Andoy lang's Blog

Have you installed a database server and wish you could have installed a web server and php on it to so that you can create your own script to manage the database?

Unfortunately, I came across that situation.

Installing new daemon/server into Linux is an easy task and you don’t have to restart your server.  This is a good news for you, that means no downtime for database server.

Let’s start with the installation.

1.  Install the Apache Server – Linux server will download some files to be installed and after installing the Apache server, apt-get will start it for you.

# apt-get install apache2

Now, you have a running web server.  To test your server:

• Apache – type into your URL “http://<Apache.Server.IP.Address>” and you should have

2.  Install PHP5 – Linux server will download all files needed to install PHP5 into your server then apt-get will restart the web server for you.

# apt-get install php5

If web server is not restarted, don’t worry about it for now coz, we have to install the PHP5 module for your web server.

3.  Install PHP5 module for Apache

# apt-get install libapache2-mod-php5

If your web server was not restarted, you have to restart it manually.

# /etc/init.d/apache2 restart

To test PHP5, create info.php to view the PHP5 configuration.

<?php
phpinfo();
?>

Check PHP5 configuration in your browser, type in “http://<Apache.Server.IP.Address>/info.php” and you should see the PHP5 configuration.

And… You’re done!

Have you encountered that your mounted nfs folder disappeared after the server reboot (for whatever reason)?

Very frustrating huh?!

I will show you how to mount and will not lose the connection.

Let’s check what are the shared folder exported from our NFS server.

# showmount -e <nfs.server.ip.address>
The program ‘showmount’ is currently not installed.  You can install it by typing:
apt-get install nfs-common
showmount: command not found

Arg!!! showmount is not installed.  Have to install it first using apt-get.

# apt-get install nfs-common

Now we can view the shared folder from our NFS server.

# showmount -e <nfs.server.ip.address>
Export list for <nfs.server.ip.address>:
/mnt/<shared_folder> <nfs.server.ip.address>/255.255.255.0

Let’s try to mount it to test if we will not encounter any problem in mounting the shared folder.

# mount <nfs.server.ip.address>:/mnt/<shared_folder> /home/<user>/<new_folder>

We can check the newly mounted share using df.

# df -k
Filesystem           1K-blocks      Used Available Use% Mounted on
/dev/sda3             48425796   3339580  42626264   8% /
udev                    509032       248    508784   1% /dev
none                    509032         0    509032   0% /dev/shm
none                    509032       112    508920   1% /var/run
none                    509032         0    509032   0% /var/lock
none                    509032         0    509032   0% /lib/init/rw
<raid.server.ip.address>:/mnt/<shared.folder> 511900416 139367936 346531840  29% /home/<user>/<new_folder>

Neat! It was mounted without any problem.

Mounting it without losing it on boot is not that hard.  We have to edit the /etc/fstab

# vi /etc/fstab

Add this line at the bottom the details that you saw when you viewed the shared folder from our NFS server (see above).

<raid.server.ip.address>:/mnt/<shared.folder>       /home/<user>/<new_folder>       nfs     rw  0       0

Reboot the server and watch the magic as it happens.

Check the mounted shared folder using df.

Neat!

Ola amigos y amigas

Just finished everything from Alfresco with CIFS a few days ago.  I have to test everything from start to simulate all the changes that I made is working properly.

Reboot the server.

Check the Alfresco in my browser.  It’s not working, expected result.

But, I want my Alfresco to start at boot so that I don’t have to manually start it everytime I boot my server.

Let’s see…

I need to add alfresco script to start-up application.

# cd /opt/alfresco/33G
# update-rc.d alfresco.sh defaults
update-rc.d: warning: /etc/init.d/alfresco.sh missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
Adding system startup for /etc/init.d/alfresco.sh …
/etc/rc0.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc1.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc6.d/K20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc2.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc3.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc4.d/S20alfresco.sh -> ../init.d/alfresco.sh
/etc/rc5.d/S20alfresco.sh -> ../init.d/alfresco.sh
#

Reboot the machine again.  Now, Alfresco started.  Nice!

Tried Alfresco in Windows Explorer.  No dice.

Just remembered that I have to run the iptables again.  Argg!

I need to create the iptables script and execute it on boot like alfresco script.

# cd /etc/init.d
# vi alfresco.iptables

Put in the iptables commands

#!/bin/bash
# Flash all IPTables rule
iptables -F
iptables -t nat -F

# Accept all INPUT, Forward and Output
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT

# IPTables forwarding samba port to Alfresco
iptables -A INPUT -p udp -m state –state NEW –dport 137 -j ACCEPT
iptables -A INPUT -p udp -m state –state NEW –dport 138 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW –dport 139 -j ACCEPT
iptables -A INPUT -p tcp -m state –state NEW –dport 445 -j ACCEPT

#IPTables for Alfresco
iptables -t nat -A PREROUTING -p udp –dport 137 -j REDIRECT –to-ports 1137
iptables -t nat -A PREROUTING -p udp –dport 138 -j REDIRECT –to-ports 1138
iptables -t nat -A PREROUTING -p tcp –dport 139 -j REDIRECT –to-ports 1139
iptables -t nat -A PREROUTING -p tcp –dport 445 -j REDIRECT –to-ports 1445

Make it executable and run update-rc.d again.

# chmod 755 alfresco.iptables
# update-rc.d alfresco.iptables defaults
update-rc.d: warning: /etc/init.d/alfresco.iptables missing LSB information
update-rc.d: see <http://wiki.debian.org/LSBInitScripts>
Adding system startup for /etc/init.d/alfresco.iptables …
/etc/rc0.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc1.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc6.d/K20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc2.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc3.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc4.d/S20alfresco.sh -> ../init.d/alfresco.iptables
/etc/rc5.d/S20alfresco.sh -> ../init.d/alfresco.iptables
#

Reboot Alfresco Server again.

Test Alfresco.

Isn’t it nice when your application runs perfectyly

Typical office set-up always have an internet connection.  Even stores have one and they are fast!  Thanks to wireless internet.  But, in a office of 30 or more employees with 1MBPS connection, you will have a different experience.  That’s because some of your users are downloading mp3′s, movies, etc while working.  Those downloads will slow down your internet not to mention the internet advertisement being displayed in most of the website that your users visited.

Hit google and research! <ding!> I found a solution – Proxy Server. Proxy’s main function is to cache the most visited web sites.  But wait, proxy is not only to cache most visited websites, it can do filtering too.

Did I say filtering?  Yes, you’re right filtering.  I know, most of users will hate you for doing this.  They’ll feel that they’re being suppressed of right to access the internet and everything.  Ha! ha! ha! I know I’ve been in your shoes.

But, What can you do? Your network is slowing down and you need to speed up the sending/receiving of email, the important websites for research.  Managers needs to communicate and do research.  Besides, the company needs to make money, right?  Otherwise, the company cannot pay your salaries, bla bla bla.

As the System or Network Administrator you need to speed up the internet connection without increasing the bandwidth ‘coz bigger bandwidth costs money.

It’s time to install SQUID proxy server!

There are number of proxy server on the internet why squid? Squid has been around for years and it’s stable and fast but most of all you can configure it according to your need. (whisper:  most important, it’s my personal favorite!)

Let’s dig in into business.

Below is the basic configuration to run squid proxy but, we are not interested in that configuration, we are more interested in filtering  of websites and internet advertisement, slowing down downloads and stuff.

#General Setup

acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY
http_port 3128 transparent
icp_port  0
request_body_max_size 10240 KB
cache_mem 64 MB
cache_replacement_policy heap LFUDA
cache_dir ufs /opt/squid/cache 6000 16 256
access_log /var/log/squid/access.log squid

#Replace “server_hostname” with the hostname of your Ubuntu machine
visible_hostname <server name>

refresh_pattern -i .deb$ 0 50% 28800
refresh_pattern -i .rpm$ 0 50% 28800
refresh_pattern -i .tgz$ 0 50% 28800
refresh_pattern -i .exe$ 0 50% 28800
refresh_pattern -i .cab$ 0 50% 28800
refresh_pattern -i .zip$ 0 50% 28800
refresh_pattern -i .rar$ 0 50% 28800
refresh_pattern -i .arj$ 0 50% 28800
refresh_pattern -i .jpg$ 0 50% 28800
refresh_pattern -i .gif$ 0 50% 28800
refresh_pattern -i .bmp$ 0 50% 28800
refresh_pattern -i .mov$ 0 50% 28800
refresh_pattern -i .avi$ 0 50% 28800
refresh_pattern -i .mpg$ 0 50% 28800
refresh_pattern -i .mpeg$ 0 50% 28800
refresh_pattern -i .wmv$ 0 50% 28800
refresh_pattern -i .mp3$ 0 50% 28800
refresh_pattern -i .wav$ 0 50% 28800
refresh_pattern -i .bin$ 0 50% 129600

# caching TTL and DNS
negative_ttl 1 minutes
positive_dns_ttl 15 hours
negative_dns_ttl 1 minutes
half_closed_clients off

acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE

Now that you have the basic configuration we will add the Access Lists.

You have to define your IP networks

acl Servers src 192.168.1.0/24
acl Production src 192.168.2.0/24
acl back-office src 192.168.3.0/24
acl sales src 192.168.4.0/24
acl Management src 192.168.5.0/24

Define the web sites that you want to deny and give full speed and most important slow down the downloads.

acl fullspeed dstdomain “/etc/squid/fullspeed.dat”
acl DeniedSites dstdomain “/etc/squid/deniedsites.dat”
acl slow_it_down url_regex -i “/etc/squid/slow_this_down”

Access Lists for ftp

# acl www_ports src 80 443
acl ftp_ports src 21
acl localhost src 127.0.0.1/32
acl manager proto cache_object
acl CONNECT method CONNECT
acl PURGE method PURGE

Define who can and don’t access the internet

http_access allow manager localhost our_network
http_access allow manager localhost
http_access allow servers back-office sales management
http_access allow PURGE
http_access allow localhost
http_access deny manager
http_access deny PURGE
http_access deny DeniedSites

Define the FTP account for anonymous FTP download.  Change domain for your domain name

ftp_user Squid@<domain>.com
ftp_passive off

Now, for serious stuff.

We don’t want to delay our Servers and management’s traffic.  Don’t forget to include your IP Address.

delay_parameters -1/-1 means that they have no limit in using the internet.  That includes you

delay_class 1 2
delay_parameters 1 -1/-1 -1/-1
delay_access 1 allow cubic-server fullspeed management networkadmin

For the Second delay pool.
we want to delay downloading files mentioned in slow_it_down.

The numbers here are values in bytes;

40000/500000 = 40 kbps download speed and 25 MB bucket for the network
15000/250000 = 15kbps download speed with 25 MB bucket for each user

after downloaded files exceed about 250000 bytes, they will continue to download at about 5000 bytes/s

delay_class 2 2
delay_parameters 2 40000/500000 15000/250000
delay_access 2 allow slow_it_down production back-office sales

That’s it.  Reload squid’s configuration.

# service squid reload

or

# /etc/init.d/squid reload

After configuring your proxy, it’s time to define the denied websites, etc.

create a file named deniedsites in /etc/squid

# vi /etc/squid/deniedsites

and add the sites that you want to deny.

.youtube.com
.facebook.com
.friendster.com
.video.msn.com
.megavideo.com
.doubleclick.net
.bannerconnect.net
.ads.clicksor.com
.ads.overclock.net
.ads.ozonemedia.co.in
.statcounter.com
.207.net
.2mdn.net
.advertising.com
.atdmt.com
.atwola.com
.intellitxt.com
.kanoodle.com
c.live.com
.msads.net
.ads1.msn.com
.rad.msn.com
c.msn.com
.pointroll.com
.revsci.net
.llnwd.net
.ugamsolutions.com
.zedo.com
sg.adserver.yahoo.com
pagead2.googlesyndication.com
.blip.tv
.dailymotion.com

Wait a minute.  Did I just include youtube, facebook and friendster?  Now, that’s a serious problem.  I will have a lot of question from the users.  Yes, you will hehehe and be ready to answer all of them or send out an IT Advisory that the company’s internet is slowing down bla bla bla.  You need to be creative on this

The rests are internet advertising sites.

As for downloading of files, you have to define the extension name of the files that you want to slow down.

.ftp
.mp3
.vqf
.rpm
.zip
.avi
.mpeg
.mpe
.mpg
.qt
.ram
.rm
.raw
.wav
.mov

Now, define the web sites that can be downloaded very fast

.google.com
.yahoo.com
.<your domain>.com

NOTE:  Be on guard always, users might get back on you on what you’ve done on the internet hehehe