How to Correct Server Time
The method you choose for correcting the time on your server depends on how far off the server's clock is. If the difference is small, use the first method. If the clock is significantly behind or ahead, it's better not to adjust it in a single step — it's safer to change the time gradually.
Configuration on Ubuntu/Debian Copy link
Quick Fix
To quickly change the time on the cloud server, use the ntpdate utility. You need sudo privileges to install it:
apt-get install ntpdateTo update the time once:
/usr/sbin/ntpdate 1.north-america.pool.ntp.orgHere, the NTP pool is the address of a trusted server used to synchronize the time. For the USA, you can use NTP servers from this page. You can find pool zones for other regions at ntppool.org.
You can also set up automatic time checks using cron:
crontab -e
00 1 * * * /usr/sbin/ntpdate 1.north-america.pool.ntp.org
This schedules synchronization once a day.
Instead of a set interval, you can specify a condition. For example, to synchronize the time on every server reboot using cron reboot:
crontab -e
@reboot /usr/sbin/ntpdate 1.north-america.pool.ntp.org
Gradual Correction
To update the time gradually, install the ntp utility on Ubuntu or Debian. It works as follows:
- The utility checks data from synchronization servers defined in the configuration.
- It calculates the difference between the current system time and the reference time.
- NTP gradually adjusts the system clock. This gradual correction helps avoid issues in other services caused by sudden time jumps.
Install NTP:
apt-get install ntpFor the utility to work correctly, configure it in the file /etc/ntp.conf. Add NTP servers like:
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org iburst
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
The iburst option improves accuracy by sending multiple packets at once instead of just one.
You can also set a preferred data source using the prefer option:
server 0.ubuntu.pool.ntp.org iburst preferAfter each configuration change, restart the utility:
/etc/init.d/ntp restartConfiguration on CentOS Copy link
The method choice rules are the same. If you need to correct a difference of a few seconds, the first method will do. For minutes or hours, the second method is better.
Quick Fix
To quickly adjust the time, use ntpdate. Install it with:
yum install ntpdateFor a one-time sync:
/usr/sbin/ntpdate 1.north-america.pool.ntp.orgUse Crontab to set automatic periodic synchronization. For daily sync:
crontab -e
00 1 * * * /usr/sbin/ntpdate 1.north-america.pool.ntp.org
To sync on boot instead of at regular intervals:
crontab -e
@reboot /usr/sbin/ntpdate 1.north-america.pool.ntp.org
Gradual Correction
To change the time on the server gradually, use ntp in CentOS. Install it:
yum install ntpEnable the service on startup:
chkconfig ntpd onIn the file /etc/ntp.conf, specify accurate time sources, for example:
server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org iburst
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org
The iburst parameter works the same as in Ubuntu/Debian — it improves accuracy by sending a burst of packets.
Restart the service after making changes:
/etc/init.d/ntp restartThen restart the daemon:
/etc/init.d/ntpd startAdditional Options Copy link
Time synchronization is usually done with the server closest to your server geographically. But in the configuration, you can specify the desired region directly in the subdomain. For example:
asia.pool.ntp.orgeurope.pool.ntp.org
Even if the NTP server is offline, it can still pass on system time. Just add this line:
server 127.127.1.0You can also restrict access for external clients. By default, these parameters are set:
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery
The options notrap, nomodify, nopeer, and noquery prevent changes to the server's configuration. KOD (kiss of death) adds another layer of protection: if a client sends requests too frequently, it receives a warning packet and then is blocked.
If you want to allow unrestricted access for the local host:
restrict 127.127.1.0To allow devices in a local network to sync with the server:
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrapAfter any changes, restart the service:
service restart ntpTo check the service’s operation, use the command:
ntpq -pIt will display a table showing the time source address, server stratum, last synchronization time, and other useful data.