Webserver

Error: Authz_core:error Client Denied by Server Configuration

Posted on Updated on

I have upgraded apache2.2 to 2.3, now a strange error I faced. Existing Apache authorization directives are not working,

I have done a modification that fixed the issue

Error :

[Wed Jan 28 04:29:51.468839 2015] [authz_core:error] [pid 29764:tid 139708675897088] [client 117.247.186.108:46348] AH01630: client denied by server configuration: /opt/web-home/raspberrypi/facecount/static-assets/images/detect.png

This changes the way that access control is declared from

  Order allow, deny
  Allow from all

to :

  Require all granted

his means that the total configuration for a Directory is now something like:

  <Directory /path/to/directory>
    Options FollowSymlinks
    AllowOverride none
    Require all granted
  </Directory>

Restart apache and it’ll all work nicely.

Advertisements

HowTo: Setup javameloy for watching J2EE application server activities

Posted on Updated on

Javamelody is a tool to monitor J2EE application servers, I has capability for showing real-time statistics,  I have integrated this tool with nearly 40 servers which connected with Javamelody collector server . It is the good choice for debugging and fine tunning J2EE applications by statistics history. Once you connected the java melody to an collector server it role it to collect all the data from the connected server for every 1 min. it will be avoid storing GBs of statistics data in the application server.

For more details Please check this https://code.google.com/p/javamelody/wiki/UserGuide#Introduction

I followed the given steps for deploying in Tomcat containers,

Packages:

https://javamelody.googlecode.com/files/javamelody-1.49.0.jar
https://pastockscanner.googlecode.com/files/iText-2.1.7.jar
http://sourceforge.net/projects/jrobin/files/jrobin/1.5.9/jrobin-1.5.9.1.jar/download

Installation,

1, Copy the jars to the lib dir of the applications

cp -rpf javamelody-1.49.0.jar iText-2.1.7.jar jrobin-1.5.9.1.jar <webapps>/ROOT/WEB-INF/lib

2, Modify  web.xml

cp -rpf web.xml web.xml_$(date +%F)
vi <webapps>/ROOT/WEB-INF/web.xml
<context-param>
 <param-name>contextConfigLocation</param-name>
 <param-value>
 /WEB-INF/application-context.xml
 classpath:net/bull/javamelody/monitoring-spring-datasource.xml
 </param-value>
 </context-param>
 <!--====================== Monitoring ===================================-->
 <!-- Custom CSS -->
 <filter>
 <filter-name>customResourceFilter</filter-name>
 <filter-class>net.bull.javamelody.CustomResourceFilter</filter-class>
 </filter>
 <filter-mapping>
 <filter-name>customResourceFilter</filter-name>
 <url-pattern>/monitoring</url-pattern>
 </filter-mapping>
 <!-- Monitor filter -->
 <filter>
 <filter-name>monitoring</filter-name>
 <filter-class>net.bull.javamelody.MonitoringFilter</filter-class>
 <init-param>
 <param-name>storage-directory</param-name>
 <param-value>logs/monitoring</param-value>
 </init-param>
 <init-param>
 <param-name>url-exclude-pattern</param-name>
 <param-value>(/images/.*|/js/.*|/styles/.*)</param-value>
 </init-param>
 <init-param>
 <param-name>admin-emails</param-name>
 <param-value>first.last@example.com</param-value>
 </init-param>
 <init-param>
 <param-name>mail-session</param-name>
 <param-value>MailSession</param-value>
 </init-param>
 <init-param>
 <param-name>mail-periods</param-name>
 <param-value>week,month</param-value>
 </init-param>
 </filter>
 <filter-mapping>
 <filter-name>monitoring</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>
 <listener>
 <listener-class>net.bull.javamelody.SessionListener</listener-class>
 </listener>
<security-constraint>
 <web-resource-collection>
 <web-resource-name> monitoring URL </web-resource-name>
 <url-pattern> /monitoring/* </url-pattern>
 <http-method> GET </http-method>
 <http-method> POST </http-method>
 </web-resource-collection>
<auth-constraint>
 <!-- the same like in your tomcat-users.conf file -->
 <role-name> watcher </role-name>
 </auth-constraint>
 </security-constraint>
<login-config>
 <auth-method> BASIC </auth-method>
 <realm-name> Password please !!! </realm-name>
 </login-config>
<security-role>
 <description> </description>
 <role-name> watcher </role-name>
 </security-role>

2, Modify security.xml if needed

cp -rpf security.xml security.xml_$(date +%F)
vi  <webapps>/ROOT/WEB-INF/security.xml
<sec:http pattern="/monitoring/**" security="none"></sec:http>

3, Add the credential for basic auth

cp -rpf tomcat-users.xml tomcat-users.xml_$(date +%F)
vi $CATALIAN_HOME/conf/tomcat-users.xml
<user username="user" password="password" roles=watcher"/>

Now restart the tomcat.

URL : http://my-applicationserver.com/monitoring

This is only for those who deployed more than one Javamelody.

JavaMelody collector server installation:

Download and Deploy the collector application in the webserver

https://javamelody.googlecode.com/files/javamelody-1.49.0.war

From the browser you can see the application like below

Monitoring JavaMelody on Beijing stg2 web3 BeijingInternal

 

Name of application to monitor : Just a name to identify the application it can be any thing

eg : mywebserver1 , mywebserver2

URL(s): Valid monitoring URL without “/monitoring”, provide basic authentication if enabled.

eg : http://<username&gt;:<password>@mywebserver1.com

It can be add many javamelody instances like below:

Server

 

Howto: Install ssl with tomcat Appserver.

Posted on Updated on

Five easy steps to enable SSL for tomcat application server.

1, generate Key store

keytool -genkey -alias server -keyalg RSA -keysize 2048 -keystore planetcure-in.jks

It ask few information that we would like to publish along with the SSL

==Certificate information==

Common Name : *.planetcure.in
Organization name: Xtermpro
Country/Region name: myregion
City/Locality: mycity
State/Province: mystate

2, Generate CSR

CSR it to submit to the SSL provider for digital signing Now you receive CRT file from the SSL provider, you may see the signing information in it.

keytool -certreq -alias server -file planetcure-in.csr -keystore planetcure-in.jks

3, Import CA

You may also receive a public CA from the certificate Authority, now you need to import it. This will be called as intermediate CA

keytool -import -alias intermediate -trustcacerts -file intermediateCA.cer  -keystore planetcure-in.jks

4, Now this is the final stage you have to import cert file , you can see that their is another key already installed in the key store that is generated along with the keystore generation, it have to replace with the valid certificate.

keytool -import -alias server -trustcacerts -file planetcure-in.crt -keystore planetcure-in.jks

This will give the success output, now move to the configuration changes.

5, Edit the server.xml for the valid entries.  Default tomcat SSL port is 8443, here I user 443 .

<Connector port="443"
           protocol="HTTP/1.1"
           maxThreads="150"
           scheme="https" secure="true" SSLEnabled="true"       
           keystoreFile="${catalina.home}/conf/keystore/planetcure-in.jks"
           keystorePass="keystorepassword" keyAlias="server"
           clientAuth="false" sslProtocol="TLS"/>

that’s it, now restart the web server to make the changes effect .

Error: SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

Posted on Updated on

After recovering my Cpanel server it was getting the Internal server error for every domain hosted and throwing  some messages in error log

[Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] Premature end of script headers: index.php, referer: http://domain.com/
[Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

My server is configured for running suphp in CGI mode with Mod-security, So it will check the sticky bit of the suphp binary.The error was because the suphp binary was missing its suid permissions and assigning it fixed the issue.

chmod +s /opt/suphp/sbin/suphp

This should fix the issue instantly.

 

 

Howto: Installing Lighttpd and enable Mod-h264 streaming module for Lighttpd

Posted on

The H264 Streaming Module is a plugin for your existing Apache/Lighttpd/Nginx webserver, below steps to  building the H264 Streaming Module for Lighttpd.

To make sure you have all dependencies (configuration files, startup scripts) installed it’s best to first install Lighttpd.

Download Old Lighttpd 1.4.18 with mod h264 streaming

[root@rc-090 ~]#cd root
[root@rc-090 ~]#wget http://h264.code-shop.com/download/lighttpd-1.4.18_mod_h264_streaming-2.2.0.tar.gz
[root@rc-090 ~]#tar -zxvf lighttpd-1.4.18_mod_h264_streaming-2.2.0.tar.gz

Download New Lighttpd 1.4.26

[root@rc-090 ~]#cd /root
[root@rc-090 ~]# wget http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-1.4.30.tar.gz
#tar -zxvf lighttpd-1.4.30.tar.gz

Note : new lighttpd-1.4.30.tar.gz didn’t have mod h264 streaming modules so we need to take the modules from lighttpd 1.4.18

We copy a few files useful sources to compile the module h264 streaming.

[root@rc-090 ~]#cd /root/lighttpd-2.2.0/src/

[root@rc-090 ~]cp mod_h264_streaming.c mod_streaming_export.h moov. * mp4_io. * mp4_process. * \

>mp4_reader. * mp4_writer. * output_bucket. * output_mp4. * lighttpd-1.4.30/src/

(OR)

Copy the module’s files from the 1.4.18 source distribution to your source distribution (lighttpd-1.4.x).

[root@rc-090 ~] cp lighttpd-2.2.0/src/mod_h264_streaming.c lighttpd-2.2.0/src/mod_streaming_export.h

[root@rc-090 ~]#cp lighttpd-2.2.0/src/mod_h264_streaming.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mod_streaming_export.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/moov.c lighttpd-1.4.30src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/moov.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_io.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_io.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_reader.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_reader.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_writer.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_writer.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_process.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/mp4_process.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/output_bucket.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/output_bucket.h lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/output_mp4.c lighttpd-1.4.30/src/
[root@rc-090 ~]#cp lighttpd-2.2.0/src/output_mp4.h lighttpd-1.4.30/src/

Edit Makefile.am

#vi lighttpd-1.4.30/src/Makefile.am

### (Add few lines below after ‘mod_flv_streaming’)
lib_LTLIBRARIES += mod_h264_streaming.la
mod_h264_streaming_la_SOURCES = mod_h264_streaming.c \
mod_streaming_export.h \
moov.c moov.h \
mp4_io.c mp4_io.h \
mp4_reader.c mp4_reader.h \
mp4_writer.c mp4_writer.h \
mp4_process.c mp4_process.h \
output_bucket.c output_bucket.h \
output_mp4.c output_mp4.h
mod_h264_streaming_la_CFLAGS = $(AM_CFLAGS) -DBUILDING_H264_STREAMING
mod_h264_streaming_la_LDFLAGS = -module -export-dynamic -avoid-version -no-undefined
mod_h264_streaming_la_LIBADD = $(common_libadd)

Kill all process lighttpd

[root@rc-090 ~]#killall -9 lighttpd

Recompiling lighttpd 1.4.30

[root@rc-090 ~]#cd lighttpd-1.4.30
[root@rc-090 ~]#./autogen.sh
[root@rc-090 ~]#./configure –enable-maintainer-mode
[root@rc-090 ~]#make && make install

Backup & Edit lighttpd.conf

[root@rc-090 ~]#vi /etc/lighttpd/lighttpd.conf
# change on server.modules
#
server.modules = (


“mod_expire”,
“mod_secdownload”,
“mod_h264_streaming”,
)
#
# add this h264 streaming extensions
h264-streaming.extensions = ( “.mp4”, “.flv” )

Starting Up Lighttpd Daemon

[root@rc-090 ~]#/usr/local/sbin/lighttpd -D -f /etc/lighttpd/lighttpd.conf &

Testing open a mp4 streaming files

[root@rc-090 ~]#cd /var/www/html/
[root@rc-090 ~]#wget http://127.0.0.1/videofile.mp4

Try to access videofile.mp4 files from browser like example below :

We also can testing out from console like below

[root@rc-090 ~]# wget -S “http://192.168.0.90/ntmonitor.mp4&#8221;
–2012-05-21 10:28:00–  http://192.168.0.90/ntmonitor.mp4
Connecting to 192.168.0.90:80… connected.
HTTP request sent, awaiting response…
HTTP/1.0 200 OK
Connection: keep-alive
X-Mod-H264-Streaming: version=2.2.0
Content-Type: video/mp4
ETag: “-144150195”
Last-Modified: Fri, 18 May 2012 11:27:23 GMT
Content-Length: 26908528
Date: Mon, 21 May 2012 04:58:00 GMT
Server: lighttpd_RC-090
Length: 26908528 (26M)
Saving to: `ntmonitor.mp4

Thants it..:)