Entries by Tom Geissler

Using Apache2-module proxy_balancer as fallback solution for the backend

My servers are mostly work with a normal load, but sometimes they have stress. In some cases the content application like TYPO3 or TomCat could not handle the mass of requests. So I've been searched for a automatic solution to display a busy-Page. The Apache-Modul mod_proxy_balancer provides a solution for me. It doesn't matter if the content is on the same machine or hosted on dedicated server(s) in the background. The difference is only the source loopback or some foreign IP addresses.

This modules should be loaded: proxy proxy_balancer proxy_http and if you use SSL to the backend proxy_connect.

Icinga/Nagios and Cisco Nexus

Cisco uses an different MIB to make information over SNMP for there NEXUS hardware available. tcomm.es provide some plugins to monitor such switches espacially for the FRU-hardware. All configuration examples are tested with a Nexus7000 C7010 and software version 5.1(2). The following chapters shows some configurations:

Securing MS Exchange OWA with Apache2 and modsecurity

The intention for this short howto was to use the power of modsecurity to secure a Apache2 running as proxy for an MS Exchange OWA on wild wild web. The system described below is based on a debian lenny machine.

Relocate XEN-DomU's to an new machine

With the upgrade from Debian etch to lenny i've set up an new machine to serv my XEN-Instances. First install the Dom0 on the new hardware and create a logical volume (here my-lvm-vg on /dev/sdb) for further expansion:

    pvcreate /dev/sdb
    vgcreate my-lvm-vg /dev/sdb

Then bring up your network by editing the /etc/xen/xend-config.sxp similar to the old system (e. g. network-bridge). If you have broken network interfaces in Dom0, follow this link.

Secure your Mail transport!

After securing your mail-relaying between postfix as smarthost and postfix on a road-warrior, the next step to do is securing the transport way. E-Mail is clear text! Every (machine) can read it! Think about a open WLAN. The hotspot-provider can read your Mail!
I've tested this setup with Debian Etch and Lenny (Postfix 2.3.8-2+etch1 and .2.5.5-1.1).
First you need certificates. In this setup, these are used to encrypt the mail-transport NOT for authentication. So you need no official certified version. you can create self-signed certificates or use such services like CACert.org.

Howto surf without Zensursula or other DNS-blocking!

Mac OS X 10.5 comes with BIND 9.4.2-P2, but disabled. Here are the steps to set up your own local nameserver:
Use a account with admin privileges and open a terminal:

Deploy Mozilla Firefox and Thunderbird configurations

Mozilla Firefox and Thunderbird are wonderful tools to browse through the www and sending E-Mails. There are some ways to configure this both programms permantly (firefox.cfg|thunderbird.cfg) or temporarily (user.js). One way to deploy the setting company-wide is to use mozptch. But I use another way.

Default User Settings for OpenOffice.org

In version one and two of Openoffice.org you have to edit the Setup.xcu to set up user defaults and hide the registration wizard. This works mostly. In version three you can modify some files like setup-calc.xcu or do some things like unopkg add --shared DisableFirstStartWzd.oxt on the local installation.