Archive for the ‘Web Dev’ Category
The problem turned out to be something other than a hardware failure. The good news is I have set up a completely new dedicated server with a completely new company (who will be managing updates and security for me). The bad news is, I lost ALL the data that was on the original server.
I do have local backups of web sites I did, but I lost databases, and people using webmail lost saved email. Clients who were doing their own web sites may have lost their data if they werent backing it up locally.
Brief recap of events:
1. Server was hacked at the end of July. I hired SeeksAdmin.com to go in and clean up the mess, patch everything, and lock it all down. Everything was great until the server somehow got rebooted (I had nothing to do with it), and it didn’t come back up. According to 1and1, my server provider, the machine was stuck booting up because it couldn’t load the kernel. They couldn’t select the previous kernel because SeeksAdmin had locked down lilo, the bootloader. I know SeeksAdmin had mentioned they had problems with the new kernel working, but they claimed they rebooted the machine multiple times and rolled it back to the older version. I can’t prove or disprove that, but the circumstances are a bit concerning.
2. I was 99% sure that my backups were being performed by 1and1, and that all was OK when it came down to re-imaging the hard drive. Unfortunately, 1and1 locks out the backup FTP server from being accessed except from your dedicated server. So, I had no way of verifying that the backups were OK since the server wouldn’t boot and I couldn’t log in to look at the backups.
3. SeeksAdmin re-imaged the server for me, and after getting it back up, I logged in and FTP’d to the backup server to check things out. Nothing was there. I was stunned, and I was very angry.
When all was said and done, I was left wondering what had happened. There is really no one person/company to blame, rather, a bunch of bad things conspired from different places to screw me over and cause a large nightmare for all the clients I had hosted on that server. Had 1and1 been doing the backups, which they were supposed to be doing, all would have been OK. But then, it seems the system had become unstable since SeeksAdmin had gone in to do their work, so I wouldn’t have run into the problem if I hadn’t hired them. But then, if I never was hacked in the first place, none of this would have happened in the first place.
The silver lining to all of this is that I had been itching to leave 1and1 for quite some time, as they are the Wal-mart of web hosting. I was stuck with them because the task of moving all my clients was just too time consuming to think about. The new company I settled with is all about service, and being supportive of their clients. They are smaller, personal, and responsive. I also got away from having to use Plesk, and am now happily setting up all the sites in WHM and CPanel.
At long last, I have come close to finishing Alicia’s web site!
Thanks to June for the spiffy background image based on Alicia’s art, I think it’s looking pretty good. Alicia isn’t very happy with the quality of the photographs of her paintings though, as they look different from monitor to monitor, and none seem to capture what the paintings look like in real life. That’s just the way it goes with web design, unfortunately.
I’ll be changing content on there regularly, so check back often for Alicia’s latest works.
And starting June 1, Alicia will have a spot at the Kress Emporium in downtown Asheville!
After managing to get Tomcat5.5 working with Apache2 using mod_jk, my next venture was to enable SSL using a self-signed certificate in Tomcat. This proved to be quite a task.
The system I’m setting up is running RedHat Enterprise Linux 4.4. I installed all the official RedHat RPM’s to get Tomcat and Apache talking together with mod_jk (see Part I of this tutorial).
After 4 days of banging my head on my keyboard, I noticed that when I would run:
#java -version
It spit out this:
Java(TM) 2 Runtime Environment, Standard Edition (build pxi32dev-20061002a (SR3) )
IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Linux x86-32 j9vmxi3223-20061001 (JIT enabled)
J9VM - 20060915_08260_lHdSMR
JIT - 20060908_1811_r8
GC - 20060906_AA)
JCL - 20061002
This let me know that I am supposed to be using IBM’s version of java, which apparently is the default on my RedHat system, not Sun’s version. I think somewhere along the way I downloaded Sun’s jvm, and I assumed that I was supposed to be using it’s keytool to generate an SLL certificate for Tomcat, but such is not the case. This caused me much confusion, but here’s how I ended up fixing it:
1. Generate Keystore file
(NOTE: all of this assumes you already have Apache configured with SSL. I used OpenSSL, which I don’t go into here, but there are loads of resources online for you, and it’s relatively easy to do).
Assuming you have the default RedHat java rpm already installed, run this:
# /usr/lib/jvm/java-1.5.0-ibm-1.5.0.3/jre/bin/keytool -genkey -alias tomcat -keyalg RSA
NOTE: I used Tomcat’s default password of ‘changeit’ when prompted.
The keystore file gets dropped in the home directory of whatever user you are logged in as. I was root, so I then moved the keystore file to the tomcat home directory:
# mv /root/.keystore /etc/tomcat5/
# chown tomcat.tomcat /etc/tomcat5/.keystore
2. Next you have to edit Tomcat’s server.xml file
# nano /etc/tomcat5/server.xml
Uncomment the SSL connector and set it up like so:
<!-- Define a SSL HTTP/1.1 Connector on port 8443 -->
<connector port="8443" maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" scheme="https" secure="true"
clientAuth="false" algorithm="IbmX509" sslProtocol="SSL"
keystoreFile="/etc/tomcat5/.keystore"
keystorePass="changeit" />
Note that I added algorithm=”IbmX509″ and I changed sslProtocol=”TLS” to sslProtocol=”SSL”. This is necessary to get things working with IBM’s jvm.
3. Restart everything
# service tomcat5 stop
# service tomcat5 start
# apachectl restart
If you were following along from my last article, then browse to:
https://yoursite.com:8443/hello.jsp
If all went well, you should see the hello.jsp page showing you the system time!
“An epic journey of compassion and liberty that embodies the semantic markup movement in modern web design in an unprecedented paradigm shift to right angled HTML elements.”
Truly a sight to behold. Read this article three times, for it will change your life.
I just got through setting up Tomcat5.5, Apache2, and mod_jk on a RedHat Enterprise AS4.4 machine at work. In the past, I have done this by compiling each component separately and fingling with config files until it all worked. But I wanted to stick with RedHat-approved RPM’s from the RedHat network to ease updates and patch management, and to allow the organization to have support options.
I had a lot of trouble finding any documentation on how to do this anywhere, so I thought I’d throw it out here for anyone in a similar situation in search of help.
The following are my notes, sprinkled with a little help I got from a RedHat support tech.
First, I had to enable the following channel within the RedHat Network for this system:
–Red Hat Application Server v. 2 (AS v. 4 for i386)
If you don’t have a RHEL license for updating your system, you will need one.
Once those channels were enabled, I installed the following packages using up2date at the command line:
# up2date tomcat5
# up2date tomcat5-webapps
# up2date tomcat5-admin-webapps
# up2date mod_jk-ap20
With the packages installed, I set out to configure a virtual host to pass requests to Tomcat as needed by using the mod_jk connector. The following steps explain how to do this for a web site called example.com using IP address 123.123.123.123. Substitute your domain and IP accordingly.
Step 1. – Add mod_jk to Apache
In /etc/httpd/conf/httpd.conf add this:
LoadModule jk_module modules/mod_jk.so
<ifmodule mod_jk.c>
JkWorkersFile "/etc/httpd/conf/workers.properties"
JkLogFile "/etc/httpd/logs/mod_jk.log"
JkLogLevel info
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
</ifmodule>
That loads the module into Apache, tells apache where the worker is that will handle jsp/servlets, and tells Apache where to record log entries for mod_jk.
Step 2. – create a new file called /etc/httpd/conf/workers.properties and add this to it:
[channel.socket:example.com:8009]
port=8009
host=example.com
[uri:example.com/*.jsp]
worker=ajp13:example.com:8009
Step 3. Create a virtual host in /etc/httpd/conf/httpd.conf like so:
<virtualhost 123.123.123.123:80>
ServerAdmin webmaster@example.com
ServerName www.example.com
DocumentRoot /var/www/html
JkMount /*.jsp ajp13
JkMount /servlet/* ajp13
# Deny direct access to WEB-INF
</virtualhost>
Step 4. Set up Tomcat5 by adding this to /etc/tomcat5/server.xml just before the very last </Engine> tag at the bottom of the document:
<host name="example" appBase="/var/www/html" unpackWARs="true" autoDeploy="true">
<context path="" docBase="" debug="0" reloadable="true"/>
<alias>www.example.com</alias>
<valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="web1_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
</host>
Still with me? We are almost done.
Step 6. Create a sample jsp file called /var/www/html/test.jsp and add this to it:
Time: < %= new java.util.Date() %>
Step 7. Start up the services
# apachectl start
# service tomcat5 start
Step 8. Try it!
Browse to http://www.example.com/test.jsp
If all went well, you should see the system’s current date and time when you load the web page. Congrats. Hope it works for you!
Please don’t send me Microsoft Word Documents. ‘Nuff said.
The Origami Boulder Company sells finely crafted works of art.
The 419 Eater details a hilarious scamming of the scammer in this effort to fight back against infamous Nigerian Scams (419’s).
Me and Jeremy getting mad props for Channel 18 on Mefi Music
Another Chatham family right-time-right-place newspaper appearance.
On those Interwebs, you have to know how to ask questions the smart way.
Sometimes, it’s useful to know how to snatch an expiring domain.
Another useful thing is A List of Every Website Statistic Publicly Available.
Sit back and laugh as you make your best friend talk to his/her ex boyfriend/girlfriend on the phone.
Joey’s history of bands in Louisville is good. That’s pretty much how I remember it too.