Tag Archives: debian

htop-web2

All in one webserver from the ground up. A Virtualized Debian How-to

< This is the only image you get, as this is going to be a very text centered post.htop-web2

I figured after virtualizing my entire network a few weeks ago and while learning alot, I also rebuilt several machines, and documented the rebuild. So from those notes, I’m going to finally get around to how to securely host and build a website, from the ground up.

We’ll start with a bare bones debian 6 install (this guide will work for ubuntu server 12.04 as well) on a virtual host.

I’m also using this guide as a walk-through for myself, so I’ve included the instructions on getting vmware-tools installed, if you’re doing this on bare metal, skip that part. :)

Most of this should be done as the root user. In ubuntu, to gain root use the command:

Also to get the basics out of the way I will be using nano as my text editor, to save in nano use the keys

or to save and exit use the command

I will assume you know how to save a file from this point forward.

To get started let’s get our environment setup, it makes life easier in the end.

Uncomment the lines in the root .bashrc file

Save and exit * I won’t be telling you this again, if the files done being edited, save and close it! :)*

Force your current session to use the new .bashrc file.

You should now have colors when displaying the contents of your directories and have a shortcut to restart apache once we have it installed.

But before we install the web server let’s finish getting prepped. (ubuntu users, don’t add the netselect-apt in the next command, it’s not available in your repos.)

If your curious on how any of these programs work in more detail, you can always turn to the “man” command. I do often, so I like my man pages in color. If you do as well, use this, and select the option that references “most” (usually 3 in my experience)

Now let’s create another normal user (if you already have all the normal users you want, skip this part)
*replace <yourname> with Your name.*

and then answer the questions it asks as best you want.

Now let’s also give this user the ability to manage this server using sudo.

Find the line for the root user and copy it on a new line, replacing root with your username.

Or better yet, just add them to either the “admin” or “sudo” groups (On some distro’s you might know this as the “wheel” group)

If you just added yourself to the sudo group, you’ll need to log off and back on for this to take effect.

Now Debian users with netselect installed, use this list of commands:

then

Now we can start installing the vmware-tools. First click the option on your vmware console to install tools or guest additions.

2013-09-02 12_21_03-192.168.0.173 - vSphere Client

This will insert a virtual cd-rom in your virtual machine. I know right!?! How deep DOES the rabbit hole go?! Anyways.

Welcome back :) Login as your normal user from here on out and gain root using “sudo su“. It’s just good practice.

Comment out the default settings for the eth0 interface as we want a static IP address for a server and add something like this (changing the values as needed for your network of course!)

Then restart your network.

You will probably get disconnected if you’re using ssh to connect. This is to be expected and you should now be able to ssh to the IP address you just set.

Now let’s set the hostname of the server.

And append the same name to the hostname file and restart the service.
(Note the &gt; should be a > but my syntax highlighter breaks these… keep an eye out!)

Being ssh is probably going to be left open, let’s start to automate banning of brute force attempts for our ssh login (moving ssh to a non standard port is also a good idea!)

Setup the times and purge options as you see fit and then restart denyhosts.

And let’s FINALLY get to installing that webserver like I promised!

That’s it! your webserver’s installed! Now let’s configure it!

Now let’s build the config for the website you’ll be hosting.

There are alot of options you can define in here, but to get you started make sure you have the DocumentRoot, ErrorLog and CustomLog defined in this config file.
(again the &lt; and &gt; should be < and > respectivly, stay sharp!!!)

Using our example above, let’s create those directories.

And bring this site online, and remove the default site

Your website should now be online! w00t!

Let’s get the rest going so we can get something more dynamic then html websites.

Enter in a SQL root password when prompted. (SHOULDNT BE THE SAME AS YOUR ROOT PASSWORD!!!!!!!!!!!!!)

And let’s harden our SQL environment as this is not a developer server.

You don’t need to change your SQL root password if you set a good one above. if it’s the same as your normal root user’s password, change it ffs! Answer yes to the rest of the questions.

Now this next line will install php. Lot’s of php. This command should be entered in as one single line!

These settings will get you off to a good start, but more tuning can be done. Search for the following and make the needed changes in this file. (search in nano using “Ctrl+w” and typing in the keyword.

(You do remember you can type in ^ arestart ^ instead of that line throughout this gude if you used my .bashrc edits, right? ;) )

And of course a web-gui to your SQL server is super handy, so let’s add that as well.

Select apache2 when asked, and choose yes to create the default database. Enter in the SQL root password, and then leave the next password prompt blank to have a random one generated, as you won’t need it.

Almost done!

Let’s set the permissions on the folders we created.

And your set!

Let’s go one step further and setup a firewall to finish it up, just in case you’re not behind a seperate firewall (Check out untangle if you’re looking for a good one!)

This will install the “Uncomplicated Firewall” that works with iptables, and makes life alot easier!
For more help with ufw settings check out this guys site, it’s got a pretty good rundown and examples.

You should now get a result that says the following:

Of course this is the basic setup, you can further limit ssh to local connections only etc.

And your website is ready for stage 2, Content! You now have a memcached apache http server with php5 and mysql ready for the world wide web! Good luck!

(The stage 2 post will come soon!)

 

** EDIT **

After a few month’s with this setup I’ve started getting several mail objects that say:

This is a RAID status update from mpt-statusd.
The mpt-status program reports that one of the RAIDs changed state:

Report from /etc/init.d/mpt-statusd on virtual-proxy

Being it’s a virtual machine there’s no raid state to worry about (at least not from the guest side…) so unless you have a reason for it, just stop the mpt-status daemon. Do the following:

to stop it from it’s currently running state, and then

which will remove it from several startup scripts that run on boot.

That’s it, no more mail from that problem :) Hope your install is running as smoothly as mine has been!

usenet-title

Uploading to Usenet on debian (or ubuntu) linux

So I’ll start off by saying I do use a graphical user interface (gui) on my debian laptop (Linux Mint Debian Edition) and have also switched from my old love bit torrent over to usenet just for security’s sake. I’ve been reading alot of posts on the net to figure everything out as people and links come and go as does software to do what you want it to do. Here’s the easy way of how I upload to usenet using my laptop.

A few things you’re going to need beforehand.

rar, cksfv, PyPar2 and JBinUp. (cksfv, rar and PyPar2 are available in the repos. and JBinUp is availble online.)

Now you’ll notice a few dependancies are going to be needed just by the names of those apps. PyPar2 is obviously written in python so you’re going to need that and JBinUp is written in java so you’re also going to want that installed. Yes there are other apps such as newsposter (cli) but I’ve been having issues with that and really the gui of JBinUp as well as the .nzb file creations really come in handy for me.

First your going to need to break your video down into smaller parts using rar. Music files are small enough you don’t need to split them apart but movies you do. For files 1.4gb in size or smaller your going to want to split them into 15mb sizes. Here’s the easy gui way of doing that.

Right click the movie file and choose compress.

After some using this, I realized that the rar settings are set to archive not store (read slower and not recommended)

There’s a better way, and I’ve made an earlier post about how to do that using a script so you don’t have to use the commandline (after setting it up the first time that is ;) ). After using that guide, skip down to the next part starting in Green.

Once the Compress window opens click the option that says “Other Options” to expand them, then change the extention to .rar and LEAVE THE BLOODY PASSWORD FIELD BLANK!!! Then check the box that says “Split into volumes of” and set that field to 15.0 then click Create.

Once it’s run it’s path (which could take some time) you’ll be left with many files in your folder which should look something like this:

Skip to here.

Remember that the original file is NOT going to be uploaded but we’ll need it for another step later so leave it in your folder for now.

We’re going to want to create the .svf and .nfo files. NFO Files are just a .txt file that has had it’s extention changed. so feel free to use whatever text editor you feel comfortable with and create your .nfo file. I’m not going to go far into the .nfo creation as that’s really up to you what info you want to put in there, however the output from programs like MediaInfo will suit you quite well. Run MediaInfo on the original file and select view > text and you’ll get something that looks like this:

Copy the info from there and add it to your .nfo file. Your done with this step, so you can now safely remove the original file from your folder now.

Next we’re going to create the parity files. (Par2) so open your PyPar2 app and click on the create tab.

Right click on the window and add all the .rar files in your folder. The default settings will be fine for our needs, so once all your files are in PyPar2 just click on the GO button.

Choose the same folder as your .rar files to save the .par files and let it run it’s magic.

The par files are very important as they let you fix broken or missing .rar files. Make sure they are included in your folder.

To Create the .sfv file, your going to have to check into the commandline (sorry I haven’t found a gui for this part yet) so fire up your terminal emulator. (I like terminator)  Now let’s cd to your working directory which in my case is /home/daniel/NZB/example

then run the cksfv command like so.

The -b command strips out the directorys so that the .sfv file will work on anyone’s system without having to have it in the same directory structure. The > checksum.sfv will create the .sfv file instead of just printing the results to the terminal window. It should look like this:

and the output should look like this:

So now your files are rar’ed and par’ed, you’ve got a .nfo file and a .sfv file, your almost ready to post your files! Fire up JBinUp

 

In JBinUp go to File > Settings and setup your server and poster settings. I’ll wait. I can’t tell you how to enter in this info as each usenet provider has there own url’s and settings, as well as plenty of documentation on how to setup your clients so this shouldn’t be a major issue for you.

After you have your basic settings situated, click on the single (+) button to start setting the posting information. The interface is quite simple, just fill in the blanks. Set your post’s title (aka subject) and choose who’s uploading this post (if you have more then one setup) then click the add button to add the files you want to upload. You want to select every file in your folder, so a simple keyboard command of Ctrl+A will select everything for you and click the Open Button.

Once everything looks right, click Forward and select the groups you want to add this post to. The options here are too varied and numerous so you’ll have to figure out what groups you want yourself but check the alt.binaries.whatever group’s to figure out where you’re going to want to post to. Got your groups? Good! Click the “Add Job” button and it’s off and uploading!

Once your files have finished uploading it’s a good idea to create a .nzb file for them so you can share your posts easily on sites like NzbMatrix and the likes. I am not uploading this example I’ve been using so the option isn’t available for me but if you right click the file you posted in JBinUp after it’s done uploading you’ll get the option to create a nzb file. Again I highly recommend you do this :)

That’s it! Your files are now living on usenet and you have the .nzb file to prove it! Share it with your friends and let’s get some more new content on the net’s!

How to setup lighttpd with a self signed ssl cert on debian with multiple host’s using name based virtual hosting.

Now first off let me say I take no responsibility if this works for you or not.

Also please note that this will only use the one self signed cert we’re going to make across all hosts, which is still encryption, just looks funny if your hosting for more then one business, being all the site’s I have on my server are my own, I don’t really care I just wanted some ssl encryption on my logins to my blogs and pages where I don’t want to send data in the clear. So going to https://stinebaugh.info will give you the same cert as going to http://twig.gs will, but they are still secure.

First off let’s create our self signed certificate. Yes this will throw your browsers into a panic but if you save your exception to the warning permanently (which is fine) you’ll only see it once, plus it’s free ;)

[codesyntax lang="bash" bookmarkname="Generate a self signed pem file"]

[/codesyntax]

This will  then ask you a bunch of questions that you can fill out for yourself, the one that matters is the -> Common Name (eg, YOUR name) []: prompt which is asking for the exact domain name you plan on using (eg. stinebaugh.info) and will create a .pem file in whatever directory your in (so choose a non web accessible folder like /etc/lighttpd/ for it as this is a secret!) the expiration date of the cert file is noted in my example using 3650 which will generate a cert that’s good for 10 years! (hey it’s self signed, do I really want to do this every year?!) Feel free to change it as you see fit.

Now let’s lock that file down with some permissions.

[codesyntax lang="bash" bookmarkname="chpwn that pem file!"]

sudo chown www-data:www-data selfsigned.pem

sudo chmod 600 selfsigned.pem

[/codesyntax]

Now being debian is awesome as well as lighttpd, you can just enter in the command

[codesyntax lang="bash" bookmarkname="bash"]

[/codesyntax]

and it will enable the ssl extention for lighttpd!

now let’s setup lighttpd’s ssl conf.

[codesyntax lang="bash" bookmarkname="edit lighttpd's 10-ssl.conf"]

cd /etc/lighttpd/conf-enabled/
sudo nano 10-ssl.conf

[/codesyntax]

and it should look something like this.

[codesyntax lang="bash" bookmarkname="10-ssl.conf lighttpd ssl setup"]

$SERVER["socket"] == “0.0.0.0:443″ {
ssl.engine                  = “enable”
ssl.pemfile                 = “/etc/lighttpd/selfsigned.pem”
server.document-root = “/var/domain/http” #or wherever you web directory is so it doesnt display just the lighttpd default
}

[/codesyntax]

now restart lighttpd

[codesyntax lang="bash" bookmarkname="restart lighttpd"]

sudo /etc/init.d/lighttpd force-reload

[/codesyntax]

your lighttpd server should now reboot without any errors you can check the syntax for errors if you want by entering in

[codesyntax lang="bash" bookmarkname="check lighttpd's configuration file for errors"]

sudo lighttpd -t -f /etc/lighttpd/lighttpd.conf

[/codesyntax]

now try your server by viewing a page using https such as https://stinebaugh.info and viola you should get that warning in your browser like I was saying and it shoud be just fine after you accept it!

Your Welcome!

Getting the Linksys WPSM54G Working on Linux and Windows 7!

First off this post is more for my own remembrance then informational and is aimed at the more advanced user then just putting in the disk and following the directions  (which will work just fine if you are running Windows Vista but not 7) however I was having issues getting this to work on linux as well as logging in to the web interface where this will mostly be taking place.

First before you can get to it wirelessly you will need to set up the Print Server. Attach it to your Router directly (wired). (I recommend anything running DD-WRT as I’ll be using this in my descriptions to follow. More on this in a bit.) After it’s attached Power it on.

Once the light’s turn green, head on over to your browser and login to your routers interface and head on over to the “Status” Tab.

Find and click on the “LAN” Sub-Tab and look for your Linksys Print Server and make note of it’s IP. (Mine is named LKEED64C don’t ask me why and for this walkthroughs sake we’ll assume it’s on IP 192.168.0.555)

Now that you’ve found the IP go ahead and open another tab in your browser (ctrl+t) and browse to the web interface at [codesyntax lang="text"]

[/codesyntax]

This will bring up the first page asking for your password. The default username is blank and the password is “admin” Please for god’s sake, CHANGE THE DEFAULT PASSWORD!!!

After you’ve changed the password go to the “Protocol” page and set your IP to be static. (special note to those running DD-WRT if your network is mostly dynamically assigned the IP’s if you set your server’s IP out of the normal range it will remain static and you don’t have to worry about collisions if another device takes it) Go ahead and set it for your network. In my example the IP would be 192.168.0.555 Netmask would be : 255.255.255.0 and Gateway would be the router at IP 192.168.0.1 and then click Save.

Now click the wireless tab and set your SSID to whatever your’s is, click save then do the same for your security tab. I won’t be of much help posting my info here as you should already know that information.

Now you can disconnect the power to the linksys print server and the Ethernet cable, move it to wherever your printer is located, and hook up the printer then power back on the print server.

Your Print Server is now ready to be put into action!

Now to get your Linux-Mint, Ubuntu, Debian or such laptop out and let’s get it printing!

Open your Menu and go to Administration>Printing. Select New>Printer. Once the Select Device window pop’s up, Select “Other” and in the “Enter device URI” window enter in this: [codesyntax lang="text"]

[/codesyntax]

You should then be asked what type of printer is attached for CUPS to install the proper drivers, and then you should be able to print a test page! Your Linux install can now print wirelessly anywhere!

Now for Windows 7 users getting connected to the printer. First off, I recommend having already hooked up the printer to your system beforehand and have the proper drivers for your printer already installed it just makes things easier.

Click your start menu and select Printers and Devices. Then right click inside the window and select Add a new printer, then Select Networked Printer. It will start scanning for attached networked printers, but it doesn’t find mine so I just click stop and select the “The printer that I want isn’t listed.”

Select the radio button that says”Add a printer using TCP/IP blah blah blah” and click Next.

For the Hostname enter in your Print Server’s IP of 192.168.0.555 and click Next.

Let it query the Printer for drivers automatically.

The Additional Port Information needed window should pop up just keep it selected at “Generic Network Card” and click Next. Select your printer from the drivers list and click next, if you have already installed them just keep the one’s you have (it says it’s recommended anyways)

Then just name your printer (I like to add “(NETWORKED)” to the end of mine to keep it easily identifiable) and you should be able to print a test page to confirm that everything works! (I have it set as the default printer. It’s up to you if you choose to do the same)

And now you should be able to print from both new OS’s using the Linksys WPSM54G wirelessly! Phew!