Thursday, February 24, 2011

How to Configure Two Tomcat instance in Linux

Download Java SE Development Kit. http://java.sun.com/javase/downloads/index.jsp.

# mkdir -p /opt/test
# cd /opt/test
# chmod 755 jdk-6u10-linux-x64.bin
# sh /opt/test/jdk-6u10-linux-x64.bin

# export JAVA_HOME=/opt/test/jdk1.6.0_10/bin
# export PATH=$JAVA_HOME/bin:$PATH

now check java version-
# java -version

Install Tomcat6
Download tomcat6 from the http://tomcat.apache.org/download-60.cgi
extract in /tmp folder.

Download httpd-2.64.tar.gz
now extract in /opt/test directory

Apache compile process-: Compile process we need GCC and lib file must be require
# yum install gcc*
# yum install lib
# cd /test/httpd-2.64
#./configure -prefix=/opt/httpd-2.64
# make
# make install
# cd /opt/test/httpd-2.64
# cd /bin
# apachectl start

Set permanent variable -: In Linux we can set up path

#vim /root/.bashrc
JAVA_HOME=/opt/test/jdk-1.6.0/
export JAVA_HOME
PATH=$JAVA_HOME/bin/;$PATH


We can set new installation JDK java path
#alternative --config Java

Install Tomcat6 and configuration-:

#cp apache-tomcat-6.0.20/opt/test/tomcat-1

Set CATALINA_HOME environment
CATALINA_HOME=/opt/test/tomcat-1

#cd /opt/test/tomcat-1/bin
# sh startup.sh

Configure tomcat2 instance

#cp apache-tomcat-6.0.20/opt/test/tomcat-2

Set CATALINA_HOME environment
CATALINA_HOME=/opt/test/tomcat-2

#cd /opt/test/tomcat-2/bin


Now check first jvm tomcat instance is working or not
http://localhost:8080

Configuring Tomcat Network Ports-:
Since this is the first tomcat that's being created here,the default port numbers can be unchanged in tomcat1
#vim /opt/test/tomcat1/conf/server.xml


connectionTimeout="20000"
redirectPort="8443" />



Second Tomcat we need to be changed
# vim /opt/test/tomcat2/conf/server.xml




connectionTimeout="20000"
redirectPort="8444" />



Install tomcat-connector-1.2.30-src.tar.gz
Unzip directory
tomcat-connector-1.2.30-src

Compile tomcat-connector
# cd /tomcat-connector-1.2.30-src
# cd native
# ./configure -with-apxs=/opt/test/httpd-2.64/bin/apxs
# make
# make install

Now we can find mod_jk.so file will be put on /opt/test/httpd-2.64/modules/

# chmod 755 /opt/test/httpd-2.64/modules/mod_jk.so

Now create workers.properties
# cd /opt/test/httpd-2.64/conf/
# touch workers.properties
Add the following lines

Define list of workers that will be used
# for mapping requests
worker.list=loadbalancer,status

# Define Node1
# modify the host as your host IP or DNS name.
worker.node1.port=8005
worker.node1.type=ajp13
worker.node1.lbfactor=1
worker.node1.cachesize=10

# Define Node2
# modify the host as your host IP or DNS name.
worker.node2.port=8006

worker.node2.type=ajp13
worker.node2.lbfactor=1
worker.node2.cachesize=10

# Load-balancing behavior
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=node1,node2
worker.loadbalancer.sticky_session=1
#worker.list=loadbalancer

# Status worker for managing load balancer
worker.status.type=status

Edit httpd.conf file-:
# /opt/test/httpd-2.64/conf/
# vim httpd.conf
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkMount /* myworker


Start the httpd server
#/bin/apachctl start

start both Tomcat server
#/bin/startup.sh

Monday, February 21, 2011

Configure Squid with Dansguardian

Scenario-:
1. Configure squid Server
2. Configure Dan guardian
3. Configure Iptables
4. Configure Proxy server as a router.

Our purpose of proxy server is to sharing internet connection for web browsing performance & configures Dan guardian for content and site blocking.

A. Allow Internal to all user with restricted web site and content.
B. Allow limited user can access all site
C. Publish local server as a web server in different-different port.
D. All user can send receive mail from the Outlook but they can’t access restricted site.
E. Allow vnc, Sql server and Remote Desktop Connection access form to internet to External Network.
F. Allow company’s website access to all users




Process-:


External LAN Card- eth0 (10.10.10.1)
Internal LAN Card- eth1(192.168.10.1)

1. Configure and install Squid Server-:

# yum install squid*

Cp /etc/squid/squid.conf /etc/squid/squid.conf.bkp

Vim /etc/squid/squid.conf

visible hostname vsnl.com
http_port 3128

# Restrict Web access by IP address

Acl special_client src “/etc/squid/special_client_ip_txt” # allow all site access users ‘s ip list
Acl our_networks src 192.168.10.0/24 # allow network
Acl bed url_regex “ /etc/squid/squid/squid-block.acl” # list of block site ‘s name
http_access allow bed special_client # allow access all site to special client list
http_access deny bed our_networks # allow limited access
http_access allow our_networks # allow access to network

vim /etc/squid/special_client_ip_txt
192.168.10.126
192.168.10.200
192.168.10.251
vim /etc/squid/squid_block_acl
orkut.com
yahoo.com
gmial.com

Service squid start
# Service squid stop
# Service squid restart


Install and Configure Dansguardain -:
Yum install dans*

Cp /etc/dansguardain/dansguardian.conf /etc/dansguardain/dansguardian.conf.bkp

Vim /etc/dansguardian/dansguardain.conf

Filter ip = 192.168.10.1
Filter port = 8080
Proxy ip = 127.0.0.1
Proxy port = 3128

Vim /etc/dansguardian/list/bandsitelist
Gmail.com # list of block site
Yahoo.com
Facebook.com
Orkut.com
Vim /etc/dansguardain/list/bannedregexpurllist

# Hard core phase ( for content blocking)

Orkut|youtube|sport|gmail|facebook|orkut|sex|video|virus|audio

Vim /etc/dansguardian/lists/exceptionsitelist
# following site will not be filter by dansguardain. Allow for all users.

www.online-linux.blogspot.com
www.xyz.com

vim/etc/dansguardian/exceptioniplist

# list of ip allow all fitler site.

192.168.10.126
192.168.10.200
192.168.10.251

Configure Iptables-:
# masquerade local lan(eth1)
# redirect all request 80 to 8080 from eth1(local lan)
# publish local website
# allow 80 and 8080 port
$ iptables –t nat –A POSTROUTING –I eth1 –j MASQUERADE
$ iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j REDIRECT --to-port 8080
$ iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 3128 -j REDIRECT --to-port 8080
$ iptables -t nat -A PREROUTING -p tcp -d 10.10.10.1 --dport 8090 -j DNAT --to-destination 192.168.10.10:8090
$ iptables –I INPUT –s 192.168.10.0/24 –p tcp –-dport 80 –J ACCEPT
$ iptables –I INPUT –s 192.168.10.0/24 –p tcp –dport 8080 –J ACCEPT





Client Site-

Lan setting- 192.168.100.1:8080