Webserver
Error: Authz_core:error Client Denied by Server Configuration
I have upgraded apache2.2 to 2.3, now a strange error I faced. Existing Apache authorization directives are not working,
I have done a modification that fixed the issue
Error :
[Wed Jan 28 04:29:51.468839 2015] [authz_core:error] [pid 29764:tid 139708675897088] [client 117.247.186.108:46348] AH01630: client denied by server configuration: /opt/web-home/raspberrypi/facecount/static-assets/images/detect.png
This changes the way that access control is declared from
Order allow, deny
Allow from all
to :
Require all granted
his means that the total configuration for a Directory is now something like:
<Directory /path/to/directory>
Options FollowSymlinks
AllowOverride none
Require all granted
</Directory>
Restart apache and it’ll all work nicely.
HowTo: Setup javameloy for watching J2EE application server activities
Javamelody is a tool to monitor J2EE application servers, I has capability for showing real-time statistics, I have integrated this tool with nearly 40 servers which connected with Javamelody collector server . It is the good choice for debugging and fine tunning J2EE applications by statistics history. Once you connected the java melody to an collector server it role it to collect all the data from the connected server for every 1 min. it will be avoid storing GBs of statistics data in the application server.
For more details Please check this https://code.google.com/p/javamelody/wiki/UserGuide#Introduction
I followed the given steps for deploying in Tomcat containers,
Packages:
https://javamelody.googlecode.com/files/javamelody-1.49.0.jar
https://pastockscanner.googlecode.com/files/iText-2.1.7.jar
http://sourceforge.net/projects/jrobin/files/jrobin/1.5.9/jrobin-1.5.9.1.jar/download
Installation,
1, Copy the jars to the lib dir of the applications
cp -rpf javamelody-1.49.0.jar iText-2.1.7.jar jrobin-1.5.9.1.jar <webapps>/ROOT/WEB-INF/lib
2, Modify web.xml
cp -rpf web.xml web.xml_$(date +%F)
vi <webapps>/ROOT/WEB-INF/web.xml
<context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/application-context.xml classpath:net/bull/javamelody/monitoring-spring-datasource.xml </param-value> </context-param> <!--====================== Monitoring ===================================--> <!-- Custom CSS --> <filter> <filter-name>customResourceFilter</filter-name> <filter-class>net.bull.javamelody.CustomResourceFilter</filter-class> </filter> <filter-mapping> <filter-name>customResourceFilter</filter-name> <url-pattern>/monitoring</url-pattern> </filter-mapping> <!-- Monitor filter --> <filter> <filter-name>monitoring</filter-name> <filter-class>net.bull.javamelody.MonitoringFilter</filter-class> <init-param> <param-name>storage-directory</param-name> <param-value>logs/monitoring</param-value> </init-param> <init-param> <param-name>url-exclude-pattern</param-name> <param-value>(/images/.*|/js/.*|/styles/.*)</param-value> </init-param> <init-param> <param-name>admin-emails</param-name> <param-value>first.last@example.com</param-value> </init-param> <init-param> <param-name>mail-session</param-name> <param-value>MailSession</param-value> </init-param> <init-param> <param-name>mail-periods</param-name> <param-value>week,month</param-value> </init-param> </filter> <filter-mapping> <filter-name>monitoring</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>net.bull.javamelody.SessionListener</listener-class> </listener> <security-constraint> <web-resource-collection> <web-resource-name> monitoring URL </web-resource-name> <url-pattern> /monitoring/* </url-pattern> <http-method> GET </http-method> <http-method> POST </http-method> </web-resource-collection> <auth-constraint> <!-- the same like in your tomcat-users.conf file --> <role-name> watcher </role-name> </auth-constraint> </security-constraint> <login-config> <auth-method> BASIC </auth-method> <realm-name> Password please !!! </realm-name> </login-config> <security-role> <description> </description> <role-name> watcher </role-name> </security-role>
2, Modify security.xml if needed
cp -rpf security.xml security.xml_$(date +%F)
vi <webapps>/ROOT/WEB-INF/security.xml
<sec:http pattern="/monitoring/**" security="none"></sec:http>
3, Add the credential for basic auth
cp -rpf tomcat-users.xml tomcat-users.xml_$(date +%F)
vi $CATALIAN_HOME/conf/tomcat-users.xml
<user username="user" password="password" roles=watcher"/>
Now restart the tomcat.
URL : http://my-applicationserver.com/monitoring
This is only for those who deployed more than one Javamelody.
JavaMelody collector server installation:
Download and Deploy the collector application in the webserver
https://javamelody.googlecode.com/files/javamelody-1.49.0.war
From the browser you can see the application like below
Name of application to monitor : Just a name to identify the application it can be any thing
eg : mywebserver1 , mywebserver2
URL(s): Valid monitoring URL without “/monitoring”, provide basic authentication if enabled.
eg : http://<username>:<password>@mywebserver1.com
It can be add many javamelody instances like below:
Howto: Install ssl with tomcat Appserver.
Five easy steps to enable SSL for tomcat application server.
1, generate Key store
keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore planetcure-in.jks
It ask few information that we would like to publish along with the SSL
==Certificate information==
Common Name : *.planetcure.in
Organization name: Xtermpro
Country/Region name: myregion
City/Locality: mycity
State/Province: mystate
2, Generate CSR
CSR it to submit to the SSL provider for digital signing Now you receive CRT file from the SSL provider, you may see the signing information in it.
keytool -certreq -alias server -file planetcure-in.csr -keystore planetcure-in.jks
3, Import CA
You may also receive a public CA from the certificate Authority, now you need to import it. This will be called as intermediate CA
keytool -import -alias intermediate -trustcacerts -file intermediateCA.cer -keystore planetcure-in.jks
4, Now this is the final stage you have to import cert file , you can see that their is another key already installed in the key store that is generated along with the keystore generation, it have to replace with the valid certificate.
keytool -import -alias server -trustcacerts -file planetcure-in.crt -keystore planetcure-in.jks
This will give the success output, now move to the configuration changes.
5, Edit the server.xml for the valid entries. Default tomcat SSL port is 8443, here I user 443 .
<Connector port="443"
protocol="HTTP/1.1"
maxThreads="150"
scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${catalina.home}/conf/keystore/planetcure-in.jks"
keystorePass="keystorepassword" keyAlias="server"
clientAuth="false" sslProtocol="TLS"/>
that’s it, now restart the web server to make the changes effect .
Error: SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?
After recovering my Cpanel server it was getting the Internal server error for every domain hosted and throwing some messages in error log
[Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] Premature end of script headers: index.php, referer: http://domain.com/ [Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?
My server is configured for running suphp in CGI mode with Mod-security, So it will check the sticky bit of the suphp binary.The error was because the suphp binary was missing its suid permissions and assigning it fixed the issue.
chmod +s /opt/suphp/sbin/suphpThis should fix the issue instantly.
Howto: Installing Lighttpd and enable Mod-h264 streaming module for Lighttpd
The H264 Streaming Module is a plugin for your existing Apache/Lighttpd/Nginx webserver, below steps to building the H264 Streaming Module for Lighttpd.
To make sure you have all dependencies (configuration files, startup scripts) installed it’s best to first install Lighttpd.
Download Old Lighttpd 1.4.18 with mod h264 streaming
[root@rc-090 ~]#cd root
[root@rc-090 ~]#wget http://h264.code-shop.com/download/lighttpd-1.4.18_mod_h264_streaming-2.2.0.tar.gz
[root@rc-090 ~]#tar -zxvf lighttpd-1.4.18_mod_h264_streaming-2.2.0.tar.gz
Download New Lighttpd 1.4.26
[root@rc-090 ~]#cd /root
[root@rc-090 ~]# wget http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.gz
#tar -zxvf lighttpd-1.4.30.tar.gz
Note : new lighttpd-1.4.30.tar.gz didn’t have mod h264 streaming modules so we need to take the modules from lighttpd 1.4.18
We copy a few files useful sources to compile the module h264 streaming.
[root@rc-090 ~]#cd /root/lighttpd-2.2.0/src/
[root@rc-090 ~]cp mod_h264_streaming.c mod_streaming_export.h moov. * mp4_io. * mp4_process. * \
>mp4_reader. * mp4_writer. * output_bucket. * output_mp4. * lighttpd-1.4.30/src/
(OR)
Copy the module’s files from the 1.4.18 source distribution to your source distribution (lighttpd-1.4.x).
[root@rc-090 ~] cp lighttpd-2.2.0/src/mod_h264_streaming.c lighttpd-2.2.0/src/mod_streaming_export.h
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mod_h264_streaming.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mod_streaming_export.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/moov.c lighttpd-1.4.30src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/moov.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_io.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_io.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_reader.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_reader.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_writer.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_writer.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_process.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_process.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/output_bucket.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/output_bucket.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/output_mp4.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/output_mp4.h lighttpd-1.4.30/src/
Edit Makefile.am
#vi lighttpd-1.4.30/src/Makefile.am
### (Add few lines below after ‘mod_flv_streaming’)
lib_LTLIBRARIES += mod_h264_streaming.la
mod_h264_streaming_la_SOURCES = mod_h264_streaming.c \
mod_streaming_export.h \
moov.c moov.h \
mp4_io.c mp4_io.h \
mp4_reader.c mp4_reader.h \
mp4_writer.c mp4_writer.h \
mp4_process.c mp4_process.h \
output_bucket.c output_bucket.h \
output_mp4.c output_mp4.h
mod_h264_streaming_la_CFLAGS = $(AM_CFLAGS) -DBUILDING_H264_STREAMING
mod_h264_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
mod_h264_streaming_la_LIBADD = $(common_libadd)
Kill all process lighttpd
[root@rc-090 ~]#killall -9 lighttpd
Recompiling lighttpd 1.4.30
[root@rc-090 ~]#cd lighttpd-1.4.30
[root@rc-090 ~]#./autogen.sh
[root@rc-090 ~]#./configure –enable-maintainer-mode
[root@rc-090 ~]#make && make install
Backup & Edit lighttpd.conf
[root@rc-090 ~]#vi /etc/lighttpd/lighttpd.conf
# change on server.modules
#
server.modules = (
…
…
“mod_expire”,
“mod_secdownload”,
“mod_h264_streaming”,
)
#
# add this h264 streaming extensions
h264-streaming.extensions = ( “.mp4”, “.flv” )
Starting Up Lighttpd Daemon
[root@rc-090 ~]#/usr/local/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf &
Testing open a mp4 streaming files
[root@rc-090 ~]#cd /var/www/html/
[root@rc-090 ~]#wget http://127.0.0.1/videofile.mp4
Try to access videofile.mp4 files from browser like example below :
We also can testing out from console like below
[root@rc-090 ~]# wget -S “http://192.168.0.90/ntmonitor.mp4”
–2012-05-21 10:28:00– http://192.168.0.90/ntmonitor.mp4
Connecting to 192.168.0.90:80… connected.
HTTP request sent, awaiting response…
HTTP/1.0 200 OK
Connection: keep-alive
X-Mod-H264-Streaming: version=2.2.0
Content-Type: video/mp4
ETag: “-144150195”
Last-Modified: Fri, 18 May 2012 11:27:23 GMT
Content-Length: 26908528
Date: Mon, 21 May 2012 04:58:00 GMT
Server: lighttpd_RC-090
Length: 26908528 (26M)
Saving to: `ntmonitor.mp4
Thants it..:)
Tech's you need !!!!! 