:::: MENU ::::
Browsing posts in: Ubuntu
Dec 27, 2008    |      0 comments

Apache2 on Ubuntu 8.04LTS; restrict access to PAM authenticated users

I have a couple of static pages that I want to restrict access to.

I don’t want to manage another set of usernames & passwds, so I’d like apache2 to authenticate off the standard users on my system, via PAM.

To get this to work, you need to install and configure mod_auth_pam and mod_auth_shadow

aptitude install libapache2-mod-auth-pam libapache2-mod-auth-shadow

Ensure the www-data user is part of the shadow group, so apache2 can read the passwords

usermod -G shadow www-data

And set up the relevent virtual host:

 

                AuthPAM_Enabled On
                AuthShadow on
                AuthPAM_FallThrough Off
                AuthBasicAuthoritative Off
                AuthType Basic
                AuthName "Restricted to group: sysadmins"
                AuthUserFile /dev/null
                Require group sysadmins

Restart apache, and you’re done!

Dec 27, 2008    |      1 comment

Self Cert SSL certificate for Apache2 on Ubuntu 8.04LTS

Generate a self cert certificate:

https://help.ubuntu.com/8.04/serverguide/C/certificates-and-security.html

Create a new virtual host (you can only have one SSL virtual host / IP)

sudo cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Edit ssl sothat it looks like this:
NameVirtualHost *:443

ServerName webangle-www1.everyangle.co.uk
ServerAdmin webmaster@localhost

DocumentRoot /var/www/

SSLEngine on

SSLOptions +StrictRequire

SSLCertificateFile /etc/ssl/certs/server.crt
SSLCertificateKeyFile /etc/ssl/private/server.key

Finally, if you want to force redirect of all traffic to a certain folder via SSL (e.g, /phpmyadmin), add the following to /etc/apache2/sites-available/default

#Redirect traffic to /phpmyadmin through https
        RewriteEngine   on
        RewriteCond     %{SERVER_PORT} ^80$
        RewriteRule     ^/phpmyadmin(.*)$ https://%{SERVER_NAME}/phpmyadmin$1 [L,R]

Enable it:

sudo a2ensite ssl
sudo /etc/init.d/apache2 reload
Dec 27, 2008    |      0 comments

Automount remote filesystem over SSH

Previously I posted on how I backup my server’s data to rsync.net’s remote storage.

A convienient way to access that remote storage is to configure rsync over sshfs:

sudo aptitude install sshfs
mkdir /mnt/sshfs
mkdir /mnt/sshfs/rsync.net
sshfs **username**@ch-s011.rsync.net: /mnt/rsync.net
Now, test that you can access /mnt/rsync.net, and copy a few files to your remote storage.  if all works well, the next step is to have sshfs automatically connect whenever we try to access the directory

First, unmount

fusermount -u /mnt/rsync.net

Then, install autofs, and edit the config file

sudo aptitude install autofs
sudo vi /etc/auto.master

Add the following line 

/mnt/sshfs /etc/auto.sshfs --timeout=30,--ghost

Then,  

sudo vi /etc/auto.sshfs

Add

rsync.net -fstype=fuse,rw,nodev,nonempty,noatime,allow_other,max_read=65536 :sshfs#**username**@ch-s011.rsync.net:

 

And finally restart autofs 

sudo /etc/init.d/autofs restart

 

Now, when you cd /mnt/sshfs/rsync.net, after a short delay you will automatically be connected to the remote filesystem over SSH.  After 30 seconds of inactivity, the connection will be closed.

Dec 26, 2008    |      0 comments

Backup Ubuntu 8.04LTS to rsync.net using backup-manager (at linode.com)

I’m setting up a new linode360 VPS, based of the Ubuntu 8.04LTS image.

For backups, I want to do weekly backups and daily incrementals of the data files, and sync these off to an external backup location.

Broadly, there are two parts to the backup, creating the backed up files, and then copying them offsite.

Creating the backups

I’m using backup-manager 0.7.6-debian1, which handles backing up sets of files and MySQL databases to tar.gz files.

sudo aptitude install backup-manager
sudo /usr/sbin/backup-manager --version

The comments in the config file make editing it quite straight forward.

sudo vi /etc/backup-manager.conf

One minor points:

  • Separate multiple backup methods with a space, eg: 
    export BM_ARCHIVE_METHOD="tarball-incremental mysql"

To test:

sudo /usr/sbin/backup-manager --verbose

The output folder you specified (/var/archives) should now contain some .tar.gz versions of your data. Hurrah!

Getting the files offsite

Originally I intended to use Amazon’s S3 as a backup store, following Michael Zehrer’s instructions on how to rsync with S3. However, I couldn’t get this to work reliably; so I opted instead for rsync.net which offers standard scp, ftp, WebDav and sshfs access to their geographic backup locations.

Backup-manager can rsync over ssh, which is a quick and efficient way to sync changes over to the remote host..

The first step is get your rsync.net account setup; and set up your ssh so you can access without typing in a password

Then, set the BM_UPLOAD_METHOD to rsync, and configure both the scp and the rsync settings in /etc/backup-manager.conf (pay attention not to prefix remote folders with / ).

Test with:

sudo /usr/sbin/backup-manager --verbose

Once its all working, set up a cron job to call backup-manager daily.

crontab -e

I run backup-manager once per day in the wee hours, and log output to /root/crontab/daily_backup-manager.logs

  0 3   *   *   *    /usr/sbin/backup-manager -v > /root/cronlogs/daily_backup-manager.log

Viola!

Jul 24, 2008    |       5 comments

Domain mapping with WordPress MU, Plesk, Apache2 & Ubuntu

Given a WordPress MU install on Plesk running on Ubuntu with Apache2, we want to configure domain mapping so that

user1 can have myblog1.com mapping to their wordpress blog (myblog1.masterwpmu.com) and
user2 can have myblog2.com mapping to their wordpress blog (myblog2.masterwpmu.com)

We need to configure quite a few moving parts:

  1. DNS for masterwpmu.com – this should be an A record, pointing to the IP of your server
  2. DNS for myblog1.com & myblog2.com – these should be CNAME records, pointing to the A record in (1) – eg. masterwpmu.com
  3. Apache2 – we need to alter the apache vhost conf created by Plesk to setup a wildcard alias
  4. WordPressMU – we need to configure it to serve the right content when receiving a request for myblog2.com or myblog2.com

When someone makes a browser request for myblog2.com, the following sequence happens:

  1. myblog2.com is resolved to masterwpmu.com, which is resolved to the IP of your server.
  2. the browser makes a request to the IP, port 80, passing the host header of myblog2.com
  3. Apache intercepts the request to point 80, checks through all its known vhost server aliases, and not finding a match redirects to the wildcard alias pointing to our WPMU install
  4. WPMU gets the request, matches the host header to the correct blog content, and returns the relevant page.

So, how do we configure this?

  1. Create a new Plesk site, with its own domain name (eg. masterwpmu.com) & install WPMU.  Ensure this works.
  2. Create a new CNAME record myblog2.com which resolves to masterwpmu.com (Its also possible to setup an A record pointing to the same IP as masterwpmu.com; although this will break if the IP of masterwpmu.com ever changes).  Google has a nice set of instructions for doing this on most major DNS providers (obviously you’ll want to point to masterwpmu.com rather than ghs.google.com ;) )
  3. Edit the Apache2 vhost conf created by Plesk at: /var/www/vhosts/masterwpmu.com/conf/httpd.include, changing:
    ServerAlias *
    <Directory>
    AllowOverride FileInfo Options
  4. restart Apache2 ( /etc/init.d/apache2 restart)
  5. Log in to the WPMU install as admin, and create a new blog.  Edit the new blog, and change the Domain & FileUpload Url to myblog2.com and http://myblog2.com/files (all the other Urls are automatically updated when you save)
  6. Browse to http://myblog2.com !

Gotchas:

  • You can only have 1 wildcard Apache ServerAlias per IP

Hope that helps!

Oct 29, 2007    |      0 comments

HOWTO: Ubuntu Server 7.0.4 on VMWare Server 1.0.4 on Windows XP

My local PHP/Symfony DEV environment is an Ubuntu Feisty Fawn server, running under VMWare on my Windows XP laptop. All the server side stuff runs on the Ubuntu VM, which mirrors the setup of my production host.

Install VMWare Server (free) from http://www.vmware.com/download/server/

This is a pretty straight forward Windows install, once you have registered and received the (free) license key via email

Your machine needs to have plenty of RAM, and a couple of gigs of free HDD space. (It works fine on my Dell Inspiron 510m, 1.6GHz, 1.25GB RAM laptop)

Install Ubuntu Feisty Fawn 7.04 VM

Download the installation CD ISO from http://www.ubuntu.com/getubuntu/download

Fire up the VMWare Server console, create a new VM. Use a NAT ethernet adapter. Make sure the VM’s CDROM points to the ISO you just downloaded.

Run through the installation proceedure, doing just the bare bones standard install. At the end, reboot, and don’t be alarmed at the crash:

Int 14: CR2 c1000000 err 00000002 EIP c03f3c3e CS 00000060 flags 00000006
Stack: 373c0046 00000000 ffffffff c0490000 00001400 00000080 00400000 ffffff80

The default server kernel won’t work with a VPC (http://www.virtualbox.org/ticket/289), so we need to install the desktop one.

* Re-Boot the server CD (NOT the server install), select recovery mode.
* Go through all the (recovery) steps ….
* Once you get to the command line :

# apt-get install linux-386
# apt-get remove linux-serverReboot, and login. Viola!

Finally, run ifconfig from the Ubuntu command line – to find the (current) IP address of the VM.