The Microsoft Oracle ODBC Driver version 2.5 is part of the Microsoft Data Access Components version 2.0 and 2.1. You will need to download this "stack" from the Microsoft Web site and install them. The Microsoft Oracle ODBC Driver version 2.5 is available with Visual Studio 6.0, MDAC 2.0 and 2.1, and the Data Access Software Development Kit (SDK) 2.0. 

NOTE: There is no way to acquire the Microsoft Oracle ODBC Driver v2.0 outside of the MDAC stack. The driver was developed and tested with the components in the stack and that is the best way to install and use the driver.

Step-by-Step Example

1. Go to the Microsoft Universal Data Access Web site located at the following Web URL:
   http://msdn.microsoft.com/dataaccess
2. On the Web site, click the Downloads link listed under the UDA Contents on the left of the page. This displays a page that lists the available free downloads.
3. Click the link titled "Download MDAC 2.1.1.4202.3 (GA)" to open the download page for the MDAC 2.1 SP2 stack. Please read through the information on this page pertaining to system and software requirements.
4. Follow the on download intructions given on the website.
5. Click on the link titled "Download the Microsoft Data Access SDK version 2.0 and the Microsoft Data Access Components version 2.0".
6. Once the MDAC 2.1 SP2 installation is complete, you should see the Microsoft Oracle ODBC Driver version 2.5 listed under the Drivers tab of your ODBC Manager as follows:

         NAME:      Microsoft ODBC for Oracle
   
         VERSION:   2.573.4202
   
         COMPANY:   Microsoft Corporation
   
         FILE:      MSORCL32.DLL
   
         DATE:      6/4/99
   						

For information about setting up a data source name (DSN) for the Microsoft Oracle ODBC Driver version 2.5, please consult the Help file for the driver. The Help file for the driver was installed in the appropriate SYSTEM directory (i.e. SYSTEM for Windows 95 and Windows 98, and SYSTEM32 for NT) along with the driver DLL. The name of the Help file is MSORCL32.HLP.

How to install and configure Cacti on Windows 2003

 After the installation of Cacti, you need to Configure the web interface. To do this you need to go to Control Panel and then Administrative Tools and then Internet Information Services (IIS). Now the follow these steps:-

1. Right click on Default Web Site Properties
2. A new window appears. Select the Directory tab.
3. Click Settings and then Add.
4. Then come back to the following values:
   • Click on Browse and then points to the file C: phpphp5isapi.dll and extension on tape. Php. This action specifies mappings between an executable file and one or more file extensions, and shows the actions allowed for the file.
5. Then, in the ISAPI Filters tab, you select Add, then Browse to point also on C: and name phpphp5isapi.dll filter php.
6. Finally, it displays the folder properties "Cacti" contained in the Default Web Site. Index.php is added on top of the list in the Documents tab.

It verifies the connection to Cacti. By default, the connection is made with Cacti Username: admin and Password: cactipw.

--------------------------------

Software Components Required

1. (Optional) Apache> - This software is optional if running Windows Internet Information Server.

2. Cacti> - Install from the zip distribution and install in the web root or your choice. Many choose to install into a "Cacti" sub folder.

3. Spine - Install from the zip distribution into the c:\cacti directory. Make sure your spine.conf.dist is located in that directory as well.

4. RRDTool - Install from the Cacti website. Install it into the c:\cacti directory.

5. PHP 4.3.6+ or 5.x - Install into the c:\php folder. If you choose to install into c:\Program Files\php, you will have to use 8.3 filenames to reference it's binaries in Cacti.

6. MySQL 4.x or MySQL 5.x - Install into the default location. This is typically c:\Program Files\MySQL\MySQL Server X.XX.

7. (Optional) Cygwin - Download and execute setup.exe from the Cygwin website. Keep the setup.exe file for later use.

8. (Optional) Net-SNMP - Install to the c:\net-snmp directory. If you choose to use c:\Program Files\net-snmp you will have tu use 8.3 filenames to reference it's binaries in Cacti.

 

Configure PHP

1. If using PHP 4, move the files in c:\php\dlls to c:\php

2. Add the following directory to the existing Windows System PATH environment variable: c:\php. The Windows path can be accessed via the Control Panel at: System | Advanced | Environment Variables | System Variables.

3. Add the following directory to a new Windows System environment variable called PHPRC: c:\php.

4. Add a new Windows System environment variable called MIBDIRS. If using PHP 4, set it to c:\php\mibs. If using PHP 5, set it to c:\php\extras\mibs

5. If using PHP 4.3.5 or less, create the following directory c:\tmp.

6. Rename the file c:\php\php.ini.dist to php.ini, and make the following changes to it:

   If using PHP 4 add/uncomment the following lines.

   extension_dir = c:\php\extensions extension=php_snmp.dll extension=php_sockets.dll cgi.force_redirect = 0

   If using PHP 5 uncomment the following lines.

   extension_dir = c:\php\ext extension=php_mysql.dll extension=php_snmp.dll extension=php_sockets.dll cgi.force_redirect = 0

   If using PHP 4.3.5 or less include the following line. If using 4.3.6 or greater, you should remove this line if present.

   session.save_path=c:\tmp

7. In earlier installation guides to PHP, they recommended moving certain DLL's to the c:\winnt\system32 directory. If so, you will have to remove those files. Please review the PHP installation documentation for instructions on removing those files.

8. If you want to allow template importing, uncomment the following line:

   file_uploads = On

9. Give the user who will be running the scheduled task, modify rights to the .index file in the location pointed to by the MIBDIRS Windows System environment variable.

 

Configure the Webserver (Apache)

1. Make sure you have stopped any IIS web servers before you proceed with Apache installation, or make sure Apache is configured on an alternate port.

2. If you are using Apache 1.3.x, installation of PHP 5 is not recommended. If using PHP 4, add the following lines to your httpd.conf file. You can edit that file by selecting Start | All Programs | Apache HTTP Server X.XX | Configure Server | Edit the httpd.conf file pick from the Taskbar.

   If using Apache 1.3.x and PHP 4, then add the following lines:

   LoadModule php4_module c:\php\sapi\php4apache.dll AddModule mod_php4.c AddType application/x-httpd-php .php DirectoryIndex index.html index.htm index.php

   If using Apache 2.x and PHP 4, then add the following lines:

   LoadModule php4_module c:\php\sapi\php4apache2.dll AddType application/x-httpd-php .php DirectoryIndex index.html index.htm index.php

   If using Apache 2.x and PHP 5, then add the following lines.

   LoadModule php5_module c:\php\php5apache2.dll AddType application/x-httpd-php .php DirectoryIndex index.html index.htm index.php

 

Configure the Webserver (IIS)

1. Start the Internet Information Services (IIS) Manager, right click on the Default Web Site (in most cases) and select Properties.

2. Under the Home Directory tab, select Configuration and click Add. Browse to the path of php4isapi.dll or php5isapi.dll, and type in .php as the extension. Note: if using IIS6, Enable All Verbs and Script Engine.

3. Under the ISAPI Filters tab, click Add and browse to the php4isapi.dll or php5isapi.dll file. Name the filter "php" and click OK.

4. Under the Documents tab, add index.php to the list.

5. If using IIS6, goto Web Service Extensions and add a new Web Service Extension. Name the extension "php", and click Add and browse to thephp4isapi.dll or php5isapi.dll file, enable Set Extension status to Enable, and click OK.

6. Give the IUSR_XXXX and IIS_WPG users read & execute permissions to the file %windir%\system32\cmd.exe. They will also need read permissions on cacti_web_root/cacti and it's subfolders.

7. If using IIS6, give the IIS_WPG user modify permissions to the folders cacti_web_root/cacti/log and cacti_web_root/cacti/rrd.

8. Completely stop and start the IIS service using the following commands:

   net stop iisadmin net start w3svc

 

Install Cygwin (optional)

1. Installing a single instance of Cygwin, and using it for all applications that require it is recommended so you do not have different versions of the Cygwin dlls laying around on your system, which can cause conflicts.

2. Run setup.exe you previously download.

3. Once you reach the portion of setup entitled Select Packages, install the following:

   Base (include all items) Libs 	libart_lgpl 	libfreetype26 	libpng12 	zlib 	openssl Utils 	patch Web 	wget

4. Add c:\cygwin\bin to your Windows System PATH environment variable.

5. Move setup.exe to c:\cygwin for future use.

 

Install RRDTool

1. Extract the RRDTool zip file from the Cacti web site to c:\cacti\rrdtool.exe.

 

Install MySQL

1. Extract the MySQL zip file to a temp directory and run setup.exe.

2. Install MySQL to the default directory, or for the purposes of this manual to the c:\mysql directory.

3. If running an older version of MySQL, start it by running c:\mysql\bin\winmysqladmin.exe. In more recent versions, this is not required.

4. Set a password for the root user

   shell> cd mysql\bin
   shell> mysqladmin --user=root password somepassword
   shell> mysqladmin --user=root --password reload

5. Create the MySQL database:

   shell> mysqladmin --user=root --password create cacti

6. Import the default Cacti database:

   shell> mysql --user=root --password cacti < c:\apache2\htdocs\cacti\cacti.sql

7. Create a MySQL username and password for Cacti.

   shell> mysql --user=root --password mysql
   mysql> GRANT ALL ON cacti.* TO cactiuser@localhost IDENTIFIED BY 'somepassword';
   mysql> flush privileges;

8. If you are running MySQl 4.1 and above, you will need to apply the old password setting in order to authenticate with Cacti. To make this change, stop the MySQL service and add the following to the Start Parameter field. Start it again once it has been added.

   --old-password

   You will also need to update the cactiuser account with the old password style.

   shell> UPDATE mysql.user SET Password = OLD_PASSWORD('cactipwd') 				WHERE Host = 'localhost' AND User = 'cactiuser';
   mysql> FLUSH PRIVILEGES;

 

Install Net-SNMP

1. If you plan to use any hosts with SNMP v2c support, and are using early versions of PHP, you must download and install the Net-SNMP libraries.Net-SNMP provides installers to install their product. However, caution must be taken if you choose to use long file names as Cacti does not them as long file names. You will have to user 8.3 notation. For example c:\Program Files\Net-SNMP\bin becomes c:\progra~1\net-snmp\bin.

 

Install Spine

1. Extract the Spine zip file to c:\cacti and modify the spine.conf.dist file to include the following statements.

   DB_Host	127.0.0.1 or hostname (not localhost) DB_Database	cacti DB_User		cactiuser DB_Password	cacti DB_Port		3306

   All other pre 0.8.6 settings are obsolete.

2. Spine now comes with a binary distribution. However, we strongly suggest that you install Cygwin and then remove all the DLL files and sh.exe from the c:\cacti directory.

 

Configure Cacti

1. Edit cacti_web_root/cacti/include/config.php and specify the MySQL user, password, database, and database port for your Cacti configuration.

   $database_default = "cacti"; $database_hostname = "localhost"; $database_username = "cactiuser"; $database_password = "cacti"; $database_port = "3306";

2. Point your web browser to:

   http://your-server/cacti/

   Log in using the username and password of admin/admin. You will be required to change this password immediately.

3. From Cacti, go to Settings->Paths and verify/udate your paths to point to the correct locations. Recommended examples are posted below. If you plan on using Spine, then it is very important that all paths include forward slashes instead of backslashes.

   PHP Binary Path:

   c:/php/php.exe

   RRDTool Binary Path:

   c:/cacti/rrdtool.exe

   SNMPGET, SNMPWALK, SNMPBULKWALK, SNMPGETNEXT Paths:

   c:/progra~1/net-snmp/bin/snmpget.exe

   c:/progra~1/net-snmp/bin/snmpwalk.exe

   c:/progra~1/net-snmp/bin/snmpbulkwalk.exe

   c:/progra~1/net-snmp/bin/snmpgetnext.exe

   Cacti Logfile Path:

   c:/mycacti/website/cacti/log/cacti.log

   Spine Path:

   c:/cacti/Spine.exe

4. Click on Devices. Delete the Localhost devices as it intended for Linux environments In the upper right corner, click Add. Fill in the following information and then click Add.

   Description: My Windows localhost Hostname: localhost Host Template: Windows 2000/XP

5. You should now be looking at the localhost device screen. Right under it's name, there should be some SNMP information listed, if not you should double check the SNMP settings on the server and firewall settings. In the upper right-hand corner, click on Create Graphs for this Host. On the following screen, select a disk partition and network interface. At the bottom of the page, click on Create.

6. Log into the user account you'll be using for the scheduled task and verify starting a Cacti polling cycle works. Do this by running the following from the command prompt:

   php c:/cacti_web_root/cacti/poller.php

   The output should look something like the following:

   C:\>php c:\inetpub\wwwroot\cacti\poller.php OK u:0.00 s:0.06 r:1.32 OK u:0.00 s:0.06 r:1.32 OK u:0.00 s:0.16 r:2.59 OK u:0.00 s:0.17 r:2.62 10/28/2005 04:57:12 PM - SYSTEM STATS: Time:4.7272 Method:cmd.php Processes:1 Threads:N/A Hosts:1 HostsPerProcess:2 DataSources:4 RRDsProcessed:2

   After this has ran once, you should have cacti.log in /cacti/log/ and rrd files in /cacti/rra/.

7. You are going to need to schedule a task while logged on as an Administrator. This task is required to you can run poller.php every 5 minutes. Make sure the Task Scheduler service is started and follow the steps below to begin.

   Note: The following instructions are based on Windows XP and Windows Server 2003. You should be able to follow these instructions close enough for Windows 2000 as well.

    

   1. Select Start --> Settings --> Control Panel and double click on Scheduled Tasks.

   2. Double click on Add Scheduled Task.

   3. Click Next and Browse on the following screen. Find c:\php and select php.exe. Choose Daily on and click Next.

   4. Click Next again without changing the time or date settings.

   5. When entering a username and password make sure the user has read and write access to the following directories:

      cacti_web_root/cacti/rra cacti_web_root/log

      Make sure the user has read, write, and execute access to the following directories:

      c:\php c:\php\sapi

   6. Click Next and Finish to close the wizard.

   7. Right click on the task you just created, and select Properties.

   8. Select the Schedule tab.

   9. Make sure Daily is selected and click the Advanced button.

   10. Check the Repeat checkbox, set it for 5 minutes and set the duration for 24 hours.

   11. Click Ok

   12. In the Run textbox enter the following text making sure to use the appropriate paths.

       c:\php\php.exe c:\mycacti\website\cacti\poller.php

       The start in box should say c:\mycacti\website\cacti.

 

Apply Patches

1. There are two methods of applying patches to Cacti:

    

   1. If you have Cygwin installed, then the patch instructions which use wget and patch, will work.

   2. The other method requires you to visit http://www.cacti.net/downloads/patches/0.8.6h/pre-patched/ and manually download and replace the patched files.

2. You might need to reapply file/folder security on the files patched. Double check they are correct.

3.  Installing Under Unix

   from:http://help.soft30.com/manual/cacti-manual/install_windows.html

 

 To configure an HTTPS server you must enable the SSL protocol in the server block, and specify the locations of the server certificate and private key files:

server {
    listen               443;
    server_name          www.nginx.com;
    ssl                  on;
    ssl_certificate      www.nginx.com.crt;
    ssl_certificate_key  www.nginx.com.key;
    ssl_protocols        SSLv3 TLSv1;
    ssl_ciphers          HIGH:!ADH:!MD5;
    ...
}

The server certificate is a public entity. It is sent to every client that connects to the server. The private key is a secure entity and should be stored in a file with restricted access, however, it must be readable by nginx’s master process. The private key may alternately be stored in the same file as the certificate:

    ssl_certificate      www.nginx.com.cert;
    ssl_certificate_key  www.nginx.com.cert;

in which case the file access rights should also be restricted. Although the certificate and the key are stored in one file, only the certificate is sent to a client.

The directives “ssl_protocols” and “ssl_ciphers” may be used to limit connections to strong SSL protocol versions and ciphers. Since version 0.8.20, nginx uses “ssl_protocols SSLv3 TLSv1” and “ssl_ciphers HIGH:!ADH:!MD5” by default, so they should only be set for earlier nginx versions.

HTTPS server optimization

SSL operations consume extra CPU resources. On multi-processor systems you should run several worker processes: no less than the number of available CPU cores. The most CPU-intensive operation is the SSL handshake. There are two ways to minimize the number of these operations per client: the first is by enabling keepalive connections to send several requests via one connection and the second is to reuse SSL session parameters to avoid SSL handshakes for parallel and subsequent connections. The sessions are stored in an SSL session cache shared between workers and configured by an“ssl_session_cache” directive. One megabyte of the cache contains about 4000 sessions. The default cache timeout is 5 minutes. It can be increased by using the “ssl_session_timeout” directive. Here is a sample configuration optimized for a quad core system with 10M shared session cache:

worker_processes  4;

http {
    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;

    server {
        listen               443;
        server_name          www.nginx.com;
        keepalive_timeout    70;

        ssl                  on;
        ssl_certificate      www.nginx.com.crt;
        ssl_certificate_key  www.nginx.com.key;
        ssl_protocols        SSLv3 TLSv1;
        ssl_ciphers          HIGH:!ADH:!MD5;
        ...

 

SSL certifcate chains

Some browsers may complain about a certificate signed by a well-known certificate authority, while other browsers may accept the certificate without issues. This occurs because the issuing authority has signed the server certificate using an intermediate certificate that is not present in the certificate base of well-known trusted certificate authorities which is distributed with a particular browser. In this case the authority provides a bundle of chained certificates which should be concatenated to the signed server certificate. The server certificate must appear before the chained certificates in the combined file:

$ cat www.nginx.com.crt bundle.crt > www.nginx.com.chained.crt

The resulting file should be used in the “ssl_certificate” directive:

server {
    listen               443;
    server_name          www.nginx.com;
    ssl                  on;
    ssl_certificate      www.nginx.com.chained.crt;
    ssl_certificate_key  www.nginx.com.key;
    ...
}

If the server certificate and the bundle have been concatenated in the wrong order, nginx will fail to start and will display the error message:

SSL_CTX_use_PrivateKey_file(" ... /www.nginx.com.key") failed
   (SSL: error:0B080074:x509 certificate routines:
    X509_check_private_key:key values mismatch)

because nginx has tried to use the private key with the bundle’s first certificate instead of the server certificate.

Browsers usually store intermediate certificates which they receive and which are signed by trusted authorities, so actively used browsers may already have the required intermediate certificates and may not complain about a certificate sent without a chained bundle. To ensure the server sends the complete certificate chain, you may use the “openssl” command line utility, for example:

$ openssl s_client -connect www.godaddy.com:443
...
Certificate chain
 0 s:/C=US/ST=Arizona/L=Scottsdale/1.3.6.1.4.1.311.60.2.1.3=US
     /1.3.6.1.4.1.311.60.2.1.2=AZ/O=GoDaddy.com, Inc
     /OU=MIS Department/CN=www.GoDaddy.com
     /serialNumber=0796928-7/2.5.4.15=V1.0, Clause 5.(b)
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc.
     /OU=http://certificates.godaddy.com/repository
     /CN=Go Daddy Secure Certification Authority
     /serialNumber=07969287
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc.
     /OU=http://certificates.godaddy.com/repository
     /CN=Go Daddy Secure Certification Authority
     /serialNumber=07969287
   i:/C=US/O=The Go Daddy Group, Inc.
     /OU=Go Daddy Class 2 Certification Authority
 2 s:/C=US/O=The Go Daddy Group, Inc.
     /OU=Go Daddy Class 2 Certification Authority
   i:/L=ValiCert Validation Network/O=ValiCert, Inc.
     /OU=ValiCert Class 2 Policy Validation Authority
     /CN=http://www.valicert.com//emailAddress=info@valicert.com
...

In this example the subject (“s”) of the www.GoDaddy.com server certificate #0 is signed by an issuer (“i”) which itself is the subject of the certificate #1, which is signed by an issuer which itself is the subject of the certificate #2, which signed by the well-known issuer ValiCert, Inc. whose certificate is stored in the browsers’ built-in certificate base (that lay in the house that Jack built).

If you have not added the certificates bundle, you will see only your server certificate #0.

A single HTTP/HTTPS server

It is good practice to configure separate servers for HTTP and HTTPS protocols from the very start. Although their functionalities currently seem equal, this may change significantly in the future and using a consolidated server may become problematic. However, if HTTP and HTTPS servers are equal, and you prefer not to think about the future, you may configure a single server that handles both HTTP and HTTPS requests by deleting the directive “ssl on” and adding the “ssl” parameter for *:443 port:

server {
    listen               80;
    listen               443  ssl;
    server_name          www.nginx.com;
    ssl_certificate      www.nginx.com.crt;
    ssl_certificate_key  www.nginx.com.key;
    ...
}

 

Prior to 0.8.21, nginx only allows the “ssl” parameter to be set on listen sockets with the “default”parameter:

listen  443  default  ssl;

 

Name-based HTTPS servers

A common issue arises when configuring two or more HTTPS servers listening on a single IP address:

server {
    listen           443;
    server_name      www.nginx.com;
    ssl              on;
    ssl_certificate  www.nginx.com.crt;
    ...
}

server {
    listen           443;
    server_name      www.nginx.org;
    ssl              on;
    ssl_certificate  www.nginx.org.crt;
    ...
}

With this configuration a browser receives the certificate of the default server, i.e., www.nginx.com regardless of the requested server name. This is caused by SSL protocol behaviour. The SSL connection is established before the browser sends an HTTP request and nginx does not know the name of the requested server. Therefore, it may only offer the certificate of the default server.

The oldest and most robust method to resolve the issue is to assign a separate IP address for every HTTPS server:

server {
    listen           192.168.1.1:443;
    server_name      www.nginx.com;
    ssl              on;
    ssl_certificate  www.nginx.com.crt;
    ...
}

server {
    listen           192.168.1.2:443;
    server_name      www.nginx.org;
    ssl              on;
    ssl_certificate  www.nginx.org.crt;
    ...
}

 

A SSL certificate with several names

There are other ways to share a single IP address between several HTTPS servers, however, all of them have drawbacks. One way is to use a certificate with several names in the SubjectAltName certificate field, for example,www.nginx.com and www.nginx.org. However, the SubjectAltName field length is limited.

Another way is to use a certificate with a wildcard name, for example, *.nginx.org. This certificate matcheswww.nginx.org, but does not match nginx.org and www.sub.nginx.org. These two methods can also be combined. A certificate may contain exact and wildcard names in the SubjectAltName field, for example, nginx.org and *.nginx.org.

It is better to place a certificate file with several names and its private key file at the http level of configuration to inherit their single memory copy in all servers:

ssl_certificate      common.crt;
ssl_certificate_key  common.key;

server {
    listen           443;
    server_name      www.nginx.com;
    ssl              on;
    ...
}

server {
    listen           443;
    server_name      www.nginx.org;
    ssl              on;
    ...
}

 

Server Name Indication

A more generic solution for running several HTTPS servers on a single IP address is TLSv1.1 Server Name Indication extension (SNI, RFC3546), which allows a browser to pass a requested server name during the SSL handshake and, therefore, the server will know which certificate it should use for the connection. However, SNI has limited browser support. Currently it is supported starting with the following browsers versions:

• Opera 8.0;
• MSIE 7.0 (but only on Windows Vista or higher);
• Firefox 2.0 and other browsers using Mozilla Platform rv:1.8.1;
• Safari 3.2.1 (Windows version supports SNI on Vista or higher);
• and Chrome (Windows version supports SNI on Vista or higher, too).

In order to use SNI in nginx, it must be supported in both the OpenSSL library with which the nginx binary has been built as well as the library to which it is being dynamically linked at run time. OpenSSL supports SNI since 0.9.8f version if it was built with config option “--enable-tlsext”. Since OpenSSL 0.8.9j this option is enabled by default. If nginx was built with SNI support, then nginx will show this when run with the “-V” switch:

$ nginx -V
...
TLS SNI support enabled
...

However, if the SNI-enabled nginx is linked dynamically to an OpenSSL library without SNI support, nginx displays the warning:

nginx was built with SNI support, however, now it is linked
dynamically to an OpenSSL library which has no tlsext support,
therefore SNI is not available

 

Compatibility

 

• The SNI support status has been shown by the “-V” switch since 0.8.21 and 0.7.62.
• The “ssl” parameter of the “listen” directive has been supported since 0.7.14.
• SNI has been supported since 0.5.32.
• The shared SSL session cache has been supported since 0.5.6.

 

 

• Version 0.7.65, 0.8.19 and later: the default SSL protocols are SSLv3 and TLSv1.
• Version 0.7.64, 0.8.18 and earlier: the default SSL protocols are SSLv2, SSLv3, and TLSv1.

 

 

• Version 0.7.65, 0.8.20 and later: the default SSL ciphers are “HIGH:!ADH:!MD5”.
• Version 0.8.19: the default SSL ciphers are “ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM”.
• Version 0.7.64, 0.8.18 and earlier: the default SSL ciphers are
  “ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP”.

 

written by Igor Sysoev edited by Brian Mercer

 on server

 To set up the host name of the SUSE Linux 10 machine and the addresses of your Domain Name System servers, select the Host name and name server button. A screen like that shown in Figure 1-24 appears.

The host name of your SUSE Linux 10 machine can be anything you like, such as a person's name, a descriptive name, or something random. The only thing that you have to bear in mind is that the host name and domain name can contain only letters and numbers as well a hyphen or an underscore. The host name can be only one string of characters and cannot contain a space or a period. As the name suggests, the domain name dictates the network domain that this machine falls into. This domain may well be something in line with your company's policy or could be something you have set up yourself.

When integrating a new system into an existing networked environment, you should always follow the same naming conventions that are already being used, especially for the domain name. If you do not, other systems on the network may not be able to locate your system correctly, and certain services on your system may not be able to interoperate with existing network services.

 
Figure 24

Enter the name server address into the Name Server 1 field. You can also enter up to two other separate DNS server entries. Your administrator or ISP should be able to give you this information.

The Domain Search entry is used to control how your machine looks up the address of other machines connected through TCP/IP. For example, if you use a Domain Search entry such as suse.com, you can communicate with any machine in the SUSE domain by just its host name. For example, with suse.com as the Domain Search entry, you can communicate with the machine you are setting up in this example by just using the host name of bible. If you do have suse.com as a Domain Search field, however, you have to specify the fully qualified domain name of the machine you want to communicate with (in the case of this example, that is bible.suse.com).

When you have set the DNS configuration for your system, press OK to save your changes. 

More here:http://searchsystemschannel.techtarget.com/generic/0,295582,sid99_gci1216511,00.html

 Step One: Preparation

1. Download the following files. NOTE: Make sure you get these exact versions; others may not work with this tutorial! 
   
   MySQL: MySQL-3.23.28-1.0.pkg.tar.gz 
   Apache: apache_1.3.19.tar.gz 
   PHP: php4.0.4.img 
    
2. Run Stuffit Expander to unbinhex php4.0.4.img 
    
3. Mount image php4.0.4.img 
    
4. Copy php-4.0.4pl1.tar.gz to your hard disk 
    
5. Copy all these files to your Documents folder which is at /Users/yourusername/Documents or click on Home then Documents: 
   
   php-4.0.4pl1.tar.gz 
   apache_1.3.19.tar.gz 
   MySQL-3.23.28-1.0.pkg.tar.gz

Step Two: Installation of mySQL

1. Open the Terminal application, which is inside Applications/Utilities 
    
2. Go to Documents folder from Terminal. Type the following at the Terminal prompt (the ">" represents the prompt, so don't type it):

   > cd ~
   > cd Documents
   > ls

   Do you see the files? If you don't, type the following:

   > pwd

   to check if you're in the right directory: /Users/yourusername/Documents 
    
3. Unpack MySQL:

   > gnutar xpfz MySQL-3.23.28-1.0.pkg.tar.gz

4. Exit the Terminal and in Finder, go to your Documents folder and double-click on the resulting mySQL package. 
    
5. Apple's Installer will ask for admin password (click on the "lock" icon). Enter your password then run the installer. 
    
6. Quit installer when finished. 
    
7. Go back to Terminal application and type the following:

   > su

   Enter your Root password then

   > cd /usr/local/bin
   > ./mysql_install_db

That's it, MySQL is installed. To run server, type the following at Terminal as Root:

> safe_mysqld &

Your Terminal will just stop (won't go back to prompt) but that's okay. You can close Terminal. I'm assuming you know how to run and use mysql. If you don't know how to create a new user aside from Root with database creating privileges, this is how. At Terminal, type the following as Root:

> mysql

Inside mysql, type the following ("m>" represents mysql prompt, don't type it):

m> GRANT ALL PRIVILEGES ON *.* TO yourusername@localhost
     IDENTIFIED BY 'whateverpasswordyouwant';
m> quit

[Editor's note: The above line for GRANT ALL was broken into two lines to narrow the display width - enter it as one line! Also, please read up on database security at the mySQL web site! It's quite important for the safety of your system and data!] 

When you're done, exit root by typing 'exit'. 

Now to run mysql as you and create a new database, etc., you must do the following:

> mysql -pwhateverpasswordyouwant test
m> create database myfirstdatabase
m> quit
> mysql -pwhateverpasswordyouwant myfirstdatabase

Step Three: Installation of Apache

1. First turn off Mac OSX Apache. Go to System Preference-Sharing, make sure WebServer is off (buttons says "Start" instead of "Stop") 
    
2. Go back to where you placed Apache package. Do this at Terminal:

   > cd ~
   > cd Documents
   > gnutar xzf apache_1.3.19.tar.gz
   > cd apache_1.3.19
   > ./configure --enable-module=most --enable-shared=max
   > make
   > sudo make install

   You'll be asked for Root password. Give it then run.

That's it, you've installed Apache. 

Step Four: Installation of PHP

1. Go back to where you placed PHP package. Do this at Terminal to become Root:

   > su

   Enter your Root password 
    
2. Next, configure PHP (the disabled pear is because your file system, HFS+ is case-insensitive, and installing pear causes errors)

   > ./configure --with-mysql --with-apxs --disable-pear

   In my case, I also added dBASE support, so if you want, you can type the following or add other configurations. Consult PHP.NET regarding the others:

   > ./configure --with-mysql --with-dbase --with-apxs --disable-pear
   > make
   > make install

3. Open the following file using at the Terminal using the Pico text editor:

   > pico /etc/httpd/httpd.conf

4. Do a search for 'PHP' (it's Ctrl-W; don't type the quotes!) 
    
5. Make sure the following are in there and not commented out (comments take the form of "#"), if not add them at the appropriate place:

   LoadModule php4_module
   libexec/httpd/libphp4.so
   AddModule mod_php4.c
   AddType application/x-httpd-php .php .php3
   AddType application/x-httpd-php-source .phps

   You may also want to modify the following so that Apache will let you go to your PHP page without having to type the file name if it's a default

   
    DirectoryIndex index.html index.php index.php3
   

Okay, finished with PHP. Last, we need to make Apache accessible from browser. 

Step Five: Activation of Apache

1. Go to Systems Preference-Network 
    
2. Create a new Location (click on Location pulldown menu and select "New...") 
    
3. Call the new Location "Local" or whatever you want, but make the following settings: 
   
   Configure: Manually 
   IP Address: 127.0.0.1 
   Router: 127.0.0.1 
   
   Leave all the other settings the way they are. Save it. 
    
4. Make sure mySQL is running (I mentioned this earlier. To check if it's running, at the Terminal, type 'mysqladmin -v ping'). 
    
5. Run Apache: at System Preference-Sharing, turn on WebServer by clicking on "Start" button. 
    
6. Go to your browser, like Ominweb or (blech) Microsoft IE (can't wait for Mozilla or Netscape port to OSX), and type for Location: http://127.0.0.1 -- you should end up at Apache welcome screen. 
    
7. Your programs need to be placed in: /Library/Webserver/Documents which is accessible from Finder. Try putting in a PHP/Mysql program and see results in your browser. For example, if I place in "first.php" then at browser, you type: http://127.0.0.1/first.php
    
8. If you put in a folder inside /Library/Webserver/Documents, then just use the name of the folder (no spaces) in the browser. Example, if folder is called "myprogs", then use: http://127.0.0.1/myprogs/first.php

 Only the superuser or root user may set the date under FreeBSD. General format of date command is as follows:

date yymmddhhmmss
Where,

• yy : Year in two digit
• mm : Month (1-12)
• dd : Day (1-31)
• hh : Hours (0..23)
• mm : Minutes (0..59)
• ss : Seconds (0..61)

For example following command set date to 12-Jan-2004, 4:27 PM (remember you must be a root user to set date and time)
# date 0401121627

 

Introduction

Full GNU/Linux Desktop installed in 20 minutes flat!
No more excuses for running W--dows!

Knoppix is a remarkable Linux 'demo' distribution, in that it can run totally from a CD, without disturbing any existing software or disks on the system it's running on.

Even better, Knoppix can auto-detect hardware as it starts up, and does quite a good job of configuring this hardware.

And still better, Knoppix is chock-full of the best desktop software which GNU/Linux has to offer - office software, games, productivity suites, software development tools, multimedia - you name it!

After seeing a Knoppix demo, many users decide that they'd like to have Knoppix permanently installed on their system. This HOWTO gives a simple step-by-step guide to putting Knoppix on the hard disk, with the added bonus that it will run faster from then on.

This guide covers a couple of obvious points which are strangely missing from the Knoppix website, and will help you to go from first boot to a fully set up GNU/Linux desktop in 20 minutes flat!

---

System Requirements

To install and run Knoppix on your PC, you'll need:

• Pentium-class processor, preferably 300MHz+
• 64MB RAM
• A spare partition on your disk, min 3GB
• (of course) a Knoppix CD

---

Installation Procedure

To get Knoppix installed onto your hard drive:

1. Boot the Knoppix CD.


2. When the boot prompt comes up, choose your language.
   Most of us speak English, so we'll type:

   boot: knoppix lang=en

   then press ENTER (you don't type the 'boot:' part, of course)


3. Wait till the system is fully launched, including the KDE desktop


4. Press CTRL-ALT-F1, to get a root console. You should see a shell prompt


5. Type: knx-hdinstall


6. Follow the guided installation menus. This will include:
   
   
   • Creating a Linux partition (at least 2.5GB
   • Creating a Linux Swap partition (at least 256MB)
   • 'Mounting' the Linux partition as root
   • Initialising the swap partition
   • Copying all the required files (automatically)
   • Setting up networking
   • Setting passwords
   • Setting up the bootloader (Note: take care with this stage - it could render your system incapable of booting into Windows. If you really need Windows, then it might be a good idea to set up GRUB Bootloader with a 'chainloader' entry, so that you can dual boot. Working this out is an exercise left to the reader - there are too many possible scenarios for me to cover in this short guide. Also see man grub and the files in /usr/share/doc/grub)
   • Rebooting (without the CD)


7. When you've rebooted Knoppix from your hard disk, click on the KDE Control Centreicon in the launcher at the bottom of the screen (icon of a colour monitor with a card in front of it)


8. Within the Control Center, click on Personliche Einstellungen


9. Click on Land und Sprache


10. Choose the locale and language of your choice


11. Click on Andwenden at bottom of that window


12. Close and restart the Control Center


13. Click on Peripherals, then Keyboard, and choose your preferred keyboard layout (which will probably be US.English. Click OK and close the window


14. Press CTRL-ALT-F2 to get to the root console, and log in as root (using the password you chose when you ran the installer)


15. (Optional) - type apt-get update (followed by ENTER). This will update your list of available packages, and takes about 5-10 minutes.


16. Hey, presto, you've got a fully installed GNU/Linux desktop

From here on in, you'll probably want to fine-tune a few things, set up themes, backgrounds etc. But most of the hard work is already done for you!

And lastly, note that Knoppix is based on Debian, which is arguably the finest GNU/Linux infrastructure available. To learn more about your system, and how to add/change/remove software, go to the Debian website and read the documents. If you get really stuck, start up X-Chat and log intoirc.debian.org or irc.openprojects.net and join channel #knoppix. That is one busy chat room, with Debian Linux experts present 24/7, willing to help. Please also know that, even though Knoppix is based on the Debian distribution, your enquiries in #debian may not be welcomed.

 What is the Domain Name System(DNS? The DNS is the glue that keeps the Internet together. DNS translates domain name(example.com) to an IP address and vice versa. It's much easier for us to remember names than numbers.

DNS is defined in Request for Comments (RFCs) 1034 and 1035.

Basically, any major Linux distro can be used as a DNS, Web, E-mail, and FTP server, and Suse is not an exception. All in one box and one static IP address. That's all you need! Of course, I am talking about an experimental machine. An educative aproach. If you are seriuos about the Internet, you are going to need minimun two DNS servers, an email server, a web server, an FTP server, a firewall machine may be using ipcop.org, a proxy server, etc.

The DNS server is very easy to install. All you need to install is the BIND package, modify the /etc/named.conf file, and create your own zones files.

If you are using any type of firewall, keep port 53 open for UDP and TCP. This is the port dedicated to DNS.

 

Edit /etc/named.conf and add your reference zone files. Right after the first reference zone file, in this case zone "0.0.127.in-addr.arpa", add yours, in my case I added two zone references: enicaragua.net and sixbone.com. Pay close attention to the open and close braces, quotes, and semicolons.

zone "0.0.127.in-addr.arpa" in {
        type master;
        file "127.0.0.zone";
};

zone "enicaragua.net" in {
        type master;
        file "enicaragua.zone";

};

zone "sixbone.com" in {
        type master;
        file "sixbone.zone";
};
:

Zones files

Suse puts the named dir in /var/lib/named. Here is where your zones file will be located. This is the sixbone.com domain's zone file:

unix:/home/ipv6 # more /var/lib/named/sixbone.zone
; DNS record for the sixbone.com domain
$TTL 86400      ; max TTL
$ORIGIN sixbone.com.
@       IN      SOA     unix.sixbone.com. root.sixbone.com. (
                        2003021401
                        28800
                        7200
                        604800
                        3600 )
@               IN      A       68.183.62.111
@               IN      NS      unix.sixbone.com.
@               IN      MX      10      unix.sixbone.com.
www             IN      CNAME   sixbone.com.
                IN      CNAME   sixbone.com.
unix:/home/ipv6 #

Now, we need to test the zone files, so we type: rndc reload, next we run rcnamed start. You should get not erros. Next type rcnamed status, you should see the number of zones running, and the last line will say the server is up and running.

If you get an error, check braces, quotes, and semicolos in /etc/named.conf.

 

If you want to know more about CNAME, A, NS, etc. Read The DNS & Bind Book

Have you seen those sites that if you don't put the www, you cannot get to it? Well, it's all in the zone files. If you check the sixbone.com file, you see one reference with the www and one reference without it, these are called CNAME or alias. Bingo! By the same token, you create the same way an FTP server, so on and so forth. In the case of a Web server, you need to check your Apache conf files, and make sure that you create your virtual hosts reference as well. This is another topic. Finally, I run the last check using dig, your DNS friend, and this is what I get:

unix:/home/ipv6 # dig sixbone.com

;  DiG 9.3.1  sixbone.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55238
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;sixbone.com.                   IN      A

;; ANSWER SECTION:
sixbone.com.            86194   IN      A       68.183.62.111

;; AUTHORITY SECTION:
sixbone.com.            86194   IN      NS      unix.sixbone.com.

;; Query time: 34 msec
;; SERVER: 66.51.205.100#53(66.51.205.100)
;; WHEN: Thu Jan 13 03:27:51 2005
;; MSG SIZE  rcvd: 64

unix:/home/ipv6 #

DNS is an exciting topic, and these few lines don't even put a dent to it. For example, you need to register your own domain name with a domain name service provider. i.e ns.com, buydomains.com, etc. By creating these zone files in your server, your DNS server is not going to work, I mean, it won't resolve any domain name at all, may be locally.

How the DNS work? Here is a link that explain very well how it works: How DNS works Each domain name must have two DNS servers. Some people named their ns1.example.com and ns2,example,com, in my case I named mine unix.sixbone.com unix is the name of the machine itself, or host name in the UNIX jargon. The first reference in the link above, is the root level. These are a series of machines, 13 total to be exact, distributed around the world. I think Japan has two, Europe has a couple more, the US has the most, etc.

What are the names of these machines? In your /var/lib/named there is a file called root.hint, this file contain the list of the these machines. Here is the file in my Linux box:

unix:/home/ipv6 # more /var/lib/named/root.hint
;       This file holds the information on root name servers needed to
;       initialize cache of Internet domain name servers
;       (e.g. reference this file in the "cache  .  "
;       configuration file of BIND domain name servers).
;
;       This file is made available by InterNIC
;       under anonymous FTP as
;           file                /domain/named.root
;           on server           FTP.INTERNIC.NET
;       -OR-                    RS.INTERNIC.NET
;
;       last update:    Jan 29, 2004
;       related version of root zone:   2004012900
;
;
; formerly NS.INTERNIC.NET
;
.                        3600000  IN  NS    A.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.      3600000      A     198.41.0.4
;
; formerly NS1.ISI.EDU
;
.                        3600000      NS    B.ROOT-SERVERS.NET.
B.ROOT-SERVERS.NET.      3600000      A     192.228.79.201
;
; formerly C.PSI.NET
;
.                        3600000      NS    C.ROOT-SERVERS.NET.
C.ROOT-SERVERS.NET.      3600000      A     192.33.4.12
;
; formerly TERP.UMD.EDU
;
.                        3600000      NS    D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET.      3600000      A     128.8.10.90
;
; formerly NS.NASA.GOV
;
.                        3600000      NS    E.ROOT-SERVERS.NET.
E.ROOT-SERVERS.NET.      3600000      A     192.203.230.10
;
; formerly NS.ISC.ORG
;
.                        3600000      NS    F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET.      3600000      A     192.5.5.241
;
; formerly NS.NIC.DDN.MIL
;
.                        3600000      NS    G.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.      3600000      A     192.112.36.4
;
; formerly AOS.ARL.ARMY.MIL
;
.                        3600000      NS    H.ROOT-SERVERS.NET.
H.ROOT-SERVERS.NET.      3600000      A     128.63.2.53
;
; formerly NIC.NORDU.NET
;
.                        3600000      NS    I.ROOT-SERVERS.NET.
I.ROOT-SERVERS.NET.      3600000      A     192.36.148.17
;
; operated by VeriSign, Inc.
;
.                        3600000      NS    J.ROOT-SERVERS.NET.
J.ROOT-SERVERS.NET.      3600000      A     192.58.128.30
;
; operated by RIPE NCC
;
.                        3600000      NS    K.ROOT-SERVERS.NET.
K.ROOT-SERVERS.NET.      3600000      A     193.0.14.129
;
; operated by ICANN
;
.                        3600000      NS    L.ROOT-SERVERS.NET.
L.ROOT-SERVERS.NET.      3600000      A     198.32.64.12
;
; operated by WIDE
;
.                        3600000      NS    M.ROOT-SERVERS.NET.
M.ROOT-SERVERS.NET.      3600000      A     202.12.27.33
; End of File

The last machine listed in this root.hint file is locates in Paris, France. Just use visualroute.com to find the rest.

Keep in mind that we are "inserting" a machine to the biggest network of the world: The Internet. And this machine must be capable to let everybody know regardless where they are how to find example.com, how to find this domain name and its contents. For a small local network, you don't need a DNS server, you can use the first approach since the ARPANET's days of resolving names to IP addresses: the hosts file located in /etc/hosts

from:http://www.freebsdforums.org/install-freebsd-7-i386/

 This is a document for installing FreeBSD 7.0 on a dedicated i386 machine. If you need a preconfigured FreeBSD Dedicated Server you can visit our hosting section where we list dedicated hosting services that offer FreeBSD machines with managed or unmanaged hosting.

If you have any questions you can post them in our FreeBSD Forums. Remember this is a guide only and this website and its owners and operators assume no liability for any problems arising with your installation.

Before starting the FreeBSD installation – things to prepare
This document is a guide to install FreeBSD 7 using an installation CD/DVD, please make sure your computer has a CD/DVD drive and you've got a FreeBSD 7 installation CD/DVD.

If the computer needs to connect to a network, you need to following information to configure the network adapter:

IP address
IP address of the default gateway
Hostname
DNS server IP addresses
Subnet Mask

Begin the FreeBSD Installation:

1.turn on your computer
2.put the installation CD in the CDROM
3.computer should start booting from this installation CD and you’ll see a screen like the following:

Looking for our FreeBSD Forums? We have moved them off our main page,just follow the link to our FreeBSD Forums page.

 

Please note:
(1) FreeBSD is a registered trademark of The FreeBSD Foundation.
(2) WEBSERVER CONSUMER GUIDE is in no way affiliated with The FreeBSD Foundation

4.wait for 10 seconds or press ENTER, the system will then start hardware probe process. You’ll see lots of text flying by your screen.
5.then it stops at a “Country Selection” window, you can use the “UP” and “DOWN” arrow key to select the country your computer is located. Then press “ENTER” to continue.

6.You’ll come to the sysinstall main menu. We’ll choose “Standard” method to install FreeBSD, it’s recommended for most situations.

7.Then you’ll see a message window telling you that you are about to start setting up the disk for this installation. Please press “ENTER” or “SPACE” key to continue. 
8.If you have more than one disk installed on your computer, you’ll see a screen to prompt you to select which disk you want to setup. Press “SPACE” key to select the disk you want to set up, then use “Tab” key to highlight “OK”, then press “ENTER” to continue.
9.In the screen, it will display all the information about your physical disk, as shown in the screen shot below. You need to choose where on the disk (or which partition, in Windows terms) you want FreeBSD to be installed. Since our server is dedicated to FreeBSD, we’ll press “A” here to use the entire disk for FreeBSD.
NOTE: Selecting “A” tells installation program to format the disk at a later time( in this installation) and thus destroy all current data on it. Stop here if that’s not what you intended.

10.Next, you'll choose whether you want to install a boot manager program. A boot manager is for booting multiple Operating systems on one computer. Choose option B, “Standard”, as FreeBSD will be the only one on this computer.
11.Then you'll see a message window telling you that you’re about to create partitions for FreeBSD. Press “ENTER” to continue.
12.Here you need to make decision on how you want divide your disk.

There are two options here: You can use system default partition by pressing “A” in this screen, or you can create you own partitions as you want. No fundamental differences exist between these two options, just that first option is easier to set up and the second one is more intuitive in organizing your data. Below is how to set up each option.

Option A: use system default
Press key “A” when you arrive at the screen below you will see a list of partitions the system created for you. Then press “Q” to save your change and continue. Below is a screen shot showing what a default partition looks like (for a 8G disk):

Option B: create your own partitions

a.When you come to the screen as shown above, press “C” to create you own partition.
b.Then the system prompts you for the size of your partition, with a default value of all available blocks. Use the backspace key to remove it and enter the size of your choice, like “512M”, or “2G”, then press “ENTER” to continue.
c.Then select the type of partition you want to create, swap or FS. 
A swap partition is for system use, as a slower alternative when physical memory is not enough. You cannot store your own data on it. You should create at least one swap partition, around twice the amount of the physical memory in size. Then choose “FS” to create a partition to store your data.
d.Then you need to set up mount point for your partition (if you choose “SWAP” in previous step, you won’t be prompted for mount point, as a swap partition is never mounted). The / (or root) partition is mandatory. You can put “/”, or “/usr”, or “/tmp”, or any other mount point you want, like “/mywebsites”, etc.
e.Repeat steps a-d to create all partitions and mount points you need. Then press “Q” to save and continue. (it'll return to disk selection if there is more than one disk on your computer).

 

Up Next Part II of the FreeBSD i386 installation guide

click here to go to Part II of the FreeBSD i386 installation guide starting with Choosing a distribution set

 

Looking for our FreeBSD Forums? We have moved them off our main page,just follow the link to our FreeBSD Forums page.

Please note:
(1) FreeBSD is a registered trademark of The FreeBSD Foundation.
(2) WEBSERVER CONSUMER GUIDE is in no way affiliated with The FreeBSD Foundation