daily system administration

Apache2 module proxy_balancer as fallback

Using Apache2-module proxy_balancer as fallback solution for the backend

My servers are mostly work with a normal load, but sometimes they have stress. In some cases the content application like TYPO3 or TomCat could not handle the mass of requests. So I've been searched for a automatic solution to display a busy-Page. The Apache-Modul mod_proxy_balancer provides a solution for me. It doesn't matter if the content is on the same machine or hosted on dedicated server(s) in the background. The difference is only the source loopback or some foreign IP addresses.

This modules should be loaded: proxy proxy_balancer proxy_http and if you use SSL to the backend proxy_connect.

Continue reading "Apache2 module proxy_balancer as fallback"

Monitoring Cisco Nexus 7000 switches with Icinga/Nagios

Icinga/Nagios and Cisco Nexus

Cisco uses an different MIB to make information over SNMP for there NEXUS hardware available. tcomm.es provide some plugins to monitor such switches espacially for the FRU-hardware. All configuration examples are tested with a Nexus7000 C7010 and software version 5.1(2). The following chapters shows some configurations:

Continue reading "Monitoring Cisco Nexus 7000 switches with Icinga/Nagios"

Apache2 with modsecurity as MS Exchange OWA proxy

Securing MS Exchange OWA with Apache2 and modsecurity

The intention for this short howto was to use the power of modsecurity to secure a Apache2 running as proxy for an MS Exchange OWA on wild wild web. The system described below is based on a debian lenny machine.

Continue reading "Apache2 with modsecurity as MS Exchange OWA proxy"

Moving a XEN-Instance from etch to lenny

Relocate XEN-DomU's to an new machine

With the upgrade from Debian etch to lenny i've set up an new machine to serv my XEN-Instances. First install the Dom0 on the new hardware and create a logical volume (here my-lvm-vg on /dev/sdb) for further expansion:

    pvcreate /dev/sdb
    vgcreate my-lvm-vg /dev/sdb

Then bring up your network by editing the /etc/xen/xend-config.sxp similar to the old system (e. g. network-bridge). If you have broken network interfaces in Dom0, follow this link.

Continue reading "Moving a XEN-Instance from etch to lenny"

Postfix and TLS

Secure your Mail transport!

After securing your mail-relaying between postfix as smarthost and postfix on a road-warrior, the next step to do is securing the transport way. E-Mail is clear text! Every (machine) can read it! Think about a open WLAN. The hotspot-provider can read your Mail!
I've tested this setup with Debian Etch and Lenny (Postfix 2.3.8-2+etch1 and .2.5.5-1.1).
First you need certificates. In this setup, these are used to encrypt the mail-transport NOT for authentication. So you need no official certified version. you can create self-signed certificates or use such services like CACert.org.

Continue reading "Postfix and TLS"

Setting up bind under Mac OS X Leopard

Howto surf without Zensursula or other DNS-blocking!

Mac OS X 10.5 comes with BIND 9.4.2-P2, but disabled. Here are the steps to set up your own local nameserver:
Use a account with admin privileges and open a terminal:
Continue reading "Setting up bind under Mac OS X Leopard"

Configure Mozilla Firefox and Thunderbird company-wide

Deploy Mozilla Firefox and Thunderbird configurations

Mozilla Firefox and Thunderbird are wonderful tools to browse through the www and sending E-Mails. There are some ways to configure this both programms permantly (firefox.cfg|thunderbird.cfg) or temporarily (user.js). One way to deploy the setting company-wide is to use mozptch. But I use another way.
Continue reading "Configure Mozilla Firefox and Thunderbird company-wide"

Deploy default User Settings for the first OpenOffice.org start (v3)

Default User Settings for OpenOffice.org

In version one and two of Openoffice.org you have to edit the Setup.xcu to set up user defaults and hide the registration wizard. This works mostly. In version three you can modify some files like setup-calc.xcu or do some things like unopkg add --shared DisableFirstStartWzd.oxt on the local installation.
Continue reading "Deploy default User Settings for the first OpenOffice.org start (v3)"

CUPS and Samba as Printserver

CUPS and Samba as Printserver in a Samba/LDAP-Domain with Debian Lenny

Disclaimer

No liability for the contents of this document can be accepted. Use the concepts, examples and information at your own risk. There may be errors and inaccuracies, that could be damage your system. Proceed with caution, and although this is highly unlikely, the author do not take any responsibility. All copyrights are held by their respective owners, unless specifically noted otherwise. Use of a term in this document should not be regarded as affecting the validity of any trademark or service mark. Naming of particular products or brands should not be seen as endorsements.

This short howto is an update from my old howto and describes a Samba-(3.0.30-2) and CUPSYS-(1.3.7-5) configuration for a print server as member of a Samba-Domain with (Open)LDAP backend. This example is based on a debian lenny system (current in testing).

First setting up the ldap-connections to get all users and groups. I use an OpenLDAP server (2.3.30-5+etch1) as backend for the samba PDC/BDC (3.0.24-6etch10). Install the necessary packages apt-get install libnss-ldap cupsys with there dependencies and edit the configs:

Your /etc/nsswitch.conf should contain the following lines (winbind comes later):

Continue reading "CUPS and Samba as Printserver"