Posts Tagged ‘nginx’

Hunchentoot Webserver and Application Security

December 22, 2010

I had the opportunity to have the security of the Hunchentoot lisp web server set-up, from the previous post, and a web application using Hunchentoot reviewed by a reputable firm. In short this is what they had to say:

“it would appear that the server administrators should be commended for their network-level hardening of the target system”

Its not a hundred percent clean bill of health because only automated testing was used with some manual interventions to validate the auto testing.

(more…)

Lisp Web Server From Scratch using Hunchentoot and Nginx

November 9, 2010

**************************I tried my setup on Ubuntu 13.10 server and had some issues so I decided to update this article, unfortunately I dont have the time to rewrite it so I am just hacking the bits that where issues on Ubuntu 13.10**********************

So you want your own lisp web server to hack away at but where do you start? Well don’t despair, what follows is a recipe for getting such a server running in no time. (Don’t worry you won’t be coding it from scratch you will be building it with a “software lego” set.)

Much of what you will see here was taken from different websites especially these two great articles http://blog.ponto-dot.com/2010/08/15/setting-up-common-lisp-on-a-web-server and http://blog.ponto-dot.com/2009/08/18/hunchentoot-behind-proxy-server. These articles do a better job of explaining what is afoot than my posting here. Please do go to these articles and show your appreciation for the hard work that went into them by leaving a comment.

All that I am doing is giving you an A to Z recipe in one place to get you going.

There are a lot of good articles in the slicehost articles collection as well that are worth a read on their own if you want to understand more about the iptables and stuff.

(more…)

Slicehost – Ubuntu 10.10 Mail Server from Scratch

November 9, 2010

Its been a while since I posted, work keeps on interfering, but since I last posted I was forced to move to a new virtual hosting company. VPSLink just did not cut it any more so I moved to Slicehost and am very happy with them thus far. So since I was moving I decided that it was time to update my Mail Server from Scratch recipe.

You know the song by now, I am not an expert, but I found that the following steps worked for me… etc … etc

This post is a simple recipe for getting the job done, it is most likely not the best way of doing it but it works. The problem with this type of recipe approach is that the “why for’s” and the “where for’s” are minimal or non existent. Any comments and/or corrections are more than welcome.

What this exercise leaves us with in the end of the day is a mail server that can handle multiple domains and email addresses. The domain and user data is stored in an postgresql database while the actual mails end up in special directory.

We will not only be able to administer the mail server from a web interface but the email account holders will be able to access their mail via a web interface. To do this we use Ubuntu 10.10, postfix, postfix-admin, dovecot, roundcube, postgresql and nginx.

This is a copy/paste job that I put together some of it from tutorials and some of it I hacked together as I set up a test server to actually try it. In this process I some times went back to fix or change stuff in this post and ended up fluffing some of it. So I will keep on cleaning it up as I find errors or errors are pointed out to me.

(more…)

VPSLink – Ubuntu 9.4 Mail Server from Scratch

March 2, 2010

Like in so many of my other posts I have to state that I am not an expert on this subject. Then why am I posting about it at all you might be asking! Its simple, the experts usually give us just enough info to hang ourselves. Yeah thats right, they make it look simple enough that we consider trying it and then leave out just enough “obvious” info to get us into trouble. To be fair I don’t think they do it on purpose they just forget that the obvious is all but obvious to the poor newbie.

Well after that little poke I have to add that there are some prerequisites to being able to use this little recipe of mine. You need to be able to read…hehehe …sorry bad joke. You need to be able to use vi or nano at least.

This post is a simple recipe for getting the job done, it is most likely not the best way of doing it but it works. The problem with this type of recipe approach is that the “why for’s” and the “where for’s” are minimal or non existent. Any comments and/or corrections are more than welcome.

What this exercise leaves us with in the end of the day is a mail server that can handle multiple domains and email addresses. The domain and user data is stored in an postgresql database while the actual mails end up in special directory.

We will not only be able to administer the mail server from a web interface but the email account holders will be able to access their mail via a web interface. To do this we use Ubuntu 9.4, postfix, postfix-admin, dovecot, roundcube, postgresql and nginx.

(more…)

Hunchentoot Virtual Hosts with nginx

August 5, 2009

(This posting is dated have a look at https://zaries.wordpress.com/2010/11/09/lisp-web-server-from-scratch-using-hunchentoot-and-nginx/ for a newer approach)

I looked at a couple of options to do virtual hosts with hunchentoot, but eventually I settled on nginx. It might not be the best solution but it does what i need with minimal effort. (I did not have to read and understand the source code to be able to use it or compile it or patch it or any of those nasty things that causes you to pull your hair out trying to remember or repeat it some other time.)

My setup is as follows. I have a vps server that is starting up sbcl in a screen session that loads one instance of hunchentoot. For me to be able to run multiple sites (same file names (NOT SAME FILES)) from the one instance of hunchentoot I used a prefix of the site name to differentiate individual sites. No its not greek.

Example:
http://localhost:8090/my-site/home.html
http://localhost:8090/my-other-site/home.html

(No I am not running huncnetoot on port 80 because that would cause me to pull out more hair.)

These then have to translate to domains like http://www.mysite.com (http://localhost:8090/my-site/) and http://www.myothersite.com (http://localhost:8090/my-other-site/).

I am not going to go into how to setup hunctentoot, there are plenty of tutorials on that subject, thou I would advise going the clbuild route.

Here is how I installed nginx on Ubuntu 9.04.

1. sudo apt-get nginx
(Yes I know it might not be the latest version but it will only serve as a reverse proxy and that part works fine.)

2. sudo gedit /etc/nginx/sites-available/default

I deleted all the stuff that was in there and replaced it with the following

server {
        #The port nginx must listen on
        listen   80;

        #The name of the domain to route
        server_name  www.mydomainname.co.za;

        #To default to the home page from  www.mydomainname.co.za;
        rewrite ^(.*)/$ $1/home.html;

        location / {
            #Where to route the listed domains too...in our case hunchnetoot
            proxy_pass http://localhost:8090/my-site/;

            #Some more config stuff if you want it. This can be moved to /etc/nginx/proxy.conf and 
            #the following line can replace everything up to proxy_buffers:
            # include /etc/nginx/proxy.conf;
            proxy_redirect          off;
            proxy_set_header        Host            $host;
            proxy_set_header        X-Real-IP       $remote_addr;
            proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
            client_max_body_size    10m;
            client_body_buffer_size 128k;
            proxy_connect_timeout   90;
            proxy_send_timeout      90;
            proxy_read_timeout      90;
            proxy_buffers           32 4k;
        }
       
        #This is needed to handle the links to all the images,stylesheets and javascript files 
        #This was also the bit that was missing from all the other examples I found. 
        location /mu-site/ {
                proxy_pass http://localhost:8090/my-site/;
        }
}

server {     
        listen   80;
        server_name  www.myotherdomain.co.za;

        rewrite ^(.*)/$ $1/home.html;
        location / {
            proxy_pass http://localhost:8090/my-other-site/;
        }
       
        location /my-other-site/ {
                proxy_pass http://localhost:8090/my-other-site/;
        }
}

Save and start nginx with sudo /etc/init.d/nginx start.

Now go to your favourate browser and browse for http://www.mysite.com or what ever you used as you domain.

PS: If anybody can give me an example of how to use hunchentoot-vhost to do the same I would really appreciate it.