2009
2008
Créer un certificat SSL multi-domaines — Lone-Wolf Scripts
by camelSi vous administrez un serveur web avec de multiple domaines virtuels, vous avez sans doute été confronté à la problématique de la création de certificat SSL valide pour plusieurs domaines. Ce guide n'a pas pour but de vous expliquer la théorie des certificats SSL, mais de vous aider à créer des certificats valides pour plusieurs domaines. Il a été écrit pour fonctionner sur Debian 4.0 Etch.
Installer un serveur Subversion et USVN (UserFriendly SVN) sur Debian 4.0 Etch — Lone-Wolf Scripts
by camelSubversion (SVN de son petit nom) est un outil de gestion de version concurrentes (et un concurrent à CVS... comprenne qui pourra ;D). Il permet d'historiser les différentes évolutions du code source d'un logiciel, ainsi que de gérer les éventuels conflits entre les modifications effectuées par plusieurs développeurs. Tout seul ou en équipe, un tel outil devient vite indispensable pour gérer les sources. USVN quand à lui est une interface Web d'administration de Subversion. Elle autorise l'administration des utilisateurs, groupes, et projets de votre dépôt sans avoir à utiliser un outil d'administration en ligne de commande. Ce guide vous aide à effectuer une installation complète de Subversion et USVN sur Debian 4.0 Etch
Avant de vous lancer dans l'installation
Ce guide est beaucoup moins générique que mes guides habituels. Avant de le suivre, vous devez définir 2 nom de domaines:
* usvn.domaine.com (par exemple: usvn.landure.fr) : Le nom de domaine utilisé pour accéder à UserFriendly SVN.
* svn.domaine.com (par exemple: svn.landure.fr) : Le nom de domaine utilisé pour accéder à votre dépôt subversion.
Ceci est du au fait que ce guide n'installe pas USVN de la façon la plus simple. En effet, je trouve qu'il y a plusieurs failles dans l'installation de base de USVN, et j'essaye de les éviter dans ce guide.
DLFP: Groupware OBM et Webmail MiniG, paquets Debian
by camel (via)Il y a quelques temps déjà, un nouveau site web pour OBM (www.obm.org) a été mis en ligne, afin de présenter ce logiciel qui permet à ses utilisateurs de stocker, organiser et partager rendez-vous, contacts, courriels, liens, documents et des modules complémentaires de type gestion de projet/planning. Ce fut pour nous une volonté de faire partager ce projet pour lequel la communication n'était pas à son maximum. Depuis nous l'enrichissons afin de partager nos connaissances et de faire de ce Groupware une véritable alternative aux solutions propriétaires.
L'un des avantages d'OBM est l'utilisation d'autres logiciels libres pour assurer les différents services d'un goupware (Cyrus, Apache, Postfix...). Cependant, pour les non-initiés, cet avantage se transforme souvent en plusieurs semaines de galère pour réussir à installer un OBM complet. OBM nécessite une certaine expertise dans beaucoup de services associés à OBM (Cyrus, Postfix, MySQL ou PostgreSQL, Java/Tomcat...).
Il y a plus de 6 mois, nous avons travaillé avec des développeurs Ubuntu (et nous continuons toujours) pour publier dans Ubuntu Hardy (et maintenant Intrepid) une version packagée d'OBM. Nous nous sommes vite rendu compte qu'inclure un tel logiciel dans une distribution est pour l'instant infaisable. Pouvoir remplacer un fichier de configuration d'un service par celui dont a besoin OBM, n'est pas simplement faisable, voire impossible pour certains services. C'est pour cela que dans Ubuntu il n'y a que la partie "web" qui est pour l'instant intégrée. Nous avons quand même développé tous les autres paquets des services qui gravitent autour d'OBM. Nous espérons intégrer au fur et à mesure tous les paquets d'OBM, quand cela sera possible.
Nous sommes donc heureux de vous annoncer la mise en place d'un dépôt Debian (Etch) pour une installation complète et vraiment complète d'OBM. La version disponible est la dernière version stable, la 2.1.11. Il faut souligner que ces paquets sont conçus pour un serveur dédié à OBM. Nous espérerons que grâce à ces paquets vous serez nombreux à installer et utiliser OBM :
deb http://deb.obm.org etch obm
À vos claviers ! Il est temps d'installer un OBM, en quelques minutes ! Voir ci-dessous pour faire vos retours et tester aussi MiniG, une version alpha d'un nouveau webmail.
Preventing MySQL Injection Attacks With GreenSQL On Debian Etch | HowtoForge - Linux Howtos and Tutorials
by camel & 1 otherGreenSQL (or greensql-fw) is a firewall for MySQL databases that filters SQL injection attacks. It works as a reverse proxy, i.e., it takes the SQL queries, checks them, passes them on to the MySQL database and delivers back the result from the MySQL database. It comes with a web interface (called greensql-console) so that you can manage GreenSQL through a web browser. This guide shows how you can install GreenSQL and its web interface on a Debian Etch server.
Running Vhosts Under Separate UIDs/GIDs With Apache2 mpm-peruser On Debian Etch | HowtoForge - Linux Howtos and Tutorials
by camel & 1 other (via)This article explains how you can install and configure apache2-mpm-peruser on a Debian Etch server. apache2-mpm-peruser is an MPM (Multi-Processing Module) for the Apache 2 web server, very similar to apache2-mpm-itk, but faster (almost as fast as apache2-mpm-prefork). mpm-peruser allows you to run each of your vhosts under a separate UID and GID - in short, the scripts and configuration files for one vhost no longer have to be readable for all the other vhosts. It is based on metuxmpm, a working implementation of the perchild MPM. The result is a sane and secure web server environment for your users, without kludges like PHP's safe_mode.
Installing ModSecurity2 On Debian Etch | HowtoForge - Linux Howtos and Tutorials
by camel & 2 othersThis article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
How To Set Up A Debian Linux WebCam Server Using a USB Web Cam
by camel & 1 otherFirst and foremost, be prepared to have some patience when trying to get a USB cam to work under Linux. In trying to get mine to work, I searched many a newsgroup thread only to find there was only one message in the thread, the original question stating the problem. i.e. no one had an answer for the person who posted the question so you may be on your own trying to get your cam to work. Often times the same camera model will use different drivers for different sub-models (ex: not all QuickCam Express sub-models use the same driver). However, my trials and tribulations were a good learning experience and I'll share what I learned here to hopefully make your setup easier.
Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Heartbeat On Debian Etch | HowtoForge - Linux Howtos and Tutorials
by camel & 1 otherThis article explains how to set up a two-node load balancer in an active/passive configuration with HAProxy and heartbeat on Debian Etch. The load balancer sits between the user and two (or more) backend Apache web servers that hold the same content. Not only does the load balancer distribute the requests to the two backend Apache servers, it also checks the health of the backend servers. If one of them is down, all requests will automatically be redirected to the remaining backend server. In addition to that, the two load balancer nodes monitor each other using heartbeat, and if the master fails, the slave becomes the master, which means the users will not notice any disruption of the service. HAProxy is session-aware, which means you can use it with any web application that makes use of sessions (such as forums, shopping carts, etc.).
From the HAProxy web site: "HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for web sites crawling under very high loads while needing persistence or Layer7 processing. Supporting tens of thousands of connections is clearly realistic with todays hardware. Its mode of operation makes its integration into existing architectures very easy and riskless, while still offering the possibility not to expose fragile web servers to the Net."
Installing Lighttpd With PHP5 And MySQL Support On Debian Etch | HowtoForge - Linux Howtos and Tutorials
by camel & 1 otherLighttpd is a secure, fast, standards-compliant web server designed for speed-critical environments. This tutorial shows how you can install Lighttpd on a Debian Etch server with PHP5 support (through FastCGI) and MySQL support.
utiliser apt-cacher pour les mises à jour de vos machines Debian - ka.da
by camelQue ce soit à la maison ou au travail, quand on commence à avoir beaucoup de machines Debian, se pose le problème de leurs mises à jour et surtout de la bande passante utilisée pour celles-ci.
Au niveau Debian, plusieurs solutions existent, comme utiliser un proxy web classique (Squid par exemple), partager le répertoire contenant les fichiers téléchargés (ce qui peut être un peu risqué), répliquer complètement l'arborescence Debian (mais ça demande à télécharger des paquets dont probablement on ne se servira jamais) ou bien encore utiliser un outil dédié à ce problème.
Plusieurs existent : apt-proxy, approx, apt-cacher.
Il semble que de ces différentes solutions aucune ne ressorte vraiment, et que des problèmes existent sur chacune d'elle. En tout cas, ici, je vais vous présenter apt-cacher.
2007
HA Xen Cluster with DRBD, LVM and heartbeat
by camelWe have implemented a 2-node HA Xen cluster, which consists of two physical machines (hosts,) and runs several virtual servers (guests) each, for our company's internal services (mail, web applications, development, etc.)
When one host gets down unexpectedly, the other host physically kills it (STONITH - power down or reset) and then takes over all the guests the failed host was running.
When we want to shutdown a host machine for maintenance (to replace a fan, add disk or memory, etc.), we just type the usual shutdown command, and the guests are automatically live-migrated to the other host. Since the guest servers keep running throughout the migration process, except for the less than a second pause, users would never even notice the event.
Setting Up A High-Availability Load Balancer (With Failover and Session Support) With Pound/Keepalived On Debian Etch | HowtoForge - Linux Howtos and Tutorials
by camelThis article explains how to set up a two-node load balancer in an active/passive configuration with Pound and keepalived on Debian Etch. The load balancer sits between the user and two (or more) backend Apache web servers that hold the same content. Not only does the load balancer distribute the requests to the two backend Apache servers, it also checks the health of the backend servers. If one of them is down, all requests will automatically be redirected to the remaining backend server. In addition to that, the two load balancer nodes monitor each other using keepalived, and if the master fails, the slave becomes the master, which means the users will not notice any disruption of the service. Pound is session-aware, which means you can use it with any web application that makes use of sessions (such as forums, shopping carts, etc.).
Running eBox on debian sarge
by lecyborg & 2 othersThis article shows how to run a file-, print-, HTTP proxy- DHCP-, and time server for small and medium enterprises (SME) on one single Debian Sarge system. It is very easy to set up, and management is done with an easy-to-use web interface called eBox so once the system is set up, you can forget about the command line. eBox was developed to administrate advanced services for corporate networks, and it was created for Debian Sarge.
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
Setting Up A High-Availability Load Balancer (With Failover and Session Support) With HAProxy/Keepalived On Debian Etch | HowtoForge - Linux Howtos and Tutorials
by camelThis article explains how to set up a two-node load balancer in an active/passive configuration with HAProxy and keepalived on Debian Etch. The load balancer sits between the user and two (or more) backend Apache web servers that hold the same content. Not only does the load balancer distribute the requests to the two backend Apache servers, it also checks the health of the backend servers. If one of them is down, all requests will automatically be redirected to the remaining backend server. In addition to that, the two load balancer nodes monitor each other using keepalived, and if the master fails, the slave becomes the master, which means the users will not notice any disruption of the service. HAProxy is session-aware, which means you can use it with any web application that makes use of sessions (such as forums, shopping carts, etc.).
Enhanced Logging With rsyslog On Debian Etch And phpLogcon For Viewing | HowtoForge - Linux Howtos and Tutorials
by camelRsyslog is an enhanced multi-threaded syslogd supporting, among others, MySQL, syslog/tcp, RFC 3195, permitted sender lists, filtering on any message part, and fine grain output format control. It is quite compatible to stock sysklogd and can be used as a drop-in replacement. Its advanced features make it suitable for enterprise-class, encryption protected syslog relay chains while at the same time being very easy to setup for the novice user. An optional web interface - phpLogCon - can be used to visualize all data online."
Monitoring Network Latency With Smokeping (Debian Etch) | HowtoForge - Linux Howtos and Tutorials
by camelThis guide shows how to install and configure Smokeping on Debian Etch to monitor network latency. From the Smokeping web site: "SmokePing is a deluxe latency measurement tool. It can measure, store and display latency, latency distribution and packet loss. SmokePing uses RRDtool to maintain a longterm data-store and to draw pretty graphs, giving up to the minute information on the state of each network connection."
The Perfect Setup - Debian Etch (Debian 4.0) | HowtoForge - Linux Howtos and Tutorials
by camelThis tutorial shows how to set up a Debian Etch (Debian 4.0) based server that offers all services needed by ISPs and hosters: Apache web server (SSL-capable), Postfix mail server with SMTP-AUTH and TLS, BIND DNS server, Proftpd FTP server, MySQL server, Courier POP3/IMAP, Quota, Firewall, etc. This tutorial is written for the 32-bit version of Debian Etch, but should apply to the 64-bit version with very little modifications as well.
2006
Postfix Mail Server Web interface,Frontend or GUI Tools -- Debian Admin
by camel
is an attempt to provide an alternative to the widely-used Sendmail program. Postfix attempts to be fast, easy to administer, and hopefully secure, while at the same time being sendmail compatible enough to not upset your users.
Postfix Admin
Postfix Admin is a Web-based management tool for Postfix. It handles Postfix-style virtual domains and users that are stored in MySQL. It has support for over 20 languages. It was initially released in December of 2002.
Running A File-, Print-, Proxy-, DHCP-, AND Time-Server For Small/Medium Enterprises | HowtoForge - Linux Howtos and Tutorials
by camel
This article shows how to run a file-, print-, HTTP proxy- DHCP-, and time server for small and medium enterprises (SME) on one single Debian Sarge system. It is very easy to set up, and management is done with an easy-to-use web interface called eBox so once the system is set up, you can forget about the command line. eBox was developed to administrate advanced services for corporate networks, and it was created for Debian Sarge.