≡ Menu

A web stack is nothing but collection of many open source software such as an operating system, Web server, database server, server side programming language. The most commonly known web stacks is LAMP. It is an acronym for a solution stack of free, open source software, referring to the first letters of Linux (operating system), Apache Web server, MySQL database software and PHP (or sometimes Perl or Python). All of our security related tutorials recommends running different network services on separate systems or vm instance. Naturally, this limits the number of other services that can be cracked in the event that an attacker is able to successfully exploit a software flaw in one network service. This is also one of the most requested article via email. In this guide, I will explain how to setup a solution that can serve static content, dynamic content, database, and caching by running on separate servers or vm instance.
[click to continue…]

{ 8 comments }

Creating a Network File System (NFSv4.0) shared network resource is exactly like creating any other shared network resource in Linux or Unix for Apache / Lighttpd / Nginx web server. You need to type the following commands on vm05 having an IP address 192.168.1.14.
[click to continue…]

{ 3 comments }

Linux: Configure MySQL Database Server

This vm node stores your data in RDBMS such as mysql or postgresql. In this setup, I'm going to use MySQL database server. You need to type the following commandss on vm04 having an IP address 192.168.1.13 only.
[click to continue…]

{ 5 comments }

Memcached can speed up database driven dynamic web site. It must be deployed within trusted network where vm01 and vm02 clients may freely connect to our server. You need to type the following commands on vm03 having an IP address 192.168.1.12.

Install memcached server on vm03

Type the following yum command to install memcached server on RHEL based system:
# yum install -y memcached

Install memcached client on vm01 and vm02

You may need to install any one of the following package on vm01 and vm02 (server running php5+apache/Lighttpd):

  1. perl-Cache-Memcached : Perl client (library) to work with memcached server.
  2. python-memcached : Python client (library) to work with memcached server.
  3. php-pecl-memcache : PHP extension to work with the Memcached server.

Configure memcached

Edit /etc/sysconfig/memcached file, enter:
# vi /etc/sysconfig/memcached
Sample outputs:

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="512"
## make sure we accept connection from vm01 and vm02 on 192.168.1.12:11211
OPTIONS="-l 192.168.1.12 -L"

Save and close the file. Start the memcached server:
# chkconfig memcached on
# /sbin/service memcached start

Edit /etc/sysconfig/iptables and make sure only vm01 and vm02 are allowed to connect to the our server:

 
## open vm01 and vm02 tcp/udp port for memcached server ##
-A INPUT -m state --state NEW -s 192.168.1.10 -m tcp -p tcp --dport 11211 -j ACCEPT
-A INPUT -m state --state NEW -s 192.168.1.11 -m udp -p udp --dport 11211 -j ACCEPT
-A INPUT -m state --state NEW -s 192.168.1.10 -m udp -p udp --dport 11211 -j ACCEPT
-A INPUT -m state --state NEW -s 192.168.1.11 -m tcp -p tcp --dport 11211 -j ACCEPT
 

Save and close the file. Restart the iptables service, enter:
# /sbin/service iptables restart
# /sbin/iptables -L -v -n

Increase file system and ports limits on vm03

For busy memcached server you need to increase system file descriptor and IP port limits:

 
# Increase system file descriptor limit to
fs.file-max = 50000
# Increase system IP port limits
net.ipv4.ip_local_port_range = 2000 65000
 

Load the changes by typing the following sysctl command to modify Linux kernel parameters at runtime:
# sysctl -p

See also
{ 3 comments }

The Apache web server is responsible for providing access to dynamic content via the HTTP or HTTPS protocol. In this example, I'm going to install and use the Apache 2 web server + php5 safely and set DocumentRoot to vm05:/exports/html mounted at /var/www/html. You need to type the following commands on vm02 having an IP address 192.168.1.11.
[click to continue…]

{ 3 comments }

The Lighttpd web server is responsible for providing access to static content via the HTTP or HTTPS protocol. In this example, I'm going to install and use the Lighttpd web server and set DocumentRoot to vm05:/exports/static mounted at /var/www/static. You need to type the following commands on vm01 having an IP address 192.168.1.10 only.
[click to continue…]

{ 2 comments }

HowTo: Use Nginx As Reverse Proxy Server

Nginx is an open source Web server and a reverse proxy server. You can use nginx for a load balancing and/or as a proxy solution to run services from inside those machines through your host's single public IP address such as 202.54.1.1. In this post, I will explain how to install nginx as reverse proxy server for Apache+php5 domain called www.example.com and Lighttpd static asset domain called static.example.com. You need to type the following commands on vm00 having an IP address 192.168.1.1 only.
[click to continue…]

{ 10 comments }