Linux: htpasswd: command not found

Ooops!

It’s easy… if you have Apache installed then it means it’s not in your path. Did you complile your Apache yourself? If so it should be here:
/path-to-your-apache-folder/bin/htpasswd

Want to add it to your path:
PATH=$PATH:/path-to-your-directory

Or create a .bash_profile in your home directory and add that variable there, then execute
source ~/.bash_profile

Works for everything else as well!

Linux: .htaccess and .htpasswd files

You can use .htaccess to protect a directory on your Apache web server. Users trying to access a protected directory will be asked to enter a user and password. .htaccess defines the protected directory, and .htpassword stores your password hashes.

.htaccess normally looks like this:

AuthName "Title"
AuthUserFile /path-to-your-htpasswd-file/.htpasswd
AuthType Basic
require valid-user

To create a .htpasswd file:
htpasswd -c /path.to.the.folder.you.want.to.protect/.htpasswd <username>

or

htpasswd -c <username>

and you will be prompted to enter a password for <username>

Of course, you can use a .htpasswd generator. Remember, Google is your friend 🙂

Linux: Run tomcat with apache – mod_jk configuration

Disclaimer: I found an old note with these instructions on it. I’m sure that I’ve taken these from other blog(s) but unfortunately I cannot find the source to give complete credit to. Since this is a very useful how-to I decided to clean it up and publish it for everyone to read, but if author(s) stumble upon this page and provide a link to original document(s) I will be more than happy to give them full credit.

There are a few reasons why we’d want to configure Tomcat to run with Apache. For me the most important is security and the fact that I’d like to run my web servers on port 80. In order to run Tomcat on port 80 it has to run as root which is not safe and absolutely not recommended. I am going to show you how to configure your Apache to run and pass connections to Tomcat.

What I normally like to do in such situation is to compile Apache instead of installing from repositories, install and configure Java and Tomcat, and then complile mod_jk to provide Tomcat/Apache connector. Basically all steps will be manual. Perhaps all this can be done using repositories too, but this way I can keep things updated as they updates come out by the developers, not when they become available in repositories.

To simplify the solution and make it a universal tutorial, I am going to refer to each product by its name. Therefore we will be renaming all extracted folders to their generic names. For instance, latest versions of Apache, Tomcat, Java and mod_jk are 2.2.11, 6.0.18, 6u11 and 1.2.27 respectively (Jan 09), but we are going to refer to them as just Apache, Tomcat, Java and mod_jk. I have actually renamed them right after they were extracted before I placed them onto their permanent directories. I am going to use /usr/local as my installation directory but you can place them in /opt or any other directory you wish.

Most steps are performed under a non-root account. I will let you know when to use the root account.

Installing Apache:

Log on with your non-root account.
Download Apache tar package from http://www.apache.org and extract. This directory will be called “apache” from this point forward.
Change directory to apache ‘cd apache’.

Prepare the product to compile:

In apache directory:
./configure --prefix=/usr/local/apache
make
Change to root user: su
make install

Once it’s complete run apache:
/usr/local/apache/bin/apachectl start
test installation by browsing the target address. If it’s running then stop the process:
/usr/local/apache/bin/apachectl stop

Install Java (I’m using jdk):

Download Java self-extracting package from http://www.java.com. Whatever this file is, we call it java.bin.
Make it executable:
chmod +x java.bin
Execute:
./java.bin
Once you’re done with the installation you will have a directory jre1xxxxx. We will refer to this directory as “java”.
Become root: su (to move directory to /usr/local)
Move the directory to its final resting place. Mine sits in /usr/local:
mv java /usr/local

Install Tomcat:

Download Tomcat from http://tomcat.apache.org and extract the tar ball. We will call this directory “tomcat” from now on.
Become root: su (to move directory to /usr/local)

Move this directory to /usr/local:
mv tomcat /usr/local

Now it’s time to configure our paths. Edit your .bash_profile:

STOP: This is local to the user running Tomcat. Each user who’ll be running Tomcat should have a bash_profile in their own home directory.
nano ~/.bash_profile

and add the following lines:
export JRE_HOME=/usr/local/java
export JAVA_HOME=/usr/local/java
export CATALINA_HOME=/usr/local/tomcat

Save and exit, then execute the following command:
source ~/.bash_profile

Now test your Tomcat: as non-root user:
/usr/local/tomcat/bin/startup.sh

browse to http://localhost:8080. If it’s working then shut it down:
/usr/local/tomcat/bin/shutdown.sh

Installing connector (mod_jk):

Download mod_jk connector from http://tomcat.apache.org/download-connectors.cgi and extract. We will call this new directory “connector”.
Go to connector/native.
To prepare:
./configure --with-apxs=/usr/local/apache/bin/apxs
make
Become root and:
make install
Check to see if mod_jk.so is in /usr/local/apache/modules. If it’s there then you’ve so far been successful.

Create the connector:

Create a file called “connector.conf” in apache/conf directory:
nano /usr/local/apache/conf/connector.conf

and copy/paste the following lines in that file, save and exit:
workers.tomcat_home=/usr/local/tomcat
workers.java_home=/usr/local/java
ps=/
worker.list=myworker
worker.myworker.port=8009
worker.myworker.host=localhost
worker.myworker.type=ajp13
worker.myworker.lbfactor=1

Add the following lines to httpd.conf:
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/connector.conf
JkLogFile logs/mod_jk.log
JkLogLevel error
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
JkRequestLogFormat "%w %V %T"
JkMount /*.jsp myworker
JkMount /* myworker

Now, start both Apache and Tomcat. You should be able to view the Tomcat default page in http://localhost AND http://localhost:8080. This means that the connector is working. To increase security disable http access to Tomcat through port 8080.

Note: Apache will automatically start after reboot, but you will have to add Tomcat to your startup script manually. Here is a startup script you can copy to your /etc/init.d and make it executable to start/stop your server. I don’t remember where I got this script from, but just so you know, it’s not mine. Good thing about this script is that even if you run this as root, it will run your Tomcat server as user specified in line 6.

Note: become root to run Apache. If you use the following script for your Tomcat, you may also run it as root. It will switch to specified user once it’s executed. I don’t use the script, however, what I do is to add it to my root crontab and have run it as non-root user. This is the command I use:
su - <username> -c /usr/local/tomcat/bin/startup.sh

Here is the script to run Tomcat (not mine, I found it in a mailing list):
#!/bin/sh
# Tomcat Startup Script

TOMCAT_OWNER=<user who will run tomcat>; export TOMCAT_OWNER

start() {
echo -n "Starting Tomcat: "
su $TOMCAT_OWNER -c $CATALINA_HOME/bin/startup.sh
sleep 2
}
stop() {
echo -n "Stopping Tomcat: "
su $TOMCAT_OWNER -c $CATALINA_HOME/bin/shutdown.sh
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: tomcat {start|stop|restart}"
exit
esac

OpenSuSE: Disable firewall completely

I was wondering… why I can’t connect through ssh. sshd daemon is running fine, so I found out that OpenSuSE installs its stikin’ firewall by default and blocks everything. I’m pretty well protected behind enough high end security devices, and don’t need to micro-manage my connection. Here is how I disabled the firewall altogether:
/sbin/SuSEfirewall2 off

To start the firewall:
/sbin/SuSEfirewall2 on

If you want to temporarily disable your firewall:
/etc/init.d/SuSEfirewall2_setup stop

Enter the above line without “stop” and you will see all available switches.

OpenSuSE: ping: unknown host, and connect: network is unreachable

WAIT: Read the whole post before applying any changes. You will know why once you’re done!
Note: Seems like it’s kind of common for SuSE, but you can easily modify the few specific lines to work with your distro. Most commands are common Linux stuff.

This is not my first day with SuSE, really, but since I’ve been considering an enterprise distro for a few servers at work, and the fact that I rather have my jewels stabbed with a sharp icepick instead of touching REHL I started playing around with OpenSuSE 11.1. This is what I’ve been running into pretty much all day today AFTER I changed DHCP to static. Here is what I did: First edited my resolv.conf to add my DNS servers:
nano /etc/resolv.conf

added the following lines:
nameserver <internal DNS server IP>
domain <FQDN>
search <FQDN>

Fixed, right? Not quite. Now it can resolve internal servers’ hostnames, but when I trie to ping an external site I started getting “connect: network is unreachable error”. I looked at my ifconfig and noticed IPv6 crap showing up. I went ahead and disabled IPv6. You can either add the following lines to your /etc/modprobe.conf and reload modules, or just do them in shell directly:
echo "alias net-pf-10 off" >> /etc/modprobe.conf
echo "alias ipv6 off" >> /etc/modprobe.conf

Here I am, standing in front of a bowl of mashed potatoes with no pants on… this SuSE experiment has been a pain in the neck so far. A quick spark made me try:
ip route show all

and it returned:
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.76
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link

Oh, snap! Seems like there is no default gateway setup on the system, while I have the line in my /etc/sysconfig/network/ifcfg-eth0. I went ahead with the following command:
route add default gw 192.168.1.1

and booya! This is what “ip route show all” returns at the moment:
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.76
169.254.0.0/16 dev eth0 scope link
127.0.0.0/8 dev lo scope link
default via 192.168.1.1 dev eth0

I’m happy… feelin’ glad :P, but my enjoyment is short lived. It lost the gateway after a reboot and same headache was about to start, but now I know how to fix that one! Tried:
nano /etc/sysconfig/network/routes

and added the line:
default 192.168.1.1

Rebooted and it seems like I’m golden this time. Note that can go ahead and create the file if it does not already exist.

Note: It wasn’t IPv6’s fault after all, but since I don’t need it I left it disabled. Now I’m leaving everything here, just in case. You just pick what you need, or perform from the bottom up (that’s what she said!)