We make the following assumptions to make it easier understanding the configuration. You should however use your own, real values for these items:
Start by deploying your aklwebhost.com server instance. I chose 1 GB VPS running CentOS 6, 32-bit. When the installation is finished, we prepare the server to become a mail server.
In the “My Servers” screen of the server control panel, click on the “Manage” link next to your newly created server. On the page that opens, you can see the details for your server. Click on the IPv4 tab, then click the blue “Update” button. A text input field appears and it is pre-set with something like “.aklwebhost.com”. Replace that entry with the full domain name of your server (example: pegasus.example.com) and press the blue “Update” button.
Now it’s time to log into the new server. Open your ssh terminal and connect to your server. Alternatively, you can click the blue “View Console” button to get browser window with the login screen of your server.
ssh root@your_ip_address
The “your_ip_address” part is the main IP address as listed in the server control panel. If you use the browser to connect to your server, then simply login as root with your root password.
First, we setup the correct domain name. Open the network configuration file.
nano /etc/sysconfig/network
Replace “aklwebhost.guest” with the full domain name of your server (Example: pegasus.example.com). Save the file with Ctrl + X, then Y.
The second spot we change is the /etc/hosts file.
nano /etc/hosts
Add the following line. It can be at the top of the file or the second line.
127.0.1.1 pegasus.example.com pegasus
Save the file with Ctrl + X, then Y. I like to make sure that everything works after a reboot, so I reboot the VPS after those changes.
reboot
Give the machine a moment to reboot, then connect again.
ssh root@your_ip_address
Yaffas and Zarafa need the EPEL repository, which is already installed in the sources on aklwebhost.com servers. They need the RPMforge repository too. Issue the following command to install that repository.
32-Bit Systems:
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
64-Bit Systems:
rpm -Uvh http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm
Next, we add the Yaffas repository.
nano /etc/yum.repos.d/yaffas.repo
Paste the following text into the newly created file:
[yaffas]
name = yaffas $releasever
baseurl = http://repo.yaffas.org/releases/latest/rhel/$releasever
enabled = 1
protect = 0
gpgcheck = 1
priority = 1
Save the file with Ctrl + X, then Y.
To avoid compatibility issues, we need to exclude some items from the EPEL repository. Open the repository file.
nano /etc/yum.repos.d/epel.repo
Then in the [epel] section, right below the “gpgkey” line, enter the following.
exclude=clamav* clamd* amavisd* libvmime libical libvmime-devel libical-devel php-mapi zarafa*
The complete section will look like this:
[epel]
name=Extra Packages for Enterprise Linux 6 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/6/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-6&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-6
exclude=clamav* clamd* amavisd* libvmime libical libvmime-devel libical-devel php-mapi zarafa*
Save the file with Ctrl + X, then Y.
Import the GPG key for the Yaffas repository:
rpm --import http://repo.yaffas.org/repo.rpm.key
Now, let’s clean up yum.
yum clean all
At this point, we should be all set for the Yaffas installation. Install it by simply entering this command.
yum install yaffas
Yum will check the dependencies and give you a summary.
Install 359 Package(s)
Total download size: 260 M
Installed size: 639 M
Is this ok [y/N]:
Press Y, then Enter/Return to start the installation.
Installation will take a while, so treat yourself to a coffee and cookie while waiting for the installation to finish.
Before we can start the final setup, we have to configure MySQL. Start MySQL and begin the secure setup.
service mysqld restart
mysql_secure_installation
In order to log into MySQL to secure it, we’ll need the current password for the root user. If you’ve just installed MySQL, and you haven’t set the root password yet, the password will be blank, so you should just press Enter/Return here.
Enter current password for root (enter for none): **{press Enter/Return}**
[...]
Setting the root password ensures that nobody can log into the MySQL
root user without the proper authorisation.
Set root password? [Y/n] **Y**
New password: **{enter super secret password}**
Re-enter new password: **{enter super secret password again}**
Remove anonymous user? [Y/n] **Y**
Disallow root login remotely? [Y/n] **Y**
Remove test database and access to it? [Y/n] **Y**
Reload privilege tables now? [Y/n] **Y**
Open a web browser and go to the following URL.
http://your_ip_address:10000
#If you have a DNS entry already, use this instead.
http://server.example.com:10000
The initial username is admin with password yaffas.
After logging in, you will see the setup wizard. It has 5 steps. Press “Next” to start.
The first step is to enter a new admin password. Enter the new password twice. Make sure it is complicated enough to be safe, but don’t forget it. Then click “Next”.
The next screen configures the MySQL backend. The only thing that you need to enter is the password you created for the MySQL root user.
On the 4th screen, setup your mail domain. Enter “example.com” in the primary mail domain field. This must be your own domain. Press “Next”.
I believe the 5th screen is optional, but just to be on the safe side, create a user account who will be the LDAP admin, then click “Finish”.
It will take a while until the setup finishes. Once it completes, a popup appears that tells you everything was successful. Click the “OK” button. After a moment, you will see the login screen again. You can login as admin with the new password that you created during the setup.
During the installation, some general self-signed certificates for the app are generated and installed. Personally, I prefer to have my own self-signed certificates to show the values that I entered and I also want to make sure that all requests are sent over HTTPS.
Zarafa comes with a few scripts to generate your own certificates. These are of course self-signed certificates.
Let’s make a home for the certificate authority.
mkdir -p /etc/zarafa/ssl
chmod 700 /etc/zarafa/ssl
cd /etc/zarafa/ssl
… then run the script:
sh /usr/share/doc/zarafa/ssl-certificates.sh server
The parameter “server” means the certificate we create will be called server.pem.
You will be greeted with the following message.
No Certificate Authority Root found in current directory.
Press enter to create, or ctrl-c to exit.
Press Enter or Return.
The next message that appears is:
CA certificate filename (or enter to create)
Press Enter or Return to continue and create the CA Certificate.
After a little activity on the screen, you will get a prompt to enter the PEM passphrase. Enter any passphrase for the CA certificate, but make sure that you don’t forget it, as you will need it later. For simplicity’s sake, let’s assume we chose the passphrase “ca-root-pem”.
Answer the questions to generate the certificate. The answers here are my examples, so replace them with the correct values for yourself.
Country Name (2 letter code) [XX]: **MY**
State or Province Name (full name) []:**Selangor**
Locality Name (eg, city) [Default City]: **Shah Alam**
Organization Name (eg, company) [Default Company Ltd]: **ELMIMA-Systems**
Organizational Unit Name (eg, section) []: **Certificate Authority**
Common Name (eg, your name or your server's hostname) []:**server.example.com** **Must be the full domain name of your server**
Email Address []: **admin@example.com**
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: **Enter/Return**
An optional company name []: **Enter/Return**
Next, it will ask you for the passphrase of the cakey.pem file. This is the passphrase that you created earlier.
Enter pass phrase for /etc/pki/CA/private/./cakey.pem:ca-root-pem
You will see a little activity on the screen, then it will prompt you for a PEM passphrase. This is the passphrase for the server.pem file we created. Enter anything that you would like, but make sure that you don’t forget it. For simplicity we will use “server-pem-phrase”.
Enter PEM pass phrase:**server-pem-phrase**
Verifying - Enter PEM pass phrase:**server-pem-phrase**
Time to enter the values for the server.pem file.
Country Name (2 letter code) [XX]: **MY**
State or Province Name (full name) []:**Selangor **
Locality Name (eg, city) [Default City]: **Shah Alam**
Organization Name (eg, company) [Default Company Ltd]: **ELMIMA-Systems**
Organizational Unit Name (eg, section) []: **Server SSL Certificate**
Common Name (eg, your name or your server's hostname) []: **server.example.com** **Must be the full domain name of your server**
Email Address []: admin@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: **Enter/Return**
An optional company name []: **Enter/Return**
Enter pass phrase for /etc/pki/CA/private/cakey.pem:ca-root-pem **Replace with your own passphrase**
Some activity on the screen shows that the certificate is generated.
Sign the certificate? [y/n]:
Enter Y and press Enter/Return.
1 out of 1 certificate requests certified, commit? [y/n]
Enter Y and press Enter/Return.
Create public key from this certificate? [y]
We don’t really need it but I guess it doesn’t hurt to create it. Simply press Enter/Return.
Enter pass phrase for server.pem: **server-pem-phrase**
Now it’s time to configure the server.cfg file for Zarafa.
nano /etc/zarafa/server/cfg
Find the entry server_ssl_enabled and change its value to “yes” (without the quotes).
Find the entry server_ssl_port and confirm that it is 237.
Find the entry server_ssl_key_file and set its value to “/etc/zarafa/ssl/server.pem” (without the quotes).
Create the entry server_ssl_key_pass use the passphrase that you created for the server.pem file (example: server-pem-phrase) as its value.
Find the entry server_ssl_ca_file. The original documentation for Zarafa assumes that the path is /etc/zarafa/ssl/demoCA/cacert.pem, however on CentOS, the path is /etc/pki/CA/cacert.pem. Update this value accordingly.
server_ssl_ca_file = /etc/pki/CA/cacert.pem
Restart the Zarafa server.
service zarafa restart
Let’s generate the certificate for Apache.
cd /etc/zarafa/ssl
openssl req -nodes -newkey rsa:2048 -keyout zarafa-ssl.key -out zarafa-ssl.csr
We get another form to create a certificate.
Country Name (2 letter code) [XX]: **MY **
State or Province Name (full name) []: **Selangor**
Locality Name (eg, city) [Default City]: **Shah Alam**
Organization Name (eg, company) [Default Company Ltd]: **ELMIMA-Systems**
Organizational Unit Name (eg, section) []: **Zarafa Web Services**
Common Name (eg, your name or your server's hostname) []: **server.example.com** **Must be the full domain name of your server**
Email Address []: **admin@example.com**
Then, sign the certificate.
openssl x509 -req -in ./zarafa-ssl.csr -signkey zarafa-ssl.key -out zarafa-ssl.crt -days 9999
… and add it to Apache.
cd /etc/httpd/conf.d
nano ssl.conf
Find the line “SSLCertificateFile /opt/yaffas/etc/ssl/certs/zarafa-webaccess.crt” and change it to “SSLCertificateFile /etc/zarafa/ssl/zarafa-ssl.crt”.
Find the line “SSLCertificateKeyFile /opt/yaffas/etc/ssl/certs/zarafa-webaccess.key” and change it to “SSLCertificateKeyFile /etc/zarafa/ssl/zarafa-ssl.key”
Save the file and quit.
Now, open the zarafa-webapp.conf file.
nano /etc/httpd/zarafa-webapp.conf
Find the following 2 lines and uncomment them.
#php_flag session.cookie_secure on
#php_flag session.cookie_httponly on
Add the following lines.
RewriteEngine On
RewriteCond % !=on
RewriteRule (.*) https://pegasus.example.com/webapp/ [R] (Of course use your own real domain here)
Save the file and quit. Then restart Apache.
service httpd restart
Now the web app will always use HTTPS. You can do the same for zarafa-webapp.conf.
When testing the installation on CentOS, I noticed some error messages due to missing folders. You can fix it with the following commands.
mkdir -p /var/run/policyd-weight/cores/master
mkdir -p /var/run/policyd-weight/cores/cache
chown -R polw /var/run/policyd-weight
To use your new Zarafa server as the mail server for your domain, you will need to setup both an A record and an MX record for your domain. If desired, you can use your favorite search engine to find an SPF Wizard, which makes it easy to create an SPF record for your domain.
]]>Sails.js is a MVC framework for Node.js, similar to Ruby on Rails. It makes for developing modern applications very quickly, and is best suited for real-time applications like leaderboards and chat.
Update the system.
sudo yum update -y
Install the necessary packages.
sudo yum install curl git
Enable the EPEL repository.
sudo yum install epel-release
Once the EPEL repository is enabled, run the following command to add the Node.js v8 LTS repository.
curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash -
Install Node.js v8 LTS, as well as NPM.
sudo yum -y install nodejs
Install build tools.
sudo yum install gcc-c++ make
To verify if the Node.js and NPM installation was successful, issue the following command.
node -v
npm -v
The output will be similar to the following.
v8.x.x
3.x.x
To install the latest stable release of sails, issue the following command.
sudo npm -g install sails
Let’s create a boilerplate application called testSailsApp in the directory where you would like your app to be located, for example /var/www, and then run the following command.
sails new testSailsApp
To start the application, you will need to change into the project directory, testSailsApp, and then start the server.
cd testSailsApp
sails lift
You will see the following on your command prompt.
info: Starting app...
info:
info:
info: Sails <|
info: v1.0.0 |\
info: /|.\
info: / || \
info: ,' |' \
info: .-'.-==|/_--'
info: `--'-------'
info: __---___--___---___--___---___--___
info: ____---___--___---___--___---___--___-__
info:
info: Server lifted in `/root/testSailsProject`
info: To see your app, visit http://localhost:1337
info: To shut down Sails, press <CTRL> + C at any time.
To access your app from a web browser use http://[aklwebhost-vm-ip-address]:1337. You will see a page that says “A brand new App”.
What makes Sails great is its ability to create API’s, using its generate tool, that can be used in production environments without even starting to write code. In production environments for complex apps, there will be policies that you still need to configure to enforce the behavior that you want.
Issue CTRL + C from the terminal to stop “testSailsApp”. Run sails generate api tweet to create an API called tweet. You terminal session will be similar to the following.
root@install:~/testSailsProject# sails generate api tweet
info: Created a new api!
root@install:~/testSailsProject#
Run sails lift to start the test app again. Then, browse to http://[aklwebhost-vm-ip-address]:1337/tweet. If you receive a migration prompt, choose option 2.
You will see an empty JSON array [] on your browser because there are currently no tweets in the system.
Let’s add some tweets to system via our browser address bar.
First, browse to http://[aklwebhost-vm-ip-address]:1337/tweet/create?name=mrLami&msg=aklwebhost Hosting Rocks and hit ENTER.
Then, browse to http://[aklwebhost-vm-ip-address]:1337/tweet/create?name=theaklwebhost&msg=TGIF half off coupons and again hit ENTER.
Now browse to http://[aklwebhost-vm-ip-address]:1337/tweet to view the tweets we just added, and you will see the JSON document below.
[
{
"name": "mrLami",
"msg": "AKLWEB HOST Hosting Rocks",
"createdAt": "2014-11-03T03:49:07.353Z",
"updatedAt": "2014-11-03T03:49:07.353Z",
"id": 1
},
{
"name": "theAKLWEBHOST",
"msg": "TGIF half off coupons",
"createdAt": "2014-11-03T03:49:29.411Z",
"updatedAt": "2014-11-03T03:49:29.411Z",
"id": 2
}
]
There is much more that Sails.js can do even before requiring any code. This includes sorting the list of results, and limiting the amount of records received. Sails makes developing realtime apps fun, and a lot quicker to build. Spin up an instance on a AKLWEB HOST VM and start sailing.
]]>But what if you want to host your own registry separated from the public one? Well, Docker Inc. has open sourced their Registry application on GitHub.
This tutorial will take you though the process of setting up a private Docker registry using CoreOS on a new VPS.
We won’t be spending a ton of time going over exactly what Docker and CoreOS can do, as it’s outside the scope of this tutorial. In essence, CoreOS is designed for massive server clusters, it’s small, fast and gets regular security updates automatically. Its root file system is also read-only, meaning you must use Docker to run any kind of software that is not included with the base install.
This makes Core OS a perfect host system for Docker!
Docker Inc. has provided the Registry as a top level image, this means that we can pull it down with a simple:
docker pull registry
This can take a few minutes depending on the connection speed.
A plus of being a top level image also means it gets regular support and updates.
Now let’s test out the registry. We can create a new container using the registry image:
docker run -p 5000:5000 -d --name=basic_registry registry
For those who haven’t used Docker too much, the -p flag stands for PORT, meaning we are exposing port 5000 on from the container onto host port 5000.
The -d flag stands for daemon, this will cause the container to run in the background and not print output to the current SSH session, we also want to name this basic test container using the --name option so that we can easily manage it later.
Make sure that your basic registry container is running using docker ps. The output should look similar to:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
edfb54e4a8c4 registry:0.8.1 "/bin/sh -c 'exec do 7 seconds ago Up 6 seconds 0.0.0.0:5000->5000/tcp basic_registry
Also, visit http://YOUR_IP:5000 in your web browser, and you should get a message like the following:
"docker-registry server (dev) (v0.8.1)"
Notice the word
devin the parenthesis. This means that the server is currently running the dev config. We’ll look over more configuration soon.
You now have your own (very basic) container registry running! But we’re not done yet.
Maybe you want to keep this private from prying eyes, or maybe store your images on Amazon S3 instead of local storage. Let’s go over the various configuration options in the next section.
Before we move on, let’s kill the test container so that we don’t run into conflicting ports.
docker kill basic_registry
There are two ways that we can pass configuration to the Docker Registry. One way is by passing environment variables to a new container, and the other is to add a configuration file.
Here’s a few of the common configuration options we’ll be using:
loglevel – The minimum amount of information to log to the console. Default is info.standalone – Should this Registry act on its own? (Never queries the public registry.) Default is true.index_endpoint – If not standalone, what other index will we query? Default index.docker.io.cache and cache_lru – Options pertaining to using a Redis cache for small files, we’ll touch on this later.storage – What storage backend should we use for this server? (In this tutorial we’ll be using local).storage_path – If using local storage, what directory should we use to keep files in?Before we get working with the configuration, we need a base file to work with. The file from the Docker Registry repository on GitHub will work just fine:
wget https://raw.githubusercontent.com/docker/docker-registry/0.8/config/config_sample.yml
The file should save successfully with an output such as:
2014-09-14 14:09:01 (156 MB/s) - 'config_sample.yml' saved [5384/5384]
Great! Now we can modify this file to fit our needs.
The only text editor that comes with Core OS is vim, but don’t worry if you’ve never used it before, this will explain step by step what to edit and how to do it.
vim config_sample.yml
Once you have the file open, hit the I and the bottom right corner should display: -- INSERT -- for insert mode. Scroll all the way to the bottom of the file using your arrow keys, you should see a section labeled prod.
We’ll be changing the two lines, the changes are below
prod:
<<: *local
storage_path: _env:STORAGE_PATH:/data
What we’ve done is change the prod configuration to derive from the local section instead of the s3 section. Then we overwrote the storage_path to use the path /data inside the new container.
Once you’ve confirmed that all the changes are correct, hit ESC to exit insert mode and type :wq (this means write the changes to the file, and quit vim.)
Now let’s rename the file to just config.yml
mv config_sample.yml config.yml
If you’d like to use redis to speed up your container registry, it’s as simple as pulling a new container from the public registry and adding a few more lines of configuration.
First, pull the top level image of Redis:
docker pull redis
Once the image is pulled successfully, we can run it and name it just like we did with the test registry:
docker run -d --name registry-redis redis
Because redis is in memory, we don’t need to do any configuration for it, as we will link it to the registry container in later steps.
Once again, ensure it’s running by using docker ps:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
54f65641eccf redis:2.8 "redis-server" 2 seconds ago Up 1 seconds 6379/tcp registry-redis
Now re-open the config.yml in vim and enter insert mode just like the first time we edited it.
Add the following lines below the prod section, being sure to indent properly. This time we’re only adding cache and cache_lru.
cache:
host: _env:REDIS_PORT_6379_TCP_ADDR
port: _env:REDIS_PORT_6379_TCP_PORT
db: 0
cache_lru:
host: _env:REDIS_PORT_6379_TCP_ADDR
port: _env:REDIS_PORT_6379_TCP_PORT
db: 1
The environment variables REDIS_PORT_6379_TCP_ADDR and REDIS_PORT_6379_TCP_PORT are passed to the registry container upon linkage with the Redis container.
With that, you now have setup a Redis container that will work hand-in-hand with your registry container. Now onto building the registry!
We have all the configuration set and ready, now we need to build the actual registry container.
Fire up vim Dockerfile to create a new Dockerfile. Enter insert mode and follow the edits below.
FROM registry:latest
# Add the custom configuration file we made
ADD ./config.yml /docker-registry/config/config.yml
# Create the data directory
RUN mkdir /data
# Set the configuration file to config.yml
env DOCKER_REGISTRY_CONFIG /docker-registry/config/config.yml
# Make sure we use the prod configuration settings
env SETTINGS_FLAVOR prod
What we’ve done above is essentially extend the registry image so it will use our configuration file and settings. A Dockerfile is a set of build instructions for Docker to read and build. If you’d like to learn more on Dockerfiles and their syntax, take a look at the official Docker site documentation.
Next we need to build the container for use.
docker build -t my_registry .
Sending build context to Docker daemon 13.82 kB
Sending build context to Docker daemon
Step 0 : FROM registry
---> e42d15ec8417
Step 1 : ADD ./config.yml /docker-registry/config/config.yml
---> 4339f026d459
Removing intermediate container 2d5138fbcd34
Step 2 : RUN mkdir /data
---> Running in a090f0bdbfd1
---> 8eb27ba6e12a
Removing intermediate container a090f0bdbfd1
Step 3 : env DOCKER_REGISTRY_CONFIG /docker-registry/config/config.yml
---> Running in 565b5bfb2b22
---> 914462e46dc0
Removing intermediate container 565b5bfb2b22
Step 4 : env SETTINGS_FLAVOR prod
---> Running in 31a92847b851
---> b5949575c374
Removing intermediate container 31a92847b851
Successfully built b5949575c374
Now we are ready to run!
Let’s make a directory on our host system to mount in the container as the /data volume.
mkdir registry-data
Now we can spin up a new container. If you plan on using the Redis cache, use the 2nd command below.
# For a non-Redis cache registry
docker run -d -p 5000:5000 -v /home/core/registry-data:/data --name=private_reg my_registry
# For a Redis cached registry (Must have followed Redis Caching section above)
docker run -d -p 5000:5000 -v /home/core/registry-data:/data --name=private_reg --link registry-redis:redis my_registry
To ensure that your server is running correctly, visit http://YOUR_IP:5000. You will see the following message:
"docker-registry server (prod) (v0.8.1)"
Notice the (prod) meaning our configuration changes were successful!
Now that we have our own running registry, we want the Docker client on our local machines to start using it. Usually you would use the command: docker login, but for our use, we need to add one more argument to the login command:
docker login YOUR_IP:5000
Enter a username and password (think of this like making a new account) and ignore the message that states you must activate it.
Next, let’s pull a stock image, and push it up to our own repository.
# Pull the busybox image from the public registry
docker pull busybox
# Tag it with our IP/URL
docker tag busybox YOUR_IP:5000/busybox
# Push it to our newly made registry
docker push YOUR_IP:5000/busybox
If everything pushes correctly the final message should be along the lines of:
Pushing tag for rev [a9eb17255234] on
Congratulations! You have setup your very own docker repository.
Here’s some ideas on how to improve your new private registry: