Work

Recent Stuff

On 9/16/2007, In Family, Work, news, By Will

First, I’d like to point out the new Photo Gallery I put up here. I decided to start fresh, but look for more pictures (and video…yay!) soon.

September has been a more relaxed month in that I am no longer under the big deadline I was stressing out about in August. The web server nightmare and subsequent move to a new server has smoothed out rather well. I’ve had visits from family the last two weekends. And I’ve been playing some music here and there, which is always good. Most importantly, I’ve been doing fun things with the boys and Alicia since I haven’t had so much extra work to do.

I have a bunch of cool links to post soon, so check back.

Oh, in case you were wondering, we don’t need no stinking badges.

Server Update — Part II

On 8/20/2007, In Tech, Web Dev, Work, By Will

The problem turned out to be something other than a hardware failure. The good news is I have set up a completely new dedicated server with a completely new company (who will be managing updates and security for me). The bad news is, I lost ALL the data that was on the original server.

I do have local backups of web sites I did, but I lost databases, and people using webmail lost saved email. Clients who were doing their own web sites may have lost their data if they werent backing it up locally.

Brief recap of events:
1. Server was hacked at the end of July. I hired SeeksAdmin.com to go in and clean up the mess, patch everything, and lock it all down. Everything was great until the server somehow got rebooted (I had nothing to do with it), and it didn’t come back up. According to 1and1, my server provider, the machine was stuck booting up because it couldn’t load the kernel. They couldn’t select the previous kernel because SeeksAdmin had locked down lilo, the bootloader. I know SeeksAdmin had mentioned they had problems with the new kernel working, but they claimed they rebooted the machine multiple times and rolled it back to the older version. I can’t prove or disprove that, but the circumstances are a bit concerning.
2. I was 99% sure that my backups were being performed by 1and1, and that all was OK when it came down to re-imaging the hard drive. Unfortunately, 1and1 locks out the backup FTP server from being accessed except from your dedicated server. So, I had no way of verifying that the backups were OK since the server wouldn’t boot and I couldn’t log in to look at the backups.
3. SeeksAdmin re-imaged the server for me, and after getting it back up, I logged in and FTP’d to the backup server to check things out. Nothing was there. I was stunned, and I was very angry.

When all was said and done, I was left wondering what had happened. There is really no one person/company to blame, rather, a bunch of bad things conspired from different places to screw me over and cause a large nightmare for all the clients I had hosted on that server. Had 1and1 been doing the backups, which they were supposed to be doing, all would have been OK. But then, it seems the system had become unstable since SeeksAdmin had gone in to do their work, so I wouldn’t have run into the problem if I hadn’t hired them. But then, if I never was hacked in the first place, none of this would have happened in the first place.

The silver lining to all of this is that I had been itching to leave 1and1 for quite some time, as they are the Wal-mart of web hosting. I was stuck with them because the task of moving all my clients was just too time consuming to think about. The new company I settled with is all about service, and being supportive of their clients. They are smaller, personal, and responsive. I also got away from having to use Plesk, and am now happily setting up all the sites in WHM and CPanel.

Kurt Vonnegut, Dead at 84

On 4/13/2007, In General, Links, Tech, Work, By Will

Ah well…Tingaling!

Sorry, I haven’t had time to make any Song Of The Week postings. Been running around like a headless chicken, juggling jobs, kids, and flaming kittens. On Tuesday I gave notice that I’m leaving my job with P3I, where I am working for the Air Force, and will soon be starting to do full-time contract work for a marketing company based in Raleigh. Luckily, this does not mean I will be moving!

I’ll post more info when I know more about it all, but in the mean time, make sure you check out the Top Ten ‘80s Robots (We Expected to Exist By Now). It’s funny ha-ha.

Part II: Setting up Apache, Tomcat, and mod_jk on RHEL4

On 3/15/2007, In Internet, Tech, Web Dev, Work, By Will

After managing to get Tomcat5.5 working with Apache2 using mod_jk, my next venture was to enable SSL using a self-signed certificate in Tomcat. This proved to be quite a task.

The system I’m setting up is running RedHat Enterprise Linux 4.4. I installed all the official RedHat RPM’s to get Tomcat and Apache talking together with mod_jk (see Part I of this tutorial).

After 4 days of banging my head on my keyboard, I noticed that when I would run:
#java -version
It spit out this:
Java(TM) 2 Runtime Environment, Standard Edition (build pxi32dev-20061002a (SR3) ) IBM J9 VM (build 2.3, J2RE 1.5.0 IBM J9 2.3 Linux x86-32 j9vmxi3223-20061001 (JIT enabled) J9VM - 20060915_08260_lHdSMR JIT - 20060908_1811_r8 GC - 20060906_AA) JCL - 20061002
This let me know that I am supposed to be using IBM’s version of java, which apparently is the default on my RedHat system, not Sun’s version. I think somewhere along the way I downloaded Sun’s jvm, and I assumed that I was supposed to be using it’s keytool to generate an SLL certificate for Tomcat, but such is not the case. This caused me much confusion, but here’s how I ended up fixing it:

1. Generate Keystore file
(NOTE: all of this assumes you already have Apache configured with SSL. I used OpenSSL, which I don’t go into here, but there are loads of resources online for you, and it’s relatively easy to do).

Assuming you have the default RedHat java rpm already installed, run this:
# /usr/lib/jvm/java-1.5.0-ibm-1.5.0.3/jre/bin/keytool -genkey -alias tomcat -keyalg RSA

NOTE: I used Tomcat’s default password of ‘changeit’ when prompted.

The keystore file gets dropped in the home directory of whatever user you are logged in as. I was root, so I then moved the keystore file to the tomcat home directory:
# mv /root/.keystore /etc/tomcat5/ # chown tomcat.tomcat /etc/tomcat5/.keystore

2. Next you have to edit Tomcat’s server.xml file
# nano /etc/tomcat5/server.xml

Uncomment the SSL connector and set it up like so:

 <connector port="8443" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" disableUploadTimeout="true" acceptCount="100" scheme="https" secure="true" clientAuth="false" algorithm="IbmX509" sslProtocol="SSL" keystoreFile="/etc/tomcat5/.keystore" keystorePass="changeit" />

Note that I added algorithm=“IbmX509” and I changed sslProtocol=“TLS” to sslProtocol=“SSL”. This is necessary to get things working with IBM’s jvm.

3. Restart everything
# service tomcat5 stop # service tomcat5 start # apachectl restart

If you were following along from my last article, then browse to:


https://yoursite.com:8443/hello.jsp

If all went well, you should see the hello.jsp page showing you the system time!

Setting up Apache, Tomcat, and mod_jk on RHEL4

On 3/1/2007, In Internet, OS's, Software, Tech, Web Dev, Work, By Will

I just got through setting up Tomcat5.5, Apache2, and mod_jk on a RedHat Enterprise AS4.4 machine at work. In the past, I have done this by compiling each component separately and fingling with config files until it all worked. But I wanted to stick with RedHat-approved RPM’s from the RedHat network to ease updates and patch management, and to allow the organization to have support options.

I had a lot of trouble finding any documentation on how to do this anywhere, so I thought I’d throw it out here for anyone in a similar situation in search of help.

The following are my notes, sprinkled with a little help I got from a RedHat support tech.

First, I had to enable the following channel within the RedHat Network for this system:

–Red Hat Application Server v. 2 (AS v. 4 for i386)

If you don’t have a RHEL license for updating your system, you will need one.

Once those channels were enabled, I installed the following packages using up2date at the command line:

# up2date tomcat5 # up2date tomcat5-webapps # up2date tomcat5-admin-webapps # up2date mod_jk-ap20

With the packages installed, I set out to configure a virtual host to pass requests to Tomcat as needed by using the mod_jk connector. The following steps explain how to do this for a web site called example.com using IP address 123.123.123.123. Substitute your domain and IP accordingly.

Step 1. — Add mod_jk to Apache

In /etc/httpd/conf/httpd.conf add this:

LoadModule jk_module modules/mod_jk.so <ifmodule mod_jk.c> JkWorkersFile "/etc/httpd/conf/workers.properties" JkLogFile "/etc/httpd/logs/mod_jk.log" JkLogLevel info JkLogStampFormat "[%a %b %d %H:%M:%S %Y]" </ifmodule>

That loads the module into Apache, tells apache where the worker is that will handle jsp/servlets, and tells Apache where to record log entries for mod_jk.

Step 2. — create a new file called /etc/httpd/conf/workers.properties and add this to it:

[channel.socket:example.com:8009] port=8009 host=example.com [uri:example.com/*.jsp] worker=ajp13:example.com:8009

Step 3. Create a virtual host in /etc/httpd/conf/httpd.conf like so:

<virtualhost 123.123.123.123:80> ServerAdmin webmaster@example.com ServerName www.example.com DocumentRoot /var/www/html JkMount /*.jsp ajp13 JkMount /servlet/* ajp13 # Deny direct access to WEB-INF </virtualhost>

Step 4. Set up Tomcat5 by adding this to /etc/tomcat5/server.xml just before the very last </Engine> tag at the bottom of the document:

<host name="example" appBase="/var/www/html" unpackWARs="true" autoDeploy="true"> <context path="" docBase="" debug="0" reloadable="true"/> <alias>www.example.com</alias> <valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" prefix="web1_access_log." suffix=".txt" pattern="common" resolveHosts="false"/> </host>

Still with me? We are almost done.

Step 6. Create a sample jsp file called /var/www/html/test.jsp and add this to it:

Time: < %= new java.util.Date() %>

Step 7. Start up the services
# apachectl start # service tomcat5 start

Step 8. Try it!

Browse to http://www.example.com/test.jsp

If all went well, you should see the system’s current date and time when you load the web page. Congrats. Hope it works for you!

The Old Switcheroo

On 12/20/2006, In Tech, Web Dev, Work, By Will

On January 2 I’ll be going back to work at the Air Force Combat Climatology Center, but this time with a new contractor, P3I. My previous time there ended when the contract ran out and there was no money left to rehire me, but the new contract started with the new company, and it is good for a few years. They made me an offer I couldn’t refuse, and Alicia and I decided we were in need of a little stability in the work scenario right now. My position will be Web Applications Developer and Designer. That’s a mouthful.

I’m really looking forward to being back there in a lot of ways. I had a lot of good friends there, and have missed the comradarie as well as being able to work on some high-end applications and systems. I’ll be able to hit the ground running since I spent a year and a half there already.

However, I’ll definitely miss the flexibility I’ve had and the fun time I’ve enjoyed with Position Builders, especially the hacky sack breaks. It was really tough to make this decision, and I feel bad about leaving what was an excellent job with great people.

So that’s the news.

Following up on the previous post about the Ion ITTUSB turntable, I can’t find one in stock anywhere. I went ahead and placed an order with Amazon, but they said they wouldn’t have it in stock until January 27 — February 15. If anyone knows of anywhere that has one of these things in stock, PLEASE let me know! I can’t wait that long!

Will Chatham