Certificate Signing Request (CSR) contains all the information regarding certificate application. It also includes the Public key.

Following steps will show how to generate a pair of private key and public Certificate Signing Request (CSR) for a webserver, “server” using Apache mod_ssl/OpenSSL.

root@vps [~]# openssl req -new -nodes -keyout vps.key -out vps.csr

This creates a two files. The file vps.key contains a private key;

Following is the output from the above command, you will have to fill some of the fields here:

root@vps [~]# openssl req -new -nodes -keyout vps.key -out vps.csr

Generating a 1024 bit RSA private key
……………++++++
……++++++
writing new private key to ‘vps.key’
—–
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:GB
State or Province Name (full name) [Berkshire]:Berkshire
Locality Name (eg, city) [Newbury]:Newbury
Organization Name (eg, company) [My Company Ltd]:Trulymanaged
Organizational Unit Name (eg, section) []:Webhosting
Common Name (eg, your name or your server’s hostname) []:vps.server.com
Email Address []:vps@server.com

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:sdfhsdfj
An optional company name []:

Your CSR will now have been created. Open the vps.csr in a text editor and copy and paste the contents into the online enrollment form when requested.

The Apache Feature List

One of the greatest features that Apache offers is that it runs on virtually all widely used computer platforms. At the beginning, Apache used to be primarily a Unixbased Web server, but that is no longer true Apache not only runs on most (if not all) flavors of Unix, but it also runs on Windows 2000/NT/9x and many other desktop and server-class operating systems such as Amiga OS 3.x and OS/2.

Apache offers many other features including fancy directory indexing; directory aliasing; content negotiations; configurable HTTP error reporting; SetUID execution of CGI Programs; resource management for child processes; server-side image maps; URL rewriting; URL spell checking; and online manuals.

The other major features of Apache are:

* Support for the latest HTTP 1.1 protocol: Apache is one of the first Web servers to integrate the HTTP 1.1 protocol. It is fully compliant with the new HTTP 1.1 standard and at the same time it is backward compatible with HTTP 1.0. Apache is ready for all the great things that the new protocol has to offer.

For example, before HTTP 1.1, a Web browser had to wait for a response from the Web server before it could issue another request. With the emergence of HTTP 1.1, this is no longer the case. A Web browser can send requests in parallel, which saves bandwidth by not transmitting HTTP headers in each
request. This is likely to provide a performance boost at the end-user side because files requested in parallel will appear faster on the browser.

* Simple, yet powerful file-based configuration: The Apache server does not come with a graphical user interface for administrators. It comes with single primary configuration file called httpd.conf that you can use to configure Apache to your liking. All you need is your favorite text editor. However, it is flexible enough to allow you spread out your virtual host configuration in multiple files so that a single httpd.conf does not become too cumbersome to manage with many virtual server configurations.

* Support for CGI (Common Gateway Interface): Apache supports CGI using the mod_cgi and mod_cgid modules. It is CGI 1.1 compliant and offers extended features such as custom environment variables and debugging support that are hard to find in other Web servers.

* Support for FastCGI: Not everyone writes their CGI in Perl, so how can they make their CGI applications faster? Apache has a solution for that as well. Use the mod_fcgi module to implement a FastCGI environment within Apache and make your FastCGI applications blazing fast.

* Support for virtual hosts: Apache is also one of the first Web servers to support both IP-based and named virtual hosts.

* Support for HTTP authentication: Web-based basic authentication is supported in Apache. It is also ready for message-digest-based authentication, which is something the popular Web browsers have yet to implement. Apache can implement basic authentication using either standard password files, DBMs, SQL calls, or calls to external authentication programs.

* Integrated Perl: Perl has become the de facto standard for CGI script programming.\ Apache is surely on of the factors that made Perl such a popular CGI programming language. Apache is now more Perl-friendly then ever before. Using its mod_perl module, you can load a Perl-based CGI script in memory and reuse it as many times as you want. This process removes the start-up penalties that are often associated with an interpreted language like Perl.

* Support for PHP scripting: This scripting language has become very widely used and Apache provides great support for PHP using the mod_php module.

* Java Servlet support: Java servlets and Java Server Pages (JSP) are becoming very commonplace in dynamic Web sites. You can run Java servlets using the award-wining Tomcat environment with Apache.

* Integrated Proxy server: You can turn Apache into a caching (forward) proxy server. However, the current implementation of the optional proxy module does not support reverse proxy or the latest HTTP 1.1 protocol. There are plans for updating this module soon.

* Server status and customizable logs: Apache gives you a great deal of flexibility
in logging and monitoring the status of the server itself. Server status can
be monitored via a Web browser. You can also customize your log files to your
liking.

* Support for Server-Side Includes (SSI): Apache offers set of server side includes that add a great deal of flexibility for the Web site developer.

* Support for Secured Socket Layer (SSL): You can easily create an SSL Web site using OpenSSL and the mod_ssl module for Apache.

Cheers

How to login direct using “webmail.domain.com” in to Squirrelmail or Horde of any account?

First you need to create a subdomain that you want to redirect to your preferred Webmail client [Squirrelmail /Horde].

Following are the steps to create subdomain.

1. Login in to your cPanel interface.

2. Select the Subdomain option, and create the subdomain. (For eg: webmail.domain.com)

3. Once it has been created, go to the File Manager option of the cPanel.

4. Change path to “public_html” by selecting the folder image beside the text “public_html”

5. Now change the path to folder that was create by your subdomain. (as per our example it would be the “ebmail” folder)

6. Once inside this directory webmail you will see “.htaccess” file, if it’s not there then you need to create it manually.

* If it is not there then create new using below steps : (if it already exists proceed to step 10)

7. Create it [.htaccess] by selecting the “Create New File” option.

8. A menu appears in the top right corner of the File Manager interface. Choose “Text Document” and name it “.htaccess” [without quotes]

9. Now refresh File Manager and you will then see your new file [.htaccess] in the listing of that directory.

10. Click on the text title for the .htaccess file on the left side of the screen and a menu appears in the top right of the screen.

11. Choose the “Edit File” option, a new window opens.

12. Add the following lines:

If You Want To Redirect “webmail.domain.com” to the Squirrel Mail Client

RewriteEngine on
RewriteCond %{HTTP_HOST} ^webmail.domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.webmail.domain.com$
RewriteRule ^(.*)$ http://domain.com:2095/3rdparty/squirrelmail/index.php$1 [R=301,L]

If You Want To Redirect “webmail.domain.com”to the Horde Webmail Client

RewriteEngine on
RewriteCond %{HTTP_HOST} ^webmail.domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.webmail.domain.com$
RewriteRule ^(.*)$ http://domain.com:2095/horde/$1 [R=301,L][/QUOTE]

NOTE :- replace “domain.com” above with your actual domain name.
Enjoy Direct Webmail Client Login.

What is SPF? [Sender Policy Framework]
SPF (Sender Policy Framework) is a standard that was created in order to stop and eliminate the forged or spoofed sender email addresses in the mail envelope SMTP MAIL FROM or Return-Path that commonly used in spam message. SPF is not directly about stopping spam – junk email. SPF works as an extension to the Simple Mail Transfer Protocol (SMTP), and allows relay MTA (Mail Transport Agent) to identify and reject those e-mail spam sent from unauthorized and unapproved mail server. SPF was created in 2003 to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send hundreds, thousands or even millions of emails illicitly.

How SPF Work?
SPF enable domain’s email delivery operation works in such a way, Owner of an Internet domain name defines SPF records using a special format of TXT records in the domain zone DNS name server. The SPF specifies which machines are authorized to transmit e-mail for that domain. When an email is received by a mail server, the MTA will query the SPF records from DNS resolver to determine whether the email is originated from a legitimate server. If SPF PASS result is returned, the email is accepted and got delivered. Else if SPF FAIL result is returned, the email is rejected and bounced.

Is SPF is Must?
SPF records is not must, but it’s a good to set up the SPF records to stop spam fault from illegally spoofing. If your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer).
Now many mail servers such as AOL and Hotmail now require valid SPF record for inclusion in their whitelist program so if you don’t have one your email will probably not be delivered to that server.

How to Set up SPF record for a domain?
The major issue for SPF records are how to write and create a properly SPF record which is valid and correct for the domains, as all SMTP server that sends email for the domains must be defined.

For SPF to work you have to add, to each DNS zone a record similar to this:

domain.com. 14400 IN TXT "v=spf1 a mx -all"

note:- “.” is necessary after the “domain.com” otherwise SPF fails to work.
“domain.com” is the domain for which you were adding SPF record.
Syntax used is as follows,
You will notice that all SPF record start with v=spf1. “v=” defines the version of SPF used, and is mandatory to identify it’s the SPF record. Currently only the only version supported is spf1.
A :- If the domain name has an A record corresponding to the sender’s address, it will match. (That is, the mail comes directly from the domain name.)
MX :- If the domain name has an MX record resolving to the sender’s address, it will match. (That is, the mail comes from one of the domain’s mail servers)
ALL :- Matches always, used for a default result like -all for no other IP’s are allowed to send emails.

You can read all the options that you have by visiting: http://www.openspf.org/SPF_Record_Syntax

CRON
Cron is a scheduling daemon process on Linux and other Unix variants, it enables unix users to execute commands or scripts (groups of commands) automatically at a specified time/date. Cron is very useful to run backup scripts.

Cron Files/Directory
/etc/crontab
/etc/cron.d
/var/spool/cron/(username)

/etc/cron.hourly
/etc/cron.daily
/etc/cron.weekly
/etc/cron.monthly

Crontab Restrictions
Cron has a built in feature of allowing you to specify who may and who may not use it. It can done by using “/etc/cron.allow” and “/etc/cron.deny” files.
If the username exist in the file “/etc/cron.allow“, that user is authorize to execute cron. If “/etc/cron.allow” file does not exist, you can use crontab if username does not appear in the file “/etc/cron.deny“. If only “cron.deny” exists and its empty, than all users can use crontab. If neither file exists, than only the root user can use crontab. The “allow/deny” files consist of one user name per line.

Crontab Options and Explanation
A crontab file has five fields for specifying time, day and date followed by the command to be run at that interval. Below is Crontab syntax,

*  *  *  *  * command to be executed
-  -  -  -  -
| | | | |
| | | | +—– day of week
| | | +——– month
| | +———– day of month
| +————— hour
+—————— minute
Minute (0-59),
Hour (0-23),
Day of the month (1-31),
Month of the year (1-12),
Day of the week (0-6 with 0=Sunday).

* Is treated as a wild card. Meaning all possible value.
*/5 is treated as ever 5 minutes, hours, days, or months. Replacing the 5 with another numerical value will change this option.
2,8,12 “,” Treated as an “OR“, so if placed in the hours, this could mean at 2, 8 or 12 o-clock. Or if put in days it would be on 2,8 and12. “,” is used to define more options [date, time, day]
6-10 Treats for any value between 6 and 10. So, if placed in day of month this would be days 6 through 16. Or if put in hours it would be between 6 and 10. “-” is used to define the range [date, time]

Crontab Commands
crontab -e Edit your crontab file, or create one if it doesn’t already exist.
crontab -l Display your crontab entries.
crontab -r Remove your current crontab entry..
crontab -u username -e This option allows you to modify or view the crontab file of a user, only super user can use this option.

If your sites are using php as the major scripting & the server load is highly around 10+, PHP Cachers like APC , Xcache or Eaccelerator can are really help to minimize the load to 1-2.

APC: The Alternative PHP Cache (APC) is a free and open opcode cache for PHP. It was conceived of to provide a free, open, and robust framework for caching and optimizing PHP intermediate code.

XCache: XCache is a open-source opcode cacher, which means that it accelerates the performance of PHP on servers. It optimizes performance by removing the compilation time of PHP scripts by caching the compiled state of PHP scripts into the shm (RAM) and uses the compiled version straight from the RAM. This will increase the rate of page generation time by up to 5 times as it also optimizes many other aspects of php scripts and reduce serverload.

Eaccelerator: It is a free open-source PHP accelerator, optimizer, and dynamic content cache. It increases the performance of PHP scripts by caching them in their compiled state, so that the overhead of compiling is almost completely eliminated. It also optimizes scripts to speed up their execution. eAccelerator typically reduces server load and increases the speed of your PHP code by 1-10 times.

How to converting MYSQL table from InnoDB engine to MyISAM

I have problem of table repair in InnoDB so I need to convert InnoDB to the engine MyISAM.

I converted a MySQL table’s InnoDB to the engine MyISAM.

The code I found for conversion:

ALTER TABLE Tablename ENGINE=MYISAM

You can replace MYISAM engine to InnoDB, ISAM, HEAP and etc.

Zombie process or defunction process is a process that has completed execution but still has an entry in the process table. The term zombie process derives from the common definition of zombie—an undead person.

Zombie processes are mostly harmless: they are a process which has finished and is sticking around because their parent hasn’t reaped their exit status. Normally it will do no harm to your system except resource waste.

You can use below command to kill zombie processes:

for i in `ps ax | grep Z | awk {’print $1?}`;do kill -9 $(cat /proc/${i}/status | grep PPid | awk {’print $2?});done

Download and Install JAVA

Download j2sdk-1.4.2 from Sun Download center http://developers.sun.com/downloads/ Here I have used j2sdk-1_4_2_18-linux-i586-rpm.bin which will install j2sdk using RPMS and set the Path of JAVA_HOME automatically

#chmod +x j2sdk-1_4_2_09-linux-i586.bin
#./j2sdk-1_4_2_09-linux-i586.bin

Now Check if Java is installed on the server using command java -version

[root@vps907 ~]# java -version
java version “1.6.0_07″
Java(TM) SE Runtime Environment (build 1.6.0_07-b06)
Java HotSpot(TM) Client VM (build 10.0-b23, mixed mode, sharing)

Download Tomcat

Now Download Tomcat from Apache Website and exract it

#cd /usr/local/
#wget http://bluedogfan.com/mirrors/apache/tomcat/tomcat-6/v6.0.18/bin/apache-tomcat-6.0.18.tar.gz
#tar -zxvf apache-tomcat-6.0.18.tar.gz

Create Symlink for the Tomcat Folder

#ln -s /usr/local/apache-tomcat-6.0.18 /usr/local/apache/tomcat

Install Tomcat

#cd apache-tomcat-6.0.18
#cd bin
#tar xvfz jsvc.tar.gz
#cd jsvc-src
#chmod +x configure
#./configure
#make
#cp jsvc ..
#cd ..

Start Tomcat

Use Following script to start Tomcat Service on the Server

#/usr/local/apache/tomcat/bin/startup.sh

Running Tomcat as non root user

Due to security reasons always run tomcat as non-root user i.e. tomcat. To run it as tomcat first you will have to change the ownership of the tomcat folder

#chown tomcat.tomcat /usr/local/apache-tomcat-6.0.18 -R

Now Tomcat can be stopped and started under user tomcat using following commands:

#su -l tomcat -c /usr/local/apache/tomcat/bin/startup.sh
#su -l tomcat -c /usr/local/apache/tomcat/bin/shutdown.sh

Test Tomcat installation
open a browser and browse website http://xx.xx.xx.xx:8080 where xx.xx.xx.xx will be your Server IP and If you get following output than Tomcat has been installed properly on the Server.

Creating Script to start, stop and restart Tomcat

The above installation step will not create tomcat service so that user can restart tomcat using command service tomcat restart. Create a new file in /etc/init.d as tomcat and copy following contenents into it.

#vi /etc/init.d/tomcat

Save and exit from the file. Now assign executable permission to this file

#chown 755 /etc/init.d/tomcat

Enable it for all the Run-levels

#chkconfig –add tomcat
#chkconfig tomcat on

Now you can restart tomcat service using following commands (you can check the screenshot too)

#service tomcat restart <<< To restart tomcat
#service tomcat stop <<< To stop Tomcat
#service tomcat start <<< To start Tomcat
#service tomcat Status <<< to check the status of Tomcat

DomainKeys is an e-mail authetication mechanism designed for verifying the identity of an email sender. It is one of cryptographic authentication method to verify sender’s identity and the integrity of email content. It also verify DNS records of domain of an email sender and the message integrity. DomainKeys has implemented standard of Identified Internet Mail to create enhanced protocol called DomainKeys Identified Mail (DKIM)

How it works and mail is identified as spam or legitimate.

Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. Basically mailservers generate a public and private key pair and sign outgoing messages with the private key and published the public key as part of their DNS record. The public key published by mailservers can be used to confirm that the sender of the email has not been spoofed.

Email without headers can be used as part of the process of identifying spam.

You can install and use DomainKeys on all cPanel server as cPanel has included this feature for email authentication.

Type the following command on server to enable domainkeys.

#/usr/local/cpanel/bin/domain_keys_installer username (username=cPanel account like alan etc.)

So enjoy the emails without spam