The Network Administrator

Often times we want to require users to sign into a web using https, but what a pain to give out a new site address. One solution is to create a Custom 403.4 page that redirects http requests to https.

To pull this off we need to head to the web server, and open the IIS manager and Verify SSL is required for the selected site.

1)      Open IIS Manager (Start Menu\Programs\Administrative Tools or %SystemRoot%\system32\inetsrv\iis.msc)
2)      Expand the Computer Name
3)      Expand Web Sites
4)      Right click the web site we wish to modify
5)      Select “Properties

6)      Select the “Directory Security” tab
7)      Select “Edit” in the Secure Communications section
8)      Check off the “Require secure channel (SSL)” option. (This will only allow pages on this site to be viewed only with https.)
9)      Press OK and close all Properties windows

Next we create a HttpRedirect.htm file in notpad or notpad++ and save it to the root of where your website coentent is stored such as C:\InetPub or another directory.

————copy below——————————–

<!– beginning of HttpRedirect.htm file –>
<script type="text/javascript">
function redirectToHttps()
{
var httpURL = window.location.hostname+window.location.pathname;
var httpsURL = "https://" + httpURL ;
window.location = httpsURL ;
}
redirectToHttps();
</script>
<!– end of HttpRedirect.htm file –>

————copy above———————————-

Set the 403 error page to use this file instead of the regular error file

1. Head back to the IIS manager   Expand Web Sites,   Right click the web site you wish to modify,   Select “Properties”

2.  Select “Custom Errors” Tab, Select the “403;4″ error,   Press the “Edit” button,  Browse to and Select the HttpRedirect.htm file in directory you saved it in from the steps above,   Press OK and close all Properties windows

That’s it! You are done!

1. Open .htaccess file in your root folder

2. Add these lines:


Options All -Indexes
AddType x-mapp-php5 .php
AddHandler x-mapp-php5 .php


3. Save and hopefully see it work

Open a command prompt, browse to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727,

aspnet_regiis -lk will give a listing.

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis -lk
W3SVC/  1.1.4322.2407
W3SVC/507495262/root/   2.0.50727.0

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727>aspnet_regiis -s w3svc/507495262/r
oot -norestart
Start registering ASP.NET scriptmap (2.0.50727) recursively at w3svc/507495262/r
oot.
Finished registering ASP.NET scriptmap (2.0.50727) recursively at w3svc/50749526
2/root.

Windows server 2008 IIS7 has differnet proxy options, however IIS 6 does not have anything built in. So i found Managed Fusion URL Rewriter, which  is a powerful URL manipulation engine based on the Apache mod_rewrite extension. Here is a link to the Managed Fusion Documentation site http://www.managedfusion.com/products/url-rewriter/documentation.aspx

I found the easiest way to get started was to do the following steps.

1. Download the core files from http://urlrewriter.codeplex.com/releases/36792/download/95504

2. Extract the downloaded files to a directory such as C:\websites\Proxy

3. Create a new IIS site, which will act as your reverse proxy.

4. Under home directory of the new site, select configuration, insert a new wildcard app, browse to C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll, and uncheck the box to verify the file exists.

5. Browse to C:\websites\proxy or the name of the directory you created in step 2.

6. Open the ManagedFusion.Rewriter.txt file and delete everything in the file.

7. Insert the these two lines,

RewriteEngine On
RewriteRule ^/(.*) http://website or ip address/$1 [NC,P]

To export the private key from the Windows IIS server to your non-windows-based machine, you must extract the private key from a Windows .pfx backup certificate. Use the OpenSSL utility to extract the private key from the .pfx backup file:

1. First backup the certificate you have working on your IIS server to a .pfx file.
2. Second, use the following OpenSSL command to create a new text file from which you can separate the Private Key:openssl pkcs12 -in mypfxfile.pfx -out outputfile.txt -nodes

   mypfxfile.pfx is the certificate backup from your IIS server.

3. The above command would have created a text file named outputfile.txt. Open this file with a text editor and you will see the private key listed first:-----BEGIN RSA PRIVATE KEY-----
(Block of Random Text)
-----END RSA PRIVATE KEY-----
4. Copy and paste all of the private key, including the BEGIN and END tags to a new text file and save it as domain_name.key

Tomcat running as root could be a huge security hole. Linux only allows root to listen to port 80 and 443…which is why many users of tomcat under Linux run tomcat as root. However, with jscv, the process will start off as root but later on will change ownership to the user tomcat or whatever username you wish.

After doing a few google searches I quickly found bits and pieces to do with configuring Tomcat 6 as a non-root user. So I thought I would try and put together a list of what I did to get this up and running.

1. Download and Install the Linux distro of your choice. I installed Tomcat6 on Fedora 8 Core. After you have Lunix installed its good practice to make sure you have all OS updates applied.

2. Create the user to run tomcat under with useradd tomcat. Issuing this command will create a directory under
/home/tomcat.

3. Download and install Java. Visit http://java.sun.com/products/archive/j2se/6u2/index.html. Select JDK 6,

4. After the download is complete, issue this command to make the file executable chmod 755 jdk-6u2(Version number).

5. Then run the install by issuing ./jdk(version number)

6. Updatedb;locate javac |grep bin

7. Now you need to run the alternatives command to instruct Fedora to recognize Sun’s JVM.

alternatives –install /usr/bin/java java /usr/java/jdk1.6.0_02/bin/java 100
alternatives –install /usr/bin/jar jar /usr/java/jdk1.6.0_02/bin/jar 100
alternatives –install /usr/bin/javac javac /usr/java/jdk1.6.0_02/bin/javac 100
/usr/sbin/alternatives –config java

Select option 1

Type java -version

you should see something like this:
java version “1.6.0_02″
Java(TM) SE Runtime Environment (build 1.6.0_02-ea-b02)
Java HotSpot(TM) Client VM (build 1.6.0_02-ea-b02, mixed mode, sharing)

export JAVA_HOME=/usr/java/jdk1.6.0_02/bin

8. yum Install gcc

9. Download tomcat 6 here http://tomcat.apache.org/download-60.cgi to /home/tomcat. Then Extract the tar file using tar xvzf tomcat6filename.gz to /home/tomcat

10. chown tomcat.tomcat /home/tomcat -R

11. Compile the jscv code by following the instructions here http://tomcat.apache.org/tomcat-6.0-doc/setup.html. You may have to issue
export JAVA_HOME=/usr/java/jdk1.6.0_02/bin before you run the ./configure and the make.

12. Create your start and stop script. Navigate to /etc/init.d create a new file by issuing touch tomcat, make the file executable by issuing chmod 755 tomcat.

13. Next issue vim tomcat and copy and paste the config below. You might have to change some of the setting to fit your server.

# Tomcat auto-start
#
# description: Auto-starts tomcat
# processname: tomcat
# pidfile: /var/run/tomcat.pid

#export JAVA_HOME=/usr/java/jdk1.6.0_02

#case $1 in
#start)
# sh /usr/local/tomcat/bin/startup.sh
# ;;
#stop)
# sh /usr/local/tomcat/bin/shutdown.sh
# ;;
#restart)
# sh /usr/local/tomcat/bin/shutdown.sh
# sh /usr/local/tomcat/bin/startup.sh
# ;;
#esac
#exit 0
#!/bin/sh
#
# Startup script for Tomcat, the Apache Servlet Engine
#
# chkconfig: 345 80 20
# description: Tomcat is the Apache Servlet Engine
# processname: tomcat
# pidfile: /var/run/tomcat.pid

TOMCAT_PROG=tomcat
JAVA_HOME=’/usr/java/jdk1.6.0_02′
CATALINA_HOME=’/usr/local/tomcat/’
DAEMON_HOME=$CATALINA_HOME/bin/jsvc
TMP_DIR=/var/tmp
CATALINA_OPTS=
CLASSPATH=\
$JAVA_HOME/lib/tools.jar:\
$CATALINA_HOME/bin/commons-daemon.jar:\
$CATALINA_HOME/bin/bootstrap.jar

# if TOMCAT_USER is not set, use tomcat like Apache HTTP server
if [ -z "$TOMCAT_USER" ]; then
TOMCAT_USER=”tomcat”
fi

RETVAL=0

# start and stop functions
start() {
echo -n “Starting tomcat: ”
chown -R $TOMCAT_USER:$TOMCAT_USER /usr/local/tomcat/*
$DAEMON_HOME \
-user $TOMCAT_USER \
-home $JAVA_HOME \
-Dcatalina.home=$CATALINA_HOME \
-Djava.io.tmpdir=$TMP_DIR \
-Djava.awt.headless=true \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile ‘&1′ \
$CATALINA_OPTS \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
# To get a verbose JVM
#-verbose \
# To get a debug of jsvc.
#-debug \

RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/tomcat
return $RETVAL
}

stop() {
echo -n “Stopping tomcat: ”
PID=`cat /var/run/jsvc.pid`
kill $PID
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/tomcat /var/run/tomcat.pid
}

# See how we were called.
case “$1″ in
start)
start
;;
stop)
stop
;;
restart)
stop

sleep 5
start
;;
*)
echo “Usage: $0 {start|stop|restart}”
exit 1
esac

exit $RETVAL

14. Next to make tomcat start at boot issue #chkconfig –add tomcat and #chkconfig tomcat on 15. You can stop or start tomcat with service tomcat stop or start If you have any qustions just send me an email and ill do my best to get back to you.

15. You can stop or start tomcat with service tomcat stop or start

If you have any qustions just send me an email and ill do my best to get back to you.

Download and burn the NT offline password reset  iso from http://apps.thenetworkadministrator.net/Windows_Password_Reset.zip

So after a few failed attempts, i was finally able to get PHP and MYSQL to run on Windows Server 2008 64BIT. There is a lot of stuff online about this topic but a lot of the information is incorrect.

Basically you need to download MYSQL 64bit, select Windows MSI Installer (AMD64 / Intel EM64T) 

http://dev.mysql.com/downloads/mysql/5.1.html

I would also download the MYSQL GUI Tools, select Windows (x86)

http://dev.mysql.com/downloads/gui-tools/5.0.html

Next head over to PHP and select VC9 x86 Non Thread Safe (2009-Jun-30 08:52:54) ZIP

http://windows.php.net/download/

Just follow the instructions for setting up wordpress or another php

http://codex.wordpress.org/Installing_WordPress#Famous_5-Minute_Install

This looks good, I think it may take some of the confusion out for many

http://www.microsoft.com/web/