The requests are distributed to different servers in a polling manner. Each request is assigned to different back-end servers in chronological order. If the back-end server goes down, it is automatically removed to ensure normal service. .

Configuration 1: 
upstream server_back {#nginx distribution service request 
    server 192.168.162.49; 
    server 192.168.162.50; 
}

Configuration 2: 
http { 
    upstream servergroup { # service group accepts requests, nginx polling distribution service requests 
        server srv1.demo.com; 
        server srv2.demo.com; 
        server srv3.demo.com; 
    } 
    server { 
        listen 80; 
        location / { 
            Proxy_pass http://servergroup; #All requests are proxied to servergroup service group 
        } 
    } 

 proxy_pass is followed by proxy server ip, can also be hostname, domain name, ip port mode 
 upstream set load balancing background server list

2 Weight load balancing: If no weight is configured, the load of each server is the same. When there is uneven server performance, weight polling is used. The weight parameter of the specified server is determined by load balancing. a part of. Heavy load is great. 
Upstream server_back { 
    server 192.168.162.49 weight=3; 
    server 192.168.162.50 weight=7; 
}

3 least-connected: The next request is allocated to the server with the least number of connections. When some requests take longer to respond, the least connections can more fairly control the load of application instances. Nginx forwards the request to the less loaded server. 
Upstream servergroup { 
        least_conn; 
        server srv1.demo.com; 
        server srv2.demo.com; 
        server srv3.demo.com; 
    }

4 ip-hash: Client-based IP address. When load balancing occurs, each request is relocated to one of the server clusters. Users who have logged in to one server then relocate to another server and their login information is lost. This is obviously not appropriate. Use ip_hash to solve this problem. If the client has accessed a server, when the user accesses it again, the request will be automatically located to the server through a hash algorithm.

Each request is assigned according to the result of the IP hash, so the request is fixed to a certain back-end server, and it can also solve the session problem 
upstream         server group { 
        ip-hash; 
server srv1.demo.com; 
        server srv2.demo.com; 
        server srv3. Demo.com; 
    }

Attach an instance: 
#user nobody; 
worker_processes 4; 
events { 
    # maximum number of concurrent 
    workers_connections 1024; 

http{ 
    # The list of pending servers to be         followed by the 
    upstream myserver{ 
# ip_hash instruction to bring the same user to the same server. 
        Ip_hash; 
        server 125.219.42.4 fail_timeout=60s; tentative time after the failure of #max_fails 60s 
        server 172.31.2.183; 
        }

    Server{ 
                # listening port 
                listen 80; 
                # root 
                location / / 
                    # select which server list 
                    proxy_pass http://myserver; 
                } 
            } 
}

Max_fails allows the number of request failures to default to 1 
fail_timeout=60s fail_timeout=60s timeout for failed timeouts 
down indicates that the current server is not participating in the loadbackup. All nonbackup 
machines will request backups when they are busy, so their stress will be lightest.

Installing MariaDB on CentOS Linux 7.5

MariaDB is an open source relational database management system that is backwards compatible and replaces MySQL with binary. It was developed by some of MySQL’s original developers and many in the community. With the release of CentOS 7, MySQL was replaced by MariaDB as the default database system.

If for any reason you need to install MySQL, check out how to install MySQL on the CentOS 7 tutorial. If your application does not have any specific requirements, you should stick with MariaDB, the default database system in CentOS 7.

In this tutorial, we will show you how to install the latest version of MariaDB on CentOS 7 using the official MariaDB repository. The MariaDB server version provided in the default CentOS repository is version 5.5 and is not the latest stable version of MariaDB.

Install MariaDB

At the time of this writing, the latest version of MariaDB is version 10.3.

Create a repository file called MariaDB.repo and add the following:

/etc/yum.repos.d/MariaDB.repo

# MariaDB 10.3 CentOS repository list – created 2018-05-27 07:02 UTC 
# http://downloads.mariadb.org/mariadb/repositories/ 
[mariadb] 
name = MariaDB 
baseurl = http://yum.mariadb.org/ 10.3/centos7-amd64 
gpgkey=https://yum.mariadb.org/RPM-GPG-KEY-MariaDB 
gpgcheck=1

If you need to install any other version of MariaDB, generate a repository for your desired version of MariaDB on this page (https://downloads.mariadb.org/mariadb/repositories/).

We will use yum to install the MariaDB server and client packages, just like other CentOS packages, by typing the following command:

Sudo yum install MariaDB-server MariaDB-client

Yum may prompt you to import the MariaDB GPG key:

Retrieving key from https://yum.mariadb.org/RPM-GPG-KEY-MariaDB 
Importing GPG key 0x1BB943DB: 
Userid : “MariaDB Package Signing Key <package-signing-key@mariadb.org>” 
Fingerprint: 1993 69e5 404b d5fc 7d2f e43b cbcb 082a 1bb9 43db 
From : https://yum.mariadb.org/RPM-GPG-KEY-MariaDB

Type y and press Enter.

After the installation is complete, enable and start the MariaDB service:

Sudo systemctl enable mariadb 
sudo systemctl start mariadb

Once the MySQL service starts, we can check its status by entering the following:

Sudo systemctl status mariadb

Sample output:

? mariadb.service – MariaDB 10.3.7 database server 
  Loaded: loaded (/usr/lib/systemd/system/mariadb.service; enabled; vendor preset: disabled) 
  Drop-In: /etc/systemd/system/mariadb.service. d 
          ??migrated-from-my.cnf-settings.conf 
  Active: inactive (dead) 
    Docs: man:mysqld(8) 
          https://mariadb.com/kb/en/library/systemd/

And print the MariaDB server version, which contains:

Mysql -V

Mysql Ver 15.1 Distrib 10.3.7-MariaDB, for Linux (x86_64) using readline 5.1

Protecting MariaDB security

Run the mysql_secure_installation command to improve MariaDB installation security:

Sudo mysql_secure_installation

The script prompts you to set the root password, remove the anonymous user, restrict the root user’s access to the local computer, and delete the test database. All steps are detailed and it is recommended to answer “yes” (yes) to all questions.

Connect to MariaDB from the command line

To connect to the MariaDB server through the terminal, we will use the MariaDB client.

You can log in to the MariaDB server as root by typing:

Mysql -u root -p

You will be prompted to enter the previously set root password when running the mysql_secure_installation script.

Once you enter the password, you will see the MariaDB shell as follows:

Welcome to the MariaDB monitor. Commands end with ; or \g. 
Your MariaDB connection id is 8 
Server version: 10.3.7-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle , MariaDB Corporation Ab and others.

Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

mod_proxy apache 2.4

Using Apache with mod_proxy

This page describes how to integrate Confluence into an Apache website using mod_proxy.

There are some common situations where you might use the configuration:

Note: This page documents a configuration of Apache, rather than of Confluence itself. Atlassian will support Confluence with this configuration, but we cannot guarantee to help you debug problems with Apache. Please be aware that this material is provided for your information only, and that you use it at your own risk.

Base configuration

In these examples, we use the following:

http://www.example.com/confluence – your intended URL

http://example:8090 – the hostname and port Confluence is currently installed to

/confluence – the intended context path (the part after hostname and port)

Please substitute the examples below with your intended URL’s in your own server. Copy/pasting these suggestions will not work on your server.

Set the context path

Set your Confluence application path (the part after hostname and port). To do this in Tomcat (bundled with Confluence), edit conf/server.xml, locate the “Context” definition:

<Context path="" docBase="../confluence" debug="0" reloadable="true">

and change it to:

<Context path="/confluence" docBase="../confluence" debug="0" reloadable="true">

Then restart Confluence, and ensure you can access it at http://example:8090/confluence

Set the URL for redirection

Set the URL for redirection. In the same conf/server.xml file, locate this code segment:

    <Connector port="8090" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true" />

And append the last line:

    <Connector port="8090" maxHttpHeaderSize="8192"
               maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" redirectPort="8443" acceptCount="100"
               connectionTimeout="20000" disableUploadTimeout="true"
               proxyName="www.example.com" proxyPort="80" />

If this isn’t working for you and you’re using SSL, try adding a scheme attribute to your Connector tag: scheme=”https”.

 

Now we have two options:

Simple Configuration

Configure mod_proxy

Now enable mod_proxy in Apache, and proxy requests to the application server by adding the example below to your Apache httpd.conf (note: the files may be different on your system; See Integrating JIRA with Apache for the process for Ubuntu/Debian layout):

Apache 2.2
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
    Order deny,allow
    Allow from all
</Proxy>

ProxyPass /confluence http://app-server.internal.example.com:8090/confluence
ProxyPassReverse /confluence http://app-server.internal.example.com:8090/confluence
<Location /confluence>
    Order allow,deny
    Allow from all
</Location>
Apache 2.4
# Put this after the other LoadModule directives
LoadModule proxy_module /usr/lib/apache2/modules/mod_proxy.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

# Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
ProxyRequests Off
ProxyPreserveHost On

<Proxy *>
	# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
    Require all granted
</Proxy>

ProxyPass /confluence http://app-server.internal.example.com:8090/confluence
ProxyPassReverse /confluence http://app-server.internal.example.com:8090/confluence
<Location /confluence>
	# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
    Require all granted
</Location>

Click here to expand…

It is recommended that you specify the absolute path to the mod_proxy.so and mod_proxy_http.so files.

Complex configuration

Complex configuration involves using the mod_proxy_html filter to modify the proxied content en-route. This is required if the Confluence path differs between Apache and the application server. For example:

Externally accessible (Apache) URL http://confluence.example.com/
Application server URL http://app-server.internal.example.com:8090/confluence/

Notice that the application path in the URL is different in each. On Apache, the path is /, and on the application server the path is /confluence.

For this configuration, you need to install the mod_proxy_html module, which is not included in the standard Apache distribution.

Alternative solutions are discussed below.

Apache 2.2
# Put this after the other LoadModule directives
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so

<VirtualHost *>
    ServerName confluence.example.com
    
    # Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy *>
        Order deny,allow
        Allow from all
    </Proxy>
    
    ProxyPass / http://app-server.internal.example.com:8090/confluence
    ProxyPassReverse / http://app-server.internal.example.com:8090/confluence
    
    ProxyHTMLURLMap / /confluence/
    
    <Location />
        Order allow,deny
        Allow from all
    </Location>
</VirtualHost>
Apache 2.4
# Put this after the other LoadModule directives
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_html_module modules/mod_proxy_html.so

<VirtualHost *>
    ServerName confluence.example.com
    
    # Put this in the main section of your configuration (or desired virtual host, if using Apache virtual hosts)
    ProxyRequests Off
    ProxyPreserveHost On

    <Proxy *>
		# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
    	Require all granted
    </Proxy>
    
    ProxyPass / http://app-server.internal.example.com:8090/confluence
    ProxyPassReverse / http://app-server.internal.example.com:8090/confluence
    
    ProxyHTMLURLMap / /confluence/
    
    <Location />
		# Auth changes in 2.4 - see http://httpd.apache.org/docs/2.4/upgrading.html#run-time
    	Require all granted
    </Location>
</VirtualHost>

The ProxyHTMLURLMap configuration can become more complex if you have multiple applications running under this configuration. The mapping should also be placed in a Location block if the web server URL is a subdirectory and not on a virtual host. The Apache Week tutorial has more information how to do this.

Final Configuration Steps

Restart your Apache server

This is needed to pick up on the new configuration. This can be done by running the following on your command line/terminal/shell:

sudo apachectl graceful

Disable HTTP Compression

Having compression run on both the proxy and Tomcat can cause problems integrating with other Atlassian applications, such as JIRA. Please disable HTTP compression as per our Compressing an HTTP Response within Confluence docs.

Set the Confluence Base URL

The last stage is to set the Base URL to the address you’re using within the proxy. In this example, it would be http://www.example.com/confluence

Adding SSL

If you’re running Apache in front of Tomcat, it’s a good idea to terminate your SSL configuration at Apache, then forward the requests to Tomcat over HTTP. You can set up Apache to terminate the SSL connection and use the ProxyPass and ProxyPassReverse directives to pass the connection through to Tomcat (or the appropriate application server) which is running Confluence.

  1. Create a new SSL host by creating a virtual host on 443
  2. The standard http connection on apache could be used to redirect to https if you want or it could just be firewalled.
  3. Within the VirtualHost definition:
    1. define the SSL options (SSLEngin and SSLCertificateFile)
    2. define the ProxyPass and ProxyPassReverse directives to pass through to Tomcat.

Most of the relevant Apache Config:

Listen 443

NameVirtualHost *:443
<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/apache.pem
    ProxyPass / http://localhost:8090/
    ProxyPassReverse / http://localhost:8090/
</VirtualHost>

Apart from the Apache configuration there are a couple of things you will need to do before you get your server working:

  1. You will have to change your base URL to point to https addresses. See the documentation on configuring the server base URL.
  2. We need to set up the connector to use https. In your installation directory, edit the file server.xml and add this attributes to your connector:
proxyName="proxy.example.com" proxyPort="443" scheme="https" secure="true" 

More information

 

 

Control File Access by IP in Apache 2.4

Denying access to wp-login.php for all but a set of whitelisted IP can be a good way of enhancing site security – provided that the client has a fixed IP address.

We typically add such access controls within a .htaccess file in the document root of a project, leaving login access for our own IP address and that of the site owner.

You might occasionally need to temporarily whitelist an additional IP address, but this is easy to do.

Restricting access by IP address is no substitute for a proper username/password policy – but it may be a useful additional layer, since would-be attackers don’t even get a chance to knock on the door.

Under Apache 2.2, you could use these directives within a .htaccess file:

# ==============================================================================
# Whitelisted IP access for wp-login.php
# ==============================================================================
<files wp-login.php>
order deny,allow
deny from all

# whitelist Your First IP address
allow from xxx.xxx.xxx.xxx
# whitelist Your Second IP Address
allow from xxx.xxx.xxx.xxx
# whitelist Your Third IP Address
allow from xxx.xxx.xxx.xxx

</files>

# ==============================================================================
# Protect specified files from direct access
# ==============================================================================
<FilesMatch “^(wp-config\.php|php\.ini|php5\.ini|install\.php|php\.info|readme\.html|bb-config\.php|\.htaccess|\.htpasswd|readme\.txt|timthumb\.php|error_log|error\.log|PHP_errors\.log|\.svn)”>
Deny from all
</FilesMatch>

Whilst the Allow, Order, and Deny directives still work in Apache 2.4, they are deprecated:

The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use.

-Apache 2.4 Documentation

Unfortunately, there is not a lot of literature on how to properly set up such restrictions on Apache 2.4 – without relying on mod_access_compat.
Deny Access Completely

In Apache 2.2:

Order deny,allow
Deny from all

In Apache 2.4 this becomes:

Require all denied

Restrict Access by IP address: Comparison of Apache 2.2 and 2.4

Allow from a particular IP in Apache 2.2:

Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx

Allow from a particular IP in Apache 2.4:

Require ip xxx.xxx.xxx.xxx

TL;DR Restrict Access Apache 2.4

# ==============================================================================
# Restrict access to WordPress login page by IP
# See: http://httpd.apache.org/docs/2.4/mod/core.html#files
# ==============================================================================
<Files “wp-login.php”>
Require ip 123.123.123.123
</Files>

If you have full access to Apache config on your server, you can enable these directives for all virtual hosts by adding them to the Apache config file:

sudo nano /etc/apache2/conf-enabled/security.conf

 

 

Access Control by host and ip address in Apache 2.4
In this post we will learn about access control by host and ip address in Apache 2.4. The Apache 2.4 released with lots of new feature. While working on Apache 2.4 you will surely get attention on new format of access control. The method of using allow,deny or vice-versa is deprecated, it was old styled method before Apache 2.4 versions.

We do expect users have some experience on Apache webserver. Hence, we are directly jumping on ACL of apache 2.4 . We have used all the below given methods inside Apache Virtual Host.
In trailing post, we are going to use directive called RequireAll. So as per Apache 2.4 documentation, know what is RequireAll directive :

apache 2.4 RequireAll
Allow only particular IP Address or Host to access website in Apache 2.4

In this scenario we will allow only particular IP address or hosts to access the website. Rest of the world will not be able to access the website hosted on Apache 2.4 .

Note: Replace Directive value as per your server’s web data path.

<Directory “/var/www/html/website”>
Options All
AllowOverride All
Require all denied
## “Require ip” is used here for IP Address/CIDR/Network
Require ip 192.168.56.4 10.10.1.1

## “Require host” is used here for hostname/FQDN
Require host www.example.com server01
</Directory>

As per your requirement you can set ACL either on ip address or Host or both.

Alternatively for this same scenario you can write in below given format also. You should notice the written in below given example.

<Directory “/var/www/html/website”>
Options All
AllowOverride All
<RequireAll>
## “Require ip” is used here for IP Address/CIDR/Network
Require ip 192.168.56.4 10.10.1.1

## “Require host” is used here for hostname/FQDN
Require host www.example.com server01
</RequireAll>
</Directory>

Deny only particular IP Address or Host to access website in Apache 2.4

In this section, we will deny particular ip address/host to access the website. As mentioned in above section as same as according to your requirement you can set ACL either on ip address or Host or both. Check the directive section where we have applied the ACL.

Note: Replace Directive value as per your server’s web data path.

<Directory “/var/www/html/website”>
Options All
AllowOverride All
<RequireAll>
Require all granted
## “Require ip” is used here for IP Address/CIDR/Network
Require not ip 192.168.56.4 10.10.1.1

## “Require host” is used here for hostname/FQDN
Require not host www.example.com server01
</RequireAll>
</Directory>

Deny All to access website running on Apache 2.4

In this section, we will define Require all denied directly inside directive. This configuration will deny all to access the website.

Note: Replace Directive value as per your server’s web data path.

<Directory “/var/www/html/website”>
Options All
AllowOverride All
## “Require all denied” will deny all to access the website.
Require all denied
</Directory>

Allow All to access website running on Apache 2.4

In this section, we will define Require all granted directly inside directive. The below given configuration helps all to access the website.

Note: Replace Directive value as per your server’s web data path.

<Directory “/var/www/html/website”>
Options All
AllowOverride All
## “Require all granted” will allow all to access the website.
Require all granted
</Directory>

Restart apache service

After doing changes in apache config file, do not forget to restart the apache service.

### In Ubuntu/Debian/
sudo service apache2 restart

### In CentOS 7/RHEL 7
systemctl restart httpd

### In CentOS|RHEL 5.x,6x.
service httpd restart

Apache Forbidden Error Message

On denying the ip address/host from Apache 2.4. The user will get the “Forbidden” message. Given below is the image reference.

 

 

<VirtualHost *:80>
        ServerName www.company.com
        ProxyPreserveHost On
        AllowEncodedSlashes NoDecode

        <IfModule mod_rewrite.c>
                RewriteEngine On
                RewriteCond %{HTTPS} off
                RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
        </IfModule>

</VirtualHost>

<VirtualHost *:443>
        ServerName www.company.com
        ProxyRequests Off
        SSLProxyEngine on
        AllowEncodedSlashes NoDecode

        RequestHeader set X-Forwarded-Proto "https"

        # Always use HTTP Strict Transport Security (HSTS)
        Header always set Strict-Transport-Security "max-age=63072000; includeSubdo:mains; preload"

        SSLEngine on
        SSLCertificateFile      /etc/httpd/ssl/com.crt
        SSLCertificateKeyFile   /etc/httpd/ssl/com.key
        SSLCertificateChainFile /etc/httpd/ssl/CA.crt

        # Set a cookie so the client gets the same backend server each time
        Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED

        ProxyPass /balancer-manager !
        ProxyPass / "balancer://mycluster/" nocanon
        ProxyPassReverse / "balancer://mycluster/"

        <Proxy balancer://mycluster/>
                BalancerMember http://10.0.0.2 route=1
                BalancerMember http://10.0.0.3 route=2
                ProxySet stickysession=ROUTEID
        </Proxy>

        <Location "/balancer-manager">
                SetHandler balancer-manager
                Require host localhost
                Require ip 192.168.2.0/24
                Require host 1982.168.1.10
        </Location>

</VirtualHost>

Suryan – Suriyanar Koil

Location and Place
Sooriyanar Temple is in East of Kumbakonam, Kumbakonam – Mayiladuthurai road. It is exactly 2Km to the north of Aduthurai and the temple is well connected from lower Anicut and Thiruppanandal.
All the Passengers have to alight at Thirumangalagudi Kaliamman Koil bus stop and walk for two for long north east to reach the temple.
This temple is in the banks of Cauvery in Thiruvidaimarudur Talulk which falls under Tanjore district known as Head Quarters of King Chola.
Rail Route : Piligrims have to get down at Aduthurai Railway Station and catch the bus bound for Lower Anicut to visit the temple.
Location:
Two kilometers north of Aaduthurai lies Suryanayanar Koil. It is situated on the road between Kumbakonam and Kadhiramangalam and 15 km to the east of Kumbakonam. There are two other holy places near Suryanar Koil – Thirumangalakudi and Kanjanur. Of the nine grahas, the primary position is given to Lord Surya which is why the first day of the week is said to be Sunday. The seven days of the week refer to the seven grahas, including the Sani Bhagawan.

Mode of Worship
Thirumangaladudi :

Sooriyanar Koil and Thirumanagalakudi are closely related. Navanayakars did their meditation and offered worship to pranavaradeshvarar and Mangalanayaki.

People who offer worship at Sooriyanar temple have to go to Thirumangaladudi to offer worship there. In early days both places were same and it was called ‘Argavamam’ before dividing. Both the temples have Erukan plant as ‘Thalavirukcha’

Thirumangalakudi Temple is a famous temple. Both Thirunavukkarasar and Thiruganasambandar had rendered songs of lord Siva. Mangalakudi, Mangala Vinayagar, Mangala Nayahar, MangalaNayaki and Mangala Theertham are five auspicious ones in Thirumangalakudi.
There is a marked difference of worshipping in this temple from other temples, one has to follow the custom of worshipping.

To offer worship at Sooriyanar Temple, one has to reach the Rajagopuram (Main Entrance) and more towards North where Pushkarani of temple is located. One can take bath in the tank or sprinkle holy water in the head as purification.

Next after the bath one has to offer prayers at the RajaGopuram before entering the temple. After entering the temple, one has to turn towards Southeren side where Koltheertha Vinayagar is placed. One has to do the Sankalpam and Archana as Hindus find Vinayagar as turnover of all obstacles.

After worshipping Vinayagar, one has to Climb steps to reach ‘Narthana Mandapam’ at Northern Side and then more towards ‘Sabanayakar Mandapam’ where one can offer prayers to ‘Urchava Moorthi’.

After Sabanayakar Mandapam one can reach ‘Main Mandapam’ and offer prayers to SriKasivisvanathar and Smt. Visalakshi.

Next to Main Mandapam, there is Maha Mandapam where Sannathi to Sun-God, there is Guru Bhavan(lord Jupitee) stands there. People do the Archana for Guru and offer prayers to lord Sun. One has to move South wards to come out of Sanctum to reach the lord Saturn (Sani). Lord Kuja, lord Mars are placed separately then more northwards to offer prayers to lord Moon and Kethu. Next movement would be towards west where lord Sukra and Raghu are placed. Finally one has to offer prayers to Sandikeswarar.

After finishing prayers at Sandikeswarar, one has to come clockwise to reach the vinayakar to give final prayers,After all the prayers are over, one would reach the ThothaSampatnam (flag post) and prostrate before it. Then nine rounds of the temple is a must. After nine rounds again one has to prostrate and mediatate on the nine planets for some times.
The eighth graha is Raaghu. Of the seven days in a week, 10 hours are reserved for Raaghu, i.e., one-and-a-half hours per day. This one-and-a-half hour is what we call as ‘Raaghu kalam’.
The ninth graha is called Kedhu. Like for Raaghu, the same amount of time is reserved for Kedhu also. These one-and-a-half hours is called ‘Yama kandam’.
Raaghu kalam and Yama kandam are believed to be inappropriate for performing auspicious deeds.

History:
Lord Siva, pleased with their devotion absolved them of their sins and decried that there will be nine sannadhis for the navagrahas in the Suryanar temple (this is the only temple where all the navagrahas are present with separate sannadhis) and those who pray here will get relief from their problems.

Those who suffer the ill effects of Kalathara Dosham, Vivaha Paribandha Dosham, Puthra Dosham, Puthra Paribandha Dosham, Vidhya Paribandha Dosham, Udyoga Padhibandha Dosham, Surya dasai, Surya bukthi would benefit from worshipping at this temple. Father, Athma, physical strength, right eye, governmental largesse are the beneficial aspects of this planet.

If one bathes in the nine ghats in this place continuously for 12 Sundays, they will be saved from sufferings and blessed with a happy and peaceful life.

Sree Surya Puranam When the world came into existence, the first sound that reverberated was ‘Ohm’. Surya was born from this ‘Omkara naadham’. Sree Markandeya Puranam has explained this factor. Suryan was the son of Sage Kashyap and was the grandson of Sage Maarisi. Surya married Soorvarsala, the daughter of Viswakarma. Vaivasvatha Manu and Yamadharmarajan were his sons and Yamuna, his daughter. It should be mentioned here that the chariot of Surya has only one wheel. It is drawn by seven horses in seven colors. Lord Surya, who is the chief of the grahams, appears with a lotus in his divine hands. Surya Bhagawan blesses his devotees with good health, fame and efficient management.

The presiding deities are Puranavaradheeswarar and his consort Mangalanayaki. Surya is the Lord of Simma Rasi and occupies the central place amongst the navagrahas. The adidevatha is Agni, prathyutha Devatha – Rudran. His color is red and his vahana is a chariot drawn by seven horses. The grain associated with his is wheat; the flower – lotus, yerukku; fabric – red clothes; gem – ruby; food – wheat, rava, chakkara pongal.Suryanaar Koyil was built by the Chola kings.

Build

Inscriptions from the period of Kulottunga Chola I (1075-1120) refer to this temple as the Kulottunga Chola Martanda Alayam. Kulottunga Chola is said to have had a good relationship with the Gahadwal dynasty of Kanauj (1090 – 1194), whose rulers were Sun worshippers, and hence Suryanar Koyil, is considered to be an expression of their influence in South India.

The temple the tower of the temple is 15.5 meter in height and consists of three tiers. At the top of the tower are five domes. To the north of the rajagopuram lies the sacred bathing ghat, called Surya Pushkarni. It is important to bathe in this ghat before offering worship at the temple. If not, one should at least sprinkle its water on one’s head.

Special features of the temple All the grahams face Surya Bhagawan in this temple. As soon as one enters the temple, there is a sacrificial platform (Bali peetam). To its east lies a mandap where one can see an idol of a horse. The Lord’s vehicle is the horse (vaahanam) which goes by the name ‘Saptha, meaning seven in Sanskrit. The one-wheeled chariot is drawn by seven horses.

Timing

According to Atharvana Veda, one who worships Surya Bhagawan will be relieved from diseases pertaining to the eyes and heart. This temple is open from 6 a.m. to 12.30 p.m. and 4 p.m. to 8 p.m. on all days.

Festivals

Requirements for worshipping the Lord Flower – Senthamarai (Red Lotus)
Samith (sacrificial fuel ) – Erukku ( madar plant )
Dhaniyam (grain) – Wheat
Vasthram – Lotus red
Neivedhyam – Sakkarai pongal

Ratha Saptami in the Tamil month of Thai, and the first Sundays in the months of Aavani (Leo) and Kartikai(Scorpio) and Vijaya Dasami are celebrated in this temple.

Mantra for Sun – Aum hrim hrim suriyaye namah Aum
Temple Timings – 6 A.M. to 12.30 P.M. and 4 P.M. to 8 P.M.

baby names

Baby Names

No Samskritam, Telugu, Kannada, Hindi, Gujarati, Marathi Tamil Malayalam First Letter of Baby’s Name
1 Aswini
???????
???????
Aswini
???????
Aswathi Chu, Che, Cho, La
??, ??, ??, ??
2 Bharani
????
????
Bharani
????
Bharani Lee, Lu, Le, Lo
??, ??, ??, ??
3 Krithika
?????????????
Karthigai
??????????
Kaarthika A, E, U, Ea
?, ?, ?, ?
4 Rohini
????????????
Rohini
??????
Rohini O, Va, Vi, Vu
?, ??, ??, ??
5 Mrigashiras
????????????????????
Mrigasheersham
????????????
Makeeryam We Wo, Ka, Ki
??, ??, ??, ??
6 Aardhra /Arudra (Telugu)
?????????????
Thiruvaathirai
??????????
Thiruvaathira Ku, Gha, Ing, chh
??, ?, ?, ?
7 Punarvasu
????????????????
Punarpoosam
??????????
Punartham Ke, Ko, Ha, Hi
??, ??, ??, ??
8 Pushyami
??????????
Poosam
?????
Pooyyam Hu, He, Ho, Da
??, ??, ??, ??
9 Ashlesha
?????????????
Aayilyam
????????
Aayilyam De, Du, De, Do
??, ??, ??, ??
10 Magha/Makha
??????
Makam
????
Makham Ma, Me, Mu, Me
??, ??, ??, ??
11 P.Phalguni/PoorvaPhalguni
/Pubba(Telugu)
????? ????????????? ???????
Pooram
?????
Pooram Mo, Ta, Ti, Tu
??, ??, ??, ??
12 U.Phalguni/Uthraphalguni
/Uttara(Telugu)
????? ????????????? ???????
Uthiram
????????
Uthram To, Pa, Pe, Pu
??, ??, ??, ??
13 Hastha
????????
Hastham
??????
Atham Pu, Sha, Na, Tha
??, ?, ?, ?
14 Chitra
???????????
Chithirai
????????
Chitra Pe, Po, Ra, Re
??, ??, ??, ??
15 Swaathi
????????????
Swaathi
??????
Chothi Ru, Re, Ro, Taa
??, ??, ??, ??
16 Vishaakha
???????????
Visaakam
???????
Visaakam Ti, TU, Tea To
??, ??, ??, ??
17 Anuraadha
?????????????
Anusham
??????
Anizham Na, Ne, Nu, Ne
??, ??, ??, ??
18 Jyeshta
???????????????
Kettai
??????
Thrikketta No, Ya Yi, Yu
??, ??, ??, ??
19 Moola
???????
Moolam
?????
Moolam Ye, Yo, Ba, Be
??, ??, ??, ??
20 P.Shada/Poorvashaada
????????????????????
Pooraadam
???????
Pooraadam Bhu, Dha, pha Dha
??, ??, ??, ??
21 U.Shada/Uthrashaada
????????????????????
Uthiraadam
??????????
Uthraadam Bhe, Bho, Ja, Ji
??, ??, ??, ??
22 Shraavan
??????????
Thiruvonam
?????????
Thiruvonam Ju/khi, Je/khu, Jo/khe, Gha/kho
??, ??, ??, ??
23 Dhanishta
?????????????
Avittam
????????
Avittam Ga, Gi, Gu, Ge
??, ??, ??, ??
24 Shathabhisha
???????????
Chathayam/Sadayam
?????
Chathayam Go, Sa, Si, Su
??, ??, ??, ??
25 P.Bhadra/Poorvabhadra
?????????????????????
Poorattathi
?????????
Poorattadhi Se, So, Da, Di
??, ??, ??, ??
26 U.Bhadra/Uthrabhadra
?????????????????????
Uthirattathi
????????????
Uthrattathi Du, tha, Jha, Da
??, ?, ?, ?
27 Revathi
??????????
Revathi
?????
Revathi De, Do, Cha, Chi
??, ??, ?, ??
Rasi  First Letter of Baby’s Name
Mesa A, L, E
(?, ?, ?)
Vrishabha Ba, Va, U
(?, ?, ?)
Mithuna Ka, Gha
(?, ?, ?)
Karka Da, Ha
(?, ?)
Simha Ma, Ta
(?, ?)
Kanya Pa, Tha
( ?, ?, ? )
Tula Ra, ta
(?, ?)
Vrischika na, ya
(?, ?)
Dhanu bha, dha, pha, dha,
(?, ?, ?, ?)
Makar kha, ja
(?, ?)
Kumbha ga, sa, sha, Sh
(?, ?, ?, ?)
Mina da, cha, tha, jha
(?, ?, ?, ?)