apache2

apache2-mpm-worker

The worker MPM provides a threaded implementation for Apache2. It is considerably faster than the traditional model, and is the recommended MPM.

apache2-mpm-prefork

This Multi-Processing Module (MPM) implements a non-threaded, pre-forking web server that handles requests in a manner similar to Apache 1.3. It is appropriate for sites that need to avoid threading for compatibility with non-thread-safe libraries.

#apt-get  install apache2

#apt-get install apache2-mpm-prefork

Run the script “apache2-ssl-certificate”  i.e

# apache2-ssl-certificate

and you can see the following  screen and enter all the required information.

 Creating self-signed certificate

replace it with one signed by a certification authority (CA)

enter your ServerName at the Common Name prompt

If you want your certificate to expire after x days call this programm

with -days x

Generating a 1024 bit RSA private key

..........................................++++++..........++++++

writing new private key to '/etc/apache2/ssl/apache.pem'

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [GB]:

State or Province Name (full name) [Some-State]:

Locality Name (eg, city) []:

Organization Name (eg, company; recommended) []:

Organizational Unit Name (eg, section) []:

server name (eg. ssl.domain.tld; required!!!) []:

Email Address []:

Run the script “a2enmod ssl”  i.e

 # a2enmod ssl

 This  Will automatically generates a symbolic link between mods- available and mods – enabled 

Make a copy of '/etc/apache2/sites-available/default' in the /etc/apache2/sites-available/default file - call it 'ssl'

# cp /etc/apache2/sites-available/default /etc/apache2/sites-available/ssl

Make a sym-link to this new site configuration for this use

#  ln -s /etc/apache2/sites-available/ssl /etc/apache2/sites-enabled/                     

(or)
#a2ensite ssl

 If you want to change the any basic configuration settings change in /etc/apache2/apache2.conf and if you want to change the default document root change in /etc/apache2/sites-available/default file and restart the apache server.

 To Restart Apache server use the following command

#/etc/init.d/apache2 restart

 Now we need to change the port address in /etc/apache2/ports.conf by default it will listen port 80 and now we are installing with SSL we need to change port 443 to listen

 Listen 443

Edit /etc/apache2/sites-available/ssl (or whatever you called your new ssl site's config) and change port 80 in the name of the site to 443.

Add below two lines some where in /etc/apache2/apache2.conf file

  SSLEngine On

  SSLCertificateFile /etc/apache2/ssl/apache.pem

Edit SSLCertificateFile /etc/apache2/ssl/apache.pem and enter the locations of certificate file and certificate key file .Below one is the example

Ex:- SSLCertificateFile /etc/apache2/ssl/online.test.net.crt
        SSLCertificateKeyFile /etc/apache2/ssl/online.test.net.key

Set ServerSignature off, follow these steps edit the /etc/apache2/apache2.conf  file and add these two lines

  ServerSignature Off
 ServerTokens ProductOnly

 If you want to add support of php and cgi scripts install the following packages libapache2-mod-php4,php4-cli,php44-common,php4-cgi

 # apt-get install libapache2-mod-php4 php4-cli php4-common php4-cgi

 If you want to allow the different index files types check for the following line in /etc/apache2/apache2.conf file

 DirectoryIndex index.html index.cgi index.pl index.php index.xhtml index.shtml

 Restart the apache server

 /etc/init.d/apache2 restart

Network testing basics

Network testing basics

Install netkit-ping, traceroute, dnsutils, ipchains (for 2.2 kernel), iptables (for 2.4 kernel), and net-tools packages and:

     $ ping google.com               # check Internet connection

     $ traceroute google.com      # trace IP packets

     $ ifconfig                           # check host config

     $ route -n                         # check routing config

     $ dig [@dns-server.com] host.dom [{a|mx|any}] |less # check host.dom DNS records by dns-server.com 

                                                                                 # for a {a|mx|any} record

     $ ipchains -L -n |less         # check packet filter (2.2 kernel)

     $ iptables -L -n |less         # check packet filter (2.4 kernel)

     $ netstat -a                    # find all open ports

     $ netstat -l --inet            # find listening ports

     $ netstat -ln --tcp           # find listening TCP ports (numeric)

Basics of IP networking

Basics of IP networking

  A Debian host may have several interfaces each with a different Internet Protocol (IP) address. Interfaces may be of several different types, including:

• Loopback: lo
• Ethernet: eth0, eth1
• Wi-Fi: wlan0, wlan1, wifi0,
• Token Ring: tr0, tr1
• PPP: ppp0, ppp1

There is a wide range of other network devices available, including SLIP, PLIP (serial and parallel line IP), "shaper" devices for controlling the traffic on certain interfaces, frame relay, AX.25, X.25, ARCnet, and LocalTalk.

 

Every network interface connected directly to the Internet (or to any IP-based network) is identified by a unique 32 bit IP address. The IP address can be divided into the part that addresses the network and the part that addresses the host. If you take an IP address, set to 1 the bits that are part of the network address and set to 0 the bits that are part of the host address then you get the so-called netmask of the network.

 

Traditionally, IP networks were grouped into classes whose net address parts were 8, 16 or 24 bits in length. This system was inflexible and wasted many IP addresses, so today IPv4 networks are allocated with network address parts of varying length.

 

               IP addresses                           net mask          length

     Class A   1.0.0.0     - 126.255.255.255  255.0.0.0        =  /8

     Class B   128.0.0.0  - 191.255.255.255  255.255.0.0     = /16

     Class C   192.0.0.0  - 223.255.255.255  255.255.255.0  = /24

IP addresses not in these ranges are used for special purposes.

There are address ranges in each class reserved for use on local area networks (LANs). These addresses are guaranteed not to conflict with any addresses on the Internet proper. (By the same token, if one of these addresses is assigned to a host then that host must not access the Internet directly but must access it through a gateway that acts as a proxy for individual services or else does Network Address Translation.) These address ranges are given in the following table along with the number of ranges in each class.

 

     network addresses                         length  how many

     Class A   10.x.x.x                             /8      1

     Class B   172.16.x.x -  172.31.x.x       /16     16

     Class C   192.168.0.x - 192.168.255.x /24     256

The first address in an IP network is the address of the network itself. The last address is the broadcast address for the network. All other addresses may be allocated to hosts on the network. Of these, the first or the last address is usually allocated to the Internet gateway for the network.

 

The routing table contains the kernel's information on how to send IP packets to their destinations. Here is a sample routing table printout for a Debian host on a local area network (LAN) with IP address 192.168.50.x/24. Host 192.168.50.1 (also on the LAN) is a router for the corporate network 172.20.x.x/16 and host 192.168.50.254 (also on the LAN) is a router for the Internet at large.

 

     # route

     Kernel IP routing table

     Destination   Gateway          Genmask       Flags Metric Ref Use Iface

     127.0.0.0      *                   255.0.0.0       U      0       0     2   lo

     192.168.50.0 *                   255.255.255.0 U      0       0   137  eth0

     172.20.0.0    192.168.50.1    255.255.0.0    UG    1       0     7   eth0

     default         192.168.50.254 0.0.0.0          UG     1       0    36  eth0

• The first line after the heading says that traffic destined for network 127.x.x.x will be routed through lo, the loopback interface.
• The second line says that traffic destined for hosts on the LAN will be routed through eth0.
• The third line says that traffic destined for the corporate network will be routed toward gateway 192.168.50.1 also through eth0.
• The fourth line says that traffic destined for the Internet at large will be routed toward gateway 192.168.50.254 also through eth0.

IP addresses in the table may also appear as names that are obtained by looking up addresses in /etc/networks or by using the C Library resolver.

 

In addition to routing, the kernel can perform network address translation, traffic shaping and filtering.

 

Setting your hostname

Setting up your hostname upon a Debian installation is very straightforward. You can directly query, or set, the hostname with the hostname command.

As an user you can see your current hostname with:

$ /bin/hostname 

Example

To set the hostname directly you can become root and run:

/bin/hostname newname

When your system boots it will automatically read the hostname from the file /etc/hostname

 

Setting up DNS

When it comes to DNS setup Debian doesn't differ from other distributions. You can add hostname and IP addresses to the file /etc/hosts for static lokups.

To cause your machine to consult with a particular server for name lookups you simply add their addresses to /etc/resolv.conf.

For example a machine which should perform lookups from the DNS server at IP address 192.168.1.1 would have a resolv.conf file looking like this:

search test.com

nameserver 192.168.3.2

Setting up  IP address.

The IP addresses associated with any network cards you might have are read from the file /etc/network/interfaces.

A sample entry for a machine with a static address would look something like this:

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface

auto eth0

iface eth0 inet static

 address 192.168.3.90

 gateway 192.168.3.1

 netmask 255.255.255.0

 network 192.168.3.0

 broadcast 192.168.3.255

Here we've setup the IP addresss (192.168.3.90), the default gateway (192.168.3.1), and the netmask.

For a machine running DHCP the setup would look much simpler:

# The loopback network interface

auto lo

iface lo inet loopback

# The primary network interface - use DHCP to find our address

auto eth0

iface eth0 inet dhcp

(If you're using a DHCP based setup you must have a DHCP client package installed - usually one of pump,dhcpcd or dhcp3-client.)If you make changes to this file you can cause them to take effect by running:

/etc/init.d/networking restart

Setting up Second IP address or Virtual IP address in Debian

If you are a server system administrator or normal user some time you need to assign a second ipaddress to your debian machine.For this you need to edit the /etc/network/interfaces file and you need to add the following syntax.Below one is the only example you need to chnage according to your ip address settings

                                        auto eth0:1

                                               iface eth0:1 inet static

                                               address 192.168.1.60

                                               netmask 255.255.255.0

                                               network x.x.x.x

                                               broadcast x.x.x.x

                                                gateway x.x.x.x

           You need to enter all the details like address,netmask,network,broadcast and gateways values after

         entering all the values  save this file and you need to restart networking services in debian using 

         the following command  to take effect of our new  ipaddress.

            #/etc/init.d/networking restart

           If you want to check your new ip is assigned or not use the following command

           #/sbin/ifconfig

Setting your default gateway.

If you read the previous section then you'll see that the default route for a hos with a static IP address can be set in /etc/network/interfaces.If you wish to view your current default route/gateway then you can run:

# netstat -nr

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

192.168.3.0     0.0.0.0          255.255.255.0   U         0      0         0 eth0

0.0.0.0         192.168.3.1      0.0.0.0            UG        0      0         0 eth0

Alternatively you can use the route command:

# /sbin/route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.3.0     *                255.255.255.0   U        0      0         0   eth0

default         router            0.0.0.0            UG       0      0         0   eth0

(Here the see the hostname router instead of the IP address 192.168.3.1 - to avoid that run "/sbin/route -n").

To change your default route you must first remove the current one:

/sbin/route del default gw 192.168.3.1

Once this has done you'll have no gateway and be unable to talk to non-local hosts.Add the new route with :

/sbin/route add default gw 192.168.3.100