Installation of Apache Tomcat with truted HTTPs

I have done it for Debian. Trusted HTTPS configuration is the last page. I took help from the URL:

Apache2, mod_jk, apache tomcat 5.5.16,  JDK, openssl, libapache-mod-ssl

Step by step Configuration:
1. Install apache2. For tomcat we have to change some from the normal configuration. (I folowed the URL )

2. Install JDK at Debian. (I followed the URL ).
3. Install and Configuring Tomcat.
a. Download the tar.gz file from
b. extract the files using following commands.
#cd /downloads #unp apache-tomcat-5.5.16.tar.gz

#mv apache-tomcat-5.5.16 /usr/lib

c.#cd /usr/lib

d. Now create a symbolic link called apache-tomcat to the CATALINA_HOME by the following command.
#ln -s apache-tomcat-5.5.16 apache-tomcat

e. #cd /usr/lib/apache-tomcat/bin

f. #./

4. Install and Configure mod_jk (I followed the URL

5.  Configuring Tomcat and Apache. (I followed URL

a. First create the file in your Apache2 root directory.

b. open the file and add some lines.(For details

c. Add some  lines at /etc/apache2/apache2.conf file (For details

d. add a user tomcat at a group tomcat.

e. change the user and group of the Tomcat path

f. change the password of tomcat.

g. start and stop tomcat server using tomcat user

h. restart apache2.

6. Creating self signed SSL Certification Using OpenSSL (for details )

a. install openssl and libapache-mod-ssl

b. create a workable directory.

c. create a database for the certificates we will sign

d. We have to add some lines to openssl.cnf (for deatils check

e. Run the following command:

openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem \

-out cacert.pem -days 3650 -config ./openssl.cnf

7. Creating a Certificate Signing Request (CSR):

a.Our configuration file needs some more definitions for creating non-CA certificates. Add the following at the end of the file:

[ v3_req ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash

b. insert the following line to the req section after the distinguished_name line as shown:

distinguished_name = req_distinguished_name
req_extensions = v3_req

c. Now we are ready to create first certificate request.

d. openssl req -new -nodes -out req.pem -config ./openssl.cnf

e. openssl req -in req.pem -text -verify -noout

f.Signing a certificate: Insert some line at openssl.cnf file (for detail

g. openssl ca -out cert.pem -config ./openssl.cnf -infiles req.pem

h. Installing the certificate and key.

cat key.pem cert.pem  key-cert.pem

i. After this step, you have three installable components to choose from: A private key in key.pem, A certificate in cert.pem, A combined private key and certificate in

Copy the appropriate files into the locations specified by the instructions for your application and system. Restart the applications, and you are in operation with your new certificate.

j. Apache (For details URL

k. Stunnel (For Details URL

l. Distributing CA Certificates (For Details URL

m. Renewing Certificates(For Details URL


Leave a Comment

FTP server configuration on Redhat

How To Download And Install The VSFTP Package:

RedHat and Fedora software is installed using RPM packages. As of this writing, the most recent Fedora version used a VSFTP RPM file is named:

# vsftpd-1.2.0-5.i386.rpm

Now download the file to a directory such as /tmp and install it using the rpm command:

[root@bigboy tmp]# rpm -Uvh vsftpd-1.2.0-5.i386.rpm
Preparing… ########################################## [100%]
1:vsftpd     ########################################## [100%]

[root@bigboy tmp]#

How To Get VSFTP Started

Redhat Version 9, Fedora Core 1And Newer

You can start/stop/restart vsftpd after booting by using the following commands:

[root@bigboy tmp]# /etc/init.d/vsftpd start
[root@bigboy tmp]# /etc/init.d/vsftpd stop
[root@bigboy tmp]# /etc/init.d/vsftpd restart

To get vsftpd configured to start at boot:

[root@bigboy tmp]# chkconfig –level 345 vsftpd on

Testing To See If VSFTP Is Running

[root@bigboy root]# netstat -a | grep ftp
tcp        0        0        *:ftp         *:*        LISTEN
[root@bigboy root]#

Configuring The VSFTP as anonymous:

# vi /etc/vsftpd/vsftpd.conf


Other vsftpd.conf Options

There are many other options you can add to this file including:

Limiting the maximum number of client connections (max_clients)

Limiting the number of connections by source IP address (max_per_ip)

The maximum rate of data transfer per anonymous login. (anon_max_rate)

The maximum rate of data transfer per non-anonymous login. (local_max_rate)

Descriptions on this and more can be found in the vsftpd.conf man pages.

The /etc/vsftpd.ftpusers File

For added security you may restrict FTP access to certain users by adding them to the list of users in this file. Do not delete entries from the default list, it is best to add.

Anonymous Upload

If you want remote users to write data to your FTP server then it is recommended you create a write-only directory within /var/ftp/pub. This will allow your users to upload, but not access other files uploaded by other users. Here are the commands to do this:

[root@bigboy tmp]# mkdir /var/ftp/pub/upload
[root@bigboy tmp]# chmod 733 /var/ftp/pub/upload

FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have.

ftpd_banner= New Banner Here

Configuring The VSFTP as Sucure Users:

# vi /etc/vsftpd/vsftpd.conf

# anonymous_enable=YES
# anon_upload_enable=YES
# anon_mkdir_write_enable=YES

FTP Users With Only Read Access To A Shared Directory:

Create a user group and shared directory. In this case well use “/home/ftp-users” and a user group name of “ftp-users” for the remote users.

[root@bigboy tmp]# groupadd ftp-users
[root@bigboy tmp]# mkdir /home/ftp-docs

Make the directory accessible to the ftp-users group.

[root@bigboy tmp]# chmod 750 /home/ftp-docs
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs

Add users, and make their default directory /home/ftp-docs

[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user1
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user2
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user3
[root@bigboy tmp]# useradd -g ftp-users -d /home/ftp-docs user4
[root@bigboy tmp]# passwd user1
[root@bigboy tmp]# passwd user2

[root@bigboy tmp]# passwd user3
[root@bigboy tmp]# passwd user4

Change the permissions of the files in the /home/ftp-docs directory for read only access by the group

[root@bigboy tmp]# touch /home/ftp-docs/abc
[root@bigboy tmp]# chown root:ftp-users /home/ftp-docs/*
[root@bigboy tmp]# chmod 740 /home/ftp-docs/*

Users should now be able to log in via ftp to the server using their new user names and passwords. If you absolutely don’t want any FTP users to be able to write to any directory then you should comment out the write_enable line in your vsftpd.conf file like this:


Restart vsftp for the configuration file changes to take effect.

Sample Login Session To Test Funtionality

Check for the presence of a test file on the ftp client server.

[root@smallfry tmp]# ls
total 1
-rw-r–r– 1 root root 0 Jan 4 09:08 testfile

[root@smallfry tmp]#

Now we have to keep the file in location:

# cd /home/ftp-docs/ that will be downloaded.

Comments (2)

DNS configuration at Debian 4.0

Hello, today some while ago i configured a DNS on Debian successfully. I ma writting this post using my DNS. Here is the configuration method of DNS.

Step1. At the very beginning I installed the package bind9 that is used for configuring DNS at Debian. I just write down the command,

apt-get install bind9

It will install the package bind9 within few minutes and now, we are ready to configure our DNS server.

Edit file named.conf in directory /etc/bind . And in this tutor, the domain is

vi /etc/bind/named.conf

Here we have to add the following lines at the end last ‘Zone’ paragraph.

zone “” {
type master;
file “/etc/bind/test”;

zone “” {
type master;
file “/etc/bind/reverse”;

after it, save and exit with type “:wq!”

and now we have to make the zone file and reverse zone file, in directory as we edited in file named.conf

vi /etc/bind/test
and you have to put some configuration like this;

$TTL 604800 IN SOA debian. (

1 ;

Serial 604800 ;

Refresh 86400 ;

Retry 2419200 ;

Exipire 604800 ) ;

Negative Cache TTL
@ IN MX 10
debian IN A

then save and exit, with type “:wq!

after it, you must create reverse zone file

vi /etc/bind/reverse
then put some configuration like this;

test’s zone file :
$TTL 64800
@ IN SOA debian (
1 ;

serial 7200 ;

refresh 7200 ;

retry 36000 ;

expire 7200 ) ;


debian IN A

100 IN PTR

then save and exit, with type “:wq!

and now you should configure dns resolver.

Edit file of directory /etc/resolv.conf
and put some configuration there!

vi /etc/resolv.conf

And add the following lines.


then save and exit with type “:wq!

and now you should configure the host file.

vi /etc/hosts

put some configuration there! localhost debian

Note: IP address in that domain is
and that host has domain
Hope to get suggestion from you.

Leave a Comment

Adjusting/Tuning TCP MTU for Remote Desktop Connection

Few days ago, I faced problem at remote desktop connection. I could could connect to the remote pc through RDC but it was getting hanged after logging in. Later we found that there was change at remote server at firewall. I had to change adjust the TCP MTU to 1300 to get the connection properly. To adjust the TCP MTU I had to do the following things.

To modify the PPPoE MTU size, create the following registry key:


Then add the following registry entries.

Collapse this tableExpand this table
Entry name Data type Value data
ProtocolType REG_DWORD 0x00000800
PPPProtocolType REG_DWORD 0x00000021
ProtocolMTU REG_DWORD the appropriate MTU size (in decimal)

To do this:

  1. Click Start, click Run, type regedit, and then click OK.
  2. Locate and then click the following key in the registry:
  3. On the Edit menu, point to New, and then click Key.
  4. Type Protocols, and then press ENTER.
  5. On the Edit menu, point to New, and then click Key.
  6. Type 0, and then press ENTER.
  7. On the Edit menu, point to New, and then click DWORD Value.
  8. Type ProtocolType, and then press ENTER.
  9. On the Edit menu, click Modify.
  10. Type 800, and then click OK.
  11. On the Edit menu, point to New, and then click DWORD Value.
  12. Type PPPProtocolType, and then press ENTER.
  13. On the Edit menu, click Modify.
  14. Type 21, and then click OK.
  15. On the Edit menu, point to New, and then click DWORD Value.
  16. Type ProtocolMTU, and then press ENTER.
  17. On the Edit menu, click Modify.
  18. Type the appropriate MTU size (decimal value), and then click OK.
    Tuning TCP MTU image 1

    Tuning TCP MTU image 1

  19. 19.   Browse to the TCP/IP registry keys under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parametersby expanding successive folders on the left panel and scrolling down as needed.
  20. Create a MTU value according to this.


    Key: Tcpip\Parameters\Interfaces\interfaceGUID

    Value Type: REG_DWORD—number

    ValidRange: 88–the MTU of the underlying network

    Default: 0xFFFFFFFF


    Adjusting TCP MTU at client pc image 2

    Description: This parameter overrides the default Maximum Transmission Unit (MTU) for a network interface. The MTU is the maximum IP packet size, in bytes, that can be transmitted over the underlying network. For values larger than the default for the underlying network, the network default MTU is used. For values smaller than 88, the MTU of 88 is used. I insert the MTU value 1300.

And Finally I could log in at the remote server through RDC successfully.

Actually I do not know much about this. Any comment or suggestion regarding this topic will be highly appriciated. Waiting to hear from you.

Comments (1)

Some useful commands at Windows

You can run the following commands to directly open these programs

appwiz.cpl >>Add/Remove Programs
desk.cpl >> Display Properties
firewall.cpl >> Firewall Settings
inetcpl.cpl >> Internet Options
mmsys.cpl >> Sound and Audio
ncpa.cpl >> Network Connections
nusrmgr.cpl >> User Accounts
powercfg.cpl >> Power Options
sysdm.cpl >>System Properties
wscui.cpl >> Security Center
wuaucpl.cpl >> Automatic Updates Configuration

Leave a Comment

Recovering Grub Boot Loader

Sometimes we get problem after installing windows besides linux. Fresh installation of windows sets boot loading directly from MBR. So, Grub boot loader does not work. We can recover Grub boot loader very easily. To do so, we can follow the following steps.

1. Start the pc on linux rescue mode.

2. In rescue mode do chroot/mnt/sysimage.

3. Then do grub-install /dev/hda

4. Restart the pc.

Now you will find Grub boot loader.

Comments (1)

Scheduled task

We can record some schedule task at Linux. To do this we can use crontab command. We can add a scheduled task by command:

crontab -e

At the very first we should understand the basic structure of crontab command.

*           *           *            *          *          Command

1st * is the minutes of hour (0-59)

2nd * is the hour of day (0-23)

3rd star means day of month (1-31)

4th * means month of year (1-12)

5th * means day of week (0-6)


crontab -e

10     9   *     *      *      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup every day 9.10 am

crontab -e

*/10     *   *     *      *      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup after every 10 minutes.

10,30     9,17   *     *      6      cp /etc/passwd /backup

This command will copy /etc/passwd file at /backup every friday at hour between 9am and 5 pm and minute between 10min-30min

To check the scheduled list we can use

crontab -l

To remove schedule task we can use

crontab -r

Leave a Comment

« Newer Posts · Older Posts »