CentOS 5.0 - Home Server Tutorial - part 2

Last time I created local lan but I have server! Not router but server and every real sever has its http instance. In this part I'll describe how to create your own http/https server with virtual hosts, how to create self-sined ssl certificates and couple other things. We will use standard apache server version 2.2. It is default version on Centos 5.o and it can do whatever you want.

I belive that you know basics of apache configuration and you can claryfy diference between http and https. I advise you to restart httpd server after configuration steps. It prevents of makeing stupid mistakes at the beginning.

Let's start. How? I hope you know. Installation of httpd, of course.

1. Simple site

#yum install httpd

After this you will have fresh installation of apache 2.2 server. To start it type:

#/etc/init.d/httpd start

or

#service httpd start

Now, if you'll point your browser to http://localhost/ you'll see default centos/apache site. But it wasn't our aim. Create file for your http site. For testing purposes create file index.html containing:

<html>
<head>
<title>Default page</title>
</head>
<body>
My test page.
</body>
</html>

Put this file to /var/www/html/ directory and reload your browser. Yupi! That's it.

2. VIRTUAL DOMAIN AND SSL CERTIFICATES

In fact that is still not what I wanted. I bought two domains and they point to my public IP address. Let's call them examle1.com and example2.com. Now both domains shows the same - blithe 'My test page.' site. I'd like situation when on different domains will be difarent sites. More over I'd like to have different sites displayed via http:// and https:// protocols.

At the beginning I have to install ssl extension for httpd server.

#yum install mod_ssl

After restarting httpd you can point your browser (if there is no firawall) to https://localhost/. The same as previous site should appear. The browser will ask you to accept site certificate. If you will check this certificate you will notice that there are fields like 'SomeOrganisation'. We don't want them.

To create your own self-signed ssl certificate use this page. It describes very well how to do it. I changed directory when a put needed files to /etc/httpd/conf/.

OK. Now I have server.crt and server.key files and I can create my https virtual domain. But at first edit /etc/httpd/conf.d/ssl.conf file and remove part begginig with to the end of file. Now edit /etc/httpd/conf/httpd.conf file and add three lines to the end of file:

NameVirtualHost *:80
NameVirtualHost *:443
Include sites/*.site

Last line means that, in this moment, apache will include files from /etc/httpd/sites which ends with '.site'. But there is no such a directory. Create it! It is god practise to have each virtual domain configured in separate file. You will not get lost after couple of reconfigurations. Here I paste those four configuration files. Change them in your own way.

# cat example1.com.site
<VirtualHost *:80>
DocumentRoot /var/www/example1.com
ServerName http://example1.com
ErrorLog logs/example1.com.error.log
TransferLog logs/example1.com.transfer.log
CustomLog logs/example1.com.access.log common
<Directory /var/www/example1.com/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>

# cat example1.com.https.site
<VirtualHost *:443>
DocumentRoot /var/www/example1.com.https
ServerName https://example1.com
ErrorLog logs/example1.com.https.error.log
TransferLog logs/example1.com.https.transfer.log
CustomLog logs/example1.com.https.access.log common
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/server.crt
SSLCertificateKeyFile /etc/httpd/conf/server.key
<Directory /var/www/example1.com.https/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
</VirtualHost>

and two others just with example2.com instead of example1.com. As you can see those files points apache server to directories /var/www/example*. You have to create them and put there simple files to check if every domain and protocol displays diferent thing. To do so, insert different text between tags in those files.

Now you can fill your sites. Sever should be now able to handle http/https requests.

I hope I didn't miss any part of configuration because I've done those steps last month but I didn't have enough time to put them to this blog.

CentOS 5.0 - Home Server Tutorial - part 1

There is a moment in life of every human when he starts to feel lack of remote shell, own apache or something else. One can say, that since human descend the tree, he've been looking for way to send files between computers. I'm couple years after this moment.

Last week my old server machine completely broke down, so I bought new one and I'm now installing systems on it. It's good opportunity to create series of posts about setting up own home server machine.

If you are savvy administrator do not expect anything new, but if you are experienced desktop linux user or intermediate level admin you can find something interesting. In this series I won't compile any programs (except absolutely necessary), because I like easily configurable systems. I don't like to investigate after 2 years "what actually I've done here those 2 years ago".

Ok, after this too long introduction I can start. Let's start with diagram of situation. As you can see it's common arrangement of LAN. I have access to internet and one static IP address bounded with my ethernet card MAC address. My internet provider allows me to connect more than one device to internet but in that situation I'd have slow connection between my computers.

I can create my own LAN! To do so, I'll need server with two ethernet cards and switch. Cables are of course also required. When I have this equipment I can start. Firstly I install system on the server machine. According to title of this post, this time it will be CentOS 5.0. I won't now describe whole installation process because majority of you done this already or can do it without any help. If you really need guide I recommend this :P (but better try google). If you just installed or you will start installation in the minute I advise you to consider creation of RAID with LVM. I described it in one of my previous posts.

CentOS already installed.
Ok. Everything connected, server machine installed and no internet just behind server :(. What we want? I want just to connect laptop to switch and have internet. No configuration. To have it I'll need DHCP and masquerade on server machine.

Steps:

1. My eth1 (LAN side) does not have IP address. There is no source of dynamically attached IP address on this side. We will attach static IP address to eth1 card. Edit file /etc/sysconfig/network-scripts/ifcfg-eth1 and put there lines like this:

DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:1a:4d:3c:42:e2
BROADCAST=192.168.33.255
IPADDR=192.168.33.1
IPV6ADDR=
IPV6PREFIX=
NETMASK=255.255.255.0
NETWORK=192.168.33.0

Of course leave your HWADDR line and change subnet address to one you like. Now type:

#/etc/init.d/network restart

and

#ifconfig eth1

You will see that device has its IP address setted.

2. Still no internet on LAN side. Yes, I have IP address of server card but machines inside LAN should obtain IP addresses too. Firs install DHCP daemon. Try:

#yum install dhcp

When dhcp is installed edit file /etc/dhcpd.conf and insert there something like:

ddns-update-style interim;
ignore client-updates;
subnet 192.168.33.0 netmask 255.255.255.0 {
# --- default gateway
option routers 192.168.33.1;
option subnet-mask 255.255.255.0;
option domain-name "example.com";
#your default DNS servers
option domain-name-servers 11.22.33.44, 22.33.44.55;
range dynamic-bootp 192.168.33.50 192.168.33.100;
default-lease-time 21600;
max-lease-time 43200;
}

(Remember about brackets and semicolons.) Now type:

#/etc/init.d/dhcpd start

Should start without error. After this step if you reboot computer inside LAN it should obtain IP address dynamically. But still no internet :/

3. Last step (yes, last :)) is creation of iptables masquerade mechanism. I should now explain rules of iptables but I won't. Maybe i'll post about it later - it is huge topic. Generally, iptables is great tool for operating on packets. It can be perfect firewall, advanced router, traffic shaper, etc.

I assume that you have iptables firewall already created (you can do it in installation process) or you know how to do it.

Masquerade mechanism is couple of instructions for server how to translate internal IP addresses for outcoming/incoming packets. To create such instructions create script in (for example) /etc/masq.conf and put there:

#!/bin/sh
iptables -t nat -A POSTROUTING -s 192.168.33.0/24 -j MASQUERADE
iptables -A FORWARD -s 192.168.33.0/24 -j ACCEPT

Make the file executable. Now add to file /etc/rc.local line:

/etc/masq.conf

Try to reboot server machine and then connect some computer to local network. It should have connection with internet.

Well done. Now I have software router. I don't know what i'll put in next post but probably something about apache installation and configuration.

OnBoard Ethernet Gigabyte 8i945GCMX-S2 in CentOS5

Situation:

- CeontOS5.0 with Xen installed on machine with Gigabyte 8i945GCMX-S2
- No ethernet card discovered

Resolution:

try:

#lspci

for this device there should be:

01:05.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8169SC Gigabit Ethernet (rev 10)

if so, then download linux 2.6 driver from here and untar it. Next steps are described in its readme file but i'll put short in here.

on CentOS5.0 with Xen type (as root):

#yum install kernel-xen-devel

(If your kernel is without xen it will be #yum install kernel-devel).
Now change directory to this unpacked driver previously downloaded and type:

# make clean modules
# make install
# depmod -a
# insmod ./src/r8169.ko

Now it should work. Try dmesg. It should show something like:

r8169 Gigabit Ethernet driver 6.003.00-NAPI loaded
ACPI: PCI Interrupt 0000:01:05.0[A] -> GSI 21 (level, low) -> IRQ 20
eth1: RTL8169SC/8110SC at 0xee62e000, 00:1a:4d:3c:42:e2, IRQ 20

You can also try ifconfig -a. There should be eth0 (or ethN where N is number)

Ubuntu hard disk drive longevity

Last time I received info from my friend about problem with ubuntu acpi module on laptops. It seems, that while working on battery/powersave mode, hard disks of some manufacturers tried to park even two times per minute. It causes sometimes over two thousand parks a day. Problem is that manufacturers tells that disks works properly up to 400.000 parks. So if you have 200.000 you can start get worry, if over 500.000 you should be scared already. Better switch off your laptop now! ;)

How to check?
You should have installed smartmontools package. If you don't have try:

# apt-get install smartmontools

as root-user.

now you can type command:

# smartctl -a $DEVICE | grep Load_Cycle_Count

where $DEVICE is your disk device (ie.: /dev/sda)

Last number is our interesting. Now you know what to do.

If you want to introduce less strict power policy, here is workaround:

- create file named 99-something.sh (ie.: 99-diskpolicy.sh)
- insert there:

#!/bin/sh
hdparm -B 254 $DEVICE

(remember about $DEVICE)

- change mode of this file to 755 and owner to root (if not done already)
- copy file to directories: /etc/acpi/resume.d/ and /etc/acpi/start.d/

After next reboot proper policy will be applied.

More info is here

How to create partitions based on RAID

Nowadays, when I create new server class machine it has allways kind of mirroring. There are sometimes questions how to properly create RAID partitions, what is practice? Here is easy scheme:

We want install two disks 250GB both. They will be mirrored with RAID1. Additionally we want to have LVM on my main RAID partition.

Firstly we have to remember that /boot partition can't be located on LVM. Why? Bootloader can't use LVM. It has to start initrd and then it can start LVM partitions.

So, we create two partitions, same on each disk and bind then into two RAID1 partitions. First, small one, is for /boot while the second is for LVM. On LVM partition we can put partitions anyhow because there is possibility to change size of them in the future. It is not recommended to change size of /root partition (especially reduce) but it is not impossible. We have to remember about swap partition and that is all.

Here are outputs of few commands:

# cat /proc/mdstat
Personalities : [raid1]
md0 : active raid1 sdb1[1] sda1[0]
104320 blocks [2/2] [UU]

md1 : active raid1 sdb2[1] sda2[0]
244091520 blocks [2/2] [UU]

unused devices:

# df -h
System plików rozm. użyte dost. %uż. zamont. na
/dev/mapper/wew-root 7,6G 2,5G 4,8G 35% /
/dev/md0 99M 16M 78M 17% /boot
tmpfs 506M 0 506M 0% /dev/shm
/dev/mapper/wew-home 9,5G 154M 8,9G 2% /home
/dev/mapper/wew-var 19G 536M 18G 3% /var

# cat /proc/swaps
Filename Type Size Used Priority
/dev/mapper/wew-swap partition 2031608 0 -1

# lvdisplay
/dev/hdc: open failed: Brak medium
--- Logical volume ---
LV Name /dev/wew/root
VG Name wew
LV UUID MHnbOQ-cn2n-Vc0y-xPJA-naUS-KXx5-ZgJYMt
LV Write Access read/write
LV Status available
# open 1
LV Size 7,81 GB
Current LE 250
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:0

--- Logical volume ---
LV Name /dev/wew/home
VG Name wew
LV UUID gPZHmg-3R7e-Aveg-1fAv-olOV-Du15-zjIvfp
LV Write Access read/write
LV Status available
# open 1
LV Size 9,75 GB
Current LE 312
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:1

--- Logical volume ---
LV Name /dev/wew/var
VG Name wew
LV UUID HbT3ha-MiRz-y902-xkyb-3Ehj-n3zg-RHvAB6
LV Write Access read/write
LV Status available
# open 1
LV Size 19,53 GB
Current LE 625
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:2

--- Logical volume ---
LV Name /dev/wew/swap
VG Name wew
LV UUID 3cLfN5-GzEX-Wrjq-IHvc-Vzx3-lkfB-smhC4n
LV Write Access read/write
LV Status available
# open 1
LV Size 1,94 GB
Current LE 62
Segments 1
Allocation inherit
Read ahead sectors 0
Block device 253:3

As you can see I'm not using whole disk space. I don't know now what will be bigger in the future, /home or /var, but i'll be able to expand them freely.

Wifi for Acer Aspire 3023 WLMi for Ubuntu 7.10

Problem: Wifi for Acer Aspire 3023 WLMi for Ubuntu 7.10 does not work

Resolution: (not trivial)

This is common issue (broadcom wireless) but with little addition. Acer Aspire 3023 WLMi has Broadcom Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller is described here as 'usually not working'. I don't know in what other notebooks it is mounted but I found resolution for Acer Aspire 3023 WLMi. Problem is in those special buttons - precisely in WiFi button. Adding broadcom firmware does not cause wifi working.

Ok, here is resolution:

Part 1 - install Broadcom wireless bcm4318
Start with this page.
In shortcut:
- obtain windows driver for wireless from here
- unzip it
- install bcm43xx-fwcutter
- use this bcm43xx-fwcutter on downloaded driver

# bcm43xx-fwcutter -w /lib/firmware ./bcmwl5.sys
# bcm43xx-fwcutter -w /lib/firmware/`uname -r` ./bcmwl5.sys

With other broadcom controller now you should have wifi

Part 2 - enable wifi button
There is module written for this purpose - acerhk
In shortcut:
- download this or this and untar
- enter directory
- edit file acerhk.c and change first uncommented line

#include <linux/config.h>

to

#include <linux/autoconf.h>

- # make && make install
- edit file /etc/modules and add following lines:

acerhk poll=1 autowlan=1
bcm43xx

After rebooting notebook it should work. Now you have gleaming wireless button (and mail client button flashing :) - don't ask, I don't know why).

Entry

This is my first blog. It's gonna be tech blog and kind of reminder. I'll insert here interesting things, achievements and so on. In fact this post is just for testing purposes but there is something I want to add.



Let it be manifesto of this techblog.