Tuesday, July 20, 2010

vmware server 2.0.2 and fedora 13

I am trying to install Vmware server 2.0.2 build-203138 into my Fedora 13 with kernel 2.6.33.6-147.

Luckily I manage to found this page , otherwise I wouldn't know how to solve all the problem that I am facing while trying to install the Vmware server into the fedora.

The detail is in this page.

This article describes the process we went through recently to get VMWare Server 2.0.2 to run on the latest kernel in Fedora 13.

http://www.bhcblog.com/2010/06/28/howto-vmware-2-0-2-on-2-6-33-5-124-fc13-x86_64-fedora-13/

When you are editing the vmware-config.pl file , make sure there is no dot in front of the word generated for the first line.



---

Wednesday, July 14, 2010

Reverse Proxy with squid and multiple virtual host

This post is to document down the detail that I did to configure a squid as reverse proxy and also enable LDAP authentication . Not only that , I need the squid reverse proxy able to handle virtual host as well. I did a search at google and didn't find any exact match for my requirement so I did one for my self.

I have 3 physical web server but I only have one public ip.

Here is my requirement.

1. All three web server have to listen at port 80 and must be able to access from internet.
2. Some web site need authentication and some web site don't need authentication.
3. One of the web server has two virtual host and these two virtual host must be accessible from internet.

After combine knowledge from multiple page , these are the lines that I added into the squid.conf .

auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "dc=example,dc=com" -f "uid=%s" -h ldap.example.com
auth_param basic children 30
auth_param basic realm Please authenticate yourself
auth_param basic credentialsttl 1 hours

acl sites1 dstdomain site1.example.com site2.example.com
acl sites2 dstdomain site3.example.com
acl sites3 dstdomain site4.example.com
acl ldapauth proxy_auth REQUIRED

http_access allow sites1 ldapauth
http_access allow sites2
http_access allow sites3

http_port 80 accel defaultsite=www.example.com vhost

cache_peer 10.1.1.1 parent 80 0 no-query originserver name=server1
cache_peer_domain server1 site1.example.com site2.example.com
cache_peer 10.1.1.2 parent 8080 0 no-query originserver name=server2
cache_peer_domain server2 site3.example.com
cache_peer 10.1.1.3 parent 80 0 no-query originserver name=server3
cache_peer_domain server3 site4.example.com

cache_peer_access server1 allow site1
cache_peer_access server1 deny all
cache_peer_access server2 allow site2
cache_peer_access server2 deny all
cache_peer_access server3 allow site3
cache_peer_access server3 deny all

Troubleshooting:

Ldap authentication not working or not success or fail to authenticate.

This line might be different , replace the squid_ldap_auth binary path with the correct one.

auth_param basic program /usr/lib64/squid/squid_ldap_auth -b "dc=example,dc=com" -f "uid=%s" -h ldap.example.com

if the binary path is correct, execute the following command at the server console

/usr/lib64/squid/squid_ldap_auth -b "dc=example,dc=com" -f "uid=%s" -h ldap.example.com

after execute , you will get a blank line , type your user name then a space follow by the password and press enter.

If you received a OK mean the authentication success , if not , you have to play around with the base dn , filter and even might consider add in parameter to bind first before perform search.

Execute squid_ldap_auth binary without any parameter will show available option.

For your information, I did this at a CentOS machine, if this is not working for your distribution, you might need to find another article.

Sorry for didn't explain the detail , if you need to know each line in detail , please refer to the following sites:

Reverse Proxy with Domain Based Virtual Host Support:

http://wiki.squid-cache.org/ConfigExamples/Reverse/VirtualHosting

Reverse Proxy with Multiple Backend Web Servers:

http://wiki.squid-cache.org/ConfigExamples/Reverse/MultipleWebservers

Squid with Ldap authentication – Centos :

http://alouche.net/blog/2009/02/20/squid-with-ldap-authentication-centos-52/



---