Inexpensive Web Hosting, Comcast Web Hosting Java Blog

618Part VRunning Servers .SMTP The Simple Mail Transfer Protocol is a network-based protocol thatallows for transmission of messages between systems. .Local IPC Interprocess communications are often used instead of SMTPwhen transferring a message between programs within a system. Upon receiving a message, the MTA places it in a queue to be processed by an MDA(Mail Delivery Agent). Mail Delivery Agents come in two varieties: .LocalMDAs, which deliver messages to mailboxes on the local server. Simpleversions (such as sendmail s mail.local) copy messages directly to a speci- fied mailbox, while complex implementations (such as procmail and maildrop) can alter messages or delivery parameters based on user-specified rules. .RemoteMDAs, which deliver messages over the network to remote servers. Full remote MDAs use DNS (the Domain Name System) to determine the mailexchanger hosts for recipient addresses and deliver to the best one availablefor each. Simple remote MDAs (sometimes also called null clients ) forwardmessages to a central server to continue the delivery process. Most remoteMDAs are capable of either method and will act as configured by the adminis- trator that performed the configuration. You will often see the term MTA used in reference to the software that performsboth MTA and MDA functions. This is a carry-over from older designs that did notseparate the functions and is still fairly accurate given the fact that most mail serverimplementations include a minimum of an MTA, remote MDA, and basic local MDA. When a message reaches its destination server, it is written to the user s mailbox bythe local MDA. From that point, the message may be viewed by the user using oneof three methods: .Direct access to the mailbox An MUA (Mail User Agent) with access to themailbox file, directly or through a network file system, can read messagesfrom the disk and display them for the user. This is generally a console orwebmail application running on the server. .Downloaded to a workstation for local viewing Most mail users use POP3(Post Office Protocol, version 3) to download messages to their local computersand view them in applications such as Evolution or Balsa. By default, messagesare removed from the server during this process (similar to when you get your snail mail from the mailbox). .Accessed interactively over the network Most clients also support viewingmessages while they are still on the server, through IMAP (Internet MessageAccess Protocol). Unlike POP3, this protocol enables users to access multiplefolders on their servers and also allows them to access their messages fromanywhere. However, this also creates a heavier burden on the server becauseit must process (and store) everything that the user decides to keep. Mostwebmail applications use IMAP as their backend protocol for accessing mail- boxes; this eliminates the need for direct access to the mail files and makes iteasier to split functions between systems. Note33_
From our experience, we can recommend PHP5 Web Hosting services, if you need affordable webhost to host and run your web application.

Running a Mail ServerElectronic mail hardly requires introduction. Communica- tions made through the original forms of e-mail helpedshape the Internet. Widespread availability of access to e-mailand modern enhancements such as MIME (MultipurposeInternet Mail Extensions, which allow for inclusion of attach- ments and alternate message formats) have helped to makee-mail the most popular application on the Internet. With a Linux system and a suitable Internet connection, youcan easily set up your own mail server for personal or businessuse. This chapter presents two mail-system configurations, compares their features so that you can select the one that bestsuits your needs, and then guides you through the installationprocesses. In the final section, you learn how to secure network commu- nications between clients and a Postfix-based server throughthe use of SSL/TLS (Secure Sockets Layer and Transport LayerSecurity protocols). The examples in this chapter are based on a Debian GNU/Linuxsystem. (See Chapter 9 for more information about Debian.) However, much of the knowledge you gain from setting up amail server in Debian (such as the way you would configure asendmail.mcfile) applies to other Linux systems as well. Internet E-Mail s Inner WorkingsE-mail messages are generated either by an automated process, such as a form processor on a Web page or an automated noti- fication system, or by an MUA (Mail User Agent) controlled byan end user. Messages are delivered through one of two meth- ods to the software performing the MTA (Mail Transfer Agent) function on a server: 2424CHAPTER …In This ChapterUnderstandingInternet e-mailConfiguring yourmail serverRunning sendmailRunning PostfixTesting your mailserverConfiguring mailclientsSecuringcommunications …
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.

616Part VRunning ServersThis example uses a wildcard for the IP address in the VirtualHost declaration, which saves you from having to modify your configuration file in the eventthat your IP address changes but will also prevent you from having multipleSSL virtual hosts. In the event that you do need to support more than one SSLvirtual host, replace *with the specific IP address that you assign to that host. See the Troubleshooting section earlier in the chapter for more information aboutthe Listendirective. A CA generally provides you with a certificate file to place in ca.crtandsometimes also provides you with a separate file that you will need to refer- ence using a SSLCertificateChainFiledirective. The mod_ssl packagealsoincludes an /etc/apache/ssl.crt/ca-bundle.crt, which containsthecertificates from most of the well-known certificate authorities and can bereferenced as long as the appropriate CA certificate is included. When runningyour own CA, point this directive to a file containing the public key from thatCA. Omit this line when using a self-signed certificate. 3.Test the Apache configuration and then perform a full restart: # apachectl configtestSyntax OK. # apachectl stop# apachectl start4.Browse to https://servername/and verify the SSL configuration. When usinga self-signed certificate, or one signed by a CA, you will be asked whether youwant to accept the certificate. SummaryCombining Linux with an Apache Web server, MySQL database, and PHP scriptingcontent (referred to as a LAMP server) makes it possible for everyone to configuretheir own full-featured Web server. By following the instructions in this chapter, youlearned how to set up Apache to do virtual hosting, add content to a MySQLdatabase, and allow PHP scripting in the content on your server. For added secu- rity, this chapter described how to add your own certificates and troubleshootproblems that might arise with your server. … Note32_
If you are searching for cheap webhost for your web application, please visit MySQL5 Web Hosting services.

615Chapter 23Running a Linux, Apache, MySQL, and PHP (LAMP) ServerThe Common Name should match the name that clients will use to accessyour server. Be sure to get the other details right if you plan to have the CSRsigned by a third-party CA. 5.When using a third-party CA, submit the CSR to it and then place the certificateit provides you into /etc/apache/ssl.crt/server.crt(or a different file, as desired). 6.If you don t plan to have your certificate signed, or if you want to test yourconfiguration, generate a self-signed certificate and save it in a file namedserver.crt: # cd ../ssl.crt/ # openssl req new -x509 -nodes -sha1 -days 365 -key../ssl.key/server.key -out server.crtCountry Name (2 letter code) [AU]:. State or Province Name (full name) [Some-State]:. Locality Name (eg, city) []:. Organization Name (eg, company) [Internet Widgits PtyLtd]:TEST USE ONLYOrganizational Unit Name (eg, section) []:TEST USE ONLYCommon Name (eg, YOUR name) []:secure.example.orgEmail Address []:dom@example.orgConfiguring Apache to Support SSL/TLSOnce your keys have been generated, you will need to install the mod_ssl Apachemodule, which adds SSL/TLS support to Apache and then configure it using theappropriate configuration directives. Here s how: 1.SSL and TLS support can be added to Apache by installing the mod_ssl package: # apt-get install libapache-mod-ssl# apache-modconf apache enable mod_sslReplacing config file /etc/apache/modules.conf with newversion2.Add an SSL-enabled virtual host to your Apache configuration files. Usingtheearlier virtual host as an example, your configuration will look somethinglike this: Listen *:443 ServerName secure.example.orgDocumentRoot /home/username/public_html/ User usernameGroup groupnameDirectoryIndex index.php index.html index.htmSSLEngine OnSSLCertificateKeyFile /etc/apache/ssl.key/server.keySSLCertificateFile /etc/apache/ssl.crt/server.crtSSLCACertificateFile /etc/apache/ssl.crt/ca.crt
Please visit our professional web hosting services to find out about cheap and reliable webhost service that will surely answer all your demands.

614Part VRunning ServersThe following procedure describes how to generate and use SSL keys with theLAMP server (running on a Debian GNU/Linux system) configured in this chapter. For a general discussion of SSL keys and procedures specific to Fedora and otherRed Hat Linux systems, refer to Chapter 6. Generating Your KeysTo begin setting up SSL, use the opensslcommand, which is part of the OpenSSLpackage, to generate your public and private key: 1.Use APT to verify that OpenSSL is installed. If it is not present, APT will down- load and install it automatically: # apt-get install openssl2.Generate a 1024-bit RSA private key and save it to a file: # cd /etc/apache/ssl.key/ # openssl genrsa -out server.key 1024# chmod 600 server.keyYou can use a filename other than server.keyand should do so if you plan tohave more than one SSL host on your machine (which requires more than one IPaddress). Just make sure you specify the correct filename in the Apache configura- tion later. In higher-security environments, it is a good idea to encrypt the key byaddingthe -des3argument after the genrsaargument on the opensslcommand line: # openssl genrsa -des3 -out server.key 10243.You are asked for a passphrase, which will be needed every time you startApache. Do not lose this passphrase because it cannot be easily recovered. 4.If you plan to have your certificate signed by a CA (including one that you runyourself), generate a public key and a certificate signing request (CSR): # cd ../ssl.csr/ # openssl req -new -key ../ssl.key/server.key -out server.csrCountry Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:WashingtonLocality Name (eg, city) []:BellinghamOrganization Name (eg, company) [Internet Widgits PtyLtd]:Example Company, LTD. Organizational Unit Name (eg, section) []:Network OperationsCommon Name (eg, YOUR name) []:secure.example.orgEmail Address []:dom@example.orgPlease enter the following extra attributesto be sent with your certificate requestA challenge password []: An optional company name []: Note32_
You need excellent and relaible webhost company to host your web applications? Then pay a visit to Inexpensive Web Hosting services.

613Chapter 23Running a Linux, Apache, MySQL, and PHP (LAMP) ServerDuring connection establishment between an SSL client and an SSL server, asymmet- ric (public key) cryptography is used to verify identities and establish the sessionparameters and the session key. A symmetric encryption algorithm, such as DES orRC4, is then used with the negotiated key to encrypt the data that are transmittedduring the session. The use of asymmetric encryption during the handshaking phaseallows safe communication without the use of a preshared key, and the symmetricencryption is faster and more practical for use on the session data. In order for the client to verify the identity of the server, the server must have apreviously generated private key, as well as a certificate containing the public keyand information about the server. This certificate must be verifiable using a publickey that is known to the client. In some cases, the server also requires the client to present a certificate that it canverify. However, this is not commonly found on Web servers, except in high-securityenvironments with smaller numbers of clients, where the management of certifi- cates is more practical. More information about the SSL protocol can be found athttp://developer.netscape.com/docs/manuals/security/sslin/ contents.htm. Certificates are generally digitally signed by a third-party certificate authority (CA) that has verified the identity of the requester and the validity of the request tohavethe certificate signed. In most cases, the CA is a company that has madearrangements with the Web browser vendor to have its own certificate installedand trusted by default client installations. The CA then charges the server operatorfor its services. Commercial certificate authorities vary in price, features, and browser support, butremember that price is not always an indication of quality. Some commononesinclude InstantSSL (www.instantssl.com), Thawte (www.thawte.com), andVeriSign (www.verisign.com). You also have the option of creating self-signed certificates, although these shouldonly be used for testing or when a very small number of people will be accessingyour server and you do not plan to have certificates on multiple machines. Directionsfor generating a self-signed certificate are included in the following section. The last option is to run your own certificate authority. This is probably only practi- cal if you have a small number of expected users and the means to distribute yourCA certificate to them (including assisting them with installing it in their browsers). The process for creating a CA is too elaborate to cover in this book but is a worth- while alternative to generating self-signed certificates. Guides on running your ownCA can be found at these sites: .http://pseudonym.org/ssl/ssl_cook.html .http://sial.org/howto/openssl/ca/ Note32_
We recommend you use shared web hosting services, because many users agree that it is cheap, reliable and customer-satisfying webhost.

612Part VRunning ServersRead permissions are not necessary for compiled binaries, such as those written inC or C++, but can be safely added unless there is a need to keep the contents ofthe program secret. A client denied by server configuration error indicates that Apache was config- ured to deny access to the object. Check the configuration files for andsections that might affect the file you are trying to access, remember- ing that settings applied to a path are also applied to any paths below it. You canoverride these by changing the permissions only for the more specific path to whichyou want to allow access. The Directory index forbidden by rule error indicates that Apache could not findan index file with a name specified in the DirectoryIndexdirective and was con- figured to not create an index containing a list of files in a directory. Make sureyourindex page, if you have one, has one of the names specified in the relevantDirectoryIndexdirective, or add an Options Indexesline to the appropriateor section for that object. Premature end of script headers errors can indicate that a script is crashingbefore it finishes. Sometimes, the errors that caused this also show up in the errorlog. When using suexecor suPHP, this error may also be caused by a file ownershipor permissions error. These errors are indicated in /var/log/apache/suexec.logor /var/log/apache/suphp.log. Securing Your Web Traffic with SSL/TLSYou ll want to add security for your server, including your own certificates. Yourdata is important, and so is your capability to pass it along your network or theInternet to others. Networks just aren t secure enough by themselves to protectyour communications. This section examines ways you can help guard them. Electronic commerce applications such as online shopping and banking are generallyencrypted using either the Secure Socket Layer (SSL) or Transport Layer Security(TLS) specifications. TLS is based on version 3.0 of the SSL specifications, so they arevery similar in nature. This similarity, combined with the fact that SSL is older, resultsin the SSL acronym often being used to refer to either variety. For Web connections, the SSL connection is established first, and then normal HTTP communication is tunneled through it. Because SSL negotiation takes place before any HTTP communication, name-basedvirtual hosting (which occurs at the HTTP layer) does not work with SSL. As a conse- quence, every SSL virtual host you configure will need to have a unique IP address. NoteNote32_
We recommend high quality webhost to host and run your jsp application: christian web host services.

611Chapter 23Running a Linux, Apache, MySQL, and PHP (LAMP) ServerIf you aren t getting enough information in the ErrorLog, you can configure it to logmore information using the LogLeveldirective. The options available for this direc- tive, in increasing order of verbosity, are emerg, alert, crit, error, warn, notice, info, and debug. Select only one of these. Any message that is at least as importantas the LogLevelyou select will be stored in the ErrorLog. On a typical server, thisis set to warn. You should not set it to any lower than critand should avoid leav- ing it set to debugbecause that can slow down the server and result in a very largeErrorLog. As a last resort, you can also try running apachemanually to check for crashes orother error messages: # /usr/sbin/apache -d /etc/apache -F ; echo $? The -dflag tells apachewhere to look for its configuration file, and the -Fflag tellsit to run in the foreground. The semicolon separates this command from the echocommand, which will display the return code ($?) from Apache after it exits. In theevent that apachecrashes during this step, you can use tools such as gdbandstraceto trace the problem. Access Forbidden and Server Internal ErrorsThere are two common types of errors that you may encounter when attempting toview specific pages on your server: permission errors and server internal errors. Both types of errors can usually be isolated using the information in the error log. After making any of the changes below to attempt to solve one of these problems, try the request again and then check the error log to see if the message has changed(for example, to show that the operation completed successfully). File not found errors can be checked in the same way as access forbidden andserver internal errors. You may sometimes find that Apache is not looking whereyou think it is for a specific file. Generally, the entire path to the file shows up inthe error log. Make sure you are accessing the correct virtual host, and check forany Aliassettings that might be directing your location to a place you don texpect. A file permissions prevent access error indicates that the apacheprocess is run- ning as a user that is unable to open the requested file. Make sure that the accounthas execute permissions on the directory and every directory above it, as well asread permissions on the files themselves. Read permissions on a directory are alsonecessary if you want Apache to generate an index of files. See the manual page forchmodfor more information about how to view and change permissions. Note32_
Check Tomcat Web Hosting services for best quality webspace to host your web application.

610Part VRunning ServersYou can use the netstatcommand to view the list of programs (including Apache) with TCP ports in the LISTENstate: # netstat -nltpActive Internet connections (only servers) Proto Local Address Foreign Address State PID/Program nametcp 0.0.0.0:80 0.0.0.0:* LISTEN 2105/apacheThe output from netstat(which was shortened to fit here) indicates that aninstance of the apacheprocess with a process ID of 2105 is listening (as indicated bythe LISTENstate) for connections to any local IP address (indicated by 0.0.0.0) onport 80 (the standard HTTP port). If a different program is listening to port 80, it willbe shown there. You can use the killcommand to terminate the process, but if it issomething other than apache(or httpd), you should also find out why it is running. If you don t see any other processes listening on port 80, it could be that you haveaccidentally told Apache to listen on the same IP address and port combination inmore than one place. There are three configuration directives that can be used forthis: BindAddress, Port, and Listen: .BindAddressenables you to specify a single IP address to listen on, or youcan specify all IP addresses using the *wildcard. You should never have morethan one BindAddressstatement in your configuration file. .Portspecifies which TCP port to listen on but does not enable you to specifythe IP address. Port is generally not used more than once in the configuration. .Listenenables you to specify both an IP address and a port to bind to. TheIP address can be in the form of a wildcard, and you can have multiple Listenstatements in your configuration file. Generally, it is a good idea to use only one type of these directives to avoid confu- sion. Of the three, Listenis the most flexible, so it is probably the one you ll wantto use the most. A common error when using Listenis to specify a port on all IPaddresses (*:80) as well as that same port on a specific IP address (1.2.3.4:80), which will result in the error from make_sock. Configuration errors relating to SSL (discussed later in this chapter) will commonlyresult in Apache not starting properly. Make sure all key and certificate files existand that they are in the proper format (use opensslto examine them, as shownlater in this chapter). For other error messages, try doing a Web search to see if somebody else hasencountered the problem. In most cases, you can find a solution within the firstfewmatches.
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

609Chapter 23Running a Linux, Apache, MySQL, and PHP (LAMP) ServerThis section refers to the Apache HTTPD binary as apache, which is what it isnamed on Debian systems. However, in most other distributions, the binary isnamed httpd. On different systems, you may need to substitute httpdfor apachewhen it appears by itself, although not for commands such as apachectl. Configuration ErrorsYou may occasionally run into configuration errors or script problems that preventApache from starting or that prevent specific files from being accessible. Most ofthese problems can be isolated and resolved using two Apache-provided tools: theapachectlprogram and the system error log. When encountering a problem, first use the apachectlprogram with the configtestparameter to test the configuration. In fact, it s a good idea to develop the habit ofrunning this every time you make a configuration change: # apachectl configtestSyntax OK# apachectl graceful/usr/sbin/apachectl graceful: httpd gracefully restartedIn the event of a syntax error, apachectlindicates where the error occurs and alsodoes its best to give a hint about the nature of the problem. You can then use thegracefulrestart option (apachectl graceful) to instruct Apache to reload itsconfiguration without disconnecting any active clients. The gracefulrestart option in apachectlautomatically tests the configurationbefore sending the reload signal to apache, but it is still a good idea to get in thehabit of running the manual configuration test after making any configurationchanges. Some configuration problems pass the syntax tests performed by apachectl, butthen result in the HTTP daemon exiting immediately after reloading its configura- tion. If this happens, use the tailcommand to check Apache s error log for usefulinformation. On Debian systems, the error log is in /var/log/apache/error.log. On other systems, the location can be found by looking for the ErrorLogdirectivein your Apache configuration. One of the more commonly encountered errors looks something like this: [crit] (98)Address already in use: make_sock: could not bind to port 80This error often indicates that something else is bound to port 80 (not very commonunless you have attempted to install another Web server), that another Apache process is already running (apachectlusually catches this), or that you have toldApache to bind the same IP address and port combination in more than one place. NoteNote32_
Looking for affordable and reliable webhost to host and run your business application? Then look no more and go to servlet web hosting services.