Archive

Archive for the ‘debian’ Category

Debian Howto: Installing Mapserver

August 1st, 2007 rupert Comments off

By default, we can install mapserver using etch stable from a debian mirror using apt-get. Final results were almost close as expected, however, I need mapserver with TIFF support to be able to display my satellite images. Thus, recompilation is necessary. Below is the binary version difference for both installation procedures.

Nevertheless, it is worth noting that ‘apt-get’ significantly boost the installation of mapserver. I highly suggest to install mapserver using apt-get and use source compilation only if necessary.

a) mapserver installed using apt-get


rupert-debian:/usr/lib/cgi-bin# ./mapserv -v
MapServer version 4.10.2 OUTPUT=GIF OUTPUT=PNG OUTPUT=JPEG OUTPUT=WBMP OUTPUT=SVG SUPPORTS=PROJ SUPPORTS=FREETYPE SUPPORTS=WMS_SERVER SUPPORTS=WMS_CLIENT SUPPORTS=WFS_SERVER SUPPORTS=WFS_CLIENT SUPPORTS=WCS_SERVER SUPPORTS=THREADS SUPPORTS=GEOS INPUT=TIFF INPUT=EPPL7 INPUT=POSTGIS INPUT=OGR INPUT=GDAL INPUT=SHAPEFILE DEBUG=MSDEBUG

Installation instructions for a:

1. apt-get install g++ libgd2-xpm libgd2-xpm-dev libcurl3 zlib1g-dev libgd-dev libtiff4 libtiff4-dev  libapache2-mod-python python-imaging  
 
2. apt-get install php5-cgi php5-common php5-curl php5-dev php5-gd php5-mysql php5-pgsql php5-sqlite php5-xsl libapache2-mod-php5
 
3. apt-get install python2.5 python2.5-dev python2.5-examples
 
4. apt-get install mysql-client-5.0 mysql-server-5.0 mytop mysql-admin mysql-admin-common libmysqlclient15-dev libdbd-mysql-perl libdbd-mysql-ruby mtop
 
5. apt-get install postgresql-common postgresql-8.2 postgresql-client-8.2 postgresql-contrib-8.2 postgresql-8.2-plr postgresql-8.2-plruby postgresql-8.2-postgis postgresql-plperl-8.2 postgresql-plpython-8.2 postgresql-pltcl-8.2 libpq4 
 
6.  apt-get install gdal-bin cgi-mapserver mapserver-bin mapserver-doc perl-mapscript php5-mapscript python-mapscript

b. mapserver compiled


rupert-debian:/usr/lib/cgi-bin# ./mapserv_default -v
MapServer version 4.10.0 OUTPUT=GIF OUTPUT=PNG OUTPUT=JPEG OUTPUT=WBMP OUTPUT=SVG SUPPORTS=PROJ SUPPORTS=FREETYPE SUPPORTS=WMS_SERVER SUPPORTS=WMS_CLIENT SUPPORTS=WFS_SERVER SUPPORTS=WFS_CLIENT SUPPORTS=WCS_SERVER SUPPORTS=THREADS SUPPORTS=GEOS INPUT=EPPL7 INPUT=POSTGIS INPUT=OGR INPUT=GDAL INPUT=SHAPEFILE DEBUG=MSDEBUG

Installation instructions for b:

#tar -zxvf geos-3.0.0rc4
#./configure
#make
#make install
 
#modify /etc/apt/sources.list and uncomment testing
deb http://mirrors.geekbone.org/debian testing main
deb-src  http://mirrors.geekbone.org/debian testing main
 
deb http://mirrors.geekbone.org/debian etch main
deb-src  http://mirrors.geekbone.org/debian etch main
 
deb http://security.debian.org/ etch/updates main contrib
deb-src http://security.debian.org/ etch/updates main contrib
 
#apt-get update
 
#apt-get install postgresql-8.2-postgis
 
#tar -zxvf mapserver-4.10.2.tar.gz
#./configure \
--with-jpeg \
--with-gd \
--with-freetype \
--with-png \
--with-ogr \
--with-proj \
--with-gdal \
--with-httpd=/usr/sbin/apache2 \
--with-tiff \
--with-wfs \
--with-wcs \
--with-threads \
--with-wmsclient \
--with-wfsclient \
--with-geos \
--with-postgis \
--enable-debug
#make
#make install
#cp -Rf mapserv /usr/local/cgi-bin/
Categories: debian, linux, mapserver Tags: ,

Debian Howto: Apache 2.2 + ColdFusion Updated for SID

August 1st, 2007 rupert 1 comment

Wow, this is really nice. I was able to install Apache2.2 + ColdFusion on my current Debian 4.0 Etch.

Here’s an introduction on using apt…

Use apt-cache to search the local database for available packages.
apt-cache search [search terms] will find packages that sound like what you want and:
apt-cache show [packagename] will return more details on a particular package.
apt-cache showpkg [packagename] will return more details on a particular package.
apt-cache policy [packagename] will return which versions are available along with the priority of each version.
apt-setup will enable you to change mirrors. The alternative is to edit /etc/apt/sources.list manually (which I prefer).
apt-get clean clears the local repository of all retrieved package files.
apt-get autoclean clears the local repository of retrieved package files of programs that are no longer installed.
dpkg -l [packagename] will list the version and a short description of the package we have installed.

Installing Apache2.2

1. apt-get install g++

2. apt-get install apache2

Setting up apache2-utils (2.2.3-4) ...
Setting up apache2.2-common (2.2.3-4) ...
Setting Apache2 to Listen on port 80. If this is not desired, please edit /etc/apache2/ports.conf as desired. Note that the Port directive no longer works.
Module alias installed; run /etc/init.d/apache2 force-reload to enable.
Module autoindex installed; run /etc/init.d/apache2 force-reload to enable.
Module dir installed; run /etc/init.d/apache2 force-reload to enable.
Module env installed; run /etc/init.d/apache2 force-reload to enable.
Module mime installed; run /etc/init.d/apache2 force-reload to enable.
Module negotiation installed; run /etc/init.d/apache2 force-reload to enable.
Module setenvif installed; run /etc/init.d/apache2 force-reload to enable.
Module status installed; run /etc/init.d/apache2 force-reload to enable.
Module auth_basic installed; run /etc/init.d/apache2 force-reload to enable.
Module authz_default installed; run /etc/init.d/apache2 force-reload to enable.
Module authz_user installed; run /etc/init.d/apache2 force-reload to enable.
Module authz_groupfile installed; run /etc/init.d/apache2 force-reload to enable.
Module authn_file installed; run /etc/init.d/apache2 force-reload to enable.
Module authz_host installed; run /etc/init.d/apache2 force-reload to enable.
 
Setting up apache2-mpm-worker (2.2.3-4) ...
Starting web server (apache2)...apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName

3. /etc/init.d/apache2 start

4. ps -ef | grep apache2

5. Post Install:

#mkdir -p /usr/local/apache2
#ln -s /var/log/apache2 /usr/local/apache2/logs
#ln -s /var/www /usr/local/apache2/htdocs
#ln -s /usr/lib/cgi-bin /usr/local/apache2/cgi-bin

Installing ColdFusion 8
1. Install ColdFusion 8 normally. Make the user as nobody

2. To start ColdFusion8 on boot, download this startup script (coldfusion8_startup_debian).
Drop it to /etc/init.d/ and start coldfusion

3. Bind ColdFusion to Apache. Modify the existing apache_connector.sh.

#!/bin/sh
 
#
# Configure the Apache connector.
#       -dir should be the *directory* which contains httpd.conf
#       -bin should be the path to the apache *executable*
#       -script should be the path to the script which is used to
#               start/stop apache
#
../../runtime/bin/wsconfig \
        -server coldfusion \
        -ws apache \
        -dir /etc/apache2 \
        -bin /usr/sbin/apache2 \
        -script /usr/sbin/apache2ctl \
        -coldfusion
 
exit $#

4. Check if the bind is successful by inspecting /etc/apache2/httpd.conf . You should see something similar below…

# JRun Settings
LoadModule jrun_module /opt/coldfusion8/runtime/lib/wsconfig/1/mod_jrun22.so
<IfModule mod_jrun22.c>
    JRunConfig Verbose false
    JRunConfig Apialloc false
    JRunConfig Ignoresuffixmap false
    JRunConfig Serverstore /opt/coldfusion8/runtime/lib/wsconfig/1/jrunserver.store
    JRunConfig Bootstrap 127.0.0.1:51011
    #JRunConfig Errorurl url <optionally redirect to this URL on errors>
    #JRunConfig ProxyRetryInterval 600 <number of seconds to wait before trying to reconnect to unreachable clustered server>
    #JRunConfig ConnectTimeout 15 <number of seconds to wait on a socket connect to a jrun server>
    #JRunConfig RecvTimeout 300 <number of seconds to wait on a socket receive to a jrun server>
    #JRunConfig SendTimeout 15 <number of seconds to wait on a socket send to a jrun server>
    AddHandler jrun-handler .jsp .jws .cfm .cfml .cfc .cfr .cfswf
</IfModule>

5. Follow Post install considerations

Installing ColdFusion7.0.2

References:
http://demirkapi.net/tutorials/coldfusion_debian_installation.cfm
http://www.easycfm.com/print/index.cfm?tutorial_id=376

1. apt-get install libstdc++6 libstdc++5 libstdc++2.10-glibc2.2(etch)

On etch, by default there is already xlibs, if we have desktop. On sid, if there is also no X, we need to install libxp6 libxt6 libxtst6. If you don’t install these libraries, you will get a graphing library error during coldfusionmx startup.

2. By default debian has a ‘nobody’ user also

From http://forums.gentoo.org/viewtopic-t-312113.html, and if you get a libc.so.6 No suc file or directory found problem

3. Modify /opt/coldfusionmx7/bin/coldfusion and comment out LD_ASSUME_KERNEL

174 # Some Java JVMs (both from Sun and IBM) don't work with the new floating stack
175 # feature of the i686 version of glibc. Force glibc to use the deprecated stack model.
176 # Check if the OS is SuSE8.1 or SuSE 9 - if it is, do not use the deprecated stack model.
177 #SUSEFLAG=`grep 'SuSE Linux 8.1\|UnitedLinux 1.0\|SuSE Linux 9\|SUSE LINUX Enterprise Server 9' /etc/SuSE-release /etc/UnitedLinux-release /etc/UnitedLinux-release 2> /dev/null`
178
179 #if [ ! "$SUSEFLAG" ]; then
180 # LD_ASSUME_KERNEL=2.2.9
181 # export LD_ASSUME_KERNEL
182 #fi

4. Boot on Start.

#cp -Rf /opt/coldfusionmx7/bin/coldfusion /etc/init.d/coldfusionmx7
#update-rc.d coldfusionmx7 start 80 2 3 4 5 . stop 15 0 1 6 .

5. You need the latest wsconfig.jar that will work on Apache2.2. It was discussed from a technote here. Configure apache with coldfusion

or

Call java and execute wsconfig.jar


/opt/coldfusionmx7/runtime/jre/bin/java
cd {cf_root}/runtime/lib

java -Dtrace.ci=1 -jar wsconfig.jar -server coldfusion -ws apache

-dir /etc/apache2/

-bin /usr/sbin/apache2

-script /usr/sbin/apache2ctl

-coldfusion -v

[-apxs]

Categories: debian Tags: , ,

Installing Debian

July 31st, 2007 rupert 2 comments

This is already an update on my First Howto with debian. So far, I could atest that Debian has been very good to me, and lessen my daily admin tasks.

1. Install base system. I prefer a minimal install.

2. Setup Networking

2.1 Disable IPV6
vi /etc/modprobe.d/aliases
alias ipv6 off
alias net-pf-10 off
 
2.2 Setup IP
vi /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
allow-hotplug eth0
iface eth0 inet static
        address 192.168.1.211
        netmask 255.255.255.0
        network 192.168.1.0
        broadcast 192.168.1.255
        gateway 192.168.1.1

2.3 Modify Hosts

#vi /etc/hosts
127.0.0.1           localhost
127.0.1.1           rupert-debian
192.168.1.211     rupert-debian
222.73.255.64     mirrors.geekbone.org
61.132.102.124   debian.cn99.com
128.31.0.36       security.debian.org
 
# The following lines are desirable for IPv6 capable hosts
#::1     ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
#ff02::3 ip6-allhosts

You can delete the commented (#) lines, if you don’t have ipv6 on your network…

2.4 Setup Basic Firewall
vi firewall.sh

iptables -F
iptables -N FIREWALL
iptables -F FIREWALL
iptables -A INPUT -j FIREWALL
iptables -A FORWARD -j FIREWALL
iptables -A FIREWALL -i lo -j ACCEPT
 
iptables -A FIREWALL -p icmp --icmp-type any -j ACCEPT
 
#iptables -A FIREWALL -p 50 -j ACCEPT
#iptables -A FIREWALL -p 51 -j ACCEPT
 
#iptables -A FIREWALL -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
#iptables -A FIREWALL -p udp -m udp --dport 631 -j ACCEPT
 
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A FIREWALL -p tcp -m tcp --dport 22 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 3306 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 5432 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
iptables -A FIREWALL -p udp -m udp -j REJECT
iptables-save &gt; /etc/firewall-rules
iptables-restore &lt; /etc/firewall-rules

sh -v firewall_setup.sh

To set it up on boot:
vi /etc/network/interfaces

iface lo inet loopback
pre-up iptables-restore < /etc/firewall-rules

I did catch a slight problem on this, for more details please read this post.

3. Specify the nearest source list 

<a href="/wordpress/?p=83">
vi /etc/apt/sources.list
#deb http://mirrors.geekbone.org/debian etch main
#deb-src http://mirrors.geekbone.org/debian etch main
 
deb http://mirrors.geekbone.org/debian etch main
deb-src http://mirrors.geekbone.org/debian etch main
</a>

4. Let’s get ssh up and running first.

<a href="/wordpress/?p=83">
apt-get update
apt-get install ssh
</a>

5. Once you have networking up and running, then I advise to upgrade to lenny (testing) as stated from the source list[3] above.

<a href="/wordpress/?p=83">
apt-get upgrade libc6
apt-get dist-upgrade
</a>

6. Reboot

7. Do you want this machine to be your desktop? If yes, let’s get gnome.

<a href="/wordpress/?p=83">
#aptitude install gnome
#aptitude install gnome-core
#aptitude install x-window-system
</a>

8. Reboot. You should see a graphical Gnome Login

9. Utilities

<a href="/wordpress/?p=83">
#apt-get install htop nmap unzip subversion build-essential cmake locate
#apt-get install libboost-graph*
</a>

10. Servers
#apt-get install apache2
#apt-get install postgresql-8.2
#apt-get install postgresql-8.2-postgis
#apt-get install postgresql-server-dev-8.2
#apt-get install mysql-server

11. Removing unwanted services
#update-rc.d -f portmap remove
#update-rc.d -f cupsys remove
#update-rc.d -f exim4 remove

12. Configuring vimrc with syntax highlighting

<a href="/wordpress/?p=83">
set nocompatible
set nu
set ts=4
syntax on
</a>
Categories: debian, linux Tags:

Understanding Iptables

July 31st, 2007 rupert 1 comment

My first hack with debian was smooth except for the firewall issues. RHEL/Fedora/CentOS stores its firewall policies in /etc/sysconfig/iptables, in Debian, you have to write down the chains and run it. Writing the chain rules is basically the same for both distros since it is iptables, however it is not pretty obvious for a newbie. So my problem was, I cannot ping a domainname but can ping an IP address instantly. I misinterpreted the root cause of the problem as a dns problem, so I disabled ipv6.. still a no go. Later I found out it was one of the rules in my iptables policies.

So here is the iptables firewall shell script that resolved the issue…

1. vi firewall.sh

iptables -F
iptables -N FIREWALL
iptables -F FIREWALL
iptables -A INPUT -j FIREWALL
iptables -A FORWARD -j FIREWALL
iptables -A FIREWALL -i lo -j ACCEPT
 
iptables -A FIREWALL -p icmp --icmp-type any -j ACCEPT
 
#iptables -A FIREWALL -p 50 -j ACCEPT
#iptables -A FIREWALL -p 51 -j ACCEPT
 
#iptables -A FIREWALL -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT
#iptables -A FIREWALL -p udp -m udp --dport 631 -j ACCEPT
 
iptables -A FIREWALL -m state --state ESTABLISHED,RELATED -j ACCEPT
 
iptables -A FIREWALL -p tcp -m tcp --dport 22 --syn -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 80 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 3306 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --sport 5432 -j ACCEPT
iptables -A FIREWALL -p tcp -m tcp --syn -j REJECT
iptables -A FIREWALL -p udp -m udp -j REJECT
iptables-save > /etc/firewall-rules
iptables-restore < /etc/firewall-rules

2. Run sh -v firewall_setup.sh

Here’s a brief explanation of the iptables flag taken from man.

-F, –flush [chain]
Flush the selected chain (all the chains in the table if none is given). This is equivalent to deleting all the rules one by one.

-N, –new-chain chain
Create a new user-defined chain by the given name. There must be no target of that name already.

-A, –append chain rule-specification
Append one or more rules to the end of the selected chain. When the source and/or destination names resolve to more than one address, a rule will be added for each possible address combination.

-j, –jump target
This specifies the target of the rule; i.e., what to do if the packet matches it. The target can be a user-defined chain (other than the one this rule is in), one of the special builtin targets which decide the fate of the packet immediately, or an extension (see EXTENSIONS below).

So I checked out my CentOS4 box and found out that I four (4) lines which I don’t understand. See commented lines above. Here’s an explanation of them..

Port 50 is Remote Mail Checking Protocol
Killing this may stop you checking if you have new mail on your provider’s POP server. Haven’t confirmed this…

Port 51 is IMP Logical Address Maintenance. Dunno what this is for..

Port 5353
This port is used for the Apple Bonjour network discovery protocol, as you can read here: http://www.apple.com/support/downloads/bonjourforwindows_readme.html

Port 631 IPP (Internet Printing Protocol). Enable this if you want to print from Linux.

Categories: debian, linux Tags: