Posts Tagged ‘apache’

Troubleshooting “server-manager” in SME Server

Friday, November 19th, 2010

Originally this post was going to document my troubleshooting of my login problem with the web based administrative interface of SME Server 7 after my bare (virtual) metal restore. In the end, I gave up fixing the problem, and did the upgrade via CD to SME Server 8 beta 6.  This didn’t turn out to be an easy fix, and I also had my eye on some nice benefits to upgrading to SME8, such as PHP5 and MySQL5 (finally!)

The following now serves as a review of how I think the “server-manager” interface is delivered in SME’s architecture.  It’s elegant, but complex.

The exact error was:

Forbidden
You don’t have permission to access /server-manager on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

Unfortunately, I just didn’t know how to troubleshoot this error.  A lot of the problem was that SME is more complex than your normal web server do to  security precautions.

This is how I think the “server-manager” GUI is hosted:

  • You normally go to https://192.168.81.1/server-manager (or whatever your server’s local IP is)
  • The web server, “httpd”, which runs as user www and group www (which I assume has minimal permissions) then reverse proxies to a second httpd process, httpd-admin
  • The second Apache server, httpd-admin, runs on port 980, and runs as user admin and group admin.
  • The 2nd web server has it’s own configuration files.
  • The web scripts are in this folder: /etc/e-smith/web/panels/manager/
  • On a fresh install, the Linux admin user is group id 101, and the admin group is id 101 (my restored server had a different group id)

Automatic Upgrade Feature of WordPress Without FTP

Saturday, September 5th, 2009

I was intrigued by the automatic update feature of recent (2.7+?) versions of WordPress because I hate upgrades as much as the next guy.  Unfortunately, it didn’t work for all 3 WordPress installs for which I am responsible.

There’s a new security issue for WordPress, so I spent some time trying to figure out how to get the update feature to work.  When I attempted the update in the WordPress Admin section, it requested my FTP login settings.  Well, I don’t use FTP for maintaining these blogs.

Fortunately, it turns out that WordPress will only require FTP permissions if the file permissions are configured in a compatible manner.

This post cleared it up:

http://robspencer.net/auto-update-wordpress-without-ftp/

The gist is to set the owner of the WordPress files to the same user as the process that runs Apache.  Running a basic chown command did the trick!

Now I just have to research to make sure that this makes sense from a security standpoint…

I hate banning IP addresses…

Sunday, July 6th, 2008

Today I noticed that one IP address has been using wget, a command line tool for grabbing web pages, to get random words from unique-names.com’s random word fetcher about once per second.  I’m not sure how long this has been going on, but I have stopped it today.

The way to ban an IP address on a single website on an Apache web server turned out to be easier than I expected.  Just edit .htaccess and add two lines similar to this:

# banned IPs
deny from 123.12.1.2

Actually, the line starting with a # sign is optional, that’s a comment in the .htaccess.

That’s it.

As for who was trying to use the Naque for Unique Names nefariously?  I’m not sure who it was, or what was the purpose.  Whoever it is, if you read this, and if it was for something reasonably worthwhile (i.e. not SPAM), then drop me a line and ask for permission.  Until then, you’re banned from the site.