Step 1 The setup
Here is your Ubuntu serve box with two interfaces,
eth0————-Internet
eth2————-Internal
Note: Your Internet is running using eth0.
Step1: Install DHCP Server
#apt-get install dhcp3-server
Creating an Ubuntu Router
Administrations
Install Openfiler from USB
The problem we have now is our storage server has no optical drive and we do not have any external optical drive available here in office. Alternatively, we can use USB stick drive and make sure our server are able to boot from USB.
Server: DELL PowerEdge R510
OS version: Openfiler 2.99 64bit
USB flash drive: /dev/sdb
RAID 10 virtual disk: /dev/sda
Preparing the Flash Drive
1. Download the ISO from here into your local PC. In my case, I downloaded the x86_64 distribution ISO.
Install and Configure Zenoss as Centralized Monitoring System
Good system administrator should know that they need to do these 3 most important things after delivering a server:
secure
monitor
backup
As part of monitoring task, in this tutorial, I am going to show on how to build a centralized monitoring system using Zenoss. Zenoss will need to use SNMP agent in every server that need to be monitored. If you have high number of servers, you should use Zenoss instead of Cacti or Nagios because it is easier to setup and maintain. The web-based management portal is really easy to understand and you can monitor a lot of things, not limited to SNMP MIB reporting only.
Zenoss has the community version which is free. The latest version of Zenoss at this date is version 4. Zenoss installer recommending user to use a clean server. But in my case, I will use a cPanel server which really not heavy in usage for this purpose. In order to run Zenoss in ‘not-so-clean’ server, I need to use Zenoss stack version 3. I will be using following variables:
OS: RHEL 5.3 64bit (Tikanga)
cPanel: 11.32.3 (build 23)
Zenoss server IP: 210.20.88.50
Server to be monitored: 177.60.52.200 and 81.71.46.44
High Availability: Configure Piranha for HTTP, HTTPS and MySQL
In this post we will complete over the Piranha configuration with HTTP and HTTPS load balancing using direct-routing with firewall marks and MySQL load balancing using direct-routing only.
HTTP/HTTPS will need to be accessed by users via virtual public IP 130.44.50.120 while MySQL service will be accessed by web servers using virtual private IP 192.168.100.30. Kindly refer to picture below for the full architecture:
All Servers
SELINUX must be turned off on all servers. Change the SELINUX configuration file at /etc/sysconfig/selinux:
Manage Multiple MySQL Servers using PHPmyAdmin
In my environment, I have 5 different MySQL database servers running separately under different geographical location. Since it run standalone and not in cluster mode, I need to have one platform to manage these database servers altogether.
PHPmyAdmin is able to do this, with some changes on the configuration files. You just need to allow the MySQL user and host on every database server to be connected to. The setup that I am going to do will be as below:
CentOS: Configure Piranha as Load Balancer (Direct Routing Method)
I am currently working on a web cluster project using CentOS. In this project, I have 2 web servers running on Apache and mounted the same document root to serve the HTTP content. I also have 2 servers in front of it to become the load balancer and failover to increase high availability of the two-node web server cluster. The virtual IP will be hold by load balancer #1 with auto failover to load balancer #2.
You may refer to diagram below to get clearer picture:
I am using following variables:
All servers’ OS: CentOS 6.2 64bit
Web server #1: 192.168.0.221
Web server #2: 192.168.0.222
Load balancer #1: 192.168.0.231
Load balancer #2: 192.168.0.232
Virtual IP: 192.168.0.220
Load Balancer Server
1. All steps should be done in both servers unless specified. We will install Piranha and other required packages using yum:
Creating a Certificate Signing Request Using Certreq.exe
Create a file named CSRParameters.inf on the C:\ drive using the contents below as a template (replace the single quotes with double quotes):
[NewRequest]
Subject="CN=mailgw.mango.com.bd,OU=IIG,O=Mango Teleservices Limited,S=Not Applicable,L=Dhaka,C=BD"
KeySpec=1
KeyLength=2048
Exportable=TRUE
MachineKeySet=TRUE
SMIME=False
PrivateKeyArchive=FALSE
UserProtected=FALSE
UseExistingKeySet=FALSE
ProviderName="Microsoft RSA SChannel Cryptographic Provider"
ProviderType=12
RequestType=PKCS10
KeyUsage=0xa0
Silent=TRUE
[EnhancedKeyUsageExtension]
OID=1.3.6.1.5.5.7.3.1
Open a command prompt and type in:
C:\>certreq -new CSRParameters.inf CSROutput.pem
Open Windows Explorer and browse to the C drive to locate the CSROutput.pem file
Using the CSROutput.pem file, go back to the certificate authority and use the file to request your certificate
Replacing the default (self signed) certificate on a RD Session Host server
Many times I wanted to get rid of that annoying certificate warning message when I make a RDP connection to a RD Session Host server or a workstation. If you are using RDP inside an Active Directory network, the warning is gone, because the connection is using kerberos for security, but if you are connecting from outside to the inside, well…you will be prompted to accept the server certificate, and this is because the certificate is self signed and is not trusted. The following method works for clients OS (Win XP, Vista,7) too, not just for RD Session Host servers.
To install a trusted certificate I will use a script that I found on Microsoft technet. For this guide an Enterprise Internal CA will issue the certificates since is cheaper and much easy to work with, but if you have a lot of external clients a commercial certificate is recommended. To start we need to request and install a certificate on the local computer store on the RD Session Host server. For that open the Certificates Store console (Start > Run > mmc), select Certificates and click the Add button. On the wizard that just popped-up choose Computer Account > Local Computer.
Configuring DKIM signing in MDaemon
DomainKeys Identified Mail (DKIM) is an open protocol for protecting email users against email address identity theft and email message content tampering. It does this by providing positive identification of the signer’s identity along with an encrypted “hash” of the message content.
To configure and use DKIM:
- The system administrator creates a private/public key pair for the server and publishes the public key in the domain’s domain name server.
- Using the private key, the sending server creates a signature for each outgoing message. The resulting signature data is stored in a “DKIM-Signature” header within the message.
- The receiving server obtains the signature from the “DKIM-Signature” header and verifies it using the signer’s public key.
MDaemon 10.x: Running WorldClient under IIS7.5 on Windows 2008
Procedure
- Install the Web Server Role with ISAPI Extensions and ISAPI Filters (for exact steps please consult your Operating System documentation)
- Open the IIS console
- Click Start
- Click All Programs
- Click Administrative Tools
- Click Internet Information Services (IIS) Manager
- On the Connections pane, expand the [Machine_name] node
- Right click on Sites
- Click Add Web Site