Kerberos on Apache 2.4 for Windows - web

I Have a Apache https 2.4 server on a Windows Server.
I would like to implement Kerberos authentification. For linux, it seems the solution is to use
mod_auth_gssapi https://github.com/gssapi/mod_auth_gssapi
But for Windows, there no module available.
Do you think it is possible to compile this module for windows ? is there another way maybe a proxy ?
With NGINX, it is the same problematic, no module kerberos. Maybe I need to use IIS ?
Thanks

If the server is an Active Directory domain member, use mod_auth_sspi instead, which uses the Windows-provided SSPI interface to implement Kerberos/Negotiate (and technically also NTLM).
There does not seem to be an NGINX equivalent that would use SSPI.
Compiling GSSAPI-based modules (for both Apache and NGINX) may be possible, but you would need to have an GSSAPI library first – MIT "Kerberos for Windows" and Heimdal are the two options available. (Note that they would not be able to use Windows AD machine credentials directly; they would need a keytab to be issued, just like on Linux.)

Related

coreos - how to get cloud-config from remote url?

I'm trying to install a cores in a vm and I'm not sure how I can load the cloud-config.yml file from a remote URL, without having to use coreos-cloudinit since it's deprecated.
Is there a way to do that?
coreos-cloudinit is deprecated in favour of ignition. Ignition Configs can indeed be loaded from remote URLs, typically via a coreos.config.url= kernel command-line parameter.
However different methods exist for specific providers, so it's better to check the Supported Platforms doc and look for the relevant platform.

Tomcat (Host) Manager protection

Are there any build in features that prohibit
1) too many login attempts from the same IP
2) too many login attempts for the same username
or should I enhance those web applications by myself?
My server already got hacked once because I had a weak password, now I have a 10k bit keyfile for my piece of mind.
Those tomcat managers seem to be the next most dangerous things in my eyes, besides someone exploiting my web applications with malicious requests.
Not as far as I know, the best would be to disable the Host manager if you don't need it, or restrict ONLY the manager app to a single IP address. As long as you have a strong password and a secure application you should be fine
You want the LockOutRealm:
http://tomcat.apache.org/tomcat-8.0-doc/config/realm.html#LockOut_Realm_-_org.apache.catalina.realm.LockOutRealm
It is configured by default in server.xml in remotely recent versions of Tomact 7 and all versions of Tomcat 8.

How safe is fresh Centos 6 Standard Server Installation?

Is installing Centos using standard installation for webserver relative safe? (without considering the CMS safety and only for Wordpress). The contents are:
- Virtualmin & Webmin:
- APC caching
- Apache, MySQL and Php
Everything is installed with default settings.
I installed Centos server at home and access it 100% from local network.
If it is not safe then what is the minimum requirement for safety?
'Safe' is too relative a term really. CentOS 6, Virtualmin and Webmin all have security bugs filed against them, some of which can even be exploited automatically by scripts and packages like Metasploit.
That said, no system will ever be perfectly secure unless you bury it underground with no net connection, so here are some good initial steps to take to improve security a little:
Turn off services and daemons that you don't need. For instance, it could be that you won't be using FTP, and will use SFTP for file transfer. If so, turn off the ones you aren't using.
Enforce a policy of unique and secure passwords of a decent length
install system updates, especially security updates.
Modify IPtables settings to disallow access to unused ports. Look into further iptables settings that can help
Consider key-based logins, 2 or 3 factor authentication etc. and weigh the pros and cons (google authenticator PAM module is very easy to install, for example).
That's a good start off, a key thing is to keep an eye on the server, try to monitor if unusual bandwidth, or logins are being used.
No box is a fortress, but you can at the very least discourage opportunists.

Weblogic: Mixed Windows and Linux Domain

The project I am currently working on has a mix of legacy software and new development. The new dev work is being done on Linux and we have created a large domain on the Linux side. However, all of the legacy software must remain on Windows...
I haven't found any documentation indicating a mixed domain is possible although I can't see why the node managers or servers would have a problem communicating.
Can I add a Windows managed server to my Linux domain? Has anyone ever tried this? I can leave the domains separate if need be (although management won't be happy) but I was tasked with consolidating everything into a single domain.
If you don't have an exact answer, any links to documentation would be appreciated.
I do not have a practical experience with running such mixed-OS domain but I do not see a why it should not conceptually work.
Weblogic runs on Java, so that should work on both platforms.
The only problem that you may experience is that if the domain was created for a particular OS, its startup scripts will either be .sh for Linux or e.g. .cmd for Windows. In this case, you will probably need to get startup scripts for the particular OS and slightly modify them to match your target domain.
WebLogic is supported on both platforms, and startup scripts are also for both windows and linux.
The protocol they communicate is not in any way I know platform specific, so there's no reason for this to not work.
There doesn't seem to be any documentation on this however, so you need to just go for it.
We've got this up and running... it wasn't all that bad. Here's what we did:
Create a domain on Linux (NFS)
Add Weblogic .cmd start/stop scripts into <domain home>/bin folder
On Windows side:
Create a symlink under C: to the NFS domain location
mklink /D folder_name \\OUR-NFS01\path\to\domain
Update nodemanager.properties and nodemanager.domains to use the symlink path
Update nodemanager.properties to use our startManagedWebLogic.cmd for the start script
Update all of the .cmd files to reference the symlink path to the domain (e.g. DOMAIN_HOME)
Make sure in nodemanager.properties and .cmd files we reference the correct Windows JAVA_HOME location
Make sure any paths in the admin console (e.g. log file location) for the Windows managed server also reference the symlink path
That was it. Once we had the Windows nodemanager up and running we were able to start a managed server on the Windows host.
Side Note: We had issues using running the nodemanager as a Windows service when using mapped network drives. The service would not always see that mapped drive. That is why we chose to use a symlink instead (and it seems cleaner to me anyway).
The most recent WebLogic documentation is quite clear on this. A domain can mix hardware, operating system and JVM as long as all of them are supported:
Hardware, Operating System, and JVM Platform Compatibility
Oracle does recommend to use homogenous clusters as managed servers are expected to be equivalent to eachother, if this is not the case this may negatively impact load balancing and performance (see the above link).

What is the difference between XAMPP or WAMP Server & IIS?

I want to know what's the main difference between XAMPP or WAMP Server & IIS Server?
WAMP is an acronym for Windows (OS), Apache (web-server), MySQL (database), PHP (language).
XAMPP and WampServer are both free packages of WAMP, with additional applications/tools, put together by different people. There are also other WAMPs such as UniformServer. And there are commercial WAMPs such as WampDeveloper (what I use).
Their differences are in the format/structure of the package, the configurations, and the included management applications.
IIS is a web-server application just like Apache is, except it's made by Microsoft and is Windows only (Apache runs on both Windows and Linux). IIS is also more geared towards using ASP.NET (vs. PHP) and "SQL Server" (vs. MySQL), though it can use PHP and MySQL too.
WAMP: acronym for Windows Operating System, Apache(Web server), MySQL Database and PHP Language.
XAMPP: acronym for X (any Operating System), Apache (Web server), MySQL Database, PHP Language and PERL.
XAMPP and WampServer are both free packages of WAMP, with additional applications/tools, put together by different people.
Their differences are in the format/structure of the package, the configurations, and the included management applications.
In short: XAMPP supports more OSes and includes more features
WAMP [ Windows, Apache, Mysql, Php]
XAMPP [X-os, Apache, Mysql, Php , Perl ] (x-os : it can be used on any OS )
Both can be used to easily run and test websites and web applications locally.
WAMP cannot be run parallel with XAMPP because with default installation XAMPP gets priority and it takes up ports.
WAMP easy to setup configuration in.
WAMPServer has a graphical user interface to switch on or off individual component softwares while it is running.
WAMPServer provide an option to switch among many versions of Apache, many versions of PHP and many versions of MySQL all installed which provide more flexibility towards developing while XAMPPServer doesn't have such an option.
If you want to use Perl with WAMP you can configure Perl with WAMPServer http://phpflow.com/perl/how-to-configure-perl-on-wamp/ but it is better to go with XAMPP.
XAMPP is easy to use than WAMP.
XAMPP is more powerful.
XAMPP has a control panel from that you can start and stop individual components (such as MySQL,Apache etc.).
XAMPP is more resource consuming than WAMP because of heavy amount of internal component softwares like Tomcat , FileZilla FTP server, Webalizer, Mercury Mail etc.So if you donot need high features better to go with WAMP.
XAMPP also has SSL feature which WAMP doesn't.(Secure Sockets Layer (SSL) is a networking protocol that manages server authentication, client authentication and encrypted communication between servers and clients. )
IIS acronym for Internet Information Server also an extensible web server initiated as a research project for for Microsoft NT.IIS can be used for making Web applications, search engines, and Web-based applications that access databases such as SQL Server within Microsoft OSs. .
IIS supports HTTP, HTTPS, FTP, FTPS, SMTP and NNTP.
In addition to the above, WAMP supports 64 bit PHP on Windows systems while XAMPP only offers 32 bit versions. This actually made me switch to WAMP on my Windows machine since you need 64 bit PHP 7 to get bigint numbers correctly from MySQL
XAMPP is more powerful and resource taking than WAMP.
WAMP provides support for MySQL and PHP.
XAMPP provides support for MYSQL, PHP and PERL
XAMPP also has SSL feature while WAMP doesnt.
If your applications need to deal with native web apps only, Go for WAMP.
If you need advanced features as stated above, go for XAMPP.
As of priority, you cant run both together with default installation as XAMPP gets a higher priority and it takes up ports. So WAMP cant be run in parallel with XAMPP.
WAMP stands for Windows,Apache,Mysql,Php
XAMPP stands for X-os,Apache,Mysql,Php,Perl.
(x-os means it can use for any operating system)
Advantages of XAMPP:
It is cross-platform software
It possesses many other essential modules such as phpMyAdmin, OpenSSL, MediaWiki, WordPress, Joomla and more.
it is easy to configure and use.
Advantages of WAMP:
It is easy to Use. (Changing Configuration)
WAMP is Available for both 64 bit and 32-bit system.
if you are running projects which have specific version requirements
WAMP is better choice because you can switch between multiple
versions. for example 7x and PHP 5x or Magento2.2.4 won't work on
php7.2 but Magento2.3.needs php7.2 or up to work.
i suggest using laragon :
Laragon works out of the box with not only MySQL/MariaDB but also PostgreSQL & MongoDB. With Laragon, they are portable & reliable so you can focus on what matters
Laragon is a portable, isolated, fast & powerful universal development environment for PHP, Node.js, Python, Java, Go, Ruby. It is fast, lightweight, easy-to-use and easy-to-extend.
Laragon is great for building and managing modern web applications. It is focused on performance - designed around stability, simplicity, flexibility and freedom.
Laragon is very lightweight and will stay as lean as possible. The core binary itself is less than 2MB and uses less than 4MB RAM when running.
Laragon doesn’t use Windows services. It has its own service orchestration which manages services asynchronously and non-blocking so you’ll find things run fast & smoothly with Laragon.
Advantages of Laragon:
Pretty URLs
Use app.test instead of localhost/app.
Portable
You can move Laragon folder around (to another disks, to another laptops, sync to Cloud,…) without any worries.
Isolated
Laragon has an isolated environment with your OS - it will keep your system clean.
Easy Operation
Unlike others which pre-config for you, Laragon auto-configsall the complicated things. That why you can add another versions of PHP, Python, Ruby, Java, Go, Apache, Nginx, MySQL, PostgreSQL, MongoDB,… effortlessly.
Modern & Powerful
Laragon comes with modern architect which is suitable to build modern web apps. You can work with both Apache & Nginx as they are fully-managed.
Also, Laragon makes things a lot easier:Wanna have a Wordpress CMS? Just 1 click.Wanna show your local project to customers? Just 1 click.Wanna enable/disable a PHP extension? Just 1 click.
XAMPP and WAMP are both web server applications for PHP and MYSQL with the apache server. When we consider IIS, it also a web-server like apache runs on windows only.
XWAMPP/WAMP - Windows,Apache,Mysql,PHP
IIS - Apache,SQL Server, ASP.NET
If you like to read more about XWAMPP vs WAMP
WAMP: acronym for Windows OS, Apache(Web server), MySQL (Database) and PHP.
XAMPP: acronym for X (any OS), Apache (Web server), MySQL (Database), PHP/PERL.
One of their differences are in the format/structure of the package, the configurations, and the included management applications, In short: XAMPP supports more OSes and includes more features. XAMPP is easy to use than WAMP. XAMPP is more powerful. XAMPP has a control panel from that you can start and stop individual components (such as MySQL,Apache etc.). XAMPP is more resource consuming than WAMP because of heavy amount of internal component software

Resources