| LIC topology: IBM PCs |
|---|
- introduction
- hardware and network
- OS
- applications
- packages
- /etc/network/interfaces
- /etc/udev/rules.d/70-persistent-net.rules
- /etc/resolv.conf
- /etc/hosts
- /etc/iptables.up.rules
- /etc/network/if-pre-up.d/iptables
- /etc/apt/sources.list
- /etc/apt/apt.conf.d/10periodic
- /etc/bind/named.conf.options
- /etc/nut/ups.conf
- /etc/nut/upsd.conf
- /etc/nut/upsd.users
- /etc/nut/upsmon.conf
- /etc/apache2/sites-available/test.planetlarg.com
- /etc/apache2/sites-available/admin.planetlarg.com
- /etc/apache2/sites-available/web01.planetlarg.com
- /var/spool/cron/crontabs/root
introduction
The computer xcl01 pretends to be the Internet. This is connected to the internet firewalls so I can test them by thrashing the nuts off them. Things specific to this host are listed below. The list is grouped by infrastructure layer.
Every host name in the LIC has five characters like this one.
| LIC topology: build the PC xcl01 | ||
|---|---|---|
| the home network | to the LIC | cables |
hardware
I buy PC things. Specifically, a Dell OptiPlex GX260. Wikipedia (http://en.wikipedia.org/wiki/Dell_OptiPlex) has this summary.
- Model: GX260
- Chipset: Intel 845G
- CPU: Pentium 4 or Celeron
- FSB: 400/533 MHz
- RAM type: DDR 200/266
- RAM speed: PC2700
- Chassis: SFF, SD, SMT
- Comments: PATA only, no SATA Socket 478
- USB: USB 2.0 x6
xcl01:~# lshw
xcl01
description: Mini Tower Computer
product: OptiPlex GX260
vendor: Dell Computer Corporation
serial: DCT5H0J
width: 32 bits
capabilities: smbios-2.3 dmi-2.3 smp-1.4 smp
configuration: administrator_password=enabled boot=normal chassis=mini-tower cpus=1 power-on_password=enabled uuid=44454C4C-4300-1054-8035-C4C04F48304A
*-core
description: Motherboard
vendor: Dell Computer Corp.
physical id: 0
serial: .. .
*-firmware
description: BIOS
vendor: Dell Computer Corporation
physical id: 0
version: A09 (11/01/2004)
size: 64KiB
capacity: 448KiB
capabilities: isa pci pnp apm upgrade shadowing escd cdboot bootselect edd int13floppytoshiba int5printscreen int9keyboard int14serial int17printer acpi usb agp ls120boot biosbootspecification netboot
*-cpu
description: CPU
product: Intel(R) Pentium(R) 4 CPU 1.80GHz
vendor: Intel Corp.
physical id: 400
bus info: cpu@0
version: 15.2.4
slot: Microprocessor
size: 1800MHz
capacity: 3060MHz
width: 32 bits
clock: 400MHz
capabilities: boot fpu fpu_exception wp vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm up pebs bts
configuration: id=0
*-cache:0
description: L1 cache
physical id: 700
size: 8KiB
capacity: 16KiB
capabilities: internal write-back data
*-cache:1
description: L2 cache
physical id: 701
size: 512KiB
capacity: 512KiB
capabilities: internal varies unified
*-memory
description: System Memory
physical id: 1000
slot: System board or motherboard
size: 1GiB
capacity: 1GiB
*-bank:0
description: DIMM SDRAM Synchronous 266 MHz (3.8 ns)
physical id: 0
slot: DIMM_A
size: 1GiB
width: 64 bits
clock: 266MHz (3.8ns)
*-bank:1
description: DIMM SDRAM Synchronous 266 MHz (3.8 ns) [empty]
physical id: 1
slot: DIMM_B
width: 64 bits
clock: 266MHz (3.8ns)
*-pci
description: Host bridge
product: 82845G/GL[Brookdale-G]/GE/PE DRAM Controller/Host-Hub Interface
vendor: Intel Corporation
physical id: 100
bus info: pci@0000:00:00.0
version: 01
width: 32 bits
clock: 33MHz
configuration: driver=agpgart-intel
resources: irq:0 memory:f0000000-f7ffffff(prefetchable)
*-display
description: VGA compatible controller
product: 82845G/GL[Brookdale-G]/GE Chipset Integrated Graphics Device
vendor: Intel Corporation
physical id: 2
bus info: pci@0000:00:02.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: pm vga_controller bus_master cap_list rom
configuration: driver=i915 latency=0
resources: irq:16 memory:e8000000-efffffff(prefetchable) memory:ff680000-ff6fffff
*-usb:0
description: USB Controller
product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #1
vendor: Intel Corporation
physical id: 1d
bus info: pci@0000:00:1d.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0
resources: irq:16 ioport:ff80(size=32)
*-usb:1
description: USB Controller
product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #2
vendor: Intel Corporation
physical id: 1d.1
bus info: pci@0000:00:1d.1
version: 01
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0
resources: irq:19 ioport:ff60(size=32)
*-usb:2
description: USB Controller
product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) USB UHCI Controller #3
vendor: Intel Corporation
physical id: 1d.2
bus info: pci@0000:00:1d.2
version: 01
width: 32 bits
clock: 33MHz
capabilities: uhci bus_master
configuration: driver=uhci_hcd latency=0
resources: irq:18 ioport:ff40(size=32)
*-usb:3
description: USB Controller
product: 82801DB/DBM (ICH4/ICH4-M) USB2 EHCI Controller
vendor: Intel Corporation
physical id: 1d.7
bus info: pci@0000:00:1d.7
version: 01
width: 32 bits
clock: 33MHz
capabilities: pm debug ehci bus_master cap_list
configuration: driver=ehci_hcd latency=0
resources: irq:23 memory:ffa00800-ffa00bff
*-pci
description: PCI bridge
product: 82801 PCI Bridge
vendor: Intel Corporation
physical id: 1e
bus info: pci@0000:00:1e.0
version: 81
width: 32 bits
clock: 33MHz
capabilities: pci normal_decode bus_master
resources: ioport:e000(size=4096) memory:ff800000-ff9fffff memory:40000000-400fffff(prefetchable)
*-network:0
description: Ethernet interface
product: RTL-8169 Gigabit Ethernet
vendor: Realtek Semiconductor Co., Ltd.
physical id: 8
bus info: pci@0000:01:08.0
logical name: eth1
version: 10
serial: 00:e0:4c:b4:33:b8
size: 10MB/s
capacity: 1GB/s
width: 32 bits
clock: 66MHz
capabilities: pm bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half latency=64 link=no maxlatency=64 mingnt=32 multicast=yes port=MII slave=yes speed=10MB/s
resources: irq:17 ioport:ec00(size=256) memory:ff8ffc00-ff8ffcff memory:40000000-4001ffff(prefetchable)
*-network:1
description: Ethernet interface
product: RTL-8169 Gigabit Ethernet
vendor: Realtek Semiconductor Co., Ltd.
physical id: 9
bus info: pci@0000:01:09.0
logical name: eth2
version: 10
serial: 00:e0:4c:b4:33:b8
size: 10MB/s
capacity: 1GB/s
width: 32 bits
clock: 66MHz
capabilities: pm bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half latency=64 link=no maxlatency=64 mingnt=32 multicast=yes port=MII slave=yes speed=10MB/s
resources: irq:18 ioport:e800(size=256) memory:ff8ff800-ff8ff8ff memory:40020000-4003ffff(prefetchable)
*-network:2
description: Ethernet interface
product: RTL-8169 Gigabit Ethernet
vendor: Realtek Semiconductor Co., Ltd.
physical id: a
bus info: pci@0000:01:0a.0
logical name: eth3
version: 10
serial: 00:e0:4c:89:33:0c
size: 10MB/s
capacity: 1GB/s
width: 32 bits
clock: 66MHz
capabilities: pm bus_master cap_list rom ethernet physical tp mii 10bt 10bt-fd 100bt 100bt-fd 1000bt 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=r8169 driverversion=2.3LK-NAPI duplex=half ip=200.0.0.65 latency=64 link=no maxlatency=64 mingnt=32 multicast=yes port=MII speed=10MB/s
resources: irq:19 ioport:e400(size=256) memory:ff8ff400-ff8ff4ff memory:40040000-4005ffff(prefetchable)
*-network:3
description: Ethernet interface
product: 82540EM Gigabit Ethernet Controller
vendor: Intel Corporation
physical id: c
bus info: pci@0000:01:0c.0
logical name: eth0
version: 02
serial: 00:08:74:0f:0a:5e
size: 1GB/s
capacity: 1GB/s
width: 32 bits
clock: 66MHz
capabilities: pm pcix msi bus_master cap_list ethernet physical tp 10bt 10bt-fd 100bt 100bt-fd 1000bt-fd autonegotiation
configuration: autonegotiation=on broadcast=yes driver=e1000 driverversion=7.3.21-k5-NAPI duplex=full firmware=N/A ip=10.0.1.10 latency=64 link=yes mingnt=255 multicast=yes port=twisted pair speed=1GB/s
resources: irq:18 memory:ff8c0000-ff8dffff ioport:e0c0(size=64)
*-isa
description: ISA bridge
product: 82801DB/DBL (ICH4/ICH4-L) LPC Interface Bridge
vendor: Intel Corporation
physical id: 1f
bus info: pci@0000:00:1f.0
version: 01
width: 32 bits
clock: 33MHz
capabilities: isa bus_master
configuration: latency=0
*-ide
description: IDE interface
product: 82801DB (ICH4) IDE Controller
vendor: Intel Corporation
physical id: 1f.1
bus info: pci@0000:00:1f.1
logical name: scsi0
logical name: scsi1
version: 01
width: 32 bits
clock: 33MHz
capabilities: ide bus_master emulated
configuration: driver=ata_piix latency=0
resources: irq:18 ioport:1f0(size=8) ioport:3f6 ioport:170(size=8) ioport:376 ioport:ffa0(size=16) memory:40100000-401003ff
*-disk
description: ATA Disk
product: MAXTOR 6L020J1
vendor: Maxtor
physical id: 0
bus info: scsi@0:0.0.0
logical name: /dev/sda
version: A93.
serial: 661219820625
size: 19GiB (20GB)
capabilities: partitioned partitioned:dos
configuration: ansiversion=5 signature=fb51107f
*-volume:0
description: EXT3 volume
vendor: Linux
physical id: 1
bus info: scsi@0:0.0.0,1
logical name: /dev/sda1
logical name: /
version: 1.0
serial: d5980325-7d67-43eb-9624-71a6f0f6e8be
size: 18GiB
capacity: 18GiB
capabilities: primary bootable journaled extended_attributes large_files ext3 ext2 initialized
configuration: created=2010-02-27 12:14:44 filesystem=ext3 modified=2011-03-07 21:36:19 mount.fstype=ext3 mount.options=rw,relatime,errors=remount-ro,data=ordered mounted=2011-03-08 08:43:49 state=mounted
*-volume:1
description: Extended partition
physical id: 2
bus info: scsi@0:0.0.0,2
logical name: /dev/sda2
size: 729MiB
capacity: 729MiB
capabilities: primary extended partitioned partitioned:extended
*-logicalvolume
description: Linux swap / Solaris partition
physical id: 5
logical name: /dev/sda5
capacity: 729MiB
capabilities: nofs
*-cdrom
description: SCSI CD-ROM
physical id: 1
bus info: scsi@1:0.0.0
logical name: /dev/cdrom
logical name: /dev/scd0
logical name: /dev/sr0
capabilities: audio
configuration: status=nodisc
*-serial
description: SMBus
product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) SMBus Controller
vendor: Intel Corporation
physical id: 1f.3
bus info: pci@0000:00:1f.3
version: 01
width: 32 bits
clock: 33MHz
configuration: driver=i801_smbus latency=0
resources: irq:17 ioport:dc80(size=32)
*-multimedia
description: Multimedia audio controller
product: 82801DB/DBL/DBM (ICH4/ICH4-L/ICH4-M) AC'97 Audio Controller
vendor: Intel Corporation
physical id: 1f.5
bus info: pci@0000:00:1f.5
version: 01
width: 32 bits
clock: 33MHz
capabilities: pm bus_master cap_list
configuration: driver=Intel ICH latency=0
resources: irq:17 ioport:d800(size=256) ioport:dc40(size=64) memory:ffa00400-ffa005ff memory:ffa00000-ffa000ff
*-network
description: Ethernet interface
physical id: 1
logical name: bond0
serial: 00:e0:4c:b4:33:b8
capabilities: ethernet physical
configuration: broadcast=yes driver=bonding driverversion=3.5.0 firmware=2 ip=200.0.0.1 link=yes master=yes multicast=yes
xcl01:~#
network cables
Four network cables connect xcl01 to the networks. Three different cables lead from xcl01 to the LIC (Larg's Internet Cluster), providing HA and traffic seperation.
Different network cable colours show which one is which.
- One grey cable connects this computer to the Internet, via the home network.
- One red cable carries business traffic to the LIC, via ces01.
- One blue cable carries business traffic to the LIC, via ces02.
- Another grey cable carries administration traffic to the LIC, via ces03.
network interfaces
I buy ethernet things and add NICs (Network Interface Cards) to xcl01.
| LIC table: xcl01 network interfaces | ||||
|---|---|---|---|---|
| computer | interface | description | IP address | netmask |
| xcl01 | eth0 | home network | 192.168.x.x | 255.255.255.0 |
| xcl01 | eth1 | biz01 spine | 200.0.0.2 | 255.255.255.224 |
| xcl01 | eth2 | biz02 spine | 200.0.0.33 | 255.255.255.224 |
| xcl01 | eth3 | adm01 spine | 200.0.0.65 | 255.255.255.224 |
OS
All the IBM PCs (Personal Computers) in the LIC (Larg's Internet Cluster) run the Debian distribution.
applications
Almost all the applications in the LIC (Larg's Internet Cluster) are from the Debian distribution.
packages
I want to remove Gnome NetworkManager on xcl01.
apt-get remove network-manager
I install packages to make testing easier.
apt-get install tcpdump lynx screen
I install packages to provide services.
apt-get install bind9 ifenslave nut ntp openssh-server
/etc/network/interfaces
I add static IP addresses to xcl01.
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
#
# home network
# see http://cluster.planetlarg.com/car-size-cluster-build/prepare-internet-computer/build-home-data-network
#
# The primary network interface
allow-hotplug eth0
iface eth0 inet dhcp
#
# biz01 network
# see http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/internet-dmz-biz01-ip-addresses-1921680021
#
auto eth1
iface eth1 inet static
address 200.0.0.2
netmask 255.255.255.224
#
# biz02 network
# see http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/internet-dmz-biz02-19216840021
#
auto eth2
iface eth2 inet static
address 200.0.0.33
netmask 255.255.255.224
#
# adm01 network
# see http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/internet-dmz-adm01-19216880021
#
auto eth3
iface eth3 inet static
address 200.0.0.65
netmask 255.255.255.224
#
# bonded interface for biz traffic
# For all addresses below here that look like 200.0.x.x, see
# http://cluster.planetlarg.com/car-size-cluster-reference/ip-addresses/nat-ip-addresses-20000x
#
auto bond0
iface bond0 inet static
pre-up modprobe bonding
# hwaddress ether 00:e0:4c:a9:34:42
address 200.0.0.1
netmask 255.255.255.192
up ifenslave bond0 eth1 eth2
down ifenslave -d bond0 eth1 eth2
#
/etc/udev/rules.d/70-persistent-net.rules
I match interfaces with labels on xcl01
# This file was automatically generated by the /lib/udev/write_net_rules
# program run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single line.
#---------#---------#---------#---------#---------#---------#---------#-
# idc@planetlarg.net sep 2010
#
# PCI device 0x8086:0x100e (e1000)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:08:74:0f:0a:5e", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# PCI device 0x8086:0x1229 (e100)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:50:8b:ae:fb:e1", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
# PCI device 0x10b7:0x9200 (3c59x)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:04:75:fb:69:b6", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
# PCI device 0x10b7:0x9200 (3c59x)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:04:75:e9:47:55", ATTR{type}=="1", KERNEL=="eth*", NAME="eth3"
#---------#---------#---------#---------#---------#---------#---------#-
/etc/resolv.conf
domain planetlarg.com search planetlarg.com nameserver 200.0.0.1
/etc/hosts
127.0.0.1 localhost 127.0.1.1 xcl01.planetlarg.com xcl01 # The following lines are desirable for IPv6 capable hosts ::1 localhost ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts # 200.0.0.4 lic-ifw01 200.0.0.35 lic-ifw02 200.0.0.66 lic-ifw03 # 200.0.0.10 web01.planetlarg.com
/etc/iptables.up.rules
I turn xcl01 into an Internet gateway then make the iptables rules permanent.
# Generated by iptables-save v1.4.2 on Tue Oct 12 17:28:02 2010 *filter :INPUT DROP [152:14831] :FORWARD DROP [0:0] :OUTPUT ACCEPT [88144:38078600] -A INPUT -i lo -j ACCEPT -A INPUT -i ! eth0 -m state --state NEW -j ACCEPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 1494 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m multiport --dports 25,11,143,80,465,995,993,443 -j ACCEPT -A FORWARD -i bond0 -o eth0 -j ACCEPT -A FORWARD -i eth0 -o bond0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o eth0 -j ACCEPT -A FORWARD -i eth2 -o eth0 -j ACCEPT -A FORWARD -i eth3 -o eth0 -j ACCEPT -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth3 -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Tue Oct 12 17:28:02 2010 # Generated by iptables-save v1.4.2 on Tue Oct 12 17:28:02 2010 *nat :PREROUTING ACCEPT [1250:97976] :POSTROUTING ACCEPT [371:24890] :OUTPUT ACCEPT [1239:85318] -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.1.2 COMMIT # Completed on Tue Oct 12 17:28:02 2010
/etc/network/if-pre-up.d/iptables
This script is used to make the iptables rules permanent.
#!/bin/bash /sbin/iptables-restore < /etc/iptables.up.rules
/etc/apt/sources.list
The non-free folder is where I get firmware for my ethernet cards.
# # upgrade # see http://www.debian.org/releases/squeeze/i386/release-notes/ch-upgrading.en.html#upgrade-process # deb http://ftp.uk.debian.org/debian/ squeeze main non-free deb-src http://ftp.uk.debian.org/debian/ squeeze main non-free # deb http://security.debian.org/ squeeze/updates main deb-src http://security.debian.org/ squeeze/updates main #
/etc/apt/apt.conf.d/10periodic
I add unattended updates to xcl01.
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "5"; APT::Periodic::Unattended-Upgrade "1";
/etc/bind/named.conf.options
...
forwarders {
192.168.1.1;
};
...
/etc/nut/ups.conf
I add the NUT (Network UPS Tools) application to xcl01.
...
# my config
[xcl01]
driver = apcsmart
port = /dev/ttyS0
desc = "my server"
#
/etc/nut/upsd.conf
I add the NUT (Network UPS Tools) application to xcl01.
... # # my configuration # # LISTEN 127.0.0.1 3493 #
/etc/nut/upsd.users
I add the NUT (Network UPS Tools) application to xcl01.
...
#
# my configuration
#
[admin]
password = mypass
actions = SET
instcmds = ALL
#
[monmaster]
password = Pa55w0rd
upsmon master
#
[monuser]
password = Pa55w0rd2
upsmon slave
#
/etc/nut/upsmon.conf
I add the NUT (Network UPS Tools) application to xcl01.
... # # my configuration # MONITOR xcl01@localhost 1 monmaster Pa55w0rd master # ...
/etc/apache2/sites-available/test.planetlarg.com
<VirtualHost *:80>
# All the sites on xcl01
# config will be...
# http://test.planetlarg.com/
# drupal
# everything is sent to drupal, unless explicitly described below.
# http://test.planetlarg.com/mediawiki/
# mediawiki
# http://test.planetlarg.com/phpmyadmin/
# PHPmyAdmin
# http://test.planetlarg.com/doc/
# A list of all directories in /usr/share/doc/
#
#---------#---------#---------#---------#---------#---------#---------#-
# bog standard
#
# server
ServerAdmin idc@planetlarg.net
ServerName test.planetlarg.com
ServerAlias waf.planetlarg.com
#
# logs
#
ErrorLog /var/log/apache2/error.test.planetlarg.com.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
#
CustomLog /var/log/apache2/access.test.planetlarg.com.log combined
#
# hack to get drupal working
# keeps looking for /var/www/usr/share/drupal6/index.php
#
#DocumentRoot /var/www/
DocumentRoot /usr/share/drupal6
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
#
#---------#---------#---------#---------#---------#---------#---------#-
# content on this host
#
# an ordinary docroot
#
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
#
# a CGI directory
#
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
#
# application info
#
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128 10.0.0.0/8
</Directory>
#
#
# mediawiki
#
# copied from /etc/apache2/conf.d/mediawiki.conf
#
Alias /mediawiki /var/lib/mediawiki
<Directory /var/lib/mediawiki/>
Options +FollowSymLinks
AllowOverride All
order allow,deny
allow from all
</Directory>
# some directories must be protected
<Directory /var/lib/mediawiki/config>
Options -FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/lib/mediawiki/upload>
Options -FollowSymLinks
AllowOverride None
</Directory>
#
# phpmyadmin
#
# see /etc/apache2/conf.d/phpmyadmin.conf
#
# drupal
#
# based on /etc/apache2/conf.d/drupal6.conf
#
Alias /drupal6 /usr/share/drupal6
#
<Directory /usr/share/drupal6/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
order allow,deny
allow from all
#
# drupal clean URLs
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^/(.*)$
RewriteRule ^(.*)$ /index.php?q=$1 [L,QSA]
</Directory>
#
#---------#---------#---------#---------#---------#---------#---------#-
#
</VirtualHost>
/etc/apache2/sites-available/admin.planetlarg.com
# proxy to ifw03 and to the Y-cam IP camera.
#
#---------#---------#---------#---------#---------#---------#---------#-
# description
# Requests and replies are sent back and forth like this.
#
# client --(request)-------> proxy --(edited request)--> web server
# upstream downstream
# client <--(edited reply)-- proxy <-----------(reply)-- web server
#
# URLs for clients include:
# http://admin.planetlarg.com/acng/acng-report.html - LIC apt-cacher NG
# software updates
# http://admin.planetlarg.com/nagios3/ - LIC alerts
# http://admin.planetlarg.com/cacti/ - LIC monitoring
# http://admin.planetlarg.com/cam/ - security camera
#
# Each request and reply is made up of HTTP headers and an HTML body.
# Both must be edited.
# The web server responses are littered with private IP addresses,
# redirects missing the path, and other stuff that will make client
# request fail.
#
# Two modules sort this out.
#
# module: mod_proxy_http
# description: rewrites request and reply headers.
# instructions: http://httpd.apache.org/docs/2.2/mod/mod_proxy.html
#
# module: mod_proxy_html
# description: rewrites the reply body.
# instructions: http://www.apachetutor.org/admin/reverseproxies
# I run Debian Squeeze, which uses mod_proxy_html version 3.0.
# Current version is 3.1, released April 2009.
#
# this config cost me a LONG TIME.
# I tried location, proxy, env vars, all sorts.
# Yesterday I was waving chicken bones at the server, begging it to work.
#
#---------#---------#---------#---------#---------#---------#---------#-
# mod_proxy_html
# global directives
#
# fix a possible windows charset problem
# I used to see this years ago but not any more.
ProxyHTMLCharsetAlias ISO-8859-1 Windows-1252
#
# mod_proxy_html won't do squat without this line.
SetOutputFilter proxy-html
#
# one of the pages has this oldskool meta tag
# <meta http-equiv="refresh" content="0; URL=/form/default">
# change to
# <meta http-equiv="refresh" content="0; URL=/cam/form/default">
# update it using an extended match.
# See an explanatory post from the main man Nick Kew at
# http://www.gossamer-threads.com/lists/apache/users/307238
#
ProxyHTMLExtended On
ProxyHTMLEvents content
#
#
<VirtualHost *:80>
#
#---------#---------#---------#---------#---------#---------#---------#-
# directives for a bog standard name-based virtual server
#
# server
ServerAdmin idc@planetlarg.net
ServerName admin.planetlarg.com
# logs
ErrorLog /var/log/apache2/admin.planetlarg.com-error.log
LogLevel info
# In case of fire, smash hash.
#LogLevel debug
CustomLog /var/log/apache2/admin.planetlarg.com-access.log combined
# content
# this never gets used, but apache will not proxy without it.
DocumentRoot /var/www/
# mod_proxy_http
# The web servers downstream need this to identify which
# name-based virtual server to send a request to.
ProxyPreserveHost On
#
#---------#---------#---------#---------#---------#---------#---------#-
# proxy to Y-cam IP camera
#
# mod_proxy_http
# Rewrite headers
# The ProxyPreserveHost directive above
# means that redirect headers will look like this
# Location: http://admin.planetlarg.com/default.asp
# instead of
# Location: http://10.0.1.11/default.asp
# 10.0.1.11 is the IP address of the Y-cam camera.
#
# The path on the end
# /default.asp
# won't work for clients. It should be
# /cam/default.asp
# It is changed by ProxyPassReverse to
# Location: http://admin.planetlarg.com/cam/default.asp
#
# redirect requests to a downstream server
#ProxyPass /cam/ http://admin.planetlarg.com/
ProxyPass /cam/ http://10.0.1.11/
# Edit replies to upstream clients
ProxyPassReverse /cam/ http://admin.planetlarg.com/
#ProxyPassReverse /cam/ http://10.0.1.11/
#
# mod_proxy_html
# Rewrite the body
#
# Add a little more info in the ErrorLog (see above)
ProxyHTMLLogVerbose On
#
# I saw this in a meta tag.
# This works in combination with ProxyHTMLExtended.
# See the mod_proxy_html global directives above.
# I had a little trouble with multiple replacements,
# so I stuck L on the end of each of these.
# See http://apache.webthing.com/mod_proxy_html30/
ProxyHTMLURLMap /form/ /cam/form/ L
# This was in an href value.
ProxyHTMLURLMap http://10.0.1.11/ /cam/ L
# This was also in an href.
ProxyHTMLURLMap http://admin.planetlarg.com/ /cam/ L
#
#---------#---------#---------#---------#---------#---------#---------#-
# proxy to ifw03
#
# mod_proxy_http
#
# first the special cases
<Proxy /acng>
ProxyPass http://200.0.0.66:3142
ProxyPassReverse http://200.0.0.66:3142
</Proxy>
#
# then everything else
ProxyPreserveHost On
ProxyPass / http://200.0.0.66/
ProxyPassReverse / http://200.0.0.66/
#
# and no security
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#
#---------#---------#---------#---------#---------#---------#---------#-
#
</VirtualHost>
/etc/apache2/sites-available/web01.planetlarg.com
# description
# Requests and replies are sent back and forth like this.
#
# client --(request)-------> proxy --(edited request)--> web server
# upstream downstream
# client <--(edited reply)-- proxy <-----------(reply)-- web server
#
# URLs for clients include:
# http://web01.planetlarg.com/infrastructure/host1 - contains the
# host name
#
# Each request and reply is made up of HTTP headers and an HTML body.
# I am not editing the HTML here.
#
#
#---------#---------#---------#---------#---------#---------#---------#-
# directives for a bog standard name-based virtual server
#
<VirtualHost *:80>
#
# server
ServerAdmin nick@planetlarg.net
ServerName web01.planetlarg.com
# logs
ErrorLog /var/log/apache2/web01.planetlarg.com-error.log
LogLevel info
# In case of fire, smash hash.
#LogLevel debug
CustomLog /var/log/apache2/web01.planetlarg.com-access.log combined
# content
# this never gets used, but apache will not proxy without it.
DocumentRoot /var/www/
# mod_proxy_http
# The web servers downstream need this to identify which
# name-based virtual server to send a request to.
ProxyPreserveHost On
#
#---------#---------#---------#---------#---------#---------#---------#-
# proxy to the web server hosts ics01, ics02 and ics03
#
# mod_proxy_http
#
ProxyPass / http://200.0.0.10/
ProxyPassReverse / http://200.0.0.10/
#
# and no security
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
#
#
#---------#---------#---------#---------#---------#---------#---------#-
</VirtualHost>
/var/spool/cron/crontabs/root
# DO NOT EDIT THIS FILE - edit the master and reinstall. # (/tmp/crontab.0BUEfI/crontab installed on Fri Dec 17 01:37:53 2010) # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $) # m h dom mon dow command 55 23 * * * /sbin/poweroff
