Documentation - Server for Internet Access

Table of Contents

  1. Introduction
    1. Situation
    2. Requirement
    3. Implementation
  2. System
    1. Operating System
    2. Installed Software (Package-Manager)
    3. Configuration Folders
    4. Configuration
      1. timezone
      2. virtual interface
      3. Firewall ( iptables )
      4. cronjobs
      5. davfs
  3. Proxy
    1. Software
    2. Files
      1. squid.conf
      2. login.php
      3. allow_sites
    3. Configuration
  4. Webserver
    1. Software
    2. Files
      1. apache2.conf
      2. mods-available/*
      3. mods-enabled/*
      4. sites-available/*
      5. sites-enabled/*
    3. Configuration
    4. Virtual Hosts
      1. default
      2. squid.guvenvakfi.local
      3. report.guvenvakfi.local
      4. pma.guvenvakfi.local
  5. DNS Server
    1. Software
    2. Files
      1. named.conf
      2. named.conf.options
      3. named.conf.local
      4. db.guvenvakfi.local
      5. db.1.168.192
      6. db.2.168.192
    3. Configuration
  6. File Server
    1. Software
    2. Files
      1. smb.conf
    3. Configuration
    4. Shares
      1. htdocs
      2. documents
      3. install
  7. Internet Access Page
    1. Descriptions
    2. Software
    3. Files
      1. squid.sql
      2. user.php
      3. admin.php
      4. ajax.php
      5. ajax.js
  8. Report / Statistic
    1. LightSquid
    2. SARG
    3. Squeezer
    4. Squid-Graph
    5. SquidAnalyzer
  9. Backup
    1. Software
    2. Folders
  10. Attachment
    1. Proxy
      1. Source Code - squid.conf
      2. Source Code - login.php
      3. Source Code - allow_sites
    2. Webserver
      1. Source Code - vhost default
      2. Source Code - vhost squid
      3. Source Code - vhost report
      4. Source Code - vhost pma
    3. DNS-Server
      1. Source Code - named.conf
      2. Source Code - named.conf.options
      3. Source Code - named.conf.local
      4. Source Code - db.guvenvakfi.local
      5. Source Code - db.1.168.192
      6. Source Code - db.2.168.192
    4. File-Server
      1. Source Code - smb.conf
    5. Internet Access Page Files
      1. Source Code - squid.sql
      2. Source Code - user.php
      3. Source Code - admin.php
      4. Source Code - ajax.php
      5. Source Code - ajax.js

Introduction toptop

Situation toptop

At Güven Eğitim ve Sağlık Vakfı is a room called ComputerLab with a total of six computers. This room is for EVS Volunteers, Turkish Volunteers, Children and sometimes for staff.

Requirement toptop

The Internet should be used for some time and not the whole day. That's why there are some rules and used IT-Technique to control the use.
To open the internet connection there is someone with the permissions to do it.

Implementation toptop

To control the use there is a proxy-server with authentication requirements. The computer can stay open to use the installed Software but the internet is usually off.

System toptop

Operating System toptop

Debian (Sqeeze)

6.0.7

Kernel

Linux server 2.6.32-5-686 #1 SMP Mon Feb 25 01:04:36 UTC 2013 i686

Installed Software (Package-Manager) toptop

squid3

3.1.6-1.2+squeeze3

adzapper

20090301.dfsg.1-0.1

squidview

0.76-1

sarg

2.3.1-1~bpo60+1

apache2-mpm-prefork

2.2.16-6+squeeze11

php-pear, php5, php5-cli

5.3.3-7+squeeze15

mysql-server-5.1

5.1.66-0+squeeze1

bind9

1:9.7.3.dfsg-1~squeeze10

samba

2:3.5.6~dfsg-3squeeze9

davfs2

1.4.6-1

Configuration Folders toptop

  • /etc/squid3/
  • /etc/apache2/
  • /etc/php5/
  • /etc/mysql/
  • /etc/bind/
  • /etc/samba/
  • Configuration toptop

    There several little changes on the basic system like cronjobs, timezone, virtual interface and more.

    timezone

    dpkg-reconfigure tzdata
    changed to Europe/Istanbul

    virtual interface

    vi /etc/network/interfaces

    auth eth0:1
    iface eth0:1 inet static
    address 192.168.2.1
    netmask 255.255.255.0
    broadcast 192.168.2.255
    network 192.168.2.0

    Firewall ( iptables )

    vi /etc/iptables.sh

    01 #!/bin/sh
    02
    03 ifup eth0:1
    04 #hier kann man Variablen definieren
    05 INET_IFACE="eth0"
    06 LAN_IFACE="eth0:1"
    07 LAN_IP="192.168.2.1"
    08 LAN_NET="192.168.2.0/24"
    09 SIP_SRV_LAN_IP="192.168.1.1"
    10
    11 #Routing einschalten
    12 echo "1" > /proc/sys/net/ipv4/ip_forward
    13
    14 # Alle Regel löschen.
    15 iptables -F
    16 iptables -X
    17 iptables -Z
    18 iptables -t nat -F
    19
    20 #Die wichtigsten Module laden
    21 modprobe ip_tables
    22 modprobe ip_conntrack
    23 modprobe ip_conntrack_ftp
    24 modprobe ip_nat_ftp
    25 modprobe ip_conntrack_irc
    26 modprobe ip_nat_irc
    27 modprobe iptable_filter
    28
    29 # Alles erlauben
    30 iptables -P INPUT ACCEPT
    31 iptables -P OUTPUT ACCEPT
    32 iptables -P FORWARD ACCEPT
    33
    34 #Lokales Device darf alles
    35 iptables -A OUTPUT -o lo -j ACCEPT
    36 iptables -A INPUT -i lo -j ACCEPT
    37
    38 #Das MASQUERADE damit die Pakete im Netzwerk ankommen.
    39 iptables -t nat -A POSTROUTING -o $INET_IFACE -j MASQUERADE
    40
    41 #Verbindungen/ports werden aufrecht erhalten.
    42 iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    43 iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
    44 iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
    45
    46 iptables -I INPUT -p udp -m udp --dport 53 -j ACCEPT
    47 iptables -I INPUT -p tcp -m tcp --dport 53 -j ACCEPT
    48
    49 iptables -I INPUT -p udp -m udp --dport 137 -j ACCEPT
    50 iptables -I INPUT -p udp -m udp --dport 138 -j ACCEPT
    51 iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 139 -j ACCEPT
    52 iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 445 -j ACCEPT
    53
    54 #Einige Standart Ports nach auÃen filtern, schlieÃen
    55 iptables -A INPUT -p udp -m multiport --destination-port 137,138 -j DROP
    56 iptables -A INPUT -p tcp -m multiport --destination-port 135,139,445 -j DROP
    57 iptables -A FORWARD -p tcp -m multiport --destination-port 135,139,445 -j DROP
    58 iptables -A FORWARD -p udp -m multiport --destination-port 137,138 -j DROP

    chmod +x /etc/iptables.sh
    vi /etc/rc.local

    # add this line to start the script every boot
    /etc/iptables.sh

    cronjobs

    crontab -e

    01 # squid-analyzer
    02 0 */1     * * * /usr/local/bin/squid-analyzer > /var/log/squid-analyzer
    03
    04 # lightsquid
    05 0 */1     * * * /var/www/guvenvakfi.local/report/lightsquid/lightparser.pl today
    06
    07 # sarg
    08   @daily        /usr/sbin/sarg-reports daily > /var/log/sarg
    09 0 08-18/1 * * * /usr/sbin/sarg-reports today > /var/log/sarg
    10 0 00      * * * /usr/sbin/sarg-reports daily > /var/log/sarg
    11 0 01      * * 1 /usr/sbin/sarg-reports weekly > /var/log/sarg
    12 3 02      1 * * /usr/sbin/sarg-reports monthly > /var/log/sarg
    13
    14 # squeezer
    15 0 */1      * * * /var/www/guvenvakfi.local/report/squeezer-0.5/squeezer.pl -c /etc/squid3/squid.conf -l /var/log/squid3/access.log > /var/www/guvenvakfi.local/report/squeezer-0.5/index.html
    16
    17 # squid-graph
    18 0 */1      * * * /var/www/guvenvakfi.local/report/squid-graph/squid-graph --output-dir=/var/www/guvenvakfi.local/report/squid-graph < /var/log/squid3/access.log > /dev/null 2>&1
    19
    20 # mysql-backup
    21 55 23      * * * /var/files/backup/bkt_mysql > /dev/null 2>&1
    22
    23 # file-backup
    24 15 00      * * * /var/files/backup/bkt_files > /dev/null 2>&1

    davfs

    vi /etc/fstab

    https://mengel.od.alfahosting.de/dav /var/files/backup/alfadrive davfs users,auto 0 0

    vi /etc/davfs2/secrets

    https://mengel.od.alfahosting.de/dav ABD010AVBV0I xxxxxxxx

    vi /etc/davfs2/davfs2.conf

    # uncomment the line if_match_bug and change the 0 to 1
    # uncomment the dav_user and dav_group
    dav_user davfs2
    dav_group davfs2
    if_match_bug 1

    Proxy toptop

    Software toptop

    There is an Squid Proxy Server in the version 3.1.6 installed from the Debian Package-Manager.
    A PHP-Script is used for the authentication against a MySQL Database. Times are saved to get the information how long the user can use the Internet. Adzapper remove the useless advertisements from the web-pages. Its loaded as external program.
    /etc/squid3/

    Files toptop

    squid.conf [ Source Code ]

    That is the main configuration file for the Squid Proxy.
    Here are all informations about the server (servername, administrator), the rules for the allowed ports, the rules how to use the Internet and the authentication requirement for the users.

    login.php [ Source Code ]

    That is the PHP-Script that check the user inputs against the MySQL Database.

    allow_sites [ Source Code ]

    This is the file for the web pages that can be used without authentication.

    Configuration toptop

    The server listen on the ports 3128 and 8080 (default) and use own error pages for the redirection to the Web-Frontend /usr/share/squid3/error/guven/.
    Squid use /var/spool/squid as caching folder and write the logs to /var/log/squid3/access.log and /var/log/squid3/cache.log

    Webserver toptop

    Software toptop

    There is an Apache 2 Webserver in the version 2.2.16 installed from the Debian Package-Manager.
    /etc/apache2/

    Files toptop

    apache2.conf

    This is the main-configuration file but there are no changes. This file includes other files and there was made changes.

    mods-available/*

    There are all available modules for the webserver.

    mods-enabled/*

    There are all enabled modules for the webserver with a symlink to the mods-available/* files.

    sites-available/*

    There are the web-page informations

    sites-enabled/*

    There are the enabled website informations

    Configuration toptop

    The server listen on the default port 80 (SSL is not configured).
    There are some modules activated that is not default.
    The log are saved in /var/log/apache2/ and every vhost has own access and error logs.

    mod_include
    Server Side Include Support

    mod_mime_magic
    Used to know the File-Type

    mod_rewrite
    Rewrite Urls and define rules who can enter the webpages and who not (.htaccess)

    Virtual Hosts toptop

    default [ Source Code ]

    The main configuration file for all web-pages under /var/www.

    squid.guvenvakfi.local [ Source Code ]

    The configuration file for http://squid.guvenvakfi.local/

    report.guvenvakfi.local [ Source Code ]

    The configuration file for http://report.guvenvakfi.local/

    pma.guvenvakfi.local [ Source Code ]

    The configuration file for http://pma.guvenvakfi.local/

    DNS Server toptop

    Software toptop

    There is a Bind DNS-Server in the version 9.7.3 installed from the Debian Package-Manager.
    /etc/bind/

    Files toptop

    named.conf [ Source Code ]

    The main configuration file for bind. This file include other files and change the log files.
    /var/log/bind/bind9.log
    /var/log/bind/security

    named.conf.options [ Source Code ]

    In this file are the rules who can "ask" this DNS-Server and which is the DNS-Server when this can't resolv the request (forwarder).

    named.conf.local [ Source Code ]

    Here are loaded the forward-lookup-zone and the two reverse-lookup-zones.

    db.guvenvakfi.local [ Source Code ]

    This is the forward-lookup-zone file with all NAME to IP informations.

    db.1.168.192 [ Source Code ]

    This is first reverse-lookup-zone file for the subnet 192.168.1.0 with the IP to NAME informations.

    db.2.168.192 [ Source Code ]

    This is second reverse-lookup-zone file for the subnet 192.168.2.0 with the IP to NAME informations.

    Configuration toptop

    The server listen on the default port 53 and is used for the domain guvenvakfi.local and 2 subnets 192.168.1.0 and 192.168.2.0
    To support namebased virtual hosts there are some alias configured.
    www
    intranet
    squid
    report
    pma

    File Server toptop

    Software toptop

    There is a Samba File-Server in the version 3.5.6 installed from the Debian Package-Manager.
    /etc/samba/

    Files toptop

    smb.conf [ Source Code ]

    This is the main-configuration file.
    Here are all server specific and file-sharing informations saved.

    Configuration toptop

    server string: Server
    log file: /var/log/samba/log.%m
    time server = yes

    Shares toptop

    htdocs ( /var/www/ )

    Here are all files for the webserver saved.

    documents ( /var/files/documents )

    Here are all documents saved with a folder structure per department.

    install ( /var/files/install )

    Here are all installation files saved with a appropriate structure (drivers, software, tools, etc.).

    Internet Access Page toptop

    Description toptop

    This web-page is the main Web-Frontend for the user to access the Internet.
    There they can create an account and send a "time-request" to the administrator. After this they can use the Internet in the asked time.
    The Administrator Web-Frontend is on the same server and only user with permissions can see it.

    User and Admin Documentation are in a separate file.

    http://squid.guvenvakfi.local
    http://server/squid/

    Software toptop

    The software is based on PHP and MySQL with Apache2 as webserver.

    The Database runs with the MyISAM Extension and with unicode character set.
    A SQL Dump with the structure and an admin user is in the attachment below.

    The PHP-Script use sessions ( $_SESSION )to save the user-authentication and global variable like $_GET and $_POST.
    The site is in Turkish and English and use HTML5 and CSS for the presentation.

    For the Admin-Panel runs a small Ajax-Script to reload every 5 seconds a small section that the admin can see the new requests for times.

    Files toptop

    squid.sql [ Source Code ]

    MySQL-Dump with the Database Structure and one Admin-User.

    Web-Frontend - User (index.php) [ Source Code ]

    The User-PHP file which controls the actions and show the interfaces

    Web-Frontend - Admin (admin/index.php) [ Source Code ]

    The Admin-PHP file which controls the actions and show the interfaces

    ajax.php [ Source Code ]

    The PHP file which returns the users who want to have Internet

    ajax.js [ Source Code ]

    The Ajax javascript file (use jQuery) to reload every 5 seconds the section and get the data from the php-script

    Report / Statistic toptop

    All these Report / Statistic programs are running on the server and create every hour (cronjob) a report.
    SARG creates every week and every month an extra report.

    LightSquid toptop

    http://server/report/lightsquid/

    1.8

    http://lightsquid.sourceforge.net

    SARG toptop

    http://server/report/sarg/

    2.3.5

    http://sarg.sourceforge.net/sarg.php

    Squeezer toptop

    http://server/report/squeezer-0.5/

    0.5

    http://maciej_kozinski.webpark.pl/squeezer.html

    Squid-Graph toptop

    http://server/report/squid-graph/

    3.2

    http://squid-graph.sourceforge.net/

    SquidAnalyzer toptop

    http://server/report/squidanalyzer/

    5.1

    http://squidanalyzer.darold.net/

    Backup toptop

    The server send the configured files/folders to my webserver in the internet. Also every night at 23:55 the server create a dump from the mysql-server with mysqldump.

    Software toptop

    One folder is mounted to my webserver with webdav. /var/files/backup/alfadrive

    Folder toptop

    The following folder will be send every night at 0:15 to my webserver in the internet.
    That are files for the server to run, no company files with special informations.
    /var/files/backup/mysql
    /var/www/guvenvakfi.local/squid
    /var/www/documentation

    Attachment toptop

    Proxy Files toptop

    right Source Code - squid.conf

    [an error occurred while processing this directive]

    right Source Code - login.php

    [an error occurred while processing this directive]

    right Source Code - allow_sites

    [an error occurred while processing this directive]

    Webserver Files toptop

    right Source Code - vhost default

    [an error occurred while processing this directive]

    right Source Code - vhost squid

    [an error occurred while processing this directive]

    right Source Code - vhost report

    [an error occurred while processing this directive]

    right Source Code - vhost pma

    [an error occurred while processing this directive]

    DNS-Server Files toptop

    right Source Code - named.conf

    [an error occurred while processing this directive]

    right Source Code - named.conf.options

    [an error occurred while processing this directive]

    right Source Code - named.conf.local

    [an error occurred while processing this directive]

    right Source Code - db.guvenvakfi.local

    [an error occurred while processing this directive]

    right Source Code - db.1.168.192

    [an error occurred while processing this directive]

    right Source Code - db.2.168.192

    [an error occurred while processing this directive]

    File-Server Files toptop

    right Source Code - smb.conf

    [an error occurred while processing this directive]

    Internet Access Page Files toptop

    right Source Code - squid.sql

    [an error occurred while processing this directive]

    right Source Code - user.php

    [an error occurred while processing this directive]

    right Source Code - admin.php

    [an error occurred while processing this directive]

    right Source Code - ajax.php

    [an error occurred while processing this directive]

    right Source Code - ajax.js

    [an error occurred while processing this directive]