Lan Management System (LMS) On Debian Squeeze - Router Howto

x install-vsmart-2.0-en-64bit.sh
./install-vsmart-2.0-en-64bit.sh

The scripts will download necessary packages from debian repositories and my deb packages:

linux kernel 2.6.32 with patches: layer-7, imq, esfqiptables 1.4.8 with patches: layer-7 and imqiproute 20101221 with esfq patchppp 2.4.3 with mppe and mppc
pppoe 3.10 with mppe, mppc and kernel pluginpptpd 1.3.4 with mppe and mppc

All the packages are available for independent download from:

 http://files.v-smart.pl/v-smart-2.0/

You may view the scripts before executing to see what they exactly do. You have to write down the MySQL root password and type it when the install script ask for. After reboot you can go to the router GUI via browser. Simply open the router IP address in the browser. First time LMS will ask you for creating an admin account. Don't forget to check full access option for admin. Example configuration is available for view after installation. You have to set up your WAN bandwidth in the /router/router.conf file in kilobits-per-second. Default is 10Mbps.

How does it work? Network administrator adds clients, computers and tariffs (download and upload speed) into LMS. There is my daemon running in the background which checks if something was changed in the GUI configuration. If so, the daemon will update the configuration file for the firewall (/router/lms.conf) and reload firewall, NAT and traffic shaping. Firewall scripts and configs are in the /router directory. LMS GUI is installed in the /var/www directory. Other stuff (messages, daemon, etc.) are in /var/v-smart directory. Network configuration you can find in /etc/rc.local script.

Installed LMS is pure and unmodified. In the database there is vsmart table with to-do records that are read by the daemon in 3-second period. I added MySQL triggers to follow changes in the LMS tables. The triggers will update to-do records when something is changed in customers' devices configuration. Then the daemon makes a decision about reloading firewall, traffic shaper and NAT. Finally - changes in LMS GUI are set in the router almost instantly. This is the main idea of my project.

In the crontab there are periodicaly run some LMS scripts (stats, payments, host alive checking and other). Feel free to view or adjust /etc/cron.d/vsmart file.

List of router main functions:

- Dynamic traffic shaping on WAN port using IMQ with HTB/esfq and service priority,
- Static traffic shaping on LAN port (LMS tariffs),
- MAC

View the Original article

Debian / Ubuntu Linux: Configure Network Bonding [ Teaming / Aggregating NIC ]

NIC teaming is nothing but combining or aggregating multiple network connections in parallel. This is done to increase throughput, and to provide redundancy in case one of the links fails or Ethernet card fails. The Linux kernel comes with the bounding driver for aggregating multiple network interfaces into a single logical interface called bond0. In this tutorial, I will explain how to setup bonding under Debian Linux server to aggregate multiple Ethernet devices into a single link, to get higher data rates and link failover.

View the Original article

Mounting Remote Directories With SSHFS On Debian Squeeze

#

 

3 Using SSHFS As rootserver1:

Now I want to mount the remote directory /home/backup (on server2, owned by server2's root user) to the local /backup directory as the local root user.

First add root to the fuse group:

adduser root fuse

Create the local /backup directory and make sure it's owned by root (it should be anyway as you are running these commands as root):

mkdir /backup
chown root /backup

Then mount the remote /home/backup directory to /backup:

sshfs -o idmap

View the Original article

How To Install And Configure Mailman (With Postfix) On Debian Squeeze

:80>ServerName lists.example.comDocumentRoot /var/www/listsErrorLog /var/log/apache2/lists-error.logCustomLog /var/log/apache2/lists-access.log combined Options FollowSymLinks AllowOverride NoneAlias /pipermail/ /var/lib/mailman/archives/public/Alias /images/mailman/ /usr/share/images/mailman/ScriptAlias /admin /usr/lib/cgi-bin/mailman/adminScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindbScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirmScriptAlias /create /usr/lib/cgi-bin/mailman/createScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtmlScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfoScriptAlias /options /usr/lib/cgi-bin/mailman/optionsScriptAlias /private /usr/lib/cgi-bin/mailman/privateScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlistScriptAlias /roster /usr/lib/cgi-bin/mailman/rosterScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribeScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo

The second to last line ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo is optional; it makes that when you go to http://lists.example.com/, you will be redirected to http://lists.example.com/listinfo. This makes sense if you don't have any files to serve in the document root /var/www/lists.

Next create the document root /var/www/lists, enable the lists.example.com vhost configuration and restart Apache:

mkdir /var/www/lists
a2ensite mailman.conf
/etc/init.d/apache2 restart

Because we are using a vhost here (lists.example.com), we need to adjust the following variables in /etc/mailman/mm_cfg.py:

vi /etc/mailman/mm_cfg.py

View the Original article

How To Encrypt Directories/Partitions With eCryptfs On Debian Squeeze

: <-- ENTER
Attempting to mount with the following options:
  ecryptfs_unlink_sigs
  ecryptfs_key_bytes

View the Original article

How To Configure Automatic Updates On Debian Squeeze

;// Send email to this address for problems or packages upgrades// If empty or unset then no email is sent, make sure that you// have a working mail setup on your system. The package 'mailx'// must be installed or anything that provides /usr/bin/mail.//Unattended-Upgrade::Mail "root

View the Original article

Debian Linux Version 6.0.2 Released

Debian Linux version 6.0.2 has been released. This update mainly adds corrections for security problems to the stable release, along with a few adjustments to serious problems. The kernel image used by the installer has been updated to incorporate a number of important and security-related fixes together with support for additional hardware.

View the Original article

Debian Squeeze, Squid, Kerberos/LDAP Authentication, Active Directory Integration And Cyfin Reporter

EXAMPLE.LOCAL

 

Install Squid 3apt-get install squid3 ldap-utils

Note: Squid configuration takes places after msktutil is configured.

 

Install and run msktutil

Obtain the msktutil package and install it.

cd /var/cache/apt/archives/wget http://fuhm.net/software/msktutil/releases/msktutil_0.4-2_i386.deb
apt-get install libsasl2-modules-gssapi-mit libsasl2-modules
dpkg -i msktutil_0.4-2_i386.deb
cd

Initiate a kerberos session to the server so msktutil can use it to create our Proxy object in Active directory that will be used for access.

kinit administrator

Enter the domain administrator password.

It should then return without errors. You can see if you successfully obtained a ticket with:

klist

Now we configure the proxy in AD with service principles by running msktutil (update the highlighted values with your network).

Warning: You should not move the object from the OU that you use msktutil to create it in.

msktutil -c -b "CN

View the Original article

Debian Squeeze Samba Standalone Server With tdbsam Backend

, and Centralized Proprietary Monocultures7 of the Best Free Linux Bioinformatics ToolsThunderbird Made Default In Ubuntu 11.10, Final Default Email Client Decision Not Yet TakenHope and Change Inside My Computer - Part IIUnified Messaging Menu / MeMenu On The Way MockupDead Cyborg, New Episodic Science Fiction Adventure Game Coming to LinuxmoreRecent commentsRe: 4 Enable Postfix Query With
1 day 2 hours agoPure-FTPd

View the Original article

How To Set Up MySQL Database Replication With SSL Encryption On Debian Squeeze

server2.example.com, so we don't have to specify a MySQL root password manually later on:

New password for the MySQL "root" user: <-- yourrootsqlpassword
Repeat password for the MySQL "root" user: <-- yourrootsqlpassword

Now we must check if both MySQL server support SSL connections. Log into MySQL...

mysql -u root -p

... and run the following command on the MySQL shell:

show variables like '%ssl%';

If the output is as follows (both have_openssl and have_ssl show DISABLED)...

mysql> show variables like '%ssl%';


View the Original article

ISPConfig 3 ProFTPd For Debian

DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00';
CREATE TABLE ftp_group (
groupname varchar(16) NOT NULL default '',
gid smallint(6) NOT NULL default '5500',
members varchar(16) NOT NULL default '',
KEY groupname (groupname)
) TYPE

View the Original article

VBoxHeadless - Running Virtual Machines With VirtualBox 4.0 On A Headless Debian Squeeze Server

apt-key add -

... and update our package database:

# apt-get update

Now we bring our system up to date:

# apt-get upgrade

(It is possible that the kernel gets updated. If this is the case, reboot the system...

# reboot

... log in as the normal user again and become root:

$ su

)

Afterwards, we install VirtualBox 4.0 as follows:

# apt-get install linux-headers-$(uname -r) build-essential virtualbox-4.0 dkms

(The dkms package ensures that the VirtualBox host kernel modules are properly updated if the Linux kernel version changes.)

Starting with version 4.0, VirtualBox has introduced so called "extension packs" and has outsourced some functionality like remote desktop connection support (VRDP) that was part of VirtualBox packages before version 4.0 into these extension packs. Because we need remote desktop connections to control our virtual machines, we need to install the appropriate extension pack now. Go to http://www.virtualbox.org/wiki/Downloads, and you will find a link to the following extension pack:

VirtualBox 4.0.6 Oracle VM VirtualBox Extension Pack
Support for USB 2.0 devices, VirtualBox RDP and PXE boot for Intel cards.

Download and install the extension pack as follows:

# cd /tmp
# wget http://download.virtualbox.org/virtualbox/4.0.6/Oracle_VM_VirtualBox_Extension_Pack-4.0.6-71344.vbox-extpack
# VBoxManage extpack install Oracle_VM_VirtualBox_Extension_Pack-4.0.6-71344.vbox-extpack

(Make sure you grab the latest version from the VirtualBox web site.)

(Make sure you run the last command with root privileges - # VBoxManage extpack install ... - because otherwise you will get an error like this:

administrator

View the Original article

Download Debian Linux 6 Squeeze ISO / CD / DVD Images

Debian GNU/Linux version 6.0 has been released ( jump to download ) after 24 months of constant development and available for download in various media format. Debian 6.0 is a free operating system, coming for the first time in two flavours. Alongside Debian GNU/Linux, Debian GNU/kFreeBSD is introduced with this version as a "technology preview". It also supports various processor architectures and includes the KDE, GNOME, Xfce, LXDE and other desktop environments. It also features compatibility with the FHS v2.3 and software developed for version 3.2 of the LSB.

View the Original article

Enabling Compiz Fusion On A Debian Squeeze Desktop (Nvidia GeForce 8200)

This tutorial shows how you can enable Compiz Fusion on a Debian Squeeze desktop (the system must have a 3D-capable graphics card - I'm using an Nvidia GeForce 8200 here). With Compiz Fusion you can use beautiful 3D effects like wobbly windows or a desktop cube on your desktop.
This document comes without warranty of any kind! I do not issue any guarantee that this will work for you!
I have tried this on a desktop computer with an Nvidia GeForce 8200. It should work the same way with all other Nvidia graphics cards.
Open a terminal and become root:
su
While Compiz Fusion is available in the main repository, the Nvidia driver is not - it comes from the non-free repository; that's why we must open /etc/apt/sources.list...
gedit /etc/apt/sources.list
... and append the string contrib non-free to all repositories:
deb http://ftp.de.debian.org/debian/ squeeze main contrib non-freedeb-src http://ftp.de.debian.org/debian/ squeeze main contrib non-freedeb http://security.debian.org/ squeeze/updates main contrib non-freedeb-src http://security.debian.org/ squeeze/updates main contrib non-freedeb http://ftp.de.debian.org/debian/ squeeze-updates main contrib non-freedeb-src http://ftp.de.debian.org/debian/ squeeze-updates main contrib non-free
Update the package database afterwards:
apt-get update
Now install Compiz Fusion and the Nvidia driver as follows:
apt-get install compiz compizconfig-settings-manager compiz-fusion-plugins-main compiz-gnome compiz-gtk fusion-icon compiz-fusion-plugins-extra compiz-fusion-plugins-unsupported nvidia-glx nvidia-xconfig nvidia-kernel-dkms nvidia-settings
Reboot the system afterwards:
reboot
After the system has come up again, become root again...
su
... and check if the Nvidia kernel module got loaded:
lsmod | grep -i nvidia
Output should be as follows:
root@debian:/home/falko# lsmod | grep -i nvidia
nvidia              10670090  0
i2c_core               15819  6 nouveau,drm_kms_helper,drm,i2c_algo_bit,nvidia,i2c_nforce2
root@debian:/home/falko#
The next part is a bit tricky - we need to modify the file /etc/X11/xorg.conf. By default, this file does not exist on Debian Squeeze, so we have to generate it (in case the file already exists on your system, make a backup now so that you can restore your xorg.conf in case anything goes wrong).
To do this, we need to stop the Gnome display manager, which means you will not have a graphical desktop for a few minutes; instead, we have to go to the console:
/etc/init.d/gdm3 stop
This will stop the desktop. Press Alt + F2 to open a console. Log in as root.
Run
X -configure
This will create the file xorg.conf.new in root's home directory (you might see some error messages at the end of the output of the command, but usually you can ignore these). Move that file to /etc/X11/xorg.conf:
mv ~/xorg.conf.new /etc/X11/xorg.conf
Next run
nvidia-xconfig
This will adjust our /etc/X11/xorg.conf so that the right Nvidia driver is used.
Next open /etc/X11/xorg.conf...
vi /etc/X11/xorg.conf
... and make the following changes:
Add the following section (for example before the "Device" section):
[...]Section "Extensions" Option "Composite" "enable"EndSection[...]
In Section "Device", add the following lines:
[...] Option "AllowGLXWithComposite" "true" Option "TripleBuffer" "true" Option "XAANoOffscreenPixmaps" "true" Option "RenderAccel" "true"[...]
In Section "Screen", add the following lines:
[...] Option "AddARGBGLXVisuals" "true" Option "AddARGBVisuals" "true"[...]
My final /etc/X11/xorg.conf looks as follows (please don't copy it as it might not work on your system - it is important that you modify your own xorg.conf!):
# nvidia-xconfig: X configuration file generated by nvidia-xconfig# nvidia-xconfig: version 1.0 (buildd@barber) Sun Jun 13 12:08:56 UTC 2010Section "ServerLayout" Identifier "X.org Configured" Screen 0 "Screen0" 0 0 InputDevice "Mouse0" "CorePointer" InputDevice "Keyboard0" "CoreKeyboard"EndSectionSection "Files" ModulePath "/usr/lib/xorg/modules" FontPath "/usr/share/fonts/X11/misc" FontPath "/usr/share/fonts/X11/cyrillic" FontPath "/usr/share/fonts/X11/100dpi/:unscaled" FontPath "/usr/share/fonts/X11/75dpi/:unscaled" FontPath "/usr/share/fonts/X11/Type1" FontPath "/usr/share/fonts/X11/100dpi" FontPath "/usr/share/fonts/X11/75dpi" FontPath "/var/lib/defoma/x-ttcidfont-conf.d/dirs/TrueType" FontPath "built-ins"EndSectionSection "Module" Load "record" Load "dri2" Load "dbe" Load "extmod" Load "glx"EndSectionSection "InputDevice" Identifier "Keyboard0" Driver "kbd"EndSectionSection "InputDevice" Identifier "Mouse0" Driver "mouse" Option "Protocol" "auto" Option "Device" "/dev/input/mice" Option "ZAxisMapping" "4 5 6 7"EndSectionSection "Monitor" Identifier "Monitor0" VendorName "Monitor Vendor" ModelName "Monitor Model"EndSectionSection "Extensions" Option "Composite" "enable"EndSectionSection "Device" ### Available Driver options are:- ### Values: : integer, : float, : "True"/"False", ### : "String", : " Hz/kHz/MHz" ### [arg]: arg optional #Option "SWcursor" # [] #Option "HWcursor" # [] #Option "NoAccel" # [] #Option "ShadowFB" # [] #Option "VideoKey" # Identifier "Card0" Driver "nvidia" VendorName "nVidia Corporation" BoardName "C77 [GeForce 8100 / nForce 720a]" Option "AllowGLXWithComposite" "true" Option "TripleBuffer" "true" Option "XAANoOffscreenPixmaps" "true" Option "RenderAccel" "true"EndSectionSection "Screen" Identifier "Screen0" Device "Card0" Monitor "Monitor0" Option "AddARGBGLXVisuals" "true" Option "AddARGBVisuals" "true" SubSection "Display" Viewport 0 0 EndSubSection SubSection "Display" Viewport 0 0 Depth 4 EndSubSection SubSection "Display" Viewport 0 0 Depth 8 EndSubSection SubSection "Display" Viewport 0 0 Depth 15 EndSubSection SubSection "Display" Viewport 0 0 Depth 16 EndSubSection SubSection "Display" Viewport 0 0 Depth 24 EndSubSectionEndSection



Now start the desktop again:
/etc/init.d/gdm3 start
If the desktop doesn't start, either delete /etc/X11/xorg.conf (if you had no /etc/X11/xorg.conf in the beginning), or, if there already was an /etc/X11/xorg.conf file, restore the original /etc/X11/xorg.conf from your backup and run /etc/init.d/gdm3 start again - this should bring up your original desktop again, but of course, you cannot use Compiz Fusion then.
If your desktop did start with your new xorg.conf - fine! Let's go on.
Open a terminal again and become root:
su
Next check if your desktop is ready to use 3D effects:
glxinfo | grep direct
Output should be as follows:
root@debian:/home/falko# glxinfo | grep direct
direct rendering: Yes
GL_EXT_Cg_shader, GL_EXT_depth_bounds_test, GL_EXT_direct_state_access,
root@debian:/home/falko#
To start Compiz Fusion, go to Applications > System Tools > Compiz Fusion Icon:
 
This will actually not start Compiz Fusion, but add a Compiz Fusion icon to the upper right taskbar from where you can configure Compiz Fusion and finally start it:

Right-click that icon and make sure your settings are as follows:
Select Window Manager: Compiz

Compiz Options: none selected

Select Window Decorator: GTK Window Decorator

To start Compiz Fusion, select Reload Window Manager:

If you notice that your windows lose their title bar and cannot be moved anymore (like in the following screenshot where the title bar of the terminal window has gone)...

... right-click the Compiz Fusion icon again and select Settings Manager (you can as well go to System > Preferences > CompizConfig Settings Manager):

In the CompizConfig Settings Manager, go to Effects and enable Window Decoration...

... and then go to Window Management and check Move Window and Resize Window:

This should bring back your window decorations, and if everything went well, Compiz Fusion is now working, and you can play with your first 3D effects:

 

 

  Enabling Compiz Fusion On A Debian Squeeze Desktop (Nvidia GeForce 8200) - Page 2

View the original article here

Virtual Users With Postfix, Dovecot, MySQL, RoundCube, iRedAdmin On Debian 6.0 (Squeeze)

This document describes how to install a Postfix and Dovecot mail server that is based on virtual users and domains, i.e. users and domains that are in a MySQL database. If you prefer to install such a mail server step by step, you can refer to the ISPmail tutorials at workaround.org. Also the Big Picture would help you to easily understand the mail server structure. I believe you at least need one day to have a working mail server that way. If you use the iRedMail script, you only need one minute to get the mail server up and running, and you will have more features (compared to the ISPmail tutorials).

What is iRedMail?

iRedMail is a shell script.It lets you quickly deploy a full-featured mail solution in less than 2 minutes.iRedMail supports both OpenLDAP and MySQL as backends for storing virtual domains and users.iRedMail officially provides the iRedAdmin web panel for managing mail servers.Most components used in iRedMail are provided by Linux distributions officially. It means that iRedMail users can get software update support for as long as the the distribution is supported.It supports RedHat, CentOS, Debian, Ubuntu, OpenSuSE, FreeBSD on both i386 and x86_64 architectures.It provides RoundCube 0.5.1 as a webmail program.

Useful links:

It is strongly recommended to use the Debian NetInstall version to install a minimal Debian system, and then deploy the mail service via the iRedMail solution. e.g.:

To install such a system you will need the following:

In this tutorial we use: Hostname: mail.example.com IP address: 192.168.1.10The first virtual domain: example.comiRedMail installs all packages from official apt repositories on Debian 6. On Debian 5, it installs from official apt repositories and the backports repository.

In Debian, the hostname is set in these two files:

/etc/hosts: hostname <=> IP address mapping /etc/hostname: hostname setting

Map this hostname to '127.0.0.1' (warning: list the FQDN hostname as the first item!).

Edit /etc/hosts:

127.0.0.1 localhost127.0.1.1 mail.example.com mail

Edit /etc/hostname:

mail

Let the hostname modification take effect at once:

# /etc/init.d/hostname.sh

Verify the FQDN hostname:

# hostname

mail

#hostname -f

mail.example.com

We need to have bzip2 installed for extracting iRedMail.

# apt-get install bzip2

Switch to the root user, we must execute further commands as the root user without sudo.

$ sudo su -

Download the new version of iredmail and start the installation: # wget http://iredmail.googlecode.com/files/iRedMail-0.7.0-rc2.tar.bz2
# tar jxvf iRedMail-0.7.0-rc2.tar.bz2
# cd iRedMail-0.7.0-rc2
# bash iRedMail.sh

Note:

It will download 3 source tarballs of iRedAdmin, RoundCube and iRedAPD.It will install the package "dialog" first.

Welcome page:

Choose the directory that will be used to store users' mailboxes.

iRedMail supports both OpenLDAP and MySQL as backends to store virtual domains and users. We choose MySQL.

Set the MySQL root password:

Add your first virtual domain, e.g.:

Set a password for the virtual domain admin: postmaster@example.com, you can log into iRedadmin and Awstats with this account.

Set a password for the first normal user www@example.com for the first virtual domain:

Select optional components:

Select the default language for your webmail application:

The configuration is now finished, we can now start the installation:

Configuration completed.****************************************************************************************************** WARNING ************************************************************************************************************* ** Please do remember to *MOVE* configuration file after installation ** completed successfully. ** ** * /root/iRedMail-0.7.0-beta2/config* **************************************************************************< INFO > Continue? [Y|n]

Finish the installation:

************************************************************************** iRedMail-0.7.0-beta3 installation and configuration complete.*************************************************************************< Question > Would you like to use firewall rules shipped within iRedMail now?< Question > File: /etc/default/iptables, with SSHD port: 22. [Y|n]< INFO > Copy firewall sample rules: /etc/default/iptables.insserv: warning: script 'K01iredapd' missing LSB tags and overridesinsserv: warning: script 'iredapd' missing LSB tags and overrides< Question > Restart firewall now (with SSHD port 22)? [y|N]< Question > Would you like to start postfix now? [y|N]** # for i in rsyslog apache2 postfix mysql postfix-policyd dovecot amavis clamav-daemon clamav-freshclam cron iptables; do /etc/init.d/${i} restart; done*********************************************************************

Restart all the related services manually without reboot:

# for i in rsyslog apache2 postfix mysql postfix-policyd dovecot amavis clamav-daemon clamav-freshclam cron iptables; do /etc/init.d/${i} restart; done

Virtual Users With Postfix, Dovecot, MySQL, RoundCube, iRedAdmin On Debian 6 (Squeeze) - Page 2

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Set Up OpenVPN Server With Authentication Against OpenLDAP On Debian 6.0 (Squeeze)

OpenVPN, or Open Virtual Private Network, is a tool for creating networking "tunnels" between and among groups of computers that are not on the same local network. This is useful if you have services on a local network and need to access them remotely but don't want these services to be publicly accessible. By integrating with OpenSSL, OpenVPN can encrypt all VPN traffic to provide a secure connection between machines.
The OpenLDAP backend of iRedmail allows you to integrate all kinds of applications and to realize centralized account management. This tutorial shows you how to integrate OpenVPN into the iredmail ldap backend on Debian 6.0; passwords will be stored in ldap and you can change passwords through webmail.
This tutorial is based on Debian 6.0, so I suggest you set up a minimal Debian 6.0 system with SSH; make sure you install all updates. Install iredmail 0.7.0 and choose openldap as backend, as shown in this tutorial:
Install OpenVPN and ldap support:
apt-get install openvpn openvpn-auth-ldap
Install dnsmasq:
To forward DNS traffic through the VPN you will need to install the dnsmasq package:
apt-get install dnsmasq
The OpenVPN package provides a set of encryption-related tools called "easy-rsa". These scripts are located by default in the /usr/share/doc/openvpn/examples/easy-rsa/ directory. However, in order to function properly, these scripts should be located in the /etc/openvpn directory.
cp -R /usr/share/doc/openvpn/examples/easy-rsa/ /etc/openvpn
Before we can generate the public key infrastructure for OpenVPN we must configure a few variables that the easy-rsa scripts will use to generate the scripts. These variables are set near the end of the /etc/openvpn/easy-rsa/2.0/vars file. Here is an example of the relevant values:
Edit /etc/openvpn/easy-rsa/2.0/vars according to your environment.
[...]export KEY_COUNTRY="CN"export KEY_PROVINCE="BJ"export KEY_CITY="BeiJing"export KEY_ORG="iRedMail"export KEY_EMAIL="www@example.com"
Issue the following commands in sequence to internalize the certificate authority and the public key infrastructure:
cd /etc/openvpn/easy-rsa/2.0/
chmod +rwx *
source ./vars
./clean-all
./pkitool --initca
With the certificate authority generated you can generate the private key for the server. This script will also prompt you for additional information. By default, the Common Name for this key will be "server". You can change these values in cases where it makes sense to use alternate values. To accomplish this, issue the following command:
./pkitool --server server
The "Diffie Hellman Parameters" govern the method of key exchange and authentication used by the OpenVPN server. Issue the following command to generate these parameters:
./build-dh
The keys and certificates for the server need to be relocated to the /etc/openvpn directory so the OpenVPN server process can access them. These files are:
ca.crtca.keydh1024.pemserver.crtserver.keycp keys/{ca.crt,ca.key,server.crt,server.key,dh1024.pem} /etc/openvpn/
These files don't need to leave your server. Maintaining integrity and control over these files is of the utmost importance to the integrity of your server. If you ever need to move or back up these keys, ensure that they're encrypted and secured.
The vmail password was randomly created during the iredmail installation. You can find the password in /etc/postfix/ldap_virtual_mailbox_domains.cf:
cat /etc/postfix/ldap/virtual_mailbox_domains.cf
[...]bind_dn = cn=vmail,dc=example,dc=combind_pw = 4LFqZFiT6yx8oP7R2BctvUSLpYWRdJ #cn=vmail password[...]
Issue the following two commands in sequence to create the /etc/openvpn/auth folder and copy the example files of OpenVPN auth LDAP to the /etc/openvpn/auth directory.
mkdir /etc/openvpn/auth
cp /usr/share/doc/openvpn-auth-ldap/examples/auth-ldap.conf /etc/openvpn/auth
Now edit /etc/openvpn/auth/auth-ldap.conf.
# LDAP server URLURL ldap://127.0.0.1# Bind DN (If your LDAP server doesn't support anonymous binds)BindDN cn=vmail,dc=example,dc=com# Bind Password cn=vmail passwordPassword 4LFqZFiT6yx8oP7R2BctvUSLpYWRdJ# Network timeout (in seconds)Timeout 15# Base DNBaseDN "o=domains,dc=example,dc=com"# User Search FilterSearchFilter "(&(objectClass=mailUser)(accountStatus=active)(enabledService=vpn))"# Require Group MembershipRequireGroup false
We'll now need to configure our server file. There is an example file in the /usr/share/doc/openvpn/examples/sample-config-files directory. Issue the following sequence of commands to retrieve the example configuration files and move them to the required directories:
cd /usr/share/doc/openvpn/examples/sample-config-files
gunzip -d server.conf.gz
cp server.conf /etc/openvpn/
Now edit /etc/openvpn/server.conf: [...];push "redirect-gateway def1 bypass-dhcp"push "redirect-gateway def1"[...];push "dhcp-option DNS 208.67.222.222";push "dhcp-option DNS 208.67.220.220"push "dhcp-option DNS 10.8.0.1"[...]##Add it at the bottom lineplugin /usr/lib/openvpn/openvpn-auth-ldap.so /etc/openvpn/auth/auth-ldap.confclient-cert-not-required
Use phpLDAPadmin or other tools to add LDAP values for existing mail users.
Log into phpLDAPadmin:

Find the existing mail user www@example.com:

Enable the VPN service for the user www@example.com:

Set Up OpenVPN Server With Authentication Against OpenLDAP On Debian 6.0 (Squeeze) - Page 2

View the original article here

Installing Debian Squeeze (6.0) domU On CentOS 5.5 x86_64 dom0

This tutorial shows how to create a Debian Squeeze (6.0) domU on dom0 running CentOS 5.5 x86_64.

When installing Debian 6.0 domU on CentOS 5.5 x86_64 the following problems may arise:

Debian 6.0 uses Grub 2 and Xen 3.1.2 (default version on CentOS 5.5) will not be able to boot newly installed system using pygrub. When following official Debian documentation, the installed system may use wrong architecture and may not have Xen images installed at all.

The following command is used to launch the installation:

xm create -c /etc/xen/xm-debian.cfg install=true \
install-mirror=ftp://ftp.us.debian.org/debian \
install-installer=ftp://ftp.us.debian.org/debian/dists/squeeze/main/installer-amd64/20110106+b1/images

It will look for images in subdirectory netboot/xen. This directory also contains file xm-debian.cfg. Download this file and adjust disk, vif and other sections to suit your needs. This file is already filled with correct values for release (squeeze) and architecture (amd64). The file can also be adjusted to use preferred mirror.

After the system is installed and the domU is shut down, check if Xen kernel images have been installed and install them if necessary. After the images have been installed, copy them to /boot directory on dom0 and modify the Xen config to use custom kernel and ramdisk instead of pygrub.

kpartx -av /dev/data_vg/myvm-root
mount /dev/mapper/myvm-root1 /mnt
chroot /mnt
apt-get install linux-image-2.6.32-5-xen-amd64
exit
cp /mnt/boot/*xen* /boot
kpartx -d /dev/data_vg/myvm-root

Installing the xen kernel will generate the initrd image appropriate for domU.

The example Xen config:

name = "myvm" maxmem = 1024 memory = 1024 vcpus = 1 kernel = "/boot/vmlinuz-2.6.32-5-xen-amd64" root = "/dev/xvda1 ro" ramdisk = "/boot/initrd.img-2.6.32-5-xen-amd64" on_poweroff = "destroy" on_reboot = "restart" on_crash = "restart" disk = [ "phy:/dev/data_vg/myvm-root,xvda,w", "phy:/dev/data_vg/myvm-swap,xvdb,w"]

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Paravirtualization With Xen 4.0 On Debian Squeeze (AMD64)

 

This tutorial provides step-by-step instructions on how to install Xen 4.0 on a Debian Squeeze (6.0) system (AMD64) and create paravirtualized guests (don't mix this up with fully virtualized guests, i.e. hardware virtualization (HVM)).

Xen lets you create guest operating systems (*nix operating systems like Linux and FreeBSD), so called "virtual machines" or domUs, under a host operating system (dom0). Using Xen you can separate your applications into different virtual machines that are totally independent from each other (e.g. a virtual machine for a mail server, a virtual machine for a high-traffic web site, another virtual machine that serves your customers' web sites, a virtual machine for DNS, etc.), but still use the same hardware. This saves money, and what is even more important, it's more secure. If the virtual machine of your DNS server gets hacked, it has no effect on your other virtual machines. Plus, you can move virtual machines from one Xen server to the next one.

I do not issue any guarantee that this will work for you!

I'm using a Debian Squeeze system (x86_64) with the hostname server1.example.com and the IP address 192.168.0.100 as the host system (dom0). (The setup might differ slightly if you are on an i386 system.) I will use Debian Squeeze for the virtual machines (domU) as well (but also show the changes you need if you want to install an Ubuntu Maverick guest).

This guide will explain how to set up image-based virtual machines and also LVM-based virtual machines.

To install Xen, we simply run

apt-get install xen-hypervisor xen-linux-system xen-utils xenstore-utils xenwatch xen-tools

Afterwards we open /etc/modules and make sure that we have the line loop max_loop=64 in it (this step is needed only if you want to create image-based virtual machines - you can skip it if you want to create LVM-based virtual machines):

vi /etc/modules

Next we open /etc/xen/xend-config.sxp...

vi /etc/xen/xend-config.sxp

... and uncomment/add the line (network-script 'network-bridge antispoof=yes') and comment out all other (network-script ...) lines (antispoof=yes enables the Xen firewall which prevents that a VM can use an IP address that it is not allowed to use, like, for example, your gateway IP). Also make sure that the line (vif-script vif-bridge) is enabled:

[...](network-script 'network-bridge antispoof=yes')[...](vif-script vif-bridge)[...]

Then reboot the system:

reboot

Run

uname -r

and your new Xen kernel should show up:

root@server1:~# uname -r
2.6.32-5-xen-amd64
root@server1:~#

Now run

xm dmesg

If you get output like this...

root@server1:~# xm dmesg
WARNING! Can't find hypervisor information in sysfs!
Error: Unable to connect to xend: No such file or directory. Is xend running?
root@server1:~#

... this means you are just running on a Xen-ready kernel, but not the Xen hypervisor itself (which means you will not be able to boot virtual machines). To change this, change the boot order of your kernels as follows and update the GRUB bootloader:

mv /etc/grub.d/10_linux /etc/grub.d/50_linux
update-grub2

This makes sure that the next time you boot, the Xen hypervisor gets loaded.

Reboot again:

reboot

Afterwards,

xm dmesg

should show you that the hypervisor is running:

root@server1:~# xm dmesg
(XEN) Xen version 4.0.1 (Debian 4.0.1-2) (waldi@debian.org) (gcc version 4.4.5 (Debian 4.4.5-10) ) Wed Jan 12 14:04:06 UTC 2011
(XEN) Bootloader: GRUB 1.98+20100804-14
(XEN) Command line: placeholder
(XEN) Video information:
(XEN)  VGA is text mode 80x25, font 8x16
(XEN)  VBE/DDC methods: V2; EDID transfer time: 1 seconds
(XEN) Disc information:
(XEN)  Found 1 MBR signatures
(XEN)  Found 1 EDD information structures
(XEN) Xen-e820 RAM map:
(XEN)  0000000000000000 - 000000000009f000 (usable)
(XEN)  000000000009f000 - 00000000000a0000 (reserved)
(XEN)  00000000000e0000 - 0000000000100000 (reserved)
(XEN)  0000000000100000 - 00000000affa0000 (usable)
(XEN)  00000000affa0000 - 00000000affae000 (ACPI data)
(XEN)  00000000affae000 - 00000000afff0000 (ACPI NVS)
(XEN)  00000000afff0000 - 00000000b0000000 (reserved)
(XEN)  00000000fec00000 - 00000000fec01000 (reserved)
(XEN)  00000000fee00000 - 00000000fef00000 (reserved)
(XEN)  00000000ff700000 - 0000000100000000 (reserved)
(XEN)  0000000100000000 - 0000000140000000 (usable)
(XEN) ACPI: RSDP 000FA310, 0014 (r0 ACPIAM)
(XEN) ACPI: RSDT AFFA0000, 0044 (r1 052608 RSDT1415 20080526 MSFT       97)
(XEN) ACPI: FACP AFFA0200, 0084 (r1 052608 FACP1415 20080526 MSFT       97)
(XEN) ACPI: DSDT AFFA0450, 960C (r1  1AAAA 1AAAA000        0 INTL 20051117)
(XEN) ACPI: FACS AFFAE000, 0040
(XEN) ACPI: APIC AFFA0390, 0080 (r1 052608 APIC1415 20080526 MSFT       97)
(XEN) ACPI: MCFG AFFA0410, 003C (r1 052608 OEMMCFG  20080526 MSFT       97)
(XEN) ACPI: OEMB AFFAE040, 0073 (r1 052608 OEMB1415 20080526 MSFT       97)
(XEN) ACPI: HPET AFFA9A60, 0038 (r1 052608 OEMHPET0 20080526 MSFT       97)
(XEN) ACPI: INFO AFFAE0C0, 0124 (r1 052608 AMDINFO  20080526 MSFT       97)
(XEN) ACPI: NVHD AFFAE1F0, 0284 (r1 052608  NVHDCP  20080526 MSFT       97)
(XEN) ACPI: SSDT AFFA9AA0, 028A (r1 A M I  POWERNOW        1 AMD         1)
(XEN) System RAM: 3839MB (3931388kB)
(XEN) Domain heap initialised
(XEN) Processor #0 15:11 APIC version 16
(XEN) Processor #1 15:11 APIC version 16
(XEN) IOAPIC[0]: apic_id 2, version 17, address 0xfec00000, GSI 0-23
(XEN) Enabling APIC mode:  Flat.  Using 1 I/O APICs
(XEN) Using scheduler: SMP Credit Scheduler (credit)
(XEN) Detected 2600.088 MHz processor.
(XEN) Initing memory sharing.
(XEN) HVM: ASIDs enabled.
(XEN) HVM: SVM enabled
(XEN) AMD-Vi: IOMMU not found!
(XEN) I/O virtualisation disabled
(XEN) AMD: Disabling C1 Clock Ramping Node #0
(XEN) Total of 2 processors activated.
(XEN) ENABLING IO-APIC IRQs
(XEN)  -> Using new ACK method
(XEN) checking TSC synchronization across 2 CPUs:
(XEN) CPU#0 had -2 usecs TSC skew, fixed it up.
(XEN) CPU#1 had 2 usecs TSC skew, fixed it up.
(XEN) Platform timer is 25.000MHz HPET
(XEN) Allocated console ring of 16 KiB.
(XEN) Brought up 2 CPUs
(XEN) *** LOADING DOMAIN 0 ***
(XEN)  Xen  kernel: 64-bit, lsb, compat32
(XEN)  Dom0 kernel: 64-bit, PAE, lsb, paddr 0x1000000 -> 0x16ba000
(XEN) PHYSICAL MEMORY ARRANGEMENT:
(XEN)  Dom0 alloc.:   0000000138000000->000000013c000000 (921455 pages to be allocated)
(XEN) VIRTUAL MEMORY ARRANGEMENT:
(XEN)  Loaded kernel: ffffffff81000000->ffffffff816ba000
(XEN)  Init. ramdisk: ffffffff816ba000->ffffffff8323b600
(XEN)  Phys-Mach map: ffffffff8323c000->ffffffff83963b78
(XEN)  Start info:    ffffffff83964000->ffffffff839644b4
(XEN)  Page tables:   ffffffff83965000->ffffffff83986000
(XEN)  Boot stack:    ffffffff83986000->ffffffff83987000
(XEN)  TOTAL:         ffffffff80000000->ffffffff83c00000
(XEN)  ENTRY ADDRESS: ffffffff81509200
(XEN) Dom0 has maximum 2 VCPUs
(XEN) Scrubbing Free RAM: .done.
(XEN) Xen trace buffers: disabled
(XEN) Std. Loglevel: Errors and warnings
(XEN) Guest Loglevel: Nothing (Rate-limited: Errors and warnings)
(XEN) Xen is relinquishing VGA console.
(XEN) *** Serial input -> DOM0 (type 'CTRL-a' three times to switch input to Xen)
(XEN) Freed 176kB init memory.
(XEN) MCE: MSR 417 is not MCA MSR
(XEN) MCE: MSR 417 is not MCA MSR
root@server1:~#

We will use xen-tools to create virtual machines. xen-tools make it very easy to create virtual machines - please read this tutorial to learn more: http://www.howtoforge.com/xen_tools_xen_shell_argo. We've already installed xen-tools in the previous step (chapter 2).

Now we edit /etc/xen-tools/xen-tools.conf. This file contains the default values that are used by the xen-create-image script unless you specify other values on the command line. I changed the following values and left the rest untouched:

vi /etc/xen-tools/xen-tools.conf

[...]dir = /home/xen[...]# lvm = vg0[...]dist = `xt-guess-suite-and-mirror --suite` # Default distribution to install.[...]gateway = 192.168.0.1netmask = 255.255.255.0broadcast = 192.168.0.255[...]passwd = 1[...]kernel = /boot/vmlinuz-`uname -r`initrd = /boot/initrd.img-`uname -r`[...]mirror = `xt-guess-suite-and-mirror --mirror`[...]serial_device = hvc0 #default[...]disk_device = xvda #default[...]

The dir line specifies where the virtual machine images will be stored. Make sure that at the same time, lvm is commented out (these settings are mutually exclusive!).

dist specifies the distribution to be installed in the virtual machines (if you run the command

xt-guess-suite-and-mirror --suite

on the command line, you will see that it translates to squeeze, so in this case Debian Squeeze would be installed unless you specify anything else on the command line).

To find out which distributions you can install in a virtual machine, run:

gunzip /usr/share/doc/xen-tools/README.gz
cat /usr/share/doc/xen-tools/README

The passwd = 1 line makes that you can specify a root password when you create a new guest domain.

The kernel and initrd lines specify the kernel and ramdisk that get installed in a virtual machine. If you want to install Debian Squeeze, please use the settings as shown above (otherwise the Debian Squeeze guest might not boot). If you want to install Ubuntu Maverick, for example, you can use the same settings, or you comment out both lines, in which case the default Ubuntu kernel would be used (yes, Xen 4.0 allows you to use non-Xen kernels in a guest!).

Make sure you specify a gateway, netmask, and broadcast address. If you don't, and you don't specify a gateway and netmask on the command line when using xen-create-image, your guest domains won't have networking even if you specified an IP address!

The mirror line specifies the mirror to use (the command

xt-guess-suite-and-mirror --mirror

translates to a Debian mirror by default. Of course, you can specify another mirror, e.g. as follows:

mirror = http://ftp.de.debian.org/debian/

or

mirror = http://archive.ubuntu.com/ubuntu (for Ubuntu; in this case make sure that you specify an Ubuntu version in the dist line, e.g. dist = maverick)

)

It is very important that you add the line serial_device = hvc0 because otherwise your virtual machines might not boot properly!

disk_device = xvda makes that the virtualized disks are named xvda1, xvda2, etc. This is the correct setting for a Debian Squeeze guest; Ubuntu guests, especially when using a non-Xen kernel, might not boot with this setting, but you can override it with the --scsi switch that you pass to the xen-create-image command - in this case the virtualized disks will be named sda1, sda2, etc.

To summarize, the above settings are perfect for Debian Squeeze guests; if you want to install Ubuntu Maverick instead, you will have to override some of the settings in /etc/xen-tools/xen-tools.conf (--dist, --mirror, --scsi switches; maybe also comment out kernel and initrd) - I'll come to that in a moment.

Before we go on, we must create the directory where the virtual machine images should be stored:

mkdir /home/xen

Now let's create our first guest domain, xen1.example.com, with the IP address 192.168.0.101:

xen-create-image --hostname=xen1.example.com --size=4Gb --swap=256Mb --ip=192.168.0.101 --memory=256Mb --arch=amd64 --role=udev

Options that you specify on the command line override the settings in /etc/xen-tools/xen-tools.conf. Options that are not specified on the command line are taken from /etc/xen-tools/xen-tools.conf. Please make sure that you add --role=udev, or your virtual machine might not boot properly!

(To learn more about the available options, take a look at the xen-create-image man page:

man xen-create-image

)

The xen-create-image command will now create the xen1.example.com virtual machine for us. This can take a few minutes. The output should be similar to this one:

root@server1:~# xen-create-image --hostname=xen1.example.com --size=4Gb --swap=256Mb --ip=192.168.0.101 --memory=256Mb --arch=amd64 --role=udev

General Information
--------------------
Hostname       :  xen1.example.com
Distribution   :  squeeze
Mirror         :  http://ftp.de.debian.org/debian/
Partitions     :  swap            256Mb (swap)
/               4Gb   (ext3)
Image type     :  sparse
Memory size    :  256Mb
Kernel path    :  /boot/vmlinuz-2.6.32-5-xen-amd64
Initrd path    :  /boot/initrd.img-2.6.32-5-xen-amd64

Networking Information
----------------------
IP Address 1   : 192.168.0.101 [MAC: 00:16:3E:E8:61:97]
Netmask        : 255.255.255.0
Broadcast      : 192.168.0.255
Gateway        : 192.168.0.1

Creating partition image: /home/xen/domains/xen1.example.com/swap.img
Done

Creating swap on /home/xen/domains/xen1.example.com/swap.img
Done

Creating partition image: /home/xen/domains/xen1.example.com/disk.img
Done

Creating ext3 filesystem on /home/xen/domains/xen1.example.com/disk.img
Done
Installation method: debootstrap
Done

Running hooks
Done

Role: udev
File: /etc/xen-tools/role.d/udev
Role script completed.

Creating Xen configuration file
Done
Setting up root password
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
All done

Logfile produced at:
/var/log/xen-tools/xen1.example.com.log

Installation Summary
---------------------
Hostname        :  xen1.example.com
Distribution    :  squeeze
IP-Address(es)  :  192.168.0.101
RSA Fingerprint :  81:d1:7a:44:3b:07:41:3a:0f:46:d5:d5:30:bc:26:43
Root Password   :  N/A

root@server1:~#

For an Ubuntu Maverick guest, you should use this command instead:

xen-create-image --hostname=xen1.example.com --size=4Gb --swap=256Mb --ip=192.168.0.101 --memory=256Mb --arch=amd64 --role=udev --scsi --dist maverick --mirror=http://archive.ubuntu.com/ubuntu

(To use the default Ubuntu kernel instead of Debian's Xen kernel in the guest, you can also comment out the kernel and initrd lines in /etc/xen-tools/xen-tools.conf.)

There should now be a xen1.example.com configuration file - /etc/xen/xen1.example.com.cfg. Take a look at it to become familiar with virtual machines configuration files:

cat /etc/xen/xen1.example.com.cfg

## Configuration file for the Xen instance xen1.example.com, created# by xen-tools 4.2 on Fri Mar 25 15:56:51 2011.### Kernel + memory size#kernel = '/boot/vmlinuz-2.6.32-5-xen-amd64'ramdisk = '/boot/initrd.img-2.6.32-5-xen-amd64'vcpus = '1'memory = '256'## Disk device(s).#root = '/dev/xvda2 ro'disk = [ 'file:/home/xen/domains/xen1.example.com/disk.img,xvda2,w', 'file:/home/xen/domains/xen1.example.com/swap.img,xvda1,w', ]## Physical volumes### Hostname#name = 'xen1.example.com'## Networking#vif = [ 'ip=192.168.0.101,mac=00:16:3E:E8:61:97' ]## Behaviour#on_poweroff = 'destroy'on_reboot = 'restart'on_crash = 'restart'

(Please note: if you have a dual-core or quad-core CPU and want the virtual machine to use all CPU cores, please change the vcpus line to vcpus = '2' or vcpus = '4'.)

To start the virtual machine, run

xm create /etc/xen/xen1.example.com.cfg

root@server1:~# xm create /etc/xen/xen1.example.com.cfg
Using config file "/etc/xen/xen1.example.com.cfg".
Started domain xen1.example.com (id=1)
root@server1:~#

Run

xm console xen1.example.com

to log in on that virtual machine (type CTRL+] if you are at the console, or CTRL+5 if you're using PuTTY to go back to dom0), or use an SSH client to connect to it (192.168.0.101).

To get a list of running virtual machines, type

xm list

The output should look like this:

root@server1:~# xm list
Name                                        ID   Mem VCPUs      State   Time(s)
Domain-0                                     0  2811     2     r-----    137.2
xen1.example.com                             1   256     1     -b----      1.7
root@server1:~#

To shut down xen1.example.com, do this:

xm shutdown xen1.example.com

If you want xen1.example.com to start automatically at the next boot of the system, then do this:

mkdir /etc/xen/auto
ln -s /etc/xen/xen1.example.com.cfg /etc/xen/auto

Here are the most important Xen commands:

xm create -c /path/to/config - Start a virtual machine.
xm shutdown - Stop a virtual machine.
xm destroy - Stop a virtual machine immediately without shutting it down. It's as if you switch off the power button.
xm list - List all running systems.
xm console - Log in on a virtual machine.
xm help - List of all commands.

A list of all virtual machines that were created with the xen-create-image command is available under

xen-list-images

root@server1:~# xen-list-images
Name: xen1.example.com
Memory: 256
IP: 192.168.0.101
root@server1:~#

To learn more about what you can do with xen-tools, take a look at this tutorial: http://www.howtoforge.com/xen_tools_xen_shell_argo

Paravirtualization With Xen 4.0 On Debian Squeeze (AMD64) - Page 2

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Extending Perfect Server - Debian Squeeze [ISPConfig 3]

 

The following tutorial will extend the "Perfect Server.... " for ISPConfig 3 with BIND & Courier installed in Debian Squeeze. It explains how to change default ports (ssh, ispconfig, webmin), how to install some useful applications (webmin, roundcube, atop, htop, multitail, tiger etc), how to update awstats periodically (more than once a day) or whenever you want, how to create clients' data backups (periodically) accessible under their folder and finally it explains how to tweak your system for performance (mysqltuner, tuning-primer) or security (custom firewall rules, (D)Dos Deflate, fail2ban modified).

This tutorial works perfect for me, but I can not guarantee that it will work for you.

In specific this tutorial explains how to:

install Webmin and change it's port to 50000change the default port for ISPConfig from 8080 to 50443install Roundcube so as all users can access it over SSL (port 50443 -- as ISPConfig ) under /webmailextend fail2ban (for webmin, roundcube, ssh) and  apply a small patchinstall multitail and use a simple command to see all useful logschange the port 22 for SSH to 50022access phpmyadmin over SSL (port 50443 -- as ISPConfig ) under a different url than the default (e.g. /mydomaindb)install some useful apps/extensions to you server (htop, php-apc, iptraf, logwatch etc)update awstats manually or automatic whenever you wantimpove mysql settings using scripts like mysqltuner or tuning-primer that suggest which settings to tweak in your mysql installationharden you system (simple steps), by blocking specific --insistent-- IPs or networks, or/and by using custom rules to protect your server against simple ddos attacks, in companion with (D)Dos Deflate.create daily backup of clients' web folders and their databases in their folders, so as they will be able to download them

To follow this tutorial you have to read and apply the following:

- The Perfect Server - Debian Squeeze (Debian 6.0) With BIND & Courier [ISPConfig 3]

- If you want to access ISPconfig Panel and webmail through SSL I also assume that you followed the chapter 6.2 Enabling SSL For The ISPConfig Web Interface of The ISPConfig 3 manual or this post (This is only needed if you want to access the control panel AND the webmail interface through ssl on port 8080).

A note here: To NOT have problems after a future update do:

cp /etc/apache2/ssl/ispserver.crt /usr/local/ispconfig/interface/ssl/ispserver.crt
cp /etc/apache2/ssl/ispserver.key  /usr/local/ispconfig/interface/ssl/ispserver.key

and edit /etc/apache2/sites-enabled/000-ispconfig.vhost, removing the lines that you pasted following the manual, and uncommenting the default lines for SSL.

nano /etc/apache2/sites-enabled/000-ispconfig.vhost

The contents must look like:

[...]
# SSL Configuration

  SSLEngine On

  SSLCertificateFile /usr/local/ispconfig/interface/ssl/ispserver.crt
SSLCertificateKeyFile /usr/local/ispconfig/interface/ssl/ispserver.key
[...]

- If you followed the above, then I finally assume that you read the workaround about suExec and ISPConfig 3 in this post.

This how to, is a (major) updated version of  Easy RoundCube (Over SSL) And Webmin With fail2ban For ISPConfig 3 On Debian Squeeze with a lot more additions.

Before you proceed make sure that your server is functional, and you are satisfied with it.  If you follow this tutorial you will make a lot of changes, and this (by it's own) needs a lot of debugging in case of errors!

Please have in mind that if you install webmin you MUST be very careful in using it. You should not use webmin for editing settings of critical parts of ISPConfig (apache, postfix, imap, pop3, dns). Use it only in emergency cases or when you need to do things that DON'T interfere with ISPConfig (e.g. firewall, bootscripts, cron e.t.c)

To install webmin we must first install some dependencies:

apt-get install libapt-pkg-perl libauthen-pam-perl libio-pty-perl apt-show-versions

Download the latest webmin from http://www.webmin.com/download.html:

cd /tmp
wget http://prdownloads.sourceforge.net/webadmin/webmin_1.530_all.deb

and install it:

dpkg -i webmin_1.530_all.deb

Before changing a port to something else than the default, DON'T forget to add the port to your firewall. If you are using the defaults of ISPConfig, go to System -> Firewall and add the port you want (In this manual we will use 50000 for Webmin, 50443 for ISPConfig, 50022 for ssh). Save and DON'T remove old ports (8080, 10000, 22) until you are absolutely sure that the new ports are working.

To change the default port of webmin, edit the file /etc/webmin/miniserv.conf:

nano /etc/webmin/miniserv.conf

and change the Port=10000 and listen=10000 to Port=50000 and listen=50000. Restart webmin:

/etc/init.d/webmin restart

Visit https://www.example.com:50000 to install updates through webmin interface. You will have to accept the security warning, as the certificate of webmin is custom signed.

Before changing a port to something else than the default, DON'T forget to add the port to your firewall. If you are using the defaults of ISPConfig, go to System -> Firewall and add the port you want (In this manual we will use 50000 for Webmin, 50443 for ISPConfig, 50022 for ssh). Save and DON'T remove old ports (8080, 10000, 22) until you are absolutely sure that the new ports are working.

To change the default port of ISPConfig Control Panel (8080), to a different one (e.g. 50443):

nano /etc/apache2/sites-enabled/000-ispconfig.vhost

and make sure that all references to 8080 are changed to 50443. Mine looks like this (ONLY the first lines are showing):

[...]
Listen 50443
NameVirtualHost *:50443

[...]

Restart apache and access the control panel at https://www.example.com:50443:

/etc/init.d/apache2 restart

Extending Perfect Server - Debian Squeeze [ISPConfig 3] - Page 2

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.

Make Browsers Cache Static Files With mod_expire On Lighttpd (Debian Squeeze)

This tutorial explains how you can configure Lighttpd to set the Expires HTTP header and the max-age directive of the Cache-Control HTTP header of static files (such as images, CSS and Javascript files) to a date in the future so that these files will be cached by your visitors' browsers. This saves bandwidth and makes your web site appear faster (if a user visits your site for a second time, static files will be fetched from the browser cache). This tutorial was written for Debian Squeeze.

I do not issue any guarantee that this will work for you!

I'm assuming you have a working Lighttpd setup on your Debian Squeeze server, e.g. as shown in this tutorial: Installing Lighttpd With PHP5 And MySQL Support On Debian Squeeze

You *could* enable mod_expire with the command lighty-enable-mod expire, however this gives you no control in which order Lighttpd modules are loaded, and as stated in the Troubleshoot section on http://redmine.lighttpd.net/wiki/1/Docs:ModExpire, it is strongly recommended to load mod_expire before all other modules.

Therefore we open /etc/lighttpd/lighttpd.conf...

vi /etc/lighttpd/lighttpd.conf

... and add mod_expire as the first module in the server.modules stanza:

server.modules = ( "mod_expire", "mod_access", "mod_alias", "mod_compress", "mod_redirect",# "mod_rewrite",)[...]

Restart Lighttpd afterwards:

/etc/init.d/lighttpd restart

The mod_expire configuration can be placed in the overall Lighttpd server configuration or inside a virtual host container.

In this example, I will place it in the overall server configuration (i.e., this configuration is active for all vhosts):

vi /etc/lighttpd/lighttpd.conf

On Lighttpd, Expires headers are set based on the directory where a file is located, not on the file type (this is different from Apache). For example, a valid mod_expire configuration would be as follows:

[...]expire.url = ("/images/" => "access plus 7 days", "/jquery/" => "access plus 2 weeks", "/js/" => "access plus 2 months", "/misc" => "access plus 1 days", "/themes/" => "access plus 7 days", "/modules/" => "access plus 24 hours")[...]

In the above example, all files from the /images/ directory (and its subdirectories) get an Expires header with a date 7 days in the future from the browser access time. Therefore, you should make sure that the directories you list in the expire.url directive really only contain static files that can be cached by browsers.

Restart Lighttpd after your changes:

/etc/init.d/lighttpd restart

You can use the following time units in your configuration:

yearsmonthsweeksdayshoursminutesseconds

Please note that you must use these time units in plural because otherwise Lighttpd will refuse to start. So you must not use access plus 1 day, but access plus 1 days instead (this is also different from Apache where both singular and plural are allowed).

It is possible to combine multiple time units, e.g. as follows:

"access plus 1 months 15 days 2 hours"

Also note that if you use a far future Expires header you have to change the component's filename whenever the component changes. Therefore it's a good idea to version your files. For example, if you have a file javascript.js and want to modify it, you should add a version number to the file name of the modified file (e.g. javascript-1.1.js) so that browsers have to download it. If you don't change the file name, browsers will load the (old) file from their cache.

Instead of basing the Expires header on the access time of the browser (e.g. "access plus 60 days"), you can also base it on the modification date of a file (please note that this works only for real files that are stored on the hard drive!) by using the modification keyword instead of access:

"modification plus 7 days"

It is also possible to include your mod_expire rules inside a condition, e.g. as follows:

[...] $HTTP["url"] =~ "^/images/" { expire.url = ( "" => "access plus 1 hours" )}[...]

This tells Lighttpd to add an Expires header to all files where the URL begins with /images/ (like http://www.example.com/images/subdir/1.png).

To test if your configuration works, you can install the Live HTTP Headers plugin for Firefox and access a static file through Firefox (e.g. an image). In the Live HTTP Headers output, you should now see an Expires header and a Cache-Control header with a max-age directive (max-age contains a value in seconds, for example 604800 is one week in the future):

View the original article here

This post was made using the Auto Blogging Software from WebMagnates.org This line will not appear when posts are made after activating the software to full version.