Editing
NetHere
(section)
Jump to navigation
Jump to search
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
=== Webservers === OS: FreeBSD 4.11-RELEASE-p10 #23 ==== General ==== <pre> unixweb-1 through 8 All have the same configuration except for the following exceptions: unixweb-4: ZN Front Page server (depreciated) unixweb-5: ZN Front Page, Miva Merchant server unixweb-6: SI shared counter server (for SI sites): /www/lucy.inetworld.net/htdocs/cgi-bin/Count.cgi Server Software Installed Apache # httpd -v Server version: Apache/2.0.55 Server built: Apr 5 2006 17:04:01 PHP # /usr/local/bin/php4 -v PHP 4.4.2 (cgi-fcgi) (built: Mar 2 2006 09:31:57) Miva Merchant (unixweb-5) MySQL # mysqladmin version -u root -p Server version 4.0.25 Apache configurations are in the following directories: /nethere/conf/apache/conf/nvhosts (name based hosting); naming convention is www.domain.tld /nethere/conf/apache/conf/vhosts (ip based,SSL); naming convention is www.domain.tld (IP information) and www.domain.tld.common (general site information) NetHere specific scripts are located in: /nethere/sbin Checking Server/site status via mod_status apache module: # apachectl stop # /usr/local/etc/rc.d/httpd.sh start-status URL: http://unixweb-#/status (replace # with the unixeweb number) ** NOTE: After viewing status, do the following, otherwise other users can also view status by using .htaccess. # apachectl stop # apachectl startssl </pre> ==== Provisioning ==== Provisioning new sites: *** All website provisioning is done via NH script (webadd) on sawfish (admin-1.nethere.net) *** # /nethere/sbin/webadd -h for usage Note: We've discontinued new website provisioning on all servers except for unixweb-6, unless otherwise noted for domain ==== FTP Password Adjustment ==== ===== Unix Server ===== To change an FTP password: On the customers server as root do passwd <username> (The password prompt will not echo entry) ===== Windows Server ===== To change an FTP password: <pre> Find the users login (ie aa5014) in the provisioning tool. Use Remote Desktop to get into the server. On Desktop find FTP application Icon. Use that tool to update the user's password. </pre> ==== Domain Aliasing ==== For domain aliasing: 1) Edit the /named/named.master on phoenix (ns1.nethere.net) a) Checkout the file; open with vi # co -l named.master # vi named.master b) find the domain that's serving as the master domain, then, following the general format of the file to add the domain aliases under the master domain entry, using the master domain zone file i.e. --cut-- zone "domain.tld" { type master; file "master/domain.tld"; }; zone "aliased_domain.tld" { type master; file "master/master_domain.tld"; }; --cut-- c) save the file, then check-in: # ci -u named.master < /dev/null d) update the zone records, using the makefile in /named; check for errors # make new-zone # tail /var/log/named **Note: some domains are IP based virtually hosted (i.e. SSL certificate). This requires a modification to the standard aliasing procedure. If this is the case, do the following e) Create a new zone file called "domain.tld-alias" in /named/master, copy current domain.tld zone file to the domain.tld-alias file, and adjust the "website" records, removing whatever IP based information is there, and replacing with the appropriate $INCLUDE name-based host template. e.g. tropicalshade.net: --cut-- ;; ntweb-4 @ IN A 66.63.136.4 www IN A 66.63.136.4 --cut-- tropicalshade.net-alias --cut-- ;; website $INCLUDE master/nvhost.ntweb-4 --cut-- f) Adjust the named.master zone file in /named accordingly: i.e. --cut-- zone "aliased_domain.tld" { type master; file "master/master_domain.tld-alias"; }; --cut-- 2) Edit the Apache configuration for the domain on the web server the master domain is hosted on a) Script is /nethere/sbin/webalias # /nethere/sbin/webalias -h (for usage) e.g. # /nethere/sbin/webalias -d www.originaldomain.tld -a www.domainalias.tld ==== CGI Scripting ==== For security, we've implemented suexec on all sites. All CGI *must* be placed in the cgi-bin/ (and/or cgibin/ directory for unixweb-4, 5) directory CGI permissions break down as follows: Ownership: user=username, group=webuser Permission: cgi-bin/ = 755; files = 755 suexec errors can be found here: /www/default/logs/suexec_log cgi errors for a domain can be found in the main apache error logs for the domain: /www/www.domain.tld/logs/error_log More information on CGI scripting can be found here: http://httpd.apache.org/docs/1.3/howto/cgi.html ==== Formmail Provisioning ==== Formmail is provisioned via NH script (newformmail) on server domain is hosted on. # /nethere/sbin/newformmail -h for usage Usage: newformmail [-h] [-d domain] [-i ip_address] [-e "email1 email2"] ==== Disabling a site ==== To disable/enable a website, there is a script (webstatus) located on each webserver: /nethere/sbin/webstatus -h for usage 1) Disable: # /nethere/sbin/webstatus -r -d -s www.domain.tld 2) Enable: # /nethere/sbin/webstatus -r -e -s www.domain.tld ==== Stats Provisioning ==== We utilize webalizer for statistics. Stats are provisioned via NH scripts on server domain is hosted on. 1) Provision stats for the domain (webaddstats_unix): # /nethere/sbin/webaddstats_unix -d www.domain.tld 2) Run stats for the domain (runstats_unix): # /nethere/sbin/runstats_unix www.domain.tld More information on Webalizer can be found here: http://www.mrunix.net/webalizer README: ftp://ftp.mrunix.net/pub/webalizer/README ==== Removing a site ==== 1) Site removal is primarily done via a NH script (webdel) on the webserver the domain is hosted on: # /nethere/sbin/webdel -h for usage # /nethere/sbin/webdel -r -d www.tldomain.com 2) Update DNS accordingly (ns1.nethere.net) a) Checkout /named/named.master # co -l named.master b) Remove line containing domain c) Checkin /named/named.master # ci -u named.master < /dev/null d) Update zones # make new-zone e) Move zone files from /named/master to /named/archive # mv domain ==== starter removal ==== All starter sites on home-1.nethere.net 1) Removal primarily done via a NH script (webdel_home) on home-1 # nethere/sbin/webdel_home -h for usage i.e. webdel_home -p zn -s startername <== for removing znet ==== Disk Quota increases ==== Quotas are increased by using the "edquota" command: # edquota username Note that quotas are in KB, so a conversion is necessary. Also note that the "soft" quota is 1 MB less than the "hard" quota. The calculations are as follows: "soft" = ( quota(in MB) - 1 ) x 1024 "hard" = quota(in MB) x 1024 e.g. for a 500 MB quota: soft => (500 - 1) x 1024 = 510976 hard => 500 x 1024 = 512000 To check a quota: # quota -v username You can also use the prototype users: # edquota -p quota100 username (100 MB) # edquota -p quota500 username (500 MB) # edquota -p quota1000 username (1000 MB) ==== Granting of shell - Enterprise packages ==== Shell is granted by the "chsh" command. By default, C shell (csh) is used: # chsh -s shell_needed username e.g. # chsh -s csh username *Note: customers must provide us with the static IP address(es) they will be connecting from. The IP address(es) must be added to the configuration on admin-1. 1) Modify the corresponding rules files on admin-1: /dist/files/nhweb/etc/ipf.rules.fxp0 , .em0 (RCS controlled) 2) Push updates to servers # cd /dist/rdist # gmake nhweb # gmake nhweb-update 3) Reload the rules on the corresponding server that needs access to # ipf -Fa -f /etc/ipf.rules ==== SSL certificate installs ==== 1) Whois the site for information on Registrant, email - to be used for SSL generation # whois domain.tld 2) Create SSL self signed certificate, get CSR for customer to sign a) SSL generation is done by script: /nethere/conf/apache/pki/newsslcert.sh b) Copy CSR for customer 3) Create/update Apache configuration files via NH script (webadd_ssl) # /nethere/sbin/webadd_ssl -h for usage a) webadd_ssl [-h] [-d domain] [-s ssl_domain] [-n] # webadd_ssl -d www.domain.tld -s www.domain.tld 4) Update DNS zone with new IP address - done on ns1.nethere.net a) Check out DNS zone file in /named/master # co -l domain.tld b) Adjust A records: --cut-- ;; unixweb-## << enter the unixweb server number for ease of ID @ IN A vhost_ip_address www IN A vhost_ip_address --cut-- c) Check in DNS zone file # ci -u domain.tld < /dev/null d) Reload zone file # rndc reload domain.tld e) check /var/log/named for errors 5) Update DNS PTR record for IP address - done on ns1.nethere.net Note: Assuming IP address a.b.c.d a) Check out in-addr.arpa zone for IP address in /named/master # co -l a.b.c b) Follow format for PTR records --cut-- d IN PTR www.domain.tld. --cut-- c) Check in PTR zone file # ci -u a.b.c < /dev/null d) Reload PTR zone # rndc reload c.b.a.in-addr.arpa e) check /var/log/named for errors ==== Updating SSL certificate ==== 1) cd to /nethere/conf/apache/pki/ssl.crt on server site is hosted on 2) Check out (RCS) www.domain.tld.crt file # co -l www.domain.tld.crt 3) Edit the file, remove old certificate, paste in new certificate 4) Check in (RCS) the www.domain.tld.crt file # ci -u www.domain.tld.crt < /dev/null 5) Check, restart Apache # apachectl configtest # apachectl stop # apachectl startssl 6) Verify httpd started: # ps auxw | grep httpd a) If no processes, will need to revert back to old SSL cert, and restart apache. Check logs for errors # view /www/default/logs/ssl_engine.log b) Check for "Unable to configure RSA server private key" and "key values mismatch" entries - this means a bad SSL certificate ==== Password protection ==== Http (simple) password protection is governed by the Apache configuration for the domain 1) Create userdb, users file in the domain root directory (/www/www.domain.tld): # mkdir userdb # cd userdb # htpasswd -bc users username password 2) Check out Apache config for www.domain.tld in /nethere/conf/apache/conf/<vhosts,nvhosts> # co -l www.domain.tld(.common) 3) Edit Apache configuration, add the following lines within the VirtualHost container --cut-- <Directory "/www/www.domain.tld/dir_to_be_protected"> AuthType Basic AuthName "www.domain.tld/dir_to_be_protected authentication" AuthUserFile /www/www.domain.tld/userdb/users <Limit GET POST> require valid-user </Limit> </Directory> --cut-- 4) Check in Apache config # ci -u www.domain.tld(.common) < /dev/null 5) Restart Apache # apachectl configtest # apachectl restart More on http (simple) password protection can be found here: http://httpd.apache.org/docs/1.3/howto/auth.html#basic ==== .htaccess ==== Used if customers want control of certain Apache directives (i.e. Authentication, etc.) 1) Check out Apache config for www.domain.tld in /nethere/conf/apache/conf/<vhosts,nvhosts> # co -l www.domain.tld(.common) 2) Add the AllowOverride directive in the <Directory> section, under the PHP FCGIWrapper i.e. <Directory "/www/www.domain.tld/htdocs"> FCGIWrapper /www/www.domain.tld/htdocs/cgi-bin/php4 .php AllowOverride AuthConfig FileInfo Indexes Limit </Directory> 3) Check in Apache config # ci -u www.domain.tld(.common) < /dev/null 4) Restart Apache # apachectl configtest # apachectl restart More info on Allow Override can be found here: http://httpd.apache.org/docs/1.3/mod/core.html#allowoverride ==== Domain re-provisioning ==== ## NOTE: Following is for domain being provisioned on same server (i.e. just being renamed) 1) Adjust DNS - ns1.nethere.net a) Rename the DNS zone file to the new domain, remove the old DNS zone files from /named/master and /named/master/RCS b) Check in the new DNS zone file c) Edit /named/named.master - replace the old domain with the new one, alias as necessary d) Reload DNS zones - make new-zone in /named 2) Adjust Apache config - server domain is hosted on a) Find current config file(s) in /nethere/conf/apache/conf/<vhosts,nvhosts> b) Replace old domain name entries with new domain name, alias as necessary c) Save as new_domain.tld d) Remove old_domain.tld(.common), RCS/old_domain.tld(.common) e) Check in new_domain.tld via RCS: # ci -u new_domain.tld < /dev/null f) Check out Apache include configuration file via RCS /nethere/conf/apache/conf/<nvhosts.conf,vhosts.conf> g) Edit nvhosts.conf or vhosts.conf, replace old_domain.tld entries with new_domain.tld h) Check in via RCS /nethere/conf/apche/conf/<nvhosts.conf,vhosts.conf> 3) Rename directory for new domain # cd /www # mv www.old_domain.tld www.new_domain.tld 4) Adjust PHP stub files/configuration a) Adjust php.ini file in /www/www.domain.tld/(php4,php5) b) Adjust PHP stub files in /www/www.domain.tld/htdocs/cgi-bin/(php4,php5) *note: need to chflags to "noschg" for /www/www.domain.tld/htdocs/cgi-bin/(php4,php5) before being able to update the stub files after adjusting, be sure to chflags schg /www/www.domain.tld/htdocs/cgi-bin/(php4,php5) 5) Edit password file (vipw), replace old_domain.tld entries with new_domain.tld # vipw 6) Restart Apache # apachectl configtest # apachectl restart ## NOTE: Following is for domain being re-provisioned on new server 1) Run NH script "webadd" on sawfish to provision domain on new server, *DO NOT* reload DNS, use same user/pass as before. 2) After customer has uploaded site to new server and gives the ok do the following: a) Update DNS zone for domain.tld; reload zone for domain.tld b) Wait 48 hours, then remove the site off the old server # /nethere/sbin/webdel ==== FTP space provisioning ==== Generally FTP sites are provisioned on the server that hosts the main website. In the case of NT based FTP sites, we usually provision them on the server with the most space available. 1) Provision site on server a) Done via NH script (webadd_ftp): webadd_ftp [-h] [-d domain] [-u username] [-p password] [-n] # /nethere/sbin/webadd_ftp -h <- for usage EX: for ftp.domain.tld: # /nethere/sbin/webadd_ftp -d ftp.domain.tld -u username -p password (leaving off the -n will restart the proftpd process) b) Note: The host IP address will be given when the provisioning is completed, use that ip (a.b.c.d) for DNS entries c) Note: If this is an existing customer on the server, you'll need to increase the quota manually by 100 MB for the customer, see the section on quota increases for more info. 2) Adjust DNS for domain on ns1.nethere.net a) Checkout zone for domain b) Add ftp host entry for domain, adjust serial EX for domain.tld: --cut-- ftp IN A a.b.c.d --cut-- c) Check in zone for domain d) Reload zone # rndc reload domain.tld 3) Adjust PTR record for domain, adjust serial a) Checkout zone for a.b.c b) Add record for domnain: --cut-- d IN PTR ftp.domain.tld. --cut-- c) Check in zone for a.b.c d) Reload zone # rndc reload c.b.a.in-addr.arpa 4) Check for DNS errors a) tail /var/log/namedb ==== SiteBuilder provisioning ==== unixweb-7.nethere.net *Must re-provision site on unixweb-7.nethere.net (if not already done) 1) Log in to SB admin: http://sitebuilder.nethere.net/admin a) username: root 2) Add site to SB config a) Click on Site Management -> Add regular * Alias is website username: i.e. aa#### * Check the "Active" box * Plan is "BasePlan" * Password same as website b) Click on "Publish Properties * Check "Allow publishing" * Site host name: www.domain.tld * FTP host: unixweb-7.nethere.net * FTP login/password: same as site user/pass * FTP working directory: leave blank c) Click Apply ==== Name Servers ==== OS: FreeBSD ==== General ==== Nethere DNS has been migrated to PowerDNS on ganeti virtuals with a web admin here: https://nhdns.jcihosting.com/ Old instructions follow: ns1.nethere.net - Primary name servers for DNS zone records /named - contains the files that have all DNS domain zone entries (named.master, named.slave, named.acl) plus Makefile for distributing DNS records /named/master - contains all the domain zone files for which we are authorative for, as well as IP address (PTR records) ns2.nethere.net - Secondary (slave) name server for DNS zone records nsrbl-1.nethere.net - RBL (Realtime Blackhole List) DNS server /named/rbldns/cache - contains the files for domains that we specifically allow or deny nscache-1,2 - caching name servers ==== Adding DNS website entries ==== 1) Create a DNS zone file for domain.tld via NH script (zoneadd_vhost) # /nethere/sbin/zoneadd_vhost -h (for usage) ==== Adding DNS IP entries ==== 1) Create the forward and reverse DNS records via NH script (zone_generate) for a netblock, will create /tmp/customer.forward and /tmp/customer.reverse files to be read a) /nethere/sbin/zone_generate -h for usage i.e. for netblock a.b.c, starting IP d, ending IP z # zone_generate -n a.b.c -b d -e z -p customer 2) Checkout, edit the IP in-addr.arpa zone file, reload the zone a) # co -l a.b.c b) Seach for the nearest netblock area for the domain, follow format for customer info, read in the /tmp/abbrev.rdns file accordingly, increase Serial for zone in YYYYMMDD## format e.g. --cut-- ;;;; ;; 66.63.152.232/30 (255.255.255.252) ;; Description: First Choice Home Improvement ;; Contact: Shannon Hill <firstchoicehi@hotmail.com>, (858) 277-5351 ;; Location: AR-1, Serial3/0/18:0 ;;;; 232 IN PTR firstchoice-net.access.nethere.net. 233 IN PTR firstchoice-gw.access.nethere.net. 234 IN PTR firstchoice-2.access.nethere.net. 235 IN PTR firstchoice-bcast.access.nethere.net. --cut-- c) # ci -u a.b.c < /dev/null d) # rndc reload c.b.a.in-addr.arpa e) verify loading of zone: # tail /var/log/named 3) Checkout, edit the forward DNS zone file, reload the zone a) # co -l access.nethere.net b) Search for the nearest neblock area for the domain, follow format for customer, read in the /tmp/abbrev.fdns file accordingly, increase Serial for zone in YYYYMMDD## format e.g. --cut-- ;; 66.63.152.232/30 (255.255.255.252) firstchoice-net IN A 66.63.152.232 firstchoice-gw IN A 66.63.152.233 firstchoice-2 IN A 66.63.152.234 firstchoice-bcast IN A 66.63.152.235 --cut-- c) # ci -u access.nethere.net < /dev/null d) # rndc reload access.nethere.net e) verify loading of zone: # tail /var/log/named ==== Unblocking RBLd IP addresses ==== There are two primary reasons why we add customers to the allow relay list: a) They have a static IP address (i.e. DSL, T1) and wish to use our mail servers b) They've been blocked by one of our subscribed blackhole lists, however, have patched their machine and are no longer open to relay. To do this on nsrbl-1.nethere.net: 1) Checkout the allow.relays.nethere.net file located in /named/rbldns/cache 2) Edit the file, and add the IP address in the following format: --cut-- a.b.c.d YYYYMMDD hostname reason for listing --cut-- You can also add subnets via '/' notation for relay --cut-- a.b.c.d/28 YYYYMMDD hostname reason for listing --cut-- 3) Check in the file 4) Updates to the rbldns zone are done automatically on the hour, every hour, so no need to do anything else. Note: For "permanent" (i.e. customer static IP addresses), add the IP address in the "## permanent allowed relay (i.e. customer w/ static IP)" section For "temporary" (i.e. blackhole listed IP addresses), add the IP address in the "## temporary" section Also, for temporary IP addresses, we need to send the note to the requester detailing the following: a) If the IP address relays Spam/UCE/Viruses through us, it is to be removed permanently. b) The customer must follow the steps listed on the blackhole list the IP was listed on to get removed. ==== Flushing DNS cache for a domain ==== Due usually to a bad zone or excessively long TTL for a domain, the cache for it will need to be flushed. On nscache-1: # /usr/local/sbin/rndc flushname domain.tld If cache is still corrupted (i.e. zone lookups either fail or are incorrect), need to stop and restart the caching server: # /etc/init.d/local.named stop # /etc/init.d/local.named start ==== SiteBuilder ==== http://sitebuilder.nethere.net/ -URL used to test sitebuilder http://sitebuilder.nethere.net/Login -URL for control panel. <p>This is where the customer also logs in to manage their web site and also where you log in to administer sitebuilder. Sitebuilder is hosted on sb-2.nethere.net. The site is designed/built on this server and published to unixweb-7.nethere.net. This is the only server that can host a sitebuilder web site. The admin log in to manage sitebuilder is: Username: admin Password: N3tH3r31! ==== Cart32 ==== cart32 information: Cart32 is hosted on ntweb-6.nethere.net. That is where all of the configuration files are located. The location of the ini file is D:\websites\Cart32cgi/cart32.ini. This is where ip restrictions to admin panel are set, password can be reset for admin, time limit restriction reset, etc. There are four customers that still use cart32: <pre> https://www.cart.simplyweb.net/lab400/cart/c32web.exe https://www.cart.simplyweb.net/nutragenics/cart/c32web.exe https://www.cart.simplyweb.net/retrogen/cart/c32web.exe https://www.cart.simplyweb.net/stonesculptorssupplies/cart/c32web.exe </pre> The client codes are lab400, nutragenics, retrogen, and stonesculptorssupplies. You can reset their passwords through the admin panel. To administer cart32: Control Panel: https://www.cart.simplyweb.net/cart/c32web.exe/Admin Username: administrator Password: N3tH3r31! Cart Admin Password: N3tH3r31!
Summary:
Please note that all contributions to JCWiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
JCWiki:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Navigation menu
Personal tools
Not logged in
Talk
Contributions
Create account
Log in
Namespaces
Page
Discussion
English
Views
Read
Edit
View history
More
Search
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Tools
What links here
Related changes
Special pages
Page information