Saturday, March 9, 2013

Installing NGINX engine X with LAMP

Debian OS - upgrade to latest packages

    # apt-get update 
    # apt-get upgrade 

Packages installation

Apache
    # apt-get install apache2
    # a2enmod rewrite
    # /etc/init.d/apache2 restart

configuration:
    # nano /etc/apache2/sites-enabled/000-default
      (default webroot directory: /var/www/)  

check configuration:
    # apachectl -t  

After enabling, disabling, or modifying any part of your Apache configuration, you will need to reload or restart the Apache configuration again with command:
    # /etc/init.d/apache2 reload or 
    # /etc/init.d/apache2 restart



PHP
    # apt-get install php5 php-pear php5-suhosin php5-mysql

configuration: edit /etc/php5/apache2/php.ini Make sure that the following values are set, and relevant lines are uncommented (comments are lines beginning with a semi-colon (;)):
max_execution_time = 60
memory_limit = 128M
error_reporting = E_COMPILE_ERROR|E_RECOVERABLE_ERROR|E_ERROR|E_CORE_ERROR
display_errors = Off
log_errors = On
error_log = /var/log/php5.log
register_globals = Off

To apply PHP configuration changes Apache need to be restarted:
    # /etc/init.d/apache2 restart


Advanced server setup - NGINX

Installation

Using repo for Nginx 1.0.11 last stable. For the main Dotdeb repository add these two lines to: /etc/apt/sources.list file
    # deb http://packages.dotdeb.org stable all
    # deb-src http://packages.dotdeb.org stable all

Then fetch the appropriate GnuPG key
    # wget http://www.dotdeb.org/dotdeb.gpg
    # cat dotdeb.gpg | sudo apt-key add -

    # apt-get update    
    # apt-get install nginx

Configuration

Stop the Nginx server if it was started automatically by the package manager and create a new nginx.conf configuration file – installed in /etc/nginx/ by default – by pasting the following and adjusting the paths to those of your installation:
user www-data; #change to the same user apache runs as
worker_processes 8; #change to the number of your CPUs/Cores
worker_rlimit_nofile 8192;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
  worker_connections 1024;
  use epoll;
  accept_mutex off;
}

http {
  server_names_hash_bucket_size 64;
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  access_log /var/log/nginx/access.log;
  sendfile on;
  tcp_nopush on;
  keepalive_timeout 65;

  # reverse proxy options
  proxy_redirect off;
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

  # gzip compression options
  gzip on;
  gzip_http_version 1.0;
  gzip_comp_level 6;
  gzip_min_length 0;
  gzip_buffers 16 8k;
  gzip_proxied any;
  gzip_types text/plain text/css text/xml text/javascript application/xml application/xml+rss application/javascript application/json;
  gzip_disable "MSIE [1-6]\.";
  gzip_vary on;

  # include virtual hosts configuration
  include /etc/nginx/virtual.d/*.conf;
}

Nginx should run as the same user Apache runs, to avoid file permission problems.
Besides the proxy setup this configuration file includes some generic performance tuning, such as use epoll as the event model method, which works effectively on Linux 2.6+ kernels. This works in tandem with the next line, accept_mutex off, to improve performance a bit more. Enabling sendfile allows nginx to use the kernel’s sendfile support to send files to the client regardless of their contents. This can help with large static files, such as images, that have no need for a multiple request/confirmation system to be served. Enabling gzip compression for static files can make a big performance difference. The lines starting with gzip enable compression for common web files, such as .css and .js files, on supported browsers.

Apache reverse proxy forward module(mod_rpaf)

If you check the Apache access log files you should see that all incoming requests are coming from 127.0.0.1. To fix this you need to install mod_rpaf, the reverse proxy add forward module for Apache.
    # apt-get install libapache2-mod-rpaf

check content of /etc/apache2/mods-enabled/rpaf.conf :
<IfModule mod_rpaf.c>
RPAFenable On
RPAFsethostname On
RPAFproxy_ips 127.0.0.1
</IfModule>

restart apache:
    # /etc/init.d/apache2 restart

Apache configuration (behind Nginx)

Nginx now acts as the front-end web server – waiting for requests on port 80 – you need to configure Apache to listen on a different port (8080 in this case) and preferably only on localhost, open the file /etc/apache2/ports.conf and change the line Listen 80 to Listen 127.0.0.1:8080, if you use name-based virtual hosts you should have a lineNameVirtualHost *:80 in the same file. Change that to NameVirtualHost *:8080.
If you have configured Keep-Alive support in Apache you should disable it since it is already enabled in Nginx. Change KeepAlive On to KeepAlive Off in/etc/apache2/apache2.conf . You can also disable the mod_deflate module since Nginx already provides gzip compression.

nginx referer denial

In /etc/nginx/nginx.conf there is a list of words to deny in URLs. If URL contains these words, all referred links will not load. This causes missing images and stylesheets, and every link from that page to another on the same site will come up blank.
  ## Deny certain Referers (case insensitive)
  ## The ~* makes it case insensitive as opposed to just a ~
  if ($http_referer ~* (babes|...|zippo) ) {
        return 444;
     }
Just remove a word if you notice a problem and restart nginx with /etc/init.d/nginx restart

Wednesday, March 6, 2013

Installing FREEPBX on UBUNTU 10.04(installation Script)


Free Pbx Installation Script

#!/bin/bash
#
#Install mysql
#run the script script by sudo su or with root privilege
sudo apt-get update
sudo apt-get install -y mysql-server
#
#installing the pre-dependencies
#
sudo apt-get install -y build-essential linux-headers-`uname -r` openssh-server bison flex apache2 php5 php5-curl php5-cli php5-mysql php-pear php-db php5-gd curl sox libncurses5-dev libssl-dev libmysqlclient15-dev mpg123 libxml2-dev
#
#Compile and install dahdi;
#
tar xvf dahdi-linux-complete-2.2.1+2.2.1.tar.gz
cd dahdi-linux-complete-2.2.1+2.2.1
make all && make install && make config
#
#libpri compilation and install:
#
cd ..
tar xvf libpri-1.4.10.2.tar.gz
cd libpri-1.4.10.2
make && make install
#
#installing the free pbx
#
cd ..
tar xvf asterisk-1.6.2.6.tar.gz
cd asterisk-1.6.2.6
./configure
make && make install

#
#As before lets install the sample files
#
make samples

#
#install sound in free pbx
#
cd /var/lib/astersik/sounds
wget -O - http://downloads.asterisk.org/pub/telephony/sounds/asterisk-extra-sounds-en-gsm-current.tar.gz | tar xvfz -

#
# We create the user "asterisk" and
#add the apache user to the "asterisk" group

cp /etc/apache2/apache2.conf /etc/apache2/apache2.conf_orig
sed -i 's/^\(User\|Group\).*/\1 asterisk/' /etc/apache2/apache2.conf
#
#
#The start up script
cd /etc/init.d/
wget http://randystech.com/downloads/asterisk
chmod +x asterisk
update-rc.d asterisk defaults

#We are almost done. Now we are going to install FreePBX, the graphical interface that we will install
#to manage Asterisk

cd /usr/src/
wget -O - http://mirror.freepbx.org/freepbx-2.7.0.tar.gz | tar xvfz -
cd freepbx-2.7.0/

#
#Copy amportal.conf configuration file to /etc/:
#
cp amportal.conf /etc/

#set the database password here
#when you are running the shell script
# creating user astrick in mysql with password 4321
export ASTERISK_DB_PW=4321             
export MYSQL_ROOT_PW=1234                
mysqladmin -u root -p${MYSQL_ROOT_PW} create asterisk
mysqladmin -u root -p${MYSQL_ROOT_PW} create asteriskcdrdb
mysql -u root -p${MYSQL_ROOT_PW} asterisk < SQL/newinstall.sql
mysql -u root -p${MYSQL_ROOT_PW} asteriskcdrdb < SQL/cdr_mysql_table.sql
mysql -u root -p${MYSQL_ROOT_PW} <<-END_PRIVS
GRANT ALL PRIVILEGES ON asterisk.* TO asteriskuser@localhost IDENTIFIED BY "${ASTERISK_DB_PW}";
GRANT ALL PRIVILEGES ON asteriskcdrdb.* TO asteriskuser@localhost IDENTIFIED BY "${ASTERISK_DB_PW}";
flush privileges;
END_PRIVS


#
#And slightly modify the settings in /etc/amportal.conf
#
sed -i "s/# \(AMPDBUSER=.*\)/\1/" /etc/amportal.conf
sed -i "s/# \(AMPDBPASS=\).*/\1${ASTERISK_DB_PW}/" /etc/amportal.conf
sed -i "s@\(AMPWEBROOT=\).*@\1/var/www/@"  /etc/amportal.conf
sed -i "s@\(FOPWEBROOT=\).*@\1/var/www/panel@" /etc/amportal.conf
sed -i "s@\(FOPWEBADDRESS=\).*@PUTIPADDRESS@" /etc/amportal.conf

#
#Adjust some PHP.ini settings related to the use of memory
#
sed -i 's/\(^upload_max_filesize = \).*/\120M/' /etc/php5/apache2/php.ini

#
#Change the permissions of a series of directories:
#
chown asterisk. /var/run/asterisk
chown -R asterisk. /etc/asterisk
chown -R asterisk. /var/{lib,log,spool}/asterisk
chown -R www-data.asterick /var/www/

#
#We enable the asterisk configuration as it is indicated in /etc/asterisk/asterisk.conf by removing the
#trailing characters in the first line:
#
sed -i '1 s/\(\[directories\]\).*/\1/' /etc/asterisk/asterisk.conf

#
# now install the free pbx
#

./start_asterisk start
./install_amp
#restart the apache and dahdi
#
/etc/init.d/apache2 restart
/etc/init.d/dahdi restart

#
#create a link
ln -s /var/lib/asterisk/moh /var/lib/asterisk/mohmp3
amportal start

Remote Installation Services over Linux

In this Post I will Explain step by Step How we can have networking boot-able Linux.In very Few Steps I will Explain it for UBUNTU 11.04 Desktop and server booting from the same server we can have many Linux boot from the same server

Required Softwares:

DHCP server
NFS server
TFTP-HDA server

Command to install the all required software on ubuntu i am installing on the ubuntu 10.04 server edition I have also installed the webmin

1.) sudo apt-get install tftpd-hpa dhcp3-server nfs-kernel-server syslinux

make a directory

sudo mkdir /srv
sudo mkdir /srv/tftpboot
then edit the tftp-hpa file

2.) sudo vi /etc/default/tftpd-hpa


and add the following lines in that

 #

#These are the all the configuration of TFTP boot server(trivial file transfer protocol)

#

TFTP_USERNAME="tftp"

TFTP_DIRECTORY="/srv/tftpboot"

TFTP_ADDRESS="<IP.OF.YOUR.SERVER>:69"

TFTP_OPTIONS="--secure -l"


3.) Configure the /etc/dhcp3/dhcpd.conf file like so:

sudo vi /etc/dhcp3/dhcpd.conf

#And add the following file to the dhcp.conf you can also do this using webmin

#

allow booting;
allow bootp;
group
{
    next-server IP.OF.YOUR.SERVER;
    filename     "/pxelinux.0";
    host laptop
    {
            hardware ethernet    mac:address:of:device;
            option host-name     "laptop";
    }
}


4.) Create the Ubuntu PXE Environment(s):

sudo mkdir -p /srv/tftpboot/pxelinux.cfg

sudo mkdir /srv/tftpboot/OS1

sudo mkdir /srv/tftpboot/OS2



5.) Loop mount the ISOs into place:

sudo mount -o loop /path/to/OS1.iso /srv/tftpboot/OS1

sudo mount -o loop /path/to/OS2.iso /srv/tftpboot/OS2


6.) Create a nice message screen that will be displayed upon PXE boot:

sudo vi /srv/tftpboot/message

:: Ubuntu PXE Environment ::
============================
OPTIONS:           DESCRIPTIONS:
OS1 (Default) == OS1  
OS2       == OS2  
----------------------------------------------------
Type the option, and hit enter:





7.) Create the default pxelinux config file:

sudo vi /srv/tftpboot/pxelinux.cfg/default

DISPLAY message
DEFAULT OS1
PROMPT 1
TIMEOUT 0
LABEL OS1
    kernel 11.04x86desktop/casper/vmlinuz
    append root=/dev/nfs boot=casper netboot=nfs nfsroot=IP.OF.YOUR.SERVER:/srv/tftpboot/11.04x86desktop initrd=11.04x86desktop/casper/initrd.lz --
LABEL OS2
    kernel 11.04x64desktop/casper/vmlinuz
    append root=/dev/nfs boot=casper netboot=nfs nfsroot=IP.OF.YOUR.SERVER:/srv/tftpboot/11.04x64desktop initrd=11.04x64desktop/casper/initrd.lz --

8.) Copy the pxelinux.0 file into place:

sudo cp /usr/lib/syslinux/pxelinux.0 /srv/tftpboot/


9.) Configure the NFS server like so:

sudo vi /etc/exports

/srv/tftpboot/OS1  *(ro,sync,no_root_squash,no_subtree_check)
/srv/tftpboot/OS2  *(ro,sync,no_root_squash,no_subtree_check)

10.) Start all the appropriate services:

sudo exportfs -va
sudo service tftpd-hpa start
sudo service dhcp3-server start
sudo service nfs-kernel-server start



11.) Go boot the laptop, and you should be presented with the "

:: Ubuntu PXE Environment ::" menu.
Enjoy!