Pages

Monday, September 21, 2015

htaccess apache2 authentication for specific directory

@@ Apache version 2.4 and above. @@

Create .htaccess file in /var/www/html directory and add following lines

********************************
AuthType Basic
AuthName "Password Required"
AuthUserFile /var/www/html/webmail/.htpasswd
AuthGroupFile /dev/null
Require user webmail
*******************************


Create another file for storing password and save it as blank file
vim /var/www/html/webmail/.htpasswd


Create & store password
htpasswd -m /var/www/html/webmail/.htpasswd webmail


Now enable a module with below command
a2enmod authz_groupfile

Restart apache2 service



Edit apache.conf file with below lines
AccessFileName .htaccess [remove hash (#) in front of this line]

Change below lines from
**********************************
<Directory /var/www>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
*********************************

to
*********************************
<Directory /var/www/html>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>
*********************************


Restart apache2 service and check now. It will prompt you for username and password.

Posted by at No comments:
Labels: ,

Saturday, July 4, 2015

Mikrotik Router BGP Configuration

Today we will learn how to configure BGP routing protocol to ensure auto failover of multiple links from your ISP. Let me describe the scenario first.

Platform: Mikrotik Router
Primary Link IP: 172.17.176.4/27
Secondary Link IP: 172.17.160.6/27
Usable Subnet: 172.17.161.0/30
My ASN: 65503
Remote [ISP] ASN: 203


Here is the connectivity diagram:





So, Let's start the configuration. At first we will assign the primary IP address in ether1, Secondary IP address in ether2 and my usable subnet IP address ether3 interfaces.




Primary IP address assign:



Secondary IP address assign:


My usable IP subnet:


Now we need to create filters to configure BGP. Here is how to do that.





In this case my ISP should send the default route to my router and all other routes should be discarded. Let's see how to create those filters.



A BGP attribute named "local preference" can be used to mark the primary link. Usually BGP uses the default value "local preference = 100" if we don't mention any value for this attribute.



The rule is "Higher local preference will get higher priority". So we set the value to 200 to make a link as Primary link in our configuration.






To discard all other incoming routes do the following.





Do the same thing for Secondary link as well.







We have already finished the configuration of incoming filters. Now we should mention the outgoing filters as well. My ISP should receive the given IP subnet [172.17.161.0/30] from me.

We need to create outgoing filters for Primary and Secondary links as well.










Now start with BGP. Follow the steps below to configure it.















 The final checking for our BGP configuration.







We are done.

 
Posted by at 3 comments:
Labels: ,

Saturday, May 30, 2015

Live file synchronization across multiple Linux servers using LSYNC

At first please take note I have implemented this in Debian Server.
Perform SSH Login Without Password from Master Server to Slave Server
Master Server:
#ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/root/.ssh/id_rsa):[Just press Enter key]
Enter passphrase (empty for no passphrase): [Just Press enter key]
Enter same passphrase again: [Just Pess enter key]
Your identification has been saved in /home/root/.ssh/id_rsa.

#ssh-copy-id -i ~/.ssh/id_rsa.pub remote-ip

Now test from master server,
# ssh remote-ip
[It will not ask for password and take you to the remote server]


Now Install Lsync on Master Server:
#apt-get update
#apt-get install -y lua5.1 liblua5.1-dev pkg-config rsync asciidoc

# vim /etc/lsyncd/lsyncd.conf.lua
settings {
logfile = "/var/log/lsyncd/lsyncd.log",
statusFile = "/var/log/lsyncd/lsyncd-status.log",
statusInterval = 10
}
sync {
default.rsync,
source="/home/",
target="remote-ip:/home/",
rsync = {
compress = true,
verbose = true,
owner = true,
group = true,
perms = true,
acls = true,
rsh = "/usr/bin/ssh -p 22 -o StrictHostKeyChecking=no"}
}

sync {
default.rsync,
source="/var/mail/",
target="remote-ip:/var/mail/",
rsync = {
compress = true,
verbose = true,
owner = true,
group = true,
perms = true,
acls = true,
rsh = "/usr/bin/ssh -p 22 -o StrictHostKeyChecking=no"}
}
[Save and Exit]

#mkdir /var/log/lsyncd/

#touch /var/log/lsyncd/lsyncd.log

#touch /var/log/lsyncd/lsyncd-status.log

#service lsyncd start


Slave Server:
#apt-get install rsync



Now test from Master Server:
#cd /home/

#touch test-file


Slave Server:
#cd /home/

#ls -lah


############# End of Lsync Configuration #############




*** Keep in mind if you want to backup a mail server to a secondary one you have to move a copy of /etc/passwd, /etc/shadow, /etc/group file from master server to backup server. Follow below steps to do that once in a day ***



Slave server:
#mkdir /root/user-backup-from-master-server

Master server:
#vim /usr/local/src/backup-users
scp /etc/passwd /etc/group /etc/shadow root@remote-ip:/root/user-backup-from-master-server
[Save and Exit]


#chmod 755 /usr/local/src/backup-users


#vim /etc/crontab
01 15 * * *    root    /usr/local/src/backup-users
[Save and Exit]


#/etc/init.d/cron restart


** This procedure will transfer a copy of /etc/passwd, /etc/group, /etc/shadow files everyday at 3:01PM from Master server to Slave server.
Posted by at 1 comment:
Labels: , ,
Subscribe to: Comments (Atom)