Mar 30 2006
Installation of Centos-3 for a Home Server.
First download the ISO’s from the centos website.
http://isoredirect.centos.org/centos/3/isos/i386/
Once downloaded use your CD burner and burn the ISO image onto a CD
Have your disks ready and don’t scratch them
Continua”Part 1 Installation of Centos-3 for a Home Server. The Install day”
Comments Off
Mar 21 2006
This type of backup is for someone who has no access to a remote backup server but wants to backup a directory
and be able to recover files.
As an example we have programmers at work that work on our website.
the files are inside the /etc/www/htdocs folder on our server.
A week ago one of the guys at work changed a file called upload.php and we needed an old copy. I had to contact our hosting provider and request a backup.
Comments Off
Mar 17 2006
[code lang="html"]
1. Installing Tomcat 5 on Linux
Download the latest Tomcat binary from the Tomcat 5 section of http://jakarta.apache.org/site/binindex.cgi. Currently, Tomcat 5.0.28 is the latest.
Install Tomcat by unzipping/untaring the download file and placing in the desired directory (I used /usr/local)
cd /usr/local
tar zxf ./jakarta-tomcat-5.0.28.tar.gz
Note the location of your Tomcat installation - we will refer to this as $CATALINA_HOME
Optionally, save time on typing by creating a symbolic link like this:
ln -s jakarta-tomcat-5.0.28 tomcat5
2. Configuring Tomcat 5 for SSL (with keytool)
Skip this step if you want to generate certificates with OpenSSL.
If you are using Java 1.3.x, download the latest Java Secure Sockets Extension (JSSE) 1.0.2 at http://java.sun.com/products/jsse/
Install JSSE by unpacking it into the desired directory
Copy jcert.jar, jnet.jar and jsse.jar to $JAVA_HOME/jre/lib/ext
cd jsse1.0.2/lib
cp *.jar $JAVA_HOME/jre/lib/ext
Add the bin directory of the JSSE installation to your $PATH:
export PATH=$PATH:/usr/local/jsse1.0.2/bin
Generate a certificate:
cd jsse1.0.2/bin
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/keystore -storepass mysecretpass
Set the -keystore parameter to wherever you want the generated keys to be stored. Set the -storepass to whatever password you want. When prompted, provide the other requested info (name, company, location, etc.).
Edit $CATALINA_HOME/conf/server.xml and undefine the SSL connector:
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="JKS"
keystoreFile="/etc/.keystore" keystorePass="mysecretpass"/>
Set port and the other parameters as desired. Note that if you change the port you should also change the “redirect” parameter for the non-HTTPS connector to the same value. In the Factory tag, set keystoreFile to point to the location where you placed the keystore. You’ll need to set keystorePass if you changed the password from the default of “changeit” to something else.
The “keystoreType” attribute is set to JKS for “Java Keystore”: the format produced by Java’s keytool.
3. Building OpenSSL on Linux
Download the latest OpenSSL distribution from http://www.openssl.org/source/. As of this writing, the latest version is 0.9.7e.
Unpack the distribution
tar zxvf openssl-0.9.7e.tar.gz
Configure OpenSSL
cd openssl-0.9.7e
./config -fPIC –prefix=/usr –openssldir=/usr/openssl
If you omit the –prefix and –openssldir parameters, openssl will install into /usr/local/openssl.
Compile OpenSSL
make
make test
The “make test” step is optional, but useful to make sure all works as it is supposed to.
Install OpenSSL
make install
4. Configuring Tomcat 5 for SSL (with OpenSSL)
Skip this step if you want to generate certificates with Java’s keytool.
Generate an RSA key for signing the certificate:
openssl genrsa -out mykey.pem 2048
Generate a certificate using the new key:
openssl req -new -x509 -key mykey.pem -out mycert.pem -days 365
Enter your name, organization name and address as prompted.
In this example, we’ve created a key file, mykey.pem, and a self-signed certificate. Normally, you want a certificate from a “certificate authority” or CA. Using a self-signed certificate IS NOT FOR PRODUCTION!
Since the certificate is in PEM format, convert it to PKCS12 for Tomcat:
openssl pkcs12 -export -in mycert.pem -inkey mykey.pem -out mycert.p12 -name tomcat
You MUST specify an export password! Tomcat expects one.
Edit $CATALINA_HOME/conf/server.xml and undefine the SSL connector:
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12"
keystoreFile="/opt/openssl/mycert.p12" keystorePass="mysecretpass"/>
Set port and the other parameters as desired. Note that if you change the port you should also change the “redirect” parameter for the non-HTTPS connector to the same value. In the Factory tag, set keystoreFile to point to the location where you placed the keystore. You’ll need to set keystorePass if you changed the password from the default of “changeit” to something else.
The “keystoreType” attribute must be set to PKCS12.
5. Testing
Start Tomcat:
cd $CATALINA_HOME/bin
catalina.sh start
Point your browser to the http://localhost:8443 (or whatever port you choose). If everything works right, you’ll get prompted to accept the certificate and you should see the Tomcat splash page.
[/code]
Comments Off
Mar 07 2006
This is a guide to basic, and not so basic troubleshooting and
debugging on linux systems. Goals include description
and usage of common tools, how to find information, and
what to do with that information. Emphasis will be on
software issues, but might include hardware as well.
Comments Off
Mar 07 2006
[code lang="html"]
What is Apache?
A HyperText Transfer Protocol (HTTP) server process. HTTP/1.1 Compliant.
The most popular freely available Web server which can also act a caching proxy server allowing access to the Internet from behind a firewall.
Apache has been developed as a modular product such that only those modules required need to be included.
The server can be either run as a daemon process or invoked by inetd each time a connection to the HTTP service is requested.
Apache can be configured to run multiple servers to spread its processing load, with the number of servers being dependant on the expected hit rate.
Apache is distributed in source code format, however binaries are available for many common Unix variants.
Versions tested: Apache 1.3.3, 1.2.4, 1.2b4, 1.1.1
Server platform tested: Solaris 2.6, 2.5.1 for x86
--------------------------------------------------------------------------------
Example configuration sections
Restrict access to internal access only
order deny,allow
deny from all
allow from ‘your domain name here’
Restrict access based on passwords
AuthType Basic
AuthName ‘name of authorised group here’
AuthGroupFile ‘location of group file’
AuthUserFile ‘location of password file here’
order deny,allow
deny from all
allow from ‘your domain name here’
require group ‘name of authorised group here’
Restrict access based on either passwords or internal access
AuthType Basic
AuthName ‘name of authorised group here’
AuthGroupFile ‘location of group file’
AuthUserFile ‘location of password file here’
order deny,allow
deny from all
allow from ‘your domain name here’
require group ‘name of authorised group here’
satisfy any
Restrict access to external locations
order deny,allow
deny from all
Disable directory listings of those directories not containing a Directory Index file at the server level, but allow directory listings on specific directories.
Options FollowSymLinks
Options +Indexes
Forward all URL requests to a remote server, for example to access its cache manager. As only http proxy request are currently supported, none http requests (eg., ftp) will be encapsulated as http proxy requests.
ProxyRemote * http://’Remote server here’:'Remote port here’
——————————————————————————–
Tips & Tricks
In order to speed up handling of requests the number of directories through which Apache has to search for .htaccess files should be minimised. Searching starts from the root directory downwards. Therefore the AllowOverride option should be turned off at the root directory and only turned on at the directory level required.
AllowOverride None
AllowOverride All
The modules which are included in a particular Apache executable can be determined by use of the -l option.
httpd -l
To enable the server to display current details about how well it is performing and what it is doing, the status module must be included. This is achieved by ensuring the following lines in the file ‘Configuration’ are uncommented prior to compiling the source code
Rule STATUS=yes
Module status_module mod_status.o
and by the addition of lines similar to the following in the configuration file ‘access.conf’, which allows access to the URL http://’your server name here’/server-status from your domain only
SetHandler server-status
order deny,allow
deny from all
allow from ‘your domain name here’
To enable the server to display its current configuration informtion and all included modules, the info module must be included. This is achieved by ensuring the following lines in the file ‘Configuration’ are uncommented prior to compiling the source code
Module info_module mod_info.o
and by the addition of lines similar to the following in the configuration file ‘access.conf’, which allows access to the URL http://’your server name here’/server-info from your domain only
SetHandler server-info
order deny,allow
deny from all
allow from ‘your domain name here’
[/code]
Comments Off
Mar 03 2006
Greetings fellow penguincares reader.
I am going to show you a way to make your existing apache server a bit faster
if your site runs php code this will help your server run faster and make your users happier.
A little background for you:
I run penguincares from a residential dsl line and a simple
IBM netvista Pentium 500 with 300 megs of ram.
Penguincares is not a high end server just a lowly home server.
Still I want to be able to server pages fast and so
far it works fine but I want to tweak apache variables to
speed up the process of certain pages.
The most popular part of this site is my blog at
http://penguincares.no-ip.org:9090/mylinuxtips
the blog is run using WordPress and uses PHP .
I came across ioncube’s php accelerator so I will give it a try.
if you follow this instructions you will be able to install it on your own
site.
Continua”Serve PHP Pages faster using Ioncube PHP Accelerator.”
Comments Off
