Category: sysadmin

How to run OpenVpn and a webserver (Apache, Nginx, Cherokee, etc) in the same port

HowTosysadmin

http://i2.wp.com/www.hotforsecurity.com/wp-content/uploads/2012/10/The-New-York-Times-Website-Blocked-in-China-1.jpg?w=645

If you have ever used OpenVpn you know that a lot of filtered network do not allow to connect to other ports rather than 80 and 443 TCP. If you have your OpenVpn server in the same machine alongside with a Webserver this may be a problem because you want to use port 80 and 443 for your webserver and also the openvpn.

OpenVpn developers are smart people and they knew that this situation is not so odd so they invented a special option to deal with it. Thanks the article at raniersblog.org I found the port-share option that just redirect all the packets that are not vpn ones to another host:port pair. This allows to run your webserver in a different port, let’s say 8443 and make OpenVpn run on the 443 TCP. If packets are not for the vpn they will get redirected to the 8443.

To do so just configure your webserver to listen to port 8443 and add this configuration to the openvpn configuration file (usually /etc/openvpn/server.conf):

proto tcp
port 443
port-share 127.0.0.1 8443

Then restart openvpn and your webserver and you should be all set.

How to switch to different python version on apache mod_wsgi

sysadmin
By default the ubuntu-debian package of libapache-mod-wsgi contains the wsgi apache module compiled for either python 2.6 and python 2.7. This makes really easy to switch between python 2.6 or python 2.7 support in webapps. Indeed you have just to change a symbolic link to make your application working with python 2.7 interpreter if python 2.6 is enabled by default.
As you can see the libapacke2-mod-wsgi package countains both the 2.6 and 2.7 version of the the modules.
Se let's see how to accomplish this:
vincenzo@mba:/usr/lib/apache2/modules$ ls
httpd.exp             mod_authz_groupfile.so  mod_dir.so           mod_mem_cache.so       mod_ssl.so
mod_actions.so        mod_authz_host.so       mod_disk_cache.so    mod_mime_magic.so      mod_status.so
mod_alias.so          mod_authz_owner.so      mod_dumpio.so        mod_mime.so            mod_substitute.so
mod_asis.so           mod_authz_user.so       mod_env.so           mod_negotiation.so     mod_suexec.so
mod_auth_basic.so     mod_autoindex.so        mod_expires.so       mod_proxy_ajp.so       mod_unique_id.so
mod_auth_digest.so    mod_cache.so            mod_ext_filter.so    mod_proxy_balancer.so  mod_userdir.so
mod_authn_alias.so    mod_cern_meta.so        mod_file_cache.so    mod_proxy_connect.so   mod_usertrack.so
mod_authn_anon.so     mod_cgid.so             mod_filter.so        mod_proxy_ftp.so       mod_version.so
mod_authn_dbd.so      mod_cgi.so              mod_headers.so       mod_proxy_http.so      mod_vhost_alias.so
mod_authn_dbm.so      mod_charset_lite.so     mod_ident.so         mod_proxy_scgi.so      mod_wsgi.so
mod_authn_default.so  mod_dav_fs.so           mod_imagemap.so      mod_proxy.so           mod_wsgi.so-2.6
mod_authn_file.so     mod_dav_lock.so         mod_include.so       mod_reqtimeout.so      mod_wsgi.so-2.7
mod_authnz_ldap.so    mod_dav.so              mod_info.so          mod_rewrite.so
mod_authz_dbm.so      mod_dbd.so              mod_ldap.so          mod_setenvif.so
mod_authz_default.so  mod_deflate.so          mod_log_forensic.so  mod_speling.so
vincenzo@mba:/usr/lib/apache2/modules$ file mod_wsgi.so
mod_wsgi.so: symbolic link to `mod_wsgi.so-2.6'
vincenzo@mba:/usr/lib/apache2/modules$ sudo ln -fs mod_wsgi.so-2.7 mod_wsgi.so
Finished: we created mod_wsgi.so file which is a symbolic link to mod_wsgi.so-2.7. Now your reboot apache with sudo apache2ctl restart and you are using python 2.7 ;)
%d bloggers like this: