Hi dear :)
Wednesday, 30 January 2013
Tuesday, 29 January 2013
Reset kloxo password
1.Kloxo admin password login:
2.Reset Kloxo mysql password: --> Error "Could not open database connection." when access to Kloxo
or, enough:
3. Reset Horde password: --> Error "Could not open database connection."
Open file:
then find lines something like:
then run:
Or enough:
4. Reset Roundcube password: --> Error "Could not open database connection."
Open file:
then find line something like:
then run:
Note: Roundcube password always set as 'pass' (without quote).
#sh /script/resetpassword master {newpassword}
2.Reset Kloxo mysql password: --> Error "Could not open database connection." when access to Kloxo
#sh /script/fix-program-mysql {mysqlrootpassword}
or, enough:
#sh /script/fix-program-mysql
3. Reset Horde password: --> Error "Could not open database connection."
Open file:
#cat /home/kloxo/httpd/webmail/horde/config/conf.php
then find lines something like:
$conf['sql']['username'] = 'horde_groupware'; $conf['sql']['password'] = 'aVBq4yOrS';
then run:
service mysqld stop
mysqld_safe --skip-grant-tables &
mysql -u root
mysql>
mysql> use mysql;
mysql> UPDATE user SET Password = PASSWORD ('aVBq4yOrS') WHERE User='horde_groupware';
mysql> FLUSH PRIVILEGES;
mysql> quit;
service mysqld start
Or enough:
#sh /script/fixhorde
4. Reset Roundcube password: --> Error "Could not open database connection."
Open file:
#cat /home/kloxo/httpd/webmail/roundcube/config/db.inc.php
then find line something like:
$rcmail_config['db_dsnw'] = 'mysql://roundcube:pass@localhost/roundcubemail';
then run:
#service mysqld stop
#mysqld_safe --skip-grant-tables &
#mysql -u root
mysql>
mysql> use mysql;
mysql> UPDATE user SET Password = PASSWORD ('pass') WHERE User='roundcube';
mysql> FLUSH PRIVILEGES;
mysql> quit;
#service mysqld start
Note: Roundcube password always set as 'pass' (without quote).
Installing Kloxo
Kloxo installation consists of downloading kloxo-installer.sh from download.lxcenter.org and executing it as root. The script will present you with a few questions and sometimes ask for a password (enter your root password).
If you don't have MySQL server already installed, you must run:
# su - root # yum install -y wget # wget http://download.lxcenter.org/download/kloxo/production/kloxo-installer.sh
To install as Master (Default Single Server):
# sh ./kloxo-installer.sh --type=master
To install as Slave:
# sh ./kloxo-installer.sh --type=slave
If you already have MySQL installed and set a root password, you must run:
# su - root # yum install -y wget # wget http://download.lxcenter.org/download/kloxo/production/kloxo-installer.sh # sh ./kloxo-installer.sh --type=<master/slave> --db-rootpassword=PASSWORD
Once kloxo is installed, you can connect to http://YOUR_SERVER_IP:7778 and you will be presented with a login screen. Login as admin with password admin and once you are in, Kloxo will ask you to change the default password to a secure one.
Regards,
Anzil Ali Liyakkath
Jr.Linux Server Administrator
Myloth Technologies Pvt. Ltd.
Technical Wing: WebHostRepo Software Solutions
Anzil Ali Liyakkath
Jr.Linux Server Administrator
Myloth Technologies Pvt. Ltd.
Technical Wing: WebHostRepo Software Solutions
anzil.ali@webhostrepo.com
web:http://www.webhostrepo.com
twitter:http://twitter.com/whrss
facebook:http://facebook.com/webhostrepo
linkedin:http://in.linkedin.com/in/webhostrepo
web:http://www.webhostrepo.com
twitter:http://twitter.com/whrss
facebook:http://facebook.com/webhostrepo
linkedin:http://in.linkedin.com/in/webhostrepo
Wednesday, 23 January 2013
Error while adding addon domain in cpanel.
Error
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Using nameservers with the following IPs: 72.20.25.134,66.252.1.255,67.18.179.15,67.19.72.206 Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
How to resolve it? There are two ways:
============================
#1: change your nameservers to point to the 4 server's nameservers (all of them, not just one or two). This can result in downtime, however, and isn't really recommended.
#2: Fix the option in WHM. In whm->tweak settings, make sure that this option is checked:
This really is redundant any more and doesn't need to be used.
Just make SURE to follow the instructions and NOT allow users to park
common domains.
This can (at times) become a security issue, but only if you don't keep a close eye on what your users are doing.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Using nameservers with the following IPs: 72.20.25.134,66.252.1.255,67.18.179.15,67.19.72.206 Sorry, the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server. Please transfer the domain to this servers nameservers or have your administrator add one of its nameservers to /etc/ips.remotedns and make the proper A entries on that remote nameserver.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
How to resolve it? There are two ways:
============================
#1: change your nameservers to point to the 4 server's nameservers (all of them, not just one or two). This can result in downtime, however, and isn't really recommended.
#2: Fix the option in WHM. In whm->tweak settings, make sure that this option is checked:
Quote:
| Allow Creation of Parked/Addon Domains that resolve to other servers (i.e. domain transfers) [This can be a major security problem. If you must have it enabled, be sure to not allow users to park common internet domains.] |
This can (at times) become a security issue, but only if you don't keep a close eye on what your users are doing.
Tuesday, 22 January 2013
Disabling telnet
Login as root to your server:
Edit /etc/xinetd.d/telnet
# vi /etc/xinetd.d/telnet
-Search for: "disable = no"
-Change it to: disable = yes
-Save and Exit
Restart xinted
# /etc/rc.d/init.d/xinetd restart
Edit /etc/xinetd.d/telnet
# vi /etc/xinetd.d/telnet
-Search for: "disable = no"
-Change it to: disable = yes
-Save and Exit
Restart xinted
# /etc/rc.d/init.d/xinetd restart
Secure /tmp and /var/tmp on a OpenVZ VPS
How do I secure /tmp and /var/tmp on a OpenVZ VPS?
On an OpenVZ VPS you will need to do the following to secure /tmp and /var/tmp.Secure /tmp===================================================================
- Edit /etc/fstab by typing the command nano -w /etc/fstab
- Paste the following at the bottom of /etc/stab that you just opened: none /tmp tmpfs nodev,nosuid,noexec 0 0
- Press ctrl + x to close the file, press y to save it.
- Remount /tmp by typing the following then press enter: mount -o remount /tmp
- You can verify that /tmp is correctly mounted by typing df -h and you should see something similar to the following: none 3.9G 0 3.9MG 0% /tmp
Secure /var/tmp
- Backup /var/tmp by typing the following: mv /var/tmp /var/tmpbackup
- Make a symbolic link that makes /var/tmp point to /tmp by typing the following: ln -s /tmp /var/tmp
- Copy back the old data using the command: cp /var/tmpbackup/* /tmp/
- Remove the un-needed backup you created: rm -rf /var/tmpbackup
You should now reboot your VPS. This means /tmp and /var/tmp are now secured.
change the SSH port
How to change the SSH port of a Linux Hosting Server ?
Step 1 : Login to your server as Root
Step 2 : Look for the sshd_config file (it can be found in /etc/ssh directory) and edit it
vim /etc/ssh/sshd_config
Step 3 : Search for a line that has :
Port 22
Step 4 : Amend the port number with something of your preference.
Note : You must ensure that the new port number is free and isn’t used by any other service.
Step 5 : Once you are sure about the changes, make sure that you Save the file
Step 6 : You may then restart sshd using the following command :
/etc/init.d/sshd restart
Step 7 : Make changes to the firewall with blocking Port 22 and allowing the new Port number used by SSH.
Disable direct root login
How to disable direct root login ?
Regards,
Disabling direct root login will force a hacker to have to gain access to two seperate passwords to SSH into your server.
First, Set up the admin account if you haven't already got one:
#groupadd admin
#useradd admin -gadmin
Create a password for the new account.
#passwd admin
On a CPanel system, you can now go into root WHM and add anotheruser to the wheel group, or use your favorite editor to put "admin" in the wheel group by editing /etc/group
Now, SSH into your server as admin and gain root access by typing:
#su -
Next, use your favorite editor to edit /etc/ssh/sshd_config, assuming you are using pico, type:
#pico -w /etc/ssh/sshd_config
Find the line:
-Protocol 2, 1
Uncomment it and change it to look like:
-Protocol 2
Next, find the line:
-PermitRootLogin yes
Uncomment it and make it look like:
PermitRootLogin no
Now, save the file, with perl you would press CTRL+x, then y then enter to save the file.
Restart SSH by issueing this command:
#/etc/rc.d/init.d/sshd restart
And if you like to disable 'su' you can use 'chmod 750 /bin/su'
Anzil Ali
Jr.Linux Server Administrator
Myloth Technologies Pvt. Ltd.
Technical Wing: WebHostRepo Software Solutions
9447622905(mobile)
web:http://www.webhostrepo.com
twitter:http://twitter.com/whrss
facebook:http://facebook.com/webhostrepo
linkedin:http://in.linkedin.com/in/webhostrepo
SSL Cert Installation
Apache cPanel SSL Cert Installation
Installing your cPanel SSL CertificateThe following instructions are for cPanel 11. If you have a different version of cPanel, you will go through a similar process but you may need to ask your web host for specific instructions.
-
Download your Intermediate and Primary Certificate files from your DigiCert Customer Account
to the directory where you will keep your certificate and key files.
-
Login to your cPanel control panel.
-
Find and click on SSL/TLS Manager.
-
Click on Generate, view, upload, or delete SSL certificates.
-
Under the Upload a New Certificate section, click on the Browse
button and find your Primary Certificate
(yourdomain.crt) that you downloaded in the first step.
Or if you have copied the contents of your primary
certificate from the email, paste it in the box labeled: "Paste the crt
below". To access the text version of your certificate, open it with a
text editor. When copying
and pasting your certificate, include the BEGIN and
END tags.
-
Click the Upload button.
-
Click Go Back
and click Return to SSL Manager
at the bottom of the page.
-
Click on Setup a SSL certificate to work with your site.
If this option is not available, your web host may have disabled it.
You will need to contact them about how to install the Intermediate
certificate.
-
Select the domain you are using from the Domain
drop down menu. The system will attempt to "Fetch"
the SSL Certificate and private key for you. If this doesn't work, you
may need to contact your web host.
-
In the box labeled Ca Bundle
paste the contents of the Intermediate certificate (DigiCertCA.crt).
-
Click Install Certificate. Your SSL certificate should now be installed, and the website configured to accept secure connections.
You or your web host may need to restart Apache before it will work.
Troubleshooting:
-
If your web site is publicly accessible, our SSL Certificate Tester
tool can help you diagnose common problems.
-
Open a web browser and visit your site using https.
It is best to test with both Internet Explorer as well as Firefox,
because Firefox will give you a warning if your intermediate certificate
is not installed. You should not receive any browser warnings or
errors.
Manual Intermediate Certificate Installation
If the Intermediate certificate was not correctly installed using the above instructions you may need to install it directly in Apache. If you do not have access to the Apache configuration files you will need to have your web host or administrator follow these instructions to install the Intermediate certificate:-
Locate the Virtual Host File:
On most Apache servers the Virtual Sites are configured in the /etc/httpd/conf/httpd.conf file. However, the location and name of this file can vary from server to server -- Especially if you use a special interface to manage your server configuration. Another common name for the file is 'SSL.conf'. If you open the file with a text editor, you will see the configurations for the virtual hosts that are housed on the server. The virtual host configurations are probably found near the end of the file.
-
Identify the secure Virtual Host for your site:
Locate the Virtual host configuration for the site you are securing. It will have the proper name and IP address (including port 443).
-
Configure the Virtual Host For SSL:
cPanel has already setup the first three SSL configuration lines for you. Now you will edit your Virtual Host configuration by adding the 'SSLCertificateChainFile' line below (this line is bolded).
<VirtualHost 192.168.0.1:443> DocumentRoot /var/www/html2 ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/DigiCertCA.crt </VirtualHost>
Of course, the path and names of your certificate files may be different. When typing the path for your SSLCACertificateFile, type the path and filename you plan to use when saving your intermediate certificate. It is generally advised to save your intermediate certificate in the same directory that cPanel already saved your primary certificate to.
-
Save the changes to your configuration file.
-
Save the Intermediate Certificate file to the Server:
Verify that the Intermediate Certificate file (DigiCertCA.crt) is saved to the path you configured above.
-
Restart Apache.
Monday, 21 January 2013
Enable sudo user for a user
To make it a user capable of performing
This works because the
sudo, add him to the admin group using either of the following commands:#sudo usermod -a -G admin <username>
#sudo adduser <username> admin
This works because the
admin group is predefined in /etc/sudoers. Note though that newer versions of Ubuntu will use sudo as group instead:Anzil Ali Jr.Linux Server Administrator Myloth Technologies Pvt. Ltd. Technical Wing: WebHostRepo Software Solutions web:http://www.webhostrepo.com twitter:http://twitter.com/whrss facebook:http://facebook.com/webhostrepo linkedin:http://in.linkedin.com/in/webhostrepo
Zip commands installations.
Q. Windows has winzip program what about Linux; I cannot find anything under Application menu. I am using Debian Linux distribution. How do I zip and unzip file under Linux?
A. Linux has both zip and unzip program. By default, these utilities not installed (see Linux winzip like GUI tools/utilities below). To install them from shell prompt (open shell prompt by clicking on Application > System Tools > Terminal ). You must be a root user, Type following two commands to install zip and unzip program:
# apt-get install zip
# apt-get install unzip
If you are Red Hat Linux/Fedora user then you can use yum command to install zip and unzip program:
# yum install zip
# yum install unzip
zip is a compression and file packaging utility for Linux and Unix (including FreeBSD, Solaris etc).
unzip will list, test, or extract files from a ZIP archive files.
zip examples:
Creates the archive data.zip and puts all the files in the current directory in it in compressed form
$ zip data *
No need to add .zip extension or suffix as it is added automatically by zip command.
To zip up an entire directory (including all subdirectories), the command:
$ zip -r data *
unzip example:
To use unzip to extract all files of the archive pics.zip into the current directory & subdirectories:
$ unzip pics.zip
You can also test pics.zip, printing only a summary message indicating whether the archive is OK or not:
$ unzip -tq pics.zip
To extract the file called cv.doc from pics.zip:
$ unzip pics.zip cv.doc
To extract all files into the /tmp directory:
$ unzip pics.zip -d /tmp
To list all files from pics.zip:
$ unzip -l pics.zip
Linux GUI packages like Winzip:
You can use graphics packages
* KDE Desktop: Ark is an Archive Manager for the KDE Desktop. You can start Ark from Application > Accessories.
* GNOME Desktop: File Roller ia an Archive Manager for the GNOME Desktop.
A. Linux has both zip and unzip program. By default, these utilities not installed (see Linux winzip like GUI tools/utilities below). To install them from shell prompt (open shell prompt by clicking on Application > System Tools > Terminal ). You must be a root user, Type following two commands to install zip and unzip program:
# apt-get install zip
# apt-get install unzip
If you are Red Hat Linux/Fedora user then you can use yum command to install zip and unzip program:
# yum install zip
# yum install unzip
zip is a compression and file packaging utility for Linux and Unix (including FreeBSD, Solaris etc).
unzip will list, test, or extract files from a ZIP archive files.
zip examples:
Creates the archive data.zip and puts all the files in the current directory in it in compressed form
$ zip data *
No need to add .zip extension or suffix as it is added automatically by zip command.
To zip up an entire directory (including all subdirectories), the command:
$ zip -r data *
unzip example:
To use unzip to extract all files of the archive pics.zip into the current directory & subdirectories:
$ unzip pics.zip
You can also test pics.zip, printing only a summary message indicating whether the archive is OK or not:
$ unzip -tq pics.zip
To extract the file called cv.doc from pics.zip:
$ unzip pics.zip cv.doc
To extract all files into the /tmp directory:
$ unzip pics.zip -d /tmp
To list all files from pics.zip:
$ unzip -l pics.zip
Linux GUI packages like Winzip:
You can use graphics packages
* KDE Desktop: Ark is an Archive Manager for the KDE Desktop. You can start Ark from Application > Accessories.
* GNOME Desktop: File Roller ia an Archive Manager for the GNOME Desktop.
Saturday, 19 January 2013
Enable TUN/TAP and NAT and KERNAL modules.
Enable TUN/TAP and NAT
1. EnableTUN/TAP
—————————
# lsmod | grep tun
# modprobe tun
vzctl set 101 –devices c:10:200:rw –save
vzctl set 101 –capability net_admin:on –save
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun
—————————
Enable NAT :
* Login to Node server. Check vzcinfiguration file to find whether NAT is enabled or not.
—————————
grep -i iptables /etc/vz/vz.conf
## IPv4 iptables kernel modules
IPTABLES=”ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length”
—————————
Add NAT to the configuration file.
—————————
#vi /etc/vz/vz.conf
insert ‘iptable_nat’ on to the iptables modules.
## IPv4 iptables kernel modules
IPTABLES=”iptable_nat ipt_REJECT ipt_tos ipt_limit ipt_multiport iptable_filter iptable_mangle ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_length”
Check NAT is loaded or not,
lsmod | grep nat
—————————
# lsmod | grep nat
iptable_nat 43404 3
ip_nat 53520 2 iptable_nat,vzrst
ip_conntrack 101396 6 iptable_nat,vzrst,ip_nat,vzcpt
nfnetlink 40392 2 ip_nat,ip_conntrack
ip_tables 57440 3 iptable_nat,iptable_mangle,iptable_filter
x_tables 52744 11 iptable_nat,xt_tcpudp,xt_length,ipt_ttl,xt_tcpmss,ipt_TCPMSS,xt_multiport,xt_limit,ipt_tos,ipt_REJECT,ip_tables
—————————
* Now save the paraments for the VPS to which NAT has to be enabled.
from node :
—————————
vzctl set VZID –iptables “iptable_nat iptable_filter iptable_mangle ip_conntrack ipt_conntrack ipt_REDIRECT ipt_REJECT ipt_multiport ipt_helper ipt_LOG ipt_state” –save
VZID is VPS ID, replace it with the correct one.
* Restart VPS
vzctl restart VZID
* Enter into the VPS
vzctl enter VZID
* Check for NAT
# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 2 packets, 88 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 72 bytes)
pkts bytes target prot opt in out source destination
0 0 SNAT all – * venet0 10.9.0.0/24 0.0.0.0/0 to:111.140.170.134
0 0 SNAT all – * venet0 10.8.0.0/24 0.0.0.0/0 to:111.140.170.134
Wednesday, 16 January 2013
Running several name-based web sites on a single IP address.
Your server has a single IP address, and multiple aliases (CNAMES) point to this machine in DNS. You want to run a web server for www.example.com and www.example.org on this machine.
Note
Creating virtual host configurations on your Apache server does not magically cause DNS entries to be created for those host names. You must have the names in DNS, resolving to your IP address, or nobody else will be able to see your web site. You can put entries in your hosts file for local testing, but that will work only from the machine with those hosts entries.
Server configuration
# Ensure that Apache listens on port 80
Listen 80
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /www/example1
ServerName www.example.com
# Other directives here
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /www/example2
ServerName www.example.org
# Other directives here
</VirtualHost>
The asterisks match all addresses, so the main server serves no requests. Due to the fact that www.example.com is first in the configuration file, it has the highest priority and can be seen as the default or primary server. That means that if a request is received that does not match one of the specified ServerName directives, it will be served by this first VirtualHost.
Note
You can, if you wish, replace * with the actual IP address of the system. In that case, the argument to VirtualHost must match the argument to NameVirtualHost:
NameVirtualHost 172.20.30.40
<VirtualHost 172.20.30.40>
# etc ...
However, it is additionally useful to use * on systems where the IP address is not predictable - for example if you have a dynamic IP address with your ISP, and you are using some variety of dynamic DNS solution. Since * matches any IP address, this configuration would work without changes whenever your IP address changes.
The above configuration is what you will want to use in almost all name-based virtual hosting situations. The only thing that this configuration will not work for, in fact, is when you are serving different content based on differing IP addresses or ports.
top
Name-based hosts on more than one IP address.
Note
Any of the techniques discussed here can be extended to any number of IP addresses.
The server has two IP addresses. On one (172.20.30.40), we will serve the "main" server, server.domain.com and on the other (172.20.30.50), we will serve two or more virtual hosts.
Server configuration
Listen 80
# This is the "main" server running on 172.20.30.40
ServerName server.domain.com
DocumentRoot /www/mainserver
# This is the other address
NameVirtualHost 172.20.30.50
<VirtualHost 172.20.30.50>
DocumentRoot /www/example1
ServerName www.example.com
# Other directives here ...
</VirtualHost>
<VirtualHost 172.20.30.50>
DocumentRoot /www/example2
ServerName www.example.org
# Other directives here ...
</VirtualHost>
Any request to an address other than 172.20.30.50 will be served from the main server. A request to 172.20.30.50 with an unknown hostname, or no Host: header, will be served from www.example.com.
top
Serving the same content on different IP addresses (such as an internal and external address).
The server machine has two IP addresses (192.168.1.1 and 172.20.30.40). The machine is sitting between an internal (intranet) network and an external (internet) network. Outside of the network, the name server.example.com resolves to the external address (172.20.30.40), but inside the network, that same name resolves to the internal address (192.168.1.1).
The server can be made to respond to internal and external requests with the same content, with just one VirtualHost section.
Server configuration
NameVirtualHost 192.168.1.1
NameVirtualHost 172.20.30.40
<VirtualHost 192.168.1.1 172.20.30.40>
DocumentRoot /www/server1
ServerName server.example.com
ServerAlias server
</VirtualHost>
Now requests from both networks will be served from the same VirtualHost.
Note:
On the internal network, one can just use the name server rather than the fully qualified host name server.example.com.
Note also that, in the above example, you can replace the list of IP addresses with *, which will cause the server to respond the same on all addresses.
top
Running different sites on different ports.
You have multiple domains going to the same IP and also want to serve multiple ports. By defining the ports in the "NameVirtualHost" tag, you can allow this to work. If you try using <VirtualHost name:port> without the NameVirtualHost name:port or you try to use the Listen directive, your configuration will not work.
Server configuration
Listen 80
Listen 8080
NameVirtualHost 172.20.30.40:80
NameVirtualHost 172.20.30.40:8080
<VirtualHost 172.20.30.40:80>
ServerName www.example.com
DocumentRoot /www/domain-80
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
ServerName www.example.com
DocumentRoot /www/domain-8080
</VirtualHost>
<VirtualHost 172.20.30.40:80>
ServerName www.example.org
DocumentRoot /www/otherdomain-80
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
ServerName www.example.org
DocumentRoot /www/otherdomain-8080
</VirtualHost>
top
IP-based virtual hosting
The server has two IP addresses (172.20.30.40 and 172.20.30.50) which resolve to the names www.example.com and www.example.org respectively.
Server configuration
Listen 80
<VirtualHost 172.20.30.40>
DocumentRoot /www/example1
ServerName www.example.com
</VirtualHost>
<VirtualHost 172.20.30.50>
DocumentRoot /www/example2
ServerName www.example.org
</VirtualHost>
Requests for any address not specified in one of the <VirtualHost> directives (such as localhost, for example) will go to the main server, if there is one.
top
Mixed port-based and ip-based virtual hosts
The server machine has two IP addresses (172.20.30.40 and 172.20.30.50) which resolve to the names www.example.com and www.example.org respectively. In each case, we want to run hosts on ports 80 and 8080.
Server configuration
Listen 172.20.30.40:80
Listen 172.20.30.40:8080
Listen 172.20.30.50:80
Listen 172.20.30.50:8080
<VirtualHost 172.20.30.40:80>
DocumentRoot /www/example1-80
ServerName www.example.com
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
DocumentRoot /www/example1-8080
ServerName www.example.com
</VirtualHost>
<VirtualHost 172.20.30.50:80>
DocumentRoot /www/example2-80
ServerName www.example.org
</VirtualHost>
<VirtualHost 172.20.30.50:8080>
DocumentRoot /www/example2-8080
ServerName www.example.org
</VirtualHost>
top
Mixed name-based and IP-based vhosts
On some of my addresses, I want to do name-based virtual hosts, and on others, IP-based hosts.
Server configuration
Listen 80
NameVirtualHost 172.20.30.40
<VirtualHost 172.20.30.40>
DocumentRoot /www/example1
ServerName www.example.com
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/example2
ServerName www.example.org
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/example3
ServerName www.example3.net
</VirtualHost>
# IP-based
<VirtualHost 172.20.30.50>
DocumentRoot /www/example4
ServerName www.example4.edu
</VirtualHost>
<VirtualHost 172.20.30.60>
DocumentRoot /www/example5
ServerName www.example5.gov
</VirtualHost>
top
Using Virtual_host and mod_proxy together
The following example allows a front-end machine to proxy a virtual host through to a server running on another machine. In the example, a virtual host of the same name is configured on a machine at 192.168.111.2. The ProxyPreserveHost On directive is used so that the desired hostname is passed through, in case we are proxying multiple hostnames to a single machine.
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://192.168.111.2/
ProxyPassReverse / http://192.168.111.2/
ServerName hostname.example.com
</VirtualHost>
top
Using _default_ vhosts
_default_ vhosts for all ports
Catching every request to any unspecified IP address and port, i.e., an address/port combination that is not used for any other virtual host.
Server configuration
<VirtualHost _default_:*>
DocumentRoot /www/default
</VirtualHost>
Using such a default vhost with a wildcard port effectively prevents any request going to the main server.
A default vhost never serves a request that was sent to an address/port that is used for name-based vhosts. If the request contained an unknown or no Host: header it is always served from the primary name-based vhost (the vhost for that address/port appearing first in the configuration file).
You can use AliasMatch or RewriteRule to rewrite any request to a single information page (or script).
_default_ vhosts for different ports
Same as setup 1, but the server listens on several ports and we want to use a second _default_ vhost for port 80.
Server configuration
<VirtualHost _default_:80>
DocumentRoot /www/default80
# ...
</VirtualHost>
<VirtualHost _default_:*>
DocumentRoot /www/default
# ...
</VirtualHost>
The default vhost for port 80 (which must appear before any default vhost with a wildcard port) catches all requests that were sent to an unspecified IP address. The main server is never used to serve a request.
_default_ vhosts for one port
We want to have a default vhost for port 80, but no other default vhosts.
Server configuration
<VirtualHost _default_:80>
DocumentRoot /www/default
...
</VirtualHost>
A request to an unspecified address on port 80 is served from the default vhost. Any other request to an unspecified address and port is served from the main server.
top
Migrating a name-based vhost to an IP-based vhost
The name-based vhost with the hostname www.example.org (from our name-based example, setup 2) should get its own IP address. To avoid problems with name servers or proxies who cached the old IP address for the name-based vhost we want to provide both variants during a migration phase.
The solution is easy, because we can simply add the new IP address (172.20.30.50) to the VirtualHost directive.
Server configuration
Listen 80
ServerName www.example.com
DocumentRoot /www/example1
NameVirtualHost 172.20.30.40
<VirtualHost 172.20.30.40 172.20.30.50>
DocumentRoot /www/example2
ServerName www.example.org
# ...
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/example3
ServerName www.example.net
ServerAlias *.example.net
# ...
</VirtualHost>
The vhost can now be accessed through the new address (as an IP-based vhost) and through the old address (as a name-based vhost).
top
Using the ServerPath directive
We have a server with two name-based vhosts. In order to match the correct virtual host a client must send the correct Host: header. Old HTTP/1.0 clients do not send such a header and Apache has no clue what vhost the client tried to reach (and serves the request from the primary vhost). To provide as much backward compatibility as possible we create a primary vhost which returns a single page containing links with an URL prefix to the name-based virtual hosts.
Server configuration
NameVirtualHost 172.20.30.40
<VirtualHost 172.20.30.40>
# primary vhost
DocumentRoot /www/subdomain
RewriteEngine On
RewriteRule ^/.* /www/subdomain/index.html
# ...
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/subdomain/sub1
ServerName www.sub1.domain.tld
ServerPath /sub1/
RewriteEngine On
RewriteRule ^(/sub1/.*) /www/subdomain$1
# ...
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/subdomain/sub2
ServerName www.sub2.domain.tld
ServerPath /sub2/
RewriteEngine On
RewriteRule ^(/sub2/.*) /www/subdomain$1
# ...
</VirtualHost>
Due to the ServerPath directive a request to the URL http://www.sub1.domain.tld/sub1/ is always served from the sub1-vhost.
A request to the URL http://www.sub1.domain.tld/ is only served from the sub1-vhost if the client sent a correct Host: header. If no Host: header is sent the client gets the information page from the primary host.
Please note that there is one oddity: A request to http://www.sub2.domain.tld/sub1/ is also served from the sub1-vhost if the client sent no Host: header.
The RewriteRule directives are used to make sure that a client which sent a correct Host: header can use both URL variants, i.e., with or without URL prefix.
Your server has a single IP address, and multiple aliases (CNAMES) point to this machine in DNS. You want to run a web server for www.example.com and www.example.org on this machine.
Note
Creating virtual host configurations on your Apache server does not magically cause DNS entries to be created for those host names. You must have the names in DNS, resolving to your IP address, or nobody else will be able to see your web site. You can put entries in your hosts file for local testing, but that will work only from the machine with those hosts entries.
Server configuration
# Ensure that Apache listens on port 80
Listen 80
# Listen for virtual host requests on all IP addresses
NameVirtualHost *:80
<VirtualHost *:80>
DocumentRoot /www/example1
ServerName www.example.com
# Other directives here
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /www/example2
ServerName www.example.org
# Other directives here
</VirtualHost>
The asterisks match all addresses, so the main server serves no requests. Due to the fact that www.example.com is first in the configuration file, it has the highest priority and can be seen as the default or primary server. That means that if a request is received that does not match one of the specified ServerName directives, it will be served by this first VirtualHost.
Note
You can, if you wish, replace * with the actual IP address of the system. In that case, the argument to VirtualHost must match the argument to NameVirtualHost:
NameVirtualHost 172.20.30.40
<VirtualHost 172.20.30.40>
# etc ...
However, it is additionally useful to use * on systems where the IP address is not predictable - for example if you have a dynamic IP address with your ISP, and you are using some variety of dynamic DNS solution. Since * matches any IP address, this configuration would work without changes whenever your IP address changes.
The above configuration is what you will want to use in almost all name-based virtual hosting situations. The only thing that this configuration will not work for, in fact, is when you are serving different content based on differing IP addresses or ports.
top
Name-based hosts on more than one IP address.
Note
Any of the techniques discussed here can be extended to any number of IP addresses.
The server has two IP addresses. On one (172.20.30.40), we will serve the "main" server, server.domain.com and on the other (172.20.30.50), we will serve two or more virtual hosts.
Server configuration
Listen 80
# This is the "main" server running on 172.20.30.40
ServerName server.domain.com
DocumentRoot /www/mainserver
# This is the other address
NameVirtualHost 172.20.30.50
<VirtualHost 172.20.30.50>
DocumentRoot /www/example1
ServerName www.example.com
# Other directives here ...
</VirtualHost>
<VirtualHost 172.20.30.50>
DocumentRoot /www/example2
ServerName www.example.org
# Other directives here ...
</VirtualHost>
Any request to an address other than 172.20.30.50 will be served from the main server. A request to 172.20.30.50 with an unknown hostname, or no Host: header, will be served from www.example.com.
top
Serving the same content on different IP addresses (such as an internal and external address).
The server machine has two IP addresses (192.168.1.1 and 172.20.30.40). The machine is sitting between an internal (intranet) network and an external (internet) network. Outside of the network, the name server.example.com resolves to the external address (172.20.30.40), but inside the network, that same name resolves to the internal address (192.168.1.1).
The server can be made to respond to internal and external requests with the same content, with just one VirtualHost section.
Server configuration
NameVirtualHost 192.168.1.1
NameVirtualHost 172.20.30.40
<VirtualHost 192.168.1.1 172.20.30.40>
DocumentRoot /www/server1
ServerName server.example.com
ServerAlias server
</VirtualHost>
Now requests from both networks will be served from the same VirtualHost.
Note:
On the internal network, one can just use the name server rather than the fully qualified host name server.example.com.
Note also that, in the above example, you can replace the list of IP addresses with *, which will cause the server to respond the same on all addresses.
top
Running different sites on different ports.
You have multiple domains going to the same IP and also want to serve multiple ports. By defining the ports in the "NameVirtualHost" tag, you can allow this to work. If you try using <VirtualHost name:port> without the NameVirtualHost name:port or you try to use the Listen directive, your configuration will not work.
Server configuration
Listen 80
Listen 8080
NameVirtualHost 172.20.30.40:80
NameVirtualHost 172.20.30.40:8080
<VirtualHost 172.20.30.40:80>
ServerName www.example.com
DocumentRoot /www/domain-80
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
ServerName www.example.com
DocumentRoot /www/domain-8080
</VirtualHost>
<VirtualHost 172.20.30.40:80>
ServerName www.example.org
DocumentRoot /www/otherdomain-80
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
ServerName www.example.org
DocumentRoot /www/otherdomain-8080
</VirtualHost>
top
IP-based virtual hosting
The server has two IP addresses (172.20.30.40 and 172.20.30.50) which resolve to the names www.example.com and www.example.org respectively.
Server configuration
Listen 80
<VirtualHost 172.20.30.40>
DocumentRoot /www/example1
ServerName www.example.com
</VirtualHost>
<VirtualHost 172.20.30.50>
DocumentRoot /www/example2
ServerName www.example.org
</VirtualHost>
Requests for any address not specified in one of the <VirtualHost> directives (such as localhost, for example) will go to the main server, if there is one.
top
Mixed port-based and ip-based virtual hosts
The server machine has two IP addresses (172.20.30.40 and 172.20.30.50) which resolve to the names www.example.com and www.example.org respectively. In each case, we want to run hosts on ports 80 and 8080.
Server configuration
Listen 172.20.30.40:80
Listen 172.20.30.40:8080
Listen 172.20.30.50:80
Listen 172.20.30.50:8080
<VirtualHost 172.20.30.40:80>
DocumentRoot /www/example1-80
ServerName www.example.com
</VirtualHost>
<VirtualHost 172.20.30.40:8080>
DocumentRoot /www/example1-8080
ServerName www.example.com
</VirtualHost>
<VirtualHost 172.20.30.50:80>
DocumentRoot /www/example2-80
ServerName www.example.org
</VirtualHost>
<VirtualHost 172.20.30.50:8080>
DocumentRoot /www/example2-8080
ServerName www.example.org
</VirtualHost>
top
Mixed name-based and IP-based vhosts
On some of my addresses, I want to do name-based virtual hosts, and on others, IP-based hosts.
Server configuration
Listen 80
NameVirtualHost 172.20.30.40
<VirtualHost 172.20.30.40>
DocumentRoot /www/example1
ServerName www.example.com
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/example2
ServerName www.example.org
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/example3
ServerName www.example3.net
</VirtualHost>
# IP-based
<VirtualHost 172.20.30.50>
DocumentRoot /www/example4
ServerName www.example4.edu
</VirtualHost>
<VirtualHost 172.20.30.60>
DocumentRoot /www/example5
ServerName www.example5.gov
</VirtualHost>
top
Using Virtual_host and mod_proxy together
The following example allows a front-end machine to proxy a virtual host through to a server running on another machine. In the example, a virtual host of the same name is configured on a machine at 192.168.111.2. The ProxyPreserveHost On directive is used so that the desired hostname is passed through, in case we are proxying multiple hostnames to a single machine.
<VirtualHost *:*>
ProxyPreserveHost On
ProxyPass / http://192.168.111.2/
ProxyPassReverse / http://192.168.111.2/
ServerName hostname.example.com
</VirtualHost>
top
Using _default_ vhosts
_default_ vhosts for all ports
Catching every request to any unspecified IP address and port, i.e., an address/port combination that is not used for any other virtual host.
Server configuration
<VirtualHost _default_:*>
DocumentRoot /www/default
</VirtualHost>
Using such a default vhost with a wildcard port effectively prevents any request going to the main server.
A default vhost never serves a request that was sent to an address/port that is used for name-based vhosts. If the request contained an unknown or no Host: header it is always served from the primary name-based vhost (the vhost for that address/port appearing first in the configuration file).
You can use AliasMatch or RewriteRule to rewrite any request to a single information page (or script).
_default_ vhosts for different ports
Same as setup 1, but the server listens on several ports and we want to use a second _default_ vhost for port 80.
Server configuration
<VirtualHost _default_:80>
DocumentRoot /www/default80
# ...
</VirtualHost>
<VirtualHost _default_:*>
DocumentRoot /www/default
# ...
</VirtualHost>
The default vhost for port 80 (which must appear before any default vhost with a wildcard port) catches all requests that were sent to an unspecified IP address. The main server is never used to serve a request.
_default_ vhosts for one port
We want to have a default vhost for port 80, but no other default vhosts.
Server configuration
<VirtualHost _default_:80>
DocumentRoot /www/default
...
</VirtualHost>
A request to an unspecified address on port 80 is served from the default vhost. Any other request to an unspecified address and port is served from the main server.
top
Migrating a name-based vhost to an IP-based vhost
The name-based vhost with the hostname www.example.org (from our name-based example, setup 2) should get its own IP address. To avoid problems with name servers or proxies who cached the old IP address for the name-based vhost we want to provide both variants during a migration phase.
The solution is easy, because we can simply add the new IP address (172.20.30.50) to the VirtualHost directive.
Server configuration
Listen 80
ServerName www.example.com
DocumentRoot /www/example1
NameVirtualHost 172.20.30.40
<VirtualHost 172.20.30.40 172.20.30.50>
DocumentRoot /www/example2
ServerName www.example.org
# ...
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/example3
ServerName www.example.net
ServerAlias *.example.net
# ...
</VirtualHost>
The vhost can now be accessed through the new address (as an IP-based vhost) and through the old address (as a name-based vhost).
top
Using the ServerPath directive
We have a server with two name-based vhosts. In order to match the correct virtual host a client must send the correct Host: header. Old HTTP/1.0 clients do not send such a header and Apache has no clue what vhost the client tried to reach (and serves the request from the primary vhost). To provide as much backward compatibility as possible we create a primary vhost which returns a single page containing links with an URL prefix to the name-based virtual hosts.
Server configuration
NameVirtualHost 172.20.30.40
<VirtualHost 172.20.30.40>
# primary vhost
DocumentRoot /www/subdomain
RewriteEngine On
RewriteRule ^/.* /www/subdomain/index.html
# ...
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/subdomain/sub1
ServerName www.sub1.domain.tld
ServerPath /sub1/
RewriteEngine On
RewriteRule ^(/sub1/.*) /www/subdomain$1
# ...
</VirtualHost>
<VirtualHost 172.20.30.40>
DocumentRoot /www/subdomain/sub2
ServerName www.sub2.domain.tld
ServerPath /sub2/
RewriteEngine On
RewriteRule ^(/sub2/.*) /www/subdomain$1
# ...
</VirtualHost>
Due to the ServerPath directive a request to the URL http://www.sub1.domain.tld/sub1/ is always served from the sub1-vhost.
A request to the URL http://www.sub1.domain.tld/ is only served from the sub1-vhost if the client sent a correct Host: header. If no Host: header is sent the client gets the information page from the primary host.
Please note that there is one oddity: A request to http://www.sub2.domain.tld/sub1/ is also served from the sub1-vhost if the client sent no Host: header.
The RewriteRule directives are used to make sure that a client which sent a correct Host: header can use both URL variants, i.e., with or without URL prefix.
Wednesday, 2 January 2013
Centos- IP-Problem
No suitable device found: no device found for connection 'System venet0' in openvz VPS and network won't start.
#cd /etc/sysconfig/network-scripts #vi route-venet0 192.0.2.0/24 dev venet0 scope host default via 192.0.2.1 #/etc/init.d/network restart
Check whether IP is up:
#ifconfig
#ping google.com
==================================
Anzil Ali Liyakkath
anzil.ali@webhostrepo.com
Subscribe to:
Posts (Atom)