Brian Pontarelli
Archive for the ‘Linux’ Category.
I opened a new Google Code project to manage the scripts I wrote that allow multiple instances of Tomcat to be run on Ubuntu. These scripts are now fully open source (more so than before I guess) and available to everyone. They are also more up-to-date than they were in my previous blog post about them.
Anyways, here’s the project link:
http://code.google.com/p/debian-tomcat-scripts/
You can check them out from SubVersion or browse them online. Enjoy!
I’m setting up a shared database server in a data center and I don’t have any direct connections between the machines that are local (i.e. meaning they only connect between boxes and don’t let external traffic in), no firewalls, no routes or any networking goodies. These machines only have a single ethernet card that accepts connections from anywhere. So, my concern is that my new database server needs to allow the other servers in the cluster access to MySQL without opening it up to everyone in the world, which might allow hackers access. Instead, I want to lock things down so that only certain machines can connect to MySQL and everyone else is rejected.
In order to pull this off, I’m making use of iptables, which allow me to control how IP packets are handled by the kernel. There are loads of materials out there on iptables, so I won’t go into how it works exactly. Instead, I’ll just show you all how I did it. All these commands are run as root (via sudo or as root directly):
$ iptables -A INPUT -s <ip-of-current-box> -p tcp --dport 3306 -j ACCEPT $ iptables -A INPUT -s <ip-of-other-box> -p tcp --dport 3306 -j ACCEPT $ iptables -A INPUT -p tcp --dport 3306 -j DROP
This allows access on port 3306 (MySQL default) to only two IP addresses and drops all other traffic on the floor. I can add as many IPs as I want by repeating the second command with a different IP.
Found a way to do this in a single line. Works nicely.
eval "last=\\${$#}"
No dist upgrade. On Ubuntu (debian):
update-manager -c
On all the rest:
want the latest and greatest? Good luck dude!
Looks like Gusty (or something) changes some of the installation for Tomcat 5.5 and it requires some work to get back to normal. Here’s my changes thus far:
sudo rm /usr/share/tomcat5.5/common/endorsed/* cd /usr/share/tomcat5.5/common/lib sudo apt-get install libmysql-java sudo ln -s /usr/share/java/mysql-connector-java.jar
This fist off removes the bad XML jar files that Tomcat is setup with in its endorsed directory. These assume that you only need a subset of JAXP and don’t provide everything (i.e. XSLT). You could also symlink to the rest of the XML jars in /usr/share/java such as xalan2.jar, but I find that the bundled JAXP in the JDK (sun-java6-*) work much better.
The second part symlinks in MySQL drivers into the main installation. This is required if you are going to be setting up JDBC connection pools inside the Tomcat contexts to a MySQL database.
These are it thus far, but if I find more I’ll update this.