Ubuntu

Securing Apache with SSL on Ubuntu 14

Prerequisites
$ sudo apt-get update
$ sudo apt-get install apache2
Activate the SSL Module
$ sudo a2enmod ssl
$ sudo service apache2 restart
Create a Self Signed SSL Certificate
You are required to create a self signed certificate and attach it to the Apache SSL configuration. You may create at any preferred location. Here there are moved to a new directory /etc/apache2/ssl.
$ sudo service apache2 restart
$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt
Configure Apache to use SSL
Edit default-ssl.conf (/etc/apache2/sites-available), file that contains the default SSL configuration.
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        ServerAdmin admin@example.com
        ServerName example.com
        ServerAlias www.example.com
        DocumentRoot /var/www/html
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/apache.crt
        SSLCertificateKeyFile /etc/apache2/ssl/apache.key
        <FilesMatch "\.(cgi|shtml|phtml|php)$">
                        SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory /usr/lib/cgi-bin>
                        SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch "MSIE [2-6]" \
                        nokeepalive ssl-unclean-shutdown \
                        downgrade-1.0 force-response-1.0
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
    </VirtualHost>
</IfModule>
Activate the SSL Virtual Host

$ sudo a2ensite default-ssl.conf
$ sudo service apache2 restart

Test the Virtual Host with SSL
Now you can test the application with https://<your-domain> it should work!
References
VN:F [1.9.22_1171]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)

Tomcat Startup Script – Ubuntu 14.04 LTS

Environment : Ubuntu 14.04 LTS

Prerequisites: Java and Tomcat installed in your machine/instance. JAVA_HOME should be set already before start.

Step 1: Create a file called “tomcat” under /etc/init.d folder and have the contents as below.

#!/bin/bash
#
# tomcat
#
# chkconfig:
# description:  Start up the Tomcat servlet engine.

# Source function library.
TOMCAT_DIR=/home/crishantha/lib/apache-tomcat-7.0.63

case "$1" in
 start)
   $TOMCAT_DIR/bin/startup.sh
   ;;
 stop)
   $TOMCAT_DIR/bin/shutdown.sh
   sleep 10
   ;;
 restart)
   $TOMCAT_DIR/bin/shutdown.sh
   sleep 20
   $TOMCAT_DIR/bin/startup.sh
   ;;
 *)
   echo "Usage: tomcat {start|stop|restart}" >&2
   exit 3
   ;;
esac

Step 2: Make the script executable

sudo chmod a+x tomcat

Step 3: Test the above script by executing the commands below

sudo ./tomcat start
sudo ./tomcat stop

Step 4: Registering the above script as an init script. The following will make sure to execute “start” or “stop” at the system run levels. Generally default start happens on 2 3 4 5 run levels. Default stop happens on 0 1 6 run levels.

sudo update-rc.d tomcat defaults

Step 5: Now reboot the machine/instance to see everything is fine

VN:F [1.9.22_1171]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.22_1171]
Rating: +1 (from 1 vote)

Creating LXC instances on Ubuntu 14 LTS

Hypervisor Virtualization Vs OS level / Container Virtualization

Unlike hypervisor virtualization, where one or more independent machines run virtually on physical hardware via an intermediation layer, containers instead run user space on top of an operating system’s kernel. As a result, container virtualization is often called operating system-level virtualization.

Container /OS level virtualization, provide multiple isolated Linux environments on a single Linux host. It shares the host OS kernel and make use of the Guest OS system libraries for providing the required OS capabilities.This allows containers to have a very low overhead and to have much faster startup time compared to VMs.

As limitations, containers also been considered as less secure compared to hypervisor virtualization. However countering this argument, containers lack the larger attacker surface compared to full operating systems deployed by the hypervisor virtualization.

The most recent OS level virtualiztion/ containers are considered as OpenVZ, Oracle Solaris Zones, Linux LXCs.

LXC Containers

Linux Container (LXC), is a fast, lightweight, and OS-level virtualization technology that allows us to host multiple isolated Linux systems in a single host.

Installing LXC on Ubuntu 14 LTS

LXC is available on Ubuntu default repositories. Simply type the following for a complete installation.

sudo apt-get install lxc lxctl lxc-templates

To check the successful completion, type

sudo lxc-checkconfig

If everything is fine, it will show something similar to the following

Kernel configuration not found at /proc/config.gz; searching...
Kernel configuration found at /boot/config-3.13.0-32-generic
--- Namespaces ---
Namespaces: enabled
Utsname namespace: enabled
Ipc namespace: enabled
Pid namespace: enabled
User namespace: enabled
Network namespace: enabled
Multiple /dev/pts instances: enabled

--- Control groups ---
Cgroup: enabled
Cgroup clone_children flag: enabled
Cgroup device: enabled
Cgroup sched: enabled
Cgroup cpu account: enabled
Cgroup memory controller: enabled
Cgroup cpuset: enabled

--- Misc ---
Veth pair device: enabled
Macvlan: enabled
Vlan: enabled
File capabilities: enabled

Note : Before booting a new kernel, you can check its configuration
usage : CONFIG=/path/to/config /usr/bin/lxc-checkconfig
Creating LXC
sudo lxc-create -n <container-name> -t <template>

The <template> can be found in the  /usr/share/lxc/templates/ folder.

For example, if you need to create an Ubuntu container, you may execute,

sudo lxc-create -n ubuntu01 -t ubuntu

If you want to create an OpenSUSE container you may execute,

sudo lxc-create -n opensuse1 -t opensuse

If you want to create a Centos container, you may execute,

sudo apt-get install yum // This is require as a prerequisite for centos installation
sudo lxc-create -n centos01 -t centos

Once created you should be able to list all the LXCs created.

sudo lxc-ls

To list down the complete container information,

sudo lxc-info -n ubuntu01
Starting LXC

Execute following command to start the created containers.

sudo lxc-start -n ubuntu01 -d

Now use the following to log in to the started containers.

sudo lxc-console -n ubuntu01

The default userid/password is ubuntu/ubuntu.

[To exit from the console, press “Ctrl+a” followed by the letter “a”.]

If you need to see the assigned IP address and the state of any created instance,

sudo lxc-ls --fancy ubuntu01
Stopping LXC
sudo lxc-stop -n ubuntu01
Cloning LXC
sudo lxc-stop -n ubuntu01
sudo lxc-clone ubuntu01 ubuntu02
sudo lxc-start -n ubuntu02
Deleting LXC

sudo lxc-destroy -n ubuntu01

Managing LXC using a Web Console
sudo wget http://lxc-webpanel.github.io/tools/install.sh -O - | bash

Then, access the LXC web panel using URL: http://<ip-address>:5000. The default username/password is admin/admin

References:

1. Setting up Multiple Linix System Containers using Ubuntu 14 LTS - http://www.unixmen.com/setting-multiple-isolated-linux-systems-containers-using-lxc-ubuntu-14-04/

2. LXC Complete Guide – https://help.ubuntu.com/12.04/serverguide/lxc.html

3. The Evolution of Linux Containers and Future – https://dzone.com/articles/evolution-of-linux-containers-future

4. Can containers really ship software –  https://dzone.com/articles/can-containers-really-ship-software

VN:F [1.9.22_1171]
Rating: 8.5/10 (2 votes cast)
VN:F [1.9.22_1171]
Rating: +2 (from 2 votes)
Go to Top