Tuesday, January 15, 2013

Apache with SSL, Subversion over HTTP / HTTPs, and Trac

IT will guide you through installation of Apache, HTTPS, Subversion and Trac, in order to have an (almost) complete development environment for your team.
It is divided in following steps
1. Installing Subversion
2. Installing Apache
3. Configuring Apache with SSL
4. Configuring Subversion with Apache (and SSL)
5. Installing Trac
Steps are voluntary isolated, and will require more operations than, for instance, issuing an "apt-get install trac" that will download and install all the packages in one step; but this will
Hopefully allow the readers to choose picking one section and forget about unneeded components.
I'll not explain what Subversion is, or what SSL is, etc. Ask google, for this info: I just say that for your software project you may need a server with those tools ready for your team.
Requirements
You need Ubuntu 9.04, in my case I used the "server edition" 64bit, while installing I used the minimal server mode pressing F4 to have a system as lighter as possible. But possibly
this tutorial should be valid for Debian and previous Ubuntu version; but I have not verified that: if you do, post a comment to report your experience.
Preparation
After installing your server you have to ensure that apt system is up to date with available software on the repositories. Type the following command:
$ sudo apt-get update
Upgrading installed packages may be a good idea to do now:
$ sudo apt-get upgrade
Answer yes if asked to download and install the upgrades.
1. Installing Subversion
From the command line type the command:
$ sudo apt-get install subversion
If everything went fine you should able to verify the Subversion version installed with following command:
$ svn --version
svn, version 1.5.4 (r33841)
compiled Aug 7 2009, 02:02:06
Copyright (C) 2000-2008 CollabNet.
Subversion is open source software, see http://subversion.tigris.org/
This product includes software developed by CollabNet (http://www.Collab.Net/).
The following repository access (RA) modules are available:
* ra_neon : Module for accessing a repository via WebDAV protocol using Neon.
- handles 'http' scheme
- handles 'https' scheme
* ra_svn : Module for accessing a repository using the svn network protocol.
- with Cyrus SASL authentication
- handles 'svn' scheme
* ra_local : Module for accessing a repository on local disk.
- handles 'file' scheme
en.newinstance.it/2009/08/27/tutorial-ubuntu-904-apache-with-ssl-subversion-over-http-https-and-trac/ 2/13
For now, let's stop here: how to create the Subversion repository, configure the users etc. something on how to deal with svnserver, svnadmin, and user access control, in another article.
Later we will see how to create a repository, configure it with apache and HTTP basic authentication.
2. Installing Apache
To install apache 2 type the command:
$ sudo apt-get install apache2
When finished you should be able to connect with the browser at http://localhost and see the message "It works!". Or you may verify that at the command line installing and using curl:
$ sudo apt-get install curl
$ curl http://localhost
<html><body><h1>It works!</h1></body></html>
3. Configuring Apache with SSL
Now we want to configure apache to run HTTPs.
Following command will enable ssl Apache2 module with a2enmod (cryptic name for "Apache2 enable module":
$ sudo a2enmod ssl
The previous command will suggest you to restart apache to let it to reload the configuration; ignore that message for now.
We need to enable the HTTPS port (443). Edit /etc/apache2/ports.conf and ensure that port 443 is defined as follows:
$ sudo vi /etc/apache2/ports.conf
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz



NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
# SSL name based virtual hosts are not yet supported, therefore no
# NameVirtualHost statement here

NameVirtualHost *:443
Listen 443
</IfModule>
I added the clause NameVirtualHost *:443 in the for SSL; this is not strictly necessary but it will be useful later if you want to have a VirtualHost for trac and other development
Services.
Now we need to configure the SSL site. Fortunately we have already the configuration file for that, we just need to enable it with a2ensite (cryptic name for "apache2 enable site")
$ sudo a2ensite default-ssl
Again, the above command will suggest to reload apache configuration to activate the changes. This time the suggestion is almost right. As we made several changes I prefer to restart
apache with following command:
$ sudo /etc/init.d/apache2 restart
* Restarting web server apache2 apache2: Could not ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1 for ServerName
If everything went fine you should see the above warning. You can ignore it, unless you want to configure the ServerName for your server. But this is out of scope, so do a search on
Google, or consult an Apache expert.
So, if everything went fine, now we should be able to connect to our server through SSL.
You can use firefox or curl, as before, but this time the URL will be https://localhost
$ curl -k https://localhost
<html><body><h1>It works!</h1></body></html>
The -k option is to ignore certification validation. Also firefox will complain that our certificate is invalid, but you can add it to exceptions and it will nomore bug you with those
Messages.
If everything went fine, now we should have Apache2, HTTP and HTTPs ready.
4. Configuring Subversion with Apache (and SSL)
First of all, we need to install the Subversion modules for Apache2.
$ sudo apt-get install libapache2-svn
They will be enabled by default. So you don't need to run a2enmod.
en.newinstance.it/2009/08/27/tutorial-ubuntu-904-apache-with-ssl-subversion-over-http-https-and-trac/ 3/13
We only need to configure a repository. Let' say our project is called 'myproject'.
First of all, let's decide where our svn repositories will be created. I like /var/local/svn :
$ sudo mkdir /var/local/svn
Then let's create the repository using following procedure:
$ sudo mkdir /var/local/svn/myproject
$ sudo chown www-data:www-data /var/local/svn/myproject
$ sudo -u www-data svnadmin create /var/local/svn/myproject
Above commands will ensure that the user www-data (which is the apache user) can fully access the repository for reading and updating it.
We need to configure the repository in Apache. Edit /etc/apache2/mods-available/dav_svn.conf using:
$ sudo vi /etc/apache2/mods-available/dav_svn.conf
And add a section like the following one:



<Location /svn/myproject>
DAV svn
SVNPath /var/local/svn/myproject
AuthType Basic
AuthName "My Project Subversion Repository"
AuthUserFile /etc/subversion/myproject.passwd
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
</LimitExcept>
</Location>

In the above file we indicated that, at the location svn our repository should respond. And for updating the repository we want a valid user. As per above configuration anonymous
consultation is allowed; but you can disable it commenting with a leading '#' the lines <LimitExcept ... and </LimitExcept> or just removing them as in following example:
<Location /svn/myproject>
DAV svn
SVNPath /var/local/svn/myproject
AuthType Basic
AuthName "My Project Subversion Repository"
AuthUserFile /etc/subversion/myproject.passwd
#<LimitExcept GET PROPFIND OPTIONS REPORT>
Require valid-user
#</LimitExcept>
</Location>

The above configuration indicates to Apache that even for consulting the repository we want a valid user.
But valid users need a password, and in fact we indicated a password file for our repository called /etc/subversion/myproject.passwd. So let's create a password file with a couple of
Users:
$ sudo htpasswd -c /etc/subversion/myproject.passwd luigi
$ sudo htpasswd /etc/subversion/myproject.passwd mario
The -c option indicates that the password file should be created as new; and it is only necessary for the first user. Be aware of the fact that -c overwrites the existing password file
Without asking anything. Personally I think this is a quite stupid behavior, but that's the way it is.
Now we should be ready.
Let's reload apache configuration to make the changes effective:
$ sudo /etc/init.d/apache2 reload
and let's test with the browser that our svn repository is now accessible through HTTP and HTTPs at following urls:
http://localhost/svn/myproject/
https://localhost/svn/myproject/
We can also use curl to verify it is working:
$ curl http://username:password@localhost/svn/myproject/
<html><head><title>myproject - Revision 0: /</title></head>
<body>
<h2>myproject - Revision 0: /</h2>
<ul>
</ul>
<hr noshade><em>Powered by <a href="http://subversion.tigris.org/">Subversion</a> version 1.5.4 (r33841).</em>
</body></html>
$ curl -k https://username:password@localhost/svn/myproject/
<html><head><title>myproject - Revision 0: /</title></head>
<body>
<h2>myproject - Revision 0: /</h2>
<ul>
</ul>
<hr noshade><em>Powered by <a href="http://subversion.tigris.org/">Subversion</a> version 1.5.4 (r33841).</em>
</body></html>
en.newinstance.it/2009/08/27/tutorial-ubuntu-904-apache-with-ssl-subversion-over-http-https-and-trac/ 4/13
Now we can also download our project using svn
$ svn co https://localhost/svn/myproject myproject --username luigi
"luigi" is obviously my username, substitute it with yours.
The first time it will prompt for accepting the SSL certificate, answer to accept it permanently (p). Then it will optionally ask you for the password, type it.
We can also test that modifying the remote repository is working with:
$ svn mkdir -m "created the trunk for the project" https://localhost/svn/myproject/trunk --username luigi
It will answer: Committed revision 1. If so, we've done.
5. Installing Trac
To install trac files and required dependencies, type the following command:
$ sudo apt-get install trac
$ sudo apt-get install libapache2-mod-python
Let's create the directories for trac web folder:
$ sudo mkdir /var/local/trac
$ sudo chown www-data:www-data /var/local/trac
edit Apache configuration file for one of your enabled sites (in this example I modify the default http one, but you can choose to put trac on HTTPS modifying default-ssl)
$ sudo vi /etc/apache2/sites-enabled/000-default
and add the following lines at the end of the file, before the </VirtualHost> tag:
<Location /projects>
SetHandler mod_python
PythonInterpreter main_interpreter
PythonHandler trac.web.modpython_frontend
PythonOption TracEnvParentDir /var/local/trac
PythonOption TracUriRoot /projects
PythonOption PYTHON_EGG_CACHE /tmp
</Location>
# use the following for one authorization for all projects
# (names containing "-" are not detected):
<LocationMatch "/projects/[[:alnum:]]+/login">
AuthType Basic
AuthName "trac"
AuthUserFile /etc/trac/trac.passwd
Require valid-user
</LocationMatch>
Create a password file for trac users (if you want you can reuse or link the passwd file used for subversion repositories)
$ sudo htpasswd -c /etc/trac/trac.passwd luigi
$ sudo htpasswd /etc/trac/trac.passwd Mario

... continue this way for all your users.
Create the trac environment for your project:
$ sudo -u www-data trac-admin /var/local/trac/myproject initenv
It will ask you some questions related to your project. Here's my answers in blue
Project Name [My Project]> My Project
Database connection string [sqlite:db/trac.db]> [Just press Enter to accept the default]
Repository type [svn]> [Just press Enter to accept the default]
Path to repository [/path/to/repos]> /var/local/svn/myproject
Now let's restart apache:
$ sudo /etc/init.d/apache2 restart
Check that trac works properly connecting the browser to http://localhost/projects or use curl to verify that the url is responding properly as we did before. This url should display a
Link to "My Project", click on it and you should see the project home page. Clicking on login the browser should ask you to provide username and password as recently defined with
htpasswd command.
Last thing to do: add yourself as administrator for Trac. This will enable the Admin menu and allow to do much of the administration operations from the web, that you could also do
At the command line with trac-admin tool.
Execute the following command:
$ sudo -u www-data trac-admin /var/local/trac/myproject permission add luigi TRAC_ADMIN
This will make the username 'luigi' administrator for the project

Friday, January 11, 2013

simplest way to install OpenErp on (ubuntu) Server

Install Openerp 7 On  Ubuntu 12.04

Install the ubuntu 12.04 
Download  and install the ubuntu 12.04 from the ubuntu website.
We can go with server edition since openerp is web based 

so simplealy sownload the openerp deb package from the openerp website or

just fire this command on the Linux terminal
wget http://nightly.openerp.com/trunk/nightly/deb/openerp_7.0alpha-latest-1_all.deb

sudo apt-get install postgresql

dpkg -i openerp_7.0alpha-latest-1_all.deb

sudo apt-get -f install

and we are ready to go all the dependencies are fetched and get install by system.

then open the browser on client machine and type "http://<ip-address-of-server:8069>"

or if you have install openerp on local machine then http://localhost:8069 

Saturday, December 29, 2012

installaion openerp 7.0 alpha on ubuntu 10.04



#!/bin/bash
######################################################################
# AIM :Open erp 7.0 install
#By :Navneet Rathi
#Date:06-Dec-2012

#
#####################################################################


#postgresql install

apt-get update

http_proxy=210.212.152.5:80

sudo add-apt-repository ppa:pitti/postgresql

sudo apt-get update

sudo apt-get upgrade
http_proxy=
sudo apt-get install postgresql-9.1 libpq-dev

#
#create a user openerp  on postgresql
#
su - postgres -c "createuser -s openerp" 2> /dev/null || true


#install basic requirement for Openerp 7.0

apt-get install python-software-properties python-dateutil python-feedparser python-gdata python-ldap python-libxslt1 python-lxml python-mako python-openid python-psycopg2 python-pybabel python-pychart python-pydot python-pyparsing python-reportlab python-tz python-vatnumber python-vobject python-webdav python-werkzeug python-xlwt python-yaml python-zsi graphviz python-antlr python-libxml2 python-egenix-mxdatetime python-setuptools python-yaml python-zsi python-docutils python-psutil bzr wget

#install dependendies

apt-get install python-simplejson python-webdav python-werkzeug python-xlwt

## Dependencies install using wasy install
sudo easy_install  pychart # ', # not on pypi, use: pip install http://download.gna.org/pychart/PyChart-1.39.tar.gz
sudo easy_install  babel # ',
sudo easy_install  docutils # ',
sudo easy_install  feedparser # ',
sudo easy_install  gdata # ',
sudo easy_install  lxml < 3 # ', # windows binary http://www.lfd.uci.edu/~gohlke/pythonlibs/
sudo easy_install  mako # ',
sudo easy_install  PIL # ', # windows binary http://www.lfd.uci.edu/~gohlke/pythonlibs/
sudo easy_install  psutil # ', # windows binary code.google.com/p/psutil/downloads/list
sudo easy_install  psycopg2 # ',
sudo easy_install  pydot # ',
sudo easy_install  python-dateutil < 2 # ',
sudo easy_install  python-ldap # ', # optional
sudo easy_install  python-openid # ',
sudo easy_install  pytz # ',
sudo easy_install  pywebdav # ',
sudo easy_install  pyyaml # ',
sudo easy_install  reportlab # ', # windows binary pypi.python.org/pypi/reportlab
sudo easy_install  simplejson # ',
sudo easy_install  vatnumber # ',
sudo easy_install  vobject # ',
sudo easy_install  werkzeug # ',
sudo easy_install  xlwt #'


#install werkzeug need for some unexpected errors

sudo easy_install werkzeug

#fetch openerp 7.0

http://nightly.openerp.com/trunk/nightly/deb/openerp_7.0alpha-latest-1_all.deb

#install it now

dpkg -i openerp_7.0alpha-latest-1_all.deb 


#sudo su
#copy paste this script in a file
# nano/gedit openerp.sh
#
chmod 777 openerp.sh

#./openerp.sh

#
#after the Script execute completely open the browser and type http://localhost:8069
#

Automated Mysql Server Backup on ubuntu 10.04

#!/bin/bash

#
# if using root then not required
#

sudo su

sudo apt-get install automysqlbackup

vi /etc/default/automysqlbackup


# Host name (or IP address) of MySQL server e.g localhost
DBHOST=localhost

DBNAMES=`find /var/lib/mysql -mindepth 1 -maxdepth 1 -type d | cut -d'/' -f5 | grep -v ^mysql\$ | tr \\\r\\\n ,\ `

# Backup directory location e.g /backups
# Folders inside this one will be created (daily, weekly, etc.), and the
# subfolders will be database names.


BACKUPDIR="/var/lib/automysqlbackup"

# Email Address to send mail to? (user@domain.com)
MAILADDR="<your_email_address>”


#
#and thats its you are ready to go no cron nothing this will do the job automatically
#

Wednesday, December 19, 2012

Set up The Squid Proxy (Minimum Configuration) on ubuntu 10.04


  1. To install Squid :
1.1 Type the following command in a terminal :
          sudo aptitude install squid
     2.  Configuration of Squid is done by editing the following file: /etc/squid/squid.conf
              sudo nano /etc/squid/squid.conf
   2.1.Naming the proxy
It is important that Squid knows the name of the machine. To do this, locate the line : visible_hostname.
Changed to
       visible_hostname <machine name>

Note: you can find the machine name in /etc/hostname file in linux :
      sudo vi /etc/hostname

2.2 Choosing the Port
By default, the proxy server will use port 3128. To choose another port, locate the line:
http_port 3128
and change the port number, if we want to listen on custom port :
http_port 3177

2.3.Choosing the interface
By default the proxy server will listen on all interfaces. For security reasons, its better to put it on your local network only.
For Example : If the network card connected to your LAN has IP 172.16.1.1, change the line:
http_port 172.16.1.1:3177

2.4. Setting access rights and priorities :
By default, nobody else is allowed to connect to the proxy server. A list of permissions must be created.
For example, we will define a group encompassing the local network.
acl lanhome src 172.16.0.0/255.255.0.0
‘lanhome’ can be any name which we want to specify in squid config file for the private domain

2.5. Authorizing access to group :
Now that the group is defined, we will authorise it to use the proxy.
Locate the line http_access allow ... and add below (before the line http_access deny all):
http_access allow lanhome

Note : Allow the use of non-standard ports
By default, Squid allows HTTP traffic only on specific ports (e.g. 80). This can cause problems for websites using other ports.
For example: http://toto.com:81/images/titi.png will be blocked by Squid
To avoid this deadlock,
find the line
http_access deny! Safe_ports
and then edit it to:
# http_access deny! Safe_ports

3.Starting the Proxy
Restart the proxy to apply the modifications you made. Type:
sudo /etc/init.d/squid restart

4. Server logs
There are three types of logs are generated by squid.Found in the /var/log/squid.

  1. accesslog

Most log file analysis program are based on the entries in access.log.
Squid  allow the administrators to configure their logfile format and log output method with great flexibility. Previous versions offered a much more limited functionality.

  1. cache.log
The logs are a valuable source of information about Squid workloads and performance. The logs record not only access information, but also system configuration errors and resource consumption (e.g. memory, disk space

  1. store.log
This file covers the objects currently kept on disk or removed ones. As a kind of transaction log (or journal) it is usually used for debugging purposes. A definitive statement, whether an object resides on your disks is only possible after analyzing the complete log file. The release (deletion) of an object may be logged at a later time than the swap out (save to disk).