Linux basic configurations - linux server http://basicconfig.com/taxonomy/term/16 en Install and configure dhcp server in Slackware Linux http://basicconfig.com/linuxnetwork/install_configure_dhcp_server_slackware_linux <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>A computer needs an ip address in order to communicate with other computer in a networking environment while a server needs to provide ip addresses for all its clients (users). There are two types of server that provide ip addresses to clients, a dynamic ip address server and static ip address server. A server that provides dynamic ip address is called a DHCP server (DHCP - Dynamic Host Configuration Protocol). That is the server that we are going to setup here.</p> <p>Before we begin, let's look at how dhcp server works and some basic information about dhcp. A dhcp server not only handing over ip addresses to clients but also provides complete networking requirements such as subnet mask, DNS address and gateway router address. All these information are given automatically during boot up when a client has been configured to be a dhcp client.</p> <p>A dhcp server is reasonable in a network environment where over 15 clients needed ip addresses. The reason is static ip addresses are hard to manage and in case of organization is planning for expenditure, dhcp is future proof. A dhcp server needs to be configured with a range of ip addresses that it can assign to network clients. When a client is boot up, it will provide an ip address along with other required addresses and prepare the next ip address in range for the next client. The ip address is never fix for one client, that's why it's called dynamic. When a client computer is shutdown, its ip address is released and can be assigned to another computer.That how a dhcp server works.</p> <h2>Install dhcp server in Slackware</h2> <p>A Linux server needs a dhcp service which is called a dhcpd (it's dhcp daemon) installed before dhcp can be configured. Slackware compiled dhcpd package is in /slackware-12.1/source/n/dhcp directory in Slackware installation dvd. It's recommended to download the latest dhcpd packages from Linux distribution's website or package maintainer website.</p> <p>In Slackware Linux, installing a package is easy with a package utility called pkgtool. Pkgtool is a menu base tool. To use the utility, just type pkgtool in command line terminal. However you need to download whatever package you want to install because pkgtool can't get package from the Internet.</p> <p>Go to <a href="http://packages.slackware.it" target="blank">Slackware packages website</a> to download latest dhcpd package released.</p> <p>Search current dhcpd package, choose nearest mirror and download it. Save dhcpd package in /tmp directory.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/dhcp01.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/dhcp01.png" alt="Slackware search current dhcp package" /></a></p> <p>Change directory to /tmp. Type pkgtool at command line terminal. </p> <table><tr><td><code>root@slackware:# <span style="color:red;">cd /tmp</span><br /> root@slackware:/tmp# <span style="color:red;">pkgtool</span><br /></code></td> </tr></table><p>Choose Current - Install packages from the current directory.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/dhcp02.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/dhcp02.png" alt="Install dhcp packages from the current directory" /></a></p> <p>Choose Yes - Install package dhcp-3.0.6-i486-1.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/dhcp03.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/dhcp03.png" alt="Install package dhcp-3.0.6-i486-1" /></a></p> <p>Slackware also has software package management system called <em>slackpkg</em> which works similar to Debian <em>aptitude</em>. Slackpkg can automatically install and update software package via the Internet. You can install slackpkg from Slackware dvd in <em>extra</em> package. The steps for slackpkg installation from cd or dvd using pkgtool is the same as dhcp installation above. For more information about Slackware slackpkg, see <a href="/linux/slackpkg">slackpkg - Slackware package management system </a>tutorial. Here is a slackpkg syntax to install and upgrade dhcpd package:</p> <ol><li><b><a href="mailto:root@slackware">root@slackware</a>:~# slackpkg install dhcpd</b></li> <li><b><a href="mailto:root@slackware">root@slackware</a>:~# slackpkg upgrade dhcpd</b></li> </ol><p>When you invoke the <b>slackpkg install dhcpd</b>, dhcpd package will be downloaded from the chosen mirror when setting up slackpkg. If you experienced slow connectivity or dhcp download failed, choose other slackpkg mirror. That's all. With slackpkg, you just type the command, and slackpkg will do the rest.</p> <h2>Configure dhcp server in Slackware</h2> <p>The first step is done, now we are going to configure dhcp server in Slackware Linux. Before we continue, let's check whether dhcp package was successfully installed in our system:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">slackpkg search dhcp</span><br /><br /> The list below shows all packages with the selected pattern.<br /><br /> [ installed ] - kdelibs-3.5.9-i486-4<br /><span style="color:blue;">[ installed ] - dhcp-3.0.6-i486-1</span><br /> [ installed ] - dhcpcd-2.0.4-i486-2<br /> [ installed ] - iproute2-2.6.16_060323-i486-2<br /><br /> root@slackware:~#<br /></code></td> </tr></table><p>If you don't have slackpkg, use pkgtool to view the installed packages. You can also check dhcpd package in installed packages log with this command:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">ls -l /var/log/packages | grep dhcpd</span><br /></code></td> </tr></table><p>A dhcp server configuration file is called dhcpd.conf. You can find it in /etc directory. Here, see this:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">cd /etc/</span><br /> root@slackware:/etc# <span style="color:red;">ls -l | grep dhcp</span><br /> drwxr-xr-x 2 root root 4096 2006-07-26 14:09 dhcpc/<br /> -rw-r--r-- 1 root root 75 2008-04-09 10:16 dhcpd.conf<br /> root@slackware:/etc#<br /></code></td> </tr></table><p>Let's see what is in the configuration file:</p> <table><tr><td><code>root@slackware:/etc# <span style="color:red;">cat dhcpd.conf</span><br /> # dhcpd.conf<br /> #<br /> # Configuration file for ISC dhcpd (see 'man dhcpd.conf')<br /> #<br /> root@slackware:/etc#<br /></code></td> </tr></table><p>It's nothing inside. No dhcp configuration's example. Is that means we must start everything from zero? No, don't worry. We have an example of dhcp server configuration in /usr/doc/dhcp-3.0.6/examples/dhcpd.conf. So we just copy the dhcp configuration file and replace our dhcpd.conf file in /etc directory. Here we go:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">cp /usr/doc/dhcp-3.0.6/examples/dhcpd.conf /etc/dhcpd.conf</span><br /> root@slackware:~#<br /></code></td> </tr></table><p><em>Update</em>: Slackware64 14.1 has dhcpd.conf.example in /etc directory.</p> <p>What we need to do next is to use text editor and edit configuration for our network. Here is example of my dhcpd.conf configuration:</p> <table><tr><td><code># dhcpd.conf<br /> #<br /> # Sample configuration file for ISC dhcpd<br /> #<br /><br /> # If this DHCP server is the official DHCP server for the local<br /> # network, the authoritative directive should be uncommented.<br /> authoritative;<br /><br /> # A slightly different configuration for an internal subnet.<br /> # I choose this section to edit for my local dhcp configuration<br /> subnet 192.168.1.0 netmask 255.255.255.0 {<br /> option domain-name "example.com";<br /> option broadcast-address 192.168.1.255;<br /> option domain-name-servers 200.133.0.133 200.133.1.5;<br /> option subnet-mask 255.255.255.0;<br /> option routers 192.168.1.1;<br /> range 192.168.1.20 192.168.1.100;<br /> default-lease-time 600;<br /> max-lease-time 7200;<br /> }<br /></code></td> </tr></table><p>You can add a static server if you have it in your network. Just edit the default example configuration. After you are done setting up server and ip address required in the dhcpd.conf configuration file, save it. It's time to start the dhcp service (dhcp daemon) now.</p> <h2>Start dhcpd service</h2> <p>First we must enable dhcpd service in /etc/rc.d directory and make it executable. If you don't have /etc/rc.d/rc.dhcpd, then copy the code below and save it as rc.dhcpd. Here is the easy way to do it:</p> <p>1 - Copy this code:</p> <table><tr><td><code>#!/bin/sh<br /> #<br /> # /etc/rc.d/rc.dhcpd<br /> # This shell script takes care of starting and stopping<br /> # the ISC DHCPD service<br /> #<br /><br /> # Put the command line options here that you want to pass to dhcpd:<br /> DHCPD_OPTIONS="-q eth1"<br /><br /> [ -x /usr/sbin/dhcpd ] || exit 0<br /><br /> [ -f /etc/dhcpd.conf ] || exit 0<br /><br /> start() {<br /> # Start daemons.<br /> echo -n "Starting dhcpd: /usr/sbin/dhcpd $DHCPD_OPTIONS "<br /> /usr/sbin/dhcpd $DHCPD_OPTIONS<br /> echo<br /> }<br /> stop() {<br /> # Stop daemons.<br /> echo -n "Shutting down dhcpd: "<br /> killall -TERM dhcpd<br /> echo<br /> }<br /> status() {<br /> PIDS=$(pidof dhcpd)<br /> if [ "$PIDS" == "" ]; then<br /> echo "dhcpd is not running!"<br /> else<br /> echo "dhcpd is running at pid(s) ${PIDS}."<br /> fi<br /> }<br /> restart() {<br /> stop<br /> start<br /> }<br /><br /> # See how we were called.<br /> case "$1" in<br /> start)<br /> start<br /> ;;<br /> stop)<br /> stop<br /> ;;<br /> restart)<br /> stop<br /> start<br /> ;;<br /> status)<br /> status<br /> ;;<br /> *)<br /> echo "Usage: $0 {start|stop|status|restart}"<br /> ;;<br /> esac<br /> exit 0<br /></code></td> </tr></table><p>2 - In Slackware command line terminal, type <b>cat &gt; rc.dhcpd</b> and enter. Right-click mouse to paste the code that you copy just now. See example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">cat &gt; rc.dhcpd</span><br /> #!/bin/sh<br /> #<br /> # /etc/rc.d/rc.dhcpd<br /> #<br /> # Start/stop/restart the DHCP daemon.<br /> #<br /> # To make dhcpd start automatically at boot, make this<br /> # file executable: chmod 755 /etc/rc.d/rc.dhcpd<br /> ...<br /> ...<br /> ...<br /></code></td> </tr></table><p>Press Ctrl+d to save and exit. You can view the file with less or cat command. Now move the rc.dhcpd file to /etc/rc.d/ directory. See complete step by step instructions example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">less rc.dhcpd</span><br /> root@slackware:~# <span style="color:red;">mv rc.dhcpd /etc/rc.d/rc.dhcpd</span><br /> root@slackware:~# <span style="color:red;">ls -l /etc/rc.d/rc.dhcpd</span><br /> -rw-r--r-- 1 root root 792 2008-12-02 15:47 /etc/rc.d/rc.dhcpd<br /> root@slackware:~# <span style="color:red;">chmod 755 /etc/rc.d/rc.dhcpd</span><br /> root@slackware:~# <span style="color:red;">ls -l /etc/rc.d/rc.dhcpd</span><br /> -rwxr-xr-x 1 root root 792 2008-12-02 15:47 /etc/rc.d/rc.dhcpd*<br /> root@slackware:~#<br /></code></td> </tr></table><p>Now add the lines below to the /etc/rc.d/rc.local file to start dhcpd at boot:</p> <table><tr><td><code>if [ -x /etc/rc.d/rc.dhcpd ]; then<br /> /etc/rc.d/rc.dhcpd start<br /> fi </code></td> </tr></table><p>Let's start the dhcpd service now:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/etc/rc.d/rc.dhcpd start</span><br /> Starting DHCPD...<br /> root@slackware:~#<br /></code></td> </tr></table><p>We can check to see if dhcpd daemon is running using daemon status check. See example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/etc/rc.d/rc.dhcpd status</span><br /><span style="color:orange;">dhcpd is not running!</span><br /> root@slackware:~#<br /></code></td> </tr></table><p>The example shows that dhcpd is not running. There must be something wrong. We can troubleshoot dhcpd error by looking at the system's log. Use <b>tail /var/log/syslog</b> and <b>tail /var/log/messages</b> to read the last 10 logs. Carefully read the error and try suggestion given. See example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">cat /var/log/syslog</span><br /> Jun 20 14:23:15 slackware dhcpd: <span style="color:orange;">/etc/dhcpd.conf line 57: semicolon expected.</span><br /> Jun 20 14:23:15 slackware dhcpd: option domain-name-servers 200.133.0.133 200.<br /> Jun 20 14:23:15 slackware dhcpd: ^<br /> Jun 20 14:23:15 slackware dhcpd: Configuration file errors encountered -- exiting<br /> Jun 20 14:23:15 slackware dhcpd:<br /> Jun 20 14:23:15 slackware dhcpd: If you did not get this software from ftp.isc.org, please<br /> Jun 20 14:23:15 slackware dhcpd: get the latest from ftp.isc.org and install that before<br /> Jun 20 14:23:15 slackware dhcpd: requesting help.<br /> Jun 20 14:23:15 slackware dhcpd:<br /> Jun 20 14:23:15 slackware dhcpd: If you did get this software from ftp.isc.org and have not<br /> Jun 20 14:23:15 slackware dhcpd: yet read the README, please read it before requesting help.<br /> Jun 20 14:23:15 slackware dhcpd: If you intend to request help from the dhcp-server@isc.org<br /> Jun 20 14:23:15 slackware dhcpd: mailing list, please read the section on the README about<br /> Jun 20 14:23:15 slackware dhcpd: submitting bug reports and requests for help.<br /> Jun 20 14:23:15 slackware dhcpd:<br /> Jun 20 14:23:15 slackware dhcpd: Please do not under any circumstances send requests for<br /> Jun 20 14:23:15 slackware dhcpd: help directly to the authors of this software - please<br /> Jun 20 14:23:15 slackware dhcpd: send them to the appropriate mailing list as described in<br /> Jun 20 14:23:15 slackware dhcpd: the README file.<br /> Jun 20 14:23:15 slackware dhcpd:<br /> Jun 20 14:23:15 slackware dhcpd: exiting.<br /> root@slackware:~#<br /></code></td> </tr></table><p>The example above shows that we are missing a semicolon in the /etc/dhcpd.conf file. Actually we got semicolon there but the exact error dhcpd daemon won't start is we need to put a comma to separate two dns ip addresses. So go back and fix the error and start dhcpd daemon again. When dhcpd daemon successfully started, then we can test client computer to connect to the Slackware dhcp server.</p> <h2><a name="dhcp-client" id="dhcp-client"></a>Setup dhcp client on Windows Vista</h2> <p>The dhcp server is ready, now it's time to setup dhcp client. Here is the example to setup dhcp client in Windows Vista. Click <b>Start</b>, choose <b>All Programs</b> and right-click <b>Network</b>. Choose <b>Properties</b>. See picture below:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-dhcp.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-dhcp.jpg" alt="Windows Vista dhcp client setup image" class="imgp_img" /></a></p> <p>In Windows Vista Network Properties, choose <b>View Status</b> (Windows 7 changes the name to <b>Local Area Connection</b>). See image below:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-dhcp2.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-dhcp2.jpg" alt="Windows Vista Network Properties image" class="imgp_img" /></a></p> <p>When you click 'View Status', the Local Area Connection Status window pops up. Here we just click Properties. See image below:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-dhcp3.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-dhcp3.jpg" alt="Windows Vista Local Area Connection Status image" class="imgp_img" /></a></p> <p>Now the Local Area Network Properties window pops up. We choose <b>Internet protocol version 4</b> and click Properties. See image below:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-dhcp4.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-dhcp4.jpg" alt="Windows Vista Local Area Network Properties image" class="imgp_img" /></a></p> <p>In this window, make sure both <b>Obtain an IP address automatically</b> button and <b>Obtain DNS server address automatically</b> are clicked. Click <b>OK</b> and we are done. See picture below:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-dhcp5.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-dhcp5.jpg" alt="Image" class="imgp_img" /></a></p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/18" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux dhcp</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div></div></div> Wed, 22 Jun 2011 17:15:30 +0000 jinlusuh 120 at http://basicconfig.com http://basicconfig.com/linuxnetwork/install_configure_dhcp_server_slackware_linux#comments Install and configure Squid in Slackware http://basicconfig.com/linuxnetwork/install-squid-in-slackware64-13.37 <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>This is a guide on how to create Slackware Squid package using scripts from Slackbuilds.org, install it in Slackware 13.37 (also Slackware64 14.1) and configure the squid.conf configuration file. It is just a basic configuration to get Squid cache proxy server works. Advanced setting is not included. You should read and at least understand some basic of Squid before try this step by step guide. Here is <a href="http://www.squid-cache.org" target="_blank">Squid-cache website</a>. Before we begin, please make sure you have these basic requirements:</p> <ol><li>Two network interface cards.</li> <li>Setup dhcp server.</li> </ol><p>The ip address must be set and working. For example, the first network card, eth0 is set and connected to the router. The second network card, eth1 is set and connected to the local network's switch. Here is a tutorial on how to configure network card in Slackware <a href="http://www.basicconfig.com/basicnetwork" target="_blank">Linux basic network configuration</a>. After that, setup dhcp server and make Slackware a gateway. Here is a guide on how to setup a dhcp server in Slackware, <a href="http://www.basicconfig.com/linuxnetwork/install_configure_dhcp_server_slackware_linux" target="_blank">Install and configure dhcp server in Slackware Linux</a>. When all clear, you can begin Squid cache proxy server configuration.</p> <p>This tutorial consists of several steps. Basically, here's what we are going to do:</p> <ul><li>Create Squid package for Slackware</li> <li>Install Squid package in Slackware</li> <li>Configure Squid cache proxy server in Slackware</li> <li>Configure Squid to block some domains and files</li> <li>Start Squid daemon in Slackware</li> </ul><h2>Create Squid package for Slackware</h2> <p>1) Download necessary files from SlackBuilds.org. All information needed are in the Slackbuilds website. Enter 'squid' in the search form and select your Slackware version.</p> <p>2) When you have all the necessary files, change directory to your working area and extract Squid slackbuilds script file. See example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">cd slackware/source/myslackware/</span><br /> root@slackware:~/slackware/source/myslackware# <span style="color:red;">tar zxvf /home/jinlusuh/squid/squid.tar.gz</span><br /> squid/<br /> squid/squid.logrotate<br /> squid/README<br /> squid/doinst.sh<br /> squid/squid.conf<br /> squid/squid.info<br /> squid/slack-desc<br /> squid/README.SBo<br /> squid/squid.SlackBuild<br /> squid/squid.conf.documented<br /> squid/rc.squid<br /> root@slackware:~/slackware/source/myslackware#<br /></code></td> </tr></table><p>3) Change directory to the "squid" directory from the slackbuild's script file that we've just extracted. Copy squid source, 'squid-3.1.xx.tar.bz2' into the directory. See step by step command below:</p> <p><strong>Note:</strong><em>Slackware 13.37 uses squid-3.1.12.tar.bz2 source, Slackware 14.1 uses squid-3.1.23.tar.bz2 source. The instruction steps and commands are the same.</em></p> <table><tr><td><code>root@slackware:~/slackware/source/myslackware# <span style="color:red;">cd squid/</span><br /> root@slackware:~/slackware/source/myslackware/squid# <span style="color:red;">cp /home/jinlusuh/squid/squid-3.1.xx.tar.bz2 .</span><br /> root@slackware:~/slackware/source/myslackware/squid#<br /></code></td> </tr></table><p>4) Run squid.SlackBuild script to begin create Slackware Squid package:</p> <table><tr><td><code>root@slackware:~/slackware/source/myslackware/squid# <span style="color:red;">./squid.SlackBuild </span><br /></code></td> </tr></table><p>5) When the process is over, you can find the Slackware Squid package result in the /tmp directory (default slackbuild configuration). Now change directory to the /tmp and copy the Squid package for backup. See step by step example below:</p> <table><tr><td><code>root@slackware:~/slackware/source/myslackware/squid# <span style="color:red;">cd /tmp/</span><br /> root@slackware:/tmp# <span style="color:red;">cp squid-3.1.xx-x86_64-1_SBo.tgz ~/slackware/packages/</span><br /></code></td> </tr></table><h2>Install Squid package in Slackware</h2> <p>Now that the Squid package is ready, let's install it using Slackware 'installpkg' tool. Below is the example on how to install Squid package in Slackware:</p> <table><tr><td><code>root@slackware:/tmp# <span style="color:red;">installpkg squid-3.1.xx-x86_64-1_SBo.tgz </span><br /> Verifying package squid-3.1.xx-x86_64-1_SBo.tgz.<br /> Installing package squid-3.1.xx-x86_64-1_SBo.tgz:<br /> PACKAGE DESCRIPTION:<br /> # Squid (a popular free and open source Web proxy server and web cache)<br /> #<br /> # Squid is a high-performance proxy caching server for web clients,<br /> # supporting FTP, gopher, and HTTP data objects.<br /> #<br /> # Homepage: http://www.squid-cache.org/<br /> #<br /> Executing install script for squid-3.1.xx-x86_64-1_SBo.tgz.<br /> Package squid-3.1.xx-x86_64-1_SBo.tgz installed.<br /><br /> root@slackware:/tmp#<br /></code></td> </tr></table><h2>Configure Squid cache proxy server in Slackware</h2> <p>We are ready to configure Squid in Slackware as a cache proxy server. Change the directory /etc/squid. This is the home of Squid configuration files.</p> <table><tr><td><code>root@slackware:/tmp# <span style="color:red;">cd /etc/squid/</span><br /> root@slackware:/etc/squid# <span style="color:red;">ls</span><br /> cachemgr.conf errorpage.css.default squid.conf<br /> cachemgr.conf.default mime.conf squid.conf.default<br /> errorpage.css mime.conf.default squid.conf.documented<br /> root@slackware:/etc/squid#<br /></code></td> </tr></table><p>You can start configure squid by editing the squid configuration file which is the /etc/squid/squid.conf file.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">vim /etc/squid/squid.conf</span><br /></code></td> </tr></table><p>Scroll down to the 'Recommended minimum configuration' or you can type '/Recommended minimum configuration' and press Enter. See example below:</p> <table><tr><td><code># Recommended minimum configuration:<br /> #<br /> acl manager proto cache_object<br /> acl localhost src 127.0.0.1/32 ::1<br /> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1<br /><br /> # Example rule allowing access from your local networks.<br /> # Adapt to list your (internal) IP networks from where browsing<br /> # should be allowed<br /> #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br /> #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<br /> #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br /> #acl localnet src fc00::/7 # RFC 4193 local private network range<br /> #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<br /><span style="color:red;">acl localnet src 192.168.1.0/255.255.255.0 # Makmal Bahasa internal network</span><br /><br /> acl SSL_ports port 443<br /> acl Safe_ports port 80 # http<br /> acl Safe_ports port 21 # ftp<br /> acl Safe_ports port 443 # https<br /> acl Safe_ports port 70 # gopher<br /> acl Safe_ports port 210 # wais<br /> acl Safe_ports port 1025-65535 # unregistered ports<br /> acl Safe_ports port 280 # http-mgmt<br /> acl Safe_ports port 488 # gss-http<br /> acl Safe_ports port 591 # filemaker<br /> acl Safe_ports port 777 # multiling http<br /> acl CONNECT method CONNECT<br /></code></td> </tr></table><p>The red color font is a local network that we add to the proxy server. Next, we are going to set the http port for the proxy. So scroll down again until you found http_port as in the example below:</p> <table><tr><td><code># Squid normally listens to port 3128<br /> #http_port 3128<br /> #http_port 192.168.1.1:8080<br /><span style="color:red;">http_port 8080</span><br /></code></td> </tr></table><p>You can use the default port if you want. When you are done, we can set the cache directory size now. Scroll down and find 'cache_dir' as in the example below. The format is "cache_dir ufs Directory-Name Mbytes L1 L2 [options]" where L1 is level one subdirectory size and L2 is level 2 subdirectory size.</p> <table><tr><td><code>#Default:<br /><span style="color:red;">cache_dir ufs /var/cache/squid/ 5000 16 256</span><br /></code></td> </tr></table><p>That's the basic setting to get cache proxy server to works. The rest is up to you.</p> <h2>Configure Squid to block some domains and files</h2> <p>We can use Squid to restricts access to some domains using access list (acl). What we need to do is to configure acl in /etc/squid/dquid.conf file and create a file containing blocked domain names. Here are the steps:</p> <p>1. Add these red lines in /etc/squid/squid.conf file:</p> <table><tr><td><code># Recommended minimum configuration:<br /> #<br /> acl manager proto cache_object<br /> acl localhost src 127.0.0.1/32 ::1<br /> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1<br /><br /><span style="color:red;">acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"</span><br /> # Deny all blocked domains<br /><span style="color:red;">http_access deny blockeddomain</span><br /></code></td> </tr></table><p>Create a file name blocked.domains.acl in /etc/squid directory. Add those domains that you want to restrict access to. Here is the example:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">vim /etc/squid/blocked.domains.acl</span></code></td> </tr></table><p>Add domain names in line:</p> <table><tr><td><code>.facebook.com<br /> .youtube.com<br /> .onlinegames.com<br /></code></td> </tr></table><p>We put '.' at the beginning of the domain to block subdomain and if the domain start with www address. Save and quit the file.</p> <p>We can also restrict certain file that we don't want user to download by blocking the file extension. To do that, add these lines in red in the /etc/squid/squid.conf file:</p> <table><tr><td><code># Recommended minimum configuration:<br /> #<br /> acl manager proto cache_object<br /> acl localhost src 127.0.0.1/32 ::1<br /> acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 ::1<br /><br /> acl blockeddomain dstdomain "/etc/squid/blocked.domains.acl"<br /> # Deny all blocked domains<br /> http_access deny blockeddomain<br /><br /><span style="color:red;">acl blockfiles urlpath_regex -i "/etc/squid/blocked.files.acl"</span><br /> # Deny all blocked extensions<br /><span style="color:red;">deny_info ERR_BLOCKED_FILES blockfiles<br /> http_access deny blockfiles</span><br /></code></td> </tr></table><p>Create a file name blocked.files.acl in /etc/squid directory. Add file extension that you don't want user to download. Here is the example:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">vim /etc/squid/blocked.files.acl</span></code></td> </tr></table><p>Add file extension in line:</p> <table><tr><td><code># \.[Ee][Xx][Ee]$<br /> \.[Aa][Vv][Ii]$<br /> \.[Mm][Pp][Gg]$<br /> \.[Mm][Pp][Ee][Gg]$<br /> \.[Mm][Pp]3$<br /></code></td> </tr></table><p>Save and quit the file and we are done. It's time to run Squid in our network.</p> <h2>Start Squid daemon in Slackware</h2> <p>What you need to do now is to start Squid daemon. Run squid twice. One with the command '/usr/sbin/squid -z' and after that '/usr/sbin/squid'. Please check and make the rc.squid file executable and then restart the service. Below is the steps example:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">chmod 755 /etc/rc.d/rc.squid </span><br /> root@slackware:~# <span style="color:red;">/usr/sbin/squid -z </span><br /> 2013/12/31 10:45:00| Creating Swap Directories<br /> 2013/12/31 10:45:00| /var/cache/squid/ exists<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//00<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//01<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//02<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//03<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//04<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//05<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//06<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//07<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//08<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//09<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0A<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0B<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0C<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0D<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0E<br /> 2013/12/31 10:45:00| Making directories in /var/cache/squid//0F<br /> root@slackware:~# <span style="color:red;">/usr/sbin/squid </span><br /> 2013/12/31 10:43:20| aclIpParseIpData: WARNING: Netmask masks away part of the specified IP in '192.168.2.0/16'<br /></code></td> </tr></table><p>Oh there are warnings. Open Squid configuration file again and edit the rules. See example below:</p> <table><tr><td><code># Example rule allowing access from your local networks.<br /> # Adapt to list your (internal) IP networks from where browsing<br /> # should be allowed<br /> #acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br /> #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<br /> #acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br /> #acl localnet src fc00::/7 # RFC 4193 local private network range<br /> #acl localnet src fe80::/10 # RFC 4291 link-local (directly plugged) machines<br /><span style="color:red;">acl localnet src 192.168.1.0/24 # Makmal Bahasa internal network</span><br /></code></td> </tr></table><p>That's it for now. Don't forget to restart daemon after you modify the configuration file. There are three daemons related in this task which are squid daemon, inet1 (network card) and dhcpd. We are going to set on the client side now. See step by step guide below on how to do it.</p> <p>Start squid at boot by adding script below in /etc/rc.d/rc.local file:</p> <table><tr><td><code>root@slackware:/etc/rc.d# vim rc.local<br /> #!/bin/sh<br /> #<br /> # /etc/rc.d/rc.local: Local system initialization script.<br /> #<br /> # Put any local startup commands in here. Also, if you have<br /> # anything that needs to be run at shutdown time you can<br /> # make an /etc/rc.d/rc.local_shutdown script and put those<br /> # commands in there.<br /><span style="color:red;">if [ -x /etc/rc.d/rc.squid ]; then<br /> /etc/rc.d/rc.squid start<br /> fi</span><br /> root@slackware:/etc/rc.d#<br /></code></td> </tr></table><h2>Setup client to use squid cache proxy server</h2> <p>First we start with Mozilla Firefox browser. Click <b>Tools</b> menu and choose <b>Options...</b>.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid1.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid1.jpg" alt="Squid cache proxy client Firefox setup image" class="imgp_img" /></a></p> <p>In 'Options' window, choose <b>Advanced</b> tab. There are General, Network, Update and Encryption tabs. Choose <b>Network</b> and in the 'Connection section', click <b>Settings...</b> to configure how Firefox connects to the Internet.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid2.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid2.jpg" alt="Squid cache proxy client Firefox setup image2" class="imgp_img" /></a></p> <p>In 'Connection Settings' window, click <b>Manual proxy configuration</b> and key in 'HTTP Proxy' and 'Port'. Don't forget to tick <b>Use this proxy server for all protocols</b>.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid3.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid3.jpg" alt="Squid cache proxy client Firefox setup image3" class="imgp_img" /></a></p> <p>Click <b>OK</b> and you are done. If you forgot to tick 'Use this proxy server for all protocols' as mention above, you'll have trouble to connect to any https sites such as yahoo mail, gmail, etc.</p> <p>For Internet Explorer browser, follow the steps below to configure Squid cache proxy client:</p> <p>Open 'Menu bar'.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid4.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid4.jpg" alt="Squid cache proxy client IE setup image" class="imgp_img" /></a></p> <p>Click 'Tools' and and choose 'Internet Options'.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid5.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid5.jpg" alt="Squid cache proxy client IE setup image2" class="imgp_img" /></a></p> <p><in options="" window="" choose="" to="" setup="" an="" internet="" connection="" click="">Setup./p&gt;</in></p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid6.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid6.jpg" alt="Squid cache proxy client IE setup image3" class="imgp_img" /></a></p> <p>Finally, when 'Local Area Network Settings' window pops up, enter Squid proxy server IP address and port in 'Proxy server' section. Click 'OK' and you are done.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vista-squid7.jpg" title="" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vista-squid7.jpg" alt="Squid cache proxy client IE setup image4" class="imgp_img" /></a></p> <p>That's all. The basic configuration and setup is done. You just need to study more about Squid and tweaks your squid's configuration to get the best out of it. Good luck and all the best!</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/21" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">proxy server</a></div><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/13" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux security</a></div></div></div> Wed, 22 Jun 2011 06:52:12 +0000 jinlusuh 128 at http://basicconfig.com http://basicconfig.com/linuxnetwork/install-squid-in-slackware64-13.37#comments Install and configure vsftpd in Ubuntu http://basicconfig.com/linux-servers/install-configure-vsftpd-ubuntu <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Transfering computer data can be done easily nowadays using usb thumb drive or external hard disk. However, user must copy directly from your computer every time they need certain data. The convenience way to share data in a network environment is using ftp server. Ftp server lets any user in the network who has permission to access the server to copy data directly from their computer.</p> <p>It's a great idea to setup vsftpd even if you are using Ubuntu desktop for file sharing in your home network or in your work place. You can share data with other users including those using Windows operating system. Here is a guide on how to install vsftpd in Ubuntu desktop with step by step instructions and screenshot images.</p> <p>This tutorial covers:</p> <ul><li><a href="#install-vsftpd">Install vsftpd in Ubuntu desktop</a></li> <li><a href="#config-vsftpd">Configure vsftpd in Ubuntu</a></li> <li><a href="#start-vsftpd">Start and restart vsftpd in Ubuntu</a></li> </ul><h2><a name="install-vsftpd" id="install-vsftpd">Install vsftpd in Ubuntu desktop</a></h2> <p>You can easily install vsftpd ftp server in Ubuntu desktop using Synaptics package manager. To open Synaptics package manager, click <em>System</em>, follow <em>Administration</em>'s child menu and choose <em>Synaptics package manager</em>. Ubuntu will ask for your password to continue. The screenshot image below shows an example of Synaptics package manager pane when you successfully key in your password:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/Screenshot-vsftpd-install.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/Screenshot-vsftpd-install.png" alt="Synaptics package manager screenshot image." /></a></p> <p>Type 'vsftpd' in the <em>Quick search</em> text box. See example below:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/quick-search.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/quick-search.png" alt="Synaptics package manager - Quick search screenshot image." /></a></p> <p>You'll see some packages in the search results. Click on the vsftpd tick box and choose 'Mark for installation':</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/vsftpd-results.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/vsftpd-results.png" alt="Synaptics package manager vsftpd search result screenshot image." /></a></p> <p>You can read a brief information about vsftpd in the description area like in the example below:</p> <table><tr><td><code><b>The Very Secure FTP Daemon</b><br /> A lightweight, efficient FTP server written from the ground up with<br /> security in mind.<br /><br /> vsftpd supports both anonymous and non-anonymous FTP, PAM authentication,<br /> bandwidth limiting, and the Linux sendfile() facility.<br /></code></td> </tr></table><p>Click <em>Apply</em> to install vsftpd ftp server in Ubuntu desktop.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/2/Screenshot-Applying-Changes.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/2/thumbs/Screenshot-Applying-Changes.png" alt="Synaptics package manager - Apply vsftpd installation screenshot image." /></a></p> <p>It takes a few seconds to apply changes (install) vsftpd in Ubuntu desktop. Click <em>Close</em> when vsftpd installation is finished. Quit Synaptics package manager when you are done.</p> <h2><a name="config-vsftpd" id="config-vsftpd">Configure vsftpd in Ubuntu</a></h2> <p>Open command line 'Terminal' from the <em>Accessories</em> sub-menu in <em>Applications</em>. Open vsftpd configuration file with text editor.</p> <table><tr><td><code>kucing@ubuntu-laptop:~$ <span style="color:red;">sudo vim /etc/vsftpd.conf </span><br /> [sudo] password for kucing:<br /></code></td> </tr></table><p>You can set ftp configuration rules by reading the comment description. Here are example vsftpd configurations to allow anonymous and ubuntu local users:</p> <table><tr><td><code># Allow anonymous FTP? (Beware - allowed by default if you comment this out).<br /><span style="color:red;">anonymous_enable=YES </span><br /> #<br /> # Uncomment this to allow local users to log in.<br /><span style="color:red;">local_enable=YES </span><br /> #<br /></code></td> </tr></table><p>If you want to block anonymous login into the vsftpd ftp server, set 'anonymous_enable=NO'.</p> <p>If you want to allow users to upload data to the vsftpd or create a directory, enable(uncomment) 'write_enable=YES'.</p> <table><tr><td><code># Uncomment this to enable any form of FTP write command.<br /><span style="color:red;">write_enable=YES </span><br /> #<br /></code></td> </tr></table><p>Set umask permission to 022:</p> <table><tr><td><code># Default umask for local users is 077. You may wish to change this to 022,<br /> # if your users expect that (022 is used by most other ftpd's)<br /><span style="color:red;">local_umask=022 </span><br /> #<br /></code></td> </tr></table><p>This is a continuity rules if you want to enable users to upload data to the ftp server and create directory, enable 'anon_upload_enable=YES' and 'anon_mkdir_write_enable=YES':</p> <table><tr><td><code># Uncomment this to allow the anonymous FTP user to upload files. This only<br /> # has an effect if the above global write enable is activated. Also, you will<br /> # obviously need to create a directory writable by the FTP user.<br /><span style="color:red;">anon_upload_enable=YES </span><br /> #<br /> # Uncomment this if you want the anonymous FTP user to be able to create<br /> # new directories.<br /><span style="color:red;">anon_mkdir_write_enable=YES </span><br /></code></td> </tr></table><p>Change data connection time out too 600. The default 120 is too short which will cause a big data transfer failed.</p> <table><tr><td><code># You may change the default value for timing out a data connection.<br /><span style="color:red;">data_connection_timeout=600 </span><br /> #<br /></code></td> </tr></table><p>Enable 'chroot_local_user=YES' to restrict local users to their home directories. This is recommended for security.</p> <table><tr><td><code># You may restrict local users to their home directories. See the FAQ for<br /> # the possible risks in this before using chroot_local_user or<br /> # chroot_list_enable below.<br /><span style="color:red;">chroot_local_user=YES </span><br /> #<br /></code></td> </tr></table><p>That's it. You can leave other rules which is allow by default.</p> <h2><a name="start-vsftpd" id="start-vsftpd">Start and restart vsftpd in Ubuntu</a></h2> <p>Now we can start vsftpd service to begin using ftp server. Here is the command to start vsftpd in Ubuntu:</p> <table><tr><td><code>kucing@ubuntu-laptop:~$ <span style="color:red;">sudo /etc/init.d/vsftpd start</span><br /> [sudo] password for kucing:<br /> * Starting FTP server: vsftpd<br /> /usr/sbin/vsftpd already running.<br /> [fail]<br /></code></td> </tr></table><p>Here is the command to restart vsftpd in Ubuntu if you edit vsftpd configuration file again:</p> <table><tr><td><code>kucing@ubuntu-laptop:~$ <span style="color:red;">sudo /etc/init.d/vsftpd restart </span><br /> * Stopping FTP server: vsftpd [ OK ]<br /> * Starting FTP server: vsftpd [ OK ]<br /> kucing@ubuntu-laptop:~$<br /></code></td> </tr></table><p>That's all. Enjoy!</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/15" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux ftp</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div></div></div> Sun, 06 Sep 2009 14:29:54 +0000 jinlusuh 118 at http://basicconfig.com http://basicconfig.com/linux-servers/install-configure-vsftpd-ubuntu#comments Setup Linux web server - Install and configure Apache in Slackware http://basicconfig.com/linuxnetwork/setup_linux_web_server-install_configure_apache_slackware <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>If you are planning on setting up your own web server (http server) using Slackware Linux, then the Apache http server would be the perfect choice. It is a stable and secure web server and works very well with Linux. Apache http server is <a href="http://news.netcraft.com/archives/2009/04/06/april_2009_web_server_survey.html" target="_blank">The World’s #1 Web Server Tops Linux Journal’s Reader’s Choice Awards</a>.</p> <h2>Check Apache web server in Slackware Linux</h2> <p>Before we begin installing Apache http server, let's check does it already exist in our Slackware system. If you install a fresh Slackware server dedicated for web server, then it's ok. But if this is an already running Slackware server or a training server, we need to know whether Apache is already installed so we can choose to upgrade the current Apache server or to re-install a new package.</p> <p>Apache http server come in a package called <b>httpd</b>. To check httpd package in Slackware, we can view installed packages list in /var/log/packages directory. Here is the example:</p> <table><tr><td><code>luzar@slackware:~$ <span style="color:red;">ls /var/log/packages/ | grep httpd</span><br /> httpd-2.2.10-i486-1<br /> luzar@slackware:~$<br /></code></td> </tr></table><p>We can also use Slackware pkgtool utility to check httpd package. However, we need root privilege to use pkgtool. So switch to root using su command and enter the correct root password. See step by step example below:</p> <table><tr><td><code>luzar@slackware:~$ <span style="color:red;">su -</span><br /> Password:<br /> root@slackware:~# <span style="color:red;">pkgtool</span><br /></code></td> </tr></table><p>In Slackware pkgtool, choose <b>View</b> menu. Wait a few seconds for Slackware to list all packages in the system. When it's done, press <b>h</b> letter to view all packages starting with h. Use down arrow key and search for <b>httpd</b> package. See example screenshot image below:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/apache-webserver.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/apache-webserver.png" alt="Check httpd package using Slackware pkgtool screenshot image" /></a></p> <p>Press <b>OK</b> to see details about httpd package. Write down the version if you want.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/apache-webserver02.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/apache-webserver02.png" alt="Check httpd package details screenshot image" /></a></p> <p>You can use <b>ps</b> command to check httpd daemon status:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">ps aux | grep httpd</span><br /> root 6241 0.0 0.3 8568 3312 ? Ss 11:03 0:00 /usr/sbin/httpd -k start<br /> apache 6242 0.0 0.1 8700 2020 ? S 11:03 0:00 /usr/sbin/httpd -k start<br /> apache 6243 0.0 0.1 8700 2020 ? S 11:03 0:00 /usr/sbin/httpd -k start<br /> apache 6244 0.0 0.1 8700 2020 ? S 11:03 0:00 /usr/sbin/httpd -k start<br /> apache 6245 0.0 0.1 8700 2020 ? S 11:03 0:00 /usr/sbin/httpd -k start<br /> apache 6246 0.0 0.1 8700 2020 ? S 11:03 0:00 /usr/sbin/httpd -k start<br /> root 6250 0.0 0.0 2084 632 pts/1 R+ 11:03 0:00 grep httpd<br /> root@slackware:~#<br /></code></td> </tr></table><p>All the results above shows that apache has been installed in my Slackware system. If you your result shows that Apache is not installed in your system, you can continue reading this tutorial, which will guide you on how to install Apache web server in Slackware Linux.</p> <h2>Install Apache httpd package in Slackware Linux</h2> <p>There are two ways on how to install Apache web server in Slackware. You can install Slackware httpd package which comes with Slackware installer dvd or you can install httpd source from Apache website. The former is the easiest and hustle free while the latter is having advantage to customize installation and get the latest Apache httpd source released. We'll see both examples in this tutorial.</p> <h3>Install official Slackware httpd package</h3> <p>Here is the step by step instructions on how to install Slackware httpd package.</p> <p>1) Insert and mount Slackware installer dvd.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">mount /dev/hda /mnt/dvd/</span><br /> mount: block device /dev/hda is write-protected, mounting read-only<br /> root@slackware:~#<br /></code></td> </tr></table><p>2) Slackware httpd package is in <em>/slackware/n</em> directory. Use installpkg command to install the package.</p> <table><tr><td><code><br /> root@slackware:~# <span style="color:red;">installpkg /mnt/dvd/slackware/n/httpd-2.2.10-i486-1.tgz</span><br /> Installing package httpd-2.2.10-i486-1 ([OPT])...<br /> PACKAGE DESCRIPTION:<br /> httpd: httpd (The Apache HTTP Server)<br /> httpd:<br /> httpd: Apache is an HTTP server designed as a plug-in replacement for the<br /> httpd: NCSA HTTP server. It fixes numerous bugs in the NCSA server and<br /> httpd: includes many frequently requested new features, and has an API which<br /> httpd: allows it to be extended to meet users' needs more easily.<br /> httpd:<br /> httpd: Apache is the most popular web server in the known universe; over<br /> httpd: half of the servers on the Internet are running Apache or one of<br /> httpd: its variants.<br /> httpd:<br /> Executing install script for httpd-2.2.10-i486-1...<br /><br /> root@slackware:~#<br /></code></td> </tr></table><p><b>Note:</b><em> You can download dhcpd package from <a href="http://packages.slackware.it/" target="_blank">Slackware package website </a> if you have trouble with your Slackware installer dvd.</em></p> <p>If you already setup Slackware slackpkg package management system, you can use it to install httpd web server. See example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">slackpkg install httpd</span><br /></code></td> </tr></table><p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/apache-webserver03.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/apache-webserver03.png" alt="Install httpd using slackpkg screenshot image" /></a></p> <h3>Install Apache httpd source in Slackware Linux</h3> <p>Here is the step by step instructions on how to install Apache httpd source in Slackware.</p> <p>1) Download latest httpd source from <a href="http://httpd.apache.org/download.cgi" target="_blank">Apache official website</a>.</p> <p>2) Change directory to /usr/local/src (change to your chosen directory) and extract the httpd source:</p> <table><tr><td><code>root@slackware:/usr/local/src# <span style="color:red;">tar zxvf /home/luzar/Desktop/httpd-2.2.11.tar.gz</span><br /></code></td> </tr></table><p><b>Note:</b><em> Provide the right path where your httpd source location is.</em></p> <p>3) Change to the new extracted httpd directory:</p> <table><tr><td><code>root@slackware:/usr/local/src# <span style="color:red;">cd httpd-2.2.11/</span><br /></code></td> </tr></table><p>4) Open config.layout file using text editor and insert text below (There are configurations for other Linux distributions, freeBSD, openBSD, etc but no Slackware). You can check all these configurations in the Slackware httpd package (use explodepkg) to be sure that you follow Slackware standard.</p> <table><tr><td><code># Layout for Slackware Linux<br /><layout slackware=""><br /> prefix: /usr<br /> exec_prefix: ${prefix}<br /> bindir: ${prefix}/bin<br /> sbindir: ${prefix}/sbin<br /> libdir: ${prefix}/lib<br /> libexecdir: ${prefix}/lib/libexec<br /> mandir: ${prefix}/man<br /> sysconfdir: /etc/httpd<br /> datadir: /var/www<br /> installbuilddir: ${datadir}/build<br /> errordir: ${datadir}/error<br /> iconsdir: ${datadir}/icons<br /> htdocsdir: ${datadir}/htdocs<br /> manualdir: ${datadir}/manual<br /> cgidir: ${datadir}/cgi-bin<br /> includedir: ${exec_prefix}/include/httpd<br /> localstatedir: /var<br /> runtimedir: ${localstatedir}/run<br /> logfiledir: ${localstatedir}/log/httpd<br /> proxycachedir: ${localstatedir}/cache/httpd<br /></layout><br /></code></td> </tr></table><p>5) Save config.layout file when you are done. The next step is we are going to run <b>configure</b>. See the example below:</p> <table><tr><td><code>root@slackware:/usr/local/src/httpd-2.2.11# <span style="color:red;">./configure --enable-layout=Slackware --enable-module=most --enable-mods-shared=most --enable-ssl=shared</span><br /></code></td> </tr></table><p>6) Run <b>make</b></p> <table><tr><td><code>root@slackware:/usr/local/src/httpd-2.2.11# <span style="color:red;">make</span><br /></code></td> </tr></table><p>7) Run <b>make install</b></p> <table><tr><td><code>root@slackware:/usr/local/src/httpd-2.2.11# <span style="color:red;">make install</span><br /></code></td> </tr></table><p>That's it. Now we have Apache httpd installed in our Slackware server now. It's time to start the httpd service.</p> <h2>Start, stop and restart httpd (http daemon - Apache service) in Slackware Linux</h2> <p>All Slackware daemons can be found in /etc/rc.d/ directory. Slackware Apache daemon is rc.httpd. If you don't have rc.httpd in /etc/rc.d directory, you can copy the script below:</p> <table><tr><td><code>#!/bin/sh<br /> #<br /> # /etc/rc.d/rc.httpd<br /> #<br /> # Start/stop/restart/graceful[ly restart]/graceful[ly]-stop<br /> # the Apache (httpd) web server.<br /> #<br /> # To make Apache start automatically at boot, make this<br /> # file executable: chmod 755 /etc/rc.d/rc.httpd<br /> #<br /> # For information on these options, "man apachectl".<br /><br /> case "$1" in<br /> 'start')<br /> /usr/sbin/apachectl -k start<br /> ;;<br /> 'stop')<br /> /usr/sbin/apachectl -k stop<br /> killall httpd<br /> rm -f /var/run/httpd/*.pid<br /> ;;<br /> 'restart')<br /> /usr/sbin/apachectl -k restart<br /> ;;<br /> 'graceful')<br /> /usr/sbin/apachectl -k graceful<br /> ;;<br /> 'graceful-stop')<br /> /usr/sbin/apachectl -k graceful-stop<br /> ;;<br /> *)<br /> echo "Usage: $0 {start|stop|restart|graceful|graceful-stop}"<br /> ;;<br /> esac<br /></code></td> </tr></table><p>Change /etc/rc.d/rc.httpd permission to make it starts during reboot:</p> <table><tr><td><code>root@slackware:/etc/rc.d# <span style="color:red;">chmod 755 rc.httpd</span><br /></code></td> </tr></table><p>Here is the command to start Apache httpd service in Slackware:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/etc/rc.d/rc.httpd start</span><br /> httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName<br /> root@slackware:~#<br /></code></td> </tr></table><p>Here is a command to restart Apache httpd service in Slackware:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/etc/rc.d/rc.httpd restart</span><br /> httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName<br /> root@slackware:~#<br /></code></td> </tr></table><p>Here is a command to stop Apache httpd service in Slackware:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/etc/rc.d/rc.httpd stop</span><br /> httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName<br /> root@slackware:~#<br /></code></td> </tr></table><p>We have to start Slackware httpd service to use Apache web server. In the example above, we have warning every time we start, restart and stop httpd service. This warning indicates that our dns is not properly configured but we still can test our web server using localhost. So let's test our Apache httpd server right away. Open web browser and type <b><a href="http://localhost">http://localhost</a></b> in the url (you can also use ip address 127.0.0.1, which is the loopback ip address). If you have lynx, you can type <b>lynx localhost</b> to check our web server from the command line terminal. Press enter and you should have the same result as the example below:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">lynx localhost</span><br /></code></td> </tr></table><p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/localhost.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/localhost.png" alt="Example testing Apache httpd web server using lynx screenshot image" /></a></p> <h2>Configure Apache httpd server in Slackware Linux</h2> <p>Slackware httpd server configuration files can be found in /etc directory. The main http server configuration file is httpd.conf. We can customize our web server by editing this file. Here are the most basic configuration that you need to edit in the httpd.conf file:</p> <p>Add <b>index.php</b>, <b>index.htm</b> and <b>index.xhtml</b> in the <em>DirectoryIndex</em>:</p> <table><tr><td><code>&lt;IfModule dir_module&gt;<br /> DirectoryIndex index.html index.php index.htm index.xhtml<br /> &lt;/IfModule&gt;<br /></code></td> </tr></table><p>Set your email address to receive any problems with the server:</p> <table><tr><td><code>ServerAdmin root@example.com</code></td> </tr></table><p>ServerName gives the name and port that the server uses to identify itself. If your host doesn't have a registered DNS name, enter its IP address here. You can also set as localhost like in the example below:</p> <table><tr><td><code>ServerName localhost:80</code></td> </tr></table><p>You also need to remove comment(#) from the line below:</p> <table><tr><td><code># Various default settings<br /> #Include /etc/httpd/extra/httpd-default.conf</code></td> </tr></table><p>to be like this:</p> <table><tr><td><code># Various default settings<br /> Include /etc/httpd/extra/httpd-default.conf</code></td> </tr></table><p>That is the basic configuration that you need to do. Everything else is up to you. There are several other things to setup for the content management system. You can find specific setting for apache httpd.conf in joomla and Drupal tutorials. When you finished, save and exit.</p> <p>Create a new html file to test our new Apache httpd configuration just for fun. Below is the example:</p> <table><tr><td><code>root@slackware:/etc/httpd# <span style="color:red;">cd /var/www/htdocs/</span><br /> root@slackware:/var/www/htdocs# <span style="color:red;">cat &gt; index.html</span><br /> &lt;html&gt;<br /> &lt;head&gt;<br /> &lt;title&gt;Slackware Apache httpd configuration testing.&lt;/title&gt;<br /> &lt;/head&gt;<br /><br /> &lt;body&gt;<br /> &lt;h1&gt;This is a testing page.&lt;/h1&gt;<br /> &lt;p&gt;It works alright!&lt;/p&gt;<br /> &lt;/body&gt;<br /> &lt;/html&gt;<br /></code></td> </tr></table><p>Now we can restart httpd service again and test the new configuration. Here is the command: </p> <table><tr><td><code>root@slackware:/etc/httpd# <span style="color:red;">/etc/rc.d/rc.httpd restart</span><br /></code></td> </tr></table><p>Here is the result:</p> <table><tr><td><code>root@slackware:/var/www/htdocs# <span style="color:red;">lynx localhost</span> </code></td> </tr></table><p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/test-apache-httpd01.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/test-apache-httpd01.png" alt="Check Apache web server screenshot image" /></a></p> <p>One thing to remember, in the future when restarting httpd after upgrade to the latest slackware httpd package, the httpd.conf file will be override. So you might not be able to view some of your websites. However, Slackware does not delete the old httpd.conf configuration file. What you need to do is just copy your configuration to the new file and restart httpd service again.</p> <p>That's all. Good luck.</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/8" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">web server</a></div></div></div> Wed, 24 Jun 2009 05:45:46 +0000 jinlusuh 126 at http://basicconfig.com http://basicconfig.com/linuxnetwork/setup_linux_web_server-install_configure_apache_slackware#comments Setup and configure MYSQL in Slackware Linux http://basicconfig.com/linuxservers/setup_configure_mysql_slackware <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Mysql is a popular open source database which being used as database server by many organizations around the world. Normally, Mysql is used together with PHP server-side scripting language, Apache web server and Linux as the server platform. This tutorial is a step by step guide on how to setup and configure mysql in Slackware Linux. If you are looking for this, then let's get started now.</p> <p>First thing to do is to check whether mysql user and mysql group already exist in the system. You should have them if you installed mysql package during Slackware 12.2 installation.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">less /etc/passwd | grep mysql</span><br /> mysql:x:27:27:MySQL:/var/lib/mysql:/bin/false<br /> root@slackware:~#<br /> root@slackware:~# <span style="color:red;">less /etc/group | grep mysql</span><br /> mysql:x:27:<br /></code></td> </tr></table><p>Create new mysql user and mysql group if you don't have them. Learn how to create a new user in Slackware with <a href="/linux/adduser" target="_blank">Linux adduser command - add new user account in Linux system</a> tutorial. You can find information about Linux group in <a href="/linux/grpadd" target="_blank">groupadd command - manage groups in Linux system</a> tutorial.</p> <p>Check if a directory name <strong>mysql</strong> exist in /var/run directory.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">ls /var/run/ | grep mysql</span><br /> mysql/<br /> root@slackware:~#<br /></code></td> </tr></table><p>Create a new directory named <strong>mysql</strong> in /var/run directory if it's not there. Learn how to create new directory in Slackware in mkdir tutorial. When you are done, check mysql directory ownership. It must be owned by mysql user and mysql group.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">ls -l /var/run/ | grep mysql</span><br /> drwxr-xr-x 2 mysql mysql 4096 2008-10-05 13:29 mysql/<br /> root@slackware:~#<br /></code></td> </tr></table><p>You can change directory ownership with Linux chown command. See the example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">chown -R mysql.mysql /var/run/mysql/</span><br /> root@slackware:~#<br /></code></td> </tr></table><p>Install or upgrade mysql package in your Slackware system. See example on how to install mysql using slackpkg command below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">slackpkg install mysql</span><br /><br /> Looking for mysql in package list. Please wait... DONE<br /><br /> No packages match the pattern for install. Try:<br /><br /> /usr/sbin/slackpkg reinstall|upgrade<br /></code></td> </tr></table><p>If you see the same result as the example above, try running the command again but using slackpkg upgrade option instead. Don't worry if you see the same result again. You probably have mysql installed and upgrade to the latest version already. You can confirm it by checking the installed packages in log directory. See the example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">ls -l /var/log/packages/ | grep mysql</span><br /> -rw-r--r-- 1 root root 8159 2009-02-28 01:25 mysql-5.0.67-i486-1<br /></code></td> </tr></table><h2>Configure mysql in Slackware 12.2</h2> <p>There is a slight different on how to configure mysql in Slackware 12.2. You can follow the step by step mysql configuration example below:</p> <p>Create mysql user and mysql group:</p> <ol><li><a href="mailto:root@slackware">root@slackware</a>:~# groupadd mysql</li> <li><a href="mailto:root@slackware">root@slackware</a>:~# useradd -G mysql -d /var/lib/mysql -s /bin/false mysql</li> </ol><p>You can also use usermod command to add mysql user to mysql group if mysql user already exist. See the example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">usermod -G mysql mysql</span><br /> root@slackware:~# <span style="color:red;">id mysql</span><br /> uid=27(mysql) gid=27(mysql) groups=27(mysql)<br /></code></td> </tr></table><p>You have to create a new mysql configuration file called <b>my.cnf</b>. This can be done easily by copying the example (existing) configuration files in the /etc directory. You can view all available mysql configuration files in /etc directory using grep command. See the example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">ls -l /etc/ | grep my</span><br /> -rw-r--r-- 1 root root 4972 2008-10-05 13:29 my-huge.cnf<br /> -rw-r--r-- 1 root root 4948 2008-10-05 13:29 my-large.cnf<br /> -rw-r--r-- 1 root root 4955 2008-10-05 13:29 my-medium.cnf<br /> -rw-r--r-- 1 root root 2525 2008-10-05 13:29 my-small.cnf<br /> root@slackware:~#<br /> root@slackware:~# <span style="color:red;">cp /etc/my-medium.cnf /etc/my.cnf<span style="color:red;"> <p></p></span></span></code></td> </tr></table><p>Create mysql database as Slackware 12.2 recommended:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">mysql_install_db --user=mysql</span><br /> Installing MySQL system tables...<br /> 090423 12:35:45 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295<br /> 090423 12:35:45 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295<br /> OK<br /> Filling help tables...<br /> 090423 12:35:45 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295<br /> 090423 12:35:45 [Warning] option 'max_join_size': unsigned value 18446744073709551615 adjusted to 4294967295<br /> OK<br /><br /> To start mysqld at boot time you have to copy<br /> support-files/mysql.server to the right place for your system<br /><br /> PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER !<br /> To do so, start the server, then issue the following commands:<br /> /usr/bin/mysqladmin -u root password 'new-password'<br /> /usr/bin/mysqladmin -u root -h slackware password 'new-password'<br /><br /> Alternatively you can run:<br /> /usr/bin/mysql_secure_installation<br /><br /> which will also give you the option of removing the test<br /> databases and anonymous user created by default. This is<br /> strongly recommended for production servers.<br /><br /> See the manual for more instructions.<br /><br /> You can start the MySQL daemon with:<br /> cd /usr ; /usr/bin/mysqld_safe &amp;<br /><br /> You can test the MySQL daemon with mysql-test-run.pl<br /> cd mysql-test ; perl mysql-test-run.pl<br /><br /> Please report any problems with the /usr/bin/mysqlbug script!<br /><br /> The latest information about MySQL is available on the web at<br /> http://www.mysql.com<br /> Support MySQL by buying support/licenses at http://shop.mysql.com<br /> root@slackware:~#<br /></code></td> </tr></table><p>To start mysql daemon at boot time, we can change the mysqld script file permission, the /etc/rc.d/rc.mysqld.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">chmod 755 /etc/rc.d/rc.mysqld</span><br /> root@slackware:~# <span style="color:red;">ls -l /etc/rc.d/ | grep mysqld</span><br /> -rwxr-xr-x 1 root root 2585 2008-10-05 13:29 rc.mysqld*<br /></code></td> </tr></table><p>Create password for mysql root user:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/usr/bin/mysqladmin -u root password 'new_password'</span><br /> /usr/bin/mysqladmin: connect to server at 'localhost' failed<br /> error: 'Can't connect to local MySQL server through socket '/var/run/mysql/mysql.sock' (2)'<br /> Check that mysqld is running and that the socket: '/var/run/mysql/mysql.sock' exists!<br /></code></td> </tr></table><p>Opss...we got an error there. We forgot to start mysql daemon (mysql server) first. Let's start the server now:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/usr/bin/mysqld_safe &amp;</span><br /></code></td> </tr></table><p>Now we can create password for root user by invoking the command again. However, before you do that, here is another option. There is a tool that provide basic security for mysql including setup root password that you can run. The tool is <b>mysql_secure_installation</b>. It's recommended you run this command. See the example below:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">mysql_secure_installation</span><br /><br /> NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL<br /> SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!<br /><br /> In order to log into MySQL to secure it, we'll need the current<br /> password for the root user. If you've just installed MySQL, and<br /> you haven't set the root password yet, the password will be blank,<br /> so you should just press enter here.<br /><br /> Enter current password for root (enter for none):<br /><br /> In order to log into MySQL to secure it, we'll need the current<br /> password for the root user. If you've just installed MySQL, and<br /> you haven't set the root password yet, the password will be blank,<br /> so you should just press enter here.<br /><br /> Enter current password for root (enter for none):<br /> OK, successfully used password, moving on...<br /><br /> Setting the root password ensures that nobody can log into the MySQL<br /> root user without the proper authorisation.<br /><br /> You already have a root password set, so you can safely answer 'n'.<br /><br /> Change the root password? [Y/n] Y<br /> ... Success!<br /><br /> By default, a MySQL installation has an anonymous user, allowing anyone<br /> to log into MySQL without having to have a user account created for<br /> them. This is intended only for testing, and to make the installation<br /> go a bit smoother. You should remove them before moving into a<br /> production environment.<br /><br /> Remove anonymous users? [Y/n] Y<br /> ... Success!<br /><br /> Normally, root should only be allowed to connect from 'localhost'. This<br /> ensures that someone cannot guess at the root password from the network.<br /><br /> Disallow root login remotely? [Y/n] Y<br /> ... Success!<br /><br /> By default, MySQL comes with a database named 'test' that anyone can<br /> access. This is also intended only for testing, and should be removed<br /> before moving into a production environment.<br /><br /> Remove test database and access to it? [Y/n] Y<br /> - Dropping test database...<br /> ... Success!<br /> - Removing privileges on test database...<br /> ... Success!<br /><br /> Reloading the privilege tables will ensure that all changes made so far<br /> will take effect immediately.<br /><br /> Reload privilege tables now? [Y/n] Y<br /> ... Success!<br /><br /> Cleaning up...<br /><br /> All done! If you've completed all of the above steps, your MySQL<br /> installation should now be secure.<br /><br /> Thanks for using MySQL!<br /><br /> root@slackware:~#<br /></code></td> </tr></table><p>That's it. The mysql server is ready. We can test login and create a new database.</p> <h2>Testing mysql</h2> <p>We can test login into mysql now:</p> <table><tr><td><code>luzar@slackware:~$ mysql<br /> ERROR 1045 (28000): Access denied for user 'luzar'@'localhost' (using password: NO)<br /> luzar@slackware:~$ <span style="color:red;">mysql -u root -p</span><br /> Enter password:<br /> Welcome to the MySQL monitor. Commands end with ; or \g.<br /> Your MySQL connection id is 8<br /> Server version: 5.0.67-log Source distribution<br /><br /> Type 'help;' or '\h' for help. Type '\c' to clear the buffer.<br /><br /> mysql&gt;<br /></code></td> </tr></table><p>To view databases, we can use SHOW DATABASES command:</p> <table><tr><td><code>mysql&gt; <span style="color:red;">SHOW databases;</span><br /> +--------------------+<br /> | Database |<br /> +--------------------+<br /> | information_schema |<br /> | mysql |<br /> +--------------------+<br /> 2 rows in set (0.00 sec)<br /><br /> mysql&gt;<br /></code></td> </tr></table><p>We can create a new database with CREATE DATABASE command. See the example on how to create a new database below:</p> <table><tr><td><code>mysql&gt; <span style="color:red;">CREATE DATABASE basicconfig</span><br /> -&gt; ;<br /> Query OK, 1 row affected (0.00 sec)<br /><br /> mysql&gt; SHOW DATABASES;<br /> +--------------------+<br /> | Database |<br /> +--------------------+<br /> | information_schema |<br /> | basicconfig |<br /> | mysql |<br /> +--------------------+<br /> 3 rows in set (0.00 sec)<br /><br /> mysql&gt;<br /></code></td> </tr></table><p>We can delete a database with DROP DATABASE command. See the example on how to drop a database example below:</p> <table><tr><td><code>mysql&gt; <span style="color:red;">DROP DATABASE basicconfig;</span><br /> Query OK, 0 rows affected (0.01 sec) <p>mysql&gt; SHOW DATABASES;<br /> +--------------------+<br /> | Database |<br /> +--------------------+<br /> | information_schema |<br /> | mysql |<br /> +--------------------+<br /> 2 rows in set (0.00 sec)<br /><br /> mysql&gt;<br /></p></code></td> </tr></table><p>Finally, to exit mysql, use QUIT command or <b>\q</b> command:</p> <table><tr><td><code>mysql&gt; <span style="color:red;">QUIT</span><br /> Bye<br /> luzar@slackware:~$<br /></code></td> </tr></table><h2>Uninstall mysql and remove mysql data</h2> <p>I don't know what your reason is, but if you need to remove mysql from Slackware, here are steps that you need:</p> <p>Stop mysql service:</p> <table><tr><td><code>root@slackware:~# killall -9 mysqld mysqld_safe<br /> [1]+ Killed /usr/bin/mysqld_safe<br /> root@slackware:~#<br /></code></td> </tr></table><p>Uninstall mysql using slackpkg:</p> <table><tr><td><code>root@slackware:~# slackpkg remove mysql<br /></code></td> </tr></table><p>Remove remaining mysql data and directory.</p> <table><tr><td><code>root@slackware:~# rm -r /var/lib/mysql/<br /> root@slackware:~# rm /etc/my.cnf<br /></code></td> </tr></table><p>Run <em>updatedb</em> command and invoke <em>locate mysql</em> to find remaining mysql data if you want.</p> <p>That's all. Good luck!</p> <p>Slackware 14.1 drop mysql and use MariaDB instead. If you are looking for that, you can read a tutorial on how to <a href="/linuxsoftware/configure-mariadb-slackware-141">Configure MariaDB in Slackware 14.1</a>.</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div></div></div> Sun, 26 Apr 2009 05:54:03 +0000 jinlusuh 122 at http://basicconfig.com http://basicconfig.com/linuxservers/setup_configure_mysql_slackware#comments Linux DNS server setup - Install and configure BIND in Slackware http://basicconfig.com/slackware_linux_dns_server_setup <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>This tutorial is a complete guide for setting up <b>bind</b> as a dns server in Linux operating system. We'll setup bind version 9 in Slackware 12.2. Here are all the steps needed to setup bind dns server in Slackware Linux:</p> <ol><li>Install or upgrade bind package to the latest package released.</li> <li>Configure dns server configuration file.</li> <li>Setup additional zones. </li> <li>Start dns service.</li> <li>Testing and troubleshooting dns server.</li> <li>Setup a private bind dns server</li> </ol><h2>Install or upgrade bind package to the latest package released</h2> <p>To install dns server in Linux system, you need to install <em>bind package</em> which contains all dns configuration files and dns testing tools such as <em>&gt;dig</em> and <em>nslookup</em>. The first step we need to do is, use slackpkg to check the latest update packages for Slackware Linux operating system. If you don't have slackpkg in your system, you can use pkgtool or manually check for bind package in /var/log/packages directory. If you need to update the bind package manually, get the latest stable version from Slackware official website. </p> <p>Run <b>slackpkg update</b> command to get the latest packages list from Slackware mirror site:</p> <table><tr><td><code>root@slackware:~# slackpkg update<br /><br /> Updating the package lists...<br /> Downloading...<br /> Downloading ChangeLog.txt...<br /> --2009-03-24 18:36:08-- ftp://ftp.cerias.purdue.edu/pub/os/slackware/slackware-12.2/ChangeLog.txt<br /> =&gt; `/tmp/slackpkg.qLFhaR/ChangeLog.txt'<br /> Resolving ftp.cerias.purdue.edu...<br /> ...<br /> ...<br /> ...<br /> Formatting lists to slackpkg style...<br /> Package List<br /> Package descriptions<br /><br /> root@slackware:~#<br /></code></td> </tr></table><p>Upgrade bind package if it is available. You can upgrade all packages to the latest version by running the slackpkg upgrade-all option. This step is necessary to make Slackware server patched to the latest security update.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">slackpkg upgrade-all</span><br /><br /> Looking for packages to upgrade. Please wait...<br /> ...<br /> ...<br /></code></td> </tr></table><p>Check Slackware bind package</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">slackpkg search bind</span> <p>The list below shows all packages with the selected pattern.<br /><span style="color:blue;">[ upgrade ] - bind-9.4.3_P1-i486-1_slack12.2 --&gt; bind-9.4.2_P2-i486-1</span><br /></p></code></td> </tr></table><p>So bind package has been upgraded to the latest package released. Good, that's what we need. If you didn't find bind in your system, then you have to install bind package. Here is the command syntax on how to install bind package using slackpkg:</p> <table><tr><td><code>root@slackware:~# slackpkg install bind<br /><br /> Looking for bind in package list. Please wait... DONE<br /></code></td> </tr></table><p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/install_bind.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/install_bind.png" alt="Install bind screenshot image" /></a></p> <p>Click OK to install bind.</p> <p>If you didn't installed slackpkg, then you can use pgktool and install bind package from Slackware installation dvd. Here are the steps:</p> <ol><li>Insert dvd into dvd-rom drive.</li> <li>Mount dvd with this command: <b>mount /dev/cdrom /mnt/cdrom</b> or <b>mount /dev/sdc /mnt/cdrom</b>. Change <i>sdc</i> with your cdrom drive name.</li> <li>Change directory to /mnt/cdrom/slackware/n. </li> <li>Open pkgtool by invoke pkgtool from the command line. </li> <li>Choose <b>Current - Install package from current directory</b>.</li> <li>Unmount and eject cd with <b>umount /mnt/cdrom/</b> and <b>eject</b> command respectively.</li> </ol><h2>Configure dns server configuration file</h2> <p>The dns master configuration file is named.conf. Its location is /etc/named.conf. We better backup this file first for safety reason if we screw up later.</p> <table><tr><td><code>root@slackware:/etc# <span style="color:red;">cp named.conf named.conf.bac</span><br /> root@slackware:/etc# <span style="color:red;">ls -l | grep named.conf</span><br /> -rw-r--r-- 1 root root 681 2008-04-14 06:07 named.conf<br /> -rw-r--r-- 1 root root 681 2008-12-01 01:13 named.conf.bak<br /> root@slackware:/etc#<br /></code></td> </tr></table><p>Let's view the named.conf file with less command: </p> <table><tr><td><code>options {<br /> directory "/var/named";<br /> /*<br /> * If there is a firewall between you and nameservers you want<br /> * to talk to, you might need to uncomment the query-source<br /> * directive below. Previous versions of BIND always asked<br /> * questions using port 53, but BIND 8.1 uses an unprivileged<br /> * port by default.<br /> */<br /> // query-source address * port 53;<br /><br /> /*<br /> * ISP dns server ip address<br /> */<br /> forward first;<br /> forwarders {<br /> 200.188.1.123;<br /> 200.188.1.124;<br /> };<br /><br /> };<br /><br /> //<br /> // a caching only nameserver config<br /> //<br /> zone "." IN {<br /> type hint;<br /> file "caching-example/named.root";<br /> };<br /><br /> zone "localhost" IN {<br /> type master;<br /> file "caching-example/localhost.zone";<br /> allow-update { none; };<br /> };<br /><br /> zone "0.0.127.in-addr.arpa" IN {<br /> type master;<br /> file "caching-example/named.local";<br /> allow-update { none; };<br /> };<br /></code></td> </tr></table><p>This is the default named.conf configuration. By default, named.conf file only configured for localhost. So we need to edit or add our domain in this file later. We also need to create new dns zone files for our domain. We can see that all dns zone files were kept in /var/named/caching-example directory. So let's view /var/named/caching-example directory: </p> <table><tr><td><code>root@slackware:/etc# <span style="color:red;">ls -l /var/named/caching-example/</span><br /> total 16<br /> -rw-r--r-- 1 root root 195 2008-09-17 15:26 localhost.zone<br /> -rw-r--r-- 1 root root 2878 2008-09-17 15:26 named.ca<br /> -rw-r--r-- 1 root root 433 2008-09-17 15:26 named.local<br /> -rw-r--r-- 1 root root 2878 2008-09-17 15:26 named.root<br /> root@slackware:/etc#<br /></code></td> </tr></table><h2>Setup additional dns zones</h2> <p>You know that to setup dns you need a qualified domain name? That's true but not totally true. You can setup local BIND caching name server for your local network to speed up dns lookups, which in turn will speed up all of your Internet services. Here are examples of default configuration zone files for bind dns server:</p> <p>This is localhost.zone file default configuration. It is configured for localhost:</p> <table><tr><td><code>$TTL 86400<br /> $ORIGIN localhost.<br /> @ 1D IN SOA @ root (<br /> 42 ; serial (d. adams)<br /> 3H ; refresh<br /> 15M ; retry<br /> 1W ; expiry<br /> 1D ) ; minimum<br /><br /> 1D IN NS @<br /> 1D IN A 127.0.0.1<br /></code></td> </tr></table><p>This is named.local file default configuration. As you can see in the /etc/named.conf file configuration above, this is the reverse dns configuration file, also configured for localhost:</p> <table><tr><td><code>$TTL 86400<br /> @ IN SOA localhost. root.localhost. (<br /> 1997022700 ; Serial<br /> 28800 ; Refresh<br /> 14400 ; Retry<br /> 3600000 ; Expire<br /> 86400 ) ; Minimum<br /> IN NS localhost.<br /><br /> 1 IN PTR localhost.<br /></code></td> </tr></table><p>When we added our new domain, we'll just need to copy and configure these two files to setup bind dns server, for private dns or public dns. We leave alone the cache zone file, <em>named.ca</em> and the master list of the root name servers, <em>named.root</em>. Well, the named.root should be update from time to time though. Normally once a month because it does not change very often. Get latest update named.root from <a href="ftp://ftp.internic.net/domain/named.root" target="_blank">ftp.internic.net</a>.</p> <p>These are normal terms or jargon that we should know to understand bind configuration files:</p> <ul><li>$TTL - sets a default time-to-live. </li> <li>w - For week</li> <li>d - For day</li> <li>h - For hour</li> <li>m - For minute</li> <li>s - For second</li> <li>@ - same as $ORIGIN.</li> <li>IN - Defines the address class; IN = Internet.</li> <li>SOA - Start of Authority - Indicates authority for this zone.</li> <li>Serial number - Serial number in YYYYMMDDSS, where SS is number the file changed.</li> <li>Refresh - Tells dns slave, or secondary servers how often to check for updates.</li> <li>Retry - Tells the secondary server how often it should resend the request if fails.</li> <li>Expire - Period of time the secondary server can use its existing data.</li> <li>Minimum, or Negative-caching TTL - Cached on non-authoritative servers.</li> <li>A - Alias record - Name-to-address mapping.</li> <li>PTR - Address-to-name mapping.</li> <li>CNAME - (canonical name) alias to an A record.</li> <li>NS - Lists a nameserver for this zone.</li> </ul><h2>Setup local caching name server(cache dns)</h2> <p>In Slackware, we don't have to edit anything to setup local caching name server. As you can see above, the localhost already configured! What we have to do is just enable bind daemon and run the service. Let's see if what I say is true.</p> <h2>Start dns service</h2> <p>Bind uses standalone server which means it's not included in <em>inetd</em> master server. So we have to make it executable to start the service. Here are the steps you need to do:</p> <p>Change bind daemon's permission and make it executable. Here is an example:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">ls -l /etc/rc.d/rc.bind</span><br /> -rw-r--r-- 1 root root 3116 2008-04-14 05:48 /etc/rc.d/rc.bind<br /> root@slackware:~# <span style="color:red;">chmod 755 /etc/rc.d/rc.bind</span><br /> root@slackware:~# <span style="color:red;">ls -l /etc/rc.d/rc.bind</span><br /> -rwxr-xr-x 1 root root 3116 2008-04-14 05:48 /etc/rc.d/rc.bind*<br /> root@slackware:~#<br /></code></td> </tr></table><p>Now we can start the service. Here is an example command to start bind service(dns service) in Slackware:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">/etc/rc.d/rc.bind start</span><br /> Starting BIND: /usr/sbin/named<br /> root@slackware:~#<br /></code></td> </tr></table><p>The bind service has been started and it should be running now. But how do we now that our local caching name server is running ok?</p> <h2>Testing and troubleshooting dns server</h2> <p>To check named.conf configuration file, we can use <b>named-checkconf</b> tool:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">named-checkconf /etc/named.conf</span><br /></code></td> </tr></table><p>To check zone configuration file, we can use <b>named-checkzone</b> tool:</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">named-checkzone localhost /var/named/caching-example/localhost.zone</span><br /></code></td> </tr></table><p>Use dig command to query reverse lookup.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">dig -x 127.0.0.1</span> <p>; &gt; DiG 9.4.2-P2 &gt; -x 127.0.0.1<br /> ;; global options: printcmd<br /> ;; Got answer:<br /> ;; -&gt;&gt;HEADER ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br /> ;; WARNING: recursion requested but not available<br /><br /> ;; QUESTION SECTION:<br /> ;1.0.0.127.in-addr.arpa. IN PTR<br /><br /> ;; ANSWER SECTION:<br /> 1.0.0.127.in-addr.arpa. 10000 IN PTR localhost.<br /><br /> ;; Query time: 7 msec<br /> ;; SERVER: 192.168.1.1#53(192.168.1.1)<br /> ;; WHEN: Mon Dec 1 22:59:54 2008<br /> ;; MSG SIZE rcvd: 63<br /></p></code></td> </tr></table><p>Run <em>dig hostname</em> command to query server response.</p> <table><tr><td><code>root@slackware:~# <span style="color:red;">dig localhost</span><br /><br /> ; &gt; DiG 9.4.2-P2 &gt; localhost<br /> ;; global options: printcmd<br /> ;; Got answer:<br /> ;; -&gt;&gt;HEADER ;; flags: qr rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0<br /> ;; WARNING: recursion requested but not available<br /><br /> ;; QUESTION SECTION:<br /> ;localhost. IN A<br /><br /> ;; ANSWER SECTION:<br /> localhost. 10000 IN A 127.0.0.1<br /><br /> ;; Query time: 3 msec<br /> ;; SERVER: 192.168.1.1#53(192.168.1.1)<br /> ;; WHEN: Mon Dec 1 23:01:09 2008<br /> ;; MSG SIZE rcvd: 43<br /><br /> root@slackware:~#<br /></code></td> </tr></table><p>We got response there, didn't we? At the answer section there we got <b>localhost</b> respond to our query.</p> <h2>Setup a private bind dns server</h2> <p>To setup a private bind dns server, we need to add a new zone in the /etc/named.conf file and configure a new zone in /var/named/caching-example. This is an example of a new zone and it's reversed name resolution zone that you can add in /etc/named.conf for private dns server:</p> <table><tr><td><code>zone "example.com" in {<br /> allow-transfer { any; };<br /> file "caching-example/zone.example.com";<br /> type master;<br /> };<br /><br /> // Set up reversed name resolution<br /> zone "1.168.192.in-addr.arpa" {<br /> type master;<br /> file "caching-example/192.zone";<br /> };<br /></code></td> </tr></table><p>Make a copy of <em>localhost.zone</em> file and named it zone.example.com (name it zone.yourdomain.com). Below is my zone.example.com configuration. You can edit this file, add other servers you have in your network and just change names and ip addresses to your own.</p> <table><tr><td><code>;<br /> ; Data for private bind dns server<br /> ;<br /> $TTL 1D<br /> @ 1D IN SOA slackware.example.com. root.example.com. (<br /> 2008120101 ; serial<br /> 3H ; refresh<br /> 15M ; retry<br /> 1W ; expiry<br /> 1D ) ; minimum<br /><br /> ;<br /><br /> @ IN NS slackware.example.com.<br /> @ IN A 192.168.1.3<br /> slackware IN A 192.168.1.3<br /> web IN CNAME slackware.example.com.<br /></code></td> </tr></table><p>This is the reversed name resolution zone configuration:</p> <table><tr><td><code>;<br /> ; Reverse lookup dns zone file for private bind dns server<br /> ;<br /> $TTL 1D<br /> @ IN SOA slackware.example.com. root.example.com. (<br /> 2008112302 ; Serial<br /> 604800 ; Refresh<br /> 86400 ; Retry<br /> 2419200 ; Expire<br /> 86400 ) ; Negative Cache TTL<br /><br /> @ IN NS slackware.<br /> 3 IN CNAME slackware.example.com.<br /></code></td> </tr></table><p>You need to restart the bind service before your new dns takes effect. Before you restart the service, make sure you check /etc/named.conf and zone files syntax as mentioned in the testing dns section above. If you encounter problems, you can always check log file in <b>/var/log/messages</b>.</p> <p>Setting up a private and a public dns server is the same except for a public bind dns server you need a qualified domain name and ip address. So you can practice create a private bind dns server for your LAN first before implement the real public bind dns setup. That's all. Good luck!</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/20" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux dns</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div></div></div> Tue, 24 Mar 2009 11:10:32 +0000 jinlusuh 124 at http://basicconfig.com http://basicconfig.com/slackware_linux_dns_server_setup#comments Linux network - Install and configure proftpd in Ubuntu Server http://basicconfig.com/linuxnetwork/install_configure_proftpd_ubuntu_server <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>There are many ftp server packages available for Ubuntu server such as pure-ftpd, proftpd and vsftpd. Proftpd ftp server has been around quite some times in Linux. It is known for its stability and highly configurable. This tutorial is a complete guide on how to setup proftpd as a ftp server in Ubuntu server. Here are the topics covered in this tutorial:</p> <ol><li><a href="#install-proftpd">Install proftpd package in Ubuntu server using apt-get</a></li> <li><a href="#configure-proftpd">Configure proftpd in Ubuntu server</a></li> <li><a href="#restart-proftpd">Restart proftpd service</a></li> <li><a href="#troubleshoot-proftpd">Troubleshooting tips for proftpd error</a></li> <li><a href="#authuserfile-proftpd">Setup AuthUserFile for proftpd authentication</a></li> </ol><h2><a name="install-proftpd" id="install-proftpd">Install proftpd package in Ubuntu server using apt-get</a></h2> <p>Here is an example of how to install proftpd package in Ubuntu Server using apt-get package manager: </p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo apt-get install proftpd</span><br /> [sudo] password for luzar:<br /> Reading package lists... Done<br /> Building dependency tree<br /> Reading state information... Done<br /> The following extra packages will be installed:<br /> libmysqlclient15off libpq5 mysql-common proftpd-basic proftpd-mod-ldap<br /> proftpd-mod-mysql proftpd-mod-pgsql update-inetd<br /> Suggested packages:<br /> proftpd-doc<br /> The following NEW packages will be installed:<br /> libmysqlclient15off libpq5 mysql-common proftpd proftpd-basic<br /> proftpd-mod-ldap proftpd-mod-mysql proftpd-mod-pgsql update-inetd<br /> 0 upgraded, 9 newly installed, 0 to remove and 0 not upgraded.<br /> Need to get 3704kB of archives.<br /> After this operation, 8045kB of additional disk space will be used.<br /> Do you want to continue [Y/n]? <span style="color:red;">Y</span><br /></code></td> </tr></table><p>Apt-get package manager pause the proftpd installation process waiting for your confirmation. Proftpd would use 8045kB of additional disk space. If you have no problem with that, answer <b>Y</b> and apt-get will continue the installation.</p> <p>The second time apt-get pause the installation process is when it needs your confirmation again for proftpd service configuration. Apt-get needs to know whether you want to run proftpd service (or daemon) as inetd or as a standalone service. Normally, ftp service is included in the super server, inetd. If you choose to run proftpd in inetd, it will save resources but will be effected every time inetd is stop or restart. Note that inetd holds many Linux services. It's recommended to run proftpd as a standalone service if you have a higher traffic and resources is not a problem for your server. </p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/install_proftpd_service.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/install_proftpd_service.png" alt="proftpd run service configuration screenshot image" /></a></p> <p>Make your choice and press <b>OK</b> to continue. You should get something like the example below when apt-get finished the installation: </p> <table><tr><td><code> * Starting ftp server proftpd [ OK ]<br /><br /> Setting up proftpd-mod-mysql (1.3.1-12ubuntu1) ...<br /> Setting up proftpd-mod-pgsql (1.3.1-12ubuntu1) ...<br /> Setting up proftpd-mod-ldap (1.3.1-12ubuntu1) ...<br /> Setting up proftpd (1.3.1-12ubuntu1) ...<br /> Processing triggers for libc6 ...<br /> ldconfig deferred processing now taking place<br /> luzar@ubuntu:~$<br /></code></td> </tr></table><h2><a name="configure-proftpd" id="configure-proftpd">Configure proftpd in Ubuntu server</a></h2> <p>Proftpd configuration file can be found in <b>/etc/proftpd/</b> directory. See the example below: </p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">cd /etc/proftpd/</span><br /> luzar@ubuntu:/etc/proftpd$ ls -l<br /> total 24<br /> -rw-r--r-- 1 root root 665 2009-02-14 15:51 ldap.conf<br /> -rw-r--r-- 1 root root 1453 2009-02-14 15:51 modules.conf<br /><span style="color:blue;">-rw-r--r-- 1 root root 5046 2009-02-14 15:51 proftpd.conf</span><br /> -rw-r--r-- 1 root root 864 2009-02-14 15:51 sql.conf<br /> -rw-r--r-- 1 root root 1717 2009-02-14 15:51 tls.conf<br /> luzar@ubuntu:/etc/proftpd$<br /></code></td> </tr></table><p>The main configuration file is proftpd.conf file. You can see that proftpd includes configuration files for other modules that its support. Now let's configure the proftpd.conf file.</p> <p>As usual, good practice before we start editing any configuration file is to back up the original file. Here is the command to make a duplicate copy of proftpd.conf file:</p> <table><tr><td><code>luzar@ubuntu:/etc/proftpd$ <span style="color:red;">sudo cp proftpd.conf proftpd.conf.ori</span><br /> [sudo] password for luzar:<br /> luzar@ubuntu:/etc/proftpd$ ls<br /> ldap.conf modules.conf proftpd.conf <span style="color:blue;">proftpd.conf.ori</span> sql.conf tls.conf<br /> luzar@ubuntu:/etc/proftpd$<br /></code></td> </tr></table><p>Open proftpd.conf file with vim editor or whatever text editor that you are familiar with. You are going to activate, deactivate and change default configuration to match your ftp server needs.</p> <p>Before begin modifying proftpd.conf file, you should know the common format of proftpd.conf. Here is the basic format:</p> <ul><li>Syntax: [directive-name] [some arguments] </li> <li>Default: [directive-name] [default-value] </li> <li>Context: [context-list] such as &lt;VirtualHost&gt;, &lt;Global&gt;, &lt;Anonymous&gt;, &lt;Directory&gt;</li> <li>Module: module-name </li> <li>Compatibility: compatibility notes </li> </ul><p>A full directives list can be found in the proftpd user's guide, under <b>References</b> in proftpd official website. The description and usage of each directive is also explained in the manual. Here is the link:</p> <p><a href="http://www.proftpd.org/docs/directives/configuration_full.html" target="_blank">A list of all configuration directives.</a></p> <p>The proftpd.conf file is pre-configured and should be working by default when we start the daemon. However, the default configuration only allows Linux system users and block anonymous. The example below shows a basic ftp server configuration for a system users and anonymous. Remember, to activate a directive, just remove <b>#</b> at the beginning of the line. To deactivate a directive, add <b>#</b> at the beginning of the line. The modified directives and options are in red colored font. There is a simple explanation about each modification while the directives which has been marked <b>default configuration</b> is left with its original option.</p> <p>Default configuration.</p> <table><tr><td><code># /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.<br /> # To really apply changes reload proftpd after modifications.<br /> #<br /><br /> # Includes DSO modules<br /> Include /etc/proftpd/modules.conf </code></td> </tr></table><p>Perhaps you should consider this line if you only use ipv4: </p> <table><tr><td><code># Set off to disable IPv6 support which is annoying on IPv4 only boxes.<br /> UseIPv6 <span style="color:red;">off</span> </code></td> </tr></table><p>Default configuration.</p> <table><tr><td><code># If set on you can experience a longer connection delay in many cases.<br /> IdentLookups off </code></td> </tr></table><p>Change ServerName according to your server system. Change ServerType according to what you chose during proftpd installation, inetd or standalone: </p> <table><tr><td><code>ServerName <span style="color:red;">"Ubuntu"</span><br /> ServerType <span style="color:red;">standalone</span><br /> DeferWelcome off </code></td> </tr></table><p>Default configuration.</p> <table><tr><td><code>MultilineRFC2228 on<br /> DefaultServer on<br /> ShowSymlinks on<br /><br /> TimeoutNoTransfer 600<br /> TimeoutStalled 600<br /> TimeoutIdle 1200 </code></td> </tr></table><p>You can announce rules for ftp user by editing welcome.msg which is located in /home/ftp.</p> <table><tr><td><code>DisplayLogin welcome.msg </code></td> </tr></table><p>Default configuration.</p> <table><tr><td><code>DisplayChdir .message true<br /> ListOptions "-l"<br /><br /> DenyFilter \*.*/ </code></td> </tr></table><p>Uncomment this to restrict Ubuntu users to their own account home directory. That means Ubuntu users were prevented to navigate outside of their home directory. The term always used for this is <b>chroot jail</b>.</p> <table><tr><td><code># Use this to jail all users in their homes<br /> DefaultRoot ~<br /></code></td> </tr></table><p>Default configuration.</p> <table><tr><td><code># Users require a valid shell listed in /etc/shells to login.<br /> # Use this directive to release that constrain.<br /> # RequireValidShell off<br /></code></td> </tr></table><p>Port 21 is the standard FTP port. You can change the port to improve security.</p> <table><tr><td><code># Port 21 is the standard FTP port.<br /> Port 21<br /></code></td> </tr></table><p>Default configuration.</p> <table><tr><td><code># In some cases you have to specify passive ports range to by-pass<br /> # firewall limitations. Ephemeral ports can be used for that, but<br /> # feel free to use a more narrow range.<br /> # PassivePorts 49152 65534<br /><br /> # If your host was NATted, this option is useful in order to<br /> # allow passive tranfers to work. You have to use your public<br /> # address and opening the passive ports used on your firewall as well.<br /> # MasqueradeAddress 1.2.3.4<br /><br /> # This is useful for masquerading address with dynamic IPs:<br /> # refresh any configured MasqueradeAddress directives every 8 hours<br /> &lt;IfModule mod_dynmasq.c&gt;<br /> # DynMasqRefresh 28800<br /> &lt;/IfModule&gt;<br /><br /> # To prevent DoS attacks, set the maximum number of child processes<br /> # to 30. If you need to allow more than 30 concurrent connections<br /> # at once, simply increase this value. Note that this ONLY works<br /> # in standalone mode, in inetd mode you should use an inetd server<br /> # that allows you to limit maximum number of processes per service<br /> # (such as xinetd)<br /> MaxInstances 30 </code></td> </tr></table><p>Normally, when installing a server, a <b>nobody</b> user would be used by default. Proftpd, however, creates its own user and group to manages the daemon after switched by root during startup. That's ok already but if you have your reason to change the default user and group that manages proftpd, you can change it here: </p> <table><tr><td><code># Set the user and group that the server normally runs at.<br /> User proftpd<br /> Group nogroup<br /></code></td> </tr></table><p>The Umask format is <b>Umask [file permission] [directory permission]</b>. For example, Umask 133 for file permission means 644 equal to rw-r--r-- in normal file permission. While Umask 022 for directory permission means 755 equal to rwxr-xr-x in normal directory permission.</p> <table><tr><td><code># Umask 022 is a good standard umask to prevent new files and dirs<br /> # (second parm) from being group and world writable.<br /> Umask 022 022<br /></code></td> </tr></table><p>Default configuration.</p> <table><tr><td><code># Normally, we want files to be overwriteable.<br /> AllowOverwrite on<br /><br /> # Uncomment this if you are using NIS or LDAP via NSS to retrieve passwords:<br /> # PersistentPasswd off<br /><br /> # This is required to use both PAM-based authentication and local passwords<br /> # AuthOrder *mod_auth_pam.c mod_auth_unix.c<br /><br /> # Be warned: use of this directive impacts CPU average load!<br /> # Uncomment this if you like to see progress and transfer rate with ftpwho<br /> # in downloads. That is not needed for uploads rates.<br /> #<br /> # UseSendFile off<br /><br /> # Choose a SQL backend among MySQL or PostgreSQL.<br /> # Both modules are loaded in default configuration, so you have to<br /> # specify the backend<br /> # or comment out the unused module in /etc/proftpd/modules.conf.<br /> # Use 'mysql' or 'postgres' as possible values.<br /> #<br /> #&lt;IfModule mod_sql.c&gt;<br /> # SQLBackend mysql<br /> #&lt;/IfModule&gt;<br /></code></td> </tr></table><p>Proftpd creates log directory and files in default installation. Here is the location:</p> <table><tr><td><code>TransferLog /var/log/proftpd/xferlog<br /> SystemLog /var/log/proftpd/proftpd.log<br /></code></td> </tr></table><p>Default configuration.</p> <table><tr><td><code>&lt;IfModule mod_quotatab.c&gt;<br /> QuotaEngine off<br /> &lt;/IfModule&gt;<br /><br /> &lt;IfModule mod_ratio.c&gt;<br /> Ratios off<br /> &lt;/IfModule&gt;<br /><br /> # Delay engine reduces impact of the so-called Timing Attack described in<br /> # http://security.lss.hr/index.php?page=details&amp;ID=LSS-2004-10-02<br /> # It is on by default.<br /> &lt;IfModule mod_delay.c&gt;<br /> DelayEngine on<br /> &lt;/IfModule&gt;<br /><br /> &lt;IfModule mod_ctrls.c&gt;<br /> ControlsEngine off<br /> ControlsMaxClients 2<br /> ControlsLog /var/log/proftpd/controls.log<br /> ControlsInterval 5<br /> ControlsSocket /var/run/proftpd/proftpd.sock<br /> &lt;/IfModule&gt;<br /><br /> &lt;IfModule mod_ctrls_admin.c&gt;<br /> AdminControlsEngine off<br /> &lt;/IfModule&gt;<br /><br /> #<br /> # Alternative authentication frameworks<br /> #<br /> #Include /etc/proftpd/ldap.conf<br /> #Include /etc/proftpd/sql.conf<br /><br /> #<br /> # This is used for FTPS connections<br /> #<br /> #Include /etc/proftpd/tls.conf<br /></code></td> </tr></table><p>The section below is the proftpd configuration for anonymous user. We are going to allow anonymous access, so remove # at the beginning of the line to enable anonymous user directive configuration.</p> <table><tr><td><code># A basic anonymous configuration, no upload directories.<br /><span style="color:red;"><br /> # &lt;Anonymous ~ftp&gt;<br /> User ftp<br /> Group nogroup<br /></span><br /> # We want clients to be able to login with "anonymous" as well as "ftp"<br /><span style="color:red;">UserAlias anonymous ftp</span><br /> # Cosmetic changes, all files belongs to ftp user<br /><span style="color:red;"><br /> DirFakeUser on ftp<br /> DirFakeGroup on ftp<br /><br /> RequireValidShell off</span><br /> # Limit the maximum number of anonymous logins<br /><span style="color:red;">MaxClients 10</span><br /><br /> # We want 'welcome.msg' displayed at login, and '.message' displayed<br /> # in each newly chdired directory.<br /><span style="color:red;"><br /> DisplayLogin welcome.msg<br /> DisplayFirstChdir .message<br /></span><br /> # Limit WRITE everywhere in the anonymous chroot<br /><span style="color:red;"><br /> &lt;Directory *&gt;<br /> &lt;Limit WRITE&gt;<br /> DenyAll<br /> &lt;/Limit&gt;<br /> &lt;/Directory&gt;<br /></span><br /> # Uncomment this if you're brave.<br /> # &lt;Directory incoming&gt;<br /> # # Umask 022 is a good standard umask to prevent new files and dirs<br /> # # (second parm) from being group and world writable.<br /> # Umask 022 022<br /> # &lt;Limit READ WRITE&gt;<br /> # DenyAll<br /> # &lt;/Limit&gt;<br /> # &lt;Limit STOR&gt;<br /> # AllowAll<br /> # &lt;/Limit&gt;<br /> # &lt;/Directory&gt;<br /><br /> &lt;/Anonymous&gt;<br /> (END) </code></td> </tr></table><p>Save changes you made in proftpd and exit.</p> <h2><a name="restart-proftpd" id="restart-proftpd">Restart proftpd service</a></h2> <p>We need to restart the proftpd service to allow all changes we made to the configuration file to take effect. Restart proftpd service with this command: </p> <p><span style="color:red;">sudo /etc/init.d/proftpd restart</span></p> <p>Unfortunately proftpd cannot start and I got this error:</p> <table><tr><td><code>luzar@ubuntu:/home/ftp$ <span style="color:red;">sudo /etc/init.d/proftpd restart</span><br /> * Stopping ftp server proftpd [ OK ]<br /> * Starting ftp server proftpd<br /><span style="color:red;">- warning: the DisplayFirstChdir directive is deprecated and will be<br /> removed in a future release. Please use the DisplayChdir directive.<br /> - Fatal: &lt;Directory&gt;: relative path not allowed in non-&lt;Anonymous&gt;<br /> sections on line 161 of '/etc/proftpd/proftpd.conf'</span><br /><span style="color:red;">[fail]</span> </code></td> </tr></table><h2><a name="troubleshoot-proftpd" id="troubleshoot-proftpd">Troubleshooting tips for proftpd error</a></h2> <p>Proftpd works fine with default setting. If you got error after editing the proftpd.conf file, that means you leave a mistake in the configuration file. For example, I got the error above because I forgot to remove a comment (#) for anonymous configuration. So, open proftpd.conf again and fix the error: </p> <p><span style="color:red;">sudo vim +161 /etc/proftpd/proftpd.conf</span></p> <p>Remove # at the beginning of &lt;Anonymous ~ftp&gt; and change DisplayFirstChdir directive to DisplayChdir directive.</p> <table><tr><td><code><span style="color:red;">&lt;Anonymous ~ftp&gt;</span><br /> User ftp<br /> Group nogroup<br /> # We want clients to be able to login with "anonymous" as well as "ftp"<br /> UserAlias anonymous ftp<br /> # Cosmetic changes, all files belongs to ftp user<br /> DirFakeUser on ftp<br /> DirFakeGroup on ftp<br /><br /> RequireValidShell off<br /> # Limit the maximum number of anonymous logins<br /> MaxClients 10<br /><br /> # We want 'welcome.msg' displayed at login, and '.message' displayed<br /> # in each newly chdired directory.<br /> DisplayLogin welcome.msg<br /><span style="color:red;">DisplayChdir</span> .message<br /><br /> # Limit WRITE everywhere in the anonymous chroot<br /> &lt;Directory *&gt;<br /> &lt;Limit WRITE&gt;<br /> DenyAll<br /> &lt;/Limit&gt;<br /> &lt;/Directory&gt; </code></td> </tr></table><p>Restart proftpd daemon again:</p> <table><tr><td><code>luzar@ubuntu:/home/ftp$ <span style="color:red;">sudo /etc/init.d/proftpd restart</span><br /> * Stopping ftp server proftpd [ OK ]<br /> * Starting ftp server proftpd [ OK ]<br /> luzar@ubuntu:/home/ftp$<br /></code></td> </tr></table><p>Test login to proftpd FTP server with Ubuntu user and anonymous user:</p> <table><tr><td><code>luzar@hitam:~$ <span style="color:red;">ftp 172.16.153.129</span><br /> Connected to 172.16.153.129.<br /> 220 ProFTPD 1.3.1 Server (Ubuntu) [::ffff:172.16.153.129]<br /> Name (172.16.153.129:luzar):<br /> 331 Password required for luzar<br /> Password:<br /> 230 User luzar logged in<br /> Remote system type is UNIX.<br /> Using binary mode to transfer files.<br /> ftp&gt; <span style="color:red;">ls</span><br /> 200 PORT command successful<br /> 150 Opening ASCII mode data connection for file list<br /> -rw-r--r-- 1 luzar luzar 3903990 Jan 26 16:19 UserManual.pdf<br /> -rw-r--r-- 1 luzar luzar 376028 Feb 3 19:23 netfilter.pdf<br /> 226 Transfer complete </code></td> </tr></table><p>Let's try moving to two upper directory:</p> <table><tr><td><code>ftp&gt; <span style="color:red;">cd ../..</span><br /> 250 CWD command successful<br /> ftp&gt; ls<br /> 200 PORT command successful<br /> 150 Opening ASCII mode data connection for file list<br /> -rw-r--r-- 1 luzar luzar 3903990 Jan 26 16:19 UserManual.pdf<br /> -rw-r--r-- 1 luzar luzar 376028 Feb 3 19:23 netfilter.pdf<br /> 226 Transfer complete<br /> ftp&gt; <span style="color:red;">bye</span><br /> 221 Goodbye. </code></td> </tr></table><p>We can't move to the upper directory because chroot jail has been enabled. Let's try login to the ftp server as anonymous user:</p> <table><tr><td><code>luzar@hitam:~$ <span style="color:red;">ftp 172.16.153.129</span><br /> Connected to 172.16.153.129.<br /> 220 ProFTPD 1.3.1 Server (Ubuntu) [::ffff:172.16.153.129]<br /> Name (172.16.153.129:luzar): <span style="color:red;">anonymous</span><br /> 331 Anonymous login ok, send your complete email address as your password<br /> Password:<br /> 230-Welcome, archive user anonymous@::ffff:172.16.153.1 !<br /> 230-<br /> 230-The local time is: Sun Feb 15 10:17:03 2009<br /> 230-<br /> 230-This is an additional FTP server. You only have permission<br /> 230-to download files. If you have any unusual problems,<br /> 230-please report them via e-mail to <root>.<br /> 230-<br /> 230 Anonymous access granted, restrictions apply<br /> Remote system type is UNIX.<br /> Using binary mode to transfer files.<br /> ftp&gt; <span style="color:red;">ls</span><br /> 200 PORT command successful<br /> 150 Opening ASCII mode data connection for file list<br /> -rw-r--r-- 1 ftp ftp 170 Aug 16 2008 welcome.msg<br /> 226 Transfer complete </root></code></td> </tr></table><p>Let's try moving to two upper directory:</p> <table><tr><td><code>ftp&gt; <span style="color:red;">cd ../..</span><br /> 250 CWD command successful<br /> ftp&gt; ls<br /> 200 PORT command successful<br /> 150 Opening ASCII mode data connection for file list<br /> -rw-r--r-- 1 ftp ftp 170 Aug 16 2008 welcome.msg<br /> 226 Transfer complete<br /> ftp&gt; </code></td> </tr></table><p>Great, anonymous user also cannot move to the upper directory. So that probably covers some basic security in proftpd configuration for local used. This configuration however is not recommended for external used because of the security reason.</p> <p>Other options to make proftpd more secure is to block system users login to the ftp server. Proftpd includes many authentication modules such as ldap, sql and AuthUserFile which is a virtual user account. If you haven't had ldap setup, then setup AuthUserFile is a good choice. It is easy and we can do this straight away.</p> <h2><a name="authuserfile-proftpd" id="authuserfile-proftpd">Setup AuthUserFile for proftpd authentication</a></h2> <p>AuthUserFile uses a virtual user account to authenticate login into the proftpd ftp server. To create virtual user account, we can use <b>ftpasswd</b> tool, which is a perl script included with proftpd package. Ftpasswd installed by default during proftpd installation. So we can use it right away.</p> <p>If we invoke <b>man ftpasswd</b>, we can see that ftpasswd manipulates proftpd authentication files. Ftpasswd creates AuthUserFile and AuthGroupFile, which contains virtual user accounts information to allow them access ftp server. </p> <p>We are going to create AuthUserFile and AuthGroupFile in /etc/proftpd directory. Change directory to /etc/proftpd and run ftpasswd. Below is ftpasswd example used to create a user account. The format is the same as you can see in the ftpasswd manual page:</p> <table><tr><td><code>luzar@ubuntu:/etc/proftpd$ <span style="color:red;">sudo ftpasswd --passwd --name=labu <br />--uid=1010 --home=/home/ftp --shell=/bin/false</span><br /> ftpasswd: --passwd: missing --gid argument: default gid set to uid<br /> ftpasswd: creating passwd entry for user labu<br /><br /> ftpasswd: /bin/false is not among the valid system shells. Use of<br /> ftpasswd: "RequireValidShell off" may be required, and the PAM<br /> ftpasswd: module configuration may need to be adjusted.<br /><br /> Password:<span style="color:red;">Enter password</span><br /> Re-type password:<span style="color:red;">Re-enter password</span><br /><br /> ftpasswd: entry created </code></td> </tr></table><p>We've got two warning there, the first paragraph is gid and the second paragraph concerns proftpd.conf file. Let's fix the first warning first and the proftpd warning later. So this time we create a second user with gid included:</p> <table><tr><td><code>luzar@ubuntu:/etc/proftpd$ <span style="color:red;">sudo ftpasswd --passwd --name=aura --uid=1011 <br />--gid=1010 --home=/home/ftp --shell=/bin/false</span><br /> ftpasswd: creating passwd entry for user aura<br /><br /> ftpasswd: /bin/false is not among the valid system shells. Use of<br /> ftpasswd: "RequireValidShell off" may be required, and the PAM<br /> ftpasswd: module configuration may need to be adjusted.<br /><br /> Password:<span style="color:red;">Enter password</span><br /> Re-type password:<span style="color:red;">Re-enter password</span><br /><br /> ftpasswd: entry created </code></td> </tr></table><p>The <b>ftpasswd --passwd</b> option creates username entry in <b>ftpd.passwd</b> file. The ftpd.passwd format is the same as /etc/passwd system file. Here is the format:</p> <p><span style="color:red;">username:password:uid:gid:gecos:homedir:shell</span></p> <table><tr><td><code>luzar@ubuntu:/etc/proftpd$ <span style="color:red;">cat ftpd.passwd</span><br /> labu:$1$PtmsJf5A$R2vNdkSrVl9de.:1010:1010::/home/ftp:/bin/false<br /> aura:$1$svlH3xco$tLhC/J97iBB2h:1011:1010::/home/aura:/bin/false </code></td> </tr></table><p>This is how to create AuthGroupFile:</p> <table><tr><td><code>luzar@ubuntu:/etc/proftpd$ <span style="color:red;">sudo ftpasswd --group --name=ftpd <br />--gid=1010 --member=labu --member=aura</span><br /> ftpasswd: updating group entry for group ftpd<br /> ftpasswd: entry updated </code></td> </tr></table><p>The <b>ftpasswd --group</b> option creates a group entry in <b>ftpd.group</b> file. The format is the same as /etc/group file.</p> <table><tr><td><code>luzar@ubuntu:/etc/proftpd$ <span style="color:red;">cat ftpd.group</span><br /> ftpd:x:1010:labu,aura </code></td> </tr></table><p>Now we need to add AuthUserFile in /etc/proftpd/proftpd.conf file. Use text editor and open the file:</p> <table><tr><td><code>luzar@ubuntu:/etc/proftpd$ <span style="color:red;">sudo vim proftpd.conf</span> </code></td> </tr></table><p>Add these lines:</p> <table><tr><td><code># Authentication using AuthUserFile<br /><span style="color:red;">AuthUserFile /etc/proftpd/ftpd.passwd</span><br /><br /> # AuthOrder to use mod_auth_file.c only, no local user allowed<br /><span style="color:red;">AuthOrder mod_auth_file.c</span> </code></td> </tr></table><p>Save and exit. Restart proftpd daemon:</p> <table><tr><td><code>luzar@ubuntu:/etc/proftpd$ <span style="color:red;">sudo /etc/init.d/proftpd restart</span><br /> * Stopping ftp server proftpd [ OK ]<br /> * Starting ftp server proftpd [ OK ] </code></td> </tr></table><p>Test login to the ftp server with AuthUserFile:</p> <table><tr><td><code>luzar@hitam:~$ <span style="color:red;">ftp 172.16.153.129</span><br /> Connected to 172.16.153.129.<br /> 220 ProFTPD 1.3.1 Server (Ubuntu FTP server) [172.16.153.129]<br /> Name (172.16.153.129:luzar): labu<br /> 331 Password required for labu<br /> Password:<br /> 230-Welcome, archive user labu@172.16.153.1 !<br /> 230-<br /> 230-The local time is: Mon Feb 16 16:06:04 2009<br /> 230-<br /> 230-This is an additional FTP server. You only have permission<br /> 230-to download files. If you have any unusual problems,<br /> 230-please report them via e-mail to <root>.<br /> 230-<br /> 230 User labu logged in<br /> Remote system type is UNIX.<br /> Using binary mode to transfer files.<br /> ftp&gt; bye<br /> 221 Goodbye.<br /> luzar@hitam:~$ </root></code></td> </tr></table><p>Test login to the ftp server with local user account:</p> <table><tr><td><code> luzar@hitam:~$ <span style="color:red;">ftp 172.16.153.129</span><br /> Connected to 172.16.153.129.<br /> 220 ProFTPD 1.3.1 Server (Ubuntu FTP server) [172.16.153.129]<br /> Name (172.16.153.129:luzar):<br /> 331 Password required for luzar<br /> Password:<br /> 530 Login incorrect.<br /> Login failed.<br /> Remote system type is UNIX.<br /> Using binary mode to transfer files.<br /> ftp&gt; </code></td> </tr></table><p>That's all. Good luck configuring your proftp server.</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/15" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux ftp</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div></div></div> Sat, 14 Feb 2009 20:52:58 +0000 jinlusuh 119 at http://basicconfig.com http://basicconfig.com/linuxnetwork/install_configure_proftpd_ubuntu_server#comments Setup Ubuntu squid proxy server - Introduction, installation and basic configuration guide for beginner http://basicconfig.com/linuxnetwork/setup_ubuntu_squid_proxy_server_beginner_guide <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><table><tr><td><code>A girl and a boy bump into each other -- surely a coincidence. A girl and<br /> a boy bump and her handkerchief drops -- surely another coincidence. But<br /> when a girl gives a boy a dead squid, *that had to mean SOMETHING!*<br /></code></td> </tr></table><p>Squid is an open source caching proxy server. As a cache proxy server, squid accepts request data from client and passes it to appropriate Internet server. It keeps a copy of the returned data, especially hot objects cached in RAM. Squid also caches DNS lookups and supports non-blocking DNS lookups. Even when a client terminates a request, squid continues to fetch and complete the requested data. When it receives the same request again from other client, it just passes the stored data in its cache. This is the basic concept of how squid works, speeding up the Internet access and saving bandwidth.</p> <p>Other than http protocol, squid supports FTP, gopher, and HTTP data objects. Squid also supports other caching protocols too, such as:</p> <ul><li>Internet cache protocol (ICP) </li> <li>Cache digests </li> <li>Simple network management protocol (SNMP) </li> <li>Hyper text caching protocol (HTCP) </li> </ul><p>A cache proxy server can greatly improve Internet performance and squid cache proxy server is very fast and well known for high performance caching proxy server in Linux world. A normal firewall proxy does not store copy of returned data like squid does. Squid cache proxy server works great with firewall on the upper level and squid in the lower level protecting local network from each other.</p> <h2>Setup squid cache proxy server in Ubuntu</h2> <p>Before setting up a squid cache proxy server, you should consider several things that will influence the performance of the caching server later. The most important things are server hardware.</p> <h3>Basic hardware requirements</h3> <p>As we already know, squid stores meta data especially hot objects cached in RAM. So having a big RAM will improve squid performance and overall server performances. However, cpu power doesn't really effect squid performance.</p> <p>While keeping all caches in the hard disk, having a fast random-seek-time hard disk would boost squid performances. A high rpm hard disk is good but the price is higher. You would better consider adding extra hard disk with fast random-seek-time because having many hard disk also improve squid performances.</p> <h2>Install squid proxy in Ubuntu</h2> <p>You can check whether squid is already installed by checking squid service with ps command. To simply grab a running squid service with ps command, add | (pipe) and grep option like the example below:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">ps aux | grep squid</span><br /> luzar 5667 0.0 0.1 3236 796 pts/0 S+ 16:45 0:00 grep squid<br /> luzar@ubuntu:~$<br /></code></td> </tr></table><p>So there is no squid process running in our system. Then we can install squid package using apt-get package management system. Example of squid package installation in Ubuntu using apt-get:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo apt-get install squid</span><br /> Reading package lists... Done<br /> Building dependency tree<br /> Reading state information... Done<br /> The following extra packages will be installed:<br /> openssl-blacklist squid-common ssl-cert<br /> Suggested packages:<br /> squidclient squid-cgi logcheck-database resolvconf smbclient winbind<br /> The following NEW packages will be installed:<br /> openssl-blacklist squid squid-common ssl-cert<br /> 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.<br /> Need to get 7542kB of archives.<br /> After this operation, 19.5MB of additional disk space will be used.<br /> Do you want to continue [Y/n]? Y<br /> Get:1 http://us.archive.ubuntu.com intrepid/main openssl-blacklist 0.4.2 [6337kB]<br /> 4% [1 openssl-blacklist 360983/6337kB 5%] 4770B/s 25min5s<br /></code></td> </tr></table><p>As you can see, squid file is quite big. So the downloading and installation is going to take some times. After the installation is finished, you can begin configuring squid as a caching proxy server.</p> <h2>Configure squid caching proxy server in Ubuntu</h2> <p>Squid configuration file is in /etc/squid directory. So change directory to /etc/squid and see what we have there.</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">cd /etc/squid/</span><br /> luzar@ubuntu:/etc/squid$ ls<br /> squid.conf<br /> luzar@ubuntu:/etc/squid$<br /></code></td> </tr></table><p>We just have one file, squid.conf, which is the main configuration file for squid. For a safety reason, we will make a copy of squid.conf as a backup before we start editing the file. Here is a command to copy squid.conf:</p> <table><tr><td><code>luzar@ubuntu:/etc/squid$ <span style="color:red;">sudo cp squid.conf squid.conf.bac</span><br /> luzar@ubuntu:/etc/squid$ ls -l<br /> total 344<br /> -rw------- 1 root root 168394 2008-12-24 16:20 squid.conf<br /> -rw------- 1 root root 168394 2008-12-24 17:07 squid.conf.bac<br /> luzar@ubuntu:/etc/squid$<br /></code></td> </tr></table><p>Here is a step by step guide on how to configure a basic squid caching proxy server. Open squid.conf with your favorite text editor. Here is an example using vim editor :</p> <table><tr><td><code>luzar@ubuntu:/etc/squid$ <span style="color:red;">sudo vim squid.conf</span><br /> [sudo] password for luzar:<br /></code></td> </tr></table><p>This is an example of squid.conf file when you open it with vim editor:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/squid.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/squid.png" alt="squid.conf screenshot" /></a></p> <p>Go to the line <b>http_port</b>. We are going to set http port for the squid caching proxy server. You can set port as in example below:</p> <p><b>Tips:</b><i> If you are using vim, in command mode, type <b>/term</b> to search for the <i>term</i> you are looking for. Pres <b>n</b> to find the next occurrence of the search term. Squid.conf is quite a big file for you to scroll.</i></p> <table><tr><td><code># Squid normally listens to port 3128<br /><span style="color:red;">http_port 3128</span><br /></code></td> </tr></table><p>Next, we are going to set cache directory for our squid caching proxy server. The cache_dir is disabled by default. You can copy that line and add your preferred cache directory size for your caching proxy server. You can set more than one cache directory if you have many partitions and named the cache directory as cache1, cache2, cache3, so forth.</p> <table><tr><td><code>#Default:<br /> # cache_dir ufs /var/spool/squid 100 16 256<br /><span style="color:red;">cache_dir ufs /var/spool/squid/cache1 1000 16 256</span><br /></code></td> </tr></table><p>The value 100 after cache directory is the size value in MB. Set it according to your need. Remember that the cache directory must be empty. In the example above, I set it to 1000MB. The second and third values (16 256) are sub directory first and second tier.</p> <p>We can set administrator email address in cache_mgr so email can automatically sent to us if squid dies.</p> <table><tr><td><code>#Default:<br /> # cache_mgr webmaster<br /><span style="color:red;">cache_mgr webmaster</span><br /></code></td> </tr></table><p>Another important configuration we need to set is squid log. Squid log can be set in <b>access_log</b> parameter. This is the default path and file used:</p> <table><tr><td><code># And priority could be any of:<br /> # err, warning, notice, info, debug.<br /><span style="color:red;">access_log /var/log/squid/access.log squid</span><br /></code></td> </tr></table><p>Squid automatically create a default user <b>proxy</b> and a group <b>proxy</b> during the installation. Enable those names in the <b>cache_effective_user</b> and <b>cache_effective_group</b> in squid.conf file.</p> <table><tr><td><code>#Default:<br /> # cache_effective_user proxy<br /><span style="color:red;">cache_effective_user proxy</span><br /></code></td> </tr></table><table><tr><td><code>#Default:<br /> # none<br /><span style="color:red;">cache_effective_group proxy</span><br /></code></td> </tr></table><p>Enable ftp anonymous user if you need that.</p> <table><tr><td><code>#Default:<br /> # ftp_user Squid@<br /><span style="color:red;">ftp_user Squid@</span><br /></code></td> </tr></table><p>Now we need to set simple access control (acl) to allow ip address in our local network. Search for the <b>acl localnet</b> line and add your local area network ip addresses.</p> <table><tr><td><code># Example rule allowing access from your local networks.<br /> # Adapt to list your (internal) IP networks from where browsing<br /> # should be allowed<br /> # acl localnet src 10.0.0.0/8 # RFC1918 possible internal network<br /> # acl localnet src 172.16.0.0/12 # RFC1918 possible internal network<br /> # acl localnet src 192.168.0.0/16 # RFC1918 possible internal network<br /><span style="color:red;">acl local_itnet src 192.168.0.0/255.255.255.0 # IT network</span><br /><span style="color:red;">acl local_admnet src 192.168.1.0/255.255.255.0 # Admin network</span><br /></code></td> </tr></table><p>Enable http_access from local network:</p> <table><tr><td><code>#Allow HTTP queries from local networks only<br /> http_access allow acl local_itnet<br /> http_access allow acl local_admnet<br /> http_access deny all<br /></code></td> </tr></table><p><b>Tips:</b> <i>Only allow ip address in your network.</i></p> <table><tr><td><code># Example rule allowing access from your local networks.<br /> # Adapt localnet in the ACL section to list your (internal) IP networks<br /> # from where browsing should be allowed<br /><span style="color:red;">acl local_itnet src 192.168.0.0/255.255.255.0 # It network</span>http_access allow localnet<br /><span style="color:red;">acl local_admnet src 192.168.1.0/255.255.255.0 # Admin network</span>http_access allow localnet<br /></code></td> </tr></table><p>Allow icp from local network:</p> <table><tr><td><code>#Allow ICP queries from local networks only<br /> icp_access allow acl local_itnet<br /> icp_access allow acl local_admnet<br /> icp_access deny all<br /></code></td> </tr></table><p>That covers all the basic squid configurations. Now we can restart squid service:</p> <table><tr><td><code>luzar@ubuntu:/etc/squid$ sudo vim squid.conf<br /> luzar@ubuntu:/etc/squid$ sudo /etc/init.d/squid restart<br /> * Restarting Squid HTTP proxy squid [ OK ]<br /> luzar@ubuntu:/etc/squid$<br /></code></td> </tr></table></div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/21" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">proxy server</a></div></div></div> Wed, 24 Dec 2008 11:56:37 +0000 jinlusuh 127 at http://basicconfig.com http://basicconfig.com/linuxnetwork/setup_ubuntu_squid_proxy_server_beginner_guide#comments Linux network - Install ssh in Ubuntu server screenshots http://basicconfig.com/linuxnetwork/install_ssh_ubuntu <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>ssh is a remote protocol used in Linux and Unix system. ssh stands for secure shell, which means it provides an encrypted data transfer between a client and server. This is an improvement to the old remote protocol such as rlogin, telnet and ftp. In Ubuntu, ssh package can be found in three initial packages, which are:</p> <ul><li>openssh-server - contains ssh, scp and sftp server.</li> <li>openssh-client contains ssh, scp and sftp clients.</li> <li>metapackage - a portable ssh server and ssh client package. </li> </ul><p>This is a guide on how to install ssh package in Ubuntu server 8.10 for beginner. First, you have to check whether ssh package has been installed in your Ubuntu server system. We can use <b>dpkg</b> command to list installation package like the screenshot below:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/01_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/01_ssh.png" alt="Check ssh with dpkg screenshot image" /></a></p> <p>We are going to install ssh package in Ubuntu server through the Internet using apt package management system. So you need to check whether apt package has been install in your ubuntu server or not:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/02_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/02_ssh.png" alt="Check apt package screenshot image" /></a></p> <p>Install ssh package with apt-get command syntax(format) is <b>sudo apt-get install ssh</b>. When apt-get have the package and ready to install, it will prompt us for confirmation. Answer yes to continue, or no if you prefer other ssh package. Here is the screenshot: </p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/03_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/03_ssh.png" alt="Install ssh with apt-get command screenshot image" /></a></p> <p>The ssh package installation is in progress:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/04_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/04_ssh.png" alt="ssh installation in progress screenshot image" /></a></p> <p>The ssh package installation is finish: </p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/05_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/05_ssh.png" alt="ssh installation finished screenshot image" /></a></p> <p>We can check ssh package installation once again with dpkg command to verify: </p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/06_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/06_ssh.png" alt="Verify ssh package installation screenshot image" /></a></p> <p>Check whether ssh daemon (service) is running with ps command like the screenshot example below. If there is no ssh daemon running, you can start ssh with <b>sudo /etc/init.d/ssh start</b> command.</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/07_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/07_ssh.png" alt="Check ssh daemon with ps command screenshot image" /></a></p> <p>When ssh daemon is running, you can try ssh to your Ubuntu server from client. Below are screenshot examples of accessing ssh server.</p> <p>Accessing Ubuntu server using ssh from Slackware Linux command line terminal:</p> <table><tr><td><code>luzar@slackware:~$ <span style="color:red;">ssh -l 192.168.0.47</span><br /> usage: ssh [-1246AaCfgKkMNnqsTtVvXxY] [-b bind_address] [-c cipher_spec]<br /> [-D [bind_address:]port] [-e escape_char] [-F configfile]<br /> [-i identity_file] [-L [bind_address:]port:host:hostport]<br /> [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]<br /> [-R [bind_address:]port:host:hostport] [-S ctl_path]<br /> [-w local_tun[:remote_tun]] [user@]hostname [command]<br /> luzar@slackware:~$ <span style="color:red;">ssh -l luzar 192.168.0.47</span><br /> luzar@192.168.0.47's password:<br /> Linux ubuntu 2.6.27-14-server #1 SMP Wed Apr 15 19:44:38 UTC 2009 i686<br /><br /> The programs included with the Ubuntu system are free software;<br /> the exact distribution terms for each program are described in the<br /> individual files in /usr/share/doc/*/Copyright.<br /><br /> Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by<br /> applicable law.<br /><br /> To access official Ubuntu documentation, please visit:<br /> http://help.ubuntu.com/<br /> Last login: Wed Jun 24 04:49:59 2009 from 192.168.0.133<br /> luzar@ubuntu:~$<br /></code></td> </tr></table><p>The first ssh command in the example above shows ssh usage help message. This happens if we enter the wrong ssh syntax. When we get the command right such as in the second ssh command example, we'll be prompted for the user account password. Enter correct user account password and we'll gain access into the Ubuntu server.</p> <p>We can also access Ubuntu server from Windows operating system using ssh by the help of a program called <em>Putty</em>. You'll find this kind of warning when you first connecting into ssh server. </p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/08_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/08_ssh.png" alt="Test ssh to the server screenshot image" /></a></p> <p>This is an example screenshot of successful login into your ssh server: </p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/09_ssh.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/09_ssh.png" alt="Successful ssh screenshot image" /></a></p> <p>That's all. Remember that ssh is a better choice if you are going to connect remotely to your server. Use it wisely. Good luck.</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/17" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux ssh</a></div></div></div> Fri, 19 Dec 2008 15:04:43 +0000 jinlusuh 116 at http://basicconfig.com http://basicconfig.com/linuxnetwork/install_ssh_ubuntu#comments Linux web server setup - Install and configure Apache2 in Ubuntu http://basicconfig.com/linuxnetwork/ubuntu_web_server_setup <!-- google_ad_section_start --><div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p>Apache server is an open source web server or HTTP server widely used not only in Linux and Unix-based operating system but nowadays in Windows as well. Apache is known for it's stability and highly configurable with support of many add on modules for customization. In Linux, Apache, PHP and MySql work greats together and always be a perfect web server solution for many organizations around the world.</p> <h2>Ubuntu web server installation</h2> <p>We must first check apache2 package in Ubuntu to make sure it's already installed using <b>dpkg</b> and <b>ps</b> command. Here are dpkg and ps command usage examples:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo dpkg -l | grep apache</span><br /> [sudo] password for luzar:<br /> ii apache2 2.2.8-1ubuntu0.3 Next generation, scalable, extendable web server<br /> ii apache2-mpm-prefork 2.2.8-1ubuntu0.3 Traditional model for Apache HTTPD<br /> ii apache2-utils 2.2.8-1ubuntu0.3 utility programs for webservers<br /> ii apache2.2-common 2.2.8-1ubuntu0.3 Next generation, scalable,<br /> extendable web server<br /> ii libapache2-mod-php5 5.2.4-2ubuntu5.4 server-side, HTML-embedded<br /> scripting language<br /> luzar@ubuntu:~$<br /></code></td> </tr></table><p>In the example above, we use <b>| (pipe) grep</b> with dpkg command to grab all apache package in our system. If we just use <b>dpkg -l apache</b>, dpkg won't find apache unless we specified the exact name, which is apache2.</p> <p>This is an example of how to use ps command to check apache running service:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">ps aux | grep apache</span><br /> root 4594 0.0 1.3 20460 6748 ? Ss Dec10 0:01 /usr/sbin/apache2 -k start<br /> www-data 5247 0.0 0.6 20460 3376 ? S Dec10 0:00 /usr/sbin/apache2 -k start<br /> www-data 5248 0.0 0.6 20460 3376 ? S Dec10 0:00 /usr/sbin/apache2 -k start<br /> www-data 5249 0.0 0.6 20460 3376 ? S Dec10 0:00 /usr/sbin/apache2 -k start<br /> www-data 5253 0.0 0.6 20460 3376 ? S Dec10 0:00 /usr/sbin/apache2 -k start<br /> www-data 5255 0.0 0.6 20460 3376 ? S Dec10 0:00 /usr/sbin/apache2 -k start<br /> luzar 8725 0.0 0.1 3004 752 pts/0 R+ 02:32 0:00 grep apache<br /> luzar@ubuntu:~$<br /></code></td> </tr></table><p>If you don't have results like the example above, that means apache has not been installed in your system. You can install apache using apt-get command like an example below:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo apt-get install apache2</span><br /> Reading package lists... Done<br /> Building dependency tree<br /> Reading state information... Done<br /> ...<br /> ...<br /></code></td> </tr></table><h2>Apache2 start, stop and restart service</h2> <p>Now that apache2 already installed in your system, it's time to start the service. Here is the command to start apache2 service:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo /etc/init.d/apache2 start</span><br /> [sudo] password for luzar:<br /> * Starting web server apache2 [ OK ]<br /></code></td> </tr></table><p>Here is a command to stop apache2 service:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo /etc/init.d/apache2 stop</span><br /> [sudo] password for luzar:<br /> * Stopping web server apache2 [ OK ]<br /></code></td> </tr></table><p>Here is a command to restart apache2 service:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo /etc/init.d/apache2 restart</span><br /> * Restarting web server apache2 [ OK ]<br /></code></td> </tr></table><p>Starting and stopping apache2 service is important when you are testing apache2 configuration and troubleshooting. All changes you made to the configuration file only be affected once you restart apache2 service.</p> <p>At this point, you probably don't have any problem starting apache2 service. The apache2 still using default configuration. You can test your new web server using lynx web browser to open localhost default website in Ubuntu command line terminal. If you don't have lynx in your system, check <a href="/linuxnetwork/lynx_browser_ubuntu">lynx tutorial</a> for installation and usage guide. Here is an example of a default apache2 website opened using lynx web browser:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">lynx localhost</span><br /></code></td> </tr></table><p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/localhost.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/localhost.png" alt="Example of testing apache2 web server using lynx screenshot" /></a></p> <h2>Ubuntu apache2 configuration</h2> <p>All Apache2 configuration files are located in /etc/apache2 in Ubuntu. Other than apache2 main configuration file, apache2.conf, there are many other files and directory included in the package. In the past, httpd.conf is the apache main configuration file. Don't get confused. Ubuntu has made apache2 configuration easier though you might see it complicated. Here are the complete list of files and directories in apache2 directory:</p> <table><tr><td><code>luzar@ubuntu:/etc/apache2$ <span style="color:red;">ls -l</span><br /> total 40<br /> -rw-r--r-- 1 root root 10587 2008-06-25 09:49 apache2.conf<br /> drwxr-xr-x 2 root root 4096 2008-10-19 15:17 conf.d<br /> -rw-r--r-- 1 root root 378 2008-06-25 09:49 envvars<br /> -rw-r--r-- 1 root root 0 2008-10-19 15:17 httpd.conf<br /> drwxr-xr-x 2 root root 4096 2008-12-11 20:46 mods-available<br /> drwxr-xr-x 2 root root 4096 2008-10-19 15:17 mods-enabled<br /> -rw-r--r-- 1 root root 59 2008-06-25 09:49 ports.conf<br /> drwxr-xr-x 2 root root 4096 2008-10-19 15:17 sites-available<br /> drwxr-xr-x 2 root root 4096 2008-10-19 15:17 sites-enabled<br /> luzar@ubuntu:/etc/apache2$<br /></code></td> </tr></table><p>Here are default configuration and brief explanation of files and directories above:</p> <h3>/etc/apache2/apache2.conf </h3> <p>Apache2 main configuration file.</p> <table><tr><td><code><br /> ### Section 1: Global Environment<br /> #<br /> # The directives in this section affect the overall operation of Apache,<br /> # such as the number of concurrent requests it can handle or where it<br /> # can find its configuration files.<br /> #<br /><br /> #<br /> # ServerRoot: The top of the directory tree under which the server's<br /> # configuration, error, and log files are kept.<br /> #<br /> # NOTE! If you intend to place this on an NFS (or otherwise network)<br /> # mounted filesystem then please read the LockFile documentation (available<br /> # at &lt;URL:http://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile&gt;);<br /> # you will save yourself a lot of trouble.<br /> #<br /> # Do NOT add a slash at the end of the directory path.<br /> #<br /> ServerRoot "/etc/apache2"<br /><br /> #<br /> # The accept serialization lock file MUST BE STORED ON A LOCAL DISK.<br /> #<br /> ...<br /> ...<br /></code></td> </tr></table><h3>/etc/apache2/httpd.conf</h3> <p>Add additional configuration parameters. By default, this file is empty.</p> <h3>/etc/apache2/envvars </h3> <p>Environment variables to tune the operation of Apache server.</p> <table><tr><td><code># envvars - default environment variables for apache2ctl<br /><br /> # Since there is no sane way to get the parsed apache2 config in scripts, some<br /> # settings are defined via environment variables and then used in apache2ctl,<br /> # /etc/init.d/apache2, /etc/logrotate.d/apache2, etc.<br /> export APACHE_RUN_USER=www-data<br /> export APACHE_RUN_GROUP=www-data<br /> export APACHE_PID_FILE=/var/run/apache2.pid<br /></code></td> </tr></table><h3>/etc/apache2/ports.conf </h3> <p>Port numbers that the Apache server will listen on.</p> <table><tr><td><code>Listen 80<br /><br /> &lt;IfModule mod_ssl.c&gt;<br /> Listen 443<br /> &lt;/IfModule&gt;<br /></code></td> </tr></table><h3>/etc/apache2/conf.d/ </h3> <p>Put additional Apache configuration files in this directory. By default this directory only contains an example additional apache configuration file named charset . Here is charset default configuration.</p> <table><tr><td><code># Read the documentation before enabling AddDefaultCharset.<br /> # In general, it is only a good idea if you know that all your files<br /> # have this encoding. It will override any encoding given in the files<br /> # in meta http-equiv or xml encoding tags.<br /><br /> #AddDefaultCharset UTF-8<br /></code></td> </tr></table><h3>/etc/apache2/mods-available/</h3> <p>Contains all the modules installed for your server. This is the default modules came with Ubuntu 8.04 server. For additional modules, visit <a href="http://modules.apache.org"> apache modules</a> page in apache official website. Here are example of modules in /mod-available directory:</p> <table><tr><td><code>luzar@ubuntu:/etc/apache2$ <span style="color:red;">ls mods-available/</span><br /> actions.conf authz_owner.load dir.load mem_cache.load setenvif.load<br /> actions.load authz_user.load disk_cache.conf mime.conf speling.load<br /> alias.conf autoindex.conf disk_cache.load mime.load ssl.conf<br /> alias.load autoindex.load dump_io.load mime_magic.conf ssl.load<br /> asis.load cache.load env.load mime_magic.load status.conf<br /> auth_basic.load cern_meta.load expires.load negotiation.conf status.load<br /> auth_digest.load cgid.conf ext_filter.load negotiation.load substitute.load<br /> authn_alias.load cgid.load file_cache.load php5.conf suexec.load<br /> authn_anon.load cgi.load filter.load php5.load unique_id.load<br /> authn_dbd.load charset_lite.load headers.load proxy_ajp.load userdir.conf<br /> authn_dbm.load dav_fs.conf ident.load proxy_balancer.load userdir.load<br /> authn_default.load dav_fs.load imagemap.load proxy.conf usertrack.load<br /> authn_file.load dav.load include.load proxy_connect.load version.load<br /> authnz_ldap.load dav_lock.load info.conf proxy_ftp.load vhost_alias.load<br /> authz_dbm.load dbd.load info.load proxy_http.load<br /> authz_default.load deflate.conf ldap.load proxy.load<br /> authz_groupfile.load deflate.load log_forensic.load rewrite.load<br /> authz_host.load dir.conf mem_cache.conf setenvif.conf<br /></code></td> </tr></table><h3>/etc/apache2/mods-enabled/ </h3> <p>As you can see from mod-available above, there are 86 modules available by default. They are not enabled yet. Create a symbolic link in this directory that refers to the module file in /mods-available above to enable it. Below are the default enabled modules:</p> <table><tr><td><code>luzar@ubuntu:/etc/apache2$ <span style="color:red;">ls -l mods-enabled/</span><br /> total 0<br /> lrwxrwxrwx 1 root root 28 2008-10-19 15:17 alias.conf -&gt; ../mods-available/alias.conf<br /> lrwxrwxrwx 1 root root 28 2008-10-19 15:17 alias.load -&gt; ../mods-available/alias.load<br /> lrwxrwxrwx 1 root root 33 2008-10-19 15:17 auth_basic.load -&gt; ../mods-available/auth_basic.load<br /> lrwxrwxrwx 1 root root 33 2008-10-19 15:17 authn_file.load -&gt; ../mods-available/authn_file.load<br /> lrwxrwxrwx 1 root root 36 2008-10-19 15:17 authz_default.load -&gt; ../mods-available/authz_default.load<br /> lrwxrwxrwx 1 root root 38 2008-10-19 15:17 authz_groupfile.load -&gt; ../mods-available/authz_groupfile.load<br /> lrwxrwxrwx 1 root root 33 2008-10-19 15:17 authz_host.load -&gt; ../mods-available/authz_host.load<br /> lrwxrwxrwx 1 root root 33 2008-10-19 15:17 authz_user.load -&gt; ../mods-available/authz_user.load<br /> lrwxrwxrwx 1 root root 32 2008-10-19 15:17 autoindex.conf -&gt; ../mods-available/autoindex.conf<br /> lrwxrwxrwx 1 root root 32 2008-10-19 15:17 autoindex.load -&gt; ../mods-available/autoindex.load<br /> lrwxrwxrwx 1 root root 26 2008-10-19 15:17 cgi.load -&gt; ../mods-available/cgi.load<br /> lrwxrwxrwx 1 root root 26 2008-10-19 15:17 dir.conf -&gt; ../mods-available/dir.conf<br /> lrwxrwxrwx 1 root root 26 2008-10-19 15:17 dir.load -&gt; ../mods-available/dir.load<br /> lrwxrwxrwx 1 root root 26 2008-10-19 15:17 env.load -&gt; ../mods-available/env.load<br /> lrwxrwxrwx 1 root root 27 2008-10-19 15:17 mime.conf -&gt; ../mods-available/mime.conf<br /> lrwxrwxrwx 1 root root 27 2008-10-19 15:17 mime.load -&gt; ../mods-available/mime.load<br /> lrwxrwxrwx 1 root root 34 2008-10-19 15:17 negotiation.conf -&gt; ../mods-available/negotiation.conf<br /> lrwxrwxrwx 1 root root 34 2008-10-19 15:17 negotiation.load -&gt; ../mods-available/negotiation.load<br /> lrwxrwxrwx 1 root root 27 2008-10-19 15:17 php5.conf -&gt; ../mods-available/php5.conf<br /> lrwxrwxrwx 1 root root 27 2008-10-19 15:17 php5.load -&gt; ../mods-available/php5.load<br /> lrwxrwxrwx 1 root root 31 2008-10-19 15:17 setenvif.conf -&gt; ../mods-available/setenvif.conf<br /> lrwxrwxrwx 1 root root 31 2008-10-19 15:17 setenvif.load -&gt; ../mods-available/setenvif.load<br /> lrwxrwxrwx 1 root root 29 2008-10-19 15:17 status.conf -&gt; ../mods-available/status.conf<br /> lrwxrwxrwx 1 root root 29 2008-10-19 15:17 status.load -&gt; ../mods-available/status.load<br /></code></td> </tr></table><p>Here is an example to enable another module:</p> <table><tr><td><code>luzar@ubuntu:/etc/apache2$ <span style="color:red;">cd mods-enabled/</span><br /> luzar@ubuntu:/etc/apache2/mods-enabled$ <span style="color:red;">ln -s ../mods-available/rewrite.load <br />rewrite.load</span><br /> [sudo] password for luzar:<br /> luzar@ubuntu:/etc/apache2/mods-enabled$ <span style="color:red;">ls -l |grep rewrite.load</span><br /><span style="color:green;">lrwxrwxrwx 1 root root 30 2008-12-12 03:37 rewrite.load -&gt; <br />../mods-available/rewrite.load</span><br /></code></td> </tr></table><p>To disable a module, just delete the symbolic link.</p> <h4>/etc/apache2/sites-available/ </h4> <p>Stores all the configuration files for the web sites serviced by Apache server. By default, only one file available, a default virtual host configuration file:</p> <table><tr><td><code>NameVirtualHost *<br /> &lt;VirtualHost * &gt;<br /> ServerAdmin webmaster@localhost<br /><br /> DocumentRoot /var/www/<br /> &lt;Directory /&gt;<br /> Options FollowSymLinks<br /> AllowOverride None<br /> &lt;/Directory&gt;<br /> &lt;Directory /var/www/&gt;<br /> Options Indexes FollowSymLinks MultiViews<br /> AllowOverride None<br /> Order allow,deny<br /> allow from all<br /> &lt;/Directory&gt;<br /><br /> ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/<br /> &lt;Directory "/usr/lib/cgi-bin"&gt;<br /> AllowOverride None<br /> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch<br /> Order allow,deny<br /> Allow from all<br /> &lt;/Directory&gt;<br /><br /> ErrorLog /var/log/apache2/error.log<br /><br /> # Possible values include: debug, info, notice, warn, error, crit,<br /> # alert, emerg.<br /> LogLevel warn<br /><br /> CustomLog /var/log/apache2/access.log combined<br /> ServerSignature On<br /><br /> Alias /doc/ "/usr/share/doc/"<br /> &lt;Directory "/usr/share/doc/"&gt;<br /> Options Indexes MultiViews FollowSymLinks<br /> AllowOverride None<br /> Order deny,allow<br /> Deny from all<br /> Allow from 127.0.0.0/255.0.0.0 ::1/128<br /> &lt;/Directory&gt;<br /><br /> &lt;/VirtualHost&gt;<br /></code></td> </tr></table><h3>/etc/apache2/sites-enabled/</h3> <p>Create a symbolic link to enable sites in /etc/apache2/sites-available.</p> <p>As you can see from the testing web server example previously, the default apache2 configuration is already working. Perhaps you want to change document root directory from /var/www to /srv/www because you want to keep certain server in a dedicated directory. Perhaps also because you want to avoid future problems where logs files taking all the available space. You can change the document root directory by editing /sites-available/default file configuration like an example below: </p> <p>First you make a backup of the original file:</p> <table><tr><td><code>luzar@ubuntu:/etc/apache2/sites-available$ <span style="color:red;">sudo cp default default.ori</span><br /> [sudo] password for luzar:<br /> luzar@ubuntu:/etc/apache2/sites-available$ <span style="color:red;">ls</span><br /> default default.ori<br /></code></td> </tr></table><p>Open /sites-available/default file with text editor and change document root directory like the example below:</p> <table><tr><td><code>luzar@ubuntu:/etc/apache2/sites-available$ <span style="color:red;">sudo vim default</span><br /> NameVirtualHost *<br /> &lt;VirtualHost *&gt;<br /> ServerAdmin webmaster@localhost<br /><br /> DocumentRoot /srv/www/<br /> &lt;Directory /&gt;<br /> Options FollowSymLinks<br /> AllowOverride None<br /> &lt;/Directory&gt;<br /> &lt;Directory /srv/www/&gt;<br /> Options Indexes FollowSymLinks MultiViews<br /> AllowOverride None<br /> Order allow,deny<br /> allow from all<br /> &lt;/Directory&gt;<br /> ...<br /> ...<br /></code></td> </tr></table><p>Then, copy the /var/www directory to /srv/ directory:</p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo cp -r /var/www /srv/www</span><br /></code></td> </tr></table><p>Create a new html file to test new document root directory. For example, I created a file named test.html in /srv/www directory. Here is the content:</p> <table><tr><td><code><br /> &lt;html&gt;<br /> &lt;head&gt;<br /> &lt;title&gt;My testing website&lt;/title&gt;<br /> &lt;/head&gt;<br /><br /> &lt;body&gt;<br /> &lt;h1&gt;This is a testing website&lt;/h1&gt;<br /> &lt;p&gt;It works alright!&lt;/p&gt;<br /> &lt;/body&gt;<br /> &lt;/html&gt;<br /></code></td> </tr></table><p>Now we can restart apache2 service again before we test the new configuration. Here is the command: </p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">sudo /etc/init.d/apache2 restart</span><br /></code></td> </tr></table><p>Finally we can test our new configuration. Here is the command: </p> <table><tr><td><code>luzar@ubuntu:~$ <span style="color:red;">lynx localhost/test.html</span><br /></code></td> </tr></table><p>Here is the result:</p> <p><a href="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/test.png" title="Image" target="_blank"><img src="http://www.basicconfig.com/files/imagepicker/j/jinlusuh/thumbs/test.png" alt="New document root testing website screenshot" /></a></p> <p>So our apache2 web server works fine. We can now put our website in /srv/www directory.</p> </div></div></div><!-- google_ad_section_end --><div class="field field-name-field-tags field-type-taxonomy-term-reference field-label-above"><div class="field-label">Tags:&nbsp;</div><div class="field-items"><div class="field-item even" rel="dc:subject"><a href="/taxonomy/term/16" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">linux server</a></div><div class="field-item odd" rel="dc:subject"><a href="/taxonomy/term/8" typeof="skos:Concept" property="rdfs:label skos:prefLabel" datatype="">web server</a></div></div></div> Thu, 11 Dec 2008 04:17:31 +0000 jinlusuh 125 at http://basicconfig.com http://basicconfig.com/linuxnetwork/ubuntu_web_server_setup#comments