Install tomcat
$ sudo yum install tomcat6
Download and extract apache solr : http://lucene.apache.org/solr/
$ cp apache-solr-3.6.2.war /var/lib/tomcat6/webapps/solr.war
$ cp -r /data/apache-solr-3.6.2/example/solr /var/lib/tomcat6/$ cat /etc/tomcat6/Catalina/localhost/solr.xml
$ chown -R tomcat: /var/lib/tomcat6/solr/
$ sudo service tomcat6 restart
Access url : http://<server_name/ip>:8080/solr/admin
These steps are used to generate a CSR to get the SSL certificate signed with verisign. The filenames used are just examples.
$ /usr/bin/openssl genrsa -rand /dev/urandom -out <web_root>/domain_name.key 2048
$ /usr/bin/openssl req -new -key <web_root>/domain_name.key -out <web_root>/domain_name.csrCountry Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:<make sure it matches exactly with your domain>
Email Address []:
Create the certificate without passphrase if you dont want passphrase to be prompted for every webserver restart.
Upload the CSR to the Certificate Authority and get the signed certificate and save it as domain_name.crt. If it is from verisign get both intermediate certificates and add it to a file (eg: intermediate.ca.crt)
In virtual host configuration
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP:!EXP-EDH-RSA-DES-CBC-SHA:!EXP-DES-CBC-SHA!EXP-RC2-CBC-MD5!EXP-RC4-MD5
SSLCertificateFile <web_root>/domain_name.crt
SSLCertificateKeyFile <web_root>/domain_name.key
SSLCACertificateFile <web_root>/intermediate.ca.crt
Restart webservice and verify the certificate, you may use the verisign cert checker (https://ssl-tools.verisign.com/#certChecker)
Login to the Rack tables as admin:
Add the following line under configuration–> permission
allow {$tab_default}
* This is for read only account, assign extra permissions if required
Configure Apache + LDAP
< Directory /var/www/racktables >
Options +Indexes FollowSymLinks MultiViews
DirectoryIndex index.php
AuthName "Rack Tables"
AuthType Basic
AuthBasicProvider ldap
AuthzLDAPAuthoritative on
AuthLDAPURL "ldaps://ldaphost.com/dc=company,dc=com?uid?sub?(objectClass=< depends_on_ldap >)"
# Bind if required
AuthLDAPBindDN "uid=userid,ou=people,dc=company,dc=com"
AuthLDAPBindPassword "xxxxxx"
AuthLDAPGroupAttribute uniqueMember
AuthLDAPGroupAttributeIsDN on
require ldap-group cn=group_name,dc=company,dc=com
require ldap-attribute cn=group-name-allowed
< /Directory >
* Most of LDAP configs based on your setup
Configure Rack Tables:
Edit the inc/secret.php
Set :
$user_auth_src = 'httpd';
$require_local_account = FALSE;
NOTE: to get the logout working properly make sure the Apache AuthName matches with the one configured for Rack tables authentication.
Referene : http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide
Reference
./arun
Once your network interface is configured with IPv6, it is easy to configure the webserver. No real difference with IPv4 configuration.
Configure Apache to listen the IPv6 address:
Listen ipv6_address:port
NameVirtualHost ipv6_address:port
If the apache virtual host is configured with domain name , eg < VirtualHost arunns.com:80 >, just add AAAA record for arunns.com in dns and the website will work without any extra configurations other than the previous two lines.
Also we can specifically configure it :
< VirtualHost ipv4_address:80 ipv6_address:80 >
It is possible to have different contents for ipv4 and ipv6 sites, just create two different virtual hosts with different document root one for IPv4 and other for IPv6.
< VirtualHost ipv4_address:80 >
DocumentRoot /home/123/
< /VirtualHost >
< VirtualHost ipv6_address:80 >
DocumentRoot /home/456/
< /VirtualHost >
./arun
It is straight forward to enable IPv6 on any linux system, since the latest kernel support it very well. This document is more relevant for Redhat linux but the idea is same for all.
Make sure the ipv6 support is not disabled in kernel
Comment out the following line in /etc/modprobe.conf if existing.
#alias ipv6 off
#alias net-pf-10 off
Enable IPv6 networking:
edit /etc/sysconfig/network
NETWORKING_IPV6=yes
Configure the IPv6 address:
edit /etc/sysconfig/network-scripts/ifcfg-eth0 (or bond0 for bond interfaces, ipv6 works as expected with bond interface as well)
IPV6INIT=yes
IPV6ADDR=
IPV6ADDR_SECONDARIES=
IPV6_DEFAULTGW=
IPV6_AUTOCONF=yes/no
Just restart network and you will be able to see the IPv6 address.
Incase if the ipv6 module doesnt exist in kernel, just do a modprobe:
# modprobe -a ipv6
Almost all softwares in linux works with IPv6,
For apache add the listen address to ipv6 address and enable name virtual host for ipv6 address if required.
You can test your ipv6 connectivity by:
$ ping6 ipv6.google.com
./arun
Tips to harden apache webserver:
Disable weak SSLV2 siphers
edit ssl.conf and add
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:+EXP
Restrict apache to giveout minimum informations
Edit httpd.conf and change
ServerTokens ProductOnly
Disable track and trace in every virtual hosts
LoadModule rewrite_module modules/mod_rewrite.so
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
Always better to configure apache to Loan minimal/required modules and include only necessary config files.
./arun
If you happend to see this error in apache logs,
– mixing * ports and non-* ports with a NameVirtualHost address is not supported, proceeding with undefined results
Check your apache configuration, to make sure that there is no VirtualHost defined without port numbers like : <VirtualHost 127.0.0.1>, if existing fix it with port number.
There is a good change that the foreign email servers will drop if the sender email headers are not properly formatted.
Anyway if you get apache@localhost in Received header (with postfix/apache/php), you can change the php.ini, sendmail_path program to use sendmail.postfix instead of sendmail binary.
like : sendmail_path = /usr/sbin/sendmail.postfix -t -i -f
./arun