Let's Share Knowledge And Make A Difference

  • Monitor your network and systems like a hawk

    There are some perfact open souce solution for monitoing your Network devices and server system's health. Nagios, Cacti, WhatsUpGold and Smokeping are the leading monitoring tools among them...

    Read More
  • Email service and Security

    Now a days life without email service is unthinkable and E-mail service is quite expensive. As always linux gives us the answer with a strong mail service named postfix...

    Read More
  • Data Center Solution

    A data centre is a facility where companies can keep and operate most of the ICT infrastructure that supports their business. IT host the most critical systems that are vital to the continuity of daily operations...

    Read More

Thursday, August 22, 2013

How to configure squid 3.1.x in redhat6

 How to configure squid 3.1.x in redhat6

Preparing the server:
[root@app1 ~]# vim /etc/hosts
192.168.1.5     gw1.progoti.com         gw1
127.0.0.1       localhost.localdomain   localhost

[root@app1 ~]# vim /etc/sysconfig/network
HOSTNAME=gw1.progoti.com



[root@app1 ~]# vim /etc/squid/squid.conf
visible_hostname gw1.progoti.com
#
acl manager proto cache_object
acl localhost src 127.0.0.1/32
acl ournet src 192.168.1.0/24

http_access allow localhost
http_access allow ournet

# Squid normally listens to port 3128. For transparent proxy add intercept. In previous version we have user transparent option
http_port 3128 intercept


Setting up firewall:
Please change your local network from the script-
[root@app1 ~]# vim /root/iptables.sh
#!/bin/sh
### Firewall by Md. Mahidul Hasan ###

# Loading required stateful/NAT kernel modules
modprobe ip_conntrack
modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
modprobe iptable_nat

# Flash the firewall and accept the chains.
iptables -F
iptables -t nat -F
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

# Enable port forwarding.
echo "1" > /proc/sys/net/ipv4/ip_forward

# Assigning our local network
our_network="192.168.1.0/24"

# Enable NAT. Remember -o output interface port should be the WAN interface port.
#iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s "$our_network" -o eth0 -j SNAT --to-source 114.130.44.43

# Redirect http to SQUID.
iptables -t nat -A PREROUTING -p TCP -s 192.168.1.0/24 --dport 80 -j REDIRECT --to-port 3128
iptables -t nat -A PREROUTING -p TCP --dport 3128 -j REDIRECT --to-port 3128

# Allowed services
iptables -A FORWARD -s "$our_network" -p TCP --dport 53 -j ACCEPT             #Allow DNS
iptables -A FORWARD -s "$our_network" -p UDP --dport 53 -j ACCEPT             #Allow DNS
iptables -A FORWARD -s "$our_network" -p TCP --dport 80 -j ACCEPT             #Allow HTTP
iptables -A FORWARD -s "$our_network" -p UDP --dport 80 -j ACCEPT             #Allow HTTP
iptables -A FORWARD -s "$our_network" -p TCP --dport 443 -j ACCEPT            #Allow HTTPS
iptables -A FORWARD -s "$our_network" -p UDP --dport 443 -j ACCEPT            #Allow HTTPS
iptables -A FORWARD -s "$our_network" -p TCP --dport 3128 -j ACCEPT           #Allow SQUID
iptables -A FORWARD -s "$our_network" -p UDP --dport 3128 -j ACCEPT           #Allow SQUID

# Save and restart services
Service squid restart
service iptables save
service iptables restart
chkconfig iptables on

[root@app1 ~]# chmod 755 /root/iptables.sh
[root@app1 ~]# sh /root/iptables.sh

Saturday, August 3, 2013

How To Force Apache to redirect from HTTP to HTTPS

How To Force Apache to redirect from HTTP to HTTPS

Senario:
Suppose we have a website named "blog.mahidul.com". And I want if any user enter "blog.mahidul.com" to their browser it will automatically redirect to "https://blog.mahidul.com"


From RedHat:

First we will hash the followings from httpd.conf-

[mahidul@oracle ~]$ vim /etc/httpd/conf/httpd.conf
#NameVirtualHost *:80
#<VirtualHost *:80>
#    ServerAdmin root@localhost
#    DocumentRoot /var/www/html
#    ServerName localhost
#    ErrorLog logs/localhost-error_log
#    CustomLog logs/localhost-access_log common
#</VirtualHost>



Now we have to add/modify the virtual host file as below. It may be in the conf.d directory or it may also stay in your httpd.conf file (depends the way you have configured your server).

[mahidul@oracle ~]$ vim /etc/httpd/conf.d/mahidulsblog.conf
<VirtualHost *:80>
        RewriteEngine on
        ReWriteCond %{SERVER_PORT} !^443$
        RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [NC,R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerAdmin aman@progoti.com
    DocumentRoot /var/www/html/mahidulsblog
    ServerName blog.mahidul.com
    ErrorLog logs/blog.mahidul.com-error_log
    CustomLog logs/blog.mahidul.com-access_log common

    <Directory /var/www/html/mahidulsblog>
        Options +ExecCGI
        AllowOverride Limit FileInfo Indexes
        DirectoryIndex index.cgi
        AddHandler cgi-script .cgi
    </Directory>

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn

SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>

<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>


SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"

</VirtualHost>


Note: In debian/ubuntu like bistro the apache folder location will be at "/etc/apache2/sites-available/default" or "/etc/apache2/sites-available/[oursite]" configuration file.