Archive for Servers

Installation of Apache Tomcat with truted HTTPs

I have done it for Debian. Trusted HTTPS configuration is the last page. I took help from the URL:

Apache2, mod_jk, apache tomcat 5.5.16,  JDK, openssl, libapache-mod-ssl

Step by step Configuration:
1. Install apache2. For tomcat we have to change some from the normal configuration. (I folowed the URL )

2. Install JDK at Debian. (I followed the URL ).
3. Install and Configuring Tomcat.
a. Download the tar.gz file from
b. extract the files using following commands.
#cd /downloads #unp apache-tomcat-5.5.16.tar.gz

#mv apache-tomcat-5.5.16 /usr/lib

c.#cd /usr/lib

d. Now create a symbolic link called apache-tomcat to the CATALINA_HOME by the following command.
#ln -s apache-tomcat-5.5.16 apache-tomcat

e. #cd /usr/lib/apache-tomcat/bin

f. #./

4. Install and Configure mod_jk (I followed the URL

5.  Configuring Tomcat and Apache. (I followed URL

a. First create the file in your Apache2 root directory.

b. open the file and add some lines.(For details

c. Add some  lines at /etc/apache2/apache2.conf file (For details

d. add a user tomcat at a group tomcat.

e. change the user and group of the Tomcat path

f. change the password of tomcat.

g. start and stop tomcat server using tomcat user

h. restart apache2.

6. Creating self signed SSL Certification Using OpenSSL (for details )

a. install openssl and libapache-mod-ssl

b. create a workable directory.

c. create a database for the certificates we will sign

d. We have to add some lines to openssl.cnf (for deatils check

e. Run the following command:

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem \

-out cacert.pem -days 3650 -config ./openssl.cnf

7. Creating a Certificate Signing Request (CSR):

a.Our configuration file needs some more definitions for creating non-CA certificates. Add the following at the end of the file:

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

b. insert the following line to the req section after the distinguished_name line as shown:

distinguished_name = req_distinguished_name
req_extensions = v3_req

c. Now we are ready to create first certificate request.

d. openssl req -new -nodes -out req.pem -config ./openssl.cnf

e. openssl req -in req.pem -text -verify -noout

f.Signing a certificate: Insert some line at openssl.cnf file (for detail

g. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem

h. Installing the certificate and key.

cat key.pem cert.pem  key-cert.pem

i. After this step, you have three installable components to choose from: A private key in key.pem, A certificate in cert.pem, A combined private key and certificate in

Copy the appropriate files into the locations specified by the instructions for your application and system. Restart the applications, and you are in operation with your new certificate.

j. Apache (For details URL

k. Stunnel (For Details URL

l. Distributing CA Certificates (For Details URL

m. Renewing Certificates(For Details URL


Leave a Comment

FTP server configuration on Redhat

How To Download And Install The VSFTP Package:

RedHat and Fedora software is installed using RPM packages. As of this writing, the most recent Fedora version used a VSFTP RPM file is named:

# vsftpd-1.2.0-5.i386.rpm

Now download the file to a directory such as /tmp and install it using the rpm command:

[root@bigboy tmp]# rpm -Uvh vsftpd-1.2.0-5.i386.rpm
Preparing… ########################################## [100%]
1:vsftpd     ########################################## [100%]

[root@bigboy tmp]#

How To Get VSFTP Started

Redhat Version 9, Fedora Core 1And Newer

You can start/stop/restart vsftpd after booting by using the following commands:

[root@bigboy tmp]# /etc/init.d/vsftpd start
[root@bigboy tmp]# /etc/init.d/vsftpd stop
[root@bigboy tmp]# /etc/init.d/vsftpd restart

To get vsftpd configured to start at boot:

[root@bigboy tmp]# chkconfig –level 345 vsftpd on

Testing To See If VSFTP Is Running

[root@bigboy root]# netstat -a | grep ftp
tcp        0        0        *:ftp         *:*        LISTEN
[root@bigboy root]#

Configuring The VSFTP as anonymous:

# vi /etc/vsftpd/vsftpd.conf


Other vsftpd.conf Options

There are many other options you can add to this file including:

Limiting the maximum number of client connections (max_clients)

Limiting the number of connections by source IP address (max_per_ip)

The maximum rate of data transfer per anonymous login. (anon_max_rate)

The maximum rate of data transfer per non-anonymous login. (local_max_rate)

Descriptions on this and more can be found in the vsftpd.conf man pages.

The /etc/vsftpd.ftpusers File

For added security you may restrict FTP access to certain users by adding them to the list of users in this file. Do not delete entries from the default list, it is best to add.

Anonymous Upload

If you want remote users to write data to your FTP server then it is recommended you create a write-only directory within /var/ftp/pub. This will allow your users to upload, but not access other files uploaded by other users. Here are the commands to do this:

[root@bigboy tmp]# mkdir /var/ftp/pub/upload
[root@bigboy tmp]# chmod 733 /var/ftp/pub/upload

FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have.

ftpd_banner= New Banner Here

Configuring The VSFTP as Sucure Users:

# vi /etc/vsftpd/vsftpd.conf

# anonymous_enable=YES
# anon_upload_enable=YES
# anon_mkdir_write_enable=YES

FTP Users With Only Read Access To A Shared Directory:

Create a user group and shared directory. In this case well use “/home/ftp-users” and a user group name of “ftp-users” for the remote users.

[root@bigboy tmp]# groupadd ftp-users
[root@bigboy tmp]# mkdir /home/ftp-docs

Make the directory accessible to the ftp-users group.

[root@bigboy tmp]# chmod 750 /home/ftp-docs
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs

Add users, and make their default directory /home/ftp-docs

[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user1
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user2
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user3
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user4
[root@bigboy tmp]# passwd user1
[root@bigboy tmp]# passwd user2

[root@bigboy tmp]# passwd user3
[root@bigboy tmp]# passwd user4

Change the permissions of the files in the /home/ftp-docs directory for read only access by the group

[root@bigboy tmp]# touch /home/ftp-docs/abc
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs/*
[root@bigboy tmp]# chmod 740 /home/ftp-docs/*

Users should now be able to log in via ftp to the server using their new user names and passwords. If you absolutely don’t want any FTP users to be able to write to any directory then you should comment out the write_enable line in your vsftpd.conf file like this:


Restart vsftp for the configuration file changes to take effect.

Sample Login Session To Test Funtionality

Check for the presence of a test file on the ftp client server.

[root@smallfry tmp]# ls
total 1
-rw-r–r– 1 root root 0 Jan 4 09:08 testfile

[root@smallfry tmp]#

Now we have to keep the file in location:

# cd /home/ftp-docs/ that will be downloaded.

Comments (2)

DNS configuration at Debian 4.0

Hello, today some while ago i configured a DNS on Debian successfully. I ma writting this post using my DNS. Here is the configuration method of DNS.

Step1. At the very beginning I installed the package bind9 that is used for configuring DNS at Debian. I just write down the command,

apt-get install bind9

It will install the package bind9 within few minutes and now, we are ready to configure our DNS server.

Edit file named.conf in directory /etc/bind . And in this tutor, the domain is

vi /etc/bind/named.conf

Here we have to add the following lines at the end last ‘Zone’ paragraph.

zone “” {
type master;
file “/etc/bind/test”;

zone “” {
type master;
file “/etc/bind/reverse”;

after it, save and exit with type “:wq!”

and now we have to make the zone file and reverse zone file, in directory as we edited in file named.conf

vi /etc/bind/test
and you have to put some configuration like this;

$TTL 604800 IN SOA debian. (

1 ;

Serial 604800 ;

Refresh 86400 ;

Retry 2419200 ;

Exipire 604800 ) ;

Negative Cache TTL
@ IN MX 10
debian IN A

then save and exit, with type “:wq!

after it, you must create reverse zone file

vi /etc/bind/reverse
then put some configuration like this;

test’s zone file :
$TTL 64800
@ IN SOA debian (
1 ;

serial 7200 ;

refresh 7200 ;

retry 36000 ;

expire 7200 ) ;


debian IN A

100 IN PTR

then save and exit, with type “:wq!

and now you should configure dns resolver.

Edit file of directory /etc/resolv.conf
and put some configuration there!

vi /etc/resolv.conf

And add the following lines.


then save and exit with type “:wq!

and now you should configure the host file.

vi /etc/hosts

put some configuration there! localhost debian

Note: IP address in that domain is
and that host has domain
Hope to get suggestion from you.

Leave a Comment

Recovering Grub Boot Loader

Sometimes we get problem after installing windows besides linux. Fresh installation of windows sets boot loading directly from MBR. So, Grub boot loader does not work. We can recover Grub boot loader very easily. To do so, we can follow the following steps.

1. Start the pc on linux rescue mode.

2. In rescue mode do chroot/mnt/sysimage.

3. Then do grub-install /dev/hda

4. Restart the pc.

Now you will find Grub boot loader.

Comments (1)

Scheduled task

We can record some schedule task at Linux. To do this we can use crontab command. We can add a scheduled task by command:

crontab -e

At the very first we should understand the basic structure of crontab command.

*           *           *            *          *          Command

1st * is the minutes of hour (0-59)

2nd * is the hour of day (0-23)

3rd star means day of month (1-31)

4th * means month of year (1-12)

5th * means day of week (0-6)


crontab -e

10     9   *     *      *      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup every day 9.10 am

crontab -e

*/10     *   *     *      *      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup after every 10 minutes.

10,30     9,17   *     *      6      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup every friday at hour between 9am and 5 pm and minute between 10min-30min

To check the scheduled list we can use

crontab -l

To remove schedule task we can use

crontab -r

Leave a Comment

Hiding desktop properties on a domain

Yesterday I got a problem of hiding desktop on a domain. Many companies do this at their domain. We can do these using active directory group policy. To do such things we can follow the following steps on your AD server.

1. Click Start, click Run, and then type gpedit.msc.

2. Under Local Computer Policy, expand User Configuration, expand Administrative Templates, expand Desktop, and then click Active Desktop.

3. Double-click Active Desktop Wallpaper.

4. On the Setting tab, click Enabled, type the path to the desktop wallpaper that you want to use, and then click OK.
I worked like this on my domain. The server OS is Windows 2003 server.
Hope that it may come useful to you. I need your suggestion and tips regarding active directory as I am a new at windows AD.

Leave a Comment

in linux, one pc restart momentarily

Today I get a problem “suppose in linux, one pc restart momentarily.then how do u solved it?”

My suggestion regarding this issue is as follows,

it may occur because of many issue.
1. may be hardware problem.
2. may be OS problem
3. may be configuration problem of inittab file.

If the problem is with hardware then you have to fix the hardware.
If the problem is with the OS then install a fresh OS.

If you boot your OS at run level 6 then the pc will restart momentarily. You have to change the default run level. As your pc is also restarting momenterily, you must have to log in at single user mode to change the configuration at /etc/inittab .

In my next post I shall try to discuss to change the default run-level.

Any comments regarding these issue will be highly welcome.

Comments (1)

Older Posts »