tyuiop

Wednesday, August 31, 2005

INSTALLING APACHE2 AND PHP4 On DEbIaN sARgE

apt-get install apache2 apache2-doc
apt-get install libapache2-mod-php4 libapache2-mod-perl2 php4 php4-cli php4-common php4-curl php4-dev php4-domxml php4-gd php4-imap php4-ldap php4-mcal php4-mhash php4-mysql php4-odbc php4-pear php4-xslt curl libwww-perl imagemagick php4

Edit /etc/apache2/apache2.conf. Change

DirectoryIndex index.html index.htm index.shtml index.cgi index.php index.php3 index.pl index.xhtml

Edit /etc/mime.types and comment out the following lines:

#application/x-httpd-php phtml pht php #application/x-httpd-php-source phps #application/x-httpd-php3 php3 #application/x-httpd-php3-preprocessed php3p #application/x-httpd-php4 php4

Edit /etc/apache2/mods-enabled/php4.conf and comment out the following lines:


# AddType application/x-httpd-php .php .phtml .php3
# AddType application/x-httpd-php-source .phps


Edit /etc/apache2/ports.conf and add Listen 443:

Listen 80
Listen 443


Now we have to enable some Apache modules (SSL, rewrite and suexec):

cd /etc/apache2/mods-enabled
ln -s /etc/apache2/mods-available/ssl.conf ssl.conf
ln -s /etc/apache2/mods-available/ssl.load ssl.load
ln -s /etc/apache2/mods-available/rewrite.load rewrite.load
ln -s /etc/apache2/mods-available/suexec.load suexec.load
ln -s /etc/apache2/mods-available/include.load include.load

Restart Apache:

/etc/init.d/apache2 restart

TEST PHP4


Take comment in a apache2.conf file
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps

Create a index.php file, like
test to your servername (www.domain.com)












A real domain example

1 /etc/named.conf (or /var/named/named.conf)

// Boot file for LAND-5 name server

options {
directory "/var/named";
};

controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};

key "rndc_key" {
algorithm hmac-md5;
secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K";
};

zone "." {
type hint;
file "root.hints";
};

zone "0.0.127.in-addr.arpa" {
type master;
file "zone/127.0.0";
};

zone "land-5.com" {
type master;
file "zone/land-5.com";
};

zone "177.6.206.in-addr.arpa" {
type master;
file "zone/206.6.177";
};

2 /var/named/root.hints

; <<>> DiG 8.1 <<>> @A.ROOT-SERVERS.NET.
; (1 server found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13
;; QUERY SECTION:
;; ., type = NS, class = IN

;; ANSWER SECTION:
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4
J.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.10
K.ROOT-SERVERS.NET. 5w6d16h IN A 193.0.14.129
L.ROOT-SERVERS.NET. 5w6d16h IN A 198.32.64.12
M.ROOT-SERVERS.NET. 5w6d16h IN A 202.12.27.33
A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4
H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53
B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107
C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12
D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90
E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10
I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17
F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241

;; Total query time: 215 msec
;; FROM: roke.uio.no to SERVER: A.ROOT-SERVERS.NET. 198.41.0.4
;; WHEN: Sun Feb 15 01:22:51 1998
;; MSG SIZE sent: 17 rcvd: 436

3 /var/named/zone/127.0.0

$TTL 3D
@ IN SOA land-5.com. root.land-5.com. (
199609203 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
86400) ; Minimum TTL
NS land-5.com.

1 PTR localhost.

4 /var/named/zone/land-5.com

$TTL 3D
@ IN SOA land-5.com. root.land-5.com. (
199609206 ; serial, todays date + todays serial #
8H ; refresh, seconds
2H ; retry, seconds
4W ; expire, seconds
1D ) ; minimum, seconds
NS land-5.com.
NS ns2.psi.net.
MX 10 land-5.com. ; Primary Mail Exchanger
TXT "LAND-5 Corporation"

localhost A 127.0.0.1

router A 206.6.177.1

land-5.com. A 206.6.177.2
ns A 206.6.177.3
www A 207.159.141.192

ftp CNAME land-5.com.
mail CNAME land-5.com.
news CNAME land-5.com.

funn A 206.6.177.2

;
; Workstations
;
ws-177200 A 206.6.177.200
MX 10 land-5.com. ; Primary Mail Host
ws-177201 A 206.6.177.201
MX 10 land-5.com. ; Primary Mail Host
ws-177202 A 206.6.177.202
MX 10 land-5.com. ; Primary Mail Host
ws-177203 A 206.6.177.203
MX 10 land-5.com. ; Primary Mail Host
ws-177204 A 206.6.177.204
MX 10 land-5.com. ; Primary Mail Host
ws-177205 A 206.6.177.205
MX 10 land-5.com. ; Primary Mail Host
; {Many repetitive definitions deleted - SNIP}
ws-177250 A 206.6.177.250
MX 10 land-5.com. ; Primary Mail Host
ws-177251 A 206.6.177.251
MX 10 land-5.com. ; Primary Mail Host
ws-177252 A 206.6.177.252
MX 10 land-5.com. ; Primary Mail Host
ws-177253 A 206.6.177.253
MX 10 land-5.com. ; Primary Mail Host
ws-177254 A 206.6.177.254
MX 10 land-5.com. ; Primary Mail Host

5 /var/named/zone/206.6.177

$TTL 3D
@ IN SOA land-5.com. root.land-5.com. (
199609206 ; Serial
28800 ; Refresh
7200 ; Retry
604800 ; Expire
86400) ; Minimum TTL
NS land-5.com.
NS ns2.psi.net.
;
; Servers
;
1 PTR router.land-5.com.
2 PTR land-5.com.
2 PTR funn.land-5.com.
;
; Workstations
;
200 PTR ws-177200.land-5.com.
201 PTR ws-177201.land-5.com.
202 PTR ws-177202.land-5.com.
203 PTR ws-177203.land-5.com.
204 PTR ws-177204.land-5.com.
205 PTR ws-177205.land-5.com.
; {Many repetitive definitions deleted - SNIP}
250 PTR ws-177250.land-5.com.
251 PTR ws-177251.land-5.com.
252 PTR ws-177252.land-5.com.
253 PTR ws-177253.land-5.com.
254 PTR ws-177254.land-5.com.

get information froM:http://www.tldp.org/HOWTO/DNS-HOWTO-7.html

Per-user web directories


Setting the file path with UserDir

edit take comment from a apache2.conf file

UserDir public_html or UserDir /var/html or UserDir /var/www/*/docs

test to
http://example.com/~rbowen/file.html

Restricting what users are permitted to use this feature

UserDir enabled
UserDir disabled root jro fish
or
UserDir disabled
UserDir enabled rbowen krietz

Enabling a cgi directory for each user


Options ExecCGI
SetHandler cgi-script


test
http://example.com/~rbowen/cgi-bin/example.cgi



A basic configuration

ProFTPd

COnfigurating A group can access ftp server

  • #addgroup ftpuser
  • #usermod -G ftpuser username

add some parameter into a proftpd.conf file ,after AllowOverwrite on

# here are my improvements

# chroot for all users of the group ftpuser
DefaultRoot ~ ftpuser

# grant login only for members of the group

DenyGroup !ftpuser


# disable root login and require a valid shell (from /etc/shells)

RootLogin off
RequireValidShell on


# increase
UseReverseDNS off
IdentLookups off

# Logging formats
LogFormat default "%h %l %u %t \"%r\" %s %b"
LogFormat auth "%v [%P] %h %t \"%r\" %s"
LogFormat write "%h %l %u %t \"%r\" %s %b"

# activate logging

# every login
ExtendedLog /var/log/ftp_auth.log AUTH auth

# file/dir access
ExtendedLog /var/log/ftp_access.log WRITE,READ write

# forr paranoid (big logfiles!)
#ExtendedLog /var/log/ftp_paranoid.log ALL default

then try it
recommend to create a pseudo shell /bin/ftp as a copy of /bin/false and add it in /etc/shells.
deb:~# cp /bin/false /bin/ftp
deb:~# echo "/bin/ftp" >> /etc/shells
deb:~# usermod -s /bin/ftp username

more information links to http://archiv.debianhowto.deLinkwto.de

Tuesday, August 30, 2005

Basic authentication on apache


  1. Create a password file
  2. Set the configuration to use this password file
  3. Optionally, create a group file
Create a password file

  • htpasswd -c /usr/local/apache/passwd/passwords username
  • htpasswd /usr/local/apache/passwd/passwords sungo

Set the configuration to use this password file

Configure apache
replace AllowOverride None to AllowOverride AuthConfig in
which file to load

Create a .htaccess file in directory, like this:

  • AuthType Basic
    AuthName "By Invitation Only"
    AuthUserFile /usr/local/apache/passwd/passwords
    Require user rbowen sungo
  • Require valid-user

Optionally, create a group file


authors: rich daniel allan
AuthType Basic
AuthName "Apache Admin Guide Authors"
AuthUserFile /usr/local/apache/passwd/passwords
AuthGroupFile /usr/local/apache/passwd/groups
Require group authors