Background
NDT uses the fakewww http server to publish its html and java applet. SLAC security is somewhat dubious about the security of fakewww. This page outlines the steps required to make ndt utilise an apache2 installation rather than fakewww.
Virtual Server
Rather than creating a whole config, i will utilise a virtual server.
/etc/apache2/ports.conf
Listen 7123
/etc/apache2/sites-enabled/001-ndt
NameVirtualHost *:7123
<VirtualHost *:7123>
ServerAdmin webmaster@localhost
DocumentRoot /usr/local/ndt
<Directory />
AllowOverride None
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>
We probably also want to have a link to the main page:
sudo ln -s /usr/local/ndt/tcpbw100.html /usr/local/ndt/index.html
knoppix.sh
To make things stick in NPT, we add to our boot file
knoppix.sh
# remove the ports file (define the ports int he virtual hosts)
if [ -f /UNIONFS/media/$MNT/NPTools/ports.conf ]; then
restore_NPT_file $MNT ports.conf /etc/apache2
fi
# use apache for ndt
if [ -f /UNIONFS/media/$MNT/NPTools/001\-ndt ]; then
restore_NPT_file $MNT 001\-ndt /etc/apache2/sites-enabled
# add the symlink to the main page
sudo ln -s /usr/local/ndt/tcpbw100.html /usr/local/ndt/index.html
fi
and have the relevant files on the jumpdrive.
Disable fakewww
We now need to disable fakewww on bootbup on the NPT. This has to be done by hacking the ndt init.d script to read '0' for the FAKE_DAEMON.
We also have to create edit the settings for knoppix.sh.
Enable apache2
We simply need to create a symlink into the relevant runmode
ln -s /etc/init.d/apache2 /etc/rc3.d/SXXapache2
Configuration files
knoppix.sh
# remove the ports file (define the ports int he virtual hosts)
if [ -f /UNIONFS/media/$MNT/NPTools/ports.conf ]; then
restore_NPT_file $MNT ports.conf /etc/apache2
ln -s /etc/init.d/apache2 /etc/rc3.d/S88apache2
fi
# use apache for ndt
if [ -f /UNIONFS/media/$MNT/NPTools/001\-ndt ]; then
# setup the init.d script
restore_NPT_file $MNT ndt /etc/init.d
# setup the apache conf
restore_NPT_file $MNT 001\-ndt /etc/apache2/sites-enabled
# add the symlink to the main page
ln -s /usr/local/ndt/tcpbw100.html /usr/local/ndt/index.html
fi
ndt init.d script
#!/bin/bash
#
# chkconfig: 2345 55 25
# description: Starts the NDT Web server
# written by Peter Bertoncini <pjb@anl.gov>
#
# Customized NTP startup script for Internet Network Performance Tools
# Live CD. The process for this tool, and all the others, it to let
# Knoppix take care of some customization during the boot phase. Knoppix
# will automatically look for, and execute, a knoppix.sh script on an
# attached drive. This means that we will store the customized file
# on a USB thumb drive. At boot time the boot process will find and
# execute a knoppix.sh script that will copy the config files into
# the proper place. If they don't exist, then prompt the user to
# customize things.
#
# At shutdown, copy the files back to the mounted USB drive.
# Rich Carlson - 4/20/06
path=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin
NDT_DAEMON=/usr/local/sbin/web100srv
# set to the full path of fakewww or 0 to not run server
FAKE_DAEMON=0
# bring in NPT functions for later use
ENV="env -i PATH=/lib/init:/bin:/sbin:/usr/bin"
. /lib/init/nptoolkit-functions.sh
[ -f /usr/local/ndt/web100_variables ] || exit 0
# Specify some default options.
WEB100SRV_OPTIONS="-a"
FAKEWWW_OPTIONS=""
# FAKEWWW_OPTIONS="-l /var/log/fakewww.log"
# logging now on by default writing access_log and error_log files
# in /usr/local/ndt
case "$1" in
start)
echo -n "Starting NDT Services: "
if [ -f /usr/local/ndt/tcpbw100.html ]; then
echo " - using customized NDT web server page."
else
/bin/cp /usr/local/etc/tcpbw100.knoppix /usr/local/ndt/tcpbw100.html
echo " - using generic NDT web server page - Please customize"
/bin/touch /tmp/customize.ndt
fi
mkdir -p /var/run/ndt/run
chmod 755 /var/run/ndt/run
chown root:wheel /var/run/ndt/run >/dev/null 2>&1 || true
echo -n " "
# don't run www daemon if no content
if [ ! $FAKE_DAEMON ]; then
if [ ! -x $FAKE_DAEMON ]; then
echo "fakewww binary missing - Not starting"
exit 1
fi
start-stop-daemon --start -m --pidfile=/var/run/ndt/run/fakewww.pid \
--exec $FAKE_DAEMON -- $FAKEWWW_OPTIONS >/dev/null 2>&1 &
echo -n "fakewww"
fi
if [ ! -x $NDT_DAEMON ]; then
echo "web100srv binary missing - Not starting"
exit 1
fi
start-stop-daemon --start -m --pidfile=/var/run/ndt/run/web100srv.pid \
--exec $NDT_DAEMON -- $WEB100SRV_OPTIONS >/dev/null 2>&1 &
echo -n " web100srv"
echo "."
;;
stop)
echo -n "Stopping NDT services: "
start-stop-daemon --stop --name fakewww
echo -n "fakewww"
start-stop-daemon --stop --name web100srv
echo -n " web100srv"
mount_NPT_drives
select_NPT_drive
if [ "$DRVS" == "" ] ; then
echo "Error: no drives available to hold customized files."
else
for DRV in $DRVS ; do
save_NPT_file $DRV /usr/local/ndt/tcpbw100.html tcpbw100.html
save_NPT_file $DRV /usr/local/ndt/web100srv.log web100srv.log
save_NPT_file $DRV /usr/local/ndt/access_log access_log
save_NPT_file $DRV /usr/local/ndt/error_log error_log
echo "Saving NDT customization files to '$DRV' drive"
done
fi
echo "."
;;
restart)
echo -n "Restarting NDT services: "
start-stop-daemon --stop --name fakewww
start-stop-daemon --stop --name web100srv
sleep 2
start-stop-daemon --start -m --pidfile=/var/run/ndt/run/fakewww.pid \
--exec $FAKE_DAEMON -- $FAKEWWW_OPTIONS >/dev/null 2>&1 &
echo -n "fakewww"
start-stop-daemon --start -m --pidfile=/var/run/ndt/run/web100srv.pid \
--exec $NDT_DAEMON -- $WEB100SRV_OPTIONS >/dev/null 2>&1 &
echo " web100srv."
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
;;
esac
ports.conf
Listen 7123
001-ndt
NameVirtualHost *:7123
<VirtualHost *:7123>
ServerAdmin webmaster@localhost
DocumentRoot /usr/local/ndt
<Directory />
AllowOverride None
</Directory>
ErrorLog /var/log/apache2/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/access.log combined
ServerSignature On
</VirtualHost>