Friday, December 11, 2015

Create an SSL Certificate on Nginx for Ubuntu 14.04

                                     Here, we will show you how to set up a self-signed SSL certificate for use with an Nginx web server on an Ubuntu 14.04 server. A self-signed certificate will not validate the identity of your server for your users since it is not signed by one of their web browser's trusted certificate authorities, but it will allow you to encrypt communications with your web clients.
Setup A Nginx Web server
sudo apt-get update
    sudo apt-get install nginx
Create New Sites and make its Default Sites
root@ubuntu:/etc/nginx/sites-available# cp default ictops
root@ubuntu:/etc/nginx/sites-enable# vi ictops
server {
       listen   80; ## listen for ipv4; this line is default and implied
       server_name localhost;
       add_header X-Frame-Options "SAMEORIGIN";
       location / {      
           root /var/www;
      index index.html index.htm;
       }
}
root@ubuntu:/etc/nginx/sites-available# cd /etc/nginx/sites-enabled
root@ubuntu:/etc/nginx/sites-enabled# ln -s /etc/nginx/sites-available/ictops ictops
root@ubuntu:/etc/nginx/sites-enabled# service nginx restart
Test your HTTP Setup: - http://IP Address of the Server
Install-Configure Open SSL On the Server
Create the SSL Certificate
                                           We can start off by creating a directory that will be used to hold all of our SSL information. We should create this under the Nginx configuration directory:
sudo mkdir /etc/nginx/ssl
                                            Now that we have a location to place our files, we can create the SSL key and certificate files in one motion by typing:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt
  • openssl: This is the basic command line tool for creating and managing OpenSSL certificates, keys, and other files.
  • req: This subcommand specifies that we want to use X.509 certificate signing request (CSR) management. The "X.509" is a public key infrastructure standard that SSL and TLS adheres to for its key and certificate management. We want to create a new X.509 cert, so we are using this subcommand.
  • -x509: This further modifies the previous subcommand by telling the utility that we want to make a self-signed certificate instead of generating a certificate signing request, as would normally happen.
  • -nodes: This tells OpenSSL to skip the option to secure our certificate with a passphrase. We need Nginx to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening because we would have to enter it after every restart.
  • -days 365: This option sets the length of time that the certificate will be considered valid. We set it for one year here.
  • -newkey rsa:2048: This specifies that we want to generate a new certificate and a new key at the same time. We did not create the key that is required to sign the certificate in a previous step, so we need to create it along with the certificate. The rsa:2048 portion tells it to make an RSA key that is 2048 bits long.
  • -keyout: This line tells OpenSSL where to place the generated private key file that we are creating.
  • -out: This tells OpenSSL where to place the certificate that we are creating.
The entirety of the prompts will look something like this:
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:Kerala
Locality Name (eg, city) []:KYLM
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Amrita
Organizational Unit Name (eg, section) []:IT
Common Name (e.g. server FQDN or YOUR name) []:AVIEW.IN
Email Address []:ictops.aerl.in
Update the SSL certificates Informations into the sites under nginx
root@ubuntu:/etc/nginx/sites-enabled# vi ictops
server {
       listen   80; ## listen for ipv4; this line is default and implied
       server_name localhost;
       add_header X-Frame-Options "SAMEORIGIN";
       location / {      
           root /var/www;
      index index.html index.htm;
       }
}
server {
       listen 443;
       server_name localhost;
location / {
           root /var/www;
      index index.html index.htm;         
}   
     ssl on;
     ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
}
Restart Nginx Service
service nginx restart
                                             This should reload your site configuration, now allowing it to respond to both HTTP and HTTPS (SSL) requests.
Test your HTTPS Setup
        https://IP Address of the Server   
Posted By at 1 comment:
Labels: ,

Setup HTTP Authentication With Nginx On Ubuntu

Install Apache-utils
                    Unlike Apache, Nginx uses HttpAuthBasic module to enable Password Protected Directories but doesn’t provide any tools to create an encrypted .htpasswd file. We need htpasswd to create and generate an encrypted for the user using Basic Authentication. Install apache2-utils using the command below.
sudo apt-get install apache2-utils
Create User and Password
                                Create a .htpasswd file under your website directory being served by nginx. The following command would create the file and also add the user and an encrypted password to it.
$ sudo mkdir /etc/nginx/passwd
$ sudo htpasswd -c /etc/nginx/passwd/.htpasswd first_user
$ sudo htpasswd /etc/nginx/passwd/.htpasswd second_user
Eg:- htpasswd -c /etc/nginx/passwd/.htpasswd test1
                                               After you have installed Apache create a new directory under /etc/nginx/ named intuitively passwd where .htpasswd file will be stored and use htpasswd command with –c switch on first added user to generate file, then if you want to add more users use htpasswd without –c switch.
                                               For protect name-ip-ssl Virtual Host root /srv/http/ served path with all its subfolders and files beneath it add the following instructions inside your Virtual Host server block under root directive and point it to absolute .htpasswd file path.
auth_basic "Restricted Website";
auth_basic_user_file /etc/nginx/passwd/.htpasswd;
Example  :-
 Here i have already a Virtual Sites running on Port 8080 | etc/nginx/sites-enabled
server {
       listen   8080; ## listen for ipv4; this line is default and implied
       root /var/www;
       location ~ \.php$ {
               root /var/www;
auth_basic "Restricted Website";
auth_basic_user_file /etc/nginx/passwd/.htpasswd;
               try_files $uri =404;
               fastcgi_split_path_info ^(.+\.php)(/.+)$;
               fastcgi_pass unix:/var/run/php5-fpm.sock;
               fastcgi_index index.php;
               include fastcgi_params;
       }
Posted By at No comments:
Labels: ,

Thursday, December 10, 2015

Installing,Configuring Citrix XenApp 6.5 And Publishing Applications

                                          Citrix XenApp is a product that extends Microsoft Remote Desktop Session Host desktop sessions and applications to users through the Citrix HDX protocol.Citrix XenApp and Remote Desktop Services allow Windows applications and computing resources to be centrally managed in a secure data center. Users can access the applications from anywhere and from non-Windows clients
                                           Before I begin the install of XenApp 6.5 I've configured the following first
  • A Windows 2008 domain (ictops.org).
  • 2 Windows 2008 R2 64bit servers for the XenApp servers and the web interface.
  • A Windows 2008 R2 server for the license server.
  • A Windows 7/8 Machine                                                                        The XenApp Installation-Configurations includes the following
  1. Prepare the Media - (Download XenApp 6.5 ISO)
  2. Install License Server Role
  3. Install XenApp Server Role
  4. Install Web Interface Role
  5. Configure License Server Role
  6. Configure XenApp Server Role - (Create New Farm/ SQL Express DB Installation)
  7. Configure Web Interface Role - ( Create Sites / Configure Sites)
  8. Publishing An Application on XenApp Server- (Install  Citrix Receiver)
                                    Mean while i don't want to Setup AD and we configure all the Services (XenApp-DB / License Server / Web Interface) on A Single Windows 2008 Server
(Machine Name :-  WIN-85CLBN5A8QJ)
  1. Download the XenApp 6.5 ISO from Citrix Sites and burn into a Disk or USB storage
  2. Insert the Media into the Windows 2008 Server and Select Install XenApp Server
                ( It's ask for installing Dotnet frame work 3.5 on the server)
3.  Once the install of .Net 3.5 has finished and the Citrix XenApp Server Role Manager starts click on Add Server Roles.

4.  You will be prompted to select your edition of XenApp. (Me Select Platinum Edition) and Agree the License
5. Here, I'm going to install the XenApp and Web Interface And License Server role on the same server but if this is a production environment have a look here to see how you can split the roles out.
                                   I also have added the XML integration as this let the Citrix XML port and IIS share port 80, if you have a requirement to separate these do not select it.
6. Review what is going to be installed and click next.The installation requires a restart.
7. After rebooting will get the Prompt Like “Resume Install” . Otherwise Open
                   “Citrix XenApp Server Role Manager “  ( Start ---> Administrative Tools ---> Citrix --->Citrix XenApp Server Role Manager )

8. After Completing the Installation, need to configure roles (License ,XenApp)
9.  Configuring License Server Role
      (Start ---> Administrative Tools ---> Citrix ---> Citrix XenApp Server Role Manager )



10. Need to Specify the Licensing (Click On Specify Licensing)

11. You will get an error like below .Ignore it and continue
Note :- We have not uploaded any license, this is bz we will get this error

12. Configure XenApp Server Role On Server
                                   To Configure XenApp server, we need to create a Citrix Farm
             Citrix Farm is a Connection of Citrix XenApp Server. So this is new server installation so we need to select “ Create a New Server farm “
                       
13. Create a Database For Citrix Farm.
                      It contains all static informations like Farm Configuration, Published application configuration and Server Configuration
              
               Click on DB, this will instal SQL Express DB on the server.
              Enter User Credentials ---> Configure Shadowing --->Advanced Server setting-(Data Collection/XML Service/Receiver/RDp users)

After Installation of SQL DB , Restart the server
14. Configure Web Interface On Server
           I already installed web interface Role on server, so need to configure Web Interface on the server
  (Start ---> Administrative Tools ---> Citrix ---> Management Console ---> Citrix Web Interface Management)
                                     In the Citrix Web Interface Management Console, there have two Option
XenApp Web Sites  and XenApp Services Sites
 15. Create XenApp Websites
 (Start ---> Administrative Tools ---> Citrix ---> Management Console ---> Citrix Web Interface Management --->XenApp Website ---> Create sites
16. Configure Sites
                     After successfully create the Web site, then configure the sites
To Configure sites, we need to specify Server Farm (We already created a Server Farm during the XenApp role installation).So specify that name.(here Eg :- New Farm)
Specify the Server / Servers (Multiple XenApp Servers) in failover order
               Specify Authentication method ---> Domain Restrictions → Specify Logon Screen Appearance ---> Select Published Resource Type
17. Publishing  An Application on Citrix XenApp Server
  • Logon to the XenApp Server
  • Open Citrix AppCenter
            ( Start ----> Administrative Tools ---> Citrix ----> Management Consoles ---> Citrix AppCenter)
  • Get a Console “ Configure And Run Discovery
  • Uncheck the option “ Single Sign-On
  • Add Citrix Server   (Add Local Computer) - Eg :- WIN-85CLBN5A8QJ
Application Publishing.
  • Open Citrix AppCenter
( Start ----> Administrative Tools ---> Citrix ----> Management Consoles ---> Citrix AppCenter )
  • Expand Farm Name   (Eg :- New Farm)  
  • Select Applications ---> Click On Publish Application ---->Enter Name ----> Location ----> Configure Server (On Which Published Application will run) --- > Users --->Finish
18. Testing From A Client Machine / Access Published Application
  • Logon to the Client Windows 7 /8 Machine
  • Open Browser and Type XenApp Server IP / Domain Name
  • Select Skip To Logon

                                 
                                We can see the Published application but we are not able to Open the applications, because we have not install the Citrix Receiver on this client machine
19. Citrix Receiver On Client Machine
  • Insert the XenApp Server ISO burned Media
  • Install/Run Program from the Media
  • Click On Manual Install Components  ----> Common Components ---->
  • Select “ Plugins And Streaming Profiler “ ----> Select Citrix Receiver
                             After the installation. Try to access the Published application. 
Posted By at No comments:
Labels: ,
Subscribe to: Posts (Atom)
bloggerwidgets