SSH tunneling using putty

This is an example showing the ssh tunneling using putty application on windows. Our senarios is our mysql databae web interface access is limitted to certain ips eventhough we have ssh acccout on that sever.

All the SSH users can have get MySQL DB access and it’s more secure than a normal web access.

There are 2 ways to do this.

1. MySQL port forwarding using SSH
2, Apache port forwarding using SSH.

Note : Following steps are only applicable to windows users

Here I am prefer to use the second one using putty,

a, Download putty
b, Enter the username@hostname in the in IP address field. Refer. figure Step-1.jpg
c, Expand the tree named ‘SSH” and select the “Tunnels” from it. Then enter the value for source port (can able to change) to 8000 and destination field should be “localhost:80 “. Click add to save. Refer. figure Step-2 & 3
d, Click on open button to access the server and it will ask for storing host key information on the server. Click on the ” Yes” button and give password on prompt. Ref. figure 4
e, Now you have successfully connected to server with ssh tunneling is enabled on your local port (say 8000)
f, Now you can able to get secure access to the database through opening it http://localhost:8000/PhpMyAdmin/. Refer the figure 5

Step 1

Step 2

Step-3

Step 4

Step -5

Depolying Java application using Apache +Tomcat

Apache is very useful for deploying most of the applications. It is easy to configure multiple java applications over a single Apache server using it as a proxy server. Actually Apache will bypass the all the request to tomcat server.Here is the documentation.

There are 3 way to run java application using Apache

1, Using apache proxy server
2, using apache (mod_jk module) AJP connector
3, Running Tomcat itself a primary Web server

For the beginners and a easy way

We recommend to use the first step using apache as proxy server for tomcat
before doing this you have to verify the following things
a,Tomcat is running on the server
$ nestat -nlp |grep “8080″
if there is any entry there it’s okay
take a copy of apache.conf or http.conf file from apache installation directory
#cp http.conf httpd.conf.bk
b,Comment out the Namevirtusl host in httpd.conf file
Eg: NameVirtualHost *:80

c,Uncomment the following module from apache for working apache proxy server.Always make

1, mod_proxy.so

2, mod_proxy_connect.so

3, mod_proxy_http.so

Eg: LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module /usr/lib/apache2/modules/mod_proxy_connect.so
LoadModule proxy_http_module /usr/lib/apache2/modules/mod_proxy_http.so

d,Create a file named nanowebtech.conf inside the apache conf.d folder (/etc/httpd/conf.d)

<VirtualHost *:80>
ServerName myjavasite.com
ServerAlias www.myjavasite.com
ProxyPass / http://localhost:8080/project1/
ProxyPassReverse / http://localhost:8080/project1/
ProxyPreserveHost on
</VirtualHost>

save it and restart the apache
#/etc/init.d/httpd restart or service httpd restart

e, Browse the site(http://myjavasite.com) and then you can see that site index page is listed there without specifying any port.

You have successfully complete the java application deployment.

################ Another Method ###########

Here’s what you can do if you want to run Confluence and Jira on a single Tomcat instance behind an Apache server and you want to make them available at addresses like confluence.notatlassian.com and jira.notatlassian.com.

1. Set up virtual hosts in Apache:

<VirtualHost xxx.xxx.xxx.xxx>
ServerName confluence.notatlassian.com
ProxyPass / http://confluence.notatlassian.com:8080/
ProxyPassReverse / http://confluence.notatlassian.com:8080/
</VirtualHost>

Note the use of confluence.notatlassian.com in the ProxyPass directives; if you use localhost, Tomcat won’t be able to choose the correct virtual host.

2. Set up virtual hosts in Tomcat:
add this to $TOMCAT/conf/server.xml in the <Engine> section

<Host name=”confluence.notatlassian.com” appBase=”confluence”
unpackWARs=”true” autoDeploy=”true”
xmlValidation=”false” xmlNamespaceAware=”false”>
<Context path=”" docBase=”" debug=”0″/>
</Host>

Note: if your site requires an SSL then we need to configure apache for doing that not tomcat

Disabling USB storage in Linux system

###########How to disable the USB storage device on Linux box ########
Edit vi /etc/modprobe.conf
and added the entry
install usb_storage wall “Critical device malfunction! Drive will be formated”

A sample entry will like this …

alias scsi_hostadapter sata_via
remove snd-via82xx { /usr/sbin/alsactl store 0 >/dev/null 2>&1 || : ; }; /sbin/modprobe -r –ignore-remove snd-via82xx
install usb_storage wall “Critical device malfunction! Drive will be formated”
alias usb-controller ehci-hcd off
alias usb-controller1 uhci-hcd off
alias eth0 via-rhine
alias snd-card-0 snd-via82xx
options snd-card-0 index=0
options snd-via82xx index=0

Debian-Package Installations

######### How to install java on debian######################
Add the follwing repository into /etc/apt/sources.list
#Local Mirror
deb ftp://gulus.usherbrooke.ca/debian/ etch main contrib non-free
#deb-src ftp://gulus.usherbrooke.ca/debian/ etch main contrib non-free
#Security
deb http://security.debian.org/ etch/updates main contrib non-free
#deb-src http://security.debian.org/ etch/updates main contrib non-free

#Multimedia, from local mirror
deb ftp://gulus.usherbrooke.ca/debian-multimedia/ etch main
#deb-src ftp://gulus.usherbrooke.ca/debian-multimedia/ etch main

#Beryl
deb http://debian.beryl-project.org etch main
#deb-src http://debian.beryl-project.org etch main

then exicute the follwing commands

sudo apt-get install sun-java5-jre
sudo apt-get install sun-java5-plugin

################ How to install Subversion on Debian ###################

#apt-get install libapache2-svn subversion subversion-tools

##################### How to install VNCsever on Debian ##############
#apt-get install vnc4server

configaration file /etc/vnc.conf
Installing VNC Client is very simple:

#apt-get install xvnc4viewer

Once it’s installed you can connect to a running server by using:

Xvnc4viewer hostname

If invoked with no arguments you’ll be prompted for the host you wish to connect to, and if necessary a password.

################ apache_mod_python installation ##############
download http://mirrors.24-7-solutions.net/pub/apache/httpd/modpython/mod_python-3.3.1.tgz
then install apache extension tool
#apt-get install apache2-threaded-dev
untar and configure it with
# ./configure –with-apxs=/usr/bin/apxs2
######################### Installing Postgressql on debain #######
#apt-get install postgresql postgresql-dev postgresql-client postgresql-doc
enabling php-pgsql
######## Enabling Pgsql module on apache-php module ##########
#apt get install php5-pgsql
################ Debain installation of apache 1.3.34 ################

apt-get install apache
apt-get install apache-common
apt-get install apache-dbg
apt-get install apache-dev
apt-get install apache-doc
apt-get install apache-perl
apt-get install apache-ssl
apt-get install libapache-mod-perl
apt-get install libapache-mod-ssl
apt-get install libapache-mod-php5

######## Ruby on Rails installation on Debian server ######################
apt-get install ruby libzlib-ruby rdoc irb rubygems rails eruby
apt-get install libapache2-mod-fcgid libfcgi-ruby1.8 ruby1.8-dev
Afterwards, we enable a few Apache modules:
a2enmod ssl
a2enmod rewrite
a2enmod suexec
a2enmod include
#/etc/init.d/apache2 force-reload this may help u reload the entire processes
apt-get install libmysql-ruby
apt-get install libpgsql-ruby
######## Optional Libraries ##########
apt-get install ruby1.8-dev ruby1.8 ri1.8 rdoc1.8 irb1.8 libreadline-ruby1.8 libruby1.8
# ln -s /usr/bin/ruby1.8 /usr/local/bin/ruby
# ln -s /usr/bin/ri1.8 /usr/local/bin/ri
# ln -s /usr/bin/rdoc1.8 /usr/local/bin/rdoc
# ln -s /usr/bin/irb1.8 /usr/local/bin/irb
# apt-get install gcc-3.4-doc gcc-3.4 g++-3.4
#apt-get install libfcgi-dev
Now lets install the ruby-fcgi bindings from source so we no we have the good ones:
wget http://sugi.nemui.org/pub/ruby/fcgi/ruby-fcgi-0.8.6.tar.gz
tar xzvf ruby-fcgi*
cd ruby-fcgi-0.8.6
ruby install.rb config
ruby install.rb setup
sudo ruby install.rb install
Now lets make sure it works:
root@example:~/ruby-fcgi-0.8.6# irb
irb(main):001:0> require ‘fcgi’
=> true
irb(main):002:0>

http://brainspl.at/pages/perfect_vps/

apt-get install esvn
apt-get install libmysql-ruby
apt-get install libmysql-ruby1.8
apt-get install libmysqlclient14-dev
gem install mysql
################## Reconfigure X server in Debain ###################
#dpkg-reconfigure xserver-xorg
################# installing MySQL on Debian ################
Install MySQL
#apt-get install mysql-server mysql-client libmysqlclient12-dev
Set your mysql root password
# mysqladmin -u root password yourrootsqlpassword
####### MySQL trouble shooing #######
Symptoms: After installing mysql on Debian using Debain binaries. It won’t allow anyone connect it from remotely even though we have given privileges to the user from MySQL console.
Solution is listed below
a, When you run $netstat -tap you should now see a line like this:

tcp 0 0 localhost.localdo:mysql *:*
which means that MySQL is accessible on 127.0.0.1 on port 3306.
b, If you do not see this line, edit /etc/mysql/my.cnf and comment out skip-networking or remove the file from there
# skip-networking
If you want MySQL to listen on all available IP addresses, edit /etc/mysql/my.cnf and comment out bind-address = 127.0.0.1:
# bind-address = 127.0.0.1:
If you had to edit /etc/mysql/my.cnf you have to restart MySQL:
#/etc/init.d/mysql restart
############### Debian Default fonts location ######################
/usr/share/fonts/truetype
############### Debian SQLite Installation ################3
* Use apt-get install python-sqlite to install pysqlite 1.0.
* Use apt-get install python-pysqlite1.1 to install pysqlite 1.1.
* Use apt-get install python-pysqlite2 to install pysqlite 2.x.

Check the status of a Crontab entry

How to check a cronjob is working properly

1.From the terminal exicute
$ crontab -e
* * * * * date >>/home/cronstatus.txt

then save and open the /home/cronstatus.txt using any editor
check the time intervel between the date printed on the file.

Note: the above cron job will execute every second .So you need to be remove from it ASAP after the testing …
Will update the later part shortly…….
That’s it !

Incremental backup – Re-synchronization over ssh

For doing this,
1, We need 2 Linux box with ssh service enabled
2, An ssh auto login to taking backup from
3,resysc command should be installed in backup server

A, SSH Auto login

############ SSH Auto login ###################

on the Client machine exicute the command from the data which to be taken from

a.) #ssh-keygen -d

it show something like this

Generating public/private dsa key pair.
Enter file in which to save the key (/root/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_dsa.
Your public key has been saved in /root/.ssh/id_dsa.pub.
The key fingerprint is:
da:e9:42:61:f5:97:6e:40:e2:89:0a:12:35:f6:4a:b3 root@mysystem.local

b) Copy the content(/root/.ssh/id_dsa.pub) and pasted it on Backup server ~/.ssh/authorized_keys (Create a file if doesn’t exist)

c) On the source system edit the following the file and add the backup server entry in the ssh_config file

$vi /etc/ssh/ssh_config
Host <Backup server>

IdentityFile /root/.ssh/id_dsa (Which created on the beginning
Now you can able to ssh with source server without having any authentication
B, Execute this command on the Backup server
rsync –delete-after -zave ssh –progress <sourceIP>:<path/to/source/location> <path/to/backup>
This will synchronize the data on the source server with backup copy

Note:You can able to automated it as a cronjob by using the commands
Crontab entry will look like this ,it will execute every day at 12:30 AM

30 0 * * * sh /usr/local/share/backup/backup.sh /usr/local/share/backup/backup.log

Installing Apache 1.3 with SSL

Installing Apache with SSL support

1. Download openssl source from http://www.openssl.org.
2. untar the source into /usr/local/src
3. cd /usr/local/src/openssl-0.9.7b
4. ./config –prefix=/usr/local/openssl
5. make
6. make install
7. Download apache 1.3.x from http://httpd.apache.org/dist/
8. untar in /usr/local/src/
9. Download modssl from http://www.modssl.org
10. untar the source into /usr/local/src
11. cd /usr/local/src/mod_ssl-2.8.14-1.3.27
12. ./configure –with-apache=../apache_1.3.27/ –prefix=/usr/local/apache –enable-module=so –enable-module=expires –enable-module=rewrite –enable-suexec –suexec-caller=nobody –suexec-docroot=/usr/local/apache/htdocs/ –suexec-logfile=/var/log/suexec_log –with-ssl=/usr/local/openssl
13. cd ../apache_1.3.27
14. make
15. make certificate TYPE=custom
14. make install
16. cd /usr/local/apache/conf/
17. cd ssl.key
18. cp server.key server.key.old
19. /usr/local/openssl/bin/openssl rsa -in server.key.old -out server.key
20. /usr/local/apache/bin/apachectl startssl

Useful PostgreSQL Commands

This scripts will create  postgres database with specified owner and resore a sql dump in to it

#The super user postgres  login along woth the password ‘admin’ in psql console

$psql  -h localhost -p 5432 <postgres> “admin”

#creating a database named ‘testdb’

postgres=# CREATE USER testuser;

postgres=# ALTER USER  testuser PASSWORD ‘letmein’;

#create a database named ‘mydb’ owned by the given user

postgres=# CREATE DATABASE mydb  WITH OWNER testuser;

#restoring dump to that database

postgres=# source<path/to/sql file>;

Some external commands 

1, Dumping  only data
$pg_dump -a -d <DB> -f <Filename.sql> -U <user> -p <passwd>

2, Dump only database schema

$pg_dump -s -d <DB> -f <Filename> -U <user> -p <passwd>
3, Complete   database dump

$pg_dump  -d <DB> -f <Filename>  -U <user> -p <passwd>

4,  To dump all databases

$ pg_dumpall > db.out

5, To reload this database use, for example:

$ psql -f db.out postgres

6, List the databases

$psql -l

Useful MySQL Commands

Suppose if you using a shared host service and u have given only one database to use. Sometime you need to empty the all the tables inside the Database ?

In this scenario,

You have not given an adequate privileges to create a new database. Then use this simple query which will empty the all tables inside a database.

$mysqldump -u[USERNAME] -p[PASSWORD] –add-drop-table –no-data [DATABASE] | grep ^DROP | mysql -u[USERNAME] -p[PASSWORD] [DATABASE]

##############################################################

How to set values on MySQL variables
in linux create a file on /etc/my.cnf Or in windows default files found on C:\Program Files\MySQL\MySQL Server 5.0 named my.ini
2.Edit that file and add the variable ame in to it
Eg :lower_case_table_names=0 ( For making case mysql as case sensitive )

################ how to test it is working ######################

Login as root user in mysql console
mysl>SHOW VARIABLES LIKE ‘lower_case%’;
################### Database dump ###########

$mysqldump –all-databases -r alldump.sql -uroot -p

############ Setting a proper privilages towards a database #####

mysql>GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES, LOCK TABLES ON <databasename>.* TO ‘<username>’@'localhost’ IDENTIFIED BY ‘<password>’;

Simple MySQL backup scripts

# This scripts will take the backup of given database using a dated naming convention

TODAY=DBname`date +%d-%m-%y`
TODAY=$TODAY.sql
#dest_dir keeping the backu locally
dest_dir=/home/installation/backup/
#arch_dir is the place folder ftp location
arch_dir=/home/installation/ftp/
mysqldump -B <DB> -r $dest_dir$TODAY -u<DBuser>  -p<pwd>

#tar cvf – $dest_dir$TODAY | gzip > $arch_dir$TODAY.tar.gz
# moving to local backup directory
cd $dest_dir
#removing old ftp backup
rm -rf $arch_dir/*
tar czvf $arch_dir$TODAY.tar.gz $TODAY