Thursday, 20 August 2015

APACHE AS REVERSE PROXY

Apache as Reverse Proxy
 Requirement:
(1) Web Server
(2) Proxy Server
(3) DNS SERVER
(4) CLIENT

WEB SERVER IP:                                192.168.1.3
WEB SERVER HOSTNAME:            google.com

PROXY SERVER IP                             192.168.1.5
PROXY SERVER HOSTNAME         proxy.server.com

DNS SERVER IP:                                 192.168.1.4
DNS SERVER  HOSTNAME:            masterdns.arun.com 

CLIENT IP:                                            192.168.1.1

Client Server Architecture 

                                                                                                                                                           
 



(A) Web Server:

Hostname:  google.com
IP Address:  192.168.1.3
(1)    Install  apache packages
[root@google ~]# yum install httpd*

(2)    Make Changes in below configuration  file.
[root@google ~]# vim /etc/httpd/conf/httpd.conf

(2.1)
#Listen 12.34.56.78:80
Listen 80
Listen 81
(2.2)
NameVirtualHost 192.168.1.3:80
<VirtualHost 192.168.1.3:80>
        ServerAdmin root@mail.google.com
        DocumentRoot /var/www/html
        DirectoryIndex chat.html
        ServerName chat.google.com
</VirtualHost>
NameVirtualHost 192.168.1.3:81
<VirtualHost 192.168.1.3:81>
        ServerAdmin root@mail.google.com
        DocumentRoot /var/www/html
        DirectoryIndex mail.html
        ServerName mail.google.com
</VirtualHost>

(3)    Create 2 html file in /var/www/html  directory
[root@google ~]# cd /var/www/html/
[root@google html]# ll
total 8
-rwxrwxrwx 1 root root 53 Aug 11 16:35 chat.html
-rwxrwxrwx 1 root root 36 Aug 11 16:35 mail.html
[root@google html]#

[root@google html]# cat chat.html
Welcome to GooGle Chating Services.Enjoy The Chating

[root@google html]# cat mail.html
Welocome to GooGle Mailing Service.

(4)    Restart the apache service
[root@google html]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]




(B)  Proxy Server
Hostname:  proxy.server.com
IP Address: 192.168.1.5
(1)    Install apache packages
[root@proxy ~]# yum install httpd*
(2)    Make Changes in below configuration  file.
[root@proxy ~]# vim /etc/httpd/conf/httpd.conf
(2.1)
#Listen 12.34.56.78:80
Listen 80
Listen 81
(2.2)
NameVirtualHost 192.168.1.5:80
<VirtualHost 192.168.1.5:80>
        ServerAdmin root@proxy.server.com
        DocumentRoot /var/www/html
        DirectoryIndex chat.html
        ServerName proxy.server.com
</VirtualHost>

<IfModule mod_proxy.c>
ProxyRequests Off

ProxyPass /chat.html http://chat.google.com/chat.html
ProxyPassReverse /chat.html http://chat.google.com/chat.html

NameVirtualHost 192.168.1.5:81
<VirtualHost 192.168.1.5:81>
        ServerAdmin proxy.server.com
        DocumentRoot /var/www/html
        DirectoryIndex mail.html
        ServerName proxy.server.com
</VirtualHost>


<IfModule mod_proxy.c>
ProxyRequests Off

ProxyPass /mail.html  http://mail.google.com/mail.html
ProxyPassReverse /mail.html  http://mail.google.com/mail.html

(3)    Create 2 html file in /var/www/html  directory
[root@proxy html]# cd /var/www/html/
[root@proxy html]# ll
total 8
-rwxrwxrwx. 1 root root 14 Aug 19 12:01 chat.html
-rwxrwxrwx. 1 root root 14 Aug 19 12:01 mail.html
[root@proxy html]#         


[root@proxy html]# cat chat.html
proxy chating

[root@proxy html]# cat mail.html
proxy mailing
[root@proxy html]#

(4)    Restart the apache service
[root@proxy html]# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

[root@proxy html]#


(C) DNS SERVER:
Please refer DNS blog for DNS server configuration

(1)    Now We have to make entry of google.com  and server.com zones in  /etc/named.conf  file
[root@masterdns named]# vim /etc/named.conf





























(2)    Make changes in forward and reverse zone file
[root@masterdns named]# cd /var/named/
[root@masterdns named]# cat for
$TTL 86400  
@       IN SOA  masterdns.arun.com. root.arun.com. (
                                1      ; serial
                                        3600    ; refresh
                                        1800    ; retry
                                        604800  ; expire
                                        86400   ; minimum
               
)
@               IN      NS      masterdns.arun.com.
@               IN      NS      slavedns.arun.com.
@                            IN           NS          mail.google.com.
@                            IN           NS          chat.google.com.
@                            IN           NS          proxy.server.com.

masterdns       IN      A       192.168.1.4
slavedns        IN      A       192.168.1.2
www                     IN           A             192.168.1.4
mail                        IN           A             192.168.1.3
chat                       IN           A             192.168.1.3
proxy                    IN           A             192.168.1.5
[root@masterdns named]#
[root@masterdns named]# cat rev
$TTL  864000
@       IN SOA  masterdns.arun.com. root.arun.com. (
                                1    ; serial
                                        3600    ; refresh
                                        1800    ; retry
                                        604800  ; expire
                                        86400   ; minimum
)


@               IN      NS      masterdns.arun.com.
@               IN      NS      slavedns.arun.com.
@                            IN           NS          proxy.server.com.
@               IN      PTR     arun.com.
@                            IN           PTR        google.com.
@                            IN           PTR        server.com.       

masterdns       IN      A       192.168.1.4
slavedns        IN      A       192.168.1.2
www                     IN           A             192.168.1.4
mail                        IN           A             192.168.1.3
chat                       IN           A             192.168.1.3
proxy                    IN           A             192.168.1.5

4             IN      PTR     masterdns.arun.com.
2             IN      PTR     slavedns.arun.com.
4                              IN           PTR        www.arun.com.
3                              IN           PTR        mail.google.com.
3                              IN           PTR        chat.google.com.
5                              IN           PTR        proxy.server.com.

(3)    Restart Named  Services
[root@masterdns named]# /etc/init.d/named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
[root@masterdns named]#




(D)  Client :
IP Address: 192.168.1.1































(2)Now if we Access Proxy server then Proxy Server Redirect Request to Web server and we get web pages of Web Server.

(2.1) From IP

















(2.2) From Name

















Tuesday, 11 August 2015

MASTER-SLAVE DNS CONFIGURATION

MASTER-SLAVE DNS 
Primary Or Master DNS Server details:
 IP Address:        192.168.1.4
HostName:         masterdns.arun.com

Secondary Or Slave DNS Server details:
 IP Address:        192.168.1.2
HostName:         slavedns.arun.com

Primary DNS Configuration
(1)    [root@masterdns ~]# yum install bind* -y

(2)    [root@masterdns ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 192.168.1.4; 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.1.0/24; }; # IP Range of allow Hosts
        allow-transfer  { localhost; 192.168.1.2; }; # Slave IP
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone"arun.com" IN {
type master;
file "for";
allow-update { none; };
};
zone"1.168.192.in-addr.arpa" IN {
type master;
file "rev";
allow-update { none; };
};
zone"google.com" IN {
type master;
file "for";
allow-update { none; };
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key"





(3)    Creat the For and Rev Zone files as mentioned in named.conf

[root@masterdns ~]# cd /var/named/
[root@masterdns named]# ll
total 40
drwxr-x--- 6 root  named 4096 Jun 18 10:18 chroot
drwxrwx--- 2 named named 4096 Aug 10 17:34 data
drwxrwx--- 2 named named 4096 Aug 11 16:46 dynamic
-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
drwxrwx--- 2 named named 4096 Jun  4  2012 slaves
[root@masterdns named]#

FORWARD ZONE :
[root@masterdns named]# cp named.localhost for
[root@masterdns named]# vim for
$TTL 86400
@       IN SOA  masterdns.arun.com. root.arun.com. (
                                201506187      ; serial
                                        3600    ; refresh
                                        1800    ; retry
                                        604800  ; expire
                                        86400   ; minimum

)
@               IN      NS      masterdns.arun.com.
@               IN      NS      slavedns.arun.com.
@               IN      NS      mail.google.com.
@               IN      NS      chat.google.com.

masterdns       IN      A       192.168.1.4
slavedns        IN      A       192.168.1.2
www             IN      A       192.168.1.4
mail            IN      A       192.168.1.3
chat            IN      A       192.168.1.3

RESERVE ZONE:
[root@masterdns named]# cp named.loopback rev
[root@masterdns named]# vim rev

$TTL  864000
@       IN SOA  masterdns.arun.com. root.arun.com. (
                                201506187    ; serial
                                        3600    ; refresh
                                        1800    ; retry
                                        604800  ; expire
                                        86400   ; minimum
)


@               IN      NS      masterdns.arun.com.
@               IN      NS      slavedns.arun.com.
@               IN      PTR     arun.com.
@               IN      PTR     google.com.

masterdns       IN      A       192.168.1.4
slavedns        IN      A       192.168.1.2
www             IN      A       192.168.1.4
mail            IN      A       192.168.1.3
chat            IN      A       192.168.1.3

4             IN      PTR     masterdns.arun.com.
2             IN      PTR     slavedns.arun.com.
4               IN      PTR     www.arun.com.
3               IN      PTR     mail.google.com.
3               IN      PTR     chat.google.com.

(4)    Change the group to the named
[root@masterdns named]# chgrp named rev
[root@masterdns named]# chgrp named for
[root@masterdns named]# ls -l
total 40
drwxr-x--- 6 root  named 4096 Jun 18 10:18 chroot
drwxrwx--- 2 named named 4096 Aug 10 17:34 data
drwxrwx--- 2 named named 4096 Aug 11 16:46 dynamic
-rw-r----- 1 root  named  718 Aug 11 01:45 for
-rw-r----- 1 root  named 1892 Feb 18  2008 named.ca
-rw-r----- 1 root  named  152 Dec 15  2009 named.empty
-rw-r----- 1 root  named  152 Jun 21  2007 named.localhost
-rw-r----- 1 root  named  168 Dec 15  2009 named.loopback
-rw-r----- 1 root  named  932 Aug 11 01:45 rev
drwxrwx--- 2 named named 4096 Jun  4  2012 slaves
[root@masterdns named]#

(5)    Then we need to check the Context of the files under
[root@masterdns ~]# ls -lZd /etc/named.conf
-rw-r-----. root named system_u:object_r:named_conf_t:s0 /etc/named.conf
/etc/named.conf
(6)    If its Different than this then we need to restore the context using
[root@masterdns named]#  restorecon /etc/named.conf

(7)    Now we need to Check for the Error in the conf file and Zone file
[root@masterdns named]# named-checkzone arun.com /var/named/for
zone arun.com/IN: loaded serial 201506187
OK
root@masterdns named]# named-checkzone 1.168.192.in-addr.arpa /var/named/rev
zone 1.168.192.in-addr.arpa/IN: loaded serial 201506187
OK
(8)    Start the DNS Service
[root@masterdns named]# /etc/init.d/named restart
Stopping named: .                                          [  OK  ]
Starting named:                                            [  OK  ]
[root@masterdns named]#

(9)    Make Changes in /etc/resolv.conf
[root@masterdns named]# vim /etc/resolv.conf
nameserver 192.168.1.4

(10) Check the working og DNS server
[root@masterdns named]# nslookup slavedns.arun.com
Server:                 192.168.1.4
Address:              192.168.1.4#53

Name:  slavedns.arun.com
Address: 192.168.1.2

[root@masterdns named]# nslookup masterdns.arun.com
Server:                 192.168.1.4
Address:              192.168.1.4#53

Name:  masterdns.arun.com
Address: 192.168.1.4
Secondary DNS Configuration
(1)    [root@slavedns ~]# yum install bind* -y

(2)    [root@slavedns ~]# vim /etc/named.conf
//
// named.conf
//
// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS
// server as a caching only nameserver (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//

options {
        listen-on port 53 { 127.0.0.1; 192.168.1.2; }; #slave DNS IP
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        allow-query     { localhost; 192.168.1.0/24; };
        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};
zone"arun.com" IN {
type slave;
file "slaves/for";
masters { 192.168.1.4; }; # master DNS IP
};
zone"1.168.192.in-addr.arpa" IN {
type slave;
file "slaves/rev";
masters { 192.168.1.4; }; # master DNS IP
};
include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

(3)    Start the named Service
root@slavedns ~]# /etc/init.d/named restart
Stopping named:                                            [  OK  ]
Starting named:                                            [  OK  ]

(4)    We Don't need to Create the Zone file here, If will be resolved from Master Server While we Start the Named Service

[root@slavedns ~]# cd /var/named/slaves/
[root@slavedns slaves]# ll
total 8
-rw-r--r-- 1 named named 475 Aug 11 17:45 for
-rw-r--r-- 1 named named 626 Aug 11 17:45 rev
[root@slavedns slaves]#

[root@slavedns slaves]# cat for
$ORIGIN .
$TTL 86400      ; 1 day
arun.com                IN SOA  masterdns.arun.com. root.arun.com. (
                                201506187  ; serial
                                3600       ; refresh (1 hour)
                                1800       ; retry (30 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      masterdns.arun.com.
                        NS      slavedns.arun.com.
                        NS      mail.google.com.
                        NS      chat.google.com.
$ORIGIN arun.com.
chat                    A       192.168.1.3
mail                    A       192.168.1.3
masterdns               A       192.168.1.4
slavedns                A       192.168.1.2
www                     A       192.168.1.4


[root@slavedns slaves]# cat rev
$ORIGIN .
$TTL 864000     ; 1 week 3 days
1.168.192.in-addr.arpa  IN SOA  masterdns.arun.com. root.arun.com. (
                                201506187  ; serial
                                3600       ; refresh (1 hour)
                                1800       ; retry (30 minutes)
                                604800     ; expire (1 week)
                                86400      ; minimum (1 day)
                                )
                        NS      masterdns.arun.com.
                        NS      slavedns.arun.com.
                        PTR     arun.com.
                        PTR     google.com.
$ORIGIN 1.168.192.in-addr.arpa.
2                       PTR     slavedns.arun.com.
3                       PTR     mail.google.com.
                        PTR     chat.google.com.
4                       PTR     masterdns.arun.com.
                        PTR     www.arun.com.
chat                    A       192.168.1.3
mail                    A       192.168.1.3
masterdns               A       192.168.1.4
slavedns                A       192.168.1.2
www                     A       192.168.1.4
~       
(5)    Make Changes in /etc/resolv.conf
[root@masterdns named]# vim /etc/resolv.conf
nameserver 192.168.1.2

(6)    Now check the Slave DNS Working

[root@slavedns slaves]# nslookup slavedns.arun.com
Server:                 192.168.1.2
Address:              192.168.1.2#53

Name:  slavedns.arun.com
Address: 192.168.1.2

[root@slavedns slaves]# nslookup masterdns.arun.com
Server:                 192.168.1.2
Address:              192.168.1.2#53

Name:  masterdns.arun.com
Address: 192.168.1.4

[root@slavedns slaves]#