Category Archives: CentOS

Apache – Configuring A Reverse Proxy

Apache – Configuring A Reverse Proxy

Introduction

A reverse proxy is a gateway for servers, and enables one web server to provide content from another transparently. As with a standard proxy, a reverse proxy may serve to improve performance of the web by caching; this is a simple way to mirror a website.

But the most common reason to run a reverse proxy is to enable controlled access from the Web at large to servers behind a firewall.
Software Requirements

Pre-requisites

In order to install Tunez the following software is required :-

1. apache 2 (Including the development package httpd-devel)
2. libxml2 (Installed as standard with Fedora Core 8)
3. mod_proxy_html-2.5.2.so

Adding mod_proxy_html and libxml2

To perform proxying Apache requires the libxml2 package and the mod_proxy_html file adding.. Where as libxml2 is installed as standard with most Operating Systems (Including Fedora Core 8) the mod_proxy_html file requires downloading and adding to Apache.

To add the mod_proxy_html file and libxml2 package to the installation perform the following steps :-

1. Download mod_proxy_html from [[http://apache.webthing.com/mod_proxy_html/mod_proxy_html-2.5.2.c apache.webthing.com]]
2. At the command prompt run the command shown below :-

apxs -c -I/usr/include/libxml2 -i mod_proxy_html-2.5.2.c

Including The Apache Proxy Modules

In order to configure Apache as a Proxy server there are several Modules which need to be enabled on the server. To ensure that the required Modules are enabled for the Apache server follow the steps below :-

1. Edit the /etc/httpd/conf/httpd.conf file and search for the Dynamic Shared Object (DSO) Support section
2. Search through the !LoadModule statements in this section for each of the lines below and uncomment by removing the # symbol at the start of the line if necessary :-

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so

3. At the bottom of the !LoadModule lines add the two lines shown below to add mod_proxy_html and libxml2 :-

LoadFile /usr/lib64/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html-2.5.2.so

4. Save and close the httpd.conf file once the above modifications have been made

Disabling Proxy Requests

To ensure that the Proxy server is not used to route unsolicited traffic disable the Proxy Requests in Apache. To disable Proxy Requests in Apache perform the following steps :-

1. Search /etc/httpd/conf/httpd.conf for the line #ProxyRequests On in the httpd.conf file and change it to the line below :-

ProxyRequests Off

2. Save and close the httpd.conf file once the above modifications have been made

Configure Reverse Proxying

To configure Reverse Proxying for an internal web server perform the following steps :-

1. Edit /etc/httpd/conf/httpd.conf and and add the following lines to the bottom of the file, substituting {http://www.example.com/} with the required internal web-site you wish to proxy and {/example/} with the folder you wish to present it as on the proxy server:-

ProxyPass {/example/} {http://www.example.com/}
ProxyHTMLURLMap {http://www.example.com} {/example}

ProxyPassReverse /
SetOutputFilter proxy-html
ProxyHTMLURLMap / {/example/}
RequestHeader unset Accept-Encoding

3. Save and close the httpd.conf file once the above modifications have been made

Refresh Apache’s Configuration

Once the modifications above have been made to the Apach config file either restart apache using service httpd restart or refresh its configuration using service httpd reload

Useful Links

http://www.apachetutor.org/admin/reverseproxies

Apache – Configuring a HA Cluster On Centos

Apache – Configuring a HA Cluster On Centos

Node Base Builds

The two nodes used in the cluster were buit using a text based install of Centos with the following Package Groups selected :-

Applications
Editors
Text Based Internet
Development
Development Libraries
Development Tools
Servers
Server Configuration Tools
Web Server
Windows File Server
Base Tools
Administation Tools
System Tools
Clustering
Clustering

Installing heartbeat

Prior to building the cluster install the heartbeat packages with yum by running the following command :-
yum install heartbeat

Creating the configuration files

Copying the example files below to the /etc/ha.d directory on the two nodes

/usr/share/doc/heartbeat-2.1.3/authkeys to /etc/ha.d
/usr/share/doc/heartbeat-2.1.3/ha.cf to /etc/ha.d
/usr/share/doc/heartbeat-2.1.3/haresources to /etc/ha.d

Editing the authkeys file

Edit the file /etc/ha.d/authkeys and add the following lines to the end of the file :-

auth 2
2 sha1 test-ha

Save and exit the file and then change the permissions so the root user only can read / write the file by running chmod 600 authkeys

Editing the ha.cf file

Edit the file /etc/ha.d/ha.cf and add the following lines to the end of the file :-

logfile /var/log/ha-log
logfacility local0
keepalive 2
deadtime 30
initdead 120
bcast eth0
udpport 694
auto_failback on
node {first cluster server node name}
node {second cluster server node name}

Save and exit the file
N.B. The two node names above can be found by running uname -n on both nodes

Editing the haresources file

Edit the file /etc/ha.d/haresources and add the following lines to the end of the file :-

{first cluster server node name} 172.16.4.82 httpd

Save and exit the file

Editing the httpd.conf file

Edit the file /etc/httpd/conf/httpd.conf and add the line below :-

Listen {Virtual IP Address to be used}:80

Save and exit the file
N.B. The IP address used in the Listen line is the virtual IP address which is to be used to access the clustered Apache web site and must NOT be one of the physical node addresses

Create a test index.html on each node

In order to test that heartbeat is configured correctly and working create a new index.html on each cluster node under the /var/www/html folder.

Ensure that the node name is referenced on the web page so that testing is easier to confirm by the name provided on the page.

Copying the configuration files to the second node

Once the files above have been created and modified copy the /etc/ha.d folder and it’s contents along with the /etc/httpd/conf/httpd.conf file to the second node.

Start heartbeat on each node

Once the files have been copied to the second node start the heartbeat service on the first node by running the command below :-

service heartbeat start

To check that heartbeat has also brought up httpd by going to the virtual IP address and confirming that you’re test web page is opened from the first node.

Next run the same command to start heartbeat on the second node and then stop the service on the first node by running the command below :-

service heartbeat stop

Refresh the web page and confirm that the web page has changed to the second nodes test page.

If both nodes deliver their web pages correctly restart the heartbeat service on the first node and confirm that the web page swaps back to the first node test page after a few minutes.

Apache – Clustering On Centos

Apache – Clustering On Centos

Introduction

This article provides details on how to implement Apache on to a Centos cluster to provide HA capability.

The infrastructure used for this article was two virtual machines running Centos 5.3 with clustering configured running on a Fedora Core 8 64-bit host running VMWare Server 1.0.8.

Pre-requisites

Centos Cluster configured
Shared disk resources

Adding an Apache Clustered Service

Editing the httpd.conf file

Edit the file /etc/httpd/conf/httpd.conf file, find the Listen line and change it to the virtual IP address to be used as shown below :-

Listen {virtual ip address}:80

Next find the DocumentRoot line and change it to the location on the shared storage to be used as shown below :-

DocumentRoot “/{shared disk resource mount/http-cluster/html”

Next find each instance of /var/www in the file and change them to point to /{shared disk resource mount/http-cluster/folder as shown in the examples below :-

Alias /icons/ “/{shared disk resource mount/http-cluster/icons/”

Save and exit the file once it has been modified
Copy the /etc/httpd/conf/httpd.conf file to the second node in the cluster

N.B. There are several references to /var/www in the file for icons, error, cgi-bin, etc which require changing

Create the contents on the shared disk

On the shared disk create the http-cluster folder as shown below where clusdisk is used as an example for the mount point for the shared disk :-

mkdir /clusdisk/http-cluster

Next copy the contents of the /var/www folder to the newly created folder by running the command shown below using clusdisk as an example for the mount point for the shared disk :-

cp -rv /var/www /clusdisk/http-cluster

Confirm that the http-cluster folder now contains the folders html, icons, error, cgi-bin, etc and their contents
Modify the permissions for the files in the folder by running the following commands where clusdisk is used as an example for the mount point for the shared disk :-

chown -R apache /clusdisk/http-cluster

chgrp -R apache /clusdisk/http-cluster

Add the new resources to the cluster

Open the cluster configuration tool on the first node by running system-config-cluster

Highlight the Resources branch in the left hand pane and then click on the Create a resource button at the bottom of the right hand pane.
Select IP Address from the drop down box
Configure the same IP address as configured in the httpd.conf file Listen line
Click on OK to create the resource

Add the apache script resource

Highlight the Resources branch in the left hand pane and then click on the Create a resource button at the bottom of the right hand pane.

Select Script from the drop down box
Give the resource a name for example Clustered-Apache
Set the File (with path) to /etc/rc.d/init.d/httpd
Click on OK to create the resource

Add the apache cluster service

Highlight the Services branch in the left hand pane and then click on the Create a service button at the bottom of the right hand pane.

When prompted enter the name for the service for example Apache-Cluster and then click on the OK button.

Select the Failover Domain configured from the Failover domains drop down box.
Next click on the Add a Shared Resource to the service button.
Select the File system resource being used to host the web site when prompted and click on OK to add it to the service
Add the IP Address and the script resources created above to the service and the click on Close to create the service.

Propagate the configuration to the other node

Once the new Clustered Apache service has been configured click on the File, Save button to save it locally

Next click on the Send to cluster button to synchronise the changes to the other node.

Start the service

Click on the Cluster Management tab
Highlight the new service in the bottom section of the tab and click on the Enable button

Nagios CentOS Remote 2 – Configuring The Nagios Server

Nagios CentOS Remote 2 – Configuring The Nagios Server

The next part in the installation is to configure the nagios server to monitor the remote host.  To configure the nagios server to monitor the remote server perform the following sections.

Confirming Communiction With The Client

The first step in the nagios server configuration is to confirm that it is able to communicate with the remote host.  To confirm communications with the remote host perform the following steps :-

  • In the command prompt on the nagios server execute the following command :-

/usr/lib64/nagios/plugins/check_nrpe -H {Remote Host IP}

E.G. – /usr/lib64/nagios/plugins/check_nrpe -H 10.20.30.40

  • The command will execute and if it is able to communicate with the client machine return something along the lines shown below :-

NRPE v2.12
N.B. The version number shown may be different if a newer version of nrpe has been installed on the remote host

Defining The Host

The next part of the configuration is to define the host to nagios.  To define the host to nagios perform the following steps :-

  • On the nagios server create a new file under/etc/nagios/objects named linux-servers.cfg
  • Edit the newly created file /etc/nagios/objects/linux-servers.cfg and add the text below :-

define host {
 use linux-server
 host_name {Remote Server FQDN Hostname}
 alias {Friendly Remote Server Name}
 address {Remote Server IP Address}
 }

  • Next add in the following text below to create a basic Ping check of the server :-

define service {
 use local-service
 host_name {Remote Server FQDN Hostname}
 service_description check_ping!100.0,20%!500.0,60%
 }

  • Save and Exit the file

Adding The Config File To The Nagios Config File

In order for nagios to utilise the newly created linux-servers.cfg created in the section above it needs adding to the nagios.cfg on the nagios server.  To add the linux-servers.cfg file to the nagios.cfg file perform the following steps: –

  • On the nagios server edit the file under /etc/nagios/nagios.cfg
  •  Locate the line cfg_file=/etc/nagios/objects/localhost.cfg and then add the text below as a new line :-

cfg_file=/etc/nagios/objects/linux-servers.cfg

  • Save and  Exit the file

Adding The Check_nrpe Command

In order to run commands on the remote host the check_nrpe command needs to be defined on the nagios server.  To define the check_nrpe command on the nagios server perform the following steps :-

  • On the nagios server edit the file/etc/nagios/objects/commands.cfg
  • At the bottom of the file add the section of text below :-

define command {

 command_name check_nrpe

 command_line $USER1$/check_nrpe -H $HOSTADDRESS$ -c $ARG1$

 }

  • Save and Exit the file

Verify The Configuration And Restart Nagios

The next step is to verify that the changes in the previous sections have been made correctly on the server.  To verify the nagios configuration changes perform the following steps :-

  • In the command line of the remote host execute the command below :-

nagios -v /etc/nagios/nagios.cfg

  • The command should return the lines below if the files have been written correctly :-

Total Warnings: 0

Total Errors:   0

Things look okay – No serious problems were detected during the pre-flight check

  • Finally Restart nagios on the server by executing the command below :-

service nagios restart

Nagios CentOS Remote 1 – Installing The Client Components And Dependencies

Nagios CentOS Remote 1 – Installing The Client Components And Dependencies

The first part of the configuration to add a remote CentOS server to Nagios for monitoring is to install the client components and any dependencies using yum.  To install the client components and any dependencies perform the following steps :-

  • In the command line on the Remote Host execute the following command :-

yum install nagios nagios-plugins nagios-plugins-nrpe nagios-nrpe

The command above will install Nagios and some or all of the additional dependencies listed below on to the server once you accept the install :-

fping
perl-Crypt-DES
perl-Digest-HMAC
perl-Digest-SHA1
perl-Net-SNMP
perl-Socket6

Depending on the initial build of the CentOS server then some of these dependencies may not be required or may require updating as part of the yum install process.

Setting The Nagios Account Password

The next step is to set the password for the nagios user account on the Remote host as the CentOS installation already creates the account as part of the instalation.

The nagios user is used to run the nagios client components on the remote host itself but also for connection from the monitoring server.  To set the password for the nagios user perform the following steps :-

  • In the command line on the Remote Host execute the following command :-

passwd nagios

  • When prompted set the password for the user to the desired password.

Editing The Nrpe Config File

The next step in configuring the client components of nagios on the remote host is to modify the nrpe.cfg file on the server.  To modify the nrpe.cfg file on the server perform the following steps :-

·         On the Remote Host edit the file /etc/nagios/nrpe.cfg ·         Locate the line below and uncomment it by removing the # (Hash) symbol from the front of the line

#server_address=127.0.0.1
E.G. – server_address=10.20.30.40

·         Next change it to the IP address on the server you wish to bind nrpe to if you do not wish nrpe to run on all interfaces :-

server_address=127.0.0.1
E.G. – server_address=10.20.30.40

·         Next locate the line below and comment it out by adding a # (Hash) symbol to the front of the line :-

allowed_hosts=127.0.0.1
E.G. – #allowed_hosts=127.0.0.1

·         Next add a line below this as shown below where the {Monitoring Server IP} is set to the IP address of your nagios monitoring server :-

allowed_hosts={Monitoring Server IP}
E.G. – allowed_hosts=10.20.30.50

·         Next locate the line below and change it to dont_blame_nrpe=1 :-

dont_blame_nrpe=0
E.G. – dont_blame_nrpe=1

·         Next locate the INCLUDE CONFIG FILE section of the file and add the line below :- include=/etc/nagios/command-plugins.cfg ·         Save and Exit the file

Configuring The Nrpe Daemon To Start Automatically

The next step is to configure the nrpe daemon on the remote host to start automatically on boot.  To configure the nrpe daemon on the remote host to start automatically on boot perform the following steps :-

·         In the command line on the Remote Host execute the following command :-

chkconfig nrpe on

Starting The Nrpe Daemon

The final step on the Remote Host is to start the nrpe daemon and to do this perform the folliowing steps :-

·         In the command line on the Remote Host execute the following command :-

service nrpe start

Nagios CentOS Remote – Introduction And Pre-Requisites

Nagios CentOS Remote – Introduction And Pre-Requisites

Introduction

Nagios is an open source monitoring solution for network devices and servers.  The following pages of this article explain how to configure a remote CentOS server as a Nagion client for monitoring.

The installation is broken down in to the following steps which are explained in the subsequent sections of this article :-

  1. Installing The Client Components And Dependencies
  2. Configuring The Client Components
  3. Adding The Remote Host To Nagios

Pre-Requisites

In order to install the Nagios client components on to a CentOS 5.5 server the following pre-requisites must be met :-

  • A base installation of CentOS 5.5

Nagios CentOS 4 – Checking And Starting Nagios

Nagios CentOS 4 – Checking And Starting Nagios

The final step in the installation is to verify the configuration of nagios and then configure the daemon start up on the server.  To verify the configuration of nagios and then configure the daemon start up on the server perform the following steps :-

Verifying The Nagios Configuration

Once the nagios configuration steps have been done in the previous article the next step is to verify it.  Nagios proivides the ability to verify the configuration prior to starting or restarting nagios and it is good practice to perform this.  To verify the configuration of nagios perform the following step :-

  • In the command line of the nagios server execute the command below :-

nagios -v /etc/nagios/nagios.cfg

  • The command should return the lines below if the files have been written correctly :-

Total Warnings: 0
Total Errors:   0
Things look okay – No serious problems were detected during the pre-flight check

Configuring The Nagios Daemon To Start Automatically

Once the configuration has been verified the next step is to configure the nagios daemon to start automatically on boot and to do this perform following step :-

  • In the command line execute the command below :-

chkconfig nagios on

Starting Nagios

The final step in the installation is to start nagios on the server and to do this perform following step :-

  • In the command line execute the command below :-

service nagios start

Checking Nagios Is Running

To check that nagios is now running on the server perform the following steps :-

  • Open a web browser on a client machine (Remember to use one in a subnet which you have granted access from if you locked down access in the previous article)
  • In the web browser go to http://{Nagios Server IP Address}/nagios/
  • When prompted enter in the username and password which you set up in the previous article
  • You should now be presented with the Nagios front page
  • Click on Hosts in the left hand pane and you should see localhost
  • Click on Services and you should be presented with the list of default services on the localhost which nagios is monitoring

Nagios CentOS 3 – Setting Up Nagios

Nagios CentOS 3 – Setting Up Nagios

The next part of the installation is to set up Nagios ready for use which includes the following steps :-

  1. Setting up the password file
  2. Configuring the CGI file
  3. Configuring the nagios.cfg file

Setting Up The Password File

The first step in setting up Nagios is to create the password file which will be used to control access to the system.  To create the password file perform the following steps :-

  • In the command prompt execute the following command :-

htpasswd -c /etc/nagios/htpasswd.users nagiosadmin

  • When prompted enter the password desired for the nagiosadminuser
  • When prompted confirm the password for the nagiosadmin user

Configuring The CGI File

The CGI file is already configured for the use of the user nagiosadmin following installation so there is nothing to change if using the default nagiosadmin user.

If you are using a different username then perform the following steps :-

  • Edit the file /etc/nagios/cgi.cfg and replace all references to thenagiosadmin user with the username configured in the password file
  • Check and confirm that the setting below is set to 1 :-

use_authentication=

  • Save and Exit the file

Configuring The Nagios.cfg File

As with the CGI file, the nagios.cfg file is already configured for a basic installation.

The contents of the nagios.cfg file will be covered in subsequent articles as they are too in depth for this article.