linux

HowTo: Enable URL rewite for tomcat or other servlet container

Posted on Updated on

It is a URL rewrite feature which is most similar to the apache mod_rewrite, we can use the similar rules to apply the rewrite. Ensure that the ‘UrlRewriteFilter‘ JAR file is on your web-application’s classpath.  place the JAR file in your webapp under ‘/WEB-INF/lib’ will do the trick, and if you’ve spent any time at all working with webapps you probably already have a preferred way of doing this. Alternately, you may want to install the JAR file in your servlet container’s ‘/lib’ folder, particularly if you are deploying multiple webapps on your server and you want to have ‘UrlRewriteFilter‘ available to any/all of them automatically.

Download JAR from here

Read more Examples

once you have the ‘UrlRewriteFilter‘ JAR on your webapp’s classpath, the real setup can begin. Open your application’s ‘web.xml‘ file, and add the following filter configuration to your webapp

<filter>
 <filter-name>UrlRewriteFilter</filter-name>
 <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
 <init-param>
 <param-name>logLevel</param-name>
 <param-value>WARN</param-value>
 </init-param>
<init-param>
 <param-name>confPath</param-name>
 <param-value>/WEB-INF/urlrewrite.xml</param-value>
 </init-param>
</filter>
 <filter-mapping>
 <filter-name>UrlRewriteFilter</filter-name>
 <url-pattern>/*</url-pattern>
 </filter-mapping>

This will make the serverlet container to redirect the traffic to UrlRewriteFilter.  Note that although it is not discussed on the official site, that ‘logLevel‘ parameter is absolutely essential for filter to be apply for the traffic.

If you finish adding the tags in web.xml, then move to create urlrewrite.xml in the same directory as with the web.xml. Configure the example rules  for  the URL rewrite.

<?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
 "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
 <urlrewrite>
  <rule>
        <name>Domain Name Check</name>
        <condition name="host" operator="notequal">www.server.com</condition>
        <from>^(.*)$</from>
        <to type="redirect">http://www.server.com/$1</to>
    </rule>
    <rule>
        <from>/test</from>
        <to type="redirect">%{context-path}/examples</to>
    </rule>
</urlrewrite>

The first rule is for any request tot he application with IP or alternative alias Domain name added in the server has to rewrite to server.com. It can be also use to rewite for including www. in the URL .

The second rule is for the redirect the invalid application “test” to  to the examples,

Its looks like this :  http://test.com/test   –>  http://www.server.com/examples/  . Both the test.com and server.com are in the same server and same webapps

 

 

HowTo: Authenticated email relay server with Postfix

Posted on Updated on

Setup Postfix as a email relay server which will authenticate with public email server for sending emails. If you want to use a Gmail as a Free SMTP server us, use this as in any of the redhat or ubuntu servers
For Ubuntu

apt-get install postfix mailutils libsasl2-2 ca-certificates libsasl2-modules

Replace the ceritficate file in the configuration

cat /etc/ssl/certs/Thawte_Premium_Server_CA.pem | sudo tee -a /etc/postfix/cacert.pem

If you do not have postfix installed before, postfix configuration wizard will ask you some questions. Just select your server as Internet Site and for FQDN use something like mail.example.com , For Centos

yum install postfix email mailx cyrus-sasl cyrus-sasl-lib cyrus-sasl-plain
[root@server ~]# vi /etc/postfix/main.cf
biff = no
append_dot_mydomain = no
readme_directory = no
myhostname = smtpout.innovautelabs.intra
mydomain = innovaturelabs.intra
myorigin = $mydomain
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost.localdomain, , localhost
mynetworks = 192.168.1.0/24, 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
relayhost = [smtp.gmail.com]:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl-passwords
smtp_sasl_security_options = noanonymous
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.trust.crt 
smtp_use_tls = yes
smtp_tls_loglevel = 1
smtp_tls_security_level = encrypt
smtp_sasl_mechanism_filter = login

Now create a password file which should have a valid email and password; onece hashed the password file postfix can read the data in it after that, you can delete the plaintext passwd file. Alternately, if you’d feel better keeping the file around for whatever reason, you can run chmod 600 passwd and make it only readable by its owner, which should be root

vi /etc/postfix/sasl-passwords
[smtp.gmail.com]:587 username@gmail.com:password
chmod 600 /etc/postfix/sasl-passwords
postmap /etc/postfix/sasl-passwords

Finally, reload postfix config for changes to take effect:

service postfix restart

HowTo: Set Up Multiple SSL Certificates on One IP with Apache

Posted on Updated on

As the Apache Web server grows and matures, new features are added and old bugs are fixed. Perhaps one of the most important new features added to recent Apache versions (2.2.12, to be specific) is the long-awaited support for multiple SSL sites on a single IP address.

prerequisites,

  • The server, obviously, must use Apache 2.2.12 or higher.
  • It must also use OpenSSL 0.9.8f or later and must be built with the TLS extensions option.
  •  Apache must be built against this version of OpenSSL as it will enable SNI support if it detects the right version of OpenSSL — the version of OpenSSL that includes TLS extension support.( Default installation contains all these things)

Note:

SNI can only be used for serving multiple SSL sites from your web server and is not likely to work at all on other daemons, such as mail servers, etc. There are also a small percentage of older web browsers that may still give certificate errors. Wikipedia has an updated list of software that does and does not support this TLS extension.

Here am using wild card SSL for hosting two sub-domain in single server, similearly we can also use different ssl for different domain with the same IP.

Follow the basic installation of apache

Redhat :

[root@ip-10-132-82-251 ~]# yum install httpd openssl openssl-devel mod_ssl

Ubuntu:

apt-get install apache2 openssl mod_ssl

Get the the certificate from the authority or use self singed SSL, Verify you have enabled SSL module in the existing apache installation

[root@ip-10-132-82-251 ~]# httpd -M  |grep ssl

Add the following lines in the apace main configuration file httpd.conf

[root@ip-10-132-82-251 ~]#  vi /etc/httpd/conf/httpd.conf 
###FOR SSL
NameVirtualHost *:443
<IfModule mod_ssl.c>
    # If you add NameVirtualHost *:443 here, you will also have to change
    # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
    # to
    # Server Name Indication for SSL named virtual hosts is currently not
    # supported by MSIE on Windows XP.
    Listen 443
</IfModule>
<IfModule mod_gnutls.c>
    Listen 443
</IfModule>

Create the Virtual Hosts

Once you downloaded all required files for SSL, proceed to creating Vhost.

Here is the Vhost entry that I used

[root@ip-10-132-82-251 ~]# vi /etc/httpd/conf.d/domain1-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerName domain1.mydomain.com
        DocumentRoot "/opt/web-home/domain1/public_html"
        <Directory />
                Options FollowSymLinks
                AllowOverride all
        </Directory>
        <Directory /opt/web-home/domain1/public_html>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride all
                Order allow,deny
                allow from all
        </Directory>
        ScriptAlias /cgi-bin/ /opt/web-home/domain1/public_html/cgi-bin/
        <Directory "/opt/web-home/domain1/public_html/cgi-bin/">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/ssl/certs/planetcure.in.crt
SSLCertificateKeyFile /etc/ssl/certs/planetcure.in.key
SSLCertificateChainFile /etc/ssl/certs/planetcure.in.csr
SSLCACertificateFile /etc/ssl/certs/planetcure.in.ca
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>
</IfModule>
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

You can also create more Vhost files using this entry. By changing the domain name and the SSL path.

Now restart the apache

[root@ip-10-132-82-251 ~]# service httpd restart

To verify the list of enabled vhost, use the below command

[root@ip-10-132-82-251 ~]# apachectl -S
VirtualHost configuration:
wildcard NameVirtualHosts and _default_ servers:
*:443                  is a NameVirtualHost
         default server domain1.planetcure.in (/etc/httpd/conf.d/domain1-ssl.conf:2)
         port 443 namevhost domain1.planetcure.in (/etc/httpd/conf.d/domain1-ssl.conf:2)
         port 443 namevhost domain2.planetcure.in (/etc/httpd/conf.d/domain2-ssl.conf:2)
Syntax OK

Phew, these domains having their own SSL with single IP 🙂

Howto: Install Ruby on Rails with Cpanel

Posted on

Installing Ruby on Rails on cPanel

Start the installation steps with root privileged or sudo user or you have to submit a tickte to your hosting provider for enabling Ruby on rails in you hosting account.

For detailed information about RubyGems: commands and system, read their User Guide Manuals at: www.rubygems.org/

– To install Ruby on Rails:

SSH to the server and run this command:

  • /scripts/installruby

If LIBSAFE is installed on your server, you need to add the directive /usr/bin/ruby to the exception list to prevent buffer overflow errors. SSH to the server and run this command:

  • echo “/usr/bin/ruby” >> /etc/libsafe.exclude

The local path to the binary package is:
/usr/bin/gem

To check on the current version installed on your server:

  • /usr/bin/gem -v

To list all installed gems:

  • /usr/bin/gem -l

– To uninstall Ruby on Rails:

  1. List all the gems installed on your server and remove them all using the following command:
    • /usr/bin/gem uninstall NAME_OF_GEM

    The cPanel/WHM, by default, installs the following Gems:
    rails, mongrel, fastthread, actionmailer, actionpack, activerecord, activeresource, activesupport, cgi_multipart_eof_fix, daemons, gem_plugin, rake. For example, to uninstall the Gem: rails, we’ll run this command:

    • /usr/bin/gem uninstall rails

    Sample output:
    Successfully uninstalled rails version 0.1.6

  2. Remove Gem directories and the binary package using the following commands (in that order):
    • /bin/rm -rf /usr/lib/ruby
    • /bin/rm -rf /home/cprubygemsbuild
    • /bin/rm -fv /root/.gem
    • /bin/rm -fv /usr/bin/gem
  3. Remove all ruby directories added to a client’s root directory. The local path is: /home/USER/ruby/
  4. Restart the cPanel (un-necessary but do it any way)
  • /sbin/service cpanel restart

 

Error: SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

Posted on Updated on

After recovering my Cpanel server it was getting the Internal server error for every domain hosted and throwing  some messages in error log

[Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] Premature end of script headers: index.php, referer: http://domain.com/
[Wed Jul 17 09:46:14 2013] [error] [client 111.222.333.444] SecurityException in Application.cpp:188: Do not have root privileges. Executable not set-uid root?

My server is configured for running suphp in CGI mode with Mod-security, So it will check the sticky bit of the suphp binary.The error was because the suphp binary was missing its suid permissions and assigning it fixed the issue.

chmod +s /opt/suphp/sbin/suphp

This should fix the issue instantly.

 

 

info: How to install java on Ubuntu.

Posted on Updated on

JAVAJava is a object-oriented computer programming language developed by James Gosling  at Sun Microsystems and released in 1995 lated it has been migrated to

Oracle systems. The code that can runs on one platform does not need to be recompiled.

Ubuntu

Install oracle java 7 in ubuntu 12.04
Here I have described about one of the easiest installation method of Oracle-JAVA on Ubuntu using JAVA repository. for more information : http://en.wikipedia.org/wiki/Java_(programming_language)

Open the terminal and run the following commands

# java -version
java version "1.6.0_24"
OpenJDK Runtime Environment (IcedTea6 1.11.5) (6b24-1.11.5-0ubuntu1~12.04.1)
OpenJDK Server VM (build 20.0-b12, mixed mode)

# sudo add-apt-repository ppa:webupd8team/java
# sudo apt-get update
# sudo apt-get install oracle-java7-installer

Now check the new updated verison

# java -version
java version "1.7.0_21"
Java(TM) SE Runtime Environment (build 1.7.0_21-b11)
Java HotSpot(TM) Server VM (build 23.21-b01, mixed mode)

 

sdf

Check the installation directory:

anand@desktop:~$ ll /usr/lib/jvm/java-7-oracle/
total 19720
drwxr-xr-x 8 root root 4096 May 3 09:32 .
drwxr-xr-x 6 root root 4096 May 3 09:32 ..
drwxr-xr-x 2 root root 4096 May 3 09:32 bin
-r--r--r-- 1 root root 3339 May 3 09:32 COPYRIGHT
drwxr-xr-x 4 root root 4096 May 3 09:32 db
drwxr-xr-x 3 root root 4096 May 3 09:32 include
drwxr-xr-x 5 root root 4096 May 3 09:32 jre
drwxr-xr-x 3 root root 4096 May 3 09:32 lib
-r--r--r-- 1 root root 40 May 3 09:32 LICENSE
drwxr-xr-x 4 root root 4096 May 3 09:32 man
-r--r--r-- 1 root root 114 May 3 09:32 README.html
-rw-r--r-- 1 root root 443 May 3 09:32 release
-rw-r--r-- 1 root root 19838528 May 3 09:32 src.zip
-rw-r--r-- 1 root root 123324 May 3 09:32 THIRDPARTYLICENSEREADME-JAVAFX.txt
-r--r--r-- 1 root root 172252 May 3 09:32 THIRDPARTYLICENSEREADME.txt

 

That’s all 🙂

ERROR: SQL error: [unixODBC][Driver Manager]Data source name not found, and no default driver specified

Posted on Updated on

One of our server getting odbc_connection error after migration, this will usually  happens because ODBC module has not enabled on the server,  While I tried to set up ODBC with freeTDS in order to connect to a MSSQL server faced several issues.

MSSQL uses Tabular Data Stream (TDS) as a communication protocol which is same like in Sybase. freeTDS is an implementation of TDS protocol.

Before trying to connect with freetds to the mssql server, make sure, that your MSSQL server has remote access to connect.

[02-May-2013 02:21:31 America/Denver] PHP Warning: odbc_connect() [<a href='function.odbc-connect'>function.odbc-connect</a>]: SQL error: [unixODBC][Driver Manager]Data source name not found, and no default driver specified, SQL state IM002 in SQLConnect in /home/anand/public_html/mssql2000.php on line 69

We need below packages installed to get this done.

1, php-odbc
2, unixODBC
3, freetds

Installation : 

#pecl  install php-odbc
#yum install unixODBC-devel unixODBC freetds-devel freetds

Or,

Download unixODBC and untar it

#wget ftp://ftp.unixodbc.org/pub/unixODBC/unixODBC-2.3.0.tar.gz
#tar –xzf unixODBC-2.3.0.tar.gz
#cd unixODBC-2.3.0 ; ./configure ; make ; make install

Installing freeTDS
Set environmental variable at /etc/profile. Add following lines at end

#vi /etc/profile
 # TDS
SYBASE=/usr/local 
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:$SYBASE/lib 
export SYBASE LD_LIBRARY_PATH 
#http://ibiblio.org/pub/Linux/ALPHA/freetds/stable/freetds-stable.tgz
#tar –xzf freetds*.tar.gz ; cd freetds* ; ./configure --with-tdsver=8.0 --with-unixodbc=/usr/local ; make ; make install

Configuration:
Note: tdsver=8.0 if you use SQL 2000, tdsver=7.0 if you use SQL 7.0, More info about freetds.conf here

root@server [~]# cat /etc/freetds.conf
[MSSQLSERVER]               
host = 11.222.333.44
port = 1433
tds version = 8.0

Setup ODBC:
Create template for both driver and configuration. before creating make sure that the driver files are valid.

root@server [~]# vi tds.driver.template
#Driver for MS SQL
[FreeTDS]                       #"FreeTDS" is the unique name for this driver
Description = FreeTDS driver
Driver = /usr/lib64/libtdsodbc.so.0
Setup = /usr/lib64/libtdsS.so.1
FileUsage = 1
UsageCount =1

root@server [~]# vi tds.datasource.template
[MSSQL]               #"MSSQL" is the DSN name that we call to connect database
Driver = FreeTDS      # name that we specified in the driver file
Description = MSSQL ReflectiveLearning
Trace = No
TraceFile = /var/log/freetds.log
Servername = MSSQLSERVER    # this  name specified in the freetds.conf
Port = 1433
Database = reflective_Live
TDS_Version = 8.0
 Now install the data source and driver

The below commands will create configuration file for odbc but odbc.ini has create in users home dir by default we have to move it manually to /etc/

odbcinst -i -d -f tds.driver.template
odbcinst -i -s -f tds.datasource.template
cp -rpf ~/.odbc.ini /etc/odbc.ini
mv /etc/odbc.ini /usr/local/etc
mv /etc/odbcinst.ini /usr/local/etc
cd /etc
ln -s /usr/local/etc/odbc.ini
ln -s /usr/local/etc/odbcinst.ini
chmod 0664 /usr/local/etc/odbc*.ini
cd ~

check by using command line
#tsql -H Hostname_OR_IP -p PortNumber -U Username

root@server [~]# isql -v DSNname Username 'Password'
+---------------------------------------+
| Connected!                            |
|                                       |
| sql-statement                         |
| help [tablename]                      |
| quit                                  |
|                                       |
+---------------------------------------+
SQL> quit
That’s all, now the application will works fine.
some PHP code to connect to it
<?php
//*************************************************************************
//Open Database Connection
//************************************************************************* 
$dbserver="ipaddress";
$dbusername="tester4";
$dbpassword="password1234";
$defaultdb="testdb";
$cn = mssql_connect($dbserver,$dbusername,$dbpassword) or die("Connection Error");
$db = mssql_select_db($defaultdb,$cn) or die("Database Error");
echo "Connection Success"
?>

Some of the useful commands,

odbcinst -j         # to check the ODBC version and configuration.
odbcinst -q -d   # View loaded drivers.
odbcinst -q -s   # View DSN entry
tsql -LH 22.33.55.44   #To list MSSQL server instant name,version etc.,
osql -S DSN -U Username -P ‘Password’ #list the configuration files loaded to connect ODBC