Category Archives: Rackspace Cloud - Page 2

Installing Webmin on CentOS 5.5 using Rackspace Cloud Servers

Webmin is a great GUI tool for administering your server.

Installing it on CentOS 5.5 is a breeze, there are 3 steps:

Step 1: Get the RPM, run this command

Step 2: Install the RPM, run this command

Step 3: Open the firewall on port 10000. Run this command

That’s it – you can now connect to your server by going to domain.com:10000

See http://www.webmin.com/index.html for more details on this project.

Setting up DNS For Cloud Servers With Rackspace

DNS is one of those things that seems like magic until you understand it. This post will first give a brief overview of how DNS works, and then walk through the steps of setting up DNS for a Cloud Server with Rackspace.

What is DNS?
In short, Domain Name Service (DNS) translates hostnames to IP Addresses. This is what allows us to simply type in joshprewitt.com instead of trying to remember 184.106.219.112.

A high level overview of DNS:
When a visitor requests a website such as www.JoshPrewitt.com, a query is made for where the Start of Authority (SOA) is. This is simply saying “Hey, where can I find some information about JoshPrewitt.com?” A response is made with the Name Servers. The Name Servers contain additional information on exactly what services are available on a domain. Common Name Servers are:
Rackspace Cloud: dns1.stabletransit.com and dns2.stabletransit.com
Rackspace Dedicated: ns1.rackspace.com and ns2.rackspace.com
GoDaddy: ns1.domaincontrol.com – ns60.domaincontrol.com (and maybe more. This many is just plain silly, but to each their own).

So now the requester goes to the NameServer and says “Hey! I’m looking for a website that will be under the name joshprewitt.com”. The Name server looks for a Zone for JoshPrewitt.com. If it finds it, it then looks for a record for exactly www.joshprewitt.com to tell the requester where to go next.

So to summarize:
NameServers contain Zones
Zones contain Individual Records

What are some common Record Types?
A: This is the biggie. An A record stands for address record and points a hostname (www.joshprewitt.com) to an IP address (184.106.219.112)
CNAME: Stands for Canonical Name. This is best described as an alias. It will point a hostname (google.joshprewitt.com) to another host name (google.com)
MX: Mail Exchanger record. This guy handles all email inquiries. Per the RFC (Think of it as Internet Law), this must point to a Host Name.

So, here are some examples to show you how DNS can chain together records to get where it is going.

Simple A Record
JoshPrewitt.com –> 184.106.219.112

CNAME record of www.joshprewitt to the A record of joshprewitt.com
www.JoshPrewitt.com –> JoshPrewitt.com –> 184.106.219.112

MX Record Example
JoshPrewitt.com –> mail.JoshPrewitt.com –>184.106.219.112

Ok, so now we have a basic understanding of DNS, and we know how the records can link together. How do we put this into practice?

Making it work

Let’s add a zone and some example records for a made up site: joshprewitt-test.com

First, add the zone:
1) Login to manage.rackspacecloud.com
2) Click Hosting > Servers > Choose any Server > Click the DNS tab
3) Click “Add”
4) You will be prompted for a domain name, enter the domain without a www. For example, I would enter: joshprewitt-test.com
5) Press “OK”

That’s it, the zone is added! Now, click the zone and you can manage the actual records. Rackspace Cloud does not add any records by default, so you must add the ones that you need!

Before we talk about the records we are going to add, let’s look at the DNS options that we are going to run into.

DNS Options

Name: This is what the record will be known as or what the user will type in to the address bar. Examples would be: joshprewitt-test.com, www.joshprewitt-test.com, mail.joshprewitt-test.com, etc

Content: This is where the Record will point. Think of it like this: A request comes in with a NAME and is directed to the CONTENT. For an A record, this will always be an IP address, usually the IP address of your server. For a CNAME or MX Record, this will always be a hostname.

TTL is Time To Live. This is the value in seconds for how long you want this record to be cached. The higher it is, the longer it will be cached, so performance will slightly improve. We usually suggest 3600 as TTL because this is 1 hour. This will allow you to get the benefits of the record being cached, but you can also make a DNS change later on and it will only take 1 hour to be effective.

Priority: This is an option when adding an MX record. A request will try the lowest priority first, and then the next lowest and so on. Common entries are 10, 20, etc. The number is arbitrary. If the lowest priority for one zone is 1 and the lowest priority for another zone is 100, there will be no performance difference.

Now that we know what everything means, let’s look at some typical records:

Examples

You will almost always want an A record for YourDomain.com and www.YourDomain.com. Using joshprewitt-test.com as the example domain, let’s see how these records would be added.

1) Click Hosting > Cloud Servers > Any Server Name > DNS Tab > The Zone you created above
2) Click ‘Add’ to create a new Record.
3) Input the Record like this:
Type: A
Name: YourDomain.com
Content: Your IP Address goes here
TTL: 3600

For my example, this would be:
Type: A
Name: joshprewitt-test.com
Content: 184.106.219.112
TTL: 3600

You will want to add at least another record for the ‘www’ version of your domain name. This will be very similar to the one above:

Input the Record like this:
Type: A
Name: www.YourDomain.com
Content: Your IP Address goes here
TTL: 3600

For my example, this would be:
Type: A
Name: www.joshprewitt-test.com
Content: 184.106.219.112
TTL: 3600

You can think of it as when a request comes in with NAME, send it over to CONTENT.

This should get you started with setting up DNS in Cloud Servers.

Installing phpMyAdmin in CentOS 5.5 on Rackspace Cloud

PhpMyAdmin is a great tool for being able to manage your MySQL database from a GUI. Here is how to install it onto a fresh CentOS 5.5 Server in Rackspace Cloud. PhpMyAdmin requires Apache, PHP, and MySQL to run. This walkthrough will assume a fresh server that has nothing pre-installed. All commands are performed as root

NOTE: This article has become pretty popular in the search engines. This is still an excellent tutorial on installing phpMyAdmin, but there is a slightly easier way to do it by using the EPEL repository. I cover that method in an article at http://joshprewitt.com/2011/03/08/install-phpmyadmin-on-centos-5-5-using-epel-repo/ If you have a problem, question, or comment with either of these methods, post a comment and I’ll try to help you out!

Install Apache

First, install apache as described at: http://cloudservers.rackspacecloud.com/index.php/CentOS_-_Apache_and_PHP_install but stop before you get to installing PHP.

You will need to modify your /etc/httpd/conf/httpd.conf file beyond that to look for index.php as a Directory Index. Look around line 391 for:

Change this to include index.php like:

Install MySQL

Next up, we need to install MySQL

Now start it up

Now we need to secure it:

It is going to ask you handful of questions:

Current Root Password

You will be asked for your current root password. Because this is a new installation it is set to none. Press enter.

Set Root Password

If the above step worked correctly you should be prompted with a question asking you if you would like to set your root password. Please press Y and press Enter.

You will be asked for your root password twice. If it works you will see Success!

Removing Anonymous Users

You will be prompted to remove the MySQL anonymous users. For security reasons we want to do this. The text above the question explains this topic in more detail. Press Y and then Enter.

Disallow Root Login

You will be asked if you would like to disallow remote login for the root user and only allow connections from the server itself. To keep our server secure you want to say Y and press Enter.

Delete test Database

MySQL ships with a default database called test. This is not needed and can be deleted. Press Y and then Enter to delete the test database and it’s associated users.

Reload Privilege Tables

This step will reload the user settings (called privilege tables) so all user changes will take effect. Press Y and then Enter to continue.

This post won’t go into setting up additional users besides root and assigning them privileges. For information on that, check out the Cloud Servers Knowledge Base: http://cloudservers.rackspacecloud.com/index.php/CentOS_5.4#MySQL

Install PHP

Now, we need to install php. The problem is that the default yum repos have php 5.1, and the current version of PhpMyAdmin requires 5.2 or higher. To install that version of php, we will need to enable the “testing” repo.

To do that, edit the file /etc/yum.repos.d/CentOS-Base.repo to include this at the bottom:

Great – now we can actually install php

Install PhpMyAdmin

Now finally, we are ready to install PhpMyAdmin! The easiest way to do this is to drop into a new directory called phpmyadmin in the web root of the server. Change directory to the web root:

Now perform a wget to download the latest version. Head over to http://www.phpmyadmin.net/home_page/downloads.php to see what the latest version is. At the time of this writing, the latest version is 3.3.6. Personally I will download the english tar file with gzip compression. Click the link, cancel the download, and then copy the “Direct link” location that is at the top of the screen. In this case: http://downloads.sourceforge.net/project/phpmyadmin/phpMyAdmin/3.3.6/phpMyAdmin-3.3.6-english.tar.gz?r=http%3A%2F%2Fwww.phpmyadmin.net%2Fhome_page%2Fdownloads.php&ts=1283745912&use_mirror=voxel

So the command is:

Next, we need to untar/unzip it.

Let’s rename the directory to make it easier to remember:

Now, we need to setup the blowfish secret phrase. This is just a random phrase that will be used to encrypt/decrypt data. Let’s make a copy of config.sample.inc.php over to config.inc.php.

Now, edit this file at line 18 where it says:

Make it read:

Ok, last but not least, let’s give apache one final restart:

You can now access it by going to either yourdomain.com/phpmyadmin or yourip.com/phpmyadmin

Cleanup

The login will be root and whatever you set the root password to be. Now to cleanup, let’s disable the testing repo, just edit the /etc/yum.repos.d/CentOS-Base.repo file to be enabled=0 instead of enabled=1.

Troubleshooting iptables on Rackspace Cloud Servers

A common issue when setting up iptables on a new cloud server is that users may append the record to the existing chain, without looking at the ruleset first.

Iptables is read top to bottom, with a default installation of CentOS 5.5, the command iptables-L –line-number yields the following:

Looking at this, you can see that the INPUT chain has a single rule: to go read the  RH-Firewall-1-INPUT chain. That chain then has 10 rules, with the last one being to reject all traffic. This means that if it isn’t explicitly allowed in rules 1-9, it ain’t gonna happen.

The problem comes in when you try to add a new rule using the -A flag which appends the rule, meaning that the new rule goes to the bottom. Here is an example of that, and is what you do NOT want to do:

Let’s assume that we did run this command. The new output of iptables -L –line-number would be:

See anything wrong here? Let’s look at the INPUT chain. The first rule is to read the RH-Firewall-1-INPUT chain, which has 10 rules. After it reads through that chain, the next rule from the INPUT chain would be read, the rule that we just added for opening port 80.

Problem is, RH-Firewall-1-INPUT said in line 10 to reject anything that didn’t match. That means that your rule for opening port 80 will never even be looked at, requests will just be rejected.

Ok, so we need to remove the bad rule and do it right. First, let’s get rid of the bad rule by removing it based off of the line number

To break this command down for you:
iptables: should be pretty obvious…
-D: This option is for DELETE
INPUT: Specify the chain we want to delete from
2: Specify the line number of the rule to remove.

After running that, my bad rule from above will be gone. Now I need to do it the RIGHT way:

This rule looks an awful lot like the one above that I told you not to use, but look closely and you will see that instead of -A for append, this rule uses -I for insert, which will put the rule at the TOP of the list. Running iptables -L –line-number now yields the following:

Nice – Now the rule about allowing port 80 will be read FIRST, and then it will read the RH-Firewall-1-INPUT chain.

Always remember to save! If you do not save your ruleset, when the box reboots all of your rules will be lost!

For Redhat, CentOS, and Fedora:

For Ubuntu:

For all other distros: