Load-balancing dedicated server Hosting solution and cheap pricing are two important concepts of a budget-corporate client. LAMP ( Linux, Apache, MySQL, and PHP/Perl/Python ) Load-balancing is a solution which can help moving database web server to secondary server. LAMP is not the same as standard cluster setup. Also, it does not include high-availability features such as fail-over. It shared load and distrbiutes to another server which acts as secondary server which is known to be more cost effective.
Applications and softwares required to setup LAMP clusters are packaged along with linux distributions. Following is an example where two servers run DNS which is the primary server and backup. This is ditributes between 3 web servers and 2 database servers.
The initial stage includes round-robin where DNS is a load-balancing solution which serves web requests for a hostname from different dedicated web servers. In this case, each web server has it’s own Public IP address.
Following is an example where the domain assignd the same hostname to each of three dedicated web servers but the IP addresses are completely different :
;
; Domain database for foo.com
;
domain.com. IN SOA ns1.domain.com. hostmaster.domain.com. (
2006032801 ; serial
10800 ; refresh
3600 ; retry
86400 ; expire
86400 ; default_ttl
)
;
; Name servers
;
domain.com. IN NS ns1.domain.com.
domain.com. IN NS ns2.domain.com.
;
; Web servers
;
www IN A 10.10.10.11
www IN A 10.10.10.12
www IN A 10.10.10.13
In DNS Server received requests from domain.com, one IP address will return for the first time, then a different IP address for the next request. In this case, Web server traffic is distributed among 3 web servers. However, due to DNS cache, resources may vary. This is just an solution to minimize load-balancing setup cost.
Web Server Configurations that is used in a cluster is the same as Apache Web Server Configuration with only one statement that content is the same with sycnhronization. Many use the option which is known as “rsync”.
We suggest you also create a new user account on each dedicated web server and it needs to have write permissions for Web content directory on each web server. Also, create SSH keys for the account and distribue the public keys to /home/syncer/.ssh directory on other 2 web servers. It also allows login without password to the user account and update data at each intervals.
The following rsync updates web content :
#!/bin/bash
rsync -r -a -v -e “ssh -l syncer” –delete /var/www/ webtwo:/var/www/
rsync -r -a -v -e “ssh -l syncer” –delete /var/www/ webthree:/var/www/
When a LAMP Cluster is setup, cookies needs to be checked as Apache stored cookies in /tmp directory. In case, a visitor views a session on Web Servers and if HTTP requests are managed by a different web server, the cookie won’t exist and it won’t function as required. Solution to this is shared cookie directory on Web Servers and should be done before setting up LAMP Clusters.
Another requirement of the setup is to send the data to the database master server and should be distributed between master and slave server.
Now, if we focus on Database servers, MySQL has a feature to maintain database on different servers. It is known as “log replay” which means a log is created on the master server which is read by a slave server and then applied to the database.
In this example, we will assign 2 database servers, one is Database Server 1 and Database Server 2.
In order to setup Master database server, you will need to create a replication account which is the user ID in MySQL which is utilized by slave servers which read the logs.
Following is an example :
GRANT REPLICATION SLAVE, REPLICATION CLIENT ON *.* TO copyslave@”10.10.10.0/255.255.255.0″ IDENTIFIED BY ‘copypass’;
You can also edit MySQL configuration which is located in /etc/my.cnf and then add the following :
# Replication Master Server (default)
# binary logging is required for replication
log-bin ( binary log file – required for applications )
# required unique id
server-id = 1 ( Master Server )
You can view new binary log file in MySQL directory with $HOSTNAME-bin.001. Here, MySQL will create new log files. In order to setup Slave Server, edit /etc/my.cnf and add the following :
# required unique id
server-id = 2
#
# The replication master for this slave – required
# (Master Database Web Server IP)
master-host = 10.1.1.21
#
# Slave Username
# to the master – required
master-user = copy
# Slave Password
# the master – required
master-password = copypass
# Lost Connection Check
master-connect-retry = 15
# binary logs
log-bin
Restart MySQL, slave server will connect to the master server and begin the replication process. At initial stage, it will create master.info file with all settings in the default directory which is /var/lib/mysql
In order to check if the replication is working, log in to the MySQL monitor and run show master status and then show slave status. There you need to check Slave_IO_Running and Slave_MySQL_Running. If both are Yes, then the replication process is working.
In case, the database web server loosed network connectivity, you can stop MySQL on the master as well as slave server, then dump master database and reload the database on the slave server and then start MySQL on master and slave server.
If there are any issues with the master database server, the slave database server can be configured as master database server by simply updating the IP address and MySQL configuration file. It is possible to easily setup LAMP cluster on dedicated web server hosting
Dedicated Server Hosting
There are many types of dedicated server hosting packages and as per client’s requirements, each dedicated server should be setup accordingly.
1) Basic Dedicated Server Hosting
If a client has outgrown from a shared / reseller / vps hosting account, he eventually upgrades to a dedicated server with his basic requirements. Client’s do not require much RAM, Hard Disk and basic Operating System installed on the dedicated server hosting package. Their main aim is to improve the website response time.
2) High-end Dedicated Server Hosting
This is probably the next stage of a basic dedicated server hosting package where a client is looking for more performance of the server as he has understood that his requirements are on a rise now which is then followed by a Quad Core Configuration. However, different client’s have different requirements and setup of the dedicated servers as per their selection is important. Infact, at times there are many pre-requisites that a web server hosting company should take care of.
3) Bandwidth Dedicated Server Hosting
If a client needs to run live video streaming website such as you-tube. He will not only need a high-end server configuration, but also good amount bandwidth which ranges from basic standard metered bandwidth per month to unmetered bandwidth of 100Mbps or 1Gbps Unmetered Bandwidth. The requirement of Data Transfer is high on these kind of websites and it should be able to download or upload on the server as fast as possible.
4) Application Dedicated Server Hosting
Dedicated Server Hosting packages that are utilized to host Applications are known as Application Dedicated Web Servers. Client’s host all kinds of legal applications such as live chat softwares, Flash tutorials, Media file installations and many more.
5) Database Dedicated Server Hosting
Client’s who run Databases such as MySQL or MS SQL on a dedicated server are known as Database Dedicated Server Hosting. These require more of storage space and higher-end server configurations in order to completely manage dedicated servers.
6) Server Mirroring Dedicated Server Hosting
Many client’s require their data mirrored to another server. This is because they do not like to loose any data at any point of time. Servers are synchronized in order to transfer data from one server to the another. RAID Configurations are setup on the same theme as dedicated Server mirroring. The only main difference is that RAID mirrors / strips on Hard Disks and Server Mirroring is Server concept.
Windows-based Firewall Installation (Juniper Netscreen 5-GT)
Bodhost.com provides windows-based firewall protection with servers in tie-up with Juniper Networks which are known for their security services. We offer firewall which are not only cost-effective but provide the best service when it comes to security.
They are all-in-one security firewall provider which include IPs / Anti-viruses / Anti-spams and network filtering. We also provide regular updates for anti-viruses to tackle day-to-day scenario.
Juniper Netsceen 5GT Ethernet has 5 ethernet interfaces which can be assigned to different configurations.
Bodhost.com also provide Cisco firewall protections which will be mentioned in our next web hosting knowledgebase article.
APF Firewall (Advanced Policy Firewall)
Linux-based Firewall (Netfilter / IPtables)
Firewalls are known to secure networks to a major extent. Bodhost.com has always aimed to provide better security to all our customers. Our support team works day and night to provide even better service in security of all our clients.
Advanced Policy Firewall is a linux-based firewall which aims to fulfil today’s needs to security. It is provided in the form of IPtables or netfilter. ‘apf’ is a common command used which provides stats and information to us.
It normally follows the following rule :
> Static rule based policies – Traffic management of incoming and outgoing connections
> Connection based stateful policies – Known Connections will only be allowed
> Sanity based policies – Management of differenct traffic
Some of the features of APF are as follows -
> Configuration file (detailed)
> Inbound and Outgoing filters
> Known Connection / application filters
> Rule downloads
> Reactive address blocking (RAB)
> feature test in debugging mode
> speeding connection features
> Individual network connections
> global tcp/udp port / icmp filters
> Rate of packet flows
> network rule configurations
> network / IP bans
> Verification of Routing
> Attack filters
> Traffic detection
> Easy Configuration
> p2p application filters
> network stats
> Kernel Configurations with firewall
> Network limit set
It is php installation for securing server and users. It intends to use advanced protection system. It intends to have two parts – a) The first one includes small patch which includes some protection in against vulnerabilities. b) This is known to be a powerful PHP extention for high-level security.
a) Used to check network packets.
b) Translation of network address
c) IP chain backwards compatibility
d) Modifications of rules for packet filters
e) Open-Source
This will mainly explains you on how to setup SSL on IIS 5.0, making use of Certificate Server 2.0 as Certificate Provider -
1) Web server Certificate request -
a)Start Internet Service Manager>Right Click on the websites on which you want to
enable SSL>Go on Properties>Directory Security tab>Server Certificate to start
Web Server Certificate Wizard.
b) Next>Create a new certificate
c) Next>Name the certificate>Select Server Gated Cryptography
d) Next>Select type of organizational Unit
e) Next>Common name (, if the URL is https://www.mydomain.com/securedir, then
the common name must be www.mydomain.com.
f) Next>Type Country, State, City or locality.
g) Next>Select Location and file name.
h) Next twice>Finish
2) Process of Certificate Server Request -
a) CAServerName/CertSrv >Request Certificate
b) Next>Advance request>Next>Submit Certificate request making use of base64
encoded PKCS #10 file/renewal request using a base64 encoded PKCS #7 file.
c) Next>Request file that is saved from Web certificate wizard in Notepad>Past Entire
Text of file>submit>Pending Certificate dialog box arises>If Download asked>Skip
to step 2>Close Browser>Open Certification Authority MMC>Open>expand tree
under the server name>select Pending requests folder.
d) Right-click on the certificate that is submitted>Click All Task>Click Issue>Close
CA MMC.
e) Open a new browser Windows browse to URL>Check on pending
Certificate>Next>Select earlier Request>Next>DER encoded>Click Download CA
certificate>Save file>Close Browser.
3) Finish processing IIS request and enabling SSL -
a) Internet Information Services MMC> right-click the Web site on which you want to
enable SSL> Properties> Directory Security tab> Server Certificate.
b) Next> Process the pending request> install the certificate.
c) Next>Enter path/file name saved> Next twice> Finish.
d) Web Site tab>Default port is 443>OK>Close Web Site Properties dialog Box.
SSL now can be used on the server. The Url now will be https:// instead of http://.
Maintaing the kernel Security is one of the important task in Sys.Admin especially against the hackers. So friends following are some of the tips which will help to manage the kernel security through /proc pseudo-filesystem, Quite a few files /proc/sys are directly related to security. The parameter just need to have a flag(boolean value) set.
Enabled if contains a 1 and disables if contains 0 , Many of the options are under /proc/sys/net/ipv4
Such as ..
icmp_echo_ignore_all : Ignore all ICMP ECHO requests ( Ping Request)
ip_forward : Enables or disables the forwarding of IP packets between interfaces depending on the kernel is configured as a host or router.
For example just take a look at this command.
echo “0″ > /proc/sys/net/ipv4/icmp_echo_ignore_all
The above command will deny all the ping request on the server.
The command sysctl -A will show the kernel configuration parameters set on the server, Basically the command reads the configuation file /etc/sysctl.conf after each reboot.
Caution !! Don’t try this with other parameters which you are not aware of. Otherwise the results maybe a KERNEL PANIC…
Kernel is the core of operating system; it is the program that controls the basic services that are utilised by user programs; it is this suite of basic services in the form of system calls that make an operating system “UNIX”.
The kernel is also responsible for:
-CPU resource scheduling (with the associated duties of process management)
-Memory management (including the important implementation of protection)
-Device control (including providing the device-file/device-driver interface)
-Security (at a device, process and user level)
-Accounting services (including CPU usage and disk quotas)
-Inter Process Communication (shared memory, semaphores and message passing)
The Unix kernel acts as a mediator for your programs. First, it does the memory management for all of the running programs (processes), and makes sure that they all get a fair share of the processor’s cycles. In addition, it provides a nice, fairly portable interface for programs to talk to your hardware.
The kernel is physically a file that is usually located in the /boot directory. Under Linux, this file is called vmlinuz.
bash-2.05a# ls -l /boot/vm*
-rwxr-xr-x 1 root root 3007276 Mar 14 04:10 vmlinux-2.4.18-27.7.x
lrwxrwxrwx 1 root root 21 Mar 28 23:20 vmlinuz -> vmlinuz-2.4.18-27.7.x
You can see in this instance that the “kernel file” is actually a link to another file containing the kernel image. The actual kernel size will vary from machine to machine. The reason for this is that the size of the kernel is dependant on what features you have compiled into it, what modifications you’ve make to the kernel data structures and what (if any) additions you have made to the kernel code.
vmlinuz is referred to as the kernel image. At a physical level, this file consists of a small section of machine code followed by a compressed block. At boot time, the program at the start of the kernel is loaded into memory at which point it uncompresses the rest of the kernel.
An umcompressed kernel is really a giant object file; the product of C and assembler linking – the kernel is not an “executable” file (i.e. you just can’t type vmlinuz at the prompt to run the kernel). The actual source of the kernel is stored in the /usr/src/ directory; a typical listing may produce:
[bash-2.05a# /usr/src/ ls -l
total 8
lrwxrwxrwx 1 root root 19 Mar 28 23:19 linux-2.4 -> linux-2.4.18-27.7.x
drwxr-xr-x 17 root root 4096 Mar 28 23:19 linux-2.4.18-27.7.x
drwxr-xr-x 7 root root 4096 Mar 28 23:08 redhat
/usr/src/linux is a soft link to /usr/src/ - this means you can store several kernel source trees - however - you MUST change the soft link of /usr/src/linux to the version of the kernel you will be compiling as there are several components of the kernel source that rely on this.
Take note of the /boot/vmlinux* file - this is the uncompressed kernel! Notice the size? [vmlinuz is the .z (or compressed) version of vmlinux plus the decompression code]
Within this directory hierarchy are in excess of 1300 files and directories which consists of around 400 C source code files, 370 C header files, 40 Assembler source files and 46 Makefiles. These, when compiled, produce around 300 object files and libraries.
While this may seem like quite a bit of code, much of it actually isn’t used in the kernel. Quite a large portion of this is driver code; only drivers that are needed on the system are compiled into the kernel, and then only those that are required at run time (the rest can be placed separately in things called modules).
In the case of Linux, the following steps are performed to boot the kernel:
1) The boot loader program (e.g. lilo or grub) starts by loading the vmlinuz from disk into memory, then starts the code executing.
2) After the kernel image is decompressed, the actual kernel is started. This part of the code was produced from assembler source; it is totally machine specific. Technically at this point the kernel is running. This is the first process (0) and is called swapper. Swapper does some low level checks on the processor, memory and FPU availability, then places the system into protected mode. Paging is enabled.
3) Interrupts are disabled (every one) though the interrupt table is set up for later use. The entire kernel is realigned in memory (post paging) and some of the basic memory management structures are created.
4) At this point, a function called start_kernel is called. start_kernel is physically located in /usr/src/linux-2.4.18-27.7.x/init/main.c and is really the core kernel function – really the equivalent of the void main(void). main.c itself is virtually the root file for all other source and header files.
5) start_kernel sets up the memory, interrupts and scheduling. In effect, the kernel has now has multi-tasking enabled. The console already has had several messages displayed to it.
6) The kernel command line options are parsed (those passed in by the boot loader) and all embedded device driver modules are initialised.
7) Further memory initialisations occur, socket/networking is started and further bug checks are performed.
8. The final action performed by swapper is the first process creation with fork whereby the init program is launched. Swapper now enters an infinite idle loop.
It is interesting to note that as a linear program, the kernel has finished running! The timer interrupts are now set so that the scheduler can step in and pre-empt the running process. However, sections of the kernel will be periodically executed by other processes.
Do you want to block some site to be browsed from personal computer which have windows operatiing system.
Ok then do this just Go to.
C:\WINDOWS\system32\drivers\etc
Open a “host” file in notepad. At the bottom of the line, you can see as per below
127.0.0.1 localhost
Add the following line at end now
127.0.0.1
www.blocksitename.com put there the site name to which you want to block