PHP 7.3 and 7.4 Woes and solution

So this weekend I have been doing some LibreNMS installs and have been having to change the default CentOS PHP version. If it is Centos7 PHP 7.3 is recommend and if it’s Centos 8 then PHP 7.4 is recommended. I have some pretty good tutorials on installing Librenms that I follow. They all mention the remi repository. However, on a few of these networks the remi repository has been unreachable. So I just can’t cut and paste from the tuorials I use.

So what is a person to do? Lots of mirrors are available at All you have to do is some substitution.

Done and Done. Hope this helps. You should be using mirrors anyway when it comes to remi. However, most tutorials reference remi because it’s easy.

Some WordPress tips

If you are wanting to force non SSL to SSL. Add the following to your site’s .htaccess file

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Set proper file permissions Script from

# This script configures WordPress file permissions based on recommendations
# from
# execute it with the following command:
# bash /var/www/<site_folder>
OWNER=apache # <-- wordpress owner
GROUP=www # <-- wordpress group
ROOT=$1 # <-- wordpress root directory
# reset to safe defaults
find ${ROOT} -exec chown ${OWNER}:${GROUP} {} \;
find ${ROOT} -type d -exec chmod 755 {} \;
find ${ROOT} -type f -exec chmod 644 {} \;
# allow wordpress to manage wp-config.php (but prevent world access)
chgrp ${GROUP} ${ROOT}/wp-config.php
chmod 660 ${ROOT}/wp-config.php
# allow wordpress to manage wp-content
find ${ROOT}/wp-content -exec chgrp ${GROUP} {} \;
find ${ROOT}/wp-content -type d -exec chmod 775 {} \;
find ${ROOT}/wp-content -type f -exec chmod 664 {} \;

Is your web-site running HTTPS? if not, it should

This content is for Patreon subscribers of the j2 blog. Please consider becoming a Patreon subscriber for as little as $1 a month. This helps to provide higher quality content, more podcasts, and other goodies on this blog.
To view this content, you must be a member of Justin Wilson's Patreon
Already a qualifying Patreon member? Refresh to access this content.

PHPIPAM upgrade 1.3.2 to 1.4 error and fix

Tonight I was upgrading PHPIPAM from version 1.3.2 to version 1.4 and ran into an issue.  After doing a git pull I logged into the web GUI and went to upgrade the database.  I receive the following error.

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'dbversion' in 'field list'

Since I run Webmin, I logged into Webmin and ran the following command on my database

alter table settings add column dbversion tinyint(1);

Once that was executed I was able to go back into the web GUI and upgrade the database.  I ended up with two theme errors which were easily fixed.

Everything you wanted to know about NTP

Network Time Protocol (NTP) is a service that can be used to synchronize time on network connected devices.   Before we dive into what NTP is, we need to understand why we need accurate time.

The obvious thing is network devices need an accurate clock.  Things like log files with the proper time stamp are important in troubleshooting.  Accurate timing also helps with security prevention measures.  Some attacks use vulnerabilities in time stamps to add in bad payloads or manipulate data. Some companies require accurate time stamps on files and transactions as well for compliance purposes.

So what are these Stratum levels I hear about?
NTP has several levels divided into stratum. All this is the distance from the reference clock source.  A clock which relays UTC (Coordinated Universal Time) that has little to no delay (we are talking nanoseconds) are Stratum-0 servers. These are not used on the network. These are usually atomic and GPS clocks.  A Stratum-0 server is connected to time servers or stratum-1 via GPS or a national time and frequency transmission.  A Stratum 1 device is a very accurate device and is not connected to a Stratum-0 clock over a network.  A Stratum-2 clock receives NTP packets from a Stratum-1 server, a Stratum-3 receives packets from a Stratum-2 server, and so on.  It’s all relative of where the NTP is in relationship to Stratum-1 servers.

Why are there levels?
The further you get away from Stratum-0 the more delay there is.  Things like jitter and network delays affect accuracy.  Most of us network engineers are concerned with milliseconds (ms) of latency.  Time servers are concerned with nanoseconds (ns). Even a server directly connected to a Stratum-0 reference will add 8-10 nanoseconds to UTC time.

My Mikrotik has an NTP server built in? Is that good enough?
This depends on what level of accuracy you want. Do you just need to make sure all of your routers have the same time? then synchronizing with an upstream time server is probably good enough. Having 5000 devices with the same time, AND not having to manually set them or keep them in sync manually is a huge deal.

Do you run a VOIP switch or need to be compliant when it comes to transactions on servers or need to be compliant with various things like Sox compliance you may need a more accurate time source.

What can I do for more accurate time?
Usually, a dedicated appliance is what many networks use.  These are purpose built hardware that receives a signal from GPS. the more accurate you need the time, the more expensive it will become.  Devices that need to be accurate to the nanosecond are usually more expensive than ones accurate to a microsecond.

If you google NTP Appliance you will get a bunch of results.  If you want to setp up from what you are doing currently you can look into these links:

How to Build a Stratum 1 NTP Server Using A Raspberry Pi


Building a Stratum 1 NTP Server with a Raspberry Pi


The importance of Network Monitoring Systems (NMS)

One of our open tickets on MidWest-IX is a member reporting slow speeds on their exchange port. After having them send us some data and a few e-mails back and forth we began looking at their switch port on the fabric.  Right away we noticed errors on the port. After a counter reset the errors were still incrementing

 19 runts  0 giants  1210 CRC  0 no buffer
 1329 input error  0 short frame  0 overrun  0 underrun  0 ignored

This led us to look at our LibreNMS data for this port.  A quick look shows on October 31st the port started seeing input errors.

By drilling down we are able to see exactly when this started happening

We now have responded to the customer to see if anything changed that day. Maybe a new switch, new optic, or software upgrade.  By having this data available in an NMS we were able to cut down on troubleshooting by a huge margin.  We now know when the issue started and are closer to the root cause of this.  Without this data, we would be spending more time trying to diagnose and track down issues.