Running VS Code on Linux

Curtsy/ Original post: https://code.visualstudio.com/docs/setup/linux

Running VS Code on Linux

Installation

  1. Download Visual Studio Code for your distribution, .deb for Debian-based distributions such as Ubuntu or .rpm for Red Hat-based distributions such as Fedora or CentOS. Note that 32-bit binaries are also available on the download page.
  2. Install the package through a GUI package manager by double clicking on the package file, or through the command line:
 # For .deb
 sudo dpkg -i <file>.deb
 # install dependencies
 sudo apt-get install -f

 # For .rpm (Fedora 21 and below)
 sudo yum install <file>.rpm

 # For .rpm (Fedora 22 and above)
 sudo dnf install <file>.rpm
  1. VS Code should now be available to run through the launcher or the command line by running code.

Tip: Run code . in any folder to start editing files in that folder.

Note:

Visual Studio is tightly integrated with Windows and Developing a .NET application using any language (C# or VB) takes more than just having Wine, and since Wine is not capable enough to provide complete development runtime as .NET in Linux.

If you want to develop software specifically in C#, on Linux, you can use MonoDevelop

Since, you’re asking for Visual Studio 2010 (.NET 4.0), with MonoDevelop, you’ll not be able to develop an app that particularly uses .NET 4, as of now MonoDevelop is in version 3.0.2 (somewhat equivalent to .NET 3.0).

You can still use Windows virtually within Ubuntu, using VirtualBox. And then install Visual Studio there, but still a serious app development is not recommended to be done in Virtualized environment.

Download Visual Studio Code

https://code.visualstudio.com/download

http://www.monodevelop.com/download/

 

Advertisements

Running ASP.NET vNext on CentOS 7

Original post/ Curtsy: http://trydis.github.io/2015/01/06/running-aspvnext-centos7/

Running ASP.NET vNext on CentOS 7

For reference, here are the versions I used:

Mono: 3.10.0
KVM: Build 10017
KRE: 1.0.0-beta1
libuv: commit 3fd823ac60b04eb9cc90e9a5832d27e13f417f78

I created a new VM in Azure and used the image provided by OpenLogic. It contains an installation of the Basic Server packages.

Install Mono

Add the Mono Project GPG signing key:

$ sudo rpm --import "http://keyserver.ubuntu.com/pks/lookup?op=get&search=0x3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF"

Install yum utilities:

$ sudo yum install yum-utils

Add the Mono package repository:

$ sudo yum-config-manager --add-repo http://download.mono-project.com/repo/centos/

Install the mono-complete package:

$ sudo yum install mono-complete

Mono on Linux by default doesn’t trust any SSL certificates so you’ll get errors when accessing HTTPS resources. To import Mozilla’s list of trusted certificates and fix those errors, you need to run:

$ mozroots --import --sync

Install KVM

$ curl -sSL https://raw.githubusercontent.com/aspnet/Home/master/kvminstall.sh | sh && source ~/.kre/kvm/kvm.sh

Install the K Runtime Environment (KRE)

$ kvm upgrade

Running the samples

Install Git:

$ sudo yum install git

Clone the Home repository:

$ git clone https://github.com/aspnet/Home.git
$ cd Home/samples

Change directory to the folder of the sample you want to run.

ConsoleApp

Restore packages:

$ kpm restore

Run it:

$ k run
Hello World

That was easy!

HelloMvc

Restore packages:

$ kpm restore

Run it:

$ k kestrel
System.DllNotFoundException: libdl
(Removed big stack trace)

Ouch, so I went hunting for libdl:

$ sudo find / -name libdl*
/usr/lib64/libdl.so.2
/usr/lib64/libdl-2.17.so

Create symbolic link:

$ sudo ln -s /usr/lib64/libdl.so.2 /usr/lib64/libdl

Run it again:

$ k kestrel
System.NullReferenceException: Object reference not set to an instance of an object
  at Microsoft.AspNet.Server.Kestrel.Networking.Libuv.loop_size () [0x00000] in <filename unknown>:0
  at Microsoft.AspNet.Server.Kestrel.Networking.UvLoopHandle.Init (Microsoft.AspNet.Server.Kestrel.Networking.Libuv uv) [0x00000] in <filename unknown>:0
  at Microsoft.AspNet.Server.Kestrel.KestrelThread.ThreadStart (System.Object parameter) [0x00000] in <filename unknown>:0

Progress, but now we need to get libuv working.

Install libuv

$ sudo yum install gcc
$ sudo yum install automake
$ sudo yum install libtool
$ git clone https://github.com/libuv/libuv.git
$ cd libuv
$ sh autogen.sh
$ ./configure
$ make
$ make check
$ sudo make install

Run it again:

$ k kestrel
System.NullReferenceException: Object reference not set to an instance of an object
  at Microsoft.AspNet.Server.Kestrel.Networking.Libuv.loop_size () [0x00000] in <filename unknown>:0
  at Microsoft.AspNet.Server.Kestrel.Networking.UvLoopHandle.Init (Microsoft.AspNet.Server.Kestrel.Networking.Libuv uv) [0x00000] in <filename unknown>:0
  at Microsoft.AspNet.Server.Kestrel.KestrelThread.ThreadStart (System.Object parameter) [0x00000] in <filename unknown>:0

I knew it had to be a path issue or something, so I went hunting for libuv:

$ sudo find / -name libuv.so
/home/trydis/libuv/.libs/libuv.so
/usr/local/lib/libuv.so

I then checked the library name Kestrel was looking for on Linux here and based on that i created a symbolic link:

$ sudo ln -s /usr/local/lib/libuv.so /usr/lib64/libuv.so.1

Run it again:

$ k kestrel
Started

Navigate to http://your-web-server-address:5004/ and pat yourself on the back!

HelloWeb

Restore packages:

$ kpm restore

Run it:

$ k kestrel
Started

Navigate to http://your-web-server-address:5004/.

 

Mono Project

http://www.mono-project.com/docs/web/aspnet/

ASP.NET

Mono has an implementation of ASP.NET 2.0, ASP.NET MVC and ASP.NET AJAX.

Quick Resources:

Mono’s ASP.NET implementations supports two kinds of applications:

  • Web Forms (Web Applications infrastructure).
  • Web Services (the SOAP-based RPC system).

Status and tests for ASP.NET 2.0 are available in our ASPTests page.

Running ASP.NET applications

To run your ASP.NET applications with Mono, you have three classes of options:

  • Apache hosting: use mod_mono, a module that allows Apache to serve ASP.NET applications.
  • FastCGI hosting: use the FastCGI hosting if you have a web server that supports the FastCGI protocol (for example Nginx) for extending the server. You also may use a web server that only has support for CGI using cgi-fcgi.
  • XSP: this is a simple way to get started, a lightweight and simple webserver written in C#.

For deploying applications, we recommend the use of the mod_mono or FastCGI approaches, as that will give you all the configuration options and flexibility that come with using Apache or a FastCGI server.

For quickly getting started, get familiar with Mono and ASP.NET, XSP is the ideal solution. Keep in mind that XSP is a very limited server and is only useful to get acquainted with ASP.NET and Mono, it only support HTTP 1.0 and does not provide much extensibility or configuration.

More advaned users can use the HttpListener and the ASP.NET hosting to create their own hosts for ASP.NET applications.

ASP.NET hosting with Apache

The mod_mono Apache module is used to run ASP.NET applications within the Apache web server.

The mod_mono module runs within an Apache process and passes all the requests to ASP.NET applications to an external Mono process that actually hosts your ASP.NET applications. The external ASP.NET host is called “mod-mono-server” and is part of the XSP module.

To use this, you must download and install the mod_mono and xsp components of Mono. mod_mono contains the actual Apache module, and xsp contains the actual ASP.NET hosting engine, both are available from our download page.

See the mod_mono page for details on installation and configuration.

ASP.NET hosting with Nginx

Nginx is a high-performance HTTP server which support running ASP.NET and ASP.NET MVC web applications through FastCGI protocol. See the FastCGI Nginx page for details on installation and configuration.

ASP.NET hosting with XSP

XSP is a standalone web server written in C# that can be used to run your ASP.NET applications with minimal effort. XSP works under both the Mono and Microsoft runtimes. The code is available from our download page (look for XSP web server) or from the git repository (module name: xsp).

The easiest way to start XSP is to run it from within the root directory of your application. It will serve requests on port 8080. Place additional assemblies in the bin directory. Other XSP options can be set on the command line, such as the application directory and the port to listen on.

XSP comes with a set of pages, controls and web services that you can use to test the server and see what ASP.NET looks like.

For example, once you install XSP, you can try some samples like this:

 $ cd /usr/lib/xsp/test
 $ xsp
 Listening on port: 8080
 Listening on address: 0.0.0.0
 Root directory: /home/cvs/mcs/class/corlib/Microsoft.Win32
 Hit Return to stop the server.

You can now browse to http://localhost:8080 and see various sample programs

SSL support in XSP

XSP supports SSL and TLS Client Certificates. For further details about setting it up, see the UsingClientCertificatesWithXSP document.

Configuration

Applications can be configured through the web.config file, the full documentation is available from MSDN, and also a Mono-specific version is available on this site here.

Additionally, you can configure Mono-specific ASP.NET settings (to have applications that behave differently depending on the operating system they are deployed in) using the ASP.NET Settings Mapping engine.

Other extensions

Check out ASP.NET Modules for details on how to support deflate/gzip encodings and authentication.

Debugging

By default xsp and xsp2 run in Release mode, which means that debugging line-number information will not be available in stack traces when errors occur.

To obtain line numbers in stack traces you need to do two things:

  1. Enable Debug code generation in your page. 2. Run Mono with the –debug command line option.

You must enable debug code generation in your page using the Debug=”true” in the top of your page, or setting the compilation flag in Web.config (compilation option).

Use the –debug command line option to Mono, this is done by setting the MONO_OPTIONS environment variable, like this:

$ MONO_OPTIONS=--debug xsp2
Listening on port: 8080 (non-secure)
Listening on address: 0.0.0.0
Root directory: /tmp/us
Hit Return to stop the server.

To do the same with the Apache mod_mono module, use the MonoDebug true directive in your apache configuration file.

Supported Versions

Mono supports ASP.NET 2.0, ASP.NET AJAX and a handful of 3.5 controls.

Limitations

Mono’s ASP.NET does not implement the following features:

  • Precompiled updatable web sites.
  • WebParts APIs.

Work in Progress

git access

Users interested in the latest version of mod_mono and xsp can retrieve these from our public git repository. The module names are mod_mono and xsp respectively. You will also need to check out the mcs module as the System.Web classes are in mcs/class/System.Web.

Designer

There is work in progress on an ASP.NET Designer the designer will eventually be integrated into the MonoDevelop IDE.

How to install squid proxy on centos 6 and 7

How to Install Squid (Caching / Proxy) on CentOS 7

yum clean all

yum -y update

yum -y install squid

squid -h

squid -v

systemctl start squid

systemctl enable squid

systemctl status squid

systemctl stop squid

Proxy LAN Interface

lan-images-proxyfonc

Proxy

Proxy

Yum update

Update yum repositories and packages by typing the below command:

[root@naz ~]# yum update

Install Squid

Install squid package and dependencies using the below command:

[root@naz ~]# yum install squid

squid configuration file

By default squid configuration file “/etc/squid/squid.confwill contains recommended minimum configuration  and squid caching feature will work without making any changes .

Now start squid service

[root@naz ~]# service squid start

and type this below command to start squid service automatically while booting.

[root@naz ~]# chkconfig –levels 235 squid on

Setup your web browser to access Internet through proxy server on port 3128

IE : Tools » Internet options »Connections » LAN settings » Choose “Use a proxy server for your LAN” » Type your Proxy server ip (192.168.1.11 ) and port no 3128

Firefox : Options / Preferences » Advanced » Network » Settings » Choose “Manual proxy configuration ” » Type your Proxy server ip (192.168.1.11 ) and port no 3128

Browse some sites and check the access log file on proxy server

[root@naz ~]# cat /var/log/squid/access.log

1343759484.331   1828 192.168.1.15 TCP_MISS/200 7005 GET http://www.krizna.com/ – DIRECT/216.172.163.231 text/html

1343759484.645    265 192.168.1.15 TCP_MISS/304 477 GET http://platform.twitter.com/widgets.js – DIRECT/23.64.79.144 application/javascript

1343759484.681    309 192.168.1.15 TCP_MISS/304 839 GET http://apis.google.com/js/plusone.js – DIRECT/173.194.36.36 –

Troubleshooting

If you not able to browse using proxy settings , Disable the firewall ( iptables ) and selinux service on your squid proxy server .

  1. Disable firewall ( Iptables ) »

[root@naz ~]# service iptables stop

[root@naz ~]# chkconfig iptables off

  1. Disable Selinux »

open the file /etc/selinux/config and find the line

SELINUX=enforcing

and replace with

SELINUX=disabled

now reboot the server

Configure squid proxy as web filter

You can restrict user access to particular websites or keywords using access control lists (ACLs) .

» Restricting Access to specific web sites :

For example , we can see how to block facebook.com and gmail.com .

Step 1 » create a file ( /etc/squid/blockedsites.squid ) and add the site names one per line.

[root@naz ~]# cat /etc/squid/blockedsites.squid

#blocked sites

http://www.facebook.com

http://www.gmail.com

Step 2 » Open the /etc/squid/squid.conf and create a new acl ” blocksites” and acl type “dstdomain” in the acl section like the below .

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

# ACL blocksites

acl blocksites dstdomain “/etc/squid/blockedsites.squid”

and add the following line “http_access deny blocksites” to http_section to deny the access to the acl “blocksites” .

# Recommended minimum Access Permission configuration:

# Only allow cachemgr access from localhost

http_access allow manager localhost

# Deny access to blocksites ACL

http_access deny blocksites

Now restart squid service

[root@naz ~]# service squid restart

Try to access facebook.com in your browser

Try to access facebook.com in your browser. and check the log file you can see the facebook request is denied .

[root@naz ~]# tail -f /var/log/squid/access.log

………………………………………………………………………

1343820985.542      1 192.168.1.15 TCP_DENIED/403 4255 GET http://www.facebook.com/ – NONE/- text/html

Restricting Access to specific keywords

create a file ( /etc/squid/blockkeywords.squid ) and add the keywords one per line.

[root@naz ~]# cat /etc/squid/blockkeywords.squid

#blocked keywords

sex

porn

xxx

Open the /etc/squid/squid.conf and create a new acl “blockkeywords” and acl type “url_regex” in the acl section

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

# ACL blocksites

acl blocksites dstdomain “/etc/squid/blockedsites.squid”

# ACL blockkeywords

acl blockkeywords url_regex -i “/etc/squid/blockkeywords.squid”

and add the following line “http_access deny blockkeywords” to http_section to deny the access to the acl “blockkeywords” .

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

# Deny access to blocksites ACL

http_access deny blocksites

# Deny access to blockkeywords ACL

http_access deny blockkeywords

Restricting Access to specific Ipaddress

create a file ( /etc/squid/blockip.squid ) and add the ip adresses one per line.

[root@naz ~]# cat /etc/squid/blockip.squid

#blocked ips

192.168.1.20

192.168.1.21

Open the /etc/squid/squid.conf and create a new acl “blockip” and acl type “src” in the acl section

acl Safe_ports port 488         # gss-http

acl Safe_ports port 591         # filemaker

acl Safe_ports port 777         # multiling http

acl CONNECT method CONNECT

# ACL blocksites

acl blocksites dstdomain “/etc/squid/blockedsites.squid”

# ACL blockkeywords

acl blockkeywords url_regex -i “/etc/squid/blockkeywords.squid”

# ACL blockip

acl blockip src “/etc/squid/blockip.squid”

and add the following line “http_access deny blockip” to http_section to deny the access to the acl “blockip” .

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

# Deny access to blockip ACL

http_access deny blockip

# Deny access to blocksites ACL

http_access deny blocksites

# Deny access to blockkeywords ACL

http_access deny blockkeywords

Allow Full access to specific Ipaddress

You can allow specific ip address to gain full access without blocking sites and keywords . just create a file “/etc/squid/allowip.squid ” and add the ip address one per line and create an acl “allowip”  and acl type “src” in the acl section

# ACL allowip

acl allowip src “/etc/squid/allowip.squid“

and add the “allowip” in the http_access as below

# Recommended minimum Access Permission configuration:

#

# Only allow cachemgr access from localhost

http_access allow manager localhost

# Deny access to blockip ACL

http_access deny blockip

# Deny access to blocksites ACL

http_access deny blocksites !allowip

# Deny access to blockkeywords ACL

http_access deny blockkeywords !allowip

Changing squid proxy port number

You can change squid proxy port number , by default it uses 3128 port .

Just find the below line in “/etc/squid/squid.conf”

http_port 3128

and replace with

http_port 8000 # whatever port number you want

Restricting Download size

You can restrict download file size using reply_body_max_size .

Add the below line at the bottom of the http_access section

#Restrict download size

reply_body_max_size 10 MB all

or

#Restrict download size

reply_body_max_size 10 MB !allowip

Configuring Squid as Transparent Proxy

You can configure squid as transparent proxy .

Step 1 » just find the below line

# Squid normally listens to port 3128

http_port 3128

and replace with

# Squid normally listens to port 3128

http_port 3128 intercept

just run the script

[root@naz ~]# sh /root/squidfw.sh

and add the below line to “/etc/rc.local” to run the script during startup

sh /root/squidfw.sh

Step 4 (Updated) » Change default gateway ip to squid server ip on the user machines .

Now users can access Internet without setting proxy in the browser settings.

That’s it , hope this article will help you to learn little things about configuring squid proxy on centos 6.

References

How to install squid proxy on centos 6

Sharing Files between CentOS 6 and Windows Systems with Samba

Original Post: http://www.techotopia.com/index.php/Sharing_Files_between_CentOS_6_and_Windows_Systems_with_Samba http://www.server-world.info/en/note?os=CentOS_6&p=samba
https://rajivpandit.wordpress.com/2013/08/03/create-a-share-folder-in-centos-6-4-and-share-to-window-7-or-other-samba-clients/

[1] Configure Samba.
[root@lan ~]#

yum -y install samba

[root@lan ~]#

mkdir /home/share

[root@lan ~]#

chmod 777 /home/share
[root@lan ~]#

vi /etc/samba/smb.conf
# near line 58: add follows
unix charset = UTF-8
# line 75: change (Windows’ default)

workgroup =

WORKGROUP
# line 81: uncomment and change IP address you allow

hosts allow = 127.

10.0.0.
# line 102: change (no auth)

security =

share
# add follows to the end
[Share]

# any name you like

path = /home/share

# shared directory

writable = yes

# writable

guest ok = yes

# guest OK

guest only = yes

# guest only

create mode = 0777

# fully accessed

directory mode = 0777

# fully accessed

share modes = yes

su –
/sbin/service smb status
smbd is stopped
# /sbin/service nmb status
nmbd is stopped

If the services are reported as currently running and you have made changes to the smb.conf file it will be necessary to restart the services in order to pick up the changes:

/sbin/service smb restart
/sbin/service nmb restart

If, on the other hand, the services are currently stopped, start them as follows:

/sbin/service smb start
/sbin/service nmb start

[root@lan ~]#

chkconfig smb on

[root@lan ~]#

chkconfig nmb on

Although Linux is increasingly making inroads into the desktop market, its origins are very much server based. It is not surprising therefore that CentOS 6 has the ability to act as a file server. It is also extremely common for CentOS and Windows systems to be used side by side in networked environments. It is a common requirement, therefore, that files on a CentOS 6 system be accessible to Linux, UNIX and Windows based systems over network connections. Similarly, shared folders and printers residing on Windows systems must also be accessible from CentOS based systems.

Windows systems share resources such as file systems and printers using a protocol called Server Message Block (SMB). In order for a CentOS 6 system to serve such resources over a network to a Windows system and vice versa it must, therefore, support SMB. This is achieved using technology called Samba. In addition to providing integration between Linux and Windows systems, Samba may also be used to provide folder sharing between Linux systems (as an alternative to NFS which was covered in the previous chapter).

In this chapter we will look at the steps necessary to share file system resources and printers on a CentOS 6 system with remote Windows and Linux systems.

Contents

Samba and Samba Client

Samba allows both CentOS resources to be shared with Windows systems and Windows resources to be shared with CentOS systems. CentOS accesses Windows resources using a package named samba-client. CentOS resources, on the other hand, are shared with Windows systems using a package named samba. Typically, the samba-client is installed and configured by default allowing the user to browse available Windows resources without any additional work (this is covered later in the chapter). In order to allow a CentOS 6 system to share resources with Windows systems, however, some more work is required.

Installing Samba on a CentOS 6 System

The default settings used during the CentOS 6 installation process do not install the samba package. Unless you specifically requested that Samba be installed it is unlikely that you have Samba installed on your system. To check whether Samba is installed, open a terminal window (Applications -> System Tools -> Terminal) and run the following rpm command:

rpm -q samba

If Samba is installed, the rpm command will generate output similar to the following:

samba-3.5.4-68.el6_0.1.x86_64

If Samba is not installed, rpm will return with “package samba is not installed”. That being the case, it can be installed using the yum command-line tool:

su -
yum install samba

The above command will install both the samba package and the samba-common dependency package.

If you prefer to use the graphical tool to perform the Samba installation, select Applications -> Add/Remove Software, enter the root password if prompted to do so and then perform a search for Samba. When the list of matching packages appears, set the checkbox next to the samba and samba-common packages and click on Apply to initiate the installation.

Configuring the CentOS 6 Firewall to Enable Samba

Next, the firewall currently protecting the CentOS 6 system needs to be configured to allow Samba traffic. To achieve this, run the Firewall Configuration tool by selecting the System -> Administration -> Firewall menu option and select the check box next to Samba in the Trusted Services section of the tool. Click Apply and OK to commit the change.

Before any resources on the CentOS system can be accessed from the Windows systems, however, some additional configuration steps are necessary.

Configuring the smb.conf File

In releases of CentOS prior to version 6, a user friendly graphical tool named system-config-samba was provided to assist in the configuration of Samba. In CentOS 6, however, this tool has been removed. This means that the Samba environment must be configured manually within the /etc/samba/smb.conf file and using the smbpasswd command line tool. Whilst the loss of system-config-samba may be mourned by those who relied on it, the tool’s simplicity actually masked many of the more advanced features of Samba. In practice, much more can be achieved by taking the time to understand the intricacies of the smb.conf file.

Samba is a highly flexible and configurable system that provides many different options for controlling how resources are shared on Windows networks. This flexibility can lead to the sense that Samba is overly complex to work with. In reality, however, many of the configuration options are not needed by the typical installation, and the learning curve to set up a basic configuration is actually quite short.

For the purposes of this chapter we will look at joining a CentOS 6 system to a Windows workgroup and setting up a directory as a shared resource that can be accessed by a specific user.

The first step, therefore, is to gain root privileges and to load the /etc/samba/smb.conf file into a suitable editor, for example:

su –
gedit /etc/samba/smb.conf

Configuring the [global] Section

The smb.conf file is divided into sections. The first section is the [global] section where settings can be specified that apply to the entire Samba configuration. Whilst these settings are global, each option may be overridden within other sections of the configuration file.

The first task is to define the name of the Windows workgroup on which the CentOS 6 resources are to be shared. This is controlled via the workgroup = directive of the [global] section which by default is configured as follows:

workgroup = MYGROUP

Begin by changing this to the actual name of the workgroup. For example, if the workgroup is named WORKGROUP (the default for most Windows networks):

workgroup = workgroup

Configuring a Shared Resource

The next step is to configure a shared resource (in other words a resource that will be accessible from other systems on the Windows network). In order to achieve this, the section is given a name by which it will be referred to when shared. For example, if we plan to share the /tmp directory of our CentOS 6 system, we might entitle the section [tmp]. In this section a variety of configuration options are possible. For the purposes of this example, however, we will simply define the directory that is to be shared, indicate that the directory is browsable and writable and declare the users that are allowed to access the shared resource (in this case a user named demo):

[tmp]
        path = /tmp
        writeable = yes
        browseable = yes
        valid users = demo

Creating a Samba User

Any user that requires access to a Samba shared resource must be configured as a Samba User and assigned a password. This task is achieved using the smbpasswd command line tool. In our example smb.conf file we stated the user demo is entitled to access the /tmp directory of our CentOS 6 system. In order to fulfill this requirement, therefore, we must add demo as a samba user as follows:

# su - 
# smbpasswd -a demo
New SMB password:
Retype new SMB password:
Added user demo.

Now that we have completed the configuration of a very basic Samba server, it is time to test our configuration file and then start the Samba services.

Testing the smb.conf File

The settings in the smb.conf file may be tested using the testparm command line tool as follows:

# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: rlimit_max (1024) below minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[tmp]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions

[global]
        server string = Samba Server Version %v
        log file = /var/log/samba/log.%m
        max log size = 50
        cups options = raw

[homes]
        comment = Home Directories
        read only = No
        browseable = No

[printers]
        comment = All Printers
        path = /var/spool/samba
        printable = Yes
        browseable = No

[tmp]
        path = /tmp
        valid users = demo
        read only = No

Starting the Samba and NetBIOS Name Services on CentOS 6

In order for a CentOS 6 server to operate within a Windows network both the Samba (SMB) and NetBOIS nameservice (NMB) services must be started. To identify if the services are already running, the following command may be executed with root privileges in a terminal window:

su –
/sbin/service smb status
smbd is stopped
# /sbin/service nmb status
nmbd is stopped

If the services are reported as currently running and you have made changes to the smb.conf file it will be necessary to restart the services in order to pick up the changes:

/sbin/service smb restart
/sbin/service nmb restart

If, on the other hand, the services are currently stopped, start them as follows:

/sbin/service smb start
/sbin/service nmb start

Accessing Samba Shares

Now that the Samba resources are configured and the services are running, it is time to access the shared resource from a Windows system. On a suitable Windows system on the same workgroup as the CentOS 6 system, open Windows Explorer and navigate to the Network panel. At this point, explorer should search the network and list any systems using the SMB protocol that it finds. The following figure illustrates a CentOS 6 system named CentOS6 located using Windows Explorer on a Windows 7 system:
Accessing CentOS 6 resources from Windows using Samba
Double clicking on the CentOS 6 host will prompt for the name and password of a user with access privileges. In this case it is the demo account that we configured using the smbpasswd tool. Entering the username and password will result in the shared resources configured for that user appearing the explorer window, including the tmp resource previously configured:
Accessing Samba Servers from Windows
Double clicking on the tmp shared resource will display a listing of the files and directories contained therein.

Accessing Windows Shares from CentOS 6

As previously mentioned, Samba is a two way street, allowing not only Windows systems to access files and printers hosted on a CentOS 6 system, but also allowing the CentOS system to access shared resources on Windows systems. This is achieved using the samba-client package which is installed by default under most CentOS 6 configurations. If it is not currently installed, install it from a Terminal window as follows:

su –
yum install samba-client 

To access any shared resources on a Windows system, begin by selecting the Places -> Network desktop menu option. This will display the Network browser dialog including an icon for the Windows Network (if one is detected) as illustrated in the following figure:
Accessing Windows networks from CentOS 6 using Samba
To obtain a list of Windows workgroups on the network, double click on the Windows Network icon. From within the list of workgroups double click on the desired group to obtain a listing of servers available for access:
Accessing Windows systems from CentOS 6 using Samba
Finally, double clicking on a computer will list the shared resources available for access from the CentOS client.

Summary

In this chapter we have looked at the steps necessary to configure a CentOS 6 system to act as both a Samba client and server allowing the sharing of resources with other systems on a Windows based network. In the case of Samba server configuration in particular we have only scratched the surface of the configuration options available. A full over of Samba would require an entire book. Many such publications and online resources are available if you would like to learn more. Another good place to start is to type man samba in a terminal window.

Howto Setup yum repositories to update or install package from ISO CDROM Image

Original Post: http://www.cyberciti.biz/tips/redhat-centos-fedora-linux-setup-repo.html

yum (Yellow dog Updater Modified) is a package manager for RPM compatible Linux systems such as CentOS, Fedora core and latest Redhat Enterprise Linux.

So how do you use yum to update / install packages from an ISO of CentOS / FC / RHEL CD?

Creation of yum repositories is handled by a separate tool called createrepo, which generates the necessary XML metadata. If you have a slow internet connection or collection of all downloaded ISO images, use this hack to install rpms from iso images.

Step # 1: Mount an ISO file

Type the following command (replace iso file name with the actual iso file):
# yum install createrepo
# mkdir -p /mnt/iso/{1,2,3}
# mount -o loop /path/to/centos1.iso /mnt/iso/1

Step # 2: Create a repository

Use createrepo to generate the necessary XML metadata. Type the following commands:
# cd /mnt/iso
# createrepo .

Clean repo, enter:
# yum clean all

Step # 3: Create config file

You need to create a repo config file in /etc/yum.repos.d/ directory.
# vi /etc/yum.repos.d/iso.repo
Append following text:
[My ISO Repository]
baseurl=file:///mnt/iso
enabled=1

Save and close the changes.

Now use yum command to install packages from ISO images:
# yum install package-name

Original Post: http://www.serverlab.ca/tutorials/linux/administration-linux/use-a-centos-dvdiso-as-a-yum-repository/

Installing Packages From Media

CentOS comes with an existing Yum configuration file for using the installation disc or ISO as a repository. By default this repository is disabled, and for good reason. Before we can use it, we need to both mount the ISO somewhere and then enable the repository.

Mount ISO/DVD

Let’s start off by mounting our installation disc to the filesystem. We’re going to mount it to a new directory called CentOS in the /media directory.

  1. Create directory for mount.
    mkdir /media/CentOS
  2. Load the DVD/ISO.
  3. Mount the disc image to the newly created directory.
    mount /dev/cdrom /media/CentOS -t iso9600 -o loop

Enable the Yum Repository and Install Packages

Our disc is now mounted and now we need to enable the existing repository. This step will actually disable the Internet repositories and enable only the Media repository. For this to work, the disc must be mounted to the directory /media/CentOS.

  1. Enable Media repo and disable all others.
    yum --disablerepo=* --enablerepo=c6-media
  2. Install packages from the disc to your server using yum as you normally would.
    yum install package name

Disable the Yum Repository

After installing the packages, you may want to disable the media repository.

  1. Disable Media repo and enable all others.
    yum --enablerepo=* --disablerepo=c6-media
  2. Alternatively, you can just disable all repositories.<
    yum --disablerepo=*

 

Setup mail server on centos 7 [Email with Postfix, Dovecot and MariaDB on CentOS 7]

Original Post: http://www.krizna.com/centos/setup-mail-server-centos-7/  and https://www.linode.com/docs/email/postfix/email-with-postfix-dovecot-and-mysql-on-centos-7

This article helps you to install and configure basic mail server on Centos 7. Here i have used Postfix for SMTP, Dovecot for POP/IMAP and Dovecot SASL for SMTP AUTH.
Before proceeding please make sure you have assigned static IP for the server and have internet connectivity for installing packages.

Setup mail server on centos 7

1. Installing packages
2. Postfix configuration
3. Dovecot configuration
4. User creation

Installing packages

Step 1 » Assign hostname for the server using the below command.
[root@krizna ~]# hostnamectl set-hostname mail.krizna.com
Step 2 » Make a host entry with your IP in /etc/hosts file.
172.27.0.51 mail.krizna.com
Step 3 » Now start installing packages.
[root@krizna ~]# yum -y install postfix dovecot
After package installation continue with postfix configuration.

Postfix configuration

First create SSL certificate for encryption.
Step 4 » Follow the below steps one by one for creation.
[root@mail ~]# mkdir /etc/postfix/ssl
[root@mail ~]# cd /etc/postfix/ssl
[root@krizna ssl]# openssl genrsa -des3 -out server.key 2048
[root@krizna ssl]# openssl rsa -in server.key -out server.key.insecure
[root@krizna ssl]# mv server.key server.key.secure
[root@krizna ssl]# mv server.key.insecure server.key
Leave blank for A challenge password [] value in the below step.
[root@krizna ssl]# openssl req -new -key server.key -out server.csr
[root@krizna ssl]# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

Step 5 » Now open /etc/postfix/main.cf file for changes.
Find and uncomment the below lines.
#inet_interfaces = localhost #---> line no 116
#mydestination = $myhostname, localhost.$mydomain, localhost #--> line no 164

and add below lines at the end of the file. change myhostname and mydomain values with yours and home_mailbox value to your desired directory. Here it will store mails in the users home directory (Eg: /home/john/mail ).

Step 6 » Open /etc/postfix/master.cf file, add the below lines after “smtp inet n – n – – smtpd” line.

Now check the configuration using postfix check command.
Step 7 » Now configure Dovecot SASL for SMTP Auth. Open /etc/dovecot/conf.d/10-master.conf file, find “# Postfix smtp-auth” line ( line no:95 ) and add the below lines.
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0660
user = postfix
group = postfix
}

Step 8 » Open /etc/dovecot/conf.d/10-auth.conf file, find “auth_mechanisms = plain” ( Line no: 100 ) and add login to the value like below.
auth_mechanisms = plain login
Step 9 » Postfix configuration is over. Now restart both postfix and dovecot services and enable auto start.
[root@mail ~]# systemctl restart postfix
[root@mail ~]# systemctl enable postfix
[root@mail ~]# systemctl restart dovecot
[root@mail ~]# systemctl enable dovecot

Step 10 » Add the firewall rules to allow 25, 587 and 465 ports.
[root@mail ~]# firewall-cmd --permanent --add-service=smtp
[root@mail ~]# firewall-cmd --permanent --add-port=587/tcp
[root@mail ~]# firewall-cmd --permanent --add-port=465/tcp
[root@mail ~]# firewall-cmd --reload
Now start testing connectivity for each ports 25,587 and 465 using telnet and make sure you are getting AUTH PLAIN LOGIN line after issuing ehlo mail.krizna.com command in telnet.
[root@mail ~]# telnet mail.krizna.com 465
Trying 172.27.0.51...
Connected to mail.krizna.com.
Escape character is '^]'.
220 mail.krizna.com ESMTP Postfix
ehlo mail.krizna.com <------- Type this command
250-mail.krizna.com
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-STARTTLS
250-AUTH PLAIN LOGIN
250-AUTH=PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN

Dovecot configuration

Start configuring Dovecot .
Step 11 » Open /etc/dovecot/conf.d/10-mail.conf file, find #mail_location = (line no : 30 ) and add the same directory which is given to home_mailbox in the postfix config file ( Step 5).
mail_location = maildir:~/mail
Step 12 » Open /etc/dovecot/conf.d/20-pop3.conf file, find and uncomment the below line ( line no : 50 ) .
pop3_uidl_format = %08Xu%08Xv
Step 13 » Restart dovecot service.
[root@mail ~]# systemctl restart dovecot
Step 14 » Add firewall rules to allow 110,143,993 and 995.
[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp
[root@mail ~]# firewall-cmd --permanent --add-service=pop3s
[root@mail ~]# firewall-cmd --permanent --add-port=143/tcp
[root@mail ~]# firewall-cmd --permanent --add-service=imaps
[root@mail ~]# firewall-cmd --reload

Check the connectivity for the ports 110,143,993 and 995 using telnet.

User creation

Now create user for testing .
Step 15 » Create user with /sbin/nologin shell to restrict login access.
[root@mail ~]# useradd -m john -s /sbin/nologin
[root@mail ~]# passwd john

Mail server is ready now, Configure user in your mail client and test send/receive.
Setup mail server on centos 7

Also see :
» Setup mail server on ubuntu 14.04
» Setup mail server on centos 6

Email with Postfix, Dovecot and MariaDB on CentOS 7

The Postfix Mail Transfer Agent (MTA) is a high performance open source e-mail server system. This guide will help you get Postfix running on your CentOS 7 Linode, using Dovecot for IMAP/POP3 service, and MariaDB, a drop-in replacement for MySQL, to store information on virtual domains and users.

Prior to using this guide, be sure you have followed the getting started guide and set your hostname. Also ensure that the iptables firewall is not blocking any of the standard mail ports (25, 465, 587, 110, 995, 143, and 993). If using a different form of firewall, confirm that it is not blocking any of the needed ports either.

The steps in this guide require root privileges. Be sure to run the steps below as root or with the sudo prefix. For more information on privileges see our Users and Groups guide.

Install Required Packages

  1. Install any outstanding package updates:
    1
    yum update
    
  2. The version of Postfix included in the main CentOS repository does not include support for MariaDB; therefore, you will need install Postfix from the CentOS Plus repository. Before doing so, add exclusions to the [base] and [updates] repositories for the Postfix package to prevent it from being overwritten with updates that do not have MariaDB support:
    /etc/yum.repos.d/CentOS-Base.repo
    1
    2
    3
    4
    5
    6
    7
    8
    [base]
    name=CentOS-$releasever - Base
    exclude=postfix
    
    #released updates
    [updates]
    name=CentOS-$releasever - Updates
    exclude=postfix
    
  3. Install the required packages:
    1
    2
    yum --enablerepo=centosplus install postfix
    yum install dovecot mariadb-server dovecot-mysql
    

    This installs the Postfix mail server, the MariaDB database server, the Dovecot IMAP and POP daemons, and several supporting packages that provide services related to authentication.

Next, set up a MariaDB database to handle virtual domains and users.

Set up MariaDB for Virtual Domains and Users

  1. Configure MariaDB to start on boot, then start MariaDB:
    1
    2
    systemctl enable mariadb.service
    /bin/systemctl start  mariadb.service
    
  2. Run mysql_secure_installation. You will be presented with the opportunity to change the MariaDB root password, remove anonymous user accounts, disable root logins outside of localhost, remove test databases, and reload privilege tables. It is recommended that you answer yes to these options:
    1
    mysql_secure_installation
    
  3. Start the MariaDB shell:
    1
    mysql -u root -p
    
  4. Create a database for your mail server and switch to it:
    1
    2
    CREATE DATABASE mail;
    USE mail;
    
  5. Create a mail administration user called mail_admin and grant it permissions on the mail database. Please be sure to replace mail_admin_password with a strong password:
    1
    2
    3
    GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost' IDENTIFIED BY 'mail_admin_password';
    GRANT SELECT, INSERT, UPDATE, DELETE ON mail.* TO 'mail_admin'@'localhost.localdomain' IDENTIFIED BY 'mail_admin_password';
    FLUSH PRIVILEGES;
    
  6. Create the virtual domains table:
    1
    CREATE TABLE domains (domain varchar(50) NOT NULL, PRIMARY KEY (domain) );
    
  7. Create a table to handle mail forwarding:
    1
    CREATE TABLE forwardings (source varchar(80) NOT NULL, destination TEXT NOT NULL, PRIMARY KEY (source) );
    
  8. Create the users table:
    1
    CREATE TABLE users (email varchar(80) NOT NULL, password varchar(20) NOT NULL, PRIMARY KEY (email) );
    
  9. Create a transports table:
    1
    CREATE TABLE transport ( domain varchar(128) NOT NULL default '', transport varchar(128) NOT NULL default '', UNIQUE KEY domain (domain) );
    
  10. Exit the MariaDB shell:
    1
    quit
    
  11. Bind MariaDB to localhost (127.0.0.1) by editing /etc/my.cnf, and adding the following to the [mysqld] section of the file:
    /etc/my.cnf
    1
    bind-address=127.0.0.1
    

    This is required for Postfix to be able to communicate with the database server. If you have MariaDB set up to listen on another IP address (such as an internal IP), you will need to substitute this IP address in place of 127.0.0.1 during the Postfix configuration steps. It is not advisable to run MariaDB on a publicly-accessible IP address.

  12. Restart the database server:
    1
    /bin/systemctl restart  mariadb.service
    

Next, perform additional Postfix configuration to set up communication with the database.

Configure Postfix to work with MariaDB

For the next four steps, replace mail_admin_password with the mail_admin password input earlier.

  1. Create a virtual domain configuration file for Postfix called /etc/postfix/mysql-virtual_domains.cf:
    /etc/postfix/mysql-virtual_domains.cf
    1
    2
    3
    4
    5
    user = mail_admin
    password = mail_admin_password
    dbname = mail
    query = SELECT domain AS virtual FROM domains WHERE domain='%s'
    hosts = 127.0.0.1
    
  2. Create a virtual forwarding file for Postfix called /etc/postfix/mysql-virtual_forwardings.cf:
    /etc/postfix/mysql-virtual_forwardings.cf
    1
    2
    3
    4
    5
    user = mail_admin
    password = mail_admin_password
    dbname = mail
    query = SELECT destination FROM forwardings WHERE source='%s'
    hosts = 127.0.0.1
    
  3. Create a virtual mailbox configuration file for Postfix called /etc/postfix/mysql-virtual_mailboxes.cf:
    /etc/postfix/mysql-virtual_mailboxes.cf
    1
    2
    3
    4
    5
    user = mail_admin
    password = mail_admin_password
    dbname = mail
    query = SELECT CONCAT(SUBSTRING_INDEX(email,'@',-1),'/',SUBSTRING_INDEX(email,'@',1),'/') FROM users WHERE email='%s'
    hosts = 127.0.0.1
    
  4. Create a virtual email mapping file for Postfix called /etc/postfix/mysql-virtual_email2email.cf:
    /etc/postfix/mysql-virtual_email2email.cf
    1
    2
    3
    4
    5
    user = mail_admin
    password = mail_admin_password
    dbname = mail
    query = SELECT email FROM users WHERE email='%s'
    hosts = 127.0.0.1
    
  5. Set proper permissions and ownership for these configuration files:
    1
    2
    chmod o= /etc/postfix/mysql-virtual_*.cf
    chgrp postfix /etc/postfix/mysql-virtual_*.cf
    
  6. Create a user and group for mail handling. All virtual mailboxes will be stored under this user’s home directory:
    1
    2
    groupadd -g 5000 vmail
    useradd -g vmail -u 5000 vmail -d /home/vmail -m
    
  7. Complete the remaining steps required for Postfix configuration. Please be sure to replace server.example.com with the Linode’s fully qualified domain name. If you are planning on using your own SSL certificate and key, replace /etc/pki/dovecot/private/dovecot.pem with the appropriate path:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    postconf -e 'myhostname = server.example.com'
    postconf -e 'mydestination = localhost, localhost.localdomain'
    postconf -e 'mynetworks = 127.0.0.0/8'
    postconf -e 'inet_interfaces = all'
    postconf -e 'message_size_limit = 30720000'
    postconf -e 'virtual_alias_domains ='
    postconf -e 'virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, mysql:/etc/postfix/mysql-virtual_email2email.cf'
    postconf -e 'virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf'
    postconf -e 'virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf'
    postconf -e 'virtual_mailbox_base = /home/vmail'
    postconf -e 'virtual_uid_maps = static:5000'
    postconf -e 'virtual_gid_maps = static:5000'
    postconf -e 'smtpd_sasl_type = dovecot'
    postconf -e 'smtpd_sasl_path = private/auth'
    postconf -e 'smtpd_sasl_auth_enable = yes'
    postconf -e 'broken_sasl_auth_clients = yes'
    postconf -e 'smtpd_sasl_authenticated_header = yes'
    postconf -e 'smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination'
    postconf -e 'smtpd_use_tls = yes'
    postconf -e 'smtpd_tls_cert_file = /etc/pki/dovecot/certs/dovecot.pem'
    postconf -e 'smtpd_tls_key_file = /etc/pki/dovecot/private/dovecot.pem'
    postconf -e 'virtual_create_maildirsize = yes'
    postconf -e 'virtual_maildir_extended = yes'
    postconf -e 'proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains $relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps $recipient_canonical_maps $relocated_maps $transport_maps $mynetworks $virtual_mailbox_limit_maps'
    postconf -e 'virtual_transport = dovecot'
    postconf -e 'dovecot_destination_recipient_limit = 1'
    
  8. Edit the file /etc/postfix/master.cf and add the Dovecot service to the bottom of the file:
    /etc/postfix/master.cf
    1
    2
    dovecot   unix  -       n       n       -       -       pipe
        flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient}
    
  9. Configure Postfix to start on boot and start the service for the first time:
    1
    2
    systemctl enable postfix.service
    /bin/systemctl start  postfix.service
    

This completes the configuration for Postfix.

Configure Dovecot

  1. Move /etc/dovecot/dovecot.conf to a backup file:
    1
    mv /etc/dovecot/dovecot.conf /etc/dovecot/dovecot.conf-backup
    
  2. Copy the following into the now-empty dovecot.conf file, substituting your system’s domain name for example.com in line 37:
    /etc/dovecot/dovecot.conf
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    protocols = imap pop3
    log_timestamp = "%Y-%m-%d %H:%M:%S "
    mail_location = maildir:/home/vmail/%d/%n/Maildir
    
    ssl_cert_file = /etc/pki/dovecot/certs/dovecot.pem
    ssl_key_file = /etc/pki/dovecot/private/dovecot.pem
    
    namespace {
        type = private
        separator = .
        prefix = INBOX.
        inbox = yes
    }
    
    service auth {
        unix_listener auth-master {
            mode = 0600
            user = vmail
        }
    
        unix_listener /var/spool/postfix/private/auth {
            mode = 0666
            user = postfix
            group = postfix
        }
    
    user = root
    }
    
    service auth-worker {
        user = root
    }
    
    protocol lda {
        log_path = /home/vmail/dovecot-deliver.log
        auth_socket_path = /var/run/dovecot/auth-master
        postmaster_address = postmaster@example.com
    }
    
    protocol pop3 {
        pop3_uidl_format = %08Xu%08Xv
    }
    
    passdb {
        driver = sql
        args = /etc/dovecot/dovecot-sql.conf.ext
    }
    
    userdb {
        driver = static
        args = uid=5000 gid=5000 home=/home/vmail/%d/%n allow_all_users=yes
    }
    
  3. MariaDB will be used to store password information, so /etc/dovecot/dovecot-sql.conf.ext must be created. Insert the following contents into the file, making sure to replace mail_admin_password with your mail password:
    /etc/dovecot/dovecot-sql.conf.ext
    1
    2
    3
    4
    driver = mysql
    connect = host=127.0.0.1 dbname=mail user=mail_admin password=mail_admin_password
    default_pass_scheme = CRYPT
    password_query = SELECT email as user, password FROM users WHERE email='%u';
    
  4. Restrict access to the file by changing the permissions to allow users in the dovecot group to access it, while denying access to others:
    1
    2
    chgrp dovecot /etc/dovecot/dovecot-sql.conf.ext
    chmod o= /etc/dovecot/dovecot-sql.conf.ext
    
  5. Configure Dovecot to start on boot, and start it for the first time:
    1
    2
    systemctl enable dovecot.service
    /bin/systemctl start  dovecot.service
    
  6. Now check /var/log/maillog to make sure Dovecot started without errors. Your log should have lines similar to the following:
    /var/log/maillog
    1
    2
    3
    Mar 18 17:10:26 localhost postfix/postfix-script[3274]: starting the Postfix mail system
    Mar 18 17:10:26 localhost postfix/master[3276]: daemon started -- version 2.10.1, configuration /etc/postfix
    Mar 18 17:12:28 localhost dovecot: master: Dovecot v2.2.10 starting up for imap, pop3 (core dumps disabled)
    
  7. Test your POP3 server to make sure it’s running properly:
    1
    2
    yum install telnet
    telnet localhost pop3
    
  8. The terminal should output results similar to the following:
    1
    2
    3
    4
    Trying 127.0.0.1...
    Connected to localhost.localdomain.
    Escape character is '^]'.
    +OK Dovecot ready.
    
  9. Enter the command quit to return to your shell. This completes the Dovecot configuration. Next, you’ll make sure aliases are configured properly.

Configure Mail Aliases

  1. Edit the file /etc/aliases, making sure the postmaster and root directives are set properly for your organization:
    /etc/aliases
    1
    2
    postmaster: root
    root: postmaster@example.com
    
  2. Update aliases and restart Postfix:
    1
    2
    newaliases
    /bin/systemctl restart  postfix.service
    

This completes alias configuration. Next, test Postfix to make sure it’s operating properly.

Testing Postfix

  1. Test Postfix for SMTP-AUTH and TLS:
    1
    telnet localhost 25
    
  2. While still connected, issue the following command:
    1
    ehlo localhost
    
  3. You should see output similar to the following:
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    250-hostname.example.com
    250-PIPELINING
    250-SIZE 30720000
    250-VRFY
    250-ETRN
    250-STARTTLS
    250-AUTH PLAIN
    250-AUTH=PLAIN
    250-ENHANCEDSTATUSCODES
    250-8BITMIME
    250 DSN
    
  4. Issue the command quit to terminate the Postfix connection.

Next, populate the MariaDB database with domains and email users.

Set Up and Test Domains and Users

Before continuing, modify the DNS records for any domains that you wish to handle email by adding an MX record that points to your mail server’s fully qualified domain name. If MX records already exist for a domain you would like to handle the email for, either delete them or set them to a higher priority number than your mail server. Smaller priority numbers indicate higher priority for mail delivery, with “0” being the highest priority.

In the following example, the MariaDB shell is used to add support for the domain “example.com”, which will have an email account called “sales”.

  1. Log into the MariaDB shell:
    1
    mysql -u root -p
    
  2. Switch to the mail database, add support for your domain, and create an email account. Be sure to replace example.com with your domain name, sales@example.com with your chosen email, and password with a strong password:
    1
    2
    3
    4
    USE mail;
    INSERT INTO domains (domain) VALUES ('example.com');
    INSERT INTO users (email, password) VALUES ('sales@example.com', ENCRYPT('password'));
    quit
    
  3. Prior to accessing any newly-created email account, a test message needs to be sent to create that user’s mailbox:
    1
    2
    yum install mailx
    mailx sales@example.com
    

    Press Ctrl+D to complete the message. You can safely leave the field for Cc: blank. This completes the configuration for a new domain and email user.

Given the possibility for virtual hosting a large number of virtual domains on a single mail system, the username portion of an email address (i.e. before the @ sign) is not sufficient to authenticate to the mail server. When email users authenticate to the server, they must supply their email clients with the entire email address created above as their username.

Check Your Logs

After the test mail is sent, check the mail logs to make sure the mail was delivered.

  1. Check the maillog located in /var/log/maillog. You should see something similar to the following:
    /var/log/maillog
    1
    2
    3
    4
    Mar 18 17:18:47 localhost postfix/cleanup[3427]: B624062FA: message-id=<20150318171847.B624062FA@example.com>
    Mar 18 17:18:47 localhost postfix/qmgr[3410]: B624062FA: from=<root@example.com>, size=515, nrcpt=1 (queue active)
    Mar 18 17:18:47 localhost postfix/pipe[3435]: B624062FA: to=<sales@example.com>, relay=dovecot, delay=0.14, delays=0.04/0.01/0/0.09, dsn=2.0.0, $
    Mar 18 17:18:47 localhost postfix/qmgr[3410]: B624062FA: removed
    
  2. Check the Dovecot delivery log located in /home/vmail/dovecot-deliver.log. The contents should look similar to the following:
    /home/vmail/dovecot-deliver.log
    1
    deliver(<sales@example.com>): 2011-01-21 20:03:19 Info: msgid=<<20110121200319.E1D148908@hostname.example.com>>: saved mail to INBOX
    

Now you can test to see what the users of your email server would see with their email clients.

Test the Mailbox

  1. To test the sales@example.com mailbox, navigate to the mailbox directory /home/vmail/example.com/sales/Maildir and issue the following command:
    1
    2
    cd /home/vmail/example.com/sales/Maildir
    find
    
  2. You should see output similar to the following:
    1
    2
    3
    4
    5
    6
    7
    8
    .
    ./dovecot-uidlist
    ./cur
    ./new
    ./new/1285609582.P6115Q0M368794.li172-137
    ./dovecot.index
    ./dovecot.index.log
    ./tmp
    
  3. Test the maillbox by using a mail client. For this test, using mutt is recommended. If it is not installed by default, install it with yum install mutt, then run:
    1
    mutt -f .
    

    You may be prompted to create the root mailbox. This is not required.

  4. If there is an email in the inbox, Postfix, Dovecot, and MySQL have been successfully configured! To quit mutt press q.

    /docs/assets/postfixcentos-mutt.png

How to Install Squid (Caching / Proxy) on CentOS 7

Original Post: http://broexperts.com/2014/08/squid-rpm-based-installation-using-yum/  and http://www.liquidweb.com/kb/how-to-install-squid-caching-proxy-on-centos-7/

Squid is a caching and forwarding web proxy. It is most often used in conjunction with a traditional LAMP stack (Linux, Apache, MySQL, PHP), and can be used to filter traffic on HTTP, FTP, and HTTPS, and increase the speed (thus lower the response time) for a web server via caching.

Pre-Flight Check
  • These instructions are intended specifically for installing Squid on a single CentOS 7 node.
  • I’ll be working from a Liquid Web Core Managed CentOS 7 server, and I’ll be logged in as root.
Step #1 Install Squid

First, clean-up yum:

yum clean all

As a matter of best practice we’ll update our packages:

yum -y update

Installing Squid and related packages is now as simple as running just one command:

yum -y install squid

Step #2: Verify and Checking the Version of the Squid the Installation

Squid should start immediately after the installation. Use the following command to view information on the command:

squid -h

Use the following command to check the version number of Squid and the configuration options it was started with:

squid -v

Your results should appear similar to:

Squid Cache: Version 3.3.8
configure options: ‘–build=x86_64-redhat-linux-gnu’ ‘–host=x86_64-redhat-linux-gnu’ ‘–program-prefix=’ ‘–prefix=/usr’ ‘–exec-prefix=/usr’ ‘–bindir=/usr/bin’ ‘–sbindir=/usr/sbin’ ‘–sysconfdir=/etc’ ‘–datadir=/usr/share’ ‘–includedir=/usr/include’ ‘–libdir=/usr/lib64′ ‘–libexecdir=/usr/libexec’ ‘–sharedstatedir=/var/lib’ ‘–mandir=/usr/share/man’ ‘–infodir=/usr/share/info’ ‘–disable-strict-error-checking’ ‘–exec_prefix=/usr’ ‘–libexecdir=/usr/lib64/squid’ ‘–localstatedir=/var’ ‘–datadir=/usr/share/squid’ ‘–sysconfdir=/etc/squid’ ‘–with-logdir=$(localstatedir)/log/squid’ ‘–with-pidfile=$(localstatedir)/run/squid.pid’ ‘–disable-dependency-tracking’ ‘–enable-eui’ ‘–enable-follow-x-forwarded-for’ ‘–enable-auth’ ‘–enable-auth-basic=DB,LDAP,MSNT,MSNT-multi-domain,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB,getpwnam’ ‘–enable-auth-ntlm=smb_lm,fake’ ‘–enable-auth-digest=file,LDAP,eDirectory’ ‘–enable-auth-negotiate=kerberos’ ‘–enable-external-acl-helpers=file_userip,LDAP_group,time_quota,session,unix_group,wbinfo_group’ ‘–enable-cache-digests’ ‘–enable-cachemgr-hostname=localhost’ ‘–enable-delay-pools’ ‘–enable-epoll’ ‘–enable-icap-client’ ‘–enable-ident-lookups’ ‘–enable-linux-netfilter’ ‘–enable-removal-policies=heap,lru’ ‘–enable-snmp’ ‘–enable-ssl’ ‘–enable-ssl-crtd’ ‘–enable-storeio=aufs,diskd,ufs’ ‘–enable-wccpv2′ ‘–enable-esi’ ‘–enable-ecap’ ‘–with-aio’ ‘–with-default-user=squid’ ‘–with-filedescriptors=16384′ ‘–with-dl’ ‘–with-openssl’ ‘–with-pthreads’ ‘build_alias=x86_64-redhat-linux-gnu’ ‘host_alias=x86_64-redhat-linux-gnu’ ‘CFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fpie’ ‘LDFLAGS=-Wl,-z,relro -pie -Wl,-z,relro -Wl,-z,now’ ‘CXXFLAGS=-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong –param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fpie’ ‘PKG_CONFIG_PATH=%{_PKG_CONFIG_PATH}:/usr/lib64/pkgconfig:/usr/share/pkgconfig’

Step 3: Configure Squid to Start on Boot

And then start Squid:

systemctl start squid

Be sure that Squid starts at boot:

systemctl enable squid

To check the status of Squid:

systemctl status squid

To stop Squid:

systemctl stop squid

Be Sociable, Share!

After Installing Squid From Source Code now I will install squid RPM using yum, yum is a famous package manager for RPM based Operating Systems like Fedora, CentOS and Red Hat.

Step 1:

To install squid RPM and dependencies using the yum command.

yum install squid -y

Sample Output:

Installed:
squid.x86_64 7:3.3.8-11.el7Dependency Installed:
libecap.x86_64 0:0.2.0-8.el7
perl-Compress-Raw-Bzip2.x86_64 0:2.061-3.el7
perl-Compress-Raw-Zlib.x86_64 1:2.061-4.el7
perl-DBI.x86_64 0:1.627-4.el7
perl-Data-Dumper.x86_64 0:2.145-3.el7
perl-Digest.noarch 0:1.17-245.el7
perl-Digest-MD5.x86_64 0:2.52-3.el7
perl-IO-Compress.noarch 0:2.061-2.el7
perl-Net-Daemon.noarch 0:0.48-5.el7
perl-PlRPC.noarch 0:0.2020-14.el7

Squid is installed successfully from RPM, by default squid generate its configuration file under /etc/squid directory.

Step 2:

Let’s perform steps for basic configuration:

  • Allow our network in acl.
  • Add visible hostname

Edit squid.conf file which is located here /etc/squid/squid.conf
Its recommended to create backup of default configuration file to be on safe side.

cp /etc/squid/squid.conf /etc/squid/squid.conf.org.back

 

Now open config file in vi text editor.

vi /etc/squid/squid.conf

 

Add 192.168.2.0/24 network as follows

acl broexperts_network src 192.168.2.0/24
http_access allow broexperts_network

 

Un-comment and adjust the following to add cache directory.

cache_dir ufs /usr/local/squid/var/cache/squid 100 16 256

 

And at the last of config file add visible hostname

visible_hostname pxy.broexperts.com

 

See below my recommended minimum squid.conf file:

# Recommended minimum configuration:
# Adapt to list your (internal) IP networks from where browsing
# should be allowedacl broexperts_network src 192.168.2.0/24acl SSL_ports port 443
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 # https
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT

#
# Recommended minimum Access Permission configuration:
#
# Deny requests to certain unsafe ports
http_access deny !Safe_ports

# Deny CONNECT to other than secure SSL ports
http_access deny CONNECT !SSL_ports

# Only allow cachemgr access from localhost
http_access allow localhost manager
http_access deny manager

# from where browsing should be allowed
http_access allow localhost
http_access allow broexperts_network

# And finally deny all other access to this proxy
http_access deny all

# Squid normally listens to port 3128
http_port 3128

# Uncomment and adjust the following to add a disk cache directory.
cache_dir ufs /var/spool/squid 100 16 256

# Leave coredumps in the first cache dir
coredump_dir /var/spool/squid

#
# Add any of your own refresh_pattern entries above these.
#
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern -i (/cgi-bin/|\?) 0 0% 0
refresh_pattern . 0 20% 4320
visible_hostname pxy.broexperts.com

Now save and exit.

 

Step 3:

Start squid service and make it available on startup.

service squid start
chkconfig squid on

 

Step 4:

Add firewall rule to allow squid 3128 port.

firewall-cmd –zone=public –add-port=3128/tcp –permanent

 

Save rules and restart service

firewall-cmd –reload

Done configuration part now time to test browsing pointing squid ip and default port in client browser.

 

Step 5:

Open up firefox browser and go to Tools > Options > Advance tab > Network > Settings > select manual proxy settings radio button and provide squid server IP 192.168.1.100 and port 3128 and check use this use this proxy server for all protocols and then click oK.

 

Browse broexperts.com and see squid access.log file.

tail -f /var/log/squid/access.log

Sample output:

1407790956.166 558 192.168.2.10 TCP_MISS/200 4360 GET http://www.broexperts.com/wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css? – HIER_DIRECT/216.172.181.206 text/css
1407790956.195 587 192.168.2.10 TCP_MISS/200 773 GET http://www.broexperts.com/wp-content/plugins/crayon-syntax-highlighter/fonts/monaco.css? – HIER_DIRECT/216.172.181.206 text/css
1407790956.195 294 192.168.2.10 TCP_MISS/200 3556 GET http://www.broexperts.com/wp-content/plugins/jetpack/modules/sharedaddy/sharing.css? – HIER_DIRECT/216.172.181.206 text/css
1407790956.298 686 192.168.2.10 TCP_MISS/200 2018 GET http://www.broexperts.com/wp-content/themes/BroExperts2/style.responsive.css? – HIER_DIRECT/216.172.181.206 text/css
1407790956.311 704 192.168.2.10 TCP_MISS/200 664 GET http://www.broexperts.com/wp-content/plugins/jetpack/modules/subscriptions/subscriptions.css? – HIER_DIRECT/216.172.181.206 text/css
1407790956.322 713 192.168.2.10 TCP_MISS/200 1297 GET http://www.broexperts.com/wp-content/plugins/crayon-syntax-highlighter/themes/classic/classic.css? – HIER_DIRECT/216.172.181.206 text/css

 

Perfect our log file is receiving information which means squid is working smoothly.