Creating a basic monitoring server for network devices

I’ve recently been working more and more with network device management. So, to help with up-time monitoring, interface statistics, bandwidth utilization, and alerting, I’ve been building up a server with some great Open Source tools. My clients love it because it costs virtually nothing to run these machines, and it helps keep the network running smoothly when we know what is going on within the network.

One thing I haven’t been able to do yet is SYSLOG monitoring with the ability to generate email alerts off of specific SYSLOG messages. That’s in the work, and I’ll be adding that information into this blog as soon as I get it up and running properly.

I am using Debian 7.6 for this Operating System. Mainly because it’s very stable, very small, and doesn’t update as frequently (making it easier to manage). You can follow a basic install of this OS from here: Debian Minimal Install. That will get you up and running and we’ll take it from there.

Okay, now that you have an OS running, go ahead and open up a command prompt and log in as your user account or “root”. Go ahead an then “sudo su”.

Now we will update apt:

apt-get update

 

From here, let’s get LAMP installed and running so our web services will run properly.

apt-get install apache2
apt-get install mysql-server
apt-get install php5 php-pear php5-mysql

 

Now that we have that all setup, lets secure MySQL a bit:

mysql_secure_installation

 

When you run through this, make sure to answer these questions:

root@testmonitor:/root# mysql_secure_installation




NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MySQL
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!


In order to log into MySQL to secure it, we'll need the current
password for the root user.  If you've just installed MySQL, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.

You already have a root password set, so you can safely answer 'n'.

Change the root password? [Y/n] n
 ... skipping.

By default, a MySQL installation has an anonymous user, allowing anyone
to log into MySQL without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MySQL comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
ERROR 1008 (HY000) at line 1: Can't drop database 'test'; database doesn't exist
 ... Failed!  Not critical, keep moving...
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...



All done!  If you've completed all of the above steps, your MySQL
installation should now be secure.

Thanks for using MySQL!

 
 

Let’s test the server and make sure it’s working properly. Using nano, edit the file “info.php” in the “www” directory:

nano /var/www/info.php

 

Add in the following lines:

<?php
phpinfo();
?>

 

Now, open a web browser and type in the server’s IP address and the info page:

http://192.168.0.101/info.php

 

 

Now let’s get Cacti installed.

apt-get install cacti cacti-spine

Make sure to let the installer know that you’re using Apache2 as your HTTP server.

Also, you’ll need to let the installer “Configure database for cacti with dbconfig-common”. Say yes!

After you apt is done installing your software, you’ll have to finish the install from a web browser.

http://192.168.0.101/cacti/install/

 

After answering a couple very easy questions, you’ll be finished and presented with a login screen.

The default credentials for cacti are “admin:admin”

From there you can log in and start populating your server with all the devices that you want to monitor. It’s that easy.

 

 

 

 

Now, let’s get Nagios installed. Again, it’s really easy. I just install everything nagios (don’t forget the asterisk after nagios):

apt-get install nagios*

This is what it will look like:

root@debiantest:/root# apt-get install nagios*
Reading package lists... Done
Building dependency tree      
Reading state information... Done
Note, selecting 'nagios-nrpe-plugin' for regex 'nagios*'
Note, selecting 'nagios-nrpe-doc' for regex 'nagios*'
Note, selecting 'nagios-plugins-basic' for regex 'nagios*'
Note, selecting 'check-mk-config-nagios3' for regex 'nagios*'
Note, selecting 'nagios2' for regex 'nagios*'
Note, selecting 'nagios3' for regex 'nagios*'
Note, selecting 'nagios-snmp-plugins' for regex 'nagios*'
Note, selecting 'uwsgi-plugin-nagios' for regex 'nagios*'
Note, selecting 'ndoutils-nagios3-mysql' for regex 'nagios*'
Note, selecting 'nagios-plugins' for regex 'nagios*'
Note, selecting 'gosa-plugin-nagios-schema' for regex 'nagios*'
Note, selecting 'nagios-nrpe-server' for regex 'nagios*'
Note, selecting 'nagios-plugin-check-multi' for regex 'nagios*'
Note, selecting 'nagios-plugins-openstack' for regex 'nagios*'
Note, selecting 'libnagios-plugin-perl' for regex 'nagios*'
Note, selecting 'nagios-images' for regex 'nagios*'
Note, selecting 'pnp4nagios-bin' for regex 'nagios*'
Note, selecting 'nagios3-core' for regex 'nagios*'
Note, selecting 'libnagios-object-perl' for regex 'nagios*'
Note, selecting 'nagios-plugins-common' for regex 'nagios*'
Note, selecting 'nagiosgrapher' for regex 'nagios*'
Note, selecting 'nagios' for regex 'nagios*'
Note, selecting 'nagios3-dbg' for regex 'nagios*'
Note, selecting 'nagios3-cgi' for regex 'nagios*'
Note, selecting 'nagios3-common' for regex 'nagios*'
Note, selecting 'nagios3-doc' for regex 'nagios*'
Note, selecting 'pnp4nagios' for regex 'nagios*'
Note, selecting 'pnp4nagios-web' for regex 'nagios*'
Note, selecting 'ndoutils-nagios2-mysql' for regex 'nagios*'
Note, selecting 'nagios-plugins-contrib' for regex 'nagios*'
Note, selecting 'ndoutils-nagios3' for regex 'nagios*'
Note, selecting 'nagios-plugins-standard' for regex 'nagios*'
Note, selecting 'gosa-plugin-nagios' for regex 'nagios*'
The following extra packages will be installed:
  autopoint dbus fonts-droid fonts-liberation fping freeipmi-common freeipmi-tools gettext ghostscript git git-man gosa gsfonts imagemagick-common libavahi-client3 libavahi-common-data libavahi-common3 libc-client2007e
  libcalendar-simple-perl libclass-accessor-perl libclass-load-perl libclass-singleton-perl libconfig-tiny-perl libcroco3 libcrypt-smbhash-perl libcups2 libcupsimage2 libcurl3 libcurl3-gnutls libdata-optlist-perl libdate-manip-perl
  libdatetime-locale-perl libdatetime-perl libdatetime-timezone-perl libdbus-1-3 libdigest-hmac-perl libdigest-md4-perl libencode-locale-perl liberror-perl libfile-listing-perl libfont-afm-perl libfpdf-tpl-php libfpdi-php
  libfreeipmi12 libgd-gd2-perl libgd2-xpm libgettextpo0 libgomp1 libgs9 libgs9-common libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl libhttp-cookies-perl libhttp-daemon-perl
  libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libijs-0.35 libio-pty-perl libio-socket-ip-perl libio-socket-ssl-perl libipc-run-perl libipmiconsole2 libipmidetect0 libjansson4 libjasper1 libjbig0 libjbig2dec0
  libjpeg8 libjs-jquery-ui libkohana2-php liblcms2-2 liblist-moreutils-perl liblqr-1-0 libltdl7 liblwp-mediatypes-perl liblwp-protocol-https-perl liblwp-useragent-determined-perl libmagickcore5 libmagickwand5 libmail-imapclient-perl
  libmailtools-perl libmath-calc-units-perl libmath-round-perl libmcrypt4 libmemcached10 libmodule-implementation-perl libmodule-runtime-perl libnet-dns-perl libnet-http-perl libnet-ip-perl libnet-libidn-perl libnet-smtp-tls-perl
  libnet-snmp-perl libnet-ssleay-perl libodbc1 libpackage-deprecationmanager-perl libpackage-stash-perl libpackage-stash-xs-perl libpaper-utils libpaper1 libparams-classify-perl libparams-util-perl libparams-validate-perl
  libparse-recdescent-perl libpgm-5.1-0 libpq5 libradiusclient-ng2 libreadonly-perl libreadonly-xs-perl librecode0 librrds-perl librtmp0 libruby1.9.1 libslp1 libsm6 libsocket-perl libssh2-1 libsub-install-perl libsub-name-perl
  libsystemd-login0 libtalloc2 libtdb1 libtiff4 libtimedate-perl libtry-tiny-perl libunistring0 liburi-perl libwbclient0 libwww-perl libwww-robotrules-perl libxpm4 libxt6 libyaml-0-2 libyaml-syck-perl libzmq1 mlock ndoutils-common
  perlmagick php-fpdf php5-curl php5-gd php5-imagick php5-imap php5-ldap php5-mcrypt php5-recode poppler-data python-httplib2 python-keystoneclient python-pkg-resources python-prettytable qstat rsync ruby ruby1.9.1 samba-common
  samba-common-bin slapd smarty3 smbclient ttf-liberation uwsgi-core x11-common
Suggested packages:
  dbus-x11 freeipmi-ipmidetect freeipmi-bmc-watchdog gettext-doc ghostscript-cups ghostscript-x hpijs git-daemon-run git-daemon-sysvinit git-doc git-el git-arch git-cvs git-svn git-email git-gui gitk gitweb gosa-si-server
  cyrus21-imapd postfix-ldap gosa-schema php5-suhosin php-apc uw-mailutils cups-common libgd-tools libdata-dump-perl libjasper-runtime libjs-jquery-ui-docs libkohana2-modules-php liblcms2-utils libcrypt-ssleay-perl
  libmagickcore5-extra libauthen-sasl-perl libmcrypt-dev mcrypt libio-socket-inet6-perl libcrypt-des-perl libmyodbc odbc-postgresql tdsodbc unixodbc-bin libscalar-number-perl slpd openslp-doc libauthen-ntlm-perl backuppc perl-doc
  cciss-vol-status expect ndoutils-doc imagemagick-doc ttf2pt1 rrdcached libgearman-client-perl libcrypt-rijndael-perl poppler-utils fonts-japanese-mincho fonts-ipafont-mincho fonts-japanese-gothic fonts-ipafont-gothic
  fonts-arphic-ukai fonts-arphic-uming fonts-unfonts-core python-distribute python-distribute-doc ri ruby-dev ruby1.9.1-examples ri1.9.1 graphviz ruby1.9.1-dev ruby-switch ldap-utils cifs-utils nginx-full cherokee libapache2-mod-uwsgi
  libapache2-mod-ruwsgi uwsgi-plugins-all uwsgi-extra
The following NEW packages will be installed:
  autopoint check-mk-config-nagios3 dbus fonts-droid fonts-liberation fping freeipmi-common freeipmi-tools gettext ghostscript git git-man gosa gosa-plugin-nagios gosa-plugin-nagios-schema gsfonts imagemagick-common libavahi-client3
  libavahi-common-data libavahi-common3 libc-client2007e libcalendar-simple-perl libclass-accessor-perl libclass-load-perl libclass-singleton-perl libconfig-tiny-perl libcroco3 libcrypt-smbhash-perl libcups2 libcupsimage2 libcurl3
  libcurl3-gnutls libdata-optlist-perl libdate-manip-perl libdatetime-locale-perl libdatetime-perl libdatetime-timezone-perl libdbus-1-3 libdigest-hmac-perl libdigest-md4-perl libencode-locale-perl liberror-perl libfile-listing-perl
  libfont-afm-perl libfpdf-tpl-php libfpdi-php libfreeipmi12 libgd-gd2-perl libgd2-xpm libgettextpo0 libgomp1 libgs9 libgs9-common libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl
  libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl libhttp-message-perl libhttp-negotiate-perl libice6 libijs-0.35 libio-pty-perl libio-socket-ip-perl libio-socket-ssl-perl libipc-run-perl libipmiconsole2 libipmidetect0
  libjansson4 libjasper1 libjbig0 libjbig2dec0 libjpeg8 libjs-jquery-ui libkohana2-php liblcms2-2 liblist-moreutils-perl liblqr-1-0 libltdl7 liblwp-mediatypes-perl liblwp-protocol-https-perl liblwp-useragent-determined-perl
  libmagickcore5 libmagickwand5 libmail-imapclient-perl libmailtools-perl libmath-calc-units-perl libmath-round-perl libmcrypt4 libmemcached10 libmodule-implementation-perl libmodule-runtime-perl libnagios-object-perl
  libnagios-plugin-perl libnet-dns-perl libnet-http-perl libnet-ip-perl libnet-libidn-perl libnet-smtp-tls-perl libnet-snmp-perl libnet-ssleay-perl libodbc1 libpackage-deprecationmanager-perl libpackage-stash-perl
  libpackage-stash-xs-perl libpaper-utils libpaper1 libparams-classify-perl libparams-util-perl libparams-validate-perl libparse-recdescent-perl libpgm-5.1-0 libpq5 libradiusclient-ng2 libreadonly-perl libreadonly-xs-perl librecode0
  librrds-perl librtmp0 libruby1.9.1 libslp1 libsm6 libsocket-perl libssh2-1 libsub-install-perl libsub-name-perl libsystemd-login0 libtalloc2 libtdb1 libtiff4 libtimedate-perl libtry-tiny-perl libunistring0 liburi-perl libwbclient0
  libwww-perl libwww-robotrules-perl libxpm4 libxt6 libyaml-0-2 libyaml-syck-perl libzmq1 mlock nagios-images nagios-nrpe-plugin nagios-nrpe-server nagios-plugin-check-multi nagios-plugins nagios-plugins-basic nagios-plugins-common
  nagios-plugins-contrib nagios-plugins-openstack nagios-plugins-standard nagios-snmp-plugins nagios3 nagios3-cgi nagios3-common nagios3-core nagios3-dbg nagios3-doc nagiosgrapher ndoutils-common ndoutils-nagios3-mysql perlmagick
  php-fpdf php5-curl php5-gd php5-imagick php5-imap php5-ldap php5-mcrypt php5-recode pnp4nagios pnp4nagios-bin pnp4nagios-web poppler-data python-httplib2 python-keystoneclient python-pkg-resources python-prettytable qstat rsync ruby
  ruby1.9.1 samba-common samba-common-bin slapd smarty3 smbclient ttf-liberation uwsgi-core uwsgi-plugin-nagios x11-common
0 upgraded, 196 newly installed, 0 to remove and 0 not upgraded.
Need to get 81.9 MB of archives.
After this operation, 272 MB of additional disk space will be used.
Do you want to continue [Y/n]?

 

 

Now to test, just login at http://your-server-ip/nagios3/

You’ll have to look up tutorials on configuring Nagios and Cacti. Of the two, Cacti is much easier because it’s all web based. But Nagios isn’t too difficult once you get used to playing around with config files.

One last thing I did was setup a landing page to point at the services. To do that just edit the index.php file in your www folder like this:

root@testdebian:/etc/nagios3/conf.d/hosts# cat /var/www/index.html
<html><body><h1>TEST Monitoring Server</h1>
<p>This is the landing page for the TEST Monitoring server.</p>
<p>&nbsp;</p>
<p>Please use the following links to access services:</p>
<p><a href="/nagios3"> 1. Nagios</a></p>
<p><a href="/cacti"> 2. Cacti</a></p>
</body></html>
root@testdebian:/etc/nagios3/conf.d/hosts#

Now you can browse to the IP address and get a easy to use page that will forward you to which ever service you want!

Let me know if you have any questions!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Creating a Reverse Proxy with Apache2

Sometimes there is a need for hosting multiple websites from one server, or from one external IP address. For whatever your reason or need is, in this tutorial, I’ll just go through what I did to setup Apache server to forward requests.

In my setup here, I have a Debian Wheezy server in my DMZ, and in my tier 2 DMZ I have 5 Web servers. My objective is to host all these server from 1 IP address, and introduce some security.

I found a ton of info out there on setting up Apache as a reverse proxy, but none of them really spelled out exactly what to do, and what the results would be. Some of them did, but it wasn’t what I was looking for. So I took a bunch of stuff I see others doing, modify it to fit my needs and report back to you. I hope this helps.

Lets get started.

You’ll want a base install of Debian Wheezy which you can find at www.debian.org. After you download that, just follow my guide for install if you need: Debian Minimal Install: The base for all operations

As I stated before, I have a bunch of web servers in my tier 2 DMZ, and a Debian box in my Internet facing DMZ. It is my intention that the web servers never actually communicate with the end users. I want my end users to talk to my Debian box, the Debian box to sanitize and optimize the web request, and then forward that request on to the web server. The web server will receive the request from the Debian box, process it, and send back all the necessary data to the Debian server, which will in turn reply to the end user who originally made the request.

It sounds complicated to some people, but in reality it’s pretty simple, and the reverse proxy is transparent to the end user. Most people out there don’t even realize that many sites out there utilize this type of technology.

My Debian server needs some software, so I installed these packages:

sudo apt-get install apache2 libapache2-mod-evasive libapache2-mod-auth-openid libapache2-mod-geoip
libapache2-mod-proxy-html libapache2-mod-spamhaus libapache2-mod-vhost-hash-alias libapache2-modsecurity

From here you’ll want to get into the Apache directory.

cd /etc/apache2

Let’s get going with editing the main Apache config file. These are just recommendations, so you’ll want to tweak these for what ever is best for your environment.

sudo vim apache2.conf

I modified my connections for performance reasons. The default is 100.

# MaxKeepAliveRequests: The maximum number of requests to allow
# during a persistent connection. Set to 0 to allow an unlimited amount.
# We recommend you leave this number high, for maximum performance.
#
MaxKeepAliveRequests 500

Also, what security engineer out there doesn’t know that without logs you have no proof that anything is happening. We’ll cover log rotation and retention in another blog, but for now, I set my logging to “notice”. Default was “warn”.

# LogLevel: Control the number of messages logged to the error_log.
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
#
LogLevel notice

Perfect. Now, you may want to tweak your server a little differently, but for now this is all we need for here.

Now let’s get into some security hardening of the server.

sudo vim /etc/apache2/conf.d/security

We do have security in mind, so let’s not divulge any information that we don’t need to. Set “ServerTokens Prod”

# ServerTokens
# This directive configures what you return as the Server HTTP response
# Header. The default is 'Full' which sends information about the OS-Type
# and compiled in modules.
# Set to one of:  Full | OS | Minimal | Minor | Major | Prod
# where Full conveys the most information, and Prod the least.
#
#ServerTokens Minimal
#ServerTokens OS
#ServerTokens Full
ServerTokens Prod

Now let’s set “ServerSignature Off”

# Optionally add a line containing the server version and virtual host
# name to server-generated pages (internal error documents, FTP directory
# listings, mod_status and mod_info output etc., but not CGI generated
# documents or custom error documents).
# Set to "EMail" to also include a mailto: link to the ServerAdmin.
# Set to one of:  On | Off | EMail
#
#ServerSignature Off
ServerSignature On

And lastly, go ahead and uncomment these three lines in your config. We’ll configure “mod_headers” later.

Header set X-Content-Type-Options: "nosniff"

Header set X-XSS-Protection: "1; mode=block"

Header set X-Frame-Options: "sameorigin"

Sweet, looking good. Go ahead and save that, and we can get “mod_headers” activated. First, I’d like to point out that you can view what modules you have installed by using the “a2dismod” program. Simply enter the command, and it will ask you what modules you’d like to disable. Obviously, if you see it in the list, it’s already enabled. just hit “Ctrl+C” to stop the program.

To enable a module in Apache, you need to first made sure it’s installed, then you can just use the program “a2enmod”… like this:

sudo a2enmod headers

Now that we’ve enabled “mod_header”, lets verify we have the other necessary modules enabled as well.

steve @ reverseproxy ~ :) ᛤ>   a2enmod
Which module(s) do you want to enable (wildcards ok)?
cache
Enabling module cache.
Could not create /etc/apache2/mods-enabled/cache.load: Permission denied
steve @ reverseproxy ~ :( ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
cache
Enabling module cache.
To activate the new configuration, you need to run:
  service apache2 restart
steve @ reverseproxy ~ :) ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
proxy_ajp
Considering dependency proxy for proxy_ajp:
Module proxy already enabled
Enabling module proxy_ajp.
To activate the new configuration, you need to run:
  service apache2 restart
steve @ reverseproxy ~ :) ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
proxy_balancer
Considering dependency proxy for proxy_balancer:
Module proxy already enabled
Enabling module proxy_balancer.
To activate the new configuration, you need to run:
  service apache2 restart
steve @ reverseproxy ~ :) ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
proxy_connect
Considering dependency proxy for proxy_connect:
Module proxy already enabled
Enabling module proxy_connect.
To activate the new configuration, you need to run:
  service apache2 restart
steve @ reverseproxy ~ :) ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
proxy_ftp
Considering dependency proxy for proxy_ftp:
Module proxy already enabled
Enabling module proxy_ftp.
To activate the new configuration, you need to run:
  service apache2 restart
steve @ reverseproxy ~ :) ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
proxy_http
Considering dependency proxy for proxy_http:
Module proxy already enabled
Enabling module proxy_http.
To activate the new configuration, you need to run:
  service apache2 restart
steve @ reverseproxy ~ :) ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
rewrite
Enabling module rewrite.
To activate the new configuration, you need to run:
  service apache2 restart
steve @ reverseproxy ~ :) ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
vhost_alias
Enabling module vhost_alias.
To activate the new configuration, you need to run:
  service apache2 restart
steve @ reverseproxy ~ :) ᛤ>   sudo a2enmod
Which module(s) do you want to enable (wildcards ok)?
vhost_hash_alias
Enabling module vhost_hash_alias.
To activate the new configuration, you need to run:
  service apache2 restart

Here is a list of the Modules I just enabled:
cache proxy_ajp proxy_balancer proxy_connect proxy_ftp proxy_http rewrite vhost_alias vhost_hash_alias

Now let’s just restart Apache, and keep going.

steve @ reverseproxy ~ :) ᛤ>   sudo service apache2 restart
[ ok ] Restarting web server: apache2 ... waiting .

Perfect, moving right along… Now what we need to do is setup a new file in the “/etc/apache2/conf.d/sites-available” directory. I named mine, “reverseproxy”, as it’s easy to figure out what it is.

Now, to correctly setup your reverse proxy, this server should not be hosting ANY websites. This is a proxy server, not a web host. So go ahead and delete the config sym link for the default website. We don’t want to host that.

sudo rm /etc/apache2/sites-enabled/000-default

Now we can edit our “reverseproxy” file.

sudo vim /etc/apache2/sites-available/reverseproxy

#enter this code into your file

<VirtualHost *:80>
  ServerName yoursite.info
  ServerAlias www.yoursite.info yoursite.info
  ServerAdmin info@yoursite.info
  ProxyPreserveHost On
  ProxyPass / http://www.yoursite.info/
  ProxyPassReverse / http://www.yoursite.info/
  <Proxy *>
        Order allow,deny
        Allow from all
  </Proxy>
  ErrorLog /var/log/apache2/yoursite.info.log
  CustomLog /var/log/apache2/yoursite.info.log combined
</VirtualHost>



<VirtualHost *:80>
  ServerName anothersite.com
  ServerAlias anothersite.com www.anothersite.com
  ServerAdmin info@anothersite.com
  ProxyPreserveHost On
  ProxyPass / http://www.anothersite.com/
  ProxyPassReverse / http://www.anothersite.com/
  <Proxy *>
        Order allow,deny
        Allow from all
  </Proxy>
  ErrorLog /var/log/apache2/anothersite.com.log
  CustomLog /var/log/apache2/anothersite.com.log combined
</VirtualHost>




<VirtualHost *:80>
  ServerName thirdsite.cc
  ServerAlias thirdsite.cc www.thirdsite.cc
  ServerAdmin info@thirdsite.cc
  ProxyPreserveHost On
  ProxyPass / http://www.thirdsite.cc/
  ProxyPassReverse / http://www.thirdsite.cc/
  <Proxy *>
        Order allow,deny
        Allow from all
  </Proxy>
  ErrorLog /var/log/apache2/thirdsite.cc.log
  CustomLog /var/log/apache2/thirdsite.cc.log combined
</VirtualHost>

Awesome, now save that file and we can get it enabled. Just like setting up new modules, we’re going to sym-link our new file to the “sites-enabled” folder.

sudo ln -s /etc/apache2/sites-available/reverseproxy /etc/apache2/sites-enabled

Now we can just reload the Apache server (no restart required) the server so that it picks up the new settings.

sudo service apache2 reload

Now we need to edit the /etc/hosts file so that our reverse proxy server knows where to push site traffic to on our DMZ. So lets do that:

127.0.0.1       localhost
127.0.1.1       reverseproxy.internal.dmz  reverseproxy
192.168.0.26   www.thirdsite.cc
192.168.0.26   thirdsite.cc
192.168.0.26   www.anothersite.com
192.168.0.26   anothersite.com
192.168.0.65   www.yoursite.info
192.168.0.65   yoursite.info

# The following lines are desirable for IPv6 capable hosts
::1     localhost ip6-localhost ip6-loopback
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters

Sweet, all done!
Now you can test from a computer that all your sites are working. They *should* be! 🙂

I’ll work on a blog eventually to show how to enable mod_security with this setup so that we can sanitize user interaction with our site. Our visitors are probably good people, but attackers and skiddies are always out there trying to damage stuff.

Thanks for reading!!

References:
http://ubuntuguide.org/wiki/Apache2_reverse_proxies
http://www.raskas.be/blog/2006/04/21/reverse-proxy-of-virtual-hosts-with-apache-2/
http://www.askapache.com/hosting/reverse-proxy-apache.html
http://www.integratedwebsystems.com/2010/06/multiple-web-servers-over-a-single-ip-using-apache-as-a-reverse-proxy/
http://httpd.apache.org/docs/current/vhosts/examples.html
http://geek-gogie.blogspot.com/2013/01/using-reverse-proxy-in-apache-to-allow.html
http://www.ducea.com/2006/05/30/managing-apache2-modules-the-debian-way/
http://www.akadia.com/services/apache_redirect.html
http://unixhelp.ed.ac.uk/manual/mod/mod_proxy.html
https://httpd.apache.org/docs/2.2/vhosts/
https://httpd.apache.org/docs/2.2/vhosts/name-based.html
https://httpd.apache.org/docs/2.2/vhosts/examples.html
https://httpd.apache.org/docs/2.2/vhosts/mass.html
https://httpd.apache.org/docs/2.2/vhosts/details.html

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Open Source: Postfix Mail Relay, SPAM filter, DNS Server, Web Server, AWStats, ISPConfig3 and More!


Everyone out there hates SPAM, right? I know I do. And my domain isn’t out there that much, so I can’t say that I get anywhere near as much SPAM mail as some large enterprise businesses do. What If I told you that your Barracuda Spam filter, or your McAfee Spam Filter, or whatever paid product, is junk? What if I told you that we can get you up and running with a FREE SPAM filter for your mail server. What if I told you that it was just as easy to setup and use as your current SPAM filter? How about this question: How much are you paying for your current SPAM filter?

Well, this blog post is getting put together for all you people out there that love spending money on useless junk. Welcome to the world of Free Software projects that have been around for well more than a decade. Instead of paying $100+ grand a year on an appliance, how about you employ a real person to manage a few Linux boxes? That’s entirely what we’re planning right here. So come along, we’re going to show you how to setup your already existing Microsoft Exchange server to sit in a more secure, higher tier DMZ, and setup a Debian server, from scratch, to host a Postfix server that is going to work with Amavis, Spam Assassin, and ClamAV to securely inspect all your mail.

Warning… This blog is long. Be prepared, and make sure you have TIME!

I very seriously recommend following my previous blog on how to build a Debian Server: Debian Minimal Install

 
 

But if you want to just push forward, just follow these instructions:
 
 
Let’s start with getting your Debian server built and running. Start with getting a Virtual Machine up and running. Boot to your Small Debian ISO and kick off the install.
 
You can really just hit “next” on many of the screens during the install. English language, USA, keyboard layout American English, etc…
 
Make sure you pick a server name that is going to last a while, like CompanySPAM01, or something unique like that.
 
Setup your domain name, root password, user accounts, etc…
 
Setup your partitions however you deem fit, install packages, pick a local Debian Mirror repository, etc…
 
NOW, when you get to Software Selection, DO NOT INSTALL “Graphical Desktop Environment”. The only thing you need is an SSH Server and the “Standard System Utilities”.
 

Install the GRUB boot loader as normal, and boom, you’re done!

 
 

Alright, so boot up your new Debian server, and lets get going. Log in as root or whatever user you created and lets get some housekeeping completed.

 

So Let’s get a static Address on this thing by editing this file: /etc/network/interfaces

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
#allow-hotplug eth0
#iface eth0 inet dhcp
auto eth0
iface eth0 inet static
address 192.168.0.100
netmask 255.255.255.0
network 192.168.0.0
broadcast 192.168.0.255
gateway 192.168.0.1

 

And you can restart networking with this:

/etc/init.d/networking restart

 

Next we’ll get the SSH Server so we can get some remote access to this server.

apt-get install ssh openssh-server openssh-client

 

When that’s done you should be able to SSH from your local machine to this virtual host using:

ssh steve@192.168.0.100

 
 

You’ll probably want to sudo from this user, so if that’s the case:

su root
Password:
# apt-get install sudo
#nano /etc/sudoers

 
 

When Editing the sudoers file, if you break it, have fun! Just copy the line where root is and paste it right below, change the name root to your username. Like this:

# User privilege specification
root ALL=(ALL) ALL
steve ALL=(ALL) ALL

 
 

Now, we need to update this thing to install “Dotdeb” software. So Edit your “/etc/apt/sources.list”

# Dotdeb repository
deb http://packages.dotdeb.org squeeze all
deb-src http://packages.dotdeb.org squeeze all

 
 

Now we can add the GPG key:

wget http://www.dotdeb.org/dotdeb.gpg
cat dotdeb.gpg | sudo apt-key add -
Ok!
#apt-get update
apt-get upgrade

 
 

Now we need to make sure that NTP is installed and running properly on our new server, we’ll also need Postfix, Amavisd, SpamAssassin, ClamAV, and a slew of other software. And at the same time go ahead and install Bind9 if you plan on hosting your Externally facing DNS zones from here. It’s not a bad idea, and even if you’re a small company, you can easily do this on your own.

apt-get install ntp ntpdate

 

Then you can “sudo nano /etc/ntp.conf”

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help

driftfile /var/lib/ntp/ntp.drift
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable

# Specify one or more NTP servers.

server kerberos.mydomain.com #insert your PDC here
server kerberos2.mydomain.com #secondary DC
server kerberos3.mydomain.com #third DC
server 1.ubuntu.pool.ntp.org #fall back to Ubuntu's NTP
server 2.ubuntu.pool.ntp.org #
server 3.ubuntu.pool.ntp.org #
#

 
 

Now install more software:

apt-get install postfix postfix-mysql postfix-doc mysql-client mysql-server openssl getmail4 rkhunter binutils

 

During the install, Postfix will ask you for what type of site, make sure to choose “INTERNET SITE”. The System mail name is going to be the primary domain name that you own and operate. In my case this is “erdmanor.com” Then you’ll be prompted to setup passwords for MySQL.

 

If you do a “netstat -ntap” you’ll see that MySQL is running binded to local loopback (127.0.0.1). We don’t want this. We need to make sure that MySQL is listening on all Interfaces, so edit out the bind address in this file “/etc/mysql/my.cnf”. Make sure to look at all the other options you can set in there too. It’s a pretty big conf file.

 

And when you’re done, restart the MySQL Server like this: “sudo /etc/init.d/mysql restart”

#bind-address = 127.0.0.1

 
 

Now rerun your “netstat -ntap” and verify that it’s running on 0.0.0.0:3306.

tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN -

 
 

Alright, so let’s get some SPAM killing software installed. Running this command will prompt you to install this software and a ton of dependencies. Save your scroll back and you can go through that stuff later.

apt-get install amavisd-new spamassassin clamav clamav-daemon zoo unzip bzip2 arj nomarch lzop cabextract apt-listchanges libnet-ldap-perl libauthen-sasl-perl clamav-docs daemon libio-string-perl libio-socket-ssl-perl libnet-ident-perl zip libnet-dns-perl nginx

 
 

Awesome, now we have most of the software we need. Let’s get the website up and running for our PHPMyAdmin site and ISPConfig3 software. Now, I’m no PHP wizard or expert, but all of these packages are necessary. If you need more information, I’ve left some links in the sources portion of this blog, all the way at the bottom. Again, you’ll see a bunch of dependencies installed here.

apt-get install php5-fpm php5-mysql php5-curl php5-gd php5-intl php-pear php5-imagick php5-imap php5-mcrypt php5-memcache php5-ming php5-ps php5-pspell php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc php5-xsl fcgiwrap

 
 

Now we’re ready to install PhpMyAdmin:

apt-get install phpmyadmin

 

You’ll see that Apache is installed at this time, again with many other dependencies. When installing this software, make sure that you answer these questions:
1. Webserver to reconfigure: (this is a checkbox, dont check either of them).
2. Configure database for phpmyadmin with dbconfig-common?: NO

PhpMyAdmin is installed into this directory: “/usr/share/phpmyadmin/” You can check it out like this:

ls -alh /usr/share/phpmyadmin/

 
 

Like I stated before, Apache is installed now. We need to stop the Apache service while we’re configuring the server, and we need to make sure that Apache doesn’t start with the system too. We’ll turn it back on later. Then we can get nginx (Pronounced, Engine-X) started up.

sudo /etc/init.d/apache2 stop
sudo insserv -r apache2
sudo /etc/init.d/nginx start

 
 

Now we can get DNS working, but first we need to install it. We’ll configure it later.

apt-get install bind9 dnsutils

 
 

If you’re looking to get some statistics from your server and analize logs, etc… you’ll want to get some stat software installed.

“Vlogger is a little piece of code borned to handle dealing with large amounts of virtualhost logs. it’s bad news that apache can’t do this on its own. vlogger takes piped input from apache, splits it off to separate files based on the first field. it uses a file handle cache so it can’t run out of file descriptors. it will also start a new logfile every night at midnight, and maintain a symlink to the most recent file. for security, it can drop privileges and do a chroot to the logs directory.”

 

“The Webalizer is a fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.”

 

“AWStats is a free powerful and featureful tool that generates advanced web, streaming, ftp or mail server statistics, graphically. This log analyzer works as a CGI or from command line and shows you all possible information your log contains, in few graphical web pages. It uses a partial information file to be able to process large log files, often and quickly. It can analyze log files from all major server tools like Apache log files (NCSA combined/XLF/ELF log format or common/CLF log format), WebStar, IIS (W3C log format) and a lot of other web, proxy, wap, streaming servers, mail servers and some ftp servers.”

 

apt-get install vlogger webalizer awstats geoip-database

 
 

First thing we’ll do here is stop the AWStats cron job by commenting out all the lines in the AWStats Cron job. Start by editing this file: “/etc/cron.d/awstats”

#*/10 * * * * www-data [ -x /usr/share/awstats/tools/update.sh ] &amp;&amp; /usr/share/awstats/tools/update.sh
#
# Generate static reports:
#10 03 * * * www-data [ -x /usr/share/awstats/tools/buildstatic.sh ] &amp;&amp; /usr/share/awstats/tools/buildstatic.sh

 
 

Next we’re going to make sure that Apache is stopped and that nginx is running so that we can install ISPConfig3. This is super important, otherwise you’ll have all kinds of issues when you install ISPConfig3!

sudo /etc/init.d/apache2 stop
sudo /etc/init.d/nginx restart

 
 

Now you need to download ISPConfig3 from their website. http://www.ispconfig.org/ispconfig-3/download/

cd ~/tarballs #create this directory if it doesn't exist.
wget http://prdownloads.sourceforge.net/ispconfig/ISPConfig-3.0.4.6.tar.gz
tar -zxvf ISPConfig-3.0.4.6.tar.gz
cd ~/tarballs/ispconfig3_install/install/
sudo php -q install.php

 
 

Now that the installer is running for ISPConfig3, and this will help you configure all the necessary services for you.

steve@:~/tarballs/ispconfig3_install/install$ sudo php -q install.php
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/ming.ini on line 1 in Unknown on line 0
PHP Deprecated: Comments starting with '#' are deprecated in /etc/php5/cli/conf.d/ps.ini on line 1 in Unknown on line 0

--------------------------------------------------------------------------------
 _____ ___________   _____              __ _         ____
|_   _/  ___| ___ \ /  __ \            / _(_)       /__  \
  | | \ `--.| |_/ / | /  \/ ___  _ __ | |_ _  __ _    _/ /
  | |  `--. \  __/  | |    / _ \| '_ \|  _| |/ _` |  |_ |
 _| |_/\__/ / |     | \__/\ (_) | | | | | | | (_| | ___\ \
 \___/\____/\_|      \____/\___/|_| |_|_| |_|\__, | \____/
                                              __/ |
                                             |___/
--------------------------------------------------------------------------------


&gt;&gt; Initial configuration

Operating System: Debian 6.0 (Squeeze/Sid) or compatible

Following will be a few questions for primary configuration so be careful.
Default values are in [brackets] and can be accepted with .
Tap in "quit" (without the quotes) to stop the installer.

Select language (en,de) [en]: en

Installation mode (standard,expert) [standard]: standard

Full qualified hostname (FQDN) of the server, eg server1.domain.tld [server.erdmanor.com]:

MySQL server hostname [localhost]:

MySQL root username [root]:

MySQL root password []: {generate a long password here}

MySQL database to create [dbispconfig]: {something clever}

MySQL charset [utf8]:

Apache and nginx detected. Select server to use for ISPConfig: (apache,nginx) [apache]: nginx

Generating a 2048 bit RSA private key
.......+++
..................................................................+++
writing new private key to 'smtpd.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Ohio
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Erdmanor.com
Organizational Unit Name (eg, section) []:IT-IS
Common Name (eg, YOUR name) []:Steve Erdman
Email Address []:webmaster
Configuring Jailkit
Configuring SASL
Configuring PAM
Configuring Courier
PHP Warning: chmod(): No such file or directory in /home/steve/tarballs/ispconfig3_install/install/lib/installer_base.lib.php on line 838
Configuring Spamassassin
Configuring Amavisd
Configuring Getmail
Configuring Pureftpd
sh: cannot create /etc/pure-ftpd/conf/ChrootEveryone: Directory nonexistent
sh: cannot create /etc/pure-ftpd/conf/BrokenClientsCompatibility: Directory nonexistent
sh: cannot create /etc/pure-ftpd/conf/DisplayDotFiles: Directory nonexistent
sh: cannot create /etc/pure-ftpd/conf/DontResolve: Directory nonexistent
Configuring MyDNS
Configuring nginx
Configuring Vlogger
Configuring Apps vhost
Configuring Bastille Firewall
PHP Notice: Undefined index: fail2ban in /home/steve/tarballs/ispconfig3_install/install/install.php on line 263
Installing ISPConfig
ISPConfig Port [8080]:

Do you want a secure (SSL) connection to the ISPConfig web interface (y,n) [y]: y

Generating RSA private key, 4096 bit long modulus
.................................................................................................................................................................................................................................................++
.............................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:Ohio
Locality Name (eg, city) []:Concord-Twp
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Erdmanor.com
Organizational Unit Name (eg, section) []:IT-IS
Common Name (eg, YOUR name) []:Steve Erdman
Email Address []:webmaster@erdmanor.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:Erdman.cc
writing RSA key
Configuring DBServer
Installing ISPConfig crontab
no crontab for root
no crontab for getmail
Restarting services ...
Stopping MySQL database server: mysqld.
Starting MySQL database server: mysqld ..
Checking for tables which need an upgrade, are corrupt or were
not closed cleanly..
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfix.
Stopping amavisd: amavisd-new.
Starting amavisd: amavisd-new.
Stopping ClamAV daemon: clamd.
Starting ClamAV daemon: clamd .
Reloading PHP5 FastCGI Process Manager: php5-fpm.
Reloading nginx configuration: nginx.
Restarting nginx: nginx.
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] still could not bind()
Installation completed.

 
 
 

Now that you have ISPConfig3 installed, pop open a web browser and head over to your new ISPConfig3 control panel. The default credentials are super secure: admin:admin. Obviously you’re going to be changing those… RIGHT?!

 

You need to start by adding a new website to your ISPConfig3 admin console. So Click on “Sites” then “Create new website…”

 

Here you need to fill out the proper information. Server the site is hosted on, Domain Name you’re hosting, if you need CGI, SSI, SSL and the type of PHP you want. Obviously it’ll be active.

 

From what I’ve seen out on some other websites, we need to create some “mod_rewrite” aliases. Reason being is that the PhpMyAdmin console needs to be available from a few different URL’s. So If you’re hosting multiple hostnames or domains from this server, you’ll basically need to create an vhost alias for each one. It’s a lot of manual work, but at the end of the day it’ll be worth it. I got this code snippet from the www.howtoforge.com website, so make sure to visit them and say thanks!

This code MUST go into the “nginx Directives” field on the Options tab of each website managed inside ISPConfig3, as you can see in the graphic:

 location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;

 
 

Now, from a security perspective, I would highly recommend disabling http (port 80) and only using https (SSL over port 443). I’m not stupid though and realize that not everyone can afford to pay for a site certificate. If you’re a small organization, make sure to only allow access to this server from the Internal network of your organization. Obviously this server should be sitting in your multi tiered DMZ as I outlined in a previous blog Serious network architecture that works for everyone.

 location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS on; # fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}

 
 

If you are using HTTPS across your site and you want to force user to use that, then you need to edit your “/etc/nginx/nginx.conf” conf file with this code below. Make sure that code gets placed inside your braces of the HTTP area, otherwise you’ll have all sorts of issues getting this to work:

http {
## Detect when HTTPS is used
map $scheme $fastcgi_https {
default off;
https on;
}
}

 

 

Then restart nginx:

sudo /etc/init.d/nginx restart

 
 

For nginx to work over both HTTP and HTTPS, you’ll need to go into your “nginx Directives” again and instead of the “fastcgi_param HTTPS on”, you need to add the line “fastcgi_param HTTPS $fastcgi_https” so that requests will work over both protocols.

 location /phpmyadmin {
root /usr/share/;
index index.php index.html index.htm;
location ~ ^/phpmyadmin/(.+\.php)$ {
try_files $uri =404;
root /usr/share/;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param HTTPS $fastcgi_https; # fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include /etc/nginx/fastcgi_params;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;
}
location ~* ^/phpmyadmin/(.+\.(jpg|jpeg|gif|css|png|js|ico|html|xml|txt))$ {
root /usr/share/;
}
}
location /phpMyAdmin {
rewrite ^/* /phpmyadmin last;
}

 
 

Now, lets get back to the Mail setup. Start with running the “newaliases” command, then restart Postfix.

newaliases
/etc/init.d/postfix restart

 
 

So from here on out everything should be able to be managed from the ISPConfig3 Control Panel. if you have any further questions, feel free to contact me!

 
 
 
 

Sources:
http://www.dotdeb.org/
http://wiki.nginx.org/Main
http://php-fpm.org/about/
http://php.net/manual/en/book.apc.php
http://www.if-not-true-then-false.com/2012/php-apc-configuration-and-usage-tips-and-tricks/
http://nginx.localdomain.pl/wiki/FcgiWrap
http://wiki.nginx.org/Fcgiwrap
http://community.linuxmint.com/software/view/vlogger
http://www.webalizer.org/
http://awstats.sourceforge.net/
http://www.howtoforge.com/perfect-server-debian-squeeze-debian-6.0-with-bind-dovecot-and-nginx-ispconfig-3

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)

Linux Apache2: Mod_rewrite for WordPress


So I’ve been having all kinds of issues with getting Word-Press “permalinks” working. I could’ve sworn that that I had my “.htaccess” file setup properly, my Word-Press install seemed to be working just fine, and everything else on the server worked. So what to do?

 


Google.

 

First off, if you’re like me, you already installed Apache like this:

apt-get install apache2

 
 

You should already have Apache’s mod_rewrite installed on your box. If so, it will found in “/usr/lib/apache2/modules”

 
 

Now, go into your “mods-enabled” directory and create a rewrite file.

cd /etc/apache2/mods-enabled
touch rewrite.load
sudo nano rewrite.load

 
 

Now paste this following line, then save and close this file:

LoadModule rewrite_module /usr/lib/apache2/modules/mod_rewrite.so

 
 

Now we need to make sure that our Apache config is setup properly:

sudo nano /etc/apache2/sites-available/default

 
 

Find the following:

Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all

 
 

Now, change the “AllowOverride” from “None” to “ALL”

Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all

 
 

and finally restart Apache:

/etc/init.d/apache2 restart

 
 

Now you can go into your Word-Press Administration area and change your “Permalinks” to be whatever you’d like them to be! 🙂

 
 

Enjoy!

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.22_1171]
Rating: 0 (from 0 votes)