My-Tiny.Net :: Networking with Virtual Machines



Testing the eMail service with WebMail

The last Lab Exercise covered configuration of the Gateway and the MailServer to get the mail moving. In the this Lab Exercise we move one step further with the WebServer configuration.


We use the same font conventions here:

This is a command you type in a virtual machine

This is a menu option you choose or a keyboard shortcut

This is used for emphasis - something to look for or remember

Menu Item::Page is short for "this Page under Menu Item on the Menu"


EXTREMELY IMPORTANT (are you tired of seeing this yet?)
  1. Make sure the VirtualBox DCHP is turned off for Host-Only network interfaces

  2. If your VM is not shut down properly it will become corrupted and you will have to recreate it.
    Use poweroff at the command prompt, or go the the VirtualBox menu at the top of the VM window and select Machine then ACPI Shutdown
    NEVER close your VM by simply closing the window (except in an emergency).

  3. Always start the Gateway first, and wait until the Gateway has finished booting before starting the other VMs. The WebServer, MailHost, and LDAPhost can all boot at the same time.

We did some configuration by hand, and now it's time to relax a bit and get back to the familiar browser interface. Get all four of your VMs running, doublecheck that your Windows host VirtualBox interface is on the same subnet as the WebServer VM, and make sure mail can be delivered (see Configure Mail on the menu).

Webservers are essentially very simple: they respond to a request by either sending back a file from their DocumentRoot directory, or they pass the request to another program known as a CGI script. Every time we use a form on a web page, the data is sent to the webserver and processed by a CGI script: there is a very simple example on the default Monkey web page that you should try.

What we do here is set up our WebServer to use an interpreter for a programming language called PHP, and two PHP applications: SquirrelMail ("WebMail for Nuts", whatever that might mean) and PHPLDAPAdmin (referred to as "PLA" in their documentation). After we set Dovecot and SquirrelMail to use the LDAP directory for mail rather than a plaintext file, we can administer our mail accounts through the PLA browser interface.

The good news is that the essential configuration is already done

PHP

PHP is a scripting language that is usually used for web programming, but can also be used from the command line. There are plenty of resources on learning PHP, and lots of good applications. It is commonly packaged with the Apache webserver and MySQL database as a "LAMP stack" for Linux or a "WAMP stack" for Windows.

If you have all the right libraries for the loadable modules, configuring PHP for SquirrelMail and similar applications is easy. All that was required for SquirrelMail and PHPLDAPAdmin was to set the logging options and one key parameter in /etc/httpd/php.ini 
      session.save_path = "/var/www/php-session"
and then use SetRole.sh on the MyTyConfig.iso to initialise the logfile and set permissions - the only trick there is to make sure the session.save_path is world writeable with the "sticky bit" set (1777) so anyone can write files there but only the owner can delete them.

One thing you will notice about PHP is that there are too many ways to have comments. A single line that starts with # is a comment, // also starts a single line comment, and /* starts a comment block that ends with */ like this: 
      # To put PLA in debug mode, remove the /* and */ below
      /*
      $config->custom->debug['level'] = 255;    // comment: 255?
      $config->custom->debug['syslog'] = true;
      $config->custom->debug['file'] = '/tmp/pla_debug.log';
      */

SquirrelMail

Like everything to do with mail, SquirrelMail has lots of options that can (and should) be left to the defaults. To make directives easier to find, the configuration is broken into a number of files in /var/www/squirrelmail/config/

The basic setup is straightforward: just define the mailserver, SMTP port, IMAP server type, location, and port in svr_adrs.php, set the path to the attachments directory and the data directory in config.php, and then set up whatever plugins look useful in config_plugins.

PHPLDAPadmin

PLA is another application with a zillion configuration options that system administrators have asked for because they need it for their particular setup. The configuration is finished because there are so few things that actually must be done to get it up and running: see /var/www/ldapadmin/config/config.php

Configure the WebServer

So, with that all done, we just need to make some minor changes to tell Monkey how to handle PHP files.

Open /etc/monkey/monkey.conf on the WebServer in the mc editor.
  1. The first thing to do is change the default location for serving webpages Server_root from /var/monkey/htdocs to /var/www

  2. Then find the two Indexfile directives, and comment out the first one and uncomment the second one, so it looks like this 
    # Indexfile index.html index.htm 
Indexfile index.html index.htm index.php
  3. Now move down to the CGI section. Change the Server_ScriptAlias from /var/monkey/ to /var/www/

  4. Finally, uncomment (remove the #) from the AddScript line for php, so Monkey will pass the content of any request that ends with .php to the PHP interpreter. The other line tells Monkey to pass the content of any file that ends with .sh to the bash shell.
Save that file, and restart monkey to get the new configuration in place: if you have not made a symlink from /usr/local/sbin/banana to /etc/rc.d/rc.monkey yet, you need to kill the monkey process in htop with F9 and SIGTERM, then start monkey at the command line with /usr/sbin/monkey -D

Now you can open your favourite browser on your Windows host, run mytyip on the webserver,
and use a URL like this to access SquirrelMail:    http://Web.Server.IP.address/squirrelmail/

And a URL like this for LDAP Admin:    http://Web.Server.IP.address/ldapadmin/

You can see the PHP configuration info with this:    http://Web.Server.IP.address/phpinfo
which is a bad idea from a security standpoint (we never want to give away configuration information)
but hey, we show the root password on the login screen! Never mind, we can change that later ...

Last thing to do for now: go back to the SquirrelMail URL, log in with a username and password listed in
/home/vmail/mail-pwd and send some mail to another user that is listed in that file. Then close the browser window and reopen it (to clear the session) and log in as the recipient.

When that works, the last steps for having a complete system are [a] using LDAP instead of /home/vmail/mail-pwd for user authentication, and [b] securing communications with SSH.


Final Notes:
  1. The Indexfile list is in order. If more than one of these files exist, the first one on the list that is found is used.

  2. ScriptAlias normally has the added meaning that everything under that URL prefix will be considered a CGI program. This is not actually implemented in this version of Monkey, but we should set it to something under Server_root in case someone gets confused and puts /cgi-bin/ in a URL.

  3. A MIME Type defines an association between a file content and a name. In the Web Server context this is useful because the browser needs to know what kind of data is being sent. So, every time Monkey receives a request for a file named logo.jpg, it will look into the MIME Types list and return Content-Type: image/jpeg in the HTTP response header. When a resource cannot match a MIME Type the server will send text/plain. There is no limit on the number of MIME Types registered, they just need to be there before the server starts. The AddScript directive is another use for the MIME type.