UnixServerAdmin

Server Administration & Management

tomcat_httpsd.conf_virtual-hosting-Secure for Java + PHP

We can run java and PHP based websites on same servers using SSL Certificate,
Here are six websites, inwhich four are based on Java and two are based on PHP

1. https://revenue.unixserveradmin.com – Java
2. https://revenue.unixserveradmin.com – Java
3. https://revenue.unixserveradmin.com – Java
4. https://revenue.unixserveradmin.com – Java
5. https://noc.unixserveradmin.com – PHP
6. https://online.unixserveradmin.com – PHP

# vim /etc/httpd/conf/httpd.conf

Line No. 201 to 212

#############################################################
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /etc/httpd/conf/worker.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
JkLogStampFormat “[%a %b %d %H:%M:%S %Y] ”
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat “%w %V %T”
JkEnvVar SSL_CLIENT_V_START
JkMount /revenue* tomcat1
JkMount /mis* tomcat2
JkMount /sms* tomcat3
JkMount /sla* tomcat4

#############################################################
For Java Hosting
#############################################################

NameVirtualHost *:443

<VirtualHost *:443>
ServerAdmin info@unixserveradmin.com
ServerName revenue.unixserveradmin.com
ServerAlias http://www.revenue.unixserveradmin.com
RewriteEngine On
RewriteLog logs/apache-mod_rewrite
RewriteRule ^/(.*)$ /revenue/$1[L,PT]
JkMount /* tomcat1
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log commo
SSLEngine on
SSLCertificateFile  /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile  /etc/pki/tls/private/localhost.key
SSLCertificateChainFile  /etc/pki/tls/certs/ca-bundle.crt
</VirtualHost>

<VirtualHost *:443>
ServerAdmin info@unixserveradmin.com
ServerName mis.unixserveradmin.com
ServerAlias http://www.mis.unixserveradmin.com
RewriteEngine On
RewriteLog logs/apache-mod_rewrite
RewriteRule ^/(.*)$ /mis/$1[L,PT]
JkMount /* tomcat2
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
SSLEngine on
SSLCertificateFile  /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile  /etc/pki/tls/private/localhost.key
SSLCertificateChainFile  /etc/pki/tls/certs/ca-bundle.crt
</VirtualHost>

<VirtualHost *:443>
ServerAdmin info@unixserveradmin.com
ServerName sms.unixserveradmin.com
ServerAlias http://www.sms.unixserveradmin.com
RewriteEngine On
RewriteLog logs/apache-mod_rewrite
RewriteRule ^/(.*)$ /sms/$1[L,PT]
JkMount /* tomcat3
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
SSLEngine on
SSLCertificateFile  /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile  /etc/pki/tls/private/localhost.key
SSLCertificateChainFile  /etc/pki/tls/certs/ca-bundle.crt
</VirtualHost>

<VirtualHost *:443>
ServerAdmin info@unixserveradmin.com
ServerName sla.unixserveradmin.com
ServerAlias http://www.sla.unixserveradmin.com
RewriteEngine On
RewriteLog logs/apache-mod_rewrite
RewriteRule ^/(.*)$ /sms/$1[L,PT]
JkMount /* tomcat4
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
SSLEngine on
SSLCertificateFile  /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile  /etc/pki/tls/private/localhost.key
SSLCertificateChainFile  /etc/pki/tls/certs/ca-bundle.crt
</VirtualHost>

#############################################################
For PHP Hosting
#############################################################

<VirtualHost *:443>
ServerAdmin info@unixserveradmin.com
DocumentRoot /var/www/html/noc/
ServerName noc.unixserveradmin.com
ServerAlias http://www.noc.unixserveradmin.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
SSLEngine on
SSLCertificateFile  /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile  /etc/pki/tls/private/localhost.key
SSLCertificateChainFile  /etc/pki/tls/certs/ca-bundle.crt
</VirtualHost>

<VirtualHost *:443>
ServerAdmin info@unixserveradmin.com
DocumentRoot /var/www/html/online/
ServerName online.unixserveradmin.com
ServerAlias http://www.online.unixserveradmin.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
SSLEngine on
SSLCertificateFile  /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile  /etc/pki/tls/private/localhost.key
SSLCertificateChainFile  /etc/pki/tls/certs/ca-bundle.crt
</VirtualHost>

#############################################################

Advertisements

April 10, 2014 Posted by | Apache, Tomcat | , | Leave a comment

tomcat_httpd.conf_virtual-hosting for Java + PHP

We can run java and PHP based websites on same servers, Here are six websites, in which four are based on Java and two are based on PHP

1. http://revenue.unixserveradmin.com – Java
2. http://revenue.unixserveradmin.com – Java
3. http://revenue.unixserveradmin.com – Java
4. http://revenue.unixserveradmin.com – Java
5. http://noc.unixserveradmin.com – PHP
6. http://online.unixserveradmin.com – PHP

# vim /etc/httpd/conf/httpd.conf

Line No. 201 to 212

#############################################################
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /etc/httpd/conf/worker.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
JkLogStampFormat “[%a %b %d %H:%M:%S %Y] ”
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat “%w %V %T”
JkEnvVar SSL_CLIENT_V_START
JkMount /revenue* tomcat1
JkMount /mis* tomcat2
JkMount /sms* tomcat3
JkMount /sla* tomcat4

#############################################################
For Java Hosting
#############################################################

Listen 80
NameVirtualHost *:80

<VirtualHost *:80>
ServerAdmin info@unixserveradmin.com
ServerName revenue.unixserveradmin.com
ServerAlias http://www.revenue.unixserveradmin.com
RewriteEngine On
RewriteLog logs/apache-mod_rewrite
RewriteRule ^/(.*)$ /revenue/$1[L,PT]
JkMount /* tomcat1
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

<VirtualHost *:80>
ServerAdmin info@unixserveradmin.com
ServerName mis.unixserveradmin.com
ServerAlias http://www.mis.unixserveradmin.com
RewriteEngine On
RewriteLog logs/apache-mod_rewrite
RewriteRule ^/(.*)$ /mis/$1[L,PT]
JkMount /* tomcat2
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

<VirtualHost *:80>
ServerAdmin info@unixserveradmin.com
ServerName sms.unixserveradmin.com
ServerAlias http://www.sms.unixserveradmin.com
RewriteEngine On
RewriteLog logs/apache-mod_rewrite
RewriteRule ^/(.*)$ /sms/$1[L,PT]
JkMount /* tomcat3
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

<VirtualHost *:80>
ServerAdmin info@unixserveradmin.com
ServerName sla.unixserveradmin.com
ServerAlias http://www.sla.unixserveradmin.com
RewriteEngine On
RewriteLog logs/apache-mod_rewrite
RewriteRule ^/(.*)$ /sms/$1[L,PT]
JkMount /* tomcat4
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

#############################################################
For PHP Hosting
#############################################################

<VirtualHost *:80>
ServerAdmin info@unixserveradmin.com
DocumentRoot /var/www/html/noc/
ServerName noc.unixserveradmin.com
ServerAlias http://www.noc.unixserveradmin.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

<VirtualHost *:80>
ServerAdmin info@unixserveradmin.com
DocumentRoot /var/www/html/online/
ServerName online.unixserveradmin.com
ServerAlias http://www.online.unixserveradmin.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
</VirtualHost>

#############################################################

March 30, 2014 Posted by | Apache, Tomcat | , | Leave a comment

worker.properties_virtual-hosting

##############################################################
# workers to contact, that’s what you have in your httpd.conf
# here are four different tomcat server, running on different ports
# tomcat1 for revenue portal
# tomcat2 for mis portal
# tomcat3 for sms portal
# tomcat for sla portal
##############################################################

worker.list=tomcat1, tomcat2, tomcat3, tomcat4

# setup tomcat1
worker.tomcat1.port=8009
worker.tomcat1.host=localhost
worker.tomcat1.type=ajp13

# setup tomcat2
worker.tomcat2.port=8109
worker.tomcat2.host=localhost
worker.tomcat2.type=ajp13

# setup tomcat3
worker.tomcat3.port=8209
worker.tomcat3.host=localhost
worker.tomcat3.type=ajp13

# setup tomcat4
worker.tomcat4.port=8309
worker.tomcat4.host=localhost
worker.tomcat4.type=ajp13
##############################################################

# worker.list –> Describe the workers that are available to Apache via a list
# ajp13 –> This type of worker represents a running Tomcat instance

March 20, 2014 Posted by | Apache, Tomcat | , | Leave a comment

How to Enable Secure SSL Protocol

A man-in-the-middle attacker can force the communication to a less secure level and then attempt to break the weak encryption. The attacker can also truncate encrypted messages. Because sometimes Servers use SSLv2 protocol with low encryption ciphers. There are known flaws in the SSLv2 protocol.  These flaws have been fixed in SSLv3 (or TLSv1). SSLv2 should be disabled and MEDIUM or HIGH encryption ciphers must be used. SSLV3 should be used instead of SSLv2.

# vim /etc/httpd/conf.d/ssl.conf

Remove or Comment on Following Lines

Line No. 93 :-  SSLProtocol all -SSLv2
Line No. 98 :-  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Add Following Line

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNull:!ADH:!eNULL:!LOW:!EXP:!RC4+RSA:+HIGH:+MEDIUM

# /etc/init.d/httpd restart

# chkconfig httpd on

September 20, 2013 Posted by | Apache, Security | , , | Leave a comment

Service httpd status: httpd dead but subsys locked, but pid exists

I have an apache server acting as a reverse proxy for serveral websites, (which you should see that it is up and running). However, when I check the status of the apache service, I get this:

# service httpd status
httpd dead but subsys locked

================== Method-1 ==================

So I lookup the locked PIDs of apache and get:

# ipcs -s | grep apache
0x00000000 98306 apache 600 1
0x00000000 131075 apache 600 1
0x00000000 163844 apache 600 1

So I delete these resources:

# ipcs -s | grep apache | perl -e ‘while (<STDIN>) { @a=split(/\s+/);print `ipcrm sem $a[1]`}’
resource(s) deleted
resource(s) deleted
resource(s) deleted

and I delete the lock from the subsys folder:

# cd /var/lock/subsys
# rm httpd

and start apache:

# service httpd restart
Starting httpd: [ OK ]

================== Method-2 ==================

If the above is not fixing then try the following.

comment out the following module in your httpd.conf and restart apache

# vim /etc/httpd/conf/httpd.conf
LoadModule unique_id_module modules/mod_unique_id.so

# /etc/init.d/httpd restart

April 27, 2013 Posted by | Apache, Tips & Tricks | , | Leave a comment

How to rotate apache logs

/var/log/httpd/access_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 100K
}

/var/log/httpd/dummy-host.example.com-access_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 10M
}

/var/log/httpd/dummy-host.example.com-error_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 100K
}

/var/log/httpd/error_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 5K
}

/var/log/httpd/mod_jk.log.* {
compress
copytruncate
create 644 root root
rotate 30
size 5M
}

/var/log/httpd/ssl_access_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 10K
}

/var/log/httpd/ssl_error_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 10K
}

/var/log/httpd/ssl_request_log.* {
compress
copytruncate
create 644 root root
rotate 30
size 10K
}

daily :- rotates the catalina.out daily
rotate 7 :- keeps at most 7 log files
compress :- compresses the rotated files
size 10M :- rotates if the size of logs are bigger than 10M
copytruncate :- Truncate the original log file in place after creating a copy, instead of moving the old log file and optionally creating a new one, It can be used when some program can not be told to close its logfile and thus might continue writing (appending) to the previous log file forever. Note that there is a very small time slice between copying the file and truncating it, so some logging data might be lost. When this option is used, the create option will have no effect, as the old log file stays in place.

April 22, 2013 Posted by | Apache, Tips & Tricks, Unix/Linux | , , , | Leave a comment

How to enable gzip (web Page) compression in Apache

First lets be sure your server supports compression, to do that it needs to have the mod_deflate module:

# cat httpd.conf | grep deflate

You should see this:

LoadModule deflate_module modules/mod_deflate.so

If it is commented, comment it out and add following lines :-

# vim /etc/httpd/conf/httpd.conf

#################################################
<IfModule mod_deflate.c>
SetOutputFilter DEFLATE

# You can’t compress what is already compressed
SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.(?:exe|t?gz|zip|bz2|sit|rar)$ no-gzip dont-vary
SetEnvIfNoCase Request_URI \.pdf$ no-gzip dont-vary

# Make proxies work as they should.
<IfModule mod_headers.c>
Header append Vary User-Agent
</IfModule>

</IfModule>

#BrowserMatch ^Mozilla/4 gzip-only-text/html
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
#################################################

March 28, 2013 Posted by | Apache | , | Leave a comment

How to running PHP 4 and PHP 5 on the same cPanel

Here is following process to install and run on the same server php 4 and 5. Users will be allowed to choose what version to use for their scripts.
Although I personally don’t recommend this as it has many performance implications it’s something that small webhosts use so that they don’t have to have different servers for different php versions.

1. Compiler check

# /scripts/checkccompiler
# rm -rvf /home/cpphpbuild
# mkdir /home/cpphpbuild
# cd /home/cpphpbuild

2. Download and extract php

# wget http://us2.php.net/downloads.php
# tar -xzf php-5.2.4.tar.gz
# cd php-5.2.4

3. Configure and build the php installation (credits go to elix for an excellent work)

# echo “#define HAVE_SENDMAIL 1? >> /home/cpphpbuild/php-5.2.4/main/php_config.h
# wget http://www.elix.us/tutorials/php5.gen.cpanel
# chmod 700 php5.gen.cpanel
# ./php5.gen.cpanel
# make
# make install

4. Moving the files and finishing the configuration

# cp -f /usr/local/php5/bin/php5 /usr/local/cpanel/cgi-sys/php5
# chown root:wheel /usr/local/cpanel/cgi-sys/php5
# cp -p /home/cpphpbuild/php-5.2.4/php.ini-recommended /usr/local/php5/lib/php.ini
# chown root.root /usr/local/php5/lib/php.ini
# chmod 644 /usr/local/php5/lib/php.ini
# echo “cgi.fix_pathinfo = 1 ; needed for CGI/FastCGI mode” >> /usr/local/php5/lib/php.ini

5. Now we have to add a few lines to the httpd.conf file

# vim /usr/local/apache/conf/httpd.conf

6. Add in the section – “index.php5″ before index.php4 and Add after “AddType application/x-httpd-php .phtml”

—————————————————————————
Action application/x-httpd-php5 “/cgi-sys/php5″
AddHandler application/x-httpd-php5 .php5
—————————————————————————

7. Test the installation

# service httpd configtest

8. If you get any errors please check that you done all the steps properly. If everything is ok you can now restart apache.

# service httpd restart

October 29, 2012 Posted by | Apache, PHP | , | Leave a comment

How to monitor specific process (ie apache) using Top Command

How to monitor specific process (ie apache) using Top Command

# top -p `pidof httpd | awk ‘{gsub(/[ ]/,”,”);print}’`

April 4, 2012 Posted by | Apache, Tips & Tricks, Unix/Linux | , , , , | Leave a comment

index.jsp for tomcat cluster with HA

<%@ page language=”java” %>
<HTML>
<HEAD>
<TITLE>Login using jsp</TITLE>
</HEAD>
<BODY>
<h1><font color=”red”>Index Page by Tomcat-2 Node-2</font></h1>
<h2><font color=”blue”>This is test page of Tomcat-2 of NODE-2</font></h2>
<table> align=”centre” border=”1″
<h2>></h2>
<tr>
<td>Session ID –> </td>
<td><%= session.getId() %></td>
</tr>
<tr>
<td>Created on –> </td>
<td><%= session.getCreationTime() %></td>
</tr>
</table>
</BODY>
</HTML>

March 23, 2012 Posted by | Apache, Cluster, Tomcat | , , | Leave a comment

worker.properties_cluster

##############################################################
# workers to contact, that’s what you have in your httpd.conf
worker.list=loadbalancer

# setup tomcat1
worker.tomcat1.port=8109
worker.tomcat1.host=localhost
worker.tomcat1.type=ajp13
worker.tomcat1.lbfactor=1

# setup tomcat2
worker.tomcat2.port=8209
worker.tomcat2.host=localhost
worker.tomcat2.type=ajp13
worker.tomcat2.lbfactor=1

# setup tomcat3
worker.tomcat3.port=8309
worker.tomcat3.host=localhost
worker.tomcat3.type=ajp13
worker.tomcat3.lbfactor=1

# setup the load-balancer
worker.loadbalancer.type=lb
worker.loadbalancer.method=R/S/T/B
worker.loadbalancer.balance_workers=tomcat1,tomcat2,tomcat3
worker.loadbalancer.sticky_session=True
#worker.loadbalancer.sticky_session_force=True

# Status worker for managing load balancer
worker.status.type=status
##################################################################

worker.list –> Describe the workers that are available to Apache via a list

ajp13 –> This type of worker represents a running Tomcat instance

lb –> used for load balancing

status –> display useful information about how the load among the various Tomcat workers is distributed

Sticky sessions are an important feature if you rely on jSessionIDs and are not using any session-replication layer. If sticky_session is True a request always gets routed back to the node which assigned this jSessionID.
If that host should get disconnected, crash or become unreachable otherwise the request will be forwarded to another host in the cluster.

R :- Request –> If method is set to Request the balancer will use number of requests to find the best worker. Accesses will be distributed according to the lbfactor in a sliding time window. This is the default value and should be working well for most applications.

S :- Session –> If method is set to Session the balancer will use number of sessions to find the best worker. Accesses will be distributed according to the lbfactor in a sliding time window. Because the balancer does not keep any state, it actually does not know the number of sessions. Instead it counts each request without a session cookie or URL encoding as a new session. This method will neither know, when a session is being invalidated, nor will it correct its load numbers according to session timeouts or worker failover. This method should be used, if sessions are your limiting resource, e.g. when you only have limited memory and your sessions need a lot of memory.

T :- Traffic –> If set to Traffic the balancer will use the network traffic between JK and Tomcat to find the best worker. Accesses will be distributed according to the lbfactor in a sliding time window. This method should be used, if network to and from the backends is your limiting resource.

B :- Busyness –> If set to Busyness the balancer will pick the worker with the lowest current load, based on how many requests the worker is currently serving. This number is divided by the workers lbfactor, and the lowest value (least busy) worker is picked. This method is especially interesting, if your request take a long time to process, like for a download application.
##############################################################

March 19, 2012 Posted by | Apache, Cluster, Tomcat | , , | Leave a comment

tomcat_ssl.conf_cluster

# vim /etc/httpd/conf.d/ssl.conf

Line No. 83 to 93

##################################################################
# LoadModule jk_module modules/mod_jk.so
# JkWorkersFile /etc/httpd/conf/worker.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
JkLogStampFormat “[%a %b %d %H:%M:%S %Y] ”
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat “%w %V %T”
JkEnvVar SSL_CLIENT_V_START
Jkmount /* loadbalancer
# JkMount /examples/*.jsp worker1
##################################################################

March 17, 2012 Posted by | Apache, Cluster, Tomcat | , , | Leave a comment

tomcat_httpd.conf_cluster

# vim /etc/httpd/conf/httpd.conf

Line No. 201 to 212

##################################################################
LoadModule jk_module modules/mod_jk.so
JkWorkersFile /etc/httpd/conf/worker.properties
JkLogFile /var/log/httpd/mod_jk.log
JkLogLevel info
JkLogStampFormat “[%a %b %d %H:%M:%S %Y] “
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat “%w %V %T”
JkEnvVar SSL_CLIENT_V_START
Jkmount /* loadbalancer
# JkMount /examples/*.jsp worker1
##################################################################

March 15, 2012 Posted by | Apache, Cluster, Tomcat | , , | Leave a comment

How to install and configure LVS to allow Load Balancing between Clusters/Nodes

The Linux Virtual Server Project (LVS) allows load balancing of networked services such as web and mail servers using Layer 4 Switching. It is extremely fast and allows such services to be scaled to service 10s or 100s of thousands of simultaneous connections. Now configure ipvsadm in both node

node-1 :- 192.168.3.201 :- node-1.unixserveradmin.com
node-2 :- 192.168.3.202 :- node-2.unixserveradmin.com

Virtual IP (VIP) :- 192.168.3.135

on node-1

# yum install ipvsadm

# ipvsadm-save

# ipvsadm-restore

# ipvsadm -C (Flush)

# ipvsadm-save > ipvsadm_rules.txt

# ipvsadm-restore < ipvsadm_rules.txt

# ipvsadm -A -t 192.168.3.135:80 (# ipvsadm -A -t 192.168.3.135:80 -s rr)

# ipvsadm -a -t 192.168.3.135:80 -r 192.168.3.201:80 -m

# ipvsadm -a -t 192.168.3.135:80 -r 192.168.3.202:80 -m

# /etc/init.d/ipvsadm start

# chkconfig ipvsadm save

# chkconfig ipvsadm on

# tcpdump -n -i any port 80 (for testing)

# ipvsadm -L -n (To show the number of active connections)

-A, –add-service
-L, -l, –list
-t, –tcp-service service-address
-s, –scheduler scheduling-method
-w, –weight weight

–stats
Output of statistics information. The  list  command  with  this
option  will  display the statistics information of services and
their servers.

–rate
Output of rate information. The list command  with  this  option
will  display  the rate information (such as connections/second,
bytes/second and packets/second) of services and their  servers.

Scheduling Method :-

1. Round-Robin :- Distributes Job Equally (rr)
2. WRR :- Weighted Round Robin
3. LC :- Least Connection
4. WLC :- Weighted Least Connection
5. LBLC :- Locality bases Least Connection
6. LBLCR :- Locality Bases least Connection with Replication
7. DH :- Destination Hashing, use statically assigned hash table
8. SH :- Source Hashing, Use Statically assigned hash table
9. SED :- Shortest Expected Delay
10. NG :- Never Queue

March 11, 2012 Posted by | Apache, Cluster, LVS | , , , , | Leave a comment

Hearbeat Configration File Options

——————————————————————————————————————————-
logfacility local0 –> Facility to use for syslog()/logger
——————————————————————————————————————————-
keepalive 2 –> how long between heartbeats

A note on specifying “how long” times below, The default time unit is seconds 10 means ten seconds You can also specify them in milliseconds 1500ms means 1.5 seconds
——————————————————————————————————————————-
deadtime 30 –> how long-to-declare-host-dead?

If you set this too low you will get the problematic split-brain (or cluster partition) problem.
——————————————————————————————————————————-
warntime 10 –> how long before issuing “late heartbeat” warning?
——————————————————————————————————————————-
initdead 120 –> Very first dead time (initdead)

On some machines/OSes, etc. the network takes a while to come up and start working right after you’ve been rebooted. As a result we have a separate dead time for when things first come up. It should be at least twice the normal dead time.
——————————————————————————————————————————-
udpport 694 –> What UDP port to use for bcast/ucast communication?
——————————————————————————————————————————-
bcast etho –> What interfaces to broadcast heartbeats over?
——————————————————————————————————————————-
auto_failback on
on        –> enable automatic failbacks
off        –> disable automatic failbacks
legacy    –> enable automatic failbacks in systems where all nodes do not yet support the auto_failback option.
——————————————————————————————————————————-
node –> Tell what machines are in the cluster
——————————————————————————————————————————-

March 9, 2012 Posted by | Apache, Cluster | , , | Leave a comment

How to install and configure Failover “OR” High Availability (HA) Cluster with heartbeat in Apache

Heartbeat is a High Availably cluster software in linux platform. Here is following steps to  install and configure Heartbeat in RHEL/CentOS configure web server using Apache.

Heartbeat Version is : heartbeat-3.0

===========================================
Requirements :-

2 linux nodes, RHEL 5.x/CentOS 5.x
LAN & Internet connection.
A yum server.

Node-1: 192.168.3.201
Node-2: 192.168.3.202

Virtaul IP Address (VIP) :- 192.168.3.135
===========================================

1. Set the fully qualified hostnames and give corresponding entries in /etc/hosts and /etc/sysconfig/network

node-1 :- 192.168.3.201 :- node-1.unixserveradmin.com
node-2 :- 192.168.3.202 :- node-2.unixserveradmin.com

2. Configuring Apache on both node

# yum install httpd mod_ssl

On node1

# vim /var/www/html/index.html
This is test page of node 1 of Heartbeat HA cluster

On node2

# vim /var/www/html/index.html
This is test page of node 2 of Heartbeat HA cluster

On both nodes:

# vim /etc/httpd/conf/httpd.conf
Listen 192.168.3.135:80

3. Now start the service in both nodes.

# /etc/init.d/httpd restart  

# chkconfig httpd on

Note:- It won’t work until heartbeat is started. So don’t worry

4. Confirm them from broswer.

5. Install the following packages in both nodes:
(These below packages are not necessary, but you can install it.)

# yum install glibc*

# yum install gcc*

# yum install lib*

# yum install flex*

# yum install net-snmp*

# yum install OpenIPMI*

# yum install python-devel

# yum install perl*

# yum install openhpi*

6. Save the repo file for clusterlabs online repository in both node. Its available in http://www.clusterlabs.org/rpm/epel-5/clusterlabs.repo

# cd /etc/yum.repos.d/

# wget http://www.clusterlabs.org/rpm/epel-5/clusterlabs.repo

it is as follows:
————————————————————–
[clusterlabs]
name=High Availability/Clustering server technologies (epel-5)
baseurl=http://www.clusterlabs.org/rpm/epel-5
type=rpm-md
gpgcheck=0
enabled=1
————————————————————–

7. After that install heartbeat packages on both nodes:

# yum install cluster-glue* heartbeat* resource-agents*

8. Setting Configuration files:

We can do all configuration in one system and copy the /etc/ha.d to both nodes.

#cd /etc/ha.d

#cat README.config

9. The details about configuration files are explained in this file. We have to copy three
configuration files to this directory from samples in documentation.

# cp /usr/share/doc/heartbeat-3.0.3/authkeys /etc/ha.d/
# cp /usr/share/doc/heartbeat-3.0.3/ha.cf /etc/ha.d/
# cp /usr/share/doc/heartbeat-3.0.3/haresources /etc/ha.d/

10. We have to edit the authkeys file on both nodes:

We are using sha1 algorithm:

# vim /etc/ha.d/authkeys
—————
auth 2
#1 crc
2 sha1 test-ha
#3 md5 Hello!
—————

11. Change the permission of authkeys to 600 to both nodes:

# chmod 600 authkeys

12. We have to edit the ha.cf file on both nodes:

# vim /etc/ha.d/ha.cf

uncomment following lines and make edits
—————————————–
logfile /var/log/ha-log
logfacility local0
keepalive 1
deadtime 15
warntime 10
initdead 120
udpport 694
bcast eth0
auto_failback on
node node-1.unixserveradmin.com # in both nodes command “uname -n” should give the these hostnames
node node-2.unixserveradmin.com
—————————————–

13. We have to edit the haresources file on both nodes separately:

on node-1 :-

# vim /etc/ha.d/haresources
node-1.unixserveradmin.com    192.168.3.135 httpd

on node-2 :-

# vim /etc/ha.d/haresources
node-2.unixserveradmin.com    192.168.3.135 httpd

Note:- You dont have to create an interface and set this IP or make a IP alias. Heartbeat will take care of it Automatically.

14. Now exchange and save authorized keys between node1 and node2

node-1# ssh-keygen -t rsa

node-1# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.3.202

node-2# ssh-keygen -t rsa

node-2# ssh-copy-id -i ~/.ssh/id_rsa.pub 192.168.3.201

15. Start Heartbeat service on both nodes:

# /etc/init.d/heartbeat start

# chkconfig heartbeat on

March 7, 2012 Posted by | Apache, Cluster | , , , | Leave a comment

How to configure Apache server to listen Multiple Ports

By default Apache server listens on TCP port 80 but I’d like an Apache Web Server to listen on port 80 and port 8080. The following article explains how do I configure Apache server to listen multiple ports under CentOS Linux Server.

To configure Apache server to listen multiple ports, you need to login as root and open configure file /etc/httpd/conf/httpd.conf and modify the Listen directive tells the server to accept incoming requests on the specified port.

# vi /etc/httpd/conf/httpd.conf

Find line that read as follows:

Listen 80

Force Apache server to listen on both port 80 and 8080:

Listen 80
Listen 8080

And find the VirtualHost portion for your website config and add *:8080 as shown below:

<VirtualHost *:80 *:8080>

</VirtualHost>

Save and close the file. Restart apache server:

# service httpd restart

February 26, 2012 Posted by | Apache | , | Leave a comment

How to block or allow ips using .htaccess

Suppose you have a site example.com and in the document root directory of example.com you have a directory “admin” in which you want to restrict the access to others. But you want to give access to clients from some ips.

You can do this by creating a .htaccess file under “admin” directory.

# vim .htaccess file can be like this.

===================
Order Deny,Allow
Deny from all
Allow from IP_address1
Allow from IP_address2
Allow from IP_address3
Allow from IP_address4
Allow from IP_address5
===================

example.com/admin/ will only be accessible to IP_address1-5

February 16, 2012 Posted by | Apache, htaccess | , , | Leave a comment

How to configure Webalizer

The Webalizer is a GPL application that generates web pages of analysis, from access and usage logs, i.e. it is web log analysis software. It is one of the most commonly used web server administration tools. It was initiated by Bradford L. Barrett in 1997. Statistics commonly reported by Webalizer include: hits; visits;  referrers; the visitors’ countries; and the amount of data downloaded. These statistics can be viewed graphically
and presented by different time frames, such as per day, hour, or month.

Hit

Each HTTP request submitted by the browser is counted as one hit. Note that HTTP requests may be submitted for non-existent content, in which case they still will be counted. For example, if one of the five image files referred by the example page mentioned above is missing,
the web server will still count six HTTP requests, but in this case, five will be marked as successful (one HTML file and four images) and one as a failed request (the missing image)

Here is steps to configure webalizer

1) Install the webalizer by yum

# yum install webalizer

2) vim /etc/httpd/conf.d/webalizer.conf

=====================================
Alias /usage /var/www/usage

#<Location /usage>
#       AllowOverride AuthConfig
#       Order allow,deny
#       Allow from all
#</Location>

<Directory “/var/www/usage”>
    AllowOverride AuthConfig
   Options Indexes FollowSymLinks Includes
    Order allow,deny
    Allow from all
</Directory>
=====================================

3. Create .htacess file

# vim /var/www/usage/.htaccess

=====================================
AuthUserFile /etc/httpd/htpasswd
AuthName “Please provide Login Credentials”
AuthType Basic
require valid-user
=====================================

4. Restart httpd services.

# /etc/init.d/httpd restart

February 14, 2012 Posted by | Apache, Tips & Tricks, Unix/Linux | , , , , , | 7 Comments

How to generate a CSR for SSL Certificate without using Password

Here is following steps to generating a Certificate Signing Request (CSR) Generation Instructions – Apache 2.x Web server. When you have completed generating your CSR, cut/copy and paste it into the CSR field on the SSL certificate-request page.

1. Log in to your server’s terminal (SSH).

2. At the prompt, type the following command:

# openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Replace yourdomain with the domain name you’re securing. For example, if your domain name is example.com, you would type example.key and example.csr

Enter the requested information:

Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.

State or Province Name: Name of the state or province where your organization is located. Do not abbreviate.

City or Locality Name: Name of the city where your organization is registered/located. Do not abbreviate.

Organization Name: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor’s name.

Organization Unit Name: If applicable, enter the DBA (doing business as) name.

Common Name: The fully-qualified domain name, or URL, you’re securing. If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.

If you do not want to enter a password for this SSL, you can leave the Passphrase field blank. However, please understand there might be additional risks. Open the CSR in a text editor and copy all of the text. Paste the full CSR into the SSL enrollment form in your account.

January 5, 2012 Posted by | Apache, Security, Tips & Tricks | , , , | Leave a comment