Shared hosting using Apache

Shared web-hosting is a technique to optimize the usages of a server, where multiple websites can be hosted together with different domain names. Each hosted website can have separate IP address as well.

LAMP Server Setup

LAMP stands for "Linux, Apache, MySql and PHP", which is a open source web development platform also called as web stack, which uses Linux as Operating System, Apache for web-serve, MySql for RDBMS and PHP/Python/Perl for back-end programming language.

Recover deleted files in Linux

Deleted files can't be restored directly in Linux from any recycle bin as we can do in Windows based machines, but using some aplications like: Photorec, we can d the same.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.This theme is Bloggerized by Lasantha Bandara - Premiumbloggertemplates.com.

Wednesday, December 31, 2014

Certificate Signing Request and private key for SSL Certificate

By No comments
Certificate Signing Request and private key for SSL Certificate

The Secure Socket Layer (SSL) is used to encrypt the data stream between the web server and the web browser. SSL uses public key cryptography where two keys are created one is public and another is private. Data is encrypted with server’s private key and can be decrypted by its corresponding public key only. To ensure certificate holder is legitimate a digitally signed certificate is used which is issued by CA (certificate authority like: VeriSign) otherwise browser will show warning message.
Generating private key:

Openssl toolkit is used for creating a CRS (certificate signing request) and private key. It can also be used for creating a self-signed SSL certificates or we can get it signed by CA (Certificate Authority).
Our first step is to create a private key.
nixvilla@nixvilla-dev-vm:$ sudo openssl genrsa -out example.com.key 2048
Generating RSA private key, 2048 bit long modulus
.+++
............................+++
e is 65537 (0x10001)

Above command will generate a RSA private key with 2048 bit which uses Triple-DES encryption which is readable as ASCII text.
2048 bit size key ensures that it can’t be easily cracked by brute force methods. If private key is broken the connections initiated with it would be exposed to whoever has the key.

Generating CSR (Certificate signing request):

After generating private key, we can generate the CSR file which will be used for generating certificate. A certificate can be self-signed or can be signed by any certified authority (CA).
nixvilla@nixvilla-dev-vm:$ sudo openssl req -new -key example.com.key -out example.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:India
Locality Name (eg, city) []:New Delhi
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Example
Organizational Unit Name (eg, section) []:IT dept.
Common Name (eg, YOUR name) []:*.example.com
Email Address []:contact@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

A certificate authority (CA) will use this CSR to create SSL certificate.We should keep our private key secret.
Decoding CRS:

We can decode CSR file by the following openssl command.
nixvilla@nixvilla-dev-vm:$  openssl req -in example.com.csr -noout -text
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=IN, ST=India, L=New Delhi, O=Example, OU=IT dept., CN=*.example
le.com/emailAddress=contact@example.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:ea:50:6d:13:b2:cb:2c:f6:61:c1:d5:c9:21:8a:
b6:ef:f9:9c:91:71:0c:b2:c0:d1:68:0a:19:5b:4b:
45:c9:2f:df:44:93:1f:8f:65:5a:fb:30:9c:0f:4a:
2c:17:85:5f:90:48:2b:c2:65:5f:79:18:a0:c5:c8:
fc:6d:8e:9f:5a:0c:c7:87:7e:6e:57:f1:1e:3b:0b:
41:8e:81:67:53:54:40:c2:04:75:00:b4:26:bf:f1:
26:c9:60:39:b9:09:71:5f:98:89:b1:0e:56:44:51:
b4:79:64:0c:ad:a9:e4:cb:a2:d1:7a:c6:7b:bb:18:
f3:d3:f4:fc:bc:70:85:39:92:a0:51:89:61:ac:19:
b2:7c:82:6b:f8:c4:c4:34:fa:78:d5:b8:8b:51:d7:
ba:5f:6c:b3:93:c7:06:91:dc:e1:ee:3b:09:63:05:
8c:5b:06:d9:fb:44:43:34:81:af:10:35:53:ef:c8:
8d:b3:c4:13:94:ae:ec:c9:0b:d7:0c:42:ab:30:88:
a7:f0:78:f2:d1:67:7e:bd:2a:72:47:f4:19:0b:fe:
ed:9e:d6:6d:01:00:3b:f9:5b:05:16:16:c1:06:09:
a7:fb:4c:8c:e9:e2:f3:06:08:68:cc:cf:2f:cb:d4:
76:99:a6:ef:ca:ba:9c:17:40:7d:9d:89:17:61:c5:
36:bf
Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha1WithRSAEncryption
ca:a5:ff:d3:b4:e3:3f:10:8d:23:b2:4b:7b:ea:5b:86:d6:35:
ae:1f:e1:e6:de:b1:e2:d8:7c:e0:1b:77:ed:b3:76:a6:9d:9f:
5f:13:8a:09:06:34:93:ea:4c:15:87:6d:2b:71:a4:e7:bc:38:
7b:00:39:d3:ee:4a:42:cc:2d:e8:d3:47:be:a1:bc:41:8a:35:
9e:e8:63:25:79:a8:de:d5:89:b4:24:56:fa:00:77:5d:63:5f:
7b:0e:d2:4f:92:3b:a2:05:5b:31:d8:80:ad:4c:5b:dc:b3:d1:
5b:3a:9e:b5:f4:3a:c0:41:a8:29:38:71:c0:bc:d1:d7:06:53:
46:d0:e5:04:2b:47:c1:59:81:e9:17:78:40:79:79:1d:78:21:
13:ed:ae:e0:a4:c9:b0:f3:c5:88:9a:fd:8b:c8:15:dd:c2:80:
6a:6e:86:17:f9:1a:ec:08:b6:7a:b6:6c:7a:5a:0d:39:01:87:
35:00:ed:f3:9a:21:44:79:ae:b5:f5:79:34:24:08:02:31:5f:
b9:cc:54:33:ee:f6:4f:76:0f:bc:5f:dd:eb:5b:da:f8:90:da:
26:00:26:a6:6c:2f:43:cf:79:6e:31:f3:ce:fb:bb:43:0d:be:
05:8c:47:ab:47:d7:3b:6f:8f:38:5f:39:78:11:d8:b1:8c:66:
99:04:f0:48

This can be used to cross-check the information before getting the certificate.
These are the following information that we can re-check from CSR:
  • The bit-length of a CSR and private key pair.
  • organization name
  • organizational unit name
  • common name (domain name)
  • locality name
  • Country name in 2 letter code.
Read More

Shared Hosting using apache

By , , No comments
We can host multiple websites from a single server to utilize the server resources appropriately.

If we are using apache as our web-server, we can do this by two ways:
Shared Hosting

1.) IP-based virtual hosting: 

In IP-based virtual hosting, we are running more than one web site on the same server machine, but each web site has its own IP address.

 But, we require multiple IPs in that single server and to assign multiple IPs, we require multiple interface cards.

In Linux based OS we can use below command to add a new virtual interface upon physical interface card and assign IPs to the same:
Create virtual interface card








Here we have 1 physical NIC card eth0 from which we have created 3 virtual NIC card eth0:0, eth0:1, eth0:2 with IP address 192.168.10.1, 192.168.10.2, 192.168.10.3 respectively
.
The server has three IP addresses (192.168.10.1, 192.168.10.2, and 192.168.10.3) which resolve to the names www.example.com, www.example.org and www.example.gov respectively.

Below is the sample apache configuration file to use IP based virtual hosting, we can have separate configuration file for each website as well.

Sample IP based virtul hosting
















In the above configuration file, we have placed our website code for www.example.com, www.example.org, www.example.gov under /www/example, /www/example2 and /www/example3 respectively.

We can add number of virtual interfaces as per our requirement and assign relevent IP and host multiple websites.

2.) Name Based Virtual Hosting: 

Name based virtual hosting is a method of running multiple web sites using only one IP Address. It is possible because the HTTP Protocol includes the target address in its headers.

In this configuration, when Apache webserver receives a request, it looks for the hostname in the HTTP header, and depending on the hostname, it servers different websites. In this case we need only one IP-address on that physical server; but, we have to update the DNS with multiple website names pointing to the same IP-address.
For update the website name in DNS we have to update forward lookup zone file and backward lookup zone file.

For forward lookup zone entry:

Forward look-up zone





For reverse lookup zone entry:

Reverse lookup zone





Now server configurations in apache configuration file for several name based hosting on single IP.

Name based virtual hosting












Where,

NameVirtualHost  IP  – Indicates that all the name-based virtual hosts will be match that IP
<VirtualHost IP> </VirtualHost> – Enclose all the apache configuration parameters for each and every virtual host between these VirtualHost tags. Any apache directives can be used within the virtualhost container.
ServerName listens for requests asking for a certain domain
DocumentRoot is the path to the content for that site
• In the following example, we are setting up virtual host for www.example.com and www.example.org on single IP. So, there will be two <VirtualHost IP> </VirtualHost>, one for each website.


Bazinga... Done. Cheers!!
Thanks Vikas for your input.

Keep visiting and please comment/suggest or ask queries if any.


Read More

Password protect website using Apache

By , No comments
In our website hosting activities, we must have encountered a situation where we need to put our
Password Protect Website
website under password protection to restrict the access.

We can make our website password protected using our apace web-server itself by adding few lines in the websites's web-server (apache) configuration file.

Step1: Make changes to apache configuration file:

In the below sample configuration file, you can make require changes as per your setup Like: we can change the document root path with our code-base location, in my case it is /var/www and website name is www.nixvilla.com.

Sample apache configuration file.




















Step2: After apache configuration file is updated, we need to create the AuthUserFile at the specified location, as per the above configuration, we need to create passwd file under /var/local/sites folder.

To create the password file use the below command:

htpasswd -c /var/local/sites/passwd nixvilla

 where, 

  • -c : Create  the password file, if exists then rewritten and truncated.
  • nixvilla: nixvilla is the username, you can replace this with your own username, but same must be changed in the apache configuration file( Require user <username>).

Step3: Now, we need to check the permission and the ownership of the AuthUserFile, in our case it is /var/local/sites/passwd.

 ls -l /var/local/sites/passwd

 using above command, we can check the permission and ownership.
Normally apache uses www-data user, so we need to change the ownership to www-data.

chown www-data:www-data /var/local/sites/passwd
chmod 0660 /var/local/sites/passwd

Step4: Now, we need to restart the apache process to make the changes reflected.

 In debian based systems, like in Ubuntu:

 "apache2ctl configtest" command will check the configuration error and will display error message else will show Syntax OK.

If Syntax is Ok then we can gracefully restart the apache.

 sudo apache2ctl configtest
sudo apache2ctl graceful

In Redhat/CentOS:

We can use "apachectl configtest" to check the configuration issues. And if all configuration is Ok, we can restart the service:

sudo apachectl configtest
sudo apachectl graceful

Now, we can open our website to test the password protection. If everything goes right, website will ask the password using a password pop-up.

 If any issue, we can troubleshoot by referring the error log, whose path is defined in apache configuration file.

 tail -f /var/log/apache2/nixvilla-error.log/

 Bazinga.... All Done !!

 Many thanks for reading the article. Keep visiting and post your comments/suggestions/queries.

 Happy New Year...
Read More

Sunday, December 28, 2014

DNS server setup in Ubuntu 12.04

By , No comments

DNS stands for Domain Name System, which is a hierarchical distributed naming system. It binds an IP address with a name, so that we can use a name for a website/machine rather than remembering its IP address and use IP address, which is very inconvenient. 

In this article we will use Ubuntu 12.04 LTS as our operating system and bind9 for DNS server.

Setup details:

1. IP Address: 172.16.61.130
2. Domain name: alokranjan.net

Note: Your system's IP may be different and domain name can be of your choice.

Lets start with the installation of bind9 package, which can be installed as below:

alok@ranjan:~$ sudo apt-get install bind9 -y

Once the bind9 package will be installed successfully. we can go ahead with the configuration of a basic DNS server.

First of all, we will edit "/etc/bind/named.conf.local". In this file we define forward zones and reverse zones. That means, when we enter domain name it will translate/resolve into its corresponding IP address and when we use an IP address it will translate/resolve it into name." 

Modified named.conf.local file as following:

zone "alokranjan.net" {
        type master;
        file "/etc/bind/db.alokranjan";
};

 zone "61.16.172.in-addr.arpa" {
        type master;
        file "/etc/bind/db.172"; 
};


Where 61.16.172 came from my IP address (172.16.61.130) by eliminating last octet and reversing it.

Now we need to create db.alokranjan and db.172 in /etc/bind/ directory.

/etc/bind/db.alokranjan:

Fig 1:/etc/bind/db.alokranjan



/etc/bind/db.172:

Fig 2:/etc/bind/db.172











Congratulations, we have successfully configured our DNS server. Now we will restart our bind9 service as below:

sudo /etc/init.d/bind9 restart

Now, we need to configure our system (client) to use this DNS server. For this purpose we will edit /etc/resolv.conf as below:

nameserver 172.16.61.130

 Now if we use nslookup (nslookup alokranjan.net) to check the IP for alokranjan.net it will show the IP 172.16.61.130.

 Bazinga... It's done.



Read More