Tag: server

Renaming JSESSIONID

Older versions of Apache Tomcat, as well as the older servlet specifications required that several configuration values need to be set. With servlet 3, you can now modify the name of the session cookie (as well as the ‘rewriting’ attribute name) in the web.xml file

In web.xml: (servlet 3.x)

<session-config>
<session-timeout>30</session-timeout>
<cookie-config>
<name>mysessionid</name><!-- default is jsessionid -->
<http-only>true</http-only>
<!-- secure>true</secure-->
</cookie-config>
<tracking-mode>COOKIE</tracking-mode>
</session-config>

Alternately for Tomcat7, modify TOMCAT_HOME\conf\context.xml:
<Context path="/exampleApp" sessionCookieName="myid">

If you are using spring security, then you should try setting disable-url-rewriting attribute of <http> element to true.

REFERENCES:

Install free “recognized” SSL certificates for Apache2

Once you have your server running with a self-signed certificate you might find it useful to have a “real” certificate that does not warn users.

Many of the CA’s provide test certificates that are generally valid for 30-60 days, I’ve recently discovered StartSSL, that generates free certificates that are valid for a full year.

  1. Generating keys and certificates….

    NOTE: this process is rather involved and is documented better elsewhere, here’s what I needed to remember to get the keys and certificates.

    • save ssl.key (private)
    • save ssl.crt (pem encoded)
    • get file from control panel: sub.class1.server.ca.pem
  2. Make sure that you move all three files to the /etc/apache2/ssl/ folder on the server.
  3. Edit the config file…
    sudo vi /etc/apache2/sites-available/default-ssl.conf

    Modify the values related to the keys and certs…

    SSLCertificateFile /etc/apache2/ssl/ssl.crt
    SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
    SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem

  4. Reload the config and restart…

    sudo service apache2 reload
    sudo service apache2 restart
  5. Test it out…
    https://www.ssllabs.com/ssltest/analyze.html?d=YOURDOMAIN.COM

REFERENCES:

Create self-signed SSL certificates for Apache on Ubuntu

To increase the security of your web applications, it is a standard process to enable HTTPS/SSL/TLS. Unfortunately, purchasing certificates can often be very expensive. Luckily, you can create a self-signed certificate for free for casual use or testing.

These steps are for Ubuntu, I wrote similar documentation for the Windows platform that you can find way back in my blog archives!

NOTE: As certificates generated in this manner are not verified by any recognized authority, many browsers will warn users (often in frightening language) about their insecurity. As stated above, these are best used only for internal use.

  1. First you will need to have apache2 installed, at a minimum you need to run:
    sudo apt-get install apache2
  2. Enable the SSL module:
    sudo a2enmod ssl

  3. Create the folder to store the keys and certificates:
    sudo mkdir /etc/apache2/ssl

  4. Generate a private key and certificate:

    sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

    Enter reasonable values for the fields in question.
    For FQDN Common Name enter *.domain.com for wildcard support!

  5. Edit the config file:

    sudo vi /etc/apache2/sites-available/default-ssl.conf

  6. Un-comment or update the following lines:

    ServerName YOURDOMAIN.COM
    ServerAlias WWW.YOURDOMAIN.COM
    SSLCertificateFile /etc/apache2/ssl/apache.crt
    SSLCertificateKeyFile /etc/apache2/ssl/apache.key

  7. Enable to SSL website and restart:

    sudo a2ensite default-ssl.conf
    sudo service apache2 reload
    sudo service apache2 restart

  8. Test it out… provided your firewall routes port 443 to your server.

    https://www.ssllabs.com/ssltest/analyze.html?d=YOURDOMAIN.COM

REFERENCES:

Install Splunk Universal Forwarder on Ubuntu

After a while it can get tedious to access and review server logs via the command line. There are several tools available that can provide the same information in a graphical manner. Recently I’ve migrated to Splunk as there are both Enterprise and Free versions available.

  1. Of course, you’ll need a Splunk server installed first, as the forwarder is really just another (lighter) instance that will forward the log information to a central location.
  2. Download the system appropriate installer from:
    http://www.splunk.com/download/universalforwarder
  3. Check to see if you are running 32 or 64 bit OS.uname -aIf you see i686 you are 32 bit, if x86_64 you are 64 bit!
  4. Download, you’ll likely need a different version:sudo dpkg -i splunkforwarder-6.1.3-220630-linux-2.6-intel.deb
    or
    sudo dpkg -i splunkforwarder-6.1.3-220630-linux-2.6-amd64.deb
  5. Enable auto-start on reboot:cd /opt/splunkforwarder/bin/

sudo ./splunk enable boot-start

    1. Start the server:sudo service splunk start
    2. Set the password:

      The default ‘admin‘ password is ‘changeme‘ so we need to change it immediately to do anything else, or we will see errors in future steps.

      sudo /opt/splunkforwarder/bin/splunk edit user admin -password YOUR_NEW_PASSWORD -auth admin:changeme

    3. Set the server:sudo /opt/splunkforwarder/bin/splunk add forward-server YOUR_SERVER_ADDRESS:9997

      NOTE: if you get prompted for a splunk username/password you likely skipped the above step. Remember – the forwarder is a new ‘light’ installation of the server and as such has it’s own users!

    4. Enable some monitors on the box:Some common services and log locations to get you started…
      Apache2 HTTPd
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/apache2 -index main -sourcetype Apache2
      Tomcat7
      sudo /opt/splunkforwarder/bin/splunk add monitor /opt/tomcat7/logs -index main -sourcetype Tomcat7
      MySQL
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/mysql -index main -sourcetype MySQL
      Postfix (SMTP)
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/mail.log -index main -sourcetype Postfix
      Squid3 (Proxy)
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid/access.log -index main -sourcetype Squid3
      sudo /opt/splunkforwarder/bin/splunk add monitor /var/log/squid/cache.log -index main -sourcetype Squid3

      SonarQube
      sudo /opt/splunkforwarder/bin/splunk add monitor /opt/sonar/logs -index main -sourcetype Sonar
      PM2
      sudo /opt/splunkforwarder/bin/splunk add monitor /home/{user}/.pm2/logs -index main -sourcetype PM2
      NPM
      sudo /opt/splunkforwarder/bin/splunk add monitor /home/scott/.npm/_logs -index main -sourcetype NPM
  1. (OPTIONAL) Verify configuration by opening file at the following:sudo su
    vi /opt/splunkforwarder/etc/apps/search/local/inputs.conf
    exit
  2. You now should be able to log into your server and see new data flowing from the forwarder.

    NOTE: this requires you to enable ‘receiving’ of data on the port specified above, usually 9997.

REFERENCES:

Install OpenSSH Server on Ubuntu

I’ve discussed the use of SSH in several posts in the past, but while recently building a new environment, I realized that I’ve never indicated how the service itself should be installed.

INSTALLATION:

sudo apt-get install openssh-server

If you desire to change any of the default configuration such as port or cyphers…


sudo vi /etc/ssh/ssh_config

NOTE: If you intend to access the server from the Internet, you will have to verify that port forwarding is enabled on your routers and firewalls.

REFERENCES:

Name based virtual hosting with Apache2 on Ubuntu

I often find it necessary to setup a temporary server for testing web applications. The easiest way to support this is often to create an integration (beta) test server that can be configured to support multiple hosts.

Initial Installation:

sudo apt-get install apache2
sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod rewrite
sudo chmod 755 /var/www

To add a new site:

cd /etc/apache2/sites-available
sudo cp 000-default.conf yourdomain.com.conf
sudo vi yourdomain.com.conf
(change values as appropriate)
sudo chown -R YOURUSER:YOURGROUP yourdomain.com.conf
sudo mkdir -p /var/www/yourdomain.com
sudo chmod 755 /var/www
sudo vi /var/www/yourdomain.com/index.html
(add some fluff)
sudo chown -R YOURUSER:YOURGROUP /var/www/yourdomain.com
sudo a2ensite yourdomain.com
sudo service apache2 reload
sudo service apache2 restart

NOTE: replace YOURUSER and YOURGROUP with appropriate values for your server.

Install Plex Media Server on Ubuntu

You can find the latest release listed here and either download the file to your server directly or use the path to update the wget in the commands listed below…
https://plexapp.zendesk.com/hc/en-us/articles/201181647-Plex-Media-Server-Linux-nix-

Pre-requisite, you need to have avahi installed first or the script will later prompt you to do so…
sudo apt-get install avahi-daemon

i386 install:
wget -c downloads.plexapp.com/plex-media-server/0.9.8.18.290-11b7fdd/plexmediaserver_0.9.8.18.290-11b7fdd_i386.deb
sudo dpkg -i plexmediaserver_0.9.8.18.290-11b7fdd_i386.deb

amd64 install:
wget -c downloads.plexapp.com/plex-media-server/0.9.8.18.290-11b7fdd/plexmediaserver_0.9.8.18.290-11b7fdd_amd64.deb
sudo dpkg -i plexmediaserver_0.9.8.18.290-11b7fdd_amd64.deb

Then a series of commands, they should all be relatively straight forward. As the installer creates and runs the software under a user named ‘plex’, I create the user folders and change the default password in these steps… do what you are comfortable with!

sudo apt-get -f install
sudo mkdir /home/plex
sudo mkdir /home/plex/Music
sudo mkdir /home/plex/Videos
cd /home/plex
sudo chown plex * -R
sudo chmod 777 * -R
sudo passwd plex

Now you should be able to access the app with your browser, change the IP if you are not on localhost.
http://{ip}:32400/manage/index.html

WARNING: An installation using these steps could leave your server open to the general public, you
will want to password protect your server to secure any sensitive content, I’ll leave that for a separate topic.

REFERENCES:

Automatically update Java on Ubuntu Linux

With the rate of updates and security patches for Java, administration of your Ubuntu machines can become tedious. There’s a better way… allow it to check for and update with your other software. The steps are easy…


sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java7-installer

NOTE: You can also install java8 in the same manner with:
sudo apt-get install oracle-java8-installer

NOTE: The Java Control Panel can sometimes be hard to locate, it will be at the following:
/usr/lib/jvm/java-7-oracle/bin/ControlPanel

REFERENCES:

Install MySQL database on Ubuntu and add new user.

Installing MySQL on Ubuntu requires only a few simple steps.

  1. sudo apt-get install mysql-server
  2. sudo netstat -tap | grep mysql
  3. sudo vi /etc/mysql/my.cnf
  4. sudo service mysql restart

To look for some simple performance and security suggestions:

  1. sudo apt-get install mysqltuner
  2. mysqltuner

Adding a new user is equally easy…

  1. mysql --user=root --password=mypassword mysql
  2. CREATE USER 'myusername'@'%' IDENTIFIED BY 'mypassword';
    GRANT ALL PRIVILEGES ON *.* TO 'mydatabase'@'%' WITH GRANT OPTION;
    FLUSH PRIVILEGES;

NOTE: This allows access to the user from ALL hosts, it can be limited by replacing the '%' with a specific hostname (such as ‘localhost’ if desired) for security.

REFERENCES: