This document provides instructions for configuring various server applications and services on a Linux server including Apache, PHP, MySQL, FTP, SSL, IPTables, PHPMyAdmin, and server monitoring. It discusses installing and configuring each of these applications and services individually with specific configuration details. The document is intended to provide a complete solution for setting up these common LAMP stack components and services on a Linux server.
DNS windows server(2008R2) & linux(SLES 11)Tola LENG
In this practice you will be able:
-Configure Primary DNS and Secondary DNS
-Configure DNS zone transter
-DNS Delegation
-DNS Security zone transfer
-Configure also Linux(Sles 11) and Windows Server 2008R2
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseTola LENG
In this chapter you will be able:
-How to install webserver in suse linux server
-How to configure webserver
-How to hosting website and web application
-How to configure secure connection (SSL, Redirect)
-Configure DHCP (Create LAN Server and LAN Client) on Windows Server 2008R2
-Configure Relay on SuSE Linux Enterprise Server 11
-Allow Client Use DHCP IP for each LAN
DNS windows server(2008R2) & linux(SLES 11)Tola LENG
In this practice you will be able:
-Configure Primary DNS and Secondary DNS
-Configure DNS zone transter
-DNS Delegation
-DNS Security zone transfer
-Configure also Linux(Sles 11) and Windows Server 2008R2
Configure Webserver & SSL secure & redirect in SuSE Linux EnterpriseTola LENG
In this chapter you will be able:
-How to install webserver in suse linux server
-How to configure webserver
-How to hosting website and web application
-How to configure secure connection (SSL, Redirect)
-Configure DHCP (Create LAN Server and LAN Client) on Windows Server 2008R2
-Configure Relay on SuSE Linux Enterprise Server 11
-Allow Client Use DHCP IP for each LAN
Walks through the basics of the HTTP protocol, URLs, cookies and caching, with tricks and tips that can be used by web developers. From a Geek.class I did on Oct 6, 2011 for Meet the Geeks.
Tola.leng mail server (sq_mail & rcmail)_q5_Tola LENG
1. Design a new network infrastructure. 3
2. Install & Configure Domain Name System: 3
a. Install DNS 3
Test mail in Webserver machine 7
3. Postfix Service: 9
a. Install Postfix 10
b. Send email test (postfix) 10
4. Configure Postfix: 12
a. Enable some option for mail server 13
b. Test Send/Receive mail 14
5. Configure Dovecot: 15
a. Download Dovecot package *.rpm 15
b. Extract *.rpm package 15
c. Configure Dovecot file 16
d. Use Mail client 17
_other User 19
6. Configure Web mail: 22
• To Configure webmail in webserver machine NOT use in mail server machine 22
a. Squirrelmail 24
Configure in Server Setting 28
Configure Vhost 34
Test Result 36
b. Roundcube 38
Create and Configure Vhost 41
Let user access 43
7. Set option change password: 46
a. Squirrelmail 47
b. Roundcube 51
8. SMTPS and POP3S to secure encryption message` 51
a. Create certificate 51
b. Configure 52
9. Configure sasl sender and receiver/smpts authentication. 63
a. Configure SMTP Authentication /SASL Sender 63
10. Create address list/group (aliases address) 67
11. User SSL to encryption connection on browser 70
12. User authentication from AD or OpenLDAP 79
Configure LDAP Server on Mail Server 80
Configure LDAP Client on mail Server 82
Restart services 87
Create user in ldap 88
Let Webserver Join Domain with Mail server LDAP 92
Enable LDAP on Squirrelmail 99
Let’s User test Authentication 104
Let ‘ user change password 107
Configure proxy firewall on SuSE Linux Enterprise Server 11Tola LENG
In this practice you will be able:
-How to install and configure the iptables and proxy firewall when we want to block the packet.
-How to allow or deny the services or packet when the client access to the Internet.
Web Server Technologies I: HTTP & Getting StartedPort80 Software
Introduction to HTTP: TCP/IP and application layer protocols, URLs, resources and MIME Types, HTTP request/response cycle and proxies. Setup and deployment: Planning Web server & site deployments, Site structure and basic server configuration, Managing users and hosts.
The CAA-Record for increased encryption securityMen and Mice
The CAA Record (Certification Authority Authorization) is used to signal which certification authority (CA) can issue an x509 certificate for a given domain. CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames.
Starting from September 2017, certificate issuing CA must support the CAA record.
This explains the CAA record, how it works, how to enter CAA into a zone and how certification authorities are about to use the record.
Walks through the basics of the HTTP protocol, URLs, cookies and caching, with tricks and tips that can be used by web developers. From a Geek.class I did on Oct 6, 2011 for Meet the Geeks.
Tola.leng mail server (sq_mail & rcmail)_q5_Tola LENG
1. Design a new network infrastructure. 3
2. Install & Configure Domain Name System: 3
a. Install DNS 3
Test mail in Webserver machine 7
3. Postfix Service: 9
a. Install Postfix 10
b. Send email test (postfix) 10
4. Configure Postfix: 12
a. Enable some option for mail server 13
b. Test Send/Receive mail 14
5. Configure Dovecot: 15
a. Download Dovecot package *.rpm 15
b. Extract *.rpm package 15
c. Configure Dovecot file 16
d. Use Mail client 17
_other User 19
6. Configure Web mail: 22
• To Configure webmail in webserver machine NOT use in mail server machine 22
a. Squirrelmail 24
Configure in Server Setting 28
Configure Vhost 34
Test Result 36
b. Roundcube 38
Create and Configure Vhost 41
Let user access 43
7. Set option change password: 46
a. Squirrelmail 47
b. Roundcube 51
8. SMTPS and POP3S to secure encryption message` 51
a. Create certificate 51
b. Configure 52
9. Configure sasl sender and receiver/smpts authentication. 63
a. Configure SMTP Authentication /SASL Sender 63
10. Create address list/group (aliases address) 67
11. User SSL to encryption connection on browser 70
12. User authentication from AD or OpenLDAP 79
Configure LDAP Server on Mail Server 80
Configure LDAP Client on mail Server 82
Restart services 87
Create user in ldap 88
Let Webserver Join Domain with Mail server LDAP 92
Enable LDAP on Squirrelmail 99
Let’s User test Authentication 104
Let ‘ user change password 107
Configure proxy firewall on SuSE Linux Enterprise Server 11Tola LENG
In this practice you will be able:
-How to install and configure the iptables and proxy firewall when we want to block the packet.
-How to allow or deny the services or packet when the client access to the Internet.
Web Server Technologies I: HTTP & Getting StartedPort80 Software
Introduction to HTTP: TCP/IP and application layer protocols, URLs, resources and MIME Types, HTTP request/response cycle and proxies. Setup and deployment: Planning Web server & site deployments, Site structure and basic server configuration, Managing users and hosts.
The CAA-Record for increased encryption securityMen and Mice
The CAA Record (Certification Authority Authorization) is used to signal which certification authority (CA) can issue an x509 certificate for a given domain. CAA creates a DNS mechanism that enables domain name owners to whitelist CAs that are allowed to issue certificates for their hostnames.
Starting from September 2017, certificate issuing CA must support the CAA record.
This explains the CAA record, how it works, how to enter CAA into a zone and how certification authorities are about to use the record.
Spelix is a webapplication using PHP on the server, HTML5 and JS on the client. PHP is running as a FastCGI process serving requests via Nginx. This presentations describes some of the key-takeaways that I've learned with that project, the essentials of running Nginx with PHP, starting from the basics, but also covering techniques like Memcached or leveraging the FastCGI cache. It contains several examples and performance comparison charts.
Dating Pro is a fully functional dating software script that allows the prompt and easy creation of dating, personals and social networking websites. This instruction helps to install Dating Pro software fast and easily .
Getting Started
This guide will help you deploy a Cloudtenna DirectShare virtual appliance (VA) using VMware ESXi.
Assumptions
• It is assumed that the reader has a working knowledge of VMware vSphere system administration,
Microsoft® Windows® desktop and server administration, SAN network design, basic Ubuntu Linux
commands and basic SAN storage operations.
• This is not a complete “how to” guide. Step by step setup is covered in part, examples of screen shots
and settings should be sufficient for the reader to apply the right changes to implement the steps outlined
in this guide.
Limitations and Other Considerations
External File Sharing and Collaboration can be setup in multiple different fashions. This solution guide will
address a specific scenario and how to build around it.
For information on how to setup a NON-PRODUCTION Windows Server 2012R2 demo environment in
conjunction with a DirectShare virtual appliance, download the “How to setup a Fresh Windows Server
for a DirectShare EasyDemo” at https://channel.ctna.co/downloads/ .
CLOUDTENNA DIRECTSHARE QUICK-START GUIDE 4
DirectShare Virtual Appliance Sizing
Optimal performance of the DirectShare VA (Virtual Appliance) is dependent on several factors. Sizing of
the VA is determined by number of concurrent users accessing files at max load.
Production sizing of compute resources should be determined by monitoring of the VA during initial usage
and onboarding of users. Although system administrators are accustomed to this best practice, more
frequent checks of resource utilization are recommended, as each environment has different success criteria
and usage, activity varies throughout different times of day, days of week, and seasonal demands on the
network may vary.
A deescalating resource monitoring check is recommended similar to this example:
Day 1+: Once every few until all users are on boarded and have successfully connected at least once.
Day 2: Twice daily.
Day 3 - 7: Once daily.
Day 8+: Notifications configured to alert administrators at 80% of vCPU and/or RAM reached.
Minimum VA resources:
• 1 vCPU, 2 GB RAM, 40 GB local volume (few users with limited file transfer requests).
• < 25 concurrent file transfers
Medium VA resources:
• 2 vCPU, 4 GB RAM, 40 GB local volume (light file transfers evenly throughout the day).
• < 75 concurrent file transfers
Large VA resources:
• 4 vCPU, 8 GB RAM, 40 GB local volume (increased file transfers at different peak times of day).
• < 150 concurrent file transfers
Maximum VA sizing:
• 8 vCPU, 16 GB RAM, 40 GB local volume (heavy concurrent file transfers all day long).
• <= 300 concurrent file transfers
The above-recommended resource allocations are for a single DirectShare VA. Local volume size
of 40 GB may be increased to accommodate longer audit log retention requirements, but not
required for performance.
Similar to Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server monitoring complete solution (20)
ERP System Implementation Kubernetes Cluster with Sticky Sessions Chanaka Lasantha
ERP System Implementation on Kubernetes Cluster with Sticky Sessions:
01. Security Features Enabled in Kubernetes Cluster.
02. SNMP, Syslog and audit logs enabled.
03. Enabled ERP no login service user.
04. Auto-scaling enabled both ESB and Jboss Pods.
05. Reduced power consumption using the scale in future during off-peak days.
06. NFS enables s usual with ERP service user.
07. External Ingress( Load Balance enabled).
08. Cluster load balancer enabled by default.
09. SSH enabled via both putty.exe and Kubernetes management console.
10. Network Monitoring enabled on Kubernetes dashboard.
11. Isolated Private and external network ranges to protect backend servers (pods).
12. OS of the pos is updated with the latest kernel version.
13. Core Linux OS will reduce security threats.
14. Lightweight OS over small HDD space
15. Less amount of RAM usage has been enabled.
16. AWS ready.
17. Possible for exporting into Public cloud ENV.
18. L7 and L4 Heavy Load Balancing Enabled.
19. Snapshot Versioning Control Enabled.
20. Many More ………etc.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Configuring apache, php, my sql, ftp, ssl, ip tables phpmyadmin and server monitoring complete solution
1. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 1
Configuring Apache, PHP, MySQL, FTP, SSL, IPTables
PHPMyadmin and Server Monitoring Complete Solution
Documented By Chanaka Lasantha Nanayakkara
Email : chanaka.lasantha@gmail.com
Mob : 071-1381308
Contents
Setting Up Ips, Repos and Nameserver info 01
Installing and Config Apache Web Server 02
Installing and Config PHP 03
Installing and Config SSL 04
Installing and Config MySQL 05
Installing and Config PHPmyadmin 06
Installing and Config FTP Server 07
Installing and Config DDNS Client 08
Configuring IPTables Firewall 09
Installing and Config Web Server Monitoring 10
2. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 2
Setting Up Ips, Repos and Nameserver info
Date:
date -s "9 AUG 2013 11:32:08"
Time:
date +%T -s "11:32:08"
## RHEL/CentOS 6 32-Bit ##
wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
## RHEL/CentOS 6 64-Bit ##
wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -ivh epel-release-6-8.noarch.rpm
Preparing... ###################################### [100%]
1:epel-release ###################################### [100%]
sed -i -e "s/enabled=1/enabled=0/g" /etc/yum.repos.d/epel.repo
# when you use the repository, input yum command like follows
yum --enablerepo=epel install xayhsdhsd
Installing Apache Web Server
yum -y install httpd
rm -f /etc/httpd/conf.d/welcome.conf
rm -f /var/www/error/noindex.html
ln -s /usr/bin/perl /usr/local/bin/perl
Configure httpd
vim /etc/httpd/conf/httpd.conf
# line 44: change
ServerTokens Prod
# line 74: change to ON
KeepAlive On
# line 251: Admin's address
ServerAdmin root@myweb.com
# line 265: change to your server's name
ServerName www.myweb.com:80
# line 320: change (enable CGI and disable Indexes)
Options FollowSymLinks ExecCGI
# line 327: change
AllowOverride All
# line 391: add file name that it can access only with directory's name
DirectoryIndex index.html index.cgi index.php
# line 524: change
3. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 3
ServerSignature Off
# line 747: make it comment
#AddDefaultCharset UTF-8
# line 778: uncomment and add file-type that apache looks them CGI
AddHandler cgi-script .cgi .pl
/etc/rc.d/init.d/httpd start
chkconfig httpd on
Installing PHP
yum -y install php php-mbstring php-pear
vim /etc/httpd/conf/httpd.conf
# line 402: add file name that it can access only with directory's name
DirectoryIndex index.html index.php
vim /etc/php.ini
# line 946: set your timezone
date.timezone = "Asia/Colombo"
/etc/rc.d/init.d/httpd restart
Create a your server's original SSL Certificate.
cd /etc/pki/tls/certs
make server.key
openssl rsa -in server.key -out server.key
make server.csr
openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
chmod 400 server.*
Configration of SSL
yum -y install mod_ssl
vim /etc/httpd/conf.d/ssl.conf
# line 84: uncomment
DocumentRoot "/var/www/html"
# line 85: uncomment and specify server name
ServerName www.myweb.com:443
# line 112: specify certificate
SSLCertificateFile /etc/pki/tls/certs/server.crt
# line 119: specify certification key
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
/etc/rc.d/init.d/httpd restart
4. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 4
Installing MySQL
yum -y install mysql-server
/etc/rc.d/init.d/mysqld start
chkconfig mysqld on
/usr/bin/mysql_secure_installation
Log in MySQL as root
mysql -uroot -p
Installing PHPmyadmin
yum --enablerepo=epel -y install phpMyAdmin php-mysql php-mcrypt # install from EPEL
vi /etc/httpd/conf.d/phpMyAdmin.conf
# line 13: add IP address you permit
Allow from 127.0.0.1 10.0.0.0/24
/etc/rc.d/init.d/httpd reload
Access to 'http://192.168.2.204/phpmyadmin' with web browser, then following screen is shown. Login with a user in
MySQL.
Installing FTP Server
use existing group to provide access on shared directory:
groupadd ftpusers
chgrp -R ftpusers /var/www/html
chmod -R 777 /var/www/html # This is Optional
useradd chanaka
usermod -G ftpusers chanaka
passwd chanaka
chown -R chanaka: chanaka /var/www/html # This is Optional
yum -y install vsftpd
vim /etc/vsftpd/vsftpd.conf
# line 12: no anonymous
anonymous_enable=NO
# line 80,81: uncomment ( allow ascii mode )
ascii_upload_enable=YES
ascii_download_enable=YES
# line 95, 96: uncomment ( enable chroot )
chroot_local_user=YES
chroot_list_enable=YES
# line 98: uncomment ( specify chroot list )
chroot_list_file=/etc/vsftpd/chroot_list
# line 104: uncomment
5. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 5
ls_recurse_enable=YES
# add at the last line
# specify root directory ( if don't specify, users' home directory become FTP home directory)
local_root=/var/www/html
# use localtime
use_localtime=YES
vim /etc/vsftpd/chroot_list
# add users you allow to move over their home directory
chanaka
Sameera
Admin
/etc/rc.d/init.d/vsftpd start
Starting vsftpd for vsftpd: [ OK ]
chkconfig vsftpd on
Installing DDNS Client
Domain Transfer Guide (Inbound)
In order to transfer a domain from your current registrar you will need your Authorization/EPP code. Contact your
current registrar for this code and have them release/unlock your domain. Once you receive your Authorization/EPP
code and your domain is released you can request a transfer from your No-IP account.
If your account does not already have valid contact information you should do this first. This can be set by going to
“Domain Registration” and then click the “Domain Contact” link on the left-hand navigation bar. Enter your contact
information (all fields with an asterisk ‘*’ are required). Once your contact information is entered click “Create
Contact.”
To request a domain transfer go to the “Domain Registration” tab and click “Transfer Domain.” Type your domain into
the box. If you have multiple domains that you wish to transfer you can enter them in box labeled “Domains to
Transfer,” simply separate the domains by using a space (as specified).
Note, the following specifications need to be met before proceeding (for each domain):
· There is a valid email address you can access for its registrant contact
· The domain name has been registered more than 60 days
· Any lock or hold at your current registrar has been removed
· For .com, .net, .org, .biz, .info, .tv, .cc, .me, .us, and .co you have the Authorization Code (EPP Key) for domain
transfers from your current registrar.
Once your domains have been entered click “Next.” Specify the DNS package you will be using for your domain. Enter
the current Registrants email address for the domains you are transferring. Then enter the Auth/EPP codes for each
domain you will be transferring (these are case sensitive) then click “Next.” Verify the “Post-transfer Contact
Information” and then click “Next” again.
6. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 6
Your request will need to be activated before it is completed. To do this click “Activate Now” and then select the
service that you will need from the “Renew/Activate” and follow the check out process. Domain’s that can be
transferred and pricing can be viewed here.
Once you have paid we will send a verification email to the email address of the current owner listed on the Whois
database. Please follow the instructions in that email to approve the transfer. When the transfer request has been
made your current registrar will process the request (this can take up to seven days, after the seven days, the transfer
will become automatic).
Please monitor the status of your Domain Transfer by going to the “Domain Registration” and clicking on “Manage
Transfers.” A successful request will have the status of “Requested.” A completed transfer will have the status of
“Complete.” Once the transfer is completed and approved by your domain name registrar please allow 24-48 hours for
the DNS information to propagate globally. Once this process is complete No-IP will be the registrar and the DNS
provider for your domain/s.
Install “Make” compiler program in preparation to compile the no-ip program. You might also have to install the
“GCC” compiler if “Make” compiler don’t work; I have both GCC and Make installed. The following is the commands
to download &install them:
yum install gcc
yum install make
Now onto the easy step-by-step installation of no-ip client. Run the following 6 commands from the terminal:
mkdir noip && cd noip
wget http://www.no-ip.com/client/linux/noip-duc-linux.tar.gz
tar zvxf noip-duc-linux.tar.gz
cd noip-2.1.9-1
make
make install
Please enter the login/email string for no-ip.com (email account that you used to set-up no-ip account)
Please enter the password for user(password that you used to login to no-ip)
Please enter an update interval: [30] 30
(Increments in minutes that you want no-ip client to check if your router’s external dynamic IP address has changed
and updates it accordingly.)
Do you wish to run something at successful update? *N+ (y/N) N(Just enter “N” here.)
/usr/local/bin/noip2(To start/run noip client)
echo ‘/usr/local/bin/noip2′ >> /etc/rc.local(To start/run noip client after each system reboot
More useful no-ip commands
/usr/local/bin/noip2 -C to configure noip client
/usr/local/bin/noip2 -S to display info about running noip client
/usr/local/bin/noip2 -U to set update intervals (in minutes)
7. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 7
Enable IP Forwarding (Highly Important!)
If you want your OpenVPN clients to be able to access the network, in addition to the push routes statements above
you will need to setup ip forwarding for the tunnel interface and change the 0 to a 1.
vim /etc/sysctl.conf
# ------ Edit the following line changing the 0 to a 1 -----
net.ipv4.ip_forward = 1
Save and close the file. Reload the changes by typing the following command:
Or
echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -p
Configuring IPTables Firewall
service iptables start
iptables --flush
iptables --table nat -–flush
iptables --delete-chain
service iptables save
service iptables restart
service network restart
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
iptables -A INPUT -p icmp -m limit --limit 1/s --limit-burst 2 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A OUTPUT -p icmp -j ACCEPT
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state INVALID -j DROP
iptables -A OUTPUT -m state --state INVALID -j DROP
iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -m state --state NEW -p tcp --tcp-flags ALL NONE -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
iptables -N SYN_FLOOD
iptables -A INPUT -p tcp --syn -j SYN_FLOOD
iptables -A SYN_FLOOD -m limit --limit 2/s --limit-burst 6 -j RETURN
iptables -A SYN_FLOOD -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type address-mask-request -j DROP
iptables -A INPUT -p icmp -m icmp --icmp-type timestamp-request -j DROP
iptables -A INPUT -p icmp -m icmp -m limit --limit 1/second -j ACCEPT
8. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 8
iptables -A INPUT -p tcp -m tcp --tcp-flags RST RST -m limit --limit 2/second --limit-burst 2 -j ACCEPT
iptables -A INPUT -m recent --name portscan --rcheck --seconds 86400 -j DROP
iptables -A FORWARD -m recent --name portscan --rcheck --seconds 86400 -j DROP
iptables -A INPUT -m recent --name portscan --remove
iptables -A FORWARD -m recent --name portscan –remove
iptables -A INPUT -s 0.0.0.0/7 -j DROP
iptables -A INPUT -s 2.0.0.0/8 -j DROP
iptables -A INPUT -s 5.0.0.0/8 -j DROP
iptables -A INPUT -s 7.0.0.0/8 -j DROP
iptables -A INPUT -s 10.0.0.0/8 -j DROP
iptables -A INPUT -s 23.0.0.0/8 -j DROP
iptables -A INPUT -s 27.0.0.0/8 -j DROP
iptables -A INPUT -s 31.0.0.0/8 -j DROP
iptables -A INPUT -s 36.0.0.0/7 -j DROP
iptables -A INPUT -s 39.0.0.0/8 -j DROP
iptables -A INPUT -s 42.0.0.0/8 -j DROP
iptables -A INPUT -s 49.0.0.0/8 -j DROP
iptables -A INPUT -s 50.0.0.0/8 -j DROP
iptables -A INPUT -s 77.0.0.0/8 -j DROP
iptables -A INPUT -s 78.0.0.0/7 -j DROP
iptables -A INPUT -s 92.0.0.0/6 -j DROP
iptables -A INPUT -s 96.0.0.0/4 -j DROP
iptables -A INPUT -s 112.0.0.0/5 -j DROP
iptables -A INPUT -s 120.0.0.0/8 -j DROP
iptables -A INPUT -s 169.254.0.0/16 -j DROP
iptables -A INPUT -s 172.16.0.0/12 -j DROP
iptables -A INPUT -s 173.0.0.0/8 -j DROP
iptables -A INPUT -s 174.0.0.0/7 -j DROP
iptables -A INPUT -s 176.0.0.0/5 -j DROP
iptables -A INPUT -s 184.0.0.0/6 -j DROP
iptables -A INPUT -s 192.0.2.0/24 -j DROP
iptables -A INPUT -s 197.0.0.0/8 -j DROP
iptables -A INPUT -s 198.18.0.0/15 -j DROP
iptables -A INPUT -s 223.0.0.0/8 -j DROP
iptables -A INPUT -s 224.0.0.0/3 -j DROP
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 21 -j ACCEPT
9. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 9
iptables -A OUTPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%27%27%3d%27” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+1%3d1” --algo bm -j DROP
iptables -I FORWARD -s 0.0.0.0/0 -m string --string “%27+or+%271%27%3d%271” --algo bm -j DROP
service iptables save
service iptables restart
service network restart
/sbin/iptables -L
iptables -L -t nat –n
iptables -vnL
Installing Web Server Monitoring
yum -y install graphviz
wget http://www.hping.org/visitors/visitors-0.7.tar.gz
tar zxvf visitors-0.7.tar.gz
cd visitors_0.7
make
cp visitors /usr/local/bin/
cd
mkdir /var/www/html/visitors
vim /etc/httpd/conf.d/visitors.conf
# create new
<Location /visitors>
Order Deny,Allow
Deny from all
Allow from 10.0.0.0/24 # IP address you allow
</Location>
/etc/rc.d/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
# generate common reports
visitors -A /var/log/httpd/access_log -o html > /var/www/html/visitors/index.html
--
11 lines processed in 1 seconds
0 invalid lines, 0 blacklisted referers
# generate page tour reports
visitors -A -m 30 /var/log/httpd/access_log -o html --trails --prefix http://www.myweb.com >
/var/www/html/visitors/trails.html
--
10. Configuring Apache, PHP, MySQL, FTP, SSL, IPTables PHPMyadmin and Server Monitoring Complete Solution 10
11 lines processed in 1 seconds
0 invalid lines, 0 blacklisted referers
# generate page tour image
visitors /var/log/httpd/access_log --prefix http://www.myweb.com -V > /var/www/html/visitors/graph.dot
--
11 lines processed in 1 seconds
0 invalid lines, 0 blacklisted referers
dot -Tpng /var/www/html/visitors/graph.dot > /var/www/html/visitors/graph.png
Access to 'http://(your server's name or IP address)/visitors/'
http://(your server's name or IP address)/visitors/graph.png
Remort Login to the Web Server with Putty