Uzun suredir Windows Server 2003 isletim sistemi uzerinde barindirdigim IIS‘den ASP.NET ve FastCGI ile PHP destegi veren server’imi tamamen Ubuntu Server‘a tasimaya karar verdim. Apache2, PHP5 ve MySQL kullaniyor olacagim. Bunun temel nedenlerinden birkaci lisans sorunu ve Linux’un terminal konusunda Windows’tan cok daha ustun olmasi, dolayisiyla bana PDA‘den bile server’imi yonetme olanagini saglamasi.

Oncelikle dun (Kasim 4 2009) su anki server’imi ve barindirdigim sistemi/siteleri hicbir sekilde etkilemeyecek sekilde ikinci bir bilgisayara Ubuntu Linux yukledim, Apache, PHP ve MySQL calisir durumda. Simdilik detayli konfigurasyonlarla ugrasiyorum, FTP kurulumu, VirtualHost konulari gibi.

→ Ilk Izlenimler

En cok hosuma giden ozellik SSH kullanarak sistemdeki her seyi Broadband bir internet baglantisi olmasina gerek kalmadan kontrol edebilmem. Kampus kutuphanesinden son derece hizli bir sekilde terminal’den konfigurasyon yapiyorum, inanilmaz.

Microsoft IIS’ten aliskin oldugum Start>Control Panel>Administrative Tools>Internet Information Systems gibi tanimlar cok uzak. Ubuntu Server 9.10 varsayilan olarak GUI’siz geldigi icin her seyi simdilik terminal’den yapmak zorundayim.

Zorlanmadim denemez. Bir gundur FTP server icin virtual kullanicilar yaratmaya calisiyorum. Tabi ki onca artinin yaninda eksilerinin de olmasini bekliyordum ancak bu kadar fazla sorunla karsilasacagimi tahmin etmiyordum!

Simdilik bu kadar, kurulumu yaptiktan sonra 1 ay kadar ikinci server’imi deneme icin acik birakacagim, bu surec sonunda herhangi buyuk bir problemle karsilasmazsam, su anki kullandigim ana server’i tamamen Ubuntu’ya adayacagim.

Benim gibi Microsoft .NET ile yasamini gecirmis biri icin inanilmaz bir adim olacak.

Gelismeleri yazmaya devam edecegim.

Esta es una configuracion de un servidor web con Apache2 que maneja multiples dominios en el mismo servidor, esto es conocido como virtual hosting basado en nombres. Esta configuracion esta hecha en SLES 10 SP2

Instalamos el servidor Apache2 y creamos los directorios donde estaran ambos sitios web.

# yast -i apache2
# mkdir /srv/www/web1
# mkdir /srv/www/web2

Despues de crearar ambos directorios y los respectivos html, empezamos a configurar el apache,  para ello editamos el archivo listen.conf

# vim /etc/apache2/listen.conf

…
NameVirtualHost *:80
…

Ahora nos ubicamos en el directorio /etc/apache2/vhosts.d/ y editamos las .conf para ambos sitios web.

# cd /etc/apache2/vhosts.d/
# cp vhost.template web1.conf
# cp vhost.template web2.conf

La configuracion minima por cada pagina debe ser la siguiente:

# vim web1.conf

<VirtualHost *:80>
ServerAdmin fruiz@grupopalomino.com.pe
ServerName www.grupopalomino.com.pe
DocumentRoot /srv/www/web1
ErrorLog /var/log/apache2/www.dominio1.com-error_log
CustomLog /var/log/apache2/www.dominio1.com-access_log combined
<Directory “/srv/www/web1″>
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
</VirtualHost>

Del mismo modo la pagina web2  …

Listo ahora iniciamos el servicio apache

# rcapache2 start

1. sudo a2enmod rewrite
2. sudo gedit /etc/apache2/sites-enabled/000-default
3. Change AllowOverride None to AllowOverride All
4. Restart Apache: sudo /etc/init.d/apache2 force-reload

Source : http://ubuntuforums.org/archive/index.php/t-255556.html

A common scenario when providing services via the web is to expose all applications via an Apache front end. The Apache server acts as a dispatcher, or reverse proxy, and takes care of virtual hosting as well as any SSL traffic. This way, only one IP address needs to be exposed to the Internet while users gets the experience of multiple stand-alone sites. This article series also describes how applications can be conveniently put behind access control using the Central Authentication Service, or CAS for short.

Part 4 – Protecting resources with CAS

This article is number four in a series. The steps described here are based on configurations that have been performed in the earlier steps. It is strongly recommended to read these first:

• Part 1 – Setting up Apache2 for virtual hosting
• Part 2 – Adding SSL support to Apache2 virtual hosts
• Part 3 – Adding Tomcat behind an Apache2 reverse proxy

We’ll start by downloading and deploying CAS. The CAS server is found at http://www.ja-sig.org/downloads/cas/cas-server-3.3.4-release.tar.gz. While we’re at it, we are going to download the CAS client as well: http://www.ja-sig.org/downloads/cas-clients/cas-client-java-2.1.1.tar.gz

Extract the server and client to a suitable location, e.g. your desktop. From the extracted server directory copy modules/cas-server-webapp-3.3.4.war to Tomcats webapps/ directory (if you are following all steps in this guide it should be located in /opt/apache-tomcat-5.5.28/webapps). Start Tomcat and point the web browser to http://localhost:8080/cas-server-webapp-3.3.4/login.

You should now see the CAS login page where you can enter your username and password. By default, you should be able to log in by entering password in both the user name and password fields. If everything is working, a page stating that you have logged in successfully, should be displayed.

Now, we need to configure Tomcat to use CAS for authentication. In this setup we will be looking at CAS-enabling the Tomcat Manager application (there is a link to the Manager application under the Administration headline in the top left corner of Tomcat’s welcome page). If you try to access it at this stage, you will just be asked to log in using a basic auth scheme.

Locate the web.xml descriptor for the manager web application found in the /opt/apache-tomcat-5.5.28/server/webapps/manager/WEB-INF. Now we will remove the container authentication and security configuration and replace it with CAS and a simple authorization filter. To be on the safe side, make a backup copy in case you mess things up and want to start over:

cp web.xml web.xml.bk

Open the web.xml file and locate the following line, about two thirds into the file:

<!-- Define reference to the user database for looking up roles -->

Remove everything from there to the end of the configuration file, leaving just the closing line:

</web-app>

Scroll back to the top of the configuration, and insert the following, just after the closing </description< tag, about ten lines from the top:

  <filter>
    <filter-name>CASFilter</filter-name>
    <filter-class>edu.yale.its.tp.cas.client.filter.CASFilter</filter-class>
    <init-param>
        <param-name>edu.yale.its.tp.cas.client.filter.loginUrl</param-name>
	<param-value>https://one.example.com/cas-server-webapp-3.3.4/login</param-value>
    </init-param>
    <init-param>
        <param-name>edu.yale.its.tp.cas.client.filter.validateUrl</param-name>
        <param-value>https://one.example.com/cas-server-webapp-3.3.4/serviceValidate</param-value>
    </init-param>
    <init-param>
        <param-name>edu.yale.its.tp.cas.client.filter.serverName</param-name>
        <param-value>one.example.com:443</param-value>
    </init-param>
  </filter>

  <filter>
    <filter-name>Authz Filter</filter-name>
    <filter-class>edu.yale.its.tp.cas.client.filter.SimpleCASAuthorizationFilter</filter-class>
    <init-param>
        <param-name>edu.yale.its.tp.cas.client.filter.authorizedUsers</param-name>
        <param-value>password</param-value>
    </init-param>
  </filter>

  <filter-mapping>
      <filter-name>CASFilter</filter-name>
      <url-pattern>/*</url-pattern>
  </filter-mapping>

  <filter-mapping>
      <filter-name>Authz Filter</filter-name>
      <url-pattern>/*</url-pattern>
  </filter-mapping>

What the above configuration says is that a servlet filter, CASFilter will intercept all requests to the application and check that the user is authenticated by CAS. If not, the user will be redirected to the CAS log in page. In the same way, the servlet filter Authz Filter will make sure that the user is authorized. The authorization is extremely simple in this example – it just checks that the user name is in the list specified in the filter parameter edu.yale.its.tp.cas.client.filter.authorizedUsers. The authentication filter (CASFilter) parameters might benefit from some more explanation:

• edu.yale.its.tp.cas.client.filter.loginUrl points to the URL where users are redirected in case they are not already authenticated
• edu.yale.its.tp.cas.client.filter.validateUrl points to the URL of the web service that provides the validation service. This URL needs to start with HTTPS – otherwise an exception will be thrown. Since we are using Apache2 as a front end to take care of all SSL handling, we point to an address that is managed by Apache (i.e. port 443). We will have to trust the SSL certificate of Apache, as will be shown shortly.
• edu.yale.its.tp.cas.client.filter.serverName points to the server name (and port) to which the user gets redirected to after a successful login.

In order for the Tomcat Manager application to be able to communicate with CAS (through the just defined servlet filter), we need to add the CAS client jar file. Provided you extracted the client archive to the desktop, copy the file ~/Desktop/cas-client-java-2.1.1/dist/casclient.jar to the Tomcat managers lib directory:

cp ~/Desktop/cas-client-java-2.1.1/dist/casclient.jar /opt/apache-tomcat-5.5.28/server/webapps/manager/WEB-INF/lib

If you are using a commercial certificate for your Apache2 web server (i.e. a certificate that has been signed by a root CA certificate found in the JVM trust store), you are done. Since this example is based on using a self signed certificate, we need to add our certificate to the trust store manually. The reason for this is that the CAS servlet filter utilizes HTTPS, and that Java (rightfully) refuses to establish a connection if it can not verify that the identity of the remote side is valid.

To import the Apache2 certificate into the trust store, start by converting it into DER format:

cd /etc/apache2/ssl
sudo openssl x509 -in apache.pem -out apache.crt -outform DER

Now, import the DER certificate into the JVM trust store:

keytool -import -trustcacerts -keystore /usr/lib/jvm/java-6-sun/jre/lib/security/cacerts -storepass changeit -alias apache -file /etc/apache2/ssl/apache.crt

Restart Tomcat and enjoy the CAS-enabled Tomcat Manager!

References

http://www.ja-sig.org/wiki/display/CAS/CASifying+Tomcat+Manager

What is Virtual Hosting and where and why it is used?

Vitual Hosting is a method that servers such as web servers use to host more than one domain

name on the same computer.

Virtual hosting allows a website owner to have a site hosted on a web server that is shared with

other websites. In other words, virtual hosting services and bandwidht to more than one website.

Virtual web hosting is one of the most popular hosting options available at the moment -

probably because of cost effective because you won’t have to pay for a dedicated server to host just

your website.

Virtual web hosting is good solution for SME’s even for MNC’s also websites that aren’t constantly being visited

There are two basic methods of accomplishing virtual hosting: name-based, and IP address or ip-based.

Lets move to the Practical Session

Check are you have Apache2, mysql5, php5 in your PC or Laptop or NoteBook what ever you calls otherwise follow below steps

1. Install LAMP

2. Control Apache2

3. Control MySql

4. Virtual Hosting

5. Virtual Hosting with multiple names

1. Install LAMP – Linux Apache2 Mysql Php

I preasume you have Ubuntu Linux installed. Let’s install everything else (Apache 2, PHP5 and MySQL 5)

sudo aptitude install apache2 mysql-server php5 php5-mysql libapache2-mod-php5

Open your favourite web browser and enter http://localhost (or http://127.0.0.1)

Check if Apache 2 and PHP 5 work fine

Create a file called test.php and enter this text in it

<?php phpinfo(); ?>

Save the file and copy it to your web site folder, e.g. /var/www

Open your web browser and run

http://localhost/test.php

2. Control Apache2

To start Apache2

sudo /etc/init.d/apache2 start

To stop Apache2

sudo /etc/init.d/apache2 stop

To restart Apache2

sudo /etc/init.d/apache2 restart

After first install I always get this error:

apache2: Could not determine the server’s domain name, using 127.0.0.1 for ServerName

It is easily fixed – add ServerName localhost into apache2.conf

gksudo gedit /etc/apache2/apache2.conf

3. Control MySQL

To start MySQL

sudo /etc/init.d/mysql start

To restart MySQL

sudo /etc/init.d/mysql restart

To stop MySQL

sudo /etc/init.d/mysql stop

Creating Database using MySql

First Login into MySql Using Following Command here it will ask password then enter the root password of My Sql. MySql Password has given when it was Installing

mysql -u root -p

Create Database

Create Database virtual;

Use Database

Use virtual;

4. Virtual Hosting

(a) Allow user to web directory

(b) Create Folder and link to web directory

(c) Using Virtual Hosts

(d) Adding Virtual Hosts

(e) Apache Configuaration

localhost is the default host, but if you add virtal hosts, you may want to change it to, say, somechow

However, the address http://localhost/ by default points to /var/www. That folder is basically empty that is why you do not see much in your web browser.

To show proper web site, you need to put some web pages in that folder.

(a) allow yourselft to have access to the folder /var/www

sudo chown -R USERNAME /var/www

Now, you can copy your great web site to the folder /var/www.

Start Firefox again and type http://localhost/. Do you see you web site?

If you hate to always navigate to /var/www, you can press Control-D in Nautilus to add a new bookmark in Places menu. You can create a link to it in your home folder for easy access, alternatively.

(b) Create a folder in your desired location and link to the web direcotry

ln -s /var/www ~/WebSite

Now you can place all your web content inside the folder WebSite in your home folder and you will see your web site by going to

http://localhost/

(c) Using virtual hosts

If I put a folder called somechow inside /var/www, I can run my local web site by entering http://localhost/somechow.

However, I prefer more human-readable web addresses. For example, when I enter http://somechow, my local WordPress copy of somechow.Ws (located in /home/some/WebSites/somechow) runs in Firefox.

To use virtual hosts, you need to change hosts file and add some information for Apache.

(d) I add my virtual host address to Hosts file

sudo nano /etc/hosts

127.0.0.1 somechow

In above quote instead of 127.0.0.1 I used my desktop IP.

Then I reboot the computer or networking for changes to take effect

sudo /etc/init.d/networking restart

(e) Apache Configuration

Open the window in super user mode  uisng following command prompt

sudo nautilus

I create a copy of file default which is located in /etc/apache2/sites-available and rename it to somechow.

I created a link to this file by right-clicking and selected MakeLink option

I copy this link to /etc/apache2/sites-enabled

I change link file into somechow:

NameVirtualHost * is changed to NameVirtualHost somechow

ServerName@somechow is added under ServerAdmin

DocumentRoot /var/www/ is changed to DocumentRoot /home/some/WebSites/somechow

5. Virtual Hosting with multiple names

(a) Allow user to web directory

(b) Create Folder and link to web directory

(c) Using Virtual Hosts

(d) Adding Virtual Hosts

(e) Apache Configuaration

localhost is the default host, but if you add virtal hosts, you may want to change it to, say, somechow and somedary

However, the address http://localhost/ by default points to /var/www. That folder is basically empty that is why you do not see much in your web browser.

To show proper web site, you need to put some web pages in that folder.

(a) allow yourselft to have access to the folder /var/www

sudo chown -R USERNAME /var/www

Now, you can copy your great web site to the folder /var/www.

Start Firefox again and type http://localhost/. Do you see you web site?

If you hate to always navigate to /var/www, you can press Control-D in Nautilus to add a new bookmark in Places menu. You can create a link to it in your home folder for easy access, alternatively.

(b) Create a folder in your desired location and link to the web direcotry

ln -s /var/www ~/WebSite

Now you can place all your web content inside the folder WebSite in your home folder and you will see your web site by going to

http://localhost/

(c) Using virtual hosts

If I put a folder called somechow and somedary inside /var/www, I can run my local web site by entering http://localhost/somechow or http://localhost/somedary

However, I prefer more human-readable web addresses. For example, when I enter http://somechow and http://somedary , my local WordPress copy of somechow.Ws or somedary.ws(located in /home/some/WebSites/somechow and /home/some/WebSites/somedary ) runs in Firefox.

To use virtual hosts, you need to change hosts file and add some information for Apache.

(d) I add my virtual host address to Hosts file

sudo nano /etc/hosts

127.0.0.1 somechow

127.0.0.1 somedary

In above quote instead of 127.0.0.1 I used my desktop IP.

Then I reboot the computer or networking for changes to take effect

sudo /etc/init.d/networking restart

(e) Apache Configuration

(i) For somechow

Open the window in super user mode  uisng following command prompt

sudo nautilus

I create a copy of file default which is located in /etc/apache2/sites-available and rename it to somechow.

I created a link to this file by right-clicking the somechow and selected MakeLink option

I copy this link to /etc/apache2/sites-enabled

I change link file into somechow:

NameVirtualHost * is changed to NameVirtualHost somechow

ServerName@somechow is added under ServerAdmin

DocumentRoot /var/www/ is changed to DocumentRoot /home/some/WebSites/somechow

(ii) For somedary

Open the window in super user mode  uisng following command prompt

sudo nautilus

I create a copy of file default which is located in /etc/apache2/sites-available and rename it to somedary.

I created a link to this file by right-clicking the somechow and selected MakeLink option

I copy this link to /etc/apache2/sites-enabled

I change link file into somedary:

NameVirtualHost * is changed to NameVirtualHost somedary

ServerName@somedary is added under ServerAdmin

DocumentRoot /var/www/ is changed to DocumentRoot /home/some/WebSites/somedary

A common scenario when providing services via the web is to expose all applications via an Apache front end. The Apache server acts as a dispatcher, or reverse proxy, and takes care of virtual hosting as well as any SSL traffic. This way, only one IP address needs to be exposed to the Internet while users gets the experience of multiple stand-alone sites. This article series also describes how applications can be conveniently put behind access control using the Central Authentication Service, or CAS for short.

Part 3 – Adding Tomcat behind an Apache2 reverse proxy

This article is the third in a series. The steps described here are based on configurations that has been performed in the earlier steps. It is strongly recommended to read these first:

• Part 1 – Setting up Apache2 for virtual hosting
• Part 2 – Adding SSL support to Apache2 virtual hosts

Before starting any configuration, we need to make sure that the required components are installed. We need to have a working Java installation and Apache Tomcat. I have been using Java 1.6 and Tomcat 5.5, but it should probably work with later versions as well. Start by installing Java:

sudo apt-get install sun-java6-jdk

Tomcat is downloaded from the Apache web site. Choose the core package and extract it to /opt, or another place of your choice. You may even want to put Tomcat onto a separate server (on which you’ll need Java installed as well).

Now, you should be able to start Tomcat by running:

/opt/apache-tomcat-5.5.28/bin/startup.sh

If you get an error message stating that the JAVA_HOME variable is not set, you can add the following line to the file /etc/environment:

JAVA_HOME=/usr/lib/jvm/java-6-sun/

This will set the JAVA_HOME environment variable globally for all users. In order to read it into memory without rebooting, run the following command:

source /etc/environment
export JAVA_HOME

Direct your browser to http://localhost:8080 and make sure you reach the Tomcat welcome page.

Now that tomcat is up and running, we want to enable Apache2 to serve as a front end, taking care of virtual hosting and SSL acceleration. One could argue that any Tomcat installation using SSL benefits from having an Apache front end that handles SSL encryption and decryption in native code.

The preferred way of connecting Apache2 with Tomcat is by using the AJP protocol provided by the mod_jk Apache module. This requires a couple of configurations. We’ll start by installing the required Apache2 module:

sudo apt-get install libapache2-mod-jk

Next, we need to create the file /etc/apache2/conf.d/tomcat. By putting it in the conf.d directory it is automatically included into the Apache2 configuration:

# mod_jk config
# Where to find workers.properties
JkWorkersFile /etc/apache2/workers.properties
#
# Where to put jk logs
JkLogFile /var/log/apache2/jk.log
#
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y] "
#
#JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
#
# JkRequestLogFormat set the request format
JkRequestLogFormat "%w %V %T"

Next, create the file /etc/apache2/ workers.properties

#
# This file provides minimal jk configuration properties needed to
# connect to Tomcat.
#
# We define a worker named ‘default’
ps=/
workers.java_home=/usr/lib/jvm/java-1.5.0-sun/
worker.list=default
worker.default.port=8009
worker.default.host=localhost
worker.default.type=ajp13
worker.default.lbfactor=1

Edit the virtual host configuration /etc/apace2/sites-enabled/one.example.com-http and add the following just above the line starting with DocumentRoot:

JkMount /* default
JkMount /*.jsp default
DirectoryIndex index.jsp index.html
# Globally deny access to the WEB-INF directory
<LocationMatch ‘.*WEB-INF.*’>
deny from all
</LocationMatch>

Repeat the above with the HTTPS virtual host configuration /etc/apace2/sites-enabled/one.example.com-ssl.

Restart the Apache2 web server:

sudo /etc/init.d/apache2 restart

Now, you should be able to visit the Tomcat start page by directing the browser to either http://one.example.com or https://one.example.com.

Next Step

The next step is to get CAS up and running

References

http://blog.beplacid.net/2007/11/20/howto-apache-2-tomcat-5525-and-mod_jk-under-debian/

A common scenario when providing services via the web is to expose all applications via an Apache front end. The Apache server acts as a dispatcher, or reverse proxy, and takes care of virtual hosting as well as any SSL traffic. This way, only one IP address needs to be exposed to the Internet while users gets the experience of multiple stand-alone sites. This article series also describes how applications can be conveniently put behind access control using the Central Authentication Service, or CAS for short.

Part 2 – Adding SSL support to Apache2 virtual hosts

In this part of the article series we are going to set up Apache2 so that it is possible to access it through SSL. The Apache2 configuration we are working on is described in this previous post.

Note that there is a limitation as to how you can configure virtual hosts on HTTPS. Remember that traffic is encrypted when it arrives to the web server. This includes the actual host name in the request URL as well. Thus it is impossible for Apache to know which security certificate to use in order to decrypt the request. There is however something called wildcard certificates – these can be used for domain patterns like *.example.com. If we are using a wildcard certificate, i.e. always the same certificate, we can host an arbitrary number of virtual hosts under the domain, and they will all use the same certificate.

Now, let’s get started. The first thing to do is to make sure Apache2 has the necessary module for serving HTTPS traffic:

sudo a2enmod ssl

Next, we need to set up the key and certificate to use for our virtual hosts. This can either be done by purchasing a commercial certificate, or by creating a self-signed certificate. In this article we are going to create a self-signed certificate. This means that anyone accessing our site will get a warning that the root certificate is not trusted, but otherwise it is identical to a commercial certificate. Set up the self-signed certificate by issuing the following commands:

sudo mkdir /etc/apache2/ssl
sudo make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache2/ssl/apache.pem
sudo chmod a+r /etc/apache2/ssl/apache.pem

When you issue the second command above, you will be asked for the certificate identity. At this point enter *.example.com. The asterisk (*) indicates that it is a wildcard certificate that maps to any URL where the host part ends with example.com

Now we are all set to setup a couple of virtual hosts that will respond to HTTPS requests. Like discussed in the previous post, this is done by adding configuration files into the /etc/apache2/sites-available directory. Start with the file /etc/apache2/sites-available/one.example.com-ssl:

#
# Virtual host (HTTPS)
# one.example.com (/var/www/one.example.com)
#
<VirtualHost *:443>
ServerAdmin webmaster@one.example.com
ServerName one.example.com:443
#
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
#
# Indexes + Directory Root.
DirectoryIndex index.html
DocumentRoot /var/www/one.example.com/htdocs
#
# Logfiles
ErrorLog /var/www/one.example.com/logs/error.log
CustomLog /var/www/one.example.com/logs/access.log combined
</VirtualHost>

Continue with the second host, /etc/apache2/sites-available/two.example.com-ssl:

#
# Virtual host (HTTPS)
# two.example.com (/var/www/two.example.com)
#
<VirtualHost *:443>
ServerAdmin webmaster@two.example.com
ServerName two.example.com:443
#
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
#
# Indexes + Directory Root.
DirectoryIndex index.html
DocumentRoot /var/www/two.example.com/htdocs
#
# Logfiles
ErrorLog /var/www/two.example.com/logs/error.log
CustomLog /var/www/two.example.com/logs/access.log combined
</VirtualHost>

The two host configurations above point to the same web content directories as their non-SSL counterparts. This is by no means necessary – they could have pointed to any location, they are in fact different virtual hosts from the perspective of the Apache2 web server.

Finally, lets see it working in action by enabling the sites, restarting Apache and pointing the browser to the new virtual hosts:

sudo a2ensite one.example.com-ssl
sudo a2ensite two.example.com-ssl
sudo /etc/init.d/apache2 restart

You should now be able to access https://one.example.com and https://two.example.com and see different content. If you are using a self-signed certificate, like I have described here, you will be asked to override the default security behavior in the browser. Assuming you trust yourself – go ahead and add the exceptions.

Next step

The next step will be to add Tomcat to the setup and make Apache2 communicate with the Tomcat backend through the AJP protocol as provided by the mod_jk module.

A common scenario when providing services via the web is to expose all applications via an Apache front end. The Apache server acts as a dispatcher, or reverse proxy, and takes care of virtual hosting as well as any SSL traffic. This way, only one IP address needs to be exposed to the Internet while users gets the experience of multiple stand-alone sites. This article series also describes how applications can be conveniently put behind access control using the Central Authentication Service, or CAS for short.

Part 1 – Setting up Apache2 for virtual hosting

Installing and configuring Apache

We are going to create an environment where we can host multiple websites with a single server. This is quite straightforward to do with the use of the Apache web server. We are going to cover the use of the NameVirtualHost directive, which does not require any hard-wiring of IP addresses. The only thing you need is for your domain names to resolve to the IP address of your webserver.

For example if you have an Apache server running upon the IP address 10.0.1.20 and you wish to host the two sites one.example.com and two.example.com you’ll need to make sure that these names resolve to the IP address of your server. If you wish to do this in an isolated environment and avoid setting up DNS records, you can simply add the host names to your /etc/hosts file, which should then look something like the following (replacing the IP addresses with the address of your intended server):

127.0.0.1    localhost
10.0.1.20    one.example.com
10.0.1.20    two.example.com

After this preparation, the first thing to do is to setup an Apache2 web server. In Ubuntu, it is conveniently located in the repositories:

sudo apt-get install apache2

This installs the Apache web server and creates a basic configuration. After installation you should be able to access your newly created server on http://localhost. You should also be able to access the default server site on the addresses http://one.example.com and http://two.example.com.

The next thing to do is to enable virtual hosts in your Apache configuration. The simplest way to do this is to create a file called /etc/apache2/conf.d/virtual.conf and include the following content in it:

#
#  Handle multiple virtual hosts.
#
NameVirtualHost *:80
NameVirtualHost *:443

This effectively means that you are going to map all requests on port 80 and 443 (HTTPS) to virtual hosts. Note that there is a limitation as to how you can configure virtual hosts on HTTPS. Remember that traffic is encrypted when it arrives to the web server. This includes the actual host name in the request URL as well. Thus it is impossible for Apache to know which security certificate to use in order to decrypt the request. There is however something called wildcard certificates – these can be used for domain patterns like *.example.com. If we are using a wildcard certificate, we can host an arbitrary number of virtual hosts under the domain, and they will all use the same certificate. More on that in a later post.

Next, we need to create the two virtual web sites. All site configurations under apache2 are kept in the directory /etc/apache2/sites-available. Start by creating the file /etc/apache2/sites-available/one.example.com-http:

#
#  Virtual host
#  one.example.com (/var/www/one.example.com)
#
<VirtualHost *:80>
ServerAdmin webmaster@one.example.com
ServerName  one.example.com:80

# Indexes + Directory Root.
DirectoryIndex index.html
DocumentRoot /var/www/one.example.com/htdocs

# Logfiles
ErrorLog  /var/www/one.example.com/logs/error.log
CustomLog /var/www/one.example.com/logs/access.log combined
</VirtualHost>

Note that the directive ServerName marks the name of the virtual host, and when Apache receives a request that contains a url with this name, it will be directed to the directory /var/www/one.example.com/htdocs. Now, lets do the same with the second virtual host by creating the file /etc/apache2/sites-available/two.example.com-http:

#
#  Virtual host
#  two.example.com (/var/www/two.example.com)
#
<VirtualHost *:80>
ServerAdmin webmaster@two.example.com
ServerName  two.example.com:80

# Indexes + Directory Root.
DirectoryIndex index.html
DocumentRoot /var/www/two.example.com/htdocs

# Logfiles
ErrorLog  /var/www/two.example.com/logs/error.log
CustomLog /var/www/two.example.com/logs/access.log combined
</VirtualHost>

The last thing to do is to create a directory structure and some content to display for the sites:

sudo mkdir /var/www/one.example.com/htdocs
sudo mkdir /var/www/one.example.com/logs
sudo mkdir /var/www/two.example.com/htdocs
sudo mkdir /var/www/two.example.com/logs
sudo echo "site one.example.com" > /var/www/one.example.com/htdocs/index.html
sudo echo "site two.example.com" > /var/www/one.example.com/htdocs/index.html

Finally, lets enable the sites, restart apache and see the result. Enabling the sites boils down to creating symbolic links in the /etc/apache2/sites-enabled directory. These are automatically included by Apache when the configuration is loaded. For convenience there is  a script available that creates the link for us:

sudo a2ensite one.example.com-http
sudo a2ensite two.example.com-http
sudo /etc/init.d/apache2 restart

Now, direct the browser to http://one.example.com, followed by http://two.example.com. You should be greeted by two different web sites. Voila!

Next step

The next step is to enable SSL with the use of a wildcard certificate

References

http://www.debian-administration.org/articles/412

Subversion adalah suatu software atau tool yang bisa memudakan para developer dalam mengerjakan suatu project yang besar dan dikerjakan secara tim atau bersama2.

Sebelumnya untuk instalasi bisa dibaca di file “README.SuSE” di directory “/usr/share/doc/packages/subversion/”
atmahadli:/home/ahsani # cat /usr/share/doc/packages/subversion/README.SuSE

1. backup and restore your repository datasubversi repositori menggunakan salah satu sistem database Berkeley perpustakaan, atau database FSFS format yang datang dengan paket subversi itu sendiri. Karena sistem BDB perpustakaan sering memperkenalkan format yang tidak kompatibel baru selama upgrade versi, sebuah backup / restore dari semua repositori subversi harus dilakukan sebelum melakukan upgrade sistem seperti.
‘svnadmin dump‘ akan menulis repositori ke stdout dalam sebuah format ‘dumpfile’. dumpfile ini dapat diload kemudian dengan ‘svnadmin load‘.

2. create svn user/group for svnserve
subversion repositori dapat disajikan baik melalui http, atau melalui svnserve daemon dan sebuah protokol jaringan khusus. svnserve tidak boleh menjalankan sebagai root user. Startup script rcsvnserve mengharapkan user / grup bernama ’svn’, dapat dikonfigurasi melalui /etc/sysconfig/svnserve. Tapi user/grup harus diciptakan sebelum penggunaan svn:
useradd svn
groupadd svn

3. mini-howto for 2 projects
Untuk menjalankan server subversion, Anda perlu mengkonfigurasi apache2 untuk memuat dua modul apache2: mod_dav dan mod_dav_svn. (mod_dav diperlukan oleh mod_dav_svn, tersebut akan diinstal bersama dengan apache2.)
Hal ini dilakukan dengan menambahkan dav dan dav_svn modul ke konfigurasi apache2 (a2enmod dav; a2enmod dav_svn), dan me-restart server. Sebuah default/contoh konfigurasi modul dav_svn dapat ditemukan di /etc/apache2/conf.d/subversion.conf. Dengan paket apache lebih baru, konfigurasi ini tidak load secara otomatis oleh server apache, karena banyak orang mengkonfigurasi virtual host dan agaknya mustahil bahwa repositori harus tersedia dari setiap virtual host. Untuk memuat konfigurasi untuk virtual host tertentu, tambahkan Include /etc/apache2/conf.d/subversion.conf atau Sertakan /path/ke/konfigurasi_subversion_anda di masing-masing konfigurasi virtual host. Ini mungkin dilakukan di default virtual host (/etc/apache2/default-server.conf).

contoh kecil:
Rencananya:
host dengan 2 proyek sumber subversi anonim keduanya harus memiliki akses membaca keduanya harus memiliki akses tulis terbatas untuk beberapa pengguna mereka hanya diakses melalui HTTP, bukan (!) secara lokal mereka akan diakses melalui:
http://hostname/repos/project1
http://hostname/repos/project2
Keduanya akan memiliki versi resmi dari pohon(tree) sumber dan versi modifikasi untuk distribusi. Proyek yang dimaksud adalah: project1 dan project2
Realisasi: menemukan suatu mesin untuk menjadi tuan rumah proyek. Jauhkan backup (dan restore) Dalam pikiran ketika mencari hardware.
menginstal paket yang dibutuhkan
Anda bisa memeriksa update paket di
ftp://ftp.suse.com/pub/projects/apache/
rpm -Uvh \
apache2 \
apache2-doc \
apache2-prefork \
libapr1 \
libapr-util1 \
neon \
subversion \
subversion-doc \
subversion-server
update /etc/sysconfig/apache2 dengan menambahkan ‘dav dav_svn’ ke $APACHE_MODULES:
a2enmod dav
a2enmod dav_svn

buat directory untuk tempat repository svn:
mkdir -p /srv/svn/repos
mkdir -p /srv/svn/user_access
mkdir -p /srv/svn/html

menambahklan repository data untuk http. edit file /etc/apache2/conf.d/subversion.conf:

#--------------------------------------------------
#
# project related HTML files
#
<IfModule mod_alias.c>
Alias /repos    "/srv/svn/html"
</IfModule>
<Directory /srv/svn/html>
Options         +Indexes +Multiviews -FollowSymLinks
IndexOptions    FancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
order allow,deny
allow from all
</Directory>

# project repository files for project1
<Location /repos/project1>
DAV svn
SVNPath /srv/svn/repos/project1
# Limit write access to certain people
AuthType Basic
AuthName "Authorization for project1 required"
AuthUserFile /srv/svn/user_access/project1_passwdfile
AuthGroupFile /srv/svn/user_access/project1_groupfile
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group project1_committers
</LimitExcept>
# Limit read access to certain people
<Limit GET PROPFIND OPTIONS REPORT>
Require group project1_committers
Require group project1_readers
</Limit>
</Location>
# project repository files for project2
<Location /repos/project2>
DAV svn
SVNPath /srv/svn/repos/project2
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "Authorization for project2 required"
AuthUserFile /srv/svn/user_access/project2_passwdfile
Require valid-user
</LimitExcept>
</Location>
#--------------------------------------------------

buat repository baru:
cd /srv/svn/repos
svnadmin create project1
chown -R wwwrun:www project1/{dav,db,locks}
svnadmin create project2
chown -R wwwrun:www project2/{dav,db,locks}
Restart webserver(apache):
rcapache2 restart
Sekarang buat user untuk bisa akses ke reopository svn:
project1 adalah project yang aksesnya dibatasi(restricted).
untuk melihat/mengupdate juga juga membutuhkan password
touch /srv/svn/user_access/project1_passwdfile
chown root:www /srv/svn/user_access/project1_passwdfile
chmod 640 /srv/svn/user_access/project1_passwdfile
htpasswd2 /srv/svn/user_access/project1_passwdfile olaf
htpasswd2 /srv/svn/user_access/project1_passwdfile olh
dan buat group untuk project1 pada file /srv/svn/user_access/project1_groupfile
dengan isi:
project1_committers: olh
project1_readers: olaf olh
project2 dapat dilihat oleh semua pengakses, tetapi hanya beberapa yang bisa commit.
touch /srv/svn/user_access/project2_passwdfile
chown root:www /srv/svn/user_access/project2_passwdfile
chmod 640 /srv/svn/user_access/project2_passwdfile
htpasswd2 /srv/svn/user_access/project2_passwdfile olaf

seharusnya anda sudah bisa connect ke svn:
http://host/repos/project2
http://host/repos/project1
sekarang import data untuk commit ke svn:
svn import /path/to/project2-tree http://host/repos/project2

selamat mencoba terimakasih
[atm.d_anank]

Our client in Redwood City, CA is in need of a seasoned system administrator and operations engineer to manage, maintain and support multiple environments supporting several different architectures and environments. The successful candidate will have strong exposure to large web site deployments with multiple tiers include web front-ends, middleware components, backend services, data storage systems and 2nd/3rd tier components like caching and search layers.

Requirements:

• 7 years Linux admin experience
• 5 years RHEL admin experience
• 5 years RPM management and admin experience
• 3 years working with MySQL
• Sound understanding of web services and related technologies (HTTP, REST, XML, JSON, etc)
• Experience with Linux web servers (Apache2, nginx, lighttpd, etc)
• Experience with monitoring systems and components (nagios, cacti, etc)
• Exposure to scripting languages such as Perl, Python, etc.

Really nice-to-haves but not required:

• Experience with Erlang
• Experience with Ruby on Rails
• Exposure to Jabber/XMPP
• Exposure to distributed / grid computing
• ejabberd administration and configuration
• Experience with second and third tier services and components like memcached (or like systems), search applications (lucene, xapian, sphinx, etc), etc.

Realistically, these are also nice to haves but not required:

• Exposure to functional programming languages.
• Exposure to the Facebook Platform, Open Social and or other web services and systems
• Comfortable working in an Agile work environment.
• Plays games and occasionally keeps tabs on the gaming world/industry.

If interested, please send us your resume along with the rate per hour, contact number, and availability for a phone interview to raj@mindsource.com.

Se você instalou o apache, e você não deseja que seus visitantes vejam todo o conteúdo de uma pasta que não contém o arquivo index.php ou index.htm, edite o arquivo /etc/apache2/sites-available/nome_do_seu_site e insira o conteúdo Options -Indexes abaixo da linha DocumentRoot. Segue abaixo os passos:

vim /etc/apache2/sites-available/nome_do_seu_site

2) Conteúdo do arquivo /etc/apache2/sites-available/nome_do_seu_site:
<VirtualHost *>
ServerAdmin seu_email@seu_site_com_br
ServerName seu_dominio.com.br
ServerAlias www.seu_dominio.com.br

# Indexes + Directory Root.
DirectoryIndex index.html index.htm index.php
DocumentRoot /var/www/pasta_do_seu_site/
Options -Indexes
# CGI Directory
ScriptAlias /cgi-bin/ /var/www/pasta_do_seu_site/cgi-bin/

Options +ExecCGI
# Logfiles
ErrorLog /var/log/apache2/nome_do_seu_site.error.log
CustomLog /var/log/apache2/nome_do_seu_site.access.log combined

</VirtualHost>

Espero que este post seja útil.

Related softwares:

1. Ubuntu 9.04
2. Subversion 1.6.x
3. Apache2

First, if you haven’t install Apache2 and Apache2-Subversion-library, you can do so by typing below:

sudo apt-get install apache2 apache2lib-svn

Then, edit the apache2-svn file in /etc/apache2/mods-available/dav_svn.conf.
Enter the following entry into the file and replace the variables with the square-bracket [xxx] with your value accordingly.

<Location [SVN_URL_PATH]>
DAV svn
SVNParentPath [SVN_PARENT_PATH]
AuthName "[SVN_REPOSITORY_NAME]"
AuthUserFile [AUTHENTICATION_FILE_PATH]
Require valid-user
</Location>

If you wish to have the repository URL such as http://hostname/svn, then replace the [SVN_URL_PATH] with /svn. Replaced the [SVN_PARENT_PATH] with the parent path of your Subversion repository. If you place your repository named projects in /var/www/svn_root/projects, then replace it with /var/www/svn_root. Replace the [SVN_REPOSITORY_NAME] with any name that you wish. Lastly, replace [AUTHENTICATION_FILE_PATH] with the absolute path of your authentication file, which we will create later. Let say we will create the file in /var/www/svn_root which named mypasswd. Then replace it with /var/www/svn_root/mypasswd.

To create the authentication file with a user named dhydrated, type the following:

htpasswd -c /var/www/svn_root/mypasswd dhydrated

To modify existing authentication file with a user named dhydrated, type the following:

htpasswd -m /var/www/svn_root/mypasswd dhydrated

Restart your Apache2 server by typing:

sudo /etc/init.d/apache2 restart

If everything went well, you should be able to access your repository via http://hostname/svn/projects, and a dialog box will be prompted to ask for your username and password as you put in the authentication file.

Ótima dica de como configurar o Apache2 para responder por múltiplos domínios em pastas diferentes.

http://www.corey-m.com/blog/?p=315

Wat? PHP sends as plain text in Snow Leopard? Reinstall PHP: http://www.entropy.ch/software/macosx/php/

Now apache doesn’t work? Edit /etc/apache2/httpd.conf, uncomment #LoadModule php5_module        libexec/apache2/libphp5.so (make it just LoadModule php5_module libexec/apache2/libphp5.so). Now go into System Preferences->Sharing, uncheck then recheck Web Sharing

Now it should work. For some reason, that line being commented out causes a segfault when you request anything besides a directory listing.

Update :

After disable all the virtual host, and enable only the secure one (using the configuration below), everything work as expected.

To make sure, the server talk in a secure mode (using ssl), try access the server using http://

http://openthinklabs.wm:443

If you receive a bad request information from the browser, like the one below :

Your ssl configuration is correct.

If you see plain text, you willl get ssl_error_rx_record_too_long error when accessing the page using https.

After following tutorial at [1] i get ssl_error_rx_record_too_long error.

.

Didn’t find any solution yet …

Here is my virtual host setting :

NameVirtualHost *:443
<VirtualHost *:443>
	ServerAdmin wildan.m@gmail.com
        ServerName openthinklabs.wm

	DocumentRoot /home/wildan/jobstuff/OpenThinkLabs/webapps/openthinklabs

	<Directory "/home/wildan/jobstuff/OpenThinkLabs/webapps/openthinklabs">
		Options Indexes FollowSymLinks MultiViews
		AllowOverride All
		Order allow,deny
		allow from all
		# This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                #RedirectMatch ^/$ /apache2-default/
	</Directory>

	ErrorLog /var/log/apache2/openthinklabs_error.log

	# Possible values include: debug, info, notice, warn, error, crit,
	# alert, emerg.
	LogLevel debug

	CustomLog /var/log/apache2/openthinklabs.log combined
ServerSignature On

SSLEngine On
SSLCertificateFile /etc/apache2/ssl.cert/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key

#SSLCertificateChainFile /etc/apache2/ssl.cert/my-ca.crt
#SSLCACertificateFile /etc/apache2/ssl.cert/my-ca.crt

JkMount /alfresco ajp13
JkMount /alfresco/* ajp13

JkMount /cas ajp13
JkMount /cas/* ajp13

<Location /alfresco>
AuthType CAS
AuthName "CAS"
require valid-user
CASScope /alfresco
</Location>

<Location /share>
AuthType CAS
AuthName "CAS"
require valid-user
CASScope /share
</Location>

<Location /examples>
AuthType CAS
AuthName "CAS"
require valid-user
CASScope /examples
</Location>

</VirtualHost>

References :

[1]. http://www.tc.umn.edu/~brams006/selfsign.html

This tutorial will guide you through installation of Apache, HTTPS, Subversion and Trac, in order to have an (almost) complete development environment for your team.

This article is divided in following steps

1. Installing Subversion
2. Installing Apache
3. Configuring Apache with SSL
4. Configuring Subversion with Apache (and SSL)
5. Installing Trac

You may choose for example to see how to install Apache and SSL, or having Apache plus subversion without Trac.
Steps are voluntary isolated, and will require more operations than, for instance, issuing an “apt-get install trac” that will download and install all the packages in one step; but this will hopefully allow the readers to choose picking one section and forget about unneeded components.
I’ll not explain what Subversion is, or what SSL is, etc. Ask google, for this info: I just say that for your software project you may need a server with those tools ready for your team.

Requirements

You need Ubuntu 9.04, in my case I used the “desktop edition” 32bit. But possibly this tutorial should be valid for Debian and previous Ubuntu version; but I have not verified that: if you do, post a comment to report your experience.

Preparation

After installing your server you have to ensure that apt system is up to date with available software on the repositories. Type the following command:

$ sudo apt-get update

upgrading installed packages may be a good idea to do now:

$ sudo apt-get upgrade

Answer Yes if asked to download and install the upgrades.

1. Installing Subversion

From the command line type the command:

$ sudo apt-get install subversion

If everything went fine you should able to verify the Subversion version installed with following command:

$ svn –version

svn, version 1.5.4 (r33841)
compiled Aug  7 2009, 01:44:11

Copyright (C) 2000-2008 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).

The following repository access (RA) modules are available:

* ra_neon : Module for accessing a repository via WebDAV protocol using Neon.
- handles ‘http’ scheme
- handles ‘https’ scheme
* ra_svn : Module for accessing a repository using the svn network protocol.
- with Cyrus SASL authentication
- handles ’svn’ scheme
* ra_local : Module for accessing a repository on local disk.
- handles ‘file’ scheme

For now, let’s stop here: how to create the Subversion repository, configure the users etc. Will be explained later in conjunction with Apache2 configuration. Maybe I’ll write something on how to deal with svnserve, svnadmin, and user access control, in another article.

Later we will see how to create a repository, configure it with apache and HTTP basic authentication.

2. Installing Apache

To install apache 2 type the command:

$ sudo apt-get install apache

When finished you should be able to connect with the browser at http://localhost and see the message “It works!”. Or you may verify that at the command line installing and using curl:

$ sudo apt-get install curl

$ curl http://localhost
<html><body><h1>It works!</h1></body></html>

3. Configuring Apache with SSL

Now we want to configure apache to run HTTPs.
Following command will enable ssl Apache2 module with a2enmod (cryptic name for “Apache2 enable module”:

$ sudo a2enmod ssl

The previous command will suggest you to restart apache to let it to reload the configuration; ignore that message for now.

We need to enable the HTTPS port (443). Edit /etc/apache2/ports.conf and ensure that port 443 is defined as follows:

$ sudo gedit /etc/apache2/ports.conf

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz

NameVirtualHost *:80
Listen 80

<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here
NameVirtualHost *:443
Listen 443
</IfModule>

I added the clause NameVirtualHost *:443 in the for SSL; this is not strictly necessary but it will be useful later if you want to have a VirtualHost for trac and other development services.

Now we need to configure the SSL site. Fortunately we have already the configuration file for that, we just need to enable it with a2ensite (cryptic name for “apache2 enable site”)

$ sudo a2ensite default-ssl

Again, the above command will suggest to reload apache configuration to activate the changes. This time the suggestion is almost right. As we made several changes I prefer to restart apache with following command:

sudo /etc/init.d/apache2 restart
* Restarting web server apache2

apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName
… waiting apache2: Could not reliably determine the server’s fully qualified domain name, using 127.0.1.1 for ServerName

If everything went fine you should see the above warning. You can ignore it, unless you want to configure the ServerName for your server. But this is out of scope, so do a search on Google, or consult an Apache expert.

So, if everything went fine, now we should be able to connect to our server through SSL.
You can use firefox or curl, as before, but this time the URL will be https://localhost

$ curl -k https://localhost
<html><body><h1>It works!</h1></body></html>

the -k option is to ignore certification validation. Also firefox will complain that our certificate is invalid, but you can add it to exceptions and it will nomore bug you with those messages.

If everything went fine, now we should have Apache2, HTTP and HTTPs ready.

4. Configuring Subversion with Apache (and SSL)

First of all, we need to install the Subversion modules for Apache2.

$ sudo apt-get install libapache2-svn

They will be enabled by default. So you don’t need to run a2enmod.

We only need to configure a repository. Let’ say our project is called ‘myproject’.

First of all, let’s decide where our svn repositories will be created. I like /var/local/svn :

$ sudo mkdir /var/local/svn/

Then let’s create the repository using following procedure:

$ sudo mkdir /var/local/svn/myproject
$ sudo chown www-data:www-data /var/local/svn/myproject
$ sudo -u www-data svnadmin create /var/local/svn/myproject

Above commands will ensure that the user www-data (which is the apache user) can fully access the repository for reading and updating it.

We need to configure the repository in Apache. Edit /etc/apache2/mods-available/dav_svn.conf using:

$ sudo gedit /etc/apache2/mods-available/dav_svn.conf

And add a section like the following one:

<Location /svn/myproject>
DAV svn
SVNPath /var/local/svn/myproject
AuthType Basic
AuthName “My Project Subversion Repository”
AuthUserFile /etc/subversion/myproject.passwd
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>

In the above file we indicated that, at the location svn our repository should respond. And for updating the repository we want a valid user. As per above configuration anonymous consultation is allowed; but you can disable it commenting with a leading ‘#’ the lines <LimitExcept … and </LimitExcept> or just removing them as in following example:

<Location /svn/myproject>
DAV svn
SVNPath /var/local/svn/myproject
AuthType Basic
AuthName “My Project Subversion Repository”
AuthUserFile /etc/subversion/myproject.passwd
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
</Location>

The above configuration indicates to Apache that even for consulting the repository we want a valid user.
But valid users need a password, and in fact we indicated a password file for our repository called /etc/subversion/myproject.passwd. So let’s create a password file with a couple of users:

$ sudo htpasswd -c /etc/subversion/myproject.passwd luigi
$ sudo htpasswd /etc/subversion/myproject.passwd mario

The -c option indicates that the password file should be created as new; and it is only necessary for the first user. Be aware of the fact that -c overwrites the existing password file without asking anything. Personally I think this is a quite stupid behavior, but that’s the way it is.

Now we should be ready.

Let’s reload apache configuration to make the changes effective:

$ sudo /etc/init.d/apache2 reload

and let’s test with the browser that our svn repository is now accessible through HTTP and HTTPs at following urls:
http://localhost/svn/myproject/
https://localhost/svn/myproject/

We can also use curl to verify it is working:

$ curl http://username:password@localhost/svn/myproject/
<html><head><title>myproject – Revision 0: /</title></head>
<body>
<h2>myproject – Revision 0: /</h2>
<ul>
</ul>
<hr noshade><em>Powered by <a href=”http://subversion.tigris.org/”>Subversion</a> version 1.5.4 (r33841).</em>
</body></html>

$ curl -k https://username:password@localhost/svn/myproject/
<html><head><title>myproject – Revision 0: /</title></head>
<body>
<h2>myproject – Revision 0: /</h2>
<ul>
</ul>
<hr noshade><em>Powered by <a href=”http://subversion.tigris.org/”>Subversion</a> version 1.5.4 (r33841).</em>
</body></html>

Now we can also download our project using svn

$ svn co https://localhost/svn/myproject myproject –username luigi

“luigi” is obviously my username, substitute it with yours.
The first time it will prompt for accepting the SSL certificate, answer to accept it permanently (p). Then it will optionally ask you for the password, type it.
We can also test that modifying the remote repository is working with:

$ svn mkdir -m “created the trunk for the project” https://localhost/svn/myproject/trunk –username luigi

It will answer: Committed revision 1. If so, we’ve done.

5. Installing Trac

To install trac files and required dependencies, type the following command:

$ sudo apt-get install trac
$ sudo apt-get install libapache2-mod-python

Let’s create the directories for trac web folder:

$ sudo mkdir /var/local/trac
$ sudo chown www-data:www-data /var/local/trac

edit Apache configuration file for one of your enabled sites (in this example I modify the default http one, but you can choose to put trac on HTTPS modifying default-ssl)

$ sudo gedit /etc/apache2/sites-enabled/000-default

and add the following lines at the end of the file, before the </VirtualHost> tag:

<Location /projects>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /var/local/trac
PythonOption TracUriRoot /projects
PythonOption PYTHON_EGG_CACHE /tmp
</Location>

# use the following for one authorization for all projects
# (names containing “-” are not detected):
<LocationMatch “/projects/[[:alnum:]]+/login”>
AuthType Basic
AuthName “trac”
AuthUserFile /etc/trac/trac.passwd
Require valid-user
</LocationMatch>

Create a password file for trac users (if you want you can reuse or link the passwd file used for subversion repositories)

$ sudo htpasswd -c /etc/trac/trac.passwd luigi
$ sudo htpasswd  /etc/trac/trac.passwd mario
… continue this way for all your users.

Create the trac environment for your project:

$ sudo -u www-data trac-admin /var/local/trac/myproject initenv

It will ask you some questions related to your project. Here’s my answers in blue

Project Name [My Project]> My Project
Database connection string [sqlite:db/trac.db]> [Just press Enter to accept the default]
Repository type [svn]>  [Just press Enter to accept the default]
Path to repository [/path/to/repos]> /var/local/svn/myproject

Now let’s restart apache:

$ sudo /etc/init.d/apache2 restart

Check that trac works properly connecting the browser to http://localhost/projects or use curl to verify that the url is responding properly as we did before. This url should display a link to “My Project”, click on it and you should see the project home page. Clicking on login the browser should ask you to provide username and password as recently defined with htpasswd command.

Last thing to do: add yourself as administrator for Trac. This will enable the Admin menu and allow to do much of the administration operations from the web, that you could also do at the command line with trac-admin tool.
Execute the following command:

$ sudo -u www-data trac-admin /var/local/trac/myproject permission add luigi TRAC_ADMIN

This will make the username ‘luigi’ administrator for the project.

You can tune additional configuration settings in Trac to enable email notification, change the project logo, etc. Everything you need to know is on Trac website. For the configuration check here: http://trac.edgewall.org/wiki/TracIni

Ketika menjalani kerja praktek di PT Telekomunikasi Indonesia, Tbk. alias TELKOM, kantor Japati, Bandung, sebulan yang lalu, saya ditugaskan untuk mengerjakan proyek yang melibatkan bahasa pemrograman PHP dan DBMS Oracle. Walaupun sebelumnya saya sudah bisa ‘bermain’ Oracle dengan mulusnya di Ubuntu saya, namun menjalankan script PHP dengan fungsi oci di dalamnya adalah pengalaman baru bagi saya. Beruntunglah beberapa rekan kerja saya di sana ternyata juga Ubuntumania jadi saya banyak tertolong dalam mengadaptasikan aplikasi yang biasa digunakan kantor dengan Ubuntu saya. Salah satunya, saya dikenalkan dengan LAMPP yang akhirnya membantu saya menjalankan fungsi oci di script PHP saya tanpa perlu melakukan konfigurasi yang ribet.

LAMPP, singkatan dari XAMPP for Linux, merupakan alternatif paket web server di Linux yang bisa kita gunakan seperti layaknya XAMPP di Windows. Pengembang web dengan sistem operasi Windows mungkin sudah terbiasa menggunakan XAMPP. LAMPP ini bisa diinstal dengan atau tanpa paket web server bawaan Linux yang sudah ada sebelumnya. Bagi yang belum ngeh dengan apa yang saya maksud, oke deh cerita dulu ya gimana caranya instal web server dan kawan-kawannya di Linux…

Secara default, di Linux kita bisa memiliki paket web server lengkap dengan server basis data dan berbagai interpreter skrip (umumnya bekerja dengan tiga serangkai ini: Apache, PHP, MySQL) yang diinginkan dengan menginstal package dari menu Administration -> Synaptic Package Manager atau dapat juga langsung dijalankan dari terminal. Langkah-langkahnya sebagai berikut:

Dari terminal

1. Jangan lupa login sebagai root dulu, ketik sudo -s
2. Instal web server, misal Apache, ketik
   

   apt-get install apache2

   Keterangan:

   Angka ‘2′ pada command di atas menunjukkan versi Apache. Anda bisa menggantinya dengan versi yang Anda inginkan, namun saya sarankan instal saja yang terbaru karena kompatibilitasnya mungkin berbeda.

3. Instal server basis data, misal MySQL, ketik
   

   apt-get install mysql-server
apt-get install mysql-client

   untuk kompabilitas dengan php misalnya:

   apt-get install mysql-server php5-mysql

   Keterangan:

   Anda dapat mengganti perintah mysql-server dengan server basis data lain, misalnya PostgreSQL maka apt-get install postgresql-nomorversi.

Dari Synaptic

1. Login sebagai root
2. Instal web server
   • Cari package apache2
   • Klik pada checkbox-nya, pilih Mark for Installation, pilih “Mark” pada kotak dialog konfirmasi, kemudian klik menu Apply
3. Instal database server
   • Cari package mysql-client, mysql-server, php-mysl dan package-package mysql lain yang mungkin Anda butuhkan, kemudian lakukan cara yang sama seperti poin berikutnya pada nomor 2

Dengan ketiga langkah di atas, Anda sudah dapat menggunakan web server lokal di Linux Anda. Cara menjalankannya melalui terminal dengan perintah berikut:

sudo -s (masuk sebagai root)

/etc/init.d/apache2 start

/etc/init.d/mysql start

ganti start dengan stop jika Anda ingin menghentikannya.

Jangan lupa untuk membuat folder public_html di home folder Anda sebelumnya. Folder inilah tempat menyimpan semua file yang ingin kita akses dari web server lokal kita. Alamat default di browser Anda adalah http://localhost/~username, misalnya username saya di laptop pake nama “diopu”, maka untuk mengakses file di public_html saya cukup mengetik http://localhost/~diopu.

Sekarang kita kembali ke laptop LAMPP. Seperti yang saya katakan tadi, LAMPP merupakan alternatif lain paket web server lokal di Linux. Kalo Anda nggak mau ribet dengan Apache-MySQL-PHP bawaan Linux, Anda dapat memiliki LAMPP dan menjalankannya dengan langkah-langkah berikut:

1. Unduh paketnya dari www.apachefriends.org/en/xampp-linux.html
2. Di mana pun Anda menyimpan file yang telah diunduh, ekstraklah sang paket di folder /opt dengan perintah
   

   tar xvfz xampp-linux-1.7.1.tar.gz -C /opt

   (jangan lupa sudo -s dulu)

3. Kini telah terbentuk sebuah folder lampp di /opt
4. Berhubung Linux suka ‘resek’ sama permission, ubah permission folder tersebut dengan perintah
   

   chmod 777 /opt/lampp

   artinya Anda mengaktifkan mode read-write-execute untuk semua user

5. Ubah juga permission konfigurasi phpmyadminnya pake perintah
   

   chmod 644 -R /opt/lampp/phpmyadmin/config.inc.php

6. Jalankan dengan perintah
   

   /opt/lampp/lampp start

   ganti start dengan stop jika Anda ingin menghentikannya.

7. Sama seperti di XAMPP, letakkan file-file Anda di /opt/lampp/htdocs, folder htdocs ini seperti public_html-nya LAMPP

Voila! Selesai sudah. Kalo pake LAMPP ini, Anda cukup mengetikkan http://localhost pada browser, tidak perlu username di belakangnya. Tapi ingat, Anda tidak dapat menjalankan web server bawaan Linux dan LAMPP sekaligus dalam waktu yang bersamaan, salah satu harus dinonaktifkan. Selamat mencoba!

I have tried to use our main git repository over https but I had gotten error messages like


PUT 54510da55977f5c1e47e5356b996762f4544b90d failed, aborting (22/403)
MKCOL 3b04e830cf4e221491e38443beac0f2f4a2e61c1 failed, aborting (22/403)
PUT 96496dc5f4115e3b9a90757410158f2ba7d12c80 failed, aborting (22/403)
MKCOL af7988694ce7cc8fbfd6b40deffe78d7231cffc8 failed, aborting (22/403)
Updating remote server info
error: failed to push some refs to 'https://myserver.de/myproject.git'


It was hard to discover whats going wrong here. I have set the GIT_CURL_VERBOSE=1 flag to see if there was an communication problem with my server. The communication itself was ok … but the server returns always a 403 (permission denied).

Next I had a look into my apache logs and I had seen follow error messages:


Permission denied: Unable to create a collection.


This looks like a file permission problem. I have setup a new group for my git repository and give apache the rights for read and write. But the problems still occured.

The solution was to set the correct Limit directive in the configuration for my git repository:

Alias /git /usr/var/git
<directory "/usr/var/git">
  DAV filesystem
  Options +Indexes

  AuthType Basic
  AuthName "git repositories"
  AuthUserFile /etc/apache/git.users.auth

  <limit GET PUT POST DELETE PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
    Require valid-user
  </limit>
</directory>

After a apache reload the push and pull commands working nice.

Ao tentar iniciar o processo de instalação via web do Egroupware em um cliente me deparei com um problema chato.

O firefox tentava fazer o download de um arquivo PHTML todas as vezes que eu acessava a URL de configuração do Egroupware, esse erro ocorria tanto no apache2 rodando no Debian quanto no Ubuntu.

Depois de algumas pesquisas entendi que o apache2 não estava conseguindo tratar os arquivos com este tipo de extensão. Resolver o problema foi bastante simples:

Adicionei a seguinte linha no final do arquivo /etc/apache2/apache2.conf:

AddType application/x-httpd-php .phtml

Depois limpei todo o cache do firefox e tudo voltou a funcionar corretamente.