Thursday, 20 December 2018

How to redirect tomcat from apache with workers properties

Step 1

In this we are going to see the redirection tomcat from apache. For this we need to do the following steps.

First create workers.properties file and add the below mentioned details.

touch workers.properties

vi workers.properties

add

worker.list=tst

worker.tst.type=ajp13
worker.tst.port=8009
worker.tst.host=tomcat ip or hostname

Step 2

Add the workers.propertis details in apache config file.

vi /usr/local/apache2.x/conf/httpd.conf

JkExtractSSL On
JkHTTPSIndicator HTTPS
JkSESSIONIndicator SSL_SESSION_ID
JkCIPHERIndicator SSL_CIPHER
JkCERTSIndicator SSL_CLIENT_CERT
JkWorkersFile  "/usr/local/apache2.x/conf/workers.properties"
JkLogFile               "/usr/local/apache2/logs/mod_jk.log"
JkShmFile               "/usr/local/apache2/logs/jkshmi.log"
JkLogLevel              error


Now save and close it

Step 3

Now we need to add the few more details in http-ssl.conf

vi /usr/local/apache2.x/conf/extra/http-ssl.conf

add the below details before </VirtualHost>

JKMount /example tst
JKMount /example/* tst
JKMount /* tst

example --> is that you have the context name of tomcat web like http://192.168.1.2:8080/example

That's all ...

Tuesday, 20 November 2018

SFTP connection for single user to single directory

How to restict a user to use another directory?

Step 1

Create a directory with following command

mkdir /sftp-test

mkdir /sftp-test/sftp

then create a user and group 

groupadd usersftp

useradd -g usersftp-d /sftp-test -s /sbin/nologin sftpuser

Step 2

Edit the sshd_config file to allow the user to access perticular directory.

vi /etc/ssh/sshd_config

add the following lines and # the following

 Subsystem      sftp    /usr/libexec/openssh/sftp-server
#Subsystem      sftp    /usr/libexec/openssh/sftp-server

add the following 

Subsystem sftp internal-sftp

Match Group exchange
        ChrootDirectory %h
        ForceCommand internal-sftp
        AllowTcpForwarding no
        X11Forwarding no 


Step 3

Now we need to set the permissionas follows

chown root:root /sftp-test

chown sftpuser:root  /sftp-test/sftp

now restart the sshd and check it will work 100%

service sshd restart



 

Thursday, 4 October 2018

problem making ssl connection

For this issue you need to install below packages

yum -y install ca-certificates openssl nss

This issue cause only if your using centos 6 

Thanks

Thursday, 6 September 2018

BackupPC success mail triggering

Step 1

Go to Edit Config->Backup Setting and add the following lines into the DumpPostUserCmd

/opt/BackupPC/email_sample.sh $xferOK $host $type $client $hostIP $share $XferMethod $sshPath $cmdType

Before that we have to create email_sample.sh in that particular locations.

step 2

add the following scipt in email_sample.sh file and create  a txt file in /tmpas emailmessage.txt

#!/bin/bash
# script to send simple email
# Email To ?
EMAIL="your mail address"
# Email text/message
EMAILMESSAGE="/tmp/emailmessage.txt"

# Grab the status variables
xferOK=$1
host=$2
type=$3
client=$4
#hostIP=$5
share=$6
XferMethod=$7
#TopDir=$8
#cmdType=$9

#Extract the info file
#LOG_FILE="/u01/BackupPC/pc/$host//backupInfo"
 

LOG_FILE=`ls -t /u01/BackupPC/pc/$host/*/backupInfo | /usr/bin/head -1`
 

# Check if backup succeeded or not.
if [[ $xferOK == 1 ]]; then
        STATUS="SUCCESS"
else
        STATUS="FAILED"
fi

# email subject
SUBJECT="[BackupPC] $STATUS for host: $client"

# Email text/message
echo "Filesystem backup for $host $STATUS" > $EMAILMESSAGE
echo "" >>$EMAILMESSAGE
echo "Type: $type" >>$EMAILMESSAGE
#echo "Client: $client" >>$EMAILMESSAGE
echo "Host: $host" >>$EMAILMESSAGE
#echo "Host IP: $hostIP" >>$EMAILMESSAGE
echo "Share: $share" >>$EMAILMESSAGE
echo "XferMethod: $XferMethod" >>$EMAILMESSAGE
#echo "BackupPath: $TopDir" >>$EMAILMESSAGE
#echo "cmdType: $cmdType" >>$EMAILMESSAGE
echo "BackupDetails: $LOG_FILE" >>$EMAILMESSAGE
cat $LOG_FILE >>$EMAILMESSAGE
# send an email using /bin/mail
/bin/mail -s "$SUBJECT" "$EMAIL" < $EMAILMESSAGE

 

I have # some details if you required that you can enable it. 

Then change the owner to backuppcuser and provide execute permission

chown backuppc:backuppc email_sample.sh

chmod +x email_sample.sh

Now you will receive success and failure message whenever the backup start. 

Monday, 3 September 2018

BackupPC installation and configuration in rhel 6 and rhel 7

Step 1

Install latest epelreository  

For RHEL 6

rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm

For RHEL 7

rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/e/epel-release-7-11.noarch.rpm


Install the required dependencies that mentioned below.

yum -y install perl-Compress-Zlib perl-Archive-Zip perl-File-RsyncP perl-suidperl openssh-clients expect perl-XML-RSS httpd

Step 2

For RHEL 6

Create a user for backuppc

useradd backuppc
passwd backuppc

Now install backuppc with below command

yum install BackupPC -y

Now set the password for BackupPC web portal 

htpasswd -c /etc/BackupPC/apache.users backuppc

it will promt for password.

make some changes in /etc/httpd/conf.d/BackupPC.conf

It looks like below

AuthType Basic
AuthUserFile /etc/BackupPC/apache.users
AuthName "backuppc"

<IfModule mod_authz_core.c>
  # Apache 2.4
  <RequireAll>
    Require valid-user
    <RequireAny>
      Require local
    </RequireAny>
  </RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
  # Apache 2.2
  order deny,allow
  deny from all
  #allow from 127.0.0.1
  #allow from ::1
  allow from all
#  require valid-user
</IfModule>


Now make a copy the config file for backup

cp /etc/BackupPC/config.pl /etc/BackupPC/config.pl_bkp

now edit the config file

vi /etc/BackupPC/config.pl

Make a changes in the following lines

$Conf{ServerInitdPath} = '/etc/init.d/backuppc';
$Conf{ServerInitdStartCmd} = '$sshPath -p 222 -i /u01/BackupPC/ssh-BKPPC-key -q -x -l root $serverHost$serverInitdPath start';

$Conf{CgiAdminUsers} = 'backuppc'; 

also cross check the following

$Conf{ServerHost} = 'localhost';
$Conf{BackupPCUser} = 'backuppc';
$Conf{TopDir} = '/var/lib/BackupPC/';
$Conf{ConfDir} = '/etc/BackupPC/';
$Conf{LogDir} = '/var/log/BackupPC';
$Conf{InstallDir} = '/usr/share/BackupPC';
$Conf{CgiDir} = '/usr/share/BackupPC/sbin/';


For RHEL 7

yum install backuppc nfs-utils bzip2 -y

start the backuppc servives with below command

systemctl start backuppc.service

set the permission as below

cd /usr/share/BackupPC

chown backuppc:backuppc sbin/*

cd sbin/

chmod u+s BackupPC_Admin

usermod -s /bin/bash backuppc

Now edit the config file and made a changes like below

vi /etc/BackupPC/config.pl

$Conf{CgiAdminUsers} = ”;
to

$Conf{CgiAdminUsers} = ‘backuppc’;


and change another content like below

$Conf{PingPath} = ";

to

$Conf{PingPath} = ‘/bin/ping’; 

Now edit the apache configuration like below

vi /etc/httpd/conf.d/BackupPC.conf

<IfModule mod_authz_core.c>
  # Apache 2.4
  <RequireAll>
    Require valid-user
    <RequireAny>
      Require valid-user
    </RequireAny>
  </RequireAll>
</IfModule>
<IfModule !mod_authz_core.c>
  # Apache 2.2
  AllowOverride All
  order deny,allow
  deny from all
  #allow from 127.0.0.1
  #allow from ::1
  #require valid-user
  allow from all
</IfModule>


Create username and password for backuppc GUI with below command

htpasswd -c /etc/BackupPC/apache.users backuppc

Step 3



Grant passwordless sudo access for backuppc user

visudo

add the below line in last

Defaults !lecture
backuppc ALL=NOPASSWD:/bin/gtar,/bin/tar


and # the following line

Defaults requiretty

to 

#Defaults requiretty

Now start the httpd and backuppc

service httpd start

service backuppc start

now makes it enable

chkconfig httpd on

chkconfig backuppc on


Now access the backuppc in url

http://ipaddress/backuppc



Follow the link for ssh passwordless authentication with key file

http://raindocs.blogspot.com/2018/08/ssh-passwordless-authentication-with.html

and change the RsyncClientCmd and RsyncClientRestoreCmd like below

RsyncClientCmd:


$sshPath -p 222 -i /path/of/ssh-BKPPC-key -q -x -l root $host $rsyncPath $argList+

RsyncClientRestoreCmd:

$sshPath -p 222 -i /path/of/ssh-BKPPC-key -q -x -l root $host $rsyncPath $argList+ 

 Now add the client to the backuppc server and start taking backup.

Permanent hostname setup for RHEL7

Step 1 Set the host name on NMTUI tool like following nmtui set host name   then save and exit Step 2 add the following l...