Archive

Posts Tagged ‘ssh’

Setting up an Ubuntu-based ASP.NET Server with Mono

November 21st, 2010 5 comments

Introduction:

In my day job, I work as an infrastructure developer for a small company. While I wouldn’t call us a Microsoft shop by any stretch (we actually make web design tools), we do maintain a large code base in C#, which includes our website and a number of web-based administrative tools. In planning for a future project, I recently spent some time figuring out how to host our existing ASP.NET-based web site on a Linux server. After a great deal of research, and just a bit of trial and error, I came up with the following steps:

VirtualBox Setup:

The server is going to run in a virtual machine, primarily because I don’t have any available hardware to throw at the problem right now. This has the added benefit of being easily expandable, and our web hosting company will actually accept *.vdi files, which allows us to easily pick up the finished machine and put it live with no added hassle. In our case, the host machine was a Windows Server 2008 machine, but these steps would work just as well on a Linux host.

I started off with VirtualBox 3.2.10 r66523, although like I said, grabbing the OSE edition from your repositories will work just as well. The host machine that we’re using is a bit underpowered, so I only gave the virtual machine 512MB of RAM and 10GB of dynamically expanding storage. One important thing – because I’ll want this server to live on our LAN and interact with our other machines, I was careful to change the network card settings to Bridged Adapter and to make sure that the Ethernet adapter of the host machine is selected in the hardware drop down. This is important because we want the virtual machine to ask our office router for an IP address instead of using the host machine as a private subnet.

Installing the Operating System:

For the initial install, I went with the Ubuntu 10.10 Maverick Meerkat 32-bit Desktop Edition. Any server admins reading this will probably pull out their hair over the fact, but in our office, we have administrators who are very used to using Windows’ Remote Desktop utility to log into remote machines, and I don’t feel like training everybody on the intricacies of PuTTy and SSH. If you want to, you can install the Server version instead, and forgo all of the additional overhead of a windowing system on your server. Since all of my installation was done from the terminal, these instructions will work just as well with or without a GUI.

From VirtualBox, you’ll want to mount the Ubuntu ISO in the IDE CD-ROM drive, and start the machine. When prompted, click your way through Ubuntu’s slick new installer, and tell it to erase and use entire disk, since we don’t need any fancy partitioning for this setup. When I went through these steps, I opted to encrypt the home folder of the vm, mostly out of habit, but that’s up to you. Once you make it to a desktop, install VirtualBox Guest Additions.

From Terminal, type sudo apt-get upgrade to apply any patches that might be available.

Setting up a Static IP Address:

From a terminal, type ifconfig and find the HWaddr entry for your ethernet card, usually eth0. It will probably look something like 08:00:27:1c:17:6c. Next, you’ll need to log in to your router and set it up so that any device with this hardware address (also called a MAC address) is always given the same IP address. In my case, I chose to assign the virtual server an IP address of 192.168.1.10 because it was easy to remember. There are other ways that you can go about setting up a static IP, but I find this to be the easiest.

Getting Remote Desktop support up and running:

As I mentioned above, the guys in our office are used to administering remote machines by logging in via Windows’ remote desktop client. In order to provide this functionality, I chose to set up the xrdp project on my little server. Installing this is as easy as typing sudo apt-get install xrdp in your terminal. The installation process will also require the vnc4server and xbase-clients packages.

When the installation has completed, the xrdp service will run on startup and will provide an encrypted remote desktop server that runs on port 3389. From Windows, you can now connect to 192.168.1.10 with the standard rdp client. When prompted for login, make sure that sesman-Xvnc is selected as the protocol, and you should be able to log in with the username and password combination that you chose above.

Installing a Graphical Firewall Utility:

Ubuntu ships with a firewall baked into the kernel that can be accessed from the terminal with the ufw tool. Because some of our administrators are afraid of the command line, I also chose to install a graphical firewall manager. In the terminal, type sudo apt-get install gufw to install an easy to use gui for the firewall. Once complete, it will show up in the standard Gnome menu system under System > Administration > Firewall Configuration.
Let’s do a bit of setup. Open up the Firewall Configuration utility, and check off the box to enable the firewall. Below that box, make sure that all incoming traffic is automatically denied while all outgoing is allowed. These rules can be tightened up later, but are a good starting point for now. To allow incoming remote desktop connections, you’ll need to create a new rule to allow all TCP connections on port 3389. If this server is to be used on the live Internet, you may also consider limiting the IP addresses that these connections can come from so that not just anybody can log in to your server. Remember, defense in depth is your best friend.

Adding SSH Support:

Unlike my coworkers, I prefer to manage my server machines via command line. As such, an SSH server is necessary. Later, the SSH connection can be used for SFTP or a secure tunnel over which we can communicate with our source control and database servers. In terminal, type sudo apt-get install openssh-server to start the OpenSSH installation process. Once it’s done, you’ll want to back up its default configuration file with the command cp /etc/ssh/sshd_config /etc/ssh/sshd_config_old. Next, open up the config file your text editor of choice (mine is nano) and change a couple of the default options:

  • Change the Port to 5000, or some other easy to remember port. Running an SSH server on port 22 can lead to high discoverability, and is regarded by some as a security no-no.
  • Change PermitRootLogin to no. This will ensure that only normal user accounts can log in.
  • At the end of the file, add the line AllowUsers <your-username> to limit the user accounts that can log in to the machine. It is good practice to create a user account with limited privileges and only allow it to log in via SSH. This way, if an attacker does get in, they are limited in the amount of damage that they can do.

Back in your terminal, type sudo /etc/init.d/ssh restart to load the new settings. Using the instructions above, open up your firewall utility and create a new rule to allow all TCP connections on port 5000. Once again, if this server is to be used on the live Internet, it’s a good idea to limit the IP addresses that this traffic can originate from.

With this done, you can log in to the server from any other Linux-based machine using the ssh command in your terminal. From Windows, you’ll need a third-party utility like PuTTy.

Installing Apache and ModMono:

For simplicity’s sake, we’ll install both Apache (the web server) and mod_mono (a module responsible for processing ASP.NET requests) from Ubuntu’s repositories. The downside is that the code base is a bit older, but the upside is that everything should just work, and the code is stable. These instructions are a modified version of the ones found on the HBY Consultancy blog. Credit where credit is due, after all. From your terminal, enter the following:

$ sudo apt-get install monodevelop mono-devel monodevelop-database mono-debugger mono-xsp2 libapache2-mod-mono mono-apache-server2 apache2

$ sudo a2dismod mod_mono

$ sudo a2enmod mod_mono_auto

With this done, Apache and mod_mono are installed. WE’ll need to do a bit of configuration before they’re ready to go. Open up mod_mono’s configuration file in your text editor of choice with something like sudo nano /etc/apache2/mods-available/mod_mono_auto.conf. Scroll down to the bottom and append the following text to the file:

MonoPath default “/usr/lib/mono/3.5″

MonoServerPath default /usr/bin/mod-mono-server2

AddMonoApplications default “/:/var/www”

Finally, restart the Apache web server so that the changes take effect with the command sudo /etc/init.d/apache2 restart. This configuration will allow us to run aspx files out of our /var/www/ directory, just like html or php files that you may have seen hosted in the past.

Having a Beer:

That was a fair bit of work, but I think that it was worth it. If everything went well, you’ve now got a fully functional Apache web server that’s reasonably secure, and can run any ASP.NET code that you throw at it.

The one hiccup that I encountered with this setup was that Mono doesn’t yet have support for .NET’s Entity Framework, which is the object-relational mapping framework that we use as a part of our database stack on the application that we wanted to host. This means that if I want to host the existing code on Linux, I’ll have to modify it so that it uses a different database back end. Its kind of a pain, but not the end of the world, and certainly a situation that can be avoided if you’re coding up a website from scratch. You can read more about the status of Mono’s ASP.NET implementation on their website.

Hopefully this helped somebody. Let me know in the comments if there’s anything that isn’t quite clear or if you encounter any snags with the process.




On my Laptop, I am running Linux Mint 12.
On my home media server, I am running Ubuntu 12.04
Check out my profile for more information.

Linux: 12 Weeks of School Later

December 20th, 2009 No comments

Finished Exams

Rather than just copy Sasha’s previous post, I will do my best to try and tell the story through the eyes of a Computer Science undergrad. Now that I have finally finished my exams for this term I can safely say that Linux has not impeded my coursework and in fact has given me quite a seamless user experience.

Web Development

Designing websites and creating server side programs has been an absolute delight in Linux. Unlike within Windows, I can easily mount a remote SSH server as a browsable folder in my file system in Linux, making additional file transfer programs unnecessary. This lets me edit the files in my favourite editor, which more often than not was just KWrite, and then watch as they updated on the remote server with a simple click of the save button.

Graphics Programming

For a different course I was required to program 3D graphics in OpenGL. On Windows my professor had recommended Dev-C++, a program I am familiar with but not exactly a fan of. Thankfully we weren’t doing anything platform specific and thus I was able to make use of the exact same OpenGL and GLUT libraries to get the job done on Linux. As a replacement for Dev-C++ I started with Eclipse but eventually settled on MonoDevelop as my IDE of choice. Even better I was able to share the exact same code with a fellow classmate for our group project, which he was in turn able to compile on Windows in Dev-C++ with no modification whatsoever!

Pretty Standard Stuff

The rest of my time spent at University was of pretty standard fare: note taking, web browsing, e-mailing, instant messaging, assignments, etc. Linux performed superbly at these tasks as well and handled everything I could think to throw at it – even our school’s insane Wi-Fi network configuration.

Three Months of School Later

And there you have it. My experience with Linux during my term at school has been, like Sasha’s, excellent. For those of you out there worried that trying out Linux will impact your school or work or have concerns that you won’t be able to find replacements for your generally Windows or Mac centric worlds, I can attest to the exact opposite being true. Give Linux a shot, it might even make you more productive! Hell, you just might even like it ;)




I am currently running a variety of distributions, primarily Linux Mint 17.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Check out my profile for more information.

Why Linux is great for web development

November 27th, 2009 1 comment

Linux is great for web development, but not necessarily for the obvious reasons. The reason I find developing websites and server programs much better on a Linux machine than on a Windows machine is as simple as the following three letters SSH.

SSH stands for Secure SHell and is a way to remotely log into a server over a secure connection. While you can connect to SSH shares in Windows, connecting to one under Linux is a far more integrated experience. For example in KDE’s Dolphin you can connect to the SSH share right within the file browser itself. Then, as you do work, changes can be reflected instantly to the remote server. This saves you a lot of time instead of having to use (S)FTP to transfer files to and from the server. GNOME also has a similar ability through its Connect to Server menu.

Again there are Windows programs that will mirror changes in a local directory to a remote server through SSH but as far as I know Windows Explorer itself does not have this ability (FTP but no SSH?). So next time you are in the mood for web dev, give Linux a shot!




I am currently running a variety of distributions, primarily Linux Mint 17.
Previously I was running KDE 4.3.3 on top of Fedora 11 (for the first experiment) and KDE 4.6.5 on top of Gentoo (for the second experiment).
Check out my profile for more information.

FTP Trials

October 24th, 2009 2 comments

I use FTP for a lot of things, mostly related to website administration. On Windows, my client of choice is WinSCP. It has this great feature that allows you to constantly synchronize a local directory with a remote directory, allowing you to make changes in your local editor of choice, and have them reflected on the site as soon as you save the file.

On Linux, I’ve been remoting into the server via SSH, opening the remote file in nano, and copying and pasting my local code to the server. While the combination of SSH and bash scripting can allow for some really cool code, I’d rather just find an application that mimics the WinSCP functionality that I’m looking for.

To that end, I have raided Synaptic and downloaded as many different graphical FTP clients as I could find. Read on, dear reader, as I delve into the depths of FTP on Linux, and share my findings with you.

1. BareFTP
This app is written in C# (for really cool cross-platform action), and targets the Mono framework on the GNOME desktop environment. It supports the FTP, FTPS, and SFTP protocols, and has a nice, clean looking interface:

bareFTP-Screenshot

It's pretty and functional, no?

I really like this app. It has a nice, intuitive interface, feels quick, and supports bookmarks that let you automatically connect to a remote server and set your local and remote directories with a single button click. Unfortunately, the program does not appear to support any kind of scripting or directory watching, so while it may see use as a client for occasional file transfers, it likely won’t suffice as a WinSCP replacement.

2. Filezilla
Before discoving WinSCP, I used this app for a long time on Windows. It’s an excellent utility that seems to have improved quite a bit since the last time I used it.

More features along with a more cluttered interface.

More features along with a more cluttered interface.

Of particular interest to me are the Synchronized Browsing and Directory Comparison features. The former changes the remote directory whenever you change the local directory, so that you can always keep an eye on the difference between local and remote files. To that end, the latter feature applies a colour coded scheme to both local and remote files so that you know exactly what has been synchronized to the server and what hasn’t. However, like bareFTP, there is no synchronization support.

And Others…
The unfortunate part about this little exercise is that after trying another three FTP clients, I realized that they’re roughly all the same. Sure, some are uglier, like JFTP, and some are uber streamlined like kasablanca. Unfortunately, even though they all do the same task in a slightly different way, none of them do quite what I want.

And so I ask you, the reader – is there an FTP client that allows me to synchronize a local directory with a remote one?




On my Laptop, I am running Linux Mint 12.
On my home media server, I am running Ubuntu 12.04
Check out my profile for more information.

DNS Not Satisfactory

September 25th, 2009 No comments

While trying to connect to a remote webserver via SSH last night, I found that my machine refused to resolve the hostname to an IP address. I couldn’t ping the server either, but could view a webpage hosted on it. Now this was a new one on me – I figured that my machine was caching a bad DNS record for the webserver, and couldn’t connect because the server’s IP had since changed. That didn’t really explain why I was able to access the server from a webbrowser, but I ran with it. So how do you refresh your DNS cache in Linux? It’s easy to do in Windows, but the Goog and the Bing let me down spectacularly on this issue.

This morning, I tried to connect via SSH from my school network, and couldn’t get a connection there either. This reinforced the idea that a local DNS cache might have an outdated record in it, because at school, I was using a different nameserver than at home, and a whole 12 hours had elapsed. Out of theories, and lacking a method to refresh my local DNS cache, I hit the #debian channel on IRC for some guidance. Unlike my last two trips to this channel, I got help from a number of people within minutes (must be a timezone thing), and found out that unless I manually installed one, Debian does not maintain a DNS cache. Well, there goes that idea.

So where was I getting my DNS lookup service? A quick look at my /etc/resolv.conf file showed that the only entry in it was 192.168.1.1, which is the IP of my home router. The file also has a huge warning banner that claims that any changes will be overwritten by the operating system. Makes sense, as when I connect to a new network, I presumably get DNS resolution from their router, which may have a different IP address than mine. The guys on IRC instructed me to try to connect to the server with it’s IP address instead of it’s hostname, thereby taking the DNS resolution at the router out of the picture. This worked just fine.

They then instructed me to add a line to the file with the IP address of the nameserver that the router is using. In the case of our home network, we use OpenDNS, a local company with static servers. I did so, and could immediately resolve the IP of my remote server, and obtain an SSH connection to it.

Well fine, my problem is solved by bypassing DNS resolution at the router, but it still doesn’t explain what’s going on here. Why, if DNS resolution was failing at the router level (presumably because the router maintains some kind of DNS cache), did it work for my webbrowser, but not the for ssh, scp, or ping commands? Don’t they all resolve nameservers in the same way? Further, if it was the router cache that had a bad record in it, why did the problem also manifest itself at school, where the router is taken entirely out of the picture?

Further, will the file actually be overwritten by the OS the next time I connect to a different wireless network? If so, will my manual entry be erased, and will the problem return? Time will tell. Something smells fishy here, and it all points to the fact that my machine is in fact retaining a local DNS cache. How else can I explain away the problem manifesting itself on the school network? Further, even if I do have a local cache that is corrupted or contains a bad record, why did Iceweasel bypass it and resolve the address of the webserver at the router level (thereby allowing it to connect, even though the ssh, scp, and ping commands could not)?

LINUX!!11