Linux Servers

35
GNU/Linux Servers GNU/Linux Servers NFM 2008 NFM 2008

description

A Brief presentation about different linux server programmes like apache,openldap,mysql etc..

Transcript of Linux Servers

Page 1: Linux Servers

GNU/Linux ServersGNU/Linux Servers

NFM 2008NFM 2008

Page 2: Linux Servers

Majour ServersMajour Servers

● Apache HTTP ServerApache HTTP Server● Squid Proxy and CacheSquid Proxy and Cache● Samba ServerSamba Server● FTP Server [vsftpd]FTP Server [vsftpd]● Database Server [Postgresql,Mysql,Sqllite]Database Server [Postgresql,Mysql,Sqllite]● Email Server [sendmail,postfix]Email Server [sendmail,postfix]● FirewallFirewall

Page 3: Linux Servers

Web ServerWeb Server

ApacheApache

Page 4: Linux Servers

Introduction to ApacheIntroduction to Apache

● The Apache group was formed in 1995The Apache group was formed in 1995

● Apache => A Patchy ServerApache => A Patchy Server

● Largely because the patches to NCSA server that Largely because the patches to NCSA server that resulted in this new webserver. It actually got its resulted in this new webserver. It actually got its name from the native American Tribename from the native American Tribe

● Apache Version 1.0 was released in December, 1995Apache Version 1.0 was released in December, 1995

● World's most used web­server since April, 1996 World's most used web­server since April, 1996

● http://news.netcraft.com/archives/web_server_survey.htmlhttp://news.netcraft.com/archives/web_server_survey.html● 50.43% october 200850.43% october 2008

Page 5: Linux Servers

FactsFacts

● Easy administration using web based Easy administration using web based interface [webmin]interface [webmin]

● No cost to setup a server. No cost to setup a server. ● As easy as download a CD and install.As easy as download a CD and install.● Lower maintenance. Lower maintenance. ● Keeps running for years.Keeps running for years.● Better Security than IISBetter Security than IIS

Page 6: Linux Servers
Page 7: Linux Servers

FeaturesFeatures

● Virtual HostingVirtual Hosting● Acess ConfigurationAcess Configuration● SecuritySecurity● mod_rewritemod_rewrite

Page 8: Linux Servers

Single website/Virtual HostingSingle website/Virtual Hosting● Single Website Single Website

● The host definitions go into the main configurationThe host definitions go into the main configuration

● Any connection to the server returns the same set of pageAny connection to the server returns the same set of page

● Virtual HostingVirtual Hosting● Ip based virtual hostingIp based virtual hosting

– Multiple IP addresses to the same machineMultiple IP addresses to the same machine● Name based virtual hostingName based virtual hosting

– Multiple domain names to the same IP addressMultiple domain names to the same IP address● Port based virtual hostingPort based virtual hosting

– Hanlding the request in a particular portHanlding the request in a particular port

Page 9: Linux Servers

Access ConfigurationAccess Configuration

● Allow fromAllow from● Allow access from the given networks and addresses or Allow access from the given networks and addresses or

when the environment satisfies a conditionwhen the environment satisfies a condition

● Deny fromDeny from● Deny access from the given networks and addresses or Deny access from the given networks and addresses or

when the environment satisfies a conditionwhen the environment satisfies a condition

Page 10: Linux Servers

SecuritySecurity

● mod_sslmod_ssl● Set SSLCertificateFile and SSLCertificateKeyFileSet SSLCertificateFile and SSLCertificateKeyFile● Digital certificates from OpenSSLDigital certificates from OpenSSL

● mod_security mod_security ● can the incoming requests for attacks and can can the incoming requests for attacks and can

proactively prevent attacks on the serverproactively prevent attacks on the server

● mod_userdirmod_userdir● nables “~username” urls for usernables “~username” urls for user

Page 11: Linux Servers

mod_rewritemod_rewrite

● Rewrite Incoming Url based on regular Rewrite Incoming Url based on regular expressionsexpressions

● Help Making Clean Urls in dynamic content Help Making Clean Urls in dynamic content generation like phpgeneration like php

● Can Use Regular Expressions for rewriteCan Use Regular Expressions for rewrite● Using .htaccess in each directoryUsing .htaccess in each directory

Page 12: Linux Servers

More ...More ...

● mod_proxy can take care of proxy, both mod_proxy can take care of proxy, both reverse and forwardreverse and forward

● Perl, Python and Ruby have script engines Perl, Python and Ruby have script engines that come as modules to Apachethat come as modules to Apache

● Apache is the most used webserver, since Apache is the most used webserver, since 1996 :)1996 :)

● 59% of world wide web servers are apache59% of world wide web servers are apache

Page 13: Linux Servers

Proxy ServerProxy Server

Squid Squid

Page 14: Linux Servers

Introduction to ProxyIntroduction to Proxy

● In a typical setup a Web­Proxy requests In a typical setup a Web­Proxy requests pages from the Internet on behalf of the clients pages from the Internet on behalf of the clients on the local network and serves them to the on the local network and serves them to the local clients.local clients.

– Enhances security on LANEnhances security on LAN– When caching is enabled, gives a better browsing When caching is enabled, gives a better browsing

experienceexperience

● Proxy servers also cache data and avoid Proxy servers also cache data and avoid redundant and repeated requests to servers for redundant and repeated requests to servers for the same data.the same data.

Page 15: Linux Servers

Features of SquidFeatures of Squid

● Web Proxy and Cache for HTTP, FTPWeb Proxy and Cache for HTTP, FTP● DNS Lookup CacheDNS Lookup Cache● Reverse Proxy to accelerate speed of web Reverse Proxy to accelerate speed of web

serversservers● Access Control ListsAccess Control Lists● Bandwidth managementBandwidth management

Page 16: Linux Servers

Network File Sharing ServerNetwork File Sharing Server

SambaSamba

Page 17: Linux Servers

Introduction to SMBIntroduction to SMB

● NetBIOS by IBM and SytecNetBIOS by IBM and Sytec● NetBIOS + Disk I/O redirection => SMBNetBIOS + Disk I/O redirection => SMB

– Server Message Block Protocol by MicrosoftServer Message Block Protocol by Microsoft– Now called the CIFS [Common Internet File System]Now called the CIFS [Common Internet File System]

● Windows machines advertise their services Windows machines advertise their services and presence on the network using this and presence on the network using this protocolprotocol

● The “Network Neighbourhood”The “Network Neighbourhood”

Page 18: Linux Servers

Introduction to SambaIntroduction to Samba

● Andrew Tridgell published his code in early Andrew Tridgell published his code in early 19921992

● Actual development started two years laterActual development started two years later● Opening windows to the wider worldOpening windows to the wider world● Samba runs on unix platforms, but speaks to Samba runs on unix platforms, but speaks to

Windows clients like a native windows machineWindows clients like a native windows machine● Lets you share files and printers over the Lets you share files and printers over the

networknetwork● Works with SMB as well as its latest form Works with SMB as well as its latest form

CIFSCIFS

Page 19: Linux Servers

Features SambaFeatures Samba

● File and Printer sharingFile and Printer sharing● Access controlsAccess controls● Remote LogonsRemote Logons● Work As a part of windows NetworkWork As a part of windows Network● Can Act as the Primary Domain ControllerCan Act as the Primary Domain Controller● SWAT (Samba Web Administration Tool)SWAT (Samba Web Administration Tool)

Page 20: Linux Servers

Ftp ServerFtp Server

VsftpdVsftpd

Page 21: Linux Servers

Introduction to FTPIntroduction to FTP

● File Transfer ProtocolFile Transfer Protocol● CriticismsCriticisms

– Passwords are sent in clear­textPasswords are sent in clear­text– Multiple TCP/IP connections neededMultiple TCP/IP connections needed– No integrity check in case of connection failuresNo integrity check in case of connection failures

● AlternativesAlternatives– SFTP and FTPS for secure copying SFTP and FTPS for secure copying – Secure Copy or SCP is now­a­days largely usedSecure Copy or SCP is now­a­days largely used

Page 22: Linux Servers

Features of vsftpdFeatures of vsftpd

● A simple FTP serverA simple FTP server● Anonymous accessAnonymous access● Security considerationsSecurity considerations● Easy ConfigurationEasy Configuration

Page 23: Linux Servers

Active DirectoryActive Directory

Open LDAPOpen LDAP

Page 24: Linux Servers

FeaturesFeatures

● Active Directory is essentially LDAP and Active Directory is essentially LDAP and Kerberos tied together (although slightly Kerberos tied together (although slightly Modified)Modified)

● OpenLDAP is the usual LDAP implementationOpenLDAP is the usual LDAP implementation● If you decide to keep Active Directory, SambaIf you decide to keep Active Directory, Samba

version 3.0 or higher is needed to integrate wellversion 3.0 or higher is needed to integrate well

with itwith it

Page 25: Linux Servers

Domain Name System (DNS) serverDomain Name System (DNS) server

BINDBIND[Berkeley Internet Name Domain][Berkeley Internet Name Domain]

Page 26: Linux Servers

Features of BINDFeatures of BIND

● Berkeley Internet Name Domain (BIND) is one Berkeley Internet Name Domain (BIND) is one of the many industry standard Open Source of the many industry standard Open Source packages that make up much of the Internet packages that make up much of the Internet infrastructure.infrastructure.

● Domain name serving is one of the easiest (and Domain name serving is one of the easiest (and most transparent to the end user) conversions most transparent to the end user) conversions you' face.you' face.

● BIND works from plain text configuration files, BIND works from plain text configuration files, not a GUI.not a GUI.

Page 27: Linux Servers

Dynamic Host Configuration Dynamic Host Configuration ProtocolProtocol

(DHCP) server (DHCP) server

ISC’s DHCPISC’s DHCP

Page 28: Linux Servers

FeaturesFeatures

● ISC’s DHCP is industry standard Open Source ISC’s DHCP is industry standard Open Source PackagePackage

● it works better with Windows clients than a it works better with Windows clients than a Windows DHCP serverWindows DHCP server

● DHCP server keeps its configuration data in DHCP server keeps its configuration data in a .mdb filea .mdb file

Page 29: Linux Servers

Web Application Server (Java)Web Application Server (Java)

● Lots of products in this area. Probably the Lots of products in this area. Probably the same ones that you run on Windows are same ones that you run on Windows are available for Linuxavailable for Linux

– WebSphereWebSphere– BEA WebLogicBEA WebLogic– IplanetIplanet– JbossJboss

● Installation, configuration and management Installation, configuration and management should be the same or very similar across should be the same or very similar across platformsplatforms

Page 30: Linux Servers

Remote Access ServerRemote Access Server

● Use the pppd package that comes with your Use the pppd package that comes with your distributiondistribution

● pppd supports a variety of authentication pppd supports a variety of authentication protocols, such as PAP, CHAP, and RADIUSprotocols, such as PAP, CHAP, and RADIUS

● IP forwarding must be turned on in the Linux IP forwarding must be turned on in the Linux kernelkernel

● Kpp GUI is availableKpp GUI is available

Page 31: Linux Servers

Email ServerEmail Server

● lots of choices on Linuxlots of choices on Linux● Sendmail,Sendmail,● Exim,Exim,● Postfix,Postfix,

● The email delivery piece is the easy partThe email delivery piece is the easy part

Page 32: Linux Servers

Groupware ServerGroupware Server

● Bynari’s Insight server is one, but only scales Bynari’s Insight server is one, but only scales up to about 50,000 email boxes.up to about 50,000 email boxes.

● Ximian Insight Connector (now owned by Ximian Insight Connector (now owned by Novell) is anotherNovell) is another

Page 33: Linux Servers

Database ServerDatabase Server

● The two most popular Open Source ones areThe two most popular Open Source ones are● MySQL and PostgreSQLMySQL and PostgreSQL● MySQL easy flexibleMySQL easy flexible● PostgreSQL is strong and enterprise class.PostgreSQL is strong and enterprise class.

Page 34: Linux Servers

FirewallFirewall

● Linux comes with a native firewall capabilityLinux comes with a native firewall capability● Linux also has native support for Network Linux also has native support for Network

Address Translation (NAT), also known as IP Address Translation (NAT), also known as IP masqueradingmasquerading

● The iptables command is what is used to create The iptables command is what is used to create firewall and NAT rules. There are GUI front­firewall and NAT rules. There are GUI front­ends available to make that easier.ends available to make that easier.

● • • Commercial firewalls are also available for Commercial firewalls are also available for Linux, such as Check Point’s Firewall­1, Linux, such as Check Point’s Firewall­1, Phoenix, StoneGate, etc.Phoenix, StoneGate, etc.

Page 35: Linux Servers

ThanksThanks