Archive for the 'Web Server' Category

« Previous Entries
Next Entries »

Disable ssl ver 2 in apache for pci compliance

You need to disable SSL ver 2 and enable SSL ver 3 in apache for PCI compliance. Its very easy to do. Following settings will set SSL ver 3 and also disable older/unsecure cipher suite in Redhat/centos/fedora Linux server:
1. Open /etc/httpd/conf.d/ssl.conf and add or if these lines already there, edit them as per follows:

## Disbale SSLv2 and enable SSLv3
SSLProtocol -All +SSLv3 +TLSv1
SSLCipherSuite HIGH:!SSLv2:!ADH:!aNULL:!eNULL:!NULL

2. Reload httpd service to apply the new settings:

# /etc/init.d/httpd reload

3. Verify the settings by connecting to SSL ver 3 protocol:

# openssl s_client -connect localhost:443 -ssl3

It should connect. you can also try connecting to SSL ver 2 which should result in error. Request the PCI test again and it should not complain about Apache SSL related issues.

Permanent link to this post (111 words, estimated 27 secs reading time)

January 23rd, 2010 | Posted in Security, Web Server | 2 Comments

Detect directory or file changes in *nix

There are various wasys to do this, but this is what I implemented. It is working as expected as of now on my RHEL 5.x boxes. I’ll take my usecase here and describe things.

Plesk web hosting control panel is managing several hundred domains on one of RHEL box. Addition and removal of domains is very common. We need to sync all domain’s httpdocs directory to other webservers. Of course, a simple rsync can be setup for this but it’s much efficient that rsync should only run when there’s any change, ie addition/removal of a domain or file updation etc. What I mean to say, instead of letting rsync detect changes, its better that our script should detect changes and then run rsync. The obvious advantage is that network burden is reduced because rsync will only sync contents with our servers when there are changes.

This is a preview of Detect directory or file changes in *nix. Read the full post (303 words, estimated 1:13 mins reading time)

August 14th, 2009 | Posted in bash, General, Web Server | 7 Comments

Apache url rewriting with masking

I got an assignment where I’ve to move some apps from a server (due to immense load) to different server without changing URLs. Main software app should remains in first server and all other smaller apps should be moved to another server but because all apps are integrated (for seamless login etc) with each other, URL on the browser should not change when browing the main app or any of its subordinate apps residing on different server.

The quick solution is to update httpd.conf in your main server to redirect traffic for certain apps to different server (or domain). Apache will work like a proxy when accessing other apps. for example, here are sample URLs:

This is a preview of Apache url rewriting with masking. Read the full post (264 words, estimated 1:03 mins reading time)

June 2nd, 2009 | Posted in Web Server | 1 Comment

Script to sync files between web severs having plesk

I got a little assignment where there are two webservers are there behind a load balancer and both needs to have identical files. Both server has plesk control panel. As we know, plesk store website files in /var/www/vhosts/domain/httpdocs directory, here domain is the name of website. Though this script can be used in any other case, just you may need to update it little bit.

I wrote a wrapper script for rsync and deployed there. Here is the script:

#!/bin/bash
 
############### websync.sh by Jagbir Singh #################
#
# This script acts as wrapper for rsync. It checks every domain listed in /var/www/vshots
# for existence in other server, if found there, then sync domain's 'httpdocs' only directory.
#
# ver 1.0 Mar 8, 2009: Initial version.
#
#############################################################
 
cd /var/www/vhosts
webserver2="192.168.30.2"
 
## get directory list
ls --file-type | grep "\/" | sed 's/\///' | grep -Ev "^chroot|^default" > /tmp/dir.list
exec 10</tmp/dir.list
let count=0
 
## check domains in other server and update them.
while read LINE <&10; do
    ## update second webserver if domain exist there (just in case)
    if  `ssh $webserver2 "ls /var/www/vhosts/$LINE/httpdocs/ > /dev/null 2>&1"` ; then
        `rsync -az --delete -e ssh /var/www/vhosts/$LINE/httpdocs/ $webserver2:/var/www/vhosts/$LINE/httpdocs/`
    fi
 
    ((count++))
done
exec 10>&-
This is a preview of Script to sync files between web severs having plesk. Read the full post (307 words, estimated 1:14 mins reading time)

March 10th, 2009 | Posted in General, Web Server | 7 Comments

How to Install, setup and config HAProxy loadbalancer for content switching

First here is the guide I have written to install and configure HAproxy. Next, Sometimes we have different servers with different contents, such as one set of servers with all static contents (html, image files) of a website while another set of servers have dynamic contents (cgi, perl, php scripts) This type of config is beneficial in some situations where you want to serve your static data directly from CDN for faster response and dynamic contents from your own servers.

This is a preview of How to Install, setup and config HAProxy loadbalancer for content switching. Read the full post (399 words, estimated 1:36 mins reading time)

August 27th, 2008 | Posted in AWS, Load Balancer, Web Server | 6 Comments

« Previous Entries
Next Entries »
Get Adobe Flash playerPlugin by wpburn.com wordpress themes