SysAdmin Valley

Here’s some tools that are great for managing Amazon’s EC2 servers.

ElasticFox
ElastDream

I’ve been doing quite a bit of work with the Amazon Cloud and here are a few tools I’ve found useful for managing the Amazon Simple Storage Service (S3).

S3Fox
Simple Access for S3 & AWS
Amazon S3 Filesystem for Windows
S3Sync for Ruby
S3cmd for Perl
S3fs for Linux

Edit:
CloudBerry Explorer for S3

Today I had the new to generate some new certs for a customer.  I wanted to see what I used previously for the values when I generated the CSR (Certificate Signing Request).  To view the details I used the following:

openssl req -noout -text -in server.csr

One of the many sites I run is a ColdFusion site.  Not by choice, but because the developer that created the site was a CF developer.  When I acquired the site, the original developer would just run ColdFusion Server as a standalone web and application server.  For most cases this is fine, but as the site has grown, so has the traffic.  When you think of all the traffic that is going to the ColdFusion application server, not just dynamic CFM file, but lots of static content like images, CSS, and plain HTML files.  There is no reason why we need to put the extra stress on the ColdFusion server, when a simple webserver could handle the static content, and pass all the requests for dynamic content to ColdFusion.

The original setup was just ColdFusion running on port 80 which is the standard port when going to http://www.mydomain.com.  So first I needed to change ColdFusion’s webserver to run on a different port.  To do that you need to edit the jrun.xml file which on most Linux/Unix systems is located in cf_root/runtime/servers/coldfusion/SERVER-INF.  cf_root is the main directory where you installed ColdFusion.  In the jrun.xml file, you are looking for the section that says:

<!-- ================================================================== -->
 <!-- This is the built-in JRun Web Server                               -->
 <!-- ================================================================== -->
 <service name="WebService">
 <attribute name="port">80</attribute>
 <attribute name="interface">*</attribute>
 <attribute name="deactivated">false</attribute>
 <attribute name="activeHandlerThreads">100</attribute>
 <attribute name="minHandlerThreads">1</attribute>
 <attribute name="maxHandlerThreads">1000</attribute>
 <attribute name="mapCheck">0</attribute>
 <attribute name="threadWaitTimeout">300</attribute>
 <attribute name="backlog">500</attribute>
 <attribute name="timeout">300</attribute>
 </service>

Where is says port 80, you want to change that to another port like 8080.  Next we need to configure Nginx.  On most RedHat/CentOS based systems the Nginx config’s are in /etc/nginx and we’re looking for the nginx.conf.  Here is the basic Nginx config to server your website on port 80, then pass all the requests for ColdFusion files to ColdFusion on port 8080.  This config has some of the basic Nginx settings stripped out and just gives you the server section, this also assumes that you have installed ColdFusion in the /usr/local/coldfusionmx7 directory, and /usr/local/coldfusionmx7/wwwroot is where all your content is.

server {
  listen       80;
  server_name  _;
  access_log  /var/log/nginx/host.access.log  main;

  location / {
    root   /usr/local/coldfusionmx7/wwwroot;
    index  index.cfm index.html index.htm;
    proxy_pass          http://127.0.0.1:8080/;
    proxy_redirect      off;
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded_For $proxy_add_x_forwarded_for;         
  }

  location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|
exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ {
    root /usr/local/coldfusionmx7/wwwroot;
  }
}

At this point, all you need to do is restart ColdFusion, you should be able to verify it still works by going to http://www.mydomain.com:8080. Then you can start Nginx, and go to http://www.mydomain.com.

I love bash and scripting!!!  There’s almost nothing you can’t do with a shell script that would take me forever if I had to write an app to do the same.  So here’s another quick tip.  To convert text in a file from uppercase to lowercase use the following:

cat FILENAME | tr “[:upper:]” “[:lower:]“

Or to go from lowercase to uppercase:

cat FILENAME | tr “[:lower:]” “[:upper:]“

Another quick hint.  While working on a server I needed to bring up a whole lot of IP addresses (200 to be exact).  If I really wanted to I could bring them all up like this:

ifconfig eth0:2 1.1.1.2 netmask 255.255.255.0 up
ifconfig eth0:3 1.1.1.3 netmask 255.255.255.0 up
and so on to…..
ifconfig eth0:200 1.1.1.200 netmask 255.255.255.0 up

Well, I’m always looking for an easier way, so I turned to my friend BASH and a tool called SEQ.  SEQ will give you a sequence of numbers.  For example if you just wanted 10 numbers you could do the following:

[matt@localhost ~]$ seq 5
1
2
3
4
5

So for this task I needed to bring up IP addresses from 2 through 254.  Running “seq 2 254″ will give me a sequence from 2 to 254, I need more than just to have a list of numbers, I actually need to use them, so here’s the syntax I used to use the numbers to bring up each of the interfaces

for i in $(seq 2 254)
do
ifconfig eth0:$i 1.1.1.$i netmask 255.255.255.0 up
done

Obviously in the above example, you would substitute the sequence you want to use and the IP subnet you want to use.  Also, this syntax would put 1.1.1.2 on sub-interface eth0:2, 1.1.1.3 on sub-interface eth0:3, etc.

From time to time I need to use Curl to test websites and sometimes I need to make the request come from a different IP address, other than the server’s default IP.  Note, the IP address you use must be active on your server.  To do this, use the following syntax:

curl --interface xxx.xxx.xxx.xxx -s http://www.sysadminvalley.com

Make sure that you substitute xxx.xxx.xxx.xxx with the IP address you want to use.

There are times when you want to make changes to your website and you do not want your visitors to see the site before you have finished deploying and testing the website.  Here is an example using Apache, mod_rewrite and a cookie set by a PHP page.

First, create your maintenance webpage called maintenance.html.  Second, create a file called set_cookie.php with the following contents

<?php
setcookie(“testing”, “testing”, time()+36000);  /* expire in 600 minutes */
?>

Next, create a file called .htaccess in your main web directory with the following contents

RewriteEngine on
RewriteCond %{HTTP_COOKIE} !testing
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REQUEST_URI} !/set_cookie.php$
RewriteCond %{REQUEST_URI} !/logo\.jpg$
RewriteRule ^(.*) /maintenance.html [NC,L]

Lastly, in your web browser, go to http://www.yourdomain.com/set_cookie.php.  From that point on, you will be able to browse your website, but your visitors will be redirected to your maintenance.html webpage

For this you will need the openssl package.  First we want to start by generating a private key.

root@localhost# openssl genrsa -out www.mydomain.com.key 1024
Generating RSA private key, 1024 bit long modulus
………….++++++
………………..++++++
e is 65537 (0×10001)

Then, we need to generate the certificate request and fill in the appropriate information.  Make sure that the “Common Name” matches the domain you want to protect via SSL, so if you domain was www.mydomain.com, use that.  If you wanted to protect mydomain.com (without the www.) then use that.

root@localhost# openssl req -new -key www.mydomain.com.key -out www.mydomain.com.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:
State or Province Name (full name) [Berkshire]:
Locality Name (eg, city) [Newbury]:
Organization Name (eg, company) [My Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:www.mydomain.com
Email Address []:email@mydomain.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Next, generate the self-signed certificate. You can specify the number of days the cert is valid for.

root@localhost# openssl x509 -req -days 365 -in www.mydomain.com.csr -signkey www.mydomain.com.key -out www.mydomain.com.crt
Signature ok
subject=/C=/ST=/L=/O=/CN=www.mydomain.com/emailAddress=email@mydomain.com
Getting Private key

Next, move the certificate and keyfile into apache’s SSL directory.

mv www.mydomain.com.key /etc/httpd/conf/ssl.key/
mv www.mydomain.com.crt /etc/httpd/conf/ssl.crt/

Finally, we configure our SSL virtual host in Apache.  The simplest way to do this is to copy the virtual host for the site you want to make SSL, then add/change the following bits.

<VirtualHost 192.168.1.100:443>
…
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.key/www.mydomain.com.key
SSLCertificateKeyFile /etc/httpd/conf/ssl.crt/www.mydomain.com.crt
…
</VirtualHost>

Here is a quick tip to help doing search and replace in multiple files.    You may need to change to fit your needs.

for file in `ls *.php`
do
sed -e ‘s/Copyright 2008/Copyright 2009/’ “$file” > tmp_file
mv -f tmp_file “$file”
done

What this does is get’s a list of all php files in the current directory, puts them in a loop with a variable called FILE, then does a sed search and replace calling the new file tmp_file and moving the temp file back in place.  If you wanted to do it for all files including in subdirectories, you could substitute:

ls *.php

with:

find ./ -name “*.php”