Site for generating certificate: https://help.ubuntu.com/6.06/ubuntu/serverguide/C/httpd.html
SSL certificates: prove ID of the server; vouched for by CA (certificate authority); SSL is replaced by TLS-a newer improved protocol. SSL uses public key encryption to transfer key, then use that key for symmetric encryption.
Certificate also contain public key for the server. It use it for checking if verify by the CA.
how to:
sudo openssl req -x509 -nodes -days 90 -newkey rsa:1024 -keyout testcert.pem
testcert.pem: name of keyout put
country name: US, state: HI, locality: honolulu, organization: KCC, unit name: its344, common name (your servername: have to match in apache config file IMPORTANT): www.its344.edu (will be different depend), email address: nguyentd@hawaii.edu. There is your certififate: Need to add exception in order to work. Just self-sign
FOR THOSE WHOSE WITHOUT DNS SERVER:
cd /etc, more hosts, there is: www1.its344.edu, paste that in firefox, it will map to the ip address.
Wednesday, April 27, 2011
Setting up a Web Server
install apache2: sudo apt-get install apache2
Check the file in /etc/apache2
Check the file in /etc/apache2
Monday, April 25, 2011
Notes for Web server setup
/etc/apache2$ ls
etc/apache2$ ls sites-available/
ls sites-endabled/
sites-enabled2 ls
sudo /etc/apache2/sites-enabled$ ln -s /etc/apache2/sites-available/default default
/etc/apache2/sites-enabled file:
/etc/apache2$ : file contain global config: TTL etc.
4 option in the file:
StartServers 5: 5 processes running when server starts
MinSpareServers 5: always have at least 5 process
MaxSpareServers 10: so between 5 and 10 client request to server
MaxClients 150: max request from client
MaxRequestPerChild 0: how many different request crash. 0 mean unlimited
Can define where the log to be. Usually end up in /var/log
httpd.conf file: contain all the user configurations
NameVirtualHost 10.0.2.80
Listen 80: listen to port 80 at this localHost IP address
next section: nested in if-else module
there are 2 different type of virtualHost: <1>NameVirtualHost http://www.kcc.edu/; <2> VirtualHost 192.168.1.10: only gonna be 1 does not matter what server they looking for (recommended)
/etc/apache2$ ls: list file in that directory.
/etc/apache2$ more httpd.conf to check the infor on the web content. give two different file for 2 different server (multi homing).
ex:
outline from the DNS book (take a look at chapter 23 on web hosting). just change the name of the servername. This is where you save the certificate to.
ls mod-available/: to see module available
ls -l mods-enabled/: check enabled ssl.
ls -s: to link file to label.
etc/apache2$ ls sites-available/
ls sites-endabled/
sites-enabled2 ls
sudo /etc/apache2/sites-enabled$ ln -s /etc/apache2/sites-available/default default
/etc/apache2/sites-enabled file:
/etc/apache2$ : file contain global config: TTL etc.
4 option in the file:
StartServers 5: 5 processes running when server starts
MinSpareServers 5: always have at least 5 process
MaxSpareServers 10: so between 5 and 10 client request to server
MaxClients 150: max request from client
MaxRequestPerChild 0: how many different request crash. 0 mean unlimited
Can define where the log to be. Usually end up in /var/log
httpd.conf file: contain all the user configurations
NameVirtualHost 10.0.2.80
Listen 80: listen to port 80 at this localHost IP address
next section: nested in if-else module
there are 2 different type of virtualHost: <1>NameVirtualHost http://www.kcc.edu/; <2> VirtualHost 192.168.1.10: only gonna be 1 does not matter what server they looking for (recommended)
/etc/apache2$ ls: list file in that directory.
/etc/apache2$ more httpd.conf to check the infor on the web content. give two different file for 2 different server (multi homing).
ex:
outline from the DNS book (take a look at chapter 23 on web hosting). just change the name of the servername. This is where you save the certificate to.
ls mod-available/: to see module available
ls -l mods-enabled/: check enabled ssl.
ls -s: to link file to label.
Setting up Array 5 for my Server
-install mdadm tool: sudo apt-get install mdadm. Remeber to set postfig to local.
-Creating 4 Disks for array 5 level
VM ware: file>virtual media manager>new, then follow screen instruction. I chose 5 gb for size for my drive.
Add SCSI controller. then add 5 new drives i just created for to the controller.
Now, i need to check if the disks are properly install on my system: sudo fdisk -l | more. Result: 5 drives are unpartitioned.
now, i have to do: fdisk my 5 drive using command: sudo fdisk /dev/sdb (sdc, sde, sdd, sde, sdf) to partition my 5 drive.
follow screen instruction: n for create new partition>p for primary partition>choose 1 for drive number> then take the default for the first and last cylinders. Then t for chosing file system>fd (NOT "df") for auto Raid autodetect.
-Now my 5 drives are ready for the array
-creating array level 5 with 3 drives 1 hot spare
sudo mdadm --create /dev/md5 --level=5 --raid-devices=3 --spare-devices=1 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1now check if my array is running: cat /proc/mdstatit should be active.
-create mount point for array: mkdir /mnt/array5
-now i need to make sure my array is mounted by system everytime i reboot: add to the /etc/fstab/dev/md5 /mnt/array5 ext4 defaults 0 1
create the file system to assign for my array: sudo mkfs.ext4 /dev/md5
I think it's better to create label for my array so that the name of my array devices won't change due to the drive failure: sudo e2label /dev/md5 myarray5. then, i need to re-edit the /etc/fstab to change my label for array: change /dev/md5 to LABEL=myarray5 (that's all i have to change, keep the rest the same).
Now, i have to make sure after reboot, my array still there. to do this, use command: sudo mdadm --examine --scan. then copy the output from that command and paste it in /etc/mdadm/mdadm.conf file. then add: DEVICE /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 right above that output. (note, yours could be different).
Note: if you skip this one step, it will mess up your array after reboot. VERY IMPORTANT.
Now, all i need to do is mount my Raid Array sudo mount -a (-a mean mount all devices).
Reboot my server, and i see the array is mounted during start up.
Now that i know my array is set up properly, i need to check if the hot spare is working. i fail one drive using command: sudo mdadm /dev/md5 -f /dev/sdc1 (this will fail sdc1 drive in the array). To check, if the hot spare is taking over, check: /proc/mdstat using: more /proc/mdstat. i see my array is recovering. it take me appropriate 4 min to recover.
i go back to check my array, i see the /dev/sdc1(F) meaning failed drive. So i need to hot-remove the fail drive: sudo mdadm /dev/md5 --remove /dev/sdc1, then add the drive back to the array: sudo mdadm /dev/md5 --add /dev/sde1.
Now that the array is back to normal again with 3 disk and 1 hot spare. I know the next time 1 of the drives fail, my data will be saved because my hot-spare will take over the failed drive and save my life.
And i think this is the whole purpose of doing the array: to save your precious data from unexpected events.
Mission Accomplished.
thanks for viewing my blog.
-Creating 4 Disks for array 5 level
VM ware: file>virtual media manager>new, then follow screen instruction. I chose 5 gb for size for my drive.
Add SCSI controller. then add 5 new drives i just created for to the controller.
Now, i need to check if the disks are properly install on my system: sudo fdisk -l | more. Result: 5 drives are unpartitioned.
now, i have to do: fdisk my 5 drive using command: sudo fdisk /dev/sdb (sdc, sde, sdd, sde, sdf) to partition my 5 drive.
follow screen instruction: n for create new partition>p for primary partition>choose 1 for drive number> then take the default for the first and last cylinders. Then t for chosing file system>fd (NOT "df") for auto Raid autodetect.
-Now my 5 drives are ready for the array
-creating array level 5 with 3 drives 1 hot spare
sudo mdadm --create /dev/md5 --level=5 --raid-devices=3 --spare-devices=1 /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1now check if my array is running: cat /proc/mdstatit should be active.
-create mount point for array: mkdir /mnt/array5
-now i need to make sure my array is mounted by system everytime i reboot: add to the /etc/fstab/dev/md5 /mnt/array5 ext4 defaults 0 1
create the file system to assign for my array: sudo mkfs.ext4 /dev/md5
I think it's better to create label for my array so that the name of my array devices won't change due to the drive failure: sudo e2label /dev/md5 myarray5. then, i need to re-edit the /etc/fstab to change my label for array: change /dev/md5 to LABEL=myarray5 (that's all i have to change, keep the rest the same).
Now, i have to make sure after reboot, my array still there. to do this, use command: sudo mdadm --examine --scan. then copy the output from that command and paste it in /etc/mdadm/mdadm.conf file. then add: DEVICE /dev/sdb1 /dev/sdc1 /dev/sdd1 /dev/sde1 right above that output. (note, yours could be different).
Note: if you skip this one step, it will mess up your array after reboot. VERY IMPORTANT.
Now, all i need to do is mount my Raid Array sudo mount -a (-a mean mount all devices).
Reboot my server, and i see the array is mounted during start up.
Now that i know my array is set up properly, i need to check if the hot spare is working. i fail one drive using command: sudo mdadm /dev/md5 -f /dev/sdc1 (this will fail sdc1 drive in the array). To check, if the hot spare is taking over, check: /proc/mdstat using: more /proc/mdstat. i see my array is recovering. it take me appropriate 4 min to recover.
i go back to check my array, i see the /dev/sdc1(F) meaning failed drive. So i need to hot-remove the fail drive: sudo mdadm /dev/md5 --remove /dev/sdc1, then add the drive back to the array: sudo mdadm /dev/md5 --add /dev/sde1.
Now that the array is back to normal again with 3 disk and 1 hot spare. I know the next time 1 of the drives fail, my data will be saved because my hot-spare will take over the failed drive and save my life.
And i think this is the whole purpose of doing the array: to save your precious data from unexpected events.
Mission Accomplished.
thanks for viewing my blog.
DNS server setup continue....
OK, now i got my DNS server working for both forward and reverse lookups
The problem is in my rev. file. I went into the /etc/bind/conf.local file to change reverse lookup zone to 2.0.10 instead of 0.0.10. Then i changed "rev.0.0.10.in-addr.arpa" file to 2.0.10.in-addr.arpa" accordingly to match the path inside my conf.local file.
I restarted bind, then everything work fine.
The problem is in my rev. file. I went into the /etc/bind/conf.local file to change reverse lookup zone to 2.0.10 instead of 0.0.10. Then i changed "rev.0.0.10.in-addr.arpa" file to 2.0.10.in-addr.arpa" accordingly to match the path inside my conf.local file.
I restarted bind, then everything work fine.
Setting up DNS Server with BIND9
- have bind9 installed
-edit the /etc/network/interfaces: change dhcp to static IP
-make file backup for your configuration files: sudo cp /etc/bind/named.conf.local /etc/bind/named.conf.local.original sudo cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original-configure /etc/bind/named.conf.local file: adding the reverse and forward lookup zones references into that file.
-setting up the forward lookup zone in /etc/bind/named.conf.options file
-setting the reverse lookup zone in /etc/bind/named.conf.local file
-making new directory to contain the reverse and foreward "db" files: mkdir /etc/bind/zones-create files inside zone directory: thanhsite.com.db and rev.0.0.10.in-addr.arpa-restart bind9 using: sudo /etc/init.d/bind9 restart-After testing: forward is working, reverse not working. trying to figure out what is wrong........
-edit the /etc/network/interfaces: change dhcp to static IP
-make file backup for your configuration files: sudo cp /etc/bind/named.conf.local /etc/bind/named.conf.local.original sudo cp /etc/bind/named.conf.options /etc/bind/named.conf.options.original-configure /etc/bind/named.conf.local file: adding the reverse and forward lookup zones references into that file.
-setting up the forward lookup zone in /etc/bind/named.conf.options file
-setting the reverse lookup zone in /etc/bind/named.conf.local file
-making new directory to contain the reverse and foreward "db" files: mkdir /etc/bind/zones-create files inside zone directory: thanhsite.com.db and rev.0.0.10.in-addr.arpa-restart bind9 using: sudo /etc/init.d/bind9 restart-After testing: forward is working, reverse not working. trying to figure out what is wrong........
Continue Ubuntu Installation
OK, i had problem with my drive. Different drive letter. I tried to change it, but it did not solve the problem.
So, i got to reinstall and re-configure the whole thing. I did the exactly the same step as on previous blogs. This time it works without any problems that occured previously.
Post-reinstallation:
-update the system using sudo apt-get update
-update the system using sudo apt-get upgrade
-install X-Windows system using sudo apt-get install x-window-system-core and sudo apt-get install gnome-core
-take snapshot of the server OS.
Installation of bind9 and DNs utilities:
-Install Berkeley Internet Name Domain version 9 using sudo aptitude install bind9
-Install drill DNS utility program using sudo aptitude install ldnsutils
-Install dnswalk DNS utility program using sudo aptitude install dnswalk
My system is now up and running all fine.......
i will update if any problem occur later on....
NOTE: VM Virtual Box have bug, Need to REMOVE /etc/udev/rule-70.persistent file in order for network to be working.
So, i got to reinstall and re-configure the whole thing. I did the exactly the same step as on previous blogs. This time it works without any problems that occured previously.
Post-reinstallation:
-update the system using sudo apt-get update
-update the system using sudo apt-get upgrade
-install X-Windows system using sudo apt-get install x-window-system-core and sudo apt-get install gnome-core
-take snapshot of the server OS.
Installation of bind9 and DNs utilities:
-Install Berkeley Internet Name Domain version 9 using sudo aptitude install bind9
-Install drill DNS utility program using sudo aptitude install ldnsutils
-Install dnswalk DNS utility program using sudo aptitude install dnswalk
My system is now up and running all fine.......
i will update if any problem occur later on....
NOTE: VM Virtual Box have bug, Need to REMOVE /etc/udev/rule-70.persistent file in order for network to be working.
ubuntu sersver's installation documentation
creating image:
-Named it ubuntu Server
-choose Linux as OS
-choose memory size: 1024
-create hard disk
-choose dynamic (for me because it's faster. If choose fixed size: set it to 20gb)
-choose drive to save your image (your drive)
Configuring
-set time to hawaii and language to english
-no detect the keyboard layout
-No LVM
-creat user its344, set password: kcc!T$344
-don't encrypt home directory
-no http proxy
-no automatic update
-choose openSSH for server install
-install Grub boot loader
Post installation
-log in with username and pass created in previous step
-if successful, then shut down: shutdown -h
Then, Having problem with updating the system, error: not NIC detect. no connection.
Trying to figure out what's wrong with it .........................................
I'll let you guys know when i figure this out.
-Named it ubuntu Server
-choose Linux as OS
-choose memory size: 1024
-create hard disk
-choose dynamic (for me because it's faster. If choose fixed size: set it to 20gb)
-choose drive to save your image (your drive)
Configuring
-set time to hawaii and language to english
-no detect the keyboard layout
-No LVM
-creat user its344, set password: kcc!T$344
-don't encrypt home directory
-no http proxy
-no automatic update
-choose openSSH for server install
-install Grub boot loader
Post installation
-log in with username and pass created in previous step
-if successful, then shut down: shutdown -h
Then, Having problem with updating the system, error: not NIC detect. no connection.
Trying to figure out what's wrong with it .........................................
I'll let you guys know when i figure this out.
Subscribe to:
Posts (Atom)