Apache Virtural Host with dynamic ip address

1. Configure your apache reading the httpd.conf with external file.
Append these line into /etc/httpd/conf/httpd.conf
include /etc/httpd/conf/virtualhost
include /etc/httpd/conf/mydomainhost

2. Configure the update script running with cron
Put a script into /etc/cron.daily/rc.updatehttpd

###############################################
#!/bin/sh
HTTPADDR=”`ifconfig ppp0 |grep ‘inet addr’|awk ‘{print $2}’|sed -e ‘s/.*://’`”

HOSTFILE=”/etc/httpd/conf/mydomainhost”

echo “NameVirtualHost $HTTPADDR:80” > /etc/httpd/conf/virtualhost

echo “” > $HOSTFILE
echo “DocumentRoot /var/www/html” >> $HOSTFILE
echo “ServerName www.mydomain.com” >> $HOSTFILE
echo “
” >> $HOSTFILE

/etc/rc.d/init.d/httpd restart

##############################################
Note: The rc.updatehttpd must be 700 or 755

Configure CVS Server on Redhat

http://www.xinetd.org/faq.html#cvss

Q. How do I setup a cvs server with xinetd?
A. A user wrote in with this suggestion:

inetd
cvspserver stream tcp nowait root /usr/bin/cvs cvs –allow-root=/home/pauljohn/cvsroot –allow-root=/home/pauljohn/cvsmisc pserver

xinetd
If you want to make the same work under xinetd, you save a config file in /etc/xinetd.d called cvspserver, (where the last line tells it the names of your repositories):
service cvspserver
{
socket_type = stream
protocol = tcp
wait = no
user = root
passenv =
server = /usr/bin/cvs
server_args = –allow-root=/home/pauljohn/cvsroot –allow-root=/opt/mycvsroot pserver
}

All the other cvs setup stuff is the same. This seems to work, afaik.

ipchains – NAT Sample

#!/bin/sh
#
#
# Invoked from /etc/rc.d/init.d/firewall.
# chkconfig: – 60 95
# description: Starts and stops the IPCHAINS Firewall \
# used to provide Firewall network services.

# Source function library.
. /etc/rc.d/init.d/functions

# Source networking configuration.
. /etc/sysconfig/network

# Check that networking is up.
if [ ${NETWORKING} = “no” ]
then
exit 0
fi

if [ ! -x /sbin/ipchains ]; then
exit 0
fi

# See how we were called.
case “$1” in
start)
echo -n “Starting Firewalling Services: ”

ipchains -F # Clean all rules
ipchains -X # Clean user-defined chain
echo “1” > /proc/sys/net/ipv4/ip_forward
echo “1” > /proc/sys/net/ipv4/ip_always_defrag

# load module for NAT soure redirect
/sbin/modprobe ip_masq_ftp ports=21,4559 #FTP, Hylafax
/sbin/modprobe ip_masq_raudio ports=554,7070,7071,6970,6971 # realplayer,rstp, quicktime, wmplayer…etc
/sbin/modprobe ip_masq_irc #IRC
/sbin/modprobe ip_masq_vdolive #VOD
/sbin/modprobe ip_masq_cuseeme #cuseeme
/sbin/modprobe ip_masq_quake #quake
/sbin/modprobe ip_masq_pptp #PPTP

ipchains -P forward DENY # Define default policy forward deny
ipchains -M -S 36000 10 60 # Define MASQ time out

ipchains -A forward -i ppp0 -s 192.168.0.0/24 -j MASQ # NAT rule

;;
stop)
echo -n “Shutting Firewalling Services: ”

# Remove all existing rules belonging to this filter
ipchains -F

# Delete all user-defined chain to this filter
ipchains -X

# Reset the default policy of the filter to accept.
ipchains -P input ACCEPT
ipchains -P output ACCEPT
ipchains -P forward ACCEPT

;;
status)
status firewall
;;
restart|reload)
$0 stop
$0 start
;;
*)
echo “Usage: firewall {start|stop|status|restart|reload}”
exit 1
esac

exit 0

RedHat UPnP How to

如何於NAT下進行msn的語音通訊(UPnP)

安裝環境:

RedHat 8.0 + NAT 環境以架設完成

安裝軟體:

Intel UPnP SDK(upnpsdk-1.0.4.tar.gz)(http://upnp.sourceforge.net/)

Linux-IGD(linuxigd-0.92.tgz)(http://linux-igd.sourceforge.net/)

安裝步驟

1.在安裝Intel UPnP SDK前,修改tar開後之檔案內容

tar zxvf upnpsdk-1.0.4.tar.gz

cd upnpsdk-1.0.4

vi upnpsdk-1.0.4/src/ssdp/ssdplib.c

修改line 406

SelfAddr.sin_addr.s_addr = inet_addr(SSDP_IP);

修改為

SelfAddr.sin_addr.s_addr = htonl(INADDR_ANY);

2.安裝UPNP SDK

make ; make install

3.安裝 Linux-IGD

tar zxvf linuxigd-0.92.tgz

cd linuxigd-0.92

make ; make install

4.建一個link

ln -s /sbin/iptables /usr/sbin/iptables

5.建立debug log

vi /etc/syslog.conf

加入下一行

*.=debug /var/log/debug

6啟用 UPnP

upnpd eth1 eth0

(eth1為對外之網卡,eth0為對內之網卡;如為adsl非固接用戶則為 upnpd ppp0 eth1)

7.加入自動執行vi /etc/rc.d/rc.local

加入 upnpd eth1 eth0 或 upnpd ppp0 eth1

8.重新啟用MSN Messager

Apache + Mod SSL – Installing your Web Server Certificate

Apache + Mod SSL
Installing your Web Server Certificate

Copy the certificate from the body of the email and paste it into a text editor (such as notepad) to create text files.

1. Copy both certificates to the Apache server directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).

Note: Copy the entire contents of the certificate from (and including) the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines.

2. Open the httpd.conf file in a text editor.

3. Locate the secure virtual host pertaining to your order. You should have the following directives within this virtual host. Please add them if they are not present:

SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.key (or server.key)

4. Save the changes and exit the editor.

5. Start or Restart your apache web server using one of the following commands:
By default:
/usr/local/apache/bin/apachectl startssl
or
/usr/local/apache/bin/apachectl restart

Other commands:
/usr/sbin/httpd startssl or restart
/usr/sbin/httpsd startssl or restart

Note: You may refer to the original ModSSL instructions at:

http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL

Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP.

Note: The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.

SMTP AUTH: RedHat 7.3 上 sendmail + cyrus-sasl

## RedHat 7.3 上 sendmail + cyrus-sasl 啟動方式

在使用REDHAT 7.3時試sendmail+SASL 的一些紀錄,稍作整理希望能有所幫助
在RED HAT 7.3 中的 套件中已含有 cyrus-sasl 套件
若在安裝RH7.3時 即有以下套件,若未安裝,可至RH7.3安裝光碟中尋找

sendmail 8.11.6 cyrus-sasl 1.5.24 procmail 3.21 PS: 可使用 rpm -qa | grep ‘套件名稱’ 查詢系統中是否已安裝 rpm 檔安裝方式不在纍述
確認無誤後,可依以下方式試試看了喔
[Step 1]
檢查 /usr/lib/sas/Sendmail.conf
是否出現 pwcheck_method:shadow 這一行
若無請以下列方式補上
cat > /usr/lib/sasl/Sendmail.conf
pwcheck_method: shadow
# 按 ctrl+D 便可跳出

[Step 2]
備份 /etc/mail/sendmail.mc 及 /etc/sendmail.cf 已備安裝出錯時還可以使用先前的設
定 cp /etc/mail/sendmail.mc /etc/mail/sendmail.mc.bak
cp /etc/sendmail.cf /etc/sendmail/cf.bak

[Step 3]
vi /etc/mail/sendmail.mc
找以下兩句,並去掉前頭的 dnl
dnl TRUTH_AUTH_MECH(‘DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’) dnl
dnl define(‘confAUTH_MECHAISMS’,’DIGEST-MD5 CRAM-MD5 LOGIN PLAIN ‘) dnl
並將
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’) 將127.0.0.1改成0.0.0.0

[Step 4]
重要的來了,以m4指令重新編譯新的 sendmail.cf
#m4 /etc/mail/sendmail.mc > /etc/sendamil.cf
檢查新編好的 sendmail.cf
應該會多出了

TRUTH_AUTH_MECH(‘DIGEST-MD5 CRAM-MD5 LOGIN PLAIN’)
C{TrustAuthMech}DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
這兩行
!!!! 需注意的兩個地方
1. sendmail.cf 開頭的 Cwyourhomain.net
會被原設定取代
Cwlocalhost.localdomain —> 將 Cw後的localhost.localdomain 改成你的domain名
便可 2.
#O ClientPortOptions=Address=0.0.0.0 <--- #號會拿掉 [可以使用 diff -f /etc/sendmail.cf /etc/sendmail.cf.bak 比較一下] [Step 5] 重新啟動 sendmail /etc/rc.d/init.d/sendmail restart 正確的話,可以正常啟動 [檢驗] 輸入 /usr/sbin/sendmail -O Loglevel=14 -bs ehlo localhost 看看是否有一行 250-AUTH LOGIN PLAIN 的訊息 表示你的 sendmail 已經具有認證功能 此時請輸入 quit 結束,萬一沒有出現,閱讀 /var/log/maillog 裡面的訊息可以知道錯在哪裡。 最後記得sendmail 重新啟動便可

讓終端機正確顯示輸入的 Unicode 中文

讓終端機正確顯示輸入的 Unicode 中文

昨天蘋果的技術支援網站貼出一篇標題為「How to Use High-Bit Characters in Terminal」的文章,文中說明要如何調整終端機的設定,以避免終端機將輸入資料視為是 7bit ASCII 碼,使得末位第 8 位元被截去,造成資料變成亂碼。在該文文末,有一段註明……

請按下閱讀全文就可詳讀此篇文章…

(全文開始)

昨天蘋果的技術支援網站貼出一篇標題為「How to Use High-Bit Characters in Terminal」的文章,文中說明要如何調整終端機的設定,以避免終端機將輸入資料視為是 7bit ASCII 碼,使得末位第 8 位元被截去,造成資料變成亂碼。

在該文文末,有一段註明,大意是:在開啟此項功能後,使用 tcsh/bash shell(殼層,系統的使用者界面,讓使用者能透過螢幕和鍵盤與電腦做文字上的溝通。Mac OS X 預設使用 tcsh。)的使用者,在命令列輸入的 8bit 字元,會以溢位資訊的形式顯示,僅 zsh shell 會以正常字體顯示。

這就是 bash shell 輸入中文後的樣子。

而下面是一則小技巧,讓 bash shell(請注意,是 bash,不是系統預設的 tcsh)能像 zsh shell 一樣以正常字體顯示輸入的文字。由於 Mac OS X 10.2 內建的 bash shell 是完整的 2.05a 版本,我們可以藉由修改 bash 命令列編輯界面 readline 的設定來解決這問題。readline 的啟動檔是 .inputrc,bash 啟動時,會先讀取這份啟動檔,並套用當中的設定。

使用者可用文書編輯器如 TextEdit 或 pico,在家目錄(~/)下新增名為 .inputrc 的檔案,並在內容輸入:

set convert-meta off
set meta-flag on
set output-meta on

這三行後存檔即可。在下一次啟動 bash shell 輸入資料時,就可在命令列看見正常顯示的中文字了。

這就是 bash shell 修改過 readline 設定後的結果。

以上的修改僅對 Mac OS X 10.2 之後的 bash shell 有效,tcsh shell 若要有相同的效果,則需重新編譯安裝,手續較為麻煩,在此撇開不談,也歡迎大家加入 bash shell 的行列。

Configure CVS Server on Redhat

http://www.xinetd.org/faq.html#cvssQ. How do I setup a cvs server with xinetd?
A. A user wrote in with this suggestion:

inetd
cvspserver stream tcp nowait root /usr/bin/cvs cvs –allow-root=/home/pauljohn/cvsroot –allow-root=/home/pauljohn/cvsmisc pserver

xinetd
If you want to make the same work under xinetd, you save a config file in /etc/xinetd.d called cvspserver, (where the last line tells it the names of your repositories):
service cvspserver
{
socket_type = stream
protocol = tcp
wait = no
user = root
passenv =
server = /usr/bin/cvs
server_args = –allow-root=/home/pauljohn/cvsroot –allow-root=/opt/mycvsroot pserver
}

All the other cvs setup stuff is the same. This seems to work, afaik.