How to Install and Configure Puppet on CentOS, Fedora, Ubuntu or Opensuse

Reading Time: 4 minutes

What is Puppet?

Puppet: A Closer Look At Who Holds The Strings

Puppet is an intuitive, task-controlling software which provides a straightforward method to manage Linux and Windows server functions from a central master server. It can perform administrative work across a wide array of systems that are primarily defined by a “manifest” file, for the group or type of server(s) being controlled.

System Requirements

Puppet uses a master/client setup to communicate between the master and client servers. The master server will require more resources than the client servers utilize. The resources needed on the master server will mainly depend on:

  • The number of remote agents (servers) being utilized
  • How frequently those remote agents check in to the master server
  • How many resources are being managed on each remote agent
  • The complexity of the manifest files and modules in use
Note
A Puppet master server must run on UNIX variants known as  “ *nix ” operating systems. Currently, Puppet masters CANNOT run in a Windows environment.
Master Hardware Requirements

The minimum hardware requirements for the Puppet master servers will be based on multiple factors as stated above and noted in Puppet’s guidelines.

 

Client Software Platforms

The Puppet-agent (or client) packages are available for these platforms:

 

Dependencies

If you are installing the Puppet client using an official distribution package via a repository then your system’s package manager usually ensure that the proper dependencies are installed. If you install the agent on a platform without a supported package, you must also manually install the dependent packages, libraries, and gems:

  • Ruby 2.5.x
  • CFPropertyList 2.2 or later
  • Facter 2.0 or later
  • The msgpack gem from MessagePack, if you’re using msgpack serialization

 

Timekeeping and Name Resolution

Before installing the client, there are certain network requirements which you will require you to preparie, review and consider. The most important aspects include time syncing and implementing an idea for name resolution.

Timekeeping

You will want to make sure that the Network Time Protocol (NTP) service is in place to ensure that the time is in sync between the master server, (which acts as the certificate authority) and clients. This is recommended due to the issues that can develop if the servers time drifts out of sync. You may encounter odd certificate issues. A service like NTP (available on most servers) assures accurate timekeeping and will reduce the risk of error like this occurring.

Name resolution

The second part of this component is to decide on an iterable naming convention. For example, by using a master name like puppet.domain.com establishes the continuity of this naming convention. This also allows optimal master communication and that all future agents can reach the master. You can simplify this by utilizing a CNAME record (a name forwarding DNS entry) to ensure the master is always reachable.

 

Firewall Configuration

In a master/client setup, the master server must have port 8140 open to allow for incoming connections from the remote clients. You can use either of the following commands to check that the port is open and listening:

root@master [~]# netstat -tulpn | grep LISTEN |grep 8140
root@master [~]# lsof -i -P -n | grep LISTEN |grep 8140

If nothing is returned with the above command then you’ll need to open port 8140. To open the port in the UFW firewall, use the following command:

root@master:~# ufw allow 8140/tcp
Rules updated
Rules updated (v6)
root@master:~#

 

Puppet Installation

Usually, Puppet uses approximately 2 GB of RAM by default. Plan on this amount plus any additional RAM needed to run the server’s OS itself. If you plan on creating a 2 GB server, opt for one that has 4GB of RAM if you are going to use it as a Puppet master.

Puppet is available on multiple OS variants including:

  • Red Hat/CentOS/Fedora
  • Debian/Ubuntu
  • SUSE Linux Enterprise Server

The basic install steps across all of the above mentioned OS is as follows:

Available Puppet Repositories

root@master [~]# wget https://apt.puppetlabs.com/puppet-release-bionic.deb
root@master [~]# dpkg -i puppet-release-bionic.deb
root@master [~]# apt update
root@master [~]# apt install puppetserver

Note
Our Fully Managed servers (cPanel or Plesk) wouldn’t be good options for Puppet implementation since additional repositories may conflict.

Install the Puppet Master’s Software

Red Hat/CentOS/Fedora

yum install puppetserver

Debian/Ubuntu

apt-get install puppetserver

SUSE/Opensuse

zypper install puppetserver

 

Start the Puppet Master Service

Red Hat/CentOS/Fedora

systemctl start puppetserver

Debian/Ubuntu

service puppetserver start

SUSE/Opensuse

/etc/rc.d/puppetmaster start

 

Install the Puppet Client’s Software

Yum:

yum install puppet-agent

Apt:

apt-get install puppet-agent

Zypper:

zypper install puppet-agent

 

Puppet Configuration

Puppet contains around 200 different configuration settings located within the puppet.conf file. For most servers, you will only need to adjust about 20 settings or less in the file depending on your server’s setup. You can use the command below to set the needed values.

puppet config

We’ve listed the 5 most requested settings to suit your specific needs:

  • dns_alt_names – This is a list of allowed hostnames acting as the Puppet master.
  • environment_timeout – This setting is defaulted to 0 and should be untouched unless you have a particular cause to alter it. You can adjust this setting to unlimited to make master refreshes a part of your standard code deployment process.
  • environmentpath –  The environment path defines the locations where Puppet can find the specific directories for any unique environments. T
  • basemodulepath – This is a list of directories that contains the Puppet modules used in various environments.
  • reports – Directs which report handlers, listed below, to use.
    • HTTPS – Sends reports via HTTP/HTTPS as a POST request to the address defined in the reporturl setting.
    • Log – Sends reports to the local default log destination (usually syslog)
    • Store – Hosts will send a YAML dump of data to a local directory (defined by the reportdir setting in the puppet.conf)

The config reference provides a more comprehensive array of available options in modifying your server to suit your specific needs

 

More Information

Overall, Puppet is an attractive addition to your everyday toolset for managing and automating tedious tasks. Once it is installed and configured, it will maintain your day to day servers tasks with ease. You may want to consult the Puppet documentation for more in-depth information on this topic or consult the following resources for additional info.

 

How Can We Help?

If you would like more information on how this software can benefit your current setup, simply reach out to us via a phone call, chat or ticket, and one of our Most Helpful Humans in Hosting will follow up with you to advise on how best you can integrate this process into your existing infrastructure! We are looking forward to speaking with you!

 

 

How to Install MySQL on Windows

Reading Time: 2 minutes

If you’re using a Windows-based server to host your content, you may using Microsoft’s database server product, MSSQL. However, licensing restrictions can make using MSSQL difficult, especially for small businesses. Microsoft offers a free version of MSSQL called MSSQL Express that will be suitable for many users, but this version does have limitations on database size and memory usage. If you need a more robust database solution but want to try something with a lower cost (like a free, open-source database server), you could try MySQL database server.

MySQL is a standard part of the typical Linux server build (or LAMP stack) but is also available for use on Windows operating systems. Depending on your needs, you could fully develop your database in MySQL. Many popular Content Management Systems (CMS) also use MySQL by default, so using MySQL to manage those applications may be beneficial. MySQL and MSSQL can be run on the same server at the same time, so you’re free to use both or to experiment as needed.

Installing MySQL on your Windows server is as simple as downloading an MSI Installer package and clicking through a few options.

  1. Download the MySQL Installer from dev.mysql.com. The two download options are a web-community version and a full version. The web-community version will only download the server, by default, but you can select other applications (like Workbench) as desired. The full installer will download the server and all the recommended additional applications. (You’ll also be asked to create a user account, but you skip this part by scrolling down to the bottom and clicking “No thanks, just start my download”.)

  2. Run the installer that you downloaded from its location on your server, generally by double-clicking.
    Note
    You can use this same MSI Installer to upgrade currently installed versions of MySQL as well! As is typical, the first step is accepting the license agreement, then click Next.

  3. Determine which setup type you would like to use for the installation:
    1. Developer Default: this is the full installation of MySQL Server and the other tools needed for development. If you are building your database from the ground up or will be managing the data directly in the database, you’ll want to use this setup type.
    2. Server Only: if you only need MySQL Server installed for use with a CMS or other application and will not be managing the database directly, you can install just the server (you can always install additional tools later).
    3. Custom: this setup type will allow you to customize every part of the installation from the server version to whichever additional tools you select.

  4. Install the server instance and whichever additional products you selected. Then begin the configuration process by selecting the availability level (most users will use the default, standalone version).
  5. Complete the configuration process by following the onscreen instructions. You’ll want to make sure to install MySQL as a Service so that Windows can automatically start the service after a reboot or can restart the service if it fails. For additional, step-by-step instructions, see MySQL Server Configuration with MySQL Installer.

SSL Checker Tool

Reading Time: 4 minutes

The security of your website is vital to the success of your Internet business. One way you can protect your data (and your customers) is through the use of encrypted communication protocols. Secure Socket Layer (or SSL) was the original method of providing for basic encryption between servers and clients. The industry mostly uses Transport Layer Security (or TLS) protocols now, but the process is basically the same, and most users refer to this kind of encryption by the old name: SSL.  As part of our Web Hosting Toolkit, Liquid Web provides and SSL Tool to help you verify that your SSL is installed correctly and up-to-date.  Below is an insight on how to use this tool and as well as some core concepts and certificates types to know when dealing with SSL.

 

SSL Certificate Checker

You’ll want to confirm that everything is functioning correctly on the server once you’ve successfully ordered and installed your SSL. At this time, you’ll want to check on your domain SSL’s to confirm expiration dates, covered subdomains, or other information. While you can use various third-party SSL checkers on the Internet, Liquid Web makes gathering this information about your domain simple. Just go to the Liquid Web Internet Webhosting Toolkit page and click on SSL Tool.

How Do I Check If My SSL Certificate is Valid?

Enter your domain name in the box provided and click on Submit. You can enter either your primary domain name (like mydomain.com) or any of the subdomains you may have created SSL certificates for (like blog.mydomain.com). If an SSL certificate is installed on the server for the domain, the page will display the status of the certificate and additional information.

In this example, you can see that the certificate is valid and trusted by browsers and that the tested domain matches the certificate.

You can also see which Certificate Authority issued the certificate and the dates for which the certificate is valid.

Finally, you can see which signing algorithm was used to generate the certificate (indicating how complex and secure the certificate is) and which domains and subdomains are covered by the certificate.

How SSLs Work

SSL connections work through a series of tools that exist on your server and on a client’s web browser. At the simplest level, the server and a client computer exchange information and agree on a secret “handshake” that allows each computer to trust the other computer. This handshake is established through the use of private and public SSL certificate keys. The private key resides on the server, and the public key is available to a client computer. All information passed between the computers is encoded and can only be decoded if the keys match. These keys are generated by a Certificate Authority (like GlobalSign) and can vary in complexity and expiration date. These matched keys exist to prevent what are known as “man in the middle” attacks when a third-party intercepts the Internet traffic for the purpose of stealing valuable data (like passwords or credit card information). Because the third-party doesn’t possess the matching keys, they will be unable to read any of the intercepted information.

By using a trusted certificate your website user can enter their information with full confidence that their data is safe. Certificate Authorities only grant SSL certificates to operators who can prove that they are the legitimate owner of a domain and that the domain is hosted on the server for which the certificate is being issued. This proof is usually obtained by modifying the DNS records for a domain during the verification process of the certificate ordering transaction. To learn more about how to order an SSL through your Liquid Web account, see How To Order or Renew an SSL Certificate in Manage.

 

Types of SSL Certificates

While SSL certificates all provide the same essential functions, there are several different types of certificates to choose from. You’ll want to establish which certificate meets your needs before you decide to order one for your domain. The types we’ll discuss here are Self-Signed Certificates, Standard Domain Certificates, Wildcard Certificates, Extended Validation Certificates.

Self-Signed Certificates

Most servers have the capability of generating a Self-Signed SSL certificate. These certificates provide the same kinds of encrypted communication that certificate provided by Certificate Authorities provide. However, because they are self-signed, there is no proof that the server is the “real” server associated with a website. Many control panels use self-signed certificates because the owner of the server knows the IP address of the server and can trust that they are connecting to the correct site when using that IP address. The advantage of self-signed certificates is that they are easy to generate and are free to use for as long as you want to use them.

Standard Domain Certificates

If you only need to secure a single domain or subdomain, a standard domain SSL certificate is appropriate. Standard certificates are generally the least expensive option from Certificate Authorities and are designed to cover one domain or subdomain (generally both domain.com and www.domain.com are covered by a standard certificate).

Wildcard Certificates

If you have multiple subdomains, you may be able to save time and money by getting a wildcard SSL certificate. Wildcard certificates cover a domain and all of its subdomains. For instance, if you have a domain website that also has a mail subdomain, a blog, a news site, and a staging site that you want to be protected by SSL communication, a single wildcard would protect all of the sites.

Note
A wildcard certificate will only protect one level of subdomains. So, blog.mydomain.com is covered, but new.blog.mydomain.com would not be covered.
Extended Validation Certificates

SSL certificates are generally issued to companies that can prove they have the right to use a domain name on the Internet (normally because they can modify the DNS records for that domain). While that level of verification is sufficient for most companies, you may need to have additional evidence that your company is a reliable entity for business purposes. Organizational SSL certificates require additional vetting by a Certificate Authority, including checks about the physical location of your company and your right to conduct business. Organizational SSL details can be visible on your website if you install a Secure Site Seal. Additional vetting is available for companies that choose Extended Validation SSL certificates. Extended Validation processes are often used by banks and financial institutions to provide extra reassurance to their customers that their website is legitimate. EV SSLs will turn the address bar of the client’s browser green and display the company’s name on the right side of the address bar.

If you need help determining which type of SSL is right for your business, chat with our Solutions team for additional information.

Now that you’ve checked the details of your SSL certificate and confirmed that all of the information is correct, you’ll be sure that the communications between your server and your customer’s computers are secure as that information travels over the Internet. For more information about improving the overall security of your server, see Best Practices: Protecting Your Website from Compromise.

 

How to Install Nextcloud 15 on Ubuntu 18.04

Reading Time: 2 minutes

Similar to Dropbox and Google Drive, Nextcloud is self-hosting software that allows you to share files, contacts, and calendars. But, unlike Dropbox and Google Drive, your files will be private and stored on your server instead of a third party server. Nextcloud is HIPAA and GDPR compliant, so your files will be encrypted along with the ability to audit. For this tutorial, we’ll be installing our Nextcloud instance on our Ubuntu 18.04 LTS server. Continue reading “How to Install Nextcloud 15 on Ubuntu 18.04”

How to Install phpMyAdmin on Ubuntu 18.04

Reading Time: 1 minute

Working with a database can be intimidating at times, but phpMyAdmin can simplify tasks by providing a control panel to view or edit your MySQL or MariaDB database.  In this quick tutorial, we’ll show you how to install phpMyAdmin on an Ubuntu 18.04 server. Continue reading “How to Install phpMyAdmin on Ubuntu 18.04”

How to Install React JS in Windows

Reading Time: 4 minutes

React.js (React) is an open-source JavaScript library useful in building user interfaces. React is a library so our main focus for this article is installing a JavaScript environment and a Package Manager so that we can download and install libraries including React.

When we are done, you will have a React environment you can use to start development on your Liquid Web server.

 

Install Node.js

The first step is to download the Node.js installer for Windows. Let’s use the latest Long Term Support (LTS) version for Windows and choose the 64-bit version, using the Windows Installer icon.

Once downloaded, we run the Node.js installer (.msi fuke) and follow the steps to complete the installation.

Now that we have Node.js installed, we can move on to the next step.

 

The Command Prompt Environment

We’ll need to use the command prompt (command line) to interact with Node.js and the Node Package Manager (NPM) to install React. Let’s take a few minutes to cover the commands we’ll need to use to get around. Here are the basic commands we will need to get around and create folders/directories:

 

Open a Command Prompt in Windows

Click the Start Menu (1), start typing the word command (2), then choose either Command Prompt or the Node.js command prompt (3) — either choice will work.

A command prompt window will open with the path showing as C:\Users\<username> where the <username> on your system will be the user you are logged in as.

To execute a command, we type the command and any required options, then press Enter to execute it and see the results. Let’s walk through each of the commands listed above to see what happens:

dir

Let’s look at the contents of the downloads folder with this command:

dir downloads

The path shows we are still in the directory C:\Users\ReactUser>, however, we are looking at the contents of C:\Users\ReactUser\downloads and we see that it has one file. Let’s move to the downloads directory with this command:

cd downloads

We’ve changed to the downloads folder as the command prompt shows C:\Users\ReactUser\Downloads>. You can use the dir command to see the contents of this directory/folder. Next, let’s go back to the previous directory with this command:

cd..

Now we are back to where we started. Let’s create a new directory for our first project and name it reactproject1. We’ll use the command:

mkdir reactproject1

Again, we use the dir command to list the files within our current folder.

dir

If you want to learn more about commands, please check out these links:

 

Install React on Windows

There are two ways to install React for your projects. Let’s look at each approach so that you can decide which one you prefer to use.

 Option 1 

  • Create a project folder
  • Change to the project folder
  • Create a package.json file
  • Install React and other modules you choose

This install option allows you to full control over everything that is installed and defined as dependencies.

Step 1: To get started, we need to open a command prompt.

Step 2: Create a project folder named reactproject1:

mkdir reactproject1

Press Enter to execute the command, and we get a new directory called reactproject1. If you did this as part of the Command Prompt examples, you could skip this step as it will tell you that it already exists.

Step 3: Move to the project folder, using cd reactproject1, so we can install React into it.

cd reactproject1

At this point, you will see your prompt indicate C:\Users\ReactUser\reactproject1.

Step 4: Create a package.json file, the following command will walk you through creating a package.json file.

npm init

Step 5: Install React and other modules using npm install — save react, thiswill install React into your project and update the package.json file with dependencies.

npm install --save react

We can install additional packages using npm install — save and the name of the package we want to install. Here we are installing react-dom: npm install — save react-dom

npm install --save react-dom

 

 Option 2 

  • Install Create-React-App package to simplify the process of creating and installing React into your projects

 

 

Step 1: To get started, we need to open a command prompt and type npm install -g create-react-app. This installs the Create-React-App module which makes it very easy to create and deploy React into projects with a single command.

Note
When using create-react-app ensure you are in the desired directory/folder location as this command will create the project folder in the current path.

npm install -g create-react-appCreate-React-App is installed in the following location: C:\Users\<username>\AppData\Roaming\npm\node_modules\create-react-app\

Once Create-React-App is installed, we can use it to create a project folder and install React and dependencies automatically.

To make sure you are in the desired directory when creating a new project, you can use dir to see where you are, and cd <directory_name> or cd.. to get to the desired location.

Step 2: To create a new project and deploy React into it, we run create-react-app <project_name>. Let’s do this to create reactproject2.

create-react-app reactproject2

The entire process is automated and begins with creating a new React app folder for the project, then installs packages and dependencies. The default packages include react, react-dom, and react-scripts. The installation will take a few minutes.

Run a React Project Application

To run our new project, we need to use the command prompt to change to the project folder, then start it. The cd reactproject2  command will take us to the reactproject2 folder.

cd reactproject2

And npm start will run the project application.

The default browser will open and load the project:

To learn more about React, you may find these links helpful:

You now have your environment set for building out projects!  If you running our lightning fast servers our support team is at your fingertips for any questions you may have.

How to Install MariaDB on Ubuntu 18.04

Reading Time: 1 minute

MariaDB is a drop in replacement for MySQL, and its popularity makes for several other applications to work in conjunction with it. If you’re interested in a MariaDB server without the maintenance, then check out our high-availability platform. Otherwise, we’ll be installing MariaDB 10 onto our Liquid Web Ubuntu server, let’s get started! Continue reading “How to Install MariaDB on Ubuntu 18.04”

How to Install Squid Proxy Server on Ubuntu 16.04

Reading Time: 6 minutes

A Squid Proxy Server is a feature rich web server application that provides both reverse proxy services and caching options for websites. This provides a noticeable speed up of sites and allows for reduced load times when being utilized.

Squids reverse proxy is a service that sits between the Internet and the web server (usually within a private network) that redirects inbound client requests to a server where data is stored for easier retrieval. If the caching server (proxy) does not have the cached data, it then forwards the request on to the web server where the data is actually stored. This type of caching allows for the collection of data and reproducing the original data values stored in a different location to provide for easier access. A reverse proxy typically provides an additional layer of control to smooth the flow of inbound network traffic between your clients and the web server.

Squid can be used as a caching service to SSL requests as well as DNS lookups. It can also provide a wide variety of support to multiple other types of caching protocols, such as ICP, HTCP, CARP, as well as WCCP. Squid is an excellent choice for many types of setups as it provides very granular controls by offering numerous system tools, as well as a monitoring framework using SNMP to provide a solid base for your caching needs.

When selecting a computer system for use as a dedicated Squid caching proxy server, many users ensure it is configured with a large amount of physical memory (RAM) as Squid maintains an in-memory cache for increased performance.

Installing Squid

Let’s start by ensuring our server is up to date:
[root@test ~]# apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [109 kB]Hit:2 http://us.archive.ubuntu.com/ubuntu xenial InReleaseHit:3 http://ppa.launchpad.net/libreoffice/ppa/ubuntu xenial InReleaseGet:4 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease [109 kB]Get:5 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease [107 kB]Fetched 325 kB in 0s (567 kB/s)Reading package lists... Done

Next, at the terminal prompt, enter the following command to install the Squid server:
[root@test ~]# apt install squid
Reading package lists... DoneBuilding dependency treeReading state information... DoneThe following packages were automatically installed and are no longer required:linux-headers-4.4.0-141 linux-headers-4.4.0-141-generic linux-image-4.4.0-141-genericUse 'apt autoremove' to remove them.
The following additional packages will be installed:
libecap3 squid-common squid-langpack ssl-cert
Suggested packages:
squidclient squid-cgi squid-purge smbclient ufw winbindd openssl-blacklist
The following NEW packages will be installed:
libecap3 squid squid-common squid-langpack ssl-cert
0 upgraded, 5 newly installed, 0 to remove and 64 not upgraded.
Need to get 2,672 kB of archives.
After this operation, 10.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
Fetched 2,672 kB in 0s (6,004 kB/s)
Preconfiguring packages ...
Selecting previously unselected package libecap3:amd64.
(Reading database ... 160684 files and directories currently installed.)
Preparing to unpack .../libecap3_1.0.1-3ubuntu3_amd64.deb ...
Unpacking libecap3:amd64 (1.0.1-3ubuntu3) ...
Selecting previously unselected package squid-langpack.
Preparing to unpack .../squid-langpack_20150704-1_all.deb ...
Unpacking squid-langpack (20150704-1) ...
Selecting previously unselected package squid-common.
Preparing to unpack .../squid-common_3.5.12-1ubuntu7.6_all.deb ...
Unpacking squid-common (3.5.12-1ubuntu7.6) ...
Selecting previously unselected package ssl-cert.
Preparing to unpack .../ssl-cert_1.0.37_all.deb ...
Unpacking ssl-cert (1.0.37) ...
Selecting previously unselected package squid.
Preparing to unpack .../squid_3.5.12-1ubuntu7.6_amd64.deb ...
Unpacking squid (3.5.12-1ubuntu7.6) ...
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up libecap3:amd64 (1.0.1-3ubuntu3) ...
Setting up squid-langpack (20150704-1) ...
Setting up squid-common (3.5.12-1ubuntu7.6) ...
Setting up ssl-cert (1.0.37) ...
Setting up squid (3.5.12-1ubuntu7.6) ...
Skipping profile in /etc/apparmor.d/disable: usr.sbin.squid
Processing triggers for libc-bin (2.23-0ubuntu10) ...
Processing triggers for systemd (229-4ubuntu21.16) ...
Processing triggers for ureadahead (0.100.0-19) ...

That’s it! The install is complete!

 

Configuring Squid

The default Squid configuration file is located in the ‘/etc/squid/ directory, and the main configuration file is called “squid.conf”. This file contains the bulk of the configuration directives that can be modified to change the behavior of Squid. The lines that begin with a “#”, are commented out or not read by the file. These comments are provided to explain what the related configuration settings mean.

To edit the configuration file, let’s start by taking a backup of the original file, in case we need to revert any changes if something goes wrong or use it to compare the new file configurations.

[root@test ~]# cp /etc/squid/squid.conf /etc/squid/squid.conf.bak

 

Change Squid’s Default Listening Port

Next, the Squid proxy servers default port is 3128. You can change or modify this setting to suit your needs should you wish to modify the port for a specific reason or necessity. To change the default Squid port, we will need to edit the Squid configuration file and change the “http_port” value (on line 1599) to a new port number.

[root@test ~]# vim /etc/squid/squid.conf
http_port 2946

(Keep the file open for now…)

 

Change Squid’s Default HTTP Access Port

Next, to allow external access to the HTTP proxy server from all IP addresses, we need to edit the “http_access” directives. By default, the HTTP proxy server will not allow access to anyone at all unless we explicitly allow it!

Caution!:
Multiple settings mention http_access. We want to modify the last entry.

1164 # Deny requests to certain unsafe ports
1165 http_access deny !Safe_ports
...
1167 # Deny CONNECT to other than secure SSL ports
1168 http_access deny CONNECT !SSL_ports
...
1170 # Only allow cachemgr access from localhost
1171 http_access allow localhost manager
1172 http_access deny manager
...
1186 #http_access allow localnet
1187 http_access allow localhost
...
1189 # And finally deny all other access to this proxy
1190 http_access deny all
# > change to “allow all” <

Now, let’s save and close the configuration file using vim’s :wq command.

 

Define the Default NIC Card Squid Listens On

If you would like Squid to listen on a specific NIC (in a server with multiple NIC cards), you can update the configuration file with the NIC’s IP address that Squid will listen on.

For example, we can change it to an internal IP of 10.1.1.5:3128

 

Define Who Can Access the Proxy Server

Next, we’ll setup who is allowed access to our Squid proxy. Locate the http_access section (which should begin around line 1860) and uncomment the following two lines:#acl our_networks src 10.1.1.0/16 10.1.2.0/16
#http_access allow our_networks
-- VVV change to VVV --
acl our_networks src 10.1.1.0/16 10.1.2.0/16
http_access allow our_networks

You will need to modify the IP ranges (10.1.1.0/16 10.1.2.0/16) to your own internal IP’s to match what your network uses unless you have several subnets you can use. (Netmasks are further explained here.)

 

Define the Hours that are Available to Access the Proxy

You can literally control the hours of access to the proxy server! The ACL section starts about line 673:
671 # none
672
673 #  TAG: acl
674 #  Defining an Access List
675 #
To set this up, let’s add this info to the bottom of the ACL section of the /etc/squid/squid.conf file:

acl liquidweb src 10.1.10.0/24
acl liquidweb time M T W T F 9:00-17:00
Granted, this is an example using liquidweb as the business name, but you can use any name.

 

Other ACL options include:

***** ACL TYPES AVAILABLE *****
711 #
712 #       acl aclname src ip-address/mask ...     # clients IP address [fast] 713 #       acl aclname src addr1-addr2/mask ...    # range of addresses [fast] 714 #       acl aclname dst [-n] ip-address/mask ...        # URL host's IP address [slow] 715 #       acl aclname localip ip-address/mask ... # IP address the client connected to [fast] 717 #       acl aclname arp      mac-address ... (xx:xx:xx:xx:xx:xx notation)
...
730 #       acl aclname srcdomain   .foo.com ...
731 #         # reverse lookup, from client IP [slow] 732 #       acl aclname dstdomain [-n] .foo.com ...
733 #         # Destination server from URL [fast] 734 #       acl aclname srcdom_regex [-i] \.foo\.com ...
735 #         # regex matching client name [slow] 736 #       acl aclname dstdom_regex [-n] [-i] \.foo\.com …

… (all the way down to line 989)

968 # Example rule allowing access from your local networks.
969 # Adapt to list your (internal) IP networks from where browsing
970 # should be allowed
971 #acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
972 #acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
973 #acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
974 #acl localnet src fc00::/7       # RFC 4193 local private network range
975 #acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
976
977 acl SSL_ports port 443
978 acl Safe_ports port 80          # http
979 acl Safe_ports port 21          # ftp
980 acl Safe_ports port 443         # https
981 acl Safe_ports port 70          # gopher
982 acl Safe_ports port 210         # wais
983 acl Safe_ports port 1025-65535  # unregistered ports
984 acl Safe_ports port 280         # http-mgmt
985 acl Safe_ports port 488         # gss-http
986 acl Safe_ports port 591         # filemaker
987 acl Safe_ports port 777         # multiling http
988 acl CONNECT method CONNECT
989

All Squid Configuration Options

A full accounting of Squid’s available configurations can be found here:

(Make sure you plan to take some time because there is a lot of info there)

Restart Squid

After making those changes, let’s restart the Squid service to reload the configuration file.

[root@test ~]# systemctl restart squid.service

 

Other Important File Locations for Squid

 

Even More Information about Squid

How Can We Help?

Our Most Helpful Humans in Hosting can provide clarity and further information about Squid and how it can be utilized in our specific environments.  Our Support team contains many talented individuals with intimate knowledge of web hosting technologies, especially like those discussed in this article. If you are uncomfortable walking through the steps outlined here, we are just a phone call, chat or ticket away from providing you info to walk you through the process. Let us assist you today!

 

 

How to Install Apache on a Windows Server

Reading Time: 4 minutes

When looking to host web sites or services from a Windows server, there are several options to consider. It is worth reviewing the strengths and weaknesses of each to determine which one is most likely to meet your particular needs before you spend the time installing and configuring a web service. Some of the most common web servers available for Windows services are Tomcat, Microsoft IIS (Internet Information Services), and of course the Apache server. Many server owners will choose to use a control panel which manages most of the common tasks usually needed to administer a web server such as e-mail and firewall configuration. At Liquid Web that option means you’re using one of our Fully Managed Windows Servers with Plesk. Alternately, some administrators who need more flexibility choose one of our Core or Self-Managed Windows Servers. This article is intended for the latter type of server with no Plesk (or other) server management control panel.

Pre-flight

This guide was written for 64-bit Windows since a modern server is more likely to use it. There are a few potential issues with Apache on Win32 systems (non 64-bit) which you should be aware of and can find here.

Downloading Apache:

While there are several mirrors to choose from for downloading the pre-compiled Apache binaries for windows, we’ll be using ApacheHaus for our purposes.

Download Here:

Apache 2.4.38 with SSL

(This is the 64-bit version with OpenSSL version 1.1.1a included.)

If you would like to use a different version they are listed here:

Available Versions Page

 

Install Apache on Windows

We will assume that you have installed all the latest available updates for your version of Windows. If not, it is important to do so now to avoid unexpected issues.

These instructions are adapted from those provided by ApacheHaus where we obtained the binary package. You may find the entire document in the extracted Apache folder under the file “readme_first.html”.

 

Visual C++ Installation

Before installing Apache, we first need to install the below package. Once it has been installed, it is often a good idea to restart the system to ensure any remaining changes requiring a restart are completed.

  1. Download the Visual C++ 2008 Redistributable Package and install it. It is located here.
    Note:
    Download the x64 version for 64 bit systems.
  2. Restart (optional but recommended).

 

Apache Installation

  1. Extract the compressed Apache download. While you can extract it to any directory it is a best practice to extract it to the root directory of the drive it is located on (our example folder is located in C:\Apache24). This is the location we will be using for these instructions. Please note that once installed you can see Apache’s base path by opening the configuration file and checking the “ServerRoot” directive).
  2. Open an “Administrator” command prompt. (Click the Windows “Start” icon, then type “cmd”. Right-click the “Command Prompt” item which appears, and select “Run As Administrator.”)
  3. Change to the installation directory (For our purposes C:\Apache24\bin).
  4. Run the program httpd.exe.
  5. You will likely notice a dialogue box from the Windows Firewall noting that some features are being blocked. If this appears, place a checkmark in “Private Networks…” as well as “Public Networks…”, and then click “Allow access.”
  6. As noted in the ApacheHaus instructions:

“You can now test your installation by opening up your Web Browser and typing in the address: http://localhost

If everything is working properly, you should see the Apache Haus’ test page.“

To shut down the new Apache server instance, you can go back to the Command Prompt and press “Control-C”.

  1. Now that you have confirmed the Apache server is working and shut it down, you are ready to install Apache as a system service.
  2. In your Command Prompt window, enter (or paste) the following command:

httpd.exe -k install -n "Apache HTTP Server"

Output:

Installing the 'Apache HTTP Server' service
The 'Apache HTTP Server' service is successfully installed.
Testing httpd.conf....
Errors reported here must be corrected before the service can be started.
(this line should be blank)

  1. From your Command Prompt window enter in the following command and press ‘Enter.’services.msc

Look for the service “Apache HTTP Server.” Looking towards the left of that line you should see “Automatic.” If you do not, double-click the line and change the Startup Type to “Automatic.”

  1. Restart your server and open a web browser once you are logged back in. Go to this page in the browser’s URL bar: http://localhost/

Configure Windows’ Firewall

To allow connections from the Internet to your new web server, you will need to configure a Windows Firewall rule to do so. Follow these steps:

  1.  Click the “Windows Start” button, and enter “firewall.” Click the “Windows Firewall With Advanced Security” item.
  2. Click “New Rule” on the right-hand sidebar.
  3. Select “Port,” and click Next. Select the radio button next to “Specific remote ports:” Enter the following into the input box: 80, 443, 8080

  4. Click Next, then select the radio button next to “Allow the connection.”
  5. Click Next, ensure all the boxes on the next page are checked, then click Next again.
  6. For the “name” section enter something descriptive enough that you will be able to recognize the rule’s purpose later such as: “Allow Incoming Apache Traffic.”
  7. Click “finish.”

  8. Try connecting to your server’s IP address from a device other than the one you are using to connect to the server right now. Open a browser and enter the IP address of your server. For example http://192.168.1.21/. You should see the test webpage.
  9. For now, go back to the windows firewall and right-click the new rule you created under the “Inbound Rules” section. Click “Disable Rule.” This will block any incoming connections until you have removed or renamed the default test page as it exposes too much information about the server to the Internet. Once you are ready to start serving your new web pages, re-enable that firewall rules, and they should be reachable from the Internet again.

That’s it! You now have the Apache Web Server installed on your Windows server. From here you’ll likely want to install some Apache modules. Almost certainly you will need to install the PHP module for Apache, as well as MySQL. Doing so is beyond the scope of this tutorial; however, you should be able to find a variety of instructions by searching “How to Install PHP (or other) Apache module on Windows server,” or similar at your favorite search engine.

 

Install and Configure Git on Ubuntu 18.04

Reading Time: 1 minute

What is the purpose of Git?

Git gives you a way to not only track changes in source code, but it can also be used to track changes in files.  It then stores the data in what is called a repository, also known as a repo. Continue reading “Install and Configure Git on Ubuntu 18.04”