Skip navigation

Overview

In the last screencast we configured a server to host the popular CMS software, WordPress. In this tutorial we’ll be creating a reverse-proxy that can be used to sit in front of our web server, in order to increase performance, security and eventually to load balance between multiple back-end web servers – though the configuration for this won’t be covered until later tutorials.

So why Nginx and what it Nginx? Well, Nginx is a reasonably new web server for Linux which has gained a lot of traction in recent years, mainly because it runs a lot leaner in terms of hardware requirements and is much faster when compared to other web hosting software. For these reasons, it’s now being used by some of the largest websites on the internet including HowToForge, WordPress and, the biggest player of them all, Facebook.

“Apache is like Microsoft Word, it has a million options but you only need six. Nginx does those six things, and it does five of them 50 times faster than Apache.” – Linux Journal.

The Test Network

Before installing and configuring Nginx as an RPS (reverse-proxy server) it’ll help just to have a look a where the RPS is going to sit in our network and how it will work. The diagram below shows how a client connecting from the internet will actually have their connection terminated at the RPS which will then establish a connection to the back-end server in order to request the content before finally sending it back to the requesting client.

Installing the Software

Nginx isn’t included in the RHEL 6 mirrors so, in order to get Nginx installed we’re going to add the EPEL repository first. To do this, fire up a webbrowser and head over to http://fedoraproject.org/wiki/EPEL. Here you’ll find a link to the latest EPEL rpm under the section titled “How can I use these extra packages”. Select the “newest version of ‘epel-release’ for EL6″ and then copy the link address of the link to the EPEL package.

SSH on to your newly installed Linux server and install the EPEL package using RPM by typing “rpm -Uvh” and pasting the URL that you copied for the package:

rpm -Uvh http://mirror.optus.net/epel/6/i386/epel-release-6-7.noarch.rpm

Once the EPEL repository is available we can install Nginx using the following:

yum install nginx

Configuring Nginx

With the software installed we now need to create our configuration file which will tell Nginx to proxy all requests through to the server hosting our wordpress website. To do this, start by changing to the Nginx configuration directory under /etc/nginx/conf.d. Move the file containing the default Nginx website config to default.conf.disabled and then edit a new file called wordpress-proxy.conf.

cd /etc/nginx/conf.d
mv default.conf default.conf.disabled
emacs wordpress-proxy.conf

In to this file we’ll paste the following configuration which tells Nginx to proxy all HTTP requests for wordpress.castix.local to the server at the IP address 1921.68.122.10. Other configuration directives such as the proxy_connection_timeout setting, should be configured to match the timeouts defined on the back-end server. Take a look at these settings if you encounter intermittent errors.

server {
   listen 80;
   server_name wordpress.castix.local;
   access_log off;
   error_log off;
   location / {
      proxy_pass http://192.168.122.10/;
      proxy_redirect off;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_max_temp_file_size 0;
      client_max_body_size 10m;
      client_body_buffer_size 128k;
      proxy_connect_timeout 90;
      proxy_send_timeout 90;
      proxy_read_timeout 90;
      proxy_buffer_size 4k;
      proxy_buffers 4 32k;
      proxy_busy_buffers_size 64k;
      proxy_temp_file_write_size 64k;
   }
}

With Nginx configured, we have only two remaining things left to do. Firstly we need to ensure that clients can access our server by adding an allow rule to the local firewall using the following:

iptables -I INPUT 5 -m state --state NEW -p tcp --dport 80 -j ACCEPT
service iptables save

Don’t forget to save the firewall rules otherwise these will be lost when the server is next rebooted. Finally we need to start the Nginx service and to run chkconfig to set it to start when the server boots:

service nginx start
chkconfig nginx on

Once you’ve updated the DNS records for your server to point to the reverse-proxy, you’ll be able to view the wordpress website. You may even notice a slight performance increase due to the fact that Nginx is caching a lot of the content and generally loads the site faster than Apache.

References

Scenario

Your manager has come to you to say that upper management have decided to revamp the company website. The new website, you’ve been told, has been created using WordPress and the company would like to host this on a Linux VM on their existing infrastructure. With these requirements in mind you’re now thinking to your self.. how do I install and configure WordPress?

What is Required?

To begin following along with the tutorial, you’ll need a freshly installed copy of Linux. For this tutorial I’m going to be using RHEL 6.3 but the process will be identical for anyone following along with either CentOS or Scientific Linux. If you’re using another distribution such as Ubuntu or Debian, you’ll probably still find this tutorial beneficial to get an idea of what must be done, but there are differences between using these distributions that would probably warrant going out and finding a tutorial specifically for your distribution.

Installing the Software

To begin with we’re going to install a few packages that are required in order to run WordPress:

yum install httpd mod_php mysql-server php-mysql
  • httpd is the name that RedHat has given to the package for Apache. This will, of course, listen for connections on port 80 and serve up pages as requested.
  • mod_php is the PHP package for Apache. WordPress is written in PHP and so the PHP interpreter is required in order to run the website.
  • mysql-server is the MySQL database software. This is where WordPress stores it’s configuration information, user accounts, page content and basically everything else that is entered in to the website.
  • php-mysql is the PHP libraries for MySQL which are used to generate content dynamically using data stored within the MySQL database.

Once the above packages have been installed, it’s important to configure both Apache and MySQL to start whenever the server is booted. I like to do this right after installing the software so that it’s not forgotten about.

chkconfig httpd on
chkconfig mysqld on

Configuring Apache

With the required software installed we can now proceed with configuring Apache. The first thing we need to do is to create a configuration file for the website in the Apache conf.d directory. Navigate to the /etc/httpd/conf.d/ directory and edit a new file called wordpress.conf.

cd /etc/httpd/conf.d
emacs wordpress.conf

The wordpress.conf file needs to contain the following configuration:

<VirtualHost wordpress.castix.local:80>
    ServerAdmin root@wordpress.castix.local
    ServerName wordpress.castix.local
    DocumentRoot /var/www/html/wordpress
    DirectoryIndex index.php index.html
    ErrorLog logs/wordpress.castix.local-error_log
    CustomLog logs/wordpress.castix.local-access_log common
</VirtualHost>

Obviously you will want to substitute wordpress.castix.local with the fqdn (fully qualified domain name) of your own server, but the rest is all that is required in order to set up a new virtual host for the website. Only port 22 is allowed through the local firewall by default, so, before clients can connect to our server we need to add a rule to iptables. The following command will add an allow rule for clients connecting on port 80 to line 5 of the iptables INPUT table. Don’t forget to run “service iptables save” afterwards to ensure that this rule doesn’t get lost when the server is next rebooted. The final line below starts the Apache web service.

iptables -I INPUT 5 -m state --state NEW -p tcp --dport 80 -j ACCEPT
service iptables save
service httpd start

Note that you’ll receive a warning when starting Apache to say that the DocumentRoot for wordpress doesn’t exist. We’ll be downloading WordPress and installing it to this directory in the next section which will resolve this warning.

Configuring MySQL

At this point we have Apache configured and ready for when we download and install WordPress, next we must create a new database, and a MySQL user account, which WordPress can use to store its data. To do this, begin by starting the MySQL service and then configuring a root user password

service mysqld start
/usr/bin/mysqladmin -u root password 'my-password'

Now we’ll create a new database called ‘wordpress’ and assign a new user, also called ‘wordpress’, full access to that database:

mysql -u root -p
[enter your password here]
mysql> create database wordpress;
mysql> grant all on wordpress.* to 'wordpress'@'localhost'
       identified by 'my-password';

Downloading and Configuring WordPress

So, we’ve got our web server, we have our database and both are now configured and ready for WordPress. The first step in installing the WordPress site is to download the latest release of the software. This can be done by changing to the /var/www/html/ directory, running wget and then decompressing the package with tar. Note that wget isn’t installed by default, so we have to install this software first.

yum install wget
wget http://wordpress.org/latest.tar.gz
tar -xzvf latest.tar.gz

Lastly we need to edit wordpress’ wp-config.php file to tell it the username and password of the database that we have configured for it to use. To do this, change to the wordpress directory, copy the sample configuration file to wp-config.php and open wp-config.php in your favorite editor.

cd /var/www/html/wordpress/
cp wp-config-sample.php wp-config.php
emacs wp-config.php

Modify the file so that the correct settings are assigned to the DB_NAME, DB_USER and DB_PASSWORD variables:

// ** MySQL settings - You can get this info from your web host ** // 
/** The name of the database for WordPress */
define('DB_NAME', 'wordpress');
/** MySQL database username */
define('DB_USER', 'wordpress');
/** MySQL database password */
define('DB_PASSWORD', 'my-password');

WordPress Specific Setup

At this point we can now point our browser to http://wordpress.castix.local to have it load WordPress from our web server. I’ve added a static /etc/hosts entry to my local machine, seeing as I’m not using a real DNS name, in order to make this work. On the WordPress set up page, all we have to do now is to set a title for our website and create a username and password for the site’s admin user account. Once you’ve filled in the blank, hit the “Install WordPress” button which will initialise the database take you through to the login page.

References

 Subscribe in a reader

Objectives

This screencast continues on with the ldap server we setup in the previous screencast, but this time we will configure another server (client.test.net) to authenticate its users against our LDAP. This is a concept known as centralised user authentication, where by we can store all our users and their credentials on one server. The screencast is basically a walk through of the changes that need to be made to PAM (pluggable authentication modules) which Linux uses to determine how users should be authenticated when logging in.

I have to apologise for the screw up at the end. I had changed my example users password and forgotten about it until I came to do the screencast, hopefully you’ll get the idea.

Note: If you haven’t come across PAM before it is advisable to have a quick skim though this very good introduction before trying to configure PAM.

Resources

apt-get install libpam-ldap nscd

cd /etc/
emacs nsswitch.conf
change:
  passwd: ldap compat
  group:  ldap compat
  shadow: ldap compat

cd /etc/pam.d/
edit each of the following files...
* common-auth
  (edit)   auth [success=1 default=ignore] pam_unix.so nullok_secure
  (add)    auth required pam_ldap.so use_first_pass
  (add)    auth required pam_permit.so

* common-account
  (edit) account sufficient	pam_unix.so
  (add)  account required	pam_ldap.so

* common-session
  (add) session required pam_mkhomedir.so skel=/etc/skel/ umask=0022

* common-password
  (edit) password sufficient pam_unix.so nullok obscure md5
  (add)  password required   pam_ldap.so

invoke-rc.d nscd restart

References

 Subscribe in a reader

Overview

This screencast shows a walk through of installing openldap and phpldapadmin. After installation I go through and setup a couple of organizational units to store users and groups which I’ll use in a later screencast when I configure ubuntu to authenticate against against an LDAP server for user logins.

This screencast doesn’t really acomplish anything overly exciting but is required before heading into some of the things that LDAP can do, such as centralized user authentication or storing your puppet configured servers and their classes.

Resources

apt-get install slapd
apt-get install ldap-utils
apt-get install phpldapadmin

emacs /etc/ldap/ldap.conf
(set BASE dc=test,dc=net and URI ldap://172.16.1.1)

emacs /etc/php5/apache2/php.ini
(set memory_limit = 32M)

ldapadd -c -x -D "cn=admin,dc=test,dc=net" -W -f ./test.ldif

References

 Subscribe in a reader

Overview

This screencast starts by showing you how to enable SNMP on a Cisco router (please note the configuration of other Cisco devices such as catalyst switches is slightly different). Then we look at getting all log messages forwarded through to Zenoss so they show up as Zenoss events. I then go back and setup forwarding of the /var/log/syslog to Zenoss on the Linux server we configured in the first Zenoss screencast.

(I ran over the youtube limit of 10 minutes with this video and so had to upload it to google video instead. As a result the quality isn’t quite as good. Sorry, won’t happen again)

Resources

Cisco configuration

en
conf t
hostname router1
int fa0/0
ip address 172.16.1.5 255.255.255.0

exit
snmp-server community public RO
snmp-server contact Joe Admin
snmp-server location Brisbane QLD Australia

logging 172.16.1.1
copy run start

Linux Configuration:

vim /etc/syslog.conf
(add the line: *.* @172.16.1.1)
update-rc.d sysklogd restart

References

 Subscribe in a reader

This screencast shows you how to add a user and configure them to receive alerts for a specific class of devices (in our case any Linux server) via email. It also quickly shows performance data which the test server setup in the first Zenoss screencast has collected (after running for two hours).

 Subscribe in a reader

In this screencast I show you how to download and install the Zenoss server software, how to configure an Ubuntu Linux server to run SNMP and then how to add that SNMP enabled server to Zenoss for monitoring.

Hopefully someone with find this helpful to get them up and running quickly with Zenoss. Just as a precautionary note, I would probably advise against using SNMP (and certainly with my config file) if you’re monitoring servers over the internet, but on a secured LAN it should be fine.

Below is my snmpd.conf configuration file that I use which is pretty much straight out of the Zenoss manual.


## System location and contact information
syslocation Timbucktoo
syscontact Joe Admin


## sec.name source community
com2sec notConfigUser default public

## groupName securityModel securityName
group notConfigGroup v1 notConfigUser
group notConfigGroup v2c notConfigUser

## Make at least snmpwalk -v 1 localhost -c public system fast again.
## name incl/excl subtree mask(optional)
view systemview included .1

## group context sec.model sec.level prefix read write notif
access notConfigGroup "" any noauth exact systemview none none

 Subscribe in a reader

This first screencast is going to get you up and running with a very simple puppet manifest that will be used to install emacs and a custom motd banner on a server. Below is the example site.pp manifest I used in the demonstration.

node 'client.test.net' {
package { "emacs22-nox": ensure => installed }
file { "/var/run/motd":
source => "puppet:///files/motd"
}
}

 Subscribe in a reader

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: