Search Results

Search found 1120 results on 45 pages for 'simplest'.

Page 18/45 | < Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >

  • Apache failover for JBoss

    - by DaveB
    I am running a JBoss web app (AS 6 Final) hosted on linux (Debian). I would like to implement a failover solution so that when JBoss is down, a static web page is served in its place. My current solution is to run Apache as a reverse proxy (described here), which allows me to serve .php files from apache and forward all other requests to JBoss. But I am not sure how make Apache step in when JBoss is down? Note. both apache and jboss will be running on the same box, this is (Application failover rather then server failover) to cover times when JBoss is re-deploying etc. So I am looking for the simplest solution really Many thanks

    Read the article

  • Validating SSL clients using a list of authorised certificates instead of a Certificate Authority

    - by Gavin Brown
    Is it possible to configure Apache (or any other SSL-aware server) to only accept connections from clients presenting a certificate from a pre-defined list? These certificates may be signed by any CA (and may be self-signed). A while back I tried to get client certificate validation working in the EPP system of the domain registry I work for. The EPP protocol spec mandates use of "mutual strong client-server authentication". In practice, this means that both the client and the server must validate the certificate of the other peer in the session. We created a private certificate authority and asked registrars to submit CSRs, which we then signed. This seemed to us to be the simplest solution, but many of our registrars objected: they were used to obtaining a client certificate from a CA, and submitting that certificate to the registry. So we had to scrap the system. I have been trying to find a way of implementing this system in our server, which is based on the mod_epp module for Apache.

    Read the article

  • Can't start httpd 2.4.9 with self-signed SSL certificate

    - by Smollet
    I cannot start the httpd 2.4.9 (tried 2.4.x too) on CentOS 6.5 with the simplest SSL config possible. The openssl version installed on the machine is OpenSSL 1.0.1e-fips 11 Feb 2013 (I've upgraded it using 'yum update' to the latest patched version as well) I have compiled and installed the httpd 2.4.9 using the following commands: ./configure --enable-ssl --with-ssl=/usr/local/ssl/ --enable-proxy=shared --enable-proxy_wstunnel=shared --with-apr=apr-1.5.1/ --with-apr-util=apr-util-1.5.3/ make make install Now I'm generating the default self-signed certificate as described in the CentOS HowTo: openssl genrsa -out ca.key 2048 openssl req -new -key ca.key -out ca.csr openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt cp ca.crt /etc/pki/tls/certs cp ca.key /etc/pki/tls/private/ca.key cp ca.csr /etc/pki/tls/private/ca.csr Here is my httpd-ssl.conf file: Listen 443 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/usr/local/apache2/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/usr/local/apache2/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog "/usr/local/apache2/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" </VirtualHost> when I start httpd using bin/apachectl -k start I get following errors in the error_log: Wed Jun 04 00:29:27.995654 2014] [ssl:info] [pid 24021:tid 139640404293376] AH01887: Init: Initializing (virtual) servers for SSL [Wed Jun 04 00:29:27.995726 2014] [ssl:info] [pid 24021:tid 139640404293376] AH01914: Configuring server 192.168.9.128:443 for SSL protocol [Wed Jun 04 00:29:27.995863 2014] [ssl:debug] [pid 24021:tid 139640404293376] ssl_engine_init.c(312): AH01893: Configuring TLS extension handling [Wed Jun 04 00:29:27.996111 2014] [ssl:debug] [pid 24021:tid 139640404293376] ssl_util_ssl.c(343): AH02412: [192.168.9.128:443] Cert matches for name '192.168.9.128' [subject: CN=192.168.9.128,OU=XXX,O=XXXX,L=XXXX,ST=NRW,C=DE / issuer: CN=192.168.9.128,OU=XXX,O=XXXX,L=XXXX,ST=NRW,C=DE / serial: AF04AF31799B7695 / notbefore: Jun 3 22:26:45 2014 GMT / notafter: Jun 3 22:26:45 2015 GMT] [Wed Jun 04 00:29:27.996122 2014] [ssl:info] [pid 24021:tid 139640404293376] AH02568: Certificate and private key 192.168.9.128:443:0 configured from /etc/pki/tls/certs/ca.crt and /etc/pki/tls/private/ca.key [Wed Jun 04 00:29:27.996209 2014] [ssl:info] [pid 24021:tid 139640404293376] AH01914: Configuring server 192.168.9.128:443 for SSL protocol [Wed Jun 04 00:29:27.996280 2014] [ssl:debug] [pid 24021:tid 139640404293376] ssl_engine_init.c(312): AH01893: Configuring TLS extension handling [Wed Jun 04 00:29:27.996295 2014] [ssl:emerg] [pid 24021:tid 139640404293376] AH02572: Failed to configure at least one certificate and key for 192.168.9.128:443 [Wed Jun 04 00:29:27.996303 2014] [ssl:emerg] [pid 24021:tid 139640404293376] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: DH PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Wed Jun 04 00:29:27.996308 2014] [ssl:emerg] [pid 24021:tid 139640404293376] SSL Library Error: error:0906D06C:PEM routines:PEM_read_bio:no start line (Expecting: EC PARAMETERS) -- Bad file contents or format - or even just a forgotten SSLCertificateKeyFile? [Wed Jun 04 00:29:27.996318 2014] [ssl:emerg] [pid 24021:tid 139640404293376] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Wed Jun 04 00:29:27.996321 2014] [ssl:emerg] [pid 24021:tid 139640404293376] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed I then try to generate missing DH PARAMETERS and EC PARAMETERS: openssl dhparam -outform PEM -out dhparam.pem 2048 openssl ecparam -out ec_param.pem -name prime256v1 cat dhparam.pem ec_param.pem >> /etc/pki/tls/certs/ca.crt And it mitigates the error but the next comes out: [Wed Jun 04 00:34:05.021438 2014] [ssl:info] [pid 24089:tid 140719371077376] AH01887: Init: Initializing (virtual) servers for SSL [Wed Jun 04 00:34:05.021487 2014] [ssl:info] [pid 24089:tid 140719371077376] AH01914: Configuring server 192.168.9.128:443 for SSL protocol [Wed Jun 04 00:34:05.021874 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_engine_init.c(312): AH01893: Configuring TLS extension handling [Wed Jun 04 00:34:05.022050 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_util_ssl.c(343): AH02412: [192.168.9.128:443] Cert matches for name '192.168.9.128' [subject: CN=192.168.9.128,OU=XXX,O=XXXX,L=XXXX,ST=NRW,C=DE / issuer: CN=192.168.9.128,OU=XXX,O=XXXX,L=XXXX,ST=NRW,C=DE / serial: AF04AF31799B7695 / notbefore: Jun 3 22:26:45 2014 GMT / notafter: Jun 3 22:26:45 2015 GMT] [Wed Jun 04 00:34:05.022066 2014] [ssl:info] [pid 24089:tid 140719371077376] AH02568: Certificate and private key 192.168.9.128:443:0 configured from /etc/pki/tls/certs/ca.crt and /etc/pki/tls/private/ca.key [Wed Jun 04 00:34:05.022285 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_engine_init.c(1016): AH02540: Custom DH parameters (2048 bits) for 192.168.9.128:443 loaded from /etc/pki/tls/certs/ca.crt [Wed Jun 04 00:34:05.022389 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_engine_init.c(1030): AH02541: ECDH curve prime256v1 for 192.168.9.128:443 specified in /etc/pki/tls/certs/ca.crt [Wed Jun 04 00:34:05.022397 2014] [ssl:info] [pid 24089:tid 140719371077376] AH01914: Configuring server 192.168.9.128:443 for SSL protocol [Wed Jun 04 00:34:05.022464 2014] [ssl:debug] [pid 24089:tid 140719371077376] ssl_engine_init.c(312): AH01893: Configuring TLS extension handling [Wed Jun 04 00:34:05.022478 2014] [ssl:emerg] [pid 24089:tid 140719371077376] AH02572: Failed to configure at least one certificate and key for 192.168.9.128:443 [Wed Jun 04 00:34:05.022488 2014] [ssl:emerg] [pid 24089:tid 140719371077376] SSL Library Error: error:140A80B1:SSL routines:SSL_CTX_check_private_key:no certificate assigned [Wed Jun 04 00:34:05.022491 2014] [ssl:emerg] [pid 24089:tid 140719371077376] AH02312: Fatal error initialising mod_ssl, exiting. AH00016: Configuration Failed I have tried to generate the simple certificate/key pair exactly as described in the httpd docs Unfortunately, I still get exact same errors as above. I've seen a bug report with the similar issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=56410 But the openssl version I have is reported as working there. I've also tried to apply the patch from the report as well as build the latest 2.4.x branch with no success, I get the same errors as above. I have also tried to create a short chain of certificates and set the root CA certificate using SSLCertificateChainFile directive. That didn't help either, I get exact same errors as above. I'm not interested in setting up hardened security, etc. The only thing I need is to start httpd with the simplest SSL config possible to continue testing proxy config for the mod_proxy_wstunnel Had anybody encountered and solved this issue? Is my sequence for creating a self-signed certificate incorrect? I'd appreciate any help very much!

    Read the article

  • KVM virtual machine networking, NAT and bridge together

    - by stoqlt
    I have two running KVM guests on an Ubuntu (Lucid) host. One of them uses the simplest NAT method, and DHCP inside. The other uses the bridge method and static IP inside. Both work fine. Can I mix the networking methods? I'd like to create some set of scripts which used the local 192.168.122.x address, no matter if the guest has or not has an additional bridged LAN interface. Having eth0 and eth1 interfaces inside would be fine. Thanks for your interest.

    Read the article

  • Software for failover across multiple external hosts

    - by Lin
    I have multiple webservers with the same content, hosted across different providers. However, I can't seem to find a nice, simple failover solution. Load-balancing software (Pound, HAProxy, etc.) are unnecessary, and I need the flexibility to manage over 100+ domains, so the paid DNS failover solutions I've found are too expensive. So far the simplest solution I've thought of is just to set a very low TTL (30min - 1hr) in each zone entry on my nameservers (running BIND). Then, continuously monitor each server, and temporarily remove failed servers from zone entries. But this seems like something that should be currently available. I only have root access to different VPSes running CentOS. Any suggestions? Thanks!

    Read the article

  • Wildcard SSL certificates, EV

    - by nachito
    I run a Magento e-commerce store with multiple subdomains for an affiliate program, plus a main store. Example, foo.example.com and bar.example.com are affiliates, www.example.com is my main store. They all share the same code and database and the same virtual host. Currently I have a wildcard certificate which works fine for everything. However, I was looking at EV certificates to increase customer confidence (which is not possible with wildcard certificates -- or so I'm told). What would be the simplest setup to have both an EV SSL Cert for the main store and a wildcard for the affiliate subdomains? Two virtual hosts? By the way, I'm running Litespeed as a webserver.

    Read the article

  • What comment-spam filtering service works?

    - by Charles Stewart
    From an answer I gave to another question: There are comment filtering services out there that can analyse comments in a manner similar to mail spam filters (all links to the client API page, organised from simplest API to most complex): Steve Kemp (again) has an xml-rpc-based comment filter: it's how Debian filters comments, and the code is free software, meaning you can run your own comment filtering server if you like; There's Akismet, which is from the WordPress universe; There's Mollom, which has an impressive list of users. It's closed source; it might say "not sure" about comments, intended to suggest offering a captcha to check the user. For myself, I'm happy with offline by-hand filtering, but I suggested Kemp's service to someone who had an underwhelming experience with Mollom, and I'd like to pass on more reports from anyone who has tried these or other services.

    Read the article

  • Layer 2 topology discovery

    - by pegah s
    I have been given a network (it is a LAN) comprised of switches and I need to discover the topology of that. (There may be Link Aggregation Groups (LAGs) in the network as well.) I have done a lot of search on layer 2 topology discovery and I have seen many articles talking about using SNMP MIBs or LLDP (I do not know which one is better or more practical, but all devices in my network support SNMP). But my problem is that I cannot find "the software to install and run" to actually see the topology map. I would really appreciate if someone could send me the website where I can download the code and use it. I have also found a lot of tools available online such as OpenNMS, Nagios, The Dude, LANsurveyor, SNMPwalk, and many more... But I cannot figure out which one is the best to pick. To summarize: what is the easiest simplest way to discover the layer 2 network topology?

    Read the article

  • determining if .htaccess is working

    - by Toc
    Following some guide on the web, I have created the following .htaccess for my WordPress installation: # protect the htaccess file <files .htaccess> order allow,deny deny from all </files> # protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files> plus chmod wp-config.php 600 and .htaccess 644. Which is the simplest way I can test if it is working properly? In case, I can create some other files to verify the work. I only want to be sure.

    Read the article

  • determining if .htaccess is working

    - by Toc
    Following some guide on the web, I have created the following .htaccess for my WordPress installation: # protect the htaccess file <files .htaccess> order allow,deny deny from all </files> # protect wpconfig.php <files wp-config.php> order allow,deny deny from all </files> plus chmod wp-config.php 600 and .htaccess 644. Which is the simplest way I can test if it is working properly? In case, I can create some other files to verify the work. I only want to be sure.

    Read the article

  • Activate Windows XP in VMWare?

    - by Zeno
    Running Windows XP in VMWare, how should activation be handled? Last time I did this, I do not remember having to do any activation. Now it is asking me to activate Windows XP. Am I suppose to buy and use a real WinXP key? What is this about a "Windows XP Mode" I'm hearing about that you can enable in VMware to activate it? The availability of Windows XP Mode is equivalent to a free license to Windows XP operating system. My host machine runs Win7. My goal is to get WinXP running in VMWare the simplest way, but this activation is giving me issues (such as that WinXP doesn't seem to be sold anymore). I Googled around and found that VMWare has a xpmode.enabled = "TRUE" feature which instantly activates Windows XP (with limits, like only once), but I do not know anything about it or how to use it.

    Read the article

  • Sync Chrome bookmarks to Delicious

    - by becomingGuru
    I use Google Chrome. I love the snappy and fast feeling. I thought I will miss the add ons of Firefox. But, not really. However, I used to use delicious actively and want to continue to do the same. I miss syncing my bookmarks with delicious. What is the simplest way to sync Chrome bookmarks with delicious? Addition: I see and understand that there are no good "add-ons" per se. I don't mind even a simple cron that I can schedule every day. May be I just have to write one, after all.

    Read the article

  • How do you handle reboots?

    - by Mart
    We have one VPS (Windows 2008 R2+IIS7.5), with an asp.net mvc 3 application. The main question is: how to handle issues when Windows needs to reboot? (after installing Windows Updates or anything else). The goal is to make the website 24/7, but first it's ok to show a message to the users. (we'll be back soon, something like app_offline.htm) Our application uses SQL and also writes/reads some files (uploaded photos, documents) which are not stored in SQL. What do you recommend? Load balancing with ARR? (with 1+2 servers, but what if the front-end server needs reboot?) Windows failover cluster? SQL failover cluster? What to do with uploaded files? I really don't know what would be the best (and simplest) solution.

    Read the article

  • Duplicate incoming TCP traffic on Debian Squeeze

    - by Erwan Queffélec
    I have to test a homebrew server that accepts a lot of incoming TCP traffic on a single port. The protocol is homebrew as well. For testing purposes, I'd like to send this traffic both : - to the production server (say, listening on port 12345) - to the test server (say, listening on port 23456) My clients apps are "dumb" : they never read data back, and the server never replies anyway, my server only accepts connections, and do statistical computations and store/forward/service both raw and computed data. Actually, client apps and hardware are so simple there is no way I can tell clients to send their stream on both servers... And using "fake" clients is not good enough. What could be the simplest solution ? I can of course write an intermediary app that just copy incoming data and send it back to the testing server, pretending to be the client. I have a single server running Squeeze and have total control over it. Thanks in advance for your replies.

    Read the article

  • Increment numbers in page headers in Microsoft Word

    - by Imray
    In Microsoft Word, I am laying out a process in steps. Each page pretty much is a new step that begins with a header like: 3. Drive the body to a secure location I would like the numbers to automatically increment, particularly if later on I decide to add a new step somewhere in the middle. Does anyone know how I can achieve that in the simplest way? I already have a working Table of Contents and I'd prefer not doing something that would mess with that, if possible to avoid.

    Read the article

  • Packet logging on PIX firewall

    - by georged.id.auindex.htm
    We have a Cisco PIX 515 firewall and I would like to set up a simple logging that would give us a traffic breakdown for billing by: source destination protocol port size time PIX is plugged into Catalyst 2970 and I was told that the best thing since sliced bread for logging is to get Netflow and get Catalyst to log. My concern, however, (besides the Netflow cost) is that I really don't want to "listen" to the internal noise and all I'm interested in are the external traffic stats above for billing and analysis purposes. What would be the simplest and the easiest solution? Cheers George

    Read the article

  • Good option for a transparent internet gateway on Mac OS X

    - by Gareth
    Hi I have a small network of Mac systems, and would like to add some internal monitoring of our internet usage, which has recently begun to climb. I would like to configure one of the machines as an internet gateway, and install some monitoring software that could provide graph indications of network usage by machine. The machine would then double as a workstation and as the internet gateway. I can manually configure the machines on the network to use it as a gateway, and would prefer to avoid an explicit http proxy (although it is an option if necessary). What software would serverfault users recommend to provide simple, easily configurable and maintainable network monitoring on Mac OS 10.5.7 (non-server)? The simplest requirement is monitor usage by IP Address, but additional tracking (e.g. destination, protocol, etc) would be useful.

    Read the article

  • Make ZoneAlarm stop pausing my C programs when I run them

    - by rMaero
    I'm using Dev-C++ to develop some console apps to study. When my program tries to run system("PAUSE"); ZA stops it and asks me to allow or deny it. I check the "always" box but it seems that every time I compile it, it generates a new exe file so every time I run it ZA pops up. Of course the simplest solution is to disable it or deal with it :-P but I'm not eager for any of both. Any suggestions? thanks in advance!

    Read the article

  • Why are my at jobs running immediately on OS X?

    - by Gabe
    I want to schedule events for exact times in Mac OS X. It seems like the 'at' command is the simplest way to do this. I have enabled atrun using the command: launchctl load -w /System/Library/LaunchDaemons/com.apple.atrun.plist To test at, I'm using the following one-line BASH script: echo 'foo' path/to/log.txt | at now + 2 minutes When I run the script, I get output like: job 17 at Sat May 15 12:57:00 2010 where '12:57:00' is indeed 2 minutes in the future. But the echo command executes immediately: the line 'foo' is added to log.txt right away. How can I make at work for me?

    Read the article

  • Simple, manageable DNS on EC2?

    - by dkulchenko
    I'm working on a large network of servers sitting on EC2, and need a way for the servers to know about each other's locations in the cloud. I thought the simplest way would be to use DNS, because if I replace the EC2 instance, I simply update the DNS record, and the rest of the servers will know about it (with names like users.db.mysoft.com, routing.mysoft.com, cluster1.memcached.mysoft.com). I'm considering setting up a master DNS server on a micro/small instance to accommodate this. I'd preferably need something that's as simple as a key-value store (hostname - IP) into which the platform could remotely add/remove entries. Can I do this with BIND? Or is there a better solution?

    Read the article

  • How does one guarantee a remote client the same local IP address every time when connecting to a VPN?

    - by Joe Carroll
    I need to configure a VPN for secure remote access to a PACS serving DICOM radiological images. The DICOM standard requires that any clients accessing the PACS must be using a fixed IP address that is pre-registered in PACS. I haven't implemented this solution before and would appreciate any guidance. I believe it should be possible to use RADIUS on the server to authenticate users connecting to the VPN and with it assign each user their own specific local subnet IP address, which would be registered with the PACS. The server runs Windows Server 2003 R2 Enterprise Edition SP2 and the VPN device is a FortiGate 60C. The What would be the best and/or simplest way to set this up?

    Read the article

  • How to find what Service Pack of IE is currently installed on the system?

    - by Kanini
    Hello...We have website and one of our customers complains that when he launches the URL there is a blank popup that appears on his window. He uses IE 7. We have tried to reproduce the same behaviour in our local PC's but we are not able to do so. The site opens up perfectly fine in our systems. We suspect that it could be due to a different Service Pack installed on the customer's PC. Is there a way we can find out which SP is he running on. What would be the simplest process which we can then pass on to the customer to know which SP is he running on?

    Read the article

  • Monit wont start/stop any processes

    - by Vaughan Magnusson
    Hi, I've got monit running on a linux vserver, installed in a custom location /home/user/bin/monit as that is the only suitable location according to the webhost providers. When I installed monit I used ./configure --prefix=/home/user Monit itself runs, and sends me emails of it's activity, and the control file syntax is correct. However, monit cannot seem to start or stop anything - or even run the simplest of scripts. eg. Using 'monit stop all', I try to run the following stop command stop = "/bin/bash /home/user/simple_script.sh" Which fails (and says so in the log). I cant figure out why this is failing, can anyone help with this?

    Read the article

  • Hiding monitor from windows, working with it from my app only [closed]

    - by Mikhail
    I need to use a monitor as a "private" device for my special application, I want to use it as a flashlight of a sort and draw special patterns on it in full screen. I don't want this monitor to be recognized by OS (Windows 7) as a monitor. I.e. user should not be able to move mouse to that monitor, or change its resolution, or run screensaver on it or whatever. But I want to be able to interact with it from my application. Monitor is plugged using an HDMI cable to a video card (most probably nVidia). What is the simplest way to do this? All solutions are appreciated, including purchasing additional adapters or simple video cards, or any other special devices.

    Read the article

  • phpredis + pconnect

    - by john smith
    I am using phpredis on my php based website. The webserver I am using is a the simplest apache apt-get installation, no configuration involved, as this is only a development environment. The issue I am facing is that basically, while using phpredis, there is no difference between "connect" and "pconnect" commands: they both create a new connection everytime, as I can see from the "info" command on redis-cli. Now, I am pretty sure it is because of the apache configuration and the fact that it probably (most likely) is a multi-threaded env, therefore can't enstablish a single connection. My question is basically for when I will turn into production: what would the best choice of a webserver be to avoid this problem? I remember using lighttpd with thousands of users and still get only a very few (like 2 or 3) connections on mongoDB. Any ideas? Thanks in advance.

    Read the article

< Previous Page | 14 15 16 17 18 19 20 21 22 23 24 25  | Next Page >