Documentation - Server for Internet Access
At Güven Eğitim ve Sağlık Vakfı is a room called ComputerLab with a total of six computers.
This room is for EVS Volunteers, Turkish Volunteers, Children and sometimes for staff.
The Internet should be used for some time and not the whole day. That's why there are some rules and used IT-Technique to control the use.
To open the internet connection there is someone with the permissions to do it.
To control the use there is a proxy-server with authentication requirements. The computer can stay open to use the installed Software but the internet is usually off.
Debian (Sqeeze)
6.0.7
Kernel
Linux server 2.6.32-5-686 #1 SMP Mon Feb 25 01:04:36 UTC 2013 i686
squid3
3.1.6-1.2+squeeze3
adzapper
20090301.dfsg.1-0.1
squidview
0.76-1
sarg
2.3.1-1~bpo60+1
apache2-mpm-prefork
2.2.16-6+squeeze11
php-pear, php5, php5-cli
5.3.3-7+squeeze15
mysql-server-5.1
5.1.66-0+squeeze1
bind9
1:9.7.3.dfsg-1~squeeze10
samba
2:3.5.6~dfsg-3squeeze9
davfs2
1.4.6-1
/etc/squid3/
/etc/apache2/
/etc/php5/
/etc/mysql/
/etc/bind/
/etc/samba/
There several little changes on the basic system like cronjobs, timezone, virtual interface and more.
dpkg-reconfigure tzdata
changed to Europe/Istanbul
vi /etc/network/interfaces
auth eth0:1
iface eth0:1 inet static
address 192.168.2.1
netmask 255.255.255.0
broadcast 192.168.2.255
network 192.168.2.0
vi /etc/iptables.sh
chmod +x /etc/iptables.sh
vi /etc/rc.local
# add this line to start the script every boot
/etc/iptables.sh
crontab -e
vi /etc/fstab
https://mengel.od.alfahosting.de/dav /var/files/backup/alfadrive davfs users,auto 0 0
vi /etc/davfs2/secrets
https://mengel.od.alfahosting.de/dav ABD010AVBV0I xxxxxxxx
vi /etc/davfs2/davfs2.conf
# uncomment the line if_match_bug and change the 0 to 1
# uncomment the dav_user and dav_group
dav_user davfs2
dav_group davfs2
if_match_bug 1
There is an Squid Proxy Server in the version 3.1.6 installed from the Debian Package-Manager.
A PHP-Script is used for the authentication against a MySQL Database. Times are saved to get the information how long the user can use the Internet.
Adzapper remove the useless advertisements from the web-pages. Its loaded as external program.
/etc/squid3/
That is the main configuration file for the Squid Proxy.
Here are all informations about the server (servername, administrator), the rules for the allowed ports, the rules how to use the Internet and the authentication requirement for the users.
That is the PHP-Script that check the user inputs against the MySQL Database.
This is the file for the web pages that can be used without authentication.
The server listen on the ports 3128 and 8080 (default) and use own error pages for the redirection to the Web-Frontend /usr/share/squid3/error/guven/.
Squid use /var/spool/squid as caching folder and write the logs to /var/log/squid3/access.log and /var/log/squid3/cache.log
There is an Apache 2 Webserver in the version 2.2.16 installed from the Debian Package-Manager.
/etc/apache2/
This is the main-configuration file but there are no changes. This file includes other files and there was made changes.
There are all available modules for the webserver.
There are all enabled modules for the webserver with a symlink to the mods-available/* files.
There are the web-page informations
There are the enabled website informations
The server listen on the default port 80 (SSL is not configured).
There are some modules activated that is not default.
The log are saved in /var/log/apache2/ and every vhost has own access and error logs.
mod_include
Server Side Include Support
mod_mime_magic
Used to know the File-Type
mod_rewrite
Rewrite Urls and define rules who can enter the webpages and who not (.htaccess)
The main configuration file for all web-pages under /var/www.
The configuration file for http://squid.guvenvakfi.local/
The configuration file for http://report.guvenvakfi.local/
The configuration file for http://pma.guvenvakfi.local/
There is a Bind DNS-Server in the version 9.7.3 installed from the Debian Package-Manager.
/etc/bind/
The main configuration file for bind. This file include other files and change the log files.
/var/log/bind/bind9.log
/var/log/bind/security
In this file are the rules who can "ask" this DNS-Server and which is the DNS-Server when this can't resolv the request (forwarder).
Here are loaded the forward-lookup-zone and the two reverse-lookup-zones.
This is the forward-lookup-zone file with all NAME to IP informations.
This is first reverse-lookup-zone file for the subnet 192.168.1.0 with the IP to NAME informations.
This is second reverse-lookup-zone file for the subnet 192.168.2.0 with the IP to NAME informations.
The server listen on the default port 53 and is used for the domain guvenvakfi.local and 2 subnets 192.168.1.0 and 192.168.2.0
To support namebased virtual hosts there are some alias configured.
www
intranet
squid
report
pma
There is a Samba File-Server in the version 3.5.6 installed from the Debian Package-Manager.
/etc/samba/
This is the main-configuration file.
Here are all server specific and file-sharing informations saved.
server string: Server
log file: /var/log/samba/log.%m
time server = yes
Here are all files for the webserver saved.
Here are all documents saved with a folder structure per department.
Here are all installation files saved with a appropriate structure (drivers, software, tools, etc.).
This web-page is the main Web-Frontend for the user to access the Internet.
There they can create an account and send a "time-request" to the administrator. After this they can use the Internet in the asked time.
The Administrator Web-Frontend is on the same server and only user with permissions can see it.
User and Admin Documentation are in a separate file.
http://squid.guvenvakfi.local
http://server/squid/
The software is based on PHP and MySQL with Apache2 as webserver.
The Database runs with the MyISAM Extension and with unicode character set.
A SQL Dump with the structure and an admin user is in the attachment below.
The PHP-Script use sessions ( $_SESSION )to save the user-authentication and global variable like $_GET and $_POST.
The site is in Turkish and English and use HTML5 and CSS for the presentation.
For the Admin-Panel runs a small Ajax-Script to reload every 5 seconds a small section that the admin can see the new requests for times.
MySQL-Dump with the Database Structure and one Admin-User.
The User-PHP file which controls the actions and show the interfaces
The Admin-PHP file which controls the actions and show the interfaces
The PHP file which returns the users who want to have Internet
The Ajax javascript file (use jQuery) to reload every 5 seconds the section and get the data from the php-script
The server send the configured files/folders to my webserver in the internet.
Also every night at 23:55 the server create a dump from the mysql-server with mysqldump.
One folder is mounted to my webserver with webdav.
/var/files/backup/alfadrive
The following folder will be send every night at 0:15 to my webserver in the internet.
That are files for the server to run, no company files with special informations.
/var/files/backup/mysql
/var/www/guvenvakfi.local/squid
/var/www/documentation
top
Source Code - squid.conf